Change logs for qemu-kvm source package in Wheezy

qemu-kvm (1.1.2+dfsg-6+deb7u12) wheezy-security; urgency=high

  * applied 3 patches from upstream to fix virtio-net
    possible remote DoS (Closes: #799452 CVE-2015-7295)
  * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
    (Closes: #806742, CVE-2015-7504)
  * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
    (Closes: #806741, CVE-2015-7512)
  * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
    (Closes: #806373, CVE-2015-8345)
  * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
    (Closes: #808130, CVE-2015-8504)
  * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
    (Closes: #808144, CVE-2015-8558)
  * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
    (Closes: #810519, CVE-2015-8743)
  * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
    (Closes: #810527, CVE-2016-1568)
  * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
    (Closes: CVE-2016-1714)
  * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
    (Closes: #811201, CVE-2016-1922)

 -- Michael Tokarev <email address hidden>  Mon, 01 Feb 2016 23:53:18 +0300

qemu-kvm (1.1.2+dfsg-6+deb7u8) wheezy-security; urgency=high

  * slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
    (Closes: CVE-2015-4037)
  * pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
    with preparation bugfix pcnet-fix-negative-array-index-read.patch
    from upstream (Closes: #788460 CVE-2015-3209)

 -- Michael Tokarev <email address hidden>  Fri, 12 Jun 2015 09:51:17 +0300

qemu-kvm (1.1.2+dfsg-6+deb7u6) wheezy-security; urgency=high


  * apply upstream patches for CVE-2014-8106 (buffer overflow
    in cirrus vga emulation) (Closes: CVE-2014-8106)

 -- Michael Tokarev <email address hidden>  Wed, 03 Dec 2014 23:46:51 +0300

qemu-kvm (1.1.2+dfsg-6+deb7u4) wheezy-security; urgency=medium


  * image-format-validation patch series backported from 2.0, closing
    CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
    CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223
    (Closes: #742730)
  * slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
    closing CVE-2014-3640 (Closes: #762532)
  * spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch and
    vbe-rework-sanity-checks-CVE-2014-3615.patch closing CVE-2014-3615

 -- Michael Tokarev <email address hidden>  Tue, 20 May 2014 09:49:42 +0400

qemu-kvm (1.1.2+dfsg-6+deb7u3) wheezy-security; urgency=high


  * ide-correct-improper-smart-self-test-counter-reset-CVE-2014-2894.patch
    (Closes: #745157 CVE-2014-2894)
  * scsi-allocate-SCSITargetReq-r-buf-dynamically-CVE-2013-4344.patch
    (Closes: #725944 CVE-2013-4344)

 -- Michael Tokarev <email address hidden>  Wed, 14 May 2014 16:08:52 +0400

qemu-kvm (1.1.2+dfsg-6+deb7u2) stable; urgency=medium


  [ Gabriele Giacone ]
  * Fix crash booting GNU/Hurd on both hwaccel systems without --enable-kvm
    option and on non-hwaccel ones (Closes: #719633).
  * Fix crash booting GNU/Hurd with QEMU multiboot options (Closes: #741873).

 -- Michael Tokarev <email address hidden>  Sat, 19 Apr 2014 09:21:00 +0400

qemu-kvm (1.1.2+dfsg-6) unstable; urgency=low


  * another bugfix for USB, upstream from early days of past-1.1.
    usb-split-endpoint-init-and-reset.patch.  With certain redirected
    to guest USB devices, qemu process may crash:

     usb_packet_complete: Assertion `((&ep->queue)->tqh_first) == p' failed.

    The patch fixes this by de-coupling reset and complete paths.
    Big thanks goes to Joseph Price who found the fix by doing a
    reverse git bisection.
    (Closes: #701926)

  * fix wrong description of kvm transitional package (Closes: #701910)

 -- Michael Tokarev <email address hidden>  Mon, 18 Mar 2013 09:03:51 +0400

qemu-kvm (1.1.2+dfsg-5) unstable; urgency=low


  * fix USB regression introduced in 1.1 (Closes: #683983)
    uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
    Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727)
    for the help identifying the fix.

