qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924) * Fix diff handling on ceph that can cause data corruption (LP: #1968258) - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch -- Christian Ehrhardt Fri, 08 Apr 2022 09:36:34 +0200 qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit tcg on s390x. -- Christian Ehrhardt Thu, 17 Feb 2022 09:54:36 +0100 qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones Wed, 16 Feb 2022 17:28:14 +0000 qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium * Merge with Debian unstable, remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372 1761372 1776189) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types containing release versioned machine attributes - d/qemu-system-x86.NEWS Info on fixed machine type defintions for host-phys-bits=true - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch: add patch to workaround FTBFS when building against OpenSSL 3.0. - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix -fcf-protection being unavailble on -march=i486 (LP 1940029) - Ease the use of module retention on upgrades (LP 1913421) - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade - Make qemu-system-x86-microvm a transitional package as the binary is now in qemu-system-x86 itself. * Dropped Changes [now part of 1:6.1+dfsg-8]: - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code (#993658) (LP 1947860) - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926) * Dropped Changes [now part of upstream] - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931 and 3932 machines (LP 1932175) - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix migration with audio devices present (LP 1940288) * Added changes: - update patches for qemu v6.2.0 - d/p/u/enable-svm-by-default.patch - d/p/u/define-ubuntu-machine-types.patch - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch - d/rules: xen libexec dir is no more versioned - d/rules: ensure xen is built on x86 - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch Allow long kernel command lines for QEMU (LP: #1959984) - d/kvm-spice: fix when acceleration is already defined on the commandline - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list -- Christian Ehrhardt Wed, 05 Jan 2022 12:18:25 +0100 qemu (1:6.2+dfsg-2) unstable; urgency=medium * bump meson build-dep to 0.59.3 * build & include multiboot_dma.bin (Closes: #1003930) * libxml2 is not needed for parallels. Enable parallels block image format (Closes: #1003162) * acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch Closes: CVE-2021-4158 * acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch (Closes: #1004017) * acpi-fix-OEM_ID-padding.patch * debian/get-orig-source.sh: repack dfsg archive differently * mention closing of a few CVEs by 6.2.0 -- Michael Tokarev Thu, 20 Jan 2022 10:52:19 +0300 qemu (1:6.2+dfsg-1) unstable; urgency=medium [ Christian Ehrhardt ] * 6.2.0 upstream release Closes: #984452, CVE-2021-20203 (integer overflow issue in the vmxnet3 NIC emulator) Closes: #984453, CVE-2021-20196 (fdc: check drive block device before usage) Closes: #984451, CVE-2021-20255 (infinite recursion / DMA reentrancy in eepro100 i8255x device emulator) * d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean * Drop patches upstream in v6.2.0 * d/p/spelling.diff: update for v6.2.0 (partially accepted) * d/rules: use new --disable-install-blobs build arg * Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe", it is now in main (LP: #1934510) * d/rules: bump skiboot version for qemu v6.2.0 * d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue due to dfsg removal of blobs * d/rules: drop --disable-fdt on microvm builds (now strictly required on any x86 build) * d/rules: select default PARISC config for hppa-firmware -- Michael Tokarev Sun, 09 Jan 2022 12:52:10 +0300 qemu (1:6.1+dfsg-8) unstable; urgency=medium * fix keymaps definitions placement in last upload (Closes: #997925, #997926) -- Michael Tokarev Wed, 27 Oct 2021 13:27:09 +0300 qemu (1:6.1+dfsg-7) unstable; urgency=medium * qemu-system-data: do not install qemu.desktop (Closes: #995628) * remove qemu-user-static.README.Debian (#995633) * d/rules: update configure rules for different qemu builds * qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64 * promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86 since it uses the same modules actually * enable zstd compression support (Build-Depends) * qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp for the sdl ui * d/control: fix wrong relation (< vs <<) * d/control: use :native version of python3-sphynx (Closes: #995622) * do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu * quieten gcc11 warnings/errors so roms will compile (Closes: #997082) * move d/qemu-system-data.install to d/rules -- Michael Tokarev Tue, 26 Oct 2021 10:35:02 +0300 qemu (1:6.1+dfsg-6) unstable; urgency=medium * virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu * ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch Closes: #992726, CVE-2021-3638: inconsistent check in ati_2d_blt() may lead to out-of-bounds write * refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch} from upstream * hmp-unbreak-change-vnc.patch from upstream to fix 'change vnc passwd' command -- Michael Tokarev Wed, 29 Sep 2021 13:41:47 +0300 qemu (1:6.1+dfsg-5) unstable; urgency=medium * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code Closes: #993658 * d/rules: do not mark configure target as .PHONY since it is a real file -- Michael Tokarev Mon, 06 Sep 2021 01:20:59 +0300 qemu (1:6.1+dfsg-4) unstable; urgency=medium * qemu-sockets-fix-unix-socket-path-copy-again.patch replacing socket-unix-maxlen.patch Closes: #993145 * enable more devices for the microvm build: virtio-gpu & vhost-user-gpu virtio-input-host & vhost_user_input * move vhost-user-gpu files from qemu-system-common to qemu-system-gui this elminates X11 dependencies from non-gui qemu-system install * build and install vof.bin firmware * rearrange d/rules a bit to make different qemu builds to be consistent with sysdata-components * move ppc dtb firmware files from qemu-system-ppc to qemu-system-data * device-tree-compiler is now needed in build-indep-depends, not in build-depends * d/rules: use CROSSPFX variables * ubuntu only: - Revert commit from the previous release which restores relation between qemu-system-xen and qemu-system-gui since -xen is not compatible with -gui modules - qemu-system-xen does not suggest qemu-block-extra (incompatible too) - qemu-system-s390x recommends qemu-block-extra not suggests it -- Michael Tokarev Tue, 31 Aug 2021 22:27:25 +0300 qemu (1:6.1+dfsg-3) unstable; urgency=medium * fix brown-paper bag in last upload (--enable-libudev) * ubuntu only: restore relations (depends/recommends) between qemu-system-gui and qemu-system-xen since -xen replaces full qemu-system-x86 and acts the same way -- Michael Tokarev Tue, 31 Aug 2021 02:50:52 +0300 qemu (1:6.1+dfsg-2) unstable; urgency=medium * rearrange d/rules to be able to configure/build/install various different kinds of qemu builds (main/microvm/xen/static) separately, by splitting targets of d/rules into subtargets * enable many virtio devices for microvm build (Closes: #992029) * disable libudev and fuse for microvm build * rearrange options for microvm build in d/rules * tidy newly added assert in unix-domain socket handling code to account for extra \0 terminator for socket pathname, socket-unix-maxlen.patch (Closes: #993145) * upstream qemu added ignoring of *.patch to .gitignore, unignore them in d/.gitignore * re-add 4 patches which were lost from git during preparation for 6.1 (not affecting the source package) * uas-add-stream-number-sanity-checks-CVE-2021-3713.diff Closes: #992727, CVE-2021-3713 * Mention (some) bugs closed by 6.1 upstream * Mention closing of #947349 -- Michael Tokarev Tue, 31 Aug 2021 02:01:51 +0300 qemu (1:6.1+dfsg-1) unstable; urgency=medium * new upstream release (6.1.0) Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init) Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address) Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks) Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure) Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset) Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow) * refresh patches, remove patches which were applied upstream * remove newly appeared pc-bios/vof.bin in dfsg-clean * add python3-sphinx-rtd-theme to build-depends * removed qemu-system-moxie arch * actually build many qemu modules as modules, and install them in qemu-system-common. * make strong versioned dependency between various qemu-system-* packages, so that modules works correctly. * drop very old versions from Build-Depends, Depends and Recommends for packages which long has much more recent versions in debian * up qemu-block-extra dependecy level from Suggests to Recommends * d/control: stop suggesting sgabios by qemu-system-x86 * (experimental for now, needs more work) print name of the package name for a module which can't be loaded, to give a clue what other package one may need to install for the requested functionality * fix some spelling mistakes in visible messages (spelling.diff) * enable jack audio backend (in qemu-system-gui) (Closes: #984726) * other small/internal changes in packaging: - removed --disable-sheepdog which were dropped upstream - install gui modules in d/rules not in d/q-s-gui.install to be able to use wildcard in d/q-s-common.install - recommend qemu-block-extra, not suggest it and not depend on it (ubuntu) for qemu-system-* and qemu-utils - reformat qemu "deps" for qemu-system-gui, stop listing -xen there (it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only - d/control: stop recommending -gui for xen package (it is of no use for xen) - d/control: reformat Depends for qemu-block-extra, do not include -xen version there, mark -x390x as ubuntu-only, and allow qemu-utils to satisfy the dependency - do not install docs which does not exist anymore - stop omiting Changelog from dh_installchangelog: the file is long gone - d/rules: explicitly state version of skiboot as it is stored in a git tag only, or else skiboot does not build (hack) - put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so to qemu-system-gui as it pulls in X11 -- Michael Tokarev Wed, 25 Aug 2021 15:59:26 +0300 qemu (1:6.0+dfsg-4) unstable; urgency=medium * d/rules: fix last ubuntu merge, xen is x86-only, not all-debian -- Michael Tokarev Tue, 17 Aug 2021 19:04:30 +0300 qemu (1:6.0+dfsg-3) unstable; urgency=medium [ Michael Tokarev ] * enable /run/qemu mount on ubuntu only * usbredir-fix-free-call-CVE-2021-3682.patchi Closes: #991911, CVE-2021-3682 [ Christian Ehrhardt ] * ubuntu-only changes: - d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra - d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative * d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch: avoid segfaults by uretprobes (LP 1929926) -- Michael Tokarev Tue, 17 Aug 2021 17:49:10 +0300 qemu (1:6.0+dfsg-2expubuntu4) jammy; urgency=medium * d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch: add patch to workaround FTBFS when building against OpenSSL 3.0. Thanks to Christian Ehrhardt (LP: #1952448) -- Paride Legovini Fri, 26 Nov 2021 15:47:51 +0100 qemu (1:6.0+dfsg-2expubuntu3) jammy; urgency=medium * No-change rebuild against liburing2 -- Paride Legovini Mon, 22 Nov 2021 18:00:26 +0100 qemu (1:6.0+dfsg-2expubuntu2) jammy; urgency=medium * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code (#993658) (LP: #1947860) -- Christian Ehrhardt Wed, 03 Nov 2021 14:10:56 +0100 qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium * Merge with Debian experimental, remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372 1761372 1776189) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types containing release versioned machine attributes - d/qemu-system-x86.NEWS Info on fixed machine type defintions for host-phys-bits=true - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0 - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types for v6.0 - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926) - Ease the use of module retention on upgrades (LP 1913421) - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade * Dropped Changes [in 1:6.0+dfsg-2exp]: - d/control-in: Disable capstone disassembler library support (universe) - Disable fuse export (universe dependency) - Ease the use of module retention on upgrades (LP 1913421) - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra - d/rules: only save modules if /run/qemu isn't noexec - d/rules: clear all (current and former) modules on purge - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial upgrade issues (LP 1932264) - Enable SDL as secondary UI backend (LP 1256185) - d/control: add build dependency libsdl2-dev - d/control: enable sdl graphics on build - d/qemu-system-gui.install: add ui-sdl.so - d/control: add runtime dependency to libgl1 * Dropped Changes [no more needed] - let qemu-utils recommend sharutils * Added changes: - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix -fcf-protection being unavailble on -march=i486 (LP: #1940029) - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931 and 3932 machines (LP: #1932175) - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix migration with audio devices present (LP: #1940288) -- Christian Ehrhardt Thu, 12 Aug 2021 15:35:12 +0200 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium [ Christian Ehrhardt ] * qemu 6.0 broke libvirt <7.2, add a Breaks to avoid partial upgrade issues (LP: #1932264) * enable SDL as secondary UI backend (LP: #1256185) * clear all (current and former) modules on purge * only save modules if /run/qemu isn't noexec * provide run-qemu.mount in qemu-block-extra (disabled in debian for now) * Disable capstone disassembler library support in ubuntu (universe) [ Michael Tokarev ] * qemu does not ship Changelog file anymore * drop version from libfuse-dev build-depends (noticed by Ville Skyttä) * a few patches from upstream stable: - target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch fix various crashes in ppc system emulation. Thanks to Christian Ehrhardt for pointing this out - pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch (Closes: #990565, CVE-2021-3582) - pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch (Closes: #990564, CVE-2021-3607) - pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch (Closes: #990563, CVE-2021-3608) - usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch (Closes: #988157, CVE-2021-3527) * mention closing of 3 bugs in am53c974 (ESP) device emulation by 6.0 (Closes: #979679, CVE-2020-35504) (Closes: #984455, CVE-2020-35505) (Closes: #984454, CVE-2020-35506) * make fuse debian-only, since libfuse3 in ubuntu is in universe * fix microvm default machine type for a new build system (LP: #1936894) -- Michael Tokarev Wed, 21 Jul 2021 19:43:37 +0300 qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch: fix TCG emulation for ppc64 (LP: #1935617) -- Christian Ehrhardt Tue, 13 Jul 2021 09:34:55 +0200 qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium * d/control: remove fuse2 trial-build (LP 1934510) -- Christian Ehrhardt Wed, 07 Jul 2021 10:26:08 +0200 qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium * Merge with Debian experimental, Among many other things this fixes LP Bugs: (LP: #1907952) broken arrow keys in -display gtk on aarch64 - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372 1761372 1776189) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types containing release versioned machine attributes - d/qemu-system-x86.NEWS Info on fixed machine type defintions for host-phys-bits=true - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - Let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - Fix upgrade module handling (LP 1905377) --enable-module-upgrades for qemu-xen which doesn't exist in Debian * Dropped Changes [in 6.0]: - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix ld usage of -no-pie (LP 1907789) - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix virtio-9p-ccw being missing (LP 1916230) - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due to glib2.0 >=2.67.3 (LP 1916705) - d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper chips (LP 1921754) - d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP 1921880) - d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*: fix go in qemu-s390x-static (LP 1922010) * Dropped Changes [in Debian]: - Allow qemu to load old modules post upgrade (LP 1847361) - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts * Dropped Changes [No more needed >21.04]: - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP 1906245 1905377) * Added Changes - Disable fuse export (universe dependency) - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0 - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types for v6.0 - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926) - Ease the use of module retention on upgrades (LP: #1913421) - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra - d/rules: only save modules if /run/qemu isn't noexec - d/rules: clear all (current and former) modules on purge - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial upgrade issues (LP: #1932264) - Enable SDL as secondary UI backend (LP: #1256185) - d/control: add build dependency libsdl2-dev - d/control: enable sdl graphics on build - d/qemu-system-gui.install: add ui-sdl.so - d/control: add runtime dependency to libgl1 - d/rules: qemu-system-x86-xen builds modules as well now (follows the other packages) -- Christian Ehrhardt Tue, 15 Jun 2021 12:41:33 +0200 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium * new upstream release Closes: #979679, CVE-2020-35504 Closes: #984455, CVE-2020-35505 Closes: #984454, CVE-2020-35506 * remove obsolete patches, refresh use-fixed-data-path.patch * use libncurses-dev, not old libncursesw5-dev * enable fuse export (and build-depend on libfuse3-dev) * install (new) manpages for qemu-storage-daemon * enable new hexagon qemu-user target * two patches to fix 3 new spelling mistakes * remove now-unused shared-library-lacks-prerequisites lintian-overrides for qemu-user-static -- Michael Tokarev Sat, 08 May 2021 10:16:05 +0300 qemu (1:5.2+dfsg-10) unstable; urgency=medium * 5 sdhci fixes from upstream: dont-transfer-any-data-when-command-time-out.patch dont-write-to-SDHC_SYSAD-register-when-transfer-is-in-progress.patch correctly-set-the-controller-status-for-ADMA.patch limit-block-size-only-when-SDHC_BLKSIZE-register-is-writable.patch reset-the-data-pointer-of-s-fifo_buffer-when-a-different-block-size...patch (Closes: #986795, #970937, CVE-2021-3409, CVE-2020-17380, CVE-2020-25085) * mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch fix possible use-after-free in mptsas_free_request (Cloese: #984449, CVE-2021-3392) -- Michael Tokarev Fri, 16 Apr 2021 12:43:36 +0300 qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper chips (LP: #1921754) * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP: #1921880) -- Christian Ehrhardt Wed, 07 Apr 2021 11:58:29 +0200 qemu (1:5.2+dfsg-9ubuntu2) hirsute; urgency=medium * d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre.patch: fix go in qemu-s390x-static (LP: #1922010) -- Christian Ehrhardt Wed, 31 Mar 2021 10:01:40 +0200 qemu (1:5.2+dfsg-9ubuntu1) hirsute; urgency=medium * Merge with Debian unstable; Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - allow qemu to load old modules post upgrade (LP 1847361) - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP 1906245 1905377) - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix ld usage of -no-pie (LP 1907789) - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix virtio-9p-ccw being missing (LP 1916230) - d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due to glib2.0 >=2.67.3 (LP 1916705) -- Christian Ehrhardt Thu, 18 Mar 2021 11:13:49 +0100 qemu (1:5.2+dfsg-9) unstable; urgency=medium * do not make qemu-system-data dependent on qemu-system-foo (Closes: #985040) * CVE-2021-20263 - implement dropping security.capability xattr This adds two patches from upstream: virtiofsd-save-error-code-early-at-the-failure-callsite.patch virtiofsd-drop-remapped-security.capability-..-needed-CVE-2021-20263.patch Closes: #985083, CVE-2021-20263 * CVE-2021-3416 fix from upstream Fixes infinite loop in loopback mode of various network devices, adding 10 patches from upstream Closes: #984448, CVE-2021-3416 * net-e1000-fail-early-for-evil-descriptor-CVE-2021-20257.patch Fix CVE-2021-20257 from upstream: e1000: infinite loop while processing transmit descriptors Closes: #984450, CVE-2021-20257 -- Michael Tokarev Wed, 17 Mar 2021 21:02:30 +0300 qemu (1:5.2+dfsg-8) unstable; urgency=medium * a no-change upload to fix broken previous upload -- Michael Tokarev Sun, 14 Mar 2021 12:21:37 +0300 qemu (1:5.2+dfsg-7) unstable; urgency=high * do not make qemu-system-common dependent on qemu-system-foo. We removed modules from qemu-system-common for now, so there's no need for it to depend on any of qemu-system-foo of the same version. Among other things this fixes #983756 (which should be fixes some other way anyway, but it should be ok for now). Closes: #983756, #983921, #985195 Urgency is high because a single bin-NMU of qemu package made it uninstallable. -- Michael Tokarev Sun, 14 Mar 2021 11:32:54 +0300 qemu (1:5.2+dfsg-6ubuntu2) hirsute; urgency=medium * d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due to glib2.0 >=2.67.3 (LP: #1916705) -- Christian Ehrhardt Wed, 24 Feb 2021 08:39:09 +0100 qemu (1:5.2+dfsg-6ubuntu1) hirsute; urgency=medium * Merge with Debian unstable, includes fixes for - build operates differently if source is a git repo (LP: #1887535) Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - allow qemu to load old modules post upgrade (LP 1847361) - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP 1906245 1905377) - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix ld usage of -no-pie (LP 1907789) * Added changes - d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix virtio-9p-ccw being missing (LP: #1916230) -- Christian Ehrhardt Mon, 22 Feb 2021 11:40:36 +0100 qemu (1:5.2+dfsg-6) unstable; urgency=medium * deprecate qemu-debootstrap. It is not needed anymore with binfmt F flag, since everything now works without --foreign debootstrap argument and copying the right qemu binary into the chroot. Closes: #901197 * fix the brown-paper bag bug: wrong argument order in the linux-user-binfmt patch (really closes: #970460) -- Michael Tokarev Tue, 16 Feb 2021 12:11:20 +0300 qemu (1:5.2+dfsg-5) unstable; urgency=medium * d/rules: ensure b/ subdir exists before building palcode and qboot * d/changelog: #959530 is not fixed by 5.2+dfsg-4 * 3 virtiofsd patches Closes: #980814, CVE-2020-35517 virtiofsd: potential privileged host device access from guest - virtiofsd-extract-lo_do_open-from-lo_open.patch - virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch - virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch -- Michael Tokarev Sun, 14 Feb 2021 17:44:06 +0300 qemu (1:5.2+dfsg-4) unstable; urgency=medium [ Michael Tokarev ] * require libfdt >= 1.5.0-2 due to #931046 * qemu-user: attempt to preserve argv[0] when run under binfmt (Closes: #970460) This changes the enterpreter name for all linux-user registered binfmts, so it potentially can break stuff. The actual binary being registered now is /usr/libexec/qemu-binfmt/foo-binfmt-P, which is a symlink to actual /usr/lib/qemu-foo[-static]. * ignore .git-submodule-status when building source * some security fixes from upstream: o arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch Closes: CVE-2021-20221 GIC (armv7): out-of-bound heap buffer access via an interrupt ID field o 9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch Closes: CVE-2021-20181 * non-security fixes from upstream: pc-bios-descriptors-fix-paths-in-json-files.patch - fixes wrong paths in edk2-firmware-related json files introduced in 5.2 [ Christian Ehrhardt ] * d/control-in: avoid version mismatch of installed binaries (Closes: #956377) [ Dan Streetman ] * Backport configure param --with-git-submodules and set to 'ignore' -- Michael Tokarev Sun, 14 Feb 2021 16:52:10 +0300 qemu (1:5.2+dfsg-3ubuntu2) hirsute; urgency=medium * No change rebuild to pick up liburing. (LP: #1914145) -- Mauricio Faria de Oliveira Wed, 03 Feb 2021 19:44:54 -0300 qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium * Merge with Debian unstable, includes fixes for - qemu-user-static are partially dynamically linked (LP: #1908331) - qemu crashing when using spice without qemu-system-gui being installed (LP: #1908577) Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - allow qemu to load old modules post upgrade (LP 1847361) - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP 1906245 1905377) - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix ld usage of -no-pie (LP 1907789) -- Christian Ehrhardt Tue, 05 Jan 2021 12:43:42 +0100 qemu (1:5.2+dfsg-3) unstable; urgency=medium [ Christian Ehrhardt ] * d/rules: fix qemu-user-static to really be static (LP: #1908331) [ Michael Tokarev ] * build most modules statically (besides block and gui parts). This makes qemu-system-common package to be of less strict dependency for other qemu-system-* packages, and also Closes: #977301, #978131 * especially remove removed binfmts in qemu-user-{static,binfmt}.preinst (really Closes: #977015) * memory-clamp-cached-translation-MMIO-region-CVE-2020-27821.patch (Closes: #977616, CVE-2020-27821) -- Michael Tokarev Tue, 29 Dec 2020 15:07:03 +0300 qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium * Merge with Debian unstable - includes fix for CVE-2020-17380 - includes a fix for s390x PCI device reset (LP: #1907656) Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - allow qemu to load old modules post upgrade (LP 1847361) - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP 1906245 1905377) * Dropped Changes: - d/control, d/rules: build with gcc-9 on armhf as workaround until resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100% fails] * Added Changes: - Refreshed ubuntu machine types for hirsute@5.2 - d/control: regenerated from d/control-in - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix ld usage of -no-pie (LP: #1907789) -- Christian Ehrhardt Wed, 09 Dec 2020 16:44:47 +0100 qemu (1:5.2+dfsg-2) unstable; urgency=medium * move ui-opengl.so module from qemu-system-gui to qemu-system-common, as other modules want it (Closes: #976996, #977022) * do not install dropped ppc64abi32 binfmt for qemu-user[-static] (Closes: #977015) -- Michael Tokarev Thu, 10 Dec 2020 11:15:43 +0300 qemu (1:5.2+dfsg-1) unstable; urgency=medium * new upstream release Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3) Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2) Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3) Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058) Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f) Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a) Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6) Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540) Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1) Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03) Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9) Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a) * remove obsolete patches * refresh use-fixed-data-path.patch and debian/get-orig-source.sh * bump minimum meson version required for build to 0.55.3 * update build rules for several components * remove deprecated lm32 and unicore32 system emulators * remove deprecated ppc64abi32 and tilegx linux-user emulators * install ui-spice-core.so & chardev-spice.so in qemu-system-common * install ui-egl-headless.so in qemu-system-common * install hw-display-virtio-*.so in qemu-system-common * install ui-opengl.so in qemu-system-gui * install qemu-pr-helper.8 in qemu-system-common * qemu-pr-helper moved to usr/bin/ again * qboot.rom renamed from bios-microvm.bin * remove several unused lintian overrides * add spelling.diff patch to fix a few spelling errors * update Standards-Version to 4.5.1 * fix a few trailing whitespaces in d/control and d/changelog * require libcapstone >= 4.0.2 (v4) for build -- Michael Tokarev Wed, 09 Dec 2020 08:57:41 +0300 qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on the bad old prerm (LP: #1906245) -- Christian Ehrhardt Mon, 30 Nov 2020 12:53:03 +0100 qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium * Fix upgrade module handling (LP: #1905377) This was accetped in a slightly different form in qemu_5.0-6 and therefore allows to drop some former delta that is now conflicting. Ubuntu still keeps enabling --enable-module-upgrades, but only for qemu-xen which doesn't exist in Debian - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in - d/rules: Drop generating package version into maintainer scripts -- Christian Ehrhardt Tue, 24 Nov 2020 11:16:01 +0100 qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium * Merge with Debian testing, remaining changes: Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854) - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - allow qemu to load old modules post upgrade (LP 1847361) - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on upgrade - d/rules: generate maintainer scripts matching package version on build - d/rules: enable --enable-module-upgrades where --enable-modules is set - d/control: regenerate debian/control out of control-in * Dropped changes [in Debian or no more needed] - d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture (pmdk v1.8-1) - d/rules: makefile definitions can't be recursive - sys_systems for s390x - d/rules: report config log from the correct subdir - d/control-in: disable rbd support unavailable on riscv (LP: 1872931) - Pick further changes for groovy from debian/master since 5.0-5 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch - megasas-use-unsigned-type-for-positive-numeric-fields.patch - megasas-fix-possible-out-of-bounds-array-access.patch - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch - a few patches from the stable series: - fix-tulip-breakage.patch - 9p-lock-directory-streams-with-a-CoMutex.patch Prevent deadlocks in 9pfs readdir code - net-do-not-include-a-newline-in-the-id-of-nic-device.patch Fix newline accidentally sneaked into id string of a nic - qemu-nbd-close-inherited-stderr.patch - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch - virtio-balloon-unref-the-iothread-when-unrealizing.patch - acpi-tmr-allow-2-byte-reads.patch - reapply CVE-2020-13253 fixes from upstream - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch - linux-user-add-netlink-RTM_SETLINK-command.patch - d/control: since qemu-system-data now contains module(s), it can't be multi-arch. Ditto for qemu-block-extra. - qemu-system-foo: depend on exact version of qemu-system-data, due to the latter having modules - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' This is another incarnation of the recent bugfix which actually enabled memory access constraints, like #964247 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch and acpi-tmr-allow-2-byte-reads.patch, a more complete fix - xhci-fix-valid.max_access_size-to-access-address-registers.patch fix one more incarnation of the breakage after the CVE-2020-13754 fix - do not install outdated (0.12 and before) Changelog - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 - sm501 OOB read/write due to integer overflow in sm501_2d_operation() - riscv-allow-64-bit-access-to-SiFive-CLINT.patch another fix for revert-memory-accept-.. CVE-2020-13754 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 - d/control-in: build-dep libcap is no more needed - arch aware kvm wrappers [upstream now automatically enables KVM if available and called with kvm* name, provides KVM as before but with auto-fallback to tcg. Former behavior of KVM-or-die can be achieved via -machine accel=kvm ] * Dropped changes [upstream now] - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb setup_len - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930) - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942) - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot from vfio-ccw (LP 1887935) - fix qemu-user-static initialization to allow executing systemd (LP 1890881) - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187) - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on SQXBR (LP 1883984) - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154) - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI environments (LP 1887763) - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546) - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that crashes it on shutdown (LP 1878973) - update d/p/ubuntu/lp-1835546-* to the final versions - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix FTBFS in groovy * Added Changes: - update ubuntu machine types for hirsute@5.1 - d/control: regenerated from d/control-in - d/control, d/rules: build with gcc-9 on armhf as workaround until resolved in gcc-10 (LP: 1890435) -- Christian Ehrhardt Thu, 29 Oct 2020 12:37:31 +0100 qemu (1:5.1+dfsg-4) unstable; urgency=high * mention closing of CVE-2020-16092 by 5.1 * usb-fix-setup_len-init-CVE-2020-14364.patch Closes: #968947, CVE-2020-14364 (OOB r/w access in USB emulation) -- Michael Tokarev Wed, 02 Sep 2020 16:14:52 +0300 qemu (1:5.1+dfsg-3) unstable; urgency=medium * fix one more issue in last upload. This is what happens when you do "obvious" stuff in a hurry without proper testing.. -- Michael Tokarev Mon, 17 Aug 2020 22:19:55 +0300 qemu (1:5.1+dfsg-2) unstable; urgency=medium * fix brown-paper bag bug in last upload -- Michael Tokarev Mon, 17 Aug 2020 20:58:52 +0300 qemu (1:5.1+dfsg-1) unstable; urgency=medium * hw-display-qxl.so depends on spice so install it only if it is built just like ui-spice-app * note #931046 for libfdt -- Michael Tokarev Mon, 17 Aug 2020 18:57:14 +0300 qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium * new upstream release 5.1.0. Make source DFSG-clean again Closes: #968088 Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3) * remove all patches which are applied upstream * do not install non-existing doc/qemu/*-ref.* * qemu-pr-helper is now in /usr/lib/qemu not /usr/bin * virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin * new architecture: qemu-system-avr * refresh d/get-orig-source.sh * d/get-orig-source.sh: report already removed files in dfsg-clean * install common modules in qemu-system-common * lintian tag renamed: shared-lib-without-dependency-information to shared-library-lacks-prerequisites -- Michael Tokarev Wed, 12 Aug 2020 19:09:24 +0300 qemu (1:5.0-14) unstable; urgency=high * this is a bugfix release before breaking toys with the new upstream * riscv-allow-64-bit-access-to-SiFive-CLINT.patch (another fix for revert-memory-accept-..