This bug was fixed in the package qemu - 1:5.1+dfsg-4ubuntu1
---------------
qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium
* Merge with Debian testing, remaining changes:
Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes compat links changes of 5.0-5ubuntu4]
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/control: regenerate debian/control out of control-in
* Dropped changes [in Debian or no more needed]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
- revert-memory-accept-mismatching-sizes-in-memory_region_access_...patch
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
- megasas-fix-possible-out-of-bounds-array-access.patch
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
- es1370-check-total-frame-count-against-current-...-CVE-2020-13361.patch
- a few patches from the stable series:
- fix-tulip-breakage.patch
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch
- reapply CVE-2020-13253 fixes from upstream
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
- linux-user-add-netlink-RTM_SETLINK-command.patch
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch'
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
- d/control-in: build-dep libcap is no more needed
- arch aware kvm wrappers
[upstream now automatically enables KVM if available and called with
kvm* name, provides KVM as before but with auto-fallback to tcg.
Former behavior of KVM-or-die can be achieved via -machine accel=kvm ]
* Dropped changes [upstream now]
- d/p/u/usb-fix-setup_len-init-CVE-2020-14364.patch: sanity check usb
setup_len
- d/p/u/lp-1887930-*: Enable Channel Path Handling for vfio-ccw (LP 1887930)
- d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP 1894942)
- d/p/ubuntu/lp-1887935-vfio-ccw-allow-non-prefetch-ORBs.patch: fix boot
from vfio-ccw (LP 1887935)
- fix qemu-user-static initialization to allow executing systemd (LP
1890881)
- fix assertion failue in net_tx_pkt_add_raw_fragment (LP 1891187)
- d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
SQXBR (LP 1883984)
- d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP 1890154)
- d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP 1887763)
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
- update d/p/ubuntu/lp-1835546-* to the final versions
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
* Added Changes:
- update ubuntu machine types for [email protected]
- d/control: regenerated from d/control-in
- d/control, d/rules: build with gcc-9 on armhf as workaround until
resolved in gcc-10 (LP: 1890435)
qemu (1:5.1+dfsg-4) unstable; urgency=high
* mention closing of CVE-2020-16092 by 5.1
* usb-fix-setup_len-init-CVE-2020-14364.patch
Closes: #968947, CVE-2020-14364
(OOB r/w access in USB emulation)
qemu (1:5.1+dfsg-3) unstable; urgency=medium
* fix one more issue in last upload. This is what happens when
you do "obvious" stuff in a hurry without proper testing..
qemu (1:5.1+dfsg-2) unstable; urgency=medium
* fix brown-paper bag bug in last upload
qemu (1:5.1+dfsg-1) unstable; urgency=medium
* hw-display-qxl.so depends on spice so install it
only if it is built just like ui-spice-app
* note #931046 for libfdt
qemu (1:5.1+dfsg-0exp1) experimental; urgency=medium
* new upstream release 5.1.0. Make source DFSG-clean again
Closes: #968088
Closes: CVE-2020-16092 (net_tx_pkt_add_raw_fragment in e1000e & vmxnet3)
* remove all patches which are applied upstream
* do not install non-existing doc/qemu/*-ref.*
* qemu-pr-helper is now in /usr/lib/qemu not /usr/bin
* virtfs-proxy-helper is in /usr/lib/qemu now, not /usr/bin
* new architecture: qemu-system-avr
* refresh d/get-orig-source.sh
* d/get-orig-source.sh: report already removed files in dfsg-clean
* install common modules in qemu-system-common
* lintian tag renamed: shared-lib-without-dependency-information to
shared-library-lacks-prerequisites
qemu (1:5.0-14) unstable; urgency=high
* this is a bugfix release before breaking toys with the new upstream
* riscv-allow-64-bit-access-to-SiFive-CLINT.patch
(another fix for revert-memory-accept-..-CVE-2020-13754)
* install /usr/lib/*/qemu/ui-curses.so in qemu-system-common
Closes: #966517
qemu (1:5.0-13) unstable; urgency=medium
* seabios-hppa-fno-ipa-sra.patch
fix ftbfs with gcc-10
qemu (1:5.0-12) unstable; urgency=medium
* acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace cpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
* xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
* do not install outdated (0.12 and before) Changelog (Closes: #965381)
* xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
* sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
qemu (1:5.0-11) unstable; urgency=high
* d/control-in: only enable opengl (libdrm&Co) on linux
* d/control-in: spice: drop versioned deps (even jessie version is enough),
drop libspice-protocol-dev (automatically pulled by libspice-server-dev),
and build on more architectures
* change from debhelper versioned dependency to debhelper-compat (=12)
* acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
Urgency = high due to this issue.
