1. 12 May, 2022 3 commits
  2. 04 Oct, 2021 3 commits
  3. 28 Jul, 2021 4 commits
  4. 25 Apr, 2021 2 commits
  5. 16 Apr, 2021 2 commits
  6. 09 Apr, 2021 2 commits
  7. 30 Mar, 2021 2 commits
  8. 29 Mar, 2021 2 commits
  9. 16 Feb, 2021 1 commit
    • Michael Tokarev's avatar
      Import Debian changes 1:5.2+dfsg-6 · ccfa1885
      Michael Tokarev authored
      qemu (1:5.2+dfsg-6) unstable; urgency=medium
      
        * deprecate qemu-debootstrap. It is not needed anymore with
          binfmt F flag, since everything now works without --foreign
          debootstrap argument and copying the right qemu binary into
          the chroot. Closes: #901197
        * fix the brown-paper bag bug: wrong argument order
          in the linux-user-binfmt patch (really closes: #970460)
      
      qemu (1:5.2+dfsg-5) unstable; urgency=medium
      
        * d/rules: ensure b/ subdir exists before building palcode and qboot
        * d/changelog: #959530 is not fixed by 5.2+dfsg-4
        * 3 virtiofsd patches Closes: #980814, CVE-2020-35517
          virtiofsd: potential privileged host device access from guest
          - virtiofsd-extract-lo_do_open-from-lo_open.patch
          - virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch
          - virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch
      
      qemu (1:5.2+dfsg-4) unstable; urgency=medium
      
        [ Michael Tokarev ]
        * require libfdt >= 1.5.0-2 due to #931046
        * qemu-user: attempt to preserve argv[0] when run under binfmt
          (Closes: #970460)
          This changes the enterpreter name for all linux-user registered
          binfmts, so it potentially can break stuff.  The actual binary
          being registered now is /usr/libexec/qemu-binfmt/foo-binfmt-P,
          which is a symlink to actual /usr/lib/qemu-foo[-static].
        * ignore .git-submodule-status when building source
        * some security fixes from upstream:
          o arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch
            Closes: CVE-2021-20221
            GIC (armv7): out-of-bound heap buffer access via an interrupt ID field
          o 9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch
            Closes: CVE-2021-20181
        * non-security fixes from upstream:
          pc-bios-descriptors-fix-paths-in-json-files.patch - fixes wrong paths
          in edk2-firmware-related json files introduced in 5.2
      
        [ Christian Ehrhardt ]
        * d/control-in: avoid version mismatch of installed binaries
          (Closes: #956377)
      
        [ Dan Streetman ]
        * Backport configure param --with-git-submodules and set to 'ignore'
      
      qemu (1:5.2+dfsg-3) unstable; urgency=medium
      
        [ Christian Ehrhardt ]
        * d/rules: fix qemu-user-static to really be static (LP: #1908331)
      
        [ Michael Tokarev ]
        * build most modules statically (besides block and gui parts).
          This makes qemu-system-common package to be of less strict dependency
          for other qemu-system-* packages, and also Closes: #977301, #978131
        * especially remove removed binfmts in qemu-user-{static,binfmt}.preinst
          (really Closes: #977015)
        * memory-clamp-cached-translation-MMIO-region-CVE-2020-27821.patch
          (Closes: #977616, CVE-2020-27821)
      
      qemu (1:5.2+dfsg-2) unstable; urgency=medium
      
        * move ui-opengl.so module from qemu-system-gui to qemu-system-common,
          as other modules want it (Closes: #976996, #977022)
        * do not install dropped ppc64abi32 binfmt for qemu-user[-static]
          (Closes: #977015)
      