-CVE-2020-13754) * install /usr/lib/*/qemu/ui-curses.so in qemu-system-common Closes: #966517 -- Michael Tokarev Fri, 31 Jul 2020 11:45:25 +0300 qemu (1:5.0-13) unstable; urgency=medium * seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 -- Michael Tokarev Wed, 22 Jul 2020 22:16:41 +0300 qemu (1:5.0-12) unstable; urgency=medium * acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch and acpi-tmr-allow-2-byte-reads.patch, a more complete fix * xhci-fix-valid.max_access_size-to-access-address-registers.patch fix one more incarnation of the breakage after the CVE-2020-13754 fix * do not install outdated (0.12 and before) Changelog (Closes: #965381) * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 * sm501 OOB read/write due to integer overflow in sm501_2d_operation() List of patches: sm501-convert-printf-abort-to-qemu_log_mask.patch sm501-shorten-long-variable-names-in-sm501_2d_operation.patch sm501-use-BIT-macro-to-shorten-constant.patch sm501-clean-up-local-variables-in-sm501_2d_operation.patch sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch Closes: #961451, CVE-2020-12829 -- Michael Tokarev Wed, 22 Jul 2020 19:42:29 +0300 qemu (1:5.0-11) unstable; urgency=high * d/control-in: only enable opengl (libdrm&Co) on linux * d/control-in: spice: drop versioned deps (even jessie version is enough), drop libspice-protocol-dev (automatically pulled by libspice-server-dev), and build on more architectures * change from debhelper versioned dependency to debhelper-compat (=12) * acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793) This is another incarnation of the recent bugfix which actually enabled memory access constraints, like #964247 Urgency = high due to this issue. -- Michael Tokarev Mon, 20 Jul 2020 18:41:17 +0300 qemu (1:5.0-10) unstable; urgency=medium * fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x) * use the same $(if) construct to simplify #ifdeffery -- Michael Tokarev Sat, 18 Jul 2020 10:02:41 +0300 qemu (1:5.0-9) unstable; urgency=medium * move kvm executable/script from qemu-kvm to qemu-system-foo, make it multi-arch, and remove qemu-kvm package * remove libcacard leftovers from d/.gitignore * linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch (Closes: #965109) * linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289) * libudev is linux-specific, do not build-depend on it on kfreebsd and others * install virtiofsd in d/rules (!sparc64) instead of d/qemu-system-common.install (fixes FTBFS on sparc64) * confirm -static-pie not working today still * d/control: since qemu-system-data now contains module(s), it can't be multi-arch. Ditto for qemu-block-extra. * qemu-system-foo: depend on exact version of qemu-system-data, due to the latter having modules * build all modules since there are modules anyway, no need to hack them in d/rules * fix spelling in a patch name/subject inlast upload * d/rules: do not use dh_install and dh_movefiles for individual pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files listed in d/foo.install too, in addition to given on command-line * remove trailing whitespace from d/changelog -- Michael Tokarev Sat, 18 Jul 2020 08:29:38 +0300 qemu (1:5.0-8) unstable; urgency=medium * d/control: rdma is linux-only, do not enable it on kfreebsd & hurd * add comment about virtiofsd conditional to d/qemu-system-common.install Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing seccomp onn that platform, we should either make virtiofsd conditional (!sparc64) or fix seccomp on sparc64 and build-depend on it * openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466) * seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467) * slof-remove-user-and-host-from-release-version.patch (Closes: #963472) * slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470) * update previous changelog, mention #945997 * reapply CVE-2020-13253 fixed from upstream: sdcard-simplify-realize-a-bit.patch (preparation for the next patch) sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253) sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational) sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch Closes: #961297, CVE-2020-13253 -- Michael Tokarev Fri, 17 Jul 2020 09:12:43 +0300 qemu (1:5.0-7) unstable; urgency=medium * Revert "d/rules: report config log from the correct subdir - base build" * Revert "d/rules: report config log from the correct subdir - microvm build" * acpi-tmr-allow-2-byte-reads.patch (Closes: #964247) * remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch - upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253) * explicitly specify --enable-tools on hppa and do the same trick with --enable-tcg-interpreter --enable-tools on a few other unsupported arches (Closes: #964372, #945997) -- Michael Tokarev Thu, 16 Jul 2020 18:36:08 +0300 qemu (1:5.0-6) unstable; urgency=medium [ Christian Ehrhardt ] * d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture * d/rules: makefile definitions can't be recursive - sys_systems for s390x * d/rules: report config log from the correct subdir - base build * d/rules: report config log from the correct subdir - microvm build * d/control-in: disable rbd support unavailable on riscv * fix assert in qemu guest agent that crashes on shutdown (LP: #1878973) * d/control-in: build-dep libcap is no more needed * d/rules: update -spice compat (Ubuntu only) [ Michael Tokarev ] * save block modules on upgrades (LP: #1847361) After upgrade a still running qemu of a former version can't load the new modules e.g. for extended storage support. Qemu 5.0 has the code to allow defining a path that it will load these modules from. * ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger infinite recursion via a crafted mm_index value during ati_mm_read or ati_mm_write call. * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu devices which uses min_access_size and max_access_size Memory API fields. Also closes: CVE-2020-13791 * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch CVE-2020-13659: address_space_map in exec.c can trigger a NULL pointer dereference related to BounceBuffer * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c has an OOB read via a crafted reply_queue_head field from a guest OS user * megasas-use-unsigned-type-for-positive-numeric-fields.patch fix other possible cases like in CVE-2020-13362 (#961887) * megasas-fix-possible-out-of-bounds-array-access.patch Some tracepoints use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause a very low impact OOB errors here * nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a DoS. * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation * sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. And a preparational patch, sdcard-update-coding-style-to-make-checkpatch-happy.patch * a few patches from the stable series: - fix-tulip-breakage.patch The tulip network driver in a qemu-system-hppa emulation is broken in the sense that bigger network packages aren't received any longer and thus even running e.g. "apt update" inside the VM fails. Fix this. - 9p-lock-directory-streams-with-a-CoMutex.patch Prevent deadlocks in 9pfs readdir code - net-do-not-include-a-newline-in-the-id-of-nic-device.patch Fix newline accidentally sneaked into id string of a nic - qemu-nbd-close-inherited-stderr.patch - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch - virtio-balloon-unref-the-iothread-when-unrealizing.patch [ Aurelien Jarno ] * Remove myself from maintainers -- Michael Tokarev Fri, 03 Jul 2020 18:24:48 +0300 qemu (1:5.0-5ubuntu11) hirsute; urgency=medium * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily machine type to match how it originally was released (LP: #1902654) -- Christian Ehrhardt Mon, 09 Nov 2020 08:19:07 +0100 qemu (1:5.0-5ubuntu10) hirsute; urgency=medium * No-change rebuild for brltty soname change. -- Matthias Klose Mon, 02 Nov 2020 16:59:33 +0100 qemu (1:5.0-5ubuntu9) groovy; urgency=medium * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb setup_len CVE-2020-14364 -- Christian Ehrhardt Tue, 22 Sep 2020 16:53:18 +0200 qemu (1:5.0-5ubuntu8) groovy; urgency=medium * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930) -- Christian Ehrhardt Mon, 14 Sep 2020 08:23:49 +0200 qemu (1:5.0-5ubuntu7) groovy; urgency=medium * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942) -- Christian Ehrhardt Wed, 09 Sep 2020 08:47:12 +0200 qemu (1:5.0-5ubuntu6) groovy; urgency=medium * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot from vfio-ccw (LP: #1887935) -- Christian Ehrhardt Tue, 25 Aug 2020 11:09:12 +0200 qemu (1:5.0-5ubuntu5) groovy; urgency=medium * fix qemu-user-static initialization to allow executing systemd (LP: #1890881) - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187) CVE-2020-16092 - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch -- Christian Ehrhardt Wed, 19 Aug 2020 07:19:42 +0200 qemu (1:5.0-5ubuntu4) groovy; urgency=medium * xen: provide compat links to what libxen-dev reports where to find the binaries (LP: #1890005) * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on SQXBR (LP: #1883984) * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154) -- Christian Ehrhardt Mon, 03 Aug 2020 07:15:28 +0200 qemu (1:5.0-5ubuntu3) groovy; urgency=medium * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI environments (LP: #1887763) * Pick further changes for groovy from debian/master since 5.0-5 - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger infinite recursion via a crafted mm_index value during ati_mm_read or ati_mm_write call. - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu devices which uses min_access_size and max_access_size Memory API fields. Also closes: CVE-2020-13791 - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch CVE-2020-13659: address_space_map in exec.c can trigger a NULL pointer dereference related to BounceBuffer - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c has an OOB read via a crafted reply_queue_head field from a guest OS user - megasas-use-unsigned-type-for-positive-numeric-fields.patch fix other possible cases like in CVE-2020-13362 (#961887) - megasas-fix-possible-out-of-bounds-array-access.patch Some tracepoints use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause a very low impact OOB errors here - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a DoS. - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation - a few patches from the stable series: - fix-tulip-breakage.patch The tulip network driver in a qemu-system-hppa emulation is broken in the sense that bigger network packages aren't received any longer and thus even running e.g. "apt update" inside the VM fails. Fix this. - 9p-lock-directory-streams-with-a-CoMutex.patch Prevent deadlocks in 9pfs readdir code - net-do-not-include-a-newline-in-the-id-of-nic-device.patch Fix newline accidentally sneaked into id string of a nic - qemu-nbd-close-inherited-stderr.patch - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch - virtio-balloon-unref-the-iothread-when-unrealizing.patch - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247) - reapply CVE-2020-13253 fixed from upstream: sdcard-simplify-realize-a-bit.patch (preparation for the next patch) sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253) sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational) sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch Closes: #961297, CVE-2020-13253 - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch (Closes: #965109) - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289) - d/control: since qemu-system-data now contains module(s), it can't be multi-arch. Ditto for qemu-block-extra. - qemu-system-foo: depend on exact version of qemu-system-data, due to the latter having modules - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793) This is another incarnation of the recent bugfix which actually enabled memory access constraints, like #964247 - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch and acpi-tmr-allow-2-byte-reads.patch, a more complete fix - xhci-fix-valid.max_access_size-to-access-address-registers.patch fix one more incarnation of the breakage after the CVE-2020-13754 fix - do not install outdated (0.12 and before) Changelog (Closes: #965381) - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 - sm501 OOB read/write due to integer overflow in sm501_2d_operation() List of patches: sm501-convert-printf-abort-to-qemu_log_mask.patch sm501-shorten-long-variable-names-in-sm501_2d_operation.patch sm501-use-BIT-macro-to-shorten-constant.patch sm501-clean-up-local-variables-in-sm501_2d_operation.patch sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch Closes: #961451, CVE-2020-12829 - riscv-allow-64-bit-access-to-SiFive-CLINT.patch another fix for revert-memory-accept-.. CVE-2020-13754 - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 -- Christian Ehrhardt Tue, 28 Jul 2020 13:21:31 +0200 qemu (1:5.0-5ubuntu2) groovy; urgency=medium * No change rebuild against new libnettle8 and libhogweed6 ABI. -- Dimitri John Ledkov Mon, 29 Jun 2020 22:32:55 +0100 qemu (1:5.0-5ubuntu1) groovy; urgency=medium * Merge with Debian testing (LP: #1749393), remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - arch aware kvm wrappers - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes --disable-xen for user-static builds] - d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture (pmdk v1.8-1) - d/rules: makefile definitions can't be recursive - sys_systems for s390x - d/rules: report config log from the correct subdir - allow qemu to load old modules post upgrade (LP 1847361) - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on upgrade - d/rules: generate maintainer scripts matching package version on build - d/rules: enable --enable-module-upgrades where --enable-modules is set - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546) - d/control-in: disable rbd support unavailable on riscv (LP: 1872931) - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that crashes it on shutdown (LP 1878973) * Dropped changes (no more needed) - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/control: avoid upgrade issues triggered by moving ivshmem tools after Debian. Fixed by bumping the related Breaks/Replaces to the Version Ubuntu introduced the change (LP 1862287) * Dropped changes (in Debian) - improved s390x support - d/binfmt-update-in: fix binfmt being called in some containers (LP 1840956) - qemu-system-x86-microvm package In addition to the generic multi-purpose qemu also provide a minimal feature binary that is loading faster for use cases with microvm machine type and qboot bios - d/control-in: add a new qemu-system-x86-microvm package - d/rules: add an extra config/build step to get the minimal qemu - Security and packaging fixes (LP 1872937) - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch CVE-2020-10702 CVE-2020-11102 - fix external spice UI + install ui-spice-app.so in qemu-system-common + install ui-spice-app.so only if built, spice is optional - switch binfmt registration to use update-binfmts --[un]import (#866756) - qemu-system-gui: Multi-Arch=same, not foreign (#956763) - qemu-system-data: s/highcolor/hicolor/ (#955741) - enable riscv build (LP 1872931) [ changes picked from Debian ] - enable support for riscv64 hosts - only enable librbd on architectures where it is built - ceph: do not list librados-dev as we only use librbd-dev and the latter depends on the former - seccomp grew up, no need in versioned build-dep - enable seccomp only on architectures where it can be built * Dropped changes (upstream) - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model (LP 1857033) - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527) - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of vhost-user-gpu - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: avoid unnecessary IOTLB transactions (LP 1866207) - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream patches @qemu-stable (LP 1867519) - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 to avoid broken nesting (LP 1868692) - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR (LP 1871830) - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107) - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh and clobbered doubles (LP 1872945) - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt() - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in ati_2d_blt() to avoid crash in hw/display/ati_2d.c. - CVE-2020-11869 - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts - async: use explicit memory barriers (LP 1805256) - aio-wait: delegate polling of main AioContext if BQL not held - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not supporting to set them (LP 1882774) - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module load to a versioned path * Added Changes: - d/control: regenerate debian/control out of control-in - update d/p/ubuntu/lp-1835546-* to the final versions - 11 patches dropped as they are in 5.0 - 20 patches updated to how they will be in 5.1 - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix FTBFS in groovy - Make qemu-system-x86-microvm a transitional package as the binary is now in qemu-system-x86 itself. - d/control-in: build-dep libcap is no more needed - d/rules: update arch aware kvm wrappers - d/qemu-system-x86.README.Debian: fix typo -- Christian Ehrhardt Tue, 16 Jun 2020 16:50:09 +0200 qemu (1:5.0-5) unstable; urgency=medium * more binfmt-install updates * CVE-2020-10717 fix from upstream: virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch (Closes: #959746, CVE-2020-10717) * 2 patches from upstream/stable to fix io_uring fd set buildup: aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch * upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch * upstream stable fix: net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch -- Michael Tokarev Wed, 13 May 2020 12:57:19 +0300 qemu (1:5.0-4) unstable; urgency=medium * fix binfmt registration (Closes: #959222) * disable PIE for user-static build on x32 too, not only i386 -- Michael Tokarev Fri, 01 May 2020 13:30:43 +0300 qemu (1:5.0-3) unstable; urgency=medium * do not explicitly enable -static-pie on non-i386 architectures. Apparenly only amd64 actually support -static-pie for now, and it is correctly detected. -- Michael Tokarev Thu, 30 Apr 2020 08:05:31 +0300 qemu (1:5.0-2) unstable; urgency=medium * (temporarily) disable pie on i386 static build For now -static-pie fails on i386 with the following error message: /usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o): unsupported non-PIC call to IFUNC `memset' * install qemu-system docs in qemu-system-common, not qemu-system-data, since docs require ./configure run -- Michael Tokarev Wed, 29 Apr 2020 23:41:04 +0300 qemu (1:5.0-1) unstable; urgency=medium * new upstream release (5.0) Closes: #958926 Closes: CVE-2020-11869 * refresh patches, remove patches applied upstream * do not mention openhackware, it is not used anymore * do not disable bluez (support removed) * new system arch "rx" * dont install qemu-doc.* for now, but install virtiofsd & qemu-storage-daemon * add shared-lib-without-dependency-information tag to qemu-user-static.lintian-overrides * add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common) * do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools * install qemu-user html docs for qemu-user & qemu-user-static * build hppa-firmware.img from roms/seabios-hppa (and Build-Depeds-Indep on gcc-hppa-linux-gnu) * enable liburing on linux (build-depend on liburing-dev) * add upstream signing-key.asc (Michael Roth ) * build opensbi firmware (for riscv64 only, riscv32 is possible with compiler flags) * add source-level lintian-overrides for binaries-without-sources (lintian can't find sources for a few firmware images which are in roms/) -- Michael Tokarev Wed, 29 Apr 2020 12:00:12 +0300 qemu (1:4.2-7) unstable; urgency=medium * qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763) * x32 arch is in the same family as i386 & x86_64, omit binfmt registration * check systemd-detect-virt before running update-binfmt * gluster is de-facto linux-only, do not build-depend on it on non-linux * virglrenderer is also essentially linux-specific * qemu-user-static does not depend on shlibs * disable parallel building of targets of d/rules * add lintian overrides (arch-dependent static binaries) for openbios binaries * separate binary-indep target into install-indep-prep and binary-indep * split out various components of qemu-system-data into independent build/install rules and add infrastructure for more components: x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper, slof, s390x-fw * iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch -- Michael Tokarev Mon, 20 Apr 2020 18:30:00 +0300 qemu (1:4.2-6) unstable; urgency=medium * d/rules: fix FTBFS (brown-paper-bag bug) in last upload -- Michael Tokarev Tue, 14 Apr 2020 17:08:45 +0300 qemu (1:4.2-5) unstable; urgency=medium * no error-out on address-of-packet-member in openbios * install ui-spice-app.so only if built, spice is optional * arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch - Closes: CVE-2020-10702, weak signature generation in Pointer Authentication support for ARM * (temporarily) enable seccomp only on architectures where it can be built (Closes: #956624) * seccomp has grown up, no need in versioned build-dep * do not list librados-dev in build-dep as we only use librbd-dev and the latter depends on the former * only enable librbd on architectures where it is buildable -- Michael Tokarev Tue, 14 Apr 2020 15:47:40 +0300 qemu (1:4.2-4) unstable; urgency=medium [ Michael Tokarev ] * d/rules: build minimal configuration for qboot/microvm usage * set microvm to be the default machine type for microvm case * install ui-spice-app.so in qemu-system-common * do not depend on libattr-dev, functions are now in libc6 (Closes: #953910) * net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch (Closes: #956145, CVE-2020-11102, tulip nic buffer overflow) * qemu-system-data: s/highcolor/hicolor/ (Closes: #955741) * switch binfmt registration to use update-binfmts --[un]import (Closes: #866756) * build openbios-ppc & openbios-sparc binaries in qemu-system-data, and replace corresponding binary packages. Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep * build and provide/replace qemu-slof too [ Aurelien Jarno ] * enable support for riscv64 hosts -- Michael Tokarev Tue, 14 Apr 2020 12:44:43 +0300 qemu (1:4.2-3ubuntu10) groovy; urgency=medium * No-change rebuild against libnettle8 -- Steve Langasek Mon, 20 Jul 2020 16:12:37 +0000 qemu (1:4.2-3ubuntu9) groovy; urgency=medium * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that crashes it on shutdown (LP: #1878973) * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not supporting to set them (LP: #1882774) -- Christian Ehrhardt Tue, 02 Jun 2020 10:42:49 +0200 qemu (1:4.2-3ubuntu8) groovy; urgency=medium * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts - async: use explicit memory barriers (LP: #1805256) - aio-wait: delegate polling of main AioContext if BQL not held -- Rafael David Tinoco Wed, 27 May 2020 21:47:21 +0000 qemu (1:4.2-3ubuntu7) groovy; urgency=medium * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt() - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in ati_2d_blt() to avoid crash in hw/display/ati_2d.c. - CVE-2020-11869 -- Marc Deslauriers Thu, 21 May 2020 14:43:19 -0400 qemu (1:4.2-3ubuntu6) focal; urgency=medium [ Christian Ehrhardt ] * enable riscv build (LP: #1872931) [ changes picked from Debian ] - enable support for riscv64 hosts - only enable librbd on architectures where it is built - ceph: do not list librados-dev as we only use librbd-dev and the latter depends on the former - seccomp grew up, no need in versioned build-dep - enable seccomp only on architectures where it can be built * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh and clobbered doubles (LP: #1872945) [ William Grant ] * d/control-in: disable rbd support unavailable on riscv (LP: 1872931) -- Christian Ehrhardt Wed, 15 Apr 2020 14:27:15 +0200 qemu (1:4.2-3ubuntu5) focal; urgency=medium [ Christian Ehrhardt ] * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR (LP: #1871830) * Security and packaging fixes (LP: #1872937) - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch CVE-2020-10702 CVE-2020-11102 - fix external spice UI + install ui-spice-app.so in qemu-system-common + install ui-spice-app.so only if built, spice is optional - switch binfmt registration to use update-binfmts --[un]import (#866756) - qemu-system-gui: Multi-Arch=same, not foreign (#956763) - qemu-system-data: s/highcolor/hicolor/ (#955741) * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107) -- Christian Ehrhardt Wed, 15 Apr 2020 11:26:44 +0200 qemu (1:4.2-3ubuntu4) focal; urgency=medium * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546) * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 to avoid broken nesting (LP: #1868692) -- Christian Ehrhardt Fri, 20 Mar 2020 08:02:16 +0100 qemu (1:4.2-3ubuntu3) focal; urgency=medium * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream patches @qemu-stable (LP: #1867519) -- Christian Ehrhardt Wed, 18 Mar 2020 13:57:57 +0100 qemu (1:4.2-3ubuntu2) focal; urgency=medium * allow qemu to load old modules post upgrade (LP: #1847361) - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module load to a versioned path - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on upgrade - d/rules: generate maintainer scripts matching package version on build - d/rules: enable --enable-module-upgrades where --enable-modules is set * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: avoid unnecessary IOTLB transactions (LP: #1866207) -- Christian Ehrhardt Mon, 02 Mar 2020 15:21:27 +0100 qemu (1:4.2-3ubuntu1) focal; urgency=medium * Merge with Debian testing, remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - improved s390x support - d/rules: build s390-ccw.img with upstream Makefile - d/rules: build s390-netboot.img with upstream Makefile - arch aware kvm wrappers - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/binfmt-update-in: fix binfmt being called in some containers (LP 1840956) - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model (LP 1857033) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527) - Dropped changes [ in Debian ] - d/control: update VCS links - d/control-in: bump debhelper build-dep for compat 12 - d/control: disable bluetooth being deprecated - d/not-installed: ignore new interop docs and extra icons for now - d/not-installed: do not install elf2dmp until namespaced - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap [ not needed ] - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617) - s390x support - Create qemu-system-s390x package - Enable numa support for s390x - d/control*: enable libpmem support for nvdimms (LP 1790856) * Added changes - d/control: regenerate debian/control out of control-in - qemu-system-x86-microvm package In addition to the generic multi-purpose qemu also provide a minimal feature binary that is loading faster for use cases with microvm machine type and qboot bios - d/control-in: add a new qemu-system-x86-microvm package - d/rules: add an extra config/build step to get the minimal qemu - d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture (pmdk v1.8-1) - d/rules: makefile definitions can't be recursive - sys_systems for s390x - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of vhost-user-gpu - d/rules: report config log from the correct subdir - d/rules: --disable-xen for user-static builds -- Christian Ehrhardt Wed, 12 Feb 2020 15:21:56 +0100 qemu (1:4.2-3) unstable; urgency=medium * mention closing of #909743 in previous changelog (Closes: #909743) * do not link to qemu-skiboot from qemu-system-ppc (Closes: #950431) * provide+conflict qemu-skiboot from qemu-system-data, as we are not using this package anymore -- Michael Tokarev Sat, 01 Feb 2020 22:10:57 +0300 qemu (1:4.2-2) unstable; urgency=medium [ Fabrice Bauzac ] * Fix a typo in the description of the qemu binary package [ Frédéric Bonnard ] * Enable powernv emulation with skiboot firmware [ Michael R. Crusoe ] * Modernize watch file (Closes: #909743) [ Christian Ehrhardt ] * d/control-in: promote qemu-efi/ovmf in Ubuntu * d/control-in: bump debhelper build-dep for compat 12 * - d/control-in: update VCS links * - d/control-in: disable bluetooth being deprecated * d/not-installed: ignore new interop docs and extra icons for now * do not install elf2dmp until namespaced * d/control-in: Enable numa support for s390x * Create qemu-system-s390x package (Ubuntu only for now) [ Michael Tokarev ] * stop using inttypes.h in qboot code; this makes dependency on libc6-dev-i386 to be unnecessary * qboot-no-jump-tables.diff - use #pragma for one file in qboot * do not install qemu-edid and qemu-keymap for now * no need in bluetooth patches as bluetooth is disabled * scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch (Closes: #949731, CVE-2020-1711) * enable libpmem support on amd64|arm64|ppc64el (Closes: #935327) -- Michael Tokarev Fri, 31 Jan 2020 23:51:09 +0300 qemu (1:4.2-1ubuntu2) focal; urgency=medium * d/control: avoid upgrade issues triggered by moving ivshmem tools after Debian. Fixed by by bumping the related Breaks/Replaces to the Version Ubuntu introduced the change (LP: #1862287) -- Christian Ehrhardt Fri, 07 Feb 2020 07:31:21 +0100 qemu (1:4.2-1ubuntu1) focal; urgency=medium * Merge with Debian testing, Among many other things this fixes LP Bugs: LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc LP: #1812822 - avoid crashes on detaching vhost_net interfaces LP: #1852744 - Crypto Passthrough Interrupt Support LP: #1853316 - CCW IPL Support Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - Enable nesting by default - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Enable numa support for s390x - d/rules: build s390-ccw.img with upstream Makefile - d/rules: build s390-netboot.img with upstream Makefile - arch aware kvm wrappers - d/control: update VCS links - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - d/control: disable bluetooth being deprecated - d/not-installed: ignore new interop docs and extra icons for now - d/not-installed: do not install elf2dmp until namespaced - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617) - d/binfmt-update-in: fix binfmt being called in some containers (LP 1840956) - Dropped changes (in Debian) - qemu-guest-agent: freeze-hook fixes (LP: 1484990) - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - d/control-in: enable RDMA support in qemu (LP: 1692476) - enable RDMA config option - add libibumad-dev build-dep - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back some SLOF bits stripped in DFSG to be able to build s390x-netboot roms As that hack to build s390-ccw.img rom can't build s390x-netboot.img replace it with a build-indep using the upstream makefiles. This is less prone to miss future changes/fixes that are done to the makefiles - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga - d/rules: fix qemu-kvm service for debhelper compat >=12 - Refreshed patches for v4.0 context changes - d/control*: remove sdlabi which was removed upstream - d/control*: enable docs (now explicit) and provide new build-dep python3-sphinx - d/qemu-system-data.install: use new paths for formerly used icons - Merge with Upstream release of qemu 4.0 - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch - Dropped changes (Upstream) - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243) - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238) - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch: fix i386 build error - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac: fix naming of the new vector facitlity (LP 1836066) - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues for missing SIOCGSTAMP definition; final fix is still in discussion upstream (LP: 1836159) - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer s390x machines (LP 1836154) - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags (LP 1841066) - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch: update the z15 model name (LP 1842774) - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch: fix a potential hang when qemu or qemu-img where accessing http backed disks via libcurl (LP 1848556) - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*: fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497) - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch toleration for future machines (LP 1830704) - SECURITY UPDATE: Add support for exposing md-clear functionality to guests - d/p/ubuntu/enable-md-clear.patch - d/p/ubuntu/enable-md-no.patch - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - SECURITY UPDATE: heap overflow when loading device tree blob - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to copy the device tree blob into is. - CVE-2018-20815 - SECURITY UPDATE: device driver denial of service via NULL pointer dereference - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read' routine - CVE-2019-5008 - SECURITY UPDATE: information leak in SLiRP - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when emulating ident. - CVE-2019-9824 - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for- unimplement.patch: properly return architecture defined exception on bad subcodes of diag 308 (LP 1812384) * Dropped changes (no more needed) - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for mv_conffile since the new path is a directory in the old package version which can not be handled by mv_conffile. [ only needed between disco and eoan ] - disable pvrdma [ CVEs all fixed now ] - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: avoid misdetection of simplified nesting blocking all migrations [ qemu now detects and handles nesting - needs kernel >=4.20 ] - Enable nesting by default - d/qemu-system-x86.modprobe: set nested=1 module option on intel. (is default on amd) - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded without nested=1 [ nesting is default in kernel modules and default selected cpu types ] * Added changes - d/control: regenerate debian/control out of control-in - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal - added ubuntu focal types for qemu 4.2 - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model (LP: #1857033) - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative - fix typos in changelog and d/qemu-system-x86.NEWS - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527) - d/control*: enable libpmem support for nvdimms (LP: #1790856) -- Christian Ehrhardt Wed, 08 Jan 2020 15:27:42 +0100 qemu (1:4.2-1) unstable; urgency=medium * new upstream release (4.2.0) * removed patches: v4.1.1.diff, enable-pschange-mc-no.patch * do not make sgabios.bin executable (lintian) * add s390-netboot.img lintian overrides for qemu-system-data * build qboot (bios-microvm.bin) * build-depend-indep on libc6-dev-i386 for qboot (includes some system headers) -- Michael Tokarev Sat, 14 Dec 2019 14:07:27 +0300 qemu (1:4.1-3) unstable; urgency=medium * mention #939869 (CVE-2019-15890) in previous changelog entry * add Provides: sgabios to qemu-data (Closes: #945924) * fix qemu-debootsrtap (add hppa arch, print correct error message) thanks to Helge Deller (Closes: #923410) * enable long binfmt masks again for mips/mips32 (Closes: #829243) -- Michael Tokarev Mon, 02 Dec 2019 13:24:58 +0300 qemu (1:4.1-2) unstable; urgency=medium * build sgabios in build-indep, conflict with sgabios package * qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb * remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog * move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img * imported v4.1.1.diff - upstream stable branch Closes: CVE-2019-12068 Closes: #945258, #945072 * enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature to allow disabling ITLB multihit mitigations in nested hypervisors Closes: #944623 * build-depend on nettle-dev, enable nettle, and clarify --enable-lzo * switch to system libslirp, build-depend on libslirp-dev Closes: #939869, CVE-2019-15890 -- Michael Tokarev Mon, 25 Nov 2019 12:54:05 +0300 qemu (1:4.1-1) unstable; urgency=medium * new upstream release v4.1 Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly) (use internal slirp copy for now) Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME) Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity) Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug) Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE) Closes: #927924 (new upstream version) Closes: #897054 (AMD Zen CPU support) Closes: #935324 (FTBFS due to gluster API change) Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings) Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings) Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.) Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c) * remove patches which are applied upstream, refresh remaining patches (bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream, bluetooth subsystem is going to be removed, we keep it for now) * debian/source/options: ignore slirp/ submodule * use python3 for building, not python * debian/optionrom.mk: add pvh.bin * switch from libssh2 to libssh, and enable libssh support in ubuntu * bump spice version requiriment to 0.12.5 * enable pvrdma * debian/control-in: remove reference to libsdl * debian/rules: add new objects for s390-ccw fw * debian/control: add build dependency on python3-sphinx for docs * install ui/icons/qemu.svg and qemu.desktop * debian/rules: remove pc-bios/bamboo.dtb before building it * install vhost-user-gpu binary and 50-qemu-gpu.json * debian/rules: remove old maintscript-helper invocations, not needed anymore * remove +dfsg for now, upload whole upstream source, will trim it later -- Michael Tokarev Tue, 27 Aug 2019 12:43:43 +0300 qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch: fix a potential hang when qemu or qemu-img where accessing http backed disks via libcurl (LP: #1848556) * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch: fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497) -- Christian Ehrhardt Mon, 21 Oct 2019 14:51:45 +0200 qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch: update the z15 model name (LP: #1842774) -- Christian Ehrhardt Tue, 24 Sep 2019 11:42:58 +0200 qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium * d/binfmt-update-in: fix binfmt being called in some containers (LP: #1840956) -- Christian Ehrhardt Mon, 09 Sep 2019 11:03:13 +0200 qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose Thu, 05 Sep 2019 11:07:25 +0000 qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags (LP: #1841066) -- Christian Ehrhardt Mon, 26 Aug 2019 12:08:04 +0200 qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer s390x machines (LP: #1836154) -- Christian Ehrhardt Wed, 17 Jul 2019 13:20:42 +0200 qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617) - pick Debian change for (#889885) move ovmf to recommends on debian and update aarch ovmf refs - stop Ubuntu to drop ovmf/qemu-efi to a suggest -- Christian Ehrhardt Fri, 12 Jul 2019 12:48:24 +0200 qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues for missing SIOCGSTAMP definition; final fix is still in discussion upstream (LP: 1836159) -- Christian Ehrhardt Thu, 11 Jul 2019 10:10:00 +0200 qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac: fix naming of the new vector facitlity (LP: #1836066) * d/control-in: update VCS links in control template as well -- Christian Ehrhardt Thu, 11 Jul 2019 08:18:44 +0200 qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium * Merge with Upstream release of qemu 4.0. Among many other things this fixes LP Bugs: LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA) LP: #1828038 - Update s390x CPU Model for more HW support LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el Remaining Changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Enable nesting by default - d/qemu-system-x86.modprobe: set nested=1 module option on intel. (is default on amd) - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - d/qemu-system-x86.README.Debian: document intention of nested being default is comfort, not full support - Distribution specific machine type (LP: 1304107 1621042) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Enable numa support for s390x - arch aware kvm wrappers - d/control: update VCS links - qemu-guest-agent: freeze-hook fixes (LP: 1484990) - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - d/control-in: enable RDMA support in qemu (LP: 1692476) - enable RDMA config option - add libibumad-dev build-dep - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) - Move s390x roms to a new qemu-system-data-s390x - d/qemu-system-data.install: install s390x roms as architecture:all in qemu-system-data - d/rules: build s390-ccw.img with upstream Makefile - d/rules: build s390-netboot.img with upstream Makefile - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back some SLOF bits stripped in DFSG to be able to build s390x-netboot roms As that hack to build s390-ccw.img rom can't build s390x-netboot.img replace it with a build-indep using the upstream makefiles. This is less prone to miss future changes/fixes that are done to the makefiles - d/control-in: add breaks/replaces for moving s390x roms from qemu-system-s390x to qemu-system-data - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) [From not yet uploaded Debian branch] - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga - d/rules: fix qemu-kvm service for debhelper compat >=12 - disable pvrdma - besides several security holes there are many other bugs there as well * Dropped patches that are upstream in v4.0 - d/p/do-not-link-everything-with-xen.patch - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778 - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor (LP: 1759509) - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement - d/p/ubuntu/CVE-2018-20815.patch - d/p/ubuntu/CVE-2019-5008.patch - d/p/ubuntu/CVE-2019-9824.patch - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: avoid misdetection of simplified nesting blocking all migrations * Dropped further patches d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665 [upstream deprecated the whole subsystem instead of applying the fix] * Added Changes - updated ubuntu machine types for v4.0 - added eoan types - fixed s390x issue of upstream types having a "v" prefix - add back dropped machine types to avoid more issues like LP: 1802944 - fix kvm split irqchip default in ubuntu q35 machine type - drop no more needed spapr_machine_2_11_sxxm_instance_options and adapt updated CamelCase - -hpb types now need to use GlobalProperties - pc_compat_2_0 got a _fn suffix and slight changes - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to SLOF of qemu 4.0 - Refreshed patches still needed for v4.0 context changes - d/p/use-fixed-data-path.patch - d/p/ubuntu/enable-svm-by-default.patch - d/p/ubuntu/enable-md-clear.patch - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP: #1830243) - d/control: disable bluetooth being deprecated - d/control*: remove sdlabi which was removed upstream - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238) - d/control*: enable docs (now explicit) and provide new build-dep python3-sphinx - d/not-installed: ignore new interop docs and extra icons for now - d/not-installed: do not install elf2dmp until namespaced - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap - d/qemu-system-data.install: use new paths for formerly used icons - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch: fix i386 build error -- Christian Ehrhardt Mon, 24 Jun 2019 16:33:19 +0200 qemu (1:3.1+dfsg-8) unstable; urgency=high * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch fixes a null-pointer dereference in sparc/sun4u emulated hw Closes: #927439, CVE-2019-5008 * enable-md-no.patch & enable-md-clear.patch mitigation for MDS (Microarchitectural Data Sampling) issues Closes: #929067, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * qxl-check-release-info-object-CVE-2019-12155.patch fixes null-pointer deref in qxl cleanup code Closes: #929353, CVE-2019-12155 * aarch32-exception-return-to-switch-from-hyp-mon.patch fixes booting U-Boot in UEFI mode on aarch32 Closes: #927763 * stop qemu-system-common pre-depending on adduser Closes: #929261 -- Michael Tokarev Mon, 27 May 2019 07:49:25 +0300 qemu (1:3.1+dfsg-7) unstable; urgency=high [ Michael Tokarev ] * device_tree-don-t-use-load_image-CVE-2018-20815.patch fix heap buffer overflow while loading device tree blob (Closes: CVE-2018-20815) [ Christian Ehrhardt ] * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291) - d/qemu-guest-agent.install: use correct path for fsfreeze-hook - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for mv_conffile since the new path is a directory in the old package version which can not be handled by mv_conffile. -- Michael Tokarev Wed, 27 Mar 2019 14:24:06 +0300 qemu (1:3.1+dfsg-6) unstable; urgency=high * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch fix information leakage in slirp code (Closes: CVE-2019-9824) -- Michael Tokarev Mon, 18 Mar 2019 14:41:51 +0300 qemu (1:3.1+dfsg-5) unstable; urgency=high * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure. Closes: #922635, CVE-2019-3812 -- Michael Tokarev Mon, 11 Mar 2019 14:30:44 +0300 qemu (1:3.1+dfsg-4) unstable; urgency=medium * mention closing of #855043 by 3.1+dfsg-3 * disable pvrdma for now, it is a bit too buggy. Besides several security holes there are many other bugs there as well, and the amount of patches applied upstream after 3.1 release is large (Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216) -- Michael Tokarev Mon, 11 Feb 2019 14:00:09 +0300 qemu (1:3.1+dfsg-3) unstable; urgency=medium [ Michael Tokarev ] * mention #696289 closed by 2.10 * move ovmf to recommends on debian and update aarch ovmf refs (Closes: #889885, #855043) * remove /dev/kvm permission handling (moved to systemd 239-6) (Closes: #892945) * build qemu-palcode using alpha cross-compiler (Closes: #913103) * fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To (Closes: #918378 * use int for sparc64 timeval.tv_usec (Closes: #920032) * build-depend on libglusterfs-dev not glusterfs-common (Closes: #919668, #881527) * add breaks: qemu-system-data to qemu-system-common, to close #916279 completely (all this can be removed after buster) (Closes: #916279) * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch (Closes: #920222, CVE-2019-6501) * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch (Closes: #921525) * pvrdma-release-device-resources-on-error-CVE-2018-20123.patch (Closes: #916442, CVE-2018-20123) * enable rdma and pvrdma, build-depend on librdmacm-dev, libibverbs-dev, libibumad-dev * sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter from the former (finally Closes: #901407) * move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common (the binaries are also specific to qemu-system, not useable alone) * move qemu-pr-helper from qemu-utils to qemu-system-common - this is an internal qemu-system helper, with possible socket activation, not intended for use outside of qemu-system [ Christian Ehrhardt ] * qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes) -- Michael Tokarev Wed, 06 Feb 2019 12:23:01 +0300 qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being broken since 2.11 due to 2.3/2.4 version mismatch in its definition to fix migrations from old machines (LP: #1829868). * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch toleration for future machines (LP: #1830704 -- Christian Ehrhardt Tue, 28 May 2019 11:30:42 +0200 qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium * SECURITY UPDATE: Add support for exposing md-clear functionality to guests - d/p/ubuntu/enable-md-clear.patch - d/p/ubuntu/enable-md-no.patch - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * SECURITY UPDATE: heap overflow when loading device tree blob - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to copy the device tree blob into is. - CVE-2018-20815 * SECURITY UPDATE: device driver denial of service via NULL pointer dereference - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read' routine - CVE-2019-5008 * SECURITY UPDATE: information leak in SLiRP - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when emulating ident. - CVE-2019-9824 -- Steve Beattie Wed, 08 May 2019 09:27:53 -0700 qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291) - d/qemu-guest-agent.install: use correct path for fsfreeze-hook - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for mv_conffile since the new path is a directory in the old package version which can not be handled by mv_conffile. * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure. Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev) CVE-2019-3812 -- Christian Ehrhardt Mon, 18 Mar 2019 09:20:07 +0100 qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium * disable pvrdma - besides several security holes there are many other bugs there as well, and the amount of patches applied upstream after 3.1 release is large (Closes, or actuallymakes unimportant again) - CVE-2018-20123 - CVE-2018-20124 - CVE-2018-20125 - CVE-2018-20126 - CVE-2018-20191 - CVE-2018-20216 * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch - CVE-2019-6501 * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch - CVE-2019-6778 -- Christian Ehrhardt Tue, 19 Feb 2019 06:43:04 +0100 qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium * Merge with Debian testing, Among many other things this fixes LP Bugs: LP: #1806104 - fix misleading page size error on ppc64el LP: #1782205 - SnowRidge enabled new ISAs LP: #1786956 - upgrade to qemu >= 3.0 LP: #1809083 - Backward migration to Xenial on ppc64el LP: #1803315 - s390x Huge page enablement LP: #1657409 - enable virglrenderer Remaining Changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - d/qemu-system-x86.modprobe: set nested=1 module option on intel. (is default on amd) - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - d/qemu-system-x86.README.Debian: document intention of nested being default is comfort, not full support - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type definitions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Enable numa support for s390x - arch aware kvm wrappers - d/control: update VCS links (updated to match latest Ubuntu) - qemu-guest-agent: freeze-hook fixes (LP: 1484990) - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - d/control-in: enable RDMA support in qemu (LP: 1692476) - enable RDMA config option - add libibumad-dev build-dep - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) * Added Changes: - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes for qemu 3.1 in the Ubuntu Disco release - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509) - Move s390x roms to a new qemu-system-data-s390x - d/qemu-system-data.install: install s390x roms as architecture:all in qemu-system-data - d/rules: build s390-ccw.img with upstream Makefile - d/rules: build s390x-netboot.img with upstream Makefile - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back some SLOF bits stripped in DFSG to be able to build s390x-netboot roms As that hack to build s390-ccw.img rom can't build s390x-netboot.img replace it with a build-indep using the upstream makefiles. This is less prone to miss future changes/fixes that are done to the makefiles - d/control-in: add breaks/replaces for moving s390x roms from qemu-system-s390x to qemu-system-data - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) [From not yet uploaded Debian branch] - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga (Closes: #918378) - d/rules: fix qemu-kvm service for debhelper compat >=12 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: avoid misdetection of simplified nesting blocking all migrations - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for- unimplement.patch: properly return archicture defined exception on bad subcodes of diag 308 (LP: #1812384) * Dropped Changes: - Include s390-ccw.img firmware (old style native build) - d/rules enable install s390x-netboot.img (old style native build) - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. [ Droppable since logind properly sets ACLs now ] - qemu-system-common.preinst: add kvm group if needed [ Droppable because systemd/udev take care of it since 239-6] - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent freeze-hook fixes (LP: 1484990) [upstream] - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches merged upstream [upstream] - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size computation while concatenating mbuf. CVE-2018-11806 [upstream] - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB for powerpc64 to speed up translation (LP: 1781526) [upstream] - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add cpu model for z14 ZR1 (LP: 1780773). [upstream] - Mark qemu-system-data foreign to be able to install it e.g. on i386 (Closes: 903562) [in Debian] - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet unreleased Debian version) [in Debian] - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered by migrations with UI frontends or frequent guest resolution changes (LP #1755912) [upstream] - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to extend eieio for POWER9 emulation (LP: 1787408). [upstream] - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch: ensure that the seccomp blacklist is applied to all threads (LP: 1789551) [upstream] - improve s390x spectre mitigation with etoken facility (LP: 1790457) [upstream] - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901) [upstream] - d/control-in: our addition of a qemu-system-s390x package needs to follow the split of qemu-system-data by adding a dependency to it (LP: 1798084) [in Debian] - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: 1787405) [upstream] - enable opengl for vfio-MDEV support (LP: 1804766) [in Debian] - SECURITY UPDATE: integer overflow in NE2000 NIC emulation [upstream] - SECURITY UPDATE: integer overflow via crafted QMP command [upstream] - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller [upstream] - SECURITY UPDATE: buffer overflow in rtl8139 [upstream] - SECURITY UPDATE: buffer overflow in pcnet [upstream] - SECURITY UPDATE: DoS via large packet sizes [upstream] - SECURITY UPDATE: DoS in lsi53c895a [upstream] - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64 [upstream] - SECURITY UPDATE: race condition in 9p [upstream] -- Christian Ehrhardt Tue, 08 Jan 2019 09:41:08 +0100 qemu (1:3.1+dfsg-2) unstable; urgency=medium * d/rules: split arch and indep builds * enable s390x cross-compiler and build s390-ccw.img (Closes: #684909) * build x86 optionrom in qemu-system-data (was in seabios/debian/) * qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562) * fix Replaces: version for qemu-system-common (Closes: #916279) * add simple udev rules file for systemd guest agent (Closes: #916674) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch Race condition in usb_mtp implementation (Closes: #916397) * bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch Memory corruption in bluetooth subsystem (Closes: #916278) * hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007) * bump debhelper compat to 12 (>>11) * d/rules: use dh_missing instead of dh_install --list-missing (compat=12) * use dh_installsystemd for guest agent (Closes: #916625) * mention closing by 3.1: Closes: #912655, CVE-2018-16847 * mention closing by 2.10: Closes: #849798, CVE-2016-10028 Closes: CVE-2017-9060 Closes: CVE-2017-8284 -- Michael Tokarev Fri, 21 Dec 2018 16:51:39 +0300 qemu (1:3.1+dfsg-1) unstable; urgency=medium * new upstream release (3.1) * Security bugs fixed by upstream: Closes: #910431, CVE-2018-10839: integer overflow leads to buffer overflow issue Closes: #911468, CVE-2018-17962 pcnet: integer overflow leads to buffer overflow Closes: #911469, CVE-2018-17963 net: ignore packets with large size Closes: #908682, CVE-2018-3639 qemu should be able to pass the ssbd cpu flag Closes: #901017, CVE-2018-11806 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams Closes: #902725, CVE-2018-12617 qmp_guest_file_read in qemu-ga has an integer overflow Closes: #907500, CVE-2018-15746 qemu-seccomp might allow local OS guest users to cause a denial of service Closes: #915884, CVE-2018-16867 dev-mtp: path traversal in usb_mtp_write_data of the MTP Closes: #911499, CVE-2018-17958 Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used Closes: #911470, CVE-2018-18438 integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value Closes: #912535, CVE-2018-18849 lsi53c895a: OOB msg buffer access leads to DoS Closes: #914604, CVE-2018-18954 pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory Closes: #914599, CVE-2018-19364 Use-after-free due to race condition while updating fid path Closes: #914727, CVE-2018-19489 9pfs: crash due to race condition in renaming files Closes: #912655, CVE-2018-16847 Out-of-bounds r/w buffer access in cmb operations * remove patches which were applied upstream * add new manpage qemu-cpu-models.7 * qemu-system-ppcemb is gone, use qemu-system-ppc[64] * do-not-link-everything-with-xen.patch (trivial) * get-orig-source: handle 3.x and 4.x, and remove roms again, as upstream wants us to use separate source packages for that stuff * move generated data from qemu-system-data back to qemu-system-common * d/control: enable spice on arm64 (Closes: #902501) (probably should enable on all) * d/control: change git@salsa urls to https * add qemu-guest-agent.service (Closes: #795486) * enable opengl support and virglrenderer (Closes: #813658) * simplify d/rules just a little bit * build-depend on libudev-dev, for qga -- Michael Tokarev Sun, 02 Dec 2018 19:10:27 +0300 qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: integer overflow in NE2000 NIC emulation - debian/patches/CVE-2018-10839.patch: use proper type in hw/net/ne2000.c. - CVE-2018-10839 * SECURITY UPDATE: integer overflow via crafted QMP command - debian/patches/CVE-2018-12617.patch: check bytes count read by guest-file-read in qga/commands-posix.c. - CVE-2018-12617 * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c. - CVE-2018-16847 * SECURITY UPDATE: buffer overflow in rtl8139 - debian/patches/CVE-2018-17958.patch: use proper type in hw/net/rtl8139.c. - CVE-2018-17958 * SECURITY UPDATE: buffer overflow in pcnet - debian/patches/CVE-2018-17962.patch: use proper type in hw/net/pcnet.c. - CVE-2018-17962 * SECURITY UPDATE: DoS via large packet sizes - debian/patches/CVE-2018-17963.patch: check size in net/net.c. - CVE-2018-17963 * SECURITY UPDATE: DoS in lsi53c895a - debian/patches/CVE-2018-18849.patch: check message length value is valid in hw/scsi/lsi53c895a.c. - CVE-2018-18849 * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64 - debian/patches/CVE-2018-18954.patch: check size before data buffer access in hw/ppc/pnv_lpc.c. - CVE-2018-18954 * SECURITY UPDATE: race condition in 9p - debian/patches/CVE-2018-19364-1.patch: use write lock in hw/9pfs/cofile.c. - debian/patches/CVE-2018-19364-2.patch: use write lock in hw/9pfs/9p.c. - CVE-2018-19364 [ Christian Ehrhardt] * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: #1787405) * enable opengl for vfio-MDEV support (LP: #1804766) - d/control-in: set --enable-opengl - d/control-in: add gl related build-dependencies -- Christian Ehrhardt Wed, 21 Nov 2018 13:17:01 -0500 qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium * d/control-in: our addition of a qemu-system-s390x package needs to follow the split of qemu-system-data by adding a dependency to it (LP: #1798084) -- Christian Ehrhardt Wed, 17 Oct 2018 10:50:27 +0200 qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901) The SLOF source pieces in src:qemu are only used for s390x netboot, which are independent ROMs (no linking). All other binaries out of this are part of src:slof and independent. - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities and related fixes -- Christian Ehrhardt Tue, 25 Sep 2018 13:31:15 +0200 qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium * improve s390x spectre mitigation with etoken facility (LP: #1790457) - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch -- Christian Ehrhardt Wed, 12 Sep 2018 10:06:48 +0200 qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch: ensure that the seccomp blacklist is applied to all threads (LP: #1789551) - CVE-2018-15746 -- Christian Ehrhardt Wed, 29 Aug 2018 08:50:36 +0200 qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium [ Murilo Opsfelder Araujo ] * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to extend eieio for POWER9 emulation (LP: #1787408). -- Christian Ehrhardt Mon, 20 Aug 2018 11:52:39 +0200 qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered by migrations with UI frontends or frequent guest resolution changes (LP: #1755912) -- Christian Ehrhardt Thu, 19 Jul 2018 08:26:52 +0200 qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium * Disable capstone disassembler library support (universe dependency) -- Christian Ehrhardt Tue, 17 Jul 2018 08:35:32 +0200 qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium * Merge with Debian testing, Remaining Changes: - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772) - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - set nested=1 module option on intel. (is default on amd) - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - d/qemu-system-x86.README.Debian: document intention of nested being default is comfort, not full support - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - Distribution specific machine type - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - d/qemu-system-x86.NEWS Info on fixed machine type definitions - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - Enable numa support for s390x - arch aware kvm wrappers - update VCS-git (updated to match cosmic) - qemu-guest-agent: freeze-hook fixes (LP: 1484990) - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - Create and install pxe netboot images for KVM s390x (LP: 1732094) - d/rules enable install s390x-netboot.img - d/control-in: enable RDMA support in qemu (LP: 1692476) - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - SECURITY UPDATE: Speculative Store Bypass - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd' CPUID feature bit in target/i386/cpu.*. - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD 'virt-ssbd' CPUID feature bit in target/i386/cpu.c. - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c, target/i386/machine.c. - CVE-2018-3639 * Added Changes: - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release - add cosmic types for base and -hpb - drop no more supported types (zesty and yakkety) - d/p/series: group machine type changes - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches merged upstream - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size computation while concatenating mbuf. CVE-2018-11806 - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES. - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275) - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply to POWER8 - d/qemu-kvm-init: drop old VM detection that was broken in some cases and is no more needed with systemd-detect-virt being more mature and always present. - d/kvm.powerpc: drop old powerpc (non-ppc64el) code. - d/control-in: add libibumad-dev which is now needed for rdma - d/rules: update s390x delta to match new Debian packaging - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB for powerpc64 to speed up translation (LP: #1781526) - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add cpu model for z14 ZR1 (LP: #1780773). - Mark qemu-system-data foreign to be able to install it e.g. on i386 (Closes: 903562) - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet unreleased Debian version) * Dropped Changes: - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch (No more removed when building DFSG orig tarball in Debian) - sdl2 is yet too unstable for the LTS Ubuntu release given the reports we still see upstream and in Debian - furthermore sdl2 isn't in main yet, so we revert related changes to stick with the proven for now: - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already depends on it) - 9594f820 - switch from sdl1.2 to sdl2 (#870025) (Debian switched to gtk which seems to work better and has all dependencies in main.) - d/control-in: enable seccomp on s390x (in Debian for Linux-any) - Changes that are now upstream with qemu 2.12 - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer versions of glibc >=2.27 (LP: 1753826) - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new SSE/AVX/AVX512 cpu features (LP: 1739665) - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm space+commpage continuous which avoids long startup times on qemu-user-static (LP: 1740219) - provide pseries-2.12-sxxm type (LP: 1761372) - d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax with pmem by backporting align and unarmed options (LP: 1704312). - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname option to slirp's DHCP server (LP: 1762315) - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection information (LP: 1762854). - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration (LP: 1763468). - SECURITY UPDATE: out-of-bounds access during migration via ps2 CVE-2017-16845 - SECURITY UPDATE: arbitrary code execution via load_multiboot CVE-2018-7550 - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA CVE-2018-7858 -- Christian Ehrhardt Thu, 21 Jun 2018 14:24:06 +0200 qemu (1:2.12+dfsg-3) unstable; urgency=medium * make qemu-system-foo depending on qemu-system-data >>ver~, not >>ver (Closes: #900585) * do not build qemu-system-gui on hppa * use dh_lintian for lintian overrides * update VCS fields to point to salsa.debian.org -- Michael Tokarev Fri, 01 Jun 2018 21:42:29 +0300 qemu (1:2.12+dfsg-2) unstable; urgency=medium * create new package, qemu-system-gui, and package GTK module and audio modules in there Closes: #850584 * add an item about qemu-system-gui to debian/qemu-system-common.NEWS * qemu-system-*: require more recent qemu-system-common * switch all builds to be in a single b/ subdir * d/get-orig-source: remove .oco (object) files from roms/SLOF/ * refresh patches/use-fixed-data-path.patch: remove now-unused local var too * ccid-card-passthru-fix-regression-in-realize.patch (Closes: #900006) * debian/control-in: enable seccomp on linux-any (Closes: #900055) * create new arch-indep package qemu-system-data, for data and firmware files. Move common data files from qemu-system-common to it, for now * fix sata/ahci stalls (ahci-fix-PxCI-register-race.patch) * tcg-i386-Fix-dup_vec-in-non-AVX2-codepath.patch (Closes: #900372) -- Michael Tokarev Thu, 31 May 2018 13:22:55 +0300 qemu (1:2.12+dfsg-1) unstable; urgency=medium * new upstream release * get-orig-source: do not remove roms/* directories, since we will use these to build the roms * disable building on hppa arch (not supported upstream since ong time) * Use https://download.qemu.org to download new tarballs (Closes: #895067) * add Breaks: binfmt-support (<<2.1.7) so that --fix-binary works; also fix qemu-user-static description (Closes: #896478) -- Michael Tokarev Thu, 26 Apr 2018 20:29:36 +0300 qemu (1:2.12~rc3+dfsg-2) unstable; urgency=medium * fix typo in previous changelog entry * add riscv32/riscv64 to qemu-debootstrap * install gtk message catalogs into qemu-system-common (Closes: #878130) (and install-gtk-message-catalogs-if-CONFIG_GTK.patch) * tcg_mips-handle-large-offsets-from-target-env-to-tlb_table.patch: fix FTBFS on mips targets -- Michael Tokarev Sat, 14 Apr 2018 17:01:24 +0300 qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium * new upstream 2.12 release (Release Candidate 3) Closes: #892041, CVE-2018-7550 Closes: #884806, CVE-2017-15124 Closes: #887392, CVE-2018-5683 Closes: #892497, CVE-2018-7858 Closes: #882136, CVE-2017-16845 Closes: #886532, #892947, #891375, #887892, #860822, #851694 * refresh local debian patches * d/rules: enable new system (hppa riscv32 riscv64) and user (aarch64_be xtensa xtensaeb riscv32 riscv64) targets Closes: #893767 * fix d/source/options to match current reality * drop use-data-path.patch, upstream now has --firmwarepath= option * enable capstone disassembler library support (build-depend on libcapstone-dev) * debian/extract-config-opts: use tab for option / condition separator * qemu-block-extra: install only block modules * make `qemu' metapackage to be dummy, to remove it in a future release * do not suggest kmod, it is pointless * install /usr/bin/qemu-pr-helper to qemu-utils package * switch from sdl2 to gtk ui Closes: #839695, #886671, #879536, #879534, #879532, #879193, #894852 * qemu-system-ppc: forgotten qemu-system-ppc64le.1 link * mention closing of #880582 by 2.11 * package will built against spice 0.14, so Closes: #854959 * check sfdisk presence in qemu-make-debian-root (Closes: #872098) * check mke2fs presence in qemu-make-debian-root (Closes: #887207) * debian/binfmt-update-in: include forgotten hppa (Closes: #891261) * debian/TODO: removed some old ToDo items * use binfmt-support --fix-binary option (Closes: #868030) -- Michael Tokarev Thu, 12 Apr 2018 19:04:03 +0300 qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type for host-phys-bits=true (LP: #1776189) - add an info about this change in debian/qemu-system-x86.NEWS -- Christian Ehrhardt Tue, 12 Jun 2018 09:01:00 +0200 qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium * SECURITY UPDATE: Speculative Store Bypass - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd' CPUID feature bit in target/i386/cpu.*. - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD 'virt-ssbd' CPUID feature bit in target/i386/cpu.c. - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c, target/i386/machine.c. - CVE-2018-3639 -- Marc Deslauriers Tue, 22 May 2018 09:34:52 -0400 qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium * SECURITY UPDATE: out-of-bounds access during migration via ps2 - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers in post_load routine in hw/input/ps2.c. - CVE-2017-16845 * SECURITY UPDATE: arbitrary code execution via load_multiboot - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being zero in hw/i386/multiboot.c. - CVE-2018-7550 * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in hw/display/vga.c. - CVE-2018-7858 -- Marc Deslauriers Wed, 16 May 2018 14:14:20 -0400 qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium * No-change rebuild for ncurses soname changes. -- Matthias Klose Thu, 03 May 2018 14:18:39 +0000 qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection information (LP: #1762854). * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration (LP: #1763468). -- Christian Ehrhardt Wed, 11 Apr 2018 07:46:18 +0200 qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch. The Kernel fixes are preferred and already committed to the kernel. Therefore remove the default disabling of the HTM feature (LP: #1761175) * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new SSE/AVX/AVX512 cpu features (LP: #1739665) * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm space+commpage continuous which avoids long startup times on qemu-user-static (LP: #1740219) * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. This is not the default type following upstream and x86 on that. (LP: #1761372). * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax with pmem by backporting align and unarmed options (LP: #1704312). * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname option to slirp's DHCP server (LP: #1762315) -- Christian Ehrhardt Wed, 04 Apr 2018 15:16:07 +0200 qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream accepted to be better long term maintainable (LP: #1753938) -- Christian Ehrhardt Thu, 22 Mar 2018 10:31:23 +0100 qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026). * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer versions of glibc >=2.27 (LP: #1753826) -- Christian Ehrhardt Mon, 05 Mar 2018 16:43:01 +0100 qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch, d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch: Add domainname option and classless static routes support to the user networking's DHCP server -- Benjamin Drung Fri, 02 Mar 2018 21:08:54 +0100 qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release - among other fixes this adds code to: - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715) However, enabling this functionality requires additional configuration beyond just updating QEMU. Also migrations need special consideration. Details about that can be found at: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Power9 allocation of max 8 threads per core (LP: #1750526) * Drop changes that are part of the upstream stable release - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch - d/p/ubuntu/linux-headers-update-4.15-rc9.patch - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the common compat.h header and add some extra info in the patch header. -- Christian Ehrhardt Mon, 19 Feb 2018 11:03:11 +0100 qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium * Merge with Debian testing, among other fixes this includes - fix fatal error on negative maxcpus (LP: #1722495) - fix segfault on dump-guest-memory on guests without memory (LP: #1723381) - linux user threading issues (LP: #1350435) - TOD-Clock Epoch Extension Support on s390x (LP: #1732691) Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - set nested=1 module option on intel. (is default on amd) - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - Distribution specific machine type - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - d/qemu-system-x86.NEWS Info on fixed machine type definitions - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - Enable numa support for s390x - ppc64[le] support - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - arch aware kvm wrappers * Added Changes - update VCS-git to match the bionic branch - sdl2 is yet too unstable for the LTS Ubuntu release given the reports we still see upstream and in Debian - furthermore sdl2 isn't in main yet, so we revert related changes to stick with the proven for now: - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already depends on it) - 9594f820 - switch from sdl1.2 to sdl2 (#870025) - d/qemu-system-x86.README.Debian: document intention of nested being default is comfort, not full support - update Ubuntu machine types for qemu 2.11 - qemu-guest-agent: freeze-hook fixes (LP: #1484990) - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - Create and install pxe netboot images for KVM s390x (LP: #1732094) - d/rules enable install s390x-netboot.img - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch - d/control-in: enable RDMA support in qemu (LP: #1692476) - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560) - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch - d/p/ubuntu/linux-headers-update-4.15-rc9.patch - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: enable seccomp on s390x * Dropped changes (no more needed): - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm The functionality is retained for upgraders, but is deprecated. Post 18.04 the implementation for these configurations will be removed. * Dropped changes (in Debian now): - ppc64[le] support - Enable seccomp for ppc64el - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 - disable missing x32 architecture - d/rules: or32 is now named or1k (since 4a09d0bb) - d/qemu-system-common.docs: new paths since (ac06724a) - d/qemu-system-common.install: qmp-commands.txt removed, but replaced by qapi-schema.json which is already packaged (since 4d8bb958) - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update to Debian patch to match qemu 2.10) - d/qemu-system-common.docs: adapt new path of live-block-operations.rst since 8508eee7 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 - make nios2/hppa not installed explicitly until further stablized - d/qemu-guest-agent.install: add the new guest agent reference man page qemu-ga-ref - d/qemu-system-common.install: add the now generated qapi/qmp reference along the qapi intro - d/not-installed: ignore further generated (since 56e8bdd4) files in dh_missing that are already provided in other formats qemu-doc, qemu-qmp-ref,qemu-ga-ref * Dropped changes (integrated upstream): - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes on arm64 when doing suspend/resume and reboots due to older kernels not supporting ITS (LP 1731051). - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from James Cowgill to prevent qemu-user from forwarding prctl seccomp calls (LP 1726394) - update to upstream 2.10.1 point release (LP 1722808) -- Christian Ehrhardt Mon, 22 Jan 2018 14:35:18 +0100 qemu (1:2.11+dfsg-1) unstable; urgency=medium [ Michael Tokarev ] * update to new upstream (2.11) release Closes: #883625, CVE-2017-17381 Closes: #880832, CVE-2017-15289 Closes: #880836, CVE-2017-15268 Closes: #883399, CVE-2017-15119 Closes: #883406, CVE-2017-15118 Closes: #880582 * update to new upstream, remove old patches, refresh debian patches * disable sdl audio driver (pulse or oss should work fine) * do not build-depend on libx11-dev (libsdl2-dev already depends on it) * move libpulse-dev build-dep to a better place * clean up d/control from various old conflicts/replaces/provides * remove --with-system-pixman, not used anymore * remove ubuntu-specific qemu-system-aarch64 transitional package (trusty) * remove ubuntu-specific mentions of old qemu-kvm-spice package (precise) * remove old comment about /etc/kvm from qemu-kvm description * add Suggests: openbios-sparc for qemu-system-sparc on ubuntu (similar to what is done for qemu-system-ppc) * update get-orig-source.sh with new blobs/submodules * update debian/watch a bit [ Aurelien Jarno ] * debian/control-in: build qemu-system and qemu-user on mips64 and mips64el. Closes: #880485. [ Christian Ehrhardt ] * ppc64[le]: provide symlink matching arch name * d/control-in: Enable seccomp for ppc64el, this bumps minimum libseccomp version -- Michael Tokarev Thu, 11 Jan 2018 14:42:12 +0300 qemu (1:2.10.0+dfsg-2) unstable; urgency=medium * update to upstream 2.10.1 point release Closes: #877160 Closes: CVE-2017-13673 * remove 3 patches included upstream: multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch Closes: #877890, CVE-2017-15038 * remove-trailing-whitespace-from-qemu-options.hx.patch Closes: #875711 * drop dh_makeshlibs call (was for libcacard) * drop linux-libc-dev build-dependency (it gets pulled by libc-dev) * switch from sdl1 to sdl2 (Closes: #870025) -- Michael Tokarev Sun, 08 Oct 2017 12:51:09 +0300 qemu (1:2.10.0+dfsg-1) unstable; urgency=medium * remove blobs, to DFSG'ify it again (there's still no source for some blobs included in upstream tarball) There's no way to revert to 2-number version due to prev. upload * update from upstream git (no changes but include date & commit-id): multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch * update previous changelog entry (fix bug/closes refs): Closes: #873851, CVE-2017-13672 Closes: #874606, CVE-2017-14167 Closes: #873875, CVE-2017-13711 -- Michael Tokarev Mon, 25 Sep 2017 09:46:53 +0300 qemu (1:2.10.0-1) unstable; urgency=medium * new upstream release, 2.10 Closes: #865754, CVE-2017-9503 Closes: #864219, CVE-2017-9375 Closes: #869945 Closes: #867978 Closes: #871648, #871702, #872257 Closes: #851694 Closes: #696289 Closed in this upstream release: #865755, CVE-2017-9524 #863840, CVE-2017-9310 #863943, CVE-2017-9330 #864216, CVE-2017-9373 #864568, CVE-2017-9374 #869171, CVE-2017-11434 #869173, CVE-2017-11334 #869706, CVE-2017-10911 #867751, CVE-2017-10806 #866674, CVE-2017-10664 #873849, CVE-2017-12809 #849798, CVE-2016-10028 CVE-2017-9060 CVE-2017-8284 * dropped all fixes, applied upstream * dropped 02_kfreebsd.patch - apparently not relevant anymore * dropped +dfsg, use upstream tarball directly: we do not use binaries shipped there, and even for those, upstream tarball contains the sources * refreshed list of targets: qemu-or32, qemu-system-or32 => qemu-or1k, qemu-system-or1k +qemu-nios2, qemu-system-nios2 +qemu-hppa * added hppa binfmt entry * refreshed docs lists for various packages * new (security) patches: vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch Closes: #873851, CVE-2017-13672 multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch Closes: #874606, CVE-2017-14167 slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch Closes: #873875, CVE-2017-13711 -- Michael Tokarev Sat, 23 Sep 2017 16:47:02 +0300 qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes on arm64 when doing suspend/resume and reboots due to older kernels not supporting ITS (LP: #1731051). -- Christian Ehrhardt Tue, 14 Nov 2017 08:30:29 +0100 qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from James Cowgill to prevent qemu-user from forwarding prctl seccomp calls (LP: #1726394) -- Julian Andres Klode Sat, 04 Nov 2017 00:21:14 +0100 qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium * fix enablement of qemu-kvm service (LP: #1720397) - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service - d/rules: add proper enablement debhelper calls - d/qemu-system-common.install: install covered by dh_installinit -- Christian Ehrhardt Mon, 16 Oct 2017 11:28:39 +0200 qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium * update to upstream 2.10.1 point release (LP: #1722808) -- Christian Ehrhardt Wed, 11 Oct 2017 15:33:40 +0200 qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - set nested=1 module option on intel. (is default on amd) - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - Distribution specific machine type - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - d/qemu-system-x86.NEWS Info on fixed machine type definitions - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - Enable numa support for s390x - ppc64[le] support - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - Enable seccomp for ppc64el - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 - arch aware kvm wrappers - update VCS-git to match the Artful branch - disable missing x32 architecture - d/rules: or32 is now named or1k (since 4a09d0bb) - d/qemu-system-common.docs: new paths since (ac06724a) - d/qemu-system-common.install: qmp-commands.txt removed, but replaced by qapi-schema.json which is already packaged (since 4d8bb958) - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update to Debian patch to match qemu 2.10) - s390x package now builds correctly on all architectures (LP 1710695) - d/qemu-system-common.docs: adapt new path of live-block-operations.rst since 8508eee7 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 - make nios2/hppa not installed explicitly until further stablized - d/qemu-guest-agent.install: add the new guest agent reference man page qemu-ga-ref - d/qemu-system-common.install: add the now generated qapi/qmp reference along the qapi intro - d/not-installed: ignore further generated (since 56e8bdd4) files in dh_missing that are already provided in other formats qemu-doc, qemu-qmp-ref,qemu-ga-ref -- Christian Ehrhardt Tue, 05 Sep 2017 08:31:26 +0200 qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602); Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - set nested=1 module option on intel. (is default on amd) - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - Distribution specific machine type - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - d/qemu-system-x86.NEWS Info on fixed machine type definitions - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - Enable numa support for s390x - ppc64[le] support - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - Enable seccomp for ppc64el - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 - arch aware kvm wrappers - update VCS-git to match the Artful branch - disable missing x32 architecture - d/rules: or32 is now named or1k (since 