qemu (1:9.2.2+ds-1+deb12u1.1) bookworm; urgency=medium * Non-maintainer upload. * rebuild for 12.10 * tests: removed tests/qemu-iotests/192 -- Mark Pryor Wed, 30 Apr 2025 08:51:26 -0700 qemu (1:9.2.2+ds-1~bpo12+1) bookworm-backports; urgency=medium * Rebuild for bookworm-backports: disable libblkio, realize pkg.qemu.use-upstream-vdso build profile -- Michael Tokarev Mon, 17 Mar 2025 12:45:54 +0300 qemu (1:9.2.2+ds-1) unstable; urgency=medium [ Christian Ehrhardt ] * Add seabios as recommends for qemu-system-arm (LP: #2033905) [ Michael Tokarev ] * new upstream stable/bugfix release * d/copyright: remove Files-Excluded which are not relevant anymore * d/rules, d/control.mk: use ${empty} as list terminator * d/rules, d/control.mk: rework handling of kvm/native qemu-system -- Michael Tokarev Wed, 05 Mar 2025 18:12:38 +0300 qemu (1:9.2.1+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * d/control: add loong64 and riscv64 to spice-arch (Closes: #1093646) -- Michael Tokarev Mon, 17 Feb 2025 13:54:22 +0300 qemu (1:9.2.0+ds-5) unstable; urgency=medium * d/rules,d/control: add Conflicts: qemu-kvm when it Provides: qemu-kvm * remove openbios-array-bounds.diff & openbios-array-bounds-gcc12.patch (not needed anymore) * d/patches/u-boot-sam460ex-*: forward, add metadata * disable-pycotap.patch: disable usage of pycotap, - it is only used in tests which we do not run * d/rules: add Provides: qemu-system-native -- Michael Tokarev Sun, 12 Jan 2025 13:21:46 +0300 qemu (1:9.2.0+ds-4) unstable; urgency=medium * d/source/lintian-overrides: field-too-long Build-Depends-Arch override * d/control: add gcc-x86-64-linux-gnu to Build-Depends-Indep. This makes not much sense but lets the build to succeed hopefully on any platform where all cross-compilers are available (Closes: #1091586) * add qemu-img-options.patch (qemu-img options rework) -- Michael Tokarev Sun, 05 Jan 2025 00:24:25 +0300 qemu (1:9.2.0+ds-3) unstable; urgency=medium * d/changelog: mention #924667, #1027781, #1016810 for previous entry * d/rules: use 2 timeout multiplier for tests on all platforms, not just riscv64 (Closes: #1089870) -- Michael Tokarev Tue, 24 Dec 2024 19:28:22 +0300 qemu (1:9.2.0+ds-2) unstable; urgency=medium * d/binfmt-install: remove forgotten cris linux-user target registration (Closes: #1089851) * d/rules,d/binfmt-install: pass list of targets on command line to catch errors like the previous one * d/binfmt-install: add 2 forgotten architectures: microblazeel and or1k * d/binfmt-install: note when we dropped binfmt-support registration * d/binfmt-install: drop compat symlinks for same-family binfmts from qemu-user-static doc dir. Between [8.0 .. 9.1) (during trixie release cycle), we shipped /usr/share/doc/qemu-user-static/qemu-x86_64.conf etc on x86 (all architectures for the host cpu family) instead of enabling them, because it is too risky to enable emulation for same-family arch. These files were used by the user to manually register the binfmts from /etc/binfmt.d. This does not work anymore, - if you used this setup, manually registering a binfmt for an architecture from the same family as your host CPU, please reconfigure them to point to the correct location, which is /usr/share/qemu/binfmt.d/. (cf: #924667, #1027781, #1016810) -- Michael Tokarev Sat, 14 Dec 2024 10:03:36 +0300 qemu (1:9.2.0+ds-1) unstable; urgency=medium * add 3 patches queued for stable from upstream master branch 9pfs-fix-regression-regarding-CVE-2023-2861.patch tcg-Reset-free_temps-before-tcg_optimize.patch tcg-riscv-Fix-StoreStore-barrier-generation.patch -- Michael Tokarev Fri, 13 Dec 2024 17:00:51 +0300 qemu (1:9.2.0+ds-1~exp1) experimental; urgency=medium * new upstream version * d/gbp.conf: switch to upstream-9.2 branch * d/copyright: stop removing pc-bios/s390-netboot.img (not shipped anymore) * d/copyright: remove roms/opensbi (not used anymore) * d/copyright: remove vendored rust crates (mk-origtargz does not handle Files-Included: correctly) * d/control: break old qemu-system-s390x (due to dropped s390x-netboot) * d/control.mk: remove cris architecture (dropped upstream) * remove openbios-spelling-endianess.patch * d/control: minimum meson version is 1.5 now * remove meson-Fix-MESONINTROSPECT-parsing.patch * d/rules: remove --disable-bpf for linux-user (fixed upstream) * d/control.mk: vdso-version=9.2.0~rc3+ds-1~ * d/control.mk: checked-version=9.2.0+ds * d/control: new build dependency: python3-pycotap * d/qemu-system-common.*: virtfs-proxy-helper is gone * d/qemu-system-arm.lintian-overrides: remove "wTH" override * d/rules: remove qemu-vmsr-helper if !system (dh_missing complains about it) * gnu-hurd.patch: add more fixes * d/qemu-user.lintian-overrides: add statically-linked-binary override * d/control: qemu-guest-agent is linux-any for now (does not work on hurd) * d/rules: enable/disable guest agent explicitly at configure time -- Michael Tokarev Wed, 11 Dec 2024 20:26:36 +0300 qemu (1:9.1.2+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove revert-hw-audio-hda-fix-memory-leak-on-audio-setup.patch * add lintian-overrides for "wTH" spelling-error-in-binary for qemu-system-arm, qemu-system-mips, qemu-system-ppc and qemu-user * d/rules: move system package definitions to d/control.mk -- Michael Tokarev Mon, 02 Dec 2024 11:29:54 +0300 qemu (1:9.1.1+ds-5) unstable; urgency=medium * upload to rebuild with fixed libiscsi * move "addd" lintian-override from qemu-system-misc to qemu-system-riscv * d/qemu-user-static.lintian-overrides: remove "statically-linked-binary" override (not emitted anymore?) -- Michael Tokarev Fri, 15 Nov 2024 09:30:28 +0300 qemu (1:9.1.1+ds-4) unstable; urgency=medium * d/tests/test-qemu-img.sh: fix syntax error in recent change * remove hw-audio-hda-avoid-unnecessary-re-open-stream-on-rec.patch (does not solve the issue) * +revert-hw-audio-hda-fix-memory-leak-on-audio-setup.patch revert the upstream change for now, til a better solution is found -- Michael Tokarev Mon, 11 Nov 2024 10:37:00 +0300 qemu (1:9.1.1+ds-3) unstable; urgency=medium * d/tests/test-qemu-img.sh: use filesystem block size for ls -s, remove temp code for ppc64el * hw-audio-hda-avoid-unnecessary-re-open-stream-on-rec.patch fixing https://gitlab.com/qemu-project/qemu/-/issues/2639 (hopefully) -- Michael Tokarev Thu, 07 Nov 2024 13:51:24 +0300 qemu (1:9.1.1+ds-2) unstable; urgency=medium * linux-user-elf-endianness.diff: remove the temp workaround the fix is in upstream qemu now, double fix breaks again. * d/control: temporarily add Depends: qemu-system-riscv, qemu-system-s390x (debain only) for qemu-system-misc to compensate for the split. Should downgrade this to Recommends once the tests are fixed (#1086026, #1086024, edk2 !17) -- Michael Tokarev Fri, 25 Oct 2024 16:22:29 +0300 qemu (1:9.1.1+ds-1) unstable; urgency=medium * new upstream stable/bugfix release Closes: #1081849, #1081850 Includes a change listed as a fix for #1082406 (CVE-2024-8612) -- Michael Tokarev Thu, 24 Oct 2024 21:41:12 +0300 qemu (1:9.1.0+ds-9~exp0) experimental; urgency=medium * d/tests/test-qemu-img.sh: print diagnostics on ppc64el where the test fails (temporary) * d/control-in: expand Enhances: list for qemu-block-extra (and qemu-block-supplemental on Ubuntu) * make qemu-system-s390x a separate package, just like on ubuntu * split out qemu-system-riscv* from qemu-system-misc to qemu-system-riscv * d/qemu-system-misc.NEWS: add NEWS item about s390x and riscv split -- Michael Tokarev Sat, 05 Oct 2024 12:53:34 +0300 qemu (1:9.1.0+ds-8) unstable; urgency=medium * d/qemu-user.lintian-overrides: add statically-linked-binary override for all qemu-* binaries * d/rules: specify -m for each install invocation, and use -m consistently * d/tests/test-qemu-user: rewrite, install and run busybox for all release architectures. Remove superficial restriction - it is now a real test * d/patches/linux-user-elf-endianness.diff: temp/test patch to address #1081850 -- Michael Tokarev Tue, 01 Oct 2024 11:35:40 +0300 qemu (1:9.1.0+ds-7) unstable; urgency=medium * d/qemu-system-misc.links: remove escaped newlines, swap order (again!) (Closes: #1082771) -- Michael Tokarev Thu, 26 Sep 2024 15:31:31 +0300 qemu (1:9.1.0+ds-6) unstable; urgency=medium * d/qemu-system-misc.links: fix the order of source/destination pairs (Closes: #1082771) -- Michael Tokarev Thu, 26 Sep 2024 05:49:22 +0300 qemu (1:9.1.0+ds-5) unstable; urgency=medium * d/control: fix opensbi dependency (missing tilde) (Closes: #1082750) -- Michael Tokarev Wed, 25 Sep 2024 19:35:14 +0300 qemu (1:9.1.0+ds-4) unstable; urgency=medium * d/control: fix typo in comment, add comment * d/control: s/Built-Using/Static-Built-Using/ for qemu-user (static build) (this should allow qemu to migrate to testing much more easily) * stop building opensbi firmware, use packaged version (Closes: #1058905) -- Michael Tokarev Wed, 25 Sep 2024 13:50:06 +0300 qemu (1:9.1.0+ds-3) unstable; urgency=medium * revert the move of the helper binaries (qemu-bridge-helper, virtfs-proxy-helper, vhost-user-gpu) to /usr/libexec/qemu/, moving them back to /usr/lib/qemu/ where they had always been. This restores suid-root dpkg-statoverride for qemu-bridge-helper if the user enabled it, and makes common tools like libvirt to work correctly again. Such change needs more thinking. Closes: #1080456. * d/microvm-devices.mak: disable VIRTIO_MEM and VIRTIO_PMEM devices These are PCI-only devices but PCI is disabled for microvm. * d/patches: remove revert-hw-virtio-move-stubs-out-of-stubs.patch after disabling virtio-mem and virtio-pmem. * d/microvm-devices.mak: disable Q35 machine type now when it is possible (in version 6.1 where microvm has been enabled it didn't work). * d/qemu-user-static.NEWS: write a news entry about qemu-user-static merge to qemu-user package * d/changelog: mention closing of #1079603 by 9.1.0+ds-1 (qemu-user merge) * d/changelog: fix a typo in old (7.2+dfsg-4) entry * d/changelog: remove duplicate entries from 9.0.2+ds-2 log * d/rules: disable tests on sparc64 (it fails there) -- Michael Tokarev Fri, 06 Sep 2024 14:33:28 +0300 qemu (1:9.1.0+ds-2) unstable; urgency=medium * d/binfmt-install: do not install old/compat binfmt symlinks for qemu-user-binfmt package (there was none) (fixes FTBFS) -- Michael Tokarev Thu, 05 Sep 2024 08:31:03 +0300 qemu (1:9.1.0+ds-1) unstable; urgency=medium * new upstream release (9.1): - debian/gbp.conf: switch to 9.1 (experimental) - remove patches which are applied upstream: nbd-server-CVE-2024-7409-* scsi-fix-regression-and-honor-bootindex-again-for-le.patch virtio-net-Ensure-queue-index-fits-with-RSS-CVE-2024-6505.patch virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch - cap-OPEN_MAX.diff: remove, not needed anymore (new code is different) - d/rules: stop --disable-pvrdma (it is removed) - d/control: bump meson build dep to >>1.1.0 - d/control: drop version requirement for libpipewire - d/rules,d/control.mk: remove nios2 targets (dropped upstream) - revert-hw-virtio-move-stubs-out-of-stubs.patch: temp, - to work around upstream minimal microvm build breaklage - d/rules: install (x86-specific) qemu-vmsr-helper (binary and systemd units) * d/rules: switch system manpages from symlinks back to .so (cross-package symlinks to manpages are not handled by dh_installman) * merge qemu-user-static binaries into qemu-user package, making making qemu-user-static to be a helper/compatibility/transitional only: - d/binfmt-install: work on fixed packages - d/rules: expand $(install-user) - d/rules: move user-alias-* definitions closer to usage - d/rules install -static compat symlinks for qemu-user-static package - d/source/lintian-overrides: add unusual-field-spacing: Breaks - d/binfmt-install: little rework for $omit handling - d/binfmt-install: ship links to native-family binfmts in /usr/share/doc/$pkg for compatibility with 8.0..9.1~ Closes: #1079603 -- Michael Tokarev Thu, 05 Sep 2024 00:16:01 +0300 qemu (1:9.0.2+ds-7) unstable; urgency=medium * d/rules: make check actually needs system (disable testsuite if !system) * d/patches/gnu-hurd.patch: add IOV_MAX define too * d/rules: add mandir and man1dir variables to shorten things * d/rules: simplify/streamline install-system macro a little bit * d/rules: install-system macro: no need for leading tabs * d/binfmt-install: omit loongarch64 binfmt on loong64 (Closes: #1080085) * d/rules: use meson instead of make to run tests * d/rules: increase test timeout by a factor of 2 on riscv64 build -- Michael Tokarev Sat, 31 Aug 2024 08:56:40 +0300 qemu (1:9.0.2+ds-6) unstable; urgency=medium * cap-OPEN_MAX.diff: update to include second case of the same code (really closes: #1078757) * gnu-hurd.patch: update to define PATH_MAX on hurd * Revert "d/patches,d/binfmt-install: stop patching qemu to support old kernel binfmt interface (remove linux-user-binfmt-P.diff)" This change can be kept for longer to support bullseye and older kernels * d/binfmt-install: add aarch6_be fmt * d/binfmt-install: change a few \x7fELF into \x7f\x45\x4c\x46 in magic strings to align with masks and be consistent (no actual changes) * d/rules,d/control.mk: move some stuff from d/rules to d/control.mk and include control.mk earlier * d/control.mk: remember upstream version we built for and complain if it is not the same * d/rules: move user-targets definition to control.mk and verify if the list is correct * d/rules: move vdso list and handling to d/control.mk and verify vdso hasn't changed since last version * d/control, d/rules: enable the testsuite again (block only) since we build-depend on qemu-system-data. Add build-depends on seabios -- Michael Tokarev Mon, 26 Aug 2024 17:39:35 +0300 qemu (1:9.0.2+ds-5) unstable; urgency=medium [ Sergio Durigan Junior ] * d/rules: Unset ELF_PACKAGE_METADATA when building ROMs. Ubuntu started setting ELF_PACKAGE_METADATA during builds, but that can badly affect ROMs (see LP #2077431). [ Michael Tokarev ] * d/control: add alpha to utils-arch * d/control: remove kfreebsd-* * +gnu-hurd.patch (test) * d/rules: split-out d/control.mk * d/binfmt-install: remove s390x leftover (covered by last "*" entry) * d/rules: disable-bpf for qemu-user[-static] builds, it is leaked into the link uselessly * d/control: add the forgotten for qemu-system-gui * d/rules: remove --disable-install-blobs from xen build (it is in common options already) * d/rules: pass --extra-cflags explicitly to each build * d/rules: pass --extra-ldflags to each build explicitly too * d/rules: generate Built-Using: for qemu-user-static from a linker .map file * d/patches,d/binfmt-install: stop patching qemu to support old kernel binfmt interface (remove linux-user-binfmt-P.diff) * refine build-depend-arch: qemu-system-data for ubuntu and refine comment around this * cap-OPEN_MAX.diff - temporary, Closes: #1078757 (fixed for good in 9.1) * virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch - refresh from upstream * +nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch - one more fix for CVE-2024-7409 -- Michael Tokarev Sun, 25 Aug 2024 18:50:52 +0300 qemu (1:9.0.2+ds-4) unstable; urgency=medium * d/rules: fix the brown-paper-bag bug in last upload * d/changelog: remove "Closes #1075428" from the previous entry, that issue has nothing to do with qemu -- Michael Tokarev Mon, 12 Aug 2024 08:05:39 +0300 qemu (1:9.0.2+ds-3) unstable; urgency=medium [ Sergio Durigan Junior ] * d/rules: Install block-gluster.so (instead of block-glusterfs.so). [ Michael Tokarev ] * d/control: vdso is needed by qemu-USER targets, not system * d/control, d/rules: instead of requiring the same version of qemu-system-data for vdso, use a fixed version of last interest * d/rules: build both opensbi64 and opensbi32 firmware (was 32bit only) * d/rules: simplify openbios build rule with patsubst * d/rules: --disable-containers * +virtio-net-Ensure-queue-index-fits-with-RSS-CVE-2024-6505.patch (Closes: #1075919, CVE-2024-6505) * CVE-2024-7409 (nbd server DoS) fixes: +nbd-server-Plumb-in-new-args-to-nbd_client_add.patch +nbd-server-CVE-2024-7409-Cap-default-max-connections.patch +nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch +nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch -- Michael Tokarev Mon, 12 Aug 2024 07:06:03 +0300 qemu (1:9.0.2+ds-2) unstable; urgency=medium * d/rules: pass CROSS_COMPILE= to u-boot* config targets too, not just build targets * u-boot-sam460ex-build.patch: u-boot-sam460ex build fixes/workarounds * move helper binaries (qemu-bridge-helper, virtfs-proxy-helper, vhost-user-gpu) from usr/lib/qemu to usr/libexec/qemu * d/*.NEWS: use common indent of 2 spaces instead of sometimes-3 * switch from gcc-arm-none-eabi to gcc-arm-linux-gnueabi to build npcm7xx vbootrom * d/rules: use the same cross_prefix_* variables in d/rules as ./configure recognizes and export them for ./configure * d/rules: expand seabios-hpppa build and use cross_prefix_hppa* vars * d/rules: do not install opensbi-riscv64-generic-fw_dynamic.elf (only .bin file is needed) * rebuild linux-user vdso files during arch-indep build, so no pre-built binaries are used: - require all cross compilers in Build-Depend-Indep - build vdso archive (build-vdso) and ship it in qemu-system-data - Build-Depends-Arch: qemu-system-data (=source:Version) (with vdso archive) - pkg.qemu.use-upstream-vdso profile to avoid all this - allow building and using vdso files in single arch+indep build without using vdso archive from qemu-system-data - pkg.qemu.omit-vdso-build-dep profile to omit the dependency on qemu-system-data (for single arch+indep build) -- Michael Tokarev Sat, 03 Aug 2024 19:23:13 +0300 qemu (1:9.0.2+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove patches applied upstream (from the previous upload) * + scsi-fix-regression-and-honor-bootindex-again-for-le.patch (https://forum.proxmox.com/threads/149772/post-679433) -- Michael Tokarev Wed, 17 Jul 2024 14:11:32 +0300 qemu (1:9.0.1+ds-1) unstable; urgency=medium * new upstream release * linux-user-binfmt-P.diff: refresh * d/rules: install the right qemu-system-x86_64-microvm binary * d/control: Build-Depend-Indep: gcc-hppa64-linux-gnu (for 64bit seabios-hppa) * d/rules: install hppa-firmware64.img * d/qemu-user-static.lintian-overrides: embedded-library zlib * +meson-Fix-MESONINTROSPECT-parsing.patch - fix build in a dir containing tilde (~) or other special chars * add 3 patches from upstream (fixing CVE-2024-4467, adding tests * +block-Parse-filenames-only-when-explicitly-requested.patch (avoid potentially dangerous parsing of (embedded) filenames) * d/rules drop dwz version check for bullseye and before * d/qemu-system-xen.lintian-overrides: drop the now-unused override * rewrap description of qemu-system-modules-opengl to fit in 80 columns * d/qemu-block-extra.postinst: add #DEBHELPER# token -- Michael Tokarev Fri, 05 Jul 2024 17:08:48 +0300 qemu (1:8.2.5+ds-2) unstable; urgency=medium * d/gen-module-upgrade.sh: move removal of run-qemu.mount to qemu-block-extra.postinst * gen-modules-upgrade.sh &Co: extend to handle multiple packages * add (ubuntu-specific) qemu-block-supplemental package (with glusterfs module) * d/control: qemu-block-extra Provides: qemu-block-supplemental on debian to be compatible with ubuntu * d/control: enable libblkio on sparc64 too (becomes the same as gluster, all 64bit architectures) * move block-blkio to qemu-block-supplemental on ubuntu like block-glusterfs * note-missing-module-pkg-name.diff: refresh, mention qemu-block-supplemental package * qboot-Disable-LTO-for-ELF-binary-build-step.patch (from ubuntu) (LP#1988710 LP#1921664 #1015607) * d/rules: enable a few optional features for microvm build virtfs: 9pfs, easier guest managing from local filesystem linux-aio, linux-io-uring: scalability numa (scalability) seccomp (security) Most of this (besides io-uring) has been enabled on ubuntu (LP#2045594) * d/rules,d/control: add system-arch-linux-64 list * d/control: enable numa on all system-arch-linux * debian/rules: remove references to ia64 (it is dead) * d/control: remove seccomp from x32 build (system is not built on x32) * d/rule: make user-arch the same as system-arch-linux (adds powerpc & powerpcspe) * d/rules,d/control: enable loong64 (Closes: #1074513) * d/control: mark more build-deps/--enable with system-arch[-linux] * d/control: s/dbus/D-Bus/ * d/rules: simplify ${VENDOR} handling and lowercase it -- Michael Tokarev Sun, 30 Jun 2024 23:21:27 +0300 qemu (1:8.2.5+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * d/control: drop rbd support on ppc64 and sparc64 (it does not build there, always failing) * d/control: fuse is linux-only * d/control: ia64 is dead -- Michael Tokarev Thu, 13 Jun 2024 13:39:33 +0300 qemu (1:8.2.4+ds-2) unstable; urgency=medium * d/control: build-depend on pkgconf * annotate more deps for cross-build (#995622), incl. native glib for hexagon build-time tool * virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch (fixing qemu segfault in cryptsetup CI) -- Michael Tokarev Fri, 31 May 2024 14:59:28 +0300 qemu (1:8.2.4+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove patches applied upstream * enable libblkio (blkio extra block driver) on some 64bit platforms -- Michael Tokarev Mon, 20 May 2024 16:14:17 +0300 qemu (1:8.2.3+ds-2) unstable; urgency=medium * d/changelog: add Closes: for security bugs fixed by 8.2.3 * static-linux-user-stubs: provide some stubs for static linux-user build (this avoids ld warnings about getpw*()) * add 3 missing upstream commits to fix 8.2.3 breakage on riscv64 The broken commit is 1e4ec0958e "target/riscv/kvm: fix timebase-frequency when using KVM acceleration", which requires other changes in the same patch series: target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch target-riscv-kvm-change-timer-regs-size-to-u64.patch (Closes: #1069892) -- Michael Tokarev Sat, 27 Apr 2024 20:09:22 +0300 qemu (1:8.2.3+ds-1) unstable; urgency=medium [ Michael Tokarev ] * new upstream stable/bugfix release Closes: #1068819, CVE-2024-26327, CVE-2024-26328 Closes: #1068820, CVE-2024-3446 Closes: #1068821, CVE-2024-3447 Closes: #1068822, CVE-2024-3567 * fix typo in newly added change (expection) * d/rules: run dh_installdocs for install-indep too [ Sergio Durigan Junior ] * d/control: Fix typo in long description of qemu-system-gui package -- Michael Tokarev Thu, 25 Apr 2024 07:48:12 +0300 qemu (1:8.2.2+ds-2) unstable; urgency=medium * d/control: fix qemu version in Breaks: to include the missing epoch (Closes: #1065469) * d/rules: remove x32 from qemu-user host arch list and add it to tools -- Michael Tokarev Tue, 05 Mar 2024 10:27:47 +0300 qemu (1:8.2.2+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * d/gen-module-upgrade.sh: change addfr() for clarity * d/rules: stop qemu-system-${arch} packages from providing themselves (different fix, really closes: #1063233) * d/rules: ensure ${sysdataidir} is created in pre-install-indep * d/control: stop build-depending on texinfo (not used) * d/rules: build docs directly with sphinx, --disable-docs, install more docs * move system docs to qemu-system-data * d/rules: stop compressing config examples * d/control: bc isn't needed for u-boot anymore * d/copyright: exclude python/wheels/*.whl (not used on debian) * remove patch included upstream now: ui-clipboard-mark-type-as-not-available-when-no-data-CVE-2023-6683.patch * d/rules: disable building qemu-system on x32 * remove disable-xen-on-x32.patch -- Michael Tokarev Mon, 04 Mar 2024 22:55:03 +0300 qemu (1:8.2.1+ds-2) unstable; urgency=medium * rework module-upgrade handling: do not ship /run/qemu.mount unit anymore, instead bind-mount-exec particular subdir in /run/qemu/ on upgrade only if some qemu-system-foo processes are running * d/control: Rules-Requires-Root: no * d/control: Standards-Version: 4.6.2 * d/rules: stop qemu-system-${arch} packages from providing themselves (Closes: #1063233) * d/rules: run ./configure in arch-indep build and build some roms from there * build x86 optionrom using qemu build rules * d/rules: move fragments which builds firmware out of qemu arch-indep subdir closer together (no code changes) * d/control: clarify qemu-system-gui description: this is not a management gui for qemu * d/control: set minimum version for libpipewire (for bullseye) * d/control: require recent python3 or separate tomli (for bullseye) -- Michael Tokarev Sat, 24 Feb 2024 12:19:35 +0300 qemu (1:8.2.1+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove all upstream-applied patches * d/patches/note-missing-module-pkg-name.diff: fixup * replace fix for CVE-2023-6683 (A different fix from upstream) * remove the mistakenly-added temp file in d/qemu-block-extra/ * d/.gitignore: refresh -- Michael Tokarev Tue, 30 Jan 2024 10:32:17 +0300 qemu (1:8.2.0+ds-5) unstable; urgency=medium * d/rules, d/run-qemu.mount: use dh_installsystemd to install run-qemu.mount (Closes: #1060087) * update hppa and seabios-hppa patch series * ui-clipboard-avoid-crash-upon-request-when-clipboard-CVE-2023-6683.patch (Closes: #1060749, CVE-2023-6683) * +target-s390x-Fix-LAE-setting-a-wrong-access-register.patch * +tcg-s390x-Fix-encoding-of-VRIc-VRSa-VRSc-insns.patch fix