 -- Michael Tokarev <email address hidden>  Mon, 14 Jan 2013 12:20:29 +0400

qemu-kvm (1.1.2+dfsg-3) unstable; urgency=low


  * intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch
    patch to fix Fixing reset of MSI function in intel-hda virtual device.
    The fix (applied to stable-1.1.1) was partially wrong, as it actually
    added the msi_reset() call to two code paths instead of one as planned.
    Fix this by splitting the function in question into two parts.
    (Closes: #688964)
  * blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch:
    allow opening of read-only cdrom images/devices (Closes: #686776)
  * ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci
    (Closes: #696052)
  * e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch:
    discard too long rx packets which may overflow guest buffer
    (Closes: #696051)
  * eepro100-fix-network-hang-when-rx-buffers-run-out.patch:
    fix e100 stall (Closes: #696061)
  * fix possible network stalls/slowness in e1000 device emulation:
    net-notify-iothread-after-flushing-queue.patch
    e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch
    (Closes: #696063)
  * fixes-related-to-processing-of-qemu-s-numa-option.patch:
    fixes numa handling (Closes: #691343)
  * qcow2-fix-avail_sectors-in-cluster-allocation-code.patch:
    fixes data corruption in stacked qcow2 (Closes: #695905)
  * qcow2-fix-refcount-table-size-calculation.patch: another possible
    corruption or crash in qcow2 (Closes: #691569)
  * tap-reset-vnet-header-size-on-open.patch: always ensure tap device is
    in known state initially (Closes: #696057)
  * vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch:
    possible data corruption bug in vmdk image format (Closes: #696050)

 -- Michael Tokarev <email address hidden>  Sun, 16 Dec 2012 23:08:40 +0400

qemu-kvm (1.1.2+dfsg-2) unstable; urgency=low


  * add revert-serial-fix-retry-logic.patch that restores
    old (semi-)working behavour of a virtual serial port (Closes: #686524)

 -- Michael Tokarev <email address hidden>  Wed, 19 Sep 2012 12:24:33 +0400

qemu-kvm (1.1.1+dfsg-1) unstable; urgency=low


  * new upstream bugfix release (1.1.1) (Closes: #684311)
    Removed applied upstream patches:
    - qemu-kvm-Add-missing-default-machine-options.patch
    - qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch
  * uhci:-fix-uhci_async_cancel_all.patch fixes use-after-free
    in usb code (Closes: #684323)
  * eventfd-making-it-thread-safe.patch - fix a missing
    ioeventfd notifier (Closes: #680719, #685314)
  * qom-object_delete-should-unparent-the-object-first.patch
    fixes assertion failure on usb_del (Closes: #684282)
  * virtio-blk-fix-use-after-free-while-handling-scsi-commands.patch
    (Closes: #684261)
  * ahci-Fix-ahci-cdrom-read-corruptions-for-reads-128k.patch (Closes: #684263)
  * ahci-Fix-sglist-memleak-in-ahci_dma_rw_buf.patch (Closes: #684327)
  * kvm-i8254-cache-kernel-clock-offset-in-KVMPITState.patch and
    kvm-i8254-finish-time-conversion-fix.patch - two patches from upstream
    stable to fix TSC vs PIT timers (Closes: #683096)
  * document -netdev option in the manpage, a long-standing omission
    (net-add--netdev-options-to-man-page.patch)

 -- Michael Tokarev <email address hidden>  Sat, 25 Aug 2012 12:56:01 +0400

qemu-kvm (1.1.0+dfsg-3) unstable; urgency=low


  * ship /usr/share/kvm/qemu-icon.bmp (Closes: #681306)
  * don't build-depend on librbd-dev, as it is having issues
    entering wheezy.  Also (Closes: #680307)

 -- Michael Tokarev <email address hidden>  Wed, 18 Jul 2012 21:22:10 +0400

qemu-kvm (1.0+dfsg-11) unstable; urgency=low


  * add build dependency on libjpeg-dev and libpng-dev
  * show config.log in case ./configure fails
  * bump Standards-Version to 3.9.3 (no changes needed)

 -- Michael Tokarev <email address hidden>  Tue, 17 Apr 2012 14:08:34 +0400

qemu-kvm (1.0+dfsg-9) unstable; urgency=low


  * fix ipxe dependency (Closes: #659010, #585170)
  * fix CFLAGS=`` construct to use $(shell ) instead
    (chokes on older make, see #660133)
  * stop shipping 05_report_debian_package_version.patch
    and use --with-pkgversion configure option instead
  * depend on vgabios >= 0.6c-3~ not 0.6c-3, to assist backporting
  * apply qemu-1.0.1.diff -- difference from qemu 1.0 to qemu 1.0.1
    from git, except of version change (this includes CVE-2012-0029 fix)

