Further stabilize qemu in Focal by updating to 4.2.1 stable release
Bug #1891877 reported by
Christian Ehrhardt
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| qemu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
[Impact]
* There are various issues that are fixed by the stable release of 4.2.1
Most prominently a bunch of memory leaks that will help long running
instances to not get into trouble later on
* There are also a number of CVEs covered, but those got added in a
bigger security update of 1:4.2-3ubuntu6.4 just before this upload, so
they are not "new" in 4.2.1 anymore for Ubuntu users.
[Test Case]
* Being a stabilization minor release there is no individual test to
apply. Instead we will pass it through the full regression test suite
and probably keep it some extra days in -proposed.
* Openstack indirectly depends on this for bug 1891203, so I'll ask them
if they can test this as well before we release it.
[Regression Potential]
* Naturally with so many changes it is hard to pinpoint the location of
potential regression. But the changes were those meant to be non-count-
impacting-fixes meant for a stable release and got some testing by the
community already.
[Other Info]
* We will hold this longer in -proposed and do even more testing to make
up for the remaining regression potential uncertainty
* This is a continuation of bug 1867519 which contained such changes that
were available prior to the focal release, but now upstream tagged
those and some more as v4.2.1
* This also fixes an issue in riscv emulation that was introduced in
recent security release of 1%4.2-3ubuntu6.4 by adding
https:/
---
Upstream has completed the 4.2.1 stable tag
https:/
Fixes are in groovy already via qemu 5.0
These are only non-feature backports, the majority this time being memleaks and bad accesses of some sort.
Some of the patches are already present in Ubuntu's 4.2 as of today.
But adding the others will serve the stability of our most recent LTS.
Related branches
~paelzer/ubuntu/+source/qemu:focal-SRU-august2020-1890154-1883984-1891203-1891877
Merged
into
ubuntu/+source/qemu:ubuntu/focal-devel
at
revision 74968e83c5c627c29f7a6cb802086ae93622aeca
- Rafael David Tinoco (community): Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 10691 lines (+9839/-7)133 files modifieddebian/changelog (+86/-0)
debian/patches/series (+131/-1)
debian/patches/stable/lp-1891877-9p-Lock-directory-streams-with-a-CoMutex.patch (+74/-0)
debian/patches/stable/lp-1891877-9p-local-always-return-1-on-error-in-local_unlinkat_.patch (+91/-0)
debian/patches/stable/lp-1891877-9p-proxy-Fix-export_flags.patch (+49/-0)
debian/patches/stable/lp-1891877-9pfs-include-linux-limits.h-for-XATTR_SIZE_MAX.patch (+43/-0)
debian/patches/stable/lp-1891877-9pfs-local-Fix-possible-memory-leak-in-local_link.patch (+44/-0)
debian/patches/stable/lp-1891877-9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch (+67/-0)
debian/patches/stable/lp-1891877-Fix-double-free-issue-in-qemu_set_log_filename.patch (+41/-0)
debian/patches/stable/lp-1891877-Fix-tulip-breakage.patch (+65/-0)
debian/patches/stable/lp-1891877-Revert-qemu-options.hx-Update-for-reboot-timeout-par.patch (+43/-0)
