--- qemu-kvm-1.0+noroms.orig/debian/README.source +++ qemu-kvm-1.0+noroms/debian/README.source @@ -0,0 +1,2 @@ +This package uses quilt to manage patches; see: + /usr/share/doc/quilt/README.source --- qemu-kvm-1.0+noroms.orig/debian/TODO +++ qemu-kvm-1.0+noroms/debian/TODO @@ -0,0 +1,5 @@ +* sysctl.d file should be prefixed with a number + +* install target should install to debian/tmp + +* binary-arch should almost only use dh_install to install --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-alpha +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-alpha @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-alpha-static +flags: OC +offset 0 +magic \x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-arm +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-arm @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-arm-static +flags: OC +offset 0 +magic \x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-armeb +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-armeb @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-arm-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-cris +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-cris @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-cris-static +flags: OC +offset 0 +magic \x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x4c\x00 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-i386 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-i386 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-i386-static +flags: OC +offset 0 +magic \x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00 +mask \xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-m68k +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-m68k @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-m68k-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x04 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-microblaze +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-microblaze @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-microblaze-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xba\xab +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-mips +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-mips @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-mips-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-mipsel +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-mipsel @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-mipsel-static +flags: OC +offset 0 +magic \x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-ppc +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-ppc @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-ppc-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14 +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-ppc64 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-ppc64 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-ppc64-static +flags: OC +offset 0 +magic \x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15 +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-ppc64abi32 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-ppc64abi32 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-ppc64abi32-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15 +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-sh4 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-sh4 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-sh4-static +flags: OC +offset 0 +magic \x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00 +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-sh4eb +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-sh4eb @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-sh4eb-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a +mask \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-sparc +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-sparc @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-sparc-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02 +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-sparc32plus +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-sparc32plus @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-sparc32plus-static +flags: OC +offset 0 +magic \x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12 +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-sparc64 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-sparc64 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-sparc64-static +flags: OC +offset 0 +magic \x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2b +mask \xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/binfmts/qemu-x86_64 +++ qemu-kvm-1.0+noroms/debian/binfmts/qemu-x86_64 @@ -0,0 +1,7 @@ +package qemu-kvm-extras-static +interpreter /usr/bin/qemu-x86_64-static +flags: OC +offset 0 +magic \x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00 +mask \xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff +credentials yes --- qemu-kvm-1.0+noroms.orig/debian/changelog +++ qemu-kvm-1.0+noroms/debian/changelog @@ -0,0 +1,1742 @@ +qemu-kvm (1.0+noroms-0ubuntu14.20) precise-proposed; urgency=medium + + * Fix segfault on qemu-img convert with nonexistent source file (LP: #1388036) + + -- Serge Hallyn Thu, 20 Nov 2014 10:11:21 -0600 + +qemu-kvm (1.0+noroms-0ubuntu14.19) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via slirp NULL pointer deref + - debian/patches/CVE-2014-3640.patch: make sure socket is not just a + stub in slirp/udp.c. + - CVE-2014-3640 + * SECURITY UPDATE: possible privilege escalation via vmware-vga driver + - debian/patches/CVE-2014-3689.patch: verify rectangles in + hw/vmware_vga.c. + - CVE-2014-3689 + * SECURITY UPDATE: denial of service via VNC console + - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in + ui/vnc.c. + - CVE-2014-7815 + + -- Marc Deslauriers Tue, 11 Nov 2014 15:28:11 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.18) precise-proposed; urgency=medium + + * debian/patches/define-qemu-kvm-mt: define a new (default) machine + type "pc-1.0-precise" which allows incoming migration in newer qemu to + distinguish qemu-kvm-created machines from qemu-created machines. + (LP: #1374612) + + -- Serge Hallyn Mon, 22 Sep 2014 13:39:03 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.17) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0142.patch: validate extent_size header field + in block/bochs.c, validate s->tracks in block/parallels.c, validate + block size in block/vpc.c, backport function to qemu-common.h. + - CVE-2014-0142 + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0143.patch: validate nb_sectors in + block.c, validate catalog_size header field in block/bochs.c, + prevent offsets_size integer overflow in block/cloop.c, fix catalog + size integer overflow in block/parallels.c, validate new_l1_size in + block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c, + check L1 snapshot table size in block/qcow2-snapshot.c, check active + L1 table size in block/qcow2.c, define max size in block/qcow2.h. + - CVE-2014-0143 + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0144.patch: validate block sizes and offsets + in block/cloop.c, check offset in block/curl.c, validate size in + block/qcow2-refcount.c, check number of snapshots in + block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c, + move structs to block/qcow2.h, check sizes in block/vdi.c, + prevent overflows in block/vpc.c. + - CVE-2014-0144 + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c, + use correct size in block/qcow2-snapshot.c. + - CVE-2014-0145 + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0146.patch: calculate offsets properly in + block/qcow2.c. + - CVE-2014-0146 + * SECURITY UPDATE: denial of service and possible code exection via + incorrect image format validation (LP: #1322204) + - debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c, + properly calculate refcounts in block/qcow2-refcount.c, block/qcow2.c. + - CVE-2014-0147 + * SECURITY UPDATE: multiple buffer overflows on invalid state load + - debian/patches: added large number of upstream patches pulled from + git tree. + - CVE-2013-4148 + - CVE-2013-4151 + - CVE-2013-4527 + - CVE-2013-4529 + - CVE-2013-4530 + - CVE-2013-4531 + - CVE-2013-4532 + - CVE-2013-4533 + - CVE-2013-4534 + - CVE-2013-4535 + - CVE-2013-4536 + - CVE-2013-4537 + - CVE-2013-4538 + - CVE-2013-4539 + - CVE-2013-4540 + - CVE-2013-4541 + - CVE-2013-6399 + - CVE-2014-0182 + - CVE-2014-0222 + - CVE-2014-0223 + - CVE-2014-3461 + + -- Marc Deslauriers Tue, 12 Aug 2014 13:30:27 -0400 + +qemu-kvm (1.0+noroms-0ubuntu14.15) precise-proposed; urgency=low + + * qemu-kvm.upstart: ignore modprobe errors (LP: #1316812) + + -- Serge Hallyn Wed, 07 May 2014 14:06:43 +0000 + +qemu-kvm (1.0+noroms-0ubuntu14.14) precise-security; urgency=medium + + * SECURITY UPDATE: arbitrary code execution via MAC address table update + - debian/patches/CVE-2014-0150.patch: fix overflow in hw/virtio-net.c. + - CVE-2014-0150 + * SECURITY UPDATE: denial of service and possible code execution via + smart self test counter + - debian/patches/CVE-2014-2894.patch: correct self-test count in + hw/ide/core.c. + - CVE-2014-2894 + + -- Marc Deslauriers Fri, 25 Apr 2014 17:37:13 -0400 + +qemu-kvm (1.0+noroms-0ubuntu14.13) precise-security; urgency=medium + + * SECURITY UPDATE: privilege escalation via REPORT LUNS + - debian/patches/CVE-2013-4344.patch: support more than 256 LUNS in + hw/scsi-bus.c, hw/scsi.h. + - CVE-2013-4344 + + -- Marc Deslauriers Tue, 28 Jan 2014 09:08:09 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.12) precise-proposed; urgency=low + + * migration-do-not-overwrite-zero-pages.patch, + call-madv-hugepage-for-guest-ram-allocations.patch: + Fix performance degradation after migrations, and savevm/loadvm. + (LP: #1100843) + + -- Chris J Arges Wed, 02 Oct 2013 16:26:27 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.11) precise-proposed; urgency=low + + * debian/control and qemu-kvm.postinst: remove any g:--- acl on /dev/kvm + (left over from udev-acl). (LP: #1057024) + + -- Serge Hallyn Wed, 17 Jul 2013 10:14:46 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.10) precise-proposed; urgency=low + + * remove 9004-qcow2-Simplify-count_cow_clusters.patch, which may or may + not have actually fixed bug 1189926. Replace ith with: + 9004-qcow2-start-at-0-when-counting-cow-clusters.patch: Fixes corruption + issues with qcow2. (LP: #1189926) + + -- Chris J Arges Mon, 17 Jun 2013 10:11:38 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.9) precise-proposed; urgency=low + + * 9004-qcow2-Simplify-count_cow_clusters.patch: fixes corruption + with qcow2. (LP: #1189926) + + -- Chris J Arges Wed, 12 Jun 2013 13:19:46 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.8) precise-proposed; urgency=low + + * qemu-utils.links: fix kvm-nbd.8.gz and kvm-img.1.gz symlinks. (LP: #1089402) + * take 9pfs-remove-noatime-flag-from-ro-open-calls.patch from upstream git + to make readonly+nonroot 9p mounts succeed. (LP: #1091430) + + -- Serge Hallyn Tue, 29 Jan 2013 22:41:42 -0600 + +qemu-kvm (1.0+noroms-0ubuntu14.7) precise-security; urgency=low + + * SECURITY UPDATE: guest denial of service and possible code execution + via e1000 large packets + - debian/patches/CVE-2012-6075.patch: properly discard oversize packets + in hw/e1000.c. + - CVE-2012-6075 + + -- Marc Deslauriers Tue, 15 Jan 2013 09:27:30 -0500 + +qemu-kvm (1.0+noroms-0ubuntu14.6) precise-proposed; urgency=low + + * Fix qemu-kvm.upstart: just don't run in a container. Otherwise we'll + still try to load/unload kernel modules. Also undo the || true after + sysfs writes. Since setting those is a part of configuring qemu-kvm + on the host, failing when they fail makes sense. + + -- Serge Hallyn Thu, 20 Dec 2012 12:34:52 -0600 + +qemu-kvm (1.0+noroms-0ubuntu14.5) precise-proposed; urgency=low + + * add udev to qemu-kvm Depends to ensure that postinst succeeds. + (LP: #1080912) + + -- Serge Hallyn Tue, 20 Nov 2012 10:58:05 -0600 + +qemu-kvm (1.0+noroms-0ubuntu14.4) precise-proposed; urgency=low + + [ Serge Hallyn ] + * debian/qemu-kvm.postinst: use udevadm trigger to change /dev/kvm perms as + recommended by Steve Langasek (LP: #1057024) + * apply debian/patches/nbd-fixes-to-read-only-handling.patch from upstream to + make read-write mount after read-only mount work. (LP: #1077838) + + [ Robert Collins ] + * Fix upstart job to succeed if ksm settings can't be altered in the same way + other settings are handled. (LP: #1078530) + + -- Serge Hallyn Thu, 15 Nov 2012 10:42:37 -0600 + +qemu-kvm (1.0+noroms-0ubuntu14.3) precise-proposed; urgency=low + + * Fix race condition in virtio code on multicore systems. (LP: #997978) + - 9001-virtio-add-missing-mb-on-notification.patch + - 9002-virtio-add-missing-mb-on-enable-notification.patch + - 9003-virtio-order-index-descriptor-reads.patch + + -- Soren Hansen Mon, 03 Sep 2012 10:15:54 +0200 + +qemu-kvm (1.0+noroms-0ubuntu14.2) precise-security; urgency=low + + * SECURITY UPDATE: privilege escalation via VT100 sequences + - debian/patches/CVE-2012-3515.patch: check bounds in console.c. + - CVE-2012-3515 + + -- Marc Deslauriers Tue, 25 Sep 2012 10:05:23 -0400 + +qemu-kvm (1.0+noroms-0ubuntu14.1) precise-security; urgency=low + + * SECURITY UPDATE: file overwrite via incorrect temp file checking + - debian/patches/CVE-2012-2652.patch: properly check length and + failures in block.c, block_int.h, block/vvfat.c. + - CVE-2012-2652 + + -- Marc Deslauriers Tue, 31 Jul 2012 10:11:19 -0400 + +qemu-kvm (1.0+noroms-0ubuntu14) precise-proposed; urgency=low + + * debian/patches/keep-pid-file-locked.patch: keep pidfile locked for the + lifetime of the process (LP: #1023159) + + -- Serge Hallyn Wed, 11 Jul 2012 16:41:05 -0500 + +qemu-kvm (1.0+noroms-0ubuntu13) precise; urgency=low + + * d/rules,d/control: Enable RADOS block device (RBD) (LP: #904834) + + -- Clint Byrum Thu, 12 Apr 2012 08:58:11 -0700 + +qemu-kvm (1.0+noroms-0ubuntu12) precise; urgency=low + + * debian/patches/rbd/: apply 3 patches (recommended by Dreamhost) for + snapshot and live migration. + + -- Serge Hallyn Mon, 09 Apr 2012 17:12:09 -0500 + +qemu-kvm (1.0+noroms-0ubuntu11) precise; urgency=low + + * debian/patches/disable-hpet-for-tcg.patch: implicitly set -no-hpet + when using tcg (non-accelerated qemu). (LP: #975240) + + -- Serge Hallyn Mon, 09 Apr 2012 11:06:36 -0500 + +qemu-kvm (1.0+noroms-0ubuntu10) precise; urgency=low + + * debian/rules: set sysconfdir to /etc (LP: #960359) + + -- Serge Hallyn Tue, 20 Mar 2012 22:31:21 -0500 + +qemu-kvm (1.0+noroms-0ubuntu9) precise; urgency=low + + * debian/patches/multiboot-load-fix.diff: fix bug when loading + multiboot images such as grub via -kernel parameter (LP: #957622) + + -- Scott Moser Sun, 18 Mar 2012 19:34:28 -0400 + +qemu-kvm (1.0+noroms-0ubuntu8) precise; urgency=low + + * debian/patches/slirp-*: fix bad exit with -11 when connecting to a port + redirect before the service starts listening. (LP: #932539) + + -- Serge Hallyn Fri, 16 Mar 2012 16:34:05 -0500 + +qemu-kvm (1.0+noroms-0ubuntu7) precise; urgency=low + + [ Dave Walker ] + * debian/patches/expose_vmx_qemu64cpu.patch: Expose VMX cpuid feature to the + default "qemu64" CPU type, supporting Intel compatible VMX nested + virtualization. + + [ Serge Hallyn ] + * debian/patches/fix-vmware-vga-negative-vals - if x or y < 0, set them to 0 + (and decrement width/height accordingly) (LP: #918791) + + -- Serge Hallyn Wed, 14 Mar 2012 14:52:44 -0500 + +qemu-kvm (1.0+noroms-0ubuntu6) precise; urgency=low + + [ Stefan Weil ] + * debian/patches/block_vd_zero_unused_parts: Zero unused parts when + allocating a new block (LP: #919242) + + -- Serge Hallyn Mon, 20 Feb 2012 13:33:05 -0600 + +qemu-kvm (1.0+noroms-0ubuntu5) precise; urgency=low + + * define_AT_EMPTY_PATH.patch: Make sure AT_EMPTY_PATH is defined. + (LP: #930181) + * Be smarter about what bridge to attach a TAP device to (LP: #475327): + - qemu-ifup-choosebridge.patch: Don't use the default nic as a + bridge, if it isn't a bridge. + - debian/qemu-ifdown: use same logic as qemu-ifup to determine + the bridge + - debian/qemu-kvm.default: add commented TAPBR option + + -- Serge Hallyn Wed, 15 Feb 2012 15:47:57 -0600 + +qemu-kvm (1.0+noroms-0ubuntu4) precise; urgency=low + + * SECURITY UPDATE: fix heap overflow in e1000 driver with crafted legacy + mode packets + - debian/patches/CVE-2012-0029.patch: check for overflow whenever issuing + PCI dma reads + - CVE-2012-0029 + + -- Jamie Strandboge Mon, 23 Jan 2012 09:09:23 -0600 + +qemu-kvm (1.0+noroms-0ubuntu3) precise; urgency=low + + * qemu-kvm.default and qemu-kvm.upstart: Enable nested kvm for intel cpus + by default. + + -- Serge Hallyn Thu, 19 Jan 2012 10:44:28 -0600 + +qemu-kvm (1.0+noroms-0ubuntu2) precise; urgency=low + + * Change Suggests of ipxe to Recommends of (much smaller) kvm-ipxe. + + -- Serge Hallyn Tue, 13 Dec 2011 16:13:38 -0600 + +qemu-kvm (1.0+noroms-0ubuntu1) precise; urgency=low + + * New upstream release + * Remaining changes from upstream: + - removed all binary roms and tests/pi_10.com + * debian/qemu-kvm.links: qemu is now called qemu-system-i386, don't symlink + it + * remove patches applied upstream: + - debian/patches/vpc.patch + - debian/patches/e1000-Dont-set-the-Capabilities-List-bit.patch + - debian/patches/CVE-2011-4111.patch + * replace default-to-tcg.patch with simpler fallback-to-tcg.patch + * keep remaining patches: + - larger_default_ram_size.patch + - CVE-2011-2212-virtqueue-indirect-overflow.patch + - qemuifup-fix-paths.patch + - dont-try-to-hotplug-cpu.patch + + -- Serge Hallyn Tue, 06 Dec 2011 23:40:24 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu7) precise; urgency=low + + * debian/qemu-ifdown: don't use full paths for sbin/ifconfig, especially + as those paths are wrong. (LP: #898234) + * debian/qemu-kvm.default and debian/qemu-kvm.upstart: optionally load + the vhost_net module. + * debian/patches/dont-try-to-hotplug-cpu.patch: trying to hotplug a cpu + crashes qemu. So just don't do it! (LP: #878422) + + -- Serge Hallyn Wed, 30 Nov 2011 11:37:28 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu6) precise; urgency=low + + * Revert unintentional changes from 0.15.0+noroms-0ubuntu4: in particular, + move qemu-img and qemu-nbd back to qemu-utils, and bump Breaks/Replaces + to account for this. + + -- Colin Watson Mon, 28 Nov 2011 22:58:56 +0000 + +qemu-kvm (0.15.0+noroms-0ubuntu5) precise; urgency=low + + * SECURITY UPDATE: heap-based overflow with VSC_ATR message handling + - debian/patches/CVE-2011-4111.patch: update + ccid_card_vscard_handle_message() to not continue on error + - CVE-2011-4111 + + -- Jamie Strandboge Mon, 28 Nov 2011 13:56:49 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu4) precise; urgency=low + + * debian/control: add breaks/replaces to qemu-utils to ensure correct + upgrades. (LP: #897254) + + -- Serge Hallyn Mon, 28 Nov 2011 09:01:34 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu3) precise; urgency=low + + * Create new qemu-utils package containing qemu-nbd and qemu-img. + + -- Serge Hallyn Tue, 22 Nov 2011 13:38:15 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu2) precise; urgency=low + + * debian/patches/default-to-tcg.patch: fall back to unaccelerated qemu if + kvm acceleration is not available. (LP: #892050) + + -- Serge Hallyn Fri, 18 Nov 2011 09:26:33 -0600 + +qemu-kvm (0.15.0+noroms-0ubuntu1) precise; urgency=low + + * New upstream release + * Remaining changes from upstream: + - removed all binary roms and tests/pi_10.com + * Removed Detect-and-use-GCC-atomic-builtins-for-locking.patch - non-NPTL + implementations were removed with commit + 02615337ef295443daa03233e492194e289a807e + * Drop spice-qxl-locking-fix-for-qemu-kvm.patch - should be unnecessary + as of commit 196a778428989217b82de042725dc8eb29c8f8d8 + * drop patches applied upstream: + - CVE-2011-1751.diff + - virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff + - CVE-2011-2527.patch + - fix-pa-configure.patch + * Refreshed the remaining patches: + - larger_default_ram_size.patch + - CVE-2011-2212-virtqueue-indirect-overflow.patch + - qemuifup-fix-paths.patch + - vpc.patch + * e1000-Dont-set-the-Capabilities-List-bit.patch - switched to the + cherrypicked upstream patch (as the source file changed quite a bit, + and the hand-ported patch backported to 0.14.1 does not apply). + * Drop qemu-kvm-spice (all changes from 0.14.1+noroms-0ubuntu7), it will + need its own source package (LP: #878162) + + -- Serge Hallyn Wed, 19 Oct 2011 08:37:43 -0500 + +qemu-kvm (0.14.1+noroms-0ubuntu7) precise; urgency=low + + * Create new qemu-kvm-spice package (LP: #723796) + - debian/control: add libspice-protocol-dev and libspice-server-dev + to build-depends, and define the qemu-kvm-spice package. + - debian/rules: add a new spice-build target (based on old -static rules): + * add --enable-spice to its configure args + * rename its wanted binaries to *-spice + - debian/qemu-kvm-spice.links and debian/qemu-kvm-spice.dirs: install + kvm-spice and qemu-system-x86_64-spice + + -- Serge Hallyn Mon, 17 Oct 2011 16:22:37 +0000 + +qemu-kvm (0.14.1+noroms-0ubuntu6) oneiric; urgency=low + + * debian/patches/e1000-Dont-set-the-Capabilities-List-bit.patch: Do not set + the Capabilities Pointer to NULL for e1000 ethernet adapter, allows Windows' + PCI/PCI Express Compliance Test to pass. Patch cherry picked from upstream + trunk commit, courtesy of Dann Frazier. (LP: #857746) + + -- Dave Walker (Daviey) Mon, 26 Sep 2011 09:36:22 +0100 + +qemu-kvm (0.14.1+noroms-0ubuntu5) oneiric; urgency=low + + * debian/patches/vpc.patch: detect vpc files which are too big + (LP: #814222) + + -- Serge Hallyn Mon, 12 Sep 2011 11:28:36 -0500 + +qemu-kvm (0.14.1+noroms-0ubuntu4) oneiric; urgency=low + + * Add a line to the extended package description pointing to ipxe for + network installs (LP: #819486) + * Change the qemu-common Suggests from kvm-pxe to ipxe, as ipxe is newer + and is in main. + + -- Serge Hallyn Mon, 12 Sep 2011 10:16:55 -0500 + +qemu-kvm (0.14.1+noroms-0ubuntu3) oneiric; urgency=low + + * debian/patches/etc-qemuifscripts-fix-paths.patch: don't hardcode a path + to brctl in qemu-ifup. (LP: #833475) + * debian/control: move Depends: on bridge-utils from qemu-kvm to + qemu-common. (LP: #835355) + * debian/patches/debian/patches/fix-pa-configure.patch: fix FTBFS. Fix + comes from upstream and will be in 0.15 when merged. (LP: #829492) + + -- Serge Hallyn Mon, 29 Aug 2011 12:23:12 -0500 + +qemu-kvm (0.14.1+noroms-0ubuntu2) oneiric; urgency=low + + * debian/{control,rules}: build with PIE. + + -- Kees Cook Wed, 10 Aug 2011 12:04:15 -0700 + +qemu-kvm (0.14.1+noroms-0ubuntu1) oneiric; urgency=low + + * New upstream release + * Removed patch applied upstream: debian/patches/CVE-2011-1750.diff + + -- Serge Hallyn Tue, 26 Jul 2011 23:06:23 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu9) oneiric; urgency=low + + * SECURITY UPDATE: fix potential privilege escalation via improper group + handling + - debian/patches/CVE-2011-2527.patch: call initgroups() to drop + supplementary group privileges + - CVE-2011-2527 + + -- Jamie Strandboge Tue, 26 Jul 2011 07:51:28 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low + + * SECURITY UPDATE: fix to validate virtqueue in and out requests from the + guests + - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update + hw/virtio.c to verify the length of indirect descriptors in + virtqueue_pop() and virtqueue_avail_bytes() + - CVE-2011-2212 + - LP: #806167 + * SECURITY UPDATE: validate virtio_queue_notify() is non-negative + - virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update + to move comparison out to syborg_virtio_writel(), virtio_ioport_write() + and virtio_queue_notify_vq() and don't call common virtio code if + virtqueue number is invalid. Patch from Debian. + - CVE-2011-2512 + - LP: #806166 + + -- Jamie Strandboge Tue, 05 Jul 2011 13:24:52 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu7) oneiric; urgency=low + + * SECURITY UPDATE: fix heap buffer overflow from unaligned requests + - CVE-2011-1750 + * SECURITY UPDATE: verify no_hotplug attribute when handling hot-unplug + requests + - CVE-2011-1751 + + -- Jamie Strandboge Sun, 29 May 2011 09:22:55 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu6) oneiric; urgency=low + + * We need a versioned depend on vgabios to ensure the files we link to + exist. (LP: #783864) + + -- Serge Hallyn Tue, 24 May 2011 10:09:01 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu5) oneiric; urgency=low + + * Add libattr1-dev to build-depends to enable use of 9p virtfs (LP: #782973) + + -- Serge Hallyn Mon, 16 May 2011 09:53:15 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu4) natty; urgency=low + + *LP: #719174 + Typo corrected + + -- Bhaveek Desai Fri, 18 Mar 2011 21:06:54 +0530 + +qemu-kvm (0.14.0+noroms-0ubuntu3) natty; urgency=low + + * debian/qemu-common.links: symlink all of the vgabios bin files into + the qemu expected paths, LP: #736351 + + -- Dustin Kirkland Wed, 16 Mar 2011 21:20:14 -0500 + +qemu-kvm (0.14.0+noroms-0ubuntu2) natty; urgency=low + + * debian/qemu-kvm.default: per popular request, reduce the ksm sleep + milliseconds to 200ms, LP: #578930 + + -- Dustin Kirkland Wed, 09 Mar 2011 11:21:40 +0000 + +qemu-kvm (0.14.0+noroms-0ubuntu1) natty; urgency=low + + * Merge qemu-kvm 0.14.0 + * debian/rules: get DEB_HOST_ARCH from dpkg-architecture. Otherwise + it is empty, resulting in kvm being not enabled + * debian/rules: re-enable parallel builds + + -- Serge Hallyn Tue, 08 Mar 2011 10:10:49 -0600 + +qemu-kvm (0.14.0~rc1+noroms-0ubuntu4) natty; urgency=low + + * Apply spice-qxl-locking-fix-for-qemu-kvm.patch to fix bug with -qxl. + (LP: #723871) + + -- Serge Hallyn Tue, 01 Mar 2011 11:12:44 -0600 + +qemu-kvm (0.14.0~rc1+noroms-0ubuntu3) natty; urgency=low + + * control: fix description of dummy qemu and kvm packages to mention + "qemu-kvm" and not "kvm-qemu". + * control: add armhf in the list of architectures along armel. + * rules: test whether DEB_HOST_ARCH_CPU is arm instead of testing whether + DEB_HOST_ARCH is arm or armel; this fixes support for armhf. + + -- Loïc Minier Wed, 16 Feb 2011 09:58:03 +0100 + +qemu-kvm (0.14.0~rc1+noroms-0ubuntu2) natty; urgency=low + + * debian/rules: place --fno-var-tracking back into CFLAGS for arm, so + as to prevent out of memory. (LP: #693341) + + -- Serge Hallyn Tue, 15 Feb 2011 20:37:56 -0600 + +qemu-kvm (0.14.0~rc1+noroms-0ubuntu1) natty; urgency=low + + [ Serge Hallyn ] + * Merge qemu-kvm 0.14.0-rc1 + * removed all rom's + * removed tests/pi_10.com as it's binary data + * removed 697197-fix-vnc-password-semantics.patch in favor of upstream fix + * removed caps-lock-key-up-event.patch - upstream commit + 9a121a2fbf88dd1bc869b1ac2449dc12c27cccfa is supposed to fix it + - bdrung to verify + * removed 1000-undo-earlier-static.patch + - re-add if build fails - but we no longer do static build + * removed 2000-vmmouse-adapt-to-mouse-handler-changes.patch, now upstream + * removed arm patches - qemu-kvm now only offers x86 and ppc emulation + - qemu-user provides armel + * kvmtrace_format is now shipped with different tree. + + [ Dustin Kirkland ] + * Re-roll tarball, adding ~rc1 to version, so that the official GA release + will supercede these rc's + * debian/control: bump standards versions, remove redundant depends on + adduser, update section to misc + * debian/rules: drop qemu-system-ppc64 from the build, as this is in + qemu-linaro now, LP: #717690 + * debian/copyright: embed the BSD license, per lintian + + [ Steve Langasek ] + * debian/rules: drop the binfmt-misc handling; we're not building any + static user binaries from this source, so this is just noise. + * debian/rules: $INSTALL_PROGRAM is never set, so modifying it is + pointless. Delete this as well. + * build qemu-kvm package on all archs; this is the authoritative package + for x86 system emulators, so we only have to deal with the bios + dependencies in one place. + * don't run 'make install' in kvm/libkvm directory, this is a no-op anyway. + + -- Serge Hallyn Mon, 14 Feb 2011 07:50:16 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu15) natty; urgency=low + + [ Dustin Kirkland ] + * debian/binfmts/qemu-alpha, debian/binfmts/qemu-arm, + debian/binfmts/qemu-armeb, debian/binfmts/qemu-cris, + debian/binfmts/qemu-i386, debian/binfmts/qemu-m68k, + debian/binfmts/qemu-microblaze, debian/binfmts/qemu-mips, + debian/binfmts/qemu-mipsel, debian/binfmts/qemu-ppc, + debian/binfmts/qemu-ppc64, debian/binfmts/qemu-ppc64abi32, + debian/binfmts/qemu-sh4, debian/binfmts/qemu-sh4eb, + debian/binfmts/qemu-sparc, debian/binfmts/qemu-sparc32plus, + debian/binfmts/qemu-sparc64, debian/binfmts/qemu-x86_64, + debian/control, debian/qemu-arm-static.postinst, debian/qemu-kvm- + extras.dirs, debian/qemu-kvm-extras.links, debian/qemu-kvm-extras- + static.dirs, debian/qemu-kvm-extras-static.postinst, debian/qemu- + kvm-extras-static.postrm, debian/qemu-kvm-extras-static.preinst, + debian/qemu-kvm-extras-static.prerm, debian/qemu-kvm-extras- + static.sysctl, debian/qemu-kvm-extras-static.sysctl.amd64, + debian/rules, === removed directory debian/binfmts: + - massive simplification of the qemu-kvm build, now that qemu-linaro + provides all of the system emulation for non-accelerated architectures, + ie, those other than [i386, amd64, powerpc] + - specify the i386, amd64, ppc64 targets + + [ Steve Langasek ] + * Rename qemu-user manpage to qemu-kvm so that qemu-linaro can take over + the more generic name. + + -- Dustin Kirkland Fri, 11 Feb 2011 15:07:04 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu14) natty; urgency=low + + * Pass -fno-var-tracking on armel to hopefully reduce memory consumption. + (LP: #693341) + + -- Serge Hallyn Tue, 08 Feb 2011 14:41:39 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu13) natty; urgency=low + + [ Neil Wilson ] + * SECURITY UPDATE: Setting VNC password to empty string silently + disables all authentication (LP: #697197) + - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the + change introduced in Qemu by git commit 52c18be9 + - CVE: 2011-0011 + + [ Dustin Kirkland ] + * Updated patch to reflect the move of vnc.c to ui/vnc.c + + -- Dustin Kirkland Fri, 11 Feb 2011 09:53:19 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu12) natty; urgency=low + + * Move creation of group kvm to qemu-kvm.preinst from .postinst, so that + /dev/kvm can be created owned by group kvm. I also removed '|| true' + from the addgroup line, because if that fails, package install should + fail. (LP: #705509) + + -- Serge Hallyn Thu, 20 Jan 2011 11:11:03 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu11) natty; urgency=low + + * Specify version for the kvm Conflicts. Otherwise installing 'kvm' + fails since it depends on qemu-kvm, then conflicts with itself. + (LP: #701288) + + -- Serge Hallyn Mon, 10 Jan 2011 17:34:28 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu10) natty; urgency=low + + [ Serge Hallyn ] + * specify in configuration that we want documentation and add the + needed build-depends, so we get qemu.1 manpage. (LP: #675753) + + -- Dustin Kirkland Mon, 06 Dec 2010 19:36:07 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu9) natty; urgency=low + + [ Serge Hallyn ] + * debian/qemu-kvm.upstart: don't load the kernel modules if the package + has been removed but the upstart jobs still exists. (LP: #292588) + (Originally by Felix Geyer ) + + -- Dustin Kirkland Mon, 29 Nov 2010 13:47:03 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu8) natty; urgency=low + + * Add caps-lock-key-up-event.patch to enable normal up/down events for + Caps-Lock and Num-Lock keys by setting SDL_DISABLE_LOCK_KEYS (which + requires SDL > 1.2.14). This fixes handling of capslock when capslock is + mapped to something else in host system. (LP: #427612) + + -- Benjamin Drung Wed, 24 Nov 2010 21:46:44 +0100 + +qemu-kvm (0.13.0+noroms-0ubuntu7) natty; urgency=low + + [ Colin Watson ] + * Remove "flags: OC" from binfmt files; update-binfmts happens to ignore + it, but it's out of spec for the file format. + + -- Loïc Minier Mon, 22 Nov 2010 16:34:15 +0100 + +qemu-kvm (0.13.0+noroms-0ubuntu6) natty; urgency=low + + * 0.13.0+noroms-0ubuntu5 accidentally reverted changes from + 0.13.0+noroms-0ubuntu4 and 0.13.0+noroms-0ubuntu3; revert this revert. + * debian/rules: filter static versions of qemu-linux-user binaries with + qemu-[a-z0-9_]+ when renaming them as otherwise we install qemu-malloc.d + and qemu-malloc.o. + * Add a comment in rules for the changes in 0.13.0+noroms-0ubuntu5. + + -- Loïc Minier Sun, 21 Nov 2010 18:24:15 +0100 + +qemu-kvm (0.13.0+noroms-0ubuntu5) natty; urgency=low + + * Don't allow parallel build of kvm, as it is rumored to be the + cause of error compilations, including 'qemu-host.h not found' + + -- Serge Hallyn Tue, 16 Nov 2010 17:45:13 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu4) natty; urgency=low + + * debian/patches/2000-vmmouse-adapt-to-mouse-handler-changes.patch, + debian/patches/series: apply changes from upstream to make mouse + work again, LP: #675749 + + -- Serge Hallyn Mon, 15 Nov 2010 21:34:37 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu3) natty; urgency=low + + * qemu-debootstrap: + - Allow for empty script argument; thanks Cody Somerville and + Michael Hudson. + - Fix bogus usage of log() instead of warn(); thanks Cody Somerville. + + -- Loïc Minier Thu, 11 Nov 2010 16:26:14 +0100 + +qemu-kvm (0.13.0+noroms-0ubuntu2) natty; urgency=low + + * debian/control: fix broken install/upgrades of kvm, LP: #673559, + versioned conflicts/replaces are not necessary + + -- Dustin Kirkland Wed, 10 Nov 2010 10:05:02 -0600 + +qemu-kvm (0.13.0+noroms-0ubuntu1) natty; urgency=low + + * New upstream release + * Remove patches which have been applied upstream: + * 05_improve-qemu-img-errors.patch + * arm-host-fix-compiler-warning.patch + * check-for-invalid-initrd-file.patch + * fix-CMOS-info-for-drives-defined-with--device.patch + * linux-user-do-not-warn-for-missing-pselect6.patch + * scm-rights-fd.patch + * Added a patch to revert a commit which caused configure + to test compilations with -static. This caused configure + to fail bc of unresolved dependencies in libsasl. + * Remove binary roms + + -- Serge Hallyn Wed, 20 Oct 2010 15:31:32 -0500 + +qemu-kvm (0.12.5+noroms-0ubuntu7) maverick; urgency=low + + * Resurrect arm-host-fix-compiler-warning patch, applied in + 0.12.3-0ubuntu2 but dropped in 0.12.4+noroms-0ubuntu1; this is in git + HEAD but wasn't in the 0.12.5 release, and we need it to build on armel. + + -- Colin Watson Thu, 30 Sep 2010 13:03:19 +0100 + +qemu-kvm (0.12.5+noroms-0ubuntu6) maverick; urgency=low + + * debian/fix-CMOS-info-for-drives-defined-with--device.patch: make sure + the CMOS knows about the correct geometry so Windows XP installs + properly. (LP: #586175) + + -- Marc Deslauriers Wed, 15 Sep 2010 19:48:15 -0400 + +qemu-kvm (0.12.5+noroms-0ubuntu5) maverick; urgency=low + + * Apply patch to fix the lack of error checking when opening + an initrd file. (LP: #619302) + + -- Serge Hallyn Mon, 30 Aug 2010 12:49:47 -0500 + +qemu-kvm (0.12.5+noroms-0ubuntu4) maverick; urgency=low + + * debian/patches/05_improve-qemu-img-errors.patch: Reintroduced and + refreshed patch as it seems this wasn't resolved upsteam. (LP: #623830) + + -- Dave Walker (Daviey) Wed, 25 Aug 2010 13:04:17 +0100 + +qemu-kvm (0.12.5+noroms-0ubuntu3) maverick; urgency=low + + * debian/rules, debian/control: enable vnc sasl in the build, LP: #621639 + + -- Dustin Kirkland Tue, 24 Aug 2010 09:56:34 -0400 + +qemu-kvm (0.12.5+noroms-0ubuntu2) maverick; urgency=low + + * qemu-debootstrap: don't use qemu for lpia if not required (LP: #534155) + + -- Emmet Hikory Tue, 17 Aug 2010 12:54:17 +0200 + +qemu-kvm (0.12.5+noroms-0ubuntu1) maverick; urgency=low + + * New upstream release + * Removed patch which is now upstream: + 0001-Fix-missing-symbols-in-.rel-.rela.plt-sections.patch + + -- Serge Hallyn Tue, 10 Aug 2010 08:51:54 -0500 + +qemu-kvm (0.12.4+noroms-0ubuntu9) maverick; urgency=low + + * qemu-debootstrap: test that the debootstrap command is available, and + suggest installing the debootstrap package otherwise. + * Add a Recommends on debootstrap. + + -- Loïc Minier Mon, 09 Aug 2010 05:40:06 -0400 + +qemu-kvm (0.12.4+noroms-0ubuntu8) maverick; urgency=low + + * qemu-debootstrap: add support for armhf port; I now realize that this + script should query dpkg-architecture instead. + + -- Loïc Minier Sat, 07 Aug 2010 15:14:24 -0400 + +qemu-kvm (0.12.4+noroms-0ubuntu7) maverick; urgency=low + + * debian/patches/linux-user-do-not-warn-for-missing-pselect6.patch: + Avoid showing unsupported syscall: 335 for pselect. This was fixed for + lucid with the pselect patch, but upstream decided not to apply it as it + it can't guaranty the atomicity for all distros. This patch is backported + from upstream, as they decided to just remove the warn for it (LP: #610742) + + -- Ricardo Salveti de Araujo Wed, 28 Jul 2010 02:56:04 -0300 + +qemu-kvm (0.12.4+noroms-0ubuntu6) maverick; urgency=low + + * New patch, arm-ignore-writes-of-perf-reg-cp15-with-crm-12, on ARMv7, + ignore writes to cp15 with crm == 12; these are to setup perf + counters which we don't have; LP: #570456. + + -- Loïc Minier Mon, 26 Jul 2010 15:04:23 +0200 + +qemu-kvm (0.12.4+noroms-0ubuntu5) maverick; urgency=low + + * Re-add patch Detect-and-use-GCC-atomic-builtins-for-locking from + 0.12.2-0ubuntu6arm1 (0.12.2-0ubuntu7) since it was not merged upstream and + is sitll needed to build qemu-kvm in thumb mode on armel; LP: #605252. + + -- Loïc Minier Fri, 16 Jul 2010 23:06:00 +0200 + +qemu-kvm (0.12.4+noroms-0ubuntu4) maverick; urgency=low + + * merge patch from upstream to fix multiboot.bin (LP: #598649) + + -- Serge Hallyn Mon, 28 Jun 2010 10:44:44 -0500 + +qemu-kvm (0.12.4+noroms-0ubuntu3) maverick; urgency=low + + * debian/patches/scm-rights-fd.patch: backport patch from upstream to + stash away SCM_RIGHTS fd until a getfd command arrives. This is required + for attach of network devices in libvirt 0.8.1 and higher. + - e53f27b9d9df73461308618151fa6e6392aebd85 + + -- Jamie Strandboge Wed, 16 Jun 2010 11:05:40 -0500 + +qemu-kvm (0.12.4+noroms-0ubuntu2) maverick; urgency=low + + * debian/qemu-kvm.links: LP: #594888, add a symlink, + /usr/bin/qemu-system-i386 -> /usr/bin/qemu + + -- Dustin Kirkland Tue, 15 Jun 2010 23:16:36 -0500 + +qemu-kvm (0.12.4+noroms-0ubuntu1) maverick; urgency=low + + * New upstream release. + * add block from kees to debian/rules to parallelize make + * Removed patches which have been merged. + * Removed the capslock patch because capslock isn't behaving + right for me in 0.12.3 with the patch anyway, probably bc the + underlying SDL has been fixed. Original patch was for LP: #427612. + + -- Serge Hallyn Fri, 11 Jun 2010 11:58:47 -0500 + +qemu-kvm (0.12.3+noroms-0ubuntu9) lucid; urgency=low + + * Architecture-specific fixes (LP: #568904) + - debian/rules: configure with --disable-kvm on powerpc to fix FTBFS + - debian/control: Disable arch:any stuff on ia64: no qemu/kvm support anyway + + -- Emmet Hikory Fri, 23 Apr 2010 18:45:55 +0900 + +qemu-kvm (0.12.3+noroms-0ubuntu8) lucid; urgency=low + + * debian/qemu-kvm-extras-static.postrm, .postinst: use "invoke-rc.d procps + start" instead of "start procps" to honor policy-rc.d and hence be + chroot-safe. + + -- Loïc Minier Tue, 20 Apr 2010 13:12:08 +0200 + +qemu-kvm (0.12.3+noroms-0ubuntu7) lucid; urgency=low + + * debian/qemu-kvm-extras.links: link .1.gz man pages instead of .1 man + pages; dh_compress usually gets it right when the files are in the same + package, but not here with cross-package links. + + -- Loïc Minier Tue, 20 Apr 2010 10:15:20 +0200 + +qemu-kvm (0.12.3+noroms-0ubuntu6) lucid; urgency=low + + * debian/qemu-kvm.upstart: fix logic that was preventing upstart + job from starting properly, LP: #559896 + + -- Dustin Kirkland Sat, 10 Apr 2010 11:06:47 -0500 + +qemu-kvm (0.12.3+noroms-0ubuntu5) lucid; urgency=low + + * debian/qemu-kvm.default: allow the kernel to determine the default, + comment out the configuration option, but leave it there so as to + be discoverable; seems that 2000 sleep-millisecs renders KSM basically + useless + + -- Dustin Kirkland Fri, 02 Apr 2010 16:35:05 -0500 + +qemu-kvm (0.12.3+noroms-0ubuntu4) lucid; urgency=low + + * debian/patches/SDL-wrong-behaviour-of-caps-lock.patch: + Qemu does not pass pressed capslock to client, LP: #427612 + + -- Benjamin Drung Thu, 01 Apr 2010 00:22:02 +0200 + +qemu-kvm (0.12.3+noroms-0ubuntu3) lucid; urgency=low + + * debian/qemu-kvm.default, debian/qemu-kvm.upstart: + raise the default sleep between kernel same-page merging + (KSM) from 20 milliseconds to 2000 milliseconds, LP: #550985 + + -- Dustin Kirkland Mon, 29 Mar 2010 11:35:44 -0500 + +qemu-kvm (0.12.3+noroms-0ubuntu2) lucid; urgency=low + + * debian/control: ensure that qemu-common replaces qemu-kvm, since + it has the common keymaps and other functionality, LP: #545741 + + -- Dustin Kirkland Wed, 24 Mar 2010 10:13:01 -0700 + +qemu-kvm (0.12.3+noroms-0ubuntu1) lucid; urgency=low + + * Re-roll the orig tarball, after having manually deleted the included + binary-only bios rom blobs who source was not also included in the + package, LP: #541524; the following files were removed: + - pc-bios/bios.bin + - pc-bios/linuxboot.bin + - pc-bios/multiboot.bin + - pc-bios/openbios-ppc + - pc-bios/openbios-sparc + - pc-bios/openbios-sparc32 + - pc-bios/openbios-sparc64 + - pc-bios/ppc_rom.bin + - pc-bios/pxe-e1000.bin + - pc-bios/pxe-i82559er.bin + - pc-bios/pxe-ne2k_pci.bin + - pc-bios/pxe-pcnet.bin + - pc-bios/pxe-rtl8139.bin + - pc-bios/pxe-virtio.bin + - pc-bios/vapic.bin + - pc-bios/vgabios.bin + - pc-bios/vgabios-cirrus.bin + - pc-bios/video.x + * debian/control: + - qemu-common goes back to depending on vgabios and seabios + - suggest mol-drivers-macosx, which is in multiverse, and provides + video.x (when that package actually builds) + - suggest openbios-sparc, which is in universe, and provides the + powerpc/sparc openbios roms (when that package actually builds) + * debian/links: + - put links in place for the external seabios and vgabios blobs + * debian/patches/larger_default_ram_size.patch: increase the default + mem size for virtual machines from the mostly unusable 128M to 384M, + which most modern distros require + + -- Dustin Kirkland Mon, 22 Mar 2010 18:14:30 -0700 + +qemu-kvm (0.12.3-0ubuntu17) lucid; urgency=low + + * qemu-debootstrap: test for basename part of $0 to enable build-arm-chroot + compat mode. + * New patch, arm-higher-initrd-load-addr, set INITRD_LOAD_ADDR to 0x00d00000 + instead of 0x00800000 as to leave enough room for our piggish vmlinuz + + its decompressed counterpart; should fix initramfs and initrd support; + thanks Jason Andrews; LP: #524893. + + -- Loïc Minier Sat, 20 Mar 2010 10:30:21 +0100 + +qemu-kvm (0.12.3-0ubuntu16) lucid; urgency=low + + * debian/rules: need to dh_link in binary-indep to create the ifup/ifdown + links, LP: #540218 + + -- Dustin Kirkland Wed, 17 Mar 2010 14:23:55 -0500 + +qemu-kvm (0.12.3-0ubuntu15) lucid; urgency=low + + * debian/patches/block_avoid_creating_too_large_iovecs_in_multiwrite_merge.patch: + - block: avoid creating too large iovecs in multiwrite_merge, + fixes LP: #511620, cherry pick from upstream git + + -- Dustin Kirkland Fri, 12 Mar 2010 13:30:30 -0600 + +qemu-kvm (0.12.3-0ubuntu14) lucid; urgency=low + + * debian/rules: ensure that the upstart job starts on package install, + LP: #537682 + + -- Dustin Kirkland Thu, 11 Mar 2010 19:20:54 -0600 + +qemu-kvm (0.12.3-0ubuntu13) lucid; urgency=low + + * Rename the default debhelper files to qemu-kvm.