-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 May 2024 08:44:38 +0300
Source: qemu
Architecture: source
Version: 1:7.2+dfsg-7+deb12u6
Distribution: bookworm
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1068819 1068820 1068821
Changes:
qemu (1:7.2+dfsg-7+deb12u6) bookworm; urgency=medium
.
* update to upstream 7.2.11 stable/bugfix release, v7.2.11.diff,
https://gitlab.com/qemu-project/qemu/-/commits/v7.2.11 :
- Update version for 7.2.11 release
- ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
- ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
- target/sh4: add missing CHECK_NOT_DELAY_SLOT
- hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
(Closes: #1068821, CVE-2024-3447)
- hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
- hw/net/lan9118: Fix overflow in MIL TX FIFO
- backends/cryptodev: Do not abort for invalid session ID
- hw/misc/applesmc: Fix memory leak in reset() handler
- hw/block/nand: Fix out-of-bound access in NAND block buffer
- hw/block/nand: Have blk_load() take unsigned offset and return boolean
- hw/block/nand: Factor nand_load_iolen() method out
- qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
(Closes: #1068820, CVE-2024-3446)
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
(Closes: #1068820, CVE-2024-3446)
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
(Closes: #1068820, CVE-2024-3446)
- hw/virtio: Introduce virtio_bh_new_guarded() helper
- linux-user: Fix waitid return of siginfo_t and rusage
- tcg/optimize: Do not attempt to constant fold neg_vec
- hw/virtio: Fix packed virtqueue flush used_idx
- hw/net/virtio-net: fix qemu set used ring flag even vhost started
- hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled
- gitlab-ci/cirrus: switch from 'master' to 'latest'
- target/hppa: Clear psw_n for BE on use_nullify_skip path
- tcg/optimize: Fix sign_mask for logical right-shift
- virtio-net: Fix vhost virtqueue notifiers for RSS
- monitor/hmp-cmds-target: Append a space in error message in gpa2hva()
- hw/scsi/scsi-generic: Fix io_timeout property not applying
- target/loongarch: Fix qemu-system-loongarch64 assert failed
with the option '-d int'
- target/i386: Revert monitor_puts() in do_inject_x86_mce()
- target/i386: fix direction of "32-bit MMU" test
- target/i386: use separate MMU indexes for 32-bit accesses
- target/i386: introduce function to query MMU indices
- tests: Raise timeouts for bufferiszero and crypto-tlscredsx509
- tests/unit: Bump test-replication timeout to 60 seconds
- tests/unit: Bump test-crypto-block test timeout to 5 minutes
- tests/unit: Bump test-aio-multithread test timeout to 2 minutes
- migration: Skip only empty block devices
- hmat acpi: Fix out of bounds access due to missing use of indirection
- pcie_sriov: Validate NumVFs
(Closes: #1068819, CVE-2024-26327)
- hw/nvme: Use pcie_sriov_num_vfs()
(Closes: #1068819, CVE-2024-26328)
- pcie: Introduce pcie_sriov_num_vfs
- hw/nvme: add machine compatibility parameter to enable msix exclusive bar
- hw/nvme: generalize the mbar size helper
- hw/nvme: separate 'serial' property for VFs
- hw/nvme: cleanup error reporting in nvme_init_pci()
- hw/nvme: clean up confusing use of errp/local_err
- Avoid unaligned fetch in ladr_match()
- e1000e: fix link state on resume
- make-release: switch to .xz format by default
- hw/scsi/lsi53c895a: add timer to scripts processing
- hw/scsi/lsi53c895a: add missing decrement of reentrancy counter
- hw/scsi/lsi53c895a: stop script on phase mismatch
- system/qdev-monitor: move drain_call_rcu call
under if (!dev) in qmp_device_add()
- hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later
- target/arm: Fix SME full tile indexing
- tests/tcg/aarch64/sysregs.c: Use S syntax for
id_aa64zfr0_el1 and id_aa64smfr0_el1
- target/arm: align exposed ID registers with Linux
- ui/cocoa: Fix window clipping on macOS 14
- gitlab: update FreeBSD Cirrus CI image to 13.3
* update to upstream 7.2.10 stable/bugfix release, v7.2.10.diff,
https://gitlab.com/qemu-project/qemu/-/commits/v7.2.10 :
- Update version for 7.2.10 release
- target/i386: the sgx_epc_get_section stub is reachable
- tests/unit/test-blockjob: Disable complete_in_standby test
- tests/qtest/display-vga-test: Add proper checks if a device is available
- test-vmstate: fix bad GTree usage, use-after-free
- tests/unit/test-util-sockets: Remove temporary file after test
- hw/usb/bus.c: PCAP adding 0xA in Windows version
- gitlab: force allow use of pip in Cirrus jobs
- tests/vm: avoid re-building the VM images all the time
- tests/vm: update openbsd image to 7.4
- target/i386: leave the A20 bit set in the final NPT walk
- target/i386: remove unnecessary/wrong application of the A20 mask
- target/i386: Fix physical address truncation
- target/i386: check validity of VMCB addresses
- target/i386: mask high bits of CR3 in 32-bit mode
- pl031: Update last RTCLR value on write in case it's read back
- hw/nvme: fix invalid endian conversion
- target/ppc: Fix lxv/stxv MSR facility check
- .gitlab-ci.d/windows.yml: Drop msys2-32bit job
- system/vl: Update description for input grab key
- docs/system: Update description for input grab key
- audio: Depend on dbus_display1_dep
- meson: ensure dbus-display generated code is built before other units
- ui/console: Fix console resize with placeholder surface
- ui/clipboard: add asserts for update and request
- ui/clipboard: mark type as not available when there is no data
(Closes: CVE-2023-6683, already fixed in debian)
- ui: reject extended clipboard message if not activated
- target/i386: Generate an illegal opcode exception on cmp instructions
with lock prefix
- i386/cpuid: Move leaf 7 to correct group
- i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
- i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and
FEAT_XSAVE_XSS_HI leafs
- i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE
is not available
- iotests: Make 144 deterministic again
- target/arm: Don't get MDCR_EL2 in pmu_counter_enabled()
before checking ARM_FEATURE_PMU
- target/arm: Fix SVE/SME gross MTE suppression checks
- target/arm: Fix nregs computation in do_{ld,st}_zpa
- linux-user/aarch64: Choose SYNC as the preferred MTE mode
- tests/acpi: Update DSDT.cxl to reflect change _STA return value.