      qemu (1:5.2+dfsg-1) unstable; urgency=medium
      
        * new upstream release
          Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3)
          Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2)
          Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3)
          Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058)
          Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f)
          Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
          Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6)
          Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540)
          Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1)
          Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03)
          Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9)
          Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
        * remove obsolete patches
        * refresh use-fixed-data-path.patch and debian/get-orig-source.sh
        * bump minimum meson version required for build to 0.55.3
        * update build rules for several components
        * remove deprecated lm32 and unicore32 system emulators
        * remove deprecated ppc64abi32 and tilegx linux-user emulators
        * install ui-spice-core.so & chardev-spice.so in qemu-system-common
        * install ui-egl-headless.so in qemu-system-common
        * install hw-display-virtio-*.so in qemu-system-common
        * install ui-opengl.so in qemu-system-gui
        * install qemu-pr-helper.8 in qemu-system-common
        * qemu-pr-helper moved to usr/bin/ again
        * qboot.rom renamed from bios-microvm.bin
        * remove several unused lintian overrides
        * add spelling.diff patch to fix a few spelling errors
        * update Standards-Version to 4.5.1
        * fix a few trailing whitespaces in d/control and d/changelog
        * require libcapstone >= 4.0.2 (v4) for build
      
      qemu (1:5.1+dfsg-4) unstable; urgency=high
      
        * mention closing of CVE-2020-16092 by 5.1
        * usb-fix-setup_len-init-CVE-2020-14364.patch
          Closes: #968947, CVE-2020-14364
          (OOB r/w access in USB emulation)
      
      qemu (1:5.1+dfsg-3) unstable; urgency=medium
      
        * fix one more issue in last upload. This is what happens when
          you do "obvious" stuff in a hurry without proper testing..
      
      qemu (1:5.1+dfsg-2) unstable; urgency=medium
      
        * fix brown-paper bag bug in last upload
      
      qemu (1:5.1+dfsg-1) unstable; urgency=medium
      
        * hw-display-qxl.so depends on spice so install it
          only if it is built just like ui-spice-app
        * note #931046 for libfdt
      
      qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium
      
        * new upstream release 5.1.0. Make source DFSG-clean again
          Closes: #968088
          Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3)
        * remove all patches which are applied upstream
        * do not install non-existing doc/qemu/*-ref.*
        * qemu-pr-helper is now in /usr/lib/qemu not /usr/bin
        * virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin
        * new architecture: qemu-system-avr
        * refresh d/get-orig-source.sh
        * d/get-orig-source.sh: report already removed files in dfsg-clean
        * install common modules in qemu-system-common
        * lintian tag renamed: shared-lib-without-dependency-information to
          shared-library-lacks-prerequisites
      
      qemu (1:5.0-14) unstable; urgency=high
      
        * this is a bugfix release before breaking toys with the new upstream
        * riscv-allow-64-bit-access-to-SiFive-CLINT.patch
          (another fix for revert-memory-accept-..-CVE-2020-13754)
        * install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
          Closes: #966517
      
      qemu (1:5.0-13) unstable; urgency=medium
      
        * seabios-hppa-fno-ipa-sra.patch
          fix ftbfs with gcc-10
      
      qemu (1:5.0-12) unstable; urgency=medium
      
        * acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
          this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
          and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
        * xhci-fix-valid.max_access_size-to-access-address-registers.patch
          fix one more incarnation of the breakage after the CVE-2020-13754 fix
        * do not install outdated (0.12 and before) Changelog (Closes: #965381)
        * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
          ARM-only XGMAC NIC, possible buffer overflow during packet transmission
          Closes: CVE-2020-15863
        * sm501 OOB read/write due to integer overflow in sm501_2d_operation()
          List of patches:
           sm501-convert-printf-abort-to-qemu_log_mask.patch
           sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
           sm501-use-BIT-macro-to-shorten-constant.patch
           sm501-clean-up-local-variables-in-sm501_2d_operation.patch
           sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
          Closes: #961451, CVE-2020-12829
      
      qemu (1:5.0-11) unstable; urgency=high
      
        * d/control-in: only enable opengl (libdrm&Co) on linux
        * d/control-in: spice: drop versioned deps (even jessie version is enough),
          drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
          and build on more architectures
        * change from debhelper versioned dependency to debhelper-compat (=12)
        * acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
          This is another incarnation of the recent bugfix which actually enabled
          memory access constraints, like #964247
          Urgency = high due to this issue.
      