*, makes the namespace + a little more managable as we split this source package up into better + logical binary packages + - debian/postinst -> debian/qemu-kvm.postinst + - debian/doc -> debian/qemu-common.doc + - debian/links -> debian/qemu-kvm.links + - debian/install -> debian/qemu-kvm.install + - debian/upstart -> debian/qemu-kvm.upstart + * debian/qemu-common.install, debian/qemu-common.links, debian/control: + - new binary package that contains the architecture independent and + common files (bios roms, keymaps, documentation, and scripts) + * debian/rules: + - populate the binary-indep action to handle the qemu-common package + - manually prune the keymaps from qemu-kvm, since qemu-common contains + these now + * debian/kvm-ok, debian/control: move the kvm-ok script over to the + cpu-checker package, and recommend this package, LP: #429443 + + -- Dustin Kirkland Mon, 08 Mar 2010 17:18:13 -0600 + +qemu-kvm (0.12.3-0ubuntu12) lucid; urgency=low + + * debian/install: install the two necessary ppc bios files, LP: #60478; + note that these should eventually move to a qemu-common package + + -- Dustin Kirkland Mon, 08 Mar 2010 15:08:17 -0600 + +qemu-kvm (0.12.3-0ubuntu11) lucid; urgency=low + + * debian/control: build depend on libaio-dev, to enable a nice performance + improvement when running preallocated raw disks or block device backing + disks, LP: #534273 + + -- Dustin Kirkland Mon, 08 Mar 2010 12:10:36 -0600 + +qemu-kvm (0.12.3-0ubuntu10) lucid; urgency=low + + * Drop build-arm-chroot and add new qemu-debootstrap script as an + arch-neutral replacement; ship a build-arm-chroot -> qemu-debootstrap + symlink; qemu-debootstrap works as build-arm-chroot used to when called as + "build-arm-chroot" but will print a deprecation warning. + + -- Loïc Minier Sun, 07 Mar 2010 16:39:47 +0100 + +qemu-kvm (0.12.3-0ubuntu9) lucid; urgency=low + + * debian/postinst: slightly cleaner handling of old conffile cleanup + + -- Dustin Kirkland Sat, 06 Mar 2010 17:21:19 -0600 + +qemu-kvm (0.12.3-0ubuntu8) lucid; urgency=low + + * debian/postinst: test file's existence before removing, and use a bigger + hammer, LP: #533249 + + -- Dustin Kirkland Sat, 06 Mar 2010 11:35:17 -0600 + +qemu-kvm (0.12.3-0ubuntu7) lucid; urgency=low + + * debian/postinst: only prune dirs if empty + + -- Dustin Kirkland Sat, 06 Mar 2010 00:11:07 -0600 + +qemu-kvm (0.12.3-0ubuntu6) lucid; urgency=low + + [ Dustin Kirkland ] + * debian/postinst: clean up jaunty-era conffiles on upgrade, LP: #455411 + * debian/links, debian/qemu-kvm-extras.links: install non-x86 arch + manpages in the qemu-kvm-extras package, LP: #478552 + + [ Brian Thomason ] + * debian/patches/better_describe_-net_options.patch: improve port + forwarding documentation, LP: #474969, LP: #453617 + + -- Dustin Kirkland Fri, 05 Mar 2010 18:39:19 -0600 + +qemu-kvm (0.12.3-0ubuntu5) lucid; urgency=low + + * debian/install, debian/control: use the bios bin's shipped with + qemu-kvm, rather than those provided by vgabios and seabios (for now); + we're seeing issues building and using the versions of vgabios and + seabios in the archive; the ones shipped with qemu-kvm are those + "recommended" and known to work by upstream; when we converge on a + new package with debian for lucid+1, we should revisit this. + LP: #513273 + + -- Dustin Kirkland Thu, 04 Mar 2010 16:53:17 -0600 + +qemu-kvm (0.12.3-0ubuntu4) lucid; urgency=low + + * debian/links: fix broken manpage symlink, LP: #472969 + + -- Dustin Kirkland Mon, 01 Mar 2010 18:49:23 -0600 + +qemu-kvm (0.12.3-0ubuntu3) lucid; urgency=low + + * debian/rules: prefer pa over alsa by default (reverting one of Loic's + changes below, and creating a minor diff with Debian--we should + perhaps try to convince them to default to pulseaudio?) + + -- Dustin Kirkland Mon, 01 Mar 2010 16:59:39 -0600 + +qemu-kvm (0.12.3-0ubuntu2) lucid; urgency=low + + * New patch, arm-host-fix-compiler-warning, drops __arm__ specific code + which was probably FPA specific (certainly not ARM/VFP) and was dropped + upstream in bc4347b883e8175dadef77ed9e02ccaa5e8eba94; helps build on + armel. + * Configure builds with --disable-strip to get useful -dbgsym packages. + * Also configure the static build with --disable-blobs and + --audio-drv-list=. + * Configure builds with --interp-prefix=/etc/qemu-binfmt/%M as to allow + overriding shared libs etc. with files over there; this matches Debian's + config. + * Match Debian's audio-drv-list to only build ALSA on linux. + * Also filter-out config-host.mak when copying files to the static build dir + to avoid a race if the build is interrupted before the static configure + has run. + * After careful examination, drop TARGET_SYSTEM_TCG and TARGET_LINUX_TCG; + the upstream configure turns all these on by default plus one recently + added architecture (microblaze) which proves that this list can't be kept + up-to-date. Also drop ia64 specific settings -- the ia64 build doesn't + pass in Ubuntu ATM anyway, and Debian doesn't special ia64, so it can only + help, right? Do however pass --target-list="" for now as the current + upstream configure sets x86_64-softmmu as the default. + * Also drop TARGET_STATIC_TCG and pass --disable-system; this will turn off + all softmmu targets and do the right thing; while this will increase the + size of the binary package, this will also permit development towards + other targets such as powerpc, or running x86 binaries from ARM. Also + pass --target-list="". + * Drop unused QEMU_EXE and BUILD_CPU vars. + * Add more binfmts, copied from the Debian qemu package but modified to + point at the qemu-kvm-extras-static package instead of qemu-user-static + and to set "credentials yes"; also dropped spurious trailing newlines on + some of them. Copy the logic to set BINFMT_TARGETS from the Debian + package as well. + * Create qemu-kvm-extras dirs via debian/*.dirs instead of mkdir. + * Depend on $(QUILT_STAMPFN) instead of patch to avoid rebuilding everything + every time. + + -- Loïc Minier Sat, 27 Feb 2010 11:59:10 +0100 + +qemu-kvm (0.12.3-0ubuntu1) lucid; urgency=low + + * Merge upstream stable release (bug fixes only) + + -- Dustin Kirkland Fri, 26 Feb 2010 16:26:00 -0600 + +qemu-kvm (0.12.2-0ubuntu8) lucid; urgency=low + + * debian/binfmts/qemu-arm: add "credentials yes" to allow running setuid + binaries in their security context with qemu-arm-static as the binary + interpreter, for instance sudo; bump binfmt-support dep to >= 1.2.17. + + -- Loïc Minier Fri, 19 Feb 2010 15:18:52 +0100 + +qemu-kvm (0.12.2-0ubuntu7) lucid; urgency=low + + * Replace patch Don-t-bark-for-syscalls-missing-in-linux-too with patch + This-patch-adds-support-for-the-pselect-syscall-in-l from the upstream + mailing-list from Michael Casadevall and acked by Riku Voipio to add + pselect6() syscall; LP: #520480. + + -- Loïc Minier Thu, 18 Feb 2010 14:08:33 +0100 + +qemu-kvm (0.12.2-0ubuntu6arm1) lucid; urgency=low + + * New patch, Detect-and-use-GCC-atomic-builtins-for-locking, detects support + for gcc atomic builtins and uses them for locking; helps build on armel + where swp isn't available in thumb(2) mode; this patch needs some testing + on various platforms, so not submitted upstream yet; LP: #514252. + * New patch, Don-t-bark-for-syscalls-missing-in-linux-too, implements stubs + for pselect6(), ppoll(), and epoll_wait() on ARM to avoid the console + getting spammed by "qemu: Unsupported syscall: 335" when installing + packages under qemu-arm; needs some testing on arm, so not submitted + upstream yet; LP: #520480. + + -- Loïc Minier Thu, 11 Feb 2010 17:53:55 +0100 + +qemu-kvm (0.12.2-0ubuntu6) lucid; urgency=low + + * debian/upstart: complete the enable/disable KSM support + + -- Dustin Kirkland Sat, 06 Feb 2010 10:23:00 -0800 + +qemu-kvm (0.12.2-0ubuntu5) lucid; urgency=low + + * debian/default/qemu-kvm, debian/upstart: + - provide a mechanism for disabling KSM conveniently + - improve the logic in the upstart scripts + + -- Dustin Kirkland Sat, 06 Feb 2010 09:46:25 -0800 + +qemu-kvm (0.12.2-0ubuntu4) lucid; urgency=low + + * debian/qemu-kvm-extras-static.prerm: also update-binfmt --remove on + upgrade as I believe was originally intended by registering the format in + postinst/configure. + * Readd debian/qemu-arm-static.postinst to also update-binfmt --remove the + old format since old binary packages wont do that properly; also do this + in debian/qemu-kvm-extras-static.postinst for people who already removed + debian/qemu-arm-static. + + -- Loïc Minier Sat, 06 Feb 2010 10:19:46 +0100 + +qemu-kvm (0.12.2-0ubuntu3) lucid; urgency=low + + * debian/init, debian/upstart: + - migrate sysvinit script to upstart + - enable ksm by default in Ubuntu + * debian/control: depend on seabios now that it's in main, LP: #508870 + + -- Dustin Kirkland Fri, 05 Feb 2010 23:12:29 -0800 + +qemu-kvm (0.12.2-0ubuntu2) lucid; urgency=low + + * Rename package qemu-arm-static to qemu-kvm-extras-static for consistency + and to avoid hardcoding the arch name in the package. Add a transitional + package. Move conffile in new package preinst and use the occasion to + prefix it with "30-", according to /etc/sysctl.d/README. + * Rename arm binfmt to qemu-arm. + * Use start procps upstart task to reapply all /etc/sysctl.d in + postinst/configure but also in postrm/purge; unfortunately, the settings + will remain applied as long as the package is in the removed state; see + LP #515706. + * Add ${misc:Depends} and tweak descriptions of transitional packages to + keep lintian happy. + + -- Loïc Minier Mon, 01 Feb 2010 20:48:05 +0100 + +qemu-kvm (0.12.2-0ubuntu1) lucid; urgency=low + + * Merge upstream release + + -- Dustin Kirkland Thu, 21 Jan 2010 16:22:13 +1300 + +qemu-kvm (0.12.1.2-0ubuntu2) lucid; urgency=low + + * debian/links: drop the seabios link (temporarily) until it gets + promoted to main + + -- Dustin Kirkland Thu, 21 Jan 2010 10:48:03 +1300 + +qemu-kvm (0.12.1.2-0ubuntu1) lucid; urgency=low + + * Merge from upstream + - debian/rules: + + drop bios hacks, as we now depend on vgabios + + align our configure line more closely with fedora, preferring pa + for audio (let's give this another try, might need to revert by + Lucid Beta), and accepting the project defaults for audio hw + - debian/control: depend on vgabios, LP: #181876 + - debian/patches/*: drop patches now included upstream + + 02_extboot_build_fixes.patch + + 05_improve-qemu-img-errors.patch + + 06_set_sdl_title.patch + + 07_right_ctrl_grab.patch + + 08_fix_qemu-ifup.patch + + 09_qemu-fix-qcow2-backing-file-with-virtio.patch + + 10_fix_scsi_hotplug.patch + + 11_fix_virtio-blk_hot_add_after_remove.patch + + 12_whitelist_host_virtio_networking_features.patch + + 60_armv4l-typo.patch + - debian/patches/*: apply two patches from Loic Minier, both submitted + and acked by upstream (should be dropped in a future merge) + + 0001-linux-user-adapt-uname-machine-to-emulated-CPU.patch + + 0001-Fix-missing-symbols-in-.rela.plt-sections.patch + - debian/install, debian/links: install the necessary bios roms; + when seabios gets promoted to main, we should depend on it, and use + its bios.bin instead of this one + + -- Dustin Kirkland Wed, 20 Jan 2010 17:54:24 +1300 + +qemu-kvm (0.11.0-0ubuntu6.3) karmic-security; urgency=low + + * SECURITY UPDATE: linux <= 2.6.25 guests (e.g. hardy) with virtio + networking are subject to DoS by qemu-kvm application crash; + the crash can be remotely triggered by a malicious user flooding any + open network port (LP: #458521) + - debian/patches/12_whitelist_host_virtio_networking_features.patch: + fix accounting of virtio networking features available to make + available to the guests + - CVE-2009-XXXX + * debian/kvm-ok: check for other common reasons why KVM might not be + usable, LP: #452323 + * debian/control: build-depend on libcurl devel, to allow booting from + ISOs over http, LP: #453441 + + -- Dustin Kirkland Thu, 29 Oct 2009 11:36:18 -0500 + +qemu-kvm (0.11.0-0ubuntu6) karmic; urgency=low + + * debian/control: Version the conflicts/replaces with qemu and kvm so that + the transitional packages are actually installable (LP: #455114) + + -- Thierry Carrez Mon, 19 Oct 2009 11:32:12 +0200 + +qemu-kvm (0.11.0-0ubuntu5) karmic; urgency=low + + [ Dustin Kirkland ] + * debian/patches/10_fix_scsi_hotplug.patch: cherry-pick patch from + upstream to fix scsi hotplug regression, LP: #432154 + * debian/patches/11_fix_virtio-blk_hot_add_after_remove.patch: cherry-pick + patch from upstream to fix virtio hotplug add/remove, LP: #419590 + + [ James Westby ] + * Add transitional kvm and qemu packages, LP: #451508 + - Force the kvm package version to be higher so that it supercedes that + from the kvm source. Thanks to Steve Langasek and Michael Vogt + + -- Dustin Kirkland Wed, 14 Oct 2009 11:35:27 -0500 + +qemu-kvm (0.11.0-0ubuntu4) karmic; urgency=low + + * qemu-arm-static: build-arm-chroot script + - add copyright headers + - parse cmdline to determine the chroot path so debootstrap gets options + handed over properly + - add check if --arch is set to make it easy to re-use it for other arches + in the future + - code cleanup + - drop the success message, debootstrap already notifies us here + + -- Oliver Grawert Wed, 14 Oct 2009 11:44:28 +0200 + +qemu-kvm (0.11.0-0ubuntu3) karmic; urgency=low + + * debian/patches/10_qemu-allow-pulseaudio-to-be-the-default.patch: + revert this patch, as the effect is actually contrary to what's + desired and regressed LP: #304649 + + -- Dustin Kirkland Mon, 12 Oct 2009 22:33:13 -0500 + +qemu-kvm (0.11.0-0ubuntu2) karmic; urgency=low + + * debian/patches/09_qemu-fix-qcow2-backing-file-with-virtio.patch: + cherry-pick patch from Fedora, fix virtio/qcow2 issues, LP: #420423 + * debian/patches/10_qemu-allow-pulseaudio-to-be-the-default.patch: + needed to complete the fix for LP: #304649 + * debian/control: improve description of qemu-kvm-extras, LP: #448655 + + -- Dustin Kirkland Sun, 11 Oct 2009 13:16:11 -0500 + +qemu-kvm (0.11.0-0ubuntu1) karmic; urgency=low + + * Merge upstream GA qemu-kvm-0.11 to replace rc2, LP: #438912 + * debian/patches/04_fix-no-kvm-segfault.patch: dropped, included + upstream + + -- Dustin Kirkland Tue, 29 Sep 2009 14:14:35 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu12) karmic; urgency=low + + * Really disable vm.vdso_enabled in debian/qemu-arm-static.sysctl.amd64. + + -- Loïc Minier Thu, 24 Sep 2009 07:37:19 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu11) karmic; urgency=low + + * Allow debian/qemu-arm-static.sysctl.$(DEB_BUILD_ARCH) to override + debian/qemu-arm-static.sysctl and add an amd64 version which doesn't set + vm.vdso_enabled since that's not available on x86-64. + * Drop useless uses of CURDIR from install target. + * Add debian/TODO list. + + -- Loïc Minier Thu, 24 Sep 2009 07:24:54 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu10) karmic; urgency=low + + * New patch, 60_armv4l-typo, from upstream + a302c32ded4d458fead907a98d079e8fb15f7b08; fixes a typo in configure (arm4l + instead of armv4l) which breaks the build on armel. + + -- Loïc Minier Wed, 23 Sep 2009 15:23:02 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu9) karmic; urgency=low + + * Use bamboo.dtb instead of bamboo.dtd in powerpc rules; this seems to be + the correct filename and AFAICT there's no support for generating any .dtd + file in the upstream rules but only support for .dtb files; should help + the powerpc build somewhat. + * Disable qemu-kvm build on armel since there is no kernel support for it + for now; should help the armel build somewhat. + - Use dh_listpackages to check whether we want the qemu-kvm package and + set DO_KVM accordingly. + - Only $(MAKE) install in kvm/libkvm if DO_KVM is enabled. + * On ia64 set TARGET_SYSTEM_TCG = ia64-softmmu and empty TARGET_LINUX_TCG + since ia64 doesn't support CPU emulation mode (syscall wrapping) nor code + generation for ia64, so can only run ia64 code on ia64 in system emulation + mode; should help the ia64 build somewhat. + + -- Loïc Minier Wed, 23 Sep 2009 13:40:38 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu8) karmic; urgency=low + + * Drop awful binary-static target; binary-arch works fine and binary-static + is not guaranteed to be called (in fact it was only called on the arch: + all buildd, i.e. i386, even if there are no arch: all packages here). + Similarly, merge build-static commands with build-arch commands. + Similarly, merge install-static commands with install commands. + * Replace configure-static with $(STATIC_BUILDDIR)/config.status which + matches config.status; let $(STATIC_BUILDDIR)/config.status depend on + configure. + * Depending on whether we want to build a qemu-%-static package, as reported + by dh_listpackages, set DO_STATIC and MAYBE_STATIC_CONFIG to "yes" and + $(STATIC_BUILDDIR)/config.status (or "no" and empty) and use these vars to + conditionalize the build. + * Drop unexisting targets from .PHONY. + * Let build depend on build-indep and build-arch. + * Use $(MAKE) -C instead of cd && $(MAKE). + * Consistenly use $() for make vars instead of mixing with ${}. + * Drop conditional for quilt.make being present, it's always satisfied per + build-deps, and move the include to the top of rules. + * Remove boilerplate comments from rules. + * Don't overwrite CFLAGS from the environment and honour DEB_BUILD_OPTIONS + in a more condensed manner. + * Use DEB_BUILD_ARCH instead of calling dpkg-architecture repeatedly. + * Let the config.status targets depend on patch instead of configure. + * Rename STATIC_BUILDDIR to debian/build-static to avoid clashes with a + possible qemu-static. + * No need for build-{arch,indep} to depend on patch, actually they should + only depend on the -stamp file which itself should depend on + config.status targets. + * Drop build-arch/build-indep split in favour of a single build target; the + split was unused and not supported properly anyway; let install depend on + build and binary-{indep,arch} depend on install. + * Also pass -k debian/changelog.qemu debian/changelog.kvm to + dh_installchangelogs in binary-arch. + * Drop unused binary-indep commands. + * Drop -s from dh_testdir/dh_testroot. + * Test for config-host.mak before calling $(MAKE) in clean: and drop the + bogus dep on the config.status target. + * Call unpatch explicitly after distclean instead of using a dep as we don't + want to run upstream rules unpatched. + * Rename config.status targets to config-host.mak since it's the actual name + of the file spit by configure. + * Rework copying of sources for static build to filter-out the debian and + potentially the static build dir and hence avoid the || true error + handler. + * Install old Debian changelogs debian/changelog.{kvm,qemu} with + dh_installdocs; drop the dh_installchangelogs hacks, that resurrects the + actual upstream changelog. + * Drop bogus debian/qemu-arm-static.install for now as it installs to the + wrong dir. + * Rework qemu-arm-static.{postint,prerm} to not hardcode the update-binfmts + pathname, not do useless tests, and to drop boilerplate. + * Rework postinst to set -e and to drop boilerplate. + * Add install-stamp to run install only once; install should really be + reworked to install to debian/tmp, moving the copying to binary packages + to binary-%. + * Add watch file. + * Add debian/README.source pointing at the quilt one. + + -- Loïc Minier Wed, 23 Sep 2009 09:18:41 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu7) karmic; urgency=low + + * Enable qem-arm-static on amd64 and lpia. + + -- Loïc Minier Tue, 22 Sep 2009 14:28:52 +0200 + +qemu-kvm (0.11.0~rc2-0ubuntu6) karmic; urgency=low + + * debian/qemu-kvm.udev: remove NAME="%k", superfluous and breaks kernel + supplied names, LP: #433124 + + -- Dustin Kirkland Sat, 19 Sep 2009 11:16:24 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu5) karmic; urgency=low + + * debian/patches/06_set_sdl_title.patch: set the sdl title properly + when using -name, LP: #423076 + * debian/patches/07_right_ctrl_grab.patch: support right-ctrl grab + for improved accessibility, LP: #237635 + * debian/08_fix_qemu-ifup.patch: fix positional argument problem in + qemu-ifup script, LP: #237635 + * debian/install, debian/links: install qemu-ifup and qemu-ifdown to + /usr/bin, and symlink them to the (somewhat silly) location where + qemu expects to find an executable script, update the ifdown script + to use the same logic in determining the bridge interface, LP: #430655 + + -- Dustin Kirkland Fri, 18 Sep 2009 10:59:44 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu4) karmic; urgency=low + + * debian/patches/05_improve-qemu-img-errors.patch: use strerror() + for qemu-img error reporting, LP: #418112 + * fix links + + -- Dustin Kirkland Thu, 10 Sep 2009 22:58:09 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu3) karmic; urgency=low + + * debian/links: fix broken /usr/share/kvm symlink to point to + /usr/share/qemu, LP: #427127 + + -- Dustin Kirkland Wed, 09 Sep 2009 23:30:38 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu2) karmic; urgency=low + + [ Dustin Kirkland ] + * debian/control: drop bochsbios build-dep; use binary blobs in this + package since bochs is not in main, LP: #422268 + * debian/install: install qemu-if[up|down] scripts into /etc, where qemu-kvm + expects them, LP: #376387 + * debian/init: kvm needs /proc, require start of mountkernfs, LP: #391121 + + [ Oliver Grawert ] + * qemu-arm-static: drop unneeded cd'ing to $OLDPWD from binary-static (how + did that get there first place?) LP: #425947 + + [ Dominic Evans ] + * debian/qemu-ifdown: add matching ifdown script for bridge configuration, + LP: #376387 + + -- Dustin Kirkland Tue, 08 Sep 2009 16:12:10 -0500 + +qemu-kvm (0.11.0~rc2-0ubuntu1) karmic; urgency=low + + * merge upstream release candidate 2; bug fixes only + * drop 03_fix_checksum_writing_in_signboot.patch, included upstream + + -- Dustin Kirkland Tue, 08 Sep 2009 09:18:43 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu13) karmic; urgency=low + + * debian/qemu-kvm.udev: add udev file which was dropped during the + packaging, LP: #422225 + * debian/patches/04_fix-no-kvm-segfault.patch: fix segfault when + KVM is not available, by ensuring that kvm_allowed gets set + earlier enough in vl.c; will be sent upstream; LP: #422295 + + -- Dustin Kirkland Mon, 31 Aug 2009 18:50:48 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu12) karmic; urgency=low + + * debian/init: no need to stop the init script for runlevels 0 and 6 + + -- Dustin Kirkland Tue, 25 Aug 2009 13:09:10 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu11) karmic; urgency=low + + * debian/qemu-kvm.install: update these install locations too; + missed these in the last upload + + -- Dustin Kirkland Mon, 24 Aug 2009 15:54:00 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu10) karmic; urgency=low + + * debian/rules: revert one change from last upload; install bios bin + files to /usr/share/qemu, rather than /usr/share/qemu-kvm, as this + broke qemu, LP: #418033 + + -- Dustin Kirkland Mon, 24 Aug 2009 10:11:29 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu9) karmic; urgency=low + + * debian/install, debian/links: setup some links to help smooth the + migration from kvm -> qemu-kvm, and qemu -> qemu-kvm + * debian/control: suggest qemu-kvm-extas, bump standards + * debian/manpages, debian/qemu-user.1: copy the manpage from + from the qemu package + * debian/links: setup links for manpages + * debian/kvm.1, debian/rules, debian/links: drop the separate manpage + for kvm, use qemu's + + -- Dustin Kirkland Fri, 21 Aug 2009 15:00:32 -0500 + +qemu-kvm (0.11.0~rc1-0ubuntu8) karmic; urgency=low + + * qemu-arm-static.sysctl: switch off vdso as well, else chroot execution + fails + + -- Oliver Grawert Sun, 16 Aug 2009 17:13:42 +0200 + +qemu-kvm (0.11.0~rc1-0ubuntu7) karmic; urgency=low + + * rather use sysctl -p in qemu-arm-static.postinst + * qemu needs to access mmap above 4k, set vm.mmap_min_addr to 4097 + in qemu-arm-static.sysctl instead of the default armel kernel value + + -- Oliver Grawert Sun, 16 Aug 2009 15:15:26 +0200 + +qemu-kvm (0.11.0~rc1-0ubuntu6) karmic; urgency=low + + * make sure we build the -static target in a separate dir to not interfere + with the nonstatic targets + * make qemu-kvm and qemu-kvm-extras ignore qemu-arm-static in dpkg-deb + * add /etc/sysctl.d/qemu-arm-static.sysctl.conf to qemu-arm-static and set + mmap_min_addr to 32768 from postinst since armel uses a lower mmap address + by default + * drop libpcap2-bin dependency from qemu-arm-static (doesnt work properly + yet, we use mmap_min_addr instead) + * drop ${shlibs:Depends} from qemu-arm-static control entry, no shlibs in + static builds + + -- Oliver Grawert Sun, 16 Aug 2009 13:25:58 +0200 + +qemu-kvm (0.11.0~rc1-0ubuntu5) karmic; urgency=low + + * debian/control: add a Suggests on uml-utilities (universe), for + availability of /usr/sbin/tunctl + * debian/patches/03_fix_virtio_boot.patch: dropped; this was a red + herring in solving the problem + * debian/patches/03_fix_checksum_writing_in_signboot.patch: fix + extboot virtio issue, taken from upstream staging git repo + + -- Dustin Kirkland Thu, 06 Aug 2009 17:03:52 +0100 + +qemu-kvm (0.11.0~rc1-0ubuntu4) karmic; urgency=low + + * debian/patches/03_fix_virtio_boot.patch: revert upstream commit + bf011293f, which breaks booting off of virtio disks; this is only + a temporary fix, as we're waiting on upstream to release a real fix + * debian/control: bump debhelper dependency to 7, for dh_prep + + -- Dustin Kirkland Thu, 06 Aug 2009 13:54:20 +0100 + +qemu-kvm (0.11.0~rc1-0ubuntu3) karmic; urgency=low + + * qemu-arm-static: add dependency on libcap2-bin + * qemu-arm-static.postinst set cap_sys_rawio so the difference between the + mmap_min_addr values between armel and i386 don't get in the way when + executing armel binaries on x86 + + -- Oliver Grawert Wed, 05 Aug 2009 18:10:27 +0200 + +qemu-kvm (0.11.0~rc1-0ubuntu2) karmic; urgency=low + + [ Oliver Grawert ] + * Static qemu arm build, LP: #401782 + * add qemu-arm-static package with dependency on binfmt-support to + debian/control + * add binary-static, build-static, configure-static and install-static + targets to debian/rules + * add qemu-arm-static.postinst and qemu-arm-static.prerm + * include build-arm-chroot script for qemu-arm-static + * include binfmt configuration file + + [ Dustin Kirkland ] + * debian/control: drop non-existent qemu-kvm-common dependency + + -- Dustin Kirkland Wed, 05 Aug 2009 14:42:34 +0100 + +qemu-kvm (0.11.0~rc1-0ubuntu1) karmic; urgency=low + + [ Initial packaging of qemu-kvm ] + * This package is a complex merger of the traditional Debian and Ubuntu + qemu and kvm packages. Upstream is in the process of integrating all + kvm-specific code into the qemu project, which is being delivered as a + new package called qemu-kvm. This should provide all of the userspace + required to use kvm. The kvm project, instead, is going to focus on the + kvm kernel module. The qemu-kvm project will deliver a stable, maintained + userspace. This qemu-kvm package replaces both qemu and kvm in Ubuntu. + * debian/changelog.kvm, debian/changelog.qemu: keep these two files around, + as these provide tremendous history and logging about the packaging + * debian/control, debian/10-kvm.fdi, debian/install, + debian/org.freedesktop.hal.kvm.policy: drop hal as it's being deprecated + * debian/reportbug-hook.sh: dropped; use 'ubuntu-bug qemu-kvm' now + * debian/control: + - lower the debhelper dependency, should make backports + easier, newer builds will use the newer debhelper for udev stuff, older + versions just won't + - drop autotools-dev build dependency, no longer needed + - add armel to build architecture + - description updated + - drop the qemu package (for now) + - drop the Pre-depends on adduser + * debian/rules: + - drop double call of dh_installdeb + - install each of the changelogs + - drop zcat of network bins; these have been no-ops for us for a long + time, kept around to minimize diff with Debian + - move common i386 and x86_64 code to common location + - drop pxe rom's, as these are provided by kvm-pxe + - establish some links to help with the merger of kvm/qemu + - move as much as possible to the debhelper install file + - clean up kvm/bios/acpi-ssdt.aml + * debian/patches: all patches dropped, syncing with upstream + * debian/doc: new file, html documentation to be installed + + -- Dustin Kirkland Tue, 04 Aug 2009 12:36:50 +0100 --- qemu-kvm-1.0+noroms.orig/debian/changelog.kvm +++ qemu-kvm-1.0+noroms/debian/changelog.kvm @@ -0,0 +1,1126 @@ +kvm (1:84+dfsg-0ubuntu14) karmic; urgency=low + + * debian/source_kvm.py: collect kvm*, and qemu* + + -- Dustin Kirkland Mon, 01 Jun 2009 10:05:27 -0500 + +kvm (1:84+dfsg-0ubuntu13) karmic; urgency=low + + * debian/source_kvm.py: only collect packages related to kvm for apport, + LP: #382077 + + -- Dustin Kirkland Mon, 01 Jun 2009 07:17:46 -0500 + +kvm (1:84+dfsg-0ubuntu12) jaunty-proposed; urgency=low + + * Apply patch series from upstream to fix segfaults when cancelling + DMA operations in virtual machines. (LP: #359447) + + -- Soren Hansen Sun, 03 May 2009 09:39:47 +0200 + +kvm (1:84+dfsg-0ubuntu11) jaunty; urgency=low + + * debian/patches/add-all-virtio-drives.patch: Fix bugs where the caller + does not specify a perfectly defined list of virtio drives starting at + index=0 and having no gaps in indices; LP: #360832, #360825 + * debian/patches/fix-qcow-corruption: Cherry-pick from kvm stable git + branch, fixes at least one cause of qcow2 image corruption; no reports + yet of this in Ubuntu, but I'm being proactive about this one; + LP: #361938 + * debian/source_kvm.py: dpkg -l was a little too heavy, compress this + output considerably + + -- Dustin Kirkland Fri, 17 Apr 2009 09:59:58 -0500 + +kvm (1:84+dfsg-0ubuntu10) jaunty; urgency=low + + * debian/patches/virtio-net_disable_gso.patch: hardy guest kernels + do not have working gso support. Disable it for everyone until + we have a work around, LP: #331128. + + -- Dustin Kirkland Thu, 02 Apr 2009 11:08:34 -0500 + +kvm (1:84+dfsg-0ubuntu9) jaunty; urgency=low + + * debian/source_kvm.py: add a basic apparmor hook for kvm, retrieving + a listing of all packages installed, and the kvm command line used + + -- Dustin Kirkland Fri, 27 Mar 2009 15:56:24 -0500 + +kvm (1:84+dfsg-0ubuntu8) jaunty; urgency=low + + * debian/patches/dkmsify.patch: handle i686 arch properly, LP: #333632 + * debian/control: kvm-source needs kernel headers + * debian/kvm-source.postinst: check if necessary headers are installed; + if not, print a handy error message with instructions, LP: #341159 + * debian/kvm.init: use proper lsb begin/end message logging for cleaner + usplash interaction, LP: #275009 + * debian/rules, debian/control: Enable pulseaudio audio driver, LP: #304649 + + -- Dustin Kirkland Thu, 12 Mar 2009 00:17:04 -0500 + +kvm (1:84+dfsg-0ubuntu7) jaunty; urgency=low + + * debian/control: revert libvdeplug2-dev build-dependency as this package + is in Universe + + -- Dustin Kirkland Mon, 02 Mar 2009 23:11:02 -0600 + +kvm (1:84+dfsg-0ubuntu6) jaunty; urgency=low + + [ Emmet Hikory ] + * debian/rules, debian/control: Enable build for lpia & ia64 + (thanks to TJ) LP: #277517 + + -- Dustin Kirkland Mon, 02 Mar 2009 15:35:26 -0600 + +kvm (1:84+dfsg-0ubuntu5) jaunty; urgency=low + + * debian/patches/fix_screen_corruption: patch from upstream SVN (should + be dropped in next merge), fixes LP: #336712, #333920 + * debian/patches: permanently removed all dropped patches + + -- Dustin Kirkland Mon, 02 Mar 2009 09:15:26 -0600 + +kvm (1:84+dfsg-0ubuntu4) jaunty; urgency=low + + [ TJ ] + * debian/control: add build-depends on libvdeplug2-dev which will cause + qemu's configure script to enable vde support, LP: #253230 + + [ Dustin Kirkland ] + * debian/kvm-source.postinst: remove dkms module before installing new + one, LP: #334177 + + -- Dustin Kirkland Thu, 26 Feb 2009 16:07:57 -0600 + +kvm (1:84+dfsg-0ubuntu3) jaunty; urgency=low + + [ Reviewed Ubuntu patches with KVM/QEMU upstream, Anthony Liguori ] + * debian/patches/03_bios_no_ssp.patch: DROPPED, included upstream + * debian/patches/06_no_system_linux_kvm_h.patch: DROPPED, no longer + necessary, kvm kernel header file is now generally available + * debian/patches/from-debian-qemu/22_net_tuntap_stall.patch: DROPPED, + no longer necessary; this patch was to work around a bug in + 2.6.11-rc1; this patch could be causing network packet drop issues; + definitely WRONG at this point with modern QEMU + * debian/patches/from-debian-qemu/62_linux_boot_nasm.patch: DROPPED, + dead code in modern QEMU; completely rewritten to not require an + external assembler; now built dynamically in pc.c + * debian/patches/SECURITY_CVE-2007-1321+1322+1366+2893.patch: DROPPED + * CVE-2007-1321: Fixed upstream + - QEMU svn commit: r3019 + * CVE-2007-1322: Fixed upstream + - QEMU svn commit: r5921 + * CVE-2007-1366: Fixed upstream + - QEMU svn commit: r3012 + * CVE-2007-2893: Not related to QEMU + * dma.c: Non-CVE fix, r3917 + * block.c: Incorrect patch (negative offset IS allowed, switches + between block and byte offset) + * Remainder of the patch was split into: net-socket.patch + (should be sent upstream) + * debian/patches/series: updated accordingly + * debian/patches/do-not-install-bios.patch: DROPPED + added --disable-blobs to configure in debian/rules + * debian/patches/reenable_audio_drivers.patch: DROPPED + added --audio-drv-list="oss alsa sdl" to debian/rules + * debian/patches/anon_inodes_fix.patch: DROPPED, this is already + upstream + * debian/patches/ppc-build.patch: DROPPED, not necessary + * debian/rules: remove references to non-existant linux_boot.bin + + [ Remaining Patches ] + * debian/patches/01_use_bios_files_in_usr_share_kvm.patch -p0 + debian/patches/04_use_etc_kvm_kvm-ifup.patch -p0 + debian/patches/07_change_qemu_docdir.patch + |-----> merged to a single patch, rename_qemu_kvm.patch + * debian/patches/CVE-2008-0928.patch: upstream work in progress + * debian/patches/evdev_keycode_map.patch: upstream work in progress + * debian/patches/02_fix_kernel_Makefile.patch: merged into dkmsify.patch + * debian/patches/dkmsify.patch: Ubuntu-specific (should validate if + still necessary...) + * debian/patches/net-socket.patch: to be sent upstream + + [ Other Changes ] + * scripts/qemu-ifup: bridge device determination was broken, required + br0 to be present for this script to operate properly, LP: #125302 + + -- Dustin Kirkland Fri, 20 Feb 2009 16:11:06 -0600 + +kvm (1:84+dfsg-0ubuntu2) jaunty; urgency=low + + * debian/patches/reenable_audio_drivers.patch: drop the explicit list + of sound card drivers configured; upstream handles this properly now + + -- Dustin Kirkland Wed, 18 Feb 2009 12:00:53 -0600 + +kvm (1:84+dfsg-0ubuntu1) jaunty; urgency=low + + * New upstream release + * debian/patches/CVE-2008-0928.patch: updated to apply cleanly + * debian/patches/SECURITY_CVE-2007-1321+1322+1366+2893.patch: updated to + apply cleanly + * debian/patches/reenable_audio_drivers.patch: add es1370 to the soundcard + list + * debian/patches/ppc-build.patch: required for the new qemu to build on + non-ppc platforms (bug upstream, should be fixed by next release) + * debian/rules: the clean target now depends on config.status (variable + definition needed by 'make clean'); the source's clean target seems + to clean out qemu/$(BUILD_CPU)-softmmu now, commenting out; reordered + calling of source's clean targets to ensure that the clean can + succeed + + -- Dustin Kirkland Tue, 17 Feb 2009 19:42:43 -0600 + +kvm (1:83+dfsg-0ubuntu1) jaunty; urgency=low + + * New upstream release, fixes LP: #320320 + + -- Dustin Kirkland Fri, 23 Jan 2009 09:01:03 -0500 + +kvm (1:82+dfsg-0ubuntu1) jaunty; urgency=low + + * New upstream release, LP: #316521 + * debian/patches/04_use_etc_kvm_kvm-ifup.patch: reworked to patch + qemu/net.h + * debian/patches/CVE-2008-0928.patch: updated + * debian/patches/do-not-install-bios.patch: updated, Makefile now supports + a variable (perhaps we should set this with configure?) + * debian/patches/reenable_audio_drivers.patch: updated + * debian/patches/anon_inodes_fix.patch: updated + * debian/patches/SECURITY_CVE-2007-1321+1322+1366+2893.patch: updated + * debian/rules: clean up a bit better after the build; allows for + subsequent binary and source builds and rebuilds + + -- Dustin Kirkland Tue, 20 Jan 2009 21:47:54 -0500 + +kvm (1:79+dfsg-0ubuntu5) jaunty; urgency=low + + * Bump debhelper version for updated udev rules path, add Breaks to ensure + we use the right version of udev. + + -- Scott James Remnant Mon, 12 Jan 2009 19:44:11 +0000 + +kvm (1:79+dfsg-0ubuntu4) jaunty; urgency=low + + * Correctly rename kvm-nbd man page to match the binary's name. + * Make "debian/rules clean" do a better job at cleaning up after the build. + + -- Soren Hansen Tue, 25 Nov 2008 10:51:55 +0100 + +kvm (1:79+dfsg-0ubuntu3) jaunty; urgency=low + + * Rename kvm-nbd man page to match the binary's name. + + -- Soren Hansen Mon, 24 Nov 2008 00:04:36 +0100 + +kvm (1:79+dfsg-0ubuntu2) jaunty; urgency=low + + * Fix kernel module build. + + -- Soren Hansen Tue, 18 Nov 2008 22:04:35 +0100 + +kvm (1:79+dfsg-0ubuntu1) jaunty; urgency=low + + * New upstream release + * Dropped the following patch sets, as they're now upstream: + + qemu_vnc_ext_key_event + + i2c_bus_load_fix + * Updated the following patches to match kvm-79: + + SECURITY_CVE-2007-1321+1322+1366+2893 + + CVE-2008-0928 + + 22_net_tuntap_stall + * Make kvm-source autoinstall (meaning that it'll compile itself not just + for the kernel running at install time, but also for kernels that are + installed later on). + + -- Soren Hansen Tue, 18 Nov 2008 21:37:56 +0100 + +kvm (72+dfsg-2) unstable; urgency=medium + + * Merge changes from NMU, thanks to Thomas Viehmann + * Use a sane method for creating the kvm group, thanks to Josh Tripplet + (closes: #502299) + + -- Jan Lübbe Thu, 16 Oct 2008 18:22:41 +0200 + +kvm (1:72+dfsg-1ubuntu6) intrepid; urgency=low + + * debian/patches/evdev_keycode_map.patch, debian/patches/series: ported the + gtk-vnc patch that fixes evdev keycode mapping (LP: #258389) + * debian/control: explicitly depend on libx11-dev + + -- Dustin Kirkland Wed, 24 Sep 2008 17:25:20 -0500 + +kvm (1:72+dfsg-1ubuntu5) intrepid; urgency=low + + [ Dustin Kirkland ] + * Add debian/10-kvm.fdi, debian/org.freedesktop.hal.kvm.policy: hal object + descriptor and policy file for kvm/virt-hardware + * debian/kvm.install; Put the hal/PolicyKit configuration in the correct + place (LP: #273764) + + [ Martin Pitt ] + * Simplify Dustin's dh_install handling a bit (don't use debian/rules any + more, install straight with dh_install). + + -- Dustin Kirkland Wed, 24 Sep 2008 14:00:16 +0200 + +kvm (1:72+dfsg-1ubuntu4) intrepid; urgency=low + + * debian/kvm-ok: simple script to determine of the cpu supports kvm + acceleration (LP: #188878) + * debian/rules: install the kvm-ok binary into /usr/bin/kvm-ok + + -- Dustin Kirkland Mon, 22 Sep 2008 12:09:47 -0500 + +kvm (1:72+dfsg-1ubuntu3) intrepid; urgency=low + + * debian/control: Trivial update to description, to note that KVM works on + both x86 and x86_64 hardware (LP: #225260). + + -- Dustin Kirkland Mon, 22 Sep 2008 10:51:23 -0500 + +kvm (1:72+dfsg-1ubuntu2) intrepid; urgency=low + + * Switch KVM to use dkms. This makes kernel and userspace match each other + and saves us the trouble of possible ABI bumps when updating kvm. + + -- Soren Hansen Thu, 28 Aug 2008 14:47:26 +0200 + +kvm (1:72+dfsg-1ubuntu1) intrepid; urgency=low + + * Merge with Debian unstable. Remaining changes: + - Add dh_installudev rule. + - Add ppc_rom.bin to needed_bios_files for powerpc target. + - Build-Depend on "sysv-rc (>= 2.86.ds1-14.1ubuntu2)" to accomodate + TearDown. + - Suggest ubuntu-vm-builder instead of debootstrap. + - Change kvm-data conflict/replaces version to 68+dfsg-1, to properly + conflict with the Ubuntu kvm-data package. + - Suggest kvm-pxe to enable PXE booting. + + -- Soren Hansen Thu, 14 Aug 2008 11:00:29 +0200 + +kvm (72+dfsg-1) unstable; urgency=low + + * New upstream release (closes: #493536) + * Cherry-pick a commit from qemu which fixes migration + * Cherry-pick a commit from kvm which fixes the external module with 2.6.26 + * Reenable audio drivers and cards (closes: #491676) + + -- Jan Lübbe Mon, 11 Aug 2008 19:51:51 +0200 + +kvm (1:71+dfsg-1ubuntu2) intrepid; urgency=low + + * Readd dh_installudev rule. + + -- Soren Hansen Mon, 11 Aug 2008 18:34:23 +0200 + +kvm (1:71+dfsg-1ubuntu1) intrepid; urgency=low + + * Merge with Debian unstable. Remaining changes: + - Add ppc_rom.bin to needed_bios_files for powerpc target. + - Comment out PXE rom builds (etherboot is not in main at this point). + - Build-Depend on "sysv-rc (>= 2.86.ds1-14.1ubuntu2)" to accomodate + TearDown. + - Suggest ubuntu-vm-builder instead of debootstrap. + - Change kvm-data conflict/replaces version to 68+dfsg-1, to properly + conflict with the Ubuntu kvm-data package. + * Suggest kvm-pxe to enable PXE booting. + + -- Soren Hansen Wed, 23 Jul 2008 16:23:17 +0200 + +kvm (71+dfsg-1) unstable; urgency=low + + * New upstream release + + -- Jan Lübbe Sat, 19 Jul 2008 15:52:45 +0200 + +kvm (70+dfsg-1) unstable; urgency=low + + * New upstream release + * Merge changes from Ubuntu in debian/control + - Only Build-Depend on device-tree-compiler on PowerPC + - Change linux-{image,headers,source}-2.6 to just + linux-{image,headers,source} + - Don't suggest sudo + * Reenable CPU emulation + * Update to policy 3.8.0.0 + - Add debian/README.source + + -- Jan Lübbe Tue, 17 Jun 2008 18:55:51 +0200 + +kvm (1:69+dfsg-1ubuntu1) intrepid; urgency=low + + * Merge with Debian unstable. Remaining changes: + - Add ppc_rom.bin to needed_bios_files for powerpc target. + - Comment out PXE rom builds (etherboot is not in main at this point). + - DebianMaintainerField. + - Only Build-Depend on device-tree-compiler on PowerPC. + - Don't Build-Depend on etherboot. + - Build-Depend on "sysv-rc (>= 2.86.ds1-14.1ubuntu2)" to accomodate + TearDown. + - Don't recommend linux-image-2.6, since we only have 2.6 kernels anyway. + - Suggest ubuntu-vm-builder instead of debootstrap. + - Don't suggest sudo. + - Change kvm-data conflict/replaces version to 68+dfsg-1, to properly + conflict with the Ubuntu kvm-data package. + - Change suggests of kvm-source from linux-{headers,source}-2.6 to just + linux-{headers,source}. + + -- Soren Hansen Wed, 28 May 2008 08:46:15 +0200 + +kvm (69+dfsg-1) unstable; urgency=low + + [ Jan Lübbe ] + * New upstream releases (closes: #481989) + - Fixes CVE-2007-1320 (Cirrus LGD-54XX "bitblt" heap overflow) + - Fixes CVE-2008-2004 (format guessing vulnerability, drop the patch) + - Update debian patches + * Update upstream changelog + * Update Vcs-* headers to git.debian.org + * Drop kvm-data again, build and ship only those files relevant to the + target arch + + [ Soren Hansen ] + * 03_bios_no_ssp.patch: + - Pass -fno-stack-protector to gcc when building the bios image. + * qemu_vnc_ext_key_event.diff: + - Implement the Extended KeyEvent extension in kvm's embedded VNC server. + * Add kvm init script that loads the appropriate kernel modules. + * Update package description + - We no longer support cpu emulation, so hardware support is required. + - The standard kernel images provide the kernel modules, so compiling + them yourself from kvm-source is now optional. + - qemu is no longer needed for creating disk images, since we have kvm-img + now. + * Move kvm-source from "Recommends:" of kvm to "Suggests:", since the + modules are in the standard kernel images. + * Update CVE-2008-0928.patch to allow any bdrv request if vm is not + running. This fixes the savevm monitor command. + - This also fixes booting with qcow2 images (closes: #470664) + + -- Jan Lübbe Mon, 26 May 2008 16:55:21 +0200 + +kvm (1:68+dfsg-0ubuntu1) intrepid; urgency=low + + * New upstream release + merge with debian. Remaining changes: + + SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch + - Cirrus LGD-54XX "bitblt" heap overflow. + - NE2000 "mtu" heap overflow. + - QEMU "net socket" heap overflow. + - QEMU NE2000 "receive" integer signedness error. + - Infinite loop in the emulated SB16 device. + - Unprivileged "aam" instruction does not correctly handle the + undocumented divisor operand. + - Unprivileged "icebp" instruction will halt emulation. + + qemu_vnc_ext_key_event.diff: + - Enabled extended key events in embedded VNC server. + + DebianMaintainerField. + + Add init script to automatically load appropriate kernel modules + on boot (TearDown style). Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) + dependency in the process. + + Install kvm.udev as priority 45. + + Add "XS-Debian-" prefix to Debian's VCS headers. + + Demote kvm-source to a Suggests of kvm (from Recommends). + + Update package description to say that the kvm modules are in the + kernel. + + Update kernel package names to match Ubuntu naming. + + -- Soren Hansen Tue, 06 May 2008 10:01:22 +0200 + +kvm (66+dfsg-1.