 -- Michael Tokarev <email address hidden>  Mon, 27 Feb 2012 23:47:59 +0400

qemu-kvm (1.0+dfsg-8) unstable; urgency=low


  * Depends on ipxe-qemu or old ipxe (Closes: #658853)

 -- Michael Tokarev <email address hidden>  Tue, 07 Feb 2012 00:59:20 +0400

qemu-kvm (1.0+dfsg-7) unstable; urgency=low


  * Force-enable optional features in ./configure args which are listed
    as build-dependencies, in order to catch things like broken
    dependency which makes corresponding optional feature to be omitted.
    (Closes: #658169)
    Placed all optional features into debian/optional-features file
    instead of hardcoding them in debian/rules, to be able to comment
    on each of them.
    Also rearrange build-deps and sort them alphabetically.
  * Removed debian/gbp.conf (unused)
  * Converted debian/rules to use dh.  Set debian/compat to 8 (and build-depend
    on debhelper >= 8).  This also fixes lintian warnings about missing targets.
  * Added two patches for manpage generation to recognize/use UTF8.
    (Closes: #655911)

 -- Michael Tokarev <email address hidden>  Thu, 02 Feb 2012 12:45:28 +0400

qemu-kvm (1.0+dfsg-3) unstable; urgency=low


  * ship /etc/kvm/target-x86_64.conf (Closes: #652281)
  * resurrect extboot support which has been removed in qemu-kvm 1.0
    (debian/patches/resurrect-extboot.diff).  (Closes: #652447)
  * build-depend on libiscsi-dev (which has been packaged for Debian
    a few days ago) to enable iscsi support

 -- Michael Tokarev <email address hidden>  Sat, 17 Dec 2011 15:03:20 +0400

qemu-kvm (1.0+dfsg-2) unstable; urgency=low


  * mention: (closes: #647312)
    for 1.0 upload
  * upload to unstable

 -- Michael Tokarev <email address hidden>  Fri, 16 Dec 2011 12:12:38 +0400

qemu-kvm (0.15.1+dfsg-1) unstable; urgency=low


  * new upstream bugfix release 0.15.1
  * refreshed debian/patches/04_use_etc_kvm_kvm-ifup.patch
  * added two-pieces fix for CVE-2011-3346:
    scsi-disk-commonize-iovec-creation-between-reads-and-writes-103b40f51e-CVE-2011-3346.diff
    scsi-disk-lazily-allocate-bounce-buffer-7285477ab1-CVE-2011-3346.diff
    backported from upstream (closes: #646118)
  * remove extra/default stuff from debian/gbp.conf
  * remove many unneeded build-dependencies from debian/control
  * bump Standards-Version to 3.9.2 (no changes needed)
  * add debhelper tags to qemu-kvm.{preinst,postrm} or else lintian complains
  * removed a typo in qemu-kvm.init that referenced /dev/.udev but
    in incorrect way so it never actually worked (Closes: #644324)
  * upload to unstable (closes: #645976)

 -- Michael Tokarev <email address hidden>  Fri, 21 Oct 2011 17:06:43 +0400

qemu-kvm (0.14.1+dfsg-4) unstable; urgency=low
  * switch from etherboot-qemu to ipxe (closes: #634040, #612775)  * explicitly chown/chmod /dev/kvm in postinst if owned by root:root,    for new installs when udev hasn't picked up new rules yet    (closes: #607391) -- Michael Tokarev <email address hidden>  Tue, 26 Jul 2011 11:13:42 +0400

qemu-kvm (0.14.1+dfsg-3) unstable; urgency=high
  * virtio-fix-indirect-descriptor-buffer-overflow-CVE-2011-2212    fixes a guest-triggerable buffer overflow in virtio handling    (closes: #632987)  * os-posix-set-groups-properly-for--runas-CVE-2011-2527    clears supplementary groups for -runas (closes: #633669)  * two security updates so urgency is high -- Michael Tokarev <email address hidden>  Wed, 13 Jul 2011 00:59:47 +0400