debian/patches/stable/lp-1891877-Revert-vnc-allow-fall-back-to-RAW-encoding.patch (+77/-0)
debian/patches/stable/lp-1891877-Update-version-for-4.2.1-release.patch (+24/-0)
debian/patches/stable/lp-1891877-blkdebug-Allow-taking-unsharing-permissions.patch (+209/-0)
debian/patches/stable/lp-1891877-block-Add-bdrv_qapi_perm_to_blk_perm.patch (+87/-0)
debian/patches/stable/lp-1891877-block-Avoid-memleak-on-qcow2-image-info-failure.patch (+41/-0)
debian/patches/stable/lp-1891877-block-Call-attention-to-truncation-of-long-NBD-expor.patch (+100/-0)
debian/patches/stable/lp-1891877-block-Fix-VM-size-field-width-in-snapshot-dump.patch (+58/-0)
debian/patches/stable/lp-1891877-block-backup-fix-memory-leak-in-bdrv_backup_top_appe.patch (+55/-0)
debian/patches/stable/lp-1891877-block-bdrv_set_backing_bs-fix-use-after-free.patch (+122/-0)
debian/patches/stable/lp-1891877-block-fix-memleaks-in-bdrv_refresh_filename.patch (+68/-0)
debian/patches/stable/lp-1891877-compat-disable-edid-on-correct-virtio-gpu-device.patch (+49/-0)
debian/patches/stable/lp-1891877-display-bochs-display-fix-memory-leak.patch (+42/-0)
debian/patches/stable/lp-1891877-dp8393x-Always-update-RRA-pointers-and-sequence-numb.patch (+52/-0)
debian/patches/stable/lp-1891877-dp8393x-Always-use-32-bit-accesses.patch (+167/-0)
debian/patches/stable/lp-1891877-dp8393x-Clean-up-endianness-hacks.patch (+71/-0)
debian/patches/stable/lp-1891877-dp8393x-Clear-RRRA-command-register-bit-only-when-ap.patch (+56/-0)
debian/patches/stable/lp-1891877-dp8393x-Clear-descriptor-in_use-field-to-release-pac.patch (+55/-0)
debian/patches/stable/lp-1891877-dp8393x-Don-t-clobber-packet-checksum.patch (+45/-0)
debian/patches/stable/lp-1891877-dp8393x-Don-t-reset-Silicon-Revision-register.patch (+51/-0)
debian/patches/stable/lp-1891877-dp8393x-Don-t-stop-reception-upon-RBE-interrupt-asse.patch (+137/-0)
debian/patches/stable/lp-1891877-dp8393x-Have-dp8393x_receive-return-the-packet-size.patch (+68/-0)
debian/patches/stable/lp-1891877-dp8393x-Implement-packet-size-limit-and-RBAE-interru.patch (+57/-0)
debian/patches/stable/lp-1891877-dp8393x-Mask-EOL-bit-from-descriptor-addresses.patch (+98/-0)
debian/patches/stable/lp-1891877-dp8393x-Pad-frames-to-word-or-long-word-boundary.patch (+113/-0)
debian/patches/stable/lp-1891877-dp8393x-Update-LLFA-and-CRDA-registers-from-rx-descr.patch (+75/-0)
debian/patches/stable/lp-1891877-dp8393x-Use-long-word-aligned-RRA-pointers-in-32-bit.patch (+60/-0)
debian/patches/stable/lp-1891877-dump-Fix-writing-of-ELF-section.patch (+51/-0)
debian/patches/stable/lp-1891877-hmp-vnc-Fix-info-vnc-list-leak.patch (+54/-0)
debian/patches/stable/lp-1891877-hostmem-don-t-use-mbind-if-host-nodes-is-empty.patch (+61/-0)
debian/patches/stable/lp-1891877-hw-arm-cubieboard-use-ARM-Cortex-A8-as-the-default-C.patch (+59/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Align-stream-table-base-address-to-tab.patch (+83/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Apply-address-mask-to-linear-strtab-ba.patch (+59/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Check-stream-IDs-against-actual-table-.patch (+63/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MASK-value.patch (+52/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Report-F_STE_FETCH-fault-address-in-co.patch (+55/-0)