chacha20 issue on s390x * update hw-vfio-fix-iteration-over-global-VFIODevice-list.patch -- Michael Tokarev Thu, 18 Jan 2024 10:16:31 +0300 qemu (1:8.2.0+ds-4) unstable; urgency=medium * d/rules: fix "tail -20" usage * note-missing-module-pkg-name.diff: update, to be much more accurate No more sporadic warnings about missing audio backends etc * d/control: clarify qemu-system-gui and qemu-system-modules-* package descriptions a little bit (#1059457) * more fixups from the ML targetting stable: + hw-net-cadence_gem-fix-MDIO_OP_xxx-values.patch + tcg-ppc-use-new-registers-for-LQ-destination.patch + target-riscv-fix-mcycle-minstret-increment-behavior.patch * a bunch of hppa and seabios-hppa fixes targetting -stable for https://gitlab.com/qemu-project/qemu/-/issues/2044 -- Michael Tokarev Thu, 04 Jan 2024 22:47:59 +0300 qemu (1:8.2.0+ds-3) unstable; urgency=medium * +virtio-net-correctly-copy-vnet-header-when-flushing-TX-CVE-2023-6693.patch Fix CVE-2023-6693 (virtio-net: stack buffer overflow in virtio_net_flush_tx) * +target-i386-the-sgx_epc_get_section-stub-is-reachable.patch * +target-xtensa-fix-OOB-TLB-entry-access.patch * d/rules: print last 20 lines of config.log & meson.log if ./configure fails -- Michael Tokarev Tue, 02 Jan 2024 15:54:35 +0300 qemu (1:8.2.0+ds-2) unstable; urgency=medium * include-ui-rect.h-fix-qemu_rect_init-mis-assignment.patch fixes virtio-gpu redraw issue (Closes: #1059211) * hw-vfio-fix-iteration-over-global-VFIODevice-list.patch fixes reboot issue with virtio-gpu * target-i386-do-not-re-compute-new-pc-with-CF_PCREL.patch fixes 4M edk2 stall in i386 tcg mode * block-fix-crash-when-loading-snapshot-on-inactive-no.patch fix possible assertion failure when loading snapshot -- Michael Tokarev Tue, 02 Jan 2024 12:10:14 +0300 qemu (1:8.2.0+ds-1) unstable; urgency=medium * new upstream release 8.2.0 Closes: #1013952 * d/rules: re-enable building static-pie binaries (the default) for qemu-user-static again (formally Closes: #1053101, LP:#1908331) * d/rules: add --disable-pie for static build on i386 due to #1056739 * d/control: qemu-system-x86 depends on seabios >>1.16.3-1 due to ahci fix * d/qemu-user-static.lintian-overrides: +shared-library-lacks-prerequisites for static-pie executables * d/rules: omit qemu-user-static package from dh_shlibdeps run since dpkg-shlibdeps complains about static-pie binaries * d/rules: fix bugzilla.redhat.com url (migrated to issues.redhat.com) * d/patches: remove patches applied upstream * d/patches, d/rules: use --disable-relocatable instead of a patch * d/patches: refresh disable-xen-on-x32.patch * d/control: --enable-pixman (which is optional now) * d/rules: vnc needs pixman too (for xen and microvm builds) * d/copyright: stop excluding subprojects/dtc (not included anymore) * d/source/lintian-overrides: +source-is-missing for vdso.so files -- Michael Tokarev Wed, 20 Dec 2023 18:21:19 +0300 qemu (1:8.1.3+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove patches applied upstream: - linux-user-Fixes-for-zero_bss.patch - target-mips-Fix-MSA-BZ-BNZ-opcodes-displacement.patch - hw-ide-reset-cancel-async-DMA-operation-before-reset.patch * d/control, d/qemu-system-gui.install: enable pipewire audio support (Closes: #1055221) -- Michael Tokarev Wed, 22 Nov 2023 17:56:06 +0300 qemu (1:8.1.2+ds-1) unstable; urgency=medium * upstream 8.1.2 stable/bugfix release * remove all stable-staging/ patches and two more (all included into 8.1.2) * d/rules: microvm build: do not explicitly enable avx2 -- Michael Tokarev Tue, 17 Oct 2023 09:44:39 +0300 qemu (1:8.1.1+ds-2) unstable; urgency=medium * d/rules: fix binary target to produce both arch and indep binaries instead of omitting indep one(s) * d/patches: sync with current staging-8.1 branch, many new fixes * additional fixes: +hw-ide-ahci-fix-legacy-software-reset.patch +target-mips-Fix-MSA-BZ-BNZ-opcodes-displacement.patch +hw-ide-reset-cancel-async-DMA-operation-before-reset.patch -- Michael Tokarev Sun, 08 Oct 2023 12:28:55 +0300 qemu (1:8.1.1+ds-1) unstable; urgency=medium * new upstream stable/bugfix release * remove all stable-staging/ patches, keep softmmu-Use-async_run_on_cpu-in-tcg_commit.patch * vfio-display-fix-missing-update-to-set-backing-field.patch * scsi-disk-disallow-small-block-sizes-CVE-2023-42467.patch (Closes: #1051899, CVE-2023-42467) * migration-qmp-Fix-crash-on-setting-tls-authz-with-nu.patch * d/patches/move-vl-opts/ - stop linking everything with async-teardown.c, un-FTBFS on ia64 * d/control: minor: remove old todo comments * d/control: disable rbd (ceph) on 32bit platforms (Closes: #1053172) * d/control: enable rbd on riscv64 once it's built there * d/copyright: also remove subprojects/dtc -- Michael Tokarev Sun, 01 Oct 2023 22:11:24 +0300 qemu (1:8.1.0+ds-6) unstable; urgency=medium * re-enable softmmu-Use-async_run_on_cpu-in-tcg_commit.patch * add https://www.mail-archive.com/qemu-devel@nongnu.org/msg989073.html fixing https://gitlab.com/qemu-project/qemu/-/issues/1866 * d/rules: reorder some definitions to evaluate in proper order -- Michael Tokarev Wed, 20 Sep 2023 23:31:59 +0300 qemu (1:8.1.0+ds-5) unstable; urgency=medium * disable softmmu-Use-async_run_on_cpu-in-tcg_commit.patch The change in softmmu-Use-async_run_on_cpu-in-tcg_commit.patch which is a fix for https://gitlab.com/qemu-project/qemu/-/issues/1864 (x86 VM with TCG and SMP fails to start on 8.1.0) introduces https://gitlab.com/qemu-project/qemu/-/issues/1866 * more patches from stable-staging * re-introduce qemu-debootstrap for now until all users of it will be converted to regular debootstrap -- Michael Tokarev Sun, 17 Sep 2023 19:10:34 +0300 qemu (1:8.1.0+ds-4) unstable; urgency=medium * d/changelog: fix spelling * +linux-user-Fixes-for-zero_bss.patch: fix linux-user zero_bss bug * many small changes for d/rules * d/rules: split out qemu-user build out out of main qemu build When both system and linux-user builds are enabled, linux-user build is getting features only relevant for system (softmmu) configuration, like linking with liburing, libnuma and other softmmu-only stuff. So build it separately. This not only makes qemu-user smaller and neater, but it also makes Built-Using field for qemu-user-static (which is generated from Depends field of qemu-user) accurate. * d/qemu-user[-static].docs: use unprocessed .rst doc instead of html * d/rules: check for nocheck in DEB_BUILD_PROFILES too, not only DEB_BUILD_OPTIONS * d/rules, d/control: disable build-time test due to apparent dak bug -- Michael Tokarev Mon, 11 Sep 2023 14:19:32 +0300 qemu (1:8.1.0+ds-3) unstable; urgency=medium * d/control: split out most of Build-Depends to Build-Depends-Arch, in order to break B-D loop on qemu-system-data (it is only needed for -Arch) and to reduce arch-all build time. Only very few things left in common Build-Depends. * Removing most things from B-D discovered that skiboot includes openssl header(s) (!), so add libssl-dev to Build-Depends-Indep. * d/control,d/rules: introduce build profiles to omit building some packages (mostly debugging aid, to reduce test build run time). * d/rules: use ninja directly for various qemu builds (non-verbose build now shows errors/warnings nicely) * d/control: Rules-Requires-Root: "binary-targets", not "no", - this enables building as non-root, finally * d/rules: add forgotten -p for mkdir b/user-static * d/not-installed: list 2 files from user/ manual (which is built even on unsupported architectures) -- Michael Tokarev Sun, 10 Sep 2023 01:30:15 +0300 qemu (1:8.1.0+ds-2) unstable; urgency=medium * d/control: fix descriptions of qemu-system-gui and qemu-system-modules-spice packages * update lintian-overrides * d/rules: enable verbose (-v) build for qboot * d/rules: move lto control to where it actually works * d/rules: remove usage of "standard dh sequencer". It has multiple issues. To name a few: - it exports CFLAGS &Co which breaks badly when trying to compile bios/firmware code (fixes FTBFS with new -fcf-protection) - it performs multiple recursive calls to d/rules which is slow when make variables are set using $(shell), - annoying when debugging - it hides actual actions being done at install/binary stages - it is confusing in override_dh_foo{,-indep,-arch} - it does just too much unknown magic, - just give the control back. -- Michael Tokarev Sat, 09 Sep 2023 22:37:02 +0300 qemu (1:8.1.0+ds-1) unstable; urgency=medium * d/changelog: mention closing of #984451, CVE-2021-20255 by 8.1 * d/changelog: mention closing of #1041471 by 8.1 * d/patches: add patches currenly staged for 8.1.1 * d/gbp.conf: switch from experimental to master * upload to unstable -- Michael Tokarev Sat, 09 Sep 2023 17:03:54 +0300 qemu (1:8.1.0+ds-1~exp2) experimental; urgency=medium * qemu-system-modules-spice & qemu-system-modules-opengl packages, containing optional spice and opengl modules from qemu-system-common. Both are recommended by all qemu-system-* but can be removed if not used, to reduce list of dependencies. -- Michael Tokarev Wed, 23 Aug 2023 12:37:55 +0300 qemu (1:8.1.0+ds-1~exp1) experimental; urgency=medium * new upstream release Closes: #1041102, CVE-2023-3019 (NIC DMA reentrancy issue, problem class) Closes: CVE-2021-3750 (DMA MMIO reentrancy issue, problem class) Closes: #984451, CVE-2021-20255 (DMA reentrancy issue) Closes: #1041471 (qemu-user armel commpage mapping bug) * d/watch: change repack suffix to +ds * d/patches: remove patches applied upstream * disable-xen-on-x32.patch: refresh * d/copyright: stop stripping dtc/ and meson/, removed upstream * d/rules: replace --with-git-submodules=ignore with --disable-download * d/control: build-depend on python3-venv * d/control: bump minimum meson version to 0.63.0 * d/control: build-depend on seabios & qemu-system-data for the testsuite. qemu testsuite runs qemu-system binaries which require firmware even for simple tests * d/rules: run `make check-block' after the main build, as a minimal test for now * qemu-img-omit-errno-value-in-error-message.patch fixes check-block tests on mips* where errno values are different from other architectures. * late fix for 8.1 linux-user-Adjust-brk-for-load_bias.patch -- Michael Tokarev Wed, 23 Aug 2023 08:01:13 +0300 qemu (1:8.0.4+dfsg-3) unstable; urgency=medium * d/rules: export PYTHONDONTWRITEBYTECODE=1 to stop generating .pyc files (Closes: #1046056) * d/control: list more CPU types emulated by qemu in package descriptions * d/control: refine qemu-system-gui package description * d/rules: remove --interp-prefix= configure option * late fix for 8.1: target-arm-Fix-SME-ST1Q.patch * late fix for 8.1: target-arm-Fix-64-bit-SSRA.patch * d/control: remove old versions from build-deps -- Michael Tokarev Tue, 22 Aug 2023 20:15:07 +0300 qemu (1:8.0.4+dfsg-2) unstable; urgency=medium * remove linux-user-show-heap-address-in-proc-pid-maps.patch * pick 2 nvme fixes from upstream: - hw-nvme-fix-oob-memory-read-in-fdp-events-log-CVE-2023-4135.patch Closes: #1050142, CVE-2023-4135 - hw-nvme-fix-null-pointer-access-in-directive-receive-CVE-2023-40360.patch Closes: #1050140, CVE-2023-40360 * d/rules: --enable-virtfs (--enable-attr --enable-cap-ng) for xen build to enable 9pfs (Closes: #1049925) * d/rules: run-qemu.mount is linux-specific too (if we ever do non-linux system build) * d/control: disable sndio on debian too (disabled on ubuntu), for now anyway * d/*.install, d/rules: explicitly list all qemu-system modules * d/control: build-depend on libglib2.0-dev (forgotten!) and zlib1g-dev, move the two to the top before all optional deps * d/changelog: fix 7.1+dfsg-1 changelog entry (qemu-user and qemu-system) -- Michael Tokarev Mon, 21 Aug 2023 09:57:59 +0300 qemu (1:8.0.4+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release Closes: CVE-2023-3180 (virtual crypto virtio_crypto_handle_sym_req) Closes: CVE-2023-3354 (VNC server QIOChannel NULL ptr deref) Closes: CVE-2023-3255 (VNC: infinite loop in inflate_buffer) * d/patches: remove patches picked up from stable-staging branch which are applied in 8.0.4 * d/control: build-depend on libglib2.0-dev (forgotten!) and zlib1g-dev, move the two to the top before all optional deps * remove xen-specific wrapper for qemu-system-i386 (needed for bookworm upgrade only) -- Michael Tokarev Fri, 11 Aug 2023 22:13:36 +0300 qemu (1:8.0.3+dfsg-5) unstable; urgency=medium * remove previous 2 mmap/brk patches for now linux-user-optimize-memory-layout-for-static-and-dyn.patch linux-user-load-pie-executables-at-upper-memory.patch These are intended for 8.1, and causes other issues on 8.0. Closes: #1042808 Reopens: #1040981 -- Michael Tokarev Wed, 02 Aug 2023 10:55:50 +0300 qemu (1:8.0.3+dfsg-4) unstable; urgency=medium * more linux-user address fixes from Helge Deller Remove stable-staging/linux-user-fix-qemu-arm-to-run-static-armhf-binaries.patch linux-user-limit-brk-adjustment-wrt-interp.brk-to-arm32.patch Add linux-user-show-heap-address-in-proc-pid-maps.patch linux-user-optimize-memory-layout-for-static-and-dyn.patch linux-user-load-pie-executables-at-upper-memory.patch This *might* fix #1041859. * stable-staging/tcg-ppc-fix-race-in-goto_tb-implementation.patch fix qemu sigsegv on ppc -smp. Should fix autopkgtests (debvm, others) * Stop passing --no-start to qga's dh_installsystemd. qga is activated from an udev rule, but we need to restart it on upgrade. Change by Sergio Durigan. Closes: LP#2028124. -- Michael Tokarev Wed, 26 Jul 2023 07:51:20 +0300 qemu (1:8.0.3+dfsg-3) unstable; urgency=medium * d/control: glusterfs: drop pre-buster glusterfs-common alternative, restrict glusterfs support to 64bit (see #1039604) * linux-user-limit-brk-adjustment-wrt-interp.brk-to-arm32.patch Fix (band-aid for now) an unexpected breakage caused by the previous patch in this area which fixes static executables loading on armhf. * d/binfmt-install: update mips* magic strings from upstream commit 77d119dd335f910c7: mips: allow nonzero EI_ABIVERSION, distinguish o32 and n32 (Closes: #1041597) -- Michael Tokarev Sat, 22 Jul 2023 11:53:38 +0300 qemu (1:8.0.3+dfsg-2) unstable; urgency=medium * d/patches: set Forwarded: URLs for some patches * add 5 qemu-user fixes staging for the next stable: linux-user-make-sure-initial-brk-0-is-page-aligned.patch linux-user-fix-qemu-brk-to-not-zero-bytes-on-current-page.patch linux-user-prohibit-brk-to-to-shrink-below-initial-address.patch linux-user-fix-signed-math-overflow-in-brk-syscall.patch linux-user-fix-qemu-arm-to-run-static-armhf-binaries.patch (Closes: #1040981) -- Michael Tokarev Thu, 20 Jul 2023 09:59:49 +0300 qemu (1:8.0.3+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release 8.0.3 Including the following security fix(es): - 9pfs: prevent opening special files (CVE-2023-2861) * remove patches now included upstream: - hw-mips-malta-fix-the-malta-machine-on-big-endian-hosts.patch - qga-fix-suspend-on-linux-guests-without-systemd.patch - hw_intc_allwinner-a10-pic-handle-IRQ-levels-other-than-0-or-1.patch - linux-user-Avoid-mmap-of-the-last-byte-of-the-reserv.patch * d/rules: omit qemu-systemd-data from dh_dwz run * d/rules: create qemu-system-armhf & qemu-system-armel aliases for qemu-system-arm (Closes: #1040209) -- Michael Tokarev Tue, 11 Jul 2023 15:07:04 +0300 qemu (1:8.0.2+dfsg-3) unstable; urgency=medium * d/patches/*: update, add DEP-3 headers * d/rules: strip ../../ prefix from compile paths to undo sub-subdir build (-ffile-prefix-map) * linux-user-Avoid-mmap-of-the-last-byte-of-the-reserv.patch: (hackish) fix for recent memory failures -- Michael Tokarev Thu, 29 Jun 2023 18:36:33 +0300 qemu (1:8.0.2+dfsg-2) unstable; urgency=medium * d/rules: --enable-libusb for xen build (Closes: #1037341) * reapply linux-user-binfmt-P.diff. Re-rely on qemu-user's argv0 to detect it is running in binfmt context. The problem is that while we ship kernel which can pass this info the qemu way, there are many containers which are running on older kernels still, including bullseye kernel (5.10) which does not have this feature. Keep it for a bit more. * hw_intc_allwinner-a10-pic-handle-IRQ-levels-other-than-0-or-1.patch Pick a patch from upstream mailinglist to fix regression in 8.0.2 -- Michael Tokarev Thu, 15 Jun 2023 22:25:50 +0300 qemu (1:8.0.2+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release Closes: #1029155, CVE-2023-0330: A DMA-MMIO reentrancy problem in lsi53c895a device * keep full upstream version number, not just first 2 components (Closes: #855966) * d/copyright: remove stray newline * d/control: drop libuuid-dev build-dep (not used) * clarify files in d/not-installed just a little bit * fixup qemu(1) refs in qemu-storage-daemon(1) * move qemu-storage-daemon and qemu-block-drivers.7 from qemu-system-common to qemu-utils * remove patches now included upstream: - linux-user-fix-getgroups-setgroups-allocations.patch - rtl8139-fix-large_send_mss-divide-by-zero.patch - target_i386-Change-wrong-XFRM-value.patch * qga-fix-suspend-on-linux-guests-without-systemd.patch (hopefully Closes: #1004943) * d/rules: disable pvrdma (Closes: #1034179, CVE-2023-1544) CVE-2023-1544: huge number of page tables for a ring of descriptors for CQ and async events, potentially leading to an OOB read and crash -- Michael Tokarev Sun, 11 Jun 2023 11:49:17 +0300 qemu (1:8.0+dfsg-4) experimental; urgency=medium * d/control: do not use --enable-spice on sh4 and --enable-seccomp on hppa where qemu-system is not being built * spelling-information.patch: add headers * merge d/qemu-system-x86.NEWS into d/qemu-system-common.NEWS * d/rules: migrate docs for individual qemu-system-foo into symlinks pointing to qemu-system-common docs * d/rules: move qemu-user-binfmt doclink to the proper place, and remove installdocs and installchangelogs overrides * d/qemu-system-common.README.Debian, d/qemu-user*.README.Debian: update statement about ppc64el in READMEs * d/rules: switch to more declarative approach to generating various qemu-system-foo packages, fix some bugs * d/rules: switch to use "-" in variable names instead of "_" to avoid exporting variables from environment * add qemu-system-for-arch package (commented-out for now) * refresh d/source/lintian-overrides -- Michael Tokarev Fri, 21 Apr 2023 19:11:53 +0300 qemu (1:8.0+dfsg-3) experimental; urgency=medium * Release highlights: - build only tools on unsupported arches - much easier arch control in a single place - much easier dependency/options control - stop building system targets on ia64 and kfreebsd * d/control: generate Architecture: field dynamically from d/rules * demote ia64 and kfreebsd from system arches to tools arches * include m68k into list of utils arches * optional dependencies and --enable-feature in d/control: - update d/extract-config-opts to expect dpkg-like [arch] patterns - d/control: unify and simplify arch strings for --enable-foo and dependencies - d/control: switch some build-deps to [:system-arch:] * stop using --enable-tcg-interpreter for unsupported arches, add --enable-tools for main qemu build * provide --disable-xkbcommon to stop building qemu-keymap tool (!) * d/rules: for !enable-system build, remove qemu.1 manpage * install upstream qemu.desktop file instead of debian-specific * d/*.install: list files relative to d/tmp/, use ${DEB_HOST_MULTIARCH} * d/qemu-system-common.install: move 3 linux-specific files from d/rules to here * d/rules: move qemu-block-extrs maintscript/savedir generation to instide enable-system -- Michael Tokarev Thu, 20 Apr 2023 20:50:35 +0300 qemu (1:8.0+dfsg-2) experimental; urgency=medium * re-add the dropped-on-the-way Provides: qemu-system-any * specify versions for all Provides: so it's possible to add versioned deps (including qemu-system-any and qemu-kvm) * d/control: collapse Depends: qemu-system-* into tne new qemu-system-any * drop Breaks:/Replaces: qemu-kvm (it was for old qemu-kvm binary pkg) -- Michael Tokarev Thu, 20 Apr 2023 13:09:57 +0300 qemu (1:8.0+dfsg-1) experimental; urgency=medium * New qemu release 8.0.0. * remove binfmt-support registration, use systemd binfmd.d/ only No more binfmt-support support. Unregister any entries on upgrades. * binfmt: ship (but not enable) entries for all arches, do not omit native Ship all really-foreign binfmt entries in /usr/lib/binfmt.d/ as usual, to be enable automatically at package install. Also ship the same-cpu-family entries in /usr/share/doc/qemu-user-static/qemu-foo.conf - this way it will not be enabled automatically but it will be possible to (carefully) symlink the needed additional entries to /etc/binfmt.d/. (Closes: #924667, #1016810, #1027781) * qemu-system-*: add extra names to use as qemu-system-${DEB_HOST_ARCH_CPU}, for both the Provides: line and executable file names. See /usr/share/doc/qemu-system-common/README.Debian. * qemu-system-*: also Provides: qemu-system-any * qemu-system-ppc: provide qemu-kvm on ppc64el too, the same as ppc64 * qemu-user, qemu-user-static: provide qemu-${DEB_HOST_ARCH}[-static] aliases too, when qemu arch is different from debian arch. See /usr/share/doc/qemu-user[-static]/README.Debian. * d/binfmt-install: fix disabled .conf entries install for qemu-user-binfmt (those goes to qemu-user doc dir, not qemu-user-binfmt doc dir) * d/control: remove old (pre-bullseye) Breaks/Replaces * qemu-bridge-helper-path.patch: use the right path for qemu-bridge-helper in docs (Closes: #1027447) * d/qemu-system-common.NEWS: document dropping of virtiofsd * d/rules: add comment saying why savemoddir block needs to be generated * stop trying to provide os-specific qemu-ifup * two more spelling fixes for mistyped "information" -- Michael Tokarev Thu, 20 Apr 2023 04:19:06 +0300 qemu (1:8.0~rc4+dfsg-2) experimental; urgency=medium [ Vagrant Cascadian ] * debian/rules: Use 'printf' instead of 'echo' to avoid differences in underlying /bin/sh implementations. Closes: #1034431 [ Michael Tokarev ] * Provide Debian architecture names for qemu-system-foo packages and binaries, for arm64, armel, armhf, powerpc, amd64, loong64 and ppc64el. It is now possible to run qemu-system-$debianarch binary or depend on qemu-system-$debianarch package. This should simplify various tools for cross compilation and the like. Also Closes: #825841. * d/qemu-system-ppc.README.Debian: remove obsolete README about video.x -- Michael Tokarev Tue, 18 Apr 2023 05:04:04 +0300 qemu (1:8.0~rc4+dfsg-1) experimental; urgency=medium * update to 8.0.0-rc4 * d/rules, d/qemu.desktop: install a simple .desktop file in qemu-system-data so that qemu-system-foo has an icon under gnome/wayland * re-enable build on x32 - disable new CONFIG_XEN_EMU which is now enabled unconditionally on x86 * d/patches: restore note-missing-module-pkg-name.diff (lost in one of previous commits) * pick 3 more fixes from qemu-devel@: +rtl8139-fix-large_send_mss-divide-by-zero.patch +target_i386-Change-wrong-XFRM-value.patch +hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch -- Michael Tokarev Fri, 14 Apr 2023 12:25:57 +0300 qemu (1:8.0~rc3+dfsg-2) experimental; urgency=medium * d/rules: fix qemu.svg install and remove .png fallback icons again (qemu window still doesn't have an icon) * d/binfmt-install: fix systemd binfmt registration broken since previous upload * +linux-user-fix-getgroups-setgroups-allocations.patch (Closes: #811087) -- Michael Tokarev Mon, 10 Apr 2023 12:33:01 +0300 qemu (1:8.0~rc3+dfsg-1) experimental; urgency=medium * new upstream release candidate (8.0.0-rc3) * d/control: build-depend on gcc-powerpc-linux-gnu (for u-boot code) * d/rules: build u-boot-sam460 ppc firmware (u-boot-sam460-20100605.bin) * +u-boot-sam460ex-fdi.patch * +u-boot-sam460ex-mstring.patch * d/copyright: stop stripping roms/u-boot/, we need it for u-boot.e500 * d/rules: build u-boot.e500 binary (Closes: #756833) * d/rules: install all png icons too (for gtk display) * d/rules: remove old compat qboot symlink * remove skip-meson-pc-bios.diff (and skip-unpack-edk2-blobs.patch), fix pc-bios/meson.build instead * remove d/get-orig-source.sh now when d/copyright is set up * d/source/options: stop diff-ignoring submodules -- Michael Tokarev Thu, 06 Apr 2023 09:50:41 +0300 qemu (1:8.0~rc2+dfsg-1) experimental; urgency=medium [ Michael Tokarev ] * new upstream 8.0 (rc2) Packaging changes: * d/rules, d/qemu-system-common.lintian-overrides: do not try to install virtiofsd, it is removed in qemu 8.0 * d/rules: do not build sgabios, it is removed upstream in 8.0 * spelling.diff: remove hunks which has been applied, adopt virtio.c=>virtio-hmp.c for remaining * patches: remove all patches from d/patches/master/ (picked from upstream) * hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch: remove, also applied upstream * microvm-default-machine-type.patch: adjust for 8.0 * openbios-address-of-packet-member.patch: remove, not needed anymore * d/control: build-depend on flex & bison * d/rules: it is --disable-install-blobs, not --disable-blobs for xen too * build microblaze firmware (petalogic-*.dtb) instead of using shipped one * remove microblaze firmware (petalogic-*.dtb) for -dfsg * remove previously deprecated qemu-debootstrap * stop using custom $argv[0] for binfmt * d/rules: always disable dwz if <<0.14 * stop enabling