Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package qemu
The updated release includes 3 bugfixes. Changelog with comments:
* e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second
half of the fix for CVE-2012-6075. (Finally Closes: #696051)
This is a security fix for CVE-2012-6075. As it turned out, there are
2 sides of this issue, and 2 halves for the fix. While we thought the
change in previous release (1.1.2+dfsg-3) was enough, it actually is not,
since the bug can be triggered using another conditions too. Complete
fix contains in 2 changes (which touches the same area):
e1000-discard-packets-that-are-too-long-if-not-SBP-and-not-LPE.patch
(which was included in 1.1.2+dfsg-3 release) and
e1000-discard-oversized-packets-based-on-SBP_LPE.patch
(being included now).
These patches are used in a recent qemu qemu-kvm security update in
squeeze (stable-security) too. Both patches are from upstream.
I tried my usual pile of guests here trying to verify there's no
visible regressions due to that, all guests seems to continue working
fine. The changes only affects e1000 device emulation, and has no
impact on other parts of qemu.
* linux-user-fix-mips-32-on-64-prealloc-case.patch (Closes: #668658)
This is a simple patch which unbreaks MIPS 32bit emulation on 64bit host.
Before this patch, mips32 were completely unusable/unworking on any 64bit
host, including the most commonly used amd64 one. Also a low-risk change,
since it is specific to this architecture (and only for the 32-on-64 case),
and makes previously completely non-working stuff working.
It is a fix for bug of priority Important, but I think it really is
important to fix this for wheezy and not let wheezy be released without
it, since emulation of mips is important enough.
* fix USB regression introduced in 1.1 (Closes: #683983)
uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727)
for the help identifying the fix.
This is another fix for Important bug. As it turned out, many real USB
devices which worked in previous versions of qemu[-kvm] (in wheezy/testing,
before 1.1 version) were broken since 1.1 version. I've got many reports
about various devices not working anymore. It turned out that only certain
sequence of events triggers this issue, and not all guests and not all devices
triggers it, but general result of this bug is quite bad. Supporting USB in
a more or less reliable way is important because qemu is often used to run
proprietary windows-only programs to flash a phone over USB or things like
that, where there's no other good choice available (short of purchasing a
separate PC just for that).
I'm requesting to unblock both qemu and qemu-kvm at once, since the two are
kept in the same state, and since the fixes applicable to both at the same
time. However, the mips-related fix is not needed for qemu-kvm, since this
one is x86-only. So qemu-kvm change does not include the mips-related fix.
Other than that, the changes are exactly the same, including version numbers.
Debdiff between qemu/1.1.2+dfsg-3 (currently in testing) and qemu/1.1.2+dfsg-5:
--
diff -Nru qemu-1.1.2+dfsg/debian/changelog qemu-1.1.2+dfsg/debian/changelog
--- qemu-1.1.2+dfsg/debian/changelog2012-12-16 23:24:01.0 +0400
+++ qemu-1.1.2+dfsg/debian/changelog2013-01-14 12:20:29.0 +0400
@@ -1,3 +1,20 @@
+qemu (1.1.2+dfsg-5) unstable; urgency=low
+
+ * fix USB regression introduced in 1.1 (Closes: #683983)
+uhci-don-t-queue-up-packets-after-one-with-the-SPD-flag-set.patch
+Big thanks to Peter Schaefer (https://bugs.launchpad.net/bugs/1033727)
+for the help identifying the fix.
+
+ -- Michael Tokarev m...@tls.msk.ru Mon, 14 Jan 2013 12:20:29 +0400
+
+qemu (1.1.2+dfsg-4) unstable; urgency=medium
+
+ * linux-user-fix-mips-32-on-64-prealloc-case.patch (Closes: #668658)
+ * e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second
+half of the fix for CVE-2012-6075. (Finally Closes: #696051)
+
+ -- Michael Tokarev m...@tls.msk.ru Wed, 09 Jan 2013 23:05:17 +0400
+
qemu (1.1.2+dfsg-3) unstable; urgency=low
* add build-dependency on libcap-dev [linux-any] to enable virtfs support
diff -Nru
qemu-1.1.2+dfsg/debian/patches/e1000-discard-oversized-packets-based-on-SBP_LPE.patch
qemu-1.1.2+dfsg/debian/patches/e1000-discard-oversized-packets-based-on-SBP_LPE.patch
---
qemu-1.1.2+dfsg/debian/patches/e1000-discard-oversized-packets-based-on-SBP_LPE.patch
1970-01-01 03:00:00.0 +0300
+++
qemu-1.1.2+dfsg/debian/patches/e1000-discard-oversized-packets-based-on-SBP_LPE.patch
2013-01-14 12:13:18.0 +0400
@@ -0,0 +1,39 @@
+commit 2c0331f4f7d241995452b99afaf0aab00493334a
+Author: Michael Contreras mich...@inetric.com
+Date: Wed Dec 5 13:31:30 2012 -0500
+Bug-Debian:
