This bug was fixed in the package qemu - 1:3.1+dfsg-2ubuntu1 --------------- qemu (1:3.1+dfsg-2ubuntu1) disco; urgency=medium * Merge with Debian testing, Among many other things this fixes LP Bugs: LP: #1806104 - fix misleading page size error on ppc64el LP: #1782205 - SnowRidge enabled new ISAs LP: #1786956 - upgrade to qemu >= 3.0 LP: #1809083 - Backward migration to Xenial on ppc64el LP: #1803315 - s390x Huge page enablement LP: #1657409 - enable virglrenderer Remaining Changes: - qemu-kvm to systemd unit - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, hugepages and architecture specifics - d/qemu-kvm.service: systemd unit to call qemu-kvm-init - d/qemu-system-common.install: install systemd unit and helper script - d/qemu-system-common.maintscript: clean old sysv and upstart scripts - d/qemu-system-common.qemu-kvm.default: defaults for /etc/default/qemu-kvm - d/rules: install /etc/default/qemu-kvm - Enable nesting by default - d/qemu-system-x86.modprobe: set nested=1 module option on intel. (is default on amd) - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded without nested=1 - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default in qemu64 cpu type. - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default in qemu64 on amd - d/qemu-system-x86.README.Debian: document intention of nested being default is comfort, not full support - Distribution specific machine type (LP: 1304107 1621042 1776189 1761372) - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine types - d/qemu-system-x86.NEWS Info on fixed machine type defintions for host-phys-bits=true (LP: 1776189) - add an info about -hpb machine type in debian/qemu-system-x86.NEWS - d/p/ubuntu/lp-1761372-*: provide pseries-bionic-2.11-sxxm type as convenience with all meltdown/spectre workarounds enabled by default. (LP: 1761372). - improved dependencies - Make qemu-system-common depend on qemu-block-extra - Make qemu-utils depend on qemu-block-extra - let qemu-utils recommend sharutils - s390x support - Create qemu-system-s390x package - Enable numa support for s390x - arch aware kvm wrappers - d/control: update VCS links (updated to match latest Ubuntu) - qemu-guest-agent: freeze-hook fixes (LP: 1484990) - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d - d/control-in: enable RDMA support in qemu (LP: 1692476) - enable RDMA config option - add libibumad-dev build-dep - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types reference 256k path - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to handle incoming migrations from former releases. - d/control-in: Disable capstone disassembler library support (universe) * Added Changes: - d/p/ubuntu/define-ubuntu-machine-types.patch: update machine type changes for qemu 3.1 in the Ubuntu Disco release - d/p/ubuntu/lp-1759509-* fix waking up VMs from dompmsuspend (LP: #1759509) - Move s390x roms to a new qemu-system-data-s390x - d/qemu-system-data.install: install s390x roms as architecture:all in qemu-system-data - d/rules: build s390-ccw.img with upstream Makefile - d/rules: build s390x-netboot.img with upstream Makefile - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back some SLOF bits stripped in DFSG to be able to build s390x-netboot roms As that hack to build s390-ccw.img rom can't build s390x-netboot.img replace it with a build-indep using the upstream makefiles. This is less prone to miss future changes/fixes that are done to the makefiles - d/control-in: add breaks/replaces for moving s390x roms from qemu-system-s390x to qemu-system-data - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945) [From not yet uploaded Debian branch] - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga (Closes: #918378) - d/rules: fix qemu-kvm service for debhelper compat >=12 - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch: avoid misdetection of simplified nesting blocking all migrations - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for- unimplement.patch: properly return archicture defined exception on bad subcodes of diag 308 (LP: #1812384) * Dropped Changes: - Include s390-ccw.img firmware (old style native build) - d/rules enable install s390x-netboot.img (old style native build) - libvirt/qemu user/group support - qemu-system-common.postinst: remove acl placed by udev, and add udevadm trigger. [ Droppable since logind properly sets ACLs now ] - qemu-system-common.preinst: add kvm group if needed [ Droppable because systemd/udev take care of it since 239-6] - d/p/guest-agent-freeze-hook-skip-dpkg-artifacts.patch of qemu-guest-agent freeze-hook fixes (LP: 1484990) [upstream] - d/p/ubuntu/CVE-2018-3639/* update for qemu 2.12 using the final patches merged upstream [upstream] - d/p/ubuntu/CVE-2018-11806-slirp-correct-size.patch: slirp: correct size computation while concatenating mbuf. CVE-2018-11806 [upstream] - d/p/ubuntu/lp-1781526-powerpc64-align-memory-THP.patch: align to 2MB for powerpc64 to speed up translation (LP: 