changelog 154 KB
Newer Older
1
qemu (1:3.1+dfsg-1) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
2
3

  * new upstream release (3.1)
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
  * Security bugs fixed by upstream:
    Closes: #910431, CVE-2018-10839:
     integer overflow leads to buffer overflow issue
    Closes: #911468, CVE-2018-17962
     pcnet: integer overflow leads to buffer overflow
    Closes: #911469, CVE-2018-17963
     net: ignore packets with large size
    Closes: #908682, CVE-2018-3639
     qemu should be able to pass the ssbd cpu flag
    Closes: #901017, CVE-2018-11806
     m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
     via incoming fragmented datagrams
    Closes: #902725, CVE-2018-12617
     qmp_guest_file_read in qemu-ga has an integer overflow
    Closes: #907500, CVE-2018-15746
     qemu-seccomp might allow local OS guest users to cause a denial of service
    Closes: #915884, CVE-2018-16867
     dev-mtp: path traversal in usb_mtp_write_data of the MTP
    Closes: #911499, CVE-2018-17958
     Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
     because an incorrect integer data type is used
    Closes: #911470, CVE-2018-18438
     integer overflows because IOReadHandler and its associated functions
     use a signed integer data type for a size value
    Closes: #912535, CVE-2018-18849
     lsi53c895a: OOB msg buffer access leads to DoS
    Closes: #914604, CVE-2018-18954
     pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
     allows out-of-bounds write or read access to PowerNV memory
    Closes: #914599, CVE-2018-19364
     Use-after-free due to race condition while updating fid path
    Closes: #914727, CVE-2018-19489
     9pfs: crash due to race condition in renaming files
37
38
    Closes: #912655, CVE-2018-16847
     Out-of-bounds r/w buffer access in cmb operations
Michael Tokarev's avatar
Michael Tokarev committed
39
  * remove patches which were applied upstream
40
41
42
43
44
45
46
47
48
49
50
51
52
  * add new manpage qemu-cpu-models.7
  * qemu-system-ppcemb is gone, use qemu-system-ppc[64]
  * do-not-link-everything-with-xen.patch (trivial)
  * get-orig-source: handle 3.x and 4.x, and remove roms again, as
    upstream wants us to use separate source packages for that stuff
  * move generated data from qemu-system-data back to qemu-system-common
  * d/control: enable spice on arm64 (Closes: #902501)
    (probably should enable on all)
  * d/control: change git@salsa urls to https
  * add qemu-guest-agent.service (Closes: #795486)
  * enable opengl support and virglrenderer (Closes: #813658)
  * simplify d/rules just a little bit
  * build-depend on libudev-dev, for qga
Michael Tokarev's avatar
Michael Tokarev committed
53
54
55

 -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 02 Dec 2018 19:10:27 +0300

56
57
58
59
60
61
62
63
64
65
66
qemu (1:2.12+dfsg-3) unstable; urgency=medium

  * make qemu-system-foo depending
    on qemu-system-data >>ver~, not >>ver
    (Closes: #900585)
  * do not build qemu-system-gui on hppa
  * use dh_lintian for lintian overrides
  * update VCS fields to point to salsa.debian.org

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 01 Jun 2018 21:42:29 +0300

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
qemu (1:2.12+dfsg-2) unstable; urgency=medium

  * create new package, qemu-system-gui,
    and package GTK module and audio modules in there
    Closes: #850584
  * add an item about qemu-system-gui to debian/qemu-system-common.NEWS
  * qemu-system-*: require more recent qemu-system-common
  * switch all builds to be in a single b/ subdir
  * d/get-orig-source: remove .oco (object) files from roms/SLOF/
  * refresh patches/use-fixed-data-path.patch: remove now-unused local var too
  * ccid-card-passthru-fix-regression-in-realize.patch (Closes: #900006)
  * debian/control-in: enable seccomp on linux-any (Closes: #900055)
  * create new arch-indep package qemu-system-data, for data and firmware files.
    Move common data files from qemu-system-common to it, for now
  * fix sata/ahci stalls (ahci-fix-PxCI-register-race.patch)
  * tcg-i386-Fix-dup_vec-in-non-AVX2-codepath.patch (Closes: #900372)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 31 May 2018 13:22:55 +0300

86
qemu (1:2.12+dfsg-1) unstable; urgency=medium
87

88
  * new upstream release
89
90
91
92
93
94
  * get-orig-source: do not remove roms/* directories,
    since we will use these to build the roms
  * disable building on hppa arch (not supported upstream since ong time)
  * Use https://download.qemu.org to download new tarballs (Closes: #895067)
  * add Breaks: binfmt-support (<<2.1.7) so that --fix-binary works;
    also fix qemu-user-static description (Closes: #896478)
95

96
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 26 Apr 2018 20:29:36 +0300
97

98
99
100
101
102
103
104
105
106
107
108
qemu (1:2.12~rc3+dfsg-2) unstable; urgency=medium

  * fix typo in previous changelog entry
  * add riscv32/riscv64 to qemu-debootstrap
  * install gtk message catalogs into qemu-system-common (Closes: #878130)
    (and install-gtk-message-catalogs-if-CONFIG_GTK.patch)
  * tcg_mips-handle-large-offsets-from-target-env-to-tlb_table.patch:
    fix FTBFS on mips targets

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 14 Apr 2018 17:01:24 +0300

109
qemu (1:2.12~rc3+dfsg-1) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
110

111
112
113
114
115
116
117
118
119
  * new upstream 2.12 release (Release Candidate 3)
    Closes: #892041, CVE-2018-7550
    Closes: #884806, CVE-2017-15124
    Closes: #887392, CVE-2018-5683
    Closes: #892497, CVE-2018-7858
    Closes: #882136, CVE-2017-16845
    Closes: #886532, #892947, #891375, #887892, #860822, #851694
  * refresh local debian patches
  * d/rules: enable new system (hppa riscv32 riscv64) and
120
    user (aarch64_be xtensa xtensaeb riscv32 riscv64) targets
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
    Closes: #893767
  * fix d/source/options to match current reality
  * drop use-data-path.patch, upstream now has --firmwarepath= option
  * enable capstone disassembler library support
    (build-depend on libcapstone-dev)
  * debian/extract-config-opts: use tab for option / condition separator
  * qemu-block-extra: install only block modules
  * make `qemu' metapackage to be dummy, to remove it in a future release
  * do not suggest kmod, it is pointless
  * install /usr/bin/qemu-pr-helper to qemu-utils package
  * switch from sdl2 to gtk ui
    Closes: #839695, #886671, #879536, #879534, #879532, #879193, #894852
  * qemu-system-ppc: forgotten qemu-system-ppc64le.1 link
  * mention closing of #880582 by 2.11
  * package will built against spice 0.14, so Closes: #854959
  * check sfdisk presence in qemu-make-debian-root (Closes: #872098)
  * check mke2fs presence in qemu-make-debian-root (Closes: #887207)
  * debian/binfmt-update-in: include forgotten hppa (Closes: #891261)
  * debian/TODO: removed some old ToDo items
  * use binfmt-support --fix-binary option (Closes: #868030)
Michael Tokarev's avatar
Michael Tokarev committed
141

142
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 12 Apr 2018 19:04:03 +0300
Michael Tokarev's avatar
Michael Tokarev committed
143

144
qemu (1:2.11+dfsg-1) unstable; urgency=medium
145

146
  [ Michael Tokarev ]
147
148
149
150
151
152
  * update to new upstream (2.11) release
    Closes: #883625, CVE-2017-17381
    Closes: #880832, CVE-2017-15289
    Closes: #880836, CVE-2017-15268
    Closes: #883399, CVE-2017-15119
    Closes: #883406, CVE-2017-15118
153
    Closes: #880582
154
155
156
157
158
159
160
161
162
163
164
165
166
  * update to new upstream, remove old patches, refresh debian patches
  * disable sdl audio driver (pulse or oss should work fine)
  * do not build-depend on libx11-dev (libsdl2-dev already depends on it)
  * move libpulse-dev build-dep to a better place
  * clean up d/control from various old conflicts/replaces/provides
  * remove --with-system-pixman, not used anymore
  * remove ubuntu-specific qemu-system-aarch64 transitional package (trusty)
  * remove ubuntu-specific mentions of old qemu-kvm-spice package (precise)
  * remove old comment about /etc/kvm from qemu-kvm description
  * add Suggests: openbios-sparc for qemu-system-sparc on ubuntu
    (similar to what is done for qemu-system-ppc)
  * update get-orig-source.sh with new blobs/submodules
  * update debian/watch a bit
167
168
169

  [ Aurelien Jarno ]
  * debian/control-in: build qemu-system and qemu-user on mips64 and
Aurelien Jarno's avatar
Aurelien Jarno committed
170
    mips64el.  Closes: #880485.
171

172
173
174
175
176
177
  [ Christian Ehrhardt ]
  * ppc64[le]: provide symlink matching arch name
  * d/control-in: Enable seccomp for ppc64el,
    this bumps minimum libseccomp version

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 11 Jan 2018 14:42:12 +0300
178

179
qemu (1:2.10.0+dfsg-2) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
180

181
182
183
184
185
186
187
188
189
190
191
  * update to upstream 2.10.1 point release
    Closes: #877160
    Closes: CVE-2017-13673
  * remove 3 patches included upstream:
    multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
    vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
    slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
  * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
    Closes: #877890, CVE-2017-15038
  * remove-trailing-whitespace-from-qemu-options.hx.patch
    Closes: #875711
Michael Tokarev's avatar
Michael Tokarev committed
192
193
194
195
  * drop dh_makeshlibs call (was for libcacard)
  * drop linux-libc-dev build-dependency (it gets pulled by libc-dev)
  * switch from sdl1 to sdl2 (Closes: #870025)

196
 -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 08 Oct 2017 12:51:09 +0300
Michael Tokarev's avatar
Michael Tokarev committed
197

198
199
200
201
202
203
204
205
206
207
208
209
qemu (1:2.10.0+dfsg-1) unstable; urgency=medium

  * remove blobs, to DFSG'ify it again (there's still
    no source for some blobs included in upstream tarball)
    There's no way to revert to 2-number version due to prev. upload
  * update from upstream git (no changes but include date & commit-id):
    multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
  * update previous changelog entry (fix bug/closes refs):
    Closes: #873851, CVE-2017-13672
    Closes: #874606, CVE-2017-14167
    Closes: #873875, CVE-2017-13711

Michael Tokarev's avatar
Michael Tokarev committed
210
 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 25 Sep 2017 09:46:53 +0300
211

212
213
214
215
216
217
qemu (1:2.10.0-1) unstable; urgency=medium

  * new upstream release, 2.10
    Closes: #865754, CVE-2017-9503
    Closes: #864219, CVE-2017-9375
    Closes: #869945
218
    Closes: #867978
219
    Closes: #871648, #871702, #872257
220
    Closes: #851694
221
222
223
224
225
226
227
228
229
230
231
232
    Closed in this upstream release:
     #865755, CVE-2017-9524
     #863840, CVE-2017-9310
     #863943, CVE-2017-9330
     #864216, CVE-2017-9373
     #864568, CVE-2017-9374
     #869171, CVE-2017-11434
     #869173, CVE-2017-11334
     #869706, CVE-2017-10911
     #867751, CVE-2017-10806
     #866674, CVE-2017-10664
     #873849, CVE-2017-12809
233
234
235
     #849798, CVE-2016-10028
     CVE-2017-9060
     CVE-2017-8284
236
237
238
239
240
241
242
243
244
245
246
247
  * dropped all fixes, applied upstream
  * dropped 02_kfreebsd.patch - apparently not relevant anymore
  * dropped +dfsg, use upstream tarball directly: we do not use
    binaries shipped there, and even for those, upstream tarball
    contains the sources
  * refreshed list of targets:
      qemu-or32, qemu-system-or32 => qemu-or1k, qemu-system-or1k
      +qemu-nios2, qemu-system-nios2
      +qemu-hppa
  * added hppa binfmt entry
  * refreshed docs lists for various packages
  * new (security) patches:
248
249
250
251
252
253
    vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
    Closes: #873851, CVE-2017-13672
    multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
    Closes: #874606, CVE-2017-14167
    slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
    Closes: #873875, CVE-2017-13711
254
255
256