4a09d0bb) - d/qemu-system-common.docs: new paths since (ac06724a) - d/qemu-system-common.install: qmp-commands.txt removed, but replaced by qapi-schema.json which is already packaged (since 4d8bb958) - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update to Debian patch to match qemu 2.10) - s390x package now builds correctly on all architectures (LP 1710695) * Added changes: - d/qemu-system-common.docs: adapt new path of live-block-operations.rst since 8508eee7 - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 - make nios2/hppa not installed explicitly until further stablized - d/qemu-guest-agent.install: add the new guest agent reference man page qemu-ga-ref - d/qemu-system-common.install: add the now generated qapi/qmp reference along the qapi intro - d/not-installed: ignore further generated (since 56e8bdd4) files in dh_missing that are already provided in other formats qemu-doc, qemu-qmp-ref,qemu-ga-ref - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new changes in 2.10-rc4 -- Christian Ehrhardt Fri, 25 Aug 2017 07:49:30 +0200 qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes a set of bugs - [FFE] Qemu 2.10 in Artful (LP: #1699968) - CPU hot unplug fails after migrating a CPU hotplugged guest from source (LP: #1677552) - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902) - New KVM 288 Pass Through (LP: #1672447) - aarch64: MSI is not supported by interrupt controller (LP: #1706630) * Remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - set nested=1 module option on intel. (is default on amd) - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - Distribution specific machine type - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - d/qemu-system-x86.NEWS Info on fixed machine type definitions - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - Enable numa support for s390x - ppc64[le] support - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - Enable seccomp for ppc64el - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 - arch aware kvm wrappers - disable missing x32 architecture - update VCS links * Added changes - d/rules: or32 is now named or1k (since 4a09d0bb) - d/qemu-system-common.docs: new paths since (ac06724a) - d/qemu-system-common.install: qmp-commands.txt removed, but replaced by qapi-schema.json which is already packaged (since 4d8bb958) - Updates in debian/patches to match qemu 2.10 - d/p/02_kfreebsd.patch: utimensat is no more optional upstream - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386 - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types - update VCS-git to match the Artful branch - s390x package now builds correctly on all architectures (LP: #1710695) * Dropped changes (integrated upstream): - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport "spapr/pci: populate PCI DT in reverse order" (LP 1670481). - All CVE fixes formerly applied are upstream and thereby dropped. -- Christian Ehrhardt Tue, 08 Aug 2017 16:59:19 +0200 qemu (1:2.8+dfsg-7) unstable; urgency=medium * uploading to unstable all fixes which went to stretch-security (exactly the same as 2.8+dfsg-6+deb9u2) -- Michael Tokarev Sat, 05 Aug 2017 16:35:01 +0300 qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high * actually apply the nbd server patches, not only include in debian/patches/ Really closes: #865755, CVE-2017-9524 * slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch Closes: #869171, CVE-2017-11434 * exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch Closes: #869173, CVE-2017-11334 * usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch Closes: #867751, CVE-2017-10806 * add reference to #869706 to xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch * disable xhci recursive calls fix for now, as it causes instant crash (xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch) Reopens: #864219, CVE-2017-9375 Closes: #869945 -- Michael Tokarev Wed, 02 Aug 2017 16:57:34 +0300 qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high * net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch Closes: #863840, CVE-2017-9310 * usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch Closes: #863943, CVE-2017-9330 * ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch Closes: #864216, CVE-2017-9373 * xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch Closes: #864219, CVE-2017-9375 * usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch Closes: #864568, CVE-2017-9374 * nbd-ignore-SIGPIPE-CVE-2017-10664.patch Closes: #866674, CVE-2017-10664 * nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch Closes: #865755, CVE-2017-9524 * xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch Closes: CVE-2017-10911 -- Michael Tokarev Wed, 12 Jul 2017 11:05:16 +0300 qemu (1:2.8+dfsg-6) unstable; urgency=high * 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch Closes: CVE-2017-7493 * group all 9p patches together * drop obsolete comment about libiscsi on ubuntu from d/control -- Michael Tokarev Tue, 23 May 2017 09:58:03 +0300 qemu (1:2.8+dfsg-5) unstable; urgency=high * Security fix release * 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch Closes: #860785, CVE-2017-7471 * 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch Closes: #861348, CVE-2017-8086 * vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch Closes: #861351, CVE-2017-8112 * scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch Closes: #862282, CVE-2017-8380 * input-limit-kbd-queue-depth-CVE-2017-8379.patch Closes: #862289, CVE-2017-8379 * audio-release-capture-buffers-CVE-2017-8309.patch Closes: #862280, CVE-2017-8309 -- Michael Tokarev Wed, 17 May 2017 09:01:24 +0300 qemu (1:2.8+dfsg-4) unstable; urgency=high * usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch Closes: #856969, CVE-2017-6505 * linux-user-fix-apt-get-update-on-linux-user-hppa.patch Closes: #846084 * update to 2.8.1 upstream stable/bugfix release (v2.8.1.diff from upstream, except of seabios blob bits). Closes: #857744, CVE-2016-9603 Patches dropped because they're included in 2.8.1 release: 9pfs-symlink-attack-fixes-CVE-2016-9602.patch char-fix-ctrl-a-b-not-working.patch cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch cirrus-fix-oob-access-issue-CVE-2017-2615.patch cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch linux-user-fix-s390x-safe-syscall-for-z900.patch nbd_client-fix-drop_sync-CVE-2017-2630.patch s390x-use-qemu-cpu-model-in-user-mode.patch sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch * bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1 * 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch (Closes: #859854, CVE-2017-7377) * dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch Closes: #840950, CVE-2016-8667 * make d/control un-writable to stop users from changing a generated file * two patches from upstream to fix user-mode network with IPv6 slirp-make-RA-build-more-flexible.patch slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch (Closes: #844566) -- Michael Tokarev Mon, 03 Apr 2017 16:28:49 +0300 qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530) This was inadvertently dropped on 2.8 merge. -- Christian Ehrhardt Mon, 22 May 2017 15:45:58 +0200 qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium * SECURITY UPDATE: denial of service via leak in virtFS - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in hw/9pfs/9p.c. - CVE-2017-7377 * SECURITY UPDATE: denial of service in cirrus_vga - debian/patches/CVE-2017-7718.patch: check parameters in hw/display/cirrus_vga_rop.h. - CVE-2017-7718 * SECURITY UPDATE: code execution via cirrus_vga OOB r/w - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in hw/display/cirrus_vga.c. - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in hw/display/cirrus_vga.c. - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling in hw/display/cirrus_vga.c. - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in hw/display/cirrus_vga.c. - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch in hw/display/cirrus_vga.c. - debian/patches/CVE-2017-7980-6.patch: stop passing around dst pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h, hw/display/cirrus_vga_rop2.h. - debian/patches/CVE-2017-7980-7.patch: stop passing around src pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h, hw/display/cirrus_vga_rop2.h. - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in hw/display/cirrus_vga_rop.h. - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in hw/display/cirrus_vga.c. - CVE-2017-7980 * SECURITY UPDATE: denial of service via memory leak in virtFS - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c. - CVE-2017-8086 * SECURITY UPDATE: denial of service via leak in audio - debian/patches/CVE-2017-8309.patch: release capture buffers in audio/audio.c. - CVE-2017-8309 * SECURITY UPDATE: denial of service via leak in keyboard - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in ui/input.c. - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in ui/input.c. - CVE-2017-8379 -- Marc Deslauriers Thu, 18 May 2017 09:20:54 -0400 qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium * SECURITY UPDATE: DoS in virtio GPU device - debian/patches/CVE-2016-10028.patch: check virgl capabilities max_size in hw/display/virtio-gpu-3d.c. - CVE-2016-10028 * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation - debian/patches/CVE-2016-8667.patch: limit interval timer reload value in hw/dma/rc4030.c. - CVE-2016-8667 * SECURITY UPDATE: host filesystem access via virtFS - debian/patches/CVE-2016-9602.patch: don't follow symlinks in hw/9pfs/*. - CVE-2016-9602 * SECURITY UPDATE: arbitrary code execution via Cirrus VGA - debian/patches/CVE-2016-9603.patch: remove bitblit support from console code in hw/display/cirrus_vga.c, include/ui/console.h, ui/console.c, ui/vnc.c. - CVE-2016-9603 * SECURITY UPDATE: information leak in virtio GPU device - debian/patches/CVE-2016-9908.patch: properly clear out memory in hw/display/virtio-gpu-3d.c. - CVE-2016-9908 * SECURITY UPDATE: DoS via memory leak in virtio GPU device - debian/patches/CVE-2016-9912.patch: properly free memory in hw/display/virtio-gpu.c. - CVE-2016-9912 * SECURITY UPDATE: DoS via virtFS - debian/patches/CVE-2016-9914.patch: add cleanup operations to fsdev/file-op-9p.h, hw/9pfs/9p.c. - CVE-2016-9914 * SECURITY UPDATE: DoS via memory leak in virtio GPU device - debian/patches/CVE-2017-5552.patch: check return value in hw/display/virtio-gpu-3d.c. - CVE-2017-5552 * SECURITY UPDATE: DoS via memory leak in virtio GPU device - debian/patches/CVE-2017-5578.patch: check res->iov in hw/display/virtio-gpu.c. - CVE-2017-5578 * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register handling in hw/sd/sdhci.c. - CVE-2017-5987 * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation - debian/patches/CVE-2017-6505.patch: limit the number of link eds in hw/usb/hcd-ohci.c. - CVE-2017-6505 -- Marc Deslauriers Mon, 24 Apr 2017 07:30:11 -0400 qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport "spapr/pci: populate PCI DT in reverse order" (LP: #1670481). -- Christian Ehrhardt Tue, 07 Mar 2017 09:23:08 +0100 qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium * Merge with Debian; This fixes several CVEs that were reported against qemu 2.8 and also includes a few important functional backports (LP: #1667033); remaining changes: - add qemu-kvm init script and defaults file (d/qemu-system-common.qemu-kvm.*) - d/rules, d/qemu-kvm-init: add and install script loading kvm modules and handling /etc/default/qemu-kvm - qemu-system-common.preinst: add kvm group if needed - Enable nesting by default on intel. - set default module option - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - Enable svm by default for qemu64 on amd - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS: define distro machine types to ease future live vm migration (includes all former follow up fixes). - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - qemu-system-common.postinst: - change acl placed by udev, and add udevadm trigger. - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el - Several changes were applied but missing in the changelog so far - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - arch aware kvm wrapper - update VCS links - let qemu-utils recommend sharutils - disable x32 architecture - Enable seccomp for ppc64el - Enable numa support for s390x - d/qemu-system-common.qemu-kvm.init: fix lintian error type init.d-script-missing-dependency-on-remote_fs - d/qemu-system-common.postinst: fix lintian error type command-with-path-in-maintainer-script - Transition qemu-kvm to a systemd unit - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so that it shows up where the user expects (sytemctl status, kvm stdout) - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure - add arch aware kvm wrapper for s390x * Dropped Changes (in Debian now): - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working - d/control-in: change dependencies for fix of wrong acl for newly created device node on ubuntu - have qemu-system-arm suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. - Disable glusterfs (Universe dependency) - no more skip disable libiscsi on Ubuntu - d/rules, d/control-in: avoid people editing d/control * Added Changes: - d/control: bump libseccomp-dev dependency as enabling libseccomp for power makes 2.3 the minimum level. -- Christian Ehrhardt Wed, 01 Mar 2017 14:23:16 +0100 qemu (1:2.8+dfsg-3) unstable; urgency=high * urgency high due to security fixes [ Michael Tokarev ] * serial-fix-memory-leak-in-serial-exit-CVE-2017-5579.patch Closes: #853002, CVE-2017-5579 * cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch (needed for the next patch, CVE-2017-2620 fix) * cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch Closes: #855791, CVE-2017-2620 * nbd_client-fix-drop_sync-CVE-2017-2630.diff Closes: #855227, CVE-2017-2630 * sd-sdhci-check-transfer-mode-register-in-multi-block-CVE-2017-5987.patch Closes: #855159, CVE-2017-5987 * vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch Closes: #855616, CVE-2017-6058 * 3 CVE fixes from upstream for #853996: sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch megasas-fix-guest-triggered-memory-leak-CVE-2017-5856.patch virtio-gpu-fix-resource-leak-in-virgl_cmd_resource-CVE-2017-5857.patch Closes: #853996, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857 * usb-ccid-check-ccid-apdu-length-CVE-2017-5898.patch Closes: #854729, CVE-2017-5898 * virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch Closes: #854730, CVE-2017-5931 * xhci-apply-limits-to-loops-CVE-2017-5973.patch Closes: #855611, CVE-2017-5973 * net-imx-limit-buffer-descriptor-count-CVE-2016-7907.patch Closes: #839986, CVE-2016-7907 * cirrus-fix-oob-access-issue-CVE-2017-2615.patch Closes: #854731, CVE-2017-2615 * 9pfs-symlink-attack-fixes-CVE-2016-9602.patch Closes: #853006 * vnc-do-not-disconnect-on-EAGAIN.patch Closes: #854032 * xhci-fix-event-queue-IRQ-handling.patch (win7 xhci issue fix) * xhci-only-free-completed-transfers.patch Closes: #855659 * char-fix-ctrl-a-b-not-working.patch Closes: https://bugs.launchpad.net/bugs/1654137 * char-drop-data-written-to-a-disconnected-pty.patch Closes: https://bugs.launchpad.net/bugs/1667033 * s390x-use-qemu-cpu-model-in-user-mode.patch Closes: #854893 * d/control is autogenerated, add comment * check if debootstrap is available in qemu-debootstrap Closes: #846497 [ Christian Ehrhardt ] * (ubuntu) no more skip enable libiscsi (now in main) * (ubuntu) Disable glusterfs (Universe dependency) * (ubuntu) have qemu-system-arm suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. * (ubuntu) change dependencies for fix of wrong acl for newly created device node on ubuntu -- Michael Tokarev Tue, 28 Feb 2017 11:40:18 +0300 qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium * Merge with Debian; remaining changes: - add qemu-kvm init script and defaults file (d/qemu-system-common.qemu-kvm.*) - d/rules, d/qemu-kvm-init: add and install script loading kvm modules and handling /etc/default/qemu-kvm - qemu-system-common.preinst: add kvm group if needed - Enable nesting by default on intel. - set default module option - re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - Enable svm by default for qemu64 on amd - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - s390x support - Create qemu-system-s390x package - Include s390-ccw.img firmware - qemu-system-common.postinst: - change acl placed by udev, and add udevadm trigger. - d/control-in: change dependencies for fix of wrong acl for newly created device node on ubuntu - have qemu-system-arm suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el - Several changes were applied but missing in the changelog so far - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink - arch aware kvm wrapper - update VCS links - no more skip disable libiscsi on Ubuntu - let qemu-utils recommend sharutils - disable x32 architecture * Dropped Changes: - Several changes were applied but missing in the changelog so far but are no more needed - no pie for relocatable LD calls, with toolchain defaulting to pie (fixed upstream) - enable libnuma-dev (now in Debian) - transition for moved init scripts (can be dropped after LTS containing >=2.5 which is Xenial) - --enable-seccomp related whitespace change (had no effect) - apport hook for qemu source package (In Debian) - add upstart script (d/qemu-system-common.qemu-kvm.upstart) - d/qemu-system-x86.maintscript: transition off of /etc/init.d/qemu-system-x86 (can be dropped after Xenial) - Enable pie by default, on ubuntu/s390x. (Is the default since >=Xenial, no cloud archive backport <=Xenial to consider) - no pie for relocatable LD calls (fixed upstream in commit 7ecf44a5) - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream) - Revert fix for CVE-2016-5403, causes regression see USN-3047-2. (Improved fix included by upstream) - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7) - Fixed wrong migration blocker when vhost is used (is upstream in qemu 2.8) * Added Changes: - d/rules, d/control-in: avoid people editing d/control by warning header and non writable permissions - fixed moving trusty machine type definition which made it ambiguous (LP: #1641532) - d/qemu-system-x86.NEWS describe the issue - Enable seccomp for ppc64el (LP: #1644639) - Enable numa support for s390x - d/qemu-system-common.qemu-kvm.init: fix lintian error type init.d-script-missing-dependency-on-remote_fs - d/qemu-system-common.postinst: fix lintian error type command-with-path-in-maintainer-script - Transition qemu-kvm to a systemd unit - Disable glusterfs (Universe dependency) - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so that it shows up where the user expects (sytemctl status, kvm stdout) - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure - add arch aware kvm wrapper for s390x - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working - Enable DDW in Yakkety machine type because "Enable GPU Passthru for ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10, merged in d/p/ubuntu/define-ubuntu-machine-types.patch) -- Christian Ehrhardt Mon, 16 Jan 2017 16:27:11 +0100 qemu (1:2.8+dfsg-2) unstable; urgency=medium * Revert "update binfmt registration for mipsn32" Reopens: #829243 Closes: #843032 Will re-enable it for stretch+1, since for now upgrades from jessie are broken (jessie comes with 3.16 kernel), and there's no easy fix for this * Revert "enable virtio gpu (virglrenderer) and opengl support" Revert "switch from sdl1 to gtk3" Revert other gtk2/drm/vte/virgl-related changes Reopens: #813658, #839695 The change were too close to stretch release and too large, bringing too much graphics stuff for headless servers, will re-think this for stretch+1. sdl1 back: Closes: #851509 virtio-3d bugs: Closes: #849798, #852119 * mention closing of #769983 (multi-threaded linux-user) by 2.7 * mention closing of #842455, CVE-2016-9101 by 2.8 * audio-ac97-add-exit-function-CVE-2017-5525.patch (Closes: #852021) * audio-es1370-add-exit-function-CVE-2017-5526.patch (Closes: #851910) * watchdog-6300esb-add-exit-function-CVE-2016-10155.patch (Closes: #852232) -- Michael Tokarev Mon, 23 Jan 2017 14:06:54 +0300 qemu (1:2.8+dfsg-1) unstable; urgency=medium * new upstream release Closes: #837191, CVE-2016-7156 Closes: #837316, CVE-2016-7170 Closes: #839835, CVE-2016-7908 Closes: #839834, CVE-2016-7909 Closes: #840228, CVE-2016-7994 Closes: #840236, CVE-2016-7995 Closes: #840343, CVE-2016-8576 Closes: #840341, CVE-2016-8577 Closes: #840340, CVE-2016-8578 Closes: #840948, CVE-2016-8668 Closes: #840945, CVE-2016-8669 Closes: #841950, CVE-2016-8909 Closes: #841955, CVE-2016-8910 Closes: #842463, CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 Closes: #846797, CVE-2016-9776 Closes: #847381, CVE-2016-9845 Closes: #847382, CVE-2017-9846 Closes: #847953, CVE-2016-9907 Closes: #847400, CVE-2016-9908 Closes: #847951, CVE-2016-9911 Closes: #847391, CVE-2016-9912 Closes: #847496, CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Closes: #847960, CVE-2016-9921 CVE-2016-9922 Closes: #847957, CVE-2016-9923 Closes: #842455, CVE-2016-9101 (git2634ab7fe29b3f75d0865b719caf8f310d634aae) Closes: #819755, #833162 Hopefully closes: #844361 * remove unicore32 linux-user target, removed upstream * remove all patches which were applied upstream (most of them) * actually fix #841060 * doc-don-t-mention-memory-it-is-m.patch, Closes: #833619 * don't pass --enable-uuid (always enabled) * build-depend on libncursesw5-dev, not libncurses5-dev * install trace-events-all in qemu-system-common * do not install qemu-tech.html (not provided by upstream anymore) * switch from sdl1 to gtk3 (Closes: #839695) * enable virtio gpu (virglrenderer) and opengl support (Closes: #813658) * strip out -ldrm out of OPENGL_LIBS, since libdrm is actually not needed * enable nfs support (libnfs-dev), in qemu-block-extra * enable glusterfs support (glusterfs-common), in qemu-block-extra (Closes: #775431) * enable numa support (libnuma-dev) (Closes: #758189) -- Michael Tokarev Wed, 28 Dec 2016 15:31:37 +0300 qemu (1:2.7+dfsg-3) unstable; urgency=medium * add PIE.patch to change loadable modules linker flags, from Adrian (Closes: #837574) * linux-user-fix-s390x-safe-syscall-for-z900.patch - fix FTBFS on s390x * mention CVE-2016-7466 for 2.7+dfsg-1 (Closes: #838687, CVE-2016-7466) -- Michael Tokarev Thu, 27 Oct 2016 19:38:01 +0300 qemu (1:2.7+dfsg-2) unstable; urgency=medium * fix distribution field in previous changelog entry * add depends: on seabios >= 1.9 with linuxboot_dma.bin (Closes: #840853, #841060, #842161) * add more links for openbios-sparc to qemu-system-sparc, bump dependency (Closes: #827456) * include license for qemu logo files (Closes: #785362) -- Michael Tokarev Wed, 26 Oct 2016 20:04:15 +0300 qemu (1:2.7+dfsg-1) unstable; urgency=medium * Acknowledge the previous NMU. Thank you Andrew! * New upstream release, 2.7 (Closes: #748043, #839292) Closes: #838850, CVE-2016-7161 Closes: #473240 (qcow encryption support has been removed) Closes: #769983 (multi-threaded linux-user) * removed patches which went upstream, refreshed use-data-path.patch * renamed remaining patches to include CVE#s and added Bug-Debian headers * added Depends on lsb-base to qemu-guest-agent (Closes: #840740) * update binfmt registration for mipsn32 (Closes: #829243) Thank you Adam Borowski for investigation and the patch * replace CVE-2016-7156 (#837339) patch with actual code from upstream * scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj-CVE-2016-7423.patch (Closes: #838145, CVE-2016-7423) * virtio-add-check-for-descriptor-s-mapped-address-CVE-2016-7422.patch (Closes: #838146, CVE-2016-7422) * scsi-pvscsi-limit-process-IO-loop-to-ring-size-CVE-2016-7421.patch (Closes: #838147, CVE-2016-7421) * usb-xhci-fix-memory-leak-in-usb_xhci_exit-CVE-2016-7466.patch (Closes: #838687, CVE-2016-7466) -- Michael Tokarev Fri, 14 Oct 2016 13:31:40 +0300 qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium * No-change rebuild to compile against new libxen version. -- Stefan Bader Fri, 30 Sep 2016 14:24:37 +0200 qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium * retain older xenial machine type to avoid issues starting guests created on xenial prior to the SRU for bug 1621042. In that regard the old broken xenial machine type and the new fixed one have both to be considered as valid LTS machine types (LP: #1626070). -- Christian Ehrhardt Wed, 21 Sep 2016 14:57:09 +0200 qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium * fix default ubuntu machine types. (LP: #1621042) - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch - remove double default and double ubuntu alias - drop former devel releases utopic, vivid, wily - add xenial and yakkety machine types - add q35 based ubuntu machine type starting at xenial - add ubuntu machine types on ppc64el and s390x starting at xenial -- Christian Ehrhardt Mon, 19 Sep 2016 07:50:50 +0200 qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium * Enable GPU Passthru for ppc64le (LP: #1541902) - 0001-spapr-ensure-device-trees-are-always-associated-with.patch - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch - 0007-spapr_iommu-Migrate-full-state.patch - 0008-spapr_iommu-Add-root-memory-region.patch - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch - 0011-memory-Add-reporting-of-supported-page-sizes.patch - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch - 0016-vfio-Add-host-side-DMA-window-capabilities.patch - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch - 0019-vfio-spapr-Remove-stale-ioctl-call.patch - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch - 0021-memory-Fix-IOMMU-replay-base-address.patch -- Jon Grimm Fri, 16 Sep 2016 14:14:47 -0500 qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium * New upstream release. LP: #1617055. * Revert fix for CVE-2016-5403, causes regression see USN-3047-2. -- Dimitri John Ledkov Fri, 09 Sep 2016 23:33:57 +0100 qemu (1:2.6+dfsg-3.1) unstable; urgency=high * Non-maintainer upload. * Security fixes from upstream: - virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch (Closes: #832619, CVE-2015-5403) - scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch (Closes: #837339, CVE-2016-7156) - scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch (Closes: #837174, CVE-2016-7155) - CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351) - virtio-check-vring-descriptor-buffer-length.patch (Closes: #832767, CVE-2016-6490) - net-vmxnet3-check-for-device_active-before-write.patch (Closes: #834904, CVE-2016-6833) - net-check-fragment-length-during-fragmentation.patch (Closes: #834905, CVE-2016-6834) - net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835) - net-vmxnet-initialise-local-tx-descriptor.patch (Closes: #834944, CVE-2016-6836) - net-vmxnet-use-g_new-for-pkt-initialisation.patch (Closes: #834902, CVE-2016-6888) - CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch, 9pfs-forbid-illegal-path-names.patch and 9pfs-handle-walk-of-.-in-the-root-directory.patch (Closes: #836502, CVE-2016-7116) - CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch (Closes: #837603, CVE-2016-7157) -- Andrew James Wed, 14 Sep 2016 00:56:18 -0600 qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium * SECURITY UPDATE: DoS via unbounded memory allocation - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c. - CVE-2016-5403 * SECURITY UPDATE: oob write access while reading ESP command - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for maximum CDB size and handle migration in hw/scsi/esp.c, include/hw/scsi/esp.h, include/migration/vmstate.h. - CVE-2016-6351 * SECURITY UPDATE: infinite loop in virtqueue_pop - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer length in hw/virtio/virtio.c. - CVE-2016-6490 -- Marc Deslauriers Wed, 03 Aug 2016 08:36:16 -0400 qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium * Merge with Debian; remaining changes: - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. - s390x: * Create qemu-system-s390x package * Enable pie by default, on ubuntu/s390x. * Enable svm by default for qemu64 on amd * Include s390-ccw.img firmware * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. -- Serge Hallyn Wed, 15 Jun 2016 16:49:49 -0500 qemu (1:2.6+dfsg-3) unstable; urgency=high * more security fixes picked from upstream: - CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454) vmsvga-add-more-fifo-checks-CVE-2016-4454.patch vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch vmsvga-shadow-fifo-registers-CVE-2016-4454.patch - vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch (Closes: CVE-2016-4453) - scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch (Closes: #826152, CVE-2016-5238) * set urgency to high due to the amount of security fixes accumulated so far -- Michael Tokarev Wed, 15 Jun 2016 08:54:12 +0300 qemu (1:2.6+dfsg-2) unstable; urgency=medium * add missing log entries for previous upload, remove closing of #807006 (it is not closed) * Added vga-add-sr_vbe-register-set.patch from upstream This fixes regression (in particular with win7 installer) introduced by the fix for CVE-2016-3712 (commit fd3c136) * fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006) * Lots of security patches from upstream: - net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch (Closes: #821061, CVE-2016-4002) - i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch (Closes: #821062, CVE-2016-4020) - esp-check-command-buffer-length-before-write-CVE-2016-4439.patch, esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch (Closes: #824856, CVE-2016-4439, CVE-2016-4441) - scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch (Closes: #825207, CVE-2016-4964) - scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch (Closes: #825210, CVE-2016-4952) - scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch (Closes: #825615, CVE-2016-5106) - scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch (Closes: #825614, CVE-2016-5105) - scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch (Closes: #825616, CVE-2016-5107) - block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch (Closes: #826151, CVE-2016-5126) - scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch (Closes: #827024, CVE-2016-5338) - scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch (Closes: #827026, CVE-2016-5337) * hw-dma-omap-spelling-fix-endianness.patch (lintian) * arm-spelling-fix-mismatch.patch (lintian) -- Michael Tokarev Mon, 13 Jun 2016 12:10:44 +0300 qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium * Merge with Debian; remaining changes: (LP: #1583775) - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) - s390x: * Create qemu-system-s390x package * Enable pie by default, on ubuntu/s390x. * Enable svm by default for qemu64 on amd * Include s390-ccw.img firmware * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. * Drop patches which have been applied upstream: -- Serge Hallyn Thu, 19 May 2016 12:11:36 -0500 qemu (1:2.6+dfsg-1) unstable; urgency=medium * new upstream release Closes: #799115 Closes: #822369, #823588 Closes: #813698 Closes: #805827 Closes: #813585 Closes: #823830 CVE-2016-3710 CVE-2016-3712 Closes: #813193 CVE-2016-2198 Closes: #813194 CVE-2016-2197 Closes: #815008 CVE-2016-2392 Closes: #815009 CVE-2016-2391 Closes: #815680 CVE-2016-2538 Closes: #821038 CVE-2016-4001 Closes: #822344 CVE-2016-4037 Closes: #817181 CVE-2016-2841 Closes: #817182 CVE-2016-2857 Closes: #817183 CVE-2016-2858 - removed all patches applied upstream - removed mjt-set-oem-in-rsdt-like-slic.diff, feature has been implemented in upstream differently - refreshed local patches * do not recommend sharutils for qemu-utils anymore (Closes: #820449) * typo fix in qemu-system-misc description (Closes: #822883) * allow qemu-debootstrap to create mips64el chroot (Closes: #817234) * switch VCS URLs from http to https (lintian) * Bump Standards-Version to 3.9.8 (no changes) * code spelling fixes from upstream * added s390x-virtio-ccw-fix-spelling.patch from upstream * added hw-ipmi-fix-spelling.patch from upstream * added docs-specify-spell-fix.patch from upstream * added fsdev-spelling-fix.patch from upstream * fold long list of supported arches in package descriptions -- Michael Tokarev Wed, 18 May 2016 14:44:14 +0300 qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium * Cherrypick upstream patches to support the query-gic-version QMP command (LP: #1566564) -- dann frazier Tue, 05 Apr 2016 16:56:11 -0600 qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium [Stefan Bader] * Enable svm by default for qemu64 on amd (LP: #1561019) -- Serge Hallyn Fri, 22 Apr 2016 16:53:55 -0500 qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium * qemu-system-s390x only available on s390x, so qemu-system should only depend on it on this arch. * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger relationship, but qemu-efi is still in universe right now. -- Steve Langasek Tue, 19 Apr 2016 13:41:37 -0700 qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium * And actually ship the right things in qemu-system-s390x. -- Dimitri John Ledkov Tue, 19 Apr 2016 16:49:00 +0100 qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium * Create qemu-system-s390x package on ubuntu only. -- Dimitri John Ledkov Mon, 18 Apr 2016 10:16:19 +0100 qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149) -- Serge Hallyn Mon, 11 Apr 2016 15:13:06 -0500 qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch (LP: #1556306) -- Serge Hallyn Wed, 16 Mar 2016 16:35:22 -0700 qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium * Cherrypick upstream patch to fix snapshot regression (LP: #1533728) -- Serge Hallyn Mon, 07 Mar 2016 18:53:34 -0800 qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium * d/control{-in}: Re-generate and build with libiscsi-dev now that its in Ubuntu main (LP: #1271653). -- James Page Wed, 24 Feb 2016 17:59:13 +0000 qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium * Make -no-pie conditional, on $(CC) supporting -no-pie flag. -- Dimitri John Ledkov Wed, 24 Feb 2016 14:40:19 +0000 qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium * No-change rebuild for gnutls transition. -- Matthias Klose Wed, 17 Feb 2016 22:27:20 +0000 qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes: - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) - Enable pie by default, on ubuntu/s390x. - Include s390-ccw.img firmware. -- Serge Hallyn Tue, 09 Feb 2016 10:24:49 -0800 qemu (1:2.5+dfsg-5) unstable; urgency=medium * fix misspellings in previous debian/changelog entry * e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch (Closes: #812307, CVE-2016-1981) * hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch (Closes: #809237, CVE-2015-8619) * use `command -v' instead of `type' to check for command existence -- Michael Tokarev Thu, 28 Jan 2016 18:39:21 +0300 qemu (1:2.5+dfsg-4) unstable; urgency=medium * change misspelling of won't in NEWS (lintian) * two patches from upstream to enable sigaltstack syscall (linux-user) (Closes: #805826) * word-wrapped last entry in debian/changelog * use type to find out whenever update-binfmts is available * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Partial) patch targeted 2.3 which fixes the read side of the issue (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) -- Michael Tokarev Thu, 21 Jan 2016 13:06:06 +0300 qemu (1:2.5+dfsg-3) unstable; urgency=high [ Aurelien Jarno ] * debian/copyright: fix a spelling error reported by lintian: dependecy -> dependency. [ Michael Tokarev ] * net-vmxnet3-avoid-memory-leakage-in-activate_device patch (Closes: #808145, CVE-2015-8567, CVE-2015-8568) * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch (Closes: #809232, CVE-2015-8613) * net-rocker-fix-an-incorrect-array-bounds-check-CVE-2015-8701.patch (Closes: #809313, CVE-2015-8701) -- Michael Tokarev Sun, 10 Jan 2016 10:59:46 +0300 qemu (1:2.5+dfsg-2) unstable; urgency=high * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * virtio-9p-use-accessor-to-get-thread_pool.patch (Closes: #808357) * two upstream patches from xsa-155 fixing unsafe shared memory access in xen (Closes: #809229, CVE-2015-8550) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * changed build-depends from libpng12-dev to libpng-dev (Closes: #810205) -- Michael Tokarev Sat, 09 Jan 2016 21:40:43 +0300 qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium * SECURITY UPDATE: paravirtualized drivers incautious about shared memory contents - debian/patches/CVE-2015-8550-1.patch: avoid double access in hw/block/xen_blkif.h. - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in hw/display/xenfb.c. - CVE-2015-8550 * SECURITY UPDATE: infinite loop in ehci_advance_state - debian/patches/CVE-2015-8558.patch: make idt processing more robust in hw/usb/hcd-ehci.c. - CVE-2015-8558 * SECURITY UPDATE: host memory leakage in vmxnet3 - debian/patches/CVE-2015-856x.patch: avoid memory leakage in hw/net/vmxnet3.c. - CVE-2015-8567 - CVE-2015-8568 * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info - debian/patches/CVE-2015-8613.patch: initialise info object with appropriate size in hw/scsi/megasas.c. - CVE-2015-8613 * SECURITY UPDATE: DoS via Human Monitor Interface - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write in hmp.c, include/ui/console.h, ui/input-legacy.c. - CVE-2015-8619 * SECURITY UPDATE: incorrect array bounds check in rocker - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds check in hw/net/rocker/rocker.c. - CVE-2015-8701 * SECURITY UPDATE: ne2000 OOB r/w in ioport operations - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport operations in hw/net/ne2000.c. - CVE-2015-8743 * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on error in hw/ide/ahci.c. - CVE-2016-1568 * SECURITY UPDATE: DoS via null pointer dereference in vapic_write() - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in hw/i386/kvmvapic.c. - CVE-2016-1922 * SECURITY UPDATE: e1000 infinite loop - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on out-of-bounds transfer start in hw/net/e1000.c - CVE-2016-1981 * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB engines - debian/patches/CVE-2016-2197.patch: add check before calling dma_memory_unmap in hw/ide/ahci.c. - CVE-2016-2197 * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write - debian/patches/CVE-2016-2198.patch: add capability mmio write function in hw/usb/hcd-ehci.c. - CVE-2016-2198 -- Marc Deslauriers Mon, 01 Feb 2016 09:39:01 -0500 qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium * debian/qemu-kvm-init: Call systemd-detect-virt instead of the Ubuntu specific running-in-container wrapper. (LP: #1539016) -- Martin Pitt Thu, 28 Jan 2016 13:24:51 +0100 qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high * Include s390-ccw.img firmware. -- Dimitri John Ledkov Tue, 12 Jan 2016 15:53:43 +0000 qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium * Place qemu-kvm.defaults file in qemu-system-common, next to the init scripts. Fix the comparison operator when checking KVM_HUGEPAGES. Thanks Simon. (LP: #1531191) -- Serge Hallyn Wed, 06 Jan 2016 09:45:37 -0800 qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes: - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) - Enable pie by default, on ubuntu/s390x. * Drop vGICv3 support patches - all is now upstream * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191) -- Serge Hallyn Tue, 05 Jan 2016 15:42:50 -0800 qemu (1:2.5+dfsg-1) unstable; urgency=medium * new upstream release (Closes: #801158) Closes: #806373 CVE-2015-8345 Closes: #806742 CVE-2015-7504 Closes: #806741 CVE-2015-7512 Closes: #808131 CVE-2015-7549 Closes: #808130 CVE-2015-8504 * adopt for the new upstream: - removed patches which are upstream now - build-depend on libcacard-dev