This bug was fixed in the package qemu - 1:6.2+dfsg-2ubuntu5 --------------- qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit tcg on s390x. qemu (1:6.2+dfsg-2ubuntu4) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 qemu (1:6.2+dfsg-2ubuntu3) jammy; urgency=medium * Merge with Debian unstable, remaining changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-system-common.qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install helper script - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372 1761372 1776189) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types containing release versioned machine attributes - d/qemu-system-x86.NEWS Info on fixed machine type defintions for host-phys-bits=true - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type - Enable nesting by default - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd [ No more strictly needed, but required for backward compatibility ] - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/qemu-system-x86.README.Debian: add info about updated nesting changes - d/p/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch: add patch to workaround FTBFS when building against OpenSSL 3.0. - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix -fcf-protection being unavailble on -march=i486 (LP 1940029) - Ease the use of module retention on upgrades (LP 1913421) - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade - Make qemu-system-x86-microvm a transitional package as the binary is now in qemu-system-x86 itself. * Dropped Changes [now part of 1:6.1+dfsg-8]: - updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code (#993658) (LP 1947860) - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative [includes compat links changes of 5.0-5ubuntu4] - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926) * Dropped Changes [now part of upstream] - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931 and 3932 machines (LP 1932175) - d/p/u/lp-1940288-audio-Never-send-migration-section.patch: fix migration with audio devices present (LP 1940288) * Added changes: - update patches for qemu v6.2.0 - d/p/u/enable-svm-by-default.patch - d/p/u/define-ubuntu-machine-types.patch - d/p/u/lp-1952448-relax-skiboot-gcc-deprecation-errors.patch - d/rules: xen libexec dir is no more versioned - d/rules: ensure xen is built on x86 - d/p/u/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch Allow long kernel command lines for QEMU (LP: #1959984) - d/kvm-spice: fix when acceleration is already defined on the commandline - d/p/u/fix-virtiofsd-for-glibc2.35.patch: add rseq to seccomp allow list qemu (1:6.2+dfsg-2) unstable; urgency=medium * bump meson build-dep to 0.59.3 * build & include multiboot_dma.bin (Closes: #1003930) * libxml2 is not needed for parallels. Enable parallels block image format (Closes: #1003162) * acpi-validate-hotplug-selector-on-access-CVE-2021-4158.patch Closes: CVE-2021-4158 * acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch (Closes: #1004017) * acpi-fix-OEM_ID-padding.patch * debian/get-orig-source.sh: repack dfsg archive differently * mention closing of a few CVEs by 6.2.0 qemu (1:6.2+dfsg-1) unstable; urgency=medium [ Christian Ehrhardt ] * 6.2.0 upstream release Closes: #984452, CVE-2021-20203 (integer overflow issue in the vmxnet3 NIC emulator) Closes: #984453, CVE-2021-20196 (fdc: check drive block device before usage) Closes: #984451, CVE-2021-20255 (infinite recursion / DMA reentrancy in eepro100 i8255x device emulator) * d/get-orig-source.sh: remove pc-bios/multiboot_dma.bin in dfsg-clean * Drop patches upstream in v6.2.0 * d/p/spelling.diff: update for v6.2.0 (partially accepted) * d/rules: use new --disable-install-blobs build arg * Revert "make fuse debian-only, since libfuse3 in ubuntu is in universe", it is now in main (LP: #1934510) * d/rules: bump skiboot version for qemu v6.2.0 * d/p/ignore-roms-dependency-in-qtest.patch: fix meson issue due to dfsg removal of blobs * d/rules: drop --disable-fdt on microvm builds (now strictly required on any x86 build) * d/rules: select default PARISC config for hppa-firmware qemu (1:6.1+dfsg-8) unstable; urgency=medium * fix keymaps definitions placement in last upload (Closes: #997925, #997926) qemu (1:6.1+dfsg-7) unstable; urgency=medium * qemu-system-data: do not install qemu.desktop (Closes: #995628) * remove qemu-user-static.README.Debian (#995633) * d/rules: update configure rules for different qemu builds * qemu-system-x86-xen: install only -i386 link to xen path, not -x86_64 * promote qemu-system-x86-xen package on ubuntu to be like qemu-system-x86 since it uses the same modules actually * enable zstd compression support (Build-Depends) * qemu-system-data: install usr/share/icons/hicolor/32x32/apps/qemu.bmp for the sdl ui * d/control: fix wrong relation (< vs <<) * d/control: use :native version of python3-sphynx (Closes: #995622) * do not make qemu-system-gui Multi-Arch:same due to vhost-user-gpu * quieten gcc11 warnings/errors so roms will compile (Closes: #997082) * move d/qemu-system-data.install to d/rules qemu (1:6.1+dfsg-6) unstable; urgency=medium * virtio-net-fix-use-after-unmap-free-for-sg-CVE-2021-3748.patch Closes: #993401, CVE-2021-3748: use-after-free in virtio_net_receive_rcu * ati_2d-fix-buffer-overflow-in-ati_2d_blt-CVE-2021-3638.patch Closes: #992726, CVE-2021-3638: inconsistent check in ati_2d_blt() may lead to out-of-bounds write * refresh uas-add-stream-number-sanity-checks-CVE-2021-3713{.diff=>.patch} from upstream * hmp-unbreak-change-vnc.patch from upstream to fix 'change vnc