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 23 Sep 2017 16:47:02 +0300

257
258
259
260
261
262
263
qemu (1:2.8+dfsg-7) unstable; urgency=medium

  * uploading to unstable all fixes which went to stretch-security
    (exactly the same as 2.8+dfsg-6+deb9u2)

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 05 Aug 2017 16:35:01 +0300

264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high

  * actually apply the nbd server patches, not only include in debian/patches/
    Really closes: #865755, CVE-2017-9524
  * slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch
    Closes: #869171, CVE-2017-11434
  * exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
    Closes: #869173, CVE-2017-11334
  * usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch
    Closes: #867751, CVE-2017-10806
  * add reference to #869706 to
    xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
  * disable xhci recursive calls fix for now, as it causes instant crash
    (xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch)
    Reopens: #864219, CVE-2017-9375
    Closes: #869945

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 02 Aug 2017 16:57:34 +0300

283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high

  * net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch
    Closes: #863840, CVE-2017-9310
  * usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch
    Closes: #863943, CVE-2017-9330
  * ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch
    Closes: #864216, CVE-2017-9373
  * xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
    Closes: #864219, CVE-2017-9375
  * usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch
    Closes: #864568, CVE-2017-9374
  * nbd-ignore-SIGPIPE-CVE-2017-10664.patch
    Closes: #866674, CVE-2017-10664
  * nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch
    nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch
    Closes: #865755, CVE-2017-9524
  * xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
    Closes: CVE-2017-10911

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 12 Jul 2017 11:05:16 +0300

305
306
307
308
309
310
311
312
313
qemu (1:2.8+dfsg-6) unstable; urgency=high

  * 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch
    Closes: CVE-2017-7493
  * group all 9p patches together
  * drop obsolete comment about libiscsi on ubuntu from d/control

 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 23 May 2017 09:58:03 +0300

314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
qemu (1:2.8+dfsg-5) unstable; urgency=high

  * Security fix release
  * 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
    Closes: #860785, CVE-2017-7471
  * 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
    Closes: #861348, CVE-2017-8086
  * vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
    Closes: #861351, CVE-2017-8112
  * scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
    Closes: #862282, CVE-2017-8380
  * input-limit-kbd-queue-depth-CVE-2017-8379.patch
    Closes: #862289, CVE-2017-8379
  * audio-release-capture-buffers-CVE-2017-8309.patch
    Closes: #862280, CVE-2017-8309

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 17 May 2017 09:01:24 +0300

332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
qemu (1:2.8+dfsg-4) unstable; urgency=high

  * usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch
    Closes: #856969, CVE-2017-6505
  * linux-user-fix-apt-get-update-on-linux-user-hppa.patch
    Closes: #846084
  * update to 2.8.1 upstream stable/bugfix release
    (v2.8.1.diff from upstream, except of seabios blob bits).
    Closes: #857744, CVE-2016-9603
    Patches dropped because they're included in 2.8.1 release:
     9pfs-symlink-attack-fixes-CVE-2016-9602.patch
     char-fix-ctrl-a-b-not-working.patch
     cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
     cirrus-fix-oob-access-issue-CVE-2017-2615.patch
     cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
     linux-user-fix-s390x-safe-syscall-for-z900.patch
     nbd_client-fix-drop_sync-CVE-2017-2630.patch
     s390x-use-qemu-cpu-model-in-user-mode.patch
     sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
     virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
     vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
  * bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
  * 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
    (Closes: #859854, CVE-2017-7377)
  * dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
    Closes: #840950, CVE-2016-8667
  * make d/control un-writable to stop users from changing a generated file
  * two patches from upstream to fix user-mode network with IPv6
    slirp-make-RA-build-more-flexible.patch
    slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch
    (Closes: #844566)

 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 03 Apr 2017 16:28:49 +0300

366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
qemu (1:2.8+dfsg-3) unstable; urgency=high

  * urgency high due to security fixes

  [ Michael Tokarev ]
  * serial-fix-memory-leak-in-serial-exit-CVE-2017-5579.patch
    Closes: #853002, CVE-2017-5579
  * cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
    (needed for the next patch, CVE-2017-2620 fix)
  * cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
    Closes: #855791, CVE-2017-2620
  * nbd_client-fix-drop_sync-CVE-2017-2630.diff
    Closes: #855227, CVE-2017-2630
  * sd-sdhci-check-transfer-mode-register-in-multi-block-CVE-2017-5987.patch
    Closes: #855159, CVE-2017-5987
  * vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
    Closes: #855616, CVE-2017-6058
  * 3 CVE fixes from upstream for #853996:
    sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
    megasas-fix-guest-triggered-memory-leak-CVE-2017-5856.patch
    virtio-gpu-fix-resource-leak-in-virgl_cmd_resource-CVE-2017-5857.patch
    Closes: #853996, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857
  * usb-ccid-check-ccid-apdu-length-CVE-2017-5898.patch
    Closes: #854729, CVE-2017-5898
  * virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
    Closes: #854730, CVE-2017-5931
  * xhci-apply-limits-to-loops-CVE-2017-5973.patch
    Closes: #855611, CVE-2017-5973
  * net-imx-limit-buffer-descriptor-count-CVE-2016-7907.patch
    Closes: #839986, CVE-2016-7907
  * cirrus-fix-oob-access-issue-CVE-2017-2615.patch
    Closes: #854731, CVE-2017-2615
  * 9pfs-symlink-attack-fixes-CVE-2016-9602.patch
    Closes: #853006
  * vnc-do-not-disconnect-on-EAGAIN.patch
    Closes: #854032
  * xhci-fix-event-queue-IRQ-handling.patch (win7 xhci issue fix)
  * xhci-only-free-completed-transfers.patch
    Closes: #855659
  * char-fix-ctrl-a-b-not-working.patch
    Closes: https://bugs.launchpad.net/bugs/1654137
  * char-drop-data-written-to-a-disconnected-pty.patch
    Closes: https://bugs.launchpad.net/bugs/1667033
  * s390x-use-qemu-cpu-model-in-user-mode.patch
    Closes: #854893
  * d/control is autogenerated, add comment
  * check if debootstrap is available in qemu-debootstrap
    Closes: #846497

