diff --git a/debian/changelog b/debian/changelog index 2b6ae16..8b87d5e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,55 @@ +qemu (1:5.2+dfsg-3ubuntu1) hirsute; urgency=medium + + * Merge with Debian unstable, includes fixes for + - qemu-user-static are partially dynamically linked (LP: #1908331) + - qemu crashing when using spice without qemu-system-gui being + installed (LP: #1908577) + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - Enable nesting by default + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + [includes compat links changes of 5.0-5ubuntu4] + - allow qemu to load old modules post upgrade (LP 1847361) + - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in + - d/rules: Drop generating package version into maintainer scripts + - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on + the bad old prerm (LP 1906245 1905377) + - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix + ld usage of -no-pie (LP 1907789) + + -- Christian Ehrhardt Tue, 05 Jan 2021 12:43:42 +0100 + qemu (1:5.2+dfsg-3) unstable; urgency=medium [ Christian Ehrhardt ] @@ -14,6 +66,64 @@ qemu (1:5.2+dfsg-3) unstable; urgency=medium -- Michael Tokarev Tue, 29 Dec 2020 15:07:03 +0300 +qemu (1:5.2+dfsg-2ubuntu1) hirsute; urgency=medium + + * Merge with Debian unstable + - includes fix for CVE-2020-17380 + - includes a fix for s390x PCI device reset (LP: #1907656) + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: distro machine types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - Enable nesting by default + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + [includes compat links changes of 5.0-5ubuntu4] + - allow qemu to load old modules post upgrade (LP 1847361) + - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in + - d/rules: Drop generating package version into maintainer scripts + - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on + the bad old prerm (LP 1906245 1905377) + * Dropped Changes: + - d/control, d/rules: build with gcc-9 on armhf as workaround until + resolved in gcc-10 (LP: 1890435) [it is flaky still, but no more 100% + fails] + * Added Changes: + - Refreshed ubuntu machine types for hirsute@5.2 + - d/control: regenerated from d/control-in + - d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix + ld usage of -no-pie (LP: #1907789) + + -- Christian Ehrhardt Wed, 09 Dec 2020 16:44:47 +0100 + qemu (1:5.2+dfsg-2) unstable; urgency=medium * move ui-opengl.so module from qemu-system-gui to qemu-system-common, @@ -59,6 +169,153 @@ qemu (1:5.2+dfsg-1) unstable; urgency=medium -- Michael Tokarev Wed, 09 Dec 2020 08:57:41 +0300 +qemu (1:5.1+dfsg-4ubuntu3) hirsute; urgency=medium + + * d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on + the bad old prerm (LP: #1906245) + + -- Christian Ehrhardt Mon, 30 Nov 2020 12:53:03 +0100 + +qemu (1:5.1+dfsg-4ubuntu2) hirsute; urgency=medium + + * Fix upgrade module handling (LP: #1905377) + This was accetped in a slightly different form in qemu_5.0-6 and therefore + allows to drop some former delta that is now conflicting. + Ubuntu still keeps enabling --enable-module-upgrades, but only for + qemu-xen which doesn't exist in Debian + - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in + - d/rules: Drop generating package version into maintainer scripts + + -- Christian Ehrhardt Tue, 24 Nov 2020 11:16:01 +0100 + +qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium + + * Merge with Debian testing, remaining changes: + Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854) + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - Enable nesting by default + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + [includes compat links changes of 5.0-5ubuntu4] + - allow qemu to load old modules post upgrade (LP 1847361) + - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on + upgrade + - d/rules: generate maintainer scripts matching package version on build + - d/rules: enable --enable-module-upgrades where --enable-modules is set + - d/control: regenerate debian/control out of control-in + * Dropped changes [in Debian or no more needed] + - d/control-in: disable pmem on ppc64 as it is currently considered + experimental on that architecture (pmdk v1.8-1) + - d/rules: makefile definitions can't be recursive - sys_systems for s390x + - d/rules: report config log from the correct subdir + - d/control-in: disable rbd support unavailable on riscv (LP: 1872931) + - Pick further changes for groovy from debian/master since 5.0-5 + - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch + - revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch + - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch + - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch + - megasas-use-unsigned-type-for-positive-numeric-fields.patch + - megasas-fix-possible-out-of-bounds-array-access.patch + - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch + - es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch + - a few patches from the stable series: + - fix-tulip-breakage.patch + - 9p-lock-directory-streams-with-a-CoMutex.patch + Prevent deadlocks in 9pfs readdir code + - net-do-not-include-a-newline-in-the-id-of-nic-device.patch + Fix newline accidentally sneaked into id string of a nic + - qemu-nbd-close-inherited-stderr.patch + - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch + - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch + - virtio-balloon-unref-the-iothread-when-unrealizing.patch + - acpi-tmr-allow-2-byte-reads.patch + - reapply CVE-2020-13253 fixes from upstream + - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch + - linux-user-add-netlink-RTM_SETLINK-command.patch + - d/control: since qemu-system-data now contains module(s), + it can't be multi-arch. Ditto for qemu-block-extra. + - qemu-system-foo: depend on exact version of qemu-system-data, + due to the latter having modules + - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' + This is another incarnation of the recent bugfix which actually enabled + memory access constraints, like #964247 + - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch + this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch + and acpi-tmr-allow-2-byte-reads.patch, a more complete fix + - xhci-fix-valid.max_access_size-to-access-address-registers.patch + fix one more incarnation of the breakage after the CVE-2020-13754 fix + - do not install outdated (0.12 and before) Changelog + - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch + ARM-only XGMAC NIC, possible buffer overflow during packet transmission + Closes: CVE-2020-15863 + - sm501 OOB read/write due to integer overflow in sm501_2d_operation() + - riscv-allow-64-bit-access-to-SiFive-CLINT.patch + another fix for revert-memory-accept-.. CVE-2020-13754 + - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 + - d/control-in: build-dep libcap is no more needed + - arch aware kvm wrappers + [upstream now automatically enables KVM if available and called with + kvm* name, provides KVM as before but with auto-fallback to tcg. + Former behavior of KVM-or-die can be achieved via -machine accel=kvm ] + * Dropped changes [upstream now] + - d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb + setup_len + - d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930) + - d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942) + - d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot + from vfio-ccw (LP 1887935) + - fix qemu-user-static initialization to allow executing systemd (LP 1890881) + - fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187) + - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on + SQXBR (LP 1883984) + - d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154) + - d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI + environments (LP 1887763) + - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546) + - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that + crashes it on shutdown (LP 1878973) + - update d/p/ubuntu/lp-1835546-* to the final versions + - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix + FTBFS in groovy + * Added Changes: + - update ubuntu machine types for hirsute@5.1 + - d/control: regenerated from d/control-in + - d/control, d/rules: build with gcc-9 on armhf as workaround until + resolved in gcc-10 (LP: 1890435) + + -- Christian Ehrhardt Thu, 29 Oct 2020 12:37:31 +0100 + qemu (1:5.1+dfsg-4) unstable; urgency=high * mention closing of CVE-2020-16092 by 5.1 @@ -77,7 +334,7 @@ qemu (1:5.1+dfsg-3) unstable; urgency=medium qemu (1:5.1+dfsg-2) unstable; urgency=medium - * fix brown-paper bag bug in last upload + * fix brown-paper bag bug in last upload -- Michael Tokarev Mon, 17 Aug 2020 20:58:52 +0300 @@ -300,6 +557,298 @@ qemu (1:5.0-6) unstable; urgency=medium -- Michael Tokarev Fri, 03 Jul 2020 18:24:48 +0300 +qemu (1:5.0-5ubuntu11) hirsute; urgency=medium + + * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily + machine type to match how it originally was released (LP: #1902654) + + -- Christian Ehrhardt Mon, 09 Nov 2020 08:19:07 +0100 + +qemu (1:5.0-5ubuntu10) hirsute; urgency=medium + + * No-change rebuild for brltty soname change. + + -- Matthias Klose Mon, 02 Nov 2020 16:59:33 +0100 + +qemu (1:5.0-5ubuntu9) groovy; urgency=medium + + * d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb + setup_len + CVE-2020-14364 + + -- Christian Ehrhardt Tue, 22 Sep 2020 16:53:18 +0200 + +qemu (1:5.0-5ubuntu8) groovy; urgency=medium + + * d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP: #1887930) + + -- Christian Ehrhardt Mon, 14 Sep 2020 08:23:49 +0200 + +qemu (1:5.0-5ubuntu7) groovy; urgency=medium + + * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942) + + -- Christian Ehrhardt Wed, 09 Sep 2020 08:47:12 +0200 + +qemu (1:5.0-5ubuntu6) groovy; urgency=medium + + * d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot + from vfio-ccw (LP: #1887935) + + -- Christian Ehrhardt Tue, 25 Aug 2020 11:09:12 +0200 + +qemu (1:5.0-5ubuntu5) groovy; urgency=medium + + * fix qemu-user-static initialization to allow executing systemd + (LP: #1890881) + - d/p/u/lp1890881-linux-user-completely-re-write-init_guest_space.patch + - d/p/u/lp1890881-linux-user-deal-with-address-wrap-for-ARM_COMMPAGE-o.patch + - d/p/u/lp1890881-linux-user-don-t-use-MAP_FIXED-in-pgd_find_hole_fall.patch + - d/p/u/lp1890881-linux-user-elfload-use-MAP_FIXED_NOREPLACE-in-pgb_re.patch + - d/p/u/lp1890881-linux-user-limit-check-to-HOST_LONG_BITS-TARGET_ABI_.patch + - d/p/u/lp1890881-linux-user-provide-fallback-pgd_find_hole-for-bare-c.patch + * fix assertion failue in net_tx_pkt_add_raw_fragment (LP: #1891187) + CVE-2020-16092 + - d/p/u/lp-1891187-hw-net-net_tx_pkt-fix-assertion-failure-in-net_tx.patch + + -- Christian Ehrhardt Wed, 19 Aug 2020 07:19:42 +0200 + +qemu (1:5.0-5ubuntu4) groovy; urgency=medium + + * xen: provide compat links to what libxen-dev reports where to find + the binaries (LP: #1890005) + * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on + SQXBR (LP: #1883984) + * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154) + + -- Christian Ehrhardt Mon, 03 Aug 2020 07:15:28 +0200 + +qemu (1:5.0-5ubuntu3) groovy; urgency=medium + + * d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI + environments (LP: #1887763) + * Pick further changes for groovy from debian/master since 5.0-5 + - ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch + Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger + infinite recursion via a crafted mm_index value during + ati_mm_read or ati_mm_write call. + - revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch + Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu + devices which uses min_access_size and max_access_size Memory API fields. + Also closes: CVE-2020-13791 + - exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch + CVE-2020-13659: address_space_map in exec.c can trigger + a NULL pointer dereference related to BounceBuffer + - megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch + Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c + has an OOB read via a crafted reply_queue_head field from a guest OS user + - megasas-use-unsigned-type-for-positive-numeric-fields.patch + fix other possible cases like in CVE-2020-13362 (#961887) + - megasas-fix-possible-out-of-bounds-array-access.patch + Some tracepoints use a guest-controlled value as an index into the + mfi_frame_desc[] array. Thus a malicious guest could cause a very low + impact OOB errors here + - nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch + Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server. + This flaw occurs when an nbd-client sends a spec-compliant request that is + near the boundary of maximum permitted request length. A remote nbd-client + could use this flaw to crash the qemu-nbd server resulting in a DoS. + - es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch + Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not + properly validate the frame count, which allows guest OS users to trigger + an out-of-bounds access during an es1370_write() operation + - a few patches from the stable series: + - fix-tulip-breakage.patch + The tulip network driver in a qemu-system-hppa emulation is broken in + the sense that bigger network packages aren't received any longer and + thus even running e.g. "apt update" inside the VM fails. Fix this. + - 9p-lock-directory-streams-with-a-CoMutex.patch + Prevent deadlocks in 9pfs readdir code + - net-do-not-include-a-newline-in-the-id-of-nic-device.patch + Fix newline accidentally sneaked into id string of a nic + - qemu-nbd-close-inherited-stderr.patch + - virtio-balloon-fix-free-page-hinting-check-on-unreal.patch + - virtio-balloon-fix-free-page-hinting-without-an-iothread.patch + - virtio-balloon-unref-the-iothread-when-unrealizing.patch + - acpi-tmr-allow-2-byte-reads.patch (Closes: #964247) + - reapply CVE-2020-13253 fixed from upstream: + sdcard-simplify-realize-a-bit.patch (preparation for the next patch) + sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253) + sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational) + sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch + Closes: #961297, CVE-2020-13253 + - linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch + (Closes: #965109) + - linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289) + - d/control: since qemu-system-data now contains module(s), + it can't be multi-arch. Ditto for qemu-block-extra. + - qemu-system-foo: depend on exact version of qemu-system-data, + due to the latter having modules + - acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793) + This is another incarnation of the recent bugfix which actually enabled + memory access constraints, like #964247 + - acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch + this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch + and acpi-tmr-allow-2-byte-reads.patch, a more complete fix + - xhci-fix-valid.max_access_size-to-access-address-registers.patch + fix one more incarnation of the breakage after the CVE-2020-13754 fix + - do not install outdated (0.12 and before) Changelog (Closes: #965381) + - xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch + ARM-only XGMAC NIC, possible buffer overflow during packet transmission + Closes: CVE-2020-15863 + - sm501 OOB read/write due to integer overflow in sm501_2d_operation() + List of patches: + sm501-convert-printf-abort-to-qemu_log_mask.patch + sm501-shorten-long-variable-names-in-sm501_2d_operation.patch + sm501-use-BIT-macro-to-shorten-constant.patch + sm501-clean-up-local-variables-in-sm501_2d_operation.patch + sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch + Closes: #961451, CVE-2020-12829 + - riscv-allow-64-bit-access-to-SiFive-CLINT.patch + another fix for revert-memory-accept-.. CVE-2020-13754 + - seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10 + + -- Christian Ehrhardt Tue, 28 Jul 2020 13:21:31 +0200 + +qemu (1:5.0-5ubuntu2) groovy; urgency=medium + + * No change rebuild against new libnettle8 and libhogweed6 ABI. + + -- Dimitri John Ledkov Mon, 29 Jun 2020 22:32:55 +0100 + +qemu (1:5.0-5ubuntu1) groovy; urgency=medium + + * Merge with Debian testing (LP: #1749393), remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - Enable nesting by default + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - arch aware kvm wrappers + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + [includes --disable-xen for user-static builds] + - d/control-in: disable pmem on ppc64 as it is currently considered + experimental on that architecture (pmdk v1.8-1) + - d/rules: makefile definitions can't be recursive - sys_systems for s390x + - d/rules: report config log from the correct subdir + - allow qemu to load old modules post upgrade (LP 1847361) + - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on + upgrade + - d/rules: generate maintainer scripts matching package version on build + - d/rules: enable --enable-module-upgrades where --enable-modules is set + - d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546) + - d/control-in: disable rbd support unavailable on riscv (LP: 1872931) + - debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that + crashes it on shutdown (LP 1878973) + * Dropped changes (no more needed) + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/control: avoid upgrade issues triggered by moving ivshmem tools after + Debian. Fixed by bumping the related Breaks/Replaces to the + Version Ubuntu introduced the change (LP 1862287) + * Dropped changes (in Debian) + - improved s390x support + - d/binfmt-update-in: fix binfmt being called in some containers + (LP 1840956) + - qemu-system-x86-microvm package + In addition to the generic multi-purpose qemu also provide a minimal + feature binary that is loading faster for use cases with microvm machine + type and qboot bios + - d/control-in: add a new qemu-system-x86-microvm package + - d/rules: add an extra config/build step to get the minimal qemu + - Security and packaging fixes (LP 1872937) + - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch + - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch + CVE-2020-10702 + CVE-2020-11102 + - fix external spice UI + + install ui-spice-app.so in qemu-system-common + + install ui-spice-app.so only if built, spice is optional + - switch binfmt registration to use update-binfmts --[un]import (#866756) + - qemu-system-gui: Multi-Arch=same, not foreign (#956763) + - qemu-system-data: s/highcolor/hicolor/ (#955741) + - enable riscv build (LP 1872931) + [ changes picked from Debian ] + - enable support for riscv64 hosts + - only enable librbd on architectures where it is built + - ceph: do not list librados-dev as we only use librbd-dev and the latter + depends on the former + - seccomp grew up, no need in versioned build-dep + - enable seccomp only on architectures where it can be built + * Dropped changes (upstream) + - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model + (LP 1857033) + - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527) + - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of + vhost-user-gpu + - d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: + avoid unnecessary IOTLB transactions (LP 1866207) + - d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream + patches @qemu-stable (LP 1867519) + - remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 + to avoid broken nesting (LP 1868692) + - d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR + (LP 1871830) + - d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107) + - d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms + - d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh + and clobbered doubles (LP 1872945) + - SECURITY UPDATE: DoS via integer overflow in ati_2d_blt() + - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in + ati_2d_blt() to avoid crash in hw/display/ati_2d.c. + - CVE-2020-11869 + - d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts + - async: use explicit memory barriers (LP 1805256) + - aio-wait: delegate polling of main AioContext if BQL not held + - d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not + supporting to set them (LP 1882774) + - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module + load to a versioned path + * Added Changes: + - d/control: regenerate debian/control out of control-in + - update d/p/ubuntu/lp-1835546-* to the final versions + - 11 patches dropped as they are in 5.0 + - 20 patches updated to how they will be in 5.1 + - d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix + FTBFS in groovy + - Make qemu-system-x86-microvm a transitional package as the binary is now + in qemu-system-x86 itself. + - d/control-in: build-dep libcap is no more needed + - d/rules: update arch aware kvm wrappers + - d/qemu-system-x86.README.Debian: fix typo + + -- Christian Ehrhardt Tue, 16 Jun 2020 16:50:09 +0200 + qemu (1:5.0-5) unstable; urgency=medium * more binfmt-install updates @@ -432,6 +981,188 @@ qemu (1:4.2-4) unstable; urgency=medium -- Michael Tokarev Tue, 14 Apr 2020 12:44:43 +0300 +qemu (1:4.2-3ubuntu10) groovy; urgency=medium + + * No-change rebuild against libnettle8 + + -- Steve Langasek Mon, 20 Jul 2020 16:12:37 +0000 + +qemu (1:4.2-3ubuntu9) groovy; urgency=medium + + * debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that + crashes it on shutdown (LP: #1878973) + * d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not + supporting to set them (LP: #1882774) + + -- Christian Ehrhardt Tue, 02 Jun 2020 10:42:49 +0200 + +qemu (1:4.2-3ubuntu8) groovy; urgency=medium + + * d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts + - async: use explicit memory barriers (LP: #1805256) + - aio-wait: delegate polling of main AioContext if BQL not held + + -- Rafael David Tinoco Wed, 27 May 2020 21:47:21 +0000 + +qemu (1:4.2-3ubuntu7) groovy; urgency=medium + + * SECURITY UPDATE: DoS via integer overflow in ati_2d_blt() + - debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in + ati_2d_blt() to avoid crash in hw/display/ati_2d.c. + - CVE-2020-11869 + + -- Marc Deslauriers Thu, 21 May 2020 14:43:19 -0400 + +qemu (1:4.2-3ubuntu6) focal; urgency=medium + + [ Christian Ehrhardt ] + * enable riscv build (LP: #1872931) + [ changes picked from Debian ] + - enable support for riscv64 hosts + - only enable librbd on architectures where it is built + - ceph: do not list librados-dev as we only use librbd-dev and the latter + depends on the former + - seccomp grew up, no need in versioned build-dep + - enable seccomp only on architectures where it can be built + * d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms + * d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh + and clobbered doubles (LP: #1872945) + + [ William Grant ] + * d/control-in: disable rbd support unavailable on riscv (LP: 1872931) + + -- Christian Ehrhardt Wed, 15 Apr 2020 14:27:15 +0200 + +qemu (1:4.2-3ubuntu5) focal; urgency=medium + + [ Christian Ehrhardt ] + * d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR + (LP: #1871830) + * Security and packaging fixes (LP: #1872937) + - arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch + - net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch + CVE-2020-10702 + CVE-2020-11102 + - fix external spice UI + + install ui-spice-app.so in qemu-system-common + + install ui-spice-app.so only if built, spice is optional + - switch binfmt registration to use update-binfmts --[un]import (#866756) + - qemu-system-gui: Multi-Arch=same, not foreign (#956763) + - qemu-system-data: s/highcolor/hicolor/ (#955741) + * d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP: #1872107) + + -- Christian Ehrhardt Wed, 15 Apr 2020 11:26:44 +0200 + +qemu (1:4.2-3ubuntu4) focal; urgency=medium + + * d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP: #1835546) + * remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64 + to avoid broken nesting (LP: #1868692) + + -- Christian Ehrhardt Fri, 20 Mar 2020 08:02:16 +0100 + +qemu (1:4.2-3ubuntu3) focal; urgency=medium + + * d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream + patches @qemu-stable (LP: #1867519) + + -- Christian Ehrhardt Wed, 18 Mar 2020 13:57:57 +0100 + +qemu (1:4.2-3ubuntu2) focal; urgency=medium + + * allow qemu to load old modules post upgrade (LP: #1847361) + - d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module + load to a versioned path + - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on + upgrade + - d/rules: generate maintainer scripts matching package version on build + - d/rules: enable --enable-module-upgrades where --enable-modules is set + * d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch: + avoid unnecessary IOTLB transactions (LP: #1866207) + + -- Christian Ehrhardt Mon, 02 Mar 2020 15:21:27 +0100 + +qemu (1:4.2-3ubuntu1) focal; urgency=medium + + * Merge with Debian testing, remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - Enable nesting by default + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - improved s390x support + - d/rules: build s390-ccw.img with upstream Makefile + - d/rules: build s390-netboot.img with upstream Makefile + - arch aware kvm wrappers + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/binfmt-update-in: fix binfmt being called in some containers + (LP 1840956) + - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model + (LP 1857033) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527) + - Dropped changes [ in Debian ] + - d/control: update VCS links + - d/control-in: bump debhelper build-dep for compat 12 + - d/control: disable bluetooth being deprecated + - d/not-installed: ignore new interop docs and extra icons for now + - d/not-installed: do not install elf2dmp until namespaced + - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap + [ not needed ] + - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617) + - s390x support + - Create qemu-system-s390x package + - Enable numa support for s390x + - d/control*: enable libpmem support for nvdimms (LP 1790856) + * Added changes + - d/control: regenerate debian/control out of control-in + - qemu-system-x86-microvm package + In addition to the generic multi-purpose qemu also provide a minimal + feature binary that is loading faster for use cases with microvm machine + type and qboot bios + - d/control-in: add a new qemu-system-x86-microvm package + - d/rules: add an extra config/build step to get the minimal qemu + - d/control-in: disable pmem on ppc64 as it is currently considered + experimental on that architecture (pmdk v1.8-1) + - d/rules: makefile definitions can't be recursive - sys_systems for s390x + - d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of + vhost-user-gpu + - d/rules: report config log from the correct subdir + - d/rules: --disable-xen for user-static builds + + -- Christian Ehrhardt Wed, 12 Feb 2020 15:21:56 +0100 + qemu (1:4.2-3) unstable; urgency=medium * mention closing of #909743 in previous changelog (Closes: #909743) @@ -474,6 +1205,169 @@ qemu (1:4.2-2) unstable; urgency=medium -- Michael Tokarev Fri, 31 Jan 2020 23:51:09 +0300 +qemu (1:4.2-1ubuntu2) focal; urgency=medium + + * d/control: avoid upgrade issues triggered by moving ivshmem tools after + Debian. Fixed by by bumping the related Breaks/Replaces to the + Version Ubuntu introduced the change (LP: #1862287) + + -- Christian Ehrhardt Fri, 07 Feb 2020 07:31:21 +0100 + +qemu (1:4.2-1ubuntu1) focal; urgency=medium + + * Merge with Debian testing, Among many other things this fixes LP Bugs: + LP: #1847806 - add mff* instructions to not break on ppc64 with newer glibc + LP: #1812822 - avoid crashes on detaching vhost_net interfaces + LP: #1852744 - Crypto Passthrough Interrupt Support + LP: #1853316 - CCW IPL Support + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - Enable nesting by default + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + [ No more strictly needed, but required for backward compatibility ] + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Enable numa support for s390x + - d/rules: build s390-ccw.img with upstream Makefile + - d/rules: build s390-netboot.img with upstream Makefile + - arch aware kvm wrappers + - d/control: update VCS links + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - d/control: disable bluetooth being deprecated + - d/not-installed: ignore new interop docs and extra icons for now + - d/not-installed: do not install elf2dmp until namespaced + - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap + - d/control-in: promote qemu-efi/ovmf in Ubuntu (LP 1570617) + - d/binfmt-update-in: fix binfmt being called in some containers + (LP 1840956) + - Dropped changes (in Debian) + - qemu-guest-agent: freeze-hook fixes (LP: 1484990) + - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook + - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d + - d/control-in: enable RDMA support in qemu (LP: 1692476) + - enable RDMA config option + - add libibumad-dev build-dep + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back + some SLOF bits stripped in DFSG to be able to build s390x-netboot roms + As that hack to build s390-ccw.img rom can't build s390x-netboot.img + replace it with a build-indep using the upstream makefiles. + This is less prone to miss future changes/fixes that are done to the + makefiles + - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) + - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga + - d/rules: fix qemu-kvm service for debhelper compat >=12 + - Refreshed patches for v4.0 context changes + - d/control*: remove sdlabi which was removed upstream + - d/control*: enable docs (now explicit) and provide new build-dep + python3-sphinx + - d/qemu-system-data.install: use new paths for formerly used icons + - Merge with Upstream release of qemu 4.0 + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch + - Dropped changes (Upstream) + - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration (LP 1830243) + - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP 1830238) + - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch: + fix i386 build error + - d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac: + fix naming of the new vector facitlity (LP 1836066) + - d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues + for missing SIOCGSTAMP definition; final fix is still in discussion + upstream (LP: 1836159) + - d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer + s390x machines (LP 1836154) + - d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags + (LP 1841066) + - d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch: + update the z15 model name (LP 1842774) + - d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch: + fix a potential hang when qemu or qemu-img where accessing http backed + disks via libcurl (LP 1848556) + - d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-*: + fix migration issue from qemu <4.0 when using virtio-balloon (LP 1848497) + - d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch + toleration for future machines (LP 1830704) + - SECURITY UPDATE: Add support for exposing md-clear functionality + to guests + - d/p/ubuntu/enable-md-clear.patch + - d/p/ubuntu/enable-md-no.patch + - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + - SECURITY UPDATE: heap overflow when loading device tree blob + - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to + copy the device tree blob into is. + - CVE-2018-20815 + - SECURITY UPDATE: device driver denial of service via NULL pointer + dereference + - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read' + routine + - CVE-2019-5008 + - SECURITY UPDATE: information leak in SLiRP + - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when + emulating ident. + - CVE-2019-9824 + - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for- + unimplement.patch: properly return architecture defined exception + on bad subcodes of diag 308 (LP 1812384) + * Dropped changes (no more needed) + - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for + mv_conffile since the new path is a directory in the old package + version which can not be handled by mv_conffile. + [ only needed between disco and eoan ] + - disable pvrdma + [ CVEs all fixed now ] + - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: + avoid misdetection of simplified nesting blocking all migrations + [ qemu now detects and handles nesting - needs kernel >=4.20 ] + - Enable nesting by default + - d/qemu-system-x86.modprobe: set nested=1 module option on intel. + (is default on amd) + - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded + without nested=1 + [ nesting is default in kernel modules and default selected cpu types ] + * Added changes + - d/control: regenerate debian/control out of control-in + - updated ubuntu machine types to match qemu 4.2 in Ubuntu 20.04 Focal + - added ubuntu focal types for qemu 4.2 + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type + - d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model + (LP: #1857033) + - d/qemu-system-x86.README.Debian: add info about updated nesting changes + - d/control*, d/rules: disable xen by default, but provide universe + package qemu-system-x86-xen as alternative + - fix typos in changelog and d/qemu-system-x86.NEWS + - d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP: #1859527) + - d/control*: enable libpmem support for nvdimms (LP: #1790856) + + -- Christian Ehrhardt Wed, 08 Jan 2020 15:27:42 +0100 + qemu (1:4.2-1) unstable; urgency=medium * new upstream release (4.2.0) @@ -550,6 +1444,205 @@ qemu (1:4.1-1) unstable; urgency=medium -- Michael Tokarev Tue, 27 Aug 2019 12:43:43 +0300 +qemu (1:4.0+dfsg-0ubuntu10) focal; urgency=medium + + * d/p/ubuntu/lp-1848556-curl-Handle-success-in-multi_check_completion.patch: + fix a potential hang when qemu or qemu-img where accessing http backed + disks via libcurl (LP: #1848556) + * d/p/u/lp-1848497-virtio-balloon-fix-QEMU-4.0-config-size-migration-in.patch: + fix migration issue from qemu <4.0 when using virtio-balloon (LP: #1848497) + + -- Christian Ehrhardt Mon, 21 Oct 2019 14:51:45 +0200 + +qemu (1:4.0+dfsg-0ubuntu9) eoan; urgency=medium + + * d/p/lp-1842774-s390x-cpumodel-Add-the-z15-name-to-the-description-o.patch: + update the z15 model name (LP: #1842774) + + -- Christian Ehrhardt Tue, 24 Sep 2019 11:42:58 +0200 + +qemu (1:4.0+dfsg-0ubuntu8) eoan; urgency=medium + + * d/binfmt-update-in: fix binfmt being called in some containers + (LP: #1840956) + + -- Christian Ehrhardt Mon, 09 Sep 2019 11:03:13 +0200 + +qemu (1:4.0+dfsg-0ubuntu7) eoan; urgency=medium + + * No-change upload with strops.h and sys/strops.h removed in glibc. + + -- Matthias Klose Thu, 05 Sep 2019 11:07:25 +0000 + +qemu (1:4.0+dfsg-0ubuntu6) eoan; urgency=medium + + * d/p/ubuntu/lp-1841066-*: fix detection of arch_capability flags + (LP: #1841066) + + -- Christian Ehrhardt Mon, 26 Aug 2019 12:08:04 +0200 + +qemu (1:4.0+dfsg-0ubuntu5) eoan; urgency=medium + + * d/p/ubuntu/lp-1836154-*: further fixups for HW CPU model for newer + s390x machines (LP: #1836154) + + -- Christian Ehrhardt Wed, 17 Jul 2019 13:20:42 +0200 + +qemu (1:4.0+dfsg-0ubuntu4) eoan; urgency=medium + + * d/control-in: promote qemu-efi/ovmf in Ubuntu (LP: #1570617) + - pick Debian change for (#889885) + move ovmf to recommends on debian and update aarch ovmf refs + - stop Ubuntu to drop ovmf/qemu-efi to a suggest + + -- Christian Ehrhardt Fri, 12 Jul 2019 12:48:24 +0200 + +qemu (1:4.0+dfsg-0ubuntu3) eoan; urgency=medium + + * d/p/ubuntu/lp-1836159-fix-with-latest-kernel.patch: fix build issues + for missing SIOCGSTAMP definition; final fix is still in discussion + upstream (LP: 1836159) + + -- Christian Ehrhardt Thu, 11 Jul 2019 10:10:00 +0200 + +qemu (1:4.0+dfsg-0ubuntu2) eoan; urgency=medium + + * d/p/ubuntu/lp-1836066-s390-cpumodel-fix-description-for-the-new-vector-fac: + fix naming of the new vector facitlity (LP: #1836066) + * d/control-in: update VCS links in control template as well + + -- Christian Ehrhardt Thu, 11 Jul 2019 08:18:44 +0200 + +qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium + + * Merge with Upstream release of qemu 4.0. + Among many other things this fixes LP Bugs: + LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA) + LP: #1828038 - Update s390x CPU Model for more HW support + LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el + Remaining Changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-system-common.qemu-kvm.service: systemd unit to call + qemu-kvm-init + - d/qemu-system-common.install: install helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm + - Enable nesting by default + - d/qemu-system-x86.modprobe: set nested=1 module option on intel. + (is default on amd) + - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded + without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - d/qemu-system-x86.README.Debian: document intention of nested being + default is comfort, not full support + - Distribution specific machine type (LP: 1304107 1621042) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - provide pseries-bionic-2.11-sxxm type as convenience with all + meltdown/spectre workarounds enabled by default. (LP: 1761372). + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Enable numa support for s390x + - arch aware kvm wrappers + - d/control: update VCS links + - qemu-guest-agent: freeze-hook fixes (LP: 1484990) + - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook + - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d + - d/control-in: enable RDMA support in qemu (LP: 1692476) + - enable RDMA config option + - add libibumad-dev build-dep + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + - Move s390x roms to a new qemu-system-data-s390x + - d/qemu-system-data.install: install s390x roms as architecture:all in + qemu-system-data + - d/rules: build s390-ccw.img with upstream Makefile + - d/rules: build s390-netboot.img with upstream Makefile + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back + some SLOF bits stripped in DFSG to be able to build s390x-netboot roms + As that hack to build s390-ccw.img rom can't build s390x-netboot.img + replace it with a build-indep using the upstream makefiles. + This is less prone to miss future changes/fixes that are done to the + makefiles + - d/control-in: add breaks/replaces for moving s390x roms from + qemu-system-s390x to qemu-system-data + - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) + [From not yet uploaded Debian branch] + - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga + - d/rules: fix qemu-kvm service for debhelper compat >=12 + - disable pvrdma - besides several security holes there are many other + bugs there as well + * Dropped patches that are upstream in v4.0 + - d/p/do-not-link-everything-with-xen.patch + - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch + - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch + - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch + - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778 + - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch + - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor + (LP: 1759509) + - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri + - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and + - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement + - d/p/ubuntu/CVE-2018-20815.patch + - d/p/ubuntu/CVE-2019-5008.patch + - d/p/ubuntu/CVE-2019-9824.patch + - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: + avoid misdetection of simplified nesting blocking all migrations + * Dropped further patches + d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665 + [upstream deprecated the whole subsystem instead of applying the fix] + * Added Changes + - updated ubuntu machine types for v4.0 + - added eoan types + - fixed s390x issue of upstream types having a "v" prefix + - add back dropped machine types to avoid more issues like LP: 1802944 + - fix kvm split irqchip default in ubuntu q35 machine type + - drop no more needed spapr_machine_2_11_sxxm_instance_options and + adapt updated CamelCase + - -hpb types now need to use GlobalProperties + - pc_compat_2_0 got a _fn suffix and slight changes + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to + SLOF of qemu 4.0 + - Refreshed patches still needed for v4.0 context changes + - d/p/use-fixed-data-path.patch + - d/p/ubuntu/enable-svm-by-default.patch + - d/p/ubuntu/enable-md-clear.patch + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch + - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration + (LP: #1830243) + - d/control: disable bluetooth being deprecated + - d/control*: remove sdlabi which was removed upstream + - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238) + - d/control*: enable docs (now explicit) and provide new build-dep + python3-sphinx + - d/not-installed: ignore new interop docs and extra icons for now + - d/not-installed: do not install elf2dmp until namespaced + - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap + - d/qemu-system-data.install: use new paths for formerly used icons + - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch: + fix i386 build error + + -- Christian Ehrhardt Mon, 24 Jun 2019 16:33:19 +0200 + qemu (1:3.1+dfsg-8) unstable; urgency=high * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch @@ -652,6 +1745,232 @@ qemu (1:3.1+dfsg-3) unstable; urgency=medium -- Michael Tokarev Wed, 06 Feb 2019 12:23:01 +0300 +qemu (1:3.1+dfsg-2ubuntu5) eoan; urgency=medium + + * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being + broken since 2.11 due to 2.3/2.4 version mismatch in its definition to + fix migrations from old machines (LP: #1829868). + * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch + toleration for future machines (LP: #1830704 + + -- Christian Ehrhardt Tue, 28 May 2019 11:30:42 +0200 + +qemu (1:3.1+dfsg-2ubuntu4) eoan; urgency=medium + + * SECURITY UPDATE: Add support for exposing md-clear functionality + to guests + - d/p/ubuntu/enable-md-clear.patch + - d/p/ubuntu/enable-md-no.patch + - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + * SECURITY UPDATE: heap overflow when loading device tree blob + - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to + copy the device tree blob into is. + - CVE-2018-20815 + * SECURITY UPDATE: device driver denial of service via NULL pointer + dereference + - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read' + routine + - CVE-2019-5008 + * SECURITY UPDATE: information leak in SLiRP + - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when + emulating ident. + - CVE-2019-9824 + + -- Steve Beattie Wed, 08 May 2019 09:27:53 -0700 + +qemu (1:3.1+dfsg-2ubuntu3) disco; urgency=medium + + * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291) + - d/qemu-guest-agent.install: use correct path for fsfreeze-hook + - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for + mv_conffile since the new path is a directory in the old package + version which can not be handled by mv_conffile. + * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes + OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure. + Closes: #922635 (Thanks to Gerd Hoffmann and Michael Tokarev) + CVE-2019-3812 + + -- Christian Ehrhardt Mon, 18 Mar 2019 09:20:07 +0100 + +qemu (1:3.1+dfsg-2ubuntu2) disco; urgency=medium + + * disable pvrdma - besides several security holes there are many other + bugs there as well, and the amount of patches applied upstream after + 3.1 release is large (Closes, or actuallymakes unimportant again) + - CVE-2018-20123 + - CVE-2018-20124 + - CVE-2018-20125 + - CVE-2018-20126 + - CVE-2018-20191 + - CVE-2018-20216 + * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch + - CVE-2019-6501 + * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch + - CVE-2019-6778 + + -- Christian Ehrhardt Tue, 19 Feb 2019 06:43:04 +0100 + +qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium + + * Merge with Debian testing, Among many other things this fixes LP Bugs: + LP: #1806104 - fix misleading page size error on ppc64el + LP: #1782205 - SnowRidge enabled new ISAs + LP: #1786956 - upgrade to qemu >= 3.0 + LP: #1809083 - Backward migration to Xenial on ppc64el + LP: #1803315 - s390x Huge page enablement + LP: #1657409 - enable virglrenderer + Remaining Changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - d/qemu-system-x86.modprobe: set nested=1 module option on intel. + (is default on amd) + - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded + without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - d/qemu-system-x86.README.Debian: document intention of nested being + default is comfort, not full support + - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372) + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as + convenience with all meltdown/spectre workarounds enabled by default. + (LP: 1761372). + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Enable numa support for s390x + - arch aware kvm wrappers + - d/control: update VCS links (updated to match latest Ubuntu) + - qemu-guest-agent: freeze-hook fixes (LP: 1484990) + - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook + - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d + - d/control-in: enable RDMA support in qemu (LP: 1692476) + - enable RDMA config option + - add libibumad-dev build-dep + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: Disable capstone disassembler library support (universe) + * Added Changes: + - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes + for qemu 3.1 in the Ubuntu Disco release + - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509) + - Move s390x roms to a new qemu-system-data-s390x + - d/qemu-system-data.install: install s390x roms as architecture:all in + qemu-system-data + - d/rules: build s390-ccw.img with upstream Makefile + - d/rules: build s390x-netboot.img with upstream Makefile + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back + some SLOF bits stripped in DFSG to be able to build s390x-netboot roms + As that hack to build s390-ccw.img rom can't build s390x-netboot.img + replace it with a build-indep using the upstream makefiles. + This is less prone to miss future changes/fixes that are done to the + makefiles + - d/control-in: add breaks/replaces for moving s390x roms from + qemu-system-s390x to qemu-system-data + - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) + [From not yet uploaded Debian branch] + - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga + (Closes: #918378) + - d/rules: fix qemu-kvm service for debhelper compat >=12 + - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: + avoid misdetection of simplified nesting blocking all migrations + - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for- + unimplement.patch: properly return archicture defined exception + on bad subcodes of diag 308 (LP: #1812384) + * Dropped Changes: + - Include s390-ccw.img firmware (old style native build) + - d/rules enable install s390x-netboot.img (old style native build) + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + [ Droppable since logind properly sets ACLs now ] + - qemu-system-common.preinst: add kvm group if needed + [ Droppable because systemd/udev take care of it since 239-6] + - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent + freeze-hook fixes (LP: 1484990) + [upstream] + - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches + merged upstream + [upstream] + - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size + computation while concatenating mbuf. + CVE-2018-11806 + [upstream] + - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB + for powerpc64 to speed up translation (LP: 1781526) + [upstream] + - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add + cpu model for z14 ZR1 (LP: 1780773). + [upstream] + - Mark qemu-system-data foreign to be able to install it e.g. on i386 + (Closes: 903562) + [in Debian] + - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet + unreleased Debian version) + [in Debian] + - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered + by migrations with UI frontends or frequent guest resolution changes + (LP #1755912) + [upstream] + - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to + extend eieio for POWER9 emulation (LP: 1787408). + [upstream] + - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch: + ensure that the seccomp blacklist is applied to all threads (LP: 1789551) + [upstream] + - improve s390x spectre mitigation with etoken facility (LP: 1790457) + [upstream] + - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901) + [upstream] + - d/control-in: our addition of a qemu-system-s390x package needs to follow + the split of qemu-system-data by adding a dependency to it (LP: 1798084) + [in Debian] + - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto + Adapters on s390x (LP: 1787405) + [upstream] + - enable opengl for vfio-MDEV support (LP: 1804766) + [in Debian] + - SECURITY UPDATE: integer overflow in NE2000 NIC emulation + [upstream] + - SECURITY UPDATE: integer overflow via crafted QMP command + [upstream] + - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller + [upstream] + - SECURITY UPDATE: buffer overflow in rtl8139 + [upstream] + - SECURITY UPDATE: buffer overflow in pcnet + [upstream] + - SECURITY UPDATE: DoS via large packet sizes + [upstream] + - SECURITY UPDATE: DoS in lsi53c895a + [upstream] + - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64 + [upstream] + - SECURITY UPDATE: race condition in 9p + [upstream] + + -- Christian Ehrhardt Tue, 08 Jan 2019 09:41:08 +0100 + qemu (1:3.1+dfsg-2) unstable; urgency=medium * d/rules: split arch and indep builds @@ -731,6 +2050,249 @@ qemu (1:3.1+dfsg-1) unstable; urgency=medium -- Michael Tokarev Sun, 02 Dec 2018 19:10:27 +0300 +qemu (1:2.12+dfsg-3ubuntu9) disco; urgency=medium + + [ Marc Deslauriers ] + * SECURITY UPDATE: integer overflow in NE2000 NIC emulation + - debian/patches/CVE-2018-10839.patch: use proper type in + hw/net/ne2000.c. + - CVE-2018-10839 + * SECURITY UPDATE: integer overflow via crafted QMP command + - debian/patches/CVE-2018-12617.patch: check bytes count read by + guest-file-read in qga/commands-posix.c. + - CVE-2018-12617 + * SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller + - debian/patches/CVE-2018-16847.patch: check size in hw/block/nvme.c. + - CVE-2018-16847 + * SECURITY UPDATE: buffer overflow in rtl8139 + - debian/patches/CVE-2018-17958.patch: use proper type in + hw/net/rtl8139.c. + - CVE-2018-17958 + * SECURITY UPDATE: buffer overflow in pcnet + - debian/patches/CVE-2018-17962.patch: use proper type in + hw/net/pcnet.c. + - CVE-2018-17962 + * SECURITY UPDATE: DoS via large packet sizes + - debian/patches/CVE-2018-17963.patch: check size in net/net.c. + - CVE-2018-17963 + * SECURITY UPDATE: DoS in lsi53c895a + - debian/patches/CVE-2018-18849.patch: check message length value is + valid in hw/scsi/lsi53c895a.c. + - CVE-2018-18849 + * SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64 + - debian/patches/CVE-2018-18954.patch: check size before data buffer + access in hw/ppc/pnv_lpc.c. + - CVE-2018-18954 + * SECURITY UPDATE: race condition in 9p + - debian/patches/CVE-2018-19364-1.patch: use write lock in + hw/9pfs/cofile.c. + - debian/patches/CVE-2018-19364-2.patch: use write lock in + hw/9pfs/9p.c. + - CVE-2018-19364 + + [ Christian Ehrhardt] + * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto + Adapters on s390x (LP: #1787405) + * enable opengl for vfio-MDEV support (LP: #1804766) + - d/control-in: set --enable-opengl + - d/control-in: add gl related build-dependencies + + -- Christian Ehrhardt Wed, 21 Nov 2018 13:17:01 -0500 + +qemu (1:2.12+dfsg-3ubuntu8) cosmic; urgency=medium + + * d/control-in: our addition of a qemu-system-s390x package needs to follow + the split of qemu-system-data by adding a dependency to it (LP: #1798084) + + -- Christian Ehrhardt Wed, 17 Oct 2018 10:50:27 +0200 + +qemu (1:2.12+dfsg-3ubuntu7) cosmic; urgency=medium + + * Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: #1790901) + The SLOF source pieces in src:qemu are only used for s390x netboot, + which are independent ROMs (no linking). All other binaries out of this + are part of src:slof and independent. + - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot-2.12-to-3.0.patch + - d/p/ubuntu/lp-1790901-0*: backport s390x pxelinux netboot capabilities + and related fixes + + -- Christian Ehrhardt Tue, 25 Sep 2018 13:31:15 +0200 + +qemu (1:2.12+dfsg-3ubuntu6) cosmic; urgency=medium + + * improve s390x spectre mitigation with etoken facility (LP: #1790457) + - debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch + - debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch + + -- Christian Ehrhardt Wed, 12 Sep 2018 10:06:48 +0200 + +qemu (1:2.12+dfsg-3ubuntu5) cosmic; urgency=medium + + * d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch: + ensure that the seccomp blacklist is applied to all threads (LP: #1789551) + - CVE-2018-15746 + + -- Christian Ehrhardt Wed, 29 Aug 2018 08:50:36 +0200 + +qemu (1:2.12+dfsg-3ubuntu4) cosmic; urgency=medium + + [ Murilo Opsfelder Araujo ] + * d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to + extend eieio for POWER9 emulation (LP: #1787408). + + -- Christian Ehrhardt Mon, 20 Aug 2018 11:52:39 +0200 + +qemu (1:2.12+dfsg-3ubuntu3) cosmic; urgency=medium + + * d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered + by migrations with UI frontends or frequent guest resolution changes + (LP: #1755912) + + -- Christian Ehrhardt Thu, 19 Jul 2018 08:26:52 +0200 + +qemu (1:2.12+dfsg-3ubuntu2) cosmic; urgency=medium + + * Disable capstone disassembler library support (universe dependency) + + -- Christian Ehrhardt Tue, 17 Jul 2018 08:35:32 +0200 + +qemu (1:2.12+dfsg-3ubuntu1) cosmic; urgency=medium + + * Merge with Debian testing, Remaining Changes: + - Among other things this fixes (LP: #1780768, LP: #1780769, LP: #1780772) + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - set nested=1 module option on intel. (is default on amd) + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - d/qemu-system-x86.README.Debian: document intention of nested being + default is comfort, not full support + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + - qemu-system-common.preinst: add kvm group if needed + - Distribution specific machine type + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + - d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type + for host-phys-bits=true (LP: 1776189) + - add an info about -hpb machine type in debian/qemu-system-x86.NEWS + - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as + convenience with all meltdown/spectre workarounds enabled by default. + (LP: 1761372). + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - Enable numa support for s390x + - arch aware kvm wrappers + - update VCS-git (updated to match cosmic) + - qemu-guest-agent: freeze-hook fixes (LP: 1484990) + - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch + - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook + - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d + - Create and install pxe netboot images for KVM s390x (LP: 1732094) + - d/rules enable install s390x-netboot.img + - d/control-in: enable RDMA support in qemu (LP: 1692476) + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - SECURITY UPDATE: Speculative Store Bypass + - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd' + CPUID feature bit in target/i386/cpu.*. + - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD + 'virt-ssbd' CPUID feature bit in target/i386/cpu.c. + - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD + MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c, + target/i386/machine.c. + - CVE-2018-3639 + * Added Changes: + - update machine type changes for qemu 2.12 and the Ubuntu Cosmic release + - add cosmic types for base and -hpb + - drop no more supported types (zesty and yakkety) + - d/p/series: group machine type changes + - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches + merged upstream + - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size + computation while concatenating mbuf. + CVE-2018-11806 + - d/qemu-kvm-init, d/qemu-system-common.qemu-kvm.default: drop the + deprecated handling of VHOST_NET_ENABLED and KVM_HUGEPAGES. + - d/qemu-kvm-init: do not exit early on non x86/ppc64el (LP: #1763275) + - d/qemu-kvm-init, d/kvm.powerpc: clean up typos and shellcheck warnings + - d/qemu-kvm-init, d/kvm.powerpc: fix SMT detection and make it only apply + to POWER8 + - d/qemu-kvm-init: drop old VM detection that was broken in some cases and + is no more needed with systemd-detect-virt being more mature and always + present. + - d/kvm.powerpc: drop old powerpc (non-ppc64el) code. + - d/control-in: add libibumad-dev which is now needed for rdma + - d/rules: update s390x delta to match new Debian packaging + - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB + for powerpc64 to speed up translation (LP: #1781526) + - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add + cpu model for z14 ZR1 (LP: #1780773). + - Mark qemu-system-data foreign to be able to install it e.g. on i386 + (Closes: 903562) + - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet + unreleased Debian version) + * Dropped Changes: + - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch + (No more removed when building DFSG orig tarball in Debian) + - sdl2 is yet too unstable for the LTS Ubuntu release given the reports + we still see upstream and in Debian - furthermore sdl2 isn't in main yet, + so we revert related changes to stick with the proven for now: + - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already + depends on it) + - 9594f820 - switch from sdl1.2 to sdl2 (#870025) + (Debian switched to gtk which seems to work better and has all + dependencies in main.) + - d/control-in: enable seccomp on s390x (in Debian for Linux-any) + - Changes that are now upstream with qemu 2.12 + - d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with + newer versions of glibc >=2.27 (LP: 1753826) + - d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release + - d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new + SSE/AVX/AVX512 cpu features (LP: 1739665) + - d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm + space+commpage continuous which avoids long startup times on + qemu-user-static (LP: 1740219) + - provide pseries-2.12-sxxm type (LP: 1761372) + - d/p/ubuntu/lp-1704312-1-* provide means to manually handle + filesystem-dax with pmem by backporting align and unarmed options + (LP: 1704312). + - d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname + option to slirp's DHCP server (LP: 1762315) + - d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying + Protection information (LP: 1762854). + - d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 + migration (LP: 1763468). + - SECURITY UPDATE: out-of-bounds access during migration via ps2 + CVE-2017-16845 + - SECURITY UPDATE: arbitrary code execution via load_multiboot + CVE-2018-7550 + - SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA + CVE-2018-7858 + + -- Christian Ehrhardt Thu, 21 Jun 2018 14:24:06 +0200 + qemu (1:2.12+dfsg-3) unstable; urgency=medium * make qemu-system-foo depending @@ -819,6 +2381,239 @@ qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium -- Michael Tokarev Thu, 12 Apr 2018 19:04:03 +0300 +qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium + + * d/p/ubuntu/machine-type-hpb.patch: add -hpb machine type + for host-phys-bits=true (LP: #1776189) + - add an info about this change in debian/qemu-system-x86.NEWS + + -- Christian Ehrhardt Tue, 12 Jun 2018 09:01:00 +0200 + +qemu (1:2.11+dfsg-1ubuntu10) cosmic; urgency=medium + + * SECURITY UPDATE: Speculative Store Bypass + - debian/patches/ubuntu/CVE-2018-3639/0001*.patch: define the 'ssbd' + CPUID feature bit in target/i386/cpu.*. + - debian/patches/ubuntu/CVE-2018-3639/0002*.patch: define the AMD + 'virt-ssbd' CPUID feature bit in target/i386/cpu.c. + - debian/patches/ubuntu/CVE-2018-3639/0003*.patch: define the Virt SSBD + MSR and handling of it in target/i386/cpu.h, target/i386/kvm.c, + target/i386/machine.c. + - CVE-2018-3639 + + -- Marc Deslauriers Tue, 22 May 2018 09:34:52 -0400 + +qemu (1:2.11+dfsg-1ubuntu9) cosmic; urgency=medium + + * SECURITY UPDATE: out-of-bounds access during migration via ps2 + - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers + in post_load routine in hw/input/ps2.c. + - CVE-2017-16845 + * SECURITY UPDATE: arbitrary code execution via load_multiboot + - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being + zero in hw/i386/multiboot.c. + - CVE-2018-7550 + * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA + - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in + hw/display/vga.c. + - CVE-2018-7858 + + -- Marc Deslauriers Wed, 16 May 2018 14:14:20 -0400 + +qemu (1:2.11+dfsg-1ubuntu8) cosmic; urgency=medium + + * No-change rebuild for ncurses soname changes. + + -- Matthias Klose Thu, 03 May 2018 14:18:39 +0000 + +qemu (1:2.11+dfsg-1ubuntu7) bionic; urgency=medium + + * d/p/ubuntu/lp-1762854-*: fix issue with SCSI-2 devices denying Protection + information (LP: #1762854). + * d/p/ubuntu/lp-1763468-*: fix VSMT handling to fix ppc64el P8/P9 migration + (LP: #1763468). + + -- Christian Ehrhardt Wed, 11 Apr 2018 07:46:18 +0200 + +qemu (1:2.11+dfsg-1ubuntu6) bionic; urgency=medium + + * Remove LP: 1752026 changes to d/p/ubuntu/define-ubuntu-machine-types.patch. + The Kernel fixes are preferred and already committed to the kernel. + Therefore remove the default disabling of the HTM feature (LP: #1761175) + * d/p/ubuntu/lp1739665-SSE-AVX-AVX512-cpu-features.patch: Enable new + SSE/AVX/AVX512 cpu features (LP: #1739665) + * d/p/ubuntu/lp1740219-continuous-space-commpage.patch: make Arm + space+commpage continuous which avoids long startup times on + qemu-user-static (LP: #1740219) + * d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as + convenience with all meltdown/spectre workarounds enabled by default. + This is not the default type following upstream and x86 on that. + (LP: #1761372). + * d/p/ubuntu/lp-1704312-1-* provide means to manually handle filesystem-dax + with pmem by backporting align and unarmed options (LP: #1704312). + * d/p/ubuntu/lp-1762315-slirp-Add-domainname.patch: slirp: Add domainname + option to slirp's DHCP server (LP: #1762315) + + -- Christian Ehrhardt Wed, 04 Apr 2018 15:16:07 +0200 + +qemu (1:2.11+dfsg-1ubuntu5) bionic; urgency=medium + + * Revert the slirp changes of 1:2.11+dfsg-1ubuntu3 until they are upstream + accepted to be better long term maintainable (LP: #1753938) + + -- Christian Ehrhardt Thu, 22 Mar 2018 10:31:23 +0100 + +qemu (1:2.11+dfsg-1ubuntu4) bionic; urgency=medium + + * d/p/ubuntu/define-ubuntu-machine-types.patch: Disable HTM feature for + ppc64el in spapr to let the defaults not fail on Power9 HW (LP: #1752026). + * d/p/ubuntu/lp1753826-memfd-fix-configure-test.patch: fix FTBFS with newer + versions of glibc >=2.27 (LP: #1753826) + + -- Christian Ehrhardt Mon, 05 Mar 2018 16:43:01 +0100 + +qemu (1:2.11+dfsg-1ubuntu3) bionic; urgency=medium + + * d/p/ubuntu/0001-slirp-Add-domainname-option-to-slirp-s-DHCP-server.patch, + d/p/ubuntu/0002-slirp-Add-classless-static-routes-support-to-DHCP-se.patch: + Add domainname option and classless static routes support to the user + networking's DHCP server + + -- Benjamin Drung Fri, 02 Mar 2018 21:08:54 +0100 + +qemu (1:2.11+dfsg-1ubuntu2) bionic; urgency=medium + + * d/p/ubuntu/qemu-stable-2.11.1.patch: add stable release + - among other fixes this adds code to: + - mitigate the Spectre/Meltdown attacks (LP: #1744882) (CVE-2017-5715) + However, enabling this functionality requires additional configuration + beyond just updating QEMU. Also migrations need special consideration. + Details about that can be found at: + https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ + - Power9 allocation of max 8 threads per core (LP: #1750526) + * Drop changes that are part of the upstream stable release + - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch + - d/p/ubuntu/linux-headers-update-4.15-rc9.patch + - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch + - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch + * d/p/ubuntu/define-ubuntu-machine-types.patch: refresh to match stable update + * d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: unify to only change the + common compat.h header and add some extra info in the patch header. + + -- Christian Ehrhardt Mon, 19 Feb 2018 11:03:11 +0100 + +qemu (1:2.11+dfsg-1ubuntu1) bionic; urgency=medium + + * Merge with Debian testing, among other fixes this includes + - fix fatal error on negative maxcpus (LP: #1722495) + - fix segfault on dump-guest-memory on guests without memory (LP: #1723381) + - linux user threading issues (LP: #1350435) + - TOD-Clock Epoch Extension Support on s390x (LP: #1732691) + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - set nested=1 module option on intel. (is default on amd) + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + - qemu-system-common.preinst: add kvm group if needed + - Distribution specific machine type + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - Enable numa support for s390x + - ppc64[le] support + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - arch aware kvm wrappers + * Added Changes + - update VCS-git to match the bionic branch + - sdl2 is yet too unstable for the LTS Ubuntu release given the reports + we still see upstream and in Debian - furthermore sdl2 isn't in main yet, + so we revert related changes to stick with the proven for now: + - 0fd25810 - do not build-depend on libx11-dev (libsdl2-dev already + depends on it) + - 9594f820 - switch from sdl1.2 to sdl2 (#870025) + - d/qemu-system-x86.README.Debian: document intention of nested being + default is comfort, not full support + - update Ubuntu machine types for qemu 2.11 + - qemu-guest-agent: freeze-hook fixes (LP: #1484990) + - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch + - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook + - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d + - Create and install pxe netboot images for KVM s390x (LP: #1732094) + - d/rules enable install s390x-netboot.img + - debian/patches/ubuntu/partial-SLOF-for-s390x-netboot-compilation.patch + - d/control-in: enable RDMA support in qemu (LP: #1692476) + - on s390x provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1743560) + - d/p/ubuntu/linux-headers-update-to-4.15-rc1.patch + - d/p/ubuntu/linux-headers-update-4.15-rc9.patch + - d/p/ubuntu/lp1743560-s390x-kvm-Handle-bpb-feature.patch + - d/p/ubuntu/lp1743560-s390x-kvm-provide-stfle.81.patch + - tolerate ipxe size change on migrations to >=18.04 (LP: #1713490) + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types + reference 256k path + - d/control: depend on ipxe-qemu-256k-compat-efi-roms to be able to + handle incoming migrations from former releases. + - d/control-in: enable seccomp on s390x + * Dropped changes (no more needed): + - Dropped VHOST_NET_ENABLED and KVM_HUGEPAGES from /etc/default/qemu-kvm + The functionality is retained for upgraders, but is deprecated. + Post 18.04 the implementation for these configurations will be removed. + * Dropped changes (in Debian now): + - ppc64[le] support + - Enable seccomp for ppc64el + - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 + - disable missing x32 architecture + - d/rules: or32 is now named or1k (since 4a09d0bb) + - d/qemu-system-common.docs: new paths since (ac06724a) + - d/qemu-system-common.install: qmp-commands.txt removed, but replaced + by qapi-schema.json which is already packaged (since 4d8bb958) + - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update + to Debian patch to match qemu 2.10) + - d/qemu-system-common.docs: adapt new path of live-block-operations.rst + since 8508eee7 + - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 + - make nios2/hppa not installed explicitly until further stablized + - d/qemu-guest-agent.install: add the new guest agent reference man page + qemu-ga-ref + - d/qemu-system-common.install: add the now generated qapi/qmp reference + along the qapi intro + - d/not-installed: ignore further generated (since 56e8bdd4) files in + dh_missing that are already provided in other formats qemu-doc, + qemu-qmp-ref,qemu-ga-ref + * Dropped changes (integrated upstream): + - d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes + on arm64 when doing suspend/resume and reboots due to older kernels not + supporting ITS (LP 1731051). + - Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from + James Cowgill to prevent qemu-user from forwarding prctl seccomp + calls (LP 1726394) + - update to upstream 2.10.1 point release (LP 1722808) + + + + -- Christian Ehrhardt Mon, 22 Jan 2018 14:35:18 +0100 + qemu (1:2.11+dfsg-1) unstable; urgency=medium [ Michael Tokarev ] @@ -933,6 +2728,238 @@ qemu (1:2.10.0-1) unstable; urgency=medium -- Michael Tokarev Sat, 23 Sep 2017 16:47:02 +0300 +qemu (1:2.10+dfsg-0ubuntu5) bionic; urgency=medium + + * d/p/detect-ITS-and-skip-usage-on-older-kernel.patch to avoid crashes + on arm64 when doing suspend/resume and reboots due to older kernels not + supporting ITS (LP: #1731051). + + -- Christian Ehrhardt Tue, 14 Nov 2017 08:30:29 +0100 + +qemu (1:2.10+dfsg-0ubuntu4) bionic; urgency=medium + + * Apply linux-user-return-EINVAL-from-prctl-PR_-_SECCOMP.patch from + James Cowgill to prevent qemu-user from forwarding prctl seccomp + calls (LP: #1726394) + + -- Julian Andres Klode Sat, 04 Nov 2017 00:21:14 +0100 + +qemu (1:2.10+dfsg-0ubuntu3) artful; urgency=medium + + * fix enablement of qemu-kvm service (LP: #1720397) + - rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service + - d/rules: add proper enablement debhelper calls + - d/qemu-system-common.install: install covered by dh_installinit + + -- Christian Ehrhardt Mon, 16 Oct 2017 11:28:39 +0200 + +qemu (1:2.10+dfsg-0ubuntu2) artful; urgency=medium + + * update to upstream 2.10.1 point release (LP: #1722808) + + -- Christian Ehrhardt Wed, 11 Oct 2017 15:33:40 +0200 + +qemu (1:2.10+dfsg-0ubuntu1) artful; urgency=medium + + * Merge with Upstream 2.10.0 to pick up final fixes of the 2.10 release + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - set nested=1 module option on intel. (is default on amd) + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + - qemu-system-common.preinst: add kvm group if needed + - Distribution specific machine type + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - Enable numa support for s390x + - ppc64[le] support + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - Enable seccomp for ppc64el + - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 + - arch aware kvm wrappers + - update VCS-git to match the Artful branch + - disable missing x32 architecture + - d/rules: or32 is now named or1k (since 4a09d0bb) + - d/qemu-system-common.docs: new paths since (ac06724a) + - d/qemu-system-common.install: qmp-commands.txt removed, but replaced + by qapi-schema.json which is already packaged (since 4d8bb958) + - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update + to Debian patch to match qemu 2.10) + - s390x package now builds correctly on all architectures (LP 1710695) + - d/qemu-system-common.docs: adapt new path of live-block-operations.rst + since 8508eee7 + - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 + - make nios2/hppa not installed explicitly until further stablized + - d/qemu-guest-agent.install: add the new guest agent reference man page + qemu-ga-ref + - d/qemu-system-common.install: add the now generated qapi/qmp reference + along the qapi intro + - d/not-installed: ignore further generated (since 56e8bdd4) files in + dh_missing that are already provided in other formats qemu-doc, + qemu-qmp-ref,qemu-ga-ref + + + -- Christian Ehrhardt Tue, 05 Sep 2017 08:31:26 +0200 + +qemu (1:2.10~rc4+dfsg-0ubuntu1) artful; urgency=medium + + * Merge with Upstream 2.10-rc4; This fixes a migration issue (LP: #1711602); + Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - set nested=1 module option on intel. (is default on amd) + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + - qemu-system-common.preinst: add kvm group if needed + - Distribution specific machine type + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - Enable numa support for s390x + - ppc64[le] support + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - Enable seccomp for ppc64el + - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 + - arch aware kvm wrappers + - update VCS-git to match the Artful branch + - disable missing x32 architecture + - d/rules: or32 is now named or1k (since 4a09d0bb) + - d/qemu-system-common.docs: new paths since (ac06724a) + - d/qemu-system-common.install: qmp-commands.txt removed, but replaced + by qapi-schema.json which is already packaged (since 4d8bb958) + - d/p/02_kfreebsd.patch: utimensat is no more optional upstream (Update + to Debian patch to match qemu 2.10) + - s390x package now builds correctly on all architectures (LP 1710695) + * Added changes: + - d/qemu-system-common.docs: adapt new path of live-block-operations.rst + since 8508eee7 + - d/qemu-system-common.docs: adapt q35 config paths since 9ca019c1 + - make nios2/hppa not installed explicitly until further stablized + - d/qemu-guest-agent.install: add the new guest agent reference man page + qemu-ga-ref + - d/qemu-system-common.install: add the now generated qapi/qmp reference + along the qapi intro + - d/not-installed: ignore further generated (since 56e8bdd4) files in + dh_missing that are already provided in other formats qemu-doc, + qemu-qmp-ref,qemu-ga-ref + - d/p/ubuntu/define-ubuntu-machine-types.patch: update to match new + changes in 2.10-rc4 + + -- Christian Ehrhardt Fri, 25 Aug 2017 07:49:30 +0200 + +qemu (1:2.10~rc3+dfsg-0ubuntu1) artful; urgency=medium + + * Merge with Debian unstable (2.8) and Upstream 2.10-rci3; This fixes + a set of bugs + - [FFE] Qemu 2.10 in Artful (LP: #1699968) + - CPU hot unplug fails after migrating a CPU hotplugged guest + from source (LP: #1677552) + - [Feature] KNL/KNM: Numa Distance on KVM(LP: #1647902) + - New KVM 288 Pass Through (LP: #1672447) + - aarch64: MSI is not supported by interrupt controller (LP: #1706630) + * Remaining changes: + - qemu-kvm to systemd unit + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, + hugepages and architecture specifics + - d/qemu-kvm.service: systemd unit to call qemu-kvm-init + - d/qemu-system-common.install: install systemd unit and helper script + - d/qemu-system-common.maintscript: clean old sysv and upstart scripts + - d/qemu-system-common.qemu-kvm.default: defaults for + /etc/default/qemu-kvm + - d/rules: install /etc/default/qemu-kvm + - Enable nesting by default + - set nested=1 module option on intel. (is default on amd) + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default + in qemu64 on amd + - libvirt/qemu user/group support + - qemu-system-common.postinst: remove acl placed by udev, and add udevadm + trigger. + - qemu-system-common.preinst: add kvm group if needed + - Distribution specific machine type + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - d/qemu-system-x86.NEWS Info on fixed machine type definitions + - improved dependencies + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - let qemu-utils recommend sharutils + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - Enable numa support for s390x + - ppc64[le] support + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - Enable seccomp for ppc64el + - bump libseccomp-dev dependency, 2.3 is the minimum for ppc64 + - arch aware kvm wrappers + - disable missing x32 architecture + - update VCS links + * Added changes + - d/rules: or32 is now named or1k (since 4a09d0bb) + - d/qemu-system-common.docs: new paths since (ac06724a) + - d/qemu-system-common.install: qmp-commands.txt removed, but replaced + by qapi-schema.json which is already packaged (since 4d8bb958) + - Updates in debian/patches to match qemu 2.10 + - d/p/02_kfreebsd.patch: utimensat is no more optional upstream + - d/p/ubuntu/enable-svm-by-default.patch: target-i386 -> target/i386 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: target-i386 -> target/i386 + - d/p/ubuntu/define-ubuntu-machine-types.patch: new 2.10 ubuntu types + - update VCS-git to match the Artful branch + - s390x package now builds correctly on all architectures (LP: #1710695) + * Dropped changes (integrated upstream): + - d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport + "spapr/pci: populate PCI DT in reverse order" (LP 1670481). + - All CVE fixes formerly applied are upstream and thereby dropped. + + -- Christian Ehrhardt Tue, 08 Aug 2017 16:59:19 +0200 + qemu (1:2.8+dfsg-7) unstable; urgency=medium * uploading to unstable all fixes which went to stretch-security @@ -1042,6 +3069,179 @@ qemu (1:2.8+dfsg-4) unstable; urgency=high -- Michael Tokarev Mon, 03 Apr 2017 16:28:49 +0300 +qemu (1:2.8+dfsg-3ubuntu4) artful; urgency=medium + + * debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530) + This was inadvertently dropped on 2.8 merge. + + -- Christian Ehrhardt Mon, 22 May 2017 15:45:58 +0200 + +qemu (1:2.8+dfsg-3ubuntu3) artful; urgency=medium + + * SECURITY UPDATE: denial of service via leak in virtFS + - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in + hw/9pfs/9p.c. + - CVE-2017-7377 + * SECURITY UPDATE: denial of service in cirrus_vga + - debian/patches/CVE-2017-7718.patch: check parameters in + hw/display/cirrus_vga_rop.h. + - CVE-2017-7718 + * SECURITY UPDATE: code execution via cirrus_vga OOB r/w + - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in + hw/display/cirrus_vga.c. + - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in + hw/display/cirrus_vga.c. + - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling + in hw/display/cirrus_vga.c. + - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in + hw/display/cirrus_vga.c. + - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch + in hw/display/cirrus_vga.c. + - debian/patches/CVE-2017-7980-6.patch: stop passing around dst + pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h, + hw/display/cirrus_vga_rop2.h. + - debian/patches/CVE-2017-7980-7.patch: stop passing around src + pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h, + hw/display/cirrus_vga_rop2.h. + - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in + hw/display/cirrus_vga_rop.h. + - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in + hw/display/cirrus_vga.c. + - CVE-2017-7980 + * SECURITY UPDATE: denial of service via memory leak in virtFS + - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c. + - CVE-2017-8086 + * SECURITY UPDATE: denial of service via leak in audio + - debian/patches/CVE-2017-8309.patch: release capture buffers in + audio/audio.c. + - CVE-2017-8309 + * SECURITY UPDATE: denial of service via leak in keyboard + - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in + ui/input.c. + - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in + ui/input.c. + - CVE-2017-8379 + + -- Marc Deslauriers Thu, 18 May 2017 09:20:54 -0400 + +qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium + + * SECURITY UPDATE: DoS in virtio GPU device + - debian/patches/CVE-2016-10028.patch: check virgl capabilities + max_size in hw/display/virtio-gpu-3d.c. + - CVE-2016-10028 + * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation + - debian/patches/CVE-2016-8667.patch: limit interval timer reload value + in hw/dma/rc4030.c. + - CVE-2016-8667 + * SECURITY UPDATE: host filesystem access via virtFS + - debian/patches/CVE-2016-9602.patch: don't follow symlinks in + hw/9pfs/*. + - CVE-2016-9602 + * SECURITY UPDATE: arbitrary code execution via Cirrus VGA + - debian/patches/CVE-2016-9603.patch: remove bitblit support from + console code in hw/display/cirrus_vga.c, include/ui/console.h, + ui/console.c, ui/vnc.c. + - CVE-2016-9603 + * SECURITY UPDATE: information leak in virtio GPU device + - debian/patches/CVE-2016-9908.patch: properly clear out memory in + hw/display/virtio-gpu-3d.c. + - CVE-2016-9908 + * SECURITY UPDATE: DoS via memory leak in virtio GPU device + - debian/patches/CVE-2016-9912.patch: properly free memory in + hw/display/virtio-gpu.c. + - CVE-2016-9912 + * SECURITY UPDATE: DoS via virtFS + - debian/patches/CVE-2016-9914.patch: add cleanup operations to + fsdev/file-op-9p.h, hw/9pfs/9p.c. + - CVE-2016-9914 + * SECURITY UPDATE: DoS via memory leak in virtio GPU device + - debian/patches/CVE-2017-5552.patch: check return value in + hw/display/virtio-gpu-3d.c. + - CVE-2017-5552 + * SECURITY UPDATE: DoS via memory leak in virtio GPU device + - debian/patches/CVE-2017-5578.patch: check res->iov in + hw/display/virtio-gpu.c. + - CVE-2017-5578 + * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation + - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register + handling in hw/sd/sdhci.c. + - CVE-2017-5987 + * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation + - debian/patches/CVE-2017-6505.patch: limit the number of link eds in + hw/usb/hcd-ohci.c. + - CVE-2017-6505 + + -- Marc Deslauriers Mon, 24 Apr 2017 07:30:11 -0400 + +qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium + + * d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport + "spapr/pci: populate PCI DT in reverse order" (LP: #1670481). + + -- Christian Ehrhardt Tue, 07 Mar 2017 09:23:08 +0100 + +qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium + + * Merge with Debian; + This fixes several CVEs that were reported against qemu 2.8 and also + includes a few important functional backports (LP: #1667033); remaining + changes: + - add qemu-kvm init script and defaults file + (d/qemu-system-common.qemu-kvm.*) + - d/rules, d/qemu-kvm-init: add and install script loading kvm + modules and handling /etc/default/qemu-kvm + - qemu-system-common.preinst: add kvm group if needed + - Enable nesting by default on intel. + - set default module option + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by + default in qemu64 cpu type. + - Enable svm by default for qemu64 on amd + - d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS: + define distro machine types to ease future live vm migration (includes + all former follow up fixes). + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - qemu-system-common.postinst: + - change acl placed by udev, and add udevadm trigger. + - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el + - Several changes were applied but missing in the changelog so far + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - arch aware kvm wrapper + - update VCS links + - let qemu-utils recommend sharutils + - disable x32 architecture + - Enable seccomp for ppc64el + - Enable numa support for s390x + - d/qemu-system-common.qemu-kvm.init: fix lintian error type + init.d-script-missing-dependency-on-remote_fs + - d/qemu-system-common.postinst: fix lintian error type + command-with-path-in-maintainer-script + - Transition qemu-kvm to a systemd unit + - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output + - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so + that it shows up where the user expects (sytemctl status, kvm stdout) + - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure + - add arch aware kvm wrapper for s390x + * Dropped Changes (in Debian now): + - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working + - d/control-in: change dependencies for fix of wrong acl for newly + created device node on ubuntu + - have qemu-system-arm suggest: qemu-efi; this should be a stronger + relationship, but qemu-efi is still in universe right now. + - Disable glusterfs (Universe dependency) + - no more skip disable libiscsi on Ubuntu + - d/rules, d/control-in: avoid people editing d/control + * Added Changes: + - d/control: bump libseccomp-dev dependency as enabling libseccomp for + power makes 2.3 the minimum level. + + -- Christian Ehrhardt Wed, 01 Mar 2017 14:23:16 +0100 + qemu (1:2.8+dfsg-3) unstable; urgency=high * urgency high due to security fixes @@ -1102,6 +3302,90 @@ qemu (1:2.8+dfsg-3) unstable; urgency=high -- Michael Tokarev Tue, 28 Feb 2017 11:40:18 +0300 +qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium + + * Merge with Debian; remaining changes: + - add qemu-kvm init script and defaults file + (d/qemu-system-common.qemu-kvm.