      qemu (1:5.0-10) unstable; urgency=medium
      
        * fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
        * use the same $(if) construct to simplify #ifdeffery
      
      qemu (1:5.0-9) unstable; urgency=medium
      
        * move kvm executable/script from qemu-kvm to qemu-system-foo,
          make it multi-arch, and remove qemu-kvm package
        * remove libcacard leftovers from d/.gitignore
        * linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
          (Closes: #965109)
        * linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
        * libudev is linux-specific, do not build-depend on it
          on kfreebsd and others
        * install virtiofsd in d/rules (!sparc64) instead of
          d/qemu-system-common.install (fixes FTBFS on sparc64)
        * confirm -static-pie not working today still
        * d/control: since qemu-system-data now contains module(s),
          it can't be multi-arch. Ditto for qemu-block-extra.
        * qemu-system-foo: depend on exact version of qemu-system-data,
          due to the latter having modules
        * build all modules since there are modules anyway,
          no need to hack them in d/rules
        * fix spelling in a patch name/subject inlast upload
        * d/rules: do not use dh_install and dh_movefiles for individual
          pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
          listed in d/foo.install too, in addition to given on command-line
        * remove trailing whitespace from d/changelog
      
      qemu (1:5.0-8) unstable; urgency=medium
      
        * d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
        * add comment about virtiofsd conditional to d/qemu-system-common.install
          Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
          seccomp onn that platform, we should either make virtiofsd conditional
          (!sparc64) or fix seccomp on sparc64 and build-depend on it
        * openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
        * seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
        * slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
        * slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
        * update previous changelog, mention #945997
        * reapply CVE-2020-13253 fixed from upstream:
          sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
          sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
          sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
          sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
          Closes: #961297, CVE-2020-13253
      
      qemu (1:5.0-7) unstable; urgency=medium
      
        * Revert "d/rules: report config log from the correct subdir - base build"
        * Revert "d/rules: report config log from the correct subdir - microvm build"
        * acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
        * remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
          upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
        * explicitly specify --enable-tools on hppa and do the same trick
          with --enable-tcg-interpreter --enable-tools on a few other unsupported
          arches (Closes: #964372, #945997)
      
      qemu (1:5.0-6) unstable; urgency=medium
      
        [ Christian Ehrhardt ]
        * d/control-in: disable pmem on ppc64 as it is currently considered
          experimental on that architecture
        * d/rules: makefile definitions can't be recursive - sys_systems for s390x
        * d/rules: report config log from the correct subdir - base build
        * d/rules: report config log from the correct subdir - microvm build
        * d/control-in: disable rbd support unavailable on riscv
        * fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
        * d/control-in: build-dep libcap is no more needed
        * d/rules: update -spice compat (Ubuntu only)
      
        [ Michael Tokarev ]
        * save block modules on upgrades (LP: #1847361)
          After upgrade a still running qemu of a former version can't load the
          new modules e.g. for extended storage support. Qemu 5.0 has the code to
          allow defining a path that it will load these modules from.
        * ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
          Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
          infinite recursion via a crafted mm_index value during
          ati_mm_read or ati_mm_write call.
        * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
          Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
          devices which uses min_access_size and max_access_size Memory API fields.
          Also closes: CVE-2020-13791
        * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
          CVE-2020-13659: address_space_map in exec.c can trigger
          a NULL pointer dereference related to BounceBuffer
        * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
          Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
          has an OOB read via a crafted reply_queue_head field from a guest OS user
        * megasas-use-unsigned-type-for-positive-numeric-fields.patch
          fix other possible cases like in CVE-2020-13362 (#961887)
        * megasas-fix-possible-out-of-bounds-array-access.patch
          Some tracepoints use a guest-controlled value as an index into the
          mfi_frame_desc[] array. Thus a malicious guest could cause a very low
          impact OOB errors here
        * nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
          Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
          This flaw occurs when an nbd-client sends a spec-compliant request that is
          near the boundary of maximum permitted request length. A remote nbd-client
          could use this flaw to crash the qemu-nbd server resulting in a DoS.
        * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
          Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
          properly validate the frame count, which allows guest OS users to trigger
          an out-of-bounds access during an es1370_write() operation
        * sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
          CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
          address, which leads to an out-of-bounds read during sdhci_write()
          operations.  A guest OS user can crash the QEMU process.
          And a preparational patch,
          sdcard-update-coding-style-to-make-checkpatch-happy.patch
        * a few patches from the stable series:
          - fix-tulip-breakage.patch
            The tulip network driver in a qemu-system-hppa emulation is broken in
            the sense that bigger network packages aren't received any longer and
            thus even running e.g. "apt update" inside the VM fails. Fix this.
          - 9p-lock-directory-streams-with-a-CoMutex.patch
            Prevent deadlocks in 9pfs readdir code
          - net-do-not-include-a-newline-in-the-id-of-nic-device.patch
            Fix newline accidentally sneaked into id string of a nic
          - qemu-nbd-close-inherited-stderr.patch
          - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
          - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
          - virtio-balloon-unref-the-iothread-when-unrealizing.patch
      