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Merge the fixes for the security issues in the embedded qemu + version (Closes: #480011) Thanks to Jamie Strandboge + - Add CVE-2007-1320+1321+1322+1366+2893.patch from from qemu 0.9.1-1 + to address the following issues: + - Note: CVE-2007-2893 is the same as CVE-2007-1323 referenced in DSA-1284-1. + - Note: CVE-2007-5729 and CVE-2007-5730 are the same as CVE-2007-1321 + referenced in DSA-1284-1. + - Cirrus LGD-54XX "bitblt" heap overflow. + - NE2000 "mtu" heap overflow. + - QEMU "net socket" heap overflow. + - QEMU NE2000 "receive" integer signedness error. + - Infinite loop in the emulated SB16 device. + - Unprivileged "aam" instruction does not correctly handle the + undocumented divisor operand. + - Unprivileged "icebp" instruction will halt emulation. + * Include patch which defaults to existing behaviour (probing based on file + contents), so it still requires the mgmt app (e.g. libvirt xml) to + pass a new "format=raw" parameter for raw disk images + - Fixes possible privilege escalation, which could allow guest users + to read arbitrary files on the host by modifying the header to identify + a different format (Closes: #481204) Fixes: CVE-2008-2004 + + -- Steffen Joeris Tue, 20 May 2008 13:28:14 +0000 + +kvm (66+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog + * Ship the userspace utilities + - Depend on python for the scripts + + -- Jan Lübbe Thu, 17 Apr 2008 22:23:14 +0200 + +kvm (65+dfsg-2) unstable; urgency=low + + * Install PXE boot ROMs only if they exists and Build-Depend on + etherboot only on i386 + - This allows building on amd64 (closes: #469125) + * Disable qemu CPU emulation and drop Build-Depend on gcc-3.4 + (closes: #440430) + * Don't Recommend qemu (we ship qemu-img as kvm-img) + * Move vde2 from Recommends to Suggests + * Suggest samba for the -smb option (closes: #474209) + + -- Jan Lübbe Thu, 10 Apr 2008 22:52:26 +0200 + +kvm (65+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog + * Put the link to ../packages/default.sh into /usr/share/modass/overrides/ + as suggested by m-a's HOWTO-DEVEL + - This also avoides a Conflicts/Replaces against older kvm packages + (closes: #473910) + + -- Jan Lübbe Tue, 08 Apr 2008 18:49:34 +0200 + +kvm (64+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog + * Build-Depend on device-tree-compiler and build bamboo.dtb from source + * Clean up debian/rules + * Drop patch included upstream (02_snapshot_use_tmpdir.patch) + + -- Jan Lübbe Tue, 01 Apr 2008 17:21:14 +0200 + +kvm (63+dfsg-2) unstable; urgency=low + + * Depend on libncurses5-dev to allow the curses interface in addition + to SDL (closes: #471292) + * Use 02_snapshot_use_tmpdir from debian qemu svn r298 (closes: #470757) + * Correct my name in debian/control + + -- Jan Lübbe Wed, 26 Mar 2008 22:18:43 +0100 + +kvm (63+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog (from mailing list) + * Fix CVE-2008-0928 using the patch in the bugreport (closes: #469666) + + -- Jan Lübbe Tue, 11 Mar 2008 10:48:29 +0100 + +kvm (62+dfsg-3) unstable; urgency=low + + * Build a kvm-data package for the files loaded into the VM + (closes: #469125) + + -- Jan Luebbe Fri, 07 Mar 2008 00:15:56 +0100 + +kvm (62+dfsg-2) unstable; urgency=low + + * Use PXE boot ROMs from the Etherboot package + + -- Jan Luebbe Sat, 01 Mar 2008 17:33:00 +0100 + +kvm (62+dfsg-1) unstable; urgency=low + + * New upstream release + - even more resolutions for -std-vga (closes: #463629) + * Update upstream changelog + + -- Jan Luebbe Fri, 29 Feb 2008 21:51:02 +0100 + +kvm (1:62+dfsg-0ubuntu7) hardy; urgency=low + + * Revert sighandler.patch and virtio_hang.patch. Fixes hang in installer and + likely other places, too. (LP: #217815) + + -- Soren Hansen Tue, 22 Apr 2008 19:09:33 +0200 + +kvm (1:62+dfsg-0ubuntu6) hardy; urgency=low + + * vmport_save_regs.patch: + - Only save and restore eax, ebx, ecx, edx, esi, and edi registers in + vmport_ioport_read. + (LP: #219165) + + -- Soren Hansen Sat, 19 Apr 2008 01:47:15 +0200 + +kvm (1:62+dfsg-0ubuntu5) hardy; urgency=low + + * sighandler.patch: + - Fix segfault when trying to suspend domain. (LP: #218204) + + -- Soren Hansen Wed, 16 Apr 2008 15:49:47 +0200 + +kvm (1:62+dfsg-0ubuntu4) hardy; urgency=low + + * virtio_hang.patch: + - Fix a vcpu hang when using virtio-blk in guests. + + -- Soren Hansen Sun, 13 Apr 2008 23:08:47 +0200 + +kvm (1:62+dfsg-0ubuntu3) hardy; urgency=low + + [ Jamie Strandboge ] + * debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch + based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that + CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and + CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses + the following: + - Cirrus LGD-54XX "bitblt" heap overflow. + - NE2000 "mtu" heap overflow. + - QEMU "net socket" heap overflow. + - QEMU NE2000 "receive" integer signedness error. + - Infinite loop in the emulated SB16 device. + - Unprivileged "aam" instruction does not correctly handle the + undocumented divisor operand. + - Unprivileged "icebp" instruction will halt emulation. + * debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on + block device read and write requests + * References + CVE-2007-1320 + CVE-2007-1321 + CVE-2007-1322 + CVE-2007-1323 + CVE-2007-1366 + CVE-2007-2893 + CVE-2007-5729 + CVE-2007-5730 + CVE-2008-0928 + + [ Soren Hansen ] + * debian/patches/extboot-geometry.patch: + - Apply extboot patch from Anthony Liguori that fixes CHS information + being calculated incorrectly, which seems to upset grub from time to time. + + -- Soren Hansen Thu, 10 Apr 2008 16:35:09 +0000 + +kvm (1:62+dfsg-0ubuntu2) hardy; urgency=low + + * Re-disable unaccelerated execution (thus re-removing gcc-3.4 build- + dependency). + + -- Soren Hansen Wed, 05 Mar 2008 08:48:44 +0100 + +kvm (1:62+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release + + -- Soren Hansen Tue, 26 Feb 2008 13:10:57 -0500 + +kvm (61+dfsg-1) unstable; urgency=low + + * The "Live from FOSDEM" release + * New upstream release + * Update upstream changelog + * Drop dependency on vgabios + * Switch to git for packaging, update Vcs-* in debian/control + + -- Jan Luebbe Sat, 23 Feb 2008 17:22:29 +0100 + +kvm (60+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog + * Drop restore-IO_MEM_ROM-mark.patch (included upstream) + * Build and use the vgabios shipped with kvm (closes: #462434) + * Use install_linux_boot.patch from Ubuntu to fix the -kernel option + (closes: #412022) + + -- Jan Luebbe Fri, 25 Jan 2008 16:12:41 +0100 + +kvm (1:60+dfsg-0ubuntu2) hardy; urgency=low + + * Make installs succeed regardless of the init script's exit code. (LP: + #183663) + * Disable non-accelerated execution. + * Fixed up the clean target in debian/rules to properly clean up after + ourselves. + * Dropped build-dependency on gcc-3.4. + + -- Soren Hansen Wed, 20 Feb 2008 17:41:11 +0100 + +kvm (1:60+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release. + + -- Soren Hansen Wed, 23 Jan 2008 10:38:11 +0100 + +kvm (1:59+dfsg-0ubuntu6) hardy; urgency=low + + * Removed 08_default_tdf.patch. No longer needed. + * Modify init script to not exit with an error when stopping if the module + isn't loaded (LP: #183663). + * Use the correct names for the modules in init script. + + -- Soren Hansen Fri, 18 Jan 2008 19:12:26 +0100 + +kvm (1:59+dfsg-0ubuntu5) hardy; urgency=low + + * Added *updated* patch to support extended key events in qemu's vnc + implementation. + + -- Soren Hansen Sun, 13 Jan 2008 21:13:33 +0100 + +kvm (1:59+dfsg-0ubuntu4) hardy; urgency=low + + * Added patch to support extended key events in qemu's vnc implementation. + * s/log_error_msg/log_failure_msg/ in init script. + * Don't bother calling kvm.init stop/start on upgrade. + + -- Soren Hansen Sun, 13 Jan 2008 20:46:59 +0100 + +kvm (1:59+dfsg-0ubuntu3) hardy; urgency=low + + * Add init script to load kvm modules. (LP: #104297) + * Install linux_boot.bin to enable -kernel option. (LP: #111884) + + -- Soren Hansen Tue, 08 Jan 2008 16:26:05 +0100 + +kvm (1:59+dfsg-0ubuntu2) hardy; urgency=low + + * Cherry pick 6b8bb99a9cde386d72b4b7c22b92f4bdec333dab from git to + probably fix LP: 180105, and certainly fix an issue on Intel hardware + due to incompatible changes to the kernel API. + + -- Soren Hansen Fri, 04 Jan 2008 03:20:57 +0100 + +kvm (1:59+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release + * Build with alsa support (cherry pick from 57+dfsg-2) + + -- Soren Hansen Thu, 03 Jan 2008 10:39:25 +0100 + +kvm (58+dfsg-2) unstable; urgency=low + + * Use patch from kvm-devel list to fix booting with some linux kernels + (closes: #458481) + + -- Jan Luebbe Mon, 21 Jan 2008 11:20:17 +0100 + +kvm (58+dfsg-1) unstable; urgency=low + + * The "Live from 24c3 in Berlin" release + * New upstream release (closes: #452392) + * Update upstream changelog + * Update to policy version 3.7.3 (no changes needed) + + -- Jan Luebbe Sat, 29 Dec 2007 00:00:44 +0100 + +kvm (57+dfsg-2) unstable; urgency=low + + * Build with alsa support (closes: #457536) + + -- Jan Luebbe Sun, 23 Dec 2007 20:15:30 +0100 + +kvm (57+dfsg-1) unstable; urgency=low + + * New upstream release (closes: #457061) + - qemu has been updated to the current cvs version + * Update upstream changelog + + -- Jan Luebbe Thu, 20 Dec 2007 17:14:05 +0100 + +kvm (1:57+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release. + + -- Soren Hansen Tue, 18 Dec 2007 18:15:54 +0100 + +kvm (56+dfsg-1) unstable; urgency=low + + * New upstream release + * Update upstream changelog + + -- Jan Luebbe Wed, 19 Dec 2007 20:27:19 +0100 + +kvm (1:56+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream version. + * Merge changes from 55+dfsg-2. + + -- Soren Hansen Tue, 18 Dec 2007 09:36:20 +0100 + +kvm (55+dfsg-2) unstable; urgency=low + + * Depend on libgnutls for VNC TLS support + * Build BIOS from kvm sources (kvm and qemu patchs are different, thanks to + Carlo Marcelo Arenas Belon for spotting this) + * Fix debian/rules clean + + -- Jan Luebbe Sat, 08 Dec 2007 19:45:45 +0100 + +kvm (1:55+dfsg-1ubuntu1) hardy; urgency=low + + * Merge with Debian. Remaining changes: + - debian/control: + - Demote kvm-source to Suggests + - Mention kvm-source is unnecessary + - Modify Maintainer value to match the DebianMaintainerField + specification. + - Depend on recent bochsbios-qemu. + - Moved Vcs-* to XS-Original-Vcs-*. + - Don't recommend linux-image-2.6 since Ubuntu is Linux 2.6 only anyway. + - Rename suggestions of linux-{headers,source} to Ubuntu's naming scheme. + - Add pkg-config to Build-Depends (fixes warning during build) + - Add 08_default_tdf.patch to make -tdf the default. + + -- Soren Hansen Mon, 10 Dec 2007 13:43:03 +0100 + +kvm (55+dfsg-1) unstable; urgency=low + + * New upstream release + * Include cpu information also for bugs against kvm-source + * Update upstream changelog + * Remove bios.bin from upstream tarball (closes: #452963) and depend on the + current version of bochsbios + + -- Jan Luebbe Fri, 07 Dec 2007 19:22:57 +0100 + +kvm (54+dfsg-1) unstable; urgency=low + + * New upstream release + * Revive get-orig-source to remove other BIOS files (see #452963). + Thanks Soren Hansen. + * Include upstream changelog from the wiki. + * Update README.Debian and mention the kvm modules distributed with + the Linux kernel (closes: #440790) + + -- Jan Luebbe Thu, 29 Nov 2007 14:40:23 +0000 + +kvm (1:54+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release. + + -- Soren Hansen Tue, 04 Dec 2007 09:06:33 +0100 + +kvm (53-1) unstable; urgency=low + + * New upstream release + * Upstream has removed the elpin BIOS files, stop repacking the tarball. + + -- Jan Luebbe Wed, 21 Nov 2007 16:53:51 +0100 + +kvm (1:53+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release + * Properly clean out all the blobs from the tarball in get-orig-source. + * Depend on bochsbios-qemu and vgabios to get the needed blobs from there + instead. + + -- Soren Hansen Mon, 26 Nov 2007 12:09:12 +0100 + +kvm (52+dfsg-1) unstable; urgency=low + + * New upstream release + * Switch to Vcs-Svn and Vcs-Browser in debian/control + + -- Jan Luebbe Thu, 15 Nov 2007 18:47:41 +0100 + +kvm (1:52+dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release. + * 08_default_tdf.patch + - Make -tdf the default and add a -no-tdf option. + + -- Soren Hansen Thu, 15 Nov 2007 02:21:55 +0100 + +kvm (1:48+dfsg-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable (LP: #161790, LP: #149785). + * Remaining Ubuntu changes: + + Add epoch + + debian/preinst: + - Remove code to delete never-in-Ubuntu conf file + + debian/control: + - Demote kvm-source to Suggests + - Mention kvm-source is unnecessary + - Add epoch to Conflicts + + debian/patches/from-debian-qemu/63_use_dev_bus_usb_not_proc_bus_usb.patch + - USB path /proc/bus/usb => /dev/bus/usb + + debian/rules: + - Call dh_installudev + * New changes: + + debian/control: + - Remove Debian's VCS fields: that's not where the Ubuntu packages are + maintained. + + -- Christopher James Halse Rogers Sat, 10 Nov 2007 17:42:58 +1100 + +kvm (48+dfsg-1) unstable; urgency=low + + * Adopt package with Baruch Even's permission + * New upstream release + + -- Jan Luebbe Thu, 25 Oct 2007 11:15:54 +0200 + +kvm (46+dfsg-0.1) unstable; urgency=low + + * Non-maintainer upload (low threshold nmu) + * New upstream release + * Adapt sf-get-orig-source from gnome-pkg-tools + * Repackage tarball to remove elpin VGA bios (closes: #440472) + * Add debian/watch file + + -- Jan Luebbe Sun, 14 Oct 2007 12:02:54 +0200 + +kvm (36-0.1) unstable; urgency=low + + * Non-maintainer upload (with permission) + * New upstream release (closes: #438412) + * Update patches + * Install documentation from qemu to /usr/share/doc/kvm to avoid conflicts + and refer to it from kvm(1) (closes: #434729) + * Rename conflicting manpages + * Add texi2html as a Build-Dependency + * Make module-assistant a Dependency of kvm-source because it is needed by + it's debian/rules + * debian/conffiles is not necessary for /etc + + -- Jan Luebbe Mon, 27 Aug 2007 18:45:36 +0200 + +kvm (1:28-4ubuntu3) hardy; urgency=low + + * debian/patches/from-debian-qemu/63_use_dev_bus_usb_not_proc_bus_usb.patch: + + Fixes broken USB device access since /proc/bus/usb/devices was replaced by + /dev/bus/usb/devices. (LP #156085) + + -- TJ Mon, 29 Oct 2007 13:00:00 +0000 + +kvm (1:28-4ubuntu2) gutsy; urgency=low + + * debian/rules: + + Call dh_installudev again (LP #127704). We have a slightly different + udev policy to Debian. + * debian/preinst: + + Remove code to delete old kvm.rules file. The file it references was + never in the Ubuntu packages, and we use dh_installudev now. + * debian/control: + + Demote the Recommends on kvm-source to Suggests. kvm works with the + kernel modules we ship, so the kvm-source package doesn't add much. + + -- Christopher James Halse Rogers Sat, 29 Sep 2007 18:53:27 +1000 + +kvm (1:28-4ubuntu1) gutsy; urgency=low + + * Merge from Debian Unstable (LP: #119254, #122113). + * Remaining Ubuntu Changes: + + Add epoch + + debian/control + - Mention that the kvm-source package is unnecessary. + * Add epoch to the Conflicts + + -- Christopher James Halse Rogers (RAOF) Mon, 25 Jun 2007 22:49:27 +1000 + +kvm (28-4) unstable; urgency=low + + * Divert kernel modules when installing the kvm-source modules + (Closes: #429851) + * kvm-ifup, even if bridge command failed continue to work, this will allow + users who have no bridge setup and intend to setup some other method to + get it to work without messing with the package files. (Closes: #407459) + + -- Baruch Even Thu, 21 Jun 2007 12:37:54 +0100 + +kvm (28-3) unstable; urgency=low + + * Fix infinite loop in kvm-ifup script + + -- Baruch Even Mon, 18 Jun 2007 20:51:50 +0100 + +kvm (28-2) unstable; urgency=low + + * We moved a file from kvm-source to kvm, to be able to properly upgrade we + specify a conflict against older versions (Closes: #417652) + * Fix kvm-ifup script to work in more conditions (Closes: #417151) + * Remove old /etc/udev/kvm.rules since it's not needed (Closes: #414331) + + -- Baruch Even Sun, 17 Jun 2007 21:13:07 +0100 + +kvm (28-1) unstable; urgency=low + + * New upstream release (Closes: #422197) + - Should fix oops (Closes: #418928) + * kqemu is no longer in non-free (Closes: #419152) + + -- Baruch Even Sun, 17 Jun 2007 10:32:40 +0100 + +kvm (18-1) unstable; urgency=low + + * New upstream release (Closes: #416926) + * Move the module-assistant script to the kvm package from kvm-source so all + users will benefit from the integration (Closes: #416122) + * Remove patch to add qemu-ifup and kvm initscript, they are now part of kvm directly. + + -- Baruch Even Sat, 31 Mar 2007 21:00:34 +0300 + +kvm (1:16-1ubuntu2) feisty; urgency=low + + * Revert to kvm-16 to match released kernel. + * Add epoch. + + -- Ben Collins Sun, 15 Apr 2007 17:52:01 -0400 + +kvm (16-1ubuntu1) feisty; urgency=low + + * New upstream. + + -- Ben Collins Wed, 14 Mar 2007 00:33:11 -0400 + +kvm (15-1ubuntu1) feisty; urgency=low + + * New upstream. + + -- Ben Collins Thu, 1 Mar 2007 22:15:02 -0500 + +kvm (14-1) unstable; urgency=medium + + [ Leonard Norrgård ] + * New upstream version. KVM is now based on qemu-0.9.0. + * Suggest etherboot and actually suggest hal (was only mentioning it). + * Update copyright info. + * Add a couple of patches from Debian qemu: 22_net_tuntap_stall.patch, + 04_do_not_print_rtc_freq_if_ok.patch, 62_linux_boot_nasm.patch (62_* + currently only to avoid a buildd FTBS problem). + * Reorder the first two paragraphs in the description for kvm so the + general description is first, the more technical second. + * Moved adduser to Pre-Depends, as we rely on it for installation. + * For a detailed changelog, please see: + svn log -v -r 2227:2383 svn://svn.debian.org/svn/collab-maint/ext-maint/kvm/trunk + + [ Baruch Even ] + * Update the uploader name of Leonard so that lintian won't think it's an + NMU. + * Add XS-Vcs-Browser field + + -- Baruch Even Sat, 24 Feb 2007 17:43:42 +0200 + +kvm (13-1) UNRELEASED; urgency=low + + * New upstream version. + + -- Leonard Norrgård Sat, 10 Feb 2007 07:40:59 +0200 + +kvm (12-1) unstable; urgency=high + + * New upstream version. Most important upstream changes: + - Attempting to reboot Linux guest no longer reboots host on AMD, + actual guest reboot still not possible. + - The option -no-acpi is no longer required to install Windows + (the option is still recommended as the Windows ACPI HAL will + eat a lot of cpu time). + + -- Leonard Norrgard Sun, 23 Jan 2007 18:54:17 +0200 + +kvm (11-2) unstable; urgency=low + + [ Baruch Even ] + * Make the quilt include part conditional so we don't have to have it when + building the kernel module. (Closes: #407447, #407482) + * Do not recommend linux-image-2.6 in kvm-source, and move linux-headers-2.6 + from depends to suggests where it belongs. The package can build from + vanilla kernels as well as Debian kernels. (Closes: #407729) + + [ Leonard Norrgard ] + * Enhance manual page a bit. + + -- Baruch Even Sun, 21 Jan 2007 09:05:38 +0200 + +kvm (11-1) unstable; urgency=high + + * New upstream version. Closes #406800, #406275, #404075. + * This version fixes many stability issues in earlier versions of KVM. + * Automatically create group kvm on installation of package kvm + * Added udev support to automatically set group kvm on /dev/kvm + * Added reportbug script (/usr/share/bug/kvm) so some info that + might be relevant gets included automatically. + * Tell module-assistant about the kvm-source package, so it shows up + in the module selection menu. + * Add information on building the modules using module-assistant. + * Add /etc/kvm/kvm-ifup script (conffile) to bring up the network for + the VM in a simpler way, see the manual page for kvm for description. + This used to be /etc/qemu-ifup, as installed by the qemu package. + * Depend on iproute, bridge-utils, used by kvm-ifup and the upcoming + /etc/init.d script. + * Remove non-x86 bios images - KVM is only meaningful for x86 guests. + * Keep KVM bios files in /usr/share/kvm, rather than sharing them with + other packages as the KVM bios is different (also avoids unexpected + bios updates). + * Don't depend on qemu, as we now keep our own bios. + * Recommend kvm-source, qemu (mostly for qemu-img), vde2 and linux-image-2.6. + * Suggest sudo and debootstrap. + * For kvm-source, depend on linux-headers-2.6 | linux-source-2.6, + recommend linux-image-2.6 and suggest module-assistant and + kernel-package. + * Use quilt to handle patches. + * More detailed package description for kvm, added Homepage:. + + -- Leonard Norrgard Sun, 14 Jan 2007 07:11:03 +0200 + +kvm (7-1) unstable; urgency=low + + * New upstream version + * Install the Intel and AMD modules (Closes: 402820) + + -- Baruch Even Wed, 13 Dec 2006 09:19:44 +0200 + +kvm (5-2) unstable; urgency=low + + * Yet another attempt to fix building on amd64. + + -- Baruch Even Wed, 6 Dec 2006 08:35:04 +0200 + +kvm (5-1) unstable; urgency=low + + * New upstream version + * Really fix building on amd64 (Closes: #400549) + + -- Baruch Even Wed, 6 Dec 2006 07:12:30 +0200 + +kvm (4-2) unstable; urgency=low + + * Allow build on amd64 arch, it really should mean Intel x86 64bit arches, + kvm still doesn't support AMD SVM instructions and requires the Intel + CPUs. (Closes: #400549) + + -- Baruch Even Tue, 28 Nov 2006 22:16:08 +0200 + +kvm (4-1) unstable; urgency=low + + * New upstream version. + + -- Baruch Even Tue, 21 Nov 2006 22:23:26 +0200 + +kvm (3-2) unstable; urgency=low + + * Use KERNEL_DIR variable when building the module to enable building a + module for a kernel that is not being run right now. (Closes: #399603) + * Add manpage that refers the user to qemu(1) where he can find all the + information he needs. + + -- Baruch Even Tue, 21 Nov 2006 09:22:57 +0200 + +kvm (3-1) unstable; urgency=low + + * New upstream version. + * Use upstream versioning of natural numbers. + * First upload to Debian (Closes: #398458) + + -- Baruch Even Wed, 15 Nov 2006 23:58:12 +0200 + +kvm (0.0.2-1) unstable; urgency=low + + * Initial release + + -- Baruch Even Tue, 14 Nov 2006 20:49:57 +0200 --- qemu-kvm-1.0+noroms.orig/debian/changelog.qemu +++ qemu-kvm-1.0+noroms/debian/changelog.qemu @@ -0,0 +1,1407 @@ +qemu (0.10.5-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #378556), remaining changes: + - debian/control: + + Recommends on openhackware, openbios-sparc. + + lpia build enablement. + + -- Andres Rodriguez Mon, 25 May 2009 15:02:09 -0500 + +qemu (0.10.5-1) unstable; urgency=low + + * New upstream version. + + -- Aurelien Jarno Sun, 24 May 2009 16:15:35 +0200 + +qemu (0.10.4-1) unstable; urgency=low + + * New upstream version. + * debian/NEWS.Debian: new file, describing the cache policy options + (closes: bug#526832). + * debian/patches/70_versatile_memsize.patch: new patch to set a upper + limit on the memory size of the versatile boards (closes: + bug#527264). + + -- Aurelien Jarno Tue, 12 May 2009 18:31:29 +0200 + +qemu (0.10.3-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #371879), remaining changes: + - debian/control: Recommends on openhackware, openbios-sparc; + lpia build enablement + + -- Andres Rodriguez Thu, 07 May 2009 11:35:18 -0500 + +qemu (0.10.3-1) unstable; urgency=low + + * New upstream version. + * Tighten dependency on bochsbios. + + -- Aurelien Jarno Sat, 02 May 2009 10:14:21 +0200 + +qemu (0.10.2-2) unstable; urgency=low + + * Add missing comma in build-depends (closes: bug#524207). + * Tighten dependency on vgabios. + + -- Aurelien Jarno Wed, 15 Apr 2009 22:30:43 +0200 + +qemu (0.10.2-1) unstable; urgency=low + + [ Aurelien Jarno ] + * New upstream stable release. + + -- Aurelien Jarno Tue, 07 Apr 2009 07:37:15 +0200 + +qemu (0.10.1-1) unstable; urgency=low + + [ Aurelien Jarno ] + * New upstream stable release: + - patches/80_stable-branch.patch: remove. + * debian/control: + - Remove depends on proll. + - Move depends on device-tree-compiler to build-depends. + - Bump Standards-Version to 3.8.1 (no changes). + * patches/82_qemu-img_decimal.patch: new patch from upstream to make + qemu-img accept sizes with decimal values (closes: bug#501400). + + -- Aurelien Jarno Sun, 22 Mar 2009 10:13:17 +0100 + +qemu (0.10.0-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable (LP: #341237), remaining changes: + - debian/control: depend on bochsbios-qemu | bochsbios; recommend + proll, openhackware, openbios-sparc; lpia build enablement + + -- Dustin Kirkland Thu, 12 Mar 2009 12:35:38 -0500 + +qemu (0.10.0-1) unstable; urgency=low + + [ Aurelien Jarno ] + * New upstream release: + - Fix fr-be keyboard mapping (closes: bug#514462). + - Fix stat64 structure on ppc-linux-user (closes: bug#470231). + - Add a chroot option (closes: bug#415996). + - Add evdev support (closes: bug#513210). + - Fix loop on symlinks in user mode (closes: bug#297572). + - Bump depends on openbios-sparc. + - Depends on openbios-ppc. + - Update 12_signal_powerpc_support.patch. + - Update 21_net_soopts.patch. + - Drop 44_socklen_t_check.patch (merged upstream). + - Drop 49_null_check.patch (merged upstream). + - Update 64_ppc_asm_constraints.patch. + - Drop security/CVE-2008-0928-fedora.patch (merged upstream). + - Drop security/CVE-2007-5730.patch (merged upstream). + * patches/80_stable-branch.patch: add patches from stable branch: + - Fix race condition between signal handler/execution loop (closes: + bug#474386, bug#501731). + * debian/copyright: update. + * Compile and install .dtb files: + - debian/control: build-depends on device-tree-compiler. + - debian/patches/81_compile_dtb.patch: new patch from upstream. + - debian/rules: compile and install bamboo.dtb and mpc8544.dtb. + + -- Aurelien Jarno Sat, 07 Mar 2009 06:20:34 +0100 + +qemu (0.9.1+svn20090104-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + * Disable security/CVE-2008-0928-fedora.patch, it still breaks qcow + format. + + -- Aurelien Jarno Sun, 04 Jan 2009 16:31:40 +0100 + +qemu (0.9.1+svn20081223-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - Fix CVE-2008-2382 + * Update patches/48_signal_terminate.patch. + * debian/rules: remove upstream flags from CFLAGS. + + -- Aurelien Jarno Tue, 23 Dec 2008 14:51:25 +0100 + +qemu (0.9.1+svn20081214-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - Fix jmp im on x86_64 when executing 32-bit code. Fix grub + installation (Closes: bug#467148). + + -- Aurelien Jarno Sun, 14 Dec 2008 23:26:04 +0100 + +qemu (0.9.1+svn20081207-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - Do not depend on gcc-3.4 anymore (Closes: bug#440425, bug#463066). + - Fix broken display introduced by CVE-2007-1320 (Closes: bug#422578). + * debian/control: remove build-dependency on gcc-3.4. + * debian/rules: remove code for dyngen targets. + * Split 90_security.patch into + - security/CVE-2007-5730.patch + - security/leftover.patch + * Replace 91_security.patch by security/CVE-2008-0928-fedora.patch taken + from fedora repository and enable it (Closes: #469649). + + [ Riku Voipio ] + * 2 patches gone, 19 to go: + - 10_signal_jobs.patch: drop, merged upstream + - 11_signal_sigaction.patch: drop, merged upstream + - series: update + + -- Aurelien Jarno Sun, 07 Dec 2008 19:40:09 +0100 + +qemu (0.9.1+svn20081128-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - Include documentation for network downscript option (Closes: + bug#506994). + - Drop 00_bios.patch and pass --disable-blobs instead. + - Update 12_signal_powerpc_support.patch. + + [ Riku Voipio ] + * Drop 31_syscalls.patch as it makes no sense using host uselib to + load target code into qemu's host memoryspace. + + -- Aurelien Jarno Sat, 29 Nov 2008 09:04:41 +0100 + +qemu (0.9.1+svn20081112-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: add lpia to the Architectures list; + move proll, openhackware, and openbios-sparc from Depends to Recommends + - debian/patches/91_vmdk_compat6_scsi: add support for scsi disks to + vmdk images + - debian/patches/95_evdev_keycode_map.patch: ported the + gtk-vnc patch that fixes evdev keycode mapping + + -- Soren Hansen Sun, 23 Nov 2008 21:55:46 +0100 + +qemu (0.9.1+svn20081112-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - does not need a disk image anymore (Closes: bug#260935). + - 53_openbios_size.patch: drop (merged upstream). + - 90_security: update. + * debian/control: depend on openbios-sparc (>= 1.0~alpha2+20081109) + (Closes: bug#502411, bug#502414). + + -- Aurelien Jarno Sun, 09 Nov 2008 14:42:37 +0100 + +qemu (0.9.1+svn20081101-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - fix a heap overflow in Cirrus emulation (CVE-2008-4539). + - 50_linuxbios_isa_bios_ram.patch: update. + - 90_security.patch: update. + + -- Aurelien Jarno Sat, 01 Nov 2008 09:26:45 +0100 + +qemu (0.9.1+svn20081023-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + - 12_signal_powerpc_support.patch: update. + - 50_linuxbios_isa_bios_ram.patch: update. + + -- Aurelien Jarno Thu, 23 Oct 2008 21:34:26 +0200 + +qemu (0.9.1+svn20081016-1) experimental; urgency=low + + [ Aurelien Jarno ] + * New upstream snapshot. + * patches/31_syscalls.patch: remove parts merged upstream. + * debian/qemu-make-debian-root: + - Fix bug introduced when fixing bug#496394 (Closes: bug#502325). + + -- Aurelien Jarno Mon, 13 Oct 2008 23:11:15 +0200 + +qemu (0.9.1+svn20081012-1) experimental; urgency=low + + [ Riku Voipio ] + * Add a bunch of patches from scratchbox + - 44_socklen_t_check work better with badbehavin net apps + - 48_signal_terminate make qemu binary terminate on signals as expected + - 49_null_checks don't bother some syscalls when null/zero is passed + + [ Aurelien Jarno ] + * New upstream snapshot. + - alpha is now a TCG target. + - comma has been added to sendkey (closes: bug#414342). + * patches/31_syscalls.patch: remove parts merged upstream. + * patches/39_syscall_fadvise64.patch: remove (merged upstream). + * patches/90_security.patch: remove parts merged upstream. + * debian/control: build-depends on libbluetooth-dev. + + -- Aurelien Jarno Sun, 12 Oct 2008 18:46:54 +0200 + +qemu (0.9.1+svn20080905-1) experimental; urgency=low + + * New upstream snapshot. + - SH4 is now a TCG target. + * debian/watch: update URL location. + + -- Aurelien Jarno Tue, 02 Sep 2008 01:43:24 +0200 + +qemu (0.9.1+svn20080826-1) experimental; urgency=low + + * New upstream snapshot. + * debian/qemu-make-debian-root: + - Use mktemp instead of $$ to create temporary directories (Closes: + bug#496394). + * Ship a libqemu-dev package (Closes: bug#451618). + + -- Aurelien Jarno Tue, 26 Aug 2008 09:55:36 +0200 + +qemu (0.9.1+svn20080822-1) experimental; urgency=low + + * New upstream snapshot. + - Focus to monitor to ask password (Closes: bug#473240). + - TCG SPARC host support (Closes: bug#450817). + - Check KQEMU availability before allocating memory (Closes: bug#414566). + - Fix dead keys (Closes: bug#489594). + - Fix ES1370 emulation (Closes: bug#494462). + - New USB UHCI implemnation (Closes: bug#457651). + - Add debian/patches/00_bios.patch. + - Remove debian/patches/02_snapshot_use_tmpdir.patch (merged). + - Remove debian/patches/04_do_not_print_rtc_freq_if_ok.patch (merged). + - Remove patches/05_non-fatal_if_linux_hd_missing.patch (merged). + - Update debian/patches/07_i386_exec_name.patch + - Update debian/patches/12_signal_powerpc_support.patch + - Remove debian/patches/33_syscall_ppc_clone.patch (merged differently). + - Remove debian/patches/41_arm_fpa_sigfpe.patch (merged). + - Remove debian/patches/42_arm_tls.patch (merged differently). + - Update debian/patches/55_unmux_socketcall.patch. + - Remove debian/patches/63_sparc_build.patch (useless). + - Update debian/patches/65_kfreebsd.patch. + - Update debian/patches/66_tls_ld.patch. + - Remove debian/patches/70_manpage.patch (merged). + - Remove debian/patches/71_doc.patch (merged). + - Remove debian/patches/80_ui_curses.patch (merged). + - Remove debian/patches/81_mips32r2_fpu.patch (merged). + - Remove debian/patches/82_mips_abs.patch (merged). + - Remove debian/patches/83_usb-serial.patch (merged). + - Remove debian/patches/84_rtl8139.patch (merged). + - Remove debian/patches/85_vvfat.patch (merged). + - Remove debian/patches/86_df.patch (merged). + - Remove debian/patches/87_eoi.patch (merged). + - Remove debian/patches/88_dma.patch (merged). + - Remove debian/patches/89_braille.patch (merged). + - Remove debian/patches/92_no_shutdown.patch (merged). + - Remove debian/patches/93_tmpfs.patch (merged). + - Remove debian/patches/94_security.patch (merged). + * debian/README.source: new file. + * debian/patches/*: convert to patchlevel 1 (Closes: bug#484963). + * debian/control: + - Add build-depends on libesd0-dev. + - Add build-depends on libpulse-dev. + - Add build-depends on libvdeplug2-dev. + - Add build-depends on etherboot. + - Update list of supported targets (Closes: bug#488339). + - Suggests kqemu-source. + - Bump Standards-Version to 3.8.0. + * debian/links: + - Add missing manpage symlinks. + * debian/rules: + - Enable audio drivers depending on the system. + - Enable DYNGEN targets depending on the system. + - Install PXE bios from etherboot (Closes: bug#412010). + - Don't ignore make clean errors. + - Don't build DYNGEN targets on kfreebsd-amd64 (Closes: bug#494353). + * debian/patches/22_net_tuntap_stall.patch: remove (outdated). + + -- Aurelien Jarno Fri, 22 Aug 2008 01:00:54 +0200 + +qemu (0.9.1-7ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: add lpia to the Architectures list; + move proll, openhackware, and openbios-sparc from Depends to Recommends + - debian/patches/91_vmdk_compat6_scsi: add support for multiple + compatiblity levels and scsi disks to vmdk images + - debian/patches/95_evdev_keycode_map.patch: ported the + gtk-vnc patch that fixes evdev keycode mapping + - debian/patches/96_dirent.patch: fix FTBFS error, including the wrong + dirent.h, matches qemu SVN + + -- Dustin Kirkland Thu, 20 Nov 2008 18:10:36 -0600 + +qemu (0.9.1-5ubuntu3) intrepid; urgency=low + + * debian/patches/95_evdev_keycode_map.patch: ported the + gtk-vnc patch that fixes evdev keycode mapping (LP: #258389) + * debian/patches/96_dirent.patch: fix FTBFS error, including the wrong + dirent.h, matches qemu SVN + * debian/patches/series: added 95_evdev_keycode_map.patch and + 96_dirent.patch + + -- Dustin Kirkland Wed, 24 Sep 2008 20:00:59 -0500 + +qemu (0.9.1-5ubuntu2) intrepid; urgency=low + + * Added lpia to the Architectures list (LP: #232062) + + -- Emmet Hikory Mon, 11 Aug 2008 13:01:16 +0900 + +qemu (0.9.1-5ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Depend on bochsbios-qemu >= 2.3.5-1ubuntu1 or bochsbios >= + 2.3.6-2ubuntu1 to get the proper BIOS image. + + Move proll, openhackware, and openbios-sparc from Depends to Recommends + + Add support for generating SCSI vmdk images. + * Rename Vcs-* to XS-Debian-Vcs-* + + -- Nicolas Valcárcel Wed, 23 Jul 2008 02:32:58 -0500 + +qemu (0.9.1-5) unstable; urgency=high + + [ Guillem Jover ] + * Add Homepage field. + * Add Vcs-Browser and Vcs-Svn fields. + * Remove packaging repository information from debian/copyright. + * Add former package co-maintainers to debian/copyright. + * Serialize patch and configure steps in debian/rules to support parallel + builds, as we are patching configure. + * Remove myself from Uploaders. + + [ Aurelien Jarno ] + * debian/patches/70_manpage.patch: remove curses documentation, it is already + in debian/patches/80_ui_curses.patch (Closes: bug#477369). + * debian/patches/94_security.patch: add format= to drive options + (CVE-2008-2004). + + -- Aurelien Jarno Mon, 28 Apr 2008 21:54:12 +0200 + +qemu (0.9.1-4) unstable; urgency=high + + * debian/patches/52_ne2000_return.patch: drop, the patch is wrong. + * Backports from upstream: + - Typo in curses_keys.h + - Documentation for the -curses option + - Fix broken absoluteness check for cabs.d.*. + - USB-to-serial device. + - rtl8139: fix endianness on big endian targets + - restore rw support for vvfat + - x86-64: recompute DF after eflags has been modified when emulating + SYSCALL + - ignore reads to the EOI register + - IDE: Improve DMA transfers by increasing the buffer size + - Braille device support + - Add -no-shutdown option (Closes: #326406) + - Ask to use "mount -o remount" instead of "umount" and "mount" + /dev/shm (Closes: #476539). + * debian/qemu.doc-base: fix section. + + -- Aurelien Jarno Sun, 20 Apr 2008 23:29:42 +0200 + +qemu (0.9.1-3) unstable; urgency=low + + [ Aurelien Jarno ] + * debian/patches/42_arm_tls.patch: fix to get qemu-system-arm working + again. (Closes: #471722). + * debian/patches/56_dhcp.patch: fix DHCP server to correctly support + MS-Windows guests. (Closes: #471452). + + -- Aurelien Jarno Wed, 19 Mar 2008 18:58:29 +0100 + +qemu (0.9.1-2) unstable; urgency=low + + [ Aurelien Jarno ] + * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS + (Closes: #442274). + * debian/patches/65_kfreebsd.patch: link with -lfreebsd. (Closes: + #465932). + * debian/patches/81_mips32r2_fpu.patch: patch pulled from upstream + to fix FPU issue on MIPS32R2. + * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the + previous upload. (Closes: #469743). + * debian/rules: fix parallel building. (Closes: #469981). + * debian/patches/07_i386_exec_name.patch: install the i386 emulator as + qemu-system-i386, and change qemu into a link pointing to the i386 + version. + * debian/README.Debian: add notes about qemu-system-ppc and video.x + (Closes: #388735). + * debian/patches/70_manpage.patch: describe the -curses option. + (Closes: #433658). + * debian/patches/71_doc.patch: fix the monitor change option. (Closes: + #467106). + * debian/patches/35_syscall_sockaddr.patch: fix sockaddr (Closes: + #469351). + * debian/patches/43_arm_cpustate.patch: disable (Closes: #444171). + + -- Aurelien Jarno Mon, 17 Mar 2008 01:29:03 +0100 + +qemu (0.9.1-1ubuntu1) hardy; urgency=low + + * Merge from debian unstable (LP: #190681), remaining changes: + - debian/control: + + Depend on bochsbios-qemu >= 2.3.5-1ubuntu1 or bochsbios >= + 2.3.6-2ubuntu1 to get the proper BIOS image. + + Move proll, openhackware, and openbios-sparc from Depends to Recommends. + + Add support for generating SCSI vmdk images. + + DebianMaintainerField. + + -- Soren Hansen Wed, 13 Feb 2008 02:13:56 +0100 + +qemu (0.9.1-1) unstable; urgency=low + + [ Aurelien Jarno ] + * New upstream version. (Closes: #459801) + - Supports s390 host. (Closes: #441119) + - Fix PCI bar allocation. (Closes: #413315) + - Fix typo in keys name. (Closes: #426181) + - Fix segfault of qemu-i386 (Closes: #446868). + - debian/control: bump depends on openbios-sparc to + >= 1.0~alpha2+20080106. + - debian/patches/02_snapshot_use_tmpdir.patch: Refreshed. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/06_exit_segfault.patch: Likewise. + - debian/patches/10_signal_jobs.patch: Likewise. + - debian/patches/11_signal_sigaction.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_soopts.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/50_linuxbios_isa_bios_ram.patch: Likewise + - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise + - debian/patches/61_safe_64bit_int.patch: Removed, merged upstream. + - debian/patches/63_sparc_build.patch: Refreshed. + - debian/patches/80_ui_curses.patch: Likewise. + * debian/patches/90_security.patch: fix 64-bit overflow. (Closes: + #425634) + * debian/qemu-make-debian-root: add a -s option to create sparse + image. (Closes: #322325) + * debian/control: bump depends on bochsbios to >= 2.3.5-1. Use + BIOS-qemu-latest instead of BIOS-bochs-latest. (Closes: #402289, + #442822) + * debian/rules: build the non-dyngen part with default gcc. + * debian/rules: support DEB_BUILD_OPTIONS="parallel=n". + * debian/patches/70_manpage.patch: describe the arguments of the + -usbdevice option in the manpage. (Closes: #443801) + * debian/control: now using Standards-Version 3.7.3 (no changes needed). + * debian/control: build-depends on libgnutls-dev to enable TLS support + in VNC. + * debian/patches/01_nostrip.patch: don't strip binaries during make + install. (Closes: #437866) + * debian/patches/53_openbios_size.patch: increase maximum prom size to + support latest openbios. + + -- Aurelien Jarno Mon, 28 Jan 2008 21:24:14 +0100 + +qemu (0.9.0+20070816-1ubuntu3) hardy; urgency=low + + * Updated bios symlink to match new bochsbios-qemu package. + * Added versioned dependency on bochsbios-qemu to make sure the + image has been renamed. + + -- Soren Hansen Mon, 10 Dec 2007 12:35:43 +0100 + +qemu (0.9.0+20070816-1ubuntu2) hardy; urgency=low + + * Use new qemu specific bios from bochsbios. (LP: #123185) + + -- Soren Hansen Fri, 23 Nov 2007 17:27:03 +0100 + +qemu (0.9.0+20070816-1ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/patches/91_vmdk_compat6_scsi: + + Add support for multiple compatiblity levels and scsi disks to + vmdk images. + - debian/control: + + Move proll and openhackware from Depends to Recommends. + * Move openbios-sparc from Depends to Recommends. + + -- Soren Hansen Mon, 22 Oct 2007 17:07:29 +0200 + +qemu (0.9.0+20070816-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream snapshot. + - Fix hang on ARM during Etch installation. (Closes: #430164) + - Fix data corruption with qcow 2. (Closes: #440296) + - Fix errors with raw images > 4 GiB. (Closes: #425634) + - debian/patches/01_typo_qemu-img.patch: Removed, merged upstream. + - debian/patches/03_machines_list_no_error.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/38_syscall_semctl.patch: Likewise. + - debian/patches/40_sparc_fp_to_int.patch: Likewise. + - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: Likewise. + - debian/patches/62_linux_boot_nasm.patch: Likewise. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Synced. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/43_arm_cpustate.patch: Likewise. + - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise. + - debian/patches/55_unmux_socketcall.patch: Likewise. + - debian/patches/60_ppc_ld.patch: Likewise. + - debian/patches/65_kfreebsd.patch: Likewise. + - debian/patches/80_ui_curses.patch: Likewise. + - debian/patches/90_security.patch: Likewise. + * Remove Elrond and Guilherme de S. Pastore from Uploaders, with their + permission, and add Aurelien Jarno and Riku Voipio. + * Remove Tag field, this is better maintained outside of the package. + * Add openbios-sparc64 to qemu_bios_files in debian/rules. + + [ Aurelien Jarno ] + * Fix FTBFS on amd64. (Closes: #434296) + - Drop debian/patches/34_syscalls_types.patch + * debian/control: + - Suggest samba. (Closes: #430368) + * Add OpenBIOS for sparc. (Closes: #407076) + - debian/control: depends on openbios-sparc. + - debian/links: provide symlinks in /usr/share/qemu. + + -- Guillem Jover Tue, 04 Sep 2007 04:04:47 +0300 + +qemu (0.9.0-2ubuntu4) gutsy; urgency=low + + * Renamed debian/patches/91_compat6.patch to + debian/patches/91_vmdk_compat6_scsi.patch and added support for creating + SCSI type vmdk images. + + -- Soren Hansen Tue, 25 Sep 2007 11:15:26 +0200 + +qemu (0.9.0-2ubuntu3) gutsy; urgency=low + + * Fix typo in debian/patches/91_compat6.patch that broke qemu-img convert. + + -- Soren Hansen Fri, 21 Sep 2007 19:54:32 +0200 + +qemu (0.9.0-2ubuntu2) gutsy; urgency=low + + * debian/patches/91_compat6.patch: + - Add support for VMWare Workstation 6 virtual disks. + + -- Soren Hansen Fri, 14 Sep 2007 10:44:05 +0200 + +qemu (0.9.0-2ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Remove 34_syscalls_types.patch from debian/patches/series: add an + unnecessary kernel header breaking compilation of linux-user/syscall.c. + - Move proll and openhackware from Depends to Recommends. + + -- Andrea Veri Mon, 21 May 2007 04:24:55 +0200 + +qemu (0.9.0-2) unstable; urgency=high + + [ Guillem Jover ] + * Fix several security issues. (Closes: #424070) + Thanks to Tavis Ormandy . + - Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320 + - NE2000 "mtu" heap overflow. + - QEMU "net socket" heap overflow. + - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 + - Infinite loop in the emulated SB16 device. + - Unprivileged "aam" instruction does not correctly handle the + undocumented divisor operand. CVE-2007-1322 + - Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322 + - debian/patches/90_security.patch: New file. + * Enable adlib audio emulation. (Closes: #419170) + * Fix structure padding for target_eabi_flock64 when built for a 64 bit + architecture. (Closes: #414799) + Thanks to Stuart Anderson . + - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: New file. + * Fix qemu to be able to use LinuxBios. (Closes: #412212) + Thanks to Ed Swierk . + - debian/patches/50_linuxbios_isa_bios_ram.patch: New file. + - 51_linuxbios_piix_ram_size.patch: Likewise. + * Fix segfault when booting a Linux kernel w/o a disk image, by exiting but + clarifying the message, as to use '/dev/null'. (Closes: #409817, #411780) + Thanks to Robert Millan . + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Updated. + * Fix segfault by using addrlen instead of target_addrlen in + do_getpeername()/do_getsockname(). (Closes: #411910) + Thanks to Stuart Anderson . + - debian/patches/35_syscall_sockaddr.patch: Updated. + * Fix semctl() for 32 bit targets on 64 bit hosts. (Closes: #414809) + Thanks to Stuart Anderson . + - debian/patches/38_syscall_semctl.patch: New file. + * Remove Elrond from Uploaders with consent, always welcome to join + back anytime. + + -- Guillem Jover Wed, 16 May 2007 08:08:31 +0300 + +qemu (0.9.0-1ubuntu1) gutsy; urgency=low + + * merged from Debian/experimental + * Merge from debian unstable, remaining changes: + - Remove 34_syscalls_types.patch from debian/patches/series: add an + unnecessary kernel header breaking compilation of linux-user/syscall.c. + - Move proll and openhackware from Depends to Recommends. + - set Maintainer field to MOTU + + -- Michael Vogt Wed, 2 May 2007 11:55:16 +0200 + +qemu (0.9.0-1) experimental; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #409989) + - Support for relative paths in backing files for disk images. + (Closes: #390446) + - debian/patches/01_doc_typos.patch: Removed, merged upstream. + - debian/patches/38_syscall_arm_statfs64.patch: Likewise. + - debian/patches/51_serial_small_divider.patch: Likewise. + - debian/patches/67_ppc_ftbfs.patch: Likewise. + - debian/patches/21_net_soopts.patch: Synced. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/39_syscall_fadvise64.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/55_unmux_socketcall.patch: Likewise. + - debian/patches/80_ui_curses.patch: Likewise. + * Update the copyright information. + * The ACPI initialization code has been moved to bochsbios. + - debian/patches/acpi-dsdt.hex: Removed. + - debian/rules: Do not install acpi-dsdt.hex. + * Add more files to the list of roms removed from the tarball needed to + be touched so that upstream 'make install' does not fail. + * Added armeb and armel to Architecture fields and libgpmg1-dev + Build-Depends. + * Recommend vde2 instead of the transitional vde package. (Closes: #407251) + * Fix typo in qemu-img output. (Closes: #408542) + - debian/patches/01_typo_qemu-img.patch: New file. + Thanks to Adam Buchbinder . + * Symlink qemu-user(1) to qemu-m68k(1). + * Reduce redundancy in qemu-user(1) synopsis. + * Fix rounding in sparc floating point to integer conversions. + - debian/patches/40_sparc_fp_to_int.patch: New file. + Thanks to Aurelien Jarno . + + -- Guillem Jover Thu, 8 Feb 2007 01:01:29 +0200 + +qemu (0.8.2+dfsg-0ubuntu1) feisty; urgency=low + + * Bump package version number to +dfsg-0ubuntu1 to get rid of binary blobs + that were left in the orig tarball with 0.8.2-0ubuntu1. + * Merge from debian unstable, remaining changes: + - 90_no_linux_compiler_h.patch: remove unnecessary kernel header + breaking compilation of linux-usb.c. + - Remove 34_syscalls_types.patch from debian/patches/series: add an + unnecessary kernel header breaking compilation of linux-user/syscall.c. + - Move proll and openhackware from Depends to Recommends. + + -- Jeremie Corbier Mon, 22 Jan 2007 17:27:33 -0800 + +qemu (0.8.2-5) unstable; urgency=low + + [ Guillem Jover ] + * Added a missing part to the ARM NPTL support patch, initially lost. + - debian/patches/42_arm_tls.patch: Updated. + + -- Guillem Jover Tue, 16 Jan 2007 11:44:00 +0200 + +qemu (0.8.2-4ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - 90_no_linux_compiler_h.patch: remove unnecessary kernel header + breaking compilation of linux-usb.c. + - Remove 34_syscalls_types.patch from debian/patches/series: add an + unnecessary kernel header breaking compilation of linux-user/syscall.c. + - Move proll and openhackware from Depends to Recommends. + + -- Jeremie Corbier Fri, 22 Dec 2006 12:06:33 -0800 + +qemu (0.8.2-4) unstable; urgency=medium + + [ Guillem Jover ] + * Disable using iasl for now until it's ported to big-endian systems and + include a locally built acpi-dsdt.hex file. + + -- Guillem Jover Sun, 3 Dec 2006 21:10:23 +0200 + +qemu (0.8.2-3) unstable; urgency=low + + [ Guillem Jover ] + * Hopefully really fix powerpc FTBFS. + + -- Guillem Jover Sun, 5 Nov 2006 17:09:53 +0200 + +qemu (0.8.2-2) unstable; urgency=low + + [ Guillem Jover ] + * Update Tag field to match new debtags vocabulary. + * Clean properly. (Closes: #390166) + - Remove the acpi generated files and the docs. + - Revert the docs regeneration forcing logic. + Thanks to Anderson Lizardo . + * On install use DESTDIR instead of specifying all paths. (Closes: #396139) + Thanks to Anderson Lizardo . + * Port to GNU/kFreeBSD. (Closes: #327622) + - Disable ALSA on non-linux systems. + - Add a Build-Depends on libfreebsd-dev on kfreebsd systems. + - Add kfreebsd-i386 and kfreebsd-amd64 to the Architecture field. + - debian/patches/65_kfreebsd.patch: New file. + Thanks Petr Salinger . + * In qemu-make-debian-root do not explicitely install in aptitude and + libsigc++-1.2-5c102, they are pulled now by default. And do not remove + aptitude afterwards. (Closes: #392481) + Thanks to Ted Percival . + * Add experimental ncurses ui support. (Closes: #369462) + - debian/patches/80_ui_curses.patch: New file. + Thanks to Andrzej Zaborowski . + * Add SO_PEERCRED and SO_SNDTIMEO support, and fix accept syscall when + being passed NULL pointers. + - debian/patches/21_net_sockopts.patch: Renamed to ... + - debian/patches/21_net_soopts.patch: ... here. Modify. + Thanks to Pablo Virolainen. + * Add a fadvise64 syscall stub. + - debian/patches/39_syscall_fadvise64.patch: New file. + Thanks to Pablo Virolainen. + * Add EABI unmuxed socket syscalls. + - debian/patches/55_unmux_socketcall.patch: New file. + Thanks to Riku Voipio. + * Add TLS sections to the ARM and x86 linker scripts so that qemu user + emulators can be linked statically. + - debian/patches/66_tls_ld.patch: New file. + * Move the documentation of the binary blob removals from the original + upstream tarball from README.Debian to debian/copyright. + * Reword the emphasis on "FAST!" from the package description. + * Fix FTBFS on powerpc by adding the missing fp_status variable to the + int32_to_float32 function calls. + - debian/patches/67_ppc_ftbfs.patch: New file. + + -- Guillem Jover Sun, 5 Nov 2006 08:48:27 +0200 + +qemu (0.8.2-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #379461, #385029, #388810) + - Add ACPI BIOS emulation support. (Closes: #372533) + - Fix mouse invisible wall when using Windows XP. (Closes: #384666) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/03_machines_list_no_error.patch: Likewise. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/06_exit_segfault.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/61_safe_64bit_int.patch: Likewise. + - debian/patches/63_sparc_build.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Removed, integrated upstream. + * Switch to quilt: + - debian/control: Add quilt (>= 0.40) to Build-Depends. + - debian/patches/series: New file. + - debian/patch.mk: Removed. + - debian/rules: Include '/usr/share/quilt/quilt.make' instead of + 'debian/patch.mk'. + * Build the ACPI Source Language files with iasl. + * Add a Tag field to the binary package, using data from debtags. + * Add 2006 to the debian/copyright years. + * Add a Recommends on vde. (Closes: #386780) + * Fix spelling error in package description (peripherials -> peripherals). + (Closes: #388700) + Thanks to Rakesh 'arky' Ambati . + * Fix ne2000_can_receive return code to 0 when the command is STOP. + (Closes: #386209) + - debian/patches/52_ne2000_return.patch: New file. + Thanks to Samuel Thibault . + * Document the binary blob removals from the original upstream tarball in + README.Debian. (Closes: #388740) + + -- Guillem Jover Mon, 25 Sep 2006 04:16:25 +0300 + +qemu (0.8.2-0ubuntu1) edgy; urgency=low + + * Merged with Debian unstable + * New Upstream release + * Dropped debian/patches/12_signal_powerpc_support.patch (broken for qemu + 0.8.2) + * Redid debian/patches/21_net_sockopt.patch + * Redid debian/patches/35_syscall_sockaddr.patch + * Redid debian/patches/42_arm_tls.patch + * Dropped debian/patches/50_missing_keycodes.patch (applied upstream) + * Redid debian/patches/61_safe_64bit_int.patch + * Dropped debian/patches/63_sparc_build.patch (applied upstream) + * Added new patch 65_no-linux_types_h.patch (unnecessary kernel header + breaking compilation of linux-user/syscall.c) + * Added new patch 66_no-linux_compiler_h.patch (unnecessary kernel header + breaking compilation of linux-usb.c) + + -- Rodrigo Parra Novo Fri, 4 Aug 2006 22:50:15 -0300 + +qemu (0.8.1-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #366955, #366637) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/43_arm_cpustate.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Likewise. + - debian/patches/51_serial_small_divider.patch: Likewise. + - debian/patches/61_safe_64bit_int.patch: Likewise. + - debian/patches/63_sparc_build.patch: Likewise. + - debian/patches/40_arm_nwfpe_cpsr.patch: Removed, integrated upstream. + * Make the patch system apply the patch on the first run. + - debian/patches/64_ppc_asm_constraints.patch: Add DPATCHLEVEL. + * Document how to use the images created with qemu-make-debian-root in the + man page. Thanks to Jacobo . (Closes: #343450) + * Add support for the -snapshot option to use the TMPDIR evironment + variable. (Closes: #353880) + - debian/patches/02_snapshot_use_tmpdir.patch: New file. + * Do not exit with an error when using '-M ?'. (Closes: #365209) + - debian/patches/03_machines_list_no_error.patch: New file. + * Added symlink for system-mipsel emulator man page. + * Build and clean the pc-bios directory. + * Avoid segfaulting by using _exit(2) instead of exit(3) in qemu user + emulators. (Closes: #338289) + - debian/patches/06_exit_segfault.patch: New file. + * Enable ALSA audio support and add libasound2-dev to the Build-Depends. + * Now using Standards-Version 3.7.2 (no changes needed). + + -- Guillem Jover Sun, 28 May 2006 20:51:10 +0300 + +qemu (0.8.0-3ubuntu1) dapper; urgency=low + + * moved proll and openhackware from Depends to Recommends. These are + needed for sparc emulation, so this may be broken in ubuntu. + + -- Reinhard Tartler Fri, 14 Apr 2006 20:30:04 +0200 + +qemu (0.8.0-3) unstable; urgency=low + + [ Josh Triplett ] + * Fix FTBFS on PowerPC caused by asm constraint problem. (Closes: #361727) + - debian/patches/64_ppc_asm_constraints.patch. + + [ Guillem Jover ] + * Clamp addrlen from host to target when using AF_UNIX. This fixes + socket problems when using EABI. + - debian/patches/35_syscall_sockaddr.patch: New file. + * Fix floating point comparison on ARM NWFPE, due to glue code missmatch. + (Closes: #356287) + - debian/patches/40_arm_nwfpe_cpsr.patch: New file. + - debian/patches/40_fpu_arm_sigfpe.patch: Rename to ... + - debian/patches/41_arm_fpa_sigfpe.patch: ... this. Resync. + Thanks to Ulrich Hecht. + * Fix POSIX threads creation on ARM hanging when initializing the cpu + structure being it cyclic. + - debian/patches/43_arm_cpustate.patch: New file. + * Add TLS support for ARM. Stolen from Scratchbox. + - debian/patches/42_arm_tls.patch: New file. + * Fix sysctl endian problem. + - debian/patches/32_syscall_sysctl.patch: Update. + Thanks to Timo Savola . + * Remove now default '--enable-slirp' build option. (Closes: #356284) + Thanks to Anderson Lizardo . + * Remove unused sharedir to 'make install'. (Closes: #356418) + Thanks to Anderson Lizardo . + * Fix package not cleaning properly. (Closes: #356279) + Thanks to Anderson Lizardo for the initial + patch. + * Add needed syscalls to make debootstrap work. (Closes: #356291) + - debian/patches/36_syscall_prctl.patch: New file. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/38_syscall_arm_statfs64.patch: Likewise. + Thanks to Anderson Lizardo . + * Remove obsolete Build-Dependency xlibs-dev. + + -- Guillem Jover Thu, 13 Apr 2006 11:53:00 +0300 + +qemu (0.8.0-2) unstable; urgency=low + + [ Guillem Jover ] + * Switch away from cdbs to plain debhelper. + * Upgrade to debhelper compat level 5. + * Allow overriding CC compiler variable. (Closes: #345772) + * Do not redefine 64 bit types on 64 bit arches. + - debian/patches/61_safe_64bit_int.patch: New file. + * Allow linux_boot.bin to be built on any arch by switching to nasm, + and Build-Depending on it. + - debian/patches/62_linux_boot_nasm.patch: New file. + * The serial hw driver uses a small divider that gets zeroed when shifting + bits to the right. (Closes: #276276, #348098) + - debian/patches/51_serial_small_divider.patch: New file. + Thanks to Samuel Thibault . + * Escaped hyphens in qemu-user manpage, use italics for filenames and + parameters and bold for options. + * Partial build failure fix for Sparc. (Bugs: #317145, #336970) + Thanks to Jurij Smakov . + + -- Guillem Jover Mon, 20 Feb 2006 09:17:46 +0200 + +qemu (0.8.0-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #344339) + - Added support for Virtual FAT. (Closes: #313123) + - Emulate repeated keystrokes when holding a key. (Closes: #298864) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Likewise. + * Added mips and mipsel to the lintian overrides for the user emulators + being shlib-with-non-pic-code. + * Added symlinks for mips, mipsel and system-arm emulator manpages. + + -- Guillem Jover Fri, 30 Dec 2005 05:44:53 +0200 + +qemu (0.7.2-2) unstable; urgency=low + + [ Josh Triplett ] + * Add support for signal handling on PowerPC. (Closes: #335509) + - debian/patches/12_signal_powerpc_support.patch: New file. + + [ Guillem Jover ] + * Add Josh Triplett to Uploaders and packaging team. + * Fix PowerPC build failure by reintroducing the ppc linker script and + adding the missing _SDA_BASE_ and _SDA2_BASE_ symbols. (Closes: #336983) + * Remove invalid patch making X11 fail at runtime. + - debian/patches/20_net_socket.patch: Remove. + - debian/patches/32_syscall_sysctl.patch: Sync. + Thanks to Daniel Gimpelevich . + * Avoid the patch system to try until it applies. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Added patch level. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + + -- Guillem Jover Wed, 21 Dec 2005 22:11:34 +0200 + +qemu (0.7.2-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #321232, #327168) + - debian/patches/12_signal_silent.patch: Integrated upstream, remove. + - debian/patches/50_ppc_ldscript.patch: Likewise. + - debian/patches/33_syscall_truncate64.patch: Likewise. + - debian/patches/01_doc_typos.patch: Resync with upstream. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/10_signal_jobs.patch: Likewise. + - debian/patches/11_signal_sigaction.patch: Likewise. + - debian/patches/20_net_socket.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. + * Repackaged upstream source to deal with binaries w/o sources. + - pc-bios/video.x: New file removed. + * Create a new qemu-user(1) manpage and link all user emulator manpages + to it. (Closes: #335163) + * Add missing '-' and '=' keycodes for sendkey command. + - debian/patches/50_missing_keycodes.patch: New file. (Closes: #334071) + Thanks to Robert Millan . + * Add manpage link for qemu-system-mips. + * Make sysctl byte-swap the name values. + - debian/patches/32_syscall_sysctl.patch: Merge patch. (Closes: #334458) + Thanks to Josh Triplett . + * Change documentation menu section to "Apps/Emulators". (Closes: #335062) + Thanks to Frans Pop . + * On PowerPC, do not zero registers r7-r31 in do_fork and zero register r3. + Fixing segfaults on programs using the clone syscall. + - debian/patches/33_syscall_ppc_clone.patch: New file. (Closes: #335159) + Thanks to Josh Triplett + and Paul Brook . + * Tighten vgabios and bochsbios versioned Depends. + * Add video.x to the list of roms to touch to make qemu Makefile happy. + * Add lintian overrides for the user emulators being shlib-with-non-pic-code. + * Wrap lines in debian/control fields (knowingly breaking policy). + + [ Guilherme de S. Pastore ] + * debian/control: + - Updated my e-mail address. + * debian/copyright: + - Dropped André from team members list, not a single contribution ever. + + -- Guillem Jover Mon, 31 Oct 2005 05:01:45 +0200 + +qemu (0.7.0-4) unstable; urgency=low + + [ Guillem Jover ] + * Rebuild source with locally deborked dpkg-source. (Closes: #321019) + * Added the location of the Subversion repo used for the packages and + fixed the upstream URL in debian/copyright. + * Lower case title header in qemu-make-debian-root man page. + * Use dd instead of cat to generate the qemu debian root image. + (Closes: #315952) + + -- Guillem Jover Wed, 3 Aug 2005 05:53:30 +0300 + +qemu (0.7.0-3) unstable; urgency=low + + [ Guillem Jover ] + * Update watch file to version 3, use perlre and new upstream site. + * Now using Standards-Version 3.6.2 (no changes needed). + * Fix TUN/TAP network interface stalling the connection. (Closes: #290569) + Thanks to Vitaly Belostotsky . + * Link against librt, needed by the new clock_gettime syscall. + - debian/patches/31_syscalls.patch: Update. (Closes: #315388) + Thanks to Timo Savola for noticing. + * Force Build-Dependency on binutils >= 2.16-1 needed by the amd64 and + powerpc linker scripts. (Closes: #262655) + * Force usage of gcc-3.4. (Closes: #319527) + * Add missing Build-Dependency on zlib1g-dev. + Thanks to Reinhard Tartler . + * Include in syscall.c to avoid the broken headers in + linux-kernel-headers 2.6.12. + - debian/patches/34_syscalls_types.patch: New file. + Thanks to Octavian Cerna . + * Fix powerpc linker script. + - debian/patches/50_ppc_ldscript.patch: New file. + Thanks to Octavian Cerna . + + -- Guillem Jover Mon, 1 Aug 2005 02:48:09 +0300 + +qemu (0.7.0-2) unstable; urgency=low + + [ Guillem Jover ] + * Add alpha, sparc, arm and s390 to Architectures (and to the + libgpmg1-dev Build-Depends). + + * Forward SIGSTOP and SIGCONT sent to QEMU to the emulated application. + - debian/patches/10_signal_jobs.patch: New file. + Thanks to Ulrich Hecht. + * Return EINVAL on emulated sigaction when given invalid signal + parameters SIGKILL and SIGSTOP. + - debian/patches/11_signal_sigaction.patch: New fle. + Thanks to Valtteri Rahkonen. + * Do not print messsages for uncaught signal, thus fixing the case + were some applications want to kill their siblings. + - debian/patches/12_signal_silent.patch: New file. + Thanks to Valtteri Rahkonen + + * Fix Unix sockets by handling correctly AF_UNIX socket address + structure length. + - debian/patches/20_net_socket.patch: New file. + Thanks to Timo Savola. + * Implement SO_LINGER, SO_RCVTIMEO, SO_SNDTIMEO, SO_PEERNAME and + SO_PEERCRED getsockoptions. + - debian/patches/21_net_sockopt.patch: New file. + Thanks to Valtteri Rahkonen. + + * Implement SysV IPC message and semaphore syscalls. + - debian/patches/30_syscall_ipc.patch: New file. + Thanks to Valtteri Rahkonen. + * Implement acct, umount2, uselib, swapon, syslog, ftruncate64, + mincore, madvise, readahead and clock_gettime syscalls. + - debian/patches/31_syscalls.patch: New file. + Thanks to Ulrich Hecht. + * Implement sysctl CTL_KERN/KERN_VERSION + - debian/patches/32_syscall_sysctl.patch: New file. + Thanks to Timo Savola. + * Implement truncate64 syscall. + - debian/patches/33_syscall_truncate64.patch: New file. + Thanks to Valtteri Rahkonen. + + * Implement ARM floating point exeption emulation. + - debian/patches/40_fpu_arm_sigfpe.patch: New file. + Thanks to Ulrich Hecht. + + -- Guillem Jover Sun, 19 Jun 2005 15:05:37 +0300 + +qemu (0.7.0-1) experimental; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #308459, #308494) + * Do not require a disk image when booting a Linux kernel. (Closes: #260935) + Thanks to Jonas Smedegaard . + + [ Guilherme de S. Pastore ] + * Rewrote README.Debian for more clarity + * Add support for amd64 as a host architecture. (Closes: #262655) + - Add build-depend on libgpmg1-dev on amd64. + * Fixed qemu-make-debian-root so that it shows the name by which + it was called on the usage notice, not "%s". (Closes: #303507) + Thanks to Micah Anderson . + + [ Elrond ] + * Clean up more files, so they don't end up in the final .diff.gz + * Switch to external proll and openhackware: + - Instead of patching qemu's Makefile, trick it by giving it empty + files to install and remove them straight after install. + - Don't ship the roms in debian/roms any more! + - Instead add more symlinks. + - Update Depends: apropiately. + + -- Guillem Jover Fri, 27 May 2005 02:06:20 +0300 + +qemu (0.6.1+20050407-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream snapshot. + - Fix -user-net. (Closes: #295019) + - Fix win2k and winxp image booting. (Closes: #285170, #292707) + - Fix installation of outdated documentation. (Closes: #286931) + - Provide qemu-img instead of qemu-mkcow. (Closes: #290713) + - Remove debian/patches/05_fix_openpic_timer_test.patch, integrated + upstream. + - Remove debian/patches/02_selectable_sdl_keyboard.patch, superseded + by new keyboard implementation. (Closes: #284510, #299432) + - Remove debian/patches/01_mkcow_section_and_hyphens.patch. + - Conditionalize qemu -g option for some architectures. (Closes: #298988) + * Added new copyright year to debian/copyright. + * Added initial qemu-make-debian-root man page. (Closes: #286932) + * Fixed typos in qemu documentation. (Closes: #301933) + Thanks to A Costa . + * Added Elrond to Uploaders and packaging team. + * Use the default target list: + - Do not build qemu-fast anymore as it is deprecated upstream anyway. + (Closes: #278602, #281510) + - New targets armeb and system-x86_64. + * Updated ROM images under debian/roms/: + - OpenHackWare 0.4. + - Proll 18 with qemu specific patches. + * Remove uudecoded files from pc-bios/ on clean. + * Fix qemu-make-debian-root to behave correctly even if the needed + Recommends are not installed. + + [ Guilherme de S. Pastore ] + * Create a doc-base entry for the package (Closes: #290669) + * debian/control: + - Add debootstrap to the 'Recommends: ' line, as needed by + qemu-make-debian-root (Closes: #302848) + - Moved sharutils from dependency to recommendation, as it is only + needed by qemu-make-debian-root + * debian/docs: + - Do not include README.distrib in the binary package (Closes: #302853) + + [ Elrond ] + * Replace "libgpmg1-dev | not+linux-gnu" by "libgpmg1-dev [i386 powerpc]" + in Build-Depends. qemu should not need to build-depend on it anyway, the + real problem is described in Bug#267174. When it is solved, we can + remove our dependency. Until then please remember to add any arch, which + we will build on and that has gpm. This change hopefully calms: + + * Add versions to the dependencies on bochsbios and vgabios + (Closes: #288997): + - vgabios: Use the current version from testing/unstable (0.4c+20041014-1), + according to Frans Pop , this fixed those + "blank screen" problems. + - bochsbios: Use the current version from unstable (2.1.1+20041109-3), as + Guillem Jover fixed the networking in that version. + + -- Guillem Jover Thu, 7 Apr 2005 01:26:01 +0300 + +qemu (0.6.1-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #281626) + - Booting from drive b is not supported anymore. (Closes: #275679) + - Fix ne2k network interface that was not working in some situations. + (Closes: #281862) + - Remove debian/patches/06_build_gcc3.4.patch, fixed upstream. + - Remove debian/patches/04_lfs.patch, fixed upstream. + - Remove debian/patches/02_fix_powerpc_FTBFS.patch, fixed upstream. + - Remove debian/patches/00_escape_manpage_hyphens.patch, not needed. + - Sync debian/patches/03_use_external_bios.patch. + * Include uuencoded source for proll 18, some build fixes and its binary + proll.bin on debian/roms/. + * Suggests sudo to be used by the qemu-ifup script. + Thanks to Elrond . + * Make sudo in qemu-ifup explain what the password is for. (Closes: #281380) + * Add an option to select the method to convert keyevent to keycode + in the SDL keyboard handling code. Added support for Right Shift in the + generic handler. (Closes: #282658) + Thanks to Elrond . + * Do not set RTC frequency to 1024 or warn about this if it has already + the correct value. (Closes: #281403) + * Enabled sparc-softmmu support. + + -- Guillem Jover Sat, 27 Nov 2004 23:23:49 +0100 + +qemu (0.6.0.dfsg.2-1) unstable; urgency=low + + [ Guillem Jover ] + * Repackaged upstream source to remove external included files. + - pc-bios/ppc-rom.bin: Removed. + - pc-bios/OpenHackWare_0.3.tar.bz2: Likewise. + - pc-bios/vgabios.bin: Likewise. + - pc-bios/vgabios-cirrus.bin: Likewise. + - pc-bios/vgabios-cvs-2004-06-17.tgz: Likewise. + * Include uuencoded source for OpenHackWare 0.3.1 and its binary + ppc-rom.bin on debian/roms/. Add a Build-Depends on sharutils. + * Update tundev.c. Pass -tun-dev to qemu without the equal sign. + Thanks to Isaac Clerencia . + * Fix README.Debian to point to the renamed qemu-make-debian-root. + * Add Depends on sharutils needed by qemu-make-debian-root. + (Closes: #272130) + * Use and depend on vgabios package, which is in sync with bochsbios + that checks for rom bios checksums. (Closes: #281202) + * Enable LFS globally, thus fixing problems with qemu-mkcow when using + an existing large image. + (Closes: #279925) + * Fix openpic timer write test, catched from a warning about a constant + value larger than the type it was casted to. + * Fix build failure with gcc 3.4. Patch stolen from Gentoo BTS. + + -- Guillem Jover Mon, 15 Nov 2004 10:46:54 +0100 + +qemu (0.6.0.dfsg.1-1) unstable; urgency=high + + [ Guillem Jover ] + * Repackaged upstream source to deal with binaries w/o sources. + (Closes: #268780) + - pc-bios/bios.bin: Removed binary without source. Now using + bochsbios package. + - pc-bios/vgabios.bin: Rebuilt from vgabios cvs 2004-06-17 snapshot, + source included. + - pc-bios/vgabios-cirrus.bin: Likewise. + - pc-bios/ppc-rom.bin: Rebuilt on voltaire, source included. + - pc-bios/linux_boot.bin: Rebuilt from source. + * Move make-debian-root.sh to /usr/sbin/qemu-make-debian-root. + (Closes: #268705) + + -- Guillem Jover Mon, 13 Sep 2004 01:28:54 +0200 + +qemu (0.6.0-2) unstable; urgency=high + + [ Guilherme de S. Pastore ] + * Fixed dangling symlinks under /usr/share/man/man1. (Closes: #264764) + + [ Guillem Jover ] + * Fix FTBFS on powerpc. + - debian/patches/02_fix_powerpc_FTBFS.patch: New file. + + -- Guillem Jover Wed, 18 Aug 2004 15:50:43 +0200 + +qemu (0.6.0-1) unstable; urgency=medium + + * New maintainers. (Closes: #258900) + * New upstream release. (Closes: #258732) + - Installs ppc BIOS ROM file. (Closes: #257492) + - Builds with -fno-strict-aliasing. (Closes: #257123) + + [ Guilherme de S. Pastore ] + * debian/rules: + - Cleaned up. + - Ported to use CDBS. + * 00_escape_manpage_hyphens.patch: + - Correct a little typo and escape hyphens in upstream manpage. + * 01_mkcow_section_and_hyphens.patch: + - Fix section mismatch and escape hyphens in the qemu-mkcow manpage. + * Added simple /etc/qemu-ifup helper script. (Closes: #245281) + Thanks to Martin Michlmayr . + * Cleaned debian/watch. + * UTF-8'ed debian/changelog. + * Updated Standards-Version to 3.6.1.1. + * Removed outdated and unnecessary debian/qemu-i386.sgml. + - Removed build dependency on docbook-to-man. + * Removed "x86" part from the description (hey, qemu is not x86-only + in any way). Deserves a complete rewrite, shall be done soon. + + [ Guillem Jover ] + * Lower-case package short description. + * Added missing CPU emulations to the description. + * Cleaned and updated debian/copyright. + * Removed manually added libx11-6 dependency. + * Only Build-Depends on libgpmg1-dev on GNU/Linux systems. + * Cosmetic unification to debian/changelog. + * debian/rules: + - Remove generated files. + - Give exec perms to qemu-ifup. + + -- Guillem Jover Sun, 8 Aug 2004 17:24:08 +0200 + +qemu (0.5.5-2) unstable; urgency=low + + * Re-enable SDL disabled while I was bugchasing. (Closes: #255014) + * Yes, this is really 0.5.5. (Closes: #254655) + * Enable slirp networking. (Closes: #253573) + * Add Build-Depends on libgpmg1-dev (found by Bastian Blank, probably breaks + Hurd but that's a problem for another day). + + -- Paul Russell Thu, 24 Jun 2004 06:26:42 +0200 + +qemu (0.5.5-1) unstable; urgency=low + + * New upstream release. (Closes: #237556, #237556) + * Applied patch to add options to make_debian_root.sh. (Closes: #238787) + * Applied patch for other archs: hmmm... (Closes: #251420) + * Do umount -d in make_debian_root.sh. (Closes: #251775) + + -- Paul Russell Tue, 1 Jun 2004 03:50:05 +0200 + +qemu (0.5.4-1) unstable; urgency=low + + * New upstream release. (Closes: #246634) + * qemu-mkcow included in upstream. + * Added tundev program source in doc, to see if people find it useful. + + -- Paul Russell Mon, 3 May 2004 08:14:49 +0200 + +qemu (0.5.3-1) unstable; urgency=low + + * New upstream release. (Closes: #237556) + * Use aalib-config --static-libs. (Closes: #243325) + * Document Control-Shift to release mouse pointer. (Closes: #238074) + + -- Paul Russell Tue, 13 Apr 2004 02:58:49 +0200 + +qemu (0.5.2-4) unstable; urgency=low + + * Fix PPC install (Michel Daenzer patch). (Closes: #238431) + * Simplify deps (might be wrong, but it's neater). (Closes: #238430) + + -- Paul Russell Wed, 17 Mar 2004 01:35:47 +0100 + +qemu (0.5.2-3) unstable; urgency=low + + * Make compile on woody. (Closes: #238163) + * Include qemu-doc.html. (Closes: #238076) + * Wrote qemu-i386 man page. (Closes: #238077) + + -- Paul Russell Mon, 15 Mar 2004 23:56:25 +0100 + +qemu (0.5.2-2) unstable; urgency=low + + * Fix build problem so bios.bin etc. can be found. (Closes: #237553) + + -- Paul Russell Fri, 12 Mar 2004 05:43:00 +0100 + +qemu (0.5.2-1) unstable; urgency=low + + * Initial Release. (Closes: #187407) + + -- Paul Russell Wed, 3 Mar 2004 02:18:54 +0100 + --- qemu-kvm-1.0+noroms.orig/debian/compat +++ qemu-kvm-1.0+noroms/debian/compat @@ -0,0 +1 @@ +5 --- qemu-kvm-1.0+noroms.orig/debian/control +++ qemu-kvm-1.0+noroms/debian/control @@ -0,0 +1,116 @@ +Source: qemu-kvm +Section: misc +Priority: optional +Maintainer: Ubuntu Developers +Build-Depends: bcc, + bzip2, + debhelper (>= 7), + hardening-wrapper, + device-tree-compiler [powerpc], + iasl, + libaio-dev, + libasound2-dev, + libattr1-dev, + libcurl4-gnutls-dev, + libgnutls-dev, + libncurses5-dev, + libpci-dev, + libpulse-dev, + librbd-dev, + libsasl2-dev, + libsdl1.2-dev (>= 1.2.14), + libx11-dev, + nasm, + perl, + pkg-config, + quilt (>= 0.40), + sysv-rc (>= 2.86.ds1-14.1ubuntu2), + texi2html, + texinfo, + uuid-dev, + zlib1g-dev +Standards-Version: 3.9.1 +Homepage: http://www.linux-kvm.org + +Package: qemu-kvm +Architecture: any +Depends: acl, iproute, + python, + qemu-common (>= ${source:Version}), + qemu-utils (>= ${source:Version}), udev, + ${misc:Depends}, + ${shlibs:Depends} +Pre-Depends: adduser +Provides: kvm, qemu +Conflicts: kvm (<< 1:84+dfsg-0ubuntu16+0.11.0), kvm-data, qemu (<< 0.11.0-0ubuntu5) +Replaces: kvm (<< 1:84+dfsg-0ubuntu16+0.11.0), kvm-data, qemu +Breaks: udev (<< 136-1) +Description: Full virtualization on i386 and amd64 hardware + Using KVM, one can run multiple virtual PCs, each running unmodified Linux or + Windows images. Each virtual machine has private virtualized hardware: a + network card, disk, graphics adapter, etc. + . + KVM (for Kernel-based Virtual Machine) is a full virtualization solution for + Linux hosts on x86 (32 and 64-bit) hardware. + . + KVM is intended for systems where the processor has hardware support for + virtualization, see below for details. All combinations of 32-bit and 64-bit + host and guest systems are supported, except 64-bit guests on 32-bit hosts. + . + KVM requires your system to support hardware virtualization, provided by AMD's + SVM capability or Intel's VT. To find out if your processor has the necessary + support: + . + egrep "flags.*:.*(svm|vmx)" /proc/cpuinfo + . + If it prints anything, the processor provides hardware virtualization + support and is suitable for use with KVM. Without hardware support, you can + use qemu emulation instead. + . + KVM consists of two loadable kernel modules (kvm.ko and either kvm-amd.ko or + kvm-intel.ko) and a userspace component. This package contains the userspace + component, and you can get the kernel modules from the standard kernel images. + . + This package contains support for running virtualized and emulated x86 and + x86-64 machines only. Support for other architectures is provided by the + qemu-linaro source package. + +Package: qemu-utils +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: qemu-kvm (<< 0.15.0+noroms-0ubuntu6) +Replaces: qemu-kvm (<< 0.15.0+noroms-0ubuntu6) +Description: qemu utilities + This package provides some utilities for which full qemu-kvm is not needed, + in particular qemu-nbd and qemu-img. + +Package: qemu-common +Architecture: all +Depends: bridge-utils, seabios, vgabios (>= 0.6c-2ubuntu2), ${misc:Depends}, ${shlibs:Depends} +Recommends: cpu-checker, kvm-ipxe +Suggests: mol-drivers-macosx, + openbios-sparc, + ubuntu-vm-builder, + uml-utilities +Replaces: qemu-kvm (<< 0.12.3+noroms-0ubuntu1) +Description: qemu common functionality (bios, documentation, etc) + This package pulls in the various binary bios rom blobs needed to boot + the various emulated architectures, as well as the documentation. + +Package: kvm +Architecture: amd64 armel armhf i386 powerpc sparc +Depends: qemu-kvm, ${misc:Depends} +Section: misc +Description: dummy transitional package from kvm to qemu-kvm + This transitional package helps users transition from the kvm package to the + qemu-kvm package. Once this package and its dependencies are installed you + can safely remove it. + +Package: qemu +Architecture: amd64 armel armhf i386 powerpc sparc +Depends: qemu-kvm, ${misc:Depends} +Section: misc +Description: dummy transitional package from qemu to qemu-kvm + This transitional package helps users transition from the qemu package to the + qemu-kvm package. Once this package and its dependencies are installed you + can safely remove it. --- qemu-kvm-1.0+noroms.orig/debian/copyright +++ qemu-kvm-1.0+noroms/debian/copyright @@ -0,0 +1,82 @@ +This package was debianized by Dustin Kirkland on +Wed, 17 Jun 2009 22:16:57 -0600. + +It was downloaded from http://www.linux-kvm.org + +Upstream Author: Fabrice Bellard + +Upstream Maintainers: Avi Kivity + Anthony Liguori + +Copyright: Copyright (C) 2006 Qumranet, Inc. + Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Fabrice Bellard + +License: + QEMU as a whole is released under the GNU General Public License version 2. + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in the file /usr/share/common-licenses/GPL-2. + + Parts of QEMU have specific licenses which are compatible with the + GNU General Public License, including BSD and MIT/X11. Hence each + source file contains its own licensing information. + + In particular, the QEMU virtual CPU core library (libqemu.a) is + released under the GNU Lesser General Public License version 2 or later. + On Debian systems, the complete text of the GNU Lesser General Public + License can be found in the file /usr/share/common-licenses/LGPL. + + Some hardware device emulation sources and other QEMU functionality are + released under the BSD license, including: + * aes, bsd-user, sd, slirp, sys-queue + + Some hardware device emulation sources and other QEMU functionality are + released under the MIT/X11 (BSD-like) license, including: + * sdl, host-utils, vnc, keymaps, ioport, usb, hw/*, net, acl, block, + kqemu, monitor, curses, readline, vl, savevm, osdep, audio, tcg, + qemu-malloc, qemu-img + + The following points clarify the QEMU license: + 1) QEMU as a whole is released under the GNU General Public License + 2) Parts of QEMU have specific licenses which are compatible with the + GNU General Public License. Hence each source file contains its own + licensing information. + In particular, the QEMU virtual CPU core library (libqemu.a) is + released under the GNU Lesser General Public License. Many hardware + device emulation sources are released under the BSD license. + 3) The Tiny Code Generator (TCG) is released under the BSD license + (see license headers in files). + 4) QEMU is a trademark of Fabrice Bellard. + -- Fabrice Bellard. + + The text of the BSD license: + + Copyright (c) The Regents of the University of California. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +The Ubuntu packaging: + Copyright (C) 2009 Canonical Ltd. + released under the GPL-2. --- qemu-kvm-1.0+noroms.orig/debian/kvm.udev +++ qemu-kvm-1.0+noroms/debian/kvm.udev @@ -0,0 +1 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" --- qemu-kvm-1.0+noroms.orig/debian/patches/9001-virtio-add-missing-mb-on-notification.patch +++ qemu-kvm-1.0+noroms/debian/patches/9001-virtio-add-missing-mb-on-notification.patch @@ -0,0 +1,127 @@ +From ebef8f927ff3032511da6e624a1c1f9487564ba7 Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Sun, 22 Apr 2012 16:45:53 +0300 +Subject: [PATCH 1/3] virtio: add missing mb() on notification + +During normal operation, virtio first writes a used index +and then checks whether it should interrupt the guest +by reading guest avail index/flag values. + +Guest does the reverse: writes the index/flag, +then checks the used ring. + +The ordering is important: if host avail flag read bypasses the used +index write, we could in effect get this timing: + +host avail flag read + guest enable interrupts: avail flag write + guest check used ring: ring is empty +host used index write + +which results in a lost interrupt: guest will never be notified +about the used ring update. + +This actually can happen when using kvm with an io thread, +such that the guest vcpu and qemu run on different host cpus, +and this has actually been observed in the field +(but only seems to trigger on very specific processor types) +with userspace virtio: vhost has the necessary smp_mb() +in place to prevent the regordering, so the same workload stalls +forever waiting for an interrupt with vhost=off but works +fine with vhost=on. + +Insert an smp_mb barrier operation in userspace virtio to +ensure the correct ordering. +Applying this patch fixed the race condition we have observed. +Tested on x86_64. I checked the code generated by the new macro +for i386 and ppc but didn't run virtio. + +Note: mb could in theory be implemented by __sync_synchronize, but this +would make us hit old GCC bugs. Besides old GCC +not implementing __sync_synchronize at all, there were bugs +http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36793 +in this functionality as recently as in 4.3. + +As we need asm for rmb,wmb anyway, it's just as well to +use it for mb. + +Signed-off-by: Michael S. Tsirkin +--- + hw/virtio.c | 2 ++ + qemu-barrier.h | 23 ++++++++++++++++++++--- + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/hw/virtio.c b/hw/virtio.c +index 81ecc40..bbc5fba 100644 +--- a/hw/virtio.c ++++ b/hw/virtio.c +@@ -693,6 +693,8 @@ static bool vring_notify(VirtIODevice *vdev, VirtQueue *vq) + { + uint16_t old, new; + bool v; ++ /* We need to expose used array entries before checking used event. */ ++ smp_mb(); + /* Always notify when queue is empty (when feature acknowledge) */ + if (((vdev->guest_features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) && + !vq->inuse && vring_avail_idx(vq) == vq->last_avail_idx)) { +diff --git a/qemu-barrier.h b/qemu-barrier.h +index c11bb2b..f0b842e 100644 +--- a/qemu-barrier.h ++++ b/qemu-barrier.h +@@ -4,7 +4,7 @@ + /* Compiler barrier */ + #define barrier() asm volatile("" ::: "memory") + +-#if defined(__i386__) || defined(__x86_64__) ++#if defined(__i386__) + + /* + * Because of the strongly ordered x86 storage model, wmb() is a nop +@@ -13,15 +13,31 @@ + * load/stores from C code. + */ + #define smp_wmb() barrier() ++/* ++ * We use GCC builtin if it's available, as that can use ++ * mfence on 32 bit as well, e.g. if built with -march=pentium-m. ++ * However, on i386, there seem to be known bugs as recently as 4.3. ++ * */ ++#if defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ >= 4 ++#define smp_mb() __sync_synchronize() ++#else ++#define smp_mb() asm volatile("lock; addl $0,0(%%esp) " ::: "memory") ++#endif ++ ++#elif defined(__x86_64__) ++ ++#define smp_wmb() barrier() ++#define smp_mb() asm volatile("mfence" ::: "memory") + + #elif defined(_ARCH_PPC) + + /* +- * We use an eieio() for a wmb() on powerpc. This assumes we don't ++ * We use an eieio() for wmb() on powerpc. This assumes we don't + * need to order cacheable and non-cacheable stores with respect to + * each other + */ + #define smp_wmb() asm volatile("eieio" ::: "memory") ++#define smp_mb() asm volatile("sync" ::: "memory") + + #else + +@@ -29,9 +45,10 @@ + * For (host) platforms we don't have explicit barrier definitions + * for, we use the gcc __sync_synchronize() primitive to generate a + * full barrier. This should be safe on all platforms, though it may +- * be overkill. ++ * be overkill for wmb(). + */ + #define smp_wmb() __sync_synchronize() ++#define smp_mb() __sync_synchronize() + + #endif + +-- +1.7.9.5 + --- qemu-kvm-1.0+noroms.orig/debian/patches/9002-virtio-add-missing-mb-on-enable-notification.patch +++ qemu-kvm-1.0+noroms/debian/patches/9002-virtio-add-missing-mb-on-enable-notification.patch @@ -0,0 +1,47 @@ +From b98c91c9ade6ae2bf8a1cad8364469fd438726cb Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Mon, 23 Apr 2012 14:11:14 +0300 +Subject: [PATCH 2/3] virtio: add missing mb() on enable notification + +This fixes an issue dual to the one fixed by +patch 'virtio: add missing mb() on notification' +and applies on top. + +In this case, to enable vq kick to exit to host, +qemu writes out used flag then reads the +avail index. if these are reordered we get a race: + + host avail index read: ring is empty + guest avail index write + guest flag read: exit disabled + host used flag write: enable exit + +which results in a lost exit: host will never be notified about the +avail index update. Again, happens in the field but only seems to +trigger on some specific hardware. + +Insert an smp_mb barrier operation to ensure the correct ordering. + +Signed-off-by: Michael S. Tsirkin +--- + hw/virtio.