Bug#1035297: unblock: qemu/1:7.2+dfsg-6
Control: tags -1 moreinfo
On 2023-04-30 11:07:51 +0300, Michael Tokarev wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: pkg-qemu-devel@lists.alioth.debian.org
>
> Please unblock package qemu
>
> This debian release has the following:
>
> 1. sync with upstream qemu stable/bugfix 7.2.1 release, by removing
> all patches in debian/patches/master/ and replacing them all with
> single debian/patches/v7.2.1.diff which is a diff between upstream
> qemu 7.2.0 and 7.2.1 releases. This is a bulk of the changes in there.
> See "Other info" section below for more information.
>
> 2. Includes upstream qemu stable/bugfix 7.2.2 release.
> Upstream 7.2.2 needs its own comment. Historically, qemu stable
> were managed up until next major release is out. Here, 7.2.2
> was planned to be tagged the next day after 8.0.0 has been
> released (8.0 release didn't follow its schedule because of the
> amount of bugfixes needed there). So by the historical practice
> 7.2.2 should not be released. But I plan to change this practice,
> by providing a bit more support for previous major release of
> qemu, past the next major release date, and also plan to perform
> at least one more 7.2 upstream stable/bugfix release. We're
> discussing this on the qemu side. Either way, 7.2.2 is officially
> tagged in the upstream qemu git tree:
> https://gitlab.com/qemu-project/qemu/-/tags/v7.2.2
> so it's only matter of making a tarball out of it and making
> an official announcement.
So why is that added as a patch instead of uploading the new upstream
release?
Cheers
>
> 3. Includes a few more fixes which are taken from the upstream
> development mailing list, targetting next upstream releases
> (including stable), which fixes known issues.
>
> 4. Includes minor changes in the debian packaging, like fixing
> FTBFS due to unportable usage of \n escapes with echo and
> switching gbp.conf from master branch to debian-bookworm
> branch, and also includes the forgotten .desktop file which
> results in a missing icon file for qemu-system processes.
>
> The whole thing seems quite large, and when you look at the diffstat
> it is large: >3k LOC changed. But this is mostly due to the conversion
> from debian/patches/master/* to debian/patches/v7.2.1.diff.
>
> [ Reason ]
>
> This debian release has numerous bug fixes which affects many aspects
> of qemu functionality within debian. I will be targetting bookworm
> proposed updates with the same functionality if it misses initial
> bookworm release. This also includes a fix for relatively old issue
> which is more specific to debian: aptitude segfaulted within qemu-user
> environments, #811087.
>
> [ Tests ]
>
> The release is well-tested, as it is usual for all qemu stable releases,
> due to qemu excellent CI/testsuite. I verified it, together with extra
> changes, wihin my set of tests too. The extra changes (on top of 7.2.2)
> has also been discussed and tested.
>
> [ Risks ]
>
> As usual, the risk of breaking something do exists. Some unusual use
> case or guest which we didn't cover by testing and don't yet know about.
> Still, the amount of real, actual fixes included is much more than possible
> breakage.
>
> [ Checklist ]
> [x] all changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in testing
>
> [ Other info ]
>
> Since the direct diff between 1:7.2+dfsg-5 and 1:7.2+dfsg-6 is quite large,
> it's difficult to review. So I'm including 2 diffs instead.
>
> 1. 7.2+dfsg-6~no-v7.2.2.diff - I made an intermediate "syncing point"
> debian "release", which is just a sync with upstream 7.2.1. This diff
> is a difference in *source* (excluding debian/ but including d/patches
> parts) between extracted 7.2+dfsg-5 and 7.2+dfsg-6 but without the v7.2.2.diff
> and the extra 7.2+dfsg-6 patches. This diff shows just the sync between
> debian qemu and 7.2.1 upstream qemu release, plus the changes in d/patches
> which made it. The change in here is just 4 commits:
> version bump to 7.2.1
> block: Handle curl 7.55.0, 7.85.0 version changes
> build-sys: fix crlf-ending C code (only affects win32 builds)
> tests/tcg: fix unused variable in linux-test (fix test failure)
> all can be found here: https://gitlab.com/qemu-project/qemu/-/commits/v7.2.1
>
> 2. From 7.2+dfsg~6-no-v7.2.2, there's another diff to the final 7.2+dfsg-6
> release, now comparing debian/ parts only. This includes addition of
> v7.2.2.diff (and removal of CVE-2022-1050.patch), addition of 3 other
> patches to the source fixing more bugs, and other changes to debian/.
> All individual changes in v7.2.2.diff are available at
> https://gitlab.com/qemu-project/qemu/-/commits/v7.2.2 - it contains
> a bunch of various bugfixes in individual commits with descriptions.
>
>
> If this is too difficult for the release team to handle, I'm open to
> changing it somehow. All changes, in my opinion, are worth to have in
> bookworm, each and all were thought about with care.
>
> unblock qemu/1:7.2+dfsg-6
>
> === begin changelog
> qemu (1:7.2+dfsg-6) unstable; urgency=medium
>
> [ Michael Tokarev ]
> * sync with upstream v7.2.1 stable release, into d/patches/v7.2.1.diff.
> All patches from 7.2.1 (besides stuff not relevant for linux, such
> as mingw compilation fixes) has already been in d/patches/master/,
> now they're in single upstream patch file
> * v7.2.2.diff: upstream 7.2.2 stable/bugfix release
> * hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch:
> remove, included in v7.2.2
> * d/rules, d/qemu.desktop: provide an icon for gtk display (qemu.display)
> * d/gbp.conf: set debian branch to debian-bookworm
> * pick 3 more fixes from qemu-devel@:
> rtl8139-fix-large_send_mss-divide-by-zero.patch
> target_i386-Change-wrong-XFRM-value.patch
> hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch
> * +linux-user-fix-getgroups-setgroups-allocations.patch (Closes: #811087)
>
> [ Vagrant Cascadian ]
> * debian/rules: Use 'printf' instead of 'echo' to avoid differences
> in underlying /bin/sh implementations. Closes: #1034431
>
> -- Michael Tokarev <mjt@tls.msk.ru> Sat, 29 Apr 2023 13:02:55 +0300
>
>
> === begin 7.2+dfsg-6~no-v7.2.2.diff
> qemu-7.2+dfsg-6-no-v7.2.2/VERSION | 2
> qemu-7.2+dfsg-6-no-v7.2.2/block/curl.c | 44 ++++++++-
> qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/series | 46 ----------