        [ Aurelien Jarno ]
        * Remove myself from maintainers
      
      qemu (1:5.0-5) unstable; urgency=medium
      
        * more binfmt-install updates
        * CVE-2020-10717 fix from upstream:
          virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
          virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
          (Closes: #959746, CVE-2020-10717)
        * 2 patches from upstream/stable to fix io_uring fd set buildup:
          aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
          aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
        * upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
        * upstream stable fix:
          net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
      
      qemu (1:5.0-4) unstable; urgency=medium
      
        * fix binfmt registration (Closes: #959222)
        * disable PIE for user-static build on x32 too, not only i386
      
      qemu (1:5.0-3) unstable; urgency=medium
      
        * do not explicitly enable -static-pie on non-i386 architectures.
          Apparenly only amd64 actually support -static-pie for now, and
          it is correctly detected.
      
      qemu (1:5.0-2) unstable; urgency=medium
      
        * (temporarily) disable pie on i386 static build
          For now -static-pie fails on i386 with the following error message:
            /usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
                unsupported non-PIC call to IFUNC `memset'
        * install qemu-system docs in qemu-system-common, not qemu-system-data,
          since docs require ./configure run
      
      qemu (1:5.0-1) unstable; urgency=medium
      
        * new upstream release (5.0)
          Closes: #958926
          Closes: CVE-2020-11869
        * refresh patches, remove patches applied upstream
        * do not mention openhackware, it is not used anymore
        * do not disable bluez (support removed)
        * new system arch "rx"
        * dont install qemu-doc.* for now,
          but install virtiofsd & qemu-storage-daemon
        * add shared-lib-without-dependency-information tag
          to qemu-user-static.lintian-overrides
        * add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
        * do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
        * install qemu-user html docs for qemu-user & qemu-user-static
        * build hppa-firmware.img from roms/seabios-hppa
          (and Build-Depeds-Indep on gcc-hppa-linux-gnu)
        * enable liburing on linux (build-depend on liburing-dev)
        * add upstream signing-key.asc (Michael Roth <flukshun@gmail.com>)
        * build opensbi firmware
          (for riscv64 only, riscv32 is possible with compiler flags)
        * add source-level lintian-overrides for binaries-without-sources
          (lintian can't find sources for a few firmware images which are in roms/)
      
      qemu (1:4.2-7) unstable; urgency=medium
      
        * qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
        * x32 arch is in the same family as i386 & x86_64, omit binfmt registration
        * check systemd-detect-virt before running update-binfmt
        * gluster is de-facto linux-only, do not build-depend on it on non-linux
        * virglrenderer is also essentially linux-specific
        * qemu-user-static does not depend on shlibs
        * disable parallel building of targets of d/rules
        * add lintian overrides (arch-dependent static binaries) for openbios binaries
        * separate binary-indep target into install-indep-prep and binary-indep
        * split out various components of qemu-system-data into independent
          build/install rules and add infrastructure for more components:
          x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
          slof, s390x-fw
        * iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
      
