Bug#687153: unblock: qemu/1.1.2+dfsg-2 qemu-kvm/1.1.2+dfsg-2
Control: retitle -1 unblock: qemu/1.1.2+dfsg-2 qemu-kvm/1.1.2+dfsg-2
On 16.09.2012 00:58, Michael Tokarev wrote:
> On 10.09.2012 15:18, Michael Tokarev wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: firstname.lastname@example.org
>> Usertags: unblock
>> We (qemu team) prepared new releases of qemu and qemu-kvm packages,
>> based on new upstream stable/bugfix releases of 1.1.y series.
> There's apparently one more bugfix pending. I thought we fixed
> a bug -- #686524 -- but it is not fixed. We identified the bad
> upstream commit which lead to that problem, and are working with
> upstream to identify the fix. If that'll take too long I'll
> just revert that (small) commit, to restore the old functionality.
> Which means, however, that a new upload is needed. The current
> version in sid brings in alot of good changes still, but it does
> not fix all known bugs unfortunately.
I made two new releases (both qemu and qemu-kvm as they both
share the same issue), updating subject and retitling the
bugreport accordingly. The uploads contains a revert of the
upstream commit which caused this regression. Unfortunately
we're very short in time, and the proper solution is a bit
difficult to come with.
Meanwhile, I found a completely misapplied patch in qemu - it
were applied upstream, but when we updated to the new version
we updated that patch wrongly, and as a result it were applied
to completely irrelevant place. No harm was done, but it was
a very wrong thing to do anyway. So I dropped that patch
(fix-armhf-prctl.patch) now, increasing qemu's debdiff even
And I also found a long-standing bug in -jN handling of qemu
build process (found it while trying rebulding package in
various configurations) -- -jN were passed to sub-makes, so
when run as dpkg-buildpackage -jN, sub-make complained that
the job server is disabled and did a wrong thing, failing to
build in the end. So I removed these bogus passing of -jN
(it was #597524).
I'll post two new debdiffs in separate emails.
Also, in the original unblock request, I made mistakes when
providing GIT URLs -- I pointed to individual git commits
instead of 'shortlogs'.
So here's the original unblock request with URLs and
version numbers corrected:
We (qemu team) prepared new releases of qemu and qemu-kvm packages,
based on new upstream stable/bugfix releases of 1.1.y series.
This update brings some rather large set of fixes, all of which are
carefully choosen and are really worth to have in wheezy. Some of
them resurrects broken architecture support (qemu emulation has been
broken on arm, s390 and a few others for example).
One of the fix included in this release is a security fix for rather
important issue, CVE-2012-3515, which is #686974. I wanted to make
a release just with this fix included because it is a serious problem,
but this may complicate the work for the release team to review the
changes, since the fix makes the difference even larger (it is included
in upstream source in this release, and I didn't want to include it
as a patch for previous release to be removed again). Due to this,
this unblock request is somewhat urgent, if it's the right term.
Together with this large set of fixes, these releases brings two
packages (qemu and qemu-kvm) to the same state - each has the same
set of fixes applied and correspond to the same upstream release.
This is important point, since it appears that qemu[-kvm] is now in
wide use, and many bugs are discovered (including security ones),
and the two packages (which share the same codebase actually, but
which we weren't able to merge for wheezy) should receive the same
set of fixes, almost everything which is relevant for one is also
relevant for another (the difference is because qemu package builds
emulators for other architectures too, not just x86, so can require
more fixes than qemu-kvm).
And this is the reason why I'm requesting a single unblock for both,
and why both have the same version number now.
Now, for the changes.
The chanhes are different for qemu and qemu-kvm, but the resulting
code base becomes the same. This is because current qemu in wheezy
is of version 1.1.0, while qemu-kvm is of version 1.1.1, which
brings whole upstream stable/bugfix release, plus wheeze's qemu-kvm
includes several patches which went to upstream 1.1.2, which are
missing in wheeze's qemu too, obviously. Plus, upstream qemu-kvm
1.1.0 included a few rather large (but important) fixes which were
missing in qemu 1.1.0 (but were included in qemu 1.1.1).
But the final upstream set of changes is the same. It can be seen
online as git tree/history in both git.debian.org tree:
qemu-kvm, since debian/1.1.0+dfsg-2 tag, and
qemu, up to debian/1.1.0+dfsg-1 tag,
and in upstream git trees:
All these changes are the same, and both upstream received exactly the
same set of bugfixes for their 1.1.2 releases.
For debian qemu-kvm package, I had to remove a number of files from
debian/patches/ for the fixes which were included upstream, list is
provided in the changelog.
For previous qemu-kvm release I tried to open bugreports in Debian BTS
for each change/fix I added, with description of the severity/impact
of each. But it turned out to be very time-consuming, and not very
useful. Each git commit has more or less good explanation of what it
is fixing, but usually it is understandable for a person who has
deep knowlege of qemu internals. We can try to come up with some
widely understandable desriptions if required.
What I can say for sure is that all the fixes (except documentation
updates) are fixing real bugs which were hit by real users. Due to
the nature of this package (system emulator), each such bug has a
large impact on the users, because it is very difficult to understand
why their systems does not work as intended when the problem is within
And the fact that the number of these fixes is large is actually a very
good sign: there are some people finally who cares about qemu and its
bugs, and bugs are being fixed and fixes being backported to previous
releases. It is the first time we see this happening on qemu side,
all previous releases did not receive almost any fixes except of
some large security ones.
I'm sending two debdiffs as replies to this email, one for qemu and
one for qemu-kvm. But since both have all upstream changes in one
large diff, it might be more productive to take a look at the upstream
git tree for each non-debian change.
Note: large portion of the changes are already ACKed (unblocked)
by Julien Cristau for qemu-kvm 1.1.1+dfsg-1, since it included quite
significant set of changes from 1.1.2 release.
I also included one more patch to qemu package, which fixes qemu on
s360* platform. This is an upstream patch (by Aurelien Jarno) that
should go to next upstream stable hopefully, and which is local to
s360 so has no impact on other arches.
Thank you for your time!