  [ Christian Ehrhardt ]
  * (ubuntu) no more skip enable libiscsi (now in main)
  * (ubuntu) Disable glusterfs (Universe dependency)
  * (ubuntu) have qemu-system-arm suggest: qemu-efi;
    this should be a stronger relationship, but qemu-efi is still
    in universe right now.
  * (ubuntu) change dependencies for fix of wrong acl for newly
    created device node on ubuntu

 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 28 Feb 2017 11:40:18 +0300

426
qemu (1:2.8+dfsg-2) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448

  * Revert "update binfmt registration for mipsn32"
    Reopens: #829243
    Closes: #843032
    Will re-enable it for stretch+1, since for now upgrades
    from jessie are broken (jessie comes with 3.16 kernel),
    and there's no easy fix for this
  * Revert "enable virtio gpu (virglrenderer) and opengl support"
    Revert "switch from sdl1 to gtk3"
    Revert other gtk2/drm/vte/virgl-related changes
    Reopens: #813658, #839695
    The change were too close to stretch release and too large,
    bringing too much graphics stuff for headless servers,
    will re-think this for stretch+1.
    sdl1 back: Closes: #851509
    virtio-3d bugs: Closes: #849798, #852119
  * mention closing of #769983 (multi-threaded linux-user) by 2.7
  * mention closing of #842455, CVE-2016-9101 by 2.8
  * audio-ac97-add-exit-function-CVE-2017-5525.patch (Closes: #852021)
  * audio-es1370-add-exit-function-CVE-2017-5526.patch (Closes: #851910)
  * watchdog-6300esb-add-exit-function-CVE-2016-10155.patch (Closes: #852232)

449
 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 23 Jan 2017 14:06:54 +0300
Michael Tokarev's avatar
Michael Tokarev committed
450

451
qemu (1:2.8+dfsg-1) unstable; urgency=medium
452
453

  * new upstream release
454
455
456
457
458
459
460
461
462
463
464
465
466
   Closes: #837191, CVE-2016-7156
   Closes: #837316, CVE-2016-7170
   Closes: #839835, CVE-2016-7908
   Closes: #839834, CVE-2016-7909
   Closes: #840228, CVE-2016-7994
   Closes: #840236, CVE-2016-7995
   Closes: #840343, CVE-2016-8576
   Closes: #840341, CVE-2016-8577
   Closes: #840340, CVE-2016-8578
   Closes: #840948, CVE-2016-8668
   Closes: #840945, CVE-2016-8669
   Closes: #841950, CVE-2016-8909
   Closes: #841955, CVE-2016-8910
Michael Tokarev's avatar
Michael Tokarev committed
467
468
   Closes: #842463, CVE-2016-9102 CVE-2016-9103 CVE-2016-9104
                    CVE-2016-9105 CVE-2016-9106
469
470
471
472
473
474
475
476
477
478
   Closes: #846797, CVE-2016-9776
   Closes: #847381, CVE-2016-9845
   Closes: #847382, CVE-2017-9846
   Closes: #847953, CVE-2016-9907
   Closes: #847400, CVE-2016-9908
   Closes: #847951, CVE-2016-9911
   Closes: #847391, CVE-2016-9912
   Closes: #847496, CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916
   Closes: #847960, CVE-2016-9921 CVE-2016-9922
   Closes: #847957, CVE-2016-9923
479
   Closes: #842455, CVE-2016-9101 (git2634ab7fe29b3f75d0865b719caf8f310d634aae)
480
481
   Closes: #819755, #833162
   Hopefully closes: #844361
482
  * remove unicore32 linux-user target, removed upstream
483
  * remove all patches which were applied upstream (most of them)
Michael Tokarev's avatar
Michael Tokarev committed
484
  * actually fix #841060
485
  * doc-don-t-mention-memory-it-is-m.patch, Closes: #833619
486
  * don't pass --enable-uuid (always enabled)
487
  * build-depend on libncursesw5-dev, not libncurses5-dev
488
  * install trace-events-all in qemu-system-common
489
  * do not install qemu-tech.html (not provided by upstream anymore)
490
  * switch from sdl1 to gtk3 (Closes: #839695)
491
  * enable virtio gpu (virglrenderer) and opengl support (Closes: #813658)
492
  * strip out -ldrm out of OPENGL_LIBS, since libdrm is actually not needed
493
  * enable nfs support (libnfs-dev), in qemu-block-extra
494
495
  * enable glusterfs support (glusterfs-common), in qemu-block-extra
    (Closes: #775431)
496
  * enable numa support (libnuma-dev) (Closes: #758189)
497

498
 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 28 Dec 2016 15:31:37 +0300
499

500
501
502
503
504
505
506
507
508
qemu (1:2.7+dfsg-3) unstable; urgency=medium

  * add PIE.patch to change loadable modules linker flags, from Adrian
    (Closes: #837574)
  * linux-user-fix-s390x-safe-syscall-for-z900.patch - fix FTBFS on s390x
  * mention CVE-2016-7466 for 2.7+dfsg-1 (Closes: #838687, CVE-2016-7466)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 27 Oct 2016 19:38:01 +0300

