-
qemu-kvm (1.1.2+dfsg-6+deb7u12) wheezy-security; urgency=high
* applied 3 patches from upstream to fix virtio-net
possible remote DoS (Closes: #799452 CVE-2015-7295)
* pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
(Closes: #806742, CVE-2015-7504)
* pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
(Closes: #806741, CVE-2015-7512)
* eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
(Closes: #806373, CVE-2015-8345)
* vnc-avoid-floating-point-exception-CVE-2015-8504.patch
(Closes: #808130, CVE-2015-8504)
* ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
(Closes: #808144, CVE-2015-8558)
* net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
(Closes: #810519, CVE-2015-8743)
* ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
(Closes: #810527, CVE-2016-1568)
* fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
(Closes: CVE-2016-1714)
* i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
(Closes: #811201, CVE-2016-1922)
-- Michael Tokarev <email address hidden> Mon, 01 Feb 2016 23:53:18 +0300
-
qemu-kvm (1.1.2+dfsg-6+deb7u8) wheezy-security; urgency=high
* slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
(Closes: CVE-2015-4037)
* pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
with preparation bugfix pcnet-fix-negative-array-index-read.patch
from upstream (Closes: #788460 CVE-2015-3209)
-- Michael Tokarev <email address hidden> Fri, 12 Jun 2015 09:51:17 +0300
-
qemu-kvm (1.1.2+dfsg-6+deb7u6) wheezy-security; urgency=high
* apply upstream patches for CVE-2014-8106 (buffer overflow
in cirrus vga emulation) (Closes: CVE-2014-8106)
-- Michael Tokarev <email address hidden> Wed, 03 Dec 2014 23:46:51 +0300
-
qemu-kvm (1.1.2+dfsg-6+deb7u4) wheezy-security; urgency=medium
* image-format-validation patch series backported from 2.0, closing
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223
(Closes: #742730)
* slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
closing CVE-2014-3640 (Closes: #762532)
* spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch and
vbe-rework-sanity-checks-CVE-2014-3615.patch closing CVE-2014-3615
-- Michael Tokarev <email address hidden> Tue, 20 May 2014 09:49:42 +0400
-
qemu-kvm (1.1.2+dfsg-6+deb7u3) wheezy-security; urgency=high
* ide-correct-improper-smart-self-test-counter-reset-CVE-2014-2894.patch
(Closes: #745157 CVE-2014-2894)
* scsi-allocate-SCSITargetReq-r-buf-dynamically-CVE-2013-4344.patch
(Closes: #725944 CVE-2013-4344)
-- Michael Tokarev <email address hidden> Wed, 14 May 2014 16:08:52 +0400
-
qemu-kvm (1.1.2+dfsg-6+deb7u2) stable; urgency=medium
[ Gabriele Giacone ]
* Fix crash booting GNU/Hurd on both hwaccel systems without --enable-kvm
option and on non-hwaccel ones (Closes: #719633).
* Fix crash booting GNU/Hurd with QEMU multiboot options (Closes: #741873).
-- Michael Tokarev <email address hidden> Sat, 19 Apr 2014 09:21:00 +0400
-
qemu-kvm (1.1.2+dfsg-6) unstable; urgency=low
* another bugfix for USB, upstream from early days of past-1.1.
usb-split-endpoint-init-and-reset.patch. With certain redirected
to guest USB devices, qemu process may crash:
usb_packet_complete: Assertion `((&ep->queue)->tqh_first) == p' failed.
The patch fixes this by de-coupling reset and complete paths.
Big thanks goes to Joseph Price who found the fix by doing a
reverse git bisection.
(Closes: #701926)
* fix wrong description of kvm transitional package (Closes: #701910)
-- Michael Tokarev <email address hidden> Mon, 18 Mar 2013 09:03:51 +0400
-
qemu-kvm (1.1.2+dfsg-5) unstable; urgency=low
* fix USB regression introduced in 1.1 (Closes: #683983)
uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727)
for the help identifying the fix.
-- Michael Tokarev <email address hidden> Mon, 14 Jan 2013 12:20:29 +0400
-
qemu-kvm (1.1.2+dfsg-3) unstable; urgency=low
* intel_hda-do-not-call-msi_reset-when-only-device-state-needs-resetting.patch
patch to fix Fixing reset of MSI function in intel-hda virtual device.