and stop requiring libtool - removed libcacard refs from debian/qemu-system-common.docs - moved qmp docs out of subdir following upstream - removed pc-bios/vgabios-virtio.bin * enable new linux-user target: tilegx * install qemu-ga manpage * install ivshmem-server and ivshmem-client to qemu-utils * stop using cylinders/heads/sectors for sfdisk in qemu-make-debian-root (Closes: #785470) * modify qemu-make-debian-root to use some current tools (this simplifies things, removes usage of uudecode) (usefulness of this utility is questionable anyway) -- Michael Tokarev Wed, 16 Dec 2015 20:00:04 +0300 qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high * Enable pie by default, on ubuntu/s390x. -- Dimitri John Ledkov Mon, 07 Dec 2015 16:04:16 +0000 qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium * undo the libseccomp delta from debian. libseccomp is indeed available on other arches, but we need qemu's configure script to be fixed before we can use it on anything other than amd64|i386. Fixes FTBFS. (LP: #1522531) -- Serge Hallyn Thu, 03 Dec 2015 12:44:46 -0600 qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium * Merge with Debian; remaining changes: - Update the ubuntu machine types patch to reflect upstream churn - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) - control-in: build with libseccomp an all architectures - Add vGICv3 support -- Matthias Klose Wed, 02 Dec 2015 21:31:36 +0100 qemu (1:2.4+dfsg-5) unstable; urgency=medium * trace-remove-malloc-tracing.patch from upstream. (Closes: #802633) * stop building libcacard, as it is now in its own separate source package and has been removed from upstream qemu in 2.5. Here we just stop producing libcacard binaries, but still use embedded libcacard source to link with it statically. In 2.5 we will switch to external libcacard. (Closes: #805410) -- Michael Tokarev Sun, 29 Nov 2015 12:22:52 +0300 qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet - debian/patches/CVE-2015-7504.patch: leave room for CRC code in hw/net/pcnet.c. - CVE-2015-7504 * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet - debian/patches/CVE-2015-7512.patch: check packet length in hw/net/pcnet.c. - CVE-2015-7512 * SECURITY UPDATE: infinite loop in eepro100 - debian/patches/CVE-2015-8345.patch: prevent endless loop in hw/net/eepro100.c. - CVE-2015-8345 -- Marc Deslauriers Tue, 01 Dec 2015 13:36:40 -0500 qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition. -- dann frazier Tue, 03 Nov 2015 08:05:46 -0700 qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium * Merge 2.4 from unstable. Remaining changes: - Update the ubuntu machine types patch to reflect upstream churn - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) - control-in: build with libseccomp an all architectures. * Add vGICv3 support -- Serge Hallyn Tue, 27 Oct 2015 13:28:58 -0500 qemu (1:2.4+dfsg-4) unstable; urgency=medium * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * remove now-unused /etc/qemu too (Closes: #797608) -- Michael Tokarev Thu, 08 Oct 2015 20:30:03 +0300 qemu (1:2.4+dfsg-3) unstable; urgency=high * ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch fix for Heap overflow vulnerability in ne2000_receive() function (Closes: #799074 CVE-2015-5279) * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch (Closes: #799073 CVE-2015-5278) * some binfmt reorg: - extend aarch64 to include one more byte as other arches do - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize OSABI=3 (GNU/Linux) in addition to NONE/SysV (Closes: #784605, #794737) - tighten sh4 & sh4eb, fixing OSABI mask to be \xfc not 0 -- Michael Tokarev Tue, 15 Sep 2015 19:30:18 +0300 qemu (1:2.4+dfsg-2) unstable; urgency=high * Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch. CVE-2015-6815: net: e1000 infinite loop issue in processing transmit descriptor. (Closes: #798101 CVE-2015-6815) * Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch. CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI device from guest, while illegal comands might have security impact, f.e. WIN_READ_NATIVE_MAX results in divide by zero error. (Closes: CVE-2015-6855) -- Michael Tokarev Fri, 11 Sep 2015 19:54:07 +0300 qemu (1:2.4+dfsg-1a) unstable; urgency=medium * new upstream (2.4.0) release Closes: #795461, #793811, #794610, #795087, #794611, #793388 CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5745 CVE-2015-5166 CVE-2015-5158 Closes: #793817 * removed all upstreamed patches * remove --enable-vnc-ws option (not used anymore) * update mjt-set-oem-in-rsdt-like-slic.diff * vnc-fix-memory-corruption-CVE-2015-5225.patch from upstream Closes: #796465 CVE-2015-5225 * remove now-unused /etc/qemu/target-x86_64.conf -- Michael Tokarev Mon, 31 Aug 2015 16:28:08 +0300 qemu (1:2.3+dfsg-6a) unstable; urgency=medium * fix d/copyright leftover in previous upload -- Michael Tokarev Thu, 11 Jun 2015 20:31:07 +0300 qemu (1:2.3+dfsg-6) unstable; urgency=high * pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch from upstream (Closes: #788460 CVE-2015-3209) -- Michael Tokarev Thu, 11 Jun 2015 20:03:40 +0300 qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466) -- Ryan Harper Wed, 21 Oct 2015 08:59:29 -0500 qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low * debian/patches/upstream-fix-irq-route-entries.patch Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed" (LP: #1465935) -- Stefan Bader Fri, 09 Oct 2015 15:38:53 +0200 qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium * Build using libseccomp on all architectures. -- Matthias Klose Sat, 03 Oct 2015 21:12:15 +0200 qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium * SECURITY UPDATE: denial of service via NE2000 driver - debian/patches/CVE-2015-5278.patch: fix infinite loop in hw/net/ne2000.c. - CVE-2015-5278 * SECURITY UPDATE: denial of service and possible code execution via heap overflow in NE2000 driver - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in hw/net/ne2000.c. - CVE-2015-5279 * SECURITY UPDATE: denial of service via e1000 infinite loop - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c. - CVE-2015-6815 * SECURITY UPDATE: denial of service via illegal ATAPI commands - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in hw/ide/core.c. - CVE-2015-6855 -- Marc Deslauriers Wed, 23 Sep 2015 15:05:51 -0400 qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium * Make qemu-system-common and qemu-utils depend on qemu-block-extra to fix errors with missing block backends. (LP: #1495895) * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655) * Apply fix for memory corruption during live-migration in tcg mode (LP: #1493049) * Apply tracing patch to remove use of custom vtable in newer glibc (LP: #1491972) -- Ryan Harper Tue, 15 Sep 2015 09:37:23 -0500 qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium * Import qcow2-handle-eagain-from-update_refcount from upstream to fix errors when using qemu-img convert -c. (LP: #1491050) -- Serge Hallyn Fri, 04 Sep 2015 16:35:56 -0500 qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium * SECURITY UPDATE: process heap memory disclosure - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c. - CVE-2015-5165 * SECURITY UPDATE: privilege escalation via block device unplugging - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend in hw/ide/piix.c. - CVE-2015-5166 * SECURITY UPDATE: privilege escalation via memory corruption in vnc - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply limits in ui/vnc.c. - CVE-2015-5225 * SECURITY UPDATE: denial of service via virtio-serial - debian/patches/CVE-2015-5745.patch: don't assume a specific layout for control messages in hw/char/virtio-serial-bus.c. - CVE-2015-5745 -- Marc Deslauriers Tue, 25 Aug 2015 09:38:43 -0400 qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read() - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c. - CVE-2015-3214 * SECURITY UPDATE: heap overflow when processing ATAPI commands - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in hw/ide/core.c, make sure command is completed in hw/ide/atapi.c. - CVE-2015-5154 * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb - debian/patches/CVE-2015-5158.patch: check length in hw/scsi/scsi-bus.c. - CVE-2015-5158 -- Marc Deslauriers Mon, 27 Jul 2015 10:07:05 -0400 qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium * SECURITY UPDATE: heap overflow in PCNET controller - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c. - CVE-2015-3209 -- Marc Deslauriers Thu, 11 Jun 2015 14:25:05 -0400 qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium * Merge 1:2.3+dfsg-5 from Debian. * Remaining changes: - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install * Refreshed patches: - ubuntu/expose-vmx_qemu64cpu.patch - ubuntu/define-ubuntu-machine-types.patch -- Serge Hallyn Wed, 10 Jun 2015 14:28:39 -0500 qemu (1:2.3+dfsg-5) unstable; urgency=high * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch (Closes: CVE-2015-4037) * 11 patches for XEN PCI pass-through issues (Closes: #787547 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106) * kbd-add-brazil-kbd-keys-*.patch, adding two keys found on Brazilian keyboards (Closes: #772422) -- Michael Tokarev Wed, 03 Jun 2015 17:18:58 +0300 qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium * Merge 1:2.3+dfsg-4 from Debian. * Remaining changes: - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install * Dropped all patches which are applied upstream * Move the upstart jobs to a generic script - add new qemu-kvm-init script - call that from upstart and sysvrc qemu-kvm scripts - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc} -- Serge Hallyn Wed, 03 Jun 2015 13:36:36 -0500 qemu (1:2.3+dfsg-4) unstable; urgency=medium * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch: patch from upstream to fix FTBFS on some arches * libcacard-dev: depend on libnss3-dev (Closes: #785798) * libcacard-dev: do not depend on pkg-config -- Michael Tokarev Wed, 20 May 2015 14:21:09 +0300 qemu (1:2.3+dfsg-3) unstable; urgency=high * fdc-force-the-fifo-access-to-be-in-bounds-CVE-2015-3456.patch (Closes: CVE-2015-3456) * fix the OSABI binfmt mask for x86_64 arch, to actually fix #763043. Original fix didn't work, because "someone" forgot arithmetics. (Really Closes: #763043) * align binfmt magics/masks to be in single column -- Michael Tokarev Tue, 12 May 2015 23:02:29 +0300 qemu (1:2.3+dfsg-2) unstable; urgency=medium * do not install upstream changelog file, it is unused for a long time * mention closing of #781250 #769299 by 2.3 * mention qemu-block-extra split in NEWS files * fix spelling prob in the manpage * bump Standards-Version to 3.9.6 (no changes needed) * add mips64 and mips64el binfmt registration (Closes: #778624) -- Michael Tokarev Mon, 04 May 2015 13:01:03 +0300 qemu (1:2.3+dfsg-1) unstable; urgency=medium * new upstream release (2.3) (Closes: #781250 #769299 #781250 #769299) -- Michael Tokarev Fri, 24 Apr 2015 17:33:46 +0300 qemu (1:2.2+dfsg-6exp) experimental; urgency=medium * qemu 2.2.1 stable/bugfix release (remove included upstream exec-change-default-exception_index-value-for-migration-to--1.patch) * added mips64(el) to list of architectures where qemu-utils is built (Closes: #780200) * added kvm-on-x32.patch from Adam Borowski (Closes: #778737) * create qemu-block-extra package * rules.mak-fix-module-build.patch from upstream to fix module build * pass --enable-modules to configure * pass multiarch --libdir to configure * mjt-set-oem-in-rsdt-like-slic.diff: update FACP table too, not only RSDT. FACP is needed for win7 booting in UEFI mode. * enable libcacard (closes: #764971) - build-depend on libnss3-dev & libtool-bin - --enable-smartcard-nss - run dh_makeshlibs - rm libcacard.la - add libcacard0, libcacard-dev and libcacard-tools packages - add libcacard*.install and libcacard0.symbols -- Michael Tokarev Fri, 17 Apr 2015 21:54:53 +0300 qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium * SECURITY UPDATE: denial of service in vnc web - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h. - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from websockets clients in ui/vnc-ws.c. - CVE-2015-1779 * SECURITY UPDATE: host code execution via floppy device (VEMON) - debian/patches/CVE-2015-3456.patch: force the fifo access to be in bounds of the allocated buffer in hw/block/fdc.c. - CVE-2015-3456 -- Marc Deslauriers Wed, 13 May 2015 07:25:59 -0400 qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low * CVE-2015-2756 / XSA-126 - xen: limit guest control of PCI command register -- Stefan Bader Wed, 08 Apr 2015 10:17:45 +0200 qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not accidentally create /1 -- Steve Beattie Thu, 12 Mar 2015 16:46:51 -0700 qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low * No-change rebuild to pull in libxl-4.5 (take 2: step to the right). -- Stefan Bader Thu, 26 Feb 2015 08:55:35 +0100 qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low * No-change rebuild to pull in libxl-4.5. -- Stefan Bader Wed, 25 Feb 2015 13:58:37 +0100 qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium * debian/control-in: enable numa on architectures where numa is built (LP: #1417937) -- Serge Hallyn Thu, 12 Feb 2015 23:18:58 -0600 qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium [Scott Moser] * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa profile when started by libvirt. [Serge Hallyn] * add symlink qemu-system-ppc64le -> qemu-system-ppc64 * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script (LP: #1419855) [Chris J Arges] * Determine if we are running inside a virtual environment. If running inside a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153) -- Serge Hallyn Thu, 12 Feb 2015 13:04:21 -0600 qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308) - debian/rules: do not drop the init scripts loading kvm modules (still needed in precise in cloud archive) * Remaining changes: - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install * Dropped all patches which are applied upstream * Update ubuntu-vivid machine type to default to std graphics (following upstream's lead for pc-i440fx-2.2 machine type) -- Serge Hallyn Mon, 09 Feb 2015 22:31:09 -0600 qemu (1:2.2+dfsg-5exp) experimental; urgency=medium * fix initscript removal once again -- Michael Tokarev Fri, 23 Jan 2015 15:05:46 +0300 qemu (1:2.2+dfsg-4exp) experimental; urgency=medium * fix a brown-paper bag bug removing the qemu-system-x86 initscript (Closes: #776004) -- Michael Tokarev Thu, 22 Jan 2015 20:33:38 +0300 qemu (1:2.2+dfsg-3exp) experimental; urgency=medium * mention closing of #753887 by 2.2 * install only specific bamboo.dtb for ppc, not *.dtb (Closes: #773033) * install qemu-system-misc firmware in d/*.install not d/rules, as other firmware files * exec-change-default-exception_index-value-for-migration-to--1.patch: cherry-picked commit adee64249ee37e from upstream * stop messing up with alternatives (qemu for qemu-system-*) * stop shipping qemu-system-x86 initscript to load kvm modules (kernel since 3.4 does that automatically) (Closes: #751754) -- Michael Tokarev Thu, 22 Jan 2015 09:28:01 +0300 qemu (1:2.2+dfsg-2exp) experimental; urgency=medium * and finally uploading to experimental as it should be -- Michael Tokarev Wed, 10 Dec 2014 00:58:32 +0300 qemu (2.2+dfsg-1exp) unstable; urgency=medium * new upstream release 2.2.0 (Closes: #751078, #726629, #753887) * removed all patches which was cherry-picked from upstream, only keeping debian-specific changes * refreshed mjt-set-oem-in-rsdt-like-slic.diff * added tricore to qemu-system-misc package (new arch) * restore upstream pc-bios/petalogix-*.dtb "blobs": upstream says it is the canonical form, dtc is used to convert from dts to dtb and back, the conversion is reversible * install petalogix firmware for microblaze (Closes: #769068) -- Michael Tokarev Tue, 09 Dec 2014 23:09:26 +0300 qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium * Cherrypick upstream patch needed to allow ESx hosts to run under kvm (LP: #1411575) -- Serge Hallyn Fri, 16 Jan 2015 16:32:48 -0600 qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium * Merge 2.1+dfsg-11. Remaining changes: - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - debian/binfmt-update-in: support ppcle * debian/binfmt-update-in * Support-ppcle.patch - Upstream patches to fix AArch64 emulation ignoring SPSel=0: * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch: * Dropped patches (upstream or now in debian's tree): - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch - CVE-2014-7840.patch - CVE-2014-8106.patch -- Serge Hallyn Wed, 17 Dec 2014 13:57:34 -0600 qemu (1:2.1+dfsg-11) unstable; urgency=medium * bump epoch and reupload to cancel 2.2+dfsg-1exp upload mistakenly done to unstable. No other changes. -- Michael Tokarev Wed, 10 Dec 2014 00:52:28 +0300 qemu (2.1+dfsg-10) unstable; urgency=medium * make (debian-specific) x86 data path (with seabios and ipxe in it) non-x86-specific, since other arches use firmware files too (Closes: #772127) * add seabios to Recommends to qemu-system-misc, qemu-system-mips, qemu-system-ppc and qemu-system-sparc packages, because these packages contains emulators using vgabios which is part of seabios package (#772127). * add ipxe-qemu to Recommends to qemu-system-misc, qemu-system-arm, qemu-system-mips, qemu-system-ppc, qemu-system-sparc packages, because these packages contains emulators using network boot roms (#772127), in a similar way. -- Michael Tokarev Tue, 09 Dec 2014 13:47:36 +0300 qemu (2.1+dfsg-9) unstable; urgency=high * apply upstream patches for CVE-2014-8106 (cirrus: insufficient blit region checks) (Closes: #772025 CVE-2014-8106) -- Michael Tokarev Thu, 04 Dec 2014 00:10:43 +0300 qemu (2.1+dfsg-8) unstable; urgency=low [ Michael Tokarev ] * add Built-Using control field for qemu-user-static package: take contents of qemu-user ${shlibs:Depends} and transform it into list of source packages with versions. (Closes: #768926) * run remove-alternatives in qemu-system.postinst (the metapkg) too, not only in qemu-system-XX.postinst, to handle upgrades from wheezy (Closes: #768244) * several fixes for debian/qemu-user.1 manpage. It needs more work, but at least some easy and obvious errors are fixed now. (Closes: #763841) * migration-fix-parameter-validation-on-ram-load.patch from upstream (Closes: #769451 CVE-2014-7840) * fix x86_64 binfmt mask to allow more values in ELF_OSABI field (byte7). Current gcc/binfmt sometimes produces binaries with this field set to 3 (OSABI_GNU) not 0 (OSABI_SYSV) as used to be. Set mask to 0xfb not 0xff here, to allow 0 (traditional SYSV), 1 (HPUX), 2 (NETBSD) or 3 (GNU). This lets 2 more types than necessary, but qemu will reject wrong types so no harm is done. Some other binfmts ignore this field completely (with mask=0). Maybe some day we'll have 2 different binfmt registrations for the 2 different ABI types. (Closes: #763043) * usb-host-fix-usb_host_speed_compat-tyops.patch -- fix host usb devices attach, without this patch many USB devices does not work * qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch - trivial patch from upstream to fix segfault in -device foo,help (Closes: #770880) [ Aurelien Jarno ] * Add tcg-mips-fix-store-softmmu-slow-path.patch from upstream to fix TCG support on mips/mipsel hosts (Closes: #769470). [ Ian Campbell ] * Backport patch to fix unmapping of persistent grants in the Xen qdisk backend (Closes: #770468). -- Michael Tokarev Thu, 27 Nov 2014 18:32:45 +0300 qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium * SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/display/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers Thu, 11 Dec 2014 14:11:52 -0500 qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got dropped and VENDOR now will be all capital UBUNTU). -- Stefan Bader Mon, 08 Dec 2014 14:45:31 +0100 qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch: Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring SPSel=0 in certain conditions. (LP: #1349277) -- Chris J Arges Thu, 04 Dec 2014 14:17:01 -0600 qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch: Cherry-pick of qemu-upstream patch to fix issues with persistent grants and the PV backend (Qdisk) (LP: #1394327). -- Stefan Bader Fri, 28 Nov 2014 13:14:37 +0100 qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium * Merge 2.1+dfsg-7. Remaining changes: - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - debian/binfmt-update-in: support ppcle * debian/binfmt-update-in * Support-ppcle.patch * Dropped patches (upstream or now in debian's tree): - pc-reserve-more-memory-for-acpi.patch - CVE-2014-5388.patch - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined in debian) - CVE-2014-3615.patch - CVE-2014-3640.patch - CVE-2014-3689.patch - CVE-2014-7815.patch -- Serge Hallyn Sat, 22 Nov 2014 18:36:53 -0600 qemu (2.1+dfsg-7) unstable; urgency=high * urgency is high due to 2 security fixes (one current and one forgotten in previous release) and because of possible data corruption bugfix * vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch from upstream (Closes: CVE-2014-7815) * fix spelling mistake in previous changelog entry * add two patches from upstream for block/raw-posix.c to work around probs in FS_IOC_FIEMAP ioctl and to prefer seek_hole over fiemap. This should fix a long-standing ghost data corruption observed in various places. -- Michael Tokarev Mon, 03 Nov 2014 18:44:34 +0300 qemu (2.1+dfsg-6) unstable; urgency=medium * mention closing of CVE-2014-3615 by 2.1.2 (2.1+dfsg-5) * 9p-use-little-endian-format-for-xattr-values.patch (Closes: #755740) * mention closing of #760386 * mention closing of more CVEs by 2.1+dfsg-1 * recognize ppc64el in qemu-debootstrap (Luca Falavigna) (Closes: #760949) * use dpkg-vendor to let derived distros to use our d/rules * use /usr/share/dpkg/architecture.mk to get DEB_HOST_* and DEB_BUILD_* variables. This restores cross building support. * use /usr/share/dpkg/buildflags.mk for CFLAGS LDFLAGS &Co * pass -DVENDOR_{DEBIAN,UBUNTU} to compiler * do not treat ppc* and ppc*le as compatible for binfmt registrations * mention ACPI SLIC to RSDT id copying if slic table is supplied, thank you Tim Small for the patch (Closes: #765075) * apply 5 patches from upstream to fix a security issue in vmware-vga (Closes: #765496 CVE-2014-3689) * apply two patches from upstream to make qemu to work with samba4 (Closes: #747636) -- Michael Tokarev Mon, 03 Nov 2014 18:07:48 +0300 qemu (2.1+dfsg-5) unstable; urgency=medium * upstream bugfix release v2.1.2 (Closes: #762532 CVE-2014-3640 CVE-2014-5388 CVE-2014-3615) * Add x32 to the list of supported architectures (patch by Thorsten Glaser) (Closes: #760386) * fix wrong reference in kvm.1 (Closes: #761137) * removed patches (applied upstream): l2tp-linux-only.patch ide-only-constrain-read_write-requests-to-drive-size.diff pc-reserve-more-memory-for-acpi.patch -- Michael Tokarev Fri, 26 Sep 2014 17:43:26 +0400 qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium * SECURITY UPDATE: information disclosure via vga driver - debian/patches/CVE-2014-3615.patch: return the correct memory size, sanity check register writes, and don't use fixed buffer sizes in hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h, ui/spice-display.c. - CVE-2014-3615 * SECURITY UPDATE: denial of service via slirp NULL pointer deref - debian/patches/CVE-2014-3640.patch: make sure socket is not just a stub in slirp/udp.c. - CVE-2014-3640 * SECURITY UPDATE: possible privilege escalation via vmware-vga driver - debian/patches/CVE-2014-3689.patch: verify rectangles in hw/display/vmware_vga.c. - CVE-2014-3689 * SECURITY UPDATE: denial of service via VNC console - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in ui/vnc.c. - CVE-2014-7815 -- Marc Deslauriers Thu, 13 Nov 2014 07:31:03 -0500 qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity) -- Serge Hallyn Tue, 11 Nov 2014 15:51:47 -0600 qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium * Apply two patches to fix intermittent qemu-img corruption (LP: #1368815) - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap -- Serge Hallyn Wed, 29 Oct 2014 22:31:43 -0500 qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium * debian/control: slof is moving into main, so we can depend on qemu-slof as debian does. -- Serge Hallyn Wed, 15 Oct 2014 22:01:27 +0200 qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice versa. * Drop Support-ppc64le.pach, as that architecture appears to not exist yet. * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing to latest upstream machine type, rather than distro one. Add 'ubuntu' machine type for that. -- Serge Hallyn Mon, 06 Oct 2014 13:41:31 -0500 qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a container. (LP: #1370199) * load kvm module on ppc64le at boot (LP: #1369785) - debian/rules: install qemu-kvm on ppc64el - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the kvm-hv module if available * qemu-system-x86.maintscript: remove accidentally installed /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier) * rename qemu-system-x86 init script to qemu-kvm so it gets installed in ubuntu. -- Serge Hallyn Wed, 17 Sep 2014 14:20:12 -0500 qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium * Re-stick the trusty machine type to 2.0 (where it must always stay) and define a new, default, pc-i440fx-utopic machine type (LP: #1369481) -- Serge Hallyn Mon, 15 Sep 2014 14:04:57 -0500 qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium * move kvm_intel nested setting to qemu-system-x86.postinst. -- Serge Hallyn Fri, 12 Sep 2014 23:12:52 +0000 qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium * Merge new debian release * Remaining changes: - qemu-system-common.postinst: * remove acl placed by udev, and add udevadm trigger. * reload kvm_intel if needed to set nested=1 - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install - debian/binfmt-update-in: support ppcle * debian/binfmt-update-in * Support-ppcle.patch - d/p/CVE-2014-5388.patch -- Serge Hallyn Tue, 09 Sep 2014 17:56:15 -0500 qemu (2.1+dfsg-4) unstable; urgency=medium * mention libnuma-dev but not enable for now * 9p-readdir.patch: fix readdir in 9p mapped mode (Closes: #755738) * pc-reserve-more-memory-for-acpi.patch: fix linux -kernel not working with new qemu (Closes: #759522) * qemu-options-add-missing--drive-discard-option-to-cmdline-help.diff - documentation fix * mention that 2.1 closed #754336. * move qemu-bridge-helper to /usr/lib/qemu/ subdir (lintian) * debian/binfmt-update-in (Serge Hallyn): - don't run in a container - add ppc64le as target * add apport hook from ubuntu package (ubuntu-only for now) -- Michael Tokarev Sun, 31 Aug 2014 09:32:59 +0400 qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium * SECURITY UPDATE: memory disclosure via out-of-bounds array access - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c. - CVE-2014-5388 -- Marc Deslauriers Tue, 09 Sep 2014 08:26:24 -0400 qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium * replace d/p/revert-acpi-table-size-bump with pc-reserve-more-memory-for-acpi.patch from upstream * debian/binfmt-update-in - don't run in a container - add ppc64le as target (LP: #1358268) * Add experimental ppcle support (LP: #1358268) -- Serge Hallyn Wed, 27 Aug 2014 18:24:32 -0500 qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium * revert-acpi-table-size-bump - get qemu -kernel working again. -- Serge Hallyn Fri, 15 Aug 2014 15:33:24 -0500 qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium * Merge new debian release * Remaining changes: - control-in: stick to libsdl1.2-dev. - qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install * Upstart job: use getent group to check for kvm group * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks -- Serge Hallyn Fri, 15 Aug 2014 08:44:54 -0500 qemu (2.1+dfsg-3) unstable; urgency=medium * set SHELL = /bin/sh -e, so that more complex shell constructs in d/rules will fail if any command fail inside * check for pipe2() being a stub too, like utimensat() etc * build-depend on gnutls-dev, not libgnutls*-dev, so the buuld system will pick default gnutls impl (so it works for backports and future versions) * build-depend on libjpeg-dev not libjpeg8-dev * minimum version of seabios is 1.7.5 (Closes: #757958) * ide-only-constrain-read_write-requests-to-drive-size.diff (Closes: #757927) * added use-arch-data-path.patch, to be able to search for binary blobs in several (arch-specific) data directories instead of just one. * removed all blob/firmware symlinks from qemu-system-x86, using arch-specific datapath instead (/usr/share/seabios:/usr/lib/ipxe/qemu) * removed retry-pxe-after-efi.patch and depend on ipxe-qemu which introduced efi boot roms. qemu should not try to load "wrong" ROM, or else migration will fail due to rom size mismatch. * include /usr/lib/qemu-bridge-helper binary, but not make it setuid due to security concerns outlined in #691138 (Closes: #691138) * make vnc-jpeg not debian-specific * install kvm-spice symlinks on ubuntu -- Michael Tokarev Thu, 14 Aug 2014 14:30:24 +0400 qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174) -- Serge Hallyn Mon, 11 Aug 2014 12:58:50 -0500 qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium * Merge new debian release * Remaining changes: - qemu-system-x86.links: add eepro100.rom link, drop links which we have in ipxe-qemu package. - control-in: stick to libsdl1.2-dev. - qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - debian/rules: add qemu-kvm-spice - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - binfmt-update-in: make sure to filter out compat arches. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install -- Serge Hallyn Tue, 05 Aug 2014 13:53:06 -0500 qemu (2.1+dfsg-2) unstable; urgency=medium * l2tp-linux-only.patch: fix FTBFS on kfreebsd * imx_timer_TIMER_MAX_clash.diff: fix ITIMER_MAX definition clash * remove kfreebsd hack which disabled usb support on this platform since qemu-1.3: it isn't needed anymore -- Michael Tokarev Sat, 02 Aug 2014 00:51:04 +0400 qemu (2.1+dfsg-1) unstable; urgency=medium * new upstream release Closes: #739589: CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4528 CVE-2013-4530 CVE-2013-4531 CVE-2013-4532 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-3461 Closes: #735618 Closes: #754336 Closes: CVE-2014-3471 (pcie hotplug/hotunplug) * versioned build-depend on libiscsi-dev (>>1.9.0~) * added ppc64le user target * fix description of qemu-user-binfmt wrt "empty" (Closes: #755988) * use /usr/share/dpkg/pkg-info.mk instead of inventing the same locally * added debian/get-orig-source.sh (and a d/rules target) * set ubuntu vcs branch to ubuntu-utopic * binfmt-update-in: make sure to filter out compat arches -- Michael Tokarev Fri, 01 Aug 2014 20:06:22 +0400 qemu (2.0.0+dfsg-7) unstable; urgency=medium * clarify description of qemu-user-binfmt a bit * build-depend on acpica-tools (iasl) in order to rebuild .dsl files * remove qemu-keymaps package, since it is not used by other tools anymore, and ship keymaps in qemu-system-common. * remove (and break by qemu-system-common) old qemu-common for ubuntu too, since it was transitional-to-qemu-keymaps pkg * reorganize docs (Closes: #751376): - do not ship docs in qemu (meta)package, except of qemu-doc.html - ship most of docs/* in qemu-system-common in /usr/share/doc/q-s-c/ - make symlinks from /usr/share/doc/qemu-system-foo/common to ../q-s-c/ - ship doc-base file for qemu-system-common too (for qemu-doc.html) - rename qemu.1 manpage to qemu-system.1 * qemu-user-static & qemu-user-binfmt conflict with each other, not break. * mention that qemu-user-binfmt is empty package (lintian) -- Michael Tokarev Thu, 24 Jul 2014 16:51:16 +0400 qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551) -- Serge Hallyn Fri, 25 Jul 2014 08:35:02 -0500 qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium * Merge 2.0.0+dfsg-6. Remaining changes: - qemu-system-x86.links: add eepro100.rom link, drop links which we have in ipxe-qemu package. - control-in: stick to libgnutls-dev and libsdl1.2-dev. - qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-common.preinst: add kvm group if needed - add qemu-kvm upstart job and defaults file (rules, qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) - debian/rules: add qemu-kvm-spice - rules,qemu-system-x86.modprobe: support use under older udevs which do not auto-load the kvm kernel module. Enable nesting by default on intel. - binfmt-update-in: make sure to filter out compat arches. - debian/qemu-system-alternatives.in: use a later version as ubuntu removed the alternatives bit later. - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default in qemu64 cpu type. - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty machine type to ease future live vm migration. - re-introduce apport hook for qemu source package: d/source_qemu-kvm.py, d/qemu-system-common.install * enable-build-dep on libjpeg8-dev - which is now in main -- Serge Hallyn Mon, 23 Jun 2014 14:52:54 -0500 qemu (2.0.0+dfsg-6) unstable; urgency=medium * build-depend on libgnutls28-dev not libgnutls-dev * added qcow1 block format validation patches from upstream: block-fmt-validation/qcow1-check-maximum-cluster-size.patch block-fmt-validation/qcow1-stricter-backing-file-length-check.patch block-fmt-validation/qcow1-validate-image-size-CVE-2014-0223.patch block-fmt-validation/qcow1-validate-L2-table-size-CVE-2014-0222.patch (Finally closes: #742730, CVE-2014-0222, CVE-2014-0223) -- Michael Tokarev Fri, 23 May 2014 12:12:38 +0400 qemu (2.0.0+dfsg-5) unstable; urgency=medium * re-re-enable rbd (ceph) support again (Closes: #689239) Should watch for breakage and for runtime dependencies closely from now on. * fix qemu-kvm package description (stop mentioning it is transitional) * move all binfmt handling from many files to d/binfmt-update-in * introduce qemu-user-binfmt (dummy) package to support binfmt registration of qemu-user binaries (Closes: #677529) -- Michael Tokarev Tue, 13 May 2014 21:15:48 +0400 qemu (2.0.0+dfsg-4) unstable; urgency=medium * suggests ovmf, not recommends it as it is not in -main (Closes: #745698) * cputlb-fix-regression-with-TCG-interpreter.patch (Closes: #744342) -- Michael Tokarev Wed, 30 Apr 2014 10:03:55 +0400 qemu (2.0.0+dfsg-3) unstable; urgency=low * 2.0.0 closed #744213 (CVE-2013-4544) and #745157 (CVE-2014-2894) * mjt-set-oem-in-rsdt-like-slic.diff: apply a (hackish) patch to simplify running OEM versions of windows vista and 7 in qemu using SLIC table from current hardware. * set VENDOR in d/rules * added forgotten qemu-kvm Pre-Depends field * switch back from sdl2 to sdl1, as the former apparently isn't ready yet (Closes: #745269) -- Michael Tokarev Mon, 21 Apr 2014 12:34:03 +0400 qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium * remove alternatives for qemu: different architectures aren't really alternatives and never had been (LP: #1316829) -- Serge Hallyn Wed, 07 May 2014 15:12:33 +0000 qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402) * debian/control: drop the versioning requirement from libfdt-dev build-dependency, as it is longer needed (LP: #1295072) -- Serge Hallyn Fri, 02 May 2014 11:43:44 -0500 qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium * Merge 2.0.0+dfsg-2 * Incorporates a fix for spice users (LP: #1309452) * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as the regression requiring it was reverted for 2.0 upstream. * remove qemu-system-common depends on the qemu-system-aarch64 metapackage * debian/qemu-debootstrap: add arm64 * Remaining changes from debian: - keep qemu 'alternative' (not something to change in SRU) - debian/control and debian/control-in: * versioned libfdt-dev check, until libfdt is fixed in precise * enable rbd * remove ovmf Recommends, as it is in multiverse * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe * add a qemu-system-aarch64 metapackage for transitions from trusty development version. This can be removed after trusty. - qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper - qemu-system-common.postinst: fix /dev/kvm acls - qemu-system-common.preinst: add kvm group if needed - qemu-system-x86.links: add eepro100.rom link, drop links which we have in ipxe-qemu package. - qemu-system-x86.modprobe: set module options for older releases - qemu-system-x86.qemu-kvm.default: defaults for the upstart job - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64 - debian/rules * add legacy kvm-spice link * fix ppc and arm slections * add aarch64 to user_targets - debian/patches/ubuntu/define-trusty-machine-type.patch: define a pc-i440fx-trusty machine type as the default. - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by default in qemu64 cpu time. -- Serge Hallyn Fri, 18 Apr 2014 09:23:27 -0500 qemu (2.0.0+dfsg-2) unstable; urgency=medium * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current Debian kFreeBSD system still. -- Michael Tokarev Thu, 17 Apr 2014 22:04:38 +0400 qemu (2.0.0+dfsg-1) unstable; urgency=low * new upstream major release Closes: #744213 CVE-2013-4544 Closes: #745157 CVE-2014-2894 * 2.0 actually does not close #739589, remove it from from last changelog entry * mention closing of #707629 by 2.0 * mention a list of CVE IDs closed by #742730 * mention closing of CVE-2013-4377 by 1.7.0-6 * do not set --enable-uname-release=2.6.32 for qemu-user anymore (was needed for old ubuntu builders) * removed 02_kfreebsd.patch: it adds configure check for futimens() and futimesat() syscalls on FreeBSD, however futimens() appeared in FreeBSD 5.0, and futimesat() in 8.0, and 8.0 is the earliest supported version * kmod dependency is linux-any * doc-grammify-allows-to.patch: fix some lintian warnings * remove alternatives for qemu: different architectures aren't really alternatives and never had been * update Standards-Version to 3.9.5 (no changes needed) * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff - fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1 or 2.0, among other things -- Michael Tokarev Thu, 17 Apr 2014 18:27:15 +0400 qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low * new upstream release candidate (2.0-rc1) Closes: #742730 -- image format processing issues: CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 Closes: #743235, #707629 * refreshed patches: 02_kfreebsd.patch retry-pxe-after-efi.patch use-fixed-data-path.patch * removed patches applied upstream: qemu-1.7.1.diff address_space_translate-do-not-cross-page-boundaries.diff fix-smb-security-share.patch slirp-smb-redirect-port-445-too.patch implement-posix-timers.diff linux-user-fixed-s390x-clone-argument-order.patch * added bios-256k.bin symlink and bump seabios dependency to >= 1.7.4-2 * recommend ovmf package for qemu-system-x86 to support UEFI boot (Closes: #714249) * switch from sdl1 to sdl2 (build-depend on libsdl2-dev) * output last 50 lines of config.log in case configure failed -- Michael Tokarev Sat, 05 Apr 2014 16:23:48 +0400 qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch don't abort() just because the kernel has no dirty bitmap. (LP: #1303926) -- Serge Hallyn Tue, 08 Apr 2014 22:32:00 -0500 qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium * define-trusty-machine-type.patch: update the trusty machine type name to pc-i440fx-trusty (LP: #1304107) -- Serge Hallyn Tue, 08 Apr 2014 11:49:04 -0500 qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium * Merge 2.0.0-rc1 * debian/rules: consolidate ppc filter entries. * Move qemu-system-arch64 into qemu-system-arm * debian/patches/define-trusty-machine-type.patch: define a trusty machine type, currently the same as pc-i440fx-2.0, to put is in a better position to enable live migrations from trusty onward. (LP: #1294823) * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072) * Merge