avx512f for xen build (it is disabled by default) * d/rules: install .bmp icon, not .png [ Christian Ehrhardt ] * d/control-in: libsndio is in universe in ubuntu * d/control-in: libnfs is in main since focal, enable direct nfs storage support (LP: #1988704) -- Michael Tokarev Fri, 31 Mar 2023 15:44:21 +0300 qemu (1:7.2+dfsg-5) unstable; urgency=medium * d/qemu-guest-agent.udev: fix missing comma (Christian Schneider , Closes: #1031838) * remove qemu-make-debian-root. Ths script debian/qemu-make-debian-root has been broken for ages. In 2023, it creates /etc/fstab with a reference to /dev/hda1, and edits /etc/inittab which does not exist. And no one noticed, - so it's safe to assume it is not used anymore. Just remove it. * re-pick qemu-stable patches from master (the same patch contents): master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch master/target-i386-Fix-BEXTR-instruction.patch master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch master/target-i386-fix-ADOX-followed-by-ADCX.patch * 20 more changes picked from upstream/master: master/target-i386-Fix-BZHI-instruction.patch master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch master/hw-smbios-fix-field-corruption-in-type-4-table.patch master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch master/Revert-x86-use-typedef-for-SetupData-struct.patch master/Revert-x86-return-modified-setup_data-only-if-read-a.patch master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch master/virtio-rng-pci-fix-migration-compat-for-vectors.patch master/virtio-rng-pci-fix-transitional-migration-compat-for.patch master/hw-timer-hpet-Fix-expiration-time-overflow.patch master/vdpa-stop-all-svq-on-device-deletion.patch master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch -- Michael Tokarev Sun, 05 Mar 2023 20:09:04 +0300 qemu (1:7.2+dfsg-4) unstable; urgency=medium * block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch: re-pick now from master (the same patch, moved to master/). * revert x86-don-t-let-decompressed-kernel-image-clobber-setu.patch Closes: #1031682. This turned out to be wrong move, breaking more stuff than fixing. Upstream is going to revert it too. -- Michael Tokarev Mon, 20 Feb 2023 21:00:18 +0300 qemu (1:7.2+dfsg-3) unstable; urgency=medium [ Paride Legovini ] * Disable LTO on non-amd64 builds (LP: #1921664) [ Michael Tokarev ] * target-arm-Fix-physical-address-resolution-for-Stage2.patch: re-fetch now from master branch * 4 more patches picked from master: x86-don-t-let-decompressed-kernel-image-clobber-setu.patch migration-ram-Fix-error-handling-in-ram_write_tracki.patch migration-ram-Fix-populate_read_range.patch qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch * 5 fixes picked from current pullreqs: block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch tests_tcg_i386-introduce-and-use-reg_t-consistently.patch target_i386-fix-BEXTR-instruction.patch target_i386-fix-C-flag-for-BLSI-BLSMSK-BLSR.patch target_i386-fix-ADOX-followed-by-ADCX.patch * disable dwz on certain architectures for older dwz (FTBFS on bullseye, #968670) -- Michael Tokarev Fri, 10 Feb 2023 14:29:12 +0300 qemu (1:7.2+dfsg-2) unstable; urgency=medium * d/rules: add -ffile-prefix-map when building skiboot * d/control: provide qemu-kvm in qemu-system-misc on s390x (Closes: #1029309) * d/control: drop dependency of qemu-guest-agent on lsb-base * Picked patches from qemu master branch tagged for qemu-stable up to commit deabea6e88 (2023-02-02): target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch target-arm-fix-handling-of-HLT-semihosting-in-system.patch meson-accept-relative-symlinks-in-meson-introspect-i.patch target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch hw-nvme-fix-missing-cq-eventidx-update.patch configure-fix-GLIB_VERSION-for-cross-compilation.patch target-arm-Fix-sve_probe_page.patch target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch * Also: target-arm-Fix-physical-address-resolution-for-Stage.patch -- Michael Tokarev Thu, 02 Feb 2023 21:17:10 +0300 qemu (1:7.2+dfsg-1) unstable; urgency=medium * new upstream release Closes: #1025123 CVE-2022-4172 (erst: undefined behavior in memcpy in write_erst_record) Closes: #1021981 qemu-user: faccessat2 is not implemented Closes: #1021019 CVE-2022-3165 (VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion) * remove patches applied upstream * refresh note-missing-module-pkg-name.diff * slirp is always external package now, not a submodule anymore * d/control: require meson >> 0.61.5~ for build * spelling.diff: update with more spelling error * add some lintian-overrides * fix minor spelling errors in patches * d/control: Bump Standards-Version to 4.6.1 * debian shell programs use "which" instead of the "command -v", fix that (Closes: #1018254) * Better fix for #1019011 (gcc ICE building palcode-clipper), use -O1 instead of -O2 for the failing compile when it actually fails (no need to depend on gcc-11, Closes: #1011003) -- Michael Tokarev Thu, 15 Dec 2022 17:17:28 +0300 qemu (1:7.1+dfsg-2) unstable; urgency=medium * tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch fix possible stack or heap overflow (tulip: DMA reentrancy issue) Closes: #1018055, CVE-2022-2962 * hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch fix possible use-after-free in paravirtual RDMA device. Closes: #1014589, CVE-2022-1050 * mention closing of #979677 (CVE-2020-14394) by 7.1 * d/rules: parametrify extra-cflags & extra-ldflags * d/rules: explicitly disable pie on arm64 due to https://sourceware.org/bugzilla/show_bug.cgi?id=29514 Fixes FTBFS. -- Michael Tokarev Tue, 13 Sep 2022 20:08:43 +0300 qemu (1:7.1+dfsg-1) unstable; urgency=medium * new upstream release (7.1) Closes: #1014958, CVE-2022-35414 Closes: #1014590, CVE-2022-0216 Closes: #979677, CVE-2020-14394 Closes: #987410, CVE-2021-3507 Closes: #988333, #1018913 * d/copyright: - remove mentions of slirp (packaged separately) - blindly convert to dep-5 (it needs a complete rewrite) - add Files-Excluded from d/get-orig-source.sh * d/gbp.conf: remove filter= (and whole [import-orig]) * d/watch: verify upstream tarballs * d/rules: stop faking skiboot version, it is now properly included in roms/skiboot/.version file. Add a dependency on this file too * d/patches: - remove use-fixed-data-path.patch: not needed anymore - linux-user-binfmt-P.diff: refresh - remove patches applied upstream * d/control: - it is --enable-capstone now, not --enable-capstone=system - it is --enable-png now, not --enable-vnc-png * d/rules: fix --enable-vhost-* options * d/rules: remove vnc-png for xen too * openbios-array-bounds-gcc12.patch * opensbi-fix-build-with-binutils-2.38.patch * d/rules: adopt vof build changes * d/qemu-system-data.docs: omit ccid.txt (removed) * temporary workaround for gcc-12 bug #1019011: use gcc-11-alpha-linux-gnu instead of gcc-alpha-linux-gnu (another option is to use -Os) * d/control: temporarily build-depend on libva-dev till #1019485 is fixed * add loongarch64 qemu-user and qemu-system arch -- Michael Tokarev Mon, 12 Sep 2022 11:50:53 +0300 qemu (1:7.0+dfsg-7) unstable; urgency=medium * d/tests/test-qemu-user: rework ls/glob test a bit * d/tests/test-qemu-user: fix ppc64le qemu architecture name * d/binfmt-install: use proper name for binfmt.d (*.conf) Hopefully closes: #1011003 * two virtio-scsi bugfixes from upstream: virtio-scsi-fix-ctrl-and-event-handler-functions-in-dataplane.patch virtio-scsi-don-t-waste-CPU-polling-the-event-virtqueue.patch * 3 patches from upstream to fix possible coroutine crashes: coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-rename-qemu_coroutine_inc-dec_pool_size.patch coroutine-revert-to-constant-batch-size.patch * target-i386-do-not-consult-nonexistent-host-leaves.patch * d/control: stop suggesting sudo for qemu-user-static * Revert "d/rules: do not try to enable tcg-interpreter on unsupported targets, it does not help anymore" - it does help but it needs a bit more work * disable xen support for qemu-system-x86 build and create a wrapper for -i386 to redirect xen-related usage to xen-specific binary with a warning (for bookworm only) * common-user-no-user.patch: fix one of FTBFS on unsupported architectures * d/rules: use regular variable assignment for BUILD_PACKAGES * two trivial patches to fix spelling in roms: openbios-spelling-endianess.patch slof-spelling-seperator.patch -- Michael Tokarev Sun, 15 May 2022 15:49:12 +0300 qemu (1:7.0+dfsg-6) unstable; urgency=medium * d/rules: the forgotten --enable-xen-pci-passthrough for the xen build * d/tests/test-qemu-user: rewrite to be more robust and complete and include test for qemu-user-static too. -- Michael Tokarev Mon, 09 May 2022 01:37:56 +0300 qemu (1:7.0+dfsg-5) unstable; urgency=medium * d/tests/test-qemu-user.sh: more arch-specific debugging/updates -- Michael Tokarev Sat, 07 May 2022 12:22:26 +0300 qemu (1:7.0+dfsg-4) unstable; urgency=medium * d/tests/: fix failing tests. - test-qemu-user: depend on gcc for dpkg-architecture to work, and print debugging info for future switch to uname -m - test-qemu-img: switch from using file to qemu-img info -- Michael Tokarev Sat, 07 May 2022 11:33:23 +0300 qemu (1:7.0+dfsg-3) unstable; urgency=medium [ Michael Tokarev ] * d/binfmt-install: also generate binfmt.d/ entries for systemd * d/control: use systemd as preferred alternative to binfmt-support hopefully Closes: #789011 (Minimal dependencies to register binfmt) Closes: #985889 (make binfmt setup configurable) * d/control: remove Riku Voipio from Uploaders. Thank you Riku! * d/rules: simplify DEB_BUILD_OPTIONS=parallel=N parsing [ Guido Günther ] * Add minimal autopkgtest (Closes: #832982) -- Michael Tokarev Sat, 07 May 2022 00:03:24 +0300 qemu (1:7.0+dfsg-2) unstable; urgency=medium * d/control: add Rules-Requires-Root: no * d/control: switch to debhelper-compat=13 * d/control: drop "qemu" empty/dummy pseudopackage * d/control: do not build linux-user* on ia64 and powerpc (not supported by upstream anymore) * d/control: add Breaks for qemu-system-data for other packages from which it borrowed files in the past (Closes: #1008095) * d/rules: switch to the dh sequence (but keep build-{arch,indep}), rearrange some rules. This brings us dh_dwz (very slow) and dh_strip_nondeterminism. * d/rules: do not explicitly turn off slirp & capstone (now properly controlled by --with[out]-default-features option) * d/rules: do not try to enable tcg-interpreter on the unsupported targets, it does not help to build tools anymore * d/rules: do not chown -w d/control, it breaks dpkg-source * d/rules: clean up the clean target * d/not-installed: list many documentation files and qemu-plugin.h * configure-make-fortify_source-yes-by-default.patch: enable fortify-source for minimal builds too * d/changelog: mention #990562 (CVE-2021-3611) closed by 7.0 -- Michael Tokarev Sat, 30 Apr 2022 13:38:12 +0300 qemu (1:7.0+dfsg-1) unstable; urgency=medium * update to 7.0 release -- Michael Tokarev Thu, 21 Apr 2022 14:19:51 +0300 qemu (1:7.0~rc4+dfsg-1) experimental; urgency=medium * New upstream 7.0 (rc) Closes: #990562, CVE-2021-3611 * remove patches applied upstream * remove new binary file, pc-bios/edk2-x86_64-microvm.fd.bz2 * d/control: remove libxfs-dev build dependency, the ioctl is implemented inline * d/control: stop build-depend-indep on libc6.1-dev-alpha-cross, not needed anymore * d/rules: update skiboot version check (skiboot hasn't canged since 6.1) * build & install vbootrom (npcm7xx_bootrom.bin), and build-depend-indep on gcc-arm-none-eabi * create a new binary package, qemu-system-xen, which provides /usr/libexec/xen-qemu-system-i386 binary for use by xen only. Once xen switches to use this binary instead of usual qemu-system-i386, xen support will be removed from the regular qemu-system-x86 build * use a fast inline version of /usr/share/dpkg/architecture.mk -- Michael Tokarev Sun, 17 Apr 2022 15:08:40 +0300 qemu (1:6.2+dfsg-3) unstable; urgency=medium [ Christian Ehrhardt ] * d/rules: ensure xen is built on x86 * d/rules: xen libexec dir is no more versioned * d/kvm-spice: fix when acceleration is already defined on the commandline [ Michael Tokarev ] * d/control, d/rules: do not compile xen support on i386, since it is amd64-only now (since 4.16) * d/control: add libbpf-dev & --enable-bpf for eBPF support (Closes: #994573) -- Michael Tokarev Fri, 25 Feb 2022 12:01:46 +0300 qemu (1:6.2+dfsg-2) unstable; urgency=medium * bump meson build-dep to 0.59.3 * build & include multiboot_dma.bin (Closes: #1003930) * libxml2 is not needed for