debian/patches/stable/lp-1891877-hw-arm-smmuv3-Use-correct-bit-positions-in-EVT_SET_A.patch (+58/-0)
debian/patches/stable/lp-1891877-hw-i386-amd_iommu.c-Fix-corruption-of-log-events-pas.patch (+49/-0)
debian/patches/stable/lp-1891877-hw-intc-arm_gicv3_kvm-Stop-wrongly-programming-GICR_.patch (+66/-0)
debian/patches/stable/lp-1891877-i386-Resolve-CPU-models-to-v1-by-default.patch (+91/-0)
debian/patches/stable/lp-1891877-ide-Fix-incorrect-handling-of-some-PRDTs-in-ide_dma_.patch (+99/-0)
debian/patches/stable/lp-1891877-iotests-026-Move-v3-exclusive-test-to-new-file.patch (+232/-0)
debian/patches/stable/lp-1891877-iotests-026-Test-EIO-on-allocation-in-a-data-file.patch (+107/-0)
debian/patches/stable/lp-1891877-iotests-026-Test-EIO-on-preallocated-zero-cluster.patch (+97/-0)
debian/patches/stable/lp-1891877-iotests-283-Use-consistent-size-for-source-and-targe.patch (+57/-0)
debian/patches/stable/lp-1891877-iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch (+42/-0)
debian/patches/stable/lp-1891877-iotests-Fix-nonportable-use-of-od-endian.patch (+69/-0)
debian/patches/stable/lp-1891877-iotests-Test-copy-offloading-with-external-data-file.patch (+71/-0)
debian/patches/stable/lp-1891877-iotests-add-test-for-backup-top-failure-on-permissio.patch (+19/-6)
debian/patches/stable/lp-1891877-m68k-Fix-regression-causing-Single-Step-via-GDB-RSP-.patch (+108/-0)
debian/patches/stable/lp-1891877-migration-Rate-limit-inside-host-pages.patch (+157/-0)
debian/patches/stable/lp-1891877-migration-colo-fix-use-after-free-of-local_err.patch (+39/-0)
debian/patches/stable/lp-1891877-migration-ram-fix-use-after-free-of-local_err.patch (+39/-0)
debian/patches/stable/lp-1891877-migration-test-ppc64-fix-FORTH-test-program.patch (+67/-0)
debian/patches/stable/lp-1891877-net-Do-not-include-a-newline-in-the-id-of-nic-device.patch (+43/-0)
debian/patches/stable/lp-1891877-numa-properly-check-if-numa-is-supported.patch (+75/-0)
debian/patches/stable/lp-1891877-numa-remove-not-needed-check.patch (+52/-0)
debian/patches/stable/lp-1891877-ppc-ppc405_boards-Remove-unnecessary-NULL-check.patch (+63/-0)
debian/patches/stable/lp-1891877-qapi-better-document-NVMe-blockdev-device-parameter.patch (+49/-0)
debian/patches/stable/lp-1891877-qcow2-List-autoclear-bit-names-in-header.patch (+208/-0)
debian/patches/stable/lp-1891877-qcow2-update_refcount-Reset-old_table_index-after-qc.patch (+43/-0)
debian/patches/stable/lp-1891877-qemu-ga-document-vsock-listen-in-the-man-page.patch (+70/-0)
debian/patches/stable/lp-1891877-qemu-nbd-Close-inherited-stderr.patch (+46/-0)
debian/patches/stable/lp-1891877-qga-Fix-undefined-C-behavior.patch (+53/-0)
debian/patches/stable/lp-1891877-qga-Installer-Wait-for-installation-to-finish.patch (+42/-0)
debian/patches/stable/lp-1891877-qga-win-Handle-VSS_E_PROVIDER_ALREADY_REGISTERED-err.patch (+47/-0)
debian/patches/stable/lp-1891877-qga-win-prevent-crash-when-executing-guest-file-read.patch (+55/-0)