> qemu-7.2+dfsg-5/debian/patches/master |only
> qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/v7.2.1.diff |only
> qemu-7.2+dfsg-6-no-v7.2.2/meson.build | 2
> qemu-7.2+dfsg-5/scripts/shaderinclude.pl |only
> qemu-7.2+dfsg-6-no-v7.2.2/scripts/shaderinclude.py |only
> qemu-7.2+dfsg-6-no-v7.2.2/tests/tcg/multiarch/linux/linux-test.c | 6 +
> 9 files changed, 45 insertions(+), 55 deletions(-)
>
> diff -upr qemu-7.2+dfsg-5/debian/patches/series qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/series
> --- qemu-7.2+dfsg-5/debian/patches/series 2023-03-05 20:03:09.000000000 +0300
> +++ qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/series 2023-04-30 10:37:10.747921243 +0300
> @@ -1,3 +1,4 @@
> +v7.2.1.diff
> microvm-default-machine-type.patch
> skip-meson-pc-bios.diff
> linux-user-binfmt-P.diff
> @@ -15,48 +16,3 @@ openbios-spelling-endianess.patch
> slof-spelling-seperator.patch
> ignore-roms-dependency-in-qtest.patch
> hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
> -# patches from qemu master branch which are for -stable:
> -master/target-sh4-Mask-restore-of-env-flags-from-tb-flags.patch
> -master/vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch
> -master/virtio-mem-Fix-the-bitmap-index-of-the-section-offse.patch
> -master/virtio-mem-Fix-the-iterator-variable-in-a-vmem-rdl_l.patch
> -master/target-arm-fix-handling-of-HLT-semihosting-in-system.patch
> -master/meson-accept-relative-symlinks-in-meson-introspect-i.patch
> -master/target-riscv-Set-pc_succ_insn-for-rvc-illegal-insn.patch
> -master/acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch
> -master/hw-nvme-fix-missing-endian-conversions-for-doorbell-.patch
> -master/hw-nvme-fix-missing-cq-eventidx-update.patch
> -master/configure-fix-GLIB_VERSION-for-cross-compilation.patch
> -master/target-arm-Fix-sve_probe_page.patch
> -master/target-arm-allow-writes-to-SCR_EL3.HXEn-bit-when-FEA.patch
> -master/target-arm-Fix-in_debug-path-in-S1_ptw_translate.patch
> -master/target-arm-Fix-physical-address-resolution-for-Stage2.patch
> -master/migration-ram-Fix-error-handling-in-ram_write_tracki.patch
> -master/migration-ram-Fix-populate_read_range.patch
> -master/qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
> -master/block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch
> -master/tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch
> -master/target-i386-Fix-BEXTR-instruction.patch
> -master/target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch
> -master/target-i386-fix-ADOX-followed-by-ADCX.patch
> -master/target-i386-Fix-BZHI-instruction.patch
> -master/block-iscsi-fix-double-free-on-BUSY-or-similar-status.patch
> -master/hw-smbios-fix-field-corruption-in-type-4-table.patch
> -master/Revert-x86-do-not-re-randomize-RNG-seed-on-snapshot-.patch
> -master/Revert-x86-re-initialize-RNG-seed-when-selecting-ker.patch
> -master/Revert-x86-reinitialize-RNG-seed-on-system-reboot.patch
> -master/Revert-x86-use-typedef-for-SetupData-struct.patch
> -master/Revert-x86-return-modified-setup_data-only-if-read-a.patch
> -master/Revert-hw-i386-pass-RNG-seed-via-setup_data-entry.patch
> -master/vhost-user-gpio-Configure-vhost_dev-when-connecting.patch
> -master/vhost-user-i2c-Back-up-vqs-before-cleaning-up-vhost_.patch
> -master/vhost-user-rng-Back-up-vqs-before-cleaning-up-vhost_.patch
> -master/virtio-rng-pci-fix-migration-compat-for-vectors.patch
> -master/virtio-rng-pci-fix-transitional-migration-compat-for.patch
> -master/hw-timer-hpet-Fix-expiration-time-overflow.patch
> -master/vdpa-stop-all-svq-on-device-deletion.patch
> -master/vhost-avoid-a-potential-use-of-an-uninitialized-vari.patch
> -master/libvhost-user-check-for-NULL-when-allocating-a-virtq.patch
> -master/chardev-char-socket-set-s-listener-NULL-in-char_sock.patch
> -master/intel-iommu-fail-MAP-notifier-without-caching-mode.patch
> -master/intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch
> Only in qemu-7.2+dfsg-5/debian/patches: master
> Only in qemu-7.2+dfsg-6-no-v7.2.2/debian/patches: v7.2.1.diff
>
> diff -upr -xdebian -x.pc qemu-7.2+dfsg-5/block/curl.c qemu-7.2+dfsg-6-no-v7.2.2/block/curl.c
> --- qemu-7.2+dfsg-5/block/curl.c 2022-12-14 19:28:45.000000000 +0300
> +++ qemu-7.2+dfsg-6-no-v7.2.2/block/curl.c 2023-04-30 10:39:07.316967149 +0300
> @@ -37,8 +37,15 @@
>
> // #define DEBUG_VERBOSE
>
> +/* CURL 7.85.0 switches to a string based API for specifying
> + * the desired protocols.
> + */
> +#if LIBCURL_VERSION_NUM >= 0x075500
> +#define PROTOCOLS "HTTP,HTTPS,FTP,FTPS"
> +#else
> #define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \
> CURLPROTO_FTP | CURLPROTO_FTPS)
> +#endif
>
> #define CURL_NUM_STATES 8
> #define CURL_NUM_ACB 8
> @@ -509,9 +516,18 @@ static int curl_init_state(BDRVCURLState
> * obscure protocols. For example, do not allow POP3/SMTP/IMAP see
> * CVE-2013-0249.
> *
> - * Restricting protocols is only supported from 7.19.4 upwards.
> + * Restricting protocols is only supported from 7.19.4 upwards. Note:
> + * version 7.85.0 deprecates CURLOPT_*PROTOCOLS in favour of a string
> + * based CURLOPT_*PROTOCOLS_STR API.
> */
> -#if LIBCURL_VERSION_NUM >= 0x071304
> +#if LIBCURL_VERSION_NUM >= 0x075500
> + if (curl_easy_setopt(state->curl,
> + CURLOPT_PROTOCOLS_STR, PROTOCOLS) ||
> + curl_easy_setopt(state->curl,
> + CURLOPT_REDIR_PROTOCOLS_STR, PROTOCOLS)) {
> + goto err;
> + }
> +#elif LIBCURL_VERSION_NUM >= 0x071304
> if (curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS) ||
> curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS)) {
> goto err;
> @@ -669,7 +685,12 @@ static int curl_open(BlockDriverState *b
> const char *file;
> const char *cookie;
> const char *cookie_secret;
> - double d;
> + /* CURL >= 7.55.0 uses curl_off_t for content length instead of a double */
> +#if LIBCURL_VERSION_NUM >= 0x073700
> + curl_off_t cl;
> +#else
> + double cl;
> +#endif
> const char *secretid;
> const char *protocol_delimiter;
> int ret;
> @@ -796,27 +817,36 @@ static int curl_open(BlockDriverState *b
> }
> if (curl_easy_perform(state->curl))
> goto out;
> - if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &d)) {
> + /* CURL 7.55.0 deprecates CURLINFO_CONTENT_LENGTH_DOWNLOAD in favour of
> + * the *_T version which returns a more sensible type for content length.