- hw/i386: Fix _STA return value for ACPI0017
- tests/acpi: Allow update of DSDT.cxl
- smmu: Clear SMMUPciBus pointer cache when system reset
- virtio_iommu: Clear IOMMUPciBus pointer cache when system reset
- hw/cxl: Pass CXLComponentState to cache_mem_ops
- cxl/cdat: Fix header sum value in CDAT checksum
- cxl/cdat: Handle cdat table build errors
- vhost-user.rst: Fix vring address description
- hw/smbios: Fix port connector option validation
- hw/smbios: Fix OEM strings table option validation
- pci-host: designware: Limit value range of iATU viewport register
- qemu-options.hx: Improve -serial option documentation
- system/vl.c: Fix handling of '-serial none -serial something'
- target/arm: fix exception syndrome for AArch32 bkpt insn
- block/blkio: Make s->mem_region_alignment be 64 bits
- qemu-docs: Update options for graphical frontends
- migration: Fix use-after-free of migration state object
* d/patches: remove
revert-monitor-only-run-coroutine-commands-in-qemu_aio_context.patch
This one turned out to be innocent, cryptsetup CI fails anyway.
* d/patches: remove now included upstream
ui-clipboard-mark-type-as-not-available-when-no-data-CVE-2023-6683.patch
* d/changelog: mention previous CVE fixes:
- CVE-2023-3019 fixed by 7.2+dfsg-7+deb12u4
- CVE-2024-24474 & CVE-2023-5088 fixed by 7.2+dfsg-7+deb12u3
- CVE-2023-3301 fixed by 7.2+dfsg-7+deb12u1
Checksums-Sha1:
aa68e7378e49b5e34a33d19442ba4f4e7dde4ced 6482 qemu_7.2+dfsg-7+deb12u6.dsc
3eb6b9c9b2521a41a1ac83d38460dea80c61a1fb 279820 qemu_7.2+dfsg-7+deb12u6.debian.tar.xz
57bb6f17ba44d8be320e74602d00f533252ebf46 19358 qemu_7.2+dfsg-7+deb12u6_source.buildinfo
Checksums-Sha256:
9d4b0990e394dea6c7b929006ec2c8ef915f429d0433cf33104036aa6230e252 6482 qemu_7.2+dfsg-7+deb12u6.dsc
98b3786d502b0e980c94c35f9edb1c9f63ef029ee8296ed2b9d5f9ebecdc6606 279820 qemu_7.2+dfsg-7+deb12u6.debian.tar.xz
71cd03fa51027339430f684eea95d84fe59e9d216cbfa750d7f847398964cc70 19358 qemu_7.2+dfsg-7+deb12u6_source.buildinfo
Files:
af18503a9b6e90138db051da3ea2d297 6482 otherosfs optional qemu_7.2+dfsg-7+deb12u6.dsc
829eac8c2a8d4b0fc1ef69bd40b7bb52 279820 otherosfs optional qemu_7.2+dfsg-7+deb12u6.debian.tar.xz
6d071aee8e8c27397982d5bb274a2dbd 19358 otherosfs optional qemu_7.2+dfsg-7+deb12u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmZOEmoPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Zce4IAMeZRwk3utWX5itjkvJg1Wtk5pLtkSkgLwcH
JEeqkddhK5MPNQJIEMkEvvmQ+npf4Qlp0+2MoWT5z4VU332F8Fqb3ILilkP4krzq
R8d+pNm6GV1qK4ZGql7jErX6iUOZvLkUydd5HPLnp+DHlwpjUM93hDg8Q9uH5Tb7
pn2e0bhFMahLD0nleeiu1zXPAjY8hJFmsn/UXVxz7FNN20Mt5y14L4ywQaznsZnk
CKWgCHaseEm2wuK8+vWn4qAeK6nminY226+zK34d6vIEMn1AZuNN70wuwciHKXs+
DV1ETAMoIWeNlSl55p/HwcAMCMSYQwrgyYBl16rBvZ7zBiIYZSQ=
=B8oi
-----END PGP SIGNATURE-----
Attachment:
pgpqW1D6fbXoR.pgp
Description: PGP signature