509
510
511
512
513
514
515
516
517
518
519
520
qemu (1:2.7+dfsg-2) unstable; urgency=medium

  * fix distribution field in previous changelog entry
  * add depends: on seabios >= 1.9 with linuxboot_dma.bin
    (Closes: #840853, #841060, #842161)
  * add more links for openbios-sparc to qemu-system-sparc,
    bump dependency (Closes: #827456)
  * include license for qemu logo files (Closes: #785362)

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 26 Oct 2016 20:04:15 +0300

qemu (1:2.7+dfsg-1) unstable; urgency=medium
521
522
523
524
525

  * Acknowledge the previous NMU. Thank you Andrew!
  * New upstream release, 2.7 (Closes: #748043, #839292)
    Closes: #838850, CVE-2016-7161
    Closes: #473240 (qcow encryption support has been removed)
526
    Closes: #769983 (multi-threaded linux-user)
527
528
529
530
531
532
533
534
535
536
537
538
  * removed patches which went upstream, refreshed use-data-path.patch
  * renamed remaining patches to include CVE#s and added Bug-Debian headers
  * added Depends on lsb-base to qemu-guest-agent (Closes: #840740)
  * update binfmt registration for mipsn32 (Closes: #829243)
    Thank you Adam Borowski for investigation and the patch
  * replace CVE-2016-7156 (#837339) patch with actual code from upstream
  * scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj-CVE-2016-7423.patch
    (Closes: #838145, CVE-2016-7423)
  * virtio-add-check-for-descriptor-s-mapped-address-CVE-2016-7422.patch
    (Closes: #838146, CVE-2016-7422)
  * scsi-pvscsi-limit-process-IO-loop-to-ring-size-CVE-2016-7421.patch
    (Closes: #838147, CVE-2016-7421)
539
540
  * usb-xhci-fix-memory-leak-in-usb_xhci_exit-CVE-2016-7466.patch
    (Closes: #838687, CVE-2016-7466)
541
542
543

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 14 Oct 2016 13:31:40 +0300

Michael Tokarev's avatar
Michael Tokarev committed
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
qemu (1:2.6+dfsg-3.1) unstable; urgency=high

  * Non-maintainer upload.
  * Security fixes from upstream:
   - virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch
     (Closes: #832619, CVE-2015-5403)
   - scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch
     (Closes: #837339, CVE-2016-7156)
   - scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch
     (Closes: #837174, CVE-2016-7155)
   - CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
     and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351)
   - virtio-check-vring-descriptor-buffer-length.patch
     (Closes: #832767, CVE-2016-6490)
   - net-vmxnet3-check-for-device_active-before-write.patch
     (Closes: #834904, CVE-2016-6833)
   - net-check-fragment-length-during-fragmentation.patch
     (Closes: #834905, CVE-2016-6834)
   - net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835)
   - net-vmxnet-initialise-local-tx-descriptor.patch
     (Closes: #834944, CVE-2016-6836)
   - net-vmxnet-use-g_new-for-pkt-initialisation.patch
     (Closes: #834902, CVE-2016-6888)
   - CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch,
     9pfs-forbid-illegal-path-names.patch and
     9pfs-handle-walk-of-.-in-the-root-directory.patch
     (Closes: #836502, CVE-2016-7116)
   - CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and
     scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch
     (Closes: #837603, CVE-2016-7157)

 -- Andrew James <ajames@hpe.com>  Wed, 14 Sep 2016 00:56:18 -0600

577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
qemu (1:2.6+dfsg-3) unstable; urgency=high

  * more security fixes picked from upstream:
   - CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454)
    vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
    vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch
    vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
   - vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
    (Closes: CVE-2016-4453)
   - scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
    (Closes: #826152, CVE-2016-5238)
  * set urgency to high due to the amount of
    security fixes accumulated so far

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 15 Jun 2016 08:54:12 +0300

593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
qemu (1:2.6+dfsg-2) unstable; urgency=medium

  * add missing log entries for previous upload,
    remove closing of #807006 (it is not closed)
  * Added vga-add-sr_vbe-register-set.patch from upstream
    This fixes regression (in particular with win7 installer)
    introduced by the fix for CVE-2016-3712 (commit fd3c136)
  * fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006)
  * Lots of security patches from upstream:
  - net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch
    (Closes: #821061, CVE-2016-4002)
  - i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch
    (Closes: #821062, CVE-2016-4020)
  - esp-check-command-buffer-length-before-write-CVE-2016-4439.patch,
    esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch
    (Closes: #824856, CVE-2016-4439, CVE-2016-4441)
  - scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch
    (Closes: #825207, CVE-2016-4964)
  - scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch
    (Closes: #825210, CVE-2016-4952)
  - scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch
    (Closes: #825615, CVE-2016-5106)
  - scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch
    (Closes: #825614, CVE-2016-5105)
  - scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch
    (Closes: #825616, CVE-2016-5107)
  - block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch
    (Closes: #826151, CVE-2016-5126)
  - scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch
    (Closes: #827024, CVE-2016-5338)
  - scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch
    (Closes: #827026, CVE-2016-5337)
  * hw-dma-omap-spelling-fix-endianness.patch (lintian)
  * arm-spelling-fix-mismatch.patch (lintian)

 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 13 Jun 2016 12:10:44 +0300

630
qemu (1:2.6+dfsg-1) unstable; urgency=medium
Michael Tokarev's avatar
v2.6.0    
Michael Tokarev committed
631
632