latest upstream git to commit dc9528f * Debian/rules: - remove -enable-uname-release=2.6.32 - don't make the aarch64 target Ubuntu-specific. * Remove patches which are now upstream: - fix-smb-security-share.patch - slirp-smb-redirect-port-445-too.patch - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream) - signal-added-a-wrapper-for-sigprocmask-function.patch - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch * add link for /usr/share/qemu/bios-256k.bin * Remove all linaro patches. * Remove all arm64/ patches. Many but not all are upstream. * Remove CVE-2013-4377.patch which is upstream. * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific -- Serge Hallyn Tue, 25 Feb 2014 22:31:43 -0600 qemu (1.7.0+dfsg-9) unstable; urgency=medium * remove rbd/rados/ceph support *again*, till they'll actually provide some symbol/library version mechanism (Closes: #744364, Reopens: #729961, #689239) -- Michael Tokarev Sun, 13 Apr 2014 18:49:46 +0400 qemu (1.7.0+dfsg-8) unstable; urgency=low * fix a brown-paper-bag bug in the previous upload -- Michael Tokarev Fri, 11 Apr 2014 22:01:32 +0400 qemu (1.7.0+dfsg-7) unstable; urgency=high * fix guest-triggerable buffer overrun in virtio-net device (Closes: #744221 CVE-2014-0150) -- Michael Tokarev Fri, 11 Apr 2014 20:27:16 +0400 qemu (1.7.0+dfsg-6) unstable; urgency=medium * make ceph (rbd) support linux-only, since it exists only on linux -- Michael Tokarev Sat, 05 Apr 2014 13:59:48 +0400 qemu (1.7.0+dfsg-5) unstable; urgency=medium * remove OVMF.fd symlink added in -4, it belongs to ovmf (Closes: #741494) * qemu-debootstrap: add support for arm64 architecture (Closes: #740112) * mention closing of #725176 by 1.7.0 -- Michael Tokarev Thu, 13 Mar 2014 06:21:01 +0400 qemu (1.7.0+dfsg-4) unstable; urgency=medium [ Michael Tokarev ] * 1.7.1 stable upstream release (Closes: #719633) Closes: CVE-2013-4377 * implement-posix-timers.diff from upstream (Closes: #732258) * address_space_translate-do-not-cross-page-boundaries.diff - upstream bugfix for xen * break libvirt << 1.2, not just 1.0, we need 1.2+ after qemu-1.6. * add linux-user-fixed-s390x-clone-argument-order.patch (Closes: #739800) * re-enable cepth (rbd) support (Closes: #729961, #689239) [ Steve Langasek ] * (from Ubuntu) add symlink for OVMF.fd, which is now available in Debian non-free. * libusbredir is enabled in Ubuntu too, so sync debian/control. * Enable building for ppc64el (in both Debian and Ubuntu): Debian does not have a ppc64el port yet, but qemu builds out of the box there so it's safe/appropriate to enable. * Merge in Ubuntu-specific (and Ubuntu-tagged) debian/control changes. * Enable building for arm64; the arm64 target is not yet merged, but the package doesn't need arm64 target support to build for an arm64 host. [ Riku Voipio ] * control: build-depend on python:any (change originally made in Aug-2013 but reverted by mjt later) -- Michael Tokarev Wed, 12 Mar 2014 18:34:03 +0400 qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low * No-change rebuild to build with libxen-4.4. -- Stefan Bader Fri, 21 Mar 2014 10:04:36 +0100 qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682) -- Serge Hallyn Tue, 11 Mar 2014 00:03:00 -0500 qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium [ dann frazier ] * Add patches from the susematz tree to avoid intermittent segfaults: - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch [ Serge Hallyn ] * Modify do_sigprocmask to only change behavior for aarch64. (LP: #1285363) -- Serge Hallyn Thu, 06 Mar 2014 16:15:50 -0600 qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium [ Steve Langasek ] * Merge debian/control with unreleased Debian branch: our architecture lists should now be in sync. [ Dann Frazier ] * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS on arm64 and maybe others. (LP: #1284344) [ Serge Hallyn ] * Move the OVMF.fd link to the ovmf package. -- Serge Hallyn Fri, 21 Feb 2014 12:14:53 -0800 qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium * Add ppc64el to the architecture list (supposedly added in the previous upload, but really wasn't). -- Steve Langasek Thu, 20 Feb 2014 23:40:07 -0800 qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium * Backport changes to enable qemu-user-static support for aarch64 * debian/control: add ppc64el to Architectures * debian/rules: only install qemu-system-aarch64 on arm64. Fixes a FTBFS when built twice in a row on non-arm64 due to a stale debian/qemu-system-aarch64 directory -- dann frazier Tue, 11 Feb 2014 15:41:53 -0700 qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium * Fix broken filter_binfmts * Remove use of dpkg-version in postinsts, as we're not Depending on dpkg-dev. -- Serge Hallyn Wed, 05 Feb 2014 21:57:38 -0600 qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium * Merge 1.7.0+dfsg-3 from debian. Remaining changes: - debian/patches/ubuntu: * expose-vmx_qemu64cpu.patch * linaro (omap3) and arm64 patches * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on ppc * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options - debian/control: * add arm64 to Architectures * add qemu-common and qemu-system-aarch64 packages - debian/qemu-system-common.install: add debian/tmp/usr/lib - debian/qemu-system-common.preinst: add kvm group - debian/qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio, pxe-e1000 and pxe-rtl8139. - add qemu-system-x86.qemu-kvm.upstart and .default - qemu-user-static.postinst-in: remove arm64 binfmt - debian/rules: * allow parallel build * add aarch64 to system_targets and sys_systems * add qemu-kvm-spice links * install qemu-system-x86.modprobe - add debian/qemu-system-common.links for OVMF.fd link * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks. -- Serge Hallyn Tue, 04 Feb 2014 12:13:08 -0600 qemu (1.7.0+dfsg-3) unstable; urgency=low * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86 * qemu-system-ppc: depend on openbios-ppc >= 1.1+svn1229 to fix boot issues * qemu-system-sparc: depend on openbios-sparc >= 1.1+svn1229 too * remove unused lintian overrides for qemu-user from qemu (meta)package * qemu-system-*: depend on unversioned qemu-keymaps and qemu-system-common packages (no particular version of any is hard-required) * remove debian/README.source (was from quilt) * add myself to debian/copyright * reorder d/control to have Recommends:/Suggests: closer to Depends. * rename d/control to d/control-in and add a d/rules rule to build it based on ${VENDOR} * allow different content in d/control for debian/ubuntu * added debian/README-components-versions * fixed qemu-armeb binfmt (Closes: #735078) * added powerpcspe host arch (Closes: #734696) * do not check for presence of update-alternatives which is part of dpkg (Closes: #733222) * do not call update-alternative --remove from postrm:remove (lintian complains about this) * add efi netrom links. This requires new ipxe-qemu. -- Michael Tokarev Thu, 16 Jan 2014 15:17:46 +0400 qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654) -- Serge Hallyn Tue, 28 Jan 2014 14:41:20 +0000 qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium * SECURITY UPDATE: denial of service via virtio device hot-plugging - debian/patches/CVE-2013-4377.patch: upstream commits to refactor virtio device unplugging. - CVE-2013-4377 -- Marc Deslauriers Mon, 27 Jan 2014 09:10:37 -0500 qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on powerpc. -- Serge Hallyn Wed, 22 Jan 2014 11:59:26 -0600 qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium [ Serge Hallyn ] * add arm64 patchset from upstream. The three arm virt patches previously pushed are in that set, so drop them. [ dann frazier ] * Add packaging for qemu-system-aarch64. This package is currently only available for arm64, as full software emulation is not yet supported. -- Serge Hallyn Fri, 10 Jan 2014 12:19:08 -0600 qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be supported any longer. * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing * Refresh debian/patches/hw_arm_add_virt_platform.patch against context churn caused by linaro patchset. * debian/rules: enable parallel builds. -- Serge Hallyn Fri, 03 Jan 2014 10:53:17 -0600 qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium * d/control: enable usbredir (LP: 1126390) -- Serge Hallyn Thu, 02 Jan 2014 08:55:43 -0600 qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium * add missing arm virt patches from the mach-virt-v7 branch of git://git.linaro.org/people/cdall/qemu-arm.git -- Serge Hallyn Wed, 18 Dec 2013 12:25:59 -0600 qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium * debian/control: add arm64 to list of architectures. -- Serge Hallyn Thu, 12 Dec 2013 10:22:47 -0600 qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes: - debian/control * update maintainer * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev from build-deps * enable rbd * add qemu-system and qemu-common B/R to qemu-keymaps * add D:udev, R:qemu, R:qemu-common and B:qemu-common to qemu-system-common * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: - add qemu-common, qemu-kvm, kvm to B/R - remove openbios-sparc from qemu-system-sparc D - drop openbios-ppc and openhackware Depends to Suggests (for now) * qemu-system-x86: - add qemu-common to Breaks/Replaces. - add cpu-checker to Recommends. * qemu-user: add B/R:qemu-kvm * qemu-kvm: - add armhf armel powerpc sparc to Architecture - C/R/P: qemu-kvm-spice * add qemu-common package * drop qemu-slof which is not packaged in ubuntu - add qemu-system-common.links for tap ifup/down scripts and OVMF link. - qemu-system-x86.links: * remove pxe rom links which are in kvm-ipxe - debian/rules * add kvm-spice symlink to qemu-kvm * call dh_installmodules for qemu-system-x86 * update dh_installinit to install upstart script * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) - Add qemu-utils.links for kvm-* symlinks. - Add qemu-system-x86.qemu-kvm.upstart and .default - Add qemu-system-x86.modprobe to set nesting=1 - Add qemu-system-common.preinst to add kvm group - qemu-system-common.postinst: remove bad group acl if there, then have udev relabel /dev/kvm. - New linaro patches from qemu-linaro rebasing branch - Dropped patches: * linaro patchset * mach-virt patchset - Kept patches: * expose_vms_qemu64cpu.patch * fix-pci-add * qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper -- Serge Hallyn Sat, 07 Dec 2013 06:08:11 +0000 qemu (1.7.0+dfsg-2) unstable; urgency=low * switch from vgabios to seavgabios * rework update-alternatives handling for qemu-system (Closes: #722914) * mention closing of #326886, #390444, #706237 and CVE-2013-4375 for 1.7.0 * rearrange libvte-dev build-dependency to come together with gtk, and comment it out (since gtk frontend isn't being built) * re-introduce qemu-kvm package with just a wrapper (/usr/bin/kvm) and make this wrapper to force kvm mode (Closes: #727762) * use less strict dependency on qemu-keymaps * added fix-smb-security-share.patch by Michael Büsch (Closes: #727756) * added move-ncalrpc-dir-to-tmp.patch by Michael Büsch (Closes: #728876) -- Michael Tokarev Fri, 29 Nov 2013 00:16:44 +0400 qemu (1.7.0+dfsg-1) unstable; urgency=low * new upstream release (Closes: #724758, #326886, #390444, #706237, #725176) Also fixes CVE-2013-4375 (xen-specific qemu disk backend (qdisk) resource leak) * tweak kvm loading script to not load module for 3.4+ kernel (kernel autoloads kvm modules since 3.4) (Closes: #717811) * mention closing of #721713, #710971, #674201 * refresh use-fixed-data-path.patch to contain just the min. changes * fix pxe-eepro100.rom link (never worked in qemu due to wrong name) * remove old $Id$ line from debian/rules -- Michael Tokarev Thu, 28 Nov 2013 03:14:21 +0400 qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring, to prevent lts-to-lts updates from breaking. (LP: #1243403) -- Serge Hallyn Wed, 23 Oct 2013 14:31:05 -0500 qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes: - debian/control * update maintainer * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev from build-deps * enable rbd * add qemu-system and qemu-common B/R to qemu-keymaps * add D:udev, R:qemu, R:qemu-common and B:qemu-common to qemu-system-common * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: - add qemu-kvm to Provides - add qemu-common, qemu-kvm, kvm to B/R - remove openbios-sparc from qemu-system-sparc D - drop openbios-ppc and openhackware Depends to Suggests (for now) * qemu-system-x86: - add qemu-common to Breaks/Replaces. - add cpu-checker to Recommends. * qemu-user: add B/R:qemu-kvm * qemu-kvm: - add armhf armel powerpc sparc to Architecture - C/R/P: qemu-kvm-spice * add qemu-common package * drop qemu-slof which is not packaged in ubuntu - add qemu-system-common.links for tap ifup/down scripts and OVMF link. - qemu-system-x86.links: * remove pxe rom links which are in kvm-ipxe * add symlink for kvm.1 manpage - debian/rules * add kvm-spice symlink to qemu-kvm * call dh_installmodules for qemu-system-x86 * update dh_installinit to install upstart script * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) - Add qemu-utils.links for kvm-* symlinks. - Add qemu-system-x86.qemu-kvm.upstart and .default - Add qemu-system-x86.modprobe to set nesting=1 - Add qemu-system-common.preinst to add kvm group - qemu-system-common.postinst: remove bad group acl if there, then have udev relabel /dev/kvm. - New linaro patches from qemu-linaro rebasing branch - Dropped patches: * xen-simplify-xen_enabled.patch * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch * main_loop-do-not-set-nonblocking-if-xen_enabled.patch * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch * virtio-rng-fix-crash - Kept patches: * expose_vms_qemu64cpu.patch - updated * linaro arm patches from qemu-linaro rebasing branch - New patches: * fix-pci-add: change CONFIG variable in ifdef to make sure that pci_add is defined. * Add linaro patches * Add experimental mach-virt patches for arm virtualization. * qemu-system-common.install: add debian/tmp/usr/lib to install the qemu-bridge-helper -- Serge Hallyn Tue, 22 Oct 2013 22:47:07 -0500 qemu (1.6.0+dfsg-2) unstable; urgency=low * Build-depend in seccomp again once it is in -testing * 1.6.1 upstream bugfix release (Closes: #725944, #721713, #710971) * fix "allows [one] to" in qemu-ga description * fix descriptions for qemu-system and qemu-system-common packages -- Michael Tokarev Fri, 11 Oct 2013 01:15:48 +0400 qemu (1.6.0+dfsg-1) unstable; urgency=low * final upstream v1.6.0 (Closes: #718180, #714273, #605525, #701855, #674201) * removed configure-explicitly-disable-virtfs-if-softmmu=no.patch * mention closing of #717724 by 1.6 * mention closing of #710971 by 1.5 (which disabled gtk support) [ Riku Voipio ] * - set --cross-prefix in debian/rules when cross-compiling -- Michael Tokarev Mon, 02 Sep 2013 15:18:49 +0400 qemu (1.6.0~rc0+dfsg-1exp) experimental; urgency=low * uploading to experimental (rc0) * new upstream release (release candidate) (Closes: #718016, #717724) * removed patches: - qemu-1.5.1.diff - sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch * refreshed use-fixed-data-path.patch * ship new qemu_logo_no_text.svg * stop shipping sgabios symlink, it is moved to sgabios package * bump version of libseccomp build dependency to 2.1 (minimum required to build) and disable libseccomp for now (because it isn't available in debian yet) -- Michael Tokarev Wed, 31 Jul 2013 10:49:30 +0400 qemu (1.5.0+dfsg-5) unstable; urgency=low * new upstream 1.5.1 stable/bugfix release (as qemu-1.5.1.diff) removed qemu_openpty_raw-helper.patch (included upstream) * configure-explicitly-disable-virtfs-if-softmmu=no.patch -- do not build virtfs-proxy-helper stuff if not building system emulator (fix FTBFS on s390) * disable gtk ui and build dependencies, as it adds almost nothing compared with sdl (well, except bugs and limitations), and has lots of additional dependencies (Closes: #710971) * remove obsolete /etc/init.d/qemu-kvm (Closes: #712898) * fix versions of obsolete qemu-kvm conffiles to be removed * provide manpage for obsolete kvm (Closes: #716891, #586973) * add --daemonize option to the guest-agent startup script (Closes: #715502) * clarify what qemu-guest-agent does (Closes: #714270) and provide its json schema as a doc -- Michael Tokarev Tue, 23 Jul 2013 22:39:54 +0400 qemu (1.5.0+dfsg-4) unstable; urgency=medium * urgency is medium to make it go faster because, on one hand, we've been in unstable for quite a bit longer than needed already and have nothing but (build) fixes in there, but on the other hand we're holding migration of other packages which are waiting for us, again, for too long already * added qemu_openpty_raw-helper.patch - a cleanup patch submitted upstream which removes #include from common header and hence works around FTBFS problem on debian sparc where somehow, conflicts with . -- Michael Tokarev Thu, 06 Jun 2013 01:50:32 +0400 qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low * No change rebuild for new seccomp. -- Stéphane Graber Mon, 21 Oct 2013 18:34:50 -0400 qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low * Cherrypick upstream patch to fix crash with rng device (LP: #1235017) - virtio-rng-fix-crash -- Serge Hallyn Wed, 09 Oct 2013 17:46:49 -0500 qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low * Re-introduce snippet in upstart job to load kvm modules if needed. (LP: #1218459) -- Serge Hallyn Mon, 16 Sep 2013 22:43:52 +0000 qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low * Cherry-picking three Xen related patches targetted for qemu-stable: * xen-simplify-xen_enabled.patch * main_loop-do-not-set-nonblocking-if-xen_enabled.patch * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch -- Stefan Bader Fri, 26 Jul 2013 15:01:44 +0200 qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low * Drop openbios-ppc and openhackware Depends to Suggests for now. -- Adam Conrad Wed, 05 Jun 2013 03:23:56 -0600 qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes: - debian/control * update maintainer * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev from build-deps * enable rbd * add qemu-system and qemu-common B/R to qemu-keymaps * add D:udev, R:qemu, R:qemu-common and B:qemu-common to qemu-system-common * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: - add qemu-kvm to Provides - add qemu-common, qemu-kvm, kvm to B/R - remove openbios-sparc from qemu-system-sparc D * qemu-system-x86: - add qemu-common to Breaks/Replaces. - add cpu-checker to Recommends. * qemu-user: add B/R:qemu-kvm * qemu-kvm: - add armhf armel powerpc sparc to Architecture - C/R/P: qemu-kvm-spice * add qemu-common package * drop qemu-slof which is not packaged in ubuntu - add qemu-system-common.links for tap ifup/down scripts and OVMF link. - qemu-system-x86.links: * remove pxe rom links which are in kvm-ipxe * add symlink for kvm.1 manpage - debian/rules * add kvm-spice symlink to qemu-kvm * call dh_installmodules for qemu-system-x86 * update dh_installinit to install upstart script * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) - Add qemu-utils.links for kvm-* symlinks. - Add qemu-system-x86.qemu-kvm.upstart and .default - Add qemu-system-x86.modprobe to set nesting=1 - Add qemu-system-common.preinst to add kvm group - qemu-system-common.postinst: remove bad group acl if there, then have udev relabel /dev/kvm. - Dropped patches: * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch - Kept patches: * expose_vms_qemu64cpu.patch - updated * gridcentric patch - updated * linaro arm patches from qemu-linaro rebasing branch -- Serge Hallyn Tue, 04 Jun 2013 22:56:43 +0200 qemu (1.5.0+dfsg-3) unstable; urgency=low * fix sections: misc => otherosfs * remove obsolete conffiles (kvm-ifup, kvm-ifdown, target-x86_64.conf) from /etc/kvm/ in qemu-kvm (Closes: #710328) * rework debian/rules a bit, to build various bits depending on which packages are requested, not depending on ad-hoc host/arch logic * do not fail at install if kvm module loading failed on x86 or if modprobe isn't installed (Closes: #710496) * also suggest kmod to be able to load x86 kvm modules * suggest sgabios for qemu-system-x86 and put a symlink to sgabios.bin (Closes: #696985) * add rules to build just one of arch/indep parts, to make buildd log scanner happier (E-binary-arch-produces-all) * use verbose build by default (V=1) and let it to be overridden -- Michael Tokarev Sun, 02 Jun 2013 01:49:47 +0400 qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes: - debian/control * update maintainer * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev from build-deps * enable rbd * add qemu-system and qemu-common B/R to qemu-keymaps * add D:udev, R:qemu, R:qemu-common and B:qemu-common to qemu-system-common * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: - add qemu-kvm to Provides - add qemu-common, qemu-kvm, kvm to B/R - remove openbios-sparc from qemu-system-sparc D * qemu-system-x86: - add qemu-common to Breaks/Replaces. - add cpu-checker to Recommends. * qemu-user: add B/R:qemu-kvm * qemu-kvm: - add armhf armel powerpc sparc to Architecture - C/R/P: qemu-kvm-spice * add qemu-common package * drop qemu-slof which is not packaged in ubuntu - add qemu-system-common.links for tap ifup/down scripts and OVMF link. - qemu-system-x86.links: * remove pxe rom links which are in kvm-ipxe * add symlink for kvm.1 manpage - debian/rules * add kvm-spice symlink to qemu-kvm * call dh_installmodules for qemu-system-x86 * update dh_installinit to install upstart script * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) - Add qemu-utils.links for kvm-* symlinks. - Add qemu-system-x86.qemu-kvm.upstart and .default - Add qemu-system-x86.modprobe to set nesting=1 - Add qemu-system-common.preinst to add kvm group - qemu-system-common.postinst: remove bad group acl if there, then have udev relabel /dev/kvm. - Dropped patches: * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch - Kept patches: * expose_vms_qemu64cpu.patch - updated * gridcentric patch - updated * linaro arm patches from qemu-linaro rebasing branch -- Serge Hallyn Tue, 28 May 2013 08:18:30 -0500 qemu (1.5.0+dfsg-2) unstable; urgency=low * merged development history of wheezy and experimental branches. Now the history is ordered by version, but is not chronological. As a base we now have wheezy (1.1.2+dfsg-6a) version. * removed trailing whitespaces from changelog file * run dh_installinit properly (Closes: #709199) * run dh_installman (Closes: #709241) * remove build-dependendy on texi2html, upstream switched to makeinfo -- Michael Tokarev Tue, 28 May 2013 10:48:41 +0400 qemu (1.5.0+dfsg-1) unstable; urgency=low * update to 1.5.0 (Closes: #707732) * upload to unstable * mention that 1.5 closes #697641 and #705544 * bump dependency on openbios (openbios-ppc for qemu-system-ppc, openbios-sparc for qemu-system-sparc) from 1.0+svn1060 to 1.1 (Closes: #707727) * bump dependency on seabios to be >= 1.7.2-2 * add retry-pxe-after-efi.patch to try pxe-XXXX.rom after unsuccessfully trying efi-XXXX.rom - this is for NICs, until pxe-qemu package will be able to provide necessary efi-XXXX.rom files. * add (versioned) dependency on libusb-1.0 now when the right version is available in debian * use-fixed-data-path.patch: do not try to derive data path from executable location, always use /usr/share/qemu -- Michael Tokarev Tue, 21 May 2013 00:49:47 +0400 qemu (1.5.0~rc0+dfsg-1) experimental; urgency=low * update to new upstream release candidate (1.5.0-rc0) (Closes: #697641, #705544) * remove --audio-card-list * added new moxie system target * added new linux-user targets: mips64 mips64el mipsn32 mipsn32el * add libgtk2 and libvte to dependencies (new UI) * added libssh2 to dependencies (new block device) * s/libvdeplug2-dev/libvdeplug-dev/ * define localstatedir (for guest-agent) -- Michael Tokarev Wed, 08 May 2013 01:01:01 +0400 qemu (1.4.0+dfsg-2exp) experimental; urgency=low [ Michael Tokarev ] * set qemu-kvm priority to extra * fix distribution field in last qemu-system.NEWS entry * bump Standards-Version to 3.9.4 (no changes needed) * fix update-rc.d args for qemu-system-x86 * pre-Depend on adduser for qemu-system-common (Closes: #700840) * move guest agent binary (qemu-ga) to /usr/sbin * add versioned build-depends on libspice-protocol-dev (>= 0.12.3) * refresh qemu-ifunc-sparc.patch, use proper submission from patchwork (sparc-linux-user-fix-missing-symbols...) instead. * apply 1.4.1 upstream stable patch * release as 1.4.0 [ Aurelien Jarno ] * debian/rules: don't build spapr-rtas.bin from .hex file. * qemu-system-ppc: add a depends on qemu-slof and add the corresponding links (Closes: #686979). -- Michael Tokarev Thu, 18 Apr 2013 14:45:30 +0400 qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177) * qemu-system-x86.qemu-kvm.upstart: - remove NESTED workarounds from upstart file. - remove loading of modules which is now always done - remove TAPR define which is no longer used * move customizable defines back to qemu-kvm.default * copy creation of group kvm to preinst - the group must exist when the kvm udev rule is installed (LP: #1103022) (LP: #1092715) * add adduser to qemu-system-common Pre-Depends for use by preinst. -- Serge Hallyn Thu, 14 Mar 2013 14:21:53 -0500 qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on i386/amd64 targets. (LP: #1126258) -- Serge Hallyn Thu, 28 Feb 2013 15:17:16 -0600 qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing tree. * add qemu-common to qemu-system-common B/R (was accidentally dropped from 1.3.0 in 1.4.0 merge). * debian/control: fix kvm P/C/B/R: - make all C/B/R against kvm versioned - don't have any qemu-system-* other than x86 Provides: kvm -- Serge Hallyn Fri, 22 Feb 2013 13:34:07 -0600 qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low * Merge 1.4.0+dfsg-1exp from debian. Remaining changes: - debian/control: * update maintainer * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps * enable rbd * add qemu-system and qemu-common B/R to qemu-keymaps * add D:udev and R:qemu to qemu-system-common * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: - add qemu-kvm and kvm to Provides - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc, qemu-system-sparc: - remove openbios-$arch from Depends * qemu-system-x86: - add qemu-common to Breaks/Replaces. - add cpu-checker to Recommends. * qemu-user: - add B/R qemu-kvm * qemu-utils: - add B/R qemu-user and qemu-kvm * qemu-kvm: add armhf armel powerpc sparc to Architecture * add qemu-common package - add qemu-system-common.links for tap ifup/down scripts and OVMF link. - qemu-system-x86.links: * remove pxe rom links which are in kvm-ipxe * add symlink for kvm.1 manpage - Add qemu-utils.links for kvm-* symlinks. - Add qemu-kvm.conf upstart job to qemu-system - Clear /dev/kvm acls on install - Add linaro arm patches. - Add gridcentric patches. - Re-add expose_vms_qemu64cpu.patch (from Daviey) * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch -- Serge Hallyn Wed, 20 Feb 2013 11:58:27 -0600 qemu (1.4.0+dfsg-1exp) experimental; urgency=low [ Michael Tokarev ] * 1.4.0 final release * remove fix-virtio-net-for-win-guests.patch (upstream now has better fix) * fix debian/control arch fields. Build-Depends: foo [bar] means foo will be selected for build on LINUX-bar, not any-bar. So stop using [bar], always use [linux-bar] or [any-bar], as appropriate. This fix spice and xen (non)selection on kfreebsd-{i386,amd64}. * fix manpage "links" generation (man qemu-system-* was broken) * change Vcs fields to point to anonscm.debian.org (lintian) * add a check for (lxc) container to qemu-system-x86 initscript [ Steve Langasek ] * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that we have a sensible baseline kernel value regardless of what the underlying host kernel is. This makes eglibc happier when running under emulation on a very old kernel for instance (whose host syscall ABI has nothing to do with what emulated syscalls are supported), and probably also lets us steer clear for the moment of code that has problem with the new kernel upstream versioning convention. LP: #921078. -- Michael Tokarev Sat, 16 Feb 2013 12:34:54 +0400 qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low * new upstream 1.4.0-rc0 (first release candidate). (Closes: #549195) * remove patches included upstream: e1000-discard-oversized-packets-based-on-SBP_LPE.patch link-seccomp-only-with-softmmu-targets.patch revert-serial-fix-retry-logic.patch savevm.c-cleanup-system-includes.patch * refresh qemu-ifunc-sparc.patch * add fix-virtio-net-for-win-guests.patch bandaid to make virtio-net in windows guest to work again * don't install virtfs-proxy-helper in its own subdir in /usr/bin * add qemu-io manpage. Thank you Asias He for the work! (Closes: #652518) * move config options from debian/configure-opts into debian/control, to keep list of build-deps & corresponding config flags in one place * use initscript from old qemu-kvm package to load kvm modules for qemu-system-x86, and clean it up (Closes: #699404) * load vhost_net module in the initscript too * mention default NIC change in qemu-kvm.NEWS and old conffiles * remove mentions of (ubuntu-specific) qemu-common from debian/control for now, as it does not help anyway (other changes are needed anyway and it is better to keep them in one place) * add a (preliminary) qemu-guest-agent startup script * qemu-system-x86 break libvirt0 << 1.0, because older versions didn't work with qemu 1.3+ correctly -- Michael Tokarev Sat, 02 Feb 2013 21:05:28 +0400 qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low * qemu-system-common.postinst: only run setfacl when /dev/kvm exists. (LP: #1130591) -- Serge Hallyn Wed, 20 Feb 2013 08:58:53 -0600 qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low * Update workarounds for udev/inotify: (LP: #1092715) - qemu-system-common.udev: go back to original, simple rule - qemu-system-common.postinst: manually run setfacl - (keep Depends: on acl as well) - this can be removed once bug 1092715 is fixed. -- Serge Hallyn Tue, 19 Feb 2013 12:41:22 -0600 qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low * Now that qemu provides spice support, and qemu-kvm-spice is removed from the archive, have qemu-kvm (which qemu-kvm-spice always depended on) P/C/R qemu-kvm-spice. -- Serge Hallyn Thu, 14 Feb 2013 13:43:27 -0600 qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low * Enable spice. * Address lintian warning by adding ${misc:Depends} to qemu-common and qemu-kvm. -- Serge Hallyn Tue, 12 Feb 2013 16:07:04 -0600 qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low [ Serge Hallyn ] * Merge 1.3.0+dfsg-5exp from Debian. * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1: - debian/control: * update maintainer * remove vde2 recommends * build-deps: remove libusbredir, libvdeplug2-dev, libspice-server-dev, libspice-protocol-dev, libiscsi-dev * qemu-system: - break/replace qemu-common - depend on udev - remove openbios-ppc, openbios-sparc, and openhackware from Depends. (Intend to add them back once we can build them.) * qemu-utils: break/replace qemu-kvm - qemu-kvm.upstart: - add qemu-system.qemu-kvm.upstart - debian/rules: add dh_installinit to get qemu-system.upstart installed. - take the defaults from the old qemu-kvm.defaults, and move them into the upstart job - debian/patches: - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git - add links for qemu-ifup/down in qemu-system-common.links - debian/qemu-system-common.postinst - udevadm trigger to fix up /dev/kvm perms - debian/qemu-system.links: - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict with ones from kvm-ipxe). We may want to move the links from kvm-ipxe back to qemu-system at some point. * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1: - qemu-system-common.links: add link for OVMF - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages. - qemu-system.links: * Add link to usr/share/ovmf/OVMF.fd * Fix target of /etc/kvm/kvm-if{up,down} links - debian/control: qemu-system should Recommend cpu-checker - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over (i.e.) qemu-x86_64. - add qemu-kvm, and qemu-common transitional packages. - Add breaks/replaces to qemu-keymaps for qemu-system. - Add provides: qemu-kvm and kvm to qemu-system-ppc. - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common. - Add breaks/replaces to qemu-kvm for qemu-common. - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm. - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional package. - Add qemu-common package. - Make sure /dev/kvm gets its acls cleared: * Add acl to qemu-system.depends * update qemu-system.udev to run setfacl to set g::rw acl - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts * dropped debian/patches/CVE-2012-6075.patch (duplicate of e1000-discard-oversize-packets-based-on-SBP_LPE.patch) * debian/{control,configure-opts}: enable rbd (LP: #1118406) * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636) * add replaces to qemu-system-common for qemu - we briefly moved conflicting docs to qemu, which debian moved to qemu-system-common. This can be dropped after raring. * move qemu-kvm.upstart from qemu-system to qemu-system-x86. * Support upgrade from qemu-kvm on non-x86 arches: - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86} - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm. * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal. [ Steve Langasek ] * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that we have a sensible baseline kernel value regardless of what the underlying host kernel is. This makes eglibc happier when running under emulation on a very old kernel for instance (whose host syscall ABI has nothing to do with what emulated syscalls are supported), and probably also lets us steer clear for the moment of code that has problem with the new kernel upstream versioning convention. LP: #921078. -- Serge Hallyn Thu, 07 Feb 2013 14:15:26 -0600 qemu (1.3.0+dfsg-5exp) experimental; urgency=low * qemu-system-split: split qemu-system into several target-specific packages: qemu-system-arm, qemu-system-mips, qemu-system-ppc, qemu-system-sparc, qemu-system-x86, and qemu-system-misc, plus qemu-system-common. (Closes: #636000) * add initial qemu-guest-agent package (just the binary for now, no startup script) (Closes: #676959) * do not try to install (linux-specific) virtfs-proxy-helper on kfreebsd * change order of audio drivers, in particular put pulseaudio (pa) first * ship OS-specific qemu-ifup (use trivial ifconfig invocation on kfreebsd) * qemu-system replaces qemu-utils due to virtfs-proxy-helper binary * chmod +x qemu-ifdown -- Michael Tokarev Mon, 28 Jan 2013 15:05:57 +0400 qemu (1.3.0+dfsg-4exp) experimental; urgency=low * install forgotten /etc/qemu-ifdown (dummy, but qemu complains without it) * install virtfs-proxy-helper in qemu-system not qemu-utils * add qemu-kvm.NEWS mentioning transition from qemu-kvm to qemu-system-x86_64. * do not pass -cpu kvm64 to qemu in kvm wrapper script, previous qemu-kvm used qemu64 cpu instead - the same as new qemu uses. * install kvm wrapper on x86 only, and install it as /usr/bin/kvm not /usr/bin/kvm/kvm (Closes: #698736). * stop shipping /usr/share/qemu/vapic.bin link (qemu uses kvmvapic.bin) * stop shipping /usr/share/qemu/vgabios.bin link (qemu uses vgabios-*.bin) * enable all guest audio devices * add breaks/replaces/provides/conflicts with kvm (very old package), qemu-kvm, and ubuntu's qemu-common. * stop caring about old (pre-squeeze) qemu -- Michael Tokarev Wed, 23 Jan 2013 11:08:47 +0400 qemu (1.3.0+dfsg-3exp) experimental; urgency=low * add ability to specify os-arch in configure-opts * libseccomp is linux-x86 not linux-any * e1000-discard-oversized-packets-based-on-SBP_LPE.patch CVE-2012-6075 (Closes: #696051) -- Michael Tokarev Mon, 21 Jan 2013 02:54:15 +0400 qemu (1.3.0+dfsg-2exp) experimental; urgency=low * qemu-nbd and qemu-io should be installed on kFreeBSD too * install qemu-system docs into /usr/share/doc/qemu-system, not .../qemu (Closes: #697085) * do not depend on ipxe, it does not provide our ROMs * move vde2 from Recommends to Suggests, since it isn't used often * require libspice-server-dev >= 0.12.2 and require it on i386 too, enable spice support * require libusbredirparser-dev >= 0.6, enable usb-redir * enable xen explicitly on amd64|i386 * enable xfsctl explicitly on linux * sort build-deps in debian/control and add comments * set permissions of /dev/kvm in qemu-system.postinst the same way it is done in old qemu-kvm package * set --localstatedir=/var (will be used later by guest agent) * bump qemu-system dependency on seabios to 1.7.2 and add symlinks for acpi-dsdt.aml and q35-acpi-dsdt.aml * import qemu-ifup and qemu-ifdown scripts from qemu-kvm, and modify qemu-ifup to allow usage of just `ip' command from iproute package (if installed) instead of old brctl+ifconfig. Add Breaks: for old iproute without bridge controls. Add iproute to Recomments, so that the scripts will actually work (previous script used sudo which should be in recommends too) * enable seccomp (and libseccomp-dev b-d) on linux, and add link-seccomp-only-with-softmmu-targets.patch * use $(MAKE) not make when building spapr-rtas.bin * update debian/watch (new place and new extensions) * add qemu-kvm package (transitional, depends on qemu-system), and add /usr/bin/kvm wrapper that calls qemu-system-x86_64 with some arguments to match original qemu-kvm behavour. (Closes: #560853) -- Michael Tokarev Sun, 20 Jan 2013 22:12:11 +0400 qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low * qemu-system.links: - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207) - Fix target of /etc/kvm/kvm-if{up,down} links -- Serge Hallyn Tue, 29 Jan 2013 10:52:22 -0600 qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982) -- Serge Hallyn Mon, 28 Jan 2013 11:52:10 -0600 qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low * configure-opts: add audio-cards list (LP: #1102487) * configure-opts: change order of audio-drv-list for ubuntu, putting pa first. -- Serge Hallyn Mon, 21 Jan 2013 12:02:09 -0600 qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over (i.e.) qemu-x86_64. (LP: #1102332) -- Serge Hallyn Mon, 21 Jan 2013 08:58:07 -0600 qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low * Move three docs from qemu-system.install to qemu.docs (LP: #1101798) -- Adam Conrad Sat, 19 Jan 2013 20:12:48 -0700 qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and possible code execution in hw/e1000.c by dropping oversize packets. -- Adam Conrad Sat, 19 Jan 2013 07:31:50 -0700 qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to fix FTBFS due to parallel compile. -- Serge Hallyn Fri, 18 Jan 2013 15:51:09 -0600 qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta: - debian/control: * update maintainer * remove vde2 recommends * build-deps: remove libusbredir, libvdeplug2-dev, libspice-server-dev, libspice-protocol-dev, libiscsi-dev, and libxen-dev. * qemu-keymaps: break/replace qemu-common * qemu-system: - break/replace qemu-common - depend on udev - remove openbios-ppc, openbios-sparc, and openhackware from Depends. (Intend to add them back once we can build them.) - provides: qemu-kvm * qemu-utils: break/replace qemu-kvm * set up transitional packages for qemu-kvm, qemu-common, and kvm. - qemu-kvm.upstart: - add qemu-system.qemu-kvm.upstart - debian/rules: add dh_installinit to get qemu-system.upstart installed. - take the defaults from the old qemu-kvm.defaults, and move them into the upstart job - debian/patches: - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git - ifup/down: - copy Debian qemu-kvm's kvm-ifup/down into debian/ - fix dh_install for kvm-ifup/down in debian/rules - add links for qemu-ifup/down in qemu-system.links - remove (debian's original) qemu-ifup from