> + */
> +#if LIBCURL_VERSION_NUM >= 0x073700
> + if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &cl)) {
> goto out;
> }
> +#else
> + if (curl_easy_getinfo(state->curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &cl)) {
> + goto out;
> + }
> +#endif
> /* Prior CURL 7.19.4 return value of 0 could mean that the file size is not
> * know or the size is zero. From 7.19.4 CURL returns -1 if size is not
> * known and zero if it is really zero-length file. */
> #if LIBCURL_VERSION_NUM >= 0x071304
> - if (d < 0) {
> + if (cl < 0) {
> pstrcpy(state->errmsg, CURL_ERROR_SIZE,
> "Server didn't report file size.");
> goto out;
> }
> #else
> - if (d <= 0) {
> + if (cl <= 0) {
> pstrcpy(state->errmsg, CURL_ERROR_SIZE,
> "Unknown file size or zero-length file.");
> goto out;
> }
> #endif
>
> - s->len = d;
> + s->len = cl;
>
> if ((!strncasecmp(s->url, "http://";, strlen("http://";))
> || !strncasecmp(s->url, "https://";, strlen("https://";)))
> diff -upr -xdebian -x.pc qemu-7.2+dfsg-5/meson.build qemu-7.2+dfsg-6-no-v7.2.2/meson.build
> --- qemu-7.2+dfsg-5/meson.build 2023-04-30 09:54:08.000000000 +0300
> +++ qemu-7.2+dfsg-6-no-v7.2.2/meson.build 2023-04-30 10:39:07.344968369 +0300
> @@ -2777,7 +2777,7 @@ config_host_data.set('CONFIG_SLIRP', sli
> genh += configure_file(output: 'config-host.h', configuration: config_host_data)
>
> hxtool = find_program('scripts/hxtool')
> -shaderinclude = find_program('scripts/shaderinclude.pl')
> +shaderinclude = find_program('scripts/shaderinclude.py')
> qapi_gen = find_program('scripts/qapi-gen.py')
> qapi_gen_depends = [ meson.current_source_dir() / 'scripts/qapi/__init__.py',
> meson.current_source_dir() / 'scripts/qapi/commands.py',
> Only in qemu-7.2+dfsg-5/scripts: shaderinclude.pl
> Only in qemu-7.2+dfsg-6-no-v7.2.2/scripts: shaderinclude.py
> diff -upr -xdebian -x.pc qemu-7.2+dfsg-5/tests/tcg/multiarch/linux/linux-test.c qemu-7.2+dfsg-6-no-v7.2.2/tests/tcg/multiarch/linux/linux-test.c
> --- qemu-7.2+dfsg-5/tests/tcg/multiarch/linux/linux-test.c 2022-12-14 19:28:45.000000000 +0300
> +++ qemu-7.2+dfsg-6-no-v7.2.2/tests/tcg/multiarch/linux/linux-test.c 2023-04-30 10:39:07.324967497 +0300
> @@ -354,13 +354,17 @@ static void test_pipe(void)
> if (FD_ISSET(fds[0], &rfds)) {
> chk_error(read(fds[0], &ch, 1));
> rcount++;
> - if (rcount >= WCOUNT_MAX)
> + if (rcount >= WCOUNT_MAX) {
> break;
> + }
> }
> if (FD_ISSET(fds[1], &wfds)) {
> ch = 'a';
> chk_error(write(fds[1], &ch, 1));
> wcount++;
> + if (wcount >= WCOUNT_MAX) {
> + break;
> + }
> }
> }
> }
> diff -upr -xdebian -x.pc qemu-7.2+dfsg-5/VERSION qemu-7.2+dfsg-6-no-v7.2.2/VERSION
> --- qemu-7.2+dfsg-5/VERSION 2022-12-14 19:28:45.000000000 +0300
> +++ qemu-7.2+dfsg-6-no-v7.2.2/VERSION 2023-04-30 10:39:07.316967149 +0300
> @@ -1 +1 @@
> -7.2.0
> +7.2.1
>
>
> === begin 7.2+dfsg-6.diff
> changelog | 24
> gbp.conf | 1
> rules | 5
> qemu.desktop | 8
> patches/hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch | 45
> patches/hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch | 42
> patches/linux-user-fix-getgroups-setgroups-allocations.patch | 213 ++++
> patches/rtl8139-fix-large_send_mss-divide-by-zero.patch | 68 +
> patches/target_i386-Change-wrong-XFRM-value.patch | 34
> patches/v7.2.2.diff | 514 ++++++++++
> patches/series | 6
> 11 files changed, 877 insertions(+), 83 deletions(-)
>
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/changelog qemu-7.2+dfsg-6/debian/changelog
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/changelog 2023-04-29 13:02:55.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/changelog 2023-03-05 20:09:04.000000000 +0300
> @@ -1,27 +1,3 @@
> -qemu (1:7.2+dfsg-6) unstable; urgency=medium
> -
> - [ Michael Tokarev ]
> - * sync with upstream v7.2.1 stable release, into d/patches/v7.2.1.diff.
> - All patches from 7.2.1 (besides stuff not relevant for linux, such
> - as mingw compilation fixes) has already been in d/patches/master/,
> - now they're in single upstream patch file
> - * v7.2.2.diff: upstream 7.2.2 stable/bugfix release
> - * hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch:
> - remove, included in v7.2.2
> - * d/rules, d/qemu.desktop: provide an icon for gtk display (qemu.display)
> - * d/gbp.conf: set debian branch to debian-bookworm
> - * pick 3 more fixes from qemu-devel@:
> - rtl8139-fix-large_send_mss-divide-by-zero.patch
> - target_i386-Change-wrong-XFRM-value.patch
> - hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch
> - * +linux-user-fix-getgroups-setgroups-allocations.patch (Closes: #811087)
> -
> - [ Vagrant Cascadian ]
> - * debian/rules: Use 'printf' instead of 'echo' to avoid differences
> - in underlying /bin/sh implementations. Closes: #1034431
> -
> - -- Michael Tokarev <mjt@tls.msk.ru> Sat, 29 Apr 2023 13:02:55 +0300
> -
> qemu (1:7.2+dfsg-5) unstable; urgency=medium
>
> * d/qemu-guest-agent.udev: fix missing comma
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/gbp.conf qemu-7.2+dfsg-6/debian/gbp.conf
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/gbp.conf 2023-04-29 12:05:13.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/gbp.conf 2023-03-05 20:03:09.000000000 +0300
> @@ -1,4 +1,3 @@
> [DEFAULT]
> sign-tags = True
> pristine-tar = True
> -debian-branch = debian-bookworm
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch qemu-7.2+dfsg-6/debian/patches/hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch 1970-01-01 03:00:00.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch 2023-04-29 12:58:18.000000000 +0300
> @@ -0,0 +1,42 @@
> +From: Thomas Huth <thuth@redhat.com>
> +Subject: [PATCH] hw/mips/malta: Fix the malta machine on big endian hosts
> +Date: Thu, 30 Mar 2023 17:26:13 +0200
> +Message-Id: <20230330152613.232082-1-thuth@redhat.com>
> +List-Id: <qemu-stable.nongnu.org>
> +
> +Booting a Linux kernel with the malta machine is currently broken
> +on big endian hosts. The cpu_to_gt32 macro wants to byteswap a value
> +for little endian targets only, but uses the wrong way to do this:
> +cpu_to_[lb]e32 works the other way round on big endian hosts! Fix
> +it by using the same ways on both, big and little endian hosts.
> +
> +Fixes: 0c8427baf0 ("hw/mips/malta: Use bootloader helper to set BAR registers")
> +Signed-off-by: Thomas Huth <thuth@redhat.com>
> +---
> + I've checked that both, the kernel from
> + https://landley.net/toybox/downloads/binaries/mkroot/0.8.9/mipsel.tgz
> + and the kernel from
> + https://landley.net/toybox/downloads/binaries/mkroot/0.8.9/mips.tgz
> + now boot fine on both, a little endian (x86) and a big endian (s390x) host.