  * new upstream release
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
   Closes: #799115
   Closes: #822369, #823588
   Closes: #813698
   Closes: #805827
   Closes: #813585
   Closes: #823830 CVE-2016-3710 CVE-2016-3712
   Closes: #813193 CVE-2016-2198
   Closes: #813194 CVE-2016-2197
   Closes: #815008 CVE-2016-2392
   Closes: #815009 CVE-2016-2391
   Closes: #815680 CVE-2016-2538
   Closes: #821038 CVE-2016-4001
   Closes: #822344 CVE-2016-4037
   Closes: #817181 CVE-2016-2841
   Closes: #817182 CVE-2016-2857
   Closes: #817183 CVE-2016-2858
   - removed all patches applied upstream
   - removed mjt-set-oem-in-rsdt-like-slic.diff, feature has been
     implemented in upstream differently
652
653
654
655
   - refreshed local patches
  * do not recommend sharutils for qemu-utils anymore (Closes: #820449)
  * typo fix in qemu-system-misc description (Closes: #822883)
  * allow qemu-debootstrap to create mips64el chroot (Closes: #817234)
656
657
658
659
660
661
662
663
  * switch VCS URLs from http to https (lintian)
  * Bump Standards-Version to 3.9.8 (no changes)
  * code spelling fixes from upstream
  * added s390x-virtio-ccw-fix-spelling.patch from upstream
  * added hw-ipmi-fix-spelling.patch from upstream
  * added docs-specify-spell-fix.patch from upstream
  * added fsdev-spelling-fix.patch from upstream
  * fold long list of supported arches in package descriptions
Michael Tokarev's avatar
v2.6.0    
Michael Tokarev committed
664

665
 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 18 May 2016 14:44:14 +0300
Michael Tokarev's avatar
v2.6.0    
Michael Tokarev committed
666

667
668
669
670
671
672
673
qemu (1:2.5+dfsg-5) unstable; urgency=medium

  * fix misspellings in previous debian/changelog entry
  * e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
    (Closes: #812307, CVE-2016-1981)
  * hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch
    (Closes: #809237, CVE-2015-8619)
Michael Tokarev's avatar
Michael Tokarev committed
674
  * use `command -v' instead of `type' to check for command existence
675
676
677

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 28 Jan 2016 18:39:21 +0300

678
qemu (1:2.5+dfsg-4) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
679
680

  * change misspelling of won't in NEWS (lintian)
Michael Tokarev's avatar
Michael Tokarev committed
681
  * two patches from upstream to enable sigaltstack syscall (linux-user)
Michael Tokarev's avatar
Michael Tokarev committed
682
683
684
685
    (Closes: #805826)
  * word-wrapped last entry in debian/changelog
  * use type to find out whenever update-binfmts is available
  * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
686
    (Partial) patch targeted 2.3 which fixes the read side of the issue
Michael Tokarev's avatar
Michael Tokarev committed
687
688
689
690
    (Closes: CVE-2016-1714)
  * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
    (Closes: #811201, CVE-2016-1922)

691
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 21 Jan 2016 13:06:06 +0300
Michael Tokarev's avatar
Michael Tokarev committed
692

693
694
695
qemu (1:2.5+dfsg-3) unstable; urgency=high

  [ Aurelien Jarno ]
696
697
  * debian/copyright:
    fix a spelling error reported by lintian: dependecy -> dependency.
698
699

  [ Michael Tokarev ]
700
  * net-vmxnet3-avoid-memory-leakage-in-activate_device patch
701
702
703
704
705
706
707
708
    (Closes: #808145, CVE-2015-8567, CVE-2015-8568)
  * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
    (Closes: #809232, CVE-2015-8613)
  * net-rocker-fix-an-incorrect-array-bounds-check-CVE-2015-8701.patch
    (Closes: #809313, CVE-2015-8701)

 -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 10 Jan 2016 10:59:46 +0300

709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
qemu (1:2.5+dfsg-2) unstable; urgency=high

  * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
    (Closes: #808144, CVE-2015-8558)
  * virtio-9p-use-accessor-to-get-thread_pool.patch (Closes: #808357)
  * two upstream patches from xsa-155 fixing unsafe shared memory access in xen
    (Closes: #809229, CVE-2015-8550)
  * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
    (Closes: #810519, CVE-2015-8743)
  * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
    (Closes: #810527, CVE-2016-1568)
  * changed build-depends from libpng12-dev to libpng-dev (Closes: #810205)

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 09 Jan 2016 21:40:43 +0300

724
qemu (1:2.5+dfsg-1) unstable; urgency=medium
Michael Tokarev's avatar
Michael Tokarev committed
725
726

  * new upstream release
727
728
729
730
    (Closes: #801158)
    Closes: #806373 CVE-2015-8345
    Closes: #806742 CVE-2015-7504
    Closes: #806741 CVE-2015-7512
731
732
    Closes: #808131 CVE-2015-7549
    Closes: #808130 CVE-2015-8504
Michael Tokarev's avatar
Michael Tokarev committed
733
734
735
736
737
738
  * adopt for the new upstream:
   - removed patches which are upstream now
   - build-depend on libcacard-dev and stop requiring libtool
   - removed libcacard refs from debian/qemu-system-common.docs
   - moved qmp docs out of subdir following upstream
   - removed pc-bios/vgabios-virtio.bin
739
  * enable new linux-user target: tilegx
Michael Tokarev's avatar
Michael Tokarev committed
740
  * install qemu-ga manpage
741
  * install ivshmem-server and ivshmem-client to qemu-utils
742
743
  * stop using cylinders/heads/sectors for sfdisk
    in qemu-make-debian-root (Closes: #785470)
744
745
746
  * modify qemu-make-debian-root to use some current tools
    (this simplifies things, removes usage of uudecode)
    (usefulness of this utility is questionable anyway)
Michael Tokarev's avatar
Michael Tokarev committed
747

748
 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 16 Dec 2015 20:00:04 +0300
Michael Tokarev's avatar
Michael Tokarev committed
749