*) + - d/rules, d/qemu-kvm-init: add and install script loading kvm + modules and handling /etc/default/qemu-kvm + - qemu-system-common.preinst: add kvm group if needed + - Enable nesting by default on intel. + - set default module option + - re-load kvm_intel.ko if it was loaded without nested=1 + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by + default in qemu64 cpu type. + - Enable svm by default for qemu64 on amd + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - Make qemu-system-common depend on qemu-block-extra + - Make qemu-utils depend on qemu-block-extra + - s390x support + - Create qemu-system-s390x package + - Include s390-ccw.img firmware + - qemu-system-common.postinst: + - change acl placed by udev, and add udevadm trigger. + - d/control-in: change dependencies for fix of wrong acl for newly + created device node on ubuntu + - have qemu-system-arm suggest: qemu-efi; this should be a stronger + relationship, but qemu-efi is still in universe right now. + - d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el + - Several changes were applied but missing in the changelog so far + - d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink + - arch aware kvm wrapper + - update VCS links + - no more skip disable libiscsi on Ubuntu + - let qemu-utils recommend sharutils + - disable x32 architecture + * Dropped Changes: + - Several changes were applied but missing in the changelog so far + but are no more needed + - no pie for relocatable LD calls, with toolchain defaulting to + pie (fixed upstream) + - enable libnuma-dev (now in Debian) + - transition for moved init scripts (can be dropped after LTS + containing >=2.5 which is Xenial) + - --enable-seccomp related whitespace change (had no effect) + - apport hook for qemu source package (In Debian) + - add upstart script (d/qemu-system-common.qemu-kvm.upstart) + - d/qemu-system-x86.maintscript: transition off of + /etc/init.d/qemu-system-x86 (can be dropped after Xenial) + - Enable pie by default, on ubuntu/s390x. (Is the default since + >=Xenial, no cloud archive backport <=Xenial to consider) + - no pie for relocatable LD calls (fixed upstream in commit + 7ecf44a5) + - CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream) + - Revert fix for CVE-2016-5403, causes regression see USN-3047-2. + (Improved fix included by upstream) + - Enable GPU Passthru for ppc64le (is upstream in qemu 2.7) + - Fixed wrong migration blocker when vhost is used (is upstream in + qemu 2.8) + * Added Changes: + - d/rules, d/control-in: avoid people editing d/control by warning + header and non writable permissions + - fixed moving trusty machine type definition which made it + ambiguous (LP: #1641532) + - d/qemu-system-x86.NEWS describe the issue + - Enable seccomp for ppc64el (LP: #1644639) + - Enable numa support for s390x + - d/qemu-system-common.qemu-kvm.init: fix lintian error type + init.d-script-missing-dependency-on-remote_fs + - d/qemu-system-common.postinst: fix lintian error type + command-with-path-in-maintainer-script + - Transition qemu-kvm to a systemd unit + - Disable glusterfs (Universe dependency) + - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output + - d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so + that it shows up where the user expects (sytemctl status, kvm stdout) + - d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure + - add arch aware kvm wrapper for s390x + - d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working + - Enable DDW in Yakkety machine type because "Enable GPU Passthru for + ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10, + merged in d/p/ubuntu/define-ubuntu-machine-types.patch) + + -- Christian Ehrhardt Mon, 16 Jan 2017 16:27:11 +0100 + qemu (1:2.8+dfsg-2) unstable; urgency=medium * Revert "update binfmt registration for mipsn32" @@ -1220,6 +3504,67 @@ qemu (1:2.7+dfsg-1) unstable; urgency=medium -- Michael Tokarev Fri, 14 Oct 2016 13:31:40 +0300 +qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium + + * No-change rebuild to compile against new libxen version. + + -- Stefan Bader Fri, 30 Sep 2016 14:24:37 +0200 + +qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium + + * retain older xenial machine type to avoid issues starting guests + created on xenial prior to the SRU for bug 1621042. In that regard the old + broken xenial machine type and the new fixed one have both to be considered + as valid LTS machine types (LP: #1626070). + + -- Christian Ehrhardt Wed, 21 Sep 2016 14:57:09 +0200 + +qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium + + * fix default ubuntu machine types. (LP: #1621042) + - add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch + - remove double default and double ubuntu alias + - drop former devel releases utopic, vivid, wily + - add xenial and yakkety machine types + - add q35 based ubuntu machine type starting at xenial + - add ubuntu machine types on ppc64el and s390x starting at xenial + + -- Christian Ehrhardt Mon, 19 Sep 2016 07:50:50 +0200 + +qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium + + * Enable GPU Passthru for ppc64le (LP: #1541902) + - 0001-spapr-ensure-device-trees-are-always-associated-with.patch + - 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch + - 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch + - 0004-spapr_iommu-Move-table-allocation-to-helpers.patch + - 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch + - 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch + - 0007-spapr_iommu-Migrate-full-state.patch + - 0008-spapr_iommu-Add-root-memory-region.patch + - 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch + - 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch + - 0011-memory-Add-reporting-of-supported-page-sizes.patch + - 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch + - 0013-intel_iommu-Throw-hw_error-on-notify_started.patch + - 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch + - 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch + - 0016-vfio-Add-host-side-DMA-window-capabilities.patch + - 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch + - 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch + - 0019-vfio-spapr-Remove-stale-ioctl-call.patch + - 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch + - 0021-memory-Fix-IOMMU-replay-base-address.patch + + -- Jon Grimm Fri, 16 Sep 2016 14:14:47 -0500 + +qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium + + * New upstream release. LP: #1617055. + * Revert fix for CVE-2016-5403, causes regression see USN-3047-2. + + -- Dimitri John Ledkov Fri, 09 Sep 2016 23:33:57 +0100 + qemu (1:2.6+dfsg-3.1) unstable; urgency=high * Non-maintainer upload. @@ -1253,6 +3598,55 @@ qemu (1:2.6+dfsg-3.1) unstable; urgency=high -- Andrew James Wed, 14 Sep 2016 00:56:18 -0600 +qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium + + * SECURITY UPDATE: DoS via unbounded memory allocation + - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c. + - CVE-2016-5403 + * SECURITY UPDATE: oob write access while reading ESP command + - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for + maximum CDB size and handle migration in hw/scsi/esp.c, + include/hw/scsi/esp.h, include/migration/vmstate.h. + - CVE-2016-6351 + * SECURITY UPDATE: infinite loop in virtqueue_pop + - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer + length in hw/virtio/virtio.c. + - CVE-2016-6490 + + -- Marc Deslauriers Wed, 03 Aug 2016 08:36:16 -0400 + +qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium + + * Merge with Debian; remaining changes: + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. + - s390x: + * Create qemu-system-s390x package + * Enable pie by default, on ubuntu/s390x. + * Enable svm by default for qemu64 on amd + * Include s390-ccw.img firmware + * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger + relationship, but qemu-efi is still in universe right now. + + -- Serge Hallyn Wed, 15 Jun 2016 16:49:49 -0500 + qemu (1:2.6+dfsg-3) unstable; urgency=high * more security fixes picked from upstream: @@ -1306,6 +3700,39 @@ qemu (1:2.6+dfsg-2) unstable; urgency=medium -- Michael Tokarev Mon, 13 Jun 2016 12:10:44 +0300 +qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium + + * Merge with Debian; remaining changes: (LP: #1583775) + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + - s390x: + * Create qemu-system-s390x package + * Enable pie by default, on ubuntu/s390x. + * Enable svm by default for qemu64 on amd + * Include s390-ccw.img firmware + * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger + relationship, but qemu-efi is still in universe right now. + * Drop patches which have been applied upstream: + + -- Serge Hallyn Thu, 19 May 2016 12:11:36 -0500 + qemu (1:2.6+dfsg-1) unstable; urgency=medium * new upstream release @@ -1343,6 +3770,106 @@ qemu (1:2.6+dfsg-1) unstable; urgency=medium -- Michael Tokarev Wed, 18 May 2016 14:44:14 +0300 +qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium + + * Cherrypick upstream patches to support the query-gic-version QMP command + (LP: #1566564) + + -- dann frazier Tue, 05 Apr 2016 16:56:11 -0600 + +qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium + + [Stefan Bader] + * Enable svm by default for qemu64 on amd (LP: #1561019) + + -- Serge Hallyn Fri, 22 Apr 2016 16:53:55 -0500 + +qemu (1:2.5+dfsg-5ubuntu10) xenial; urgency=medium + + * qemu-system-s390x only available on s390x, so qemu-system should only + depend on it on this arch. + * have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger + relationship, but qemu-efi is still in universe right now. + + -- Steve Langasek Tue, 19 Apr 2016 13:41:37 -0700 + +qemu (1:2.5+dfsg-5ubuntu9) xenial; urgency=medium + + * And actually ship the right things in qemu-system-s390x. + + -- Dimitri John Ledkov Tue, 19 Apr 2016 16:49:00 +0100 + +qemu (1:2.5+dfsg-5ubuntu8) xenial; urgency=medium + + * Create qemu-system-s390x package on ubuntu only. + + -- Dimitri John Ledkov Mon, 18 Apr 2016 10:16:19 +0100 + +qemu (1:2.5+dfsg-5ubuntu7) xenial; urgency=medium + + * Cherrypick patch from mailing list to fix qemu in sandbox. (LP: #1560149) + + -- Serge Hallyn Mon, 11 Apr 2016 15:13:06 -0500 + +qemu (1:2.5+dfsg-5ubuntu6) xenial; urgency=medium + + * Cherrypick upstream patch vhost-user-interrupt-management-fixes.patch + (LP: #1556306) + + -- Serge Hallyn Wed, 16 Mar 2016 16:35:22 -0700 + +qemu (1:2.5+dfsg-5ubuntu5) xenial; urgency=medium + + * Cherrypick upstream patch to fix snapshot regression (LP: #1533728) + + -- Serge Hallyn Mon, 07 Mar 2016 18:53:34 -0800 + +qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium + + * d/control{-in}: Re-generate and build with libiscsi-dev now + that its in Ubuntu main (LP: #1271653). + + -- James Page Wed, 24 Feb 2016 17:59:13 +0000 + +qemu (1:2.5+dfsg-5ubuntu3) xenial; urgency=medium + + * Make -no-pie conditional, on $(CC) supporting -no-pie flag. + + -- Dimitri John Ledkov Wed, 24 Feb 2016 14:40:19 +0000 + +qemu (1:2.5+dfsg-5ubuntu2) xenial; urgency=medium + + * No-change rebuild for gnutls transition. + + -- Matthias Klose Wed, 17 Feb 2016 22:27:20 +0000 + +qemu (1:2.5+dfsg-5ubuntu1) xenial; urgency=medium + + * Merge with Debian; remaining changes: + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + - Enable pie by default, on ubuntu/s390x. + - Include s390-ccw.img firmware. + + -- Serge Hallyn Tue, 09 Feb 2016 10:24:49 -0800 + qemu (1:2.5+dfsg-5) unstable; urgency=medium * fix misspellings in previous debian/changelog entry @@ -1400,6 +3927,113 @@ qemu (1:2.5+dfsg-2) unstable; urgency=high -- Michael Tokarev Sat, 09 Jan 2016 21:40:43 +0300 +qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium + + * SECURITY UPDATE: paravirtualized drivers incautious about shared memory + contents + - debian/patches/CVE-2015-8550-1.patch: avoid double access in + hw/block/xen_blkif.h. + - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in + hw/display/xenfb.c. + - CVE-2015-8550 + * SECURITY UPDATE: infinite loop in ehci_advance_state + - debian/patches/CVE-2015-8558.patch: make idt processing more robust + in hw/usb/hcd-ehci.c. + - CVE-2015-8558 + * SECURITY UPDATE: host memory leakage in vmxnet3 + - debian/patches/CVE-2015-856x.patch: avoid memory leakage in + hw/net/vmxnet3.c. + - CVE-2015-8567 + - CVE-2015-8568 + * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info + - debian/patches/CVE-2015-8613.patch: initialise info object with + appropriate size in hw/scsi/megasas.c. + - CVE-2015-8613 + * SECURITY UPDATE: DoS via Human Monitor Interface + - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write + in hmp.c, include/ui/console.h, ui/input-legacy.c. + - CVE-2015-8619 + * SECURITY UPDATE: incorrect array bounds check in rocker + - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds + check in hw/net/rocker/rocker.c. + - CVE-2015-8701 + * SECURITY UPDATE: ne2000 OOB r/w in ioport operations + - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport + operations in hw/net/ne2000.c. + - CVE-2015-8743 + * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands + - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on + error in hw/ide/ahci.c. + - CVE-2016-1568 + * SECURITY UPDATE: DoS via null pointer dereference in vapic_write() + - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in + hw/i386/kvmvapic.c. + - CVE-2016-1922 + * SECURITY UPDATE: e1000 infinite loop + - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on + out-of-bounds transfer start in hw/net/e1000.c + - CVE-2016-1981 + * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB + engines + - debian/patches/CVE-2016-2197.patch: add check before calling + dma_memory_unmap in hw/ide/ahci.c. + - CVE-2016-2197 + * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write + - debian/patches/CVE-2016-2198.patch: add capability mmio write + function in hw/usb/hcd-ehci.c. + - CVE-2016-2198 + + -- Marc Deslauriers Mon, 01 Feb 2016 09:39:01 -0500 + +qemu (1:2.5+dfsg-1ubuntu4) xenial; urgency=medium + + * debian/qemu-kvm-init: Call systemd-detect-virt instead of the + Ubuntu specific running-in-container wrapper. (LP: #1539016) + + -- Martin Pitt Thu, 28 Jan 2016 13:24:51 +0100 + +qemu (1:2.5+dfsg-1ubuntu3) xenial; urgency=high + + * Include s390-ccw.img firmware. + + -- Dimitri John Ledkov Tue, 12 Jan 2016 15:53:43 +0000 + +qemu (1:2.5+dfsg-1ubuntu2) xenial; urgency=medium + + * Place qemu-kvm.defaults file in qemu-system-common, next to the init + scripts. Fix the comparison operator when checking KVM_HUGEPAGES. + Thanks Simon. (LP: #1531191) + + -- Serge Hallyn Wed, 06 Jan 2016 09:45:37 -0800 + +qemu (1:2.5+dfsg-1ubuntu1) xenial; urgency=medium + + * Merge with Debian; remaining changes: + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine + types to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + - Enable pie by default, on ubuntu/s390x. + * Drop vGICv3 support patches - all is now upstream + * debian/qemu-kvm-init: handle KVM_HUGEPAGES being unset (LP: #1531191) + + -- Serge Hallyn Tue, 05 Jan 2016 15:42:50 -0800 + qemu (1:2.5+dfsg-1) unstable; urgency=medium * new upstream release @@ -1426,6 +4060,49 @@ qemu (1:2.5+dfsg-1) unstable; urgency=medium -- Michael Tokarev Wed, 16 Dec 2015 20:00:04 +0300 +qemu (1:2.4+dfsg-5ubuntu3) xenial; urgency=high + + * Enable pie by default, on ubuntu/s390x. + + -- Dimitri John Ledkov Mon, 07 Dec 2015 16:04:16 +0000 + +qemu (1:2.4+dfsg-5ubuntu2) xenial; urgency=medium + + * undo the libseccomp delta from debian. libseccomp is indeed available + on other arches, but we need qemu's configure script to be fixed before + we can use it on anything other than amd64|i386. Fixes FTBFS. + (LP: #1522531) + + -- Serge Hallyn Thu, 03 Dec 2015 12:44:46 -0600 + +qemu (1:2.4+dfsg-5ubuntu1) xenial; urgency=medium + + * Merge with Debian; remaining changes: + - Update the ubuntu machine types patch to reflect upstream churn + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + - control-in: build with libseccomp an all architectures + - Add vGICv3 support + + -- Matthias Klose Wed, 02 Dec 2015 21:31:36 +0100 + qemu (1:2.4+dfsg-5) unstable; urgency=medium * trace-remove-malloc-tracing.patch from upstream. @@ -1438,6 +4115,57 @@ qemu (1:2.4+dfsg-5) unstable; urgency=medium -- Michael Tokarev Sun, 29 Nov 2015 12:22:52 +0300 +qemu (1:2.4+dfsg-4ubuntu3) xenial; urgency=medium + + * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet + - debian/patches/CVE-2015-7504.patch: leave room for CRC code in + hw/net/pcnet.c. + - CVE-2015-7504 + * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet + - debian/patches/CVE-2015-7512.patch: check packet length in + hw/net/pcnet.c. + - CVE-2015-7512 + * SECURITY UPDATE: infinite loop in eepro100 + - debian/patches/CVE-2015-8345.patch: prevent endless loop in + hw/net/eepro100.c. + - CVE-2015-8345 + + -- Marc Deslauriers Tue, 01 Dec 2015 13:36:40 -0500 + +qemu (1:2.4+dfsg-4ubuntu2) xenial; urgency=medium + + * d/p/u/define-ubuntu-machine-type.patch: Fix typo in utopic definition. + + -- dann frazier Tue, 03 Nov 2015 08:05:46 -0700 + +qemu (1:2.4+dfsg-4ubuntu1) xenial; urgency=medium + + * Merge 2.4 from unstable. Remaining changes: + - Update the ubuntu machine types patch to reflect upstream churn + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + - control-in: build with libseccomp an all architectures. + * Add vGICv3 support + + -- Serge Hallyn Tue, 27 Oct 2015 13:28:58 -0500 + qemu (1:2.4+dfsg-4) unstable; urgency=medium * applied 3 patches from upstream to fix virtio-net @@ -1452,7 +4180,7 @@ qemu (1:2.4+dfsg-3) unstable; urgency=high fix for Heap overflow vulnerability in ne2000_receive() function (Closes: #799074 CVE-2015-5279) * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch - (Closes: #799073 CVE-2015-5278) + (Closes: #799073 CVE-2015-5278) * some binfmt reorg: - extend aarch64 to include one more byte as other arches do - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize @@ -1504,6 +4232,137 @@ qemu (1:2.3+dfsg-6) unstable; urgency=high -- Michael Tokarev Thu, 11 Jun 2015 20:03:40 +0300 +qemu (1:2.3+dfsg-5ubuntu10) xenial; urgency=medium + + * debian/patches/fix-curses-with-xterm-256.patch (LP: #1508466) + + -- Ryan Harper Wed, 21 Oct 2015 08:59:29 -0500 + +qemu (1:2.3+dfsg-5ubuntu9) wily; urgency=low + + * debian/patches/upstream-fix-irq-route-entries.patch + Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed" + (LP: #1465935) + + -- Stefan Bader Fri, 09 Oct 2015 15:38:53 +0200 + +qemu (1:2.3+dfsg-5ubuntu8) wily; urgency=medium + + * Build using libseccomp on all architectures. + + -- Matthias Klose Sat, 03 Oct 2015 21:12:15 +0200 + +qemu (1:2.3+dfsg-5ubuntu7) wily; urgency=medium + + * SECURITY UPDATE: denial of service via NE2000 driver + - debian/patches/CVE-2015-5278.patch: fix infinite loop in + hw/net/ne2000.c. + - CVE-2015-5278 + * SECURITY UPDATE: denial of service and possible code execution via + heap overflow in NE2000 driver + - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in + hw/net/ne2000.c. + - CVE-2015-5279 + * SECURITY UPDATE: denial of service via e1000 infinite loop + - debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c. + - CVE-2015-6815 + * SECURITY UPDATE: denial of service via illegal ATAPI commands + - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in + hw/ide/core.c. + - CVE-2015-6855 + + -- Marc Deslauriers Wed, 23 Sep 2015 15:05:51 -0400 + +qemu (1:2.3+dfsg-5ubuntu6) wily; urgency=medium + + * Make qemu-system-common and qemu-utils depend on qemu-block-extra + to fix errors with missing block backends. (LP: #1495895) + * Cherry pick fixes for vmdk stream-optimized subformat (LP: #1006655) + * Apply fix for memory corruption during live-migration in tcg mode + (LP: #1493049) + * Apply tracing patch to remove use of custom vtable in newer glibc + (LP: #1491972) + + -- Ryan Harper Tue, 15 Sep 2015 09:37:23 -0500 + +qemu (1:2.3+dfsg-5ubuntu5) wily; urgency=medium + + * Import qcow2-handle-eagain-from-update_refcount from upstream + to fix errors when using qemu-img convert -c. (LP: #1491050) + + -- Serge Hallyn Fri, 04 Sep 2015 16:35:56 -0500 + +qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium + + * SECURITY UPDATE: process heap memory disclosure + - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c. + - CVE-2015-5165 + * SECURITY UPDATE: privilege escalation via block device unplugging + - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend + in hw/ide/piix.c. + - CVE-2015-5166 + * SECURITY UPDATE: privilege escalation via memory corruption in vnc + - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply + limits in ui/vnc.c. + - CVE-2015-5225 + * SECURITY UPDATE: denial of service via virtio-serial + - debian/patches/CVE-2015-5745.patch: don't assume a specific layout + for control messages in hw/char/virtio-serial-bus.c. + - CVE-2015-5745 + + -- Marc Deslauriers Tue, 25 Aug 2015 09:38:43 -0400 + +qemu (1:2.3+dfsg-5ubuntu3) wily; urgency=medium + + * SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read() + - debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c. + - CVE-2015-3214 + * SECURITY UPDATE: heap overflow when processing ATAPI commands + - debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in + hw/ide/core.c, make sure command is completed in hw/ide/atapi.c. + - CVE-2015-5154 + * SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb + - debian/patches/CVE-2015-5158.patch: check length in + hw/scsi/scsi-bus.c. + - CVE-2015-5158 + + -- Marc Deslauriers Mon, 27 Jul 2015 10:07:05 -0400 + +qemu (1:2.3+dfsg-5ubuntu2) wily; urgency=medium + + * SECURITY UPDATE: heap overflow in PCNET controller + - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c. + - CVE-2015-3209 + + -- Marc Deslauriers Thu, 11 Jun 2015 14:25:05 -0400 + +qemu (1:2.3+dfsg-5ubuntu1) wily; urgency=medium + + * Merge 1:2.3+dfsg-5 from Debian. + * Remaining changes: + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + * Refreshed patches: + - ubuntu/expose-vmx_qemu64cpu.patch + - ubuntu/define-ubuntu-machine-types.patch + + -- Serge Hallyn Wed, 10 Jun 2015 14:28:39 -0500 + qemu (1:2.3+dfsg-5) unstable; urgency=high * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch @@ -1515,6 +4374,35 @@ qemu (1:2.3+dfsg-5) unstable; urgency=high -- Michael Tokarev Wed, 03 Jun 2015 17:18:58 +0300 +qemu (1:2.3+dfsg-4ubuntu1) wily; urgency=medium + + * Merge 1:2.3+dfsg-4 from Debian. + * Remaining changes: + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + * Dropped all patches which are applied upstream + * Move the upstart jobs to a generic script + - add new qemu-kvm-init script + - call that from upstart and sysvrc qemu-kvm scripts + - move to qemu-system-common, which must now B/R qemu-system-{x86,ppc} + + -- Serge Hallyn Wed, 03 Jun 2015 13:36:36 -0500 + qemu (1:2.3+dfsg-4) unstable; urgency=medium * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch: @@ -1576,6 +4464,98 @@ qemu (1:2.2+dfsg-6exp) experimental; urgency=medium -- Michael Tokarev Fri, 17 Apr 2015 21:54:53 +0300 +qemu (1:2.2+dfsg-5expubuntu10) wily; urgency=medium + + * SECURITY UPDATE: denial of service in vnc web + - debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket + frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h. + - debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from + websockets clients in ui/vnc-ws.c. + - CVE-2015-1779 + * SECURITY UPDATE: host code execution via floppy device (VEMON) + - debian/patches/CVE-2015-3456.patch: force the fifo access to be in + bounds of the allocated buffer in hw/block/fdc.c. + - CVE-2015-3456 + + -- Marc Deslauriers Wed, 13 May 2015 07:25:59 -0400 + +qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low + + * CVE-2015-2756 / XSA-126 + - xen: limit guest control of PCI command register + + -- Stefan Bader Wed, 08 Apr 2015 10:17:45 +0200 + +qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium + + * debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not + accidentally create /1 + + -- Steve Beattie Thu, 12 Mar 2015 16:46:51 -0700 + +qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low + + * No-change rebuild to pull in libxl-4.5 (take 2: step to the right). + + -- Stefan Bader Thu, 26 Feb 2015 08:55:35 +0100 + +qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low + + * No-change rebuild to pull in libxl-4.5. + + -- Stefan Bader Wed, 25 Feb 2015 13:58:37 +0100 + +qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium + + * debian/control-in: enable numa on architectures where numa is built + (LP: #1417937) + + -- Serge Hallyn Thu, 12 Feb 2015 23:18:58 -0600 + +qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium + + [Scott Moser] + * update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa + profile when started by libvirt. + + [Serge Hallyn] + * add symlink qemu-system-ppc64le -> qemu-system-ppc64 + * debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script + (LP: #1419855) + + [Chris J Arges] + * Determine if we are running inside a virtual environment. If running inside + a virtualized enviornment do _not_ automatically enable KSM. (LP: #1414153) + + -- Serge Hallyn Thu, 12 Feb 2015 13:04:21 -0600 + +qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium + + * Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308) + - debian/rules: do not drop the init scripts loading kvm modules + (still needed in precise in cloud archive) + * Remaining changes: + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + * Dropped all patches which are applied upstream + * Update ubuntu-vivid machine type to default to std graphics (following + upstream's lead for pc-i440fx-2.2 machine type) + + -- Serge Hallyn Mon, 09 Feb 2015 22:31:09 -0600 + qemu (1:2.2+dfsg-5exp) experimental; urgency=medium * fix initscript removal once again @@ -1625,6 +4605,47 @@ qemu (2.2+dfsg-1exp) unstable; urgency=medium -- Michael Tokarev Tue, 09 Dec 2014 23:09:26 +0300 +qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium + + * Cherrypick upstream patch needed to allow ESx hosts to run under + kvm (LP: #1411575) + + -- Serge Hallyn Fri, 16 Jan 2015 16:32:48 -0600 + +qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium + + * Merge 2.1+dfsg-11. Remaining changes: + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - debian/binfmt-update-in: support ppcle + * debian/binfmt-update-in + * Support-ppcle.patch + - Upstream patches to fix AArch64 emulation ignoring SPSel=0: + * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch + * d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch + * d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch: + * Dropped patches (upstream or now in debian's tree): + - upstream-xen_disk-fix-unmapping-of-persistent-grants.patch + - CVE-2014-7840.patch + - CVE-2014-8106.patch + + -- Serge Hallyn Wed, 17 Dec 2014 13:57:34 -0600 + qemu (1:2.1+dfsg-11) unstable; urgency=medium * bump epoch and reupload to cancel 2.2+dfsg-1exp upload @@ -1694,6 +4715,81 @@ qemu (2.1+dfsg-8) unstable; urgency=low -- Michael Tokarev Thu, 27 Nov 2014 18:32:45 +0300 +qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium + + * SECURITY UPDATE: code execution via savevm data + - debian/patches/CVE-2014-7840.patch: validate parameters in + arch_init.c. + - CVE-2014-7840 + * SECURITY UPDATE: code execution via cirrus vga blit regions + (LP: #1400775) + - debian/patches/CVE-2014-8106.patch: properly validate blit regions in + hw/display/cirrus_vga.c. + - CVE-2014-8106 + + -- Marc Deslauriers Thu, 11 Dec 2014 14:11:52 -0500 + +qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low + + * d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got + dropped and VENDOR now will be all capital UBUNTU). + + -- Stefan Bader Mon, 08 Dec 2014 14:45:31 +0100 + +qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium + + * d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch + d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch + d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch: + Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring + SPSel=0 in certain conditions. (LP: #1349277) + + -- Chris J Arges Thu, 04 Dec 2014 14:17:01 -0600 + +qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low + + * d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch: + Cherry-pick of qemu-upstream patch to fix issues with persistent + grants and the PV backend (Qdisk) (LP: #1394327). + + -- Stefan Bader Fri, 28 Nov 2014 13:14:37 +0100 + +qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium + + * Merge 2.1+dfsg-7. Remaining changes: + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - debian/binfmt-update-in: support ppcle + * debian/binfmt-update-in + * Support-ppcle.patch + * Dropped patches (upstream or now in debian's tree): + - pc-reserve-more-memory-for-acpi.patch + - CVE-2014-5388.patch + - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and + 502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined + in debian) + - CVE-2014-3615.patch + - CVE-2014-3640.patch + - CVE-2014-3689.patch + - CVE-2014-7815.patch + + -- Serge Hallyn Sat, 22 Nov 2014 18:36:53 -0600 + qemu (2.1+dfsg-7) unstable; urgency=high * urgency is high due to 2 security fixes @@ -1745,6 +4841,119 @@ qemu (2.1+dfsg-5) unstable; urgency=medium -- Michael Tokarev Fri, 26 Sep 2014 17:43:26 +0400 +qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium + + * SECURITY UPDATE: information disclosure via vga driver + - debian/patches/CVE-2014-3615.patch: return the correct memory size, + sanity check register writes, and don't use fixed buffer sizes in + hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h, + ui/spice-display.c. + - CVE-2014-3615 + * SECURITY UPDATE: denial of service via slirp NULL pointer deref + - debian/patches/CVE-2014-3640.patch: make sure socket is not just a + stub in slirp/udp.c. + - CVE-2014-3640 + * SECURITY UPDATE: possible privilege escalation via vmware-vga driver + - debian/patches/CVE-2014-3689.patch: verify rectangles in + hw/display/vmware_vga.c. + - CVE-2014-3689 + * SECURITY UPDATE: denial of service via VNC console + - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in + ui/vnc.c. + - CVE-2014-7815 + + -- Marc Deslauriers Thu, 13 Nov 2014 07:31:03 -0500 + +qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium + + * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures + (LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity) + + -- Serge Hallyn Tue, 11 Nov 2014 15:51:47 -0600 + +qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium + + * Apply two patches to fix intermittent qemu-img corruption + (LP: #1368815) + - 501-block-raw-posix-fix-disk-corruption-in-try-fiemap + - 502-block-raw-posic-use-seek-hole-ahead-of-fiemap + + -- Serge Hallyn Wed, 29 Oct 2014 22:31:43 -0500 + +qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium + + * debian/control: slof is moving into main, so we can depend on qemu-slof as + debian does. + + -- Serge Hallyn Wed, 15 Oct 2014 22:01:27 +0200 + +qemu (2.1+dfsg-4ubuntu5) utopic; urgency=medium + + * debian/binfmt-update-in: don't blacklist ppc64le on ppc64 and vice + versa. + * Drop Support-ppc64le.pach, as that architecture appears to not exist yet. + * update d/p/ubuntu/define-ubuntu-machine-types.patch to keep -M pc pointing + to latest upstream machine type, rather than distro one. Add 'ubuntu' + machine type for that. + + -- Serge Hallyn Mon, 06 Oct 2014 13:41:31 -0500 + +qemu (2.1+dfsg-4ubuntu4) utopic; urgency=medium + + * debian/qemu-system-x86.qemu-kvm.upstart: create /dev/kvm in a + container. (LP: #1370199) + * load kvm module on ppc64le at boot (LP: #1369785) + - debian/rules: install qemu-kvm on ppc64el + - add debian/qemu-system-ppc.qemu-kvm.