      qemu (1:4.2-6) unstable; urgency=medium
      
        * d/rules: fix FTBFS (brown-paper-bag bug) in last upload
      
      qemu (1:4.2-5) unstable; urgency=medium
      
        * no error-out on address-of-packet-member in openbios
        * install ui-spice-app.so only if built, spice is optional
        * arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
          Closes: CVE-2020-10702, weak signature generation
          in Pointer Authentication support for ARM
        * (temporarily) enable seccomp only on architectures where it can be built
          (Closes: #956624)
        * seccomp has grown up, no need in versioned build-dep
        * do not list librados-dev in build-dep as we only use librbd-dev
          and the latter depends on the former
        * only enable librbd on architectures where it is buildable
      
      qemu (1:4.2-4) unstable; urgency=medium
      
        [ Michael Tokarev ]
        * d/rules: build minimal configuration for qboot/microvm usage
        * set microvm to be the default machine type for microvm case
        * install ui-spice-app.so in qemu-system-common
        * do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
        * net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
          (Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
        * qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
        * switch binfmt registration to use update-binfmts --[un]import
          (Closes: #866756)
        * build openbios-ppc & openbios-sparc binaries in qemu-system-data,
          and replace corresponding binary packages.
          Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
        * build and provide/replace qemu-slof too
      
        [ Aurelien Jarno ]
        * enable support for riscv64 hosts
      
      qemu (1:4.2-3) unstable; urgency=medium
      
        * mention closing of #909743 in previous changelog (Closes: #909743)
        * do not link to qemu-skiboot from qemu-system-ppc (Closes: #950431)
        * provide+conflict qemu-skiboot from qemu-system-data,
          as we are not using this package anymore
      
      qemu (1:4.2-2) unstable; urgency=medium
      
        [ Fabrice Bauzac ]
        * Fix a typo in the description of the qemu binary package
      
        [ Frédéric Bonnard ]
        * Enable powernv emulation with skiboot firmware
      
        [ Michael R. Crusoe ]
        * Modernize watch file (Closes: #909743)
      
        [ Christian Ehrhardt ]
        * d/control-in: promote qemu-efi/ovmf in Ubuntu
        * d/control-in: bump debhelper build-dep for compat 12
        * - d/control-in: update VCS links
        * - d/control-in: disable bluetooth being deprecated
        * d/not-installed: ignore new interop docs and extra icons for now
        * do not install elf2dmp until namespaced
        * d/control-in: Enable numa support for s390x
        * Create qemu-system-s390x package (Ubuntu only for now)
      
        [ Michael Tokarev ]
        * stop using inttypes.h in qboot code;
          this makes dependency on libc6-dev-i386 to be unnecessary
        * qboot-no-jump-tables.diff - use #pragma for one file in qboot
        * do not install qemu-edid and qemu-keymap for now
        * no need in bluetooth patches as bluetooth is disabled
        * scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch
          (Closes: #949731, CVE-2020-1711)
        * enable libpmem support on amd64|arm64|ppc64el (Closes: #935327)
      
      qemu (1:4.2-1) unstable; urgency=medium
      
        * new upstream release (4.2.0)
        * removed patches: v4.1.1.diff, enable-pschange-mc-no.patch
        * do not make sgabios.bin executable (lintian)
        * add s390-netboot.img lintian overrides for qemu-system-data
        * build qboot (bios-microvm.bin)
        * build-depend-indep on libc6-dev-i386 for qboot
          (includes some system headers)
      
      qemu (1:4.1-3) unstable; urgency=medium
      
        * mention #939869 (CVE-2019-15890) in previous changelog entry
        * add Provides: sgabios to qemu-data (Closes: #945924)
        * fix qemu-debootsrtap (add hppa arch, print correct error message)
          thanks to Helge Deller (Closes: #923410)
        * enable long binfmt masks again for mips/mips32 (Closes: #829243)
      
      qemu (1:4.1-2) unstable; urgency=medium
      
        * build sgabios in build-indep, conflict with sgabios package
        * qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb
        * remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog
        * move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img
        * imported v4.1.1.diff - upstream stable branch
          Closes: CVE-2019-12068
          Closes: #945258, #945072
        * enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature
          to allow disabling ITLB multihit mitigations in nested hypervisors
          Closes: #944623
        * build-depend on nettle-dev, enable nettle, and clarify --enable-lzo
        * switch to system libslirp, build-depend on libslirp-dev
          Closes: #939869, CVE-2019-15890
      