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/virtio.c b/hw/virtio.c +index bbc5fba..0c8c513 100644 +--- a/hw/virtio.c ++++ b/hw/virtio.c +@@ -209,6 +209,10 @@ void virtio_queue_set_notification(VirtQueue *vq, int enable) + } else { + vring_used_flags_set_bit(vq, VRING_USED_F_NO_NOTIFY); + } ++ if (enable) { ++ /* Expose avail event/used flags before caller checks the avail idx. */ ++ smp_mb(); ++ } + } + + int virtio_queue_ready(VirtQueue *vq) +-- +1.7.9.5 + --- qemu-kvm-1.0+noroms.orig/debian/patches/9003-virtio-order-index-descriptor-reads.patch +++ qemu-kvm-1.0+noroms/debian/patches/9003-virtio-order-index-descriptor-reads.patch @@ -0,0 +1,104 @@ +From fce71ddaa25c34ee17fd863bf698997cf0aa3e2d Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Mon, 23 Apr 2012 15:46:22 +0300 +Subject: [PATCH 3/3] virtio: order index/descriptor reads + +virtio has the equivalent of: + + if (vq->last_avail_index != vring_avail_idx(vq)) { + read descriptor head at vq->last_avail_index; + } + +In theory, processor can reorder descriptor head +read to happen speculatively before the index read. +this would trigger the following race: + + host descriptor head read <- reads invalid head from ring + guest writes valid descriptor head + guest writes avail index + host avail index read <- observes valid index + +as a result host will use an invalid head value. +This was not observed in the field by me but after +the experience with the previous two races +I think it is prudent to address this theoretical race condition. + +Signed-off-by: Michael S. Tsirkin +--- + hw/virtio.c | 5 +++++ + qemu-barrier.h | 14 ++++++++++++-- + 2 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio.c b/hw/virtio.c +index 0c8c513..a9d56d2 100644 +--- a/hw/virtio.c ++++ b/hw/virtio.c +@@ -287,6 +287,11 @@ static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx) + idx, vring_avail_idx(vq)); + exit(1); + } ++ /* On success, callers read a descriptor at vq->last_avail_idx. ++ * Make sure descriptor read does not bypass avail index read. */ ++ if (num_heads) { ++ smp_rmb(); ++ } + + return num_heads; + } +diff --git a/qemu-barrier.h b/qemu-barrier.h +index f0b842e..7e11197 100644 +--- a/qemu-barrier.h ++++ b/qemu-barrier.h +@@ -7,12 +7,13 @@ + #if defined(__i386__) + + /* +- * Because of the strongly ordered x86 storage model, wmb() is a nop ++ * Because of the strongly ordered x86 storage model, wmb() and rmb() are nops + * on x86(well, a compiler barrier only). Well, at least as long as + * qemu doesn't do accesses to write-combining memory or non-temporal + * load/stores from C code. + */ + #define smp_wmb() barrier() ++#define smp_rmb() barrier() + /* + * We use GCC builtin if it's available, as that can use + * mfence on 32 bit as well, e.g. if built with -march=pentium-m. +@@ -27,6 +28,7 @@ + #elif defined(__x86_64__) + + #define smp_wmb() barrier() ++#define smp_rmb() barrier() + #define smp_mb() asm volatile("mfence" ::: "memory") + + #elif defined(_ARCH_PPC) +@@ -37,6 +39,13 @@ + * each other + */ + #define smp_wmb() asm volatile("eieio" ::: "memory") ++ ++#if defined(__powerpc64__) ++#define smp_rmb() asm volatile("lwsync" ::: "memory") ++#else ++#define smp_rmb() asm volatile("sync" ::: "memory") ++#endif ++ + #define smp_mb() asm volatile("sync" ::: "memory") + + #else +@@ -45,10 +54,11 @@ + * For (host) platforms we don't have explicit barrier definitions + * for, we use the gcc __sync_synchronize() primitive to generate a + * full barrier. This should be safe on all platforms, though it may +- * be overkill for wmb(). ++ * be overkill for wmb() and rmb(). + */ + #define smp_wmb() __sync_synchronize() + #define smp_mb() __sync_synchronize() ++#define smp_rmb() __sync_synchronize() + + #endif + +-- +1.7.9.5 + --- qemu-kvm-1.0+noroms.orig/debian/patches/9004-qcow2-start-at-0-when-counting-cow-clusters.patch +++ qemu-kvm-1.0+noroms/debian/patches/9004-qcow2-start-at-0-when-counting-cow-clusters.patch @@ -0,0 +1,33 @@ +From b076a5de8014334fc7e592dae2a1d2d16479ef90 Mon Sep 17 00:00:00 2001 +From: Chris J Arges +Date: Fri, 14 Jun 2013 16:17:46 -0500 +Subject: [PATCH] qcow2: start at 0 when counting cow clusters + +BugLink: http://bugs.launchpad.net/bugs/1189926 + +This patch fixes corruption issues. +While searching for available clusters, if we detect an ongoing AIO +write request, then we restart after the other has completed. By not +re-setting i to 0, we fail to re-check clusters which may no longer be +available. + +Signed-off-by: Chris J Arges +--- + block/qcow2-cluster.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c +index f4e049f..ed3c14e 100644 +--- a/block/qcow2-cluster.c ++++ b/block/qcow2-cluster.c +@@ -748,7 +748,7 @@ again: + nb_clusters = 1; + + /* how many available clusters ? */ +- ++ i = 0; + while (i < nb_clusters) { + i += count_contiguous_clusters(nb_clusters - i, s->cluster_size, + &l2_table[l2_index], i, 0); +-- +1.7.9.5 --- qemu-kvm-1.0+noroms.orig/debian/patches/9pfs-remove-noatime-flag-from-ro-open-calls.patch +++ qemu-kvm-1.0+noroms/debian/patches/9pfs-remove-noatime-flag-from-ro-open-calls.patch @@ -0,0 +1,40 @@ +commit eed968607d656a218712df47a5e0432c21fd6994 +Author: Daniel P. Berrange +Date: Mon Jan 16 18:11:40 2012 +0000 + + hw/9pfs: Remove O_NOATIME flag from 9pfs open() calls in readonly mode + + When 2c74c2cb4bedddbfa67628fbd5f9273b4e0e9903 added support for + the 'readonly' flag against 9p filesystems, it also made QEMU + add the O_NOATIME flag as a side-effect. + + The O_NOATIME flag, however, may only be set by the file owner, + or a user with CAP_FOWNER capability. QEMU cannot assume that + this is the case for filesytems exported to QEMU. + + eg, run QEMU as non-root, and attempt to pass the host OS + filesystem through to the guest OS with readonly enable. + The result is that the guest OS cannot open any files at + all. + + If O_NOATIME is really required, it should be optionally + enabled via a separate QEMU command line flag. + + * hw/9pfs/virtio-9p.c: Remove O_NOATIME + + Acked-by: M. Mohan Kumar + Signed-off-by: Daniel P. Berrange + Signed-off-by: Aneesh Kumar K.V + +Index: qemu-kvm-1.0+noroms/hw/9pfs/virtio-9p.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/9pfs/virtio-9p.c 2013-01-29 22:44:58.395850759 -0600 ++++ qemu-kvm-1.0+noroms/hw/9pfs/virtio-9p.c 2013-01-29 22:44:58.391850759 -0600 +@@ -1597,7 +1597,6 @@ + err = -EROFS; + goto out; + } +- flags |= O_NOATIME; + } + err = v9fs_co_open(pdu, fidp, flags); + if (err < 0) { --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch @@ -0,0 +1,35 @@ +From: Nelson Elhage +Date: Thu, 19 May 2011 13:23:17 -0400 +Subject: [PATCH] virtqueue: Sanity-check the length of indirect descriptors. + +We were previously allowing arbitrarily-long descriptors, which could lead to a +buffer overflow in the qemu-kvm process. + +Index: qemu-kvm-0.15.0+noroms/hw/virtio.c +=================================================================== +--- qemu-kvm-0.15.0+noroms.orig/hw/virtio.c 2011-10-19 08:44:30.744946453 -0500 ++++ qemu-kvm-0.15.0+noroms/hw/virtio.c 2011-10-19 08:44:33.860946398 -0500 +@@ -369,6 +369,11 @@ + max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc); + num_bufs = i = 0; + desc_pa = vring_desc_addr(desc_pa, i); ++ ++ if (max > VIRTQUEUE_MAX_SIZE) { ++ error_report("Too-large indirect descriptor"); ++ exit(1); ++ } + } + + do { +@@ -442,6 +447,11 @@ + max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc); + desc_pa = vring_desc_addr(desc_pa, i); + i = 0; ++ ++ if (max > VIRTQUEUE_MAX_SIZE) { ++ error_report("Too-large indirect descriptor"); ++ exit(1); ++ } + } + + /* Collect all the descriptors */ --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2012-0029.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2012-0029.patch @@ -0,0 +1,32 @@ +>From 7fff7710abc9893d8dce5dbad1e7093caf521132 Mon Sep 17 00:00:00 2001 +From: Anthony Liguori +Date: Wed, 4 Jan 2012 14:50:45 -0600 +Subject: e1000: check for overflow whenever issuing PCI dma reads + +Reported-by: Nicolae Mogoreanu +Signed-off-by: Anthony Liguori +--- + hw/e1000.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/e1000.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/e1000.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/hw/e1000.c 2012-01-23 09:18:16.000000000 -0600 +@@ -466,6 +466,8 @@ + bytes = split_size; + if (tp->size + bytes > msh) + bytes = msh - tp->size; ++ ++ bytes = MIN(sizeof(tp->data) - tp->size, bytes); + pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes); + if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) + memmove(tp->header, tp->data, hdr); +@@ -481,6 +483,7 @@ + // context descriptor TSE is not set, while data descriptor TSE is set + DBGOUT(TXERR, "TCP segmentaion Error\n"); + } else { ++ split_size = MIN(sizeof(tp->data) - tp->size, split_size); + pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size); + tp->size += split_size; + } --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2012-2652.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2012-2652.patch @@ -0,0 +1,101 @@ +Description: fix file overwrite via incorrect temp file checking +Origin: upstream, http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=824919 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678280 + +Index: qemu-kvm-1.0+noroms/block.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/block.c 2012-07-31 10:02:33.408442701 -0400 +@@ -272,28 +272,36 @@ + return bdrv_create(drv, filename, options); + } + +-#ifdef _WIN32 +-void get_tmp_filename(char *filename, int size) ++/* ++ * Create a uniquely-named empty temporary file. ++ * Return 0 upon success, otherwise a negative errno value. ++ */ ++int get_tmp_filename(char *filename, int size) + { ++#ifdef _WIN32 + char temp_dir[MAX_PATH]; +- +- GetTempPath(MAX_PATH, temp_dir); +- GetTempFileName(temp_dir, "qem", 0, filename); +-} ++ /* GetTempFileName requires that its output buffer (4th param) ++ have length MAX_PATH or greater. */ ++ assert(size >= MAX_PATH); ++ return (GetTempPath(MAX_PATH, temp_dir) ++ && GetTempFileName(temp_dir, "qem", 0, filename) ++ ? 0 : -GetLastError()); + #else +-void get_tmp_filename(char *filename, int size) +-{ + int fd; + const char *tmpdir; +- /* XXX: race condition possible */ + tmpdir = getenv("TMPDIR"); + if (!tmpdir) + tmpdir = "/tmp"; +- snprintf(filename, size, "%s/vl.XXXXXX", tmpdir); ++ if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) { ++ return -EOVERFLOW; ++ } + fd = mkstemp(filename); +- close(fd); +-} ++ if (fd < 0 || close(fd)) { ++ return -errno; ++ } ++ return 0; + #endif ++} + + /* + * Detect host devices. By convention, /dev/cdrom[N] is always +@@ -601,7 +609,10 @@ + + bdrv_delete(bs1); + +- get_tmp_filename(tmp_filename, sizeof(tmp_filename)); ++ ret = get_tmp_filename(tmp_filename, sizeof(tmp_filename)); ++ if (ret < 0) { ++ return ret; ++ } + + /* Real path is meaningless for protocols */ + if (is_protocol) +Index: qemu-kvm-1.0+noroms/block_int.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block_int.h 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/block_int.h 2012-07-31 10:02:33.408442701 -0400 +@@ -238,7 +238,7 @@ + BlockDriverAIOCB *next; + }; + +-void get_tmp_filename(char *filename, int size); ++int get_tmp_filename(char *filename, int size); + + void *qemu_aio_get(AIOPool *pool, BlockDriverState *bs, + BlockDriverCompletionFunc *cb, void *opaque); +Index: qemu-kvm-1.0+noroms/block/vvfat.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/vvfat.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/block/vvfat.c 2012-07-31 10:02:33.408442701 -0400 +@@ -2799,7 +2799,12 @@ + array_init(&(s->commits), sizeof(commit_t)); + + s->qcow_filename = g_malloc(1024); +- get_tmp_filename(s->qcow_filename, 1024); ++ ret = get_tmp_filename(s->qcow_filename, 1024); ++ if (ret < 0) { ++ g_free(s->qcow_filename); ++ s->qcow_filename = NULL; ++ return ret; ++ } + + bdrv_qcow = bdrv_find_format("qcow"); + options = parse_option_parameters("", bdrv_qcow->create_options, NULL); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2012-3515.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2012-3515.patch @@ -0,0 +1,111 @@ +Description: fix privilege escalation via VT100 sequences +Origin: upstream, http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=3eea5498ca501922520b3447ba94815bfc109743 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686764 + +Index: qemu-kvm-1.0+noroms/console.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/console.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/console.c 2012-09-25 10:04:28.710528293 -0400 +@@ -839,6 +839,26 @@ + update_xy(s, x, y); + } + ++/* set cursor, checking bounds */ ++static void set_cursor(TextConsole *s, int x, int y) ++{ ++ if (x < 0) { ++ x = 0; ++ } ++ if (y < 0) { ++ y = 0; ++ } ++ if (y >= s->height) { ++ y = s->height - 1; ++ } ++ if (x >= s->width) { ++ x = s->width - 1; ++ } ++ ++ s->x = x; ++ s->y = y; ++} ++ + static void console_putchar(TextConsole *s, int ch) + { + TextCell *c; +@@ -910,7 +930,8 @@ + s->esc_params[s->nb_esc_params] * 10 + ch - '0'; + } + } else { +- s->nb_esc_params++; ++ if (s->nb_esc_params < MAX_ESC_PARAMS) ++ s->nb_esc_params++; + if (ch == ';') + break; + #ifdef DEBUG_CONSOLE +@@ -924,59 +945,37 @@ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y -= s->esc_params[0]; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->x, s->y - s->esc_params[0]); + break; + case 'B': + /* move cursor down */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y += s->esc_params[0]; +- if (s->y >= s->height) { +- s->y = s->height - 1; +- } ++ set_cursor(s, s->x, s->y + s->esc_params[0]); + break; + case 'C': + /* move cursor right */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x += s->esc_params[0]; +- if (s->x >= s->width) { +- s->x = s->width - 1; +- } ++ set_cursor(s, s->x + s->esc_params[0], s->y); + break; + case 'D': + /* move cursor left */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x -= s->esc_params[0]; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->x - s->esc_params[0], s->y); + break; + case 'G': + /* move cursor to column */ +- s->x = s->esc_params[0] - 1; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->esc_params[0] - 1, s->y); + break; + case 'f': + case 'H': + /* move cursor to row, column */ +- s->x = s->esc_params[1] - 1; +- if (s->x < 0) { +- s->x = 0; +- } +- s->y = s->esc_params[0] - 1; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->esc_params[1] - 1, s->esc_params[0] - 1); + break; + case 'J': + switch (s->esc_params[0]) { --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2012-6075.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2012-6075.patch @@ -0,0 +1,37 @@ +Description: guest denial of service and possible code execution + via e1000 large packets +Origin: upstream, http://git.qemu.org/?p=qemu.git;a=commit;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb +Origin: upstream, http://git.qemu.org/?p=qemu.git;a=commit;h=2c0331f4f7d241995452b99afaf0aab00493334a +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051 + +Index: qemu-kvm-1.0+noroms/hw/e1000.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/e1000.c 2013-01-15 09:27:10.931653824 -0500 ++++ qemu-kvm-1.0+noroms/hw/e1000.c 2013-01-15 09:27:20.791654075 -0500 +@@ -59,6 +59,11 @@ + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++/* this is the size past which hardware will drop packets when setting LPE=1 */ ++#define MAXIMUM_ETHERNET_LPE_SIZE 16384 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -693,6 +698,14 @@ + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if ((size > MAXIMUM_ETHERNET_LPE_SIZE || ++ (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4148.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4148.patch @@ -0,0 +1,60 @@ +Backport of: + +From 71f7fe48e10a8437c9d42d859389f37157f59980 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:50:39 +0300 +Subject: [PATCH] virtio-net: fix buffer overflow on invalid state load + +CVE-2013-4148 QEMU 1.0 integer conversion in +virtio_net_load()@hw/net/virtio-net.c + +Deals with loading a corrupted savevm image. + +> n->mac_table.in_use = qemu_get_be32(f); + +in_use is int so it can get negative when assigned 32bit unsigned value. + +> /* MAC_TABLE_ENTRIES may be different from the saved image */ +> if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) { + +passing this check ^^^ + +> qemu_get_buffer(f, n->mac_table.macs, +> n->mac_table.in_use * ETH_ALEN); + +with good in_use value, "n->mac_table.in_use * ETH_ALEN" can get +positive and bigger than mac_table.macs. For example 0x81000000 +satisfies this condition when ETH_ALEN is 6. + +Fix it by making the value unsigned. +For consistency, change first_multi as well. + +Note: all call sites were audited to confirm that +making them unsigned didn't cause any issues: +it turns out we actually never do math on them, +so it's easy to validate because both values are +always <= MAC_TABLE_ENTRIES. + +Reviewed-by: Michael Roth +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Laszlo Ersek +Signed-off-by: Juan Quintela +--- + include/hw/virtio/virtio-net.h | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/virtio-net.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/virtio-net.c 2014-08-12 11:47:45.858696481 -0400 ++++ qemu-kvm-1.0+noroms/hw/virtio-net.c 2014-08-12 11:48:41.854697389 -0400 +@@ -55,8 +55,8 @@ + uint8_t nobcast; + uint8_t vhost_started; + struct { +- int in_use; +- int first_multi; ++ uint32_t in_use; ++ uint32_t first_multi; + uint8_t multi_overflow; + uint8_t uni_overflow; + uint8_t *macs; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4151.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4151.patch @@ -0,0 +1,53 @@ +Backport of: + +From cc45995294b92d95319b4782750a3580cabdbc0c Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:14 +0300 +Subject: [PATCH] virtio: out-of-bounds buffer write on invalid state load + +CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in +virtio_load@hw/virtio/virtio.c + +So we have this code since way back when: + + num = qemu_get_be32(f); + + for (i = 0; i < num; i++) { + vdev->vq[i].vring.num = qemu_get_be32(f); + +array of vqs has size VIRTIO_PCI_QUEUE_MAX, so +on invalid input this will write beyond end of buffer. + +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Michael Roth +Signed-off-by: Juan Quintela +--- + hw/virtio/virtio.c | 8 +++++++- + 1 files changed, 7 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/virtio.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/virtio.c 2014-08-12 11:55:15.606703772 -0400 ++++ qemu-kvm-1.0+noroms/hw/virtio.c 2014-08-12 11:55:15.598703772 -0400 +@@ -800,7 +800,8 @@ + + int virtio_load(VirtIODevice *vdev, QEMUFile *f) + { +- int num, i, ret; ++ int i, ret; ++ uint32_t num; + uint32_t features; + uint32_t supported_features; + +@@ -826,6 +827,11 @@ + + num = qemu_get_be32(f); + ++ if (num > VIRTIO_PCI_QUEUE_MAX) { ++ error_report("Invalid number of PCI queues: 0x%x", num); ++ return -1; ++ } ++ + for (i = 0; i < num; i++) { + vdev->vq[i].vring.num = qemu_get_be32(f); + vdev->vq[i].pa = qemu_get_be64(f); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4344.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4344.patch @@ -0,0 +1,137 @@ +Description: fix privilege escalation via REPORT LUNS +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=846424350b292f16b732b573273a5c1f195cd7a3 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725944 + +Index: qemu-kvm-1.0+noroms/hw/scsi-bus.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/scsi-bus.c 2014-01-28 09:04:14.789275422 -0500 ++++ qemu-kvm-1.0+noroms/hw/scsi-bus.c 2014-01-28 09:05:48.741277938 -0500 +@@ -9,6 +9,8 @@ + static char *scsibus_get_fw_dev_path(DeviceState *dev); + static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf); + static void scsi_req_dequeue(SCSIRequest *req); ++static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len); ++static void scsi_target_free_buf(SCSIRequest *req); + + static struct BusInfo scsi_bus_info = { + .name = "SCSI", +@@ -247,7 +249,8 @@ + struct SCSITargetReq { + SCSIRequest req; + int len; +- uint8_t buf[2056]; ++ uint8_t *buf; ++ int buf_len; + }; + + static void store_lun(uint8_t *outbuf, int lun) +@@ -290,14 +293,12 @@ + if (!found_lun0) { + n += 8; + } +- len = MIN(n + 8, r->req.cmd.xfer & ~7); +- if (len > sizeof(r->buf)) { +- /* TODO: > 256 LUNs? */ +- return false; +- } + ++ scsi_target_alloc_buf(&r->req, n + 8); ++ ++ len = MIN(n + 8, r->req.cmd.xfer & ~7); + memset(r->buf, 0, len); +- stl_be_p(&r->buf, n); ++ stl_be_p(&r->buf[0], n); + i = found_lun0 ? 8 : 16; + QTAILQ_FOREACH(qdev, &r->req.bus->qbus.children, sibling) { + SCSIDevice *dev = DO_UPCAST(SCSIDevice, qdev, qdev); +@@ -315,6 +316,9 @@ + static bool scsi_target_emulate_inquiry(SCSITargetReq *r) + { + assert(r->req.dev->lun != r->req.lun); ++ ++ scsi_target_alloc_buf(&r->req, SCSI_INQUIRY_LEN); ++ + if (r->req.cmd.buf[1] & 0x2) { + /* Command support data - optional, not implemented */ + return false; +@@ -343,7 +347,7 @@ + return false; + } + /* done with EVPD */ +- assert(r->len < sizeof(r->buf)); ++ assert(r->len < r->buf_len); + r->len = MIN(r->req.cmd.xfer, r->len); + return true; + } +@@ -358,7 +362,7 @@ + return -1; + } + +- r->len = MIN(r->req.cmd.xfer, 36); ++ r->len = MIN(r->req.cmd.xfer, SCSI_INQUIRY_LEN); + memset(r->buf, 0, r->len); + if (r->req.lun != 0) { + r->buf[0] = TYPE_NO_LUN; +@@ -394,8 +398,9 @@ + if (req->cmd.xfer < 4) { + goto illegal_request; + } ++ scsi_target_alloc_buf(&r->req, SCSI_SENSE_LEN); + r->len = scsi_device_get_sense(r->req.dev, r->buf, +- MIN(req->cmd.xfer, sizeof r->buf), ++ MIN(req->cmd.xfer, r->buf_len), + (req->cmd.buf[1] & 1) == 0); + if (r->req.dev->sense_is_ua) { + if (r->req.dev->info->unit_attention_reported) { +@@ -442,11 +447,29 @@ + return r->buf; + } + ++static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len) ++{ ++ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); ++ ++ r->buf = g_malloc(len); ++ r->buf_len = len; ++ ++ return r->buf; ++} ++ ++static void scsi_target_free_buf(SCSIRequest *req) ++{ ++ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); ++ ++ g_free(r->buf); ++} ++ + static const struct SCSIReqOps reqops_target_command = { + .size = sizeof(SCSITargetReq), + .send_command = scsi_target_send_command, + .read_data = scsi_target_read_data, + .get_buf = scsi_target_get_buf, ++ .free_req = scsi_target_free_buf, + }; + + +@@ -1092,7 +1115,7 @@ + buf[7] = 10; + buf[12] = sense.asc; + buf[13] = sense.ascq; +- return MIN(len, 18); ++ return MIN(len, SCSI_SENSE_LEN); + } else { + /* Return descriptor format sense buffer */ + buf[0] = 0x72; +Index: qemu-kvm-1.0+noroms/hw/scsi.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/scsi.h 2014-01-28 09:04:14.789275422 -0500 ++++ qemu-kvm-1.0+noroms/hw/scsi.h 2014-01-28 09:04:14.785275422 -0500 +@@ -8,6 +8,8 @@ + #define MAX_SCSI_DEVS 255 + + #define SCSI_CMD_BUF_SIZE 16 ++#define SCSI_SENSE_LEN 18 ++#define SCSI_INQUIRY_LEN 36 + + typedef struct SCSIBus SCSIBus; + typedef struct SCSIBusInfo SCSIBusInfo; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4527.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4527.patch @@ -0,0 +1,109 @@ +Backport of the following commit. +Also includes 5bf81c8d63db0216a4d29dc87f9ce530bb791dd1 +and 4082f0889ba04678fc14816c53e1b9251ea9207e to gain VMSTATE_VALIDATE + +From 3f1c49e2136fa08ab1ef3183fd55def308829584 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:23 +0300 +Subject: [PATCH] hpet: fix buffer overrun on invalid state load + +CVE-2013-4527 hw/timer/hpet.c buffer overrun + +hpet is a VARRAY with a uint8 size but static array of 32 + +To fix, make sure num_timers is valid using VMSTATE_VALID hook. + +Reported-by: Anthony Liguori +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Dr. David Alan Gilbert +Signed-off-by: Juan Quintela +--- + hw/timer/hpet.c | 13 +++++++++++++ + 1 files changed, 13 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/hpet.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/hpet.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/hpet.c 2014-08-12 12:04:44.862713000 -0400 +@@ -219,6 +219,18 @@ + return 0; + } + ++static bool hpet_validate_num_timers(void *opaque, int version_id) ++{ ++ HPETState *s = opaque; ++ ++ if (s->num_timers < HPET_MIN_TIMERS) { ++ return false; ++ } else if (s->num_timers > HPET_MAX_TIMERS) { ++ return false; ++ } ++ return true; ++} ++ + static int hpet_post_load(void *opaque, int version_id) + { + HPETState *s = opaque; +@@ -274,6 +286,7 @@ + VMSTATE_UINT64(isr, HPETState), + VMSTATE_UINT64(hpet_counter, HPETState), + VMSTATE_UINT8_V(num_timers, HPETState, 2), ++ VMSTATE_VALIDATE("num_timers in range", hpet_validate_num_timers), + VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0, + vmstate_hpet_timer, HPETTimer), + VMSTATE_END_OF_LIST() +Index: qemu-kvm-1.0+noroms/hw/hw.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/hw.h 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/hw.h 2014-08-12 12:06:42.970714915 -0400 +@@ -300,6 +300,7 @@ + VMS_MULTIPLY = 0x200, /* multiply "size" field by field_size */ + VMS_VARRAY_UINT8 = 0x400, /* Array with size in uint8_t field*/ + VMS_VARRAY_UINT32 = 0x800, /* Array with size in uint32_t field*/ ++ VMS_MUST_EXIST = 0x1000, /* Field must exist in input */ + }; + + typedef struct { +@@ -391,6 +392,14 @@ + .offset = vmstate_offset_value(_state, _field, _type), \ + } + ++/* Validate state using a boolean predicate. */ ++#define VMSTATE_VALIDATE(_name, _test) { \ ++ .name = (_name), \ ++ .field_exists = (_test), \ ++ .flags = VMS_ARRAY | VMS_MUST_EXIST, \ ++ .num = 0, /* 0 elements: no data, only run _test */ \ ++} ++ + #define VMSTATE_POINTER(_field, _state, _version, _info, _type) { \ + .name = (stringify(_field)), \ + .version_id = (_version), \ +Index: qemu-kvm-1.0+noroms/savevm.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/savevm.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/savevm.c 2014-08-12 12:08:31.946716682 -0400 +@@ -1396,6 +1396,10 @@ + return ret; + } + } ++ } else if (field->flags & VMS_MUST_EXIST) { ++ fprintf(stderr, "Input validation failed: %s/%s\n", ++ vmsd->name, field->name); ++ return -1; + } + field++; + } +@@ -1454,6 +1458,12 @@ + field->info->put(f, addr, size); + } + } ++ } else { ++ if (field->flags & VMS_MUST_EXIST) { ++ fprintf(stderr, "Output state validation failed: %s/%s\n", ++ vmsd->name, field->name); ++ assert(!(field->flags & VMS_MUST_EXIST)); ++ } + } + field++; + } --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4529.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4529.patch @@ -0,0 +1,56 @@ +Backport of: + +From 5f691ff91d323b6f97c6600405a7f9dc115a0ad1 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:31 +0300 +Subject: [PATCH] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load + +4) CVE-2013-4529 +hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is + too large + +There are two issues in this file: +1. log_max from remote can be larger than on local +then buffer will overrun with data coming from state file. +2. log_num can be larger then we get data corruption +again with an overflow but not adversary controlled. + +Fix both issues. + +Reported-by: Anthony Liguori +Reported-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Dr. David Alan Gilbert +Signed-off-by: Juan Quintela +--- + hw/pci/pcie_aer.c | 10 +++++++++- + 1 files changed, 9 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/pcie_aer.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/pcie_aer.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/pcie_aer.c 2014-08-12 12:13:25.758721445 -0400 +@@ -790,6 +790,13 @@ + } + }; + ++static bool pcie_aer_state_log_num_valid(void *opaque, int version_id) ++{ ++ PCIEAERLog *s = opaque; ++ ++ return s->log_num <= s->log_max; ++} ++ + const VMStateDescription vmstate_pcie_aer_log = { + .name = "PCIE_AER_ERROR_LOG", + .version_id = 1, +@@ -797,7 +804,8 @@ + .minimum_version_id_old = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT16(log_num, PCIEAERLog), +- VMSTATE_UINT16(log_max, PCIEAERLog), ++ VMSTATE_UINT16_EQUAL(log_max, PCIEAERLog), ++ VMSTATE_VALIDATE("log_num <= log_max", pcie_aer_state_log_num_valid), + VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num, + vmstate_pcie_aer_err, PCIEAERErr), + VMSTATE_END_OF_LIST() --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4530.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4530.patch @@ -0,0 +1,45 @@ +Backport of: + +From d8d0a0bc7e194300e53a346d25fe5724fd588387 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:35 +0300 +Subject: [PATCH] pl022: fix buffer overun on invalid state load + +CVE-2013-4530 + +pl022.c did not bounds check tx_fifo_head and +rx_fifo_head after loading them from file and +before they are used to dereference array. + +Reported-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + hw/ssi/pl022.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/pl022.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/pl022.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/pl022.c 2014-08-12 12:15:57.770723909 -0400 +@@ -239,6 +239,19 @@ + pl022_write + }; + ++static int pl022_post_load(void *opaque, int version_id) ++{ ++ PL022State *s = opaque; ++ ++ if (s->tx_fifo_head < 0 || ++ s->tx_fifo_head >= ARRAY_SIZE(s->tx_fifo) || ++ s->rx_fifo_head < 0 || ++ s->rx_fifo_head >= ARRAY_SIZE(s->rx_fifo)) { ++ return -1; ++ } ++ return 0; ++} ++ + static const VMStateDescription vmstate_pl022 = { + .name = "pl022_ssp", + .version_id = 1, --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4531.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4531.patch @@ -0,0 +1,65 @@ +Backport of: + +From d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:42 +0300 +Subject: [PATCH] vmstate: fix buffer overflow in target-arm/machine.c + +CVE-2013-4531 + +cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for +cpreg_vmstate_array_len will cause a buffer overflow. + +VMSTATE_INT32_LE was supposed to protect against this +but doesn't because it doesn't validate that input is +non-negative. + +Fix this macro to valide the value appropriately. + +The only other user of VMSTATE_INT32_LE doesn't +ever use negative numbers so it doesn't care. + +Reported-by: Anthony Liguori +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + vmstate.c | 7 ++++--- + 1 files changed, 4 insertions(+), 3 deletions(-) + +Index: qemu-kvm-1.0+noroms/savevm.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/savevm.c 2014-08-12 13:50:49.226816177 -0400 ++++ qemu-kvm-1.0+noroms/savevm.c 2014-08-12 13:51:22.366816714 -0400 +@@ -843,22 +843,25 @@ + .put = put_int32, + }; + +-/* 32 bit int. See that the received value is the less or the same +- than the one in the field */ ++/* 32 bit int. Check that the received value is non-negative ++ * and less than or equal to the one in the field. ++ */ + + static int get_int32_le(QEMUFile *f, void *pv, size_t size) + { +- int32_t *old = pv; +- int32_t new; +- qemu_get_sbe32s(f, &new); ++ int32_t *cur = pv; ++ int32_t loaded; ++ qemu_get_sbe32s(f, &loaded); + +- if (*old <= new) ++ if (loaded >= 0 && loaded <= *cur) { ++ *cur = loaded; + return 0; ++ } + return -EINVAL; + } + + const VMStateInfo vmstate_info_int32_le = { +- .name = "int32 equal", ++ .name = "int32 le", + .get = get_int32_le, + .put = put_int32, + }; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4532.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4532.patch @@ -0,0 +1,434 @@ +Description: fix buffer overrun on incoming migration in stellaris_enet +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=5c10495ab1546d5d12b51a97817051e9ec98d0f6 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=7fd5f064d1c1a827a95ffe678418b3d5b8d2f108 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=c6fa443b3dab9f49fb157b0164f5852fde68ed3b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=a9171c4fb570b9c6f65955de03d3e38d2e9b0fdf +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=eacd606ca726b15ce9a5f0871f0c6598dbc8d6ae +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=889ac2a32fd803f7222524d8f56aded1c3cbad3c +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=2e1198672759eda6e122ff38fcf6df06f27e0fe2 + +Index: qemu-kvm-1.0+noroms/hw/stellaris_enet.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/stellaris_enet.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/stellaris_enet.c 2014-08-12 12:44:27.502751627 -0400 +@@ -43,6 +43,11 @@ + #define SE_TCTL_DUPLEX 0x08 + + typedef struct { ++ uint8_t data[2048]; ++ uint32_t len; ++} StellarisEnetRxFrame; ++ ++typedef struct { + SysBusDevice busdev; + uint32_t ris; + uint32_t im; +@@ -54,29 +59,159 @@ + uint32_t mtxd; + uint32_t mrxd; + uint32_t np; +- int tx_frame_len; +- int tx_fifo_len; ++ uint32_t tx_fifo_len; + uint8_t tx_fifo[2048]; + /* Real hardware has a 2k fifo, which works out to be at most 31 packets. + We implement a full 31 packet fifo. */ +- struct { +- uint8_t data[2048]; +- int len; +- } rx[31]; +- uint8_t *rx_fifo; +- int rx_fifo_len; +- int next_packet; ++ StellarisEnetRxFrame rx[31]; ++ uint32_t rx_fifo_offset; ++ uint32_t next_packet; + NICState *nic; + NICConf conf; + qemu_irq irq; + MemoryRegion mmio; + } stellaris_enet_state; + ++static const VMStateDescription vmstate_rx_frame = { ++ .name = "stellaris_enet/rx_frame", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .fields = (VMStateField[]) { ++ VMSTATE_UINT8_ARRAY(data, StellarisEnetRxFrame, 2048), ++ VMSTATE_UINT32(len, StellarisEnetRxFrame), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ ++static int stellaris_enet_post_load(void *opaque, int version_id) ++{ ++ stellaris_enet_state *s = opaque; ++ int i; ++ ++ /* Sanitize inbound state. Note that next_packet is an index but ++ * np is a size; hence their valid upper bounds differ. ++ */ ++ if (s->next_packet >= ARRAY_SIZE(s->rx)) { ++ return -1; ++ } ++ ++ if (s->np > ARRAY_SIZE(s->rx)) { ++ return -1; ++ } ++ ++ for (i = 0; i < ARRAY_SIZE(s->rx); i++) { ++ if (s->rx[i].len > ARRAY_SIZE(s->rx[i].data)) { ++ return -1; ++ } ++ } ++ ++ if (s->rx_fifo_offset > ARRAY_SIZE(s->rx[0].data) - 4) { ++ return -1; ++ } ++ ++ if (s->tx_fifo_len > ARRAY_SIZE(s->tx_fifo)) { ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static const VMStateDescription vmstate_stellaris_enet = { ++ .name = "stellaris_enet", ++ .version_id = 2, ++ .minimum_version_id = 2, ++ .post_load = stellaris_enet_post_load, ++ .fields = (VMStateField[]) { ++ VMSTATE_UINT32(ris, stellaris_enet_state), ++ VMSTATE_UINT32(im, stellaris_enet_state), ++ VMSTATE_UINT32(rctl, stellaris_enet_state), ++ VMSTATE_UINT32(tctl, stellaris_enet_state), ++ VMSTATE_UINT32(thr, stellaris_enet_state), ++ VMSTATE_UINT32(mctl, stellaris_enet_state), ++ VMSTATE_UINT32(mdv, stellaris_enet_state), ++ VMSTATE_UINT32(mtxd, stellaris_enet_state), ++ VMSTATE_UINT32(mrxd, stellaris_enet_state), ++ VMSTATE_UINT32(np, stellaris_enet_state), ++ VMSTATE_UINT32(tx_fifo_len, stellaris_enet_state), ++ VMSTATE_UINT8_ARRAY(tx_fifo, stellaris_enet_state, 2048), ++ VMSTATE_STRUCT_ARRAY(rx, stellaris_enet_state, 31, 1, ++ vmstate_rx_frame, StellarisEnetRxFrame), ++ VMSTATE_UINT32(rx_fifo_offset, stellaris_enet_state), ++ VMSTATE_UINT32(next_packet, stellaris_enet_state), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ + static void stellaris_enet_update(stellaris_enet_state *s) + { + qemu_set_irq(s->irq, (s->ris & s->im) != 0); + } + ++/* Return the data length of the packet currently being assembled ++ * in the TX fifo. ++ */ ++static inline int stellaris_txpacket_datalen(stellaris_enet_state *s) ++{ ++ return s->tx_fifo[0] | (s->tx_fifo[1] << 8); ++} ++ ++/* Return true if the packet currently in the TX FIFO is complete, ++* ie the FIFO holds enough bytes for the data length, ethernet header, ++* payload and optionally CRC. ++*/ ++static inline bool stellaris_txpacket_complete(stellaris_enet_state *s) ++{ ++ int framelen = stellaris_txpacket_datalen(s); ++ framelen += 16; ++ if (!(s->tctl & SE_TCTL_CRC)) { ++ framelen += 4; ++ } ++ /* Cover the corner case of a 2032 byte payload with auto-CRC disabled: ++ * this requires more bytes than will fit in the FIFO. It's not totally ++ * clear how the h/w handles this, but if using threshold-based TX ++ * it will definitely try to transmit something. ++ */ ++ framelen = MIN(framelen, ARRAY_SIZE(s->tx_fifo)); ++ return s->tx_fifo_len >= framelen; ++} ++ ++/* Return true if the TX FIFO threshold is enabled and the FIFO ++ * has filled enough to reach it. ++ */ ++static inline bool stellaris_tx_thr_reached(stellaris_enet_state *s) ++{ ++ return (s->thr < 0x3f && ++ (s->tx_fifo_len >= 4 * (s->thr * 8 + 1))); ++} ++ ++/* Send the packet currently in the TX FIFO */ ++static void stellaris_enet_send(stellaris_enet_state *s) ++{ ++ int framelen = stellaris_txpacket_datalen(s); ++ ++ /* Ethernet header is in the FIFO but not in the datacount. ++ * We don't implement explicit CRC, so just ignore any ++ * CRC value in the FIFO. ++ */ ++ framelen += 14; ++ if ((s->tctl & SE_TCTL_PADEN) && framelen < 60) { ++ memset(&s->tx_fifo[framelen + 2], 0, 60 - framelen); ++ framelen = 60; ++ } ++ /* This MIN will have no effect unless the FIFO data is corrupt ++ * (eg bad data from an incoming migration); otherwise the check ++ * on the datalen at the start of writing the data into the FIFO ++ * will have caught this. Silently write a corrupt half-packet, ++ * which is what the hardware does in FIFO underrun situations. ++ */ ++ framelen = MIN(framelen, ARRAY_SIZE(s->tx_fifo) - 2); ++ qemu_send_packet(qemu_get_queue(s->nic), s->tx_fifo + 2, framelen); ++ s->tx_fifo_len = 0; ++ s->ris |= SE_INT_TXEMP; ++ stellaris_enet_update(s); ++ DPRINTF("Done TX\n"); ++} ++ + /* TODO: Implement MAC address filtering. */ + static ssize_t stellaris_enet_receive(VLANClientState *nc, const uint8_t *buf, size_t size) + { +@@ -92,7 +227,7 @@ + return -1; + } + +- DPRINTF("Received packet len=%d\n", size); ++ DPRINTF("Received packet len=%zu\n", size); + n = s->next_packet + s->np; + if (n >= 31) + n -= 31; +@@ -147,21 +282,21 @@ + case 0x0c: /* TCTL */ + return s->tctl; + case 0x10: /* DATA */ +- if (s->rx_fifo_len == 0) { +- if (s->np == 0) { +- BADF("RX underflow\n"); +- return 0; +- } +- s->rx_fifo_len = s->rx[s->next_packet].len; +- s->rx_fifo = s->rx[s->next_packet].data; +- DPRINTF("RX FIFO start packet len=%d\n", s->rx_fifo_len); ++ { ++ uint8_t *rx_fifo; ++ ++ if (s->np == 0) { ++ BADF("RX underflow\n"); ++ return 0; + } +- val = s->rx_fifo[0] | (s->rx_fifo[1] << 8) | (s->rx_fifo[2] << 16) +- | (s->rx_fifo[3] << 24); +- s->rx_fifo += 4; +- s->rx_fifo_len -= 4; +- if (s->rx_fifo_len <= 0) { +- s->rx_fifo_len = 0; ++ ++ rx_fifo = s->rx[s->next_packet].data + s->rx_fifo_offset; ++ ++ val = rx_fifo[0] | (rx_fifo[1] << 8) | (rx_fifo[2] << 16) ++ | (rx_fifo[3] << 24); ++ s->rx_fifo_offset += 4; ++ if (s->rx_fifo_offset >= s->rx[s->next_packet].len) { ++ s->rx_fifo_offset = 0; + s->next_packet++; + if (s->next_packet >= 31) + s->next_packet = 0; +@@ -169,6 +304,7 @@ + DPRINTF("RX done np=%d\n", s->np); + } + return val; ++ } + case 0x14: /* IA0 */ + return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8) + | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24); +@@ -206,22 +342,23 @@ + switch (offset) { + case 0x00: /* IACK */ + s->ris &= ~value; +- DPRINTF("IRQ ack %02x/%02x\n", value, s->ris); ++ DPRINTF("IRQ ack %02" PRIx64 "/%02x\n", value, s->ris); + stellaris_enet_update(s); + /* Clearing TXER also resets the TX fifo. */ +- if (value & SE_INT_TXER) +- s->tx_frame_len = -1; ++ if (value & SE_INT_TXER) { ++ s->tx_fifo_len = 0; ++ } + break; + case 0x04: /* IM */ +- DPRINTF("IRQ mask %02x/%02x\n", value, s->ris); ++ DPRINTF("IRQ mask %02" PRIx64 "/%02x\n", value, s->ris); + s->im = value; + stellaris_enet_update(s); + break; + case 0x08: /* RCTL */ + s->rctl = value; + if (value & SE_RCTL_RSTFIFO) { +- s->rx_fifo_len = 0; + s->np = 0; ++ s->rx_fifo_offset = 0; + stellaris_enet_update(s); + } + break; +@@ -229,42 +366,26 @@ + s->tctl = value; + break; + case 0x10: /* DATA */ +- if (s->tx_frame_len == -1) { +- s->tx_frame_len = value & 0xffff; +- if (s->tx_frame_len > 2032) { +- DPRINTF("TX frame too long (%d)\n", s->tx_frame_len); +- s->tx_frame_len = 0; ++ if (s->tx_fifo_len == 0) { ++ /* The first word is special, it contains the data length */ ++ int framelen = value & 0xffff; ++ if (framelen > 2032) { ++ DPRINTF("TX frame too long (%d)\n", framelen); + s->ris |= SE_INT_TXER; + stellaris_enet_update(s); +- } else { +- DPRINTF("Start TX frame len=%d\n", s->tx_frame_len); +- /* The value written does not include the ethernet header. */ +- s->tx_frame_len += 14; +- if ((s->tctl & SE_TCTL_CRC) == 0) +- s->tx_frame_len += 4; +- s->tx_fifo_len = 0; +- s->tx_fifo[s->tx_fifo_len++] = value >> 16; +- s->tx_fifo[s->tx_fifo_len++] = value >> 24; ++ break; + } +- } else { ++ } ++ ++ if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) { + s->tx_fifo[s->tx_fifo_len++] = value; + s->tx_fifo[s->tx_fifo_len++] = value >> 8; + s->tx_fifo[s->tx_fifo_len++] = value >> 16; + s->tx_fifo[s->tx_fifo_len++] = value >> 24; +- if (s->tx_fifo_len >= s->tx_frame_len) { +- /* We don't implement explicit CRC, so just chop it off. */ +- if ((s->tctl & SE_TCTL_CRC) == 0) +- s->tx_frame_len -= 4; +- if ((s->tctl & SE_TCTL_PADEN) && s->tx_frame_len < 60) { +- memset(&s->tx_fifo[s->tx_frame_len], 0, 60 - s->tx_frame_len); +- s->tx_fifo_len = 60; +- } +- qemu_send_packet(&s->nic->nc, s->tx_fifo, s->tx_frame_len); +- s->tx_frame_len = -1; +- s->ris |= SE_INT_TXEMP; +- stellaris_enet_update(s); +- DPRINTF("Done TX\n"); +- } ++ } ++ ++ if (stellaris_tx_thr_reached(s) && stellaris_txpacket_complete(s)) { ++ stellaris_enet_send(s); + } + break; + case 0x14: /* IA0 */ +@@ -292,9 +413,13 @@ + case 0x2c: /* MTXD */ + s->mtxd = value & 0xff; + break; ++ case 0x38: /* TR */ ++ if (value & 1) { ++ stellaris_enet_send(s); ++ } ++ break; + case 0x30: /* MRXD */ + case 0x34: /* NP */ +- case 0x38: /* TR */ + /* Ignored. */ + case 0x3c: /* Undocuented: Timestamp? */ + /* Ignored. */ +@@ -317,76 +442,13 @@ + s->im = SE_INT_PHY | SE_INT_MD | SE_INT_RXER | SE_INT_FOV | SE_INT_TXEMP + | SE_INT_TXER | SE_INT_RX; + s->thr = 0x3f; +- s->tx_frame_len = -1; +-} +- +-static void stellaris_enet_save(QEMUFile *f, void *opaque) +-{ +- stellaris_enet_state *s = (stellaris_enet_state *)opaque; +- int i; +- +- qemu_put_be32(f, s->ris); +- qemu_put_be32(f, s->im); +- qemu_put_be32(f, s->rctl); +- qemu_put_be32(f, s->tctl); +- qemu_put_be32(f, s->thr); +- qemu_put_be32(f, s->mctl); +- qemu_put_be32(f, s->mdv); +- qemu_put_be32(f, s->mtxd); +- qemu_put_be32(f, s->mrxd); +- qemu_put_be32(f, s->np); +- qemu_put_be32(f, s->tx_frame_len); +- qemu_put_be32(f, s->tx_fifo_len); +- qemu_put_buffer(f, s->tx_fifo, sizeof(s->tx_fifo)); +- for (i = 0; i < 31; i++) { +- qemu_put_be32(f, s->rx[i].len); +- qemu_put_buffer(f, s->rx[i].data, sizeof(s->rx[i].data)); +- +- } +- qemu_put_be32(f, s->next_packet); +- qemu_put_be32(f, s->rx_fifo - s->rx[s->next_packet].data); +- qemu_put_be32(f, s->rx_fifo_len); +-} +- +-static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id) +-{ +- stellaris_enet_state *s = (stellaris_enet_state *)opaque; +- int i; +- +- if (version_id != 1) +- return -EINVAL; +- +- s->ris = qemu_get_be32(f); +- s->im = qemu_get_be32(f); +- s->rctl = qemu_get_be32(f); +- s->tctl = qemu_get_be32(f); +- s->thr = qemu_get_be32(f); +- s->mctl = qemu_get_be32(f); +- s->mdv = qemu_get_be32(f); +- s->mtxd = qemu_get_be32(f); +- s->mrxd = qemu_get_be32(f); +- s->np = qemu_get_be32(f); +- s->tx_frame_len = qemu_get_be32(f); +- s->tx_fifo_len = qemu_get_be32(f); +- qemu_get_buffer(f, s->tx_fifo, sizeof(s->tx_fifo)); +- for (i = 0; i < 31; i++) { +- s->rx[i].len = qemu_get_be32(f); +- qemu_get_buffer(f, s->rx[i].data, sizeof(s->rx[i].data)); +- +- } +- s->next_packet = qemu_get_be32(f); +- s->rx_fifo = s->rx[s->next_packet].data + qemu_get_be32(f); +- s->rx_fifo_len = qemu_get_be32(f); +- +- return 0; ++ s->tx_fifo_len = 0; + } + + static void stellaris_enet_cleanup(VLANClientState *nc) + { + stellaris_enet_state *s = DO_UPCAST(NICState, nc, nc)->opaque; + +- unregister_savevm(&s->busdev.qdev, "stellaris_enet", s); +- + memory_region_destroy(&s->mmio); + + g_free(s); +@@ -415,8 +477,6 @@ + qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a); + + stellaris_enet_reset(s); +- register_savevm(&s->busdev.qdev, "stellaris_enet", -1, 1, +- stellaris_enet_save, stellaris_enet_load, s); + return 0; + } + --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4533.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4533.patch @@ -0,0 +1,52 @@ +Backport of: + +From caa881abe0e01f9931125a0977ec33c5343e4aa7 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:51:57 +0300 +Subject: [PATCH] pxa2xx: avoid buffer overrun on incoming migration + +CVE-2013-4533 + +s->rx_level is read from the wire and used to determine how many bytes +to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the +length of s->rx_fifo[] the buffer can be overrun with arbitrary data +from the wire. + +Fix this by validating rx_level against the size of s->rx_fifo. + +Cc: Don Koch +Reported-by: Michael Roth +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Peter Maydell +Reviewed-by: Don Koch +Signed-off-by: Juan Quintela +--- + hw/arm/pxa2xx.c | 8 ++++++-- + 1 files changed, 6 insertions(+), 2 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/pxa2xx.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/pxa2xx.