parallels. Enable parallels block image format (Closes: #1003162) * acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch Closes: CVE-2021-4158 * acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch (Closes: #1004017) * acpi-fix-OEM_ID-padding.patch * debian/get-orig-source.sh: repack dfsg archive differently * mention closing of a few CVEs by 6.2.0 -- Michael Tokarev Thu, 20 Jan 2022 10:52:19 +0300 qemu (1:6.2+dfsg-1) unstable; urgency=medium [ Christian Ehrhardt ] * 6.2.0 upstream release Closes: #984452, CVE-2021-20203 (integer overflow issue in the vmxnet3 NIC emulator) Closes: #984453, CVE-2021-20196 (fdc: check drive block device before usage) Closes: #984451, CVE-2021-20255 (infinite recursion / DMA reentrancy in eepro100 i8255x device emulator) * d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean * Drop patches upstream in v6.2.0 * d/p/spelling.diff: update for v6.2.0 (partially accepted) * d/rules: use new --disable-install-blobs build arg * Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe", it is now in main (LP: #1934510) * d/rules: bump skiboot version for qemu v6.2.0 * d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue due to dfsg removal of blobs * d/rules: drop --disable-fdt on microvm builds (now strictly required on any x86 build) * d/rules: select default PARISC config for hppa-firmware -- Michael Tokarev Sun, 09 Jan 2022 12:52:10 +0300 qemu (1:6.1+dfsg-8) unstable; urgency=medium * fix keymaps definitions placement in last upload (Closes: #997925, #997926) -- Michael Tokarev Wed, 27 Oct 2021 13:27:09 +0300 qemu (1:6.1+dfsg-7) unstable; urgency=medium * qemu-system-data: do not install qemu.desktop (Closes: #995628) * remove qemu-user-static.README.Debian (#995633) * d/rules: update configure rules for different qemu builds * qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64 * promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86 since it uses the same modules actually * enable zstd compression support (Build-Depends) * qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp for the sdl ui * d/control: fix wrong relation (< vs <<) * d/control: use :native version of python3-sphynx (Closes: #995622) * do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu * quieten gcc11 warnings/errors so roms will compile (Closes: #997082) * move d/qemu-system-data.install to d/rules -- Michael Tokarev Tue, 26 Oct 2021 10:35:02 +0300 qemu (1:6.1+dfsg-6) unstable; urgency=medium * virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu * ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch Closes: #992726, CVE-2021-3638: inconsistent check in ati_2d_blt() may lead to out-of-bounds write * refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch} from upstream * hmp-unbreak-change-vnc.patch from upstream to fix 'change vnc passwd' command -- Michael Tokarev Wed, 29 Sep 2021 13:41:47 +0300 qemu (1:6.1+dfsg-5) unstable; urgency=medium * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code Closes: #993658 * d/rules: do not mark configure target as .PHONY since it is a real file -- Michael Tokarev Mon, 06 Sep 2021 01:20:59 +0300 qemu (1:6.1+dfsg-4) unstable; urgency=medium * qemu-sockets-fix-unix-socket-path-copy-again.patch replacing socket-unix-maxlen.patch Closes: #993145 * enable more devices for the microvm build: virtio-gpu & vhost-user-gpu virtio-input-host & vhost_user_input * move vhost-user-gpu files from qemu-system-common to qemu-system-gui this elminates X11 dependencies from non-gui qemu-system install * build and install vof.bin firmware * rearrange d/rules a bit to make different qemu builds to be consistent with sysdata-components * move ppc dtb firmware files from qemu-system-ppc to qemu-system-data * device-tree-compiler is now needed in build-indep-depends, not in build-depends * d/rules: use CROSSPFX variables * ubuntu only: - Revert commit from the previous release which restores relation between qemu-system-xen and qemu-system-gui since -xen is not compatible with -gui modules - qemu-system-xen does not suggest qemu-block-extra (incompatible too) - qemu-system-s390x recommends qemu-block-extra not suggests it -- Michael Tokarev Tue, 31 Aug 2021 22:27:25 +0300 qemu (1:6.1+dfsg-3) unstable; urgency=medium * fix brown-paper bag in last upload (--enable-libudev) * ubuntu only: restore relations (depends/recommends) between qemu-system-gui and qemu-system-xen since -xen replaces full qemu-system-x86 and acts the same way -- Michael Tokarev Tue, 31 Aug 2021 02:50:52 +0300 qemu (1:6.1+dfsg-2) unstable; urgency=medium * rearrange d/rules to be able to configure/build/install various different kinds of qemu builds (main/microvm/xen/static) separately, by splitting targets of d/rules into subtargets * enable many virtio devices for microvm build (Closes: #992029) * disable libudev and fuse for microvm build * rearrange options for microvm build in d/rules * tidy newly added assert in unix-domain socket handling code to account for extra \0 terminator for socket pathname, socket-unix-maxlen.patch (Closes: #993145) * upstream qemu added ignoring of *.patch to .gitignore, unignore them in d/.gitignore * re-add 4 patches which were lost from git during preparation for 6.1 (not affecting the source package) * uas-add-stream-number-sanity-checks-CVE-2021-3713.diff Closes: #992727, CVE-2021-3713 * Mention (some) bugs closed by 6.1 upstream * Mention closing of #947349 -- Michael Tokarev Tue, 31 Aug 2021 02:01:51 +0300 qemu (1:6.1+dfsg-1) unstable; urgency=medium * new upstream release (6.1.0) Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init) Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address) Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks) Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure) Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset) Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow) * refresh patches, remove patches which were applied upstream * remove newly appeared pc-bios/vof.bin in dfsg-clean * add python3-sphinx-rtd-theme to build-depends * removed qemu-system-moxie arch * actually build many qemu modules as modules, and install them in qemu-system-common. * make strong versioned dependency between various qemu-system-* packages, so that modules works correctly. * drop very old versions from Build-Depends, Depends and Recommends for packages which long has much more recent versions in debian * up qemu-block-extra dependecy level from Suggests to Recommends * d/control: stop suggesting sgabios by qemu-system-x86 * (experimental for now, needs more work) print name of the package name for a module which can't be loaded, to give a clue what other package one may need to install for the requested functionality * fix some spelling mistakes in visible messages (spelling.diff) * enable jack audio backend (in qemu-system-gui) (Closes: #984726) * other small/internal changes in packaging: - removed --disable-sheepdog which were dropped upstream - install gui modules in d/rules not in d/q-s-gui.install to be able to use wildcard in d/q-s-common.install - recommend qemu-block-extra, not suggest it and not depend on it (ubuntu) for qemu-system-* and qemu-utils - reformat qemu "deps" for qemu-system-gui, stop listing -xen there (it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only - d/control: stop recommending -gui for xen package (it is of no use for xen) - d/control: reformat Depends for qemu-block-extra, do not include -xen version there, mark -x390x as ubuntu-only, and allow qemu-utils to satisfy the dependency - do not install docs which does not exist anymore - stop omiting Changelog from dh_installchangelog: the file is long gone - d/rules: explicitly state version of skiboot as it is stored in a git tag only, or else skiboot does not build (hack) - put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so to qemu-system-gui as it pulls in X11 -- Michael Tokarev Wed, 25 Aug 2021 15:59:26 +0300 qemu (1:6.0+dfsg-4) unstable; urgency=medium * d/rules: fix last ubuntu merge, xen is x86-only, not all-debian -- Michael Tokarev Tue, 17 Aug 2021 19:04:30 +0300 qemu (1:6.0+dfsg-3) unstable; urgency=medium [ Michael Tokarev ] * enable /run/qemu mount on ubuntu only * usbredir-fix-free-call-CVE-2021-3682.patchi Closes: #991911, CVE-2021-3682 [ Christian Ehrhardt ] * ubuntu-only changes: - d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra - d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative * d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch: avoid segfaults by uretprobes (LP 1929926) -- Michael Tokarev Tue, 17 Aug 2021 17:49:10 +0300 qemu (1:6.0+dfsg-2exp) experimental; urgency=medium [ Christian Ehrhardt ] * qemu 6.0 broke libvirt <7.2, add a Breaks to avoid partial upgrade issues (LP: #1932264) * enable SDL as secondary UI backend (LP: #1256185) (Closes: #947349) * clear all (current and former) modules on purge * only save modules if /run/qemu isn't noexec * provide run-qemu.mount in qemu-block-extra (disabled in debian for now) * Disable capstone disassembler library support in ubuntu (universe) [ Michael Tokarev ] * qemu does not ship Changelog file anymore * drop version from libfuse-dev build-depends (noticed by Ville Skyttä) * a few patches from upstream stable: - target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch fix various crashes in ppc system emulation. Thanks to Christian Ehrhardt for pointing this out - pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch (Closes: #990565, CVE-2021-3582) - pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch (Closes: #990564, CVE-2021-3607) - pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch (Closes: #990563, CVE-2021-3608) - usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch (Closes: #988157, CVE-2021-3527) * mention closing of 3 bugs in am53c974 (ESP) device emulation by 6.0 (Closes: #979679, CVE-2020-35504) (Closes: #984455, CVE-2020-35505) (Closes: #984454, CVE-2020-35506) * make fuse debian-only, since libfuse3 in ubuntu is in universe * fix microvm default machine type for a new build system (LP: #1936894) -- Michael Tokarev Wed, 21 Jul 2021 19:43:37 +0300 qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium * new upstream release Closes: #979679, CVE-2020-35504 Closes: #984455, CVE-2020-35505 Closes: #984454, CVE-2020-35506 * remove obsolete patches, refresh use-fixed-data-path.patch * use libncurses-dev, not old libncursesw5-dev * enable fuse export (and build-depend on libfuse3-dev) * install (new) manpages for qemu-storage-daemon * enable new hexagon qemu-user target * two patches to fix 3 new spelling mistakes * remove now-unused shared-library-lacks-prerequisites lintian-overrides for qemu-user-static -- Michael Tokarev Sat, 08 May 2021 10:16:05 +0300 qemu (1:5.2+dfsg-11) unstable; urgency=medium * i386-acpi-restore-device-paths-for-pre-5.1-vms.patch This fixes a serious issue in some VMs (in particuar, Windows & MacOS) when migrating from buster qemu to bullseye qemu. (Closes: #990675) * pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch (Closes: #990565, CVE-2021-3582) * pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch (Closes: #990564, CVE-2021-3607) * pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch (Closes: #990563, CVE-2021-3608) * ide-atapi-check-logical-block-address-and-read-size-CVE-2020-29443.patch (Closes: #983575, CVE-2020-29443) * usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch (Closes: #988157, CVE-2021-3527) -- Michael Tokarev Sun, 18 Jul 2021 16:14:41 +0300 qemu (1:5.2+dfsg-10) unstable; urgency=medium * 5 sdhci fixes from upstream: dont-transfer-any-data-when-command-time-out.patch dont-write-to-SDHC_SYSAD-register-when-transfer-is-in-progress.patch correctly-set-the-controller-status-for-ADMA.patch limit-block-size-only-when-SDHC_BLKSIZE-register-is-writable.patch reset-the-data-pointer-of-s-fifo_buffer-when-a-different-block-size...patch (Closes: #986795, #970937, CVE-2021-3409, CVE-2020-17380, CVE-2020-25085) * mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch fix possible use-after-free in mptsas_free_request (Cloese: #984449, CVE-2021-3392) -- Michael Tokarev Fri, 16 Apr 2021 12:43:36 +0300 qemu (1:5.2+dfsg-9) unstable; urgency=medium * do not make qemu-system-data dependent on qemu-system-foo (Closes: #985040) * CVE-2021-20263 - implement dropping security.capability xattr This adds two patches from upstream: virtiofsd-save-error-code-early-at-the-failure-callsite.patch virtiofsd-drop-remapped-security.capability-..