> +
> + hw/mips/malta.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/hw/mips/malta.c b/hw/mips/malta.c
> +index af9021316d..b26ed1fc9a 100644
> +--- a/hw/mips/malta.c
> ++++ b/hw/mips/malta.c
> +@@ -630,7 +630,7 @@ static void bl_setup_gt64120_jump_kernel(void **p, uint64_t run_addr,
> + /* Bus endianess is always reversed */
> + #if TARGET_BIG_ENDIAN
> +-#define cpu_to_gt32 cpu_to_le32
> ++#define cpu_to_gt32(x) (x)
> + #else
> +-#define cpu_to_gt32 cpu_to_be32
> ++#define cpu_to_gt32(x) bswap32(x)
> + #endif
> +
> +--
> +2.31.1
> +
> +
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch qemu-7.2+dfsg-6/debian/patches/hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch 2023-04-30 10:33:17.674095770 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch 1970-01-01 03:00:00.000000000 +0300
> @@ -1,45 +0,0 @@
> -From: Yuval Shaia <yuval.shaia.ml@gmail.com>
> -Subject: [PATCH v3] hw/pvrdma: Protect against buggy or malicious guest driver
> -Date: Sun, 3 Apr 2022 12:52:34 +0300
> -Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
> -Content-Type: text/plain; charset="utf-8"
> -MIME-Version: 1.0
> -Content-Transfer-Encoding: 7bit
> -Bug-Debian: https://bugs.debian.org/1014589
> -
> -Guest driver might execute HW commands when shared buffers are not yet
> -allocated.
> -This could happen on purpose (malicious guest) or because of some other
> -guest/host address mapping error.
> -We need to protect against such case.
> -
> -Fixes: CVE-2022-1050
> -
> -Reported-by: Raven <wxhusst@gmail.com>
> -Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
> ----
> -v1 -> v2:
> - * Commit message changes
> -v2 -> v3:
> - * Exclude cosmetic changes
> ----
> - hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
> - 1 file changed, 6 insertions(+)
> -
> -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> -index da7ddfa548..89db963c46 100644
> ---- a/hw/rdma/vmw/pvrdma_cmd.c
> -+++ b/hw/rdma/vmw/pvrdma_cmd.c
> -@@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
> -
> - dsr_info = &dev->dsr_info;
> -
> -+ if (!dsr_info->dsr) {
> -+ /* Buggy or malicious guest driver */
> -+ rdma_error_report("Exec command without dsr, req or rsp buffers");
> -+ goto out;
> -+ }
> -+
> - if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
> - sizeof(struct cmd_handler)) {
> - rdma_error_report("Unsupported command");
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/linux-user-fix-getgroups-setgroups-allocations.patch qemu-7.2+dfsg-6/debian/patches/linux-user-fix-getgroups-setgroups-allocations.patch
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/linux-user-fix-getgroups-setgroups-allocations.patch 1970-01-01 03:00:00.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/linux-user-fix-getgroups-setgroups-allocations.patch 2023-04-26 18:50:55.000000000 +0300
> @@ -0,0 +1,213 @@
> +From b8c5ef59c357946f5982328641c24edd589fff45 Mon Sep 17 00:00:00 2001
> +From: Michael Tokarev <mjt@tls.msk.ru>
> +Date: Fri, 16 Dec 2022 18:07:07 +0300
> +Subject: [PATCH v4] linux-user: fix getgroups/setgroups allocations
> +
> +linux-user getgroups(), setgroups(), getgroups32() and setgroups32()
> +used alloca() to allocate grouplist arrays, with unchecked gidsetsize
> +coming from the "guest". With NGROUPS_MAX being 65536 (linux, and it
> +is common for an application to allocate NGROUPS_MAX for getgroups()),
> +this means a typical allocation is half the megabyte on the stack.
> +Which just overflows stack, which leads to immediate SIGSEGV in actual
> +system getgroups() implementation.
> +
> +An example of such issue is aptitude, eg
> +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811087#72
> +
> +Cap gidsetsize to NGROUPS_MAX (return EINVAL if it is larger than that),
> +and use heap allocation for grouplist instead of alloca(). While at it,
> +fix coding style and make all 4 implementations identical.
> +
> +Try to not impose random limits - for example, allow gidsetsize to be
> +negative for getgroups() - just do not allocate negative-sized grouplist
> +in this case but still do actual getgroups() call. But do not allow
> +negative gidsetsize for setgroups() since its argument is unsigned.
> +
> +Capping by NGROUPS_MAX seems a bit arbitrary, - we can do more, it is
> +not an error if set size will be NGROUPS_MAX+1. But we should not allow
> +integer overflow for the array being allocated. Maybe it is enough to
> +just call g_try_new() and return ENOMEM if it fails.
> +
> +Maybe there's also no need to convert setgroups() since this one is
> +usually smaller and known beforehand (KERN_NGROUPS_MAX is actually 63, -
> +this is apparently a kernel-imposed limit for runtime group set).
> +
> +The patch fixes aptitude segfault mentioned above.
> +
> +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
> +---
> +v4:
> + - the same ret-vs-gidsetsize fix in getgroups32.