qemu-system.install - debian/qemu-system.postinst - udevadm trigger to fix up /dev/kvm perms - make the 'qemu' symlink point to qemu-system-x86_64, not -i386. - debian/qemu-system.links: - point 'kvm' to qemu-system-x86_64 - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict with ones from kvm-ipxe). We may want to move the links from kvm-ipxe back to qemu-system at some point. * Add note about kvm to qemu-system.README.debian. * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm * Remove TAPBR from qemu-kvm.conf. * Make sure /dev/kvm gets its acls cleared: - Add acl to qemu-system.depends - update qemu-system.udev to run setfacl to set g::rw acl * qemu-system.qemu-kvm.conf: don't rmmod at stop * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts * Remove hugepages sysctl file - qemu now supports transparent hugepages. -- Serge Hallyn Mon, 14 Jan 2013 23:22:51 -0600 qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low * enable vde on kFreebsd too (no idea why it was disabled) * bluez (libbluetooth) is linux-specific * savevm.c-cleanup-system-includes.patch: remove excessive #includes from savevm.c (fixes FTBFS on kFreebsd due to wrong #include) -- Michael Tokarev Mon, 31 Dec 2012 15:52:23 +0400 qemu (1.3.0+dfsg-1~exp2) experimental; urgency=low * mention that 1.3: Closes #622319, #597527, #593547, #660154 * libcap and libcap-ng are linux-specific * include spapr-rtas.bin file in a pre-compiled pseudo-hex-with-assembly form in debian/spapr-rtas.hex, "compile" it (using sed magic) in build step and compare the result with the actually built binary on ppc. This binary is needed for ppc system emulation (qemu-system-ppc*). (Closes: #670909). * rename system-build to qemu-build, and merge user-build to qemu-build, building qemu-system and qemu-user in one go. Only qemu-system-static is left in separate build dir. Note that current qemu-user is linux-specific, even if qemu has bsd-user targets. * add or32 user target * debian/configure-opts - list of (possible arch- or os-specific) features to enable/disable. This is in order to ensure we always build with specific options enabled and error out if new upstream will dislike our dependencies, or if the deps will not work. Move config_audio_drv from debian/rules to this file too. For now do not explicitly enable xen, spice, usb-redir, since these requires some more work. Also pass $(QEMU_CONFIGURE_OPTIONS) to qemu configure line, to be able to quickly override some options. * do not build-depend on sharutils, since no uuencoded binaries are shipped anymore * do not build-depend on nasm, we don't compile from assembly anymore * remove libgpmg1-dev from build-depends. It was due to #267174, because of static link of qemu with libsdl. Now only qemu-user-static is linked statically, and this one does not use libsdl. * add myself to uploaders, and remove dm-upload-allowed * added main docs to qemu-system package * specify --libexecdir=/usr/lib to configure * mark all packages as Multi-Arch: foreign (at least it is possible to install i386 versions on amd64 arch) * replace "flags OC" with "credentials yes" in debian/binfmts/*, since that's the format update-binfmts expects to enable setuid binaries. (Closes: #683205) * build-depend on debhelper 9, and set debian/compat to 9 -- Michael Tokarev Mon, 31 Dec 2012 01:40:35 +0400 qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low [ Michael Tokarev ] * new upstream version (1.3.0) (Closes: #676374, #622319, #597527, #593547, #660154) - Removed patches included upstream: do-not-include-libutil.h.patch configure-nss-usbredir.patch tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch net-add--netdev-options-to-man-page.patch - update 02_kfreebsd.patch - do not build mpc8544ds.dtb - include new targets * Cleaned up the build system ALOT. Larger changes: - used explicit lists of emulated targets in debian/rules and generate everything else from there, instead of repeating these lists in lots of places. - stop using debian/$pkg.manpages and other auxilary files like this, moving eveything to debian/$pkg.install, because with the number of packages growing, amount of these small files becomes very large and the result is difficult to maintain. * ship forgotten target-x86_64.conf in qemu-system. * ship virtfs-proxy-helper in qemu-utils. * stop shipping tundev.c, since it does not reflect the reality for a long time now (Closes: #325761, #325754). * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N, this time by adding to $MAKEFLAGS instead of passing down to submakes * build-depend on libcap-ng-dev (for virtfs-proxy-helper) [ Vagrant Cascadian ] * Add libcap-dev to Build-Depends to support virtfs-proxy-helper. -- Michael Tokarev Sun, 30 Dec 2012 01:52:21 +0400 qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low * Remove kvm package - make qemu-system P/C/B: kvm. -- Serge Hallyn Mon, 14 Jan 2013 12:03:19 -0600 qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low [ Serge Hallyn ] * debian/control: - update maintainer - remove vde2 recommends - build-deps: remove libusbredir, libvdeplug2-dev, libspice-server-dev, libspice-protocol-dev, libiscsi-dev, and libxen-dev. - qemu-keymaps: break/replace qemu-common - qemu-system: - break/replace qemu-common - depend on udev - remove openbios-ppc, openbios-sparc, and openhackware from Depends. (Intend to add them back once we can build them.) - provides: qemu-kvm - qemu-utils: break/replace qemu-kvm - set up transitional packages for qemu-kvm, qemu-common, and kvm. * debian/rules: - install kvm-ifup and kvm-ifdown - dh_installinit the qemu-kvm upstart job * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages. * qemu-kvm.upstart: - add qemu-system.qemu-kvm.upstart - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename /etc/init/qemu-kvm.conf to qemu-system.conf - debian/rules: add dh_installinit to get qemu-system.upstart installed. - take the defaults from the old qemu-kvm.defaults, and move them into the upstart job * debian/patches: - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git - apply nbd-fixes-to-read-only-handling.patch from upstream to make read-write mount after read-only mount work. (LP: #1077838) * ifup/down: - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/ - fix dh_install for kvm-ifup/down in debian/rules - add links for qemu-ifup/down in qemu-system.links - remove (debian's original) qemu-ifup from qemu-system.install * debian/qemu-system.postinst - udevadm trigger to fix up /dev/kvm perms - make the 'qemu' symlink point to qemu-system-x86_64, not -i386. * debian/qemu-system.links: - point 'kvm' to qemu-system-x86_64 - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict with ones from kvm-ipxe). We may want to move the links from kvm-ipxe back to qemu-system at some point. - add qemu-ifdown and qemu-ifup links * debian/qemu-system.install: - remove /etc/qemu-ifup link - add /etc/sysctl.d/30-qemu-kvm.conf [ Adam Conrad ] * Appease apt-get's dist-upgrade resolver by creating a qemu-common transitional package to upgrade more gracefully to qemu-keymaps. * Move all the empty transitional packages to the oldlibs section. * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system. -- Serge Hallyn Fri, 04 Jan 2013 08:50:24 -0600 qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low [ Michael Tokarev ] * new upstream version (1.3.0) (Closes: #676374, #622319, #597527, #593547, #660154) - Removed patches included upstream: do-not-include-libutil.h.patch configure-nss-usbredir.patch tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch net-add--netdev-options-to-man-page.patch - update 02_kfreebsd.patch - do not build mpc8544ds.dtb - include new targets * Cleaned up the build system ALOT. Larger changes: - used explicit lists of emulated targets in debian/rules and generate everything else from there, instead of repeating these lists in lots of places. - stop using debian/$pkg.manpages and other auxilary files like this, moving eveything to debian/$pkg.install, because with the number of packages growing, amount of these small files becomes very large and the result is difficult to maintain. * ship forgotten target-x86_64.conf in qemu-system. * ship virtfs-proxy-helper in qemu-utils. * stop shipping tundev.c, since it does not reflect the reality for a long time now (Closes: #325761, #325754). * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N, this time by adding to $MAKEFLAGS instead of passing down to submakes * build-depend on libcap-ng-dev (for virtfs-proxy-helper) [ Vagrant Cascadian ] * Add libcap-dev to Build-Depends to support virtfs-proxy-helper. -- Michael Tokarev Sun, 30 Dec 2012 01:52:21 +0400 qemu (1.1.2+dfsg-6a) unstable; urgency=low * reupload to remove two unrelated files slipped in debian/ -- Michael Tokarev Mon, 18 Mar 2013 10:09:37 +0400 qemu (1.1.2+dfsg-6) unstable; urgency=low * another bugfix for USB, upstream from early days of past-1.1. usb-split-endpoint-init-and-reset.patch. With certain redirected to guest USB devices, qemu process may crash: usb_packet_complete: Assertion `((&ep->queue)->tqh_first) == p' failed. The patch fixes this by de-coupling reset and complete paths. Big thanks goes to Joseph Price who found the fix by doing a reverse git bisection. (Closes: #701926) -- Michael Tokarev Mon, 18 Mar 2013 09:07:24 +0400 qemu (1.1.2+dfsg-5) unstable; urgency=low * fix USB regression introduced in 1.1 (Closes: #683983) uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727) for the help identifying the fix. -- Michael Tokarev Mon, 14 Jan 2013 12:20:29 +0400 qemu (1.1.2+dfsg-4) unstable; urgency=medium * linux-user-fix-mips-32-on-64-prealloc-case.patch (Closes: #668658) * e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second half of the fix for CVE-2012-6075. (Finally Closes: #696051) -- Michael Tokarev Wed, 09 Jan 2013 23:05:17 +0400 qemu (1.1.2+dfsg-3) unstable; urgency=low * add build-dependency on libcap-dev [linux-any] to enable virtfs support which has been dropped in 1.1. (Closes: #677654) * intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch patch to fix Fixing reset of MSI function in intel-hda virtual device. The fix (applied to stable-1.1.1) was partially wrong, as it actually added the msi_reset() call to two code paths instead of one as planned. Fix this by splitting the function in question into two parts. (Closes: #688964) * blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch: allow opening of read-only cdrom images/devices (Closes: #686776) * ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci (Closes: #696052) * e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch: discard too long rx packets which may overflow guest buffer (Closes: #696051) * eepro100-fix-network-hang-when-rx-buffers-run-out.patch: fix e100 stall (Closes: #696061) * fix possible network stalls/slowness in e1000 device emulation: net-notify-iothread-after-flushing-queue.patch e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch (Closes: #696063) * fixes-related-to-processing-of-qemu-s-numa-option.patch: fixes numa handling (Closes: #691343) * qcow2-fix-avail_sectors-in-cluster-allocation-code.patch: fixes data corruption in stacked qcow2 (Closes: #695905) * qcow2-fix-refcount-table-size-calculation.patch: another possible corruption or crash in qcow2 (Closes: #691569) * tap-reset-vnet-header-size-on-open.patch: always ensure tap device is in known state initially (Closes: #696057) * vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch: possible data corruption bug in vmdk image format (Closes: #696050) -- Michael Tokarev Sun, 16 Dec 2012 23:08:40 +0400 qemu (1.1.2+dfsg-2) unstable; urgency=low * remove debian/patches/fix-armhf-prctl.patch, it is included upstream in 1.1.0 version and is misapplied since 1.1.0~rc3+dfsg-1. * drop -jN passing to downstream makes, as it breaks dpkg-buildpackage -j and actually breaks build (Closes: #597524 - said to be fixed in 0.14.1 but was still present) * add revert-serial-fix-retry-logic.patch that restores old (semi-)working behavour of a virtual serial port. -- Michael Tokarev Wed, 19 Sep 2012 13:54:05 +0400 qemu (1.1.2+dfsg-1) unstable; urgency=low [Michael Tokarev] * new upstream stable/bugfix release, fixing a LOT of bugs, including CVE-2012-3515 (Closes: #686973, #681985) * bump versioned depends of seabios to 1.7.0~, since this version ships kvmvapic.bin. * ship /usr/share/qemu/qemu-icon.bmp (Closes: #681317) * do not build-depend on ceph (librbd-dev librados-dev), since ceph is having longstanding issues in wheezy. * add tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch - upstream fix to un-break s390[x] emulation code. Similar fixes were included for other platforms in 1.1.2 changeset. Without this fix, qemu is basically useless on s390. * document -netdev option in the manpage, a long-standing omission (net-add--netdev-options-to-man-page.patch) [Vagrant Cascadian] * qemu-system: Add symlinks for extboot.bin, kvmvapic.bin and vapic.bin to binaries shipped in seabios. Closes: #678217, #679004. * qemu-system: Remove dead link for ne2k_isa.rom, which is not included in ipxe. Closes: #679004. * qemu-system: Bump versioned openbios-sparc and openbios-ppc Depends to 1.0+svn1060, to ensure we use at least version which is used by upstream. Wheezy already has the right version, but we should not break partial upgrades. -- Michael Tokarev Sun, 09 Sep 2012 18:52:57 +0400 qemu (1.1.0+dfsg-1) unstable; urgency=low [ Vagrant Cascadian ] * New upstream release. (Closes: #655604, #655145) [ Michael Tokarev ] * do-not-include-libutil.h.patch - don't include libutil.h&Co when not needed. Fixes FTBFS on kFreebsd with recent libbsd-dev. * drop libbsd-dev support on kFreebsd - no longer needed. * do not build USB host support on kFreebsd (qemu uses obsolete, now removed, USB API). Use the same hack/technique as FreeBSD qemu port does -- changing HOST_USB to "stub" after configure run. -- Vagrant Cascadian Thu, 07 Jun 2012 13:44:26 -0700 qemu (1.1.0~rc3+dfsg-1) experimental; urgency=low * New upstream release candidate. * debian/patches: - Update 02_kfreebsd. - Remove dont-block-sigchld, applied upstream. - Update configure-nss-usbredir. - Update fix-armhf-prctl. * debian/rules: Remove --disable-darwin-user from configure, as it is no longer present. * Apply patch to qemu-make-debian-root to improve argument handling. (Closes: #671723). Thanks to Askar Safin. * qemu-utils: Add recommends on sharutils, used by qemu-make-debian-root (Closes: #660296). * Add Build-Depends on libusbredirparser-dev to support usbredir protocol. * Add Build-Depends on libbsd-dev for kfreebsd. -- Vagrant Cascadian Wed, 30 May 2012 20:24:59 -0700 qemu (1.0.1+dfsg-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream stable version: - remove debian/patches/fix-malta-i8259 - remove debian/patches/qemu-ifunc-ppc.patch - remove debian/patches/x86-fix-cmpxchg.patch [ Michael Tokarev ] * apply patch to change backticks `` in debian/rules variables to $(shell) construct, by Allard Hoeve. (Closes: #660133) * depend on vgabios >= 0.6c-3~ not 0.6c-3, to assist backporting [ Hector Oron ] * Fix prctl syscall (Closes: #656926, #651083). [ Vagrant Cascadian ] * Update to Standards-Version 3.9.3, no changes necessary. -- Vagrant Cascadian Mon, 05 Mar 2012 13:05:14 -0800 qemu (1.0+dfsg-3) unstable; urgency=low [ Aurelien Jarno ] * Add a build-depends on libfdt-dev to enable some more emulated machines. * Really add binfmt support for s390x. [ Michael Tokarev ] * Depend on ipxe-qemu | ipxe (<< 1.0.0+git-20120202.f6840ba-2) after ipxe package split. This will probably need to be changed to just ipxe-qemu once it will be landed properly. [ Vagrant Cascadian ] * Apply patch to use dpkg-buildflags (Closes: #656276). Thanks to Moritz Muehlenhoff. -- Vagrant Cascadian Mon, 06 Feb 2012 17:56:15 -0800 qemu (1.0+dfsg-2) unstable; urgency=low [ Aurelien Jarno ] * Add patch from upstream to fix cmpxchg on x86. * Add patch to not link user builds with NSS (Closes: #648202). * Add binfmt support for s390x. * Bump depends on openbios-ppc and openbios-sparc on versions compatible with version 1.0. * Build on s390x (Closes: #651048). [ Vagrant Cascadian ] * qemu-make-debian-root: Fix argument processing to handle when both -s and -k are specified. Thanks to Mats Erik Andersson (Closes: #638047). * Add Patch from upstream to fix regression on malta with i8259 interrupts. * qemu-debootstrap: Add support for armhf and s390x. * debian/rules: remove config.log in the clean target. * qemu-make-debian-root: Use debootstrap's minbase variant, instead of a long list of excludes. -- Vagrant Cascadian Mon, 09 Jan 2012 16:01:17 -0800 qemu (1.0+dfsg-1) experimental; urgency=low * New upstream version. * Add build-dep on libxen-dev to enable xen support. * Add build-dep on libiscsi-dev to enable iscsi support. * Add patch from upstream to not block SIGCHLD (Closes: #618743). -- Vagrant Cascadian Fri, 30 Dec 2011 16:12:03 -0800 qemu (1.0~rc4+dfsg-1) experimental; urgency=low * New upstream version: - Fixes CVE-2011-4111. * remove patches applied upstream: - security/leftover.patch - Move_QEMU_INCLUDES_before_QEMU_CFLAGS - runnning-typo.patch * Install new qemu-system variants: xtensa, xtensaeb, alpha * debian/rules: Drop hack to rename "qemu" binary to "qemu-system-i386", as upstream now does the same. * Enable spice support on amd64: - Add Build-Depends: libspice-server-dev, libspice-protocol-dev * debian/rules: use dh_prep instead of "dh_clean -k", which is deprecated. * qemu-system: Bump dependency on seabios to 1.6.3~. -- Vagrant Cascadian Mon, 28 Nov 2011 23:40:24 -0800 qemu (0.15.1+dfsg-3) unstable; urgency=low * Add patch from upstream to fix FTBFS on ia64. -- Vagrant Cascadian Fri, 09 Dec 2011 23:48:21 -0800 qemu (0.15.1+dfsg-2) unstable; urgency=low * Add patch that fixes a buffer overrun (CVE-2011-4111). * Enable spice support on amd64: - Add Build-Depends: libspice-server-dev, libspice-protocol-dev * debian/rules: Use dh_prep instead of "dh_clean -k", which is deprecated. -- Vagrant Cascadian Mon, 28 Nov 2011 20:34:50 -0800 qemu (0.15.1+dfsg-1) unstable; urgency=low * New upstream version. -- Vagrant Cascadian Sun, 06 Nov 2011 10:37:31 -0800 qemu (0.15.0+dfsg-1) unstable; urgency=low * New upstream version. * Install new qemu-system, qemu-user and qemu-user-static variants: lm32, microblazeel, s390x, unicore32 * Patch from upstream to set QEMU_INCLUDES before QEMU_CFLAGS. * Update debian/watch to check http://qemu.org/download. -- Vagrant Cascadian Mon, 03 Oct 2011 12:29:18 -0700 qemu (0.15.0~rc2+dfsg-1) experimental; urgency=low * New upstream version. * qemu-debootstrap: Return the exit status of debootstrap instead of hard-coding a sucessful exit status. * Build-depend on librbd-dev. * Remove qemu-mipsel-debian-rootfs.patch, a variation was applied upstream. * Remove pcnet-ipxe patch, applied upstream. * Add Build-Depends on python. * Rename pxe rom symlinks to match upstream rename. -- Vagrant Cascadian Sun, 07 Aug 2011 13:27:43 +0200 qemu (0.14.1+dfsg-3) unstable; urgency=low [ Aurelien Jarno ] * Add patches/qemu-ifunc-ppc.patch and patches/qemu-ifunc-sparc.patch to fix FTBFS on ppc and sparc. [ Vagrant Cascadian ] * Apply patch to fix qemu-user-static mipsel emulation (Closes: #562887). * Drop support for esd (Closes: #633390). Thanks to Adrian Bunk. * Add dummy debian/rules build-indep/build-arch targets to resolve lintian warnings and future policy requirements. * Remove needless mention of "Author(s)" which triggers a lintian warning. * Fix maintainer-script-without-set-e lintian checks. * Fix hyphen-used-as-minus-sign lintian check for qemu-debootstrap manpage. -- Vagrant Cascadian Sat, 23 Jul 2011 10:18:37 +0200 qemu (0.14.1+dfsg-2) unstable; urgency=low * Add override for qemu-user-static binaries which embed needed libraries. * Add qemu-debootstrap manpage. * Add patch to fix typo in qemu-system-* (runnning -> running). * Update to Standards-Version 3.9.2, no changes necessary. -- Vagrant Cascadian Sat, 02 Jul 2011 22:29:17 -0700 qemu (0.14.1+dfsg-1) unstable; urgency=low * New upstream version. * Depend on ipxe instead of etherboot-qemu. * Add pcnet-ipxe.patch from upstream to fix ipxe with pcnet nic. * Add symlink for network boot with eepro100 cards (i82551, i82557b, i82559er). * Drop 01_rdb.patch, applied upstream. * Add support for building on armhf architecture. * Support debootstrap options that require arguments in qemu-debootstrap. Thanks to Stefano Rivera for the patch. Closes: #605660. -- Vagrant Cascadian Fri, 01 Jul 2011 22:49:40 -0700 qemu (0.14.0+dfsg-5.1) unstable; urgency=low * Non-maintainer upload. * Replace "librados1-dev" by "librados-dev" in Build-Dependencies. -- Mehdi Dogguy Fri, 29 Apr 2011 17:45:05 +0200 qemu (0.14.0+dfsg-5) unstable; urgency=low * Don't register qemu-mips(el) with binfmt on mips(el). Closes: #618369. -- Aurelien Jarno Thu, 17 Mar 2011 20:13:27 +0100 qemu (0.14.0+dfsg-4) unstable; urgency=low * Reupload without automatically generated patch debian-changes-0.14.0+dfsg-3. -- Aurelien Jarno Mon, 28 Feb 2011 15:10:04 +0100 qemu (0.14.0+dfsg-3) unstable; urgency=low [ Aurelien Jarno ] * Depends on vgabios (>= 0.6c-3) and add symlinks for qxl, stdvga and vmware bioses. Closes: #614252, #614169. * Tighten build-depends on linux-libc-dev to (>= 2.6.34), to get vhost-net support. * Build-depends on xfslibs-dev in order to get TRIM support on XFS filesystems. * Build-depends on librados1-dev to get rdb support. Closes: #614150. -- Aurelien Jarno Mon, 28 Feb 2011 09:06:00 +0100 qemu (0.14.0+dfsg-2) unstable; urgency=low [ Aurelien Jarno ] * Tighten dependencies on openbios-ppc, openbios-sparc and seabios to the versions in upstream 0.14.0. * patches/02_kfreebsd.patch: don't consider futimens/utimensat available if it is a stub. -- Aurelien Jarno Sun, 20 Feb 2011 00:36:20 +0100 qemu (0.14.0+dfsg-1) unstable; urgency=low [ Vagrant Cascadian ] * New upstream release candidate version. * qemu-user-static: - Drop binfmt support for emulating amd64 on i386, as it is broken and including it interferes with environments capable of running amd64 natively. Closes: #604712. - Remove binfmt support for installed targets in postinst before installing supported targets, to ensure no-longer-supported targets are actually removed. - Remove binfmt support for installed targets in prerm. [ Aurelien Jarno ] * Fix configuration files directory. Closes: #600735. * Enable AIO support. [ Vagrant Cascadian ] * Update debian/copyright to refer to upstream git repositry and clarify which binary blobs are removed to make the dfsg-free tarball. * Refresh debian/patches/security/leftover.patch. -- Vagrant Cascadian Fri, 18 Feb 2011 21:07:01 -0800 qemu (0.13.0+dfsg-2) experimental; urgency=low * Fix Build-Depends to exclude kfreebsd-any wildcards where appropriate. Thanks to Jon Severinsson. Closes: #592215 -- Vagrant Cascadian Sun, 24 Oct 2010 09:02:27 -0700 qemu (0.13.0+dfsg-1) experimental; urgency=low [ Aurelien Jarno ] * mips/mipsel binfmt registration: also match EI_ABIVERSION=1, used by OpenWRT. Closes: #591543. * Build-depends on libattr1-dev to enable VirtFS (9p) support. Closes: #592215. * Use architecture wildcards instead of explicit architecture list. [ Vagrant Cascadian ] * Switch to source format 3.0 (quilt). * New upstream version. * Drop 99_stable.diff, applied in new upstream version. * debian/watch: update to properly handle upstream rc versions. -- Vagrant Cascadian Mon, 18 Oct 2010 10:22:44 -0700 qemu (0.13.0~rc0+dfsg-2) experimental; urgency=low [ Aurelien Jarno ] * Add ia64 to the list of supported architectures. * Bump Standards-Version to 3.9.1 (no changes). * Update seabios, openbios-ppc and openbios-sparc dependencies. * Add 99_stable.diff to update from the stable-0.13 branch: - Fix sparc FTBFS. Closes: #591249. * Add qemu-debootstrap from Loïc Minier in qemu-static. Closes: #572952. -- Aurelien Jarno Tue, 03 Aug 2010 07:25:06 +0200 qemu (0.13.0~rc0+dfsg-1) experimental; urgency=low * New upstream release candidate version. * Do not configure audio drivers for qemu-user and qemu-user-static targets. * Remove patches: - 05_bochs_vbe, applied upstream. - 06_sh4, applied upstream. - 03_support_pselect_in_linux_user_arm, upstream implemented a simpler workaround. * Add Build-Depends on texinfo. * Drop libqemu-dev package. -- Vagrant Cascadian Thu, 29 Jul 2010 19:51:01 -0400 qemu (0.12.5+dfsg-3) unstable; urgency=medium * qemu-user-static: - Drop binfmt support for emulating amd64 on i386, as it is broken and including it interferes with environments capable of running amd64 natively. Closes: #604712. - Remove binfmt support for installed targets in postinst before installing supported targets, to ensure no-longer-supported targets are actually removed. - Remove binfmt support for installed targets in prerm. -- Vagrant Cascadian Sun, 28 Nov 2010 15:57:11 -0800 qemu (0.12.5+dfsg-2) unstable; urgency=low * mips/mipsel binfmt registration: also match EI_ABIVERSION=1, used by OpenWRT. Closes: #591543. * Update 99_stable.diff from the stable branch: - Fix windows XP boot with libvirt. Closes: bug#579166. -- Aurelien Jarno Tue, 17 Aug 2010 12:56:30 +0200 qemu (0.12.5+dfsg-1) unstable; urgency=low * New upstream stable version. * qemu-system: don't suggests kqemu-source. Closes: bug#589217. * qemu-keymaps: fix short description. -- Aurelien Jarno Fri, 23 Jul 2010 19:02:14 +0200 qemu (0.12.4+dfsg-4) unstable; urgency=high * Update debian/copyright. Closes: bug#588911. * Update 99_stable.diff from the stable branch: - Add documentation for the stdio signal option. Closes: bug#588514. * Split out keymaps in the qemu-keymaps package. Closes: bug#559174. * Bump Standards-Version to 3.9.0 (no changes). -- Aurelien Jarno Wed, 14 Jul 2010 15:13:04 +0200 qemu (0.12.4+dfsg-3) unstable; urgency=low * Update 99_stable.diff from the stable branch. -- Aurelien Jarno Wed, 16 Jun 2010 23:07:36 +0200 qemu (0.12.4+dfsg-2) unstable; urgency=low [ Vagrant Cascadian ] * qemu-system: Depend on etherboot-qemu package for PXE roms. Closes: #552406. [ Aurelien Jarno ] * Add 99_stable.diff to update from the stable branch. * Use --with-pkgversion to set the packaging version. -- Aurelien Jarno Wed, 02 Jun 2010 21:24:26 +0200 qemu (0.12.4+dfsg-1) unstable; urgency=low * New upstream stable version: - remove debian/patches/01_redir_doc.patch - remove debian/patches/04_cmd646.patch - update debian/patches/06_sh4.diff -- Aurelien Jarno Fri, 07 May 2010 19:43:48 +0200 qemu (0.12.3+dfsg-4) unstable; urgency=low * Add 05_bochs_vbe.diff backported from uptream to support vgabios 0.6c. * Add 06_sh4.diff containing a few SH4 specific fixes backported from upstream. -- Aurelien Jarno Fri, 09 Apr 2010 01:44:38 +0200 qemu (0.12.3+dfsg-3) unstable; urgency=low * Add symlink for seabios's multiboot.bin. * Change configure-stamp depends to non-phony target $(QUILT_STAMPFN). Closes: #574444. * Fix a crash in cmd646 bmdma code that can be triggered by the guest. Closes: #574539. * Explain that KQEMU support has been removed in qemu-system.NEWS. * Build-Conflicts with oss4-dev, as this package install a broken header. Closes: #575320. -- Aurelien Jarno Sat, 03 Apr 2010 17:07:23 +0200 qemu (0.12.3+dfsg-2) unstable; urgency=low [ Aurelien Jarno ] * Disable KVM support on PowerPC, as it needs at least 2.6.33 kernel headers. [ Vagrant Cascadian ] * Support pselect for linux-user arm target. Patch by Michael Casadevall. * Add symlink for seabios's linuxboot.bin to fix -kernel option. Thanks to Sami Liedes. Closes: #574174. * qemu-system: Switch back to using versioned dependencies for vgabios, bochsbios, openhackware, openbios-ppc and openbios-sparc rather than recommends/conflicts, to ensure a proper upgrade path. Closes: #573397. Reopens: #436094. -- Vagrant Cascadian Fri, 19 Mar 2010 09:31:29 -0700 qemu (0.12.3+dfsg-1) unstable; urgency=low [ Vagrant Cascadian ] * New upstream version: - Fix access to block devices on GNU/kFreeBSD. Closes: #558447. - Correctly update clock when waking up from sleep. Closes: #414165. - Slirp works with other network interfaces. Closes: #407702. - Add the possibility to specify a host to bind to with the -redir option. Closes: #366847. - Fix cirrus graphics card with windows 98. Closes: #522124. * Indicate repackaged upstream tarball by adding "+dfsg" to the version. Closes: #388740. * Remove second libgnutls-dev from build depends. * Update debian/watch with current location of tarball releases. * Drop binutils-gold patch, applied upstream. * Switch from bochsbios to seabios. Update bios.bin symlink and recommends/conflicts. * Bump Standards-Version to 3.8.4 (no changes). * Update my email address to vagrant@debian.org. [ Aurelien Jarno ] * Create a kvm group in postinst and set the group of /dev/kvm to kvm. Closes: #570544. * Add mips and mipsel to the list of supported architectures. * Add patches/01_redir_doc.patch to fix a mistake in the redirection documentation. * Add patches/02_kfreebsd.patch to use the legacy USB stack on GNU/kFreeBSD. * Force the depends from qemu on qemu-system, qemu-user and qemu-utils to (>= {source:Version}). * Update openbios related conflicts. -- Vagrant Cascadian Sun, 07 Mar 2010 09:20:43 -0800 qemu (0.11.1-2) unstable; urgency=low * Add versioned build-depends on etherboot. * Add PXE boot support for virtio network adapters. * Move qemu-make-debian-root to qemu-utils package, as it only produces disk images not useable by qemu-user. Lower recommends on debootstrap to suggests. Add Conflicts and Replaces on older versions of qemu-user. * Register /usr/bin/qemu with the alternatives system. Closes: #413840. * qemu: Add ${misc:Depends} so that debhelper can add dependencies if needed. -- Vagrant Cascadian Fri, 08 Jan 2010 09:26:11 -0800 qemu (0.11.1-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream version. * Drop build-depends on libfreebsd-dev on GNU/kFreeBSD. * qemu: suggests qemu-user-static. * qemu-user-static: register QEMU with binfmt mecanism. Closes: #306637. * Bump conflicts on openbios-ppc to (<< 1.0+svn505-1). * Add 01-binutils-gold.diff to fix FTBFS with binutils-gold. Closes: #556301. * Add sparc64 support. * Use new roms location in etherboot package. [ Vagrant Cascadian ] * qemu-utils, qemu-user, qemu-system: Set both Conflicts and Replaces for older versions of qemu to ensure proper upgrade path. * Add versioned build-dep on linux-libc-dev to ensure that KVM support is enabled. * qemu-system: Lower dependencies on vgabios, bochsbios, openhackware, openbios-ppc and openbios-sparc to recommends. Conflict with versions that are incompatible. Closes: #436094. * qemu-utils: Tighten the versioned conflicts with kvm, as not all older versions actually conflict. * qemu-make-debian-root: Apply modified patch from Nicolas Boulenguez that documents usage of -s, exits on error, and mentions that it is normally run as root. Closes: #447034. -- Aurelien Jarno Sun, 27 Dec 2009 12:09:11 +0100 qemu (0.11.0-6) unstable; urgency=low * Update from stable-0.11 branch. * qemu-utils: add Replaces: qemu (<< 0.11.0-2). Closes: #556627, #556860. -- Aurelien Jarno Fri, 20 Nov 2009 08:24:32 +0100 qemu (0.11.0-5) unstable; urgency=low * Change the Conflicts: into Replaces: to handle the move of /etc/ifup from one package to another correctly. Tighten the version. Closes: #556627. -- Aurelien Jarno Wed, 18 Nov 2009 16:30:39 +0000 qemu (0.11.0-4) unstable; urgency=low [ Aurelien Jarno ] * Update from stable-0.11 branch. * Default to alsa before OSS. Closes: #451234. [ Vagrant Cascadian ] * Updated Vcs-Git to a url more likely to work with debcommit. -- Aurelien Jarno Wed, 18 Nov 2009 16:26:17 +0100 qemu (0.11.0-3) unstable; urgency=low * qemu-system, qemu-user: fix conflicts version. Closes: #556627. * qemu-utils: conflicts with kvm (<= 85+dfsg-4.1), as it also provides qemu-io. -- Aurelien Jarno Tue, 17 Nov 2009 09:49:24 +0100 qemu (0.11.0-2) unstable; urgency=low * Update from stable-0.11 branch. * Move qemu-user.1 and qemu-make-debian-root.8 to the qemu-user package. * Add build-depends on uuid-dev. * Use a specific install file for qemu-utils on GNU/kFreeBSD. * Call dh_install with -s. -- Aurelien Jarno Tue, 17 Nov 2009 09:11:29 +0100 qemu (0.11.0-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream version. - Documents virtio NIC. Closes: #541182. - Increase the maximum TCG op a target instruction op can expand to. Closes: #530645, #542297. - KVM is enabled by default. Closes: #520894. - Fix CVE-2009-3616. Closes: #553589. * Drop 65_kfreebsd.patch. * Split the qemu package and use out of tree building. Based on a patch from Vagrant Cascadian. Closes: #524774. * Only recommends debootstrap for qemu-user and qemu-user static. Closes: #543356. * Remove /usr/share/qemu/proll.elf. Closes: bug#542247. * Add build-depends on libcurl4-gnutls-dev, libgnutls-dev and libsasl2-dev to enable new upstream features. * Bump Standards-Version to 3.8.3 (no changes). * Update Vcs-* fields to point to the new git repository. * Add Vagrant Cascadian to uploaders, and set DM-Upload-Allowed to yes. -- Aurelien Jarno Mon, 26 Oct 2009 10:17:57 +0000 qemu (0.10.50+git20090729-1) experimental; urgency=low [ Josh Triplett ] * Remove myself from Uploaders. [ Riku Voipio ] * new upstream RC version * nuke all linux-user patches (applied upstream) 06_exit_segfault 12_signal_powerpc_support 21_net_soopts 30_syscall_ipc 32_syscall_sysctl 35_syscall_sockaddr 48_signal_terminate 55_unmux_socketcall * nuke all other applied-upstream patches 01_nostrip (better version upstream) 07_i386_exec_name (can be reintroduced in debian/rules) 50_linuxbios_isa_bios_ram (shouldn't be needed anymore) 51_linuxbios_piix_ram_size (applied) 56_dhcp (crap) 60_ppc_ld (reintroduce if needed) 64_ppc_asm_constraints (ditto) 66_tls_ld.patch (ditto) 81_compile_dtb.patch (applied upstream) 82_qemu-img_decimal (ditto) * move to git * simplify build rules * Correct my email address -- Riku Voipio Wed, 29 Jul 2009 13:28:05 +0300 qemu (0.10.6-1) unstable; urgency=low [ Josh Triplett ] * Remove myself from Uploaders. [ Aurelien Jarno ] * New upstream version. * Bump Standards-Version to 3.8.2 (no changes). * Update debian/watch (closes: bug#538781). -- Aurelien Jarno Fri, 31 Jul 2009 15:25:36 +0200 qemu (0.10.5-1) unstable; urgency=low * New upstream version. -- Aurelien Jarno Sun, 24 May 2009 16:15:35 +0200 qemu (0.10.4-1) unstable; urgency=low * New upstream version. * debian/NEWS.Debian: new file, describing the cache policy options (closes: bug#526832). * debian/patches/70_versatile_memsize.patch: new patch to set a upper limit on the memory size of the versatile boards (closes: bug#527264). -- Aurelien Jarno Tue, 12 May 2009 18:31:29 +0200 qemu (0.10.3-1) unstable; urgency=low * New upstream version. * Tighten dependency on bochsbios. -- Aurelien Jarno Sat, 02 May 2009 10:14:21 +0200 qemu (0.10.2-2) unstable; urgency=low * Add missing comma in build-depends (closes: bug#524207). * Tighten dependency on vgabios. -- Aurelien Jarno Wed, 15 Apr 2009 22:30:43 +0200 qemu (0.10.2-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream stable release. -- Aurelien Jarno Tue, 07 Apr 2009 07:37:15 +0200 qemu (0.10.1-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream stable release: - patches/80_stable-branch.patch: remove. * debian/control: - Remove depends on proll. - Move depends on device-tree-compiler to build-depends. - Bump Standards-Version to 3.8.1 (no changes). * patches/82_qemu-img_decimal.patch: new patch from upstream to make qemu-img accept sizes with decimal values (closes: bug#501400). -- Aurelien Jarno Sun, 22 Mar 2009 10:13:17 +0100 qemu (0.10.0-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream release: - Fix fr-be keyboard mapping (closes: bug#514462). - Fix stat64 structure on ppc-linux-user (closes: bug#470231). - Add a chroot option (closes: bug#415996). - Add evdev support (closes: bug#513210). - Fix loop on symlinks in user mode (closes: bug#297572). - Bump depends on openbios-sparc. - Depends on openbios-ppc. - Update 12_signal_powerpc_support.patch. - Update 21_net_soopts.patch. - Drop 44_socklen_t_check.patch (merged upstream). - Drop 49_null_check.patch (merged upstream). - Update 64_ppc_asm_constraints.patch. - Drop security/CVE-2008-0928-fedora.patch (merged upstream). - Drop security/CVE-2007-5730.patch (merged upstream). * patches/80_stable-branch.patch: add patches from stable branch: - Fix race condition between signal handler/execution loop (closes: bug#474386, bug#501731). * debian/copyright: update. * Compile and install .dtb files: - debian/control: build-depends on device-tree-compiler. - debian/patches/81_compile_dtb.patch: new patch from upstream. - debian/rules: compile and install bamboo.dtb and mpc8544.dtb. -- Aurelien Jarno Sat, 07 Mar 2009 06:20:34 +0100 qemu (0.9.1+svn20090104-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. * Disable security/CVE-2008-0928-fedora.patch, it still breaks qcow format. -- Aurelien Jarno Sun, 04 Jan 2009 16:31:40 +0100 qemu (0.9.1+svn20081223-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - Fix CVE-2008-2382 * Update patches/48_signal_terminate.patch. * debian/rules: remove upstream flags from CFLAGS. -- Aurelien Jarno Tue, 23 Dec 2008 14:51:25 +0100 qemu (0.9.1+svn20081214-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - Fix jmp im on x86_64 when executing 32-bit code. Fix grub installation (Closes: bug#467148). -- Aurelien Jarno Sun, 14 Dec 2008 23:26:04 +0100 qemu (0.9.1+svn20081207-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - Do not depend on gcc-3.4 anymore (Closes: bug#440425, bug#463066). - Fix broken display introduced by CVE-2007-1320 (Closes: bug#422578). * debian/control: remove build-dependency on gcc-3.4. * debian/rules: remove code for dyngen targets. * Split 90_security.patch into - security/CVE-2007-5730.patch - security/leftover.patch * Replace 91_security.patch by security/CVE-2008-0928-fedora.patch taken from fedora repository and enable it (Closes: #469649). [ Riku Voipio ] * 2 patches gone, 19 to go: - 10_signal_jobs.patch: drop, merged upstream - 11_signal_sigaction.patch: drop, merged upstream - series: update -- Aurelien Jarno Sun, 07 Dec 2008 19:40:09 +0100 qemu (0.9.1+svn20081128-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - Include documentation for network downscript option (Closes: bug#506994). - Drop 00_bios.patch and pass --disable-blobs instead. - Update 12_signal_powerpc_support.patch. [ Riku Voipio ] * Drop 31_syscalls.patch as it makes no sense using host uselib to load target code into qemu's host memoryspace. -- Aurelien Jarno Sat, 29 Nov 2008 09:04:41 +0100 qemu (0.9.1+svn20081112-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - does not need a disk image anymore (Closes: bug#260935). - 53_openbios_size.patch: drop (merged upstream). - 90_security: update. * debian/control: depend on openbios-sparc (>= 1.0~alpha2+20081109) (Closes: bug#502411, bug#502414). -- Aurelien Jarno Sun, 09 Nov 2008 14:42:37 +0100 qemu (0.9.1+svn20081101-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - fix a heap overflow in Cirrus emulation (CVE-2008-4539). - 50_linuxbios_isa_bios_ram.patch: update. - 90_security.patch: update. -- Aurelien Jarno Sat, 01 Nov 2008 09:26:45 +0100 qemu (0.9.1+svn20081023-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. - 12_signal_powerpc_support.patch: update. - 50_linuxbios_isa_bios_ram.patch: update. -- Aurelien Jarno Thu, 23 Oct 2008 21:34:26 +0200 qemu (0.9.1+svn20081016-1) experimental; urgency=low [ Aurelien Jarno ] * New upstream snapshot. * patches/31_syscalls.patch: remove parts merged upstream. * debian/qemu-make-debian-root: - Fix bug introduced when fixing bug#496394 (Closes: bug#502325). -- Aurelien Jarno Mon, 13 Oct 2008 23:11:15 +0200 qemu (0.9.1+svn20081012-1) experimental; urgency=low [ Riku Voipio ] * Add a bunch of patches from scratchbox - 44_socklen_t_check work better with badbehavin net apps - 48_signal_terminate make qemu binary terminate on signals as expected - 49_null_checks don't bother some syscalls when null/zero is passed [ Aurelien Jarno ] * New upstream snapshot. - alpha is now a TCG target. - comma has been added to sendkey (closes: bug#414342). * patches/31_syscalls.patch: remove parts merged upstream. * patches/39_syscall_fadvise64.patch: remove (merged upstream). * patches/90_security.patch: remove parts merged upstream. * debian/control: build-depends on libbluetooth-dev. -- Aurelien Jarno Sun, 12 Oct 2008 18:46:54 +0200 qemu (0.9.1+svn20080905-1) experimental; urgency=low * New upstream snapshot. - SH4 is now a TCG target. * debian/watch: update URL location. -- Aurelien Jarno Tue, 02 Sep 2008 01:43:24 +0200 qemu (0.9.1+svn20080826-1) experimental; urgency=low * New upstream snapshot. * debian/qemu-make-debian-root: - Use mktemp instead of $$ to create temporary directories (Closes: bug#496394). * Ship a libqemu-dev package (Closes: bug#451618). -- Aurelien Jarno Tue, 26 Aug 2008 09:55:36 +0200 qemu (0.9.1+svn20080822-1) experimental; urgency=low * New upstream snapshot. - Focus to monitor to ask password (Closes: bug#473240). - TCG SPARC host support (Closes: bug#450817). - Check KQEMU availability before allocating memory (Closes: bug#414566). - Fix dead keys (Closes: bug#489594). - Fix ES1370 emulation (Closes: bug#494462). - New USB UHCI implemnation (Closes: bug#457651). - Add debian/patches/00_bios.patch. - Remove debian/patches/02_snapshot_use_tmpdir.patch (merged). - Remove debian/patches/04_do_not_print_rtc_freq_if_ok.patch (merged). - Remove patches/05_non-fatal_if_linux_hd_missing.patch (merged). - Update debian/patches/07_i386_exec_name.patch - Update debian/patches/12_signal_powerpc_support.patch - Remove debian/patches/33_syscall_ppc_clone.patch (merged differently). - Remove debian/patches/41_arm_fpa_sigfpe.patch (merged). - Remove debian/patches/42_arm_tls.patch (merged differently). - Update debian/patches/55_unmux_socketcall.patch. - Remove debian/patches/63_sparc_build.patch (useless). - Update debian/patches/65_kfreebsd.patch. - Update debian/patches/66_tls_ld.patch. - Remove debian/patches/70_manpage.patch (merged). - Remove debian/patches/71_doc.patch (merged). - Remove debian/patches/80_ui_curses.patch (merged). - Remove debian/patches/81_mips32r2_fpu.patch (merged). - Remove debian/patches/82_mips_abs.patch (merged). - Remove debian/patches/83_usb-serial.patch (merged). - Remove debian/patches/84_rtl8139.patch (merged). - Remove debian/patches/85_vvfat.patch (merged). - Remove debian/patches/86_df.patch (merged). - Remove debian/patches/87_eoi.patch (merged). - Remove debian/patches/88_dma.patch (merged). - Remove debian/patches/89_braille.patch (merged). - Remove debian/patches/92_no_shutdown.patch (merged). - Remove debian/patches/93_tmpfs.patch (merged). - Remove debian/patches/94_security.patch (merged). * debian/README.source: new file. * debian/patches/*: convert to patchlevel 1 (Closes: bug#484963). * debian/control: - Add build-depends on libesd0-dev. - Add build-depends on libpulse-dev. - Add build-depends on libvdeplug2-dev. - Add build-depends on etherboot. - Update list of supported targets (Closes: bug#488339). - Suggests kqemu-source. - Bump Standards-Version to 3.8.0. * debian/links: - Add missing manpage symlinks. * debian/rules: - Enable audio drivers depending on the system. - Enable DYNGEN targets depending on the system. - Install PXE bios from etherboot (Closes: bug#412010). - Don't ignore make clean errors. - Don't build DYNGEN targets on kfreebsd-amd64 (Closes: bug#494353). * debian/patches/22_net_tuntap_stall.patch: remove (outdated). -- Aurelien Jarno Fri, 22 Aug 2008 01:00:54 +0200 qemu (0.9.1-5) unstable; urgency=high [ Guillem Jover ] * Add Homepage field. * Add Vcs-Browser and Vcs-Svn fields. * Remove packaging repository information from debian/copyright. * Add former package co-maintainers to debian/copyright. * Serialize patch and configure steps in debian/rules to support parallel builds, as we are patching configure. * Remove myself from Uploaders. [ Aurelien Jarno ] * debian/patches/70_manpage.patch: remove curses documentation, it is already in debian/patches/80_ui_curses.patch (Closes: bug#477369). * debian/patches/94_security.patch: add format= to drive options (CVE-2008-2004). -- Aurelien Jarno Mon, 28 Apr 2008 21:54:12 +0200 qemu (0.9.1-4) unstable; urgency=high * debian/patches/52_ne2000_return.patch: drop, the patch is wrong. * Backports from upstream: - Typo in curses_keys.h - Documentation for the -curses option - Fix broken absoluteness check for cabs.d.