-needed-CVE-2021-20263.patch Closes: #985083, CVE-2021-20263 * CVE-2021-3416 fix from upstream Fixes infinite loop in loopback mode of various network devices, adding 10 patches from upstream Closes: #984448, CVE-2021-3416 * net-e1000-fail-early-for-evil-descriptor-CVE-2021-20257.patch Fix CVE-2021-20257 from upstream: e1000: infinite loop while processing transmit descriptors Closes: #984450, CVE-2021-20257 -- Michael Tokarev Wed, 17 Mar 2021 21:02:30 +0300 qemu (1:5.2+dfsg-8) unstable; urgency=medium * a no-change upload to fix broken previous upload -- Michael Tokarev Sun, 14 Mar 2021 12:21:37 +0300 qemu (1:5.2+dfsg-7) unstable; urgency=high * do not make qemu-system-common dependent on qemu-system-foo. We removed modules from qemu-system-common for now, so there's no need for it to depend on any of qemu-system-foo of the same version. Among other things this fixes #983756 (which should be fixes some other way anyway, but it should be ok for now). Closes: #983756, #983921, #985195 Urgency is high because a single bin-NMU of qemu package made it uninstallable. -- Michael Tokarev Sun, 14 Mar 2021 11:32:54 +0300 qemu (1:5.2+dfsg-6) unstable; urgency=medium * deprecate qemu-debootstrap. It is not needed anymore with binfmt F flag, since everything now works without --foreign debootstrap argument and copying the right qemu binary into the chroot. Closes: #901197 * fix the brown-paper bag bug: wrong argument order in the linux-user-binfmt patch (really closes: #970460) -- Michael Tokarev Tue, 16 Feb 2021 12:11:20 +0300 qemu (1:5.2+dfsg-5) unstable; urgency=medium * d/rules: ensure b/ subdir exists before building palcode and qboot * d/changelog: #959530 is not fixed by 5.2+dfsg-4 * 3 virtiofsd patches Closes: #980814, CVE-2020-35517 virtiofsd: potential privileged host device access from guest - virtiofsd-extract-lo_do_open-from-lo_open.patch - virtiofsd-optionally-return-inode-pointer-from-lo_do_lookup.patch - virtiofsd-prevent-opening-of-special-files-CVE-2020-35517.patch -- Michael Tokarev Sun, 14 Feb 2021 17:44:06 +0300 qemu (1:5.2+dfsg-4) unstable; urgency=medium [ Michael Tokarev ] * require libfdt >= 1.5.0-2 due to #931046 * qemu-user: attempt to preserve argv[0] when run under binfmt (Closes: #970460) This changes the enterpreter name for all linux-user registered binfmts, so it potentially can break stuff. The actual binary being registered now is /usr/libexec/qemu-binfmt/foo-binfmt-P, which is a symlink to actual /usr/lib/qemu-foo[-static]. * ignore .git-submodule-status when building source * some security fixes from upstream: o arm_gic-fix-interrupt-ID-in-GICD_SGIR-CVE-2021-20221.patch Closes: CVE-2021-20221 GIC (armv7): out-of-bound heap buffer access via an interrupt ID field o 9pfs-Fully-restart-unreclaim-loop-CVE-2021-20181.patch Closes: CVE-2021-20181 * non-security fixes from upstream: pc-bios-descriptors-fix-paths-in-json-files.patch - fixes wrong paths in edk2-firmware-related json files introduced in 5.2 [ Christian Ehrhardt ] * d/control-in: avoid version mismatch of installed binaries (Closes: #956377) [ Dan Streetman ] * Backport configure param --with-git-submodules and set to 'ignore' -- Michael Tokarev Sun, 14 Feb 2021 16:52:10 +0300 qemu (1:5.2+dfsg-3) unstable; urgency=medium [ Christian Ehrhardt ] * d/rules: fix qemu-user-static to really be static (LP: #1908331) [ Michael Tokarev ] * build most modules statically (besides block and gui parts). This makes qemu-system-common package to be of less strict dependency for other qemu-system-* packages, and also Closes: #977301, #978131 * especially remove removed binfmts in qemu-user-{static,binfmt}.preinst (really Closes: #977015) * memory-clamp-cached-translation-MMIO-region-CVE-2020-27821.patch (Closes: #977616, CVE-2020-27821) -- Michael Tokarev Tue, 29 Dec 2020 15:07:03 +0300 qemu (1:5.2+dfsg-2) unstable; urgency=medium * move ui-opengl.so module from qemu-system-gui to qemu-system-common, as other modules want it (Closes: #976996, #977022) * do not install dropped ppc64abi32 binfmt for qemu-user[-static] (Closes: #977015) -- Michael Tokarev Thu, 10 Dec 2020 11:15:43 +0300 qemu (1:5.2+dfsg-1) unstable; urgency=medium * new upstream release Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3) Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2) Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3) Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058) Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f) Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a) Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6) Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540) Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1) Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03) Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9) Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a) * remove obsolete patches * refresh use-fixed-data-path.patch and debian/get-orig-source.sh * bump minimum meson version required for build to 0.55.3 * update build rules for several components * remove deprecated lm32 and unicore32 system emulators * remove deprecated ppc64abi32 and tilegx linux-user emulators * install ui-spice-core.so & chardev-spice.so in qemu-system-common * install ui-egl-headless.so in qemu-system-common * install hw-display-virtio-*.so in qemu-system-common * install ui-opengl.so in qemu-system-gui * install qemu-pr-helper.8 in qemu-system-common * qemu-pr-helper moved to usr/bin/ again * qboot.rom renamed from bios-microvm.bin * remove several unused lintian overrides * add spelling.diff patch to fix a few spelling errors * update Standards-Version to 4.5.1 * fix a few trailing whitespaces in d/control and d/changelog * require libcapstone >= 4.0.2 (v4) for build -- Michael Tokarev Wed, 09 Dec 2020 08:57:41 +0300 qemu (1:5.1+dfsg-4) unstable; urgency=high * mention closing of CVE-2020-16092 by 5.1 * usb-fix-setup_len-init-CVE-2020-14364.patch Closes: #968947, CVE-2020-14364 (OOB r/w access in USB emulation) -- Michael Tokarev Wed, 02 Sep 2020 16:14:52 +0300 qemu (1:5.1+dfsg-3) unstable; urgency=medium * fix one more issue in last upload. This is what happens when you do "obvious" stuff in a hurry without proper testing.. -- Michael Tokarev Mon, 17 Aug 2020 22:19:55 +0300 qemu (1:5.1+dfsg-2) unstable; urgency=medium * fix brown-paper bag bug in last upload -- Michael Tokarev Mon, 17 Aug 2020 20:58:52 +0300 qemu (1:5.1+dfsg-1) unstable; urgency=medium * hw-display-qxl.so depends on spice so install it only if it is built just like ui-spice-app * note #931046 for libfdt -- Michael Tokarev Mon, 17 Aug 2020 18:57:14 +0300 qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium * new upstream release 5.1.0. Make source DFSG-clean again Closes: #968088 Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3) * remove all patches which are applied upstream * do not install non-existing doc/qemu/*-ref.* * qemu-pr-helper is now in /usr/lib/qemu not /usr/bin * virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin * new architecture: qemu-system-avr * refresh d/get-orig-source.sh * d/get-orig-source.sh: report already removed files in dfsg-clean * install common modules in qemu-system-common * lintian tag renamed: shared-lib-without-dependency-information to shared-library-lacks-prerequisites -- Michael Tokarev Wed, 12 Aug 2020 19:09:24 +0300 qemu (1:5.0-14) unstable; urgency=high * this is a bugfix release before breaking toys with the new upstream * riscv-allow-64-bit-access-to-SiFive-CLINT.patch (another fix for revert-memory-accept-..-CVE-2020-13754) * install /usr/lib/*/qemu/ui-curses.so in qemu-system-common Closes: #966517 -- Michael Tokarev Fri, 31 Jul 2020 11:45:25 +0300 qemu (1:5.0-13) unstable; urgency=medium * seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 -- Michael Tokarev Wed, 22 Jul 2020 22:16:41 +0300 qemu (1:5.0-12) unstable; urgency=medium * acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch and acpi-tmr-allow-2-byte-reads.patch, a more complete fix * xhci-fix-valid.max_access_size-to-access-address-registers.patch fix one more incarnation of the breakage after the CVE-2020-13754 fix * do not install outdated (0.12 and before) Changelog (Closes: #965381) * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 * sm501 OOB read/write due to integer overflow in sm501_2d_operation() List of patches: sm501-convert-printf-abort-to-qemu_log_mask.patch sm501-shorten-long-variable-names-in-sm501_2d_operation.patch sm501-use-BIT-macro-to-shorten-constant.patch sm501-clean-up-local-variables-in-sm501_2d_operation.patch sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch Closes: #961451, CVE-2020-12829 -- Michael Tokarev Wed, 22 Jul 2020 19:42:29 +0300 qemu (1:5.0-11) unstable; urgency=high * d/control-in: only enable opengl (libdrm&Co) on linux * d/control-in: spice: drop versioned deps (even jessie version is enough), drop libspice-protocol-dev (automatically pulled by libspice-server-dev), and build on more architectures * change from debhelper versioned dependency to debhelper-compat (=12) * acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793) This is another incarnation of the recent bugfix which actually enabled memory access constraints, like #964247 Urgency = high due to this issue. -- Michael Tokarev Mon, 20 Jul 2020 18:41:17 +0300 qemu (1:5.0-10) unstable; urgency=medium * fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x) * use the same $(if) construct to simplify #ifdeffery -- Michael Tokarev Sat, 18 Jul 2020 10:02:41 +0300 qemu (1:5.0-9) unstable; urgency=medium * move kvm executable/script from qemu-kvm to qemu-system-foo, make it multi-arch, and remove qemu-kvm package * remove libcacard leftovers from d/.gitignore * linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch (Closes: #965109) * linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289) * libudev is linux-specific, do not build-depend on it on kfreebsd and others * install virtiofsd in d/rules (!sparc64) instead of d/qemu-system-common.install (fixes FTBFS on sparc64) * confirm -static-pie not working today still * d/control: since qemu-system-data now contains module(s), it can't be multi-arch. Ditto for qemu-block-extra. * qemu-system-foo: depend on exact version of qemu-system-data, due to the latter having modules * build all modules since there are modules anyway, no need to hack them in d/rules * fix spelling in a patch name/subject inlast upload * d/rules: do not use dh_install and dh_movefiles for individual pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files listed in d/foo.install too, in addition to given on command-line * remove trailing whitespace from d/changelog -- Michael Tokarev Sat, 18 Jul 2020 08:29:38 +0300 qemu (1:5.0-8) unstable; urgency=medium * d/control: rdma is linux-only, do not enable it on kfreebsd & hurd * add comment about virtiofsd conditional to d/qemu-system-common.install Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing seccomp onn that platform, we should either make virtiofsd conditional (!sparc64) or fix seccomp on sparc64 and build-depend on it * openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466) * seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467) * slof-remove-user-and-host-from-release-version.patch (Closes: #963472) * slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470) * update previous changelog, mention #945997 * reapply CVE-2020-13253 fixed from upstream: sdcard-simplify-realize-a-bit.patch (preparation for the next patch) sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253) sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational) sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch Closes: #961297, CVE-2020-13253 -- Michael Tokarev Fri, 17 Jul 2020 09:12:43 +0300 qemu (1:5.0-7) unstable; urgency=medium * Revert "d/rules: report config log from the correct subdir - base build" * Revert "d/rules: report config log from the correct subdir - microvm build" * acpi-tmr-allow-2-byte-reads.patch (Closes: #964247) * remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch - upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253) * explicitly specify --enable-tools on hppa and do the same trick with --enable-tcg-interpreter --enable-tools on a few other unsupported arches (Closes: #964372, #945997) -- Michael Tokarev Thu, 16 Jul 2020 18:36:08 +0300 qemu (1:5.0-6) unstable; urgency=medium [ Christian Ehrhardt ] * d/control-in: disable pmem on ppc64 as it is currently considered experimental on that architecture * d/rules: makefile definitions can't be recursive - sys_systems