1781526) [upstream] - d/p/ubuntu/lp-1780773-s390x-cpumodels-add-z14-Model-ZR1.patch: Add cpu model for z14 ZR1 (LP: 1780773). [upstream] - Mark qemu-system-data foreign to be able to install it e.g. on i386 (Closes: 903562) [in Debian] - d/control-in: qemu-keymaps is provided by qemu-system-data now (from yet unreleased Debian version) [in Debian] - d/p/lp-1755912-qxl-fix-local-renderer-crash.patch: Fix an issue triggered by migrations with UI frontends or frequent guest resolution changes (LP #1755912) [upstream] - d//ubuntu/target-ppc-extend-eieio-for-POWER9.patch: Backport to extend eieio for POWER9 emulation (LP: 1787408). [upstream] - d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch: ensure that the seccomp blacklist is applied to all threads (LP: 1789551) [upstream] - improve s390x spectre mitigation with etoken facility (LP: 1790457) [upstream] - Update pxe netboot images for KVM s390x to qemu 3.0 level (LP: 1790901) [upstream] - d/control-in: our addition of a qemu-system-s390x package needs to follow the split of qemu-system-data by adding a dependency to it (LP: 1798084) [in Debian] - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: 1787405) [upstream] - enable opengl for vfio-MDEV support (LP: 1804766) [in Debian] - SECURITY UPDATE: integer overflow in NE2000 NIC emulation [upstream] - SECURITY UPDATE: integer overflow via crafted QMP command [upstream] - SECURITY UPDATE: OOB heap buffer r/w access in NVM Express Controller [upstream] - SECURITY UPDATE: buffer overflow in rtl8139 [upstream] - SECURITY UPDATE: buffer overflow in pcnet [upstream] - SECURITY UPDATE: DoS via large packet sizes [upstream] - SECURITY UPDATE: DoS in lsi53c895a [upstream] - SECURITY UPDATE: Out-of-bounds r/w stack access in ppc64 [upstream] - SECURITY UPDATE: race condition in 9p [upstream] qemu (1:3.1+dfsg-2) unstable; urgency=medium * d/rules: split arch and indep builds * enable s390x cross-compiler and build s390-ccw.img (Closes: #684909) * build x86 optionrom in qemu-system-data (was in seabios/debian/) * qemu-system-data: Multi-Arch: allowed=>foreign (Closes: #903562) * fix Replaces: version for qemu-system-common (Closes: #916279) * add simple udev rules file for systemd guest agent (Closes: #916674) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch Race condition in usb_mtp implementation (Closes: #916397) * bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch Memory corruption in bluetooth subsystem (Closes: #916278) * hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch (Closes: #917007) * bump debhelper compat to 12 (>>11) * d/rules: use dh_missing instead of dh_install --list-missing (compat=12) * use dh_installsystemd for guest agent (Closes: #916625) * mention closing by 3.1: Closes: #912655, CVE-2018-16847 * mention closing by 2.10: Closes: #849798, CVE-2016-10028 Closes: CVE-2017-9060 Closes: CVE-2017-8284 qemu (1:3.1+dfsg-1) unstable; urgency=medium * new upstream release (3.1) * Security bugs fixed by upstream: Closes: #910431, CVE-2018-10839: integer overflow leads to buffer overflow issue Closes: #911468, CVE-2018-17962 pcnet: integer overflow leads to buffer overflow Closes: #911469, CVE-2018-17963 net: ignore packets with large size Closes: #908682, CVE-2018-3639 qemu should be able to pass the ssbd cpu flag Closes: #901017, CVE-2018-11806 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams Closes: #902725, CVE-2018-12617 qmp_guest_file_read in qemu-ga has an integer overflow Closes: #907500, CVE-2018-15746 qemu-seccomp might allow local OS guest users to cause a denial of service Closes: #915884, CVE-2018-16867 dev-mtp: path traversal in usb_mtp_write_data of the MTP Closes: #911499, CVE-2018-17958 Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used Closes: #911470, CVE-2018-18438 integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value Closes: #912535, CVE-2018-18849 lsi53c895a: OOB msg buffer access leads to DoS Closes: #914604, CVE-2018-18954 pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory Closes: #914599, CVE-2018-19364 Use-after-free due to race condition while updating fid path Closes: #914727, CVE-2018-19489 9pfs: crash due to race condition in renaming files Closes: #912655, CVE-2018-16847 Out-of-bounds r/w buffer access in cmb operations * remove patches which were applied upstream * add new manpage qemu-cpu-models.7 * qemu-system-ppcemb is gone, use qemu-system-ppc[64] * do-not-link-everything-with-xen.patch (trivial) * get-orig-source: handle 3.x and 4.x, and remove roms again, as upstream wants us to use separate source packages for that stuff * move generated data from qemu-system-data back to qemu-system-common * d/control: enable spice on arm64 (Closes: #902501) (probably should enable on all) * d/control: change git@salsa urls to https * add qemu-guest-agent.service (Closes: #795486) * enable opengl support and virglrenderer (Closes: #813658) * simplify d/rules just a little bit * build-depend on libudev-dev, for qga -- Christian Ehrhardt