> +v3:
> + - fix a bug in getgroups(). In initial implementation I checked
> + for ret>0 in order to convert returned list of groups to target
> + byte order. But this clashes with unusual corner case for this
> + syscall: getgroups(0,NULL) return current number of groups in
> + the set, so this resulted in writing to *NULL. The right condition
> + here is gidsetsize>0:
> + - if (!is_error(ret) && ret > 0) {
> + + if (!is_error(ret) && gidsetsize > 0) {
> +v2:
> + - remove g_free, use g_autofree annotations instead,
> + - a bit more coding style changes, makes checkpatch.pl happy
> +
> + linux-user/syscall.c | 99 ++++++++++++++++++++++++++++++--------------
> + 1 file changed, 68 insertions(+), 31 deletions(-)
> +
> +diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> +index 24b25759be..c532ee92c1 100644
> +--- a/linux-user/syscall.c
> ++++ b/linux-user/syscall.c
> +@@ -11433,39 +11433,58 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> + {
> + int gidsetsize = arg1;
> + target_id *target_grouplist;
> +- gid_t *grouplist;
> ++ g_autofree gid_t *grouplist = NULL;
> + int i;
> +
> +- grouplist = alloca(gidsetsize * sizeof(gid_t));
> ++ if (gidsetsize > NGROUPS_MAX) {
> ++ return -TARGET_EINVAL;
> ++ }
> ++ if (gidsetsize > 0) {
> ++ grouplist = g_try_new(gid_t, gidsetsize);
> ++ if (!grouplist) {
> ++ return -TARGET_ENOMEM;
> ++ }
> ++ }
> + ret = get_errno(getgroups(gidsetsize, grouplist));
> +- if (gidsetsize == 0)
> +- return ret;
> +- if (!is_error(ret)) {
> +- target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
> +- if (!target_grouplist)
> ++ if (!is_error(ret) && gidsetsize > 0) {
> ++ target_grouplist = lock_user(VERIFY_WRITE, arg2,
> ++ gidsetsize * sizeof(target_id), 0);
> ++ if (!target_grouplist) {
> + return -TARGET_EFAULT;
> +- for(i = 0;i < ret; i++)
> ++ }
> ++ for (i = 0; i < ret; i++) {
> + target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
> +- unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
> ++ }
> ++ unlock_user(target_grouplist, arg2,
> ++ gidsetsize * sizeof(target_id));
> + }
> ++ return ret;
> + }
> +- return ret;
> + case TARGET_NR_setgroups:
> + {
> + int gidsetsize = arg1;
> + target_id *target_grouplist;
> +- gid_t *grouplist = NULL;
> ++ g_autofree gid_t *grouplist = NULL;
> + int i;
> +- if (gidsetsize) {
> +- grouplist = alloca(gidsetsize * sizeof(gid_t));
> +- target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
> ++
> ++ if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
> ++ return -TARGET_EINVAL;
> ++ }
> ++ if (gidsetsize > 0) {
> ++ grouplist = g_try_new(gid_t, gidsetsize);
> ++ if (!grouplist) {
> ++ return -TARGET_ENOMEM;
> ++ }
> ++ target_grouplist = lock_user(VERIFY_READ, arg2,
> ++ gidsetsize * sizeof(target_id), 1);
> + if (!target_grouplist) {
> + return -TARGET_EFAULT;
> + }
> + for (i = 0; i < gidsetsize; i++) {
> + grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
> + }
> +- unlock_user(target_grouplist, arg2, 0);
> ++ unlock_user(target_grouplist, arg2,
> ++ gidsetsize * sizeof(target_id));
> + }
> + return get_errno(setgroups(gidsetsize, grouplist));
> + }
> +@@ -11750,41 +11769,59 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> + {
> + int gidsetsize = arg1;
> + uint32_t *target_grouplist;
> +- gid_t *grouplist;
> ++ g_autofree gid_t *grouplist = NULL;
> + int i;
> +
> +- grouplist = alloca(gidsetsize * sizeof(gid_t));
> ++ if (gidsetsize > NGROUPS_MAX) {
> ++ return -TARGET_EINVAL;
> ++ }
> ++ if (gidsetsize > 0) {
> ++ grouplist = g_try_new(gid_t, gidsetsize);
> ++ if (!grouplist) {
> ++ return -TARGET_ENOMEM;
> ++ }
> ++ }
> + ret = get_errno(getgroups(gidsetsize, grouplist));
> +- if (gidsetsize == 0)
> +- return ret;
> +- if (!is_error(ret)) {
> +- target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
> ++ if (!is_error(ret) && gidsetsize > 0) {
> ++ target_grouplist = lock_user(VERIFY_WRITE, arg2,
> ++ gidsetsize * 4, 0);
> + if (!target_grouplist) {
> + return -TARGET_EFAULT;
> + }
> +- for(i = 0;i < ret; i++)
> ++ for (i = 0; i < ret; i++) {
> + target_grouplist[i] = tswap32(grouplist[i]);
> ++ }
> + unlock_user(target_grouplist, arg2, gidsetsize * 4);
> + }
> ++ return ret;
> + }
> +- return ret;
> + #endif
> + #ifdef TARGET_NR_setgroups32
> + case TARGET_NR_setgroups32:
> + {
> + int gidsetsize = arg1;
> + uint32_t *target_grouplist;
> +- gid_t *grouplist;
> ++ g_autofree gid_t *grouplist = NULL;
> + int i;
> +
> +- grouplist = alloca(gidsetsize * sizeof(gid_t));
> +- target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
> +- if (!target_grouplist) {
> +- return -TARGET_EFAULT;
> ++ if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
> ++ return -TARGET_EINVAL;
> ++ }
> ++ if (gidsetsize > 0) {
> ++ grouplist = g_try_new(gid_t, gidsetsize);
> ++ if (!grouplist) {
> ++ return -TARGET_ENOMEM;
> ++ }
> ++ target_grouplist = lock_user(VERIFY_READ, arg2,
> ++ gidsetsize * 4, 1);
> ++ if (!target_grouplist) {
> ++ return -TARGET_EFAULT;
> ++ }
> ++ for (i = 0; i < gidsetsize; i++) {
> ++ grouplist[i] = tswap32(target_grouplist[i]);
> ++ }
> ++ unlock_user(target_grouplist, arg2, 0);
> + }
> +- for(i = 0;i < gidsetsize; i++)
> +- grouplist[i] = tswap32(target_grouplist[i]);
> +- unlock_user(target_grouplist, arg2, 0);
> + return get_errno(setgroups(gidsetsize, grouplist));
> + }
> + #endif
> +--
> +2.30.2
> +
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/rtl8139-fix-large_send_mss-divide-by-zero.patch qemu-7.2+dfsg-6/debian/patches/rtl8139-fix-large_send_mss-divide-by-zero.patch
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/rtl8139-fix-large_send_mss-divide-by-zero.patch 1970-01-01 03:00:00.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/rtl8139-fix-large_send_mss-divide-by-zero.patch 2023-04-26 18:50:55.000000000 +0300
> @@ -0,0 +1,68 @@
> +From: Stefan Hajnoczi <stefanha@redhat.com>
> +Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero
> +Date: Thu, 13 Apr 2023 13:19:46 -0400
> +Message-Id: <20230413171946.2865726-1-stefanha@redhat.com>
> +List-Id: <qemu-devel.nongnu.org>
> +
> +If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
> +Even if the division wasn't a problem, the for loop that emits MSS-sized
> +packets would never terminate.
> +
> +Solve these issues by skipping offloading when large_send_mss=0.
> +
> +This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
> +fuzzing work. The reproducer is:
> +
> + $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
> + 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
> + rtl8139,netdev=net0 -netdev user,id=net0 -device \
> + pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
> + memory-backend-ram,id=mem1,size=2M -qtest stdio
> + outl 0xcf8 0x80000814
> + outl 0xcfc 0xe0000000
> + outl 0xcf8 0x80000804
> + outw 0xcfc 0x06
> + write 0xe0000037 0x1 0x04
> + write 0xe00000e0 0x2 0x01
> + write 0x1 0x1 0x04
> + write 0x3 0x1 0x98
> + write 0xa 0x1 0x8c
> + write 0xb 0x1 0x02
> + write 0xc 0x1 0x46
> + write 0xd 0x1 0xa6
> + write 0xf 0x1 0xb8
> + write 0xb800a646028c000c 0x1 0x08
> + write 0xb800a646028c000e 0x1 0x47
> + write 0xb800a646028c0010 0x1 0x02
> + write 0xb800a646028c0017 0x1 0x06
> + write 0xb800a646028c0036 0x1 0x80
> + write 0xe00000d9 0x1 0x40
> + EOF
> +
> +Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
> +Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
> +Reported-by: Alexander Bulekov <alxndr@bu.edu>
> +Cc: Peter Maydell <peter.maydell@linaro.org>
> +Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> +---
> + hw/net/rtl8139.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> +index 5a5aaf868d..5f1a4d359b 100644
> +--- a/hw/net/rtl8139.c
> ++++ b/hw/net/rtl8139.c
> +@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
> +
> + int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
> + CP_TC_LGSEN_MSS_MASK;
> ++ if (large_send_mss == 0) {
> ++ goto skip_offload;
> ++ }
> +
> + DPRINTF("+++ C+ mode offloaded task TSO IP data %d "
> + "frame data %d specified MSS=%d\n",
> +--
> +2.39.2
> +
> +
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/series qemu-7.2+dfsg-6/debian/patches/series
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/series 2023-04-30 10:37:10.747921243 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/series 2023-04-29 12:57:45.000000000 +0300
> @@ -1,4 +1,5 @@
> v7.2.1.diff
> +v7.2.2.diff
> microvm-default-machine-type.patch
> skip-meson-pc-bios.diff
> linux-user-binfmt-P.diff
> @@ -15,4 +16,7 @@ spelling.diff
> openbios-spelling-endianess.patch
> slof-spelling-seperator.patch
> ignore-roms-dependency-in-qtest.patch
> -hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
> +linux-user-fix-getgroups-setgroups-allocations.patch
> +rtl8139-fix-large_send_mss-divide-by-zero.patch
> +target_i386-Change-wrong-XFRM-value.patch
> +hw_mips_malta-Fix-malta-machine-on-big-endian-hosts.patch
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/target_i386-Change-wrong-XFRM-value.patch qemu-7.2+dfsg-6/debian/patches/target_i386-Change-wrong-XFRM-value.patch
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/target_i386-Change-wrong-XFRM-value.patch 1970-01-01 03:00:00.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/target_i386-Change-wrong-XFRM-value.patch 2023-04-26 18:50:55.000000000 +0300
> @@ -0,0 +1,34 @@
> +From: Yang Zhong <yang.zhong@linux.intel.com>
> +Subject: [PATCH v3] target/i386: Change wrong XFRM value
> +Date: Thu, 6 Apr 2023 02:40:41 -0400
> +Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com>
> +List-Id: <qemu-devel.nongnu.org>
> +
> +The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
> +FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}, which made
> +SGX enclave only supported SSE and x87 feature(xfrm=0x3).