750
qemu (1:2.4+dfsg-5) unstable; urgency=medium
751
752
753

  * trace-remove-malloc-tracing.patch from upstream.
    (Closes: #802633)
Michael Tokarev's avatar
Michael Tokarev committed
754
755
756
757
758
  * stop building libcacard, as it is now in its own separate
    source package and has been removed from upstream qemu in 2.5.
    Here we just stop producing libcacard binaries, but still use
    embedded libcacard source to link with it statically.  In 2.5
    we will switch to external libcacard. (Closes: #805410)
759

760
 -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 29 Nov 2015 12:22:52 +0300
761

762
qemu (1:2.4+dfsg-4) unstable; urgency=medium
763
764
765

  * applied 3 patches from upstream to fix virtio-net
    possible remote DoS (Closes: #799452 CVE-2015-7295)
766
  * remove now-unused /etc/qemu too (Closes: #797608)
767

768
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 08 Oct 2015 20:30:03 +0300
769

770
qemu (1:2.4+dfsg-3) unstable; urgency=high
771

772
773
774
  * ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
    fix for Heap overflow vulnerability in ne2000_receive() function
    (Closes: #799074 CVE-2015-5279)
775
776
  * ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
    (Closes: #799073 CVE-2015-5278) 
777
778
  * some binfmt reorg:
   - extend aarch64 to include one more byte as other arches do
779
780
   - set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
     OSABI=3 (GNU/Linux) in addition to NONE/SysV
Michael Tokarev's avatar
Michael Tokarev committed
781
     (Closes: #784605, #794737)
782
   - tighten sh4 & sh4eb, fixing OSABI mask to be \xfc not 0
783

784
 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 15 Sep 2015 19:30:18 +0300
785

786
qemu (1:2.4+dfsg-2) unstable; urgency=high
787
788
789
790

  * Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
    CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
    descriptor.  (Closes: #798101 CVE-2015-6815)
791
792
793
794
795
  * Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
    CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
    device from guest, while illegal comands might have security impact,
    f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
    (Closes: CVE-2015-6855)
796

797
 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 11 Sep 2015 19:54:07 +0300
798

799
qemu (1:2.4+dfsg-1a) unstable; urgency=medium
800

801
802
803
804
805
  * new upstream (2.4.0) release
    Closes: #795461, #793811, #794610, #795087, #794611, #793388
    CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5745
    CVE-2015-5166 CVE-2015-5158
    Closes: #793817
806
  * removed all upstreamed patches
807
  * remove --enable-vnc-ws option (not used anymore)
808
  * update mjt-set-oem-in-rsdt-like-slic.diff
809
  * vnc-fix-memory-corruption-CVE-2015-5225.patch from upstream
810
    Closes: #796465 CVE-2015-5225
811
  * remove now-unused /etc/qemu/target-x86_64.conf
812

813
 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 31 Aug 2015 16:28:08 +0300
814

815
816
817
818
819
820
qemu (1:2.3+dfsg-6a) unstable; urgency=medium

  * fix d/copyright leftover in previous upload

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 11 Jun 2015 20:31:07 +0300

821
qemu (1:2.3+dfsg-6) unstable; urgency=high
822
823
824
825

  * pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
    from upstream (Closes: #788460 CVE-2015-3209)

826
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 11 Jun 2015 20:03:40 +0300
827

828
qemu (1:2.3+dfsg-5) unstable; urgency=high
829
830
831

  * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
    (Closes: CVE-2015-4037)
832
833
  * 11 patches for XEN PCI pass-through issues
    (Closes: #787547 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106)
834
835
  * kbd-add-brazil-kbd-keys-*.patch, adding two keys found on Brazilian
    keyboards (Closes: #772422)
836

837
 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 03 Jun 2015 17:18:58 +0300
838

839
qemu (1:2.3+dfsg-4) unstable; urgency=medium
840
841
842

  * rules.mak-force-CFLAGS-for-all-objects-in-DSO.patch:
    patch from upstream to fix FTBFS on some arches
843
844
  * libcacard-dev: depend on libnss3-dev (Closes: #785798)
  * libcacard-dev: do not depend on pkg-config
845

846
 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 20 May 2015 14:21:09 +0300
847

848
qemu (1:2.3+dfsg-3) unstable; urgency=high
849

850
851
  * fdc-force-the-fifo-access-to-be-in-bounds-CVE-2015-3456.patch
    (Closes: CVE-2015-3456)
852
853
854
  * fix the OSABI binfmt mask for x86_64 arch, to actually fix #763043.
    Original fix didn't work, because "someone" forgot arithmetics.
    (Really Closes: #763043)
855
  * align binfmt magics/masks to be in single column
856

857
 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 12 May 2015 23:02:29 +0300
858

859
qemu (1:2.3+dfsg-2) unstable; urgency=medium
860
861

  * do not install upstream changelog file, it is unused for a long time
862
  * mention closing of #781250 #769299 by 2.3
863
  * mention qemu-block-extra split in NEWS files
Michael Tokarev's avatar
Michael Tokarev committed
864
  * fix spelling prob in the manpage
Michael Tokarev's avatar
Michael Tokarev committed
865
  * bump Standards-Version to 3.9.6 (no changes needed)
866
  * add mips64 and mips64el binfmt registration (Closes: #778624)
867

868
 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 04 May 2015 13:01:03 +0300
869

870
qemu (1:2.3+dfsg-1) unstable; urgency=medium
871
872

  * new upstream release (2.3)
873
    (Closes: #781250 #769299 #781250 #769299)
874

875
 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 24 Apr 2015 17:33:46 +0300
876