debian/patches/stable/lp-1891877-runstate-ignore-finishmigrate-prelaunch-transition.patch (+69/-0)
debian/patches/stable/lp-1891877-s390x-adapter-routes-error-handling.patch (+84/-0)
debian/patches/stable/lp-1891877-scsi-qemu-pr-helper-Fix-out-of-bounds-access-to-trnp.patch (+102/-0)
debian/patches/stable/lp-1891877-sheepdog-Consistently-set-bdrv_has_zero_init_truncat.patch (+54/-0)
debian/patches/stable/lp-1891877-spapr-Fix-failure-path-for-attempting-to-hot-unplug-.patch (+42/-0)
debian/patches/stable/lp-1891877-target-arm-Clear-tail-in-gvec_fmul_idx_-gvec_fmla_id.patch (+47/-0)
debian/patches/stable/lp-1891877-target-arm-Correct-definition-of-PMCRDP.patch (+47/-0)
debian/patches/stable/lp-1891877-target-arm-fix-TCG-leak-for-fcvt-half-double.patch (+54/-0)
debian/patches/stable/lp-1891877-target-arm-monitor-query-cpu-model-expansion-crashed.patch (+66/-0)
debian/patches/stable/lp-1891877-target-ppc-Fix-mtmsr-d-L-1-variant-that-loses-interr.patch (+163/-0)
debian/patches/stable/lp-1891877-target-ppc-Fix-rlwinm-on-ppc64.patch (+67/-0)
debian/patches/stable/lp-1891877-target-xtensa-fix-pasto-in-pfwait.r-opcode-name.patch (+36/-0)
debian/patches/stable/lp-1891877-tcg-i386-Fix-INDEX_op_dup2_vec.patch (+45/-0)
debian/patches/stable/lp-1891877-tcg-mips-mips-sync-encode-error.patch (+57/-0)
debian/patches/stable/lp-1891877-tests-fix-modules-test-duplicate-test-case-error.patch (+54/-0)
debian/patches/stable/lp-1891877-tests-ide-test-Create-a-single-unit-test-covering-mo.patch (+228/-0)
debian/patches/stable/lp-1891877-vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch (+75/-0)
debian/patches/stable/lp-1891877-vhost-user-gpu-Release-memory-returned-by-vu_queue_p.patch (+67/-0)
debian/patches/stable/lp-1891877-virtio-9p-device-fix-memleak-in-virtio_9p_device_unr.patch (+49/-0)
debian/patches/stable/lp-1891877-virtio-add-ability-to-delete-vq-through-a-pointer.patch (+71/-0)
debian/patches/stable/lp-1891877-virtio-balloon-fix-free-page-hinting-check-on-unreal.patch (+51/-0)
debian/patches/stable/lp-1891877-virtio-balloon-fix-free-page-hinting-without-an-ioth.patch (+116/-0)
debian/patches/stable/lp-1891877-virtio-balloon-unref-the-iothread-when-unrealizing.patch (+49/-0)
debian/patches/stable/lp-1891877-virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch (+61/-0)
debian/patches/stable/lp-1891877-virtio-make-virtio_delete_queue-idempotent.patch (+37/-0)
debian/patches/stable/lp-1891877-virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch (+45/-0)
debian/patches/stable/lp-1891877-virtio-reset-region-cache-when-on-queue-deletion.patch (+40/-0)
debian/patches/stable/lp-1891877-vpc-Don-t-round-up-already-aligned-BAT-sizes.patch (+55/-0)
debian/patches/stable/lp-1891877-xen-9pfs-yield-when-there-isn-t-enough-room-on-the-r.patch (+96/-0)
debian/patches/stable/lp-1891877-xen-block-Fix-double-qlist-remove-and-request-leak.patch (+163/-0)
debian/patches/ubuntu/CVE-2020-10761.patch (+149/-0)
debian/patches/ubuntu/CVE-2020-12829-2.patch (+55/-0)
debian/patches/ubuntu/CVE-2020-12829-3.patch (+41/-0)
debian/patches/ubuntu/CVE-2020-12829-4.patch (+42/-0)
debian/patches/ubuntu/CVE-2020-12829-5.patch (+28/-0)
debian/patches/ubuntu/CVE-2020-12829-6.patch (+129/-0)