The fix (applied to stable-1.1.1) was partially wrong, as it actually
added the msi_reset() call to two code paths instead of one as planned.
Fix this by splitting the function in question into two parts.
(Closes: #688964)
* blockdev-preserve-readonly-and-snapshot-states-across-media-changes.patch:
allow opening of read-only cdrom images/devices (Closes: #686776)
* ahci-properly-reset-PxCMD-on-HBA-reset.patch: fix windows install on ahci
(Closes: #696052)
* e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch:
discard too long rx packets which may overflow guest buffer
(Closes: #696051)
* eepro100-fix-network-hang-when-rx-buffers-run-out.patch:
fix e100 stall (Closes: #696061)
* fix possible network stalls/slowness in e1000 device emulation:
net-notify-iothread-after-flushing-queue.patch
e1000-flush-queue-whenever-can_receive-can-go-from-false-to-true.patch
(Closes: #696063)
* fixes-related-to-processing-of-qemu-s-numa-option.patch:
fixes numa handling (Closes: #691343)
* qcow2-fix-avail_sectors-in-cluster-allocation-code.patch:
fixes data corruption in stacked qcow2 (Closes: #695905)
* qcow2-fix-refcount-table-size-calculation.patch: another possible
corruption or crash in qcow2 (Closes: #691569)
* tap-reset-vnet-header-size-on-open.patch: always ensure tap device is
in known state initially (Closes: #696057)
* vmdk-fix-data-corruption-bug-in-WRITE-and-READ-handling.patch:
possible data corruption bug in vmdk image format (Closes: #696050)
-- Michael Tokarev <email address hidden> Sun, 16 Dec 2012 23:08:40 +0400
-
qemu-kvm (1.1.2+dfsg-2) unstable; urgency=low
* add revert-serial-fix-retry-logic.patch that restores
old (semi-)working behavour of a virtual serial port (Closes: #686524)
-- Michael Tokarev <email address hidden> Wed, 19 Sep 2012 12:24:33 +0400
-
qemu-kvm (1.1.1+dfsg-1) unstable; urgency=low
* new upstream bugfix release (1.1.1) (Closes: #684311)
Removed applied upstream patches:
- qemu-kvm-Add-missing-default-machine-options.patch
- qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch
* uhci:-fix-uhci_async_cancel_all.patch fixes use-after-free
in usb code (Closes: #684323)
* eventfd-making-it-thread-safe.patch - fix a missing
ioeventfd notifier (Closes: #680719, #685314)
* qom-object_delete-should-unparent-the-object-first.patch
fixes assertion failure on usb_del (Closes: #684282)
* virtio-blk-fix-use-after-free-while-handling-scsi-commands.patch
(Closes: #684261)
* ahci-Fix-ahci-cdrom-read-corruptions-for-reads-128k.patch (Closes: #684263)
* ahci-Fix-sglist-memleak-in-ahci_dma_rw_buf.patch (Closes: #684327)
* kvm-i8254-cache-kernel-clock-offset-in-KVMPITState.patch and
kvm-i8254-finish-time-conversion-fix.patch - two patches from upstream
stable to fix TSC vs PIT timers (Closes: #683096)
* document -netdev option in the manpage, a long-standing omission
(net-add--netdev-options-to-man-page.patch)
-- Michael Tokarev <email address hidden> Sat, 25 Aug 2012 12:56:01 +0400
-
qemu-kvm (1.1.0+dfsg-3) unstable; urgency=low
* ship /usr/share/kvm/qemu-icon.bmp (Closes: #681306)
* don't build-depend on librbd-dev, as it is having issues
entering wheezy. Also (Closes: #680307)
-- Michael Tokarev <email address hidden> Wed, 18 Jul 2012 21:22:10 +0400
-
qemu-kvm (1.0+dfsg-11) unstable; urgency=low
* add build dependency on libjpeg-dev and libpng-dev
* show config.log in case ./configure fails
* bump Standards-Version to 3.9.3 (no changes needed)
-- Michael Tokarev <email address hidden> Tue, 17 Apr 2012 14:08:34 +0400
-
qemu-kvm (1.0+dfsg-9) unstable; urgency=low
* fix ipxe dependency (Closes: #659010, #585170)
* fix CFLAGS=`` construct to use $(shell ) instead
(chokes on older make, see #660133)
* stop shipping 05_report_debian_package_version.patch
and use --with-pkgversion configure option instead
* depend on vgabios >= 0.6c-3~ not 0.6c-3, to assist backporting
* apply qemu-1.0.1.diff -- difference from qemu 1.0 to qemu 1.0.1
from git, except of version change (this includes CVE-2012-0029 fix)
-- Michael Tokarev <email address hidden> Mon, 27 Feb 2012 23:47:59 +0400
-
qemu-kvm (1.0+dfsg-8) unstable; urgency=low
* Depends on ipxe-qemu or old ipxe (Closes: #658853)
-- Michael Tokarev <email address hidden> Tue, 07 Feb 2012 00:59:20 +0400
-
qemu-kvm (1.0+dfsg-7) unstable; urgency=low
* Force-enable optional features in ./configure args which are listed
as build-dependencies, in order to catch things like broken
dependency which makes corresponding optional feature to be omitted.