qemu (1:5.0-10) unstable; urgency=medium
* fix the wrong $(if) construct for s390x kvm link (FTBFS on s390x)
* use the same $(if) construct to simplify #ifdeffery
qemu (1:5.0-9) unstable; urgency=medium
* move kvm executable/script from qemu-kvm to qemu-system-foo,
make it multi-arch, and remove qemu-kvm package
* remove libcacard leftovers from d/.gitignore
* linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
* linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
* libudev is linux-specific, do not build-depend on it
on kfreebsd and others
* install virtiofsd in d/rules (!sparc64) instead of
d/qemu-system-common.install (fixes FTBFS on sparc64)
* confirm -static-pie not working today still
* d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
* qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
* build all modules since there are modules anyway,
no need to hack them in d/rules
* fix spelling in a patch name/subject inlast upload
* d/rules: do not use dh_install and dh_movefiles for individual
pkgs, open-code mkdir+cp/mv, b/c dh_install acts on all files
listed in d/foo.install too, in addition to given on command-line
* remove trailing whitespace from d/changelog
qemu (1:5.0-8) unstable; urgency=medium
* d/control: rdma is linux-only, do not enable it on kfreebsd & hurd
* add comment about virtiofsd conditional to d/qemu-system-common.install
Now qemu FTBFS on sparc64 since virtiofsd is not built due to missing
seccomp onn that platform, we should either make virtiofsd conditional
(!sparc64) or fix seccomp on sparc64 and build-depend on it
* openbios-use-source_date_epoch-in-makefile.patch (Closes: #963466)
* seabios-hppa-use-consistant-date-and-remove-hostname.patch (Closes: #963467)
* slof-remove-user-and-host-from-release-version.patch (Closes: #963472)
* slof-ensure-ld-is-called-with-C-locale.patch (Closes: #963470)
* update previous changelog, mention #945997
* reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
qemu (1:5.0-7) unstable; urgency=medium
* Revert "d/rules: report config log from the correct subdir - base build"
* Revert "d/rules: report config log from the correct subdir - microvm build"
* acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
* remove sdcard-dont-switch-to-ReceivingData-if-add...-CVE-2020-13253.patch -
upstream decided to fix it differently (Reopens: #961297, CVE-2020-13253)
* explicitly specify --enable-tools on hppa and do the same trick
with --enable-tcg-interpreter --enable-tools on a few other unsupported
arches (Closes: #964372, #945997)
qemu (1:5.0-6) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture
* d/rules: makefile definitions can't be recursive - sys_systems for s390x
* d/rules: report config log from the correct subdir - base build
* d/rules: report config log from the correct subdir - microvm build
* d/control-in: disable rbd support unavailable on riscv
* fix assert in qemu guest agent that crashes on shutdown (LP: #1878973)
* d/control-in: build-dep libcap is no more needed
* d/rules: update -spice compat (Ubuntu only)
[ Michael Tokarev ]
* save block modules on upgrades (LP: #1847361)
After upgrade a still running qemu of a former version can't load the
new modules e.g. for extended storage support. Qemu 5.0 has the code to
allow defining a path that it will load these modules from.
* ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
* revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
* sdcard-dont-switch-to-ReceivingData-if-address-is-in...-CVE-2020-13253.patch
CVE-2020-13253: sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, which leads to an out-of-bounds read during sdhci_write()
operations. A guest OS user can crash the QEMU process.
And a preparational patch,
sdcard-update-coding-style-to-make-checkpatch-happy.patch
* a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
[ Aurelien Jarno ]
* Remove myself from maintainers
-- Christian Ehrhardt <[email protected]> Thu, 29 Oct
2020 12:37:31 +0100
** Changed in: qemu (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10761
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12829
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13253
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13361
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13362
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13659
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13754
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13791
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13800
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14364
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15863
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16092
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1902654
Title:
failure to migrate virtual machines with pc-i440fx-wily type to ubuntu
20.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1902654/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