{upstart,default} to autoload the + kvm-hv module if available + * qemu-system-x86.maintscript: remove accidentally installed + /etc/init.d/qemu-system-x86 (from 2.0.0+dfsg-6ubuntu1 and a few earlier) + * rename qemu-system-x86 init script to qemu-kvm so it gets installed in + ubuntu. + + -- Serge Hallyn Wed, 17 Sep 2014 14:20:12 -0500 + +qemu (2.1+dfsg-4ubuntu3) utopic; urgency=medium + + * Re-stick the trusty machine type to 2.0 (where it must always stay) and + define a new, default, pc-i440fx-utopic machine type (LP: #1369481) + + -- Serge Hallyn Mon, 15 Sep 2014 14:04:57 -0500 + +qemu (2.1+dfsg-4ubuntu2) utopic; urgency=medium + + * move kvm_intel nested setting to qemu-system-x86.postinst. + + -- Serge Hallyn Fri, 12 Sep 2014 23:12:52 +0000 + +qemu (2.1+dfsg-4ubuntu1) utopic; urgency=medium + + * Merge new debian release + * Remaining changes: + - qemu-system-common.postinst: + * remove acl placed by udev, and add udevadm trigger. + * reload kvm_intel if needed to set nested=1 + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + - debian/binfmt-update-in: support ppcle + * debian/binfmt-update-in + * Support-ppcle.patch + - d/p/CVE-2014-5388.patch + + -- Serge Hallyn Tue, 09 Sep 2014 17:56:15 -0500 + qemu (2.1+dfsg-4) unstable; urgency=medium * mention libnuma-dev but not enable for now @@ -1762,6 +4971,59 @@ qemu (2.1+dfsg-4) unstable; urgency=medium -- Michael Tokarev Sun, 31 Aug 2014 09:32:59 +0400 +qemu (2.1+dfsg-3ubuntu4) utopic; urgency=medium + + * SECURITY UPDATE: memory disclosure via out-of-bounds array access + - debian/patches/CVE-2014-5388.patch: fix check in hw/acpi/pcihp.c. + - CVE-2014-5388 + + -- Marc Deslauriers Tue, 09 Sep 2014 08:26:24 -0400 + +qemu (2.1+dfsg-3ubuntu3) utopic; urgency=medium + + * replace d/p/revert-acpi-table-size-bump with + pc-reserve-more-memory-for-acpi.patch from upstream + * debian/binfmt-update-in + - don't run in a container + - add ppc64le as target (LP: #1358268) + * Add experimental ppcle support (LP: #1358268) + + -- Serge Hallyn Wed, 27 Aug 2014 18:24:32 -0500 + +qemu (2.1+dfsg-3ubuntu2) utopic; urgency=medium + + * revert-acpi-table-size-bump - get qemu -kernel working again. + + -- Serge Hallyn Fri, 15 Aug 2014 15:33:24 -0500 + +qemu (2.1+dfsg-3ubuntu1) utopic; urgency=medium + + * Merge new debian release + * Remaining changes: + - control-in: stick to libsdl1.2-dev. + - qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + - qemu-system-common.postinst: remove acl placed by udev, + and add udevadm trigger. + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + * Upstart job: use getent group to check for kvm group + * apport: 'qemu' doesn't exist any more, so check for any qemu* tasks + + -- Serge Hallyn Fri, 15 Aug 2014 08:44:54 -0500 + qemu (2.1+dfsg-3) unstable; urgency=medium * set SHELL = /bin/sh -e, so that more complex shell constructs @@ -1788,6 +5050,42 @@ qemu (2.1+dfsg-3) unstable; urgency=medium -- Michael Tokarev Thu, 14 Aug 2014 14:30:24 +0400 +qemu (2.1+dfsg-2ubuntu2) utopic; urgency=medium + + * reload kvm_intel if needed to set the nested=Y flag (LP: #1324174) + + -- Serge Hallyn Mon, 11 Aug 2014 12:58:50 -0500 + +qemu (2.1+dfsg-2ubuntu1) utopic; urgency=medium + + * Merge new debian release + * Remaining changes: + - qemu-system-x86.links: add eepro100.rom link, drop links which we + have in ipxe-qemu package. + - control-in: stick to libsdl1.2-dev. + - qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + - qemu-system-common.postinst: remove acl placed by udev, + and add udevadm trigger. + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - debian/rules: add qemu-kvm-spice + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - binfmt-update-in: make sure to filter out compat arches. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - apport hook for qemu source package: d/source_qemu-kvm.py, + d/qemu-system-common.install + + -- Serge Hallyn Tue, 05 Aug 2014 13:53:06 -0500 + qemu (2.1+dfsg-2) unstable; urgency=medium * l2tp-linux-only.patch: fix FTBFS on kfreebsd @@ -1822,7 +5120,7 @@ qemu (2.1+dfsg-1) unstable; urgency=medium qemu (2.0.0+dfsg-7) unstable; urgency=medium - * clarify description of qemu-user-binfmt a bit + * clarify description of qemu-user-binfmt a bit * build-depend on acpica-tools (iasl) in order to rebuild .dsl files * remove qemu-keymaps package, since it is not used by other tools anymore, and ship keymaps in qemu-system-common. @@ -1839,6 +5137,43 @@ qemu (2.0.0+dfsg-7) unstable; urgency=medium -- Michael Tokarev Thu, 24 Jul 2014 16:51:16 +0400 +qemu (2.0.0+dfsg-6ubuntu2) utopic; urgency=medium + + * d/qemu-system-x86.qemu-kvm.upstart: change the early-exit check from + /usr/bin/kvm to qemu-system-x86_64. (LP: #1348551) + + -- Serge Hallyn Fri, 25 Jul 2014 08:35:02 -0500 + +qemu (2.0.0+dfsg-6ubuntu1) utopic; urgency=medium + + * Merge 2.0.0+dfsg-6. Remaining changes: + - qemu-system-x86.links: add eepro100.rom link, drop links which we + have in ipxe-qemu package. + - control-in: stick to libgnutls-dev and libsdl1.2-dev. + - qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + - qemu-system-common.postinst: remove acl placed by udev, + and add udevadm trigger. + - qemu-system-common.preinst: add kvm group if needed + - add qemu-kvm upstart job and defaults file (rules, + qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart) + - debian/rules: add qemu-kvm-spice + - rules,qemu-system-x86.modprobe: support use under older udevs which + do not auto-load the kvm kernel module. Enable nesting by default + on intel. + - binfmt-update-in: make sure to filter out compat arches. + - debian/qemu-system-alternatives.in: use a later version as ubuntu + removed the alternatives bit later. + - d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default + in qemu64 cpu type. + - d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty + machine type to ease future live vm migration. + - re-introduce apport hook for qemu source package: + d/source_qemu-kvm.py, d/qemu-system-common.install + * enable-build-dep on libjpeg8-dev - which is now in main + + -- Serge Hallyn Mon, 23 Jun 2014 14:52:54 -0500 + qemu (2.0.0+dfsg-6) unstable; urgency=medium * build-depend on libgnutls28-dev not libgnutls-dev @@ -1882,6 +5217,59 @@ qemu (2.0.0+dfsg-3) unstable; urgency=low -- Michael Tokarev Mon, 21 Apr 2014 12:34:03 +0400 +qemu (2.0.0+dfsg-2ubuntu3) utopic; urgency=medium + + * remove alternatives for qemu: different architectures + aren't really alternatives and never had been (LP: #1316829) + + -- Serge Hallyn Wed, 07 May 2014 15:12:33 +0000 + +qemu (2.0.0+dfsg-2ubuntu2) utopic; urgency=medium + + * debian/rules: install the proper /etc/init/qemu-kvm.conf (LP: #1315402) + * debian/control: drop the versioning requirement from libfdt-dev + build-dependency, as it is longer needed (LP: #1295072) + + -- Serge Hallyn Fri, 02 May 2014 11:43:44 -0500 + +qemu (2.0.0+dfsg-2ubuntu1) trusty-proposed; urgency=medium + + * Merge 2.0.0+dfsg-2 + * Incorporates a fix for spice users (LP: #1309452) + * drop patch kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch, as + the regression requiring it was reverted for 2.0 upstream. + * remove qemu-system-common depends on the qemu-system-aarch64 metapackage + * debian/qemu-debootstrap: add arm64 + * Remaining changes from debian: + - keep qemu 'alternative' (not something to change in SRU) + - debian/control and debian/control-in: + * versioned libfdt-dev check, until libfdt is fixed in precise + * enable rbd + * remove ovmf Recommends, as it is in multiverse + * use libsdl1.2, not libsdl2, since libsdl2-dev is in universe + * add a qemu-system-aarch64 metapackage for transitions from trusty + development version. This can be removed after trusty. + - qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + - qemu-system-common.postinst: fix /dev/kvm acls + - qemu-system-common.preinst: add kvm group if needed + - qemu-system-x86.links: add eepro100.rom link, drop links which we + have in ipxe-qemu package. + - qemu-system-x86.modprobe: set module options for older releases + - qemu-system-x86.qemu-kvm.default: defaults for the upstart job + - qemu-system-x86.qemu-kvm.upstart: qemu-kvm upstart job + - qemu-user-static.postinst-in: remove qemu-arm64-static on arm64 + - debian/rules + * add legacy kvm-spice link + * fix ppc and arm slections + * add aarch64 to user_targets + - debian/patches/ubuntu/define-trusty-machine-type.patch: define a + pc-i440fx-trusty machine type as the default. + - debian/patches/ubuntu/expose-vmx_qemu64cpu.patch: support nesting by + default in qemu64 cpu time. + + -- Serge Hallyn Fri, 18 Apr 2014 09:23:27 -0500 + qemu (2.0.0+dfsg-2) unstable; urgency=medium * resurrect 02_kfreebsd.patch, -- without it qemu FTBFS on current @@ -1907,7 +5295,7 @@ qemu (2.0.0+dfsg-1) unstable; urgency=low * kmod dependency is linux-any * doc-grammify-allows-to.patch: fix some lintian warnings * remove alternatives for qemu: different architectures - aren't really alternatives and never had been + aren't really alternatives and never had been * update Standards-Version to 3.9.5 (no changes needed) * exec-limit-translation-limiting-in-address_space_translate-to-xen.diff - fixes windows BSOD with virtio-scsi when upgrading from 1.7.0 to 1.7.1 @@ -1941,6 +5329,50 @@ qemu (2.0.0~rc1+dfsg-1exp) experimental; urgency=low -- Michael Tokarev Sat, 05 Apr 2014 16:23:48 +0400 +qemu (2.0.0~rc1+dfsg-0ubuntu3) trusty; urgency=medium + + * d/p/ubuntu/kvm_physical_sync_dirty_bitmap-ignore-ENOENT-from-kv.patch + don't abort() just because the kernel has no dirty bitmap. + (LP: #1303926) + + -- Serge Hallyn Tue, 08 Apr 2014 22:32:00 -0500 + +qemu (2.0.0~rc1+dfsg-0ubuntu2) trusty; urgency=medium + + * define-trusty-machine-type.patch: update the trusty machine type name to + pc-i440fx-trusty (LP: #1304107) + + -- Serge Hallyn Tue, 08 Apr 2014 11:49:04 -0500 + +qemu (2.0.0~rc1+dfsg-0ubuntu1) trusty; urgency=medium + + * Merge 2.0.0-rc1 + * debian/rules: consolidate ppc filter entries. + * Move qemu-system-arch64 into qemu-system-arm + * debian/patches/define-trusty-machine-type.patch: define a trusty machine + type, currently the same as pc-i440fx-2.0, to put is in a better position + to enable live migrations from trusty onward. (LP: #1294823) + * debian/control: build-dep on libfdt >= 1.4.0 (LP: #1295072) + * Merge latest upstream git to commit dc9528f + * Debian/rules: + - remove -enable-uname-release=2.6.32 + - don't make the aarch64 target Ubuntu-specific. + * Remove patches which are now upstream: + - fix-smb-security-share.patch + - slirp-smb-redirect-port-445-too.patch + - linux-user-Implement-sendmmsg-syscall.patch (better version is upstream) + - signal-added-a-wrapper-for-sigprocmask-function.patch + - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch + - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch + - ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch + * add link for /usr/share/qemu/bios-256k.bin + * Remove all linaro patches. + * Remove all arm64/ patches. Many but not all are upstream. + * Remove CVE-2013-4377.patch which is upstream. + * debian/control-in: don't make qemu-system-aarch64 ubuntu-specific + + -- Serge Hallyn Tue, 25 Feb 2014 22:31:43 -0600 + qemu (1.7.0+dfsg-9) unstable; urgency=medium * remove rbd/rados/ceph support *again*, till they'll actually provide @@ -2005,6 +5437,104 @@ qemu (1.7.0+dfsg-4) unstable; urgency=medium -- Michael Tokarev Wed, 12 Mar 2014 18:34:03 +0400 +qemu (1.7.0+dfsg-3ubuntu7) trusty; urgency=low + + * No-change rebuild to build with libxen-4.4. + + -- Stefan Bader Fri, 21 Mar 2014 10:04:36 +0100 + +qemu (1.7.0+dfsg-3ubuntu6) trusty; urgency=medium + + * d/p/ubuntu/ppc-force-cpu-threads-count-to-be-power-of-2.patch: cherrypick + upstream patch to force cpu count on ppc to be a power of 2. (LP: #1279682) + + -- Serge Hallyn Tue, 11 Mar 2014 00:03:00 -0500 + +qemu (1.7.0+dfsg-3ubuntu5) trusty; urgency=medium + + [ dann frazier ] + * Add patches from the susematz tree to avoid intermittent segfaults: + - ubuntu/signal-added-a-wrapper-for-sigprocmask-function.patch + - ubuntu/signal-sigsegv-protection-on-do_sigprocmask.patch + - ubuntu/Don-t-block-SIGSEGV-at-more-places.patch + + [ Serge Hallyn ] + * Modify do_sigprocmask to only change behavior for aarch64. + (LP: #1285363) + + -- Serge Hallyn Thu, 06 Mar 2014 16:15:50 -0600 + +qemu (1.7.0+dfsg-3ubuntu4) trusty; urgency=medium + + [ Steve Langasek ] + * Merge debian/control with unreleased Debian branch: our architecture + lists should now be in sync. + + [ Dann Frazier ] + * ubuntu/linux-user-Implement-sendmmsg-syscall.patch: Fix user mode DNS + on arm64 and maybe others. (LP: #1284344) + + [ Serge Hallyn ] + * Move the OVMF.fd link to the ovmf package. + + -- Serge Hallyn Fri, 21 Feb 2014 12:14:53 -0800 + +qemu (1.7.0+dfsg-3ubuntu3) trusty; urgency=medium + + * Add ppc64el to the architecture list (supposedly added in the previous + upload, but really wasn't). + + -- Steve Langasek Thu, 20 Feb 2014 23:40:07 -0800 + +qemu (1.7.0+dfsg-3ubuntu2) trusty; urgency=medium + + * Backport changes to enable qemu-user-static support for aarch64 + * debian/control: add ppc64el to Architectures + * debian/rules: only install qemu-system-aarch64 on arm64. + Fixes a FTBFS when built twice in a row on non-arm64 due to a stale + debian/qemu-system-aarch64 directory + + -- dann frazier Tue, 11 Feb 2014 15:41:53 -0700 + +qemu (1.7.0+dfsg-3ubuntu1) trusty; urgency=medium + + * Fix broken filter_binfmts + * Remove use of dpkg-version in postinsts, as we're not Depending on + dpkg-dev. + + -- Serge Hallyn Wed, 05 Feb 2014 21:57:38 -0600 + +qemu (1.7.0+dfsg-3ubuntu1~ppa1) trusty; urgency=medium + + * Merge 1.7.0+dfsg-3 from debian. Remaining changes: + - debian/patches/ubuntu: + * expose-vmx_qemu64cpu.patch + * linaro (omap3) and arm64 patches + * ubuntu/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS + on ppc + * ubuntu/CVE-2013-4377.patch: fix denial of service via virtio + - debian/qemu-system-x86.modprobe: set kvm_intel nested=1 options + - debian/control: + * add arm64 to Architectures + * add qemu-common and qemu-system-aarch64 packages + - debian/qemu-system-common.install: add debian/tmp/usr/lib + - debian/qemu-system-common.preinst: add kvm group + - debian/qemu-system-common.postinst: remove acl placed by udev, + and add udevadm trigger. + - qemu-system-x86.links: add eepro100.rom, remove pxe-virtio, + pxe-e1000 and pxe-rtl8139. + - add qemu-system-x86.qemu-kvm.upstart and .default + - qemu-user-static.postinst-in: remove arm64 binfmt + - debian/rules: + * allow parallel build + * add aarch64 to system_targets and sys_systems + * add qemu-kvm-spice links + * install qemu-system-x86.modprobe + - add debian/qemu-system-common.links for OVMF.fd link + * Remove kvm-img, kvm-nbd, kvm-ifup and kvm-ifdown symlinks. + + -- Serge Hallyn Tue, 04 Feb 2014 12:13:08 -0600 + qemu (1.7.0+dfsg-3) unstable; urgency=low * qemu-kvm: fix versions for Breaks/Replaces/Depends on qemu-system-x86 @@ -2030,6 +5560,121 @@ qemu (1.7.0+dfsg-3) unstable; urgency=low -- Michael Tokarev Thu, 16 Jan 2014 15:17:46 +0400 +qemu (1.7.0+dfsg-2ubuntu9) trusty; urgency=medium + + * debian/qemu-user-static.postinst-in: remove arm64 qemu-user binfmt, which + may have been installed up to 1.6.0+dfsg-2ubuntu4 (LP: #1273654) + + -- Serge Hallyn Tue, 28 Jan 2014 14:41:20 +0000 + +qemu (1.7.0+dfsg-2ubuntu8) trusty; urgency=medium + + * SECURITY UPDATE: denial of service via virtio device hot-plugging + - debian/patches/CVE-2013-4377.patch: upstream commits to refactor + virtio device unplugging. + - CVE-2013-4377 + + -- Marc Deslauriers Mon, 27 Jan 2014 09:10:37 -0500 + +qemu (1.7.0+dfsg-2ubuntu7) trusty; urgency=medium + + * d/p/target-ppc-add-stubs-for-kvm-breakpoints: fix FTBFS on + powerpc. + + -- Serge Hallyn Wed, 22 Jan 2014 11:59:26 -0600 + +qemu (1.7.0+dfsg-2ubuntu6) trusty; urgency=medium + + [ Serge Hallyn ] + * add arm64 patchset from upstream. The three arm virt patches previously + pushed are in that set, so drop them. + + [ dann frazier ] + * Add packaging for qemu-system-aarch64. This package is currently only + available for arm64, as full software emulation is not yet supported. + + -- Serge Hallyn Fri, 10 Jan 2014 12:19:08 -0600 + +qemu (1.7.0+dfsg-2ubuntu5) trusty; urgency=medium + + * Drop d/p/fix-pci-add: upstream does not intend for pci_add to be + supported any longer. + * Add patchset from git://git.linaro.org/qemu/qemu-linaro.git#rebasing + * Refresh debian/patches/hw_arm_add_virt_platform.patch against context + churn caused by linaro patchset. + * debian/rules: enable parallel builds. + + -- Serge Hallyn Fri, 03 Jan 2014 10:53:17 -0600 + +qemu (1.7.0+dfsg-2ubuntu4) trusty; urgency=medium + + * d/control: enable usbredir (LP: 1126390) + + -- Serge Hallyn Thu, 02 Jan 2014 08:55:43 -0600 + +qemu (1.7.0+dfsg-2ubuntu3) trusty; urgency=medium + + * add missing arm virt patches from the mach-virt-v7 branch of + git://git.linaro.org/people/cdall/qemu-arm.git + + -- Serge Hallyn Wed, 18 Dec 2013 12:25:59 -0600 + +qemu (1.7.0+dfsg-2ubuntu2) trusty; urgency=medium + + * debian/control: add arm64 to list of architectures. + + -- Serge Hallyn Thu, 12 Dec 2013 10:22:47 -0600 + +qemu (1.7.0+dfsg-2ubuntu1) trusty; urgency=low + + * Merge 1.7.0+dfsg-2 from debian experimental. Remaining changes: + - debian/control + * update maintainer + * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev + from build-deps + * enable rbd + * add qemu-system and qemu-common B/R to qemu-keymaps + * add D:udev, R:qemu, R:qemu-common and B:qemu-common to + qemu-system-common + * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: + - add qemu-common, qemu-kvm, kvm to B/R + - remove openbios-sparc from qemu-system-sparc D + - drop openbios-ppc and openhackware Depends to Suggests (for now) + * qemu-system-x86: + - add qemu-common to Breaks/Replaces. + - add cpu-checker to Recommends. + * qemu-user: add B/R:qemu-kvm + * qemu-kvm: + - add armhf armel powerpc sparc to Architecture + - C/R/P: qemu-kvm-spice + * add qemu-common package + * drop qemu-slof which is not packaged in ubuntu + - add qemu-system-common.links for tap ifup/down scripts and OVMF link. + - qemu-system-x86.links: + * remove pxe rom links which are in kvm-ipxe + - debian/rules + * add kvm-spice symlink to qemu-kvm + * call dh_installmodules for qemu-system-x86 + * update dh_installinit to install upstart script + * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) + - Add qemu-utils.links for kvm-* symlinks. + - Add qemu-system-x86.qemu-kvm.upstart and .default + - Add qemu-system-x86.modprobe to set nesting=1 + - Add qemu-system-common.preinst to add kvm group + - qemu-system-common.postinst: remove bad group acl if there, then have + udev relabel /dev/kvm. + - New linaro patches from qemu-linaro rebasing branch + - Dropped patches: + * linaro patchset + * mach-virt patchset + - Kept patches: + * expose_vms_qemu64cpu.patch + * fix-pci-add + * qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + + -- Serge Hallyn Sat, 07 Dec 2013 06:08:11 +0000 + qemu (1.7.0+dfsg-2) unstable; urgency=low * switch from vgabios to seavgabios @@ -2059,6 +5704,73 @@ qemu (1.7.0+dfsg-1) unstable; urgency=low -- Michael Tokarev Thu, 28 Nov 2013 03:14:21 +0400 +qemu (1.6.0+dfsg-2ubuntu2) trusty; urgency=low + + * debian/control: qemu-utils must Replace: qemu-kvm as it did in raring, + to prevent lts-to-lts updates from breaking. (LP: #1243403) + + -- Serge Hallyn Wed, 23 Oct 2013 14:31:05 -0500 + +qemu (1.6.0+dfsg-2ubuntu1) trusty; urgency=low + + * Merge 1.6.0~rc0+dfsg-2exp from debian experimental. Remaining changes: + - debian/control + * update maintainer + * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev + from build-deps + * enable rbd + * add qemu-system and qemu-common B/R to qemu-keymaps + * add D:udev, R:qemu, R:qemu-common and B:qemu-common to + qemu-system-common + * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: + - add qemu-kvm to Provides + - add qemu-common, qemu-kvm, kvm to B/R + - remove openbios-sparc from qemu-system-sparc D + - drop openbios-ppc and openhackware Depends to Suggests (for now) + * qemu-system-x86: + - add qemu-common to Breaks/Replaces. + - add cpu-checker to Recommends. + * qemu-user: add B/R:qemu-kvm + * qemu-kvm: + - add armhf armel powerpc sparc to Architecture + - C/R/P: qemu-kvm-spice + * add qemu-common package + * drop qemu-slof which is not packaged in ubuntu + - add qemu-system-common.links for tap ifup/down scripts and OVMF link. + - qemu-system-x86.links: + * remove pxe rom links which are in kvm-ipxe + * add symlink for kvm.1 manpage + - debian/rules + * add kvm-spice symlink to qemu-kvm + * call dh_installmodules for qemu-system-x86 + * update dh_installinit to install upstart script + * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) + - Add qemu-utils.links for kvm-* symlinks. + - Add qemu-system-x86.qemu-kvm.upstart and .default + - Add qemu-system-x86.modprobe to set nesting=1 + - Add qemu-system-common.preinst to add kvm group + - qemu-system-common.postinst: remove bad group acl if there, then have + udev relabel /dev/kvm. + - New linaro patches from qemu-linaro rebasing branch + - Dropped patches: + * xen-simplify-xen_enabled.patch + * sparc-linux-user-fix-missing-symbols-in-.rel-.rela.plt-sections.patch + * main_loop-do-not-set-nonblocking-if-xen_enabled.patch + * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch + * virtio-rng-fix-crash + - Kept patches: + * expose_vms_qemu64cpu.patch - updated + * linaro arm patches from qemu-linaro rebasing branch + - New patches: + * fix-pci-add: change CONFIG variable in ifdef to make sure that + pci_add is defined. + * Add linaro patches + * Add experimental mach-virt patches for arm virtualization. + * qemu-system-common.install: add debian/tmp/usr/lib to install the + qemu-bridge-helper + + -- Serge Hallyn Tue, 22 Oct 2013 22:47:07 -0500 + qemu (1.6.0+dfsg-2) unstable; urgency=low * Build-depend in seccomp again once it is in -testing @@ -2129,6 +5841,89 @@ qemu (1.5.0+dfsg-4) unstable; urgency=medium -- Michael Tokarev Thu, 06 Jun 2013 01:50:32 +0400 +qemu (1.5.0+dfsg-3ubuntu6) trusty; urgency=low + + * No change rebuild for new seccomp. + + -- Stéphane Graber Mon, 21 Oct 2013 18:34:50 -0400 + +qemu (1.5.0+dfsg-3ubuntu5) saucy; urgency=low + + * Cherrypick upstream patch to fix crash with rng device (LP: #1235017) + - virtio-rng-fix-crash + + -- Serge Hallyn Wed, 09 Oct 2013 17:46:49 -0500 + +qemu (1.5.0+dfsg-3ubuntu4) saucy; urgency=low + + * Re-introduce snippet in upstart job to load kvm modules if needed. + (LP: #1218459) + + -- Serge Hallyn Mon, 16 Sep 2013 22:43:52 +0000 + +qemu (1.5.0+dfsg-3ubuntu3) saucy; urgency=low + + * Cherry-picking three Xen related patches targetted for qemu-stable: + * xen-simplify-xen_enabled.patch + * main_loop-do-not-set-nonblocking-if-xen_enabled.patch + * xen_machine_pv-do-not-create-a-dummy-CPU-in-machine-.patch + + -- Stefan Bader Fri, 26 Jul 2013 15:01:44 +0200 + +qemu (1.5.0+dfsg-3ubuntu2) saucy; urgency=low + + * Drop openbios-ppc and openhackware Depends to Suggests for now. + + -- Adam Conrad Wed, 05 Jun 2013 03:23:56 -0600 + +qemu (1.5.0+dfsg-3ubuntu1) saucy; urgency=low + + * Merge 1.5.0+dfs-3 from debian unstable. Remaining changes: + - debian/control + * update maintainer + * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev + from build-deps + * enable rbd + * add qemu-system and qemu-common B/R to qemu-keymaps + * add D:udev, R:qemu, R:qemu-common and B:qemu-common to + qemu-system-common + * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: + - add qemu-kvm to Provides + - add qemu-common, qemu-kvm, kvm to B/R + - remove openbios-sparc from qemu-system-sparc D + * qemu-system-x86: + - add qemu-common to Breaks/Replaces. + - add cpu-checker to Recommends. + * qemu-user: add B/R:qemu-kvm + * qemu-kvm: + - add armhf armel powerpc sparc to Architecture + - C/R/P: qemu-kvm-spice + * add qemu-common package + * drop qemu-slof which is not packaged in ubuntu + - add qemu-system-common.links for tap ifup/down scripts and OVMF link. + - qemu-system-x86.links: + * remove pxe rom links which are in kvm-ipxe + * add symlink for kvm.1 manpage + - debian/rules + * add kvm-spice symlink to qemu-kvm + * call dh_installmodules for qemu-system-x86 + * update dh_installinit to install upstart script + * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) + - Add qemu-utils.links for kvm-* symlinks. + - Add qemu-system-x86.qemu-kvm.upstart and .default + - Add qemu-system-x86.modprobe to set nesting=1 + - Add qemu-system-common.preinst to add kvm group + - qemu-system-common.postinst: remove bad group acl if there, then have + udev relabel /dev/kvm. + - Dropped patches: + * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch + - Kept patches: + * expose_vms_qemu64cpu.patch - updated + * gridcentric patch - updated + * linaro arm patches from qemu-linaro rebasing branch + + -- Serge Hallyn Tue, 04 Jun 2013 22:56:43 +0200 + qemu (1.5.0+dfsg-3) unstable; urgency=low * fix sections: misc => otherosfs @@ -2148,6 +5943,54 @@ qemu (1.5.0+dfsg-3) unstable; urgency=low -- Michael Tokarev Sun, 02 Jun 2013 01:49:47 +0400 +qemu (1.5.0+dfsg-2ubuntu1) saucy; urgency=low + + * Merge 1.5.0+dfs-2 from debian unstable. Remaining changes: + - debian/control + * update maintainer + * remove libiscsi, usb-redir, vde, vnc-jpeg, and libssh2-1-dev + from build-deps + * enable rbd + * add qemu-system and qemu-common B/R to qemu-keymaps + * add D:udev, R:qemu, R:qemu-common and B:qemu-common to + qemu-system-common + * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: + - add qemu-kvm to Provides + - add qemu-common, qemu-kvm, kvm to B/R + - remove openbios-sparc from qemu-system-sparc D + * qemu-system-x86: + - add qemu-common to Breaks/Replaces. + - add cpu-checker to Recommends. + * qemu-user: add B/R:qemu-kvm + * qemu-kvm: + - add armhf armel powerpc sparc to Architecture + - C/R/P: qemu-kvm-spice + * add qemu-common package + * drop qemu-slof which is not packaged in ubuntu + - add qemu-system-common.links for tap ifup/down scripts and OVMF link. + - qemu-system-x86.links: + * remove pxe rom links which are in kvm-ipxe + * add symlink for kvm.1 manpage + - debian/rules + * add kvm-spice symlink to qemu-kvm + * call dh_installmodules for qemu-system-x86 + * update dh_installinit to install upstart script + * run dh_installman (Closes: #709241) (cherrypicked from 1.5.0+dfsg-2) + - Add qemu-utils.links for kvm-* symlinks. + - Add qemu-system-x86.qemu-kvm.upstart and .default + - Add qemu-system-x86.modprobe to set nesting=1 + - Add qemu-system-common.preinst to add kvm group + - qemu-system-common.postinst: remove bad group acl if there, then have + udev relabel /dev/kvm. + - Dropped patches: + * 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch + - Kept patches: + * expose_vms_qemu64cpu.patch - updated + * gridcentric patch - updated + * linaro arm patches from qemu-linaro rebasing branch + + -- Serge Hallyn Tue, 28 May 2013 08:18:30 -0500 + qemu (1.5.0+dfsg-2) unstable; urgency=low * merged development history of wheezy and experimental branches. @@ -2215,6 +6058,76 @@ qemu (1.4.0+dfsg-2exp) experimental; urgency=low -- Michael Tokarev Thu, 18 Apr 2013 14:45:30 +0400 +qemu (1.4.0+dfsg-1expubuntu4) raring; urgency=low + + * re-add qemu-system-x86.modprobe to set nesting=1 (LP: #1155177) + * qemu-system-x86.qemu-kvm.upstart: + - remove NESTED workarounds from upstart file. + - remove loading of modules which is now always done + - remove TAPR define which is no longer used + * move customizable defines back to qemu-kvm.default + * copy creation of group kvm to preinst - the group must exist when the + kvm udev rule is installed (LP: #1103022) (LP: #1092715) + * add adduser to qemu-system-common Pre-Depends for use by preinst. + + -- Serge Hallyn Thu, 14 Mar 2013 14:21:53 -0500 + +qemu (1.4.0+dfsg-1expubuntu3) raring; urgency=low + + * debian/rules: add a symlink from kvm-spice to kvm in qemu-kvm, on + i386/amd64 targets. (LP: #1126258) + + -- Serge Hallyn Thu, 28 Feb 2013 15:17:16 -0600 + +qemu (1.4.0+dfsg-1expubuntu2) raring; urgency=low + + * substitute (apparently identical) patches from 1.4.0 qemu-linaro rebasing + tree. + * add qemu-common to qemu-system-common B/R (was accidentally dropped from + 1.3.0 in 1.4.0 merge). + * debian/control: fix kvm P/C/B/R: + - make all C/B/R against kvm versioned + - don't have any qemu-system-* other than x86 Provides: kvm + + -- Serge Hallyn Fri, 22 Feb 2013 13:34:07 -0600 + +qemu (1.4.0+dfsg-1expubuntu1) raring; urgency=low + + * Merge 1.4.0+dfsg-1exp from debian. Remaining changes: + - debian/control: + * update maintainer + * remove libiscsi, usb-redir, vde, and vnc-jpeg from build-deps + * enable rbd + * add qemu-system and qemu-common B/R to qemu-keymaps + * add D:udev and R:qemu to qemu-system-common + * qemu-system-arm, qemu-system-ppc, qemu-system-sparc: + - add qemu-kvm and kvm to Provides + - add qemu-common and qemu-kvm to Breaks/Replaces qemu-system-ppc, + qemu-system-sparc: + - remove openbios-$arch from Depends + * qemu-system-x86: + - add qemu-common to Breaks/Replaces. + - add cpu-checker to Recommends. + * qemu-user: + - add B/R qemu-kvm + * qemu-utils: + - add B/R qemu-user and qemu-kvm + * qemu-kvm: add armhf armel powerpc sparc to Architecture + * add qemu-common package + - add qemu-system-common.links for tap ifup/down scripts and OVMF link. + - qemu-system-x86.links: + * remove pxe rom links which are in kvm-ipxe + * add symlink for kvm.1 manpage + - Add qemu-utils.links for kvm-* symlinks. + - Add qemu-kvm.conf upstart job to qemu-system + - Clear /dev/kvm acls on install + - Add linaro arm patches. + - Add gridcentric patches. + - Re-add expose_vms_qemu64cpu.patch (from Daviey) + * Add 0001-fix-wrong-output-with-info-chardev-for-tcp-socket.patch + + -- Serge Hallyn Wed, 20 Feb 2013 11:58:27 -0600 + qemu (1.4.0+dfsg-1exp) experimental; urgency=low [ Michael Tokarev ] @@ -2270,6 +6183,116 @@ qemu (1.4.0~rc0+dfsg-1exp) experimental; urgency=low -- Michael Tokarev Sat, 02 Feb 2013 21:05:28 +0400 +qemu (1.3.0+dfsg-5expubuntu5) raring; urgency=low + + * qemu-system-common.postinst: only run setfacl when /dev/kvm exists. + (LP: #1130591) + + -- Serge Hallyn Wed, 20 Feb 2013 08:58:53 -0600 + +qemu (1.3.0+dfsg-5expubuntu4) raring; urgency=low + + * Update workarounds for udev/inotify: (LP: #1092715) + - qemu-system-common.udev: go back to original, simple rule + - qemu-system-common.postinst: manually run setfacl + - (keep Depends: on acl as well) + - this can be removed once bug 1092715 is fixed. + + -- Serge Hallyn Tue, 19 Feb 2013 12:41:22 -0600 + +qemu (1.3.0+dfsg-5expubuntu3) raring; urgency=low + + * Now that qemu provides spice support, and qemu-kvm-spice is removed from + the archive, have qemu-kvm (which qemu-kvm-spice always depended on) + P/C/R qemu-kvm-spice. + + -- Serge Hallyn Thu, 14 Feb 2013 13:43:27 -0600 + +qemu (1.3.0+dfsg-5expubuntu2) raring; urgency=low + + * Enable spice. + * Address lintian warning by adding ${misc:Depends} to qemu-common and + qemu-kvm. + + -- Serge Hallyn Tue, 12 Feb 2013 16:07:04 -0600 + +qemu (1.3.0+dfsg-5expubuntu1) raring; urgency=low + + [ Serge Hallyn ] + * Merge 1.3.0+dfsg-5exp from Debian. + * remaining changes from 1.3.0+dfsg-1~exp3ubuntu1: + - debian/control: + * update maintainer + * remove vde2 recommends + * build-deps: remove libusbredir, libvdeplug2-dev, + libspice-server-dev, libspice-protocol-dev, libiscsi-dev + * qemu-system: + - break/replace qemu-common + - depend on udev + - remove openbios-ppc, openbios-sparc, and openhackware from + Depends. (Intend to add them back once we can build them.) + * qemu-utils: break/replace qemu-kvm + - qemu-kvm.upstart: + - add qemu-system.qemu-kvm.upstart + - debian/rules: add dh_installinit to get qemu-system.upstart installed. + - take the defaults from the old qemu-kvm.defaults, and move them into + the upstart job + - debian/patches: + - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches + - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git + - add links for qemu-ifup/down in qemu-system-common.links + - debian/qemu-system-common.postinst + - udevadm trigger to fix up /dev/kvm perms + - debian/qemu-system.links: + - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict + with ones from kvm-ipxe). We may want to move the links from kvm-ipxe + back to qemu-system at some point. + * remaining changes from after 1.3.0+dfsg-1~exp3ubuntu1: + - qemu-system-common.links: add link for OVMF + - Add qemu-utils.links for kvm-img and kvm-nbd utils and manpages. + - qemu-system.links: + * Add link to usr/share/ovmf/OVMF.fd + * Fix target of /etc/kvm/kvm-if{up,down} links + - debian/control: qemu-system should Recommend cpu-checker + - Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over + (i.e.) qemu-x86_64. + - add qemu-kvm, and qemu-common transitional packages. + - Add breaks/replaces to qemu-keymaps for qemu-system. + - Add provides: qemu-kvm and kvm to qemu-system-ppc. + - Add breaks/replaces to qemu-system-ppc for qemu-kvm and qemu-common. + - Add breaks/replaces to qemu-kvm for qemu-common. + - Add breaks/replaces to qemu-utils for qemu-user and qemu-kvm. + - Add armhf, armel, powerpc and sparc arches to qemu-kvm transitional + package. + - Add qemu-common package. + - Make sure /dev/kvm gets its acls cleared: + * Add acl to qemu-system.depends + * update qemu-system.udev to run setfacl to set g::rw acl + - Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts + * dropped debian/patches/CVE-2012-6075.patch (duplicate of + e1000-discard-oversize-packets-based-on-SBP_LPE.patch) + * debian/{control,configure-opts}: enable rbd (LP: #1118406) + * add symlink for kvm.1 -> qemu.1 manpage (LP: #1117636) + * add replaces to qemu-system-common for qemu - we briefly moved conflicting + docs to qemu, which debian moved to qemu-system-common. This can be + dropped after raring. + * move qemu-kvm.upstart from qemu-system to qemu-system-x86. + * Support upgrade from qemu-kvm on non-x86 arches: + - Add Provides: qemu-kvm, kvm to qemu-system-{arm,ppc,sparc,x86} + - Add Breaks/Replaces for qemu-{common,system,kvm} and kvm. + * Re-add expose_vms_qemu64cpu.patch (from Daviey) from quantal. + + [ Steve Langasek ] + * Pass --enable-uname-release=2.6.32 for the user emulation builds, so that + we have a sensible baseline kernel value regardless of what the + underlying host kernel is. This makes eglibc happier when running under + emulation on a very old kernel for instance (whose host syscall ABI has + nothing to do with what emulated syscalls are supported), and probably + also lets us steer clear for the moment of code that has problem with + the new kernel upstream versioning convention. LP: #921078. + + -- Serge Hallyn Thu, 07 Feb 2013 14:15:26 -0600 + qemu (1.3.0+dfsg-5exp) experimental; urgency=low * qemu-system-split: split qemu-system into several target-specific packages: @@ -2349,6 +6372,106 @@ qemu (1.3.0+dfsg-2exp) experimental; urgency=low -- Michael Tokarev Sun, 20 Jan 2013 22:12:11 +0400 +qemu (1.3.0+dfsg-1~exp3ubuntu8) raring; urgency=low + + * qemu-system.links: + - Add link to usr/share/ovmf/OVMF.fd (LP: #1074207) + - Fix target of /etc/kvm/kvm-if{up,down} links + + -- Serge Hallyn Tue, 29 Jan 2013 10:52:22 -0600 + +qemu (1.3.0+dfsg-1~exp3ubuntu7) raring; urgency=low + + * debian/control: qemu-system should Recommend cpu-checker (LP: #1103982) + + -- Serge Hallyn Mon, 28 Jan 2013 11:52:10 -0600 + +qemu (1.3.0+dfsg-1~exp3ubuntu6) raring; urgency=low + + * configure-opts: add audio-cards list (LP: #1102487) + * configure-opts: change order of audio-drv-list for ubuntu, putting pa + first. + + -- Serge Hallyn Mon, 21 Jan 2013 12:02:09 -0600 + +qemu (1.3.0+dfsg-1~exp3ubuntu5) raring; urgency=low + + * Add qemu-kvm breaks/replaces to qemu-user, to handle conflict over + (i.e.) qemu-x86_64. (LP: #1102332) + + -- Serge Hallyn Mon, 21 Jan 2013 08:58:07 -0600 + +qemu (1.3.0+dfsg-1~exp3ubuntu4) raring; urgency=low + + * Move three docs from qemu-system.install to qemu.docs (LP: #1101798) + + -- Adam Conrad Sat, 19 Jan 2013 20:12:48 -0700 + +qemu (1.3.0+dfsg-1~exp3ubuntu3) raring; urgency=low + + * debian/patches/CVE-2012-6075.patch: Fix guest denial of service and + possible code execution in hw/e1000.c by dropping oversize packets. + + -- Adam Conrad Sat, 19 Jan 2013 07:31:50 -0700 + +qemu (1.3.0+dfsg-1~exp3ubuntu2) raring; urgency=low + + * debian/rules: empty MAKEFLAGS when building spapr-rtas.bin on powerpc, to + fix FTBFS due to parallel compile. + + -- Serge Hallyn Fri, 18 Jan 2013 15:51:09 -0600 + +qemu (1.3.0+dfsg-1~exp3ubuntu1) raring; urgency=low + + * Merge 1.3.0+dfsg-1~exp3. Remaining ubuntu delta: + - debian/control: + * update maintainer + * remove vde2 recommends + * build-deps: remove libusbredir, libvdeplug2-dev, + libspice-server-dev, libspice-protocol-dev, libiscsi-dev, + and libxen-dev. + * qemu-keymaps: break/replace qemu-common + * qemu-system: + - break/replace qemu-common + - depend on udev + - remove openbios-ppc, openbios-sparc, and openhackware from + Depends. (Intend to add them back once we can build them.) + - provides: qemu-kvm + * qemu-utils: break/replace qemu-kvm + * set up transitional packages for qemu-kvm, qemu-common, and kvm. + - qemu-kvm.upstart: + - add qemu-system.qemu-kvm.upstart + - debian/rules: add dh_installinit to get qemu-system.upstart installed. + - take the defaults from the old qemu-kvm.defaults, and move them into + the upstart job + - debian/patches: + - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches + - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git + - ifup/down: + - copy Debian qemu-kvm's kvm-ifup/down into debian/ + - fix dh_install for kvm-ifup/down in debian/rules + - add links for qemu-ifup/down in qemu-system.links + - remove (debian's original) qemu-ifup from qemu-system.install + - debian/qemu-system.postinst + - udevadm trigger to fix up /dev/kvm perms + - make the 'qemu' symlink point to qemu-system-x86_64, not -i386. + - debian/qemu-system.links: + - point 'kvm' to qemu-system-x86_64 + - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict + with ones from kvm-ipxe). We may want to move the links from kvm-ipxe + back to qemu-system at some point. + * Add note about kvm to qemu-system.README.debian. + * Copy kvm-ifup and kvm-ifdown from debian's qemu-kvm + * Remove TAPBR from qemu-kvm.conf. + * Make sure /dev/kvm gets its acls cleared: + - Add acl to qemu-system.depends + - update qemu-system.udev to run setfacl to set g::rw acl + * qemu-system.qemu-kvm.conf: don't rmmod at stop + * Remove vnc-jpeg, libiscsi-dev, and vde from debian/configure-opts + * Remove hugepages sysctl file - qemu now supports transparent hugepages. + + -- Serge Hallyn Mon, 14 Jan 2013 23:22:51 -0600 + qemu (1.3.0+dfsg-1~exp3) experimental; urgency=low * enable vde on kFreebsd too (no idea why it was disabled) @@ -2433,6 +6556,107 @@ qemu (1.3.0+dfsg-1~exp1) experimental; urgency=low -- Michael Tokarev Sun, 30 Dec 2012 01:52:21 +0400 +qemu (1.2.0.dfsg-1~exp1-0ubuntu2) raring; urgency=low + + * Remove kvm package + - make qemu-system P/C/B: kvm. + + -- Serge Hallyn Mon, 14 Jan 2013 12:03:19 -0600 + +qemu (1.2.0.dfsg-1~exp1-0ubuntu1) raring; urgency=low + + [ Serge Hallyn ] + * debian/control: + - update maintainer + - remove vde2 recommends + - build-deps: remove libusbredir, libvdeplug2-dev, + libspice-server-dev, libspice-protocol-dev, libiscsi-dev, + and libxen-dev. + - qemu-keymaps: break/replace qemu-common + - qemu-system: + - break/replace qemu-common + - depend on udev + - remove openbios-ppc, openbios-sparc, and openhackware from + Depends. (Intend to add them back once we can build them.) + - provides: qemu-kvm + - qemu-utils: break/replace qemu-kvm + - set up transitional packages for qemu-kvm, qemu-common, and kvm. + * debian/rules: + - install kvm-ifup and kvm-ifdown + - dh_installinit the qemu-kvm upstart job + * install a 30-qemu-kvm.conf into /etc/sysctl.c for nr_hugepages. + * qemu-kvm.upstart: + - add qemu-system.qemu-kvm.upstart + - add mv_confile to qemu-system.preinst, postinst, and .postrm to rename + /etc/init/qemu-kvm.conf to qemu-system.conf + - debian/rules: add dh_installinit to get qemu-system.upstart installed. + - take the defaults from the old qemu-kvm.defaults, and move them into + the upstart job + * debian/patches: + - apply gridcentric patches from lp:~amscanne/+junk/gridcentric-qemu-patches + - apply arm patches from git://git.linaro.org/qemu/qemu-linaro.git + - apply nbd-fixes-to-read-only-handling.patch from upstream to + make read-write mount after read-only mount work. (LP: #1077838) + * ifup/down: + - copy Ubuntu qemu-kvm's kvm-ifup/down into debian/ + - fix dh_install for kvm-ifup/down in debian/rules + - add links for qemu-ifup/down in qemu-system.links + - remove (debian's original) qemu-ifup from qemu-system.install + * debian/qemu-system.postinst + - udevadm trigger to fix up /dev/kvm perms + - make the 'qemu' symlink point to qemu-system-x86_64, not -i386. + * debian/qemu-system.links: + - point 'kvm' to qemu-system-x86_64 + - remove pxe-virtio, pxe-e1000 and pxe-rtl8139 links (which conflict + with ones from kvm-ipxe). We may want to move the links from kvm-ipxe + back to qemu-system at some point. + - add qemu-ifdown and qemu-ifup links + * debian/qemu-system.install: + - remove /etc/qemu-ifup link + - add /etc/sysctl.d/30-qemu-kvm.conf + + [ Adam Conrad ] + * Appease apt-get's dist-upgrade resolver by creating a qemu-common + transitional package to upgrade more gracefully to qemu-keymaps. + * Move all the empty transitional packages to the oldlibs section. + * Restore the versioned dep from qemu-kvm (and kvm) to qemu-system. + + -- Serge Hallyn Fri, 04 Jan 2013 08:50:24 -0600 + +qemu (1.2.0+dfsg-1~exp1) UNRELEASED; urgency=low + + [ Michael Tokarev ] + * new upstream version (1.3.0) + (Closes: #676374, #622319, #597527, #593547, #660154) + - Removed patches included upstream: + do-not-include-libutil.h.patch + configure-nss-usbredir.patch + tcg_s390-fix-ld_st-with-CONFIG_TCG_PASS_AREG0.patch + net-add--netdev-options-to-man-page.patch + - update 02_kfreebsd.patch + - do not build mpc8544ds.dtb + - include new targets + * Cleaned up the build system ALOT. Larger changes: + - used explicit lists of emulated targets in debian/rules + and generate everything else from there, instead of repeating + these lists in lots of places. + - stop using debian/$pkg.manpages and other auxilary files like this, + moving eveything to debian/$pkg.install, because with the number + of packages growing, amount of these small files becomes very + large and the result is difficult to maintain. + * ship forgotten target-x86_64.conf in qemu-system. + * ship virtfs-proxy-helper in qemu-utils. + * stop shipping tundev.c, since it does not reflect the reality for + a long time now (Closes: #325761, #325754). + * re-introduce support parallel build using DEB_BUILD_OPTIONS=parallel=N, + this time by adding to $MAKEFLAGS instead of passing down to submakes + * build-depend on libcap-ng-dev (for virtfs-proxy-helper) + + [ Vagrant Cascadian ] + * Add libcap-dev to Build-Depends to support virtfs-proxy-helper. + + -- Michael Tokarev Sun, 30 Dec 2012 01:52:21 +0400 + qemu (1.1.2+dfsg-6a) unstable; urgency=low * reupload to remove two unrelated files slipped in debian/ @@ -4366,3 +8590,4 @@ qemu (0.5.2-1) unstable; urgency=low * Initial Release. (Closes: #187407) -- Paul Russell Wed, 3 Mar 2004 02:18:54 +0100 + diff --git a/debian/control b/debian/control index ef66508..79d6d49 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,8 @@ Source: qemu Section: otherosfs Priority: optional -Maintainer: Debian QEMU Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian QEMU Team Uploaders: Riku Voipio , Michael Tokarev Build-Depends: debhelper-compat (= 12), @@ -17,8 +18,6 @@ Build-Depends: debhelper-compat (= 12), texinfo, python3-sphinx, # iasl (from acpica-tools) is used only in a single test these days, not for building # acpica-tools, -# --enable-capstone=system - libcapstone-dev (>> 4.0.2~), # --enable-linux-aio linux-* libaio-dev [linux-any], # --audio-drv-list=pa,alsa,oss linux-* @@ -50,8 +49,6 @@ Build-Depends: debhelper-compat (= 12), libvirglrenderer-dev [linux-any], # --enable-opengl linux-* libepoxy-dev [linux-any], libdrm-dev [linux-any], libgbm-dev [linux-any], -# --enable-libnfs - libnfs-dev (>> 1.9.3), # --enable-numa i386|amd64|ia64|mips|mipsel|powerpc|powerpcspe|x32|ppc64|ppc64el|arm64|sparc|s390x|riscv64 libnuma-dev [i386 amd64 ia64 mips mipsel mips64 mips64el powerpc powerpcspe x32 ppc64 ppc64el arm64 sparc s390x riscv64], # --enable-smartcard @@ -61,8 +58,6 @@ Build-Depends: debhelper-compat (= 12), librbd-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64], # glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247) # before buster it was glusterfs-common so keep it for now for bpo -# --enable-glusterfs linux-any - libglusterfs-dev [linux-any] | glusterfs-common [linux-any], # --enable-vnc-sasl libsasl2-dev, # --disable-sdl @@ -83,9 +78,6 @@ Build-Depends: debhelper-compat (= 12), # --enable-libssh libssh-dev, # vde is debian-only since ubuntu/vde2 is in universe -# --enable-vde - libvdeplug-dev, -# --enable-xen linux-amd64|linux-i386 libxen-dev [linux-amd64 linux-i386], # --enable-nettle nettle-dev, @@ -129,8 +121,10 @@ Build-Depends-Indep: Build-Conflicts: oss4-dev Standards-Version: 4.5.1 Homepage: http://www.qemu.org/ -Vcs-Browser: https://salsa.debian.org/qemu-team/qemu -Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git +XS-Debian-Vcs-Browser: https://salsa.debian.org/qemu-team/qemu +XS-Debian-Vcs-Git: https://salsa.debian.org/qemu-team/qemu.git +Vcs-Browser: https://git.launchpad.net/ubuntu/+source/qemu +Vcs-Git: https://git.launchpad.net/ubuntu/+source/qemu Package: qemu Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 @@ -161,6 +155,7 @@ Depends: ${misc:Depends}, qemu-system-ppc, qemu-system-sparc, qemu-system-x86, + qemu-system-s390x, qemu-system-misc Description: QEMU full system emulation binaries QEMU is a fast processor emulator: currently the package supports @@ -194,6 +189,8 @@ Multi-Arch: foreign Conflicts: sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof, Replaces: qemu-system-common (<< 1:2.12+dfsg-2~), sgabios, openbios-sparc, openbios-ppc, qemu-slof, qemu-system-sparc (<< 1:4.2-4~), qemu-system-ppc (<< 1:4.2-4~), + qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~) +Breaks: qemu-system-s390x (<< 1:3.1+dfsg-2ubuntu1~) Provides: qemu-keymaps, sgabios, qemu-skiboot, openbios-sparc, openbios-ppc, qemu-slof, Depends: ${misc:Depends} Description: QEMU full system emulation (data files) @@ -207,7 +204,9 @@ Multi-Arch: no Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~) Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~) Depends: ${misc:Depends}, ${shlibs:Depends}, + qemu-block-extra (= ${binary:Version}), # to fix wrong acl for newly created device node on ubuntu: + acl Description: QEMU full system emulation binaries (common files) QEMU is a fast processor emulator: currently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, @@ -258,6 +257,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Ver Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, # aarch64 arm uses bootroms ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~), + ipxe-qemu-256k-compat-efi-roms, qemu-efi-aarch64, qemu-efi-arm Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm} @@ -304,6 +304,7 @@ Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Version}~), qemu-system-data (>> ${source:Version}~), Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, + ipxe-qemu-256k-compat-efi-roms, # ppc targets use vgabios-stdvga and bootroms seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~) Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc} @@ -348,14 +349,16 @@ Package: qemu-system-x86 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Version}~), qemu-system-data (>> ${source:Version}~), + ipxe-qemu-256k-compat-efi-roms, seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~) Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ovmf, + cpu-checker Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), sgabios, -Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86} -Breaks: qemu-kvm [linux-amd64 linux-i386] -Replaces: qemu-kvm [linux-amd64 linux-i386] +Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm +Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~) +Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~) Description: QEMU full system emulation binaries (x86) QEMU is a fast processor emulator: currently the package supports i386 and x86-64 emulation. By using dynamic translation it achieves @@ -372,6 +375,16 @@ Description: QEMU full system emulation binaries (x86) On x86 host hardware this package also enables KVM kernel virtual machine usage on systems which supports it. +Package: qemu-system-x86-microvm +Architecture: amd64 +Multi-Arch: foreign +Section: oldlibs +Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends} +Description: QEMU full system emulation binaries (x86) + The microvm binaries are now part of qemu-system-x86. + . + This is a transitional package. You can safely remove it. + Package: qemu-user Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign @@ -438,8 +451,10 @@ Package: qemu-utils Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign Breaks: qemu-system-common (<< 1:3.1+dfsg-3~) -Depends: ${shlibs:Depends}, ${misc:Depends} -Suggests: debootstrap, qemu-block-extra (= ${binary:Version}), +Depends: ${shlibs:Depends}, ${misc:Depends}, + qemu-block-extra (= ${binary:Version}) +Recommends: sharutils +Suggests: debootstrap, Description: QEMU utilities QEMU is a fast processor emulator: currently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, @@ -475,3 +490,59 @@ Description: Guest-side qemu-system agent . Install this package on a system which is running as guest inside qemu virtual machine. It is not used on the host. + +Package: qemu-system-s390x +Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Version}~), qemu-system-data (>> ${source:Version}~), +Recommends: qemu-utils, +Suggests: qemu-block-extra (= ${binary:Version}), +Provides: qemu-kvm [linux-s390x], ${sysprovides:s390x} +Breaks: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~) +Replaces: qemu-kvm [linux-s390x], qemu-system-misc (<< 1:2.5+dfsg-5ubuntu8~) +Description: QEMU full system emulation binaries (s390x) + QEMU is a fast processor emulator: currently the package supports + s390x emulation. By using dynamic translation it achieves reasonable + speed while being easy to port on new host CPUs. + . + This package provides the full system emulation binaries to emulate + the following s390x hardware: ${sysarch:s390x}. + . + In system emulation mode QEMU emulates a full system, including a processor + and various peripherals. It enables easier testing and debugging of system + code. It can also be used to provide virtual hosting of several virtual + machines on a single server. + +# xen support generally is disabled, this is an extra build with xen enabled +# as needed by xen-utils-4.11 [amd64 arm64 armhf i386] +# Xen will depend on this; this package and the main qemu-system-x86 are +# mutually exclusive +Package: qemu-system-x86-xen +Architecture: amd64 i386 +Multi-Arch: foreign +Depends: + ${shlibs:Depends}, + ${misc:Depends}, + qemu-system-common (>> ${source:Version}~), + qemu-system-data (>> ${source:Version}~), + ipxe-qemu, +Recommends: + qemu-system-gui (= ${binary:Version}), + qemu-utils, + seabios, +Suggests: + qemu-block-extra (= ${binary:Version}), + ovmf, +Conflicts: qemu-system-x86 +Description: QEMU full system emulation binaries (x86) + QEMU is a fast processor emulator: currently the package supports + i386 and x86-64 emulation. By using dynamic translation it achieves + reasonable speed while being easy to port on new host CPUs. + . + This package provides the full system emulation binaries to emulate + the following x86 hardware: ${sysarch:x86-xen}. + . + In comparison to the main qemu-system-x86 this package has xen support + enabled, but is only maintained as universe package. Qemu with xen support + is needed to run Xen in HVM mode. For any other use case you should install + and use qemu-system-x86 instead. diff --git a/debian/control-in b/debian/control-in index f3e6d72..39b58d1 100644 --- a/debian/control-in +++ b/debian/control-in @@ -18,8 +18,8 @@ Build-Depends: debhelper-compat (= 12), texinfo, python3-sphinx, # iasl (from acpica-tools) is used only in a single test these days, not for building # acpica-tools, -# --enable-capstone=system - libcapstone-dev (>> 4.0.2~), +:debian:# --enable-capstone=system +:debian: libcapstone-dev (>> 4.0.2~), # --enable-linux-aio linux-* libaio-dev [linux-any], # --audio-drv-list=pa,alsa,oss linux-* @@ -86,7 +86,7 @@ Build-Depends: debhelper-compat (= 12), # vde is debian-only since ubuntu/vde2 is in universe :debian:# --enable-vde :debian: libvdeplug-dev, -# --enable-xen linux-amd64|linux-i386 +:debian:# --enable-xen linux-amd64|linux-i386 libxen-dev [linux-amd64 linux-i386], # --enable-nettle nettle-dev, @@ -215,6 +215,7 @@ Multi-Arch: no Replaces: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~) Breaks: qemu-system-data (<< 1:3.1+dfsg-1~), qemu-utils (<< 1:3.1+dfsg-3~) Depends: ${misc:Depends}, ${shlibs:Depends}, +:ubuntu: qemu-block-extra (= ${binary:Version}), # to fix wrong acl for newly created device