(Closes: #658169)
Placed all optional features into debian/optional-features file
instead of hardcoding them in debian/rules, to be able to comment
on each of them.
Also rearrange build-deps and sort them alphabetically.
* Removed debian/gbp.conf (unused)
* Converted debian/rules to use dh. Set debian/compat to 8 (and build-depend
on debhelper >= 8). This also fixes lintian warnings about missing targets.
* Added two patches for manpage generation to recognize/use UTF8.
(Closes: #655911)
-- Michael Tokarev <email address hidden> Thu, 02 Feb 2012 12:45:28 +0400
-
qemu-kvm (1.0+dfsg-3) unstable; urgency=low
* ship /etc/kvm/target-x86_64.conf (Closes: #652281)
* resurrect extboot support which has been removed in qemu-kvm 1.0
(debian/patches/resurrect-extboot.diff). (Closes: #652447)
* build-depend on libiscsi-dev (which has been packaged for Debian
a few days ago) to enable iscsi support
-- Michael Tokarev <email address hidden> Sat, 17 Dec 2011 15:03:20 +0400
-
qemu-kvm (1.0+dfsg-2) unstable; urgency=low
* mention: (closes: #647312)
for 1.0 upload
* upload to unstable
-- Michael Tokarev <email address hidden> Fri, 16 Dec 2011 12:12:38 +0400
-
qemu-kvm (0.15.1+dfsg-1) unstable; urgency=low
* new upstream bugfix release 0.15.1
* refreshed debian/patches/04_use_etc_kvm_kvm-ifup.patch
* added two-pieces fix for CVE-2011-3346:
scsi-disk-commonize-iovec-creation-between-reads-and-writes-103b40f51e-CVE-2011-3346.diff
scsi-disk-lazily-allocate-bounce-buffer-7285477ab1-CVE-2011-3346.diff
backported from upstream (closes: #646118)
* remove extra/default stuff from debian/gbp.conf
* remove many unneeded build-dependencies from debian/control
* bump Standards-Version to 3.9.2 (no changes needed)
* add debhelper tags to qemu-kvm.{preinst,postrm} or else lintian complains
* removed a typo in qemu-kvm.init that referenced /dev/.udev but
in incorrect way so it never actually worked (Closes: #644324)
* upload to unstable (closes: #645976)
-- Michael Tokarev <email address hidden> Fri, 21 Oct 2011 17:06:43 +0400
-
qemu-kvm (0.14.1+dfsg-4) unstable; urgency=low
* switch from etherboot-qemu to ipxe (closes: #634040, #612775) * explicitly chown/chmod /dev/kvm in postinst if owned by root:root, for new installs when udev hasn't picked up new rules yet (closes: #607391) -- Michael Tokarev <email address hidden> Tue, 26 Jul 2011 11:13:42 +0400
-
qemu-kvm (0.14.1+dfsg-3) unstable; urgency=high
* virtio-fix-indirect-descriptor-buffer-overflow-CVE-2011-2212 fixes a guest-triggerable buffer overflow in virtio handling (closes: #632987) * os-posix-set-groups-properly-for--runas-CVE-2011-2527 clears supplementary groups for -runas (closes: #633669) * two security updates so urgency is high -- Michael Tokarev <email address hidden> Wed, 13 Jul 2011 00:59:47 +0400
-
qemu-kvm (0.14.1+dfsg-2) unstable; urgency=high
* virtio: guard against negative vq notifies -- fixes a guest-triggerable bug in virtio implementation (CVE-2011-2512) (Closes: #631975) Urgency is high due to security fix. -- Michael Tokarev <email address hidden> Wed, 29 Jun 2011 00:53:54 +0400
-
qemu-kvm (0.14.1+dfsg-1) unstable; urgency=low