      qemu (1:4.1-1) unstable; urgency=medium
      
        * new upstream release v4.1
          Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
           (use internal slirp copy for now)
          Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
          Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
          Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
          Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
          Closes: #927924 (new upstream version)
          Closes: #897054 (AMD Zen CPU support)
          Closes: #935324 (FTBFS due to gluster API change)
          Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
          Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
          Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
          Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
        * remove patches which are applied upstream, refresh remaining patches
          (bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
          bluetooth subsystem is going to be removed, we keep it for now)
        * debian/source/options: ignore slirp/ submodule
        * use python3 for building, not python
        * debian/optionrom.mk: add pvh.bin
        * switch from libssh2 to libssh, and enable libssh support in ubuntu
        * bump spice version requiriment to 0.12.5
        * enable pvrdma
        * debian/control-in: remove reference to libsdl
        * debian/rules: add new objects for s390-ccw fw
        * debian/control: add build dependency on python3-sphinx for docs
        * install ui/icons/qemu.svg and qemu.desktop
        * debian/rules: remove pc-bios/bamboo.dtb before building it
        * install vhost-user-gpu binary and 50-qemu-gpu.json
        * debian/rules: remove old maintscript-helper invocations, not needed anymore
        * remove +dfsg for now, upload whole upstream source, will trim it later
      ccfa1885
  10. 06 Mar, 2021 1 commit
  11. 07 Sep, 2020 2 commits
  12. 12 Aug, 2020 2 commits
  13. 24 Jul, 2020 1 commit
    • Michael Tokarev's avatar
      Import Debian changes 1:3.1+dfsg-8+deb10u8 · 1d4bd34b
      Michael Tokarev authored
      qemu (1:3.1+dfsg-8+deb10u8) buster-security; urgency=medium
      
        * mention fixing of CVE-2020-13765 in 3.1+dfsg-8+deb10u6
        * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
          ARM-only XGMAC NIC, possible buffer overflow during packet transmission
          Closes: CVE-2020-15863
        * sm501 OOB read/write due to integer overflow in sm501_2d_operation()
          List of patches:
           sm501-convert-printf-abort-to-qemu_log_mask.patch
           sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
           sm501-use-BIT-macro-to-shorten-constant.patch
           sm501-clean-up-local-variables-in-sm501_2d_operation.patch
           sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
          Closes: #961451, CVE-2020-12829
        * usb-fix-setup_len-init-CVE-2020-14364.patch
          Fix OOB r/w access in USB emulation
          Closes: #968947, CVE-2020-14364
        * net-assertion-in-net_tx_pkt_add_raw_fragment-CVE-2020-16092.patch
          Fix net_tx_pkt_add_raw_fragment assertion in e1000e & vmxnet3
          Closes: CVE-2020-16092
      1d4bd34b
  14. 22 Jul, 2020 1 commit
    • Michael Tokarev's avatar
      Import Debian changes 1:3.1+dfsg-8+deb10u7 · 648ff9e1
      Michael Tokarev authored
      qemu (1:3.1+dfsg-8+deb10u7) buster-security; urgency=medium
      
        * acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
          replace acpi-tmr-allow-2-byte-reads.patch with a more complete patch
          Closes: #964793
        * xhci-fix-valid.max_access_size-to-access-address-registers.patch
          This is another issue revealed after the CVE-2020-13754 fix
        * slirp-tcp_emu-fix-unsafe-snprintf-usages-CVE-2020-8608.patch
          (and a preparational patch, slirp-add-fmt-helpers.patch)
          Closes: CVE-2020-8608
      