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/pxa2xx.c 2014-08-12 12:46:10.222753292 -0400 +@@ -784,7 +784,7 @@ + static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id) + { + PXA2xxSSPState *s = (PXA2xxSSPState *) opaque; +- int i; ++ int i, v; + + s->enable = qemu_get_be32(f); + +@@ -798,7 +798,11 @@ + qemu_get_8s(f, &s->ssrsa); + qemu_get_8s(f, &s->ssacd); + +- s->rx_level = qemu_get_byte(f); ++ v = qemu_get_byte(f); ++ if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) { ++ return -EINVAL; ++ } ++ s->rx_level = v; + s->rx_start = 0; + for (i = 0; i < s->rx_level; i ++) + s->rx_fifo[i] = qemu_get_byte(f); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4534.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4534.patch @@ -0,0 +1,51 @@ +Backport of: + +From 73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e Mon Sep 17 00:00:00 2001 +From: Michael Roth +Date: Mon, 28 Apr 2014 16:08:17 +0300 +Subject: [PATCH] openpic: avoid buffer overrun on incoming migration + +CVE-2013-4534 + +opp->nb_cpus is read from the wire and used to determine how many +IRQDest elements to read into opp->dst[]. If the value exceeds the +length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary +data from the wire. + +Fix this by failing migration if the value read from the wire exceeds +MAX_CPU. + +Signed-off-by: Michael Roth +Reviewed-by: Alexander Graf +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + hw/intc/openpic.c | 16 ++++++++++++++-- + 1 files changed, 14 insertions(+), 2 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/openpic.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/openpic.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/openpic.c 2014-08-12 12:56:51.486763688 -0400 +@@ -1123,7 +1123,7 @@ + static int openpic_load(QEMUFile* f, void *opaque, int version_id) + { + openpic_t *opp = (openpic_t *)opaque; +- unsigned int i; ++ unsigned int i, nb_cpus; + + if (version_id != 1) + return -EINVAL; +@@ -1144,7 +1144,11 @@ + qemu_get_sbe32s(f, &opp->src[i].pending); + } + +- qemu_get_sbe32s(f, &opp->nb_cpus); ++ qemu_get_be32s(f, &nb_cpus); ++ if (opp->nb_cpus != nb_cpus) { ++ return -EINVAL; ++ } ++ assert(nb_cpus > 0 && nb_cpus <= MAX_CPU); + + for (i = 0; i < opp->nb_cpus; i++) { + qemu_get_be32s(f, &opp->dst[i].tfrr); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4535_4536.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4535_4536.patch @@ -0,0 +1,21 @@ +Description: fix buffer overrun on incoming migration in virtio +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=937251408051e0489f78e4db3c92e045b147b38b + +Index: qemu-kvm-1.0+noroms/hw/virtio.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/virtio.c 2014-08-12 12:57:42.534764516 -0400 ++++ qemu-kvm-1.0+noroms/hw/virtio.c 2014-08-12 12:59:37.790766384 -0400 +@@ -410,6 +410,12 @@ + unsigned int i; + target_phys_addr_t len; + ++ if (num_sg > VIRTQUEUE_MAX_SIZE) { ++ error_report("virtio: map attempt out of bounds: %zd > %d", ++ num_sg, VIRTQUEUE_MAX_SIZE); ++ exit(1); ++ } ++ + for (i = 0; i < num_sg; i++) { + len = sg[i].iov_len; + sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4537.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4537.patch @@ -0,0 +1,42 @@ +Backport of: + +From a9c380db3b8c6af19546a68145c8d1438a09c92b Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Mon, 28 Apr 2014 16:08:14 +0300 +Subject: [PATCH] ssi-sd: fix buffer overrun on invalid state load + +CVE-2013-4537 + +s->arglen is taken from wire and used as idx +in ssi_sd_transfer(). + +Validate it before access. + +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + hw/sd/ssi-sd.c | 9 +++++++++ + 1 files changed, 9 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/ssi-sd.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/ssi-sd.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/ssi-sd.c 2014-08-12 13:00:43.226767445 -0400 +@@ -223,8 +223,17 @@ + for (i = 0; i < 5; i++) + s->response[i] = qemu_get_be32(f); + s->arglen = qemu_get_be32(f); ++ if (s->mode == SSI_SD_CMDARG && ++ (s->arglen < 0 || s->arglen >= ARRAY_SIZE(s->cmdarg))) { ++ return -EINVAL; ++ } + s->response_pos = qemu_get_be32(f); + s->stopping = qemu_get_be32(f); ++ if (s->mode == SSI_SD_RESPONSE && ++ (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) || ++ (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) { ++ return -EINVAL; ++ } + + return 0; + } --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4538.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4538.patch @@ -0,0 +1,78 @@ +Backport of: + +From ead7a57df37d2187813a121308213f41591bd811 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:52:05 +0300 +Subject: [PATCH] ssd0323: fix buffer overun on invalid state load + +CVE-2013-4538 + +s->cmd_len used as index in ssd0323_transfer() to store 32-bit field. +Possible this field might then be supplied by guest to overwrite a +return addr somewhere. Same for row/col fields, which are indicies into +framebuffer array. + +To fix validate after load. + +Additionally, validate that the row/col_start/end are within bounds; +otherwise the guest can provoke an overrun by either setting the _end +field so large that the row++ increments just walk off the end of the +array, or by setting the _start value to something bogus and then +letting the "we hit end of row" logic reset row to row_start. + +For completeness, validate mode as well. + +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Peter Maydell +Signed-off-by: Juan Quintela +--- + hw/display/ssd0323.c | 24 ++++++++++++++++++++++++ + 1 files changed, 24 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/ssd0323.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/ssd0323.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/ssd0323.c 2014-08-12 13:02:26.154769113 -0400 +@@ -305,18 +305,42 @@ + return -EINVAL; + + s->cmd_len = qemu_get_be32(f); ++ if (s->cmd_len < 0 || s->cmd_len > ARRAY_SIZE(s->cmd_data)) { ++ return -EINVAL; ++ } + s->cmd = qemu_get_be32(f); + for (i = 0; i < 8; i++) + s->cmd_data[i] = qemu_get_be32(f); + s->row = qemu_get_be32(f); ++ if (s->row < 0 || s->row >= 80) { ++ return -EINVAL; ++ } + s->row_start = qemu_get_be32(f); ++ if (s->row_start < 0 || s->row_start >= 80) { ++ return -EINVAL; ++ } + s->row_end = qemu_get_be32(f); ++ if (s->row_end < 0 || s->row_end >= 80) { ++ return -EINVAL; ++ } + s->col = qemu_get_be32(f); ++ if (s->col < 0 || s->col >= 64) { ++ return -EINVAL; ++ } + s->col_start = qemu_get_be32(f); ++ if (s->col_start < 0 || s->col_start >= 64) { ++ return -EINVAL; ++ } + s->col_end = qemu_get_be32(f); ++ if (s->col_end < 0 || s->col_end >= 64) { ++ return -EINVAL; ++ } + s->redraw = qemu_get_be32(f); + s->remap = qemu_get_be32(f); + s->mode = qemu_get_be32(f); ++ if (s->mode != SSD0323_CMD && s->mode != SSD0323_DATA) { ++ return -EINVAL; ++ } + qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer)); + + return 0; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4539.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4539.patch @@ -0,0 +1,51 @@ +Backport of: + +From 5193be3be35f29a35bc465036cd64ad60d43385f Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:52:09 +0300 +Subject: [PATCH] tsc210x: fix buffer overrun on invalid state load +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +CVE-2013-4539 + +s->precision, nextprecision, function and nextfunction +come from wire and are used +as idx into resolution[] in TSC_CUT_RESOLUTION. + +Validate after load to avoid buffer overrun. + +Cc: Andreas Färber +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + hw/input/tsc210x.c | 12 ++++++++++++ + 1 files changed, 12 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/tsc210x.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/tsc210x.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/tsc210x.c 2014-08-12 13:03:43.046770360 -0400 +@@ -1070,9 +1070,21 @@ + s->enabled = qemu_get_byte(f); + s->host_mode = qemu_get_byte(f); + s->function = qemu_get_byte(f); ++ if (s->function < 0 || s->function >= ARRAY_SIZE(mode_regs)) { ++ return -EINVAL; ++ } + s->nextfunction = qemu_get_byte(f); ++ if (s->nextfunction < 0 || s->nextfunction >= ARRAY_SIZE(mode_regs)) { ++ return -EINVAL; ++ } + s->precision = qemu_get_byte(f); ++ if (s->precision < 0 || s->precision >= ARRAY_SIZE(resolution)) { ++ return -EINVAL; ++ } + s->nextprecision = qemu_get_byte(f); ++ if (s->nextprecision < 0 || s->nextprecision >= ARRAY_SIZE(resolution)) { ++ return -EINVAL; ++ } + s->filter = qemu_get_byte(f); + s->pin_func = qemu_get_byte(f); + s->ref = qemu_get_byte(f); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4540.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4540.patch @@ -0,0 +1,55 @@ +Backport of: + +From 52f91c3723932f8340fe36c8ec8b18a757c37b2b Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:52:13 +0300 +Subject: [PATCH] zaurus: fix buffer overrun on invalid state load + +CVE-2013-4540 + +Within scoop_gpio_handler_update, if prev_level has a high bit set, then +we get bit > 16 and that causes a buffer overrun. + +Since prev_level comes from wire indirectly, this can +happen on invalid state load. + +Similarly for gpio_level and gpio_dir. + +To fix, limit to 16 bit. + +Reported-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Dr. David Alan Gilbert +Signed-off-by: Juan Quintela +--- + hw/gpio/zaurus.c | 10 ++++++++++ + 1 files changed, 10 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/zaurus.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/zaurus.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/zaurus.c 2014-08-12 13:04:42.802771329 -0400 +@@ -202,6 +202,15 @@ + return version_id == 0; + } + ++static bool vmstate_scoop_validate(void *opaque, int version_id) ++{ ++ ScoopInfo *s = opaque; ++ ++ return !(s->prev_level & 0xffff0000) && ++ !(s->gpio_level & 0xffff0000) && ++ !(s->gpio_dir & 0xffff0000); ++} ++ + static const VMStateDescription vmstate_scoop_regs = { + .name = "scoop", + .version_id = 1, +@@ -214,6 +223,7 @@ + VMSTATE_UINT32(gpio_level, ScoopInfo), + VMSTATE_UINT32(gpio_dir, ScoopInfo), + VMSTATE_UINT32(prev_level, ScoopInfo), ++ VMSTATE_VALIDATE("irq levels are 16 bit", vmstate_scoop_validate), + VMSTATE_UINT16(mcr, ScoopInfo), + VMSTATE_UINT16(cdr, ScoopInfo), + VMSTATE_UINT16(ccr, ScoopInfo), --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-4541.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-4541.patch @@ -0,0 +1,53 @@ +Backport of: + +From 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Thu, 3 Apr 2014 19:52:25 +0300 +Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load + +CVE-2013-4541 + +s->setup_len and s->setup_index are fed into usb_packet_copy as +size/offset into s->data_buf, it's possible for invalid state to exploit +this to load arbitrary data. + +setup_len and setup_index should be checked to make sure +they are not negative. + +Cc: Gerd Hoffmann +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Gerd Hoffmann +Signed-off-by: Juan Quintela +--- + hw/usb/bus.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/usb-bus.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/usb-bus.c 2011-12-04 05:38:06.000000000 -0500 ++++ qemu-kvm-1.0+noroms/hw/usb-bus.c 2014-08-12 13:10:14.474776706 -0400 +@@ -25,10 +25,24 @@ + static int next_usb_bus = 0; + static QTAILQ_HEAD(, USBBus) busses = QTAILQ_HEAD_INITIALIZER(busses); + ++static int usb_device_post_load(void *opaque, int version_id) ++{ ++ USBDevice *dev = opaque; ++ ++ if (dev->setup_index < 0 || ++ dev->setup_len < 0 || ++ dev->setup_index >= sizeof(dev->data_buf) || ++ dev->setup_len >= sizeof(dev->data_buf)) { ++ return -EINVAL; ++ } ++ return 0; ++} ++ + const VMStateDescription vmstate_usb_device = { + .name = "USBDevice", + .version_id = 1, + .minimum_version_id = 1, ++ .post_load = usb_device_post_load, + .fields = (VMStateField []) { + VMSTATE_UINT8(addr, USBDevice), + VMSTATE_INT32(state, USBDevice), --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2013-6399.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2013-6399.patch @@ -0,0 +1,41 @@ +Backport of: + +From 4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 Mon Sep 17 00:00:00 2001 +From: Michael Roth +Date: Thu, 3 Apr 2014 19:51:46 +0300 +Subject: [PATCH] virtio: avoid buffer overrun on incoming migration + +CVE-2013-6399 + +vdev->queue_sel is read from the wire, and later used in the +emulation code as an index into vdev->vq[]. If the value of +vdev->queue_sel exceeds the length of vdev->vq[], currently +allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO +operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun +the buffer with arbitrary data originating from the source. + +Fix this by failing migration if the value from the wire exceeds +VIRTIO_PCI_QUEUE_MAX. + +Signed-off-by: Michael Roth +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Peter Maydell +Signed-off-by: Juan Quintela +--- + hw/virtio/virtio.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/virtio.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/virtio.c 2014-08-12 13:10:39.902777118 -0400 ++++ qemu-kvm-1.0+noroms/hw/virtio.c 2014-08-12 13:15:05.462781423 -0400 +@@ -820,6 +820,9 @@ + qemu_get_8s(f, &vdev->status); + qemu_get_8s(f, &vdev->isr); + qemu_get_be16s(f, &vdev->queue_sel); ++ if (vdev->queue_sel >= VIRTIO_PCI_QUEUE_MAX) { ++ return -1; ++ } + qemu_get_be32s(f, &features); + + if (virtio_set_features(vdev, features) < 0) { --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0142.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0142.patch @@ -0,0 +1,92 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=8e53abbc20d08ae3ec30c2054e1161314ad9501d +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=5e71dfad763d67bb64be79e20e93411c0c30ad25 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=9302e863aa8baa5d932fc078967050c055fa1a7f +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=28ec11bc882387e51c7450558af5a49b8be95a36 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=715c3f60efa9801a777a71cd06eaf8efa7eaa2a8 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730 + +Index: qemu-kvm-1.0+noroms/block/bochs.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/bochs.c 2014-05-12 09:22:54.645155119 -0400 ++++ qemu-kvm-1.0+noroms/block/bochs.c 2014-05-12 09:22:54.637155119 -0400 +@@ -156,8 +156,18 @@ + s->extent_blocks = 1 + (le32_to_cpu(bochs.extra.redolog.extent) - 1) / 512; + + s->extent_size = le32_to_cpu(bochs.extra.redolog.extent); ++ if (s->extent_size < BDRV_SECTOR_SIZE) { ++ /* bximage actually never creates extents smaller than 4k */ ++ goto fail; ++ } else if (!is_power_of_2(s->extent_size)) { ++ goto fail; ++ } else if (s->extent_size > 0x800000) { ++ goto fail; ++ } + +- if (s->catalog_size < bs->total_sectors / s->extent_size) { ++ if (s->catalog_size < DIV_ROUND_UP(bs->total_sectors, ++ s->extent_size / BDRV_SECTOR_SIZE)) ++ { + goto fail; + } + +Index: qemu-kvm-1.0+noroms/block/parallels.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/parallels.c 2014-05-12 09:22:54.645155119 -0400 ++++ qemu-kvm-1.0+noroms/block/parallels.c 2014-05-12 09:23:09.521155518 -0400 +@@ -51,7 +51,7 @@ + uint32_t *catalog_bitmap; + unsigned int catalog_size; + +- int tracks; ++ unsigned int tracks; + } BDRVParallelsState; + + static int parallels_probe(const uint8_t *buf, int buf_size, const char *filename) +@@ -87,6 +87,9 @@ + bs->total_sectors = le32_to_cpu(ph.nb_sectors); + + s->tracks = le32_to_cpu(ph.tracks); ++ if (s->tracks == 0) { ++ goto fail; ++ } + + s->catalog_size = le32_to_cpu(ph.catalog_entries); + if (s->catalog_size > INT_MAX / 4) { +Index: qemu-kvm-1.0+noroms/block/vpc.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/vpc.c 2014-05-12 09:22:54.645155119 -0400 ++++ qemu-kvm-1.0+noroms/block/vpc.c 2014-05-12 09:22:54.637155119 -0400 +@@ -197,6 +197,11 @@ + + + s->block_size = be32_to_cpu(dyndisk_header->block_size); ++ if (!is_power_of_2(s->block_size) || s->block_size < BDRV_SECTOR_SIZE) { ++ err = -EINVAL; ++ goto fail; ++ } ++ + s->bitmap_size = ((s->block_size / (8 * 512)) + 511) & ~511; + + s->max_table_entries = be32_to_cpu(dyndisk_header->max_table_entries); +Index: qemu-kvm-1.0+noroms/qemu-common.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/qemu-common.h 2014-05-12 09:22:54.645155119 -0400 ++++ qemu-kvm-1.0+noroms/qemu-common.h 2014-05-12 09:22:54.637155119 -0400 +@@ -378,6 +378,15 @@ + } + size_t buffer_find_nonzero_offset(const void *buf, size_t len); + ++static inline bool is_power_of_2(uint64_t value) ++{ ++ if (!value) { ++ return 0; ++ } ++ ++ return !(value & (value - 1)); ++} ++ + #include "module.h" + + #endif --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0143.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0143.patch @@ -0,0 +1,167 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730 + +Index: qemu-kvm-1.0+noroms/block.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block.c 2014-05-12 09:22:08.681153888 -0400 +@@ -1036,6 +1036,10 @@ + static int bdrv_check_request(BlockDriverState *bs, int64_t sector_num, + int nb_sectors) + { ++ if (nb_sectors > INT_MAX / BDRV_SECTOR_SIZE) { ++ return -EIO; ++ } ++ + return bdrv_check_byte_request(bs, sector_num * BDRV_SECTOR_SIZE, + nb_sectors * BDRV_SECTOR_SIZE); + } +Index: qemu-kvm-1.0+noroms/block/bochs.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/bochs.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/bochs.c 2014-05-12 09:22:08.681153888 -0400 +@@ -136,7 +136,13 @@ + bs->total_sectors = le64_to_cpu(bochs.extra.redolog.disk) / 512; + } + ++ /* Limit to 1M entries to avoid unbounded allocation. This is what is ++ * needed for the largest image that bximage can create (~8 TB). */ + s->catalog_size = le32_to_cpu(bochs.extra.redolog.catalog); ++ if (s->catalog_size > 0x100000) { ++ return -EFBIG; ++ } ++ + s->catalog_bitmap = g_malloc(s->catalog_size * 4); + if (bdrv_pread(bs->file, le32_to_cpu(bochs.header), s->catalog_bitmap, + s->catalog_size * 4) != s->catalog_size * 4) +@@ -151,6 +157,10 @@ + + s->extent_size = le32_to_cpu(bochs.extra.redolog.extent); + ++ if (s->catalog_size < bs->total_sectors / s->extent_size) { ++ goto fail; ++ } ++ + qemu_co_mutex_init(&s->lock); + return 0; + fail: +Index: qemu-kvm-1.0+noroms/block/cloop.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/cloop.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/cloop.c 2014-05-12 09:22:08.681153888 -0400 +@@ -72,6 +72,10 @@ + s->n_blocks = be32_to_cpu(s->n_blocks); + + /* read offsets */ ++ if (s->n_blocks > UINT32_MAX / sizeof(uint64_t)) { ++ /* Prevent integer overflow */ ++ return -EINVAL; ++ } + offsets_size = s->n_blocks * sizeof(uint64_t); + s->offsets = g_malloc(offsets_size); + if (bdrv_pread(bs->file, 128 + 4 + 4, s->offsets, offsets_size) < +Index: qemu-kvm-1.0+noroms/block/parallels.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/parallels.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/parallels.c 2014-05-12 09:22:30.957154485 -0400 +@@ -49,7 +49,7 @@ + CoMutex lock; + + uint32_t *catalog_bitmap; +- int catalog_size; ++ unsigned int catalog_size; + + int tracks; + } BDRVParallelsState; +@@ -89,6 +89,9 @@ + s->tracks = le32_to_cpu(ph.tracks); + + s->catalog_size = le32_to_cpu(ph.catalog_entries); ++ if (s->catalog_size > INT_MAX / 4) { ++ goto fail; ++ } + s->catalog_bitmap = g_malloc(s->catalog_size * 4); + if (bdrv_pread(bs->file, 64, s->catalog_bitmap, s->catalog_size * 4) != + s->catalog_size * 4) +Index: qemu-kvm-1.0+noroms/block/qcow2-cluster.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-cluster.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-cluster.c 2014-05-12 09:22:08.681153888 -0400 +@@ -52,6 +52,10 @@ + } + } + ++ if (new_l1_size > INT_MAX / sizeof(uint64_t)) { ++ return -EFBIG; ++ } ++ + #ifdef DEBUG_ALLOC2 + fprintf(stderr, "grow l1_table from %d to %d\n", s->l1_size, new_l1_size); + #endif +Index: qemu-kvm-1.0+noroms/block/qcow2-refcount.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-refcount.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-refcount.c 2014-05-12 09:22:08.681153888 -0400 +@@ -85,7 +85,7 @@ + static int get_refcount(BlockDriverState *bs, int64_t cluster_index) + { + BDRVQcowState *s = bs->opaque; +- int refcount_table_index, block_index; ++ uint64_t refcount_table_index, block_index; + int64_t refcount_block_offset; + int ret; + uint16_t *refcount_block; +Index: qemu-kvm-1.0+noroms/block/qcow2-snapshot.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-snapshot.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-snapshot.c 2014-05-12 09:22:08.681153888 -0400 +@@ -328,6 +328,10 @@ + return -ENOENT; + sn = &s->snapshots[snapshot_index]; + ++ if (sn->l1_size > QCOW_MAX_L1_SIZE) { ++ return -EFBIG; ++ } ++ + if (qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, -1) < 0) + goto fail; + +Index: qemu-kvm-1.0+noroms/block/qcow2.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.c 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.c 2014-05-12 09:22:08.681153888 -0400 +@@ -207,6 +207,11 @@ + s->nb_snapshots = header.nb_snapshots; + + /* read the level 1 table */ ++ if (header.l1_size > QCOW_MAX_L1_SIZE) { ++ fprintf(stderr, "Active L1 table too large"); ++ ret = -EFBIG; ++ goto fail; ++ } + s->l1_size = header.l1_size; + s->l1_vm_state_index = size_to_l1(s, header.size); + /* the L1 table must contain at least enough entries to put +Index: qemu-kvm-1.0+noroms/block/qcow2.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.h 2014-05-12 09:22:08.685153888 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.h 2014-05-12 09:22:08.681153888 -0400 +@@ -40,6 +40,10 @@ + + #define QCOW_MAX_CRYPT_CLUSTERS 32 + ++/* 32 MB L1 table is enough for 2 PB images at 64k cluster size ++ * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ ++#define QCOW_MAX_L1_SIZE 0x2000000 ++ + /* indicate that the refcount of the referenced cluster is exactly one. */ + #define QCOW_OFLAG_COPIED (1LL << 63) + /* indicate that the cluster is compressed (they never have the copied flag) */ --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0144.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0144.patch @@ -0,0 +1,510 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=8c7de28305a514d7f879fdfc677ca11fbf60d2e9 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730 + +Index: qemu-kvm-1.0+noroms/block/cloop.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/cloop.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/cloop.c 2014-05-12 09:15:53.773143849 -0400 +@@ -26,6 +26,9 @@ + #include "module.h" + #include + ++/* Maximum compressed block size */ ++#define MAX_BLOCK_SIZE (64 * 1024 * 1024) ++ + typedef struct BDRVCloopState { + CoMutex lock; + uint32_t block_size; +@@ -65,6 +68,20 @@ + goto cloop_close; + } + s->block_size = be32_to_cpu(s->block_size); ++ if (s->block_size % 512) { ++ return -EINVAL; ++ } ++ if (s->block_size == 0) { ++ return -EINVAL; ++ } ++ ++ /* cloop's create_compressed_fs.c warns about block sizes beyond 256 KB but ++ * we can accept more. Prevent ridiculous values like 4 GB - 1 since we ++ * need a buffer this big. ++ */ ++ if (s->block_size > MAX_BLOCK_SIZE) { ++ return -EINVAL; ++ } + + if (bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4) < 4) { + goto cloop_close; +@@ -77,18 +94,43 @@ + return -EINVAL; + } + offsets_size = s->n_blocks * sizeof(uint64_t); ++ if (offsets_size > 512 * 1024 * 1024) { ++ /* Prevent ridiculous offsets_size which causes memory allocation to ++ * fail or overflows bdrv_pread() size. In practice the 512 MB ++ * offsets[] limit supports 16 TB images at 256 KB block size. ++ */ ++ return -EINVAL; ++ } + s->offsets = g_malloc(offsets_size); + if (bdrv_pread(bs->file, 128 + 4 + 4, s->offsets, offsets_size) < + offsets_size) { + goto cloop_close; + } + for(i=0;in_blocks;i++) { ++ uint64_t size; ++ + s->offsets[i] = be64_to_cpu(s->offsets[i]); +- if (i > 0) { +- uint32_t size = s->offsets[i] - s->offsets[i - 1]; +- if (size > max_compressed_block_size) { +- max_compressed_block_size = size; +- } ++ if (i == 0) { ++ continue; ++ } ++ ++ if (s->offsets[i] < s->offsets[i - 1]) { ++ return -EINVAL; ++ } ++ ++ size = s->offsets[i] - s->offsets[i - 1]; ++ ++ /* Compressed blocks should be smaller than the uncompressed block size ++ * but maybe compression performed poorly so the compressed block is ++ * actually bigger. Clamp down on unrealistic values to prevent ++ * ridiculous s->compressed_block allocation. ++ */ ++ if (size > 2 * MAX_BLOCK_SIZE) { ++ return -EINVAL; ++ } ++ ++ if (size > max_compressed_block_size) { ++ max_compressed_block_size = size; + } + } + +Index: qemu-kvm-1.0+noroms/block/curl.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/curl.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/curl.c 2014-05-12 09:15:53.773143849 -0400 +@@ -132,6 +132,11 @@ + if (!s || !s->orig_buf) + goto read_end; + ++ if (s->buf_off >= s->buf_len) { ++ /* buffer full, read nothing */ ++ return 0; ++ } ++ realsize = MIN(realsize, s->buf_len - s->buf_off); + memcpy(s->orig_buf + s->buf_off, ptr, realsize); + s->buf_off += realsize; + +Index: qemu-kvm-1.0+noroms/block/qcow2-refcount.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-refcount.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-refcount.c 2014-05-12 09:15:53.777143849 -0400 +@@ -38,8 +38,10 @@ + int qcow2_refcount_init(BlockDriverState *bs) + { + BDRVQcowState *s = bs->opaque; +- int ret, refcount_table_size2, i; ++ unsigned int refcount_table_size2, i; ++ int ret; + ++ assert(s->refcount_table_size <= INT_MAX / sizeof(uint64_t)); + refcount_table_size2 = s->refcount_table_size * sizeof(uint64_t); + s->refcount_table = g_malloc(refcount_table_size2); + if (s->refcount_table_size > 0) { +Index: qemu-kvm-1.0+noroms/block/qcow2-snapshot.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-snapshot.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-snapshot.c 2014-05-12 09:15:53.777143849 -0400 +@@ -26,26 +26,6 @@ + #include "block_int.h" + #include "block/qcow2.h" + +-typedef struct QEMU_PACKED QCowSnapshotHeader { +- /* header is 8 byte aligned */ +- uint64_t l1_table_offset; +- +- uint32_t l1_size; +- uint16_t id_str_size; +- uint16_t name_size; +- +- uint32_t date_sec; +- uint32_t date_nsec; +- +- uint64_t vm_clock_nsec; +- +- uint32_t vm_state_size; +- uint32_t extra_data_size; /* for extension */ +- /* extra data follows */ +- /* id_str follows */ +- /* name follows */ +-} QCowSnapshotHeader; +- + void qcow2_free_snapshots(BlockDriverState *bs) + { + BDRVQcowState *s = bs->opaque; +@@ -241,6 +221,10 @@ + uint64_t *l1_table = NULL; + int64_t l1_table_offset; + ++ if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { ++ return -EFBIG; ++ } ++ + memset(sn, 0, sizeof(*sn)); + + if (sn_info->id_str[0] == '\0') { +Index: qemu-kvm-1.0+noroms/block/qcow2.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.c 2014-05-12 09:17:40.621146710 -0400 +@@ -138,6 +138,31 @@ + return 0; + } + ++static int validate_table_offset(BlockDriverState *bs, uint64_t offset, ++ uint64_t entries, size_t entry_len) ++{ ++ BDRVQcowState *s = bs->opaque; ++ uint64_t size; ++ ++ /* Use signed INT64_MAX as the maximum even for uint64_t header fields, ++ * because values will be passed to qemu functions taking int64_t. */ ++ if (entries > INT64_MAX / entry_len) { ++ return -EINVAL; ++ } ++ ++ size = entries * entry_len; ++ ++ if (INT64_MAX - size < offset) { ++ return -EINVAL; ++ } ++ ++ /* Tables must be cluster aligned */ ++ if (offset & (s->cluster_size - 1)) { ++ return -EINVAL; ++ } ++ ++ return 0; ++} + + static int qcow2_open(BlockDriverState *bs, int flags) + { +@@ -165,6 +190,19 @@ + be64_to_cpus(&header.snapshots_offset); + be32_to_cpus(&header.nb_snapshots); + ++ /* Initialise cluster size */ ++ if (header.cluster_bits < MIN_CLUSTER_BITS || ++ header.cluster_bits > MAX_CLUSTER_BITS) { ++ fprintf(stderr, "Unsupported cluster size: 2^%i", ++ header.cluster_bits); ++ ret = -EINVAL; ++ goto fail; ++ } ++ ++ s->cluster_bits = header.cluster_bits; ++ s->cluster_size = 1 << s->cluster_bits; ++ s->cluster_sectors = 1 << (s->cluster_bits - 9); ++ + if (header.magic != QCOW_MAGIC) { + ret = -EINVAL; + goto fail; +@@ -190,19 +228,48 @@ + if (s->crypt_method_header) { + bs->encrypted = 1; + } +- s->cluster_bits = header.cluster_bits; +- s->cluster_size = 1 << s->cluster_bits; +- s->cluster_sectors = 1 << (s->cluster_bits - 9); ++ + s->l2_bits = s->cluster_bits - 3; /* L2 is always one cluster */ + s->l2_size = 1 << s->l2_bits; + bs->total_sectors = header.size / 512; + s->csize_shift = (62 - (s->cluster_bits - 8)); + s->csize_mask = (1 << (s->cluster_bits - 8)) - 1; + s->cluster_offset_mask = (1LL << s->csize_shift) - 1; ++ + s->refcount_table_offset = header.refcount_table_offset; + s->refcount_table_size = + header.refcount_table_clusters << (s->cluster_bits - 3); + ++ if (header.refcount_table_clusters > (0x800000 >> s->cluster_bits)) { ++ /* 8 MB refcount table is enough for 2 PB images at 64k cluster size ++ * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ ++ fprintf(stderr, "Reference count table too large"); ++ ret = -EINVAL; ++ goto fail; ++ } ++ ++ /* Snapshot table offset/length */ ++ if (header.nb_snapshots > QCOW_MAX_SNAPSHOTS) { ++ fprintf(stderr, "Too many snapshots"); ++ ret = -EINVAL; ++ goto fail; ++ } ++ ++ ret = validate_table_offset(bs, header.snapshots_offset, ++ header.nb_snapshots, ++ sizeof(QCowSnapshotHeader)); ++ if (ret < 0) { ++ fprintf(stderr, "Invalid snapshot table offset"); ++ goto fail; ++ } ++ ++ ret = validate_table_offset(bs, s->refcount_table_offset, ++ s->refcount_table_size, sizeof(uint64_t)); ++ if (ret < 0) { ++ fprintf(stderr, "Invalid reference count table offset"); ++ goto fail; ++ } ++ + s->snapshots_offset = header.snapshots_offset; + s->nb_snapshots = header.nb_snapshots; + +@@ -220,7 +287,16 @@ + ret = -EINVAL; + goto fail; + } ++ ++ ret = validate_table_offset(bs, header.l1_table_offset, ++ header.l1_size, sizeof(uint64_t)); ++ if (ret < 0) { ++ fprintf(stderr, "Invalid L1 table offset"); ++ goto fail; ++ } + s->l1_table_offset = header.l1_table_offset; ++ ++ + if (s->l1_size > 0) { + s->l1_table = g_malloc0( + align_offset(s->l1_size * sizeof(uint64_t), 512)); +@@ -254,6 +330,12 @@ + + QLIST_INIT(&s->cluster_allocs); + ++ if (header.backing_file_offset > s->cluster_size) { ++ fprintf(stderr, "Invalid backing file offset"); ++ ret = -EINVAL; ++ goto fail; ++ } ++ + /* read qcow2 extensions */ + if (header.backing_file_offset) { + ext_end = header.backing_file_offset; +Index: qemu-kvm-1.0+noroms/block/qcow2.h +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.h 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.h 2014-05-12 09:15:53.777143849 -0400 +@@ -39,6 +39,7 @@ + #define QCOW_CRYPT_AES 1 + + #define QCOW_MAX_CRYPT_CLUSTERS 32 ++#define QCOW_MAX_SNAPSHOTS 65536 + + /* 32 MB L1 table is enough for 2 PB images at 64k cluster size + * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ +@@ -77,6 +78,32 @@ + uint64_t snapshots_offset; + } QCowHeader; + ++typedef struct QEMU_PACKED QCowSnapshotHeader { ++ /* header is 8 byte aligned */ ++ uint64_t l1_table_offset; ++ ++ uint32_t l1_size; ++ uint16_t id_str_size; ++ uint16_t name_size; ++ ++ uint32_t date_sec; ++ uint32_t date_nsec; ++ ++ uint64_t vm_clock_nsec; ++ ++ uint32_t vm_state_size; ++ uint32_t extra_data_size; /* for extension */ ++ /* extra data follows */ ++ /* id_str follows */ ++ /* name follows */ ++} QCowSnapshotHeader; ++ ++typedef struct QEMU_PACKED QCowSnapshotExtraData { ++ uint64_t vm_state_size_large; ++ uint64_t disk_size; ++} QCowSnapshotExtraData; ++ ++ + typedef struct QCowSnapshot { + uint64_t l1_table_offset; + uint32_t l1_size; +@@ -127,7 +154,7 @@ + AES_KEY aes_decrypt_key; + uint64_t snapshots_offset; + int snapshots_size; +- int nb_snapshots; ++ unsigned int nb_snapshots; + QCowSnapshot *snapshots; + + int flags; +Index: qemu-kvm-1.0+noroms/block/vdi.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/vdi.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/vdi.c 2014-05-12 09:15:53.777143849 -0400 +@@ -123,6 +123,11 @@ + + #define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED) + ++/* max blocks in image is (0xffffffff / 4) */ ++#define VDI_BLOCKS_IN_IMAGE_MAX 0x3fffffff ++#define VDI_DISK_SIZE_MAX ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \ ++ (uint64_t)DEFAULT_CLUSTER_SIZE) ++ + #if !defined(CONFIG_UUID) + void uuid_generate(uuid_t out) + { +@@ -402,6 +407,13 @@ + vdi_header_print(&header); + #endif + ++ if (header.disk_size > VDI_DISK_SIZE_MAX) { ++ logout("Unsupported VDI image size (size is 0x%" PRIx64 ++ ", max supported is 0x%" PRIx64 ")", ++ header.disk_size, VDI_DISK_SIZE_MAX); ++ goto fail; ++ } ++ + if (header.disk_size % SECTOR_SIZE != 0) { + /* 'VBoxManage convertfromraw' can create images with odd disk sizes. + We accept them but round the disk size to the next multiple of +@@ -426,7 +438,7 @@ + } else if (header.sector_size != SECTOR_SIZE) { + logout("unsupported sector size %u B\n", header.sector_size); + goto fail; +- } else if (header.block_size != 1 * MiB) { ++ } else if (header.block_size != DEFAULT_CLUSTER_SIZE) { + logout("unsupported block size %u B\n", header.block_size); + goto fail; + } else if (header.disk_size > +@@ -439,6 +451,11 @@ + } else if (!uuid_is_null(header.uuid_parent)) { + logout("parent uuid != 0, unsupported\n"); + goto fail; ++ } else if (header.blocks_in_image > VDI_BLOCKS_IN_IMAGE_MAX) { ++ logout("unsupported VDI image " ++ "(too many blocks %u, max is %u)", ++ header.blocks_in_image, VDI_BLOCKS_IN_IMAGE_MAX); ++ goto fail; + } + + bs->total_sectors = header.disk_size / SECTOR_SIZE; +@@ -883,10 +900,19 @@ + options++; + } + ++ if (bytes > VDI_DISK_SIZE_MAX) { ++ result = -ENOTSUP; ++ logout("Unsupported VDI image size (size is 0x%" PRIx64 ++ ", max supported is 0x%" PRIx64 ")", ++ bytes, VDI_DISK_SIZE_MAX); ++ goto exit; ++ } ++ + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE, + 0644); + if (fd < 0) { +- return -errno; ++ result = -errno; ++ goto exit; + } + + /* We need enough blocks to store the given disk size, +@@ -947,6 +973,7 @@ + result = -errno; + } + ++exit: + return result; + } + +Index: qemu-kvm-1.0+noroms/block/vpc.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/vpc.c 2014-05-12 09:15:53.781143849 -0400 ++++ qemu-kvm-1.0+noroms/block/vpc.c 2014-05-12 09:15:53.777143849 -0400 +@@ -42,6 +42,8 @@ + // Seconds since Jan 1, 2000 0:00:00 (UTC) + #define VHD_TIMESTAMP_BASE 946684800 + ++#define VHD_MAX_SECTORS (65535LL * 255 * 255) ++ + // always big-endian + struct vhd_footer { + char creator[8]; // "conectix" +@@ -160,6 +162,7 @@ + struct vhd_dyndisk_header* dyndisk_header; + uint8_t buf[HEADER_SIZE]; + uint32_t checksum; ++ uint64_t computed_size; + int err = -1; + + if (bdrv_pread(bs->file, 0, s->footer_buf, HEADER_SIZE) != HEADER_SIZE) +@@ -181,7 +184,7 @@ + bs->total_sectors = (int64_t) + be16_to_cpu(footer->cyls) * footer->heads * footer->secs_per_cyl; + +- if (bs->total_sectors >= 65535 * 16 * 255) { ++ if (bs->total_sectors >= VHD_MAX_SECTORS) { + err = -EFBIG; + goto fail; + } +@@ -205,7 +208,23 @@ + s->bitmap_size = ((s->block_size / (8 * 512)) + 511) & ~511; + + s->max_table_entries = be32_to_cpu(dyndisk_header->max_table_entries); +- s->pagetable = g_malloc(s->max_table_entries * 4); ++ ++ if ((bs->total_sectors * 512) / s->block_size > 0xffffffffU) { ++ err = -EINVAL; ++ goto fail; ++ } ++ if (s->max_table_entries > (VHD_MAX_SECTORS * 512) / s->block_size) { ++ err = -EINVAL; ++ goto fail; ++ } ++ ++ computed_size = (uint64_t) s->max_table_entries * s->block_size; ++ if (computed_size < bs->total_sectors * 512) { ++ err = -EINVAL; ++ goto fail; ++ } ++ ++ s->pagetable = qemu_blockalign(bs, s->max_table_entries * 4); + + s->bat_offset = be64_to_cpu(dyndisk_header->table_offset); + if (bdrv_pread(bs->file, s->bat_offset, s->pagetable, +@@ -665,7 +684,7 @@ + static void vpc_close(BlockDriverState *bs) + { + BDRVVPCState *s = bs->opaque; +- g_free(s->pagetable); ++ qemu_vfree(s->pagetable); + #ifdef CACHE + g_free(s->pageentry_u8); + #endif --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0145.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0145.patch @@ -0,0 +1,110 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=c165f7758009a4f793c1fc19ebb69cf55313450b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=c05e4667be91b46ab42b5a11babf8e84d476cc6b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=f0dce23475b5af5da6b17b97c1765271307734b6 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730 + +Index: qemu-kvm-1.0+noroms/block/dmg.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/dmg.c 2014-05-12 09:50:06.781198826 -0400 ++++ qemu-kvm-1.0+noroms/block/dmg.c 2014-05-12 09:50:36.641199626 -0400 +@@ -27,6 +27,14 @@ + #include "module.h" + #include + ++enum { ++ /* Limit chunk sizes to prevent unreasonable amounts of memory being used ++ * or truncating when converting to 32-bit types ++ */ ++ DMG_LENGTHS_MAX = 64 * 1024 * 1024, /* 64 MB */ ++ DMG_SECTORCOUNTS_MAX = DMG_LENGTHS_MAX / 512, ++}; ++ + typedef struct BDRVDMGState { + CoMutex lock; + /* each chunk contains a certain number of sectors, +@@ -73,6 +81,37 @@ + return be32_to_cpu(buffer); + } + ++/* Increase max chunk sizes, if necessary. This function is used to calculate ++ * the buffer sizes needed for compressed/uncompressed chunk I/O. ++ */ ++static void update_max_chunk_size(BDRVDMGState *s, uint32_t chunk, ++ uint32_t *max_compressed_size, ++ uint32_t *max_sectors_per_chunk) ++{ ++ uint32_t compressed_size = 0; ++ uint32_t uncompressed_sectors = 0; ++ ++ switch (s->types[chunk]) { ++ case 0x80000005: /* zlib compressed */ ++ compressed_size = s->lengths[chunk]; ++ uncompressed_sectors = s->sectorcounts[chunk]; ++ break; ++ case 1: /* copy */ ++ uncompressed_sectors = (s->lengths[chunk] + 511) / 512; ++ break; ++ case 2: /* zero */ ++ uncompressed_sectors = s->sectorcounts[chunk]; ++ break; ++ } ++ ++ if (compressed_size > *max_compressed_size) { ++ *max_compressed_size = compressed_size; ++ } ++ if (uncompressed_sectors > *max_sectors_per_chunk) { ++ *max_sectors_per_chunk = uncompressed_sectors; ++ } ++} ++ + static int dmg_open(BlockDriverState *bs, int flags) + { + BDRVDMGState *s = bs->opaque; +@@ -155,16 +194,28 @@ + s->sectorcounts[i] = read_off(bs, offset); + offset += 8; + ++ if (s->sectorcounts[i] > DMG_SECTORCOUNTS_MAX) { ++ error_report("sector count %" PRIu64 " for chunk %u is " ++ "larger than max (%u)", ++ s->sectorcounts[i], i, DMG_SECTORCOUNTS_MAX); ++ goto fail; ++ } ++ + s->offsets[i] = last_in_offset+read_off(bs, offset); + offset += 8; + + s->lengths[i] = read_off(bs, offset); + offset += 8; + +- if(s->lengths[i]>max_compressed_size) +- max_compressed_size = s->lengths[i]; +- if(s->sectorcounts[i]>max_sectors_per_chunk) +- max_sectors_per_chunk = s->sectorcounts[i]; ++ if (s->lengths[i] > DMG_LENGTHS_MAX) { ++ error_report("length %" PRIu64 " for chunk %u is larger " ++ "than max (%u)", ++ s->lengths[i], i, DMG_LENGTHS_MAX); ++ goto fail; ++ } ++ ++ update_max_chunk_size(s, i, &max_compressed_size, ++ &max_sectors_per_chunk); + } + s->n_chunks+=chunk_count; + } +Index: qemu-kvm-1.0+noroms/block/qcow2-snapshot.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-snapshot.c 2014-05-12 09:50:06.781198826 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-snapshot.c 2014-05-12 09:50:06.773198826 -0400 +@@ -434,7 +434,7 @@ + + sn = &s->snapshots[snapshot_index]; + s->l1_size = sn->l1_size; +- l1_size2 = s->l1_size * sizeof(uint64_t); ++ l1_size2 = sn->l1_size * sizeof(uint64_t); + if (s->l1_table != NULL) { + g_free(s->l1_table); + } --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0146.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0146.patch @@ -0,0 +1,31 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742730 + +Index: qemu-kvm-1.0+noroms/block/qcow2.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.c 2014-05-12 09:38:24.253180013 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.c 2014-05-12 09:39:28.757181741 -0400 +@@ -270,9 +270,6 @@ + goto fail; + } + +- s->snapshots_offset = header.snapshots_offset; +- s->nb_snapshots = header.nb_snapshots; +- + /* read the level 1 table */ + if (header.l1_size > QCOW_MAX_L1_SIZE) { + fprintf(stderr, "Active L1 table too large"); +@@ -360,6 +357,11 @@ + } + bs->backing_file[len] = '\0'; + } ++ ++ /* Internal snapshots */ ++ s->snapshots_offset = header.snapshots_offset; ++ s->nb_snapshots = header.nb_snapshots; ++ + if (qcow2_read_snapshots(bs) < 0) { + ret = -EINVAL; + goto fail; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0147.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0147.patch @@ -0,0 +1,177 @@ +Description: fix denial of service and possible code exection via + incorrect image format validation +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=246f65838d19db6db55bfb41117c35645a2c4789 +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=b106ad9185f35fc4ad669555ad0e79e276083bd7 + +Index: qemu-kvm-1.0+noroms/block/bochs.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/bochs.c 2014-05-12 09:40:09.721182838 -0400 ++++ qemu-kvm-1.0+noroms/block/bochs.c 2014-05-12 09:40:32.069183436 -0400 +@@ -82,13 +82,13 @@ + typedef struct BDRVBochsState { + CoMutex lock; + uint32_t *catalog_bitmap; +- int catalog_size; ++ uint32_t catalog_size; + +- int data_offset; ++ uint32_t data_offset; + +- int bitmap_blocks; +- int extent_blocks; +- int extent_size; ++ uint32_t bitmap_blocks; ++ uint32_t extent_blocks; ++ uint32_t extent_size; + } BDRVBochsState; + + static int bochs_probe(const uint8_t *buf, int buf_size, const char *filename) +@@ -111,7 +111,7 @@ + static int bochs_open(BlockDriverState *bs, int flags) + { + BDRVBochsState *s = bs->opaque; +- int i; ++ uint32_t i; + struct bochs_header bochs; + struct bochs_header_v1 header_v1; + +@@ -180,8 +180,8 @@ + static int64_t seek_to_sector(BlockDriverState *bs, int64_t sector_num) + { + BDRVBochsState *s = bs->opaque; +- int64_t offset = sector_num * 512; +- int64_t extent_index, extent_offset, bitmap_offset; ++ uint64_t offset = sector_num * 512; ++ uint64_t extent_index, extent_offset, bitmap_offset; + char bitmap_entry; + + // seek to sector +Index: qemu-kvm-1.0+noroms/block/qcow2-refcount.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2-refcount.c 2014-05-12 09:40:09.757182839 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2-refcount.c 2014-05-12 09:45:19.209191126 -0400 +@@ -191,10 +191,11 @@ + * they can describe them themselves. + * + * - We need to consider that at this point we are inside update_refcounts +- * and doing the initial refcount increase. This means that some clusters +- * have already been allocated by the caller, but their refcount isn't +- * accurate yet. free_cluster_index tells us where this allocation ends +- * as long as we don't overwrite it by freeing clusters. ++ * and potentially doing an initial refcount increase. This means that ++ * some clusters have already been allocated by the caller, but their ++ * refcount isn't accurate yet. If we allocate clusters for metadata, we ++ * need to return -EAGAIN to signal the caller that it needs to restart ++ * the search for free clusters. + * + * - alloc_clusters_noref and qcow2_free_clusters may load a different + * refcount block into the cache +@@ -272,7 +273,10 @@ + } + + s->refcount_table[refcount_table_index] = new_block; +- return 0; ++ ++ /* The new refcount block may be where the caller intended to put its ++ * data, so let it restart the search. */ ++ return -EAGAIN; + } + + ret = qcow2_cache_put(bs, s->refcount_block_cache, (void**) refcount_block); +@@ -295,8 +299,7 @@ + + /* Calculate the number of refcount blocks needed so far */ + uint64_t refcount_block_clusters = 1 << (s->cluster_bits - REFCOUNT_SHIFT); +- uint64_t blocks_used = (s->free_cluster_index + +- refcount_block_clusters - 1) / refcount_block_clusters; ++ uint64_t blocks_used = DIV_ROUND_UP(cluster_index, refcount_block_clusters); + + /* And now we need at least one block more for the new metadata */ + uint64_t table_size = next_refcount_table_size(s, blocks_used + 1); +@@ -328,8 +331,6 @@ + uint16_t *new_blocks = g_malloc0(blocks_clusters * s->cluster_size); + uint64_t *new_table = g_malloc0(table_size * sizeof(uint64_t)); + +- assert(meta_offset >= (s->free_cluster_index * s->cluster_size)); +- + /* Fill the new refcount table */ + memcpy(new_table, s->refcount_table, + s->refcount_table_size * sizeof(uint64_t)); +@@ -392,17 +393,18 @@ + s->refcount_table_size = table_size; + s->refcount_table_offset = table_offset; + +- /* Free old table. Remember, we must not change free_cluster_index */ +- uint64_t old_free_cluster_index = s->free_cluster_index; ++ /* Free old table. */ + qcow2_free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t)); +- s->free_cluster_index = old_free_cluster_index; + + ret = load_refcount_block(bs, new_block, (void**) refcount_block); + if (ret < 0) { + return ret; + } + +- return new_block; ++ /* If we were trying to do the initial refcount update for some cluster ++ * allocation, we might have used the same clusters to store newly ++ * allocated metadata. Make the caller search some new space. */ ++ return -EAGAIN; + + fail_table: + g_free(new_table); +@@ -571,10 +573,14 @@ + int ret; + + BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC); +- offset = alloc_clusters_noref(bs, size); +- if (offset < 0) { +- return offset; +- } ++ do { ++ offset = alloc_clusters_noref(bs, size); ++ if (offset < 0) { ++ return offset; ++ } ++ ++ ret = update_refcount(bs, offset, size, 1); ++ } while (ret == -EAGAIN); + + ret = update_refcount(bs, offset, size, 1); + if (ret < 0) { +Index: qemu-kvm-1.0+noroms/block/qcow2.