node on ubuntu: :ubuntu: acl Description: QEMU full system emulation binaries (common files) @@ -267,6 +268,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Ver Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, # aarch64 arm uses bootroms ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~), +:ubuntu: ipxe-qemu-256k-compat-efi-roms, qemu-efi-aarch64, qemu-efi-arm Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), Provides: qemu-kvm [linux-arm64 linux-armhf linux-armel], ${sysprovides:arm} @@ -313,6 +315,7 @@ Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Version}~), qemu-system-data (>> ${source:Version}~), Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, +:ubuntu: ipxe-qemu-256k-compat-efi-roms, # ppc targets use vgabios-stdvga and bootroms seabios, ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~) Provides: qemu-kvm [linux-ppc64 linux-ppc64el linux-powerpc], ${sysprovides:ppc} @@ -357,15 +360,16 @@ Package: qemu-system-x86 Architecture: amd64 arm arm64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-common (>> ${source:Version}~), qemu-system-data (>> ${source:Version}~), +:ubuntu: ipxe-qemu-256k-compat-efi-roms, seabios (>= 1.10.2-1~), ipxe-qemu (>= 1.0.0+git-20131111.c3d1e78-1~) Recommends: qemu-system-gui (= ${binary:Version}), qemu-utils, ovmf, :ubuntu: cpu-checker Suggests: samba, vde2, qemu-block-extra (= ${binary:Version}), sgabios, -Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86} -Breaks: qemu-kvm [linux-amd64 linux-i386] -Replaces: qemu-kvm [linux-amd64 linux-i386] +Provides: qemu-kvm [linux-amd64 linux-i386], ${sysprovides:x86}, qemu-system-x86-microvm +Breaks: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~) +Replaces: qemu-kvm [linux-amd64 linux-i386], qemu-system-x86-microvm (<< 1:5.0-5ubuntu1~) Description: QEMU full system emulation binaries (x86) QEMU is a fast processor emulator: currently the package supports i386 and x86-64 emulation. By using dynamic translation it achieves @@ -382,6 +386,16 @@ Description: QEMU full system emulation binaries (x86) On x86 host hardware this package also enables KVM kernel virtual machine usage on systems which supports it. +Package: qemu-system-x86-microvm +Architecture: amd64 +Multi-Arch: foreign +Section: oldlibs +Depends: qemu-system-x86 (>= 1:5.0-5ubuntu1~), ${misc:Depends} +Description: QEMU full system emulation binaries (x86) + The microvm binaries are now part of qemu-system-x86. + . + This is a transitional package. You can safely remove it. + Package: qemu-user Architecture: amd64 arm arm64 armel armhf i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign @@ -448,8 +462,11 @@ Package: qemu-utils Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x sparc sparc64 x32 Multi-Arch: foreign Breaks: qemu-system-common (<< 1:3.1+dfsg-3~) -Depends: ${shlibs:Depends}, ${misc:Depends} -Suggests: debootstrap, qemu-block-extra (= ${binary:Version}), +Depends: ${shlibs:Depends}, ${misc:Depends}, +:ubuntu: qemu-block-extra (= ${binary:Version}) +:ubuntu:Recommends: sharutils +Suggests: debootstrap, +:debian: qemu-block-extra (= ${binary:Version}), Description: QEMU utilities QEMU is a fast processor emulator: currently the package supports ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4, @@ -507,3 +524,37 @@ Description: Guest-side qemu-system agent :ubuntu: and various peripherals. It enables easier testing and debugging of system :ubuntu: code. It can also be used to provide virtual hosting of several virtual :ubuntu: machines on a single server. + +:ubuntu:# xen support generally is disabled, this is an extra build with xen enabled +:ubuntu:# as needed by xen-utils-4.11 [amd64 arm64 armhf i386] +:ubuntu:# Xen will depend on this; this package and the main qemu-system-x86 are +:ubuntu:# mutually exclusive +:ubuntu:Package: qemu-system-x86-xen +:ubuntu:Architecture: amd64 i386 +:ubuntu:Multi-Arch: foreign +:ubuntu:Depends: +:ubuntu: ${shlibs:Depends}, +:ubuntu: ${misc:Depends}, +:ubuntu: qemu-system-common (>> ${source:Version}~), +:ubuntu: qemu-system-data (>> ${source:Version}~), +:ubuntu: ipxe-qemu, +:ubuntu:Recommends: +:ubuntu: qemu-system-gui (= ${binary:Version}), +:ubuntu: qemu-utils, +:ubuntu: seabios, +:ubuntu:Suggests: +:ubuntu: qemu-block-extra (= ${binary:Version}), +:ubuntu: ovmf, +:ubuntu:Conflicts: qemu-system-x86 +:ubuntu:Description: QEMU full system emulation binaries (x86) +:ubuntu: QEMU is a fast processor emulator: currently the package supports +:ubuntu: i386 and x86-64 emulation. By using dynamic translation it achieves +:ubuntu: reasonable speed while being easy to port on new host CPUs. +:ubuntu: . +:ubuntu: This package provides the full system emulation binaries to emulate +:ubuntu: the following x86 hardware: ${sysarch:x86-xen}. +:ubuntu: . +:ubuntu: In comparison to the main qemu-system-x86 this package has xen support +:ubuntu: enabled, but is only maintained as universe package. Qemu with xen support +:ubuntu: is needed to run Xen in HVM mode. For any other use case you should install +:ubuntu: and use qemu-system-x86 instead. diff --git a/debian/patches/series b/debian/patches/series index 1fc84e9..7826812 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,3 +10,9 @@ slof-remove-user-and-host-from-release-version.patch slof-ensure-ld-is-called-with-C-locale.patch spelling.diff memory-clamp-cached-translation-if-points-to-MMIO-region-CVE-2020-27821.patch + +# ubuntu patches +ubuntu/enable-svm-by-default.patch +ubuntu/define-ubuntu-machine-types.patch +ubuntu/pre-bionic-256k-ipxe-efi-roms.patch +ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch diff --git a/debian/patches/ubuntu/define-ubuntu-machine-types.patch b/debian/patches/ubuntu/define-ubuntu-machine-types.patch new file mode 100644 index 0000000..d1f890a --- /dev/null +++ b/debian/patches/ubuntu/define-ubuntu-machine-types.patch @@ -0,0 +1,784 @@ +Description: Carry Ubuntu specific machine types + +Since Ubuntu is a downstream of qemu carrying patches it needs custom machine +types to be able to identify and manage the delta that might affect machine +types. + +This is an important piece to keep cross release migration supported for any +downstream. + +Since the p->t transition these types are mostly stable copies of the upstream +type (in the past this was more unstable upstream, so there was more delta), +but they need to stay specific to reflect the delta we have. And even more so +to have something to base off for affecting SRU changes. + +Also add a hint if instantiating fails due to now unsupported old guest +types (LP: #1637936). + +Package maintainers please see https://wiki.ubuntu.com/QemuKVMMigration when +maintaining this patch on SRU, merge or other packaging activity. +While support on a type is dropped with the Release going EOL we never drop the +type itself as long as it is maintainable. This will give people an extra +chance to migrate and avoid issues like LP: 1802944. + +## + +This later on got extended by further ubuntu specific machine type changes: +LP 1776189: Add a -hpb Ubuntu specific machine type suffix + +This works already fine on commandline, but Libvirt and other stacks above +have no exploitation yet. Using a machine type has the benefit of being already +controllable by most upper layer software like Libvirt (type= in os tag) but +even up to Openstack (nova.conf or per image metadata on hw_machine_type). + +This is based on a discussion: + https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1769053 + +A similar change is in CentOS/RH (there the default is switched, without +even a way to go back. +But since this can cause issues e.g. when migrating +across hosts with different characteristics, it is not set as the default +in Ubuntu with this change. + +Further we want to avoid "machine type proliferation", so we certainly won't +add a type for every feature. But using a huge guest is more common and +otherwise not yet achievable. + +This can be dropped when: + - libvirt exposes phys-bits/host-phys-bits natively + - at least the important stacks above exploit that config +As an alternative we might decide at some point to make it the default without +a way to switch back in following releases, but for now we don't want to do so. + +## + +This later on got extended by further ubuntu specific machine type changes: +LP 1761372: special type for ppc64 meltdown/spectre defaults + +Upstresm 2.12 is not yet set in stone (almost but not full), and we ship 2.11 +with backports. SO we don't want to make a 2.12 machine type fully recommended +yet. +PPC was following x86 in providing a non default convenience type that has the +spectre/meltdown flags toggled - in bug 1761372 we were requested to carry the +same - but we agreed to do so as a 2.11 based type. + +Note I: x86 changes CPU types with -IBRS suffix, power chose to change machine +types. + +Note II: this change can be squashed into ubuntu-machine-types.patch >=2.12 +where the base content will exist in the upstream source instead of +patches on top. + +## + +[1] introduced a major regression into the 4.0 types by setting split +irqchip to be the default. This was corrected by [2] and the fix further +modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not +yet released) and probably eventually stable branches. +We will follow upstream with the upstream types, but the Ubuntu types so +far didn't release a 4.0 type yet so for us we can fix it on the initial +release right away. + +[1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db +[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce +[3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0 + +## + +Original-Author: Serge Hallyn +Original-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1304107 +Author: Christian Ehrhardt +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1621042 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1776189 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1761372 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1829868 +Forwarded: not-needed +Forward-info: downstream decision + +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -430,12 +430,7 @@ static void pc_i440fx_5_2_machine_option + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); + pc_i440fx_machine_options(m); + m->alias = "pc"; +- m->is_default = true; +-#ifdef CONFIG_MICROVM_DEFAULT + m->is_default = false; +-#else +- m->is_default = true; +-#endif + pcmc->default_cpu_version = 1; + } + +@@ -1009,3 +1004,225 @@ static void xenfv_3_1_machine_options(Ma + DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init, + xenfv_3_1_machine_options); + #endif ++ ++/* Ubuntu machine types */ ++static void pc_trusty_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_0_machine_options(m); ++ m->desc = "Ubuntu 14.04 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(trusty, "pc-i440fx-trusty", pc_compat_2_0_fn, ++ pc_trusty_machine_options) ++ ++static void pc_xenial_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_5_machine_options(m); ++ m->desc = "Ubuntu 16.04 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(xenial, "pc-i440fx-xenial", NULL, ++ pc_xenial_machine_options); ++ ++static void pc_yakkety_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_6_machine_options(m); ++ m->desc = "Ubuntu 16.10 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(yakkety, "pc-i440fx-yakkety", NULL, ++ pc_yakkety_machine_options); ++ ++static void pc_zesty_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_8_machine_options(m); ++ m->desc = "Ubuntu 17.04 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(zesty, "pc-i440fx-zesty", NULL, ++ pc_zesty_machine_options); ++ ++static void pc_artful_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_10_machine_options(m); ++ m->desc = "Ubuntu 17.10 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(artful, "pc-i440fx-artful", NULL, ++ pc_artful_machine_options); ++ ++static void pc_bionic_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_11_machine_options(m); ++ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(bionic, "pc-i440fx-bionic", NULL, ++ pc_bionic_machine_options); ++ ++static void pc_bionic_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_11_machine_options(m); ++ m->desc = "Ubuntu 18.04 PC (i440FX + PIIX, +host-phys-bits=true, 1996)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(bionic_hpb, "pc-i440fx-bionic-hpb", NULL, ++ pc_bionic_hpb_machine_options); ++ ++static void pc_cosmic_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_12_machine_options(m); ++ m->desc = "Ubuntu 18.10 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(cosmic, "pc-i440fx-cosmic", NULL, ++ pc_cosmic_machine_options); ++ ++static void pc_cosmic_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_2_12_machine_options(m); ++ m->desc = "Ubuntu 18.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(cosmic_hpb, "pc-i440fx-cosmic-hpb", NULL, ++ pc_cosmic_hpb_machine_options); ++ ++static void pc_disco_machine_options(MachineClass *m) ++{ ++ pc_i440fx_3_1_machine_options(m); ++ m->desc = "Ubuntu 19.04 PC (i440FX + PIIX, 1996)"; ++} ++DEFINE_I440FX_MACHINE(disco, "pc-i440fx-disco", NULL, ++ pc_disco_machine_options); ++ ++static void pc_disco_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_3_1_machine_options(m); ++ m->desc = "Ubuntu 19.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(disco_hpb, "pc-i440fx-disco-hpb", NULL, ++ pc_disco_hpb_machine_options); ++ ++static void pc_eoan_machine_options(MachineClass *m) ++{ ++ pc_i440fx_4_0_machine_options(m); ++ m->desc = "Ubuntu 19.10 PC (i440FX + PIIX, 1996)"; ++ m->alias = NULL; ++} ++DEFINE_I440FX_MACHINE(eoan, "pc-i440fx-eoan", NULL, ++ pc_eoan_machine_options); ++ ++static void pc_eoan_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_4_0_machine_options(m); ++ m->desc = "Ubuntu 19.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(eoan_hpb, "pc-i440fx-eoan-hpb", NULL, ++ pc_eoan_hpb_machine_options); ++ ++static void pc_focal_machine_options(MachineClass *m) ++{ ++ pc_i440fx_4_0_machine_options(m); ++ m->desc = "Ubuntu 20.04 PC (i440FX + PIIX, 1996)"; ++ m->alias = NULL; ++} ++DEFINE_I440FX_MACHINE(focal, "pc-i440fx-focal", NULL, ++ pc_focal_machine_options); ++ ++static void pc_focal_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_4_0_machine_options(m); ++ m->desc = "Ubuntu 20.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(focal_hpb, "pc-i440fx-focal-hpb", NULL, ++ pc_focal_hpb_machine_options); ++ ++static void pc_groovy_machine_options(MachineClass *m) ++{ ++ pc_i440fx_5_0_machine_options(m); ++ m->desc = "Ubuntu 20.10 PC (i440FX + PIIX, 1996)"; ++ m->alias = NULL; ++ m->is_default = false; ++} ++DEFINE_I440FX_MACHINE(groovy, "pc-i440fx-groovy", NULL, ++ pc_groovy_machine_options); ++ ++static void pc_groovy_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_5_0_machine_options(m); ++ m->desc = "Ubuntu 20.10 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(groovy_hpb, "pc-i440fx-groovy-hpb", NULL, ++ pc_groovy_hpb_machine_options); ++ ++static void pc_hirsute_machine_options(MachineClass *m) ++{ ++ pc_i440fx_5_2_machine_options(m); ++ m->desc = "Ubuntu 21.04 PC (i440FX + PIIX, 1996)"; ++ m->alias = "ubuntu"; ++#ifdef CONFIG_MICROVM_DEFAULT ++ m->is_default = false; ++#else ++ m->is_default = true; ++#endif ++} ++DEFINE_I440FX_MACHINE(hirsute, "pc-i440fx-hirsute", NULL, ++ pc_hirsute_machine_options); ++ ++static void pc_hirsute_hpb_machine_options(MachineClass *m) ++{ ++ pc_i440fx_5_1_machine_options(m); ++ m->desc = "Ubuntu 21.04 PC (i440FX + PIIX +host-phys-bits=true, 1996)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_I440FX_MACHINE(hirsute_hpb, "pc-i440fx-hirsute-hpb", NULL, ++ pc_hirsute_hpb_machine_options); ++ ++/* ++ * Due to bug 1621042 we have to consider the broken old wily machine ++ * type as valid xenial type to ensure older VMs that got created prio ++ * to fixing 1621042 will still work. ++ * Therefore we have to keep it as-is (sans alias and being default) for ++ * the same time we keep the fixed xenial type above. ++ * ++ * Further bug 1829868 identified issues due to the wily type being released ++ * defined as a hybrid of pc_i440fx_2_4_machine_options and pc_compat_2_3. ++ * That mismatch caused issues since qemu 2.11 due to some definitions ++ * moving between those version references. ++ * This introduces pc_i440fx_wily_machine_options which encapsulates the ++ * old behavior as it was (this is the purpose of machine types). ++ * ++ * Further bug 1902654 identified issues due to the upstream rework of types ++ * that made the wily type change some attributes in >=Eoan. ++ * As we did in Bionic for 1829868 we need to use a 2_4/2_3 hybrid type to ++ * match what was initially shipped. ++ */ ++static void pc_i440fx_wily_machine_options(MachineClass *m) ++{ ++ PCMachineClass *pcmc = PC_MACHINE_CLASS(m); ++ pc_i440fx_2_5_machine_options(m); ++ m->hw_version = "2.4.0"; ++ pcmc->broken_reserved_end = true; ++ compat_props_add(m->compat_props, hw_compat_2_4_wily, hw_compat_2_4_wily_len); ++ compat_props_add(m->compat_props, pc_compat_2_4, pc_compat_2_4_len); ++} ++ ++static void pc_wily_machine_options(MachineClass *m) ++{ ++ pc_i440fx_wily_machine_options(m); ++ pc_i440fx_machine_options(m); ++ m->desc = "Ubuntu 15.04 PC (i440FX + PIIX, 1996)", ++ m->default_display = "std"; ++} ++ ++DEFINE_I440FX_MACHINE(wily, "pc-i440fx-wily", NULL, ++ pc_wily_machine_options); +--- a/hw/i386/pc_q35.c ++++ b/hw/i386/pc_q35.c +@@ -566,3 +566,185 @@ static void pc_q35_2_4_machine_options(M + + DEFINE_Q35_MACHINE(v2_4, "pc-q35-2.4", NULL, + pc_q35_2_4_machine_options); ++ ++/* Ubuntu machine types */ ++static void pc_q35_xenial_machine_options(MachineClass *m) ++{ ++ pc_q35_2_5_machine_options(m); ++ m->desc = "Ubuntu 16.04 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(xenial, "pc-q35-xenial", NULL, ++ pc_q35_xenial_machine_options); ++ ++static void pc_q35_yakkety_machine_options(MachineClass *m) ++{ ++ pc_q35_2_6_machine_options(m); ++ m->desc = "Ubuntu 16.10 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(yakkety, "pc-q35-yakkety", NULL, ++ pc_q35_yakkety_machine_options); ++ ++static void pc_q35_zesty_machine_options(MachineClass *m) ++{ ++ pc_q35_2_8_machine_options(m); ++ m->desc = "Ubuntu 17.04 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(zesty, "pc-q35-zesty", NULL, ++ pc_q35_zesty_machine_options); ++ ++static void pc_q35_artful_machine_options(MachineClass *m) ++{ ++ pc_q35_2_10_machine_options(m); ++ m->desc = "Ubuntu 17.10 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(artful, "pc-q35-artful", NULL, ++ pc_q35_artful_machine_options); ++ ++static void pc_q35_bionic_machine_options(MachineClass *m) ++{ ++ pc_q35_2_11_machine_options(m); ++ m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(bionic, "pc-q35-bionic", NULL, ++ pc_q35_bionic_machine_options); ++ ++static void pc_q35_bionic_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_2_11_machine_options(m); ++ m->desc = "Ubuntu 18.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(bionic_hpb, "pc-q35-bionic-hpb", NULL, ++ pc_q35_bionic_hpb_machine_options); ++ ++static void pc_q35_cosmic_machine_options(MachineClass *m) ++{ ++ /* yes that is "wrong" but has to stay that way for compatibility */ ++ pc_q35_2_11_machine_options(m); ++ m->desc = "Ubuntu 18.10 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(cosmic, "pc-q35-cosmic", NULL, ++ pc_q35_cosmic_machine_options); ++ ++static void pc_q35_cosmic_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_2_12_machine_options(m); ++ m->desc = "Ubuntu 18.10 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(cosmic_hpb, "pc-q35-cosmic-hpb", NULL, ++ pc_q35_cosmic_hpb_machine_options); ++ ++static void pc_q35_disco_machine_options(MachineClass *m) ++{ ++ pc_q35_3_1_machine_options(m); ++ m->desc = "Ubuntu 19.04 PC (Q35 + ICH9, 2009)"; ++} ++DEFINE_Q35_MACHINE(disco, "pc-q35-disco", NULL, ++ pc_q35_disco_machine_options); ++ ++static void pc_q35_disco_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_3_1_machine_options(m); ++ m->desc = "Ubuntu 19.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(disco_hpb, "pc-q35-disco-hpb", NULL, ++ pc_q35_disco_hpb_machine_options); ++ ++static void pc_q35_eoan_machine_options(MachineClass *m) ++{ ++ pc_q35_4_0_machine_options(m); ++ m->desc = "Ubuntu 19.10 PC (Q35 + ICH9, 2009)"; ++ /* ++ * [1] introduced a major regression into the 4.0 types by setting split ++ * irqchip to be the default. This was corrected by [2] and the fix further ++ * modified by [3] which overall adds a 4.0.1 machine type in qemu 4.1 (not ++ * yet released) and probably eventually stable branches. ++ * We will follow upstream with the upstream types, but the Ubuntu types so ++ * far didn't release a 4.0 type yet so for us we can fix it on the initial ++ * release right away. ++ * [1]: https://git.qemu.org/?p=qemu.git;a=commit;h=b2fc91db ++ * [2]: https://git.qemu.org/?p=qemu.git;a=commit;h=c87759ce ++ * [3]: https://git.qemu.org/?p=qemu.git;a=commit;h=8e8cbed0 ++ */ ++ m->default_kernel_irqchip_split = false; ++} ++DEFINE_Q35_MACHINE(eoan, "pc-q35-eoan", NULL, ++ pc_q35_eoan_machine_options); ++ ++static void pc_q35_eoan_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_eoan_machine_options(m); ++ m->desc = "Ubuntu 19.10 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(eoan_hpb, "pc-q35-eoan-hpb", NULL, ++ pc_q35_eoan_hpb_machine_options); ++ ++static void pc_q35_focal_machine_options(MachineClass *m) ++{ ++ pc_q35_4_2_machine_options(m); ++ m->desc = "Ubuntu 20.04 PC (Q35 + ICH9, 2009)"; ++ /* The ubuntu alias and default is on the i440fx type. The ++ * ubuntu-q35 alias auto-picks the most recent ubuntu q35 type */ ++} ++DEFINE_Q35_MACHINE(focal, "pc-q35-focal", NULL, ++ pc_q35_focal_machine_options); ++ ++static void pc_q35_focal_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_focal_machine_options(m); ++ m->desc = "Ubuntu 20.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(focal_hpb, "pc-q35-focal-hpb", NULL, ++ pc_q35_focal_hpb_machine_options); ++ ++static void pc_q35_groovy_machine_options(MachineClass *m) ++{ ++ pc_q35_5_0_machine_options(m); ++ m->desc = "Ubuntu 20.10 PC (Q35 + ICH9, 2009)"; ++ m->alias = NULL; ++} ++DEFINE_Q35_MACHINE(groovy, "pc-q35-groovy", NULL, ++ pc_q35_groovy_machine_options); ++ ++static void pc_q35_groovy_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_groovy_machine_options(m); ++ m->desc = "Ubuntu 20.10 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(groovy_hpb, "pc-q35-groovy-hpb", NULL, ++ pc_q35_groovy_hpb_machine_options); ++ ++static void pc_q35_hirsute_machine_options(MachineClass *m) ++{ ++ pc_q35_5_2_machine_options(m); ++ m->desc = "Ubuntu 21.04 PC (Q35 + ICH9, 2009)"; ++ /* The ubuntu alias and default is on the i440fx type. The ++ * ubuntu-q35 alias auto-picks the most recent ubuntu q35 type */ ++ m->alias = "ubuntu-q35"; ++} ++DEFINE_Q35_MACHINE(hirsute, "pc-q35-hirsute", NULL, ++ pc_q35_hirsute_machine_options); ++ ++static void pc_q35_hirsute_hpb_machine_options(MachineClass *m) ++{ ++ pc_q35_hirsute_machine_options(m); ++ m->desc = "Ubuntu 21.04 PC (Q35 + ICH9, +host-phys-bits=true, 2009)"; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, ++ host_phys_bits_compat, host_phys_bits_compat_len); ++} ++DEFINE_Q35_MACHINE(hirsute_hpb, "pc-q35-hirsute-hpb", NULL, ++ pc_q35_hirsute_hpb_machine_options); +--- a/hw/ppc/spapr.c ++++ b/hw/ppc/spapr.c +@@ -4489,11 +4489,14 @@ static void spapr_machine_latest_class_o + } + + #define DEFINE_SPAPR_MACHINE(suffix, verstr, latest) \ ++ DEFINE_SPAPR_MACHINE_NAMED(suffix, suffix, verstr, latest) ++ ++#define DEFINE_SPAPR_MACHINE_NAMED(qemuver, suffix, verstr, latest) \ + static void spapr_machine_##suffix##_class_init(ObjectClass *oc, \ + void *data) \ + { \ + MachineClass *mc = MACHINE_CLASS(oc); \ +- spapr_machine_##suffix##_class_options(mc); \ ++ spapr_machine_##qemuver##_class_options(mc); \ + if (latest) { \ + spapr_machine_latest_class_options(mc); \ + } \ +@@ -4517,7 +4520,7 @@ static void spapr_machine_5_2_class_opti + /* Defaults for the latest behaviour inherited from the base class */ + } + +-DEFINE_SPAPR_MACHINE(5_2, "5.2", true); ++DEFINE_SPAPR_MACHINE(5_2, "5.2", false); + + /* + * pseries-5.1 +@@ -4858,11 +4861,16 @@ DEFINE_SPAPR_MACHINE(2_6, "2.6", false); + * pseries-2.5 + */ + ++/* ++ * ddw was backported to 2.6 (Yakkety), so we have to disable it in <=2.5 ++ * can be dropped when dropping Yakkety machine type (18.10) ++ */ + static void spapr_machine_2_5_class_options(MachineClass *mc) + { + SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc); + static GlobalProperty compat[] = { + { "spapr-vlan", "use-rx-buffer-pools", "off" }, ++ { TYPE_SPAPR_PCI_HOST_BRIDGE, "ddw", "off" }, + }; + + spapr_machine_2_6_class_options(mc); +@@ -4931,6 +4939,32 @@ static void spapr_machine_2_1_class_opti + } + DEFINE_SPAPR_MACHINE(2_1, "2.1", false); + ++/* Ubuntu machine types */ ++DEFINE_SPAPR_MACHINE_NAMED(2_5, ubuntu_xenial, "xenial", false); ++DEFINE_SPAPR_MACHINE_NAMED(2_6, ubuntu_yakkety, "yakkety", false); ++DEFINE_SPAPR_MACHINE_NAMED(2_8, ubuntu_zesty, "zesty", false); ++DEFINE_SPAPR_MACHINE_NAMED(2_10, ubuntu_artful, "artful", false); ++DEFINE_SPAPR_MACHINE_NAMED(2_11, ubuntu_bionic, "bionic", false); ++DEFINE_SPAPR_MACHINE_NAMED(2_12, ubuntu_cosmic, "cosmic", false); ++DEFINE_SPAPR_MACHINE_NAMED(3_1, ubuntu_disco, "disco", false); ++DEFINE_SPAPR_MACHINE_NAMED(4_0, ubuntu_eoan, "eoan", false); ++DEFINE_SPAPR_MACHINE_NAMED(4_2, ubuntu_focal, "focal", false); ++DEFINE_SPAPR_MACHINE_NAMED(5_0, ubuntu_groovy, "groovy", false); ++DEFINE_SPAPR_MACHINE_NAMED(5_2, ubuntu_hirsute, "hirsute", true); ++ ++/* Special 2.11 type for 1761372, since 2.12 is unreleased and 18.04 is 2.11 */ ++static void spapr_machine_2_11_sxxm_class_options(MachineClass *mc) ++{ ++ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc); ++ ++ spapr_machine_2_11_class_options(mc); ++ smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND; ++ smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND; ++ smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD; ++} ++DEFINE_SPAPR_MACHINE_NAMED(2_11_sxxm, ubuntu_bionic_sxxm, "bionic-sxxm", false); ++/* end Special 2.11 type for 1761372 */ ++ + static void spapr_machine_register_types(void) + { + type_register_static(&spapr_machine_info); +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -760,12 +760,15 @@ bool css_migration_enabled(void) + } + + #define DEFINE_CCW_MACHINE(suffix, verstr, latest) \ ++ DEFINE_CCW_MACHINE_NAMED(suffix, suffix, verstr, latest) ++ ++#define DEFINE_CCW_MACHINE_NAMED(qemuver, suffix, verstr, latest) \ + static void ccw_machine_##suffix##_class_init(ObjectClass *oc, \ + void *data) \ + { \ + MachineClass *mc = MACHINE_CLASS(oc); \ +- ccw_machine_##suffix##_class_options(mc); \ +- mc->desc = "VirtIO-ccw based S390 machine v" verstr; \ ++ ccw_machine_##qemuver##_class_options(mc); \ ++ mc->desc = "VirtIO-ccw based S390 machine " verstr; \ + if (latest) { \ + mc->alias = "s390-ccw-virtio"; \ + mc->is_default = true; \ +@@ -775,7 +778,7 @@ bool css_migration_enabled(void) + { \ + MachineState *machine = MACHINE(obj); \ + current_mc = S390_CCW_MACHINE_CLASS(MACHINE_GET_CLASS(machine)); \ +- ccw_machine_##suffix##_instance_options(machine); \ ++ ccw_machine_##qemuver##_instance_options(machine); \ + } \ + static const TypeInfo ccw_machine_##suffix##_info = { \ + .name = MACHINE_TYPE_NAME("s390-ccw-virtio-" verstr), \ +@@ -796,7 +799,7 @@ static void ccw_machine_5_2_instance_opt + static void ccw_machine_5_2_class_options(MachineClass *mc) + { + } +-DEFINE_CCW_MACHINE(5_2, "5.2", true); ++DEFINE_CCW_MACHINE(5_2, "5.2", false); + + static void ccw_machine_5_1_instance_options(MachineState *machine) + { +@@ -1054,6 +1057,19 @@ static void ccw_machine_2_4_class_option + } + DEFINE_CCW_MACHINE(2_4, "2.4", false); + ++/* Ubuntu machine types */ ++DEFINE_CCW_MACHINE_NAMED(2_5, ubuntu_xenial, "xenial", false); ++DEFINE_CCW_MACHINE_NAMED(2_6, ubuntu_yakkety, "yakkety", false); ++DEFINE_CCW_MACHINE_NAMED(2_8, ubuntu_zesty, "zesty", false); ++DEFINE_CCW_MACHINE_NAMED(2_10, ubuntu_artful, "artful", false); ++DEFINE_CCW_MACHINE_NAMED(2_11, ubuntu_bionic, "bionic", false); ++DEFINE_CCW_MACHINE_NAMED(2_12, ubuntu_cosmic, "cosmic", false); ++DEFINE_CCW_MACHINE_NAMED(3_1, ubuntu_disco, "disco", false); ++DEFINE_CCW_MACHINE_NAMED(3_1, ubuntu_eoan, "eoan", false); ++DEFINE_CCW_MACHINE_NAMED(4_2, ubuntu_focal, "focal", false); ++DEFINE_CCW_MACHINE_NAMED(5_0, ubuntu_groovy, "groovy", false); ++DEFINE_CCW_MACHINE_NAMED(5_2, ubuntu_hirsute, "hirsute", true); ++ + static void ccw_machine_register_types(void) + { + type_register_static(&ccw_machine_info); +--- a/softmmu/vl.c ++++ b/softmmu/vl.c +@@ -2321,6 +2321,17 @@ static gint machine_class_cmp(gconstpoin + object_class_get_name(OBJECT_CLASS(mc1))); + } + ++static int EndsWith(const char *str, const char *suffix) ++{ ++ if (!str || !suffix) ++ return 0; ++ size_t lenstr = strlen(str); ++ size_t lensuffix = strlen(suffix); ++ if (lensuffix > lenstr) ++ return 0; ++ return strncmp(str + lenstr - lensuffix, suffix, lensuffix) == 0; ++} ++ + static MachineClass *machine_parse(const char *name, GSList *machines) + { + MachineClass *mc; +@@ -2343,8 +2354,23 @@ static MachineClass *machine_parse(const + + mc = find_machine(name, machines); + if (!mc) { +- error_report("unsupported machine type"); ++ error_report("unsupported machine type '%s'", name); + error_printf("Use -machine help to list supported machines\n"); ++ ++ /* ++ * check for formerly supported, but now dropped distro ++ * specific types. Add extra hint to the error on match. ++ * This is arch-independent as it only checks for the suffix. ++ */ ++ if (EndsWith(name, "precise") || ++ EndsWith(name, "utopic") || ++ EndsWith(name, "vivid")) { ++ error_printf("The machine type is old and out of support now\n"); ++ error_printf("Please study https://wiki.ubuntu.com/" ++ "QemuKVMMigration#Upgrade_machine_type how to" ++ "upgrade machine types"); ++ } ++ + exit(1); + } + return mc; +--- a/hw/i386/pc.c ++++ b/hw/i386/pc.c +@@ -117,6 +117,11 @@ const size_t pc_compat_4_1_len = G_N_ELE + GlobalProperty pc_compat_4_0[] = {}; + const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0); + ++GlobalProperty host_phys_bits_compat[] = { ++ { TYPE_X86_CPU, "host-phys-bits", "on" }, ++}; ++const size_t host_phys_bits_compat_len = G_N_ELEMENTS(host_phys_bits_compat); ++ + GlobalProperty pc_compat_3_1[] = { + { "intel-iommu", "dma-drain", "off" }, + { "Opteron_G3" "-" TYPE_X86_CPU, "rdtscp", "off" }, +--- a/include/hw/i386/pc.h ++++ b/include/hw/i386/pc.h +@@ -206,6 +206,9 @@ extern const size_t pc_compat_4_1_len; + extern GlobalProperty pc_compat_4_0[]; + extern const size_t pc_compat_4_0_len; + ++extern GlobalProperty host_phys_bits_compat[]; ++extern const size_t host_phys_bits_compat_len; ++ + extern GlobalProperty pc_compat_3_1[]; + extern const size_t pc_compat_3_1_len; + +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -175,17 +175,29 @@ GlobalProperty hw_compat_2_5[] = { + }; + const size_t hw_compat_2_5_len = G_N_ELEMENTS(hw_compat_2_5); + ++#define HW_COMPAT_2_4_DEFS \ ++ /* Optional because the 'scsi' property is Linux-only */ \ ++ { "virtio-blk-device", "scsi", "true", .optional = true }, \ ++ { "e1000", "extra_mac_registers", "off" }, \ ++ { "virtio-pci", "x-disable-pcie", "on" }, \ ++ { "virtio-pci", "migrate-extra", "off" }, \ ++ { "fw_cfg_mem", "dma_enabled", "off" }, \ ++ { "fw_cfg_io", "dma_enabled", "off" }, \ ++ + GlobalProperty hw_compat_2_4[] = { +- /* Optional because the 'scsi' property is Linux-only */ +- { "virtio-blk-device", "scsi", "true", .optional = true }, +- { "e1000", "extra_mac_registers", "off" }, +- { "virtio-pci", "x-disable-pcie", "on" }, +- { "virtio-pci", "migrate-extra", "off" }, +- { "fw_cfg_mem", "dma_enabled", "off" }, +- { "fw_cfg_io", "dma_enabled", "off" } ++ HW_COMPAT_2_4_DEFS + }; + const size_t hw_compat_2_4_len = G_N_ELEMENTS(hw_compat_2_4); + ++// workaround for bug 1902654 / 1829868, see pc_i440fx_wily_machine_options in hw/i386/pc_piix.c ++GlobalProperty hw_compat_2_4_wily[] = { ++ HW_COMPAT_2_4_DEFS ++ { "migration", "send-configuration", "off" }, ++ { "migration", "send-section-footer", "off" }, ++ { "migration", "store-global-state", "off" }, ++}; ++const size_t hw_compat_2_4_wily_len = G_N_ELEMENTS(hw_compat_2_4_wily); ++ + GlobalProperty hw_compat_2_3[] = { + { "virtio-blk-pci", "any_layout", "off" }, + { "virtio-balloon-pci", "any_layout", "off" }, +--- a/include/hw/boards.h ++++ b/include/hw/boards.h +@@ -358,6 +358,10 @@ extern const size_t hw_compat_2_5_len; + extern GlobalProperty hw_compat_2_4[]; + extern const size_t hw_compat_2_4_len; + ++// workaround for bug 1902654 / 1829868, see pc_i440fx_wily_machine_options in hw/i386/pc_piix.c ++extern GlobalProperty hw_compat_2_4_wily[]; ++extern const size_t hw_compat_2_4_wily_len; ++ + extern GlobalProperty hw_compat_2_3[]; + extern const size_t hw_compat_2_3_len; + diff --git a/debian/patches/ubuntu/enable-svm-by-default.patch b/debian/patches/ubuntu/enable-svm-by-default.patch new file mode 100644 index 0000000..9d76675 --- /dev/null +++ b/debian/patches/ubuntu/enable-svm-by-default.patch @@ -0,0 +1,34 @@ +Description: Enable svm by default for qemu64 cpu on AMD + Upstream changed the default behavior late in 2014 with the patch: + . + 75d373ef97: target-i386: Disable SVM by default in KVM mode. + . + We enable vmx by default for intel, so continue to enable svm by default + as well. + . + This is not appropriate for upstreaming, as enabling svm is a distro + decision. +Author: Stefan Bader +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1561019 +Forwarded: no + +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -326,7 +326,6 @@ static void pc_compat_2_2_fn(MachineStat + static void pc_compat_2_1_fn(MachineState *machine) + { + pc_compat_2_2_fn(machine); +- x86_cpu_change_kvm_default("svm", NULL); + } + + static void pc_compat_2_0_fn(MachineState *machine) +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2953,7 +2953,6 @@ static PropValue kvm_default_props[] = { + { "x2apic", "on" }, + { "acpi", "off" }, + { "monitor", "off" }, +- { "svm", "off" }, + { NULL, NULL }, + }; + diff --git a/debian/patches/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch b/debian/patches/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch new file mode 100644 index 0000000..900c5f4 --- /dev/null +++ b/debian/patches/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch @@ -0,0 +1,76 @@ +From fabda89f574f536612f9925ae75744b9577c2bb7 Mon Sep 17 00:00:00 2001 +From: Christian Ehrhardt +Date: Mon, 14 Dec 2020 14:04:29 +0100 +Subject: [PATCH] build: -no-pie is no functional liker flag + +Recent binutils changes dropping unsupported options [1] caused a build +issue in regard to the optionroms. + + ld -m elf_i386 -T /<>/pc-bios/optionrom//flat.lds -no-pie \ + -s -o multiboot.img multiboot.o + ld.bfd: Error: unable to disambiguate: -no-pie (did you mean --no-pie ?) + +This isn't really a regression in ld.bfd, filing the bug upstream +revealed that this never really worked as a ld flag [2]. + +Since it never had the wanted effect (it did set --nmagic which we don't want) +this usage of LDFLAGS_NOPIE, should be droppable without any effect. +This also is the only user of LDFLAGS_NOPIE in .mak, therefore we can also +remove it from being addeed there. + +[1]: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=983d925d +[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=27050#c5 + +Signed-off-by: Christian Ehrhardt +Forwarded: yes (https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg03684.html) +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1907789 +Last-Update: 2020-12-14 + +--- + configure | 3 --- + pc-bios/optionrom/Makefile | 1 - + 2 files changed, 4 deletions(-) + +diff --git a/configure b/configure +index 3f823ed163..61c17c2dde 100755 +--- a/configure ++++ b/configure +@@ -2133,7 +2133,6 @@ EOF + # Check we support --no-pie first; we will need this for building ROMs. + if compile_prog "-Werror -fno-pie" "-no-pie"; then + CFLAGS_NOPIE="-fno-pie" +- LDFLAGS_NOPIE="-no-pie" + fi + + if test "$static" = "yes"; then +@@ -2149,7 +2148,6 @@ if test "$static" = "yes"; then + fi + elif test "$pie" = "no"; then + CONFIGURE_CFLAGS="$CFLAGS_NOPIE $CONFIGURE_CFLAGS" +- CONFIGURE_LDFLAGS="$LDFLAGS_NOPIE $CONFIGURE_LDFLAGS" + elif compile_prog "-Werror -fPIE -DPIE" "-pie"; then + CONFIGURE_CFLAGS="-fPIE -DPIE $CONFIGURE_CFLAGS" + CONFIGURE_LDFLAGS="-pie $CONFIGURE_LDFLAGS" +@@ -6768,7 +6766,6 @@ echo "QEMU_CXXFLAGS=$QEMU_CXXFLAGS" >> $config_host_mak + echo "GLIB_CFLAGS=$glib_cflags" >> $config_host_mak + echo "GLIB_LIBS=$glib_libs" >> $config_host_mak + echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak +-echo "LDFLAGS_NOPIE=$LDFLAGS_NOPIE" >> $config_host_mak + echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_host_mak + echo "EXESUF=$EXESUF" >> $config_host_mak + echo "HOST_DSOSUF=$HOST_DSOSUF" >> $config_host_mak +diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile +index 084fc10f05..30771f8d17 100644 +--- a/pc-bios/optionrom/Makefile ++++ b/pc-bios/optionrom/Makefile +@@ -41,7 +41,6 @@ override CFLAGS += $(call cc-option, $(Wa)-32) + + LD_I386_EMULATION ?= elf_i386 + override LDFLAGS = -m $(LD_I386_EMULATION) -T $(SRC_DIR)/flat.lds +-override LDFLAGS += $(LDFLAGS_NOPIE) + + all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin + +-- +2.29.2 + diff --git a/debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch b/debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch new file mode 100644 index 0000000..df73364 --- /dev/null +++ b/debian/patches/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch @@ -0,0 +1,62 @@ +Description: tolerate ipxe size change on migrations to >=18.04 + +Older IPXE roms were smaller, but just changing this size on ipxe upgrades +breaks migration and save/restore as the PCI bar sizes are not allowed to +change. + +This is essentially a per Distribution release detail depending +on which ipxe roms (and which options, builds) are bundled with an qemu. +To fix migrations define a compat for anything older than the bump of the +rom size and map older machine types to filenames. We can then provide +compat-roms (old or built differently) for those. + +We only support the defaults for migrations (shutdown, move, start and +essentially everything that does a full restart/init works without this +indirection), so only map those whose default rom was on the efi-* roms +that existed and now crossed 256k. + +Some more info and links can be found at: +https://cpaelzer.github.io/blogs/002-migration-with-changed-roms + +Forwarded: yes (to Debian for a common solution, does not apply to upstream) +Author: Christian Ehrhardt +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1713490 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881263 +Last-Update: 2018-02-19 + +[diffstat] + compat.h | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -63,8 +63,29 @@ const size_t hw_compat_2_11_len = G_N_EL + GlobalProperty hw_compat_2_10[] = { + { "virtio-mouse-device", "wheel-axis", "false" }, + { "virtio-tablet-device", "wheel-axis", "false" }, ++ { "e1000", "romfile", "compat-256k-efi-e1000.rom" }, ++ { "ne2000", "romfile", "compat-256k-efi-ne2k_pci.rom" }, ++ { "pcnet", "romfile", "compat-256k-efi-pcnet.rom" }, ++ { "rtl8139", "romfile", "compat-256k-efi-rtl8139.rom" }, ++ { "virtio-net-pci", "romfile", "compat-256k-efi-virtio.rom" }, + }; + const size_t hw_compat_2_10_len = G_N_ELEMENTS(hw_compat_2_10); ++/* ++ * ^^ (LP: #1713490) ++ * older IPXE roms were smaller, but just changing this size on ipxe upgrades ++ * breaks migration and save/restore as the PCI bar sizes are not allowed to ++ * change. ++ * This is essentially a per Distribution release detail depending ++ * on which ipxe roms (and which options on build) are bundled with an qemu. ++ * To fix migrations define a compat for anything older than the bump of the ++ * rom size (=pre-bionic = <=2.10) and map older machine types to filenames. ++ * We can then provide compat-roms (essentially the old build on new paths) for ++ * those. ++ * We only support the defaults for migrations (shutdown, move, start and ++ * essentially everything that does a full restart/init works without this ++ * indirection), so only map those whose default rom was on the efi-* roms ++ * which now crossed 256k to use the newer roms for anything else. ++ */ + + GlobalProperty hw_compat_2_9[] = { + { "pci-bridge", "shpc", "off" }, diff --git a/debian/qemu-kvm-init b/debian/qemu-kvm-init new file mode 100755 index 0000000..af00b71 --- /dev/null +++ b/debian/qemu-kvm-init @@ -0,0 +1,89 @@ +#!/bin/sh + +# Detect our host arch +arch=$(arch) +test -z "$arch" && exit 0 + +modlist="" +case "$arch" in + x86_64 | i686) + kvm=/usr/bin/qemu-system-x86_64 + if grep -qs "^flags.* vmx" /proc/cpuinfo; then + modlist="kvm_intel $KVM_NESTED" + elif grep -qs "^flags.* svm" /proc/cpuinfo; then + modlist="kvm_amd" + fi + ;; + ppc*) + SMT=$(/usr/sbin/ppc64_cpu --smt 2>&1 | grep "SMT=[248]") + if [ -n "$SMT" ] + then + if grep -q -e '^cpu\s*:\s*POWER8' /proc/cpuinfo; then + echo "Error: You must disable SMT if you want to run QEMU/KVM on Power8 based ppc64le architecture" + echo "In order to disable SMT, run: # ppc64_cpu --smt=off" + fi + fi + kvm=/usr/bin/qemu-system-ppc64 + if [ "$(uname -m)" != "ppc64le" ]; then + exit 0 + fi + if systemd-detect-virt --quiet --vm; then + echo "Info: second level virtualization not supported, kvm-hv load might fail" + fi + modlist="kvm-hv" + ;; +esac + +# Silently exit if the package isn't installed anymore +if [ -z "$kvm" -o ! -e "$kvm" ]; then + exit 0 +fi + +# shellcheck disable=SC1091 +[ -r /etc/default/qemu-kvm ] && . /etc/default/qemu-kvm + +start() { + if [ -n "$modlist" ]; then + modprobe -b $modlist || true + fi + + if systemd-detect-virt --quiet --container; then + mknod /dev/kvm c 10 232 || true + chown root:kvm /dev/kvm || true + chmod g+rw /dev/kvm || true + fi + + # Determine if we are running inside a VM + IS_VM=0 + if command -v systemd-detect-virt >/dev/null 2>&1; then + systemd-detect-virt -vq && IS_VM=1 + fi + + # Enable KSM, respecting the default configuration file. If 'AUTO' is + # set, enable only if we aren't running inside a VM. + if [ "$KSM_ENABLED" = "1" ] || [ "$KSM_ENABLED" = "AUTO" ] && [ "$IS_VM" = "0" ]; then + # shellcheck disable=SC2015 + [ -w /sys/kernel/mm/ksm/run ] && echo 1 > /sys/kernel/mm/ksm/run || true + if [ -w /sys/kernel/mm/ksm/sleep_millisecs ]; then + if [ -n "$SLEEP_MILLISECS" ]; then + echo "$SLEEP_MILLISECS" > /sys/kernel/mm/ksm/sleep_millisecs || true + fi + fi + else + # shellcheck disable=SC2015 + [ -w /sys/kernel/mm/ksm/run ] && echo 0 > /sys/kernel/mm/ksm/run || true + fi +} + +# See how we were called. +case "$1" in + start) + start + ;; + + *) + exit 0 + ;; +esac + +exit $? diff --git a/debian/qemu-system-common.install b/debian/qemu-system-common.install index 59da325..e13ff70 100644 --- a/debian/qemu-system-common.install +++ b/debian/qemu-system-common.install @@ -10,3 +10,4 @@ debian/tmp/usr/share/man/man7/qemu-block-drivers.7 debian/tmp/usr/share/man/man7/qemu-cpu-models.7 debian/tmp/usr/share/doc/qemu/system usr/share/doc/qemu-system-common debian/tmp/usr/bin/qemu-storage-daemon +debian/qemu-kvm-init /usr/share/qemu/init diff --git a/debian/qemu-system-common.qemu-kvm.default b/debian/qemu-system-common.qemu-kvm.default new file mode 100644 index 0000000..08ab26c --- /dev/null +++ b/debian/qemu-system-common.qemu-kvm.default @@ -0,0 +1,8 @@ +# Set to 1 to enable KSM, 0 to disable KSM, and AUTO to use default settings. +# After changing this setting restart the qemu-kvm service. +KSM_ENABLED=AUTO +SLEEP_MILLISECS=200 + +# Dropped VHOST_NET_ENABLED as this is auto-loaded in recent kernels + +# Dropped KVM_HUGEPAGES as systemd provides feasible hugepage moutpoints diff --git a/debian/qemu-system-common.qemu-kvm.service b/debian/qemu-system-common.qemu-kvm.service new file mode 100644 index 0000000..f35e3e9 --- /dev/null +++ b/debian/qemu-system-common.qemu-kvm.service @@ -0,0 +1,16 @@ +[Unit] +Description=QEMU KVM preparation - module, ksm, hugepages +DefaultDependencies=no +After=local-fs.target +Before=shutdown.target +Conflicts=shutdown.target +RequiresMountsFor=/usr + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/share/qemu/init/qemu-kvm-init start +ExecReload=/usr/share/qemu/init/qemu-kvm-init start + +[Install] +WantedBy=multi-user.target diff --git a/debian/qemu-system-gui.prerm b/debian/qemu-system-gui.prerm new file mode 100644 index 0000000..53f3c14 --- /dev/null +++ b/debian/qemu-system-gui.prerm @@ -0,0 +1,42 @@ +#!/bin/sh +# prerm script for qemu-system-gui +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + remove|upgrade|deconfigure|failed-upgrade) + ;; + + failed-upgrade) + # (LP: #1906245) + # This is a no-op, but still required after dropping the former failing + # prerm (LP: #1905377). While we can't fix the old prerm, this will let + # the "new-prerm failed-upgrade" call work and thereby complete the + # upgrade. Can be dropped after 21.04. + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/qemu-system-x86.NEWS b/debian/qemu-system-x86.NEWS index 0adaa50..2a227d5 100644 --- a/debian/qemu-system-x86.NEWS +++ b/debian/qemu-system-x86.NEWS @@ -11,6 +11,86 @@ qemu (1:5.0-9) unstable; urgency=medium -- Michael Tokarev Fri, 17 Jul 2020 12:54:35 +0300 +qemu (1:2.11+dfsg-1ubuntu11) cosmic; urgency=medium + + Summary: + Adding new Ubuntu machine types with -hpb suffix to allow users to run + guests >1TB using the qemu host-phys-bits setting. If a cpu provides more + physical addressing bits than the default virtual 40 one can drive larger + guests by setting host-phys-bits. Using a machine type to do so allows to + control this through libvirt and higher virt stack components as of today. + + Details: + Currently the virtualization stack has the feature to run guests bigger than + one Terabyte, but lacks the means to express and configure that easily. + + Qemu provides phys-bits and host-phys-bits attributes on the -cpu parameter. + But due to the fact that higher layers do not expose any configuration for it + this feature is so far restricted to qemu commandline users or manual tweaks. + + Long term we want to see libvirt exposing configuration for that and higher + layers to exploit it, see https://bugs.launchpad.net/bugs/1769053 + + But Ubuntu users ask for a way to configure guests like that right now. + To do so we provide a new Ubuntu specific machine type that matches the + usual Ubuntu machine type but with host-phys-bits switched on. + + To express in their short names that they are like the base type but plus + HostPhysBits turned on they have a -hpb suffix on the usual shortname. + - pc-i440fx-bionic-hpb + - pc-q35-bionic-hpb + And they also list "+host-phys-bits=true" in their description. + + The drawback using this type in an uncontrolled environment, is that you + might run into trouble migrating between systems of different hardware + characteristics (if the target CPU is not able to handle that many + phys-bits). This also is the main reason why we didn't want to make it the + default for everyone just yet. + + Since machine type is rather old higher stacks often expose a configuration + for it, here for example links in regard to OpenStack: + 1. Global via nova config: + https://docs.openstack.org/nova/pike/configuration/config.html + 2. Per image via metadata: + https://docs.openstack.org/image-guide/image-metadata.html + + The intention is to provide such kind of types until we either decide that + it is safe enough to switch it on by default (no extra type) or once libvirt + and higher stacks can control (host-)phys-bits directly. + + -- Christian Ehrhardt Tue, 12 Jun 2018 09:28:17 +0200 + +qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=low + + The ubuntu specific machine types for Trusty, Utopic and Vivid had a bug in + former versions. Those bugs made them non-unique by effectivly picking up + the current qemu versions compat level instead to stay at their defined one. + + Machine Type: Broken in: + Trusty Xenial, Yakkety, Cloud-Archive Mitaka + Utopic Vivid, Wily, Xenial, Cloud-Archive Liberty + + Despite multiple releases being affected by the bad type definition, most + common migration paths today like LTS->LTS from Trusty to Xenial are working + fine for now. But a latter Migration to a newer System would fail as then + source and traget would disagree on what the guest type exactly is. + + The only known real case of a related issue so far is a Utopic machine type on + Trusty plus Ubuntu Cloud Archive Liberty migrating to Xenial. + + SRUs for bug 1641532 are rolled out into all affected releases to fix that + issue and let qemu do the right for the machine type definition as it was + meant to do. + + If you have a guest with an affected machine type running on one of the + affected releases and are hit by the migration issues the procedure to get + migrations working again required a guest restart to pick up the changes. + 1. With this fix installed restart the guest to pick up the "fixed" machine + type (the same as with many CVE qemu fixes). + 2. Now it can be migrated to a target Host with the fix applied as well + + -- Christian Ehrhardt Tue, 17 Jan 2017 11:57:47 +0100 + qemu (1.7.0+dfsg-2) unstable; urgency=low Since version 1.7.0+dfsg-2, qemu-system-x86 switched from vgabios for diff --git a/debian/qemu-system-x86.README.Debian b/debian/qemu-system-x86.README.Debian new file mode 100644 index 0000000..b609e6b --- /dev/null +++ b/debian/qemu-system-x86.README.Debian @@ -0,0 +1,47 @@ +qemu (1:4.2-1ubuntu1) focal; urgency=medium + +In recent years the kernel and qemu support for nested virtualization got +much better. Therefore with QEMU 4.2 / Kernel 5.4 in Ubuntu 20.04 onwards +the former restriction that excluded nesting from being a supported +feature is lifted. + +With kernel 4.20 nested virtualization became default enabled in the +kvm-intel.ko kernel module. It was enabled all the time for kvm-amd.ko. +And these days all common front end tools to KVM will pick default +cpu types capable of nesting. Therefore former tweaks to auto-enable nesting +for extra convenience could be dropped in qemu 1:4.2-1ubuntu1. + +While no more needed going forward, for backward compatibility the default +guest CPU types (if you specify nothing, which isn't recommended in general) +will continue to add VMX/SVM capabilities. + +Finally it might be worth to mention the constraint that live migration of a +level 1 guest that has nested level 2 guests running isn't ready yet. But +upstream development to stabilize that is ongoing already. + + -- Christian Ehrhardt Wed, 08 Jan 2020 16:18:01 +0100 + +qemu (1:2.10+dfsg-0ubuntu5) xenial; urgency=medium + +Nested virtualization is a useful technology - it usually just works and +greatly facilitates many developer workflows. The phrase "it works until it +doesn't" is a correct description of its state. +But when it doesn’t work, it is very difficult to debug due to complex +interactions between virtualization layers. + +Therefore it is important to realize that while Ubuntu adds code to make the +consumption of nested virtualization easier it should not be relied upon, +especially for production workloads. +Many projects - especially CI infrastructures use it quite heavily and are fine. +But one has to design the usage in a way to tolerate potential issues as +it is not a fully supported feature - neither by upstream nor by Ubuntu. + +Note: Due to the default x86 virtual CPU types on Ubuntu having vmx (Intel) +and svm (AMD) enabled by default to make nested virt work out of the box +without any tweaking KVM reports on guest start a missing +feature of the "other" architecture respectively. +This non critical Message looks like (similarly for AMD with vmx): + + host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2] + +-- Christian Ehrhardt Thu, 11 Jan 2018 17:06:02 +0100 diff --git a/debian/rules b/debian/rules index c1a681c..956015a 100755 --- a/debian/rules +++ b/debian/rules @@ -17,6 +17,7 @@ libdir = /usr/lib/${DEB_HOST_MULTIARCH} ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes) VENDOR := UBUNTU DEB_BUILD_PARALLEL = yes +XENBINPATH := $(shell pkg-config --variable libexec_bin xenlight) else VENDOR := DEBIAN endif @@ -114,6 +115,7 @@ b/configure-stamp: configure ../../configure ${common_configure_opts} --disable-user \ --${enable_system}-system \ --${enable_linux_user}-linux-user \ + --disable-xen \ --enable-modules \ --enable-module-upgrades \ $(shell sh debian/extract-config-opts \ @@ -155,6 +157,33 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64),) echo "#define CONFIG_MICROVM_DEFAULT 1" >> b/qemu-microvm/x86_64-softmmu/config-target.h endif +ifeq ($(VENDOR),UBUNTU) +ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),) +# like above but with: +# --enable-xen +# --disable-linux-user (not needed for this binary) +# reduced --target-list as needed for xen +# xen can only be configured on x86, so skip other build architectures + # system build for qemu-system-x86-xen + rm -rf b/qemu-xen; mkdir -p b/qemu-xen + cd b/qemu-xen && \ + ../../configure ${common_configure_opts} --disable-user \ + --${enable_system}-system \ + --disable-linux-user \ + --enable-xen \ + --target-list="aarch64-softmmu arm-softmmu i386-softmmu x86_64-softmmu" + --enable-modules \ + --enable-module-upgrades \ + $(shell sh debian/extract-config-opts \ + $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \ + $(QEMU_CONFIGURE_OPTIONS) || \ + { echo ===== CONFIGURE FAILED ===; tail -n 50 config.log; exit 1; } +# same config as the main build. + sed -i -r 's/(CONFIG_(CURSES|-GTK|-SDL|AUDIO_(-PA|OSS|ALSA|-SDL)))=m/\1=y/' \ + b/qemu-xen/config-host.mak +endif +endif + ifeq ($(enable_linux_user),enable) # do not use debian/configure-opts here, all optional stuff will be enabled # automatically, dependencies are already verified in the main build @@ -164,7 +193,7 @@ ifeq ($(enable_linux_user),enable) rm -rf b/user-static; mkdir b/user-static cd b/user-static && \ ../../configure ${common_configure_opts} \ - --static --disable-pie --disable-system \ + --static --disable-pie --disable-system --disable-xen \ --target-list="$(addsuffix -linux-user,${user_targets})" endif touch $@ @@ -186,6 +215,12 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64),) $(MAKE) -C b/qemu-microvm V=${V} endif +ifeq ($(VENDOR),UBUNTU) +ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),) + $(MAKE) -C b/qemu-xen V=${V} +endif +endif + ifeq ($(enable_linux_user),enable) # user-static build # we use this invocation to build just the binaries @@ -243,6 +278,22 @@ ifeq (${enable_system},enable) mv debian/tmp/usr/share/man/man1/qemu.1 debian/tmp/usr/share/man/man1/qemu-system.1 $(foreach s,${systems},$(call inst-system,$s)) +ifeq ($(VENDOR),UBUNTU) +ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),) + # xen enabled build as (mutually exclusive and universe-only) alternative + mkdir -p debian/qemu-system-x86-xen/usr/bin/ + mkdir -p debian/qemu-system-x86-xen/usr/share/man/man1/ + cp b/qemu-xen/x86_64-softmmu/qemu-system-x86_64 debian/qemu-system-x86-xen/usr/bin/ + cp b/qemu-xen/i386-softmmu/qemu-system-i386 debian/qemu-system-x86-xen/usr/bin/ + echo ".so man1/qemu-system.1" > debian/qemu-system-x86-xen/usr/share/man/man1/qemu-system-x86_64.1 + echo ".so man1/qemu-system.1" > debian/qemu-system-x86-xen/usr/share/man/man1/qemu-system-i386.1 + dh_link -pqemu-system-x86-xen usr/share/doc/qemu-system-common usr/share/doc/qemu-system-x86-xen/common + # compat links to what libxen-dev reports where to find the binaries + dh_link -pqemu-system-x86-xen /usr/bin/qemu-system-i386 ${XENBINPATH}/qemu-system-i386 + dh_link -pqemu-system-x86-xen /usr/bin/qemu-system-x86_64 ${XENBINPATH}/qemu-system-x86_64 +endif +endif + ifneq ($(filter $(DEB_HOST_ARCH),amd64),) # microvm system cp b/qemu-microvm/x86_64-softmmu/qemu-system-x86_64 debian/qemu-system-x86/usr/bin/qemu-system-x86_64-microvm @@ -357,6 +408,10 @@ ifeq (${enable_system},enable) install -D debian/qemu-ifup.$(DEB_HOST_ARCH_OS) \ debian/qemu-system-common/etc/qemu-ifup endif + # install /etc/default/qemu-kvm + dh_installinit -a -pqemu-system-common --name=qemu-kvm + # install and enable qemu-kvm.service + dh_installsystemd -a -pqemu-system-common --no-restart-on-upgrade --name=qemu-kvm dh_installinit -a -pqemu-guest-agent dh_installsystemd -a -pqemu-guest-agent --no-start --no-enable dh_link -a