debian/patches/ubuntu/CVE-2020-12829-7.patch (+61/-0)
debian/patches/ubuntu/CVE-2020-12829-pre1.patch (+159/-0)
debian/patches/ubuntu/CVE-2020-12829-pre2.patch (+134/-0)
debian/patches/ubuntu/CVE-2020-12829-pre3.patch (+42/-0)
debian/patches/ubuntu/CVE-2020-12829-pre4.patch (+95/-0)
debian/patches/ubuntu/CVE-2020-12829.patch (+261/-0)
debian/patches/ubuntu/CVE-2020-13253.patch (+122/-0)
debian/patches/ubuntu/CVE-2020-13361.patch (+60/-0)
debian/patches/ubuntu/CVE-2020-13362-1.patch (+51/-0)
debian/patches/ubuntu/CVE-2020-13362-2.patch (+36/-0)
debian/patches/ubuntu/CVE-2020-13362-3.patch (+97/-0)
debian/patches/ubuntu/CVE-2020-13659.patch (+47/-0)
debian/patches/ubuntu/CVE-2020-13754-1.patch (+81/-0)
debian/patches/ubuntu/CVE-2020-13754-2.patch (+59/-0)
debian/patches/ubuntu/CVE-2020-13800.patch (+59/-0)
debian/patches/ubuntu/CVE-2020-14415.patch (+33/-0)
debian/patches/ubuntu/CVE-2020-15863.patch (+58/-0)
debian/patches/ubuntu/CVE-2020-16092.patch (+40/-0)
debian/patches/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch (+37/-0)
debian/patches/ubuntu/lp-1890154-s390x-protvirt-allow-to-IPL-secure-guests-with-no-re.patch (+52/-0)
CVE References
| no longer affects: | charm-nova-compute |
| description: | updated |
| description: | updated |
| Changed in qemu (Ubuntu): | |
| status: | New → Fix Released |
| Changed in qemu (Ubuntu Focal): | |
| status: | New → Triaged |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #1 |
| description: | updated |
Revision history for this message
| Timo Aaltonen (tjaalton) wrote Please test proposed package | #2 |
| Changed in qemu (Ubuntu Focal): | |
| status: | Triaged → Fix Committed |
| tags: | added: verification-needed verification-needed-focal |
Revision history for this message
| Ubuntu SRU Bot (ubuntu-sru-bot) wrote Autopkgtest regression report (qemu/1:4.2-3ubuntu6.5) | #3 |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #4 |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #5 |
| tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Revision history for this message
| Chris Halse Rogers (raof) wrote Update Released | #6 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #7 |
| Changed in qemu (Ubuntu Focal): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
FYI these we have already applied before Focal release as part of bug 1867519:
#85df33073a
#a115daadf6
#da0948d13c
#52a02834e0
#2215837fe2
#a5f815514a
#ba6a94e64e
#0cfa46da8f
#77d9c84d9f
#2f4affb721
#0253531824
#7042922dd7
#98c74fe49a
#742195db17
#3fb2521040
#fa446ae444
#2a7569e751
#0319118bcf
#e49ae74a24
#ab7f6eaa5b
#382b9f09bd
#2dc540e40d
#e0ccde3887
#a0dc4d2495
#c44c4f7229
#8fc4aa4822
#f3ef98874e
#cd8ecfb19c
#b1b362aa8e
#e92b21ffc4
#8952da32c3
#3dd28c8ecc
#f127d16397
#8d151ab5c2
Also for bug 1859527
#def30090ad
Also for bug 1872945
#a6e44eee6c
#c1cad76dcd
#a6e44eee6c
#a918ea2ec3
#690e3004ae
#e727aa1a7b
Also for bug 1882774
#4a910e1f6a
Also for bug 1872107
#1343d33371
Also for bug 1835546
#580c08b326
Also former CVE fixes that are already applied:
#0c1d805360
#4e98c388d6
#01392ae31a
#862240852b
#69a6048e1e
#abf9ffa7b3
#4b34c6d724
#fb6a24fb1d
TL;DR 51 of 156 were already applied.