877
qemu (1:2.2+dfsg-6exp) experimental; urgency=medium
878
879
880

  * qemu 2.2.1 stable/bugfix release (remove included upstream
    exec-change-default-exception_index-value-for-migration-to--1.patch)
881
882
  * added mips64(el) to list of architectures where qemu-utils is built
    (Closes: #780200)
Michael Tokarev's avatar
Michael Tokarev committed
883
  * added kvm-on-x32.patch from Adam Borowski (Closes: #778737)
884
  * create qemu-block-extra package
885
  * rules.mak-fix-module-build.patch from upstream to fix module build
886
  * pass --enable-modules to configure
887
  * pass multiarch --libdir to configure
888
889
  * mjt-set-oem-in-rsdt-like-slic.diff: update FACP table too,
    not only RSDT.  FACP is needed for win7 booting in UEFI mode.
Michael Tokarev's avatar
Michael Tokarev committed
890
891
892
893
894
895
896
  * enable libcacard (closes: #764971)
   - build-depend on libnss3-dev & libtool-bin
   - --enable-smartcard-nss
   - run dh_makeshlibs
   - rm libcacard.la
   - add libcacard0, libcacard-dev and libcacard-tools packages
   - add libcacard*.install and libcacard0.symbols
897

898
 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 17 Apr 2015 21:54:53 +0300
899

900
qemu (1:2.2+dfsg-5exp) experimental; urgency=medium
901
902
903

  * fix initscript removal once again

904
 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 23 Jan 2015 15:05:46 +0300
905

906
qemu (1:2.2+dfsg-4exp) experimental; urgency=medium
907
908
909
910

  * fix a brown-paper bag bug removing the qemu-system-x86 initscript
    (Closes: #776004)

911
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 22 Jan 2015 20:33:38 +0300
912

913
qemu (1:2.2+dfsg-3exp) experimental; urgency=medium
914
915

  * mention closing of #753887 by 2.2
916
917
  * install only specific bamboo.dtb for ppc, not *.dtb
    (Closes: #773033)
918
919
  * install qemu-system-misc firmware in d/*.install not d/rules,
    as other firmware files
920
921
  * exec-change-default-exception_index-value-for-migration-to--1.patch:
    cherry-picked commit adee64249ee37e from upstream
922
  * stop messing up with alternatives (qemu for qemu-system-*)
923
924
  * stop shipping qemu-system-x86 initscript to load kvm modules
    (kernel since 3.4 does that automatically) (Closes: #751754)
925

926
 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 22 Jan 2015 09:28:01 +0300
927

928
929
930
931
932
933
qemu (1:2.2+dfsg-2exp) experimental; urgency=medium

  * and finally uploading to experimental as it should be

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 10 Dec 2014 00:58:32 +0300

934
qemu (2.2+dfsg-1exp) unstable; urgency=medium
935

936
  * new upstream release 2.2.0 (Closes: #751078, #726629, #753887)
937
938
  * removed all patches which was cherry-picked from upstream,
    only keeping debian-specific changes
939
  * refreshed mjt-set-oem-in-rsdt-like-slic.diff
940
  * added tricore to qemu-system-misc package (new arch)
941
942
943
944
  * restore upstream pc-bios/petalogix-*.dtb "blobs":
    upstream says it is the canonical form, dtc is used
    to convert from dts to dtb and back, the conversion
    is reversible
945
  * install petalogix firmware for microblaze (Closes: #769068)
946

947
 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 09 Dec 2014 23:09:26 +0300
948

949
950
951
952
953
954
955
qemu (1:2.1+dfsg-11) unstable; urgency=medium

  * bump epoch and reupload to cancel 2.2+dfsg-1exp upload
    mistakenly done to unstable.  No other changes.

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 10 Dec 2014 00:52:28 +0300

956
qemu (2.1+dfsg-10) unstable; urgency=medium
957
958
959
960

  * make (debian-specific) x86 data path (with seabios and ipxe
    in it) non-x86-specific, since other arches use firmware
    files too (Closes: #772127)
961
  * add seabios to Recommends to qemu-system-misc, qemu-system-mips,
962
963
    qemu-system-ppc and qemu-system-sparc packages, because these
    packages contains emulators using vgabios which is part of
964
965
    seabios package (#772127).
  * add ipxe-qemu to Recommends to qemu-system-misc, qemu-system-arm,
966
967
    qemu-system-mips, qemu-system-ppc, qemu-system-sparc packages,
    because these packages contains emulators using network boot
968
    roms (#772127), in a similar way.
969

970
 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 09 Dec 2014 13:47:36 +0300
971

972
973
974
975
976
977
978
979
qemu (2.1+dfsg-9) unstable; urgency=high

  * apply upstream patches for CVE-2014-8106
    (cirrus: insufficient blit region checks)
    (Closes: #772025 CVE-2014-8106)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 04 Dec 2014 00:10:43 +0300

980
qemu (2.1+dfsg-8) unstable; urgency=low
981

982
  [ Michael Tokarev ]
983
984
985
  * add Built-Using control field for qemu-user-static package:
    take contents of qemu-user ${shlibs:Depends} and transform it
    into list of source packages with versions.  (Closes: #768926)
986
987
988
  * run remove-alternatives in qemu-system.postinst (the metapkg)
    too, not only in qemu-system-XX.postinst, to handle upgrades
    from wheezy (Closes: #768244)
989
990
991
  * several fixes for debian/qemu-user.1 manpage.  It needs more
    work, but at least some easy and obvious errors are fixed now.
    (Closes: #763841)
992
993
  * migration-fix-parameter-validation-on-ram-load.patch from upstream
    (Closes: #769451 CVE-2014-7840)
994
995
996
997
998
999
1000
  * fix x86_64 binfmt mask to allow more values in ELF_OSABI field
    (byte7).  Current gcc/binfmt sometimes produces binaries with
    this field set to 3 (OSABI_GNU) not 0 (OSABI_SYSV) as used to be.
    Set mask to 0xfb not 0xff here, to allow 0 (traditional SYSV),
    1 (HPUX), 2 (NETBSD) or 3 (GNU).  This lets 2 more types than
    necessary, but qemu will reject wrong types so no harm is done.
    Some other binfmts ignore this field completely (with mask=0).