* new upstream 0.14.1 stable/bugfix release (closes: #616159, #624177) * remove vgabios package entirely finally, when it's properly packaged in debian (and depend on it) (Closes: #489442) * ship vgabios.bin link too, for now. It's not used but helps for older versions of qemu-kvm. * add $(QEMU_KVM_CONFIGURE_OPTIONS) to ./configure flags, to simplify local/custom builds. Does not affect Debian qemu-kvm build. Also fix whitespace in that area in debian/rules * move init.d script to rcS.d and don't run it on stop (Closes: #611952, #540686) * remove isa-bus:-Remove-bogus-IRQ-sharing-check-ee951a.diff (upstream) * build-depend on librados-dev to enable rbd support * update kvm-ifup to be a bit more accurate and to warn about problem cases. (closes: #619300, #624006) * ignore-pci-unplug-requests-for-unpluggable-devices-CVE-2011-1751.diff (closes: #627448) * fix-crash-in-migration-32-bit-userspace-on-64-bit-host-51b0c6065a.diff (closes: #625571) * set-$SDL_VIDEODRIVER=x11-on-Linux-to-prevent-sudo-kvm-from-fighting-for-video-1de9756b97 (closes: #604844) -- Michael Tokarev <email address hidden> Sat, 28 May 2011 13:43:40 +0400
-
qemu-kvm (0.14.0+dfsg-1~tls) unstable; urgency=low
* 0.14.0 release: - much improved vga speed (closes: #575720, #574988) - other bugs (closes: #574063, #603424, #604034) * removed a ton of old patches that went upstream * refreshed some patches to apply cleanly to new code * introduced vgabios (0.6c+ca056d8e77) patch and use that instead of kvm/vgabios/. Now we can use separate vgabios package (bios files changed. Now we don't ship vgabios.bin anymore) * added fix-configure-bin-symlinks.patch to fix ./configure in case all blobs in the source are removed * don't ship kvmtrace anymore (does not exist upstream?) * update debian/rules for the new package layout (esp. "clean" target) * enable hda (guest) audio device * apply isa-bus:-Remove-bogus-IRQ-sharing-check-ee951a.diff from upstream. this makes >4 com ports usable again (also removes old isa-refine-irq-reservations.patch) * use external seabios package and depend on it (>> 0.6.1.2) * move bridge-utils and iproute from Depends to Recommends * build-depend on xfslibs-dev (for xfs-specific ioctls, not for the library) * switch to 3.0 (quilt) format (and remove clean-patched target) * removed 06_no_system_linux_kvm_h.patch (kvm/* isn't used anymore) * depend on qemu-utils >> 0.14, and deprecate kvm-img, kvm-nbd and kvm-io (provide script wrappers for them that prints a warning and executes a real tool from qemu-utils) -- Michael Tokarev <email address hidden> Wed, 23 Feb 2011 13:40:53 +0300
-
qemu-kvm (0.12.5+dfsg-5) unstable; urgency=low
[ Michael Tokarev ]
* scsi:-Dequeue-requests-before-invoking-completion-callback.diff
fix SIGSEGV when using lsil scsi emulation, from upstream
(closes: #603223)
* seabios-mark-irq9-active-high-in-DSDT.diff - fix non-working
acpi buttons (system_powerdown) for FreeBSD and other guests.
* don't ship roms/seabios/src/acpi-dsdt.hex which is a generated file
(this ensures it gets rebuilt properly after previous patch too),
and fix their makefile to properly state deps from it (closes: #603219)
* two patches from upstream git to fix alsa audio issues:
- fix-100%-CPU-load-when-idle-with-ALSA.diff
- issue-snd_pcm_start-when-capturing-audio.diff
(closes: #588899)
-- Jan Lübbe <email address hidden> Fri, 12 Nov 2010 11:18:12 +0100