qemu-kvm (0.14.1+dfsg-2) unstable; urgency=high
  * virtio: guard against negative vq notifies -- fixes a guest-triggerable    bug in virtio implementation (CVE-2011-2512) (Closes: #631975)    Urgency is high due to security fix. -- Michael Tokarev <email address hidden>  Wed, 29 Jun 2011 00:53:54 +0400

qemu-kvm (0.14.1+dfsg-1) unstable; urgency=low
  * new upstream 0.14.1 stable/bugfix release    (closes: #616159, #624177)  * remove vgabios package entirely finally, when it's properly    packaged in debian (and depend on it) (Closes: #489442)  * ship vgabios.bin link too, for now.  It's not used but helps for    older versions of qemu-kvm.  * add $(QEMU_KVM_CONFIGURE_OPTIONS) to ./configure flags, to simplify    local/custom builds.  Does not affect Debian qemu-kvm build.    Also fix whitespace in that area in debian/rules  * move init.d script to rcS.d and don't run it on stop    (Closes: #611952, #540686)  * remove isa-bus:-Remove-bogus-IRQ-sharing-check-ee951a.diff    (upstream)  * build-depend on librados-dev to enable rbd support  * update kvm-ifup to be a bit more accurate and to warn about    problem cases.  (closes: #619300, #624006)  * ignore-pci-unplug-requests-for-unpluggable-devices-CVE-2011-1751.diff    (closes: #627448)  * fix-crash-in-migration-32-bit-userspace-on-64-bit-host-51b0c6065a.diff    (closes: #625571)  * set-$SDL_VIDEODRIVER=x11-on-Linux-to-prevent-sudo-kvm-from-fighting-for-video-1de9756b97    (closes: #604844) -- Michael Tokarev <email address hidden>  Sat, 28 May 2011 13:43:40 +0400

qemu-kvm (0.14.0+dfsg-1~tls) unstable; urgency=low
  * 0.14.0 release:   - much improved vga speed (closes: #575720, #574988)   - other bugs (closes: #574063, #603424, #604034)  * removed a ton of old patches that went upstream  * refreshed some patches to apply cleanly to new code  * introduced vgabios (0.6c+ca056d8e77) patch and use that    instead of kvm/vgabios/.  Now we can use separate vgabios package    (bios files changed. Now we don't ship vgabios.bin anymore)  * added fix-configure-bin-symlinks.patch to fix ./configure in    case all blobs in the source are removed  * don't ship kvmtrace anymore (does not exist upstream?)  * update debian/rules for the new package layout (esp. "clean" target)  * enable hda (guest) audio device  * apply isa-bus:-Remove-bogus-IRQ-sharing-check-ee951a.diff    from upstream. this makes >4 com ports usable again    (also removes old isa-refine-irq-reservations.patch)  * use external seabios package and depend on it (>> 0.6.1.2)  * move bridge-utils and iproute from Depends to Recommends  * build-depend on xfslibs-dev (for xfs-specific ioctls, not for the library)  * switch to 3.0 (quilt) format (and remove clean-patched target)  * removed 06_no_system_linux_kvm_h.patch (kvm/* isn't used anymore)  * depend on qemu-utils >> 0.14, and deprecate kvm-img, kvm-nbd and kvm-io    (provide script wrappers for them that prints a warning and executes a    real tool from qemu-utils) -- Michael Tokarev <email address hidden>  Wed, 23 Feb 2011 13:40:53 +0300

qemu-kvm (0.12.5+dfsg-5) unstable; urgency=low


  [ Michael Tokarev ]
  * scsi:-Dequeue-requests-before-invoking-completion-callback.diff
    fix SIGSEGV when using lsil scsi emulation, from upstream
    (closes: #603223)
  * seabios-mark-irq9-active-high-in-DSDT.diff - fix non-working
    acpi buttons (system_powerdown) for FreeBSD and other guests.
  * don't ship roms/seabios/src/acpi-dsdt.hex which is a generated file
    (this ensures it gets rebuilt properly after previous patch too),
    and fix their makefile to properly state deps from it (closes: #603219)
  * two patches from upstream git to fix alsa audio issues:
    - fix-100%-CPU-load-when-idle-with-ALSA.diff
    - issue-snd_pcm_start-when-capturing-audio.diff
    (closes: #588899)

 -- Jan Lübbe <email address hidden>  Fri, 12 Nov 2010 11:18:12 +0100