      qemu (1:3.1+dfsg-8+deb10u6) buster-security; urgency=high
      
        * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
          Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
          devices which uses min_access_size and max_access_size Memory API fields.
          Also closes: CVE-2020-13791
        * acpi-tmr-allow-2-byte-reads.patch - fix an issue in MacOS exposed by
          the previous  "revert-.." change (#964247)
        * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
          CVE-2020-13659: address_space_map in exec.c can trigger
          a NULL pointer dereference related to BounceBuffer
        * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
          Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
          has an OOB read via a crafted reply_queue_head field from a guest OS user
        * megasas-use-unsigned-type-for-positive-numeric-fields.patch
          fix other possible cases like in CVE-2020-13362 (#961887)
        * megasas-fix-possible-out-of-bounds-array-access.patch
          Some tracepoints use a guest-controlled value as an index into the
          mfi_frame_desc[] array. Thus a malicious guest could cause a very low
          impact OOB errors here
        * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
          Closes: #961888, CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c
          does not properly validate the frame count, which allows guest OS users
          to trigger an out-of-bounds access during an es1370_write() operation
        * slirp-drop-bogus-IPv6-messages-CVE-2020-10756.patch
          Closes: CVE-2020-10756, possible OOB read in icmp6_send_echoreply()
      648ff9e1
  15. 14 May, 2020 1 commit
  16. 29 Apr, 2020 1 commit
  17. 21 Apr, 2020 1 commit
    • Michael Tokarev's avatar
      Import Debian changes 1:3.1+dfsg-8+deb10u5 · c37d8ded
      Michael Tokarev authored
      qemu (1:3.1+dfsg-8+deb10u5) buster-security; urgency=medium
      
        * display-bochs-fix-pcie-support-CVE-2019-15034.patch
          Fix possible buffer overflow in BOCHS display PCI config space
          Closes: CVE-2019-15034
        * vnc-fix-memory-leak-when-vnc-disconnect-CVE-2019-20382.patch
          Fix misuse of libz in VNC disconnect, leading to memory leak
          Closes: CVE-2019-20382
        * scsi-lsi-exit-infinite-loop-while-executing-script-CVE-2019-12068.patch
          Fix possible infinite loop in lsi_execute_script (LSI SCSI adapter)
          Closes: CVE-2019-12068
        * iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
          Fix heap buffer overflow in iSCSI's iscsi_aio_ioctl_cb()
        * slirp-fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch
          Fix another use-after-free in ip_reass() in SLIRP code
          Closes: CVE-2020-1983
      c37d8ded
  18. 30 Mar, 2020 1 commit
  19. 14 Feb, 2020 2 commits
  20. 07 Feb, 2020 1 commit
  21. 30 Jan, 2020 1 commit
    • Michael Tokarev's avatar
      Import Debian changes 1:3.1+dfsg-8+deb10u4 · c29456ba
      Michael Tokarev authored
      qemu (1:3.1+dfsg-8+deb10u4) buster-security; urgency=medium
      
        * acknowledge the last NMU by the Security Team
        * io-ensure-UNIX-client-doesn-t-unlink-server-socket.patch
          Closes: #946210
        * slirp possible use-after-free in ip_reass(),
          slirp-ip_reass-fix-use-after-free-CVE-CVE-2019-15890.patch
          Closes: #939869, CVE-2019-15890
        * slirp emulation fixes, Closes: CVE-2020-7039
          tcp_emu-fix-OOB-access-CVE-2020-7039.patch
          slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch
          slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch
        * fix iscsi OOB heap access via an unexpected response of iSCSI Server,
          scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch
          Closes: #949731, CVE-2020-1711
      
      qemu (1:3.1+dfsg-8+deb10u3) buster-security; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * target/i386: add PSCHANGE_MC_NO feature
      
      qemu (1:3.1+dfsg-8+deb10u2) buster-security; urgency=medium
      
        * slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch
          Closes: #933741, CVE-2019-14378 (slirp heap buffer overflow)
        * qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch
          Closes: #931351, CVE-2019-13164 (qemu-bridge-helper ifname overflow)
        * linux-user-sanitize-interp_info-for-mips-only.patch
          Closes: #933650 (some mips binaries fails to start)
      c29456ba
  22. 27 Jan, 2020 1 commit
  23. 25 Oct, 2019 2 commits
    • Ritesh Raj Sarraf's avatar
    • Michael Tokarev's avatar
      Import Debian changes 1:3.1+dfsg-8+deb10u2 · 453d0859
      Michael Tokarev authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
      