*. - USB-to-serial device. - rtl8139: fix endianness on big endian targets - restore rw support for vvfat - x86-64: recompute DF after eflags has been modified when emulating SYSCALL - ignore reads to the EOI register - IDE: Improve DMA transfers by increasing the buffer size - Braille device support - Add -no-shutdown option (Closes: #326406) - Ask to use "mount -o remount" instead of "umount" and "mount" /dev/shm (Closes: #476539). * debian/qemu.doc-base: fix section. -- Aurelien Jarno Sun, 20 Apr 2008 23:29:42 +0200 qemu (0.9.1-3) unstable; urgency=low [ Aurelien Jarno ] * debian/patches/42_arm_tls.patch: fix to get qemu-system-arm working again. (Closes: #471722). * debian/patches/56_dhcp.patch: fix DHCP server to correctly support MS-Windows guests. (Closes: #471452). -- Aurelien Jarno Wed, 19 Mar 2008 18:58:29 +0100 qemu (0.9.1-2) unstable; urgency=low [ Aurelien Jarno ] * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS (Closes: #442274). * debian/patches/65_kfreebsd.patch: link with -lfreebsd. (Closes: #465932). * debian/patches/81_mips32r2_fpu.patch: patch pulled from upstream to fix FPU issue on MIPS32R2. * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the previous upload. (Closes: #469743). * debian/rules: fix parallel building. (Closes: #469981). * debian/patches/07_i386_exec_name.patch: install the i386 emulator as qemu-system-i386, and change qemu into a link pointing to the i386 version. * debian/README.Debian: add notes about qemu-system-ppc and video.x (Closes: #388735). * debian/patches/70_manpage.patch: describe the -curses option. (Closes: #433658). * debian/patches/71_doc.patch: fix the monitor change option. (Closes: #467106). * debian/patches/35_syscall_sockaddr.patch: fix sockaddr (Closes: #469351). * debian/patches/43_arm_cpustate.patch: disable (Closes: #444171). -- Aurelien Jarno Mon, 17 Mar 2008 01:29:03 +0100 qemu (0.9.1-1) unstable; urgency=low [ Aurelien Jarno ] * New upstream version. (Closes: #459801) - Supports s390 host. (Closes: #441119) - Fix PCI bar allocation. (Closes: #413315) - Fix typo in keys name. (Closes: #426181) - Fix segfault of qemu-i386 (Closes: #446868). - debian/control: bump depends on openbios-sparc to >= 1.0~alpha2+20080106. - debian/patches/02_snapshot_use_tmpdir.patch: Refreshed. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/06_exit_segfault.patch: Likewise. - debian/patches/10_signal_jobs.patch: Likewise. - debian/patches/11_signal_sigaction.patch: Likewise. - debian/patches/12_signal_powerpc_support.patch: Likewise. - debian/patches/21_net_soopts.patch: Likewise. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/32_syscall_sysctl.patch: Likewise. - debian/patches/33_syscall_ppc_clone.patch: Likewise. - debian/patches/35_syscall_sockaddr.patch: Likewise. - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. - debian/patches/42_arm_tls.patch: Likewise. - debian/patches/50_linuxbios_isa_bios_ram.patch: Likewise - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise - debian/patches/61_safe_64bit_int.patch: Removed, merged upstream. - debian/patches/63_sparc_build.patch: Refreshed. - debian/patches/80_ui_curses.patch: Likewise. * debian/patches/90_security.patch: fix 64-bit overflow. (Closes: #425634) * debian/qemu-make-debian-root: add a -s option to create sparse image. (Closes: #322325) * debian/control: bump depends on bochsbios to >= 2.3.5-1. Use BIOS-qemu-latest instead of BIOS-bochs-latest. (Closes: #402289, #442822) * debian/rules: build the non-dyngen part with default gcc. * debian/rules: support DEB_BUILD_OPTIONS="parallel=n". * debian/patches/70_manpage.patch: describe the arguments of the -usbdevice option in the manpage. (Closes: #443801) * debian/control: now using Standards-Version 3.7.3 (no changes needed). * debian/control: build-depends on libgnutls-dev to enable TLS support in VNC. * debian/patches/01_nostrip.patch: don't strip binaries during make install. (Closes: #437866) * debian/patches/53_openbios_size.patch: increase maximum prom size to support latest openbios. -- Aurelien Jarno Mon, 28 Jan 2008 21:24:14 +0100 qemu (0.9.0+20070816-1) unstable; urgency=low [ Guillem Jover ] * New upstream snapshot. - Fix hang on ARM during Etch installation. (Closes: #430164) - Fix data corruption with qcow 2. (Closes: #440296) - Fix errors with raw images > 4 GiB. (Closes: #425634) - debian/patches/01_typo_qemu-img.patch: Removed, merged upstream. - debian/patches/03_machines_list_no_error.patch: Likewise. - debian/patches/36_syscall_prctl.patch: Likewise. - debian/patches/37_syscall_mount.patch: Likewise. - debian/patches/38_syscall_semctl.patch: Likewise. - debian/patches/40_sparc_fp_to_int.patch: Likewise. - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: Likewise. - debian/patches/62_linux_boot_nasm.patch: Likewise. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Synced. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/35_syscall_sockaddr.patch: Likewise. - debian/patches/42_arm_tls.patch: Likewise. - debian/patches/43_arm_cpustate.patch: Likewise. - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise. - debian/patches/55_unmux_socketcall.patch: Likewise. - debian/patches/60_ppc_ld.patch: Likewise. - debian/patches/65_kfreebsd.patch: Likewise. - debian/patches/80_ui_curses.patch: Likewise. - debian/patches/90_security.patch: Likewise. * Remove Elrond and Guilherme de S. Pastore from Uploaders, with their permission, and add Aurelien Jarno and Riku Voipio. * Remove Tag field, this is better maintained outside of the package. * Add openbios-sparc64 to qemu_bios_files in debian/rules. [ Aurelien Jarno ] * Fix FTBFS on amd64. (Closes: #434296) - Drop debian/patches/34_syscalls_types.patch * debian/control: - Suggest samba. (Closes: #430368) * Add OpenBIOS for sparc. (Closes: #407076) - debian/control: depends on openbios-sparc. - debian/links: provide symlinks in /usr/share/qemu. -- Guillem Jover Tue, 04 Sep 2007 04:04:47 +0300 qemu (0.9.0-2) unstable; urgency=high [ Guillem Jover ] * Fix several security issues. (Closes: #424070) Thanks to Tavis Ormandy . - Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320 - NE2000 "mtu" heap overflow. - QEMU "net socket" heap overflow. - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 - Infinite loop in the emulated SB16 device. - Unprivileged "aam" instruction does not correctly handle the undocumented divisor operand. CVE-2007-1322 - Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322 - debian/patches/90_security.patch: New file. * Enable adlib audio emulation. (Closes: #419170) * Fix structure padding for target_eabi_flock64 when built for a 64 bit architecture. (Closes: #414799) Thanks to Stuart Anderson . - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: New file. * Fix qemu to be able to use LinuxBios. (Closes: #412212) Thanks to Ed Swierk . - debian/patches/50_linuxbios_isa_bios_ram.patch: New file. - 51_linuxbios_piix_ram_size.patch: Likewise. * Fix segfault when booting a Linux kernel w/o a disk image, by exiting but clarifying the message, as to use '/dev/null'. (Closes: #409817, #411780) Thanks to Robert Millan . - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Updated. * Fix segfault by using addrlen instead of target_addrlen in do_getpeername()/do_getsockname(). (Closes: #411910) Thanks to Stuart Anderson . - debian/patches/35_syscall_sockaddr.patch: Updated. * Fix semctl() for 32 bit targets on 64 bit hosts. (Closes: #414809) Thanks to Stuart Anderson . - debian/patches/38_syscall_semctl.patch: New file. * Remove Elrond from Uploaders with consent, always welcome to join back anytime. -- Guillem Jover Wed, 16 May 2007 08:08:31 +0300 qemu (0.9.0-1) experimental; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #409989) - Support for relative paths in backing files for disk images. (Closes: #390446) - debian/patches/01_doc_typos.patch: Removed, merged upstream. - debian/patches/38_syscall_arm_statfs64.patch: Likewise. - debian/patches/51_serial_small_divider.patch: Likewise. - debian/patches/67_ppc_ftbfs.patch: Likewise. - debian/patches/21_net_soopts.patch: Synced. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/35_syscall_sockaddr.patch: Likewise. - debian/patches/39_syscall_fadvise64.patch: Likewise. - debian/patches/42_arm_tls.patch: Likewise. - debian/patches/55_unmux_socketcall.patch: Likewise. - debian/patches/80_ui_curses.patch: Likewise. * Update the copyright information. * The ACPI initialization code has been moved to bochsbios. - debian/patches/acpi-dsdt.hex: Removed. - debian/rules: Do not install acpi-dsdt.hex. * Add more files to the list of roms removed from the tarball needed to be touched so that upstream 'make install' does not fail. * Added armeb and armel to Architecture fields and libgpmg1-dev Build-Depends. * Recommend vde2 instead of the transitional vde package. (Closes: #407251) * Fix typo in qemu-img output. (Closes: #408542) - debian/patches/01_typo_qemu-img.patch: New file. Thanks to Adam Buchbinder . * Symlink qemu-user(1) to qemu-m68k(1). * Reduce redundancy in qemu-user(1) synopsis. * Fix rounding in sparc floating point to integer conversions. - debian/patches/40_sparc_fp_to_int.patch: New file. Thanks to Aurelien Jarno . -- Guillem Jover Thu, 8 Feb 2007 01:01:29 +0200 qemu (0.8.2-5) unstable; urgency=low [ Guillem Jover ] * Added a missing part to the ARM NPTL support patch, initially lost. - debian/patches/42_arm_tls.patch: Updated. -- Guillem Jover Tue, 16 Jan 2007 11:44:00 +0200 qemu (0.8.2-4) unstable; urgency=medium [ Guillem Jover ] * Disable using iasl for now until it's ported to big-endian systems and include a locally built acpi-dsdt.hex file. -- Guillem Jover Sun, 3 Dec 2006 21:10:23 +0200 qemu (0.8.2-3) unstable; urgency=low [ Guillem Jover ] * Hopefully really fix powerpc FTBFS. -- Guillem Jover Sun, 5 Nov 2006 17:09:53 +0200 qemu (0.8.2-2) unstable; urgency=low [ Guillem Jover ] * Update Tag field to match new debtags vocabulary. * Clean properly. (Closes: #390166) - Remove the acpi generated files and the docs. - Revert the docs regeneration forcing logic. Thanks to Anderson Lizardo . * On install use DESTDIR instead of specifying all paths. (Closes: #396139) Thanks to Anderson Lizardo . * Port to GNU/kFreeBSD. (Closes: #327622) - Disable ALSA on non-linux systems. - Add a Build-Depends on libfreebsd-dev on kfreebsd systems. - Add kfreebsd-i386 and kfreebsd-amd64 to the Architecture field. - debian/patches/65_kfreebsd.patch: New file. Thanks Petr Salinger . * In qemu-make-debian-root do not explicitely install in aptitude and libsigc++-1.2-5c102, they are pulled now by default. And do not remove aptitude afterwards. (Closes: #392481) Thanks to Ted Percival . * Add experimental ncurses ui support. (Closes: #369462) - debian/patches/80_ui_curses.patch: New file. Thanks to Andrzej Zaborowski . * Add SO_PEERCRED and SO_SNDTIMEO support, and fix accept syscall when being passed NULL pointers. - debian/patches/21_net_sockopts.patch: Renamed to ... - debian/patches/21_net_soopts.patch: ... here. Modify. Thanks to Pablo Virolainen. * Add a fadvise64 syscall stub. - debian/patches/39_syscall_fadvise64.patch: New file. Thanks to Pablo Virolainen. * Add EABI unmuxed socket syscalls. - debian/patches/55_unmux_socketcall.patch: New file. Thanks to Riku Voipio. * Add TLS sections to the ARM and x86 linker scripts so that qemu user emulators can be linked statically. - debian/patches/66_tls_ld.patch: New file. * Move the documentation of the binary blob removals from the original upstream tarball from README.Debian to debian/copyright. * Reword the emphasis on "FAST!" from the package description. * Fix FTBFS on powerpc by adding the missing fp_status variable to the int32_to_float32 function calls. - debian/patches/67_ppc_ftbfs.patch: New file. -- Guillem Jover Sun, 5 Nov 2006 08:48:27 +0200 qemu (0.8.2-1) unstable; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #379461, #385029, #388810) - Add ACPI BIOS emulation support. (Closes: #372533) - Fix mouse invisible wall when using Windows XP. (Closes: #384666) - debian/patches/01_doc_typos.patch: Sync. - debian/patches/03_machines_list_no_error.patch: Likewise. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/06_exit_segfault.patch: Likewise. - debian/patches/12_signal_powerpc_support.patch: Likewise. - debian/patches/21_net_sockopt.patch: Likewise. - debian/patches/22_net_tuntap_stall.patch: Likewise. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/32_syscall_sysctl.patch: Likewise. - debian/patches/33_syscall_ppc_clone.patch: Likewise. - debian/patches/35_syscall_sockaddr.patch: Likewise. - debian/patches/36_syscall_prctl.patch: Likewise. - debian/patches/37_syscall_mount.patch: Likewise. - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. - debian/patches/42_arm_tls.patch: Likewise. - debian/patches/61_safe_64bit_int.patch: Likewise. - debian/patches/63_sparc_build.patch: Likewise. - debian/patches/50_missing_keycodes.patch: Removed, integrated upstream. * Switch to quilt: - debian/control: Add quilt (>= 0.40) to Build-Depends. - debian/patches/series: New file. - debian/patch.mk: Removed. - debian/rules: Include '/usr/share/quilt/quilt.make' instead of 'debian/patch.mk'. * Build the ACPI Source Language files with iasl. * Add a Tag field to the binary package, using data from debtags. * Add 2006 to the debian/copyright years. * Add a Recommends on vde. (Closes: #386780) * Fix spelling error in package description (peripherials -> peripherals). (Closes: #388700) Thanks to Rakesh 'arky' Ambati . * Fix ne2000_can_receive return code to 0 when the command is STOP. (Closes: #386209) - debian/patches/52_ne2000_return.patch: New file. Thanks to Samuel Thibault . * Document the binary blob removals from the original upstream tarball in README.Debian. (Closes: #388740) -- Guillem Jover Mon, 25 Sep 2006 04:16:25 +0300 qemu (0.8.1-1) unstable; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #366955, #366637) - debian/patches/01_doc_typos.patch: Sync. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/12_signal_powerpc_support.patch: Likewise. - debian/patches/21_net_sockopt.patch: Likewise. - debian/patches/22_net_tuntap_stall.patch: Likewise. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/32_syscall_sysctl.patch: Likewise. - debian/patches/33_syscall_ppc_clone.patch: Likewise. - debian/patches/35_syscall_sockaddr.patch: Likewise. - debian/patches/36_syscall_prctl.patch: Likewise. - debian/patches/37_syscall_mount.patch: Likewise. - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. - debian/patches/42_arm_tls.patch: Likewise. - debian/patches/43_arm_cpustate.patch: Likewise. - debian/patches/50_missing_keycodes.patch: Likewise. - debian/patches/51_serial_small_divider.patch: Likewise. - debian/patches/61_safe_64bit_int.patch: Likewise. - debian/patches/63_sparc_build.patch: Likewise. - debian/patches/40_arm_nwfpe_cpsr.patch: Removed, integrated upstream. * Make the patch system apply the patch on the first run. - debian/patches/64_ppc_asm_constraints.patch: Add DPATCHLEVEL. * Document how to use the images created with qemu-make-debian-root in the man page. Thanks to Jacobo . (Closes: #343450) * Add support for the -snapshot option to use the TMPDIR evironment variable. (Closes: #353880) - debian/patches/02_snapshot_use_tmpdir.patch: New file. * Do not exit with an error when using '-M ?'. (Closes: #365209) - debian/patches/03_machines_list_no_error.patch: New file. * Added symlink for system-mipsel emulator man page. * Build and clean the pc-bios directory. * Avoid segfaulting by using _exit(2) instead of exit(3) in qemu user emulators. (Closes: #338289) - debian/patches/06_exit_segfault.patch: New file. * Enable ALSA audio support and add libasound2-dev to the Build-Depends. * Now using Standards-Version 3.7.2 (no changes needed). -- Guillem Jover Sun, 28 May 2006 20:51:10 +0300 qemu (0.8.0-3) unstable; urgency=low [ Josh Triplett ] * Fix FTBFS on PowerPC caused by asm constraint problem. (Closes: #361727) - debian/patches/64_ppc_asm_constraints.patch. [ Guillem Jover ] * Clamp addrlen from host to target when using AF_UNIX. This fixes socket problems when using EABI. - debian/patches/35_syscall_sockaddr.patch: New file. * Fix floating point comparison on ARM NWFPE, due to glue code missmatch. (Closes: #356287) - debian/patches/40_arm_nwfpe_cpsr.patch: New file. - debian/patches/40_fpu_arm_sigfpe.patch: Rename to ... - debian/patches/41_arm_fpa_sigfpe.patch: ... this. Resync. Thanks to Ulrich Hecht. * Fix POSIX threads creation on ARM hanging when initializing the cpu structure being it cyclic. - debian/patches/43_arm_cpustate.patch: New file. * Add TLS support for ARM. Stolen from Scratchbox. - debian/patches/42_arm_tls.patch: New file. * Fix sysctl endian problem. - debian/patches/32_syscall_sysctl.patch: Update. Thanks to Timo Savola . * Remove now default '--enable-slirp' build option. (Closes: #356284) Thanks to Anderson Lizardo . * Remove unused sharedir to 'make install'. (Closes: #356418) Thanks to Anderson Lizardo . * Fix package not cleaning properly. (Closes: #356279) Thanks to Anderson Lizardo for the initial patch. * Add needed syscalls to make debootstrap work. (Closes: #356291) - debian/patches/36_syscall_prctl.patch: New file. - debian/patches/37_syscall_mount.patch: Likewise. - debian/patches/38_syscall_arm_statfs64.patch: Likewise. Thanks to Anderson Lizardo . * Remove obsolete Build-Dependency xlibs-dev. -- Guillem Jover Thu, 13 Apr 2006 11:53:00 +0300 qemu (0.8.0-2) unstable; urgency=low [ Guillem Jover ] * Switch away from cdbs to plain debhelper. * Upgrade to debhelper compat level 5. * Allow overriding CC compiler variable. (Closes: #345772) * Do not redefine 64 bit types on 64 bit arches. - debian/patches/61_safe_64bit_int.patch: New file. * Allow linux_boot.bin to be built on any arch by switching to nasm, and Build-Depending on it. - debian/patches/62_linux_boot_nasm.patch: New file. * The serial hw driver uses a small divider that gets zeroed when shifting bits to the right. (Closes: #276276, #348098) - debian/patches/51_serial_small_divider.patch: New file. Thanks to Samuel Thibault . * Escaped hyphens in qemu-user manpage, use italics for filenames and parameters and bold for options. * Partial build failure fix for Sparc. (Bugs: #317145, #336970) Thanks to Jurij Smakov . -- Guillem Jover Mon, 20 Feb 2006 09:17:46 +0200 qemu (0.8.0-1) unstable; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #344339) - Added support for Virtual FAT. (Closes: #313123) - Emulate repeated keystrokes when holding a key. (Closes: #298864) - debian/patches/01_doc_typos.patch: Sync. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/12_signal_powerpc_support.patch: Likewise. - debian/patches/21_net_sockopt.patch: Likewise. - debian/patches/22_net_tuntap_stall.patch: Likewise. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/32_syscall_sysctl.patch: Likewise. - debian/patches/33_syscall_ppc_clone.patch: Likewise. - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. - debian/patches/50_missing_keycodes.patch: Likewise. * Added mips and mipsel to the lintian overrides for the user emulators being shlib-with-non-pic-code. * Added symlinks for mips, mipsel and system-arm emulator manpages. -- Guillem Jover Fri, 30 Dec 2005 05:44:53 +0200 qemu (0.7.2-2) unstable; urgency=low [ Josh Triplett ] * Add support for signal handling on PowerPC. (Closes: #335509) - debian/patches/12_signal_powerpc_support.patch: New file. [ Guillem Jover ] * Add Josh Triplett to Uploaders and packaging team. * Fix PowerPC build failure by reintroducing the ppc linker script and adding the missing _SDA_BASE_ and _SDA2_BASE_ symbols. (Closes: #336983) * Remove invalid patch making X11 fail at runtime. - debian/patches/20_net_socket.patch: Remove. - debian/patches/32_syscall_sysctl.patch: Sync. Thanks to Daniel Gimpelevich . * Avoid the patch system to try until it applies. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Added patch level. - debian/patches/12_signal_powerpc_support.patch: Likewise. -- Guillem Jover Wed, 21 Dec 2005 22:11:34 +0200 qemu (0.7.2-1) unstable; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #321232, #327168) - debian/patches/12_signal_silent.patch: Integrated upstream, remove. - debian/patches/50_ppc_ldscript.patch: Likewise. - debian/patches/33_syscall_truncate64.patch: Likewise. - debian/patches/01_doc_typos.patch: Resync with upstream. - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. - debian/patches/10_signal_jobs.patch: Likewise. - debian/patches/11_signal_sigaction.patch: Likewise. - debian/patches/20_net_socket.patch: Likewise. - debian/patches/21_net_sockopt.patch: Likewise. - debian/patches/22_net_tuntap_stall.patch: Likewise. - debian/patches/30_syscall_ipc.patch: Likewise. - debian/patches/31_syscalls.patch: Likewise. - debian/patches/32_syscall_sysctl.patch: Likewise. - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. * Repackaged upstream source to deal with binaries w/o sources. - pc-bios/video.x: New file removed. * Create a new qemu-user(1) manpage and link all user emulator manpages to it. (Closes: #335163) * Add missing '-' and '=' keycodes for sendkey command. - debian/patches/50_missing_keycodes.patch: New file. (Closes: #334071) Thanks to Robert Millan . * Add manpage link for qemu-system-mips. * Make sysctl byte-swap the name values. - debian/patches/32_syscall_sysctl.patch: Merge patch. (Closes: #334458) Thanks to Josh Triplett . * Change documentation menu section to "Apps/Emulators". (Closes: #335062) Thanks to Frans Pop . * On PowerPC, do not zero registers r7-r31 in do_fork and zero register r3. Fixing segfaults on programs using the clone syscall. - debian/patches/33_syscall_ppc_clone.patch: New file. (Closes: #335159) Thanks to Josh Triplett and Paul Brook . * Tighten vgabios and bochsbios versioned Depends. * Add video.x to the list of roms to touch to make qemu Makefile happy. * Add lintian overrides for the user emulators being shlib-with-non-pic-code. * Wrap lines in debian/control fields (knowingly breaking policy). [ Guilherme de S. Pastore ] * debian/control: - Updated my e-mail address. * debian/copyright: - Dropped André from team members list, not a single contribution ever. -- Guillem Jover Mon, 31 Oct 2005 05:01:45 +0200 qemu (0.7.0-4) unstable; urgency=low [ Guillem Jover ] * Rebuild source with locally deborked dpkg-source. (Closes: #321019) * Added the location of the Subversion repo used for the packages and fixed the upstream URL in debian/copyright. * Lower case title header in qemu-make-debian-root man page. * Use dd instead of cat to generate the qemu debian root image. (Closes: #315952) -- Guillem Jover Wed, 3 Aug 2005 05:53:30 +0300 qemu (0.7.0-3) unstable; urgency=low [ Guillem Jover ] * Update watch file to version 3, use perlre and new upstream site. * Now using Standards-Version 3.6.2 (no changes needed). * Fix TUN/TAP network interface stalling the connection. (Closes: #290569) Thanks to Vitaly Belostotsky . * Link against librt, needed by the new clock_gettime syscall. - debian/patches/31_syscalls.patch: Update. (Closes: #315388) Thanks to Timo Savola for noticing. * Force Build-Dependency on binutils >= 2.16-1 needed by the amd64 and powerpc linker scripts. (Closes: #262655) * Force usage of gcc-3.4. (Closes: #319527) * Add missing Build-Dependency on zlib1g-dev. Thanks to Reinhard Tartler . * Include in syscall.c to avoid the broken headers in linux-kernel-headers 2.6.12. - debian/patches/34_syscalls_types.patch: New file. Thanks to Octavian Cerna . * Fix powerpc linker script. - debian/patches/50_ppc_ldscript.patch: New file. Thanks to Octavian Cerna . -- Guillem Jover Mon, 1 Aug 2005 02:48:09 +0300 qemu (0.7.0-2) unstable; urgency=low [ Guillem Jover ] * Add alpha, sparc, arm and s390 to Architectures (and to the libgpmg1-dev Build-Depends). * Forward SIGSTOP and SIGCONT sent to QEMU to the emulated application. - debian/patches/10_signal_jobs.patch: New file. Thanks to Ulrich Hecht. * Return EINVAL on emulated sigaction when given invalid signal parameters SIGKILL and SIGSTOP. - debian/patches/11_signal_sigaction.patch: New fle. Thanks to Valtteri Rahkonen. * Do not print messsages for uncaught signal, thus fixing the case were some applications want to kill their siblings. - debian/patches/12_signal_silent.patch: New file. Thanks to Valtteri Rahkonen * Fix Unix sockets by handling correctly AF_UNIX socket address structure length. - debian/patches/20_net_socket.patch: New file. Thanks to Timo Savola. * Implement SO_LINGER, SO_RCVTIMEO, SO_SNDTIMEO, SO_PEERNAME and SO_PEERCRED getsockoptions. - debian/patches/21_net_sockopt.patch: New file. Thanks to Valtteri Rahkonen. * Implement SysV IPC message and semaphore syscalls. - debian/patches/30_syscall_ipc.patch: New file. Thanks to Valtteri Rahkonen. * Implement acct, umount2, uselib, swapon, syslog, ftruncate64, mincore, madvise, readahead and clock_gettime syscalls. - debian/patches/31_syscalls.patch: New file. Thanks to Ulrich Hecht. * Implement sysctl CTL_KERN/KERN_VERSION - debian/patches/32_syscall_sysctl.patch: New file. Thanks to Timo Savola. * Implement truncate64 syscall. - debian/patches/33_syscall_truncate64.patch: New file. Thanks to Valtteri Rahkonen. * Implement ARM floating point exeption emulation. - debian/patches/40_fpu_arm_sigfpe.patch: New file. Thanks to Ulrich Hecht. -- Guillem Jover Sun, 19 Jun 2005 15:05:37 +0300 qemu (0.7.0-1) experimental; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #308459, #308494) * Do not require a disk image when booting a Linux kernel. (Closes: #260935) Thanks to Jonas Smedegaard . [ Guilherme de S. Pastore ] * Rewrote README.Debian for more clarity * Add support for amd64 as a host architecture. (Closes: #262655) - Add build-depend on libgpmg1-dev on amd64. * Fixed qemu-make-debian-root so that it shows the name by which it was called on the usage notice, not "%s". (Closes: #303507) Thanks to Micah Anderson . [ Elrond ] * Clean up more files, so they don't end up in the final .diff.gz * Switch to external proll and openhackware: - Instead of patching qemu's Makefile, trick it by giving it empty files to install and remove them straight after install. - Don't ship the roms in debian/roms any more! - Instead add more symlinks. - Update Depends: apropiately. -- Guillem Jover Fri, 27 May 2005 02:06:20 +0300 qemu (0.6.1+20050407-1) unstable; urgency=low [ Guillem Jover ] * New upstream snapshot. - Fix -user-net. (Closes: #295019) - Fix win2k and winxp image booting. (Closes: #285170, #292707) - Fix installation of outdated documentation. (Closes: #286931) - Provide qemu-img instead of qemu-mkcow. (Closes: #290713) - Remove debian/patches/05_fix_openpic_timer_test.patch, integrated upstream. - Remove debian/patches/02_selectable_sdl_keyboard.patch, superseded by new keyboard implementation. (Closes: #284510, #299432) - Remove debian/patches/01_mkcow_section_and_hyphens.patch. - Conditionalize qemu -g option for some architectures. (Closes: #298988) * Added new copyright year to debian/copyright. * Added initial qemu-make-debian-root man page. (Closes: #286932) * Fixed typos in qemu documentation. (Closes: #301933) Thanks to A Costa . * Added Elrond to Uploaders and packaging team. * Use the default target list: - Do not build qemu-fast anymore as it is deprecated upstream anyway. (Closes: #278602, #281510) - New targets armeb and system-x86_64. * Updated ROM images under debian/roms/: - OpenHackWare 0.4. - Proll 18 with qemu specific patches. * Remove uudecoded files from pc-bios/ on clean. * Fix qemu-make-debian-root to behave correctly even if the needed Recommends are not installed. [ Guilherme de S. Pastore ] * Create a doc-base entry for the package (Closes: #290669) * debian/control: - Add debootstrap to the 'Recommends: ' line, as needed by qemu-make-debian-root (Closes: #302848) - Moved sharutils from dependency to recommendation, as it is only needed by qemu-make-debian-root * debian/docs: - Do not include README.distrib in the binary package (Closes: #302853) [ Elrond ] * Replace "libgpmg1-dev | not+linux-gnu" by "libgpmg1-dev [i386 powerpc]" in Build-Depends. qemu should not need to build-depend on it anyway, the real problem is described in Bug#267174. When it is solved, we can remove our dependency. Until then please remember to add any arch, which we will build on and that has gpm. This change hopefully calms: * Add versions to the dependencies on bochsbios and vgabios (Closes: #288997): - vgabios: Use the current version from testing/unstable (0.4c+20041014-1), according to Frans Pop , this fixed those "blank screen" problems. - bochsbios: Use the current version from unstable (2.1.1+20041109-3), as Guillem Jover fixed the networking in that version. -- Guillem Jover Thu, 7 Apr 2005 01:26:01 +0300 qemu (0.6.1-1) unstable; urgency=low [ Guillem Jover ] * New upstream release. (Closes: #281626) - Booting from drive b is not supported anymore. (Closes: #275679) - Fix ne2k network interface that was not working in some situations. (Closes: #281862) - Remove debian/patches/06_build_gcc3.4.patch, fixed upstream. - Remove debian/patches/04_lfs.patch, fixed upstream. - Remove debian/patches/02_fix_powerpc_FTBFS.patch, fixed upstream. - Remove debian/patches/00_escape_manpage_hyphens.patch, not needed. - Sync debian/patches/03_use_external_bios.patch. * Include uuencoded source for proll 18, some build fixes and its binary proll.bin on debian/roms/. * Suggests sudo to be used by the qemu-ifup script. Thanks to Elrond . * Make sudo in qemu-ifup explain what the password is for. (Closes: #281380) * Add an option to select the method to convert keyevent to keycode in the SDL keyboard handling code. Added support for Right Shift in the generic handler. (Closes: #282658) Thanks to Elrond . * Do not set RTC frequency to 1024 or warn about this if it has already the correct value. (Closes: #281403) * Enabled sparc-softmmu support. -- Guillem Jover Sat, 27 Nov 2004 23:23:49 +0100 qemu (0.6.0.dfsg.2-1) unstable; urgency=low [ Guillem Jover ] * Repackaged upstream source to remove external included files. - pc-bios/ppc-rom.bin: Removed. - pc-bios/OpenHackWare_0.3.tar.bz2: Likewise. - pc-bios/vgabios.bin: Likewise. - pc-bios/vgabios-cirrus.bin: Likewise. - pc-bios/vgabios-cvs-2004-06-17.tgz: Likewise. * Include uuencoded source for OpenHackWare 0.3.1 and its binary ppc-rom.bin on debian/roms/. Add a Build-Depends on sharutils. * Update tundev.c. Pass -tun-dev to qemu without the equal sign. Thanks to Isaac Clerencia . * Fix README.Debian to point to the renamed qemu-make-debian-root. * Add Depends on sharutils needed by qemu-make-debian-root. (Closes: #272130) * Use and depend on vgabios package, which is in sync with bochsbios that checks for rom bios checksums. (Closes: #281202) * Enable LFS globally, thus fixing problems with qemu-mkcow when using an existing large image. (Closes: #279925) * Fix openpic timer write test, catched from a warning about a constant value larger than the type it was casted to. * Fix build failure with gcc 3.4. Patch stolen from Gentoo BTS. -- Guillem Jover Mon, 15 Nov 2004 10:46:54 +0100 qemu (0.6.0.dfsg.1-1) unstable; urgency=high [ Guillem Jover ] * Repackaged upstream source to deal with binaries w/o sources. (Closes: #268780) - pc-bios/bios.bin: Removed binary without source. Now using bochsbios package. - pc-bios/vgabios.bin: Rebuilt from vgabios cvs 2004-06-17 snapshot, source included. - pc-bios/vgabios-cirrus.bin: Likewise. - pc-bios/ppc-rom.bin: Rebuilt on voltaire, source included. - pc-bios/linux_boot.bin: Rebuilt from source. * Move make-debian-root.sh to /usr/sbin/qemu-make-debian-root. (Closes: #268705) -- Guillem Jover Mon, 13 Sep 2004 01:28:54 +0200 qemu (0.6.0-2) unstable; urgency=high [ Guilherme de S. Pastore ] * Fixed dangling symlinks under /usr/share/man/man1. (Closes: #264764) [ Guillem Jover ] * Fix FTBFS on powerpc. - debian/patches/02_fix_powerpc_FTBFS.patch: New file. -- Guillem Jover Wed, 18 Aug 2004 15:50:43 +0200 qemu (0.6.0-1) unstable; urgency=medium * New maintainers. (Closes: #258900) * New upstream release. (Closes: #258732) - Installs ppc BIOS ROM file. (Closes: #257492) - Builds with -fno-strict-aliasing. (Closes: #257123) [ Guilherme de S. Pastore ] * debian/rules: - Cleaned up. - Ported to use CDBS. * 00_escape_manpage_hyphens.patch: - Correct a little typo and escape hyphens in upstream manpage. * 01_mkcow_section_and_hyphens.patch: - Fix section mismatch and escape hyphens in the qemu-mkcow manpage. * Added simple /etc/qemu-ifup helper script. (Closes: #245281) Thanks to Martin Michlmayr . * Cleaned debian/watch. * UTF-8'ed debian/changelog. * Updated Standards-Version to 3.6.1.1. * Removed outdated and unnecessary debian/qemu-i386.sgml. - Removed build dependency on docbook-to-man. * Removed "x86" part from the description (hey, qemu is not x86-only in any way). Deserves a complete rewrite, shall be done soon. [ Guillem Jover ] * Lower-case package short description. * Added missing CPU emulations to the description. * Cleaned and updated debian/copyright. * Removed manually added libx11-6 dependency. * Only Build-Depends on libgpmg1-dev on GNU/Linux systems. * Cosmetic unification to debian/changelog. * debian/rules: - Remove generated files. - Give exec perms to qemu-ifup. -- Guillem Jover Sun, 8 Aug 2004 17:24:08 +0200 qemu (0.5.5-2) unstable; urgency=low * Re-enable SDL disabled while I was bugchasing. (Closes: #255014) * Yes, this is really 0.5.5. (Closes: #254655) * Enable slirp networking. (Closes: #253573) * Add Build-Depends on libgpmg1-dev (found by Bastian Blank, probably breaks Hurd but that's a problem for another day). -- Paul Russell Thu, 24 Jun 2004 06:26:42 +0200 qemu (0.5.5-1) unstable; urgency=low * New upstream release. (Closes: #237556, #237556) * Applied patch to add options to make_debian_root.sh. (Closes: #238787) * Applied patch for other archs: hmmm... (Closes: #251420) * Do umount -d in make_debian_root.sh. (Closes: #251775) -- Paul Russell Tue, 1 Jun 2004 03:50:05 +0200 qemu (0.5.4-1) unstable; urgency=low * New upstream release. (Closes: #246634) * qemu-mkcow included in upstream. * Added tundev program source in doc, to see if people find it useful. -- Paul Russell Mon, 3 May 2004 08:14:49 +0200 qemu (0.5.3-1) unstable; urgency=low * New upstream release. (Closes: #237556) * Use aalib-config --static-libs. (Closes: #243325) * Document Control-Shift to release mouse pointer. (Closes: #238074) -- Paul Russell Tue, 13 Apr 2004 02:58:49 +0200 qemu (0.5.2-4) unstable; urgency=low * Fix PPC install (Michel Daenzer patch). (Closes: #238431) * Simplify deps (might be wrong, but it's neater). (Closes: #238430) -- Paul Russell Wed, 17 Mar 2004 01:35:47 +0100 qemu (0.5.2-3) unstable; urgency=low * Make compile on woody. (Closes: #238163) * Include qemu-doc.html. (Closes: #238076) * Wrote qemu-i386 man page. (Closes: #238077) -- Paul Russell Mon, 15 Mar 2004 23:56:25 +0100 qemu (0.5.2-2) unstable; urgency=low * Fix build problem so bios.bin etc. can be found. (Closes: #237553) -- Paul Russell Fri, 12 Mar 2004 05:43:00 +0100 qemu (0.5.2-1) unstable; urgency=low * Initial Release. (Closes: #187407) -- Paul Russell Wed, 3 Mar 2004 02:18:54 +0100