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow2.c 2014-05-12 09:40:09.833182841 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow2.c 2014-05-12 09:40:32.073183436 -0400 +@@ -936,7 +936,7 @@ + */ + BlockDriverState* bs; + QCowHeader header; +- uint8_t* refcount_table; ++ uint64_t* refcount_table; + int ret; + + ret = bdrv_create_file(filename, options); +@@ -971,9 +971,10 @@ + goto out; + } + +- /* Write an empty refcount table */ +- refcount_table = g_malloc0(cluster_size); +- ret = bdrv_pwrite(bs, cluster_size, refcount_table, cluster_size); ++ /* Write a refcount table with one refcount block */ ++ refcount_table = g_malloc0(2 * cluster_size); ++ refcount_table[0] = cpu_to_be64(2 * cluster_size); ++ ret = bdrv_pwrite(bs, cluster_size, refcount_table, 2 * cluster_size); + g_free(refcount_table); + + if (ret < 0) { +@@ -995,7 +996,7 @@ + goto out; + } + +- ret = qcow2_alloc_clusters(bs, 2 * cluster_size); ++ ret = qcow2_alloc_clusters(bs, 3 * cluster_size); + if (ret < 0) { + goto out; + --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0150.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0150.patch @@ -0,0 +1,49 @@ +Backport of: + +From edc243851279e3393000b28b6b69454cae1190ef Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Fri, 11 Apr 2014 15:18:08 +0300 +Subject: [PATCH] virtio-net: fix guest-triggerable buffer overrun + +When VM guest programs multicast addresses for +a virtio net card, it supplies a 32 bit +entries counter for the number of addresses. +These addresses are read into tail portion of +a fixed macs array which has size MAC_TABLE_ENTRIES, +at offset equal to in_use. + +To avoid overflow of this array by guest, qemu attempts +to test the size as follows: +- if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { + +however, as mac_data.entries is uint32_t, this sum +can overflow, e.g. if in_use is 1 and mac_data.entries +is 0xffffffff then in_use + mac_data.entries will be 0. + +Qemu will then read guest supplied buffer into this +memory, overflowing buffer on heap. + +CVE-2014-0150 + +Cc: qemu-stable@nongnu.org +Signed-off-by: Michael S. Tsirkin +Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com +Reviewed-by: Michael Tokarev +Signed-off-by: Peter Maydell +--- + hw/net/virtio-net.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.2.0+noroms/hw/virtio-net.c +=================================================================== +--- qemu-kvm-1.2.0+noroms.orig/hw/virtio-net.c 2014-04-25 16:34:10.268169215 -0400 ++++ qemu-kvm-1.2.0+noroms/hw/virtio-net.c 2014-04-25 16:34:56.688169967 -0400 +@@ -366,7 +366,7 @@ + return VIRTIO_NET_ERR; + + if (mac_data.entries) { +- if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { ++ if (mac_data.entries <= MAC_TABLE_ENTRIES - n->mac_table.in_use) { + memcpy(n->mac_table.macs + (n->mac_table.in_use * ETH_ALEN), + elem->out_sg[2].iov_base + sizeof(mac_data), + mac_data.entries * ETH_ALEN); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0182.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0182.patch @@ -0,0 +1,38 @@ +Description: fix out-of-bounds buffer write on state load with invalid config_len +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=2f5732e9648fcddc8759a8fd25c0b41a38352be6 + +Index: qemu-kvm-1.0+noroms/hw/virtio.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/virtio.c 2014-08-12 13:15:05.462781423 -0400 ++++ qemu-kvm-1.0+noroms/hw/virtio.c 2014-08-12 13:16:04.850782386 -0400 +@@ -807,6 +807,7 @@ + int virtio_load(VirtIODevice *vdev, QEMUFile *f) + { + int i, ret; ++ int32_t config_len; + uint32_t num; + uint32_t features; + uint32_t supported_features; +@@ -831,8 +832,19 @@ + features, supported_features); + return -1; + } +- vdev->config_len = qemu_get_be32(f); +- qemu_get_buffer(f, vdev->config, vdev->config_len); ++ config_len = qemu_get_be32(f); ++ ++ /* ++ * There are cases where the incoming config can be bigger or smaller ++ * than what we have; so load what we have space for, and skip ++ * any excess that's in the stream. ++ */ ++ qemu_get_buffer(f, vdev->config, MIN(config_len, vdev->config_len)); ++ ++ while (config_len > vdev->config_len) { ++ qemu_get_byte(f); ++ config_len--; ++ } + + num = qemu_get_be32(f); + --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0222.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0222.patch @@ -0,0 +1,44 @@ +Backport of: + +From 42eb58179b3b215bb507da3262b682b8a2ec10b5 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 15 May 2014 16:10:11 +0200 +Subject: [PATCH] qcow1: Validate L2 table size (CVE-2014-0222) + +Too large L2 table sizes cause unbounded allocations. Images actually +created by qemu-img only have 512 byte or 4k L2 tables. + +To keep things consistent with cluster sizes, allow ranges between 512 +bytes and 64k (in fact, down to 1 entry = 8 bytes is technically +working, but L2 table sizes smaller than a cluster don't make a lot of +sense). + +This also means that the number of bytes on the virtual disk that are +described by the same L2 table is limited to at most 8k * 64k or 2^29, +preventively avoiding any integer overflows. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Reviewed-by: Benoit Canet +--- + block/qcow.c | 8 ++++++++ + tests/qemu-iotests/092 | 15 +++++++++++++++ + tests/qemu-iotests/092.out | 11 +++++++++++ + 3 files changed, 34 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/block/qcow.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow.c 2014-08-12 13:16:44.266783025 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow.c 2014-08-12 13:18:50.322785068 -0400 +@@ -113,6 +113,11 @@ + goto fail; + if (header.size <= 1 || header.cluster_bits < 9) + goto fail; ++ /* l2_bits specifies number of entries; storing a uint64_t in each entry, ++ * so bytes = num_entries << 3. */ ++ if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) { ++ goto fail; ++ } + if (header.crypt_method > QCOW_CRYPT_AES) + goto fail; + s->crypt_method_header = header.crypt_method; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-0223.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-0223.patch @@ -0,0 +1,52 @@ +Backport of: + +From 46485de0cb357b57373e1ca895adedf1f3ed46ec Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 8 May 2014 13:08:20 +0200 +Subject: [PATCH] qcow1: Validate image size (CVE-2014-0223) + +A huge image size could cause s->l1_size to overflow. Make sure that +images never require a L1 table larger than what fits in s->l1_size. + +This cannot only cause unbounded allocations, but also the allocation of +a too small L1 table, resulting in out-of-bounds array accesses (both +reads and writes). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +--- + block/qcow.c | 16 ++++++++++++++-- + tests/qemu-iotests/092 | 9 +++++++++ + tests/qemu-iotests/092.out | 7 +++++++ + 3 files changed, 30 insertions(+), 2 deletions(-) + +Index: qemu-kvm-1.0+noroms/block/qcow.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/qcow.c 2014-08-12 13:22:42.674788835 -0400 ++++ qemu-kvm-1.0+noroms/block/qcow.c 2014-08-12 13:22:42.666788835 -0400 +@@ -60,7 +60,7 @@ + int cluster_sectors; + int l2_bits; + int l2_size; +- int l1_size; ++ unsigned int l1_size; + uint64_t cluster_offset_mask; + uint64_t l1_table_offset; + uint64_t *l1_table; +@@ -133,7 +133,15 @@ + + /* read the level 1 table */ + shift = s->cluster_bits + s->l2_bits; +- s->l1_size = (header.size + (1LL << shift) - 1) >> shift; ++ if (header.size > UINT64_MAX - (1LL << shift)) { ++ goto fail; ++ } else { ++ uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift; ++ if (l1_size > INT_MAX / sizeof(uint64_t)) { ++ goto fail; ++ } ++ s->l1_size = l1_size; ++ } + + s->l1_table_offset = header.l1_table_offset; + s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t)); --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-2894.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-2894.patch @@ -0,0 +1,37 @@ +Backport of: + +From 940973ae0b45c9b6817bab8e4cf4df99a9ef83d7 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Beno=C3=AEt=20Canet?= +Date: Sat, 12 Apr 2014 22:59:50 +0200 +Subject: [PATCH] ide: Correct improper smart self test counter reset in ide core. + +The SMART self test counter was incorrectly being reset to zero, +not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE: + * We would write off the beginning of a dynamically allocated buffer + * We forgot the SMART history +Fix this. + +Signed-off-by: Benoit Canet +Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net +Reviewed-by: Markus Armbruster +Cc: qemu-stable@nongnu.org +Acked-by: Kevin Wolf +[PMM: tweaked commit message as per suggestions from Markus] +Signed-off-by: Peter Maydell +--- + hw/ide/core.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/ide/core.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/ide/core.c 2014-04-25 17:36:33.808229903 -0400 ++++ qemu-kvm-1.0+noroms/hw/ide/core.c 2014-04-25 17:36:33.776229903 -0400 +@@ -1472,7 +1472,7 @@ + case 2: /* extended self test */ + s->smart_selftest_count++; + if(s->smart_selftest_count > 21) +- s->smart_selftest_count = 0; ++ s->smart_selftest_count = 1; + n = 2 + (s->smart_selftest_count - 1) * 24; + s->smart_selftest_data[n] = s->sector; + s->smart_selftest_data[n+1] = 0x00; /* OK and finished */ --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-3461.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-3461.patch @@ -0,0 +1,38 @@ +Backport of: + +From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin +Date: Tue, 13 May 2014 12:33:16 +0300 +Subject: [PATCH] usb: fix up post load checks + +Correct post load checks: +1. dev->setup_len == sizeof(dev->data_buf) + seems fine, no need to fail migration +2. When state is DATA, passing index > len + will cause memcpy with negative length, + resulting in heap overflow + +First of the issues was reported by dgilbert. + +Reported-by: "Dr. David Alan Gilbert" +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Juan Quintela +--- + hw/usb/bus.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +Index: qemu-kvm-1.0+noroms/hw/usb-bus.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/usb-bus.c 2014-08-12 13:22:42.534788833 -0400 ++++ qemu-kvm-1.0+noroms/hw/usb-bus.c 2014-08-12 13:23:13.778789339 -0400 +@@ -31,8 +31,8 @@ + + if (dev->setup_index < 0 || + dev->setup_len < 0 || +- dev->setup_index >= sizeof(dev->data_buf) || +- dev->setup_len >= sizeof(dev->data_buf)) { ++ dev->setup_index > dev->setup_len || ++ dev->setup_len > sizeof(dev->data_buf)) { + return -EINVAL; + } + return 0; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-3640.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-3640.patch @@ -0,0 +1,39 @@ +From 01f7cecf0037997cb0e58ec0d56bf9b5a6f7cb2a Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Thu, 18 Sep 2014 08:35:37 +0200 +Subject: [PATCH] slirp: udp: fix NULL pointer dereference because of uninitialized socket + +When guest sends udp packet with source port and source addr 0, +uninitialized socket is picked up when looking for matching and already +created udp sockets, and later passed to sosendto() where NULL pointer +dereference is hit during so->slirp->vnetwork_mask.s_addr access. + +Fix this by checking that the socket is not just a socket stub. + +This is CVE-2014-3640. + +Signed-off-by: Petr Matousek +Reported-by: Xavier Mehrenberger +Reported-by: Stephane Duverger +Reviewed-by: Jan Kiszka +Reviewed-by: Michael S. Tsirkin +Reviewed-by: Michael Tokarev +Message-id: 20140918063537.GX9321@dhcp-25-225.brq.redhat.com +Signed-off-by: Peter Maydell +--- + slirp/udp.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/slirp/udp.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/slirp/udp.c 2014-11-11 15:18:04.444847849 -0500 ++++ qemu-kvm-1.0+noroms/slirp/udp.c 2014-11-11 15:18:04.404847554 -0500 +@@ -144,7 +144,7 @@ + * Locate pcb for datagram. + */ + so = slirp->udp_last_so; +- if (so->so_lport != uh->uh_sport || ++ if (so == &slirp->udb || so->so_lport != uh->uh_sport || + so->so_laddr.s_addr != ip->ip_src.s_addr) { + struct socket *tmp; + --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-3689.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-3689.patch @@ -0,0 +1,201 @@ +Description: fix possible privilege escalation via vmware-vga driver +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=07258900fd45b646f5b69048d64c4490b3243e1b +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=1735fe1edba9cc86bc0f26937ed5a62d3cb47c9c +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=61b41b4c20eba08d2185297767e69153d7f3e09d +Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=bd9ccd8517e83b7c33a9167815dbfffb30d70b13 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765496 + +Index: qemu-kvm-1.0+noroms/hw/vmware_vga.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/vmware_vga.c 2014-11-11 15:17:16.788495193 -0500 ++++ qemu-kvm-1.0+noroms/hw/vmware_vga.c 2014-11-11 15:25:21.440071356 -0500 +@@ -288,6 +288,57 @@ + SVGA_CURSOR_ON_RESTORE_TO_FB = 3, + }; + ++static inline bool vmsvga_verify_rect(struct vmsvga_state_s *s, ++ const char *name, ++ int x, int y, int w, int h) ++{ ++ if (x < 0) { ++ fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); ++ return false; ++ } ++ if (x > SVGA_MAX_WIDTH) { ++ fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); ++ return false; ++ } ++ if (w < 0) { ++ fprintf(stderr, "%s: w was < 0 (%d)\n", name, w); ++ return false; ++ } ++ if (w > SVGA_MAX_WIDTH) { ++ fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w); ++ return false; ++ } ++ if (x + w > s->width) { ++ fprintf(stderr, "%s: width was > %d (x: %d, w: %d)\n", ++ name, s->width, x, w); ++ return false; ++ } ++ ++ if (y < 0) { ++ fprintf(stderr, "%s: y was < 0 (%d)\n", name, y); ++ return false; ++ } ++ if (y > SVGA_MAX_HEIGHT) { ++ fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y); ++ return false; ++ } ++ if (h < 0) { ++ fprintf(stderr, "%s: h was < 0 (%d)\n", name, h); ++ return false; ++ } ++ if (h > SVGA_MAX_HEIGHT) { ++ fprintf(stderr, "%s: h was > %d (%d)\n", name, SVGA_MAX_HEIGHT, h); ++ return false; ++ } ++ if (y + h > s->height) { ++ fprintf(stderr, "%s: update height > %d (y: %d, h: %d)\n", ++ name, s->height, y, h); ++ return false; ++ } ++ ++ return true; ++} ++ + static inline void vmsvga_update_rect(struct vmsvga_state_s *s, + int x, int y, int w, int h) + { +@@ -298,36 +349,11 @@ + uint8_t *src; + uint8_t *dst; + +- if (x < 0) { +- fprintf(stderr, "%s: update x was < 0 (%d, w %d)\n", +- __FUNCTION__, x, w); +- w += x; +- if (w < 0) { +- return; +- } ++ if (!vmsvga_verify_rect(s, __func__, x, y, w, h)) { ++ /* go for a fullscreen update as fallback */ + x = 0; +- } +- if (y < 0) { +- fprintf(stderr, "%s: update y was < 0 (%d, h %d)\n", +- __FUNCTION__, y, h); +- h += y; +- if (h < 0) { +- return; +- } +- y = 0; +- } +- if (x + w > s->width) { +- fprintf(stderr, "%s: update width too large x: %d, w: %d\n", +- __FUNCTION__, x, w); +- x = MIN(x, s->width); +- w = s->width - x; +- } +- +- if (y + h > s->height) { +- fprintf(stderr, "%s: update height too large y: %d, h: %d\n", +- __FUNCTION__, y, h); +- y = MIN(y, s->height); +- h = s->height - y; ++ w = s->width; ++ h = s->height; + } + + line = h; +@@ -378,7 +404,7 @@ + } + + #ifdef HW_RECT_ACCEL +-static inline void vmsvga_copy_rect(struct vmsvga_state_s *s, ++static inline int vmsvga_copy_rect(struct vmsvga_state_s *s, + int x0, int y0, int x1, int y1, int w, int h) + { + uint8_t *vram = s->vga.vram_ptr; +@@ -387,6 +413,13 @@ + int line = h; + uint8_t *ptr[2]; + ++ if (!vmsvga_verify_rect(s, "vmsvga_copy_rect/src", x0, y0, w, h)) { ++ return -1; ++ } ++ if (!vmsvga_verify_rect(s, "vmsvga_copy_rect/dst", x1, y1, w, h)) { ++ return -1; ++ } ++ + if (y1 > y0) { + ptr[0] = vram + s->bypp * x0 + bypl * (y0 + h - 1); + ptr[1] = vram + s->bypp * x1 + bypl * (y1 + h - 1); +@@ -402,11 +435,12 @@ + } + + vmsvga_update_rect_delayed(s, x1, y1, w, h); ++ return 0; + } + #endif + + #ifdef HW_FILL_ACCEL +-static inline void vmsvga_fill_rect(struct vmsvga_state_s *s, ++static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, + uint32_t c, int x, int y, int w, int h) + { + uint8_t *vram = s->vga.vram_ptr; +@@ -420,6 +454,10 @@ + uint8_t *src; + uint8_t col[4]; + ++ if (!vmsvga_verify_rect(s, __func__, x, y, w, h)) { ++ return -1; ++ } ++ + col[0] = c; + col[1] = c >> 8; + col[2] = c >> 16; +@@ -442,6 +480,7 @@ + } + + vmsvga_update_rect_delayed(s, x, y, w, h); ++ return 0; + } + #endif + +@@ -568,12 +607,12 @@ + width = vmsvga_fifo_read(s); + height = vmsvga_fifo_read(s); + #ifdef HW_FILL_ACCEL +- vmsvga_fill_rect(s, colour, x, y, width, height); +- break; +-#else ++ if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { ++ break; ++ } ++#endif + args = 0; + goto badcmd; +-#endif + + case SVGA_CMD_RECT_COPY: + len -= 7; +@@ -587,12 +626,12 @@ + width = vmsvga_fifo_read(s); + height = vmsvga_fifo_read(s); + #ifdef HW_RECT_ACCEL +- vmsvga_copy_rect(s, x, y, dx, dy, width, height); +- break; +-#else ++ if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { ++ break; ++ } ++#endif + args = 0; + goto badcmd; +-#endif + + case SVGA_CMD_DEFINE_CURSOR: + len -= 8; --- qemu-kvm-1.0+noroms.orig/debian/patches/CVE-2014-7815.patch +++ qemu-kvm-1.0+noroms/debian/patches/CVE-2014-7815.patch @@ -0,0 +1,47 @@ +Backport of: + +From e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Mon, 27 Oct 2014 12:41:44 +0100 +Subject: [PATCH] vnc: sanitize bits_per_pixel from the client + +bits_per_pixel that are less than 8 could result in accessing +non-initialized buffers later in the code due to the expectation +that bytes_per_pixel value that is used to initialize these buffers is +never zero. + +To fix this check that bits_per_pixel from the client is one of the +values that the rfb protocol specification allows. + +This is CVE-2014-7815. + +Signed-off-by: Petr Matousek + +[ kraxel: apply codestyle fix ] + +Signed-off-by: Gerd Hoffmann +--- + ui/vnc.c | 10 ++++++++++ + 1 files changed, 10 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/ui/vnc.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/ui/vnc.c 2014-11-11 15:26:51.608734291 -0500 ++++ qemu-kvm-1.0+noroms/ui/vnc.c 2014-11-11 15:27:13.564895608 -0500 +@@ -1827,6 +1827,16 @@ + return; + } + ++ switch (bits_per_pixel) { ++ case 8: ++ case 16: ++ case 32: ++ break; ++ default: ++ vnc_client_error(vs); ++ return; ++ } ++ + vs->clientds = *(vs->vd->guest.ds); + vs->clientds.pf.rmax = red_max; + vs->clientds.pf.rbits = hweight_long(red_max); --- qemu-kvm-1.0+noroms.orig/debian/patches/block_vd_zero_unused_parts +++ qemu-kvm-1.0+noroms/debian/patches/block_vd_zero_unused_parts @@ -0,0 +1,57 @@ +commit 641543b76b82a8b361482b727e08de0c8ec093b0 +Author: Stefan Weil +Date: Sat Jan 21 13:54:24 2012 +0100 + + block/vdi: Zero unused parts when allocating a new block (fix #919242) + + The new block was filled with zero when it was allocated by g_malloc0, + but when it was reused later and only partially used, data from the + previously allocated block were still present and written to the new + block. + + This caused the problems reported by bug #919242 + (https://bugs.launchpad.net/qemu/+bug/919242). + + Now the unused parts of the new block which are before and after the data + are always filled with zero, so it is no longer necessary to zero the whole + block with g_malloc0. + + I also updated the copyright comment. + + Signed-off-by: Stefan Weil + Signed-off-by: Kevin Wolf + +Index: qemu-kvm-1.0+noroms/block/vdi.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/vdi.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/block/vdi.c 2012-02-20 13:32:52.659521202 -0600 +@@ -1,7 +1,7 @@ + /* + * Block driver for the Virtual Disk Image (VDI) format + * +- * Copyright (c) 2009 Stefan Weil ++ * Copyright (c) 2009, 2012 Stefan Weil + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -774,15 +774,19 @@ + (uint64_t)bmap_entry * s->block_sectors; + block = acb->block_buffer; + if (block == NULL) { +- block = g_malloc0(s->block_size); ++ block = g_malloc(s->block_size); + acb->block_buffer = block; + acb->bmap_first = block_index; + assert(!acb->header_modified); + acb->header_modified = 1; + } + acb->bmap_last = block_index; ++ /* Copy data to be written to new block and zero unused parts. */ ++ memset(block, 0, sector_in_block * SECTOR_SIZE); + memcpy(block + sector_in_block * SECTOR_SIZE, + acb->buf, n_sectors * SECTOR_SIZE); ++ memset(block + (sector_in_block + n_sectors) * SECTOR_SIZE, 0, ++ (s->block_sectors - n_sectors - sector_in_block) * SECTOR_SIZE); + acb->hd_iov.iov_base = (void *)block; + acb->hd_iov.iov_len = s->block_size; + qemu_iovec_init_external(&acb->hd_qiov, &acb->hd_iov, 1); --- qemu-kvm-1.0+noroms.orig/debian/patches/call-madv-hugepage-for-guest-ram-allocations.patch +++ qemu-kvm-1.0+noroms/debian/patches/call-madv-hugepage-for-guest-ram-allocations.patch @@ -0,0 +1,39 @@ +From ad0b5321f1f797274603ebbe20108b0750baee94 +From: Luiz Capitulino +Date: Fri Oct 5 16:47:57 2012 -0300 +Subject: [PATCH] Call MADV_HUGEPAGE for guest RAM allocations + +This makes it possible for QEMU to use transparent huge pages (THP) +when transparent_hugepage/enabled=madvise. Otherwise THP is only +used when it's enabled system wide. + +Signed-off-by: Luiz Capitulino +Signed-off-by: Anthony Liguori +(backported from commit ad0b5321f1f797274603ebbe20108b0750baee94) +Signed-off-by: Chris J Arges + +--- a/exec.c ++++ b/exec.c +@@ -2990,6 +2990,8 @@ ram_addr_t qemu_ram_alloc_from_ptr(Devic + memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS), + 0xff, size >> TARGET_PAGE_BITS); + ++ qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE); ++ + if (kvm_enabled()) + kvm_setup_guest_memory(new_block->host, size); + +--- a/osdep.h ++++ b/osdep.h +@@ -102,6 +102,11 @@ void qemu_vfree(void *ptr); + #else + #define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID + #endif ++#ifdef MADV_HUGEPAGE ++#define QEMU_MADV_HUGEPAGE MADV_HUGEPAGE ++#else ++#define QEMU_MADV_HUGEPAGE QEMU_MADV_INVALID ++#endif + + #elif defined(CONFIG_POSIX_MADVISE) + --- qemu-kvm-1.0+noroms.orig/debian/patches/define-qemu-kvm-mt +++ qemu-kvm-1.0+noroms/debian/patches/define-qemu-kvm-mt @@ -0,0 +1,46 @@ +Description: Define pc-1.0-qemu-kvm machine type + With alias "pc-1.-precise". This is identical to the pc-1.0 machine + type (in this qemu-kvm package). This ensures that any new machines + created on 12.04 hosts with the default machine type will be named + differently from the (architecturally different) pc-1.0 machine type + as known in 14.04 and later, making live migration from 12.04 to + 14.04 hosts easier. +Author: Serge Hallyn +Forwarded: no +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1374612 + +Index: qemu-kvm-1.0+noroms/hw/pc_piix.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/pc_piix.c ++++ qemu-kvm-1.0+noroms/hw/pc_piix.c +@@ -315,7 +315,6 @@ static QEMUMachine pc_machine_v1_0 = { + .desc = "Standard PC", + .init = pc_init_pci, + .max_cpus = 255, +- .is_default = 1, + }; + + static QEMUMachine pc_machine_v0_14 = { +@@ -581,3 +580,22 @@ static void pc_machine_init(void) + } + + machine_init(pc_machine_init); ++ ++/* ubuntu machine types */ ++ ++static QEMUMachine pc_machine_precise = { ++ .name = "pc-1.0-qemu-kvm", ++ .desc = "Ubuntu 12.04 Standard PC", ++ .alias = "pc-1.0-precise", ++ .is_default = 1, ++ .init = pc_init_pci, ++ .max_cpus = 255, ++}; ++ ++ ++static void ubuntu_machine_init(void) ++{ ++ qemu_register_machine(&pc_machine_precise); ++} ++ ++machine_init(ubuntu_machine_init); --- qemu-kvm-1.0+noroms.orig/debian/patches/define_AT_EMPTY_PATH.patch +++ qemu-kvm-1.0+noroms/debian/patches/define_AT_EMPTY_PATH.patch @@ -0,0 +1,45 @@ +Description: make sure AT_EMPTHY_PATH is defined + It was being defined inside an ifdef but used outside of it. The define + could also come from linux/fcntl.h. +Author: Serge Hallyn +Forwarded: no +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/930181 + +Index: qemu-kvm-1.0+noroms/hw/9pfs/virtio-9p-handle.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/9pfs/virtio-9p-handle.c 2012-02-15 16:16:14.366113845 -0600 ++++ qemu-kvm-1.0+noroms/hw/9pfs/virtio-9p-handle.c 2012-02-15 16:51:41.919393042 -0600 +@@ -45,6 +45,16 @@ + int handle_bytes; + }; + ++#ifndef AT_REMOVEDIR ++#define AT_REMOVEDIR 0x200 ++#endif ++#ifndef AT_EMPTY_PATH ++#define AT_EMPTY_PATH 0x1000 /* Allow empty relative pathname */ ++#endif ++#ifndef O_PATH ++#define O_PATH 010000000 ++#endif ++ + #ifdef CONFIG_OPEN_BY_HANDLE + static inline int name_to_handle(int dirfd, const char *name, + struct file_handle *fh, int *mnt_id, int flags) +@@ -65,16 +75,6 @@ + }; + #define file_handle rpl_file_handle + +-#ifndef AT_REMOVEDIR +-#define AT_REMOVEDIR 0x200 +-#endif +-#ifndef AT_EMPTY_PATH +-#define AT_EMPTY_PATH 0x1000 /* Allow empty relative pathname */ +-#endif +-#ifndef O_PATH +-#define O_PATH 010000000 +-#endif +- + static inline int name_to_handle(int dirfd, const char *name, + struct file_handle *fh, int *mnt_id, int flags) + { --- qemu-kvm-1.0+noroms.orig/debian/patches/disable-hpet-for-tcg.patch +++ qemu-kvm-1.0+noroms/debian/patches/disable-hpet-for-tcg.patch @@ -0,0 +1,24 @@ +Description: Disable hpet for unaccelerated qemu + Hpet is not really needed for unaccelerated qemu, and currently causes it + to hang on boot. The bug is fixed upstream, but the fix is not cleanly + cherrypick-able, so simply "don't do that". +Author: Serge Hallyn +Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668186 +Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/qemu-kvm/+bug/975240 +Forwarded: no + +Index: qemu-kvm-1.0+noroms/vl.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/vl.c 2012-04-09 11:03:55.691027742 -0500 ++++ qemu-kvm-1.0+noroms/vl.c 2012-04-09 11:05:00.287348049 -0500 +@@ -2063,6 +2063,10 @@ + exit(1); + } + ++ /* for non-accelerated qemu, don't enable hpet */ ++ if (!strcmp(accel_list[i].opt_name, "tcg")) ++ no_hpet = 1; ++ + if (init_failed) { + fprintf(stderr, "Back to %s accelerator.\n", accel_list[i].name); + } --- qemu-kvm-1.0+noroms.orig/debian/patches/dont-try-to-hotplug-cpu.patch +++ qemu-kvm-1.0+noroms/debian/patches/dont-try-to-hotplug-cpu.patch @@ -0,0 +1,29 @@ +Description: don't try to hotplug a cpu + qemu-kvm will end up crashing when qdev finds hotplug is not enabled. Let's + instead gracefully refuse. +Author: Serge Hallyn +Forwarded: yes +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/878422 + +Index: qemu-kvm-1.0+noroms/hw/acpi_piix4.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/hw/acpi_piix4.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/hw/acpi_piix4.c 2011-12-07 13:49:30.354357818 -0600 +@@ -589,12 +589,17 @@ + PIIX4PMState *s = global_piix4_pm_state; + + if (state && !qemu_get_cpu(cpu)) { ++#if 1 ++ fprintf(stderr, "cpu hotplug not supported\n", cpu); ++ return; ++#else + env = pc_new_cpu(global_cpu_model); + if (!env) { + fprintf(stderr, "cpu %d creation failed\n", cpu); + return; + } + env->cpuid_apic_id = cpu; ++#endif + } + + if (state) --- qemu-kvm-1.0+noroms.orig/debian/patches/expose_vmx_qemu64cpu.patch +++ qemu-kvm-1.0+noroms/debian/patches/expose_vmx_qemu64cpu.patch @@ -0,0 +1,16 @@ +Description: Expose VMX cpuid feature to the default "qemu64" CPU type, + supporting Intel compatible VMX nested virtualization. +Author: Dave Walker (Daviey) + +--- a/target-i386/cpuid.c ++++ b/target-i386/cpuid.c +@@ -293,7 +293,8 @@ + .features = PPRO_FEATURES | + CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | + CPUID_PSE36, +- .ext_features = CPUID_EXT_SSE3 | CPUID_EXT_CX16 | CPUID_EXT_POPCNT, ++ .ext_features = CPUID_EXT_SSE3 | CPUID_EXT_CX16 | CPUID_EXT_POPCNT | ++ CPUID_EXT_VMX, + .ext2_features = (PPRO_FEATURES & EXT2_FEATURE_MASK) | + CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX, + .ext3_features = CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | --- qemu-kvm-1.0+noroms.orig/debian/patches/fallback-to-tcg.patch +++ qemu-kvm-1.0+noroms/debian/patches/fallback-to-tcg.patch @@ -0,0 +1,23 @@ +Description: If kvm can't be used, default to tcg. + qemu-kvm has changed its default behavior. If no accel= option is + specified, then it only tries kvm. If kvm is not supported, it fails. + Change that, until LTS, to support tcg (un-accelerated qemu). After + LTS, we can drop this patch and require '-machine pc,accel=kvm:tcg' + for legacy behavior. +Author: Serge Hallyn +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/892050 +Forwarded: no + +Index: qemu-kvm-1.0+noroms/vl.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/vl.c 2011-12-07 12:44:22.327591287 -0600 ++++ qemu-kvm-1.0+noroms/vl.c 2011-12-07 13:00:58.084528968 -0600 +@@ -2020,7 +2020,7 @@ + if (p == NULL) { + #ifdef CONFIG_KVM_OPTIONS + /* Use the default "accelerator", kvm */ +- p = "kvm"; ++ p = "kvm:tcg"; + #else + /* Use the default "accelerator", tcg */ + p = "tcg"; --- qemu-kvm-1.0+noroms.orig/debian/patches/fix-vmware-vga-negative-vals +++ qemu-kvm-1.0+noroms/debian/patches/fix-vmware-vga-negative-vals @@ -0,0 +1,35 @@ +Description: vga-vmware + vnc: don't try to set_bit to negative offsets + If x or y < 0, set them to 0 (and decrement width/height accordingly) +Author: Serge Hallyn +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/918791 +Forwarded: yes + +diff --git a/hw/vmware_vga.c b/hw/vmware_vga.c +index 142d9f4..c94f9f3 100644 +--- a/hw/vmware_vga.c ++++ b/hw/vmware_vga.c +@@ -298,6 +298,24 @@ static inline void vmsvga_update_rect(struct vmsvga_state_s *s, + uint8_t *src; + uint8_t *dst; + ++ if (x < 0) { ++ fprintf(stderr, "%s: update x was < 0 (%d, w %d)\n", ++ __FUNCTION__, x, w); ++ w += x; ++ if (w < 0) { ++ return; ++ } ++ x = 0; ++ } ++ if (y < 0) { ++ fprintf(stderr, "%s: update y was < 0 (%d, h %d)\n", ++ __FUNCTION__, y, h); ++ h += y; ++ if (h < 0) { ++ return; ++ } ++ y = 0; ++ } + if (x + w > s->width) { + fprintf(stderr, "%s: update width too large x: %d, w: %d\n", + __FUNCTION__, x, w); --- qemu-kvm-1.0+noroms.orig/debian/patches/keep-pid-file-locked.patch +++ qemu-kvm-1.0+noroms/debian/patches/keep-pid-file-locked.patch @@ -0,0 +1,40 @@ +From 93dd748b789202af4f5be75412c58ee1ed481b29 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 27 Jan 2012 14:34:05 +0100 +Subject: [PATCH] keep the PID file locked for the lifetime of the process + +The lockf() call in qemu_create_pidfile() aims at ensuring mutual +exclusion. We shouldn't close the pidfile on success (as introduced by +commit 1bbd1592), because that drops the lock as well [1]: + + "File locks shall be released on first close by the locking process + of any file descriptor for the file." + +Coverity may complain again about the leaked file descriptor; let's +worry about that later. + +v1->v2: +- add reference to 1bbd1592 +- explain the intentional fd leak in the source + +[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/lockf.html + +Signed-off-by: Laszlo Ersek +Signed-off-by: Anthony Liguori +--- + os-posix.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/os-posix.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/os-posix.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/os-posix.c 2012-07-11 16:40:49.378895264 -0500 +@@ -381,7 +381,7 @@ + return -1; + } + +- close(fd); ++ /* keep pidfile open & locked forever */ + return 0; + } + --- qemu-kvm-1.0+noroms.orig/debian/patches/larger_default_ram_size.patch +++ qemu-kvm-1.0+noroms/debian/patches/larger_default_ram_size.patch @@ -0,0 +1,13 @@ +Index: qemu-kvm-1.0+noroms/vl.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/vl.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/vl.c 2012-03-20 10:09:33.035587950 -0500 +@@ -170,7 +170,7 @@ + //#define DEBUG_NET + //#define DEBUG_SLIRP + +-#define DEFAULT_RAM_SIZE 128 ++#define DEFAULT_RAM_SIZE 384 + + #define MAX_VIRTIO_CONSOLES 1 + --- qemu-kvm-1.0+noroms.orig/debian/patches/migration-do-not-overwrite-zero-pages.patch +++ qemu-kvm-1.0+noroms/debian/patches/migration-do-not-overwrite-zero-pages.patch @@ -0,0 +1,152 @@ +From 211ea74022f51164a7729030b28eec90b6c99a08 Mon Sep 17 00:00:00 2001 +From: Peter Lieven +Date: Mon, 10 Jun 2013 12:14:20 +0200 +Subject: [PATCH] migration: do not overwrite zero pages + +on incoming migration do not memset pages to zero if they already read as zero. +this will allocate a new zero page and consume memory unnecessarily. even +if we madvise a MADV_DONTNEED later this will only deallocate the memory +asynchronously. + +Signed-off-by: Peter Lieven +Signed-off-by: Juan Quintela +(backported from commit 211ea74022f51164a7729030b28eec90b6c99a08) +Signed-off-by: Chris J Arges + +--- a/arch_init.c ++++ b/arch_init.c +@@ -109,6 +109,67 @@ static int is_dup_page(uint8_t *page, ui + return 1; + } + ++/* ++ * Searches for an area with non-zero content in a buffer ++ * ++ * Attention! The len must be a multiple of ++ * BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR * sizeof(VECTYPE) ++ * and addr must be a multiple of sizeof(VECTYPE) due to ++ * restriction of optimizations in this function. ++ * ++ * can_use_buffer_find_nonzero_offset() can be used to check ++ * these requirements. ++ * ++ * The return value is the offset of the non-zero area rounded ++ * down to a multiple of sizeof(VECTYPE) for the first ++ * BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR chunks and down to ++ * BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR * sizeof(VECTYPE) ++ * afterwards. ++ * ++ * If the buffer is all zero the return value is equal to len. ++ */ ++ ++size_t buffer_find_nonzero_offset(const void *buf, size_t len) ++{ ++ const VECTYPE *p = buf; ++ const VECTYPE zero = (VECTYPE){0}; ++ size_t i; ++ ++ assert(can_use_buffer_find_nonzero_offset(buf, len)); ++ ++ if (!len) { ++ return 0; ++ } ++ ++ for (i = 0; i < BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR; i++) { ++ if (!ALL_EQ(p[i], zero)) { ++ return i * sizeof(VECTYPE); ++ } ++ } ++ ++ for (i = BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR; ++ i < len / sizeof(VECTYPE); ++ i += BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR) { ++ VECTYPE tmp0 = p[i + 0] | p[i + 1]; ++ VECTYPE tmp1 = p[i + 2] | p[i + 3]; ++ VECTYPE tmp2 = p[i + 4] | p[i + 5]; ++ VECTYPE tmp3 = p[i + 6] | p[i + 7]; ++ VECTYPE tmp01 = tmp0 | tmp1; ++ VECTYPE tmp23 = tmp2 | tmp3; ++ if (!ALL_EQ(tmp01 | tmp23, zero)) { ++ break; ++ } ++ } ++ ++ return i * sizeof(VECTYPE); ++} ++ ++static inline bool is_zero_page(uint8_t *p) ++{ ++ return buffer_find_nonzero_offset(p, TARGET_PAGE_SIZE) == ++ TARGET_PAGE_SIZE; ++} ++ + static RAMBlock *last_block; + static ram_addr_t last_offset; + +@@ -440,13 +501,15 @@ int ram_load(QEMUFile *f, void *opaque, + } + + ch = qemu_get_byte(f); +- memset(host, ch, TARGET_PAGE_SIZE); ++ if (ch != 0 || !is_zero_page(host)) { ++ memset(host, ch, TARGET_PAGE_SIZE); + #ifndef _WIN32 +- if (ch == 0 && +- (!kvm_enabled() || kvm_has_sync_mmu())) { +- qemu_madvise(host, TARGET_PAGE_SIZE, QEMU_MADV_DONTNEED); +- } ++ if (ch == 0 && ++ (!kvm_enabled() || kvm_has_sync_mmu())) { ++ qemu_madvise(host, TARGET_PAGE_SIZE, QEMU_MADV_DONTNEED); ++ } + #endif ++ } + } else if (flags & RAM_SAVE_FLAG_PAGE) { + void *host; + +--- a/qemu-common.h ++++ b/qemu-common.h +@@ -341,6 +341,43 @@ static inline uint64_t muldiv64(uint64_t + return res.ll; + } + ++/* vector definitions */ ++#ifdef __ALTIVEC__ ++#include ++/* The altivec.h header says we're allowed to undef these for ++ * C++ compatibility. Here we don't care about C++, but we ++ * undef them anyway to avoid namespace pollution. ++ */ ++#undef vector ++#undef pixel ++#undef bool ++#define VECTYPE __vector unsigned char ++#define SPLAT(p) vec_splat(vec_ld(0, p), 0) ++#define ALL_EQ(v1, v2) vec_all_eq(v1, v2) ++/* altivec.h may redefine the bool macro as vector type. ++ * Reset it to POSIX semantics. */ ++#define bool _Bool ++#elif defined __SSE2__ ++#include ++#define VECTYPE __m128i ++#define SPLAT(p) _mm_set1_epi8(*(p)) ++#define ALL_EQ(v1, v2) (_mm_movemask_epi8(_mm_cmpeq_epi8(v1, v2)) == 0xFFFF) ++#else ++#define VECTYPE unsigned long ++#define SPLAT(p) (*(p) * (~0UL / 255)) ++#define ALL_EQ(v1, v2) ((v1) == (v2)) ++#endif ++ ++#define BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR 8 ++static inline bool ++can_use_buffer_find_nonzero_offset(const void *buf, size_t len) ++{ ++ return (len % (BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR ++ * sizeof(VECTYPE)) == 0 ++ && ((uintptr_t) buf) % sizeof(VECTYPE) == 0); ++} ++size_t buffer_find_nonzero_offset(const void *buf, size_t len); ++ + #include "module.h" + + #endif --- qemu-kvm-1.0+noroms.orig/debian/patches/multiboot-load-fix.diff +++ qemu-kvm-1.0+noroms/debian/patches/multiboot-load-fix.diff @@ -0,0 +1,40 @@ +commit 3dba721eeebd080e9f885f2a57eb9fa26cf219fd +Author: Scott Moser +Date: Sat Mar 17 04:03:11 2012 +0000 +Forwarded: http://www.mail-archive.com/qemu-devel@nongnu.org/msg103059.html +Bug: https://bugs.launchpad.net/qemu/+bug/957622 +Description: fix multiboot loading if load_end_addr == 0 + The previous code did not treat the case where load_end_addr was 0 + specially. The multiboot specification says the following: + * load_end_addr + Contains the physical address of the end of the data segment. + (load_end_addr - load_addr) specifies how much data to load. This + implies that the text and data segments must be consecutive in the + OS image; this is true for existing a.out executable formats. If + this field is zero, the boot loader assumes that the text and data + segments occupy the whole OS image file. + +diff --git a/hw/multiboot.c b/hw/multiboot.c +index b4484a3..b1e04c5 100644 +--- a/hw/multiboot.c ++++ b/hw/multiboot.c +@@ -202,10 +202,16 @@ int load_multiboot(void *fw_cfg, + uint32_t mh_bss_end_addr = ldl_p(header+i+24); + mh_load_addr = ldl_p(header+i+16); + uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); +- uint32_t mb_load_size = mh_load_end_addr - mh_load_addr; +- ++ uint32_t mb_load_size = 0; + mh_entry_addr = ldl_p(header+i+28); +- mb_kernel_size = mh_bss_end_addr - mh_load_addr; ++ ++ if (mh_load_end_addr) { ++ mb_kernel_size = mh_bss_end_addr - mh_load_addr; ++ mb_load_size = mh_load_end_addr - mh_load_addr; ++ } else { ++ mb_kernel_size = kernel_file_size - mb_kernel_text_offset; ++ mb_load_size = mb_kernel_size; ++ } + + /* Valid if mh_flags sets MULTIBOOT_HEADER_HAS_VBE. + uint32_t mh_mode_type = ldl_p(header+i+32); --- qemu-kvm-1.0+noroms.orig/debian/patches/nbd-fixes-to-read-only-handling.patch +++ qemu-kvm-1.0+noroms/debian/patches/nbd-fixes-to-read-only-handling.patch @@ -0,0 +1,55 @@ +commit c8969eded252058e90e91f12f75f32aceae46ec9 +Author: Paolo Bonzini +Date: Tue Nov 13 10:34:17 2012 +0100 + + nbd: fixes to read-only handling + + We do not need BLKROSET if the kernel supports setting flags. + Also, always do BLKROSET even for a read-write export, otherwise + the read-only state remains "sticky" after the invocation of + "qemu-nbd -r". + + Signed-off-by: Paolo Bonzini + +Index: qemu-kvm-1.0+noroms/nbd.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/nbd.c 2011-12-04 04:38:06.000000000 -0600 ++++ qemu-kvm-1.0+noroms/nbd.c 2012-11-15 10:46:34.448679200 -0600 +@@ -366,26 +366,24 @@ + return -1; + } + +- if (flags & NBD_FLAG_READ_ONLY) { +- int read_only = 1; +- TRACE("Setting readonly attribute"); ++ if (ioctl(fd, NBD_SET_FLAGS, flags) < 0) { ++ if (errno == ENOTTY) { ++ int read_only = (flags & NBD_FLAG_READ_ONLY) != 0; ++ TRACE("Setting readonly attribute"); + +- if (ioctl(fd, BLKROSET, (unsigned long) &read_only) < 0) { ++ if (ioctl(fd, BLKROSET, (unsigned long) &read_only) < 0) { ++ int serrno = errno; ++ LOG("Failed setting read-only attribute"); ++ return -serrno; ++ } ++ } else { + int serrno = errno; +- LOG("Failed setting read-only attribute"); ++ LOG("Failed setting flags"); + errno = serrno; + return -1; + } + } + +- if (ioctl(fd, NBD_SET_FLAGS, flags) < 0 +- && errno != ENOTTY) { +- int serrno = errno; +- LOG("Failed setting flags"); +- errno = serrno; +- return -1; +- } +- + TRACE("Clearing NBD socket"); + + if (ioctl(fd, NBD_CLEAR_SOCK) == -1) { --- qemu-kvm-1.0+noroms.orig/debian/patches/qemu-ifup-choosebridge.patch +++ qemu-kvm-1.0+noroms/debian/patches/qemu-ifup-choosebridge.patch @@ -0,0 +1,35 @@ +Description: Be smarter about which bridge to attach a tap to in qemu-ifup. + Allow the admin to specify one in /etc/default/qemu-kvm. If none is defined + there, then use the default route if it is a bridge. If it is not a bridge, + then use virbr0. +Author: Serge Hallyn +Forwarded: no +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/475327 + +Index: qemu-kvm-1.0+noroms/kvm/scripts/qemu-ifup +=================================================================== +--- qemu-kvm-1.0+noroms.orig/kvm/scripts/qemu-ifup 2012-02-15 15:34:21.477653106 -0600 ++++ qemu-kvm-1.0+noroms/kvm/scripts/qemu-ifup 2012-02-15 16:12:33.517018709 -0600 +@@ -1,5 +1,19 @@ + #!/bin/sh + +-switch=$(ip route list | awk '/^default / { print $5 }') +-ifconfig $1 0.0.0.0 up +-brctl addif ${switch} $1 ++nic=$1 ++ ++if [ -f /etc/default/qemu-kvm ]; then ++ . /etc/default/qemu-kvm ++fi ++ ++if [ -z "$TAPBR" ]; then ++ switch=$(ip route list | awk '/^default / { print $5 }') ++ if [ ! -d "/sys/class/net/${switch}/bridge" ]; then ++ switch=virbr0 ++ fi ++else ++ switch=$TAPBR ++fi ++ ++ifconfig $nic 0.0.0.0 up ++brctl addif ${switch} $nic --- qemu-kvm-1.0+noroms.orig/debian/patches/qemu-img-progress-init-before-progress-end.patch +++ qemu-kvm-1.0+noroms/debian/patches/qemu-img-progress-init-before-progress-end.patch @@ -0,0 +1,27 @@ +Description: qemu-img: make sure to call progress_init before progress_end + This is based on the upstream commit cbda016d9 +Author: Serge Hallyn +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1388036 +Forwarded: no + +Index: qemu-kvm-1.0+noroms/qemu-img.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/qemu-img.c ++++ qemu-kvm-1.0+noroms/qemu-img.c +@@ -737,6 +737,8 @@ static int img_convert(int argc, char ** + + out_filename = argv[argc - 1]; + ++ qemu_progress_init(progress, 2.0); ++ + if (options && !strcmp(options, "?")) { + ret = print_block_option_help(out_filename, out_fmt); + goto out; +@@ -749,7 +751,6 @@ static int img_convert(int argc, char ** + goto out; + } + +- qemu_progress_init(progress, 2.0); + qemu_progress_print(0, 100); + + bs = g_malloc0(bs_n * sizeof(BlockDriverState *)); --- qemu-kvm-1.0+noroms.orig/debian/patches/qemuifup-fix-paths.patch +++ qemu-kvm-1.0+noroms/debian/patches/qemuifup-fix-paths.patch @@ -0,0 +1,17 @@ +Description: remove absolute paths. +Author: Serge Hallyn +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/833475 + +Index: qemu-kvm-0.15.0+noroms/kvm/scripts/qemu-ifup +=================================================================== +--- qemu-kvm-0.15.0+noroms.orig/kvm/scripts/qemu-ifup 2011-10-19 08:44:30.688946453 -0500 ++++ qemu-kvm-0.15.0+noroms/kvm/scripts/qemu-ifup 2011-10-19 08:44:35.832946365 -0500 +@@ -1,5 +1,5 @@ + #!