      
      qemu (1:3.1+dfsg-8+deb10u2) buster-security; urgency=medium
      
        * slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch
          Closes: #933741, CVE-2019-14378 (slirp heap buffer overflow)
        * qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch
          Closes: #931351, CVE-2019-13164 (qemu-bridge-helper ifname overflow)
        * linux-user-sanitize-interp_info-for-mips-only.patch
          Closes: #933650 (some mips binaries fails to start)
      
      qemu (1:3.1+dfsg-8~deb10u1) buster; urgency=medium
      
        * Non-maintainer upload.
        * Rebuild for buster (Cf. #929607)
      
      qemu (1:3.1+dfsg-8) unstable; urgency=high
      
        * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
          fixes a null-pointer dereference in sparc/sun4u emulated hw
          Closes: #927439, CVE-2019-5008
        * enable-md-no.patch & enable-md-clear.patch
          mitigation for MDS (Microarchitectural Data Sampling) issues
          Closes: #929067,
          CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
        * qxl-check-release-info-object-CVE-2019-12155.patch
          fixes null-pointer deref in qxl cleanup code
          Closes: #929353, CVE-2019-12155
        * aarch32-exception-return-to-switch-from-hyp-mon.patch
          fixes booting U-Boot in UEFI mode on aarch32
          Closes: #927763
        * stop qemu-system-common pre-depending on adduser
          Closes: #929261
      
      qemu (1:3.1+dfsg-7) unstable; urgency=high
      
        [ Michael Tokarev ]
        * device_tree-don-t-use-load_image-CVE-2018-20815.patch
          fix heap buffer overflow while loading device tree blob
          (Closes: CVE-2018-20815)
      
        [ Christian Ehrhardt ]
        * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
         - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
         - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
           mv_conffile since the new path is a directory in the old package
           version which can not be handled by mv_conffile.
      
      qemu (1:3.1+dfsg-6) unstable; urgency=high
      
        * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
          fix information leakage in slirp code (Closes: CVE-2019-9824)
      
      qemu (1:3.1+dfsg-5) unstable; urgency=high
      
        * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
          OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
          Closes: #922635, CVE-2019-3812
      
      qemu (1:3.1+dfsg-4) unstable; urgency=medium
      
        * mention closing of #855043 by 3.1+dfsg-3
        * disable pvrdma for now, it is a bit too buggy.
          Besides several security holes there are many other bugs there as well,
          and the amount of patches applied upstream after 3.1 release is large
          (Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124
           CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216)
      
      qemu (1:3.1+dfsg-3) unstable; urgency=medium
      
        [ Michael Tokarev ]
        * mention #696289 closed by 2.10
        * move ovmf to recommends on debian and update aarch ovmf refs
          (Closes: #889885, #855043)
        * remove /dev/kvm permission handling (moved to systemd 239-6)
          (Closes: #892945)
        * build qemu-palcode using alpha cross-compiler
          (Closes: #913103)
        * fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To
          (Closes: #918378
        * use int for sparc64 timeval.tv_usec
          (Closes: #920032)
        * build-depend on libglusterfs-dev not glusterfs-common
          (Closes: #919668, #881527)
        * add breaks: qemu-system-data to qemu-system-common,
          to close #916279 completely (all this can be removed after buster)
          (Closes: #916279)
        * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
          (Closes: #920222, CVE-2019-6501)
        * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
          (Closes: #921525)
        * pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
          (Closes: #916442, CVE-2018-20123)
        * enable rdma and pvrdma, build-depend on
          librdmacm-dev, libibverbs-dev, libibumad-dev
        * sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter
          from the former (finally Closes: #901407)
        * move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common
          (the binaries are also specific to qemu-system, not useable alone)
        * move qemu-pr-helper from qemu-utils to qemu-system-common -
          this is an internal qemu-system helper, with possible socket activation,
          not intended for use outside of qemu-system
      
        [ Christian Ehrhardt ]
        * qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes)
      Signed-off-by: Ritesh Raj Sarraf's avatarRitesh Raj Sarraf <ritesh.sarraf@collabora.com>
      453d0859
  24. 24 Jul, 2019 1 commit