for s390x * d/rules: report config log from the correct subdir - base build * d/rules: report config log from the correct subdir - microvm build * d/control-in: disable rbd support unavailable on riscv * fix assert in qemu guest agent that crashes on shutdown (LP: #1878973) * d/control-in: build-dep libcap is no more needed * d/rules: update -spice compat (Ubuntu only) [ Michael Tokarev ] * save block modules on upgrades (LP: #1847361) After upgrade a still running qemu of a former version can't load the new modules e.g. for extended storage support. Qemu 5.0 has the code to allow defining a path that it will load these modules from. * ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger infinite recursion via a crafted mm_index value during ati_mm_read or ati_mm_write call. * revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu devices which uses min_access_size and max_access_size Memory API fields. Also closes: CVE-2020-13791 * exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch CVE-2020-13659: address_space_map in exec.c can trigger a NULL pointer dereference related to BounceBuffer * megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c has an OOB read via a crafted reply_queue_head field from a guest OS user * megasas-use-unsigned-type-for-positive-numeric-fields.patch fix other possible cases like in CVE-2020-13362 (#961887) * megasas-fix-possible-out-of-bounds-array-access.patch Some tracepoints use a guest-controlled value as an index into the mfi_frame_desc[] array. Thus a malicious guest could cause a very low impact OOB errors here * nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a DoS. * es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation * sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. And a preparational patch, sdcard-update-coding-style-to-make-checkpatch-happy.patch * a few patches from the stable series: - fix-tulip-breakage.patch The tulip network driver in a qemu-system-hppa emulation is broken in the sense that bigger network packages aren't received any longer and thus even running e.g. "apt update" inside the VM fails. Fix this. - 9p-lock-directory-streams-with-a-CoMutex.patch Prevent deadlocks in 9pfs readdir code - net-do-not-include-a-newline-in-the-id-of-nic-device.patch Fix newline accidentally sneaked into id string of a nic - qemu-nbd-close-inherited-stderr.patch - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch - virtio-balloon-unref-the-iothread-when-unrealizing.patch [ Aurelien Jarno ] * Remove myself from maintainers -- Michael Tokarev Fri, 03 Jul 2020 18:24:48 +0300 qemu (1:5.0-5) unstable; urgency=medium * more binfmt-install updates * CVE-2020-10717 fix from upstream: virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch (Closes: #959746, CVE-2020-10717) * 2 patches from upstream/stable to fix io_uring fd set buildup: aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch * upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch * upstream stable fix: net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch -- Michael Tokarev Wed, 13 May 2020 12:57:19 +0300 qemu (1:5.0-4) unstable; urgency=medium * fix binfmt registration (Closes: #959222) * disable PIE for user-static build on x32 too, not only i386 -- Michael Tokarev Fri, 01 May 2020 13:30:43 +0300 qemu (1:5.0-3) unstable; urgency=medium * do not explicitly enable -static-pie on non-i386 architectures. Apparenly only amd64 actually support -static-pie for now, and it is correctly detected. -- Michael Tokarev Thu, 30 Apr 2020 08:05:31 +0300 qemu (1:5.0-2) unstable; urgency=medium * (temporarily) disable pie on i386 static build For now -static-pie fails on i386 with the following error message: /usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o): unsupported non-PIC call to IFUNC `memset' * install qemu-system docs in qemu-system-common, not qemu-system-data, since docs require ./configure run -- Michael Tokarev Wed, 29 Apr 2020 23:41:04 +0300 qemu (1:5.0-1) unstable; urgency=medium * new upstream release (5.0) Closes: #958926 Closes: CVE-2020-11869 * refresh patches, remove patches applied upstream * do not mention openhackware, it is not used anymore * do not disable bluez (support removed) * new system arch "rx" * dont install qemu-doc.* for now, but install virtiofsd & qemu-storage-daemon * add shared-lib-without-dependency-information tag to qemu-user-static.lintian-overrides * add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common) * do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools * install qemu-user html docs for qemu-user & qemu-user-static * build hppa-firmware.img from roms/seabios-hppa (and Build-Depeds-Indep on gcc-hppa-linux-gnu) * enable liburing on linux (build-depend on liburing-dev) * add upstream signing-key.asc (Michael Roth ) * build opensbi firmware (for riscv64 only, riscv32 is possible with compiler flags) * add source-level lintian-overrides for binaries-without-sources (lintian can't find sources for a few firmware images which are in roms/) -- Michael Tokarev Wed, 29 Apr 2020 12:00:12 +0300 qemu (1:4.2-7) unstable; urgency=medium * qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763) * x32 arch is in the same family as i386 & x86_64, omit binfmt registration * check systemd-detect-virt before running update-binfmt * gluster is de-facto linux-only, do not build-depend on it on non-linux * virglrenderer is also essentially linux-specific * qemu-user-static does not depend on shlibs * disable parallel building of targets of d/rules * add lintian overrides (arch-dependent static binaries) for openbios binaries * separate binary-indep target into install-indep-prep and binary-indep * split out various components of qemu-system-data into independent build/install rules and add infrastructure for more components: x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper, slof, s390x-fw * iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch -- Michael Tokarev Mon, 20 Apr 2020 18:30:00 +0300 qemu (1:4.2-6) unstable; urgency=medium * d/rules: fix FTBFS (brown-paper-bag bug) in last upload -- Michael Tokarev Tue, 14 Apr 2020 17:08:45 +0300 qemu (1:4.2-5) unstable; urgency=medium * no error-out on address-of-packet-member in openbios * install ui-spice-app.so only if built, spice is optional * arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch - Closes: CVE-2020-10702, weak signature generation in Pointer Authentication support for ARM * (temporarily) enable seccomp only on architectures where it can be built (Closes: #956624) * seccomp has grown up, no need in versioned build-dep * do not list librados-dev in build-dep as we only use librbd-dev and the latter depends on the former * only enable librbd on architectures where it is buildable -- Michael Tokarev Tue, 14 Apr 2020 15:47:40 +0300 qemu (1:4.2-4) unstable; urgency=medium [ Michael Tokarev ] * d/rules: build minimal configuration for qboot/microvm usage * set microvm to be the default machine type for microvm case * install ui-spice-app.so in qemu-system-common * do not depend on libattr-dev, functions are now in libc6 (Closes: #953910) * net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch (Closes: #956145, CVE-2020-11102, tulip nic buffer overflow) * qemu-system-data: s/highcolor/hicolor/ (Closes: #955741) * switch binfmt registration to use update-binfmts --[un]import (Closes: #866756) * build openbios-ppc & openbios-sparc binaries in qemu-system-data, and replace corresponding binary packages. Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep * build and provide/replace qemu-slof too [ Aurelien Jarno ] * enable support for riscv64 hosts -- Michael Tokarev Tue, 14 Apr 2020 12:44:43 +0300 qemu (1:4.2-3) unstable; urgency=medium * mention closing of #909743 in previous changelog (Closes: #909743) * do not link to qemu-skiboot from qemu-system-ppc (Closes: #950431) * provide+conflict qemu-skiboot from qemu-system-data, as we are not using this package anymore -- Michael Tokarev Sat, 01 Feb 2020 22:10:57 +0300 qemu (1:4.2-2) unstable; urgency=medium [ Fabrice Bauzac ] * Fix a typo in the description of the qemu binary package [ Frédéric Bonnard ] * Enable powernv emulation with skiboot firmware [ Michael R. Crusoe ] * Modernize watch file (Closes: #909743) [ Christian Ehrhardt ] * d/control-in: promote qemu-efi/ovmf in Ubuntu * d/control-in: bump debhelper build-dep for compat 12 * - d/control-in: update VCS links * - d/control-in: disable bluetooth being deprecated * d/not-installed: ignore new interop docs and extra icons for now * do not install elf2dmp until namespaced * d/control-in: Enable numa support for s390x * Create qemu-system-s390x package (Ubuntu only for now) [ Michael Tokarev ] * stop using inttypes.h in qboot code; this makes dependency on libc6-dev-i386 to be unnecessary * qboot-no-jump-tables.diff - use #pragma for one file in qboot * do not install qemu-edid and qemu-keymap for now * no need in bluetooth patches as bluetooth is disabled * scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch (Closes: #949731, CVE-2020-1711) * enable libpmem support on amd64|arm64|ppc64el (Closes: #935327) -- Michael Tokarev Fri, 31 Jan 2020 23:51:09 +0300 qemu (1:4.2-1) unstable; urgency=medium * new upstream release (4.2.0) * removed patches: v4.1.1.diff, enable-pschange-mc-no.patch * do not make sgabios.bin executable (lintian) * add s390-netboot.img lintian overrides for qemu-system-data * build qboot (bios-microvm.bin) * build-depend-indep on libc6-dev-i386 for qboot (includes some system headers) -- Michael Tokarev Sat, 14 Dec 2019 14:07:27 +0300 qemu (1:4.1-3) unstable; urgency=medium * mention #939869 (CVE-2019-15890) in previous changelog entry * add Provides: sgabios to qemu-data (Closes: #945924) * fix qemu-debootsrtap (add hppa arch, print correct error message) thanks to Helge Deller (Closes: #923410) * enable long binfmt masks again for mips/mips32 (Closes: #829243) -- Michael Tokarev Mon, 02 Dec 2019 13:24:58 +0300 qemu (1:4.1-2) unstable; urgency=medium * build sgabios in build-indep, conflict with sgabios package * qemu-system-ppc: build and install canyonlands.dtb in addition to bamboo.dtb * remove duplicated CVE-2018-20123 & CVE-2018-20124 in prev changelog * move s390 firmware build rules to debian/s390fw.mak, build s390-netboot.img * imported v4.1.1.diff - upstream stable branch Closes: CVE-2019-12068 Closes: #945258, #945072 * enable-pschange-mc-no.patch: i386: add PSCHANGE_MC_NO feature to allow disabling ITLB multihit mitigations in nested hypervisors Closes: #944623 * build-depend on nettle-dev, enable nettle, and clarify --enable-lzo * switch to system libslirp, build-depend on libslirp-dev Closes: #939869, CVE-2019-15890 -- Michael Tokarev Mon, 25 Nov 2019 12:54:05 +0300 qemu (1:4.1-1) unstable; urgency=medium * new upstream release v4.1 Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly) (use internal slirp copy for now) Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME) Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity) Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug) Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE) Closes: #927924 (new upstream version) Closes: #897054 (AMD Zen CPU support) Closes: #935324 (FTBFS due to gluster API change) Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings) Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings) Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.) Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c) * remove patches which are applied upstream, refresh remaining patches (bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream, bluetooth subsystem is going to be removed, we keep it for now) * debian/source/options: ignore slirp/ submodule * use python3 for building, not python * debian/optionrom.mk: add pvh.bin * switch from libssh2 to libssh, and enable libssh support in ubuntu * bump spice version requiriment to 0.12.5 * enable pvrdma * debian/control-in: remove reference to libsdl * debian/rules: add new objects for s390-ccw fw * debian/control: add build dependency on python3-sphinx for docs * install ui/icons/qemu.svg and qemu.desktop * debian/rules: remove pc-bios/bamboo.dtb before building it * install vhost-user-gpu binary and 50-qemu-gpu.json * debian/rules: remove old maintscript-helper invocations, not needed anymore * remove +dfsg for now, upload whole upstream source, will trim it later -- Michael Tokarev Tue, 27 Aug 2019 12:43:43 +0300 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog qemu-system-common`.