> +
> +Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
> +
> +Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com>
> +Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
> +---
> + target/i386/cpu.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> +index 6576287e5b..f083ff4335 100644
> +--- a/target/i386/cpu.c
> ++++ b/target/i386/cpu.c
> +@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> + } else {
> + *eax &= env->features[FEAT_SGX_12_1_EAX];
> + *ebx &= 0; /* ebx reserve */
> +- *ecx &= env->features[FEAT_XSAVE_XSS_LO];
> +- *edx &= env->features[FEAT_XSAVE_XSS_HI];
> ++ *ecx &= env->features[FEAT_XSAVE_XCR0_LO];
> ++ *edx &= env->features[FEAT_XSAVE_XCR0_HI];
> +
> + /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
> + *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
> +
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/v7.2.2.diff qemu-7.2+dfsg-6/debian/patches/v7.2.2.diff
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/patches/v7.2.2.diff 1970-01-01 03:00:00.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/patches/v7.2.2.diff 2023-04-29 12:09:29.000000000 +0300
> @@ -0,0 +1,514 @@
> +Subject: v7.2.2
> +Date: Sat, 29 Apr 2023 12:09:18 +0300
> +From: Michael Tokarev <mjt@tls.msk.ru>
> +Forwarded: not-needed
> +
> +This is a difference between upstream qemu v7.2.1
> +and upstream qemu v7.2.2.
> +
> + VERSION | 2 +-
> + block/vhdx-log.c | 2 +-
> + hw/arm/boot.c | 5 ++++-
> + hw/net/vmxnet3.c | 2 +-
> + hw/nvme/ctrl.c | 3 +++
> + hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
> + include/qemu/osdep.h | 2 +-
> + io/channel-tls.c | 3 +++
> + linux-user/fd-trans.c | 10 ++++++---
> + linux-user/fd-trans.h | 1 +
> + linux-user/generic/target_resource.h | 4 ++--
> + linux-user/syscall.c | 21 ++++++++++++------
> + qga/commands.c | 5 ++---
> + qga/installer/qemu-ga.wxs | 1 +
> + qga/vss-win32/install.cpp | 2 +-
> + target/arm/cpu.h | 3 +++
> + target/s390x/arch_dump.c | 2 +-
> + target/s390x/cpu.h | 1 +
> + target/s390x/s390x-internal.h | 3 ++-
> + target/s390x/tcg/insn-data.h.inc | 4 ++--
> + target/s390x/tcg/mem_helper.c | 1 +
> + target/s390x/tcg/translate.c | 41 ++++++++++++++++++++++++++++--------
> + ui/gtk.c | 4 +++-
> + util/fdmon-epoll.c | 25 ++++++++++++++++------
> + 24 files changed, 112 insertions(+), 41 deletions(-)
> +
> +diff --git a/VERSION b/VERSION
> +index b26a34e470..77f5bec5b2 100644
> +--- a/VERSION
> ++++ b/VERSION
> +@@ -1 +1 @@
> +-7.2.1
> ++7.2.2
> +diff --git a/block/vhdx-log.c b/block/vhdx-log.c
> +index 572582b87b..0866897a85 100644
> +--- a/block/vhdx-log.c
> ++++ b/block/vhdx-log.c
> +@@ -980,7 +980,7 @@ static int vhdx_log_write(BlockDriverState *bs, BDRVVHDXState *s,
> + sector_write = merged_sector;
> + } else if (i == sectors - 1 && trailing_length) {
> + /* partial sector at the end of the buffer */
> +- ret = bdrv_pread(bs->file, file_offset,
> ++ ret = bdrv_pread(bs->file, file_offset + trailing_length,
> + VHDX_LOG_SECTOR_SIZE - trailing_length,
> + merged_sector + trailing_length, 0);
> + if (ret < 0) {
> +diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> +index 15c2bf1867..725bab8adc 100644
> +--- a/hw/arm/boot.c
> ++++ b/hw/arm/boot.c
> +@@ -686,7 +686,10 @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
> + qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
> + rom_ptr_for_as(as, addr, size));
> +
> +- g_free(fdt);
> ++ if (fdt != ms->fdt) {
> ++ g_free(ms->fdt);
> ++ ms->fdt = fdt;
> ++ }
> +
> + return size;
> +
> +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> +index d2ab527ef4..56559cda24 100644
> +--- a/hw/net/vmxnet3.c
> ++++ b/hw/net/vmxnet3.c
> +@@ -1441,7 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
> + vmxnet3_setup_rx_filtering(s);
> + /* Cache fields from shared memory */
> + s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
> +- assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU);
> ++ assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu <= VMXNET3_MAX_MTU);
> + VMW_CFPRN("MTU is %u", s->mtu);
> +
> + s->max_rx_frags =
> +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
> +index 1d3e058452..749a6938dd 100644
> +--- a/hw/nvme/ctrl.c
> ++++ b/hw/nvme/ctrl.c
> +@@ -2491,6 +2491,9 @@ static uint16_t nvme_dsm(NvmeCtrl *n, NvmeRequest *req)
> + status = nvme_h2c(n, (uint8_t *)iocb->range, sizeof(NvmeDsmRange) * nr,
> + req);
> + if (status) {
> ++ g_free(iocb->range);
> ++ qemu_aio_unref(iocb);
> ++
> + return status;
> + }
> +
> +diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> +index da7ddfa548..89db963c46 100644
> +--- a/hw/rdma/vmw/pvrdma_cmd.c
> ++++ b/hw/rdma/vmw/pvrdma_cmd.c
> +@@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
> +
> + dsr_info = &dev->dsr_info;
> +
> ++ if (!dsr_info->dsr) {
> ++ /* Buggy or malicious guest driver */
> ++ rdma_error_report("Exec command without dsr, req or rsp buffers");
> ++ goto out;
> ++ }
> ++
> + if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
> + sizeof(struct cmd_handler)) {
> + rdma_error_report("Unsupported command");
> +diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
> +index b9c4307779..3d6cb431ad 100644
> +--- a/include/qemu/osdep.h
> ++++ b/include/qemu/osdep.h
> +@@ -177,7 +177,7 @@ extern "C" {
> + * supports QEMU_ERROR, this will be reported at compile time; otherwise
> + * this will be reported at link time due to the missing symbol.