passwd' command qemu (1:6.1+dfsg-5) unstable; urgency=medium * updated debian/patches/linux-user-binfmt-P.diff to work with in-kernel code Closes: #993658 * d/rules: do not mark configure target as .PHONY since it is a real file qemu (1:6.1+dfsg-4) unstable; urgency=medium * qemu-sockets-fix-unix-socket-path-copy-again.patch replacing socket-unix-maxlen.patch Closes: #993145 * enable more devices for the microvm build: virtio-gpu & vhost-user-gpu virtio-input-host & vhost_user_input * move vhost-user-gpu files from qemu-system-common to qemu-system-gui this elminates X11 dependencies from non-gui qemu-system install * build and install vof.bin firmware * rearrange d/rules a bit to make different qemu builds to be consistent with sysdata-components * move ppc dtb firmware files from qemu-system-ppc to qemu-system-data * device-tree-compiler is now needed in build-indep-depends, not in build-depends * d/rules: use CROSSPFX variables * ubuntu only: - Revert commit from the previous release which restores relation between qemu-system-xen and qemu-system-gui since -xen is not compatible with -gui modules - qemu-system-xen does not suggest qemu-block-extra (incompatible too) - qemu-system-s390x recommends qemu-block-extra not suggests it qemu (1:6.1+dfsg-3) unstable; urgency=medium * fix brown-paper bag in last upload (--enable-libudev) * ubuntu only: restore relations (depends/recommends) between qemu-system-gui and qemu-system-xen since -xen replaces full qemu-system-x86 and acts the same way qemu (1:6.1+dfsg-2) unstable; urgency=medium * rearrange d/rules to be able to configure/build/install various different kinds of qemu builds (main/microvm/xen/static) separately, by splitting targets of d/rules into subtargets * enable many virtio devices for microvm build (Closes: #992029) * disable libudev and fuse for microvm build * rearrange options for microvm build in d/rules * tidy newly added assert in unix-domain socket handling code to account for extra \0 terminator for socket pathname, socket-unix-maxlen.patch (Closes: #993145) * upstream qemu added ignoring of *.patch to .gitignore, unignore them in d/.gitignore * re-add 4 patches which were lost from git during preparation for 6.1 (not affecting the source package) * uas-add-stream-number-sanity-checks-CVE-2021-3713.diff Closes: #992727, CVE-2021-3713 * Mention (some) bugs closed by 6.1 upstream * Mention closing of #947349 qemu (1:6.1+dfsg-1) unstable; urgency=medium * new upstream release (6.1.0) Closes: CVE-2021-3607 (pvrdma: ensure correct input on ring init) Closes: CVE-2021-3608 (pvrdma: unmap initialized dma address) Closes: #989042, CVE-2021-3544 (vhost-user-gpu resource leaks) Closes: #989042, CVE-2021-3545 (vhost-user-gpu memory disclosure) Closes: #989042, CVE-2021-3546 (vhost-user-gpu OOBwr virgl_cmd_get_capset) Closes: #991911, CVE-2021-3682 (pvrdma: possible mremap overflow) * refresh patches, remove patches which were applied upstream * remove newly appeared pc-bios/vof.bin in dfsg-clean * add python3-sphinx-rtd-theme to build-depends * removed qemu-system-moxie arch * actually build many qemu modules as modules, and install them in qemu-system-common. * make strong versioned dependency between various qemu-system-* packages, so that modules works correctly. * drop very old versions from Build-Depends, Depends and Recommends for packages which long has much more recent versions in debian * up qemu-block-extra dependecy level from Suggests to Recommends * d/control: stop suggesting sgabios by qemu-system-x86 * (experimental for now, needs more work) print name of the package name for a module which can't be loaded, to give a clue what other package one may need to install for the requested functionality * fix some spelling mistakes in visible messages (spelling.diff) * enable jack audio backend (in qemu-system-gui) (Closes: #984726) * other small/internal changes in packaging: - removed --disable-sheepdog which were dropped upstream - install gui modules in d/rules not in d/q-s-gui.install to be able to use wildcard in d/q-s-common.install - recommend qemu-block-extra, not suggest it and not depend on it (ubuntu) for qemu-system-* and qemu-utils - reformat qemu "deps" for qemu-system-gui, stop listing -xen there (it can not satisfy -gui), qemu-system-s390x is :ubuntu:-only - d/control: stop recommending -gui for xen package (it is of no use for xen) - d/control: reformat Depends for qemu-block-extra, do not include -xen version there, mark -x390x as ubuntu-only, and allow qemu-utils to satisfy the dependency - do not install docs which does not exist anymore - stop omiting Changelog from dh_installchangelog: the file is long gone - d/rules: explicitly state version of skiboot as it is stored in a git tag only, or else skiboot does not build (hack) - put (new in 6.1, new in debian) hw-display-virtio-gpu-gl.so to qemu-system-gui as it pulls in X11 qemu (1:6.0+dfsg-4) unstable; urgency=medium * d/rules: fix last ubuntu merge, xen is x86-only, not all-debian qemu (1:6.0+dfsg-3) unstable; urgency=medium [ Michael Tokarev ] * enable /run/qemu mount on ubuntu only * usbredir-fix-free-call-CVE-2021-3682.patchi Closes: #991911, CVE-2021-3682 [ Christian Ehrhardt ] * ubuntu-only changes: - d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra - d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra - d/control*, d/rules: disable xen by default, but provide universe package qemu-system-x86-xen as alternative * d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch: avoid segfaults by uretprobes (LP 1929926) -- Christian Ehrhardt