/bin/sh + +-switch=$(/sbin/ip route list | awk '/^default / { print $5 }') +-/sbin/ifconfig $1 0.0.0.0 up +-/usr/sbin/brctl addif ${switch} $1 ++switch=$(ip route list | awk '/^default / { print $5 }') ++ifconfig $1 0.0.0.0 up ++brctl addif ${switch} $1 --- qemu-kvm-1.0+noroms.orig/debian/patches/rbd/0001-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch +++ qemu-kvm-1.0+noroms/debian/patches/rbd/0001-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch @@ -0,0 +1,36 @@ +From b9c532903fa528891c0eceb34ea40a0c47bfb5db Mon Sep 17 00:00:00 2001 +From: Josh Durgin +Date: Tue, 6 Dec 2011 17:05:10 -0800 +Subject: [PATCH] rbd: always set out parameter in qemu_rbd_snap_list + +The caller expects psn_tab to be NULL when there are no snapshots or +an error occurs. This results in calling g_free on an invalid address. + +Reported-by: Oliver Francke +Signed-off-by: Josh Durgin +Signed-off-by: Kevin Wolf +--- + block/rbd.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +Index: qemu-kvm-1.0+noroms/block/rbd.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/rbd.c 2012-04-05 11:14:47.123411034 -0500 ++++ qemu-kvm-1.0+noroms/block/rbd.c 2012-04-05 11:14:48.343411010 -0500 +@@ -808,7 +808,7 @@ + } while (snap_count == -ERANGE); + + if (snap_count <= 0) { +- return snap_count; ++ goto done; + } + + sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo)); +@@ -827,6 +827,7 @@ + } + rbd_snap_list_end(snaps); + ++ done: + *psn_tab = sn_tab; + return snap_count; + } --- qemu-kvm-1.0+noroms.orig/debian/patches/rbd/0002-rbd-wire-up-snapshot-removal-and-rollback-functional.patch +++ qemu-kvm-1.0+noroms/debian/patches/rbd/0002-rbd-wire-up-snapshot-removal-and-rollback-functional.patch @@ -0,0 +1,53 @@ +From bd6032470631d8d5de6db84ecb55398b70d9d2f3 Mon Sep 17 00:00:00 2001 +From: Gregory Farnum +Date: Wed, 11 Jan 2012 11:53:52 -0800 +Subject: [PATCH] rbd: wire up snapshot removal and rollback functionality + +Signed-off-by: Greg Farnum +Reviewed-by: Stefan Hajnoczi +Signed-off-by: Kevin Wolf +--- + block/rbd.c | 22 ++++++++++++++++++++++ + 1 files changed, 22 insertions(+), 0 deletions(-) + +Index: qemu-kvm-1.0+noroms/block/rbd.c +=================================================================== +--- qemu-kvm-1.0+noroms.orig/block/rbd.c 2012-04-05 11:14:48.343411010 -0500 ++++ qemu-kvm-1.0+noroms/block/rbd.c 2012-04-05 11:14:50.651410970 -0500 +@@ -790,6 +790,26 @@ + return 0; + } + ++static int qemu_rbd_snap_remove(BlockDriverState *bs, ++ const char *snapshot_name) ++{ ++ BDRVRBDState *s = bs->opaque; ++ int r; ++ ++ r = rbd_snap_remove(s->image, snapshot_name); ++ return r; ++} ++ ++static int qemu_rbd_snap_rollback(BlockDriverState *bs, ++ const char *snapshot_name) ++{ ++ BDRVRBDState *s = bs->opaque; ++ int r; ++ ++ r = rbd_snap_rollback(s->image, snapshot_name); ++ return r; ++} ++ + static int qemu_rbd_snap_list(BlockDriverState *bs, + QEMUSnapshotInfo **psn_tab) + { +@@ -863,7 +883,9 @@ + .bdrv_co_flush_to_disk = qemu_rbd_co_flush, + + .bdrv_snapshot_create = qemu_rbd_snap_create, ++ .bdrv_snapshot_delete = qemu_rbd_snap_remove, + .bdrv_snapshot_list = qemu_rbd_snap_list, ++ .bdrv_snapshot_goto = qemu_rbd_snap_rollback, + }; + + static void bdrv_rbd_init(void) --- qemu-kvm-1.0+noroms.orig/debian/patches/rbd/0003-vhost-net-asserts +++ qemu-kvm-1.0+noroms/debian/patches/rbd/0003-vhost-net-asserts @@ -0,0 +1,35 @@ +When migrating a vm using vhost-net we hit the following assertion: + +qemu-kvm: /usr/src/packages/BUILD/qemu-kvm-0.15.1/hw/vhost.c:30: +vhost_dev_sync_region: Assertion `start / (0x1000 * (8 * +sizeof(vhost_log_chunk_t))) < dev->log_size' failed. + +The cases which the end < start check is intended to catch, such as +for vga video memory, will also likely trigger the assertion. +Reorder the code to handle this correctly. + +Signed-off-by: Bruce Rogers +--- + hw/vhost.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/vhost.c b/hw/vhost.c +index 0870cb7..7309f71 100644 +--- a/hw/vhost.c ++++ b/hw/vhost.c +@@ -26,11 +26,11 @@ static void vhost_dev_sync_region(struct vhost_dev *dev, + vhost_log_chunk_t *to = dev->log + end / VHOST_LOG_CHUNK + 1; + uint64_t addr = (start / VHOST_LOG_CHUNK) * VHOST_LOG_CHUNK; + +- assert(end / VHOST_LOG_CHUNK < dev->log_size); +- assert(start / VHOST_LOG_CHUNK < dev->log_size); + if (end < start) { + return; + } ++ assert(end / VHOST_LOG_CHUNK < dev->log_size); ++ assert(start / VHOST_LOG_CHUNK < dev->log_size); + for (;from < to; ++from) { + vhost_log_chunk_t log; + int bit; +-- +1.7.7 --- qemu-kvm-1.0+noroms.orig/debian/patches/series +++ qemu-kvm-1.0+noroms/debian/patches/series @@ -0,0 +1,69 @@ +qemu-img-progress-init-before-progress-end.patch +call-madv-hugepage-for-guest-ram-allocations.patch +migration-do-not-overwrite-zero-pages.patch +larger_default_ram_size.patch +CVE-2011-2212-virtqueue-indirect-overflow.patch +qemuifup-fix-paths.patch +fallback-to-tcg.patch +dont-try-to-hotplug-cpu.patch +CVE-2012-0029.patch +define_AT_EMPTY_PATH.patch +qemu-ifup-choosebridge.patch +block_vd_zero_unused_parts +expose_vmx_qemu64cpu.patch +fix-vmware-vga-negative-vals +slirp_01.patch +slirp_02.patch +slirp_03.patch +slirp_04.patch +slirp_05.patch +slirp_06.patch +slirp_07.patch +multiboot-load-fix.diff +disable-hpet-for-tcg.patch +rbd/0001-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch +rbd/0002-rbd-wire-up-snapshot-removal-and-rollback-functional.patch +rbd/0003-vhost-net-asserts +keep-pid-file-locked.patch +CVE-2012-2652.patch +9001-virtio-add-missing-mb-on-notification.patch +9002-virtio-add-missing-mb-on-enable-notification.patch +9003-virtio-order-index-descriptor-reads.patch +CVE-2012-3515.patch +nbd-fixes-to-read-only-handling.patch +CVE-2012-6075.patch +9pfs-remove-noatime-flag-from-ro-open-calls.patch +9004-qcow2-start-at-0-when-counting-cow-clusters.patch +CVE-2013-4344.patch +CVE-2014-0150.patch +CVE-2014-2894.patch +CVE-2014-0143.patch +CVE-2014-0142.patch +CVE-2014-0144.patch +CVE-2014-0145.patch +CVE-2014-0146.patch +CVE-2014-0147.patch +CVE-2013-4148.patch +CVE-2013-4151.patch +CVE-2013-4527.patch +CVE-2013-4529.patch +CVE-2013-4530.patch +CVE-2013-4531.patch +CVE-2013-4532.patch +CVE-2013-4533.patch +CVE-2013-4534.patch +CVE-2013-4535_4536.patch +CVE-2013-4537.patch +CVE-2013-4538.patch +CVE-2013-4539.patch +CVE-2013-4540.patch +CVE-2013-4541.patch +CVE-2013-6399.patch +CVE-2014-0182.patch +CVE-2014-0222.patch +CVE-2014-0223.patch +CVE-2014-3461.patch +define-qemu-kvm-mt +CVE-2014-3640.patch +CVE-2014-3689.patch +CVE-2014-7815.patch --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_01.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_01.patch @@ -0,0 +1,51 @@ +commit 79e7e937bd59ba8c4caaa08963712df2506adf8b +Author: Jan Kiszka +Date: Fri Feb 17 14:39:30 2012 +0100 + + slirp: Clean up ifs_init + + Remove duplicate ifs_init macros, reimplement the logic as static inline + in mbuf.h. + + CC: Zhi Yong Wu + CC: Michael S. Tsirkin + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index 2852396..8e0cac2 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -8,8 +8,6 @@ + #include + #include "qemu-timer.h" + +-#define ifs_init(ifm) ((ifm)->ifs_next = (ifm)->ifs_prev = (ifm)) +- + static void + ifs_insque(struct mbuf *ifm, struct mbuf *ifmhead) + { +diff --git a/slirp/if.h b/slirp/if.h +index 2dac1c7..3327023 100644 +--- a/slirp/if.h ++++ b/slirp/if.h +@@ -20,6 +20,4 @@ + /* 2 for alignment, 14 for ethernet, 40 for TCP/IP */ + #define IF_MAXLINKHDR (2 + 14 + 40) + +-#define ifs_init(ifm) ((ifm)->ifs_next = (ifm)->ifs_prev = (ifm)) +- + #endif +diff --git a/slirp/mbuf.h b/slirp/mbuf.h +index 0708840..8d7951f 100644 +--- a/slirp/mbuf.h ++++ b/slirp/mbuf.h +@@ -124,4 +124,9 @@ void m_adj(struct mbuf *, int); + int m_copy(struct mbuf *, struct mbuf *, int, int); + struct mbuf * dtom(Slirp *, void *); + ++static inline void ifs_init(struct mbuf *ifm) ++{ ++ ifm->ifs_next = ifm->ifs_prev = ifm; ++} ++ + #endif --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_02.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_02.patch @@ -0,0 +1,85 @@ +commit b248ede2ef2792d364bd305e5e92e24921c924a8 +Author: Jan Kiszka +Date: Fri Feb 17 16:26:38 2012 +0100 + + slirp: Fix requeuing of batchq packets in if_start + + In case we requeued a packet that was the head of a longer session + queue, we failed to restore this ordering. Also, we did not properly + deal with changes to Slirp::next_m. + + Instead of a cumbersome roll back, this fix simply avoids any changes + until we know if the packet was actually sent. Both fixes crashes due + to inconsistent queues and simplifies the logic. + + Thanks to Zhi Yong Wu who found the reason for these crashes. + + CC: Zhi Yong Wu + CC: Fabien Chouteau + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index 8e0cac2..710ec23 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -154,6 +154,7 @@ if_start(Slirp *slirp) + { + uint64_t now = qemu_get_clock_ns(rt_clock); + int requeued = 0; ++ bool from_batchq = false; + struct mbuf *ifm, *ifqt; + + DEBUG_CALL("if_start"); +@@ -179,13 +180,26 @@ if_start(Slirp *slirp) + else + ifm = slirp->if_batchq.ifq_next; + +- /* Set which packet to send on next iteration */ +- slirp->next_m = ifm->ifq_next; ++ from_batchq = true; + } ++ ++ slirp->if_queued--; ++ ++ /* Try to send packet unless it already expired */ ++ if (ifm->expiration_date >= now && !if_encap(slirp, ifm)) { ++ /* Packet is delayed due to pending ARP resolution */ ++ requeued++; ++ goto out; ++ } ++ ++ if (from_batchq) { ++ /* Set which packet to send on next iteration */ ++ slirp->next_m = ifm->ifq_next; ++ } ++ + /* Remove it from the queue */ + ifqt = ifm->ifq_prev; + remque(ifm); +- slirp->if_queued--; + + /* If there are more packets for this session, re-queue them */ + if (ifm->ifs_next != /* ifm->ifs_prev != */ ifm) { +@@ -200,20 +214,9 @@ if_start(Slirp *slirp) + ifm->ifq_so->so_nqueued = 0; + } + +- if (ifm->expiration_date < now) { +- /* Expired */ +- m_free(ifm); +- } else { +- /* Encapsulate the packet for sending */ +- if (if_encap(slirp, ifm)) { +- m_free(ifm); +- } else { +- /* re-queue */ +- insque(ifm, ifqt); +- requeued++; +- } +- } ++ m_free(ifm); + ++ out: + if (slirp->if_queued) + goto again; + --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_03.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_03.patch @@ -0,0 +1,129 @@ +commit b87ffa163185e339f9f9f1e6dbc561e0f990442d +Author: Jan Kiszka +Date: Fri Feb 17 16:35:36 2012 +0100 + + slirp: Refactor if_start + + Replace gotos with a while loop, fix coding style. + + CC: Zhi Yong Wu + CC: Fabien Chouteau + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index 710ec23..33f08e1 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -149,39 +149,36 @@ diddit: + * from the second session, then one packet from the third, then back + * to the first, etc. etc. + */ +-void +-if_start(Slirp *slirp) ++void if_start(Slirp *slirp) + { + uint64_t now = qemu_get_clock_ns(rt_clock); + int requeued = 0; + bool from_batchq = false; +- struct mbuf *ifm, *ifqt; +- +- DEBUG_CALL("if_start"); ++ struct mbuf *ifm, *ifqt; + +- if (slirp->if_queued == 0) +- return; /* Nothing to do */ ++ DEBUG_CALL("if_start"); + +- again: ++ while (slirp->if_queued) { + /* check if we can really output */ + if (!slirp_can_output(slirp->opaque)) + return; + +- /* +- * See which queue to get next packet from +- * If there's something in the fastq, select it immediately +- */ +- if (slirp->if_fastq.ifq_next != &slirp->if_fastq) { +- ifm = slirp->if_fastq.ifq_next; +- } else { +- /* Nothing on fastq, see if next_m is valid */ +- if (slirp->next_m != &slirp->if_batchq) +- ifm = slirp->next_m; +- else +- ifm = slirp->if_batchq.ifq_next; +- +- from_batchq = true; +- } ++ /* ++ * See which queue to get next packet from ++ * If there's something in the fastq, select it immediately ++ */ ++ if (slirp->if_fastq.ifq_next != &slirp->if_fastq) { ++ ifm = slirp->if_fastq.ifq_next; ++ } else { ++ /* Nothing on fastq, see if next_m is valid */ ++ if (slirp->next_m != &slirp->if_batchq) { ++ ifm = slirp->next_m; ++ } else { ++ ifm = slirp->if_batchq.ifq_next; ++ } ++ ++ from_batchq = true; ++ } + + slirp->if_queued--; + +@@ -189,7 +186,7 @@ if_start(Slirp *slirp) + if (ifm->expiration_date >= now && !if_encap(slirp, ifm)) { + /* Packet is delayed due to pending ARP resolution */ + requeued++; +- goto out; ++ continue; + } + + if (from_batchq) { +@@ -197,28 +194,25 @@ if_start(Slirp *slirp) + slirp->next_m = ifm->ifq_next; + } + +- /* Remove it from the queue */ +- ifqt = ifm->ifq_prev; +- remque(ifm); ++ /* Remove it from the queue */ ++ ifqt = ifm->ifq_prev; ++ remque(ifm); + +- /* If there are more packets for this session, re-queue them */ +- if (ifm->ifs_next != /* ifm->ifs_prev != */ ifm) { +- insque(ifm->ifs_next, ifqt); +- ifs_remque(ifm); +- } ++ /* If there are more packets for this session, re-queue them */ ++ if (ifm->ifs_next != ifm) { ++ insque(ifm->ifs_next, ifqt); ++ ifs_remque(ifm); ++ } + +- /* Update so_queued */ +- if (ifm->ifq_so) { +- if (--ifm->ifq_so->so_queued == 0) +- /* If there's no more queued, reset nqueued */ +- ifm->ifq_so->so_nqueued = 0; +- } ++ /* Update so_queued */ ++ if (ifm->ifq_so && --ifm->ifq_so->so_queued == 0) { ++ /* If there's no more queued, reset nqueued */ ++ ifm->ifq_so->so_nqueued = 0; ++ } + + m_free(ifm); + +- out: +- if (slirp->if_queued) +- goto again; ++ } + +- slirp->if_queued = requeued; ++ slirp->if_queued = requeued; + } --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_04.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_04.patch @@ -0,0 +1,62 @@ +commit d6536b2c971f7323e58dfbe1e6f3b7c7c0c4edf3 +Author: Jan Kiszka +Date: Wed Feb 29 09:27:33 2012 +0100 + + slirp: Keep next_m always valid + + Make sure that next_m always points to a packet if batchq is non-empty. + This will simplify walking the queues in if_start. + + CC: Fabien Chouteau + CC: Zhi Yong Wu + CC: Stefan Weil + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index 33f08e1..14fdef1 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -96,8 +96,13 @@ if_output(struct socket *so, struct mbuf *ifm) + ifs_insque(ifm, ifq->ifs_prev); + goto diddit; + } +- } else ++ } else { + ifq = slirp->if_batchq.ifq_prev; ++ /* Set next_m if the queue was empty so far */ ++ if (slirp->next_m == &slirp->if_batchq) { ++ slirp->next_m = ifm; ++ } ++ } + + /* Create a new doubly linked list for this session */ + ifm->ifq_so = so; +@@ -170,13 +175,8 @@ void if_start(Slirp *slirp) + if (slirp->if_fastq.ifq_next != &slirp->if_fastq) { + ifm = slirp->if_fastq.ifq_next; + } else { +- /* Nothing on fastq, see if next_m is valid */ +- if (slirp->next_m != &slirp->if_batchq) { +- ifm = slirp->next_m; +- } else { +- ifm = slirp->if_batchq.ifq_next; +- } +- ++ /* Nothing on fastq, pick up from batchq via next_m */ ++ ifm = slirp->next_m; + from_batchq = true; + } + +@@ -202,6 +202,12 @@ void if_start(Slirp *slirp) + if (ifm->ifs_next != ifm) { + insque(ifm->ifs_next, ifqt); + ifs_remque(ifm); ++ /* Set next_m if the session packet is now the only one on ++ * batchq */ ++ if (ifqt == &slirp->if_batchq && ++ slirp->next_m == &slirp->if_batchq) { ++ slirp->next_m = ifm->ifs_next; ++ } + } + + /* Update so_queued */ --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_05.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_05.patch @@ -0,0 +1,56 @@ +commit 953e7f54e679cd40fff28e29189ed9e24bfb0758 +Author: Jan Kiszka +Date: Mon Mar 5 19:50:39 2012 +0100 + + slirp: Prevent recursion of if_start + + if_start can be called recursively via if_encap. Avoid this as our + scheme of dequeuing packets is not compatible with this. + + CC: Fabien Chouteau + CC: Zhi Yong Wu + CC: Stefan Weil + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index 14fdef1..f7aebe9 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -163,10 +163,17 @@ void if_start(Slirp *slirp) + + DEBUG_CALL("if_start"); + ++ if (slirp->if_start_busy) { ++ return; ++ } ++ slirp->if_start_busy = true; ++ + while (slirp->if_queued) { + /* check if we can really output */ +- if (!slirp_can_output(slirp->opaque)) ++ if (!slirp_can_output(slirp->opaque)) { ++ slirp->if_start_busy = false; + return; ++ } + + /* + * See which queue to get next packet from +@@ -221,4 +228,6 @@ void if_start(Slirp *slirp) + } + + slirp->if_queued = requeued; ++ ++ slirp->if_start_busy = false; + } +diff --git a/slirp/slirp.h b/slirp/slirp.h +index 28a5c03..416d44a 100644 +--- a/slirp/slirp.h ++++ b/slirp/slirp.h +@@ -239,6 +239,7 @@ struct Slirp { + struct mbuf if_fastq; /* fast queue (for interactive data) */ + struct mbuf if_batchq; /* queue for non-interactive data */ + struct mbuf *next_m; /* pointer to next mbuf to output */ ++ bool if_start_busy; /* avoid if_start recursion */ + + /* ip states */ + struct ipq ipq; /* ip reass. queue */ --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_06.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_06.patch @@ -0,0 +1,129 @@ +commit e3078bf40a33b59fa11d077b1d0bb8796470982e +Author: Jan Kiszka +Date: Tue Mar 6 00:00:07 2012 +0100 + + slirp: Fix queue walking in if_start + + Another attempt to get this right: We need to carefully walk both the + fastq and the batchq in if_start while trying to send packets to + possibly not yet resolved hosts on the virtual network. + + So far we just requeued a delayed packet where it was and then started + walking the queues from the top again - that couldn't work. Now we pre- + calculate the next packet in the queue so that the current one can + safely be removed if it was sent successfully. We also need to take into + account that the next packet can be from the same session if the current + one was sent and there are no other sessions. + + CC: Fabien Chouteau + CC: Zhi Yong Wu + CC: Stefan Weil + Tested-by: Stefan Weil + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index f7aebe9..f6e848a 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -158,8 +158,8 @@ void if_start(Slirp *slirp) + { + uint64_t now = qemu_get_clock_ns(rt_clock); + int requeued = 0; +- bool from_batchq = false; +- struct mbuf *ifm, *ifqt; ++ bool from_batchq, next_from_batchq; ++ struct mbuf *ifm, *ifm_next, *ifqt; + + DEBUG_CALL("if_start"); + +@@ -168,23 +168,36 @@ void if_start(Slirp *slirp) + } + slirp->if_start_busy = true; + +- while (slirp->if_queued) { ++ if (slirp->if_fastq.ifq_next != &slirp->if_fastq) { ++ ifm_next = slirp->if_fastq.ifq_next; ++ next_from_batchq = false; ++ } else if (slirp->next_m != &slirp->if_batchq) { ++ /* Nothing on fastq, pick up from batchq via next_m */ ++ ifm_next = slirp->next_m; ++ next_from_batchq = true; ++ } else { ++ ifm_next = NULL; ++ } ++ ++ while (ifm_next) { + /* check if we can really output */ + if (!slirp_can_output(slirp->opaque)) { + slirp->if_start_busy = false; + return; + } + +- /* +- * See which queue to get next packet from +- * If there's something in the fastq, select it immediately +- */ +- if (slirp->if_fastq.ifq_next != &slirp->if_fastq) { +- ifm = slirp->if_fastq.ifq_next; +- } else { +- /* Nothing on fastq, pick up from batchq via next_m */ +- ifm = slirp->next_m; +- from_batchq = true; ++ ifm = ifm_next; ++ from_batchq = next_from_batchq; ++ ++ ifm_next = ifm->ifq_next; ++ if (ifm_next == &slirp->if_fastq) { ++ /* No more packets in fastq, switch to batchq */ ++ ifm_next = slirp->next_m; ++ next_from_batchq = true; ++ } ++ if (ifm_next == &slirp->if_batchq) { ++ /* end of batchq */ ++ ifm_next = NULL; + } + + slirp->if_queued--; +@@ -196,7 +209,7 @@ void if_start(Slirp *slirp) + continue; + } + +- if (from_batchq) { ++ if (ifm == slirp->next_m) { + /* Set which packet to send on next iteration */ + slirp->next_m = ifm->ifq_next; + } +@@ -207,13 +220,19 @@ void if_start(Slirp *slirp) + + /* If there are more packets for this session, re-queue them */ + if (ifm->ifs_next != ifm) { +- insque(ifm->ifs_next, ifqt); ++ struct mbuf *next = ifm->ifs_next; ++ ++ insque(next, ifqt); + ifs_remque(ifm); +- /* Set next_m if the session packet is now the only one on +- * batchq */ +- if (ifqt == &slirp->if_batchq && +- slirp->next_m == &slirp->if_batchq) { +- slirp->next_m = ifm->ifs_next; ++ ++ if (!from_batchq) { ++ /* Next packet in fastq is from the same session */ ++ ifm_next = next; ++ next_from_batchq = false; ++ } else if (slirp->next_m == &slirp->if_batchq) { ++ /* Set next_m and ifm_next if the session packet is now the ++ * only one on batchq */ ++ slirp->next_m = ifm_next = next; + } + } + +@@ -224,7 +243,6 @@ void if_start(Slirp *slirp) + } + + m_free(ifm); +- + } + + slirp->if_queued = requeued; --- qemu-kvm-1.0+noroms.orig/debian/patches/slirp_07.patch +++ qemu-kvm-1.0+noroms/debian/patches/slirp_07.patch @@ -0,0 +1,93 @@ +commit f37343197708d90f119007ce5ecc2503be9c04c1 +Author: Jan Kiszka +Date: Tue Mar 6 00:02:23 2012 +0100 + + slirp: Remove unneeded if_queued + + There is now a trivial check on entry of if_start for pending packets, + so we can drop the additional tracking via if_queued. + + Signed-off-by: Jan Kiszka + +diff --git a/slirp/if.c b/slirp/if.c +index f6e848a..096cf6f 100644 +--- a/slirp/if.c ++++ b/slirp/if.c +@@ -110,8 +110,6 @@ if_output(struct socket *so, struct mbuf *ifm) + insque(ifm, ifq); + + diddit: +- slirp->if_queued++; +- + if (so) { + /* Update *_queued */ + so->so_queued++; +@@ -157,7 +155,6 @@ diddit: + void if_start(Slirp *slirp) + { + uint64_t now = qemu_get_clock_ns(rt_clock); +- int requeued = 0; + bool from_batchq, next_from_batchq; + struct mbuf *ifm, *ifm_next, *ifqt; + +@@ -182,8 +179,7 @@ void if_start(Slirp *slirp) + while (ifm_next) { + /* check if we can really output */ + if (!slirp_can_output(slirp->opaque)) { +- slirp->if_start_busy = false; +- return; ++ break; + } + + ifm = ifm_next; +@@ -200,12 +196,9 @@ void if_start(Slirp *slirp) + ifm_next = NULL; + } + +- slirp->if_queued--; +- + /* Try to send packet unless it already expired */ + if (ifm->expiration_date >= now && !if_encap(slirp, ifm)) { + /* Packet is delayed due to pending ARP resolution */ +- requeued++; + continue; + } + +@@ -245,7 +238,5 @@ void if_start(Slirp *slirp) + m_free(ifm); + } + +- slirp->if_queued = requeued; +- + slirp->if_start_busy = false; + } +diff --git a/slirp/slirp.c b/slirp/slirp.c +index 19d69eb..bcffc34 100644 +--- a/slirp/slirp.c ++++ b/slirp/slirp.c +@@ -581,12 +581,7 @@ void slirp_select_poll(fd_set *readfds, fd_set *writefds, fd_set *xfds, + } + } + +- /* +- * See if we can start outputting +- */ +- if (slirp->if_queued) { +- if_start(slirp); +- } ++ if_start(slirp); + } + + /* clear global file descriptor sets. +diff --git a/slirp/slirp.h b/slirp/slirp.h +index 416d44a..cbe8a3c 100644 +--- a/slirp/slirp.h ++++ b/slirp/slirp.h +@@ -235,7 +235,6 @@ struct Slirp { + int mbuf_alloced; + + /* if states */ +- int if_queued; /* number of packets queued so far */ + struct mbuf if_fastq; /* fast queue (for interactive data) */ + struct mbuf if_batchq; /* queue for non-interactive data */ + struct mbuf *next_m; /* pointer to next mbuf to output */ --- qemu-kvm-1.0+noroms.orig/debian/qemu-arm-static.postinst +++ qemu-kvm-1.0+noroms/debian/qemu-arm-static.postinst @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# old versions of the package did not properly remove the format on upgrades +if which update-binfmts >/dev/null; then + update-binfmts --package qemu-arm-static \ + --remove arm /usr/bin/qemu-arm-static || true +fi + +#DEBHELPER# --- qemu-kvm-1.0+noroms.orig/debian/qemu-common.doc +++ qemu-kvm-1.0+noroms/debian/qemu-common.doc @@ -0,0 +1,2 @@ +qemu-tech.html +qemu-doc.html --- qemu-kvm-1.0+noroms.orig/debian/qemu-common.install +++ qemu-kvm-1.0+noroms/debian/qemu-common.install @@ -0,0 +1,5 @@ +debian/qemu-ifdown usr/bin +debian/source_qemu-kvm.py usr/share/apport/package-hooks/ +kvm/scripts/qemu-ifup usr/bin +pc-bios/keymaps usr/share/qemu +pc-bios/optionrom/*.bin usr/share/qemu --- qemu-kvm-1.0+noroms.orig/debian/qemu-common.links +++ qemu-kvm-1.0+noroms/debian/qemu-common.links @@ -0,0 +1,8 @@ +usr/bin/qemu-ifdown etc/qemu-ifdown +usr/bin/qemu-ifup etc/qemu-ifup +usr/share/seabios/bios.bin usr/share/qemu/bios.bin +usr/share/vgabios/vgabios.bin usr/share/qemu/vgabios.bin +usr/share/vgabios/vgabios.cirrus.bin usr/share/qemu/vgabios-cirrus.bin +usr/share/vgabios/vgabios.qxl.bin usr/share/qemu/vgabios-qxl.bin +usr/share/vgabios/vgabios.stdvga.bin usr/share/qemu/vgabios-stdvga.bin +usr/share/vgabios/vgabios.vmware.bin usr/share/qemu/vgabios-vmware.bin --- qemu-kvm-1.0+noroms.orig/debian/qemu-debootstrap +++ qemu-kvm-1.0+noroms/debian/qemu-debootstrap @@ -0,0 +1,170 @@ +#!/bin/sh +# qemu-debootstrap - setup qemu syscall emulation in a debootstrap chroot +# Copyright (C) 2010 Loïc Minier +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# SOFTWARE IN THE PUBLIC INTEREST, INC. BE LIABLE FOR ANY CLAIM, DAMAGES OR +# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +# DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the author shall not be used +# in advertising or otherwise to promote the sale, use or other dealings in +# this Software without prior written authorization from the author. +# +# requires: debootstrap + +set -e + +log() { + local format="$1" + shift + printf -- "$format\n" "$@" >&2 +} + +warn() { + local format="$1" + shift + log "W: $format" "$@" +} + +die() { + local format="$1" + shift + log "E: $format" "$@" + exit 1 +} + +run() { + log "I: Running command: %s" "$*" + "$@" +} + +escape() { + echo "$*" | sed "s/'/'\"'\"'/g; s/.*/'&'/" +} +unescape () { + eval "echo" "$*" +} + +if ! which debootstrap 2>&1 >/dev/null; then + die "debootstrap not found; install the debootstrap package" +fi + +system_arch="$(dpkg --print-architecture)" +deb_arch="$system_arch" + +# backward-compatibility with "build-arm-chroot" script which defaulted to +# armel +if [ "`basename "$0"`" = "build-arm-chroot" ]; then + deb_arch="armel" + log "Setting Debian architecture to armel" + warn "$0 is deprecated, please use qemu-debootstrap" +fi + +opts="" +args="" +suite="" +target="" +mirror="" +script="" +while [ $# -gt 0 ]; do + case "$1" in + --help) + die "I'm just a debootstrap wrapper; please see debootstrap --help" + ;; + --arch|--arch=?*) + if [ "$1" = "--arch" -a $# -ge 2 -a -n "$2" ]; then + deb_arch="$2" + shift 2 + elif [ "$1" != "${1#--arch=}" ]; then + deb_arch="${1#--arch=}" + shift + else + die "option %s requires an argument" "$1" + fi + ;; + --*) + opts="$opts $(escape "$1")" + shift + ;; + *) + if [ -z "$suite" ]; then stage="suite"; + elif [ -z "$target" ]; then stage="target"; + elif [ -z "$mirror" ]; then stage="mirror"; + elif [ -z "$script" ]; then stage="script"; + fi + if [ -n "$1" ]; then + eval $stage=\"\$1\" + args="$args $(escape "$1")" + else + if [ $stage != script ]; then + die "option %s may not be empty" "$stage" + fi + fi + shift + ;; + esac +done + +needs_qemu="yes" +if [ "$deb_arch" = "$system_arch" ]; then + warn "Target architecture is the same as host architecture; disabling QEMU support" + needs_qemu="no" +fi +# bi-arch; TODO test whether the running kernel is actually bi-arch capable +case "$system_arch-$deb_arch" in + amd64-i386|amd64-lpia|arm-armel|arm-armhf|armel-arm|armhf-arm|i386-amd64|i386-lpia|lpia-i386|powerpc-ppc64|ppc64-powerpc|sparc-sparc64|sparc64-sparc) + warn "Host architecture might allow running target architecture; disabling QEMU support" + needs_qemu="no" + ;; +esac + +if [ "$needs_qemu" = no ]; then + eval run debootstrap --arch "$deb_arch" $opts $args + exit 0 +fi + +qemu_arch="" +case "$deb_arch" in + alpha|arm|armeb|i386|m68k|mips|mipsel|ppc64|sh4|sh4eb|sparc|sparc64) + qemu_arch="$deb_arch" + ;; + amd64) + qemu_arch="x86_64" + ;; + armel|armhf) + qemu_arch="arm" + ;; + lpia) + qemu_arch="i386" + ;; + powerpc) + qemu_arch="ppc" + ;; + *) + die "Sorry, I don't know how to support arch %s" "$arch" + ;; +esac + +if ! which "qemu-$qemu_arch-static" >/dev/null 2>&1; then + die "Sorry, couldn't find binary %s" "qemu-$qemu_arch-static" +fi + +eval run debootstrap --arch "$deb_arch" --foreign $opts $args +mkdir -p "$target/usr/bin" +cp $(which "qemu-$qemu_arch-static") "$target/usr/bin" +run chroot "$target" /debootstrap/debootstrap --second-stage + --- qemu-kvm-1.0+noroms.orig/debian/qemu-ifdown +++ qemu-kvm-1.0+noroms/debian/qemu-ifdown @@ -0,0 +1,22 @@ +#!/bin/sh + +# NOTE: This script is intended to run in conjunction with qemu-ifup +# which uses the same logic to find your bridge/switch + +nic=$1 + +if [ -f /etc/default/qemu-kvm ]; then + . /etc/default/qemu-kvm +fi + +if [ -z "$TAPBR" ]; then + switch=$(ip route list | awk '/^default / { print $5 }') + if [ ! -d "/sys/class/net/${switch}/bridge" ]; then + switch=virbr0 + fi +else + switch=$TAPBR +fi + +brctl delif $switch $nic +ifconfig $nic 0.0.0.0 down --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.dirs +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.dirs @@ -0,0 +1,3 @@ +usr/bin +usr/share/binfmts +etc/sysctl.d --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.postinst +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +if [ "$1" = configure ] && which update-binfmts >/dev/null; then + # qemu-arm-static package did not properly remove the format on upgrades + update-binfmts --package qemu-arm-static \ + --remove arm /usr/bin/qemu-arm-static || true + + for target in @BINFMT_TARGETS@; do + update-binfmts --import "qemu-$target" + done +fi + +# apply /etc/sysctl.d settings +if [ "$1" = configure ]; then + invoke-rc.d procps start +fi + +#DEBHELPER# + --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.postrm +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.postrm @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +# apply /etc/sysctl.d settings +if [ "$1" = purge ]; then + invoke-rc.d procps start +fi + +#DEBHELPER# --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.preinst +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.preinst @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +if [ -e /etc/sysctl.d/qemu-arm-static.sysctl.conf ]; then + mv -f /etc/sysctl.d/qemu-arm-static.sysctl.conf \ + /etc/sysctl.d/30-qemu-kvm-extras-static.conf +fi + +#DEBHELPER# + --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.prerm +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.prerm @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +case "$1" in + upgrade|remove) + if which update-binfmts >/dev/null; then + for target in @BINFMT_TARGETS@; do + update-binfmts --package qemu-kvm-extras-static \ + --remove "qemu-$target" "/usr/bin/qemu-$target-static" + done + fi + ;; +esac + +#DEBHELPER# + --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.sysctl +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.sysctl @@ -0,0 +1,2 @@ +vm.vdso_enabled = 0 +vm.mmap_min_addr = 4097 --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras-static.sysctl.amd64 +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras-static.sysctl.amd64 @@ -0,0 +1 @@ +vm.mmap_min_addr = 4097 --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras.dirs +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras.dirs @@ -0,0 +1 @@ +usr/bin --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm-extras.links +++ qemu-kvm-1.0+noroms/debian/qemu-kvm-extras.links @@ -0,0 +1,29 @@ +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-alpha.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-cris.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-arm.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-armeb.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-m68k.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-mips.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-mipsel.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-ppc.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-ppc64.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-ppc64abi32.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-sh4.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-sh4eb.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-sparc.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-sparc32plus.1.gz +usr/share/man/man1/qemu-user.1.gz usr/share/man/man1/qemu-sparc64.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-arm.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-cris.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-m68k.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-mips.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-mips64.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-mips64el.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-mipsel.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-ppc.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-ppc64.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-ppcemb.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-sh4.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-sh4eb.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-sparc.1.gz +usr/share/man/man1/qemu.1.gz usr/share/man/man1/qemu-system-sparc64.1.gz --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.1 +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.1 @@ -0,0 +1,38 @@ +.\" $Id: qemu-kvm.1 376 2009-03-03 20:45:06Z aurel32 $ +.TH qemu\-kvm 1 2007-02-08 "0.9.0" Debian +.SH NAME +qemu\-kvm \- QEMU User Emulator +.SH SYNOPSIS +.B qemu\-kvm +.RI [ options ] +.I program +.RI [ program-arguments... ] +.SH DESCRIPTION +The +.B qemu\-kvm +emulator can run binaries for other architectures but with the same operating +system as the current one. +.SH OPTIONS +.TP +.BR \-h +Print this help. +.TP +.BR \-g +Wait gdb connection to port 1234. +.TP +.BR \-L " \fI\fP" +Set the elf interpreter prefix (default=\fI/usr/gnemul/qemu\-arm\fP). +.TP +.BR \-s " \fI\fP" +Set the stack size in bytes (default=\fI524288\fP). +.TP +.BR \-d " \fI\fP" +Activate log (logfile=\fI/tmp/qemu.log\fP) +.TP +.BR \-p " \fI\fP" +Set the host page size to 'pagesize'. +.SH SEE ALSO +.BR qemu (1), +.BR qemu\-img (1). +.SH AUTHOR +This manual page was written by Guillem Jover . --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.default +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.default @@ -0,0 +1,19 @@ +# To disable qemu-kvm's page merging feature, set KSM_ENABLED=0 and +# sudo restart qemu-kvm + +KSM_ENABLED=1 +SLEEP_MILLISECS=200 + +# To load the vhost_net module, which in some cases can speed up +# network performance, set VHOST_NET_ENABLED to 1. +VHOST_NET_ENABLED=0 + +# By default, enable nested kvm for intel cpus. (AMD cpus always have +# it enabled). If you want to disable nested kvm, comment the first +# line and uncomment the second. +KVM_NESTED=" nested=1" +#KVM_NESTED="" + +# Uncomment this if you want to specify a bridge for qemu-ifup to use +# for tap devices +#TAPBR=virbr0 --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.install +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.install @@ -0,0 +1 @@ +kvm/kvm_stat usr/bin --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.links +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.links @@ -0,0 +1,9 @@ +usr/bin/qemu-system-x86_64 usr/bin/kvm +usr/share/qemu usr/share/qemu-kvm +usr/share/qemu usr/share/kvm +usr/share/doc/qemu usr/share/doc/kvm +usr/share/man/man1/qemu-kvm.1 usr/share/man/man1/qemu-i386.1 +usr/share/man/man1/qemu-kvm.1 usr/share/man/man1/qemu-x86_64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-i386.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-x86_64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/kvm.1 --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.manpages +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.manpages @@ -0,0 +1 @@ +debian/qemu-kvm.1 --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.postinst +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.postinst @@ -0,0 +1,28 @@ +#!/bin/sh + +set -e + +if [ "$1" = configure ]; then + # Clean up old kvm confiles from jaunty-era kvm + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 0.12.3-0ubuntu6; then + for i in "/lib/udev/rules.d/45-kvm.rules" "/etc/init.d/kvm" "/etc/kvm/kvm-ifup"; do + [ -f "$i" ] && rm -f "$i" || true + done + fi +fi + +#DEBHELPER# + +# Remove group::--- acl mistakenly placed on /dev/kvm by udev-acl +if [ -c /dev/kvm -a ! -L /dev/kvm ] +then + /usr/bin/setfacl -m g::rw /dev/kvm +fi + + +# We've added new udev rules for /dev/kvm, so if kvm module is already loaded, +# make udev recalculate owner/perms. +udevadm trigger --subsystem-match=misc --action=change + +exit 0 + --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.preinst +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.preinst @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +# Add the kvm group unless it's already there +if ! getent group kvm >/dev/null; then +addgroup --quiet --system kvm +fi + +#DEBHELPER# --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.udev +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.udev @@ -0,0 +1 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" --- qemu-kvm-1.0+noroms.orig/debian/qemu-kvm.upstart +++ qemu-kvm-1.0+noroms/debian/qemu-kvm.upstart @@ -0,0 +1,51 @@ +# qemu-kvm + +description "KVM" +author "Dustin Kirkland " + +start on runlevel [2345] + +pre-start script + if /bin/running-in-container; then + exit 0; + fi + # Silently exit if the package isn't installed anymore + if [ ! -e /usr/bin/kvm ]; then + exit 0 + fi + [ -r /etc/default/qemu-kvm ] && . /etc/default/qemu-kvm + # Load the appropriate module, respecting blacklists + if grep -qs "^flags.* vmx" /proc/cpuinfo; then + modprobe -b kvm_intel "$KVM_NESTED" || true + elif grep -qs "^flags.* svm" /proc/cpuinfo; then + modprobe -b kvm_amd || true + fi + # Enable KSM, respecting the default configuration file + if [ "$KSM_ENABLED" = "1" ]; then + [ -w /sys/kernel/mm/ksm/run ] && echo 1 > /sys/kernel/mm/ksm/run + if [ -w /sys/kernel/mm/ksm/sleep_millisecs ]; then + if [ -n "$SLEEP_MILLISECS" ]; then + echo "$SLEEP_MILLISECS" > /sys/kernel/mm/ksm/sleep_millisecs + fi + fi + else + [ -w /sys/kernel/mm/ksm/run ] && echo 0 > /sys/kernel/mm/ksm/run + fi + # If /etc/default/qemu-kvm says to, load vhost_net. Default is not to. + if [ "$VHOST_NET_ENABLED" = "1" ]; then + modprobe -b vhost_net || true + fi +end script + +post-stop script + if /bin/running-in-container; then + exit 0; + fi + # Unload the modules + if grep -qs "^flags.* vmx" /proc/cpuinfo; then + modprobe -r kvm_intel || true + elif grep -qs "^flags.* svm" /proc/cpuinfo; then + modprobe -r kvm_amd || true + fi + modprobe -r vhost_net || true +end script --- qemu-kvm-1.0+noroms.orig/debian/qemu-user.1 +++ qemu-kvm-1.0+noroms/debian/qemu-user.1 @@ -0,0 +1,38 @@ +.\" $Id: qemu-user.1 376 2009-03-03 20:45:06Z aurel32 $ +.TH qemu\-user 1 2007-02-08 "0.9.0" Debian +.SH NAME +qemu\-user \- QEMU User Emulator +.SH SYNOPSIS +.B qemu\-user +.RI [ options ] +.I program +.RI [ program-arguments... ] +.SH DESCRIPTION +The +.B qemu\-user +emulator can run binaries for other architectures but with the same operating +system as the current one. +.SH OPTIONS +.TP +.BR \-h +Print this help. +.TP +.BR \-g +Wait gdb connection to port 1234. +.TP +.BR \-L " \fI\fP" +Set the elf interpreter prefix (default=\fI/usr/gnemul/qemu\-arm\fP). +.TP +.BR \-s " \fI\fP" +Set the stack size in bytes (default=\fI524288\fP). +.TP +.BR \-d " \fI\fP" +Activate log (logfile=\fI/tmp/qemu.log\fP) +.TP +.BR \-p " \fI\fP" +Set the host page size to 'pagesize'. +.SH SEE ALSO +.BR qemu (1), +.BR qemu\-img (1). +.SH AUTHOR +This manual page was written by Guillem Jover . --- qemu-kvm-1.0+noroms.orig/debian/qemu-utils.dirs +++ qemu-kvm-1.0+noroms/debian/qemu-utils.dirs @@ -0,0 +1,3 @@ +usr/bin +usr/share/man/man1 +usr/share/man/man8 --- qemu-kvm-1.0+noroms.orig/debian/qemu-utils.links +++ qemu-kvm-1.0+noroms/debian/qemu-utils.links @@ -0,0 +1,4 @@ +usr/bin/qemu-img usr/bin/kvm-img +usr/bin/qemu-nbd usr/bin/kvm-nbd +usr/share/man/man1/qemu-img.1.gz usr/share/man/man1/kvm-img.1.gz +usr/share/man/man8/qemu-nbd.8.gz usr/share/man/man8/kvm-nbd.8.gz --- qemu-kvm-1.0+noroms.orig/debian/rules +++ qemu-kvm-1.0+noroms/debian/rules @@ -0,0 +1,128 @@ +#!/usr/bin/make -f + +include /usr/share/quilt/quilt.make + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_HOST_ARCH_CPU ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) + +export DEB_BUILD_HARDENING=1 + +# Handle DEB_BUILD_OPTIONS=parallel=N +, := , +ifneq (,$(filter parallel=%,$(subst $(,), ,$(DEB_BUILD_OPTIONS)))) + NUMJOBS := $(patsubst parallel=%,%,$(filter parallel=%,$(subst $(,), ,$(DEB_BUILD_OPTIONS)))) + MAKEFLAGS += -j$(NUMJOBS) +endif + +ifeq ($(DEB_HOST_ARCH_OS),linux) +# Note: We differ from Debian here by favoring the pulseaudio driver, since that's default in Ubuntu. +# Users override this when calling qemu by exporting the environment variable QEMU_AUDIO_DRV. +conf_arch += --audio-drv-list="pa,alsa,sdl,oss" --enable-vnc-sasl --enable-docs +endif +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) +conf_arch += --audio-drv-list=oss,sdl,pa +endif +ifeq ($(filter $(DEB_HOST_ARCH),i386 amd64 lpia),) +conf_arch += --disable-kvm +endif + +debsrc_ver := $(shell dpkg-parsechangelog | sed -n -e 's/^Version: //p' | perl -pe 's/-[^-]+$$//o') +debian_rev := $(shell dpkg-parsechangelog | sed -n -e 's/^Version: //p' | perl -pe 's/.*-//o') + +CFLAGS += -Wall -g -O$(if $(findstring noopt,$(DEB_BUILD_OPTIONS)),0,2) + +ifeq ($(DEB_HOST_ARCH_CPU),arm) +CFLAGS += -fno-var-tracking +endif + + +config-host.mak: $(QUILT_STAMPFN) + dh_testdir + ./configure \ + --target-list="x86_64-softmmu i386-softmmu x86_64-linux-user i386-linux-user" \ + --prefix=/usr \ + --interp-prefix=/etc/qemu-binfmt/%M \ + --disable-blobs \ + --disable-strip \ + --sysconfdir=/etc \ + --enable-rbd \ + $(conf_arch) + +build: build-stamp +build-stamp: config-host.mak + dh_testdir + touch $@ + +clean: + dh_testdir + rm -f install-stamp build-stamp + # Clean up some upstream build cruft + rm -f pc-bios/\*.bin pc-bios/\*.dtb pc-bios/openbios-\* roms/seabios/Makefile roms/vgabios/Makefile + [ ! -f config-host.mak ] || $(MAKE) distclean + $(MAKE) -f debian/rules unpatch + rm -f kvm/extboot/*.o kvm/extboot/extboot.img kvm/extboot/signrom config.mak kvm/user/config.mak kvm/user/test/lib/.*.d kvm/user/test/lib/*/.*.d kvm/bios/acpi-dsdt.aml kvm/bios/acpi-ssdt.aml qemu-monitor.texi + dh_clean + +install: install-stamp +install-stamp: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + # Build & install normally + $(MAKE) DESTDIR=$(CURDIR)/debian/qemu-kvm install + # move qemu-utils binaries into place + mv debian/qemu-kvm/usr/bin/qemu-nbd debian/qemu-utils/usr/bin/ + mv debian/qemu-kvm/usr/bin/qemu-img debian/qemu-utils/usr/bin/ + touch $@ + +binary-indep: + dh_testdir + dh_testroot + $(MAKE) -C pc-bios/optionrom + dh_install -i + dh_installdocs -X.bzr -i + dh_installman -i + dh_installchangelogs -i + dh_installdebconf -i + dh_link -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary-arch: install + dh_testdir + dh_testroot + dh_installdocs -s debian/changelog.qemu debian/changelog.kvm + dh_installinit -s --no-restart-on-upgrade --error-handler=true + dh_installman -s + dh_installudev -s --priority=45 + dh_installchangelogs -s + dh_install -s + dh_strip -s + dh_link -s + dh_compress -s + dh_fixperms -s + dh_installdeb -s + dh_shlibdeps -s + dh_gencontrol -s -Nkvm + dh_gencontrol -pkvm -- -v1:84+dfsg-0ubuntu16+$(debsrc_ver)+$(debian_rev) + # Prune keymaps from qemu-kvm, as these are now in qemu-common + rm -rf debian/qemu-kvm/usr/share/qemu/keymaps + # move manpages for qemu-utils to the right package + mv debian/qemu-kvm/usr/share/man/man1/qemu-img.1.gz debian/qemu-utils/usr/share/man/man1 + mv debian/qemu-kvm/usr/share/man/man8/qemu-nbd.8.gz debian/qemu-utils/usr/share/man/man8 + rmdir debian/qemu-kvm/usr/share/man/man8 + dh_md5sums -s + dh_builddeb -s + +binary: binary-indep binary-arch + +.PHONY: build clean binary-indep binary-arch binary install --- qemu-kvm-1.0+noroms.orig/debian/source_qemu-kvm.py +++ qemu-kvm-1.0+noroms/debian/source_qemu-kvm.py @@ -0,0 +1,12 @@ +'''apport package hook for qemu-kvm + +(c) 2009 Canonical Ltd. +Author: Dustin Kirkland +''' + +from apport.hookutils import * + +def add_info(report): + attach_hardware(report) + attach_related_packages(report, ['kvm*', '*libvirt*', 'virt-manager', 'qemu*']) + report['KvmCmdLine'] = command_output(['ps', '-C', 'kvm', '-F']) --- qemu-kvm-1.0+noroms.orig/debian/watch +++ qemu-kvm-1.0+noroms/debian/watch @@ -0,0 +1,3 @@ +version=3 +http://sf.net/kvm/qemu-kvm-([0-9].*)\.tar\.gz \ + debian uupdate