> + */
> +-extern G_NORETURN
> ++G_NORETURN extern
> + void QEMU_ERROR("code path is reachable")
> + qemu_build_not_reached_always(void);
> + #if defined(__OPTIMIZE__) && !defined(__NO_INLINE__)
> +diff --git a/io/channel-tls.c b/io/channel-tls.c
> +index 4ce890a538..4ce08ccc28 100644
> +--- a/io/channel-tls.c
> ++++ b/io/channel-tls.c
> +@@ -74,6 +74,9 @@ qio_channel_tls_new_server(QIOChannel *master,
> + ioc = QIO_CHANNEL_TLS(object_new(TYPE_QIO_CHANNEL_TLS));
> +
> + ioc->master = master;
> ++ if (qio_channel_has_feature(master, QIO_CHANNEL_FEATURE_SHUTDOWN)) {
> ++ qio_channel_set_feature(QIO_CHANNEL(ioc), QIO_CHANNEL_FEATURE_SHUTDOWN);
> ++ }
> + object_ref(OBJECT(master));
> +
> + ioc->session = qcrypto_tls_session_new(
> +diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c
> +index 7b25468d02..146aaaafaa 100644
> +--- a/linux-user/fd-trans.c
> ++++ b/linux-user/fd-trans.c
> +@@ -1622,7 +1622,7 @@ TargetFdTrans target_signalfd_trans = {
> + .host_to_target_data = host_to_target_data_signalfd,
> + };
> +
> +-static abi_long swap_data_eventfd(void *buf, size_t len)
> ++static abi_long swap_data_u64(void *buf, size_t len)
> + {
> + uint64_t *counter = buf;
> + int i;
> +@@ -1640,8 +1640,12 @@ static abi_long swap_data_eventfd(void *buf, size_t len)
> + }
> +
> + TargetFdTrans target_eventfd_trans = {
> +- .host_to_target_data = swap_data_eventfd,
> +- .target_to_host_data = swap_data_eventfd,
> ++ .host_to_target_data = swap_data_u64,
> ++ .target_to_host_data = swap_data_u64,
> ++};
> ++
> ++TargetFdTrans target_timerfd_trans = {
> ++ .host_to_target_data = swap_data_u64,
> + };
> +
> + #if defined(CONFIG_INOTIFY) && (defined(TARGET_NR_inotify_init) || \
> +diff --git a/linux-user/fd-trans.h b/linux-user/fd-trans.h
> +index 1b9fa2041c..910faaf237 100644
> +--- a/linux-user/fd-trans.h
> ++++ b/linux-user/fd-trans.h
> +@@ -130,6 +130,7 @@ extern TargetFdTrans target_netlink_route_trans;
> + extern TargetFdTrans target_netlink_audit_trans;
> + extern TargetFdTrans target_signalfd_trans;
> + extern TargetFdTrans target_eventfd_trans;
> ++extern TargetFdTrans target_timerfd_trans;
> + #if (defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)) || \
> + (defined(CONFIG_INOTIFY1) && defined(TARGET_NR_inotify_init1) && \
> + defined(__NR_inotify_init1))
> +diff --git a/linux-user/generic/target_resource.h b/linux-user/generic/target_resource.h
> +index 539d8c4677..37d3eb09b3 100644
> +--- a/linux-user/generic/target_resource.h
> ++++ b/linux-user/generic/target_resource.h
> +@@ -12,8 +12,8 @@ struct target_rlimit {
> + };
> +
> + struct target_rlimit64 {
> +- uint64_t rlim_cur;
> +- uint64_t rlim_max;
> ++ abi_ullong rlim_cur;
> ++ abi_ullong rlim_max;
> + };
> +
> + #define TARGET_RLIM_INFINITY ((abi_ulong)-1)
> +diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> +index 24b25759be..9ca30149d4 100644
> +--- a/linux-user/syscall.c
> ++++ b/linux-user/syscall.c
> +@@ -1755,6 +1755,11 @@ static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
> + lladdr = (struct target_sockaddr_ll *)addr;
> + lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
> + lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
> ++ } else if (sa_family == AF_INET6) {
> ++ struct sockaddr_in6 *in6addr;
> ++
> ++ in6addr = (struct sockaddr_in6 *)addr;
> ++ in6addr->sin6_scope_id = tswap32(in6addr->sin6_scope_id);
> + }
> + unlock_user(target_saddr, target_addr, 0);
> +
> +@@ -12883,8 +12888,8 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> + if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
> + return -TARGET_EFAULT;
> + }
> +- rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
> +- rnew.rlim_max = tswap64(target_rnew->rlim_max);
> ++ __get_user(rnew.rlim_cur, &target_rnew->rlim_cur);
> ++ __get_user(rnew.rlim_max, &target_rnew->rlim_max);
> + unlock_user_struct(target_rnew, arg3, 0);
> + rnewp = &rnew;
> + }
> +@@ -12894,8 +12899,8 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> + if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
> + return -TARGET_EFAULT;
> + }
> +- target_rold->rlim_cur = tswap64(rold.rlim_cur);
> +- target_rold->rlim_max = tswap64(rold.rlim_max);
> ++ __put_user(rold.rlim_cur, &target_rold->rlim_cur);
> ++ __put_user(rold.rlim_max, &target_rold->rlim_max);
> + unlock_user_struct(target_rold, arg4, 1);
> + }
> + return ret;
> +@@ -13115,8 +13120,12 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> +
> + #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
> + case TARGET_NR_timerfd_create:
> +- return get_errno(timerfd_create(arg1,
> +- target_to_host_bitmask(arg2, fcntl_flags_tbl)));
> ++ ret = get_errno(timerfd_create(arg1,
> ++ target_to_host_bitmask(arg2, fcntl_flags_tbl)));
> ++ if (ret >= 0) {
> ++ fd_trans_register(ret, &target_timerfd_trans);
> ++ }
> ++ return ret;
> + #endif
> +
> + #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
> +diff --git a/qga/commands.c b/qga/commands.c
> +index 7ff551d092..6cf978322e 100644
> +--- a/qga/commands.c
> ++++ b/qga/commands.c
> +@@ -32,9 +32,8 @@
> + #define GUEST_FILE_READ_COUNT_MAX (48 * MiB)
> +
> + /* Note: in some situations, like with the fsfreeze, logging may be
> +- * temporarilly disabled. if it is necessary that a command be able
> +- * to log for accounting purposes, check ga_logging_enabled() beforehand,
> +- * and use the QERR_QGA_LOGGING_DISABLED to generate an error
> ++ * temporarily disabled. if it is necessary that a command be able
> ++ * to log for accounting purposes, check ga_logging_enabled() beforehand.
> + */
> + void slog(const gchar *fmt, ...)
> + {
> +diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
> +index 813d1c6ca6..3442383627 100644
> +--- a/qga/installer/qemu-ga.wxs
> ++++ b/qga/installer/qemu-ga.wxs
> +@@ -31,6 +31,7 @@
> + />
> + <Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" />
> + <Property Id="WHSLogo">1</Property>
> ++ <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
> + <MajorUpgrade
> + DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed."
> + />
> +diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp
> +index b57508fbe0..b8087e5baa 100644
> +--- a/qga/vss-win32/install.cpp
> ++++ b/qga/vss-win32/install.cpp
> +@@ -518,7 +518,7 @@ namespace _com_util
> + /* Stop QGA VSS provider service using Winsvc API */
> + STDAPI StopService(void)
> + {
> +- HRESULT hr;
> ++ HRESULT hr = S_OK;
> + SC_HANDLE manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
> + SC_HANDLE service = NULL;
> +
> +diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> +index 9aeed3c848..a9cd7178f8 100644
> +--- a/target/arm/cpu.h
> ++++ b/target/arm/cpu.h
> +@@ -2407,6 +2407,9 @@ static inline bool arm_is_el3_or_mon(CPUARMState *env)
> + /* Return true if the processor is in secure state */
> + static inline bool arm_is_secure(CPUARMState *env)
> + {
> ++ if (arm_feature(env, ARM_FEATURE_M)) {
> ++ return env->v7m.secure;
> ++ }
> + if (arm_is_el3_or_mon(env)) {
> + return true;
> + }
> +diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
> +index a2329141e8..a7c44ba49d 100644
> +--- a/target/s390x/arch_dump.c
> ++++ b/target/s390x/arch_dump.c
> +@@ -248,7 +248,7 @@ static int s390x_write_elf64_notes(const char *note_name,
> + notep = g_malloc(note_size);
> + }
> +
> +- memset(notep, 0, sizeof(note));
> ++ memset(notep, 0, note_size);
> +
> + /* Setup note header data */
> + notep->hdr.n_descsz = cpu_to_be32(content_size);
> +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> +index 7d6d01325b..8aaf8dd5a3 100644
> +--- a/target/s390x/cpu.h
> ++++ b/target/s390x/cpu.h
> +@@ -87,6 +87,7 @@ struct CPUArchState {
> + uint64_t cc_vr;
> +
> + uint64_t ex_value;
> ++ uint64_t ex_target;
> +
> + uint64_t __excp_addr;
> + uint64_t psa;
> +diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
> +index 5d4361d35b..825252d728 100644
> +--- a/target/s390x/s390x-internal.h
> ++++ b/target/s390x/s390x-internal.h
> +@@ -11,6 +11,7 @@
> + #define S390X_INTERNAL_H
> +
> + #include "cpu.h"
> ++#include "fpu/softfloat.h"
> +
> + #ifndef CONFIG_USER_ONLY
> + typedef struct LowCore {
> +@@ -299,7 +300,7 @@ uint32_t set_cc_nz_f128(float128 v);
> + uint8_t s390_softfloat_exc_to_ieee(unsigned int exc);
> + int s390_swap_bfp_rounding_mode(CPUS390XState *env, int m3);
> + void s390_restore_bfp_rounding_mode(CPUS390XState *env, int old_mode);
> +-int float_comp_to_cc(CPUS390XState *env, int float_compare);
> ++int float_comp_to_cc(CPUS390XState *env, FloatRelation float_compare);
> +
> + #define DCMASK_ZERO 0x0c00
> + #define DCMASK_NORMAL 0x0300
> +diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
> +index 54d4250c9f..2a5fc99818 100644
> +--- a/target/s390x/tcg/insn-data.h.inc
> ++++ b/target/s390x/tcg/insn-data.h.inc
> +@@ -199,8 +199,8 @@
> + C(0xe55c, CHSI, SIL, GIE, m1_32s, i2, 0, 0, 0, cmps64)
> + C(0xe558, CGHSI, SIL, GIE, m1_64, i2, 0, 0, 0, cmps64)
> + /* COMPARE HALFWORD RELATIVE LONG */
> +- C(0xc605, CHRL, RIL_b, GIE, r1_o, mri2_32s, 0, 0, 0, cmps32)
> +- C(0xc604, CGHRL, RIL_b, GIE, r1_o, mri2_64, 0, 0, 0, cmps64)
> ++ C(0xc605, CHRL, RIL_b, GIE, r1_o, mri2_16s, 0, 0, 0, cmps32)
> ++ C(0xc604, CGHRL, RIL_b, GIE, r1_o, mri2_16s, 0, 0, 0, cmps64)
> + /* COMPARE HIGH */
> + C(0xb9cd, CHHR, RRE, HW, r1_sr32, r2_sr32, 0, 0, 0, cmps32)
> + C(0xb9dd, CHLR, RRE, HW, r1_sr32, r2_o, 0, 0, 0, cmps32)
> +diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
> +index 3758b9e688..7e7de5e2f1 100644
> +--- a/target/s390x/tcg/mem_helper.c
> ++++ b/target/s390x/tcg/mem_helper.c
> +@@ -2618,6 +2618,7 @@ void HELPER(ex)(CPUS390XState *env, uint32_t ilen, uint64_t r1, uint64_t addr)
> + that ex_value is non-zero, which flags that we are in a state
> + that requires such execution. */
> + env->ex_value = insn | ilen;
> ++ env->ex_target = addr;
> + }
> +
> + uint32_t HELPER(mvcos)(CPUS390XState *env, uint64_t dest, uint64_t src,
> +diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> +index 1e599ac259..e328aa5b97 100644
> +--- a/target/s390x/tcg/translate.c
> ++++ b/target/s390x/tcg/translate.c
> +@@ -5962,9 +5962,25 @@ static void in2_a2(DisasContext *s, DisasOps *o)
> + }
> + #define SPEC_in2_a2 0
> +
> ++static TCGv gen_ri2(DisasContext *s)
> ++{
> ++ int64_t delta = (int64_t)get_field(s, i2) * 2;
> ++ TCGv ri2;
> ++
> ++ if (unlikely(s->ex_value)) {
> ++ ri2 = tcg_temp_new_i64();
> ++ tcg_gen_ld_i64(ri2, cpu_env, offsetof(CPUS390XState, ex_target));
> ++ tcg_gen_addi_i64(ri2, ri2, delta);
> ++ } else {
> ++ ri2 = tcg_constant_i64(s->base.pc_next + delta);
> ++ }
> ++
> ++ return ri2;
> ++}
> ++
> + static void in2_ri2(DisasContext *s, DisasOps *o)
> + {
> +- o->in2 = tcg_const_i64(s->base.pc_next + (int64_t)get_field(s, i2) * 2);
> ++ o->in2 = gen_ri2(s);
> + }
> + #define SPEC_in2_ri2 0
> +
> +@@ -6050,31 +6066,38 @@ static void in2_m2_64a(DisasContext *s, DisasOps *o)
> + #define SPEC_in2_m2_64a 0
> + #endif
> +
> ++static void in2_mri2_16s(DisasContext *s, DisasOps *o)
> ++{
> ++ o->in2 = tcg_temp_new_i64();
> ++ tcg_gen_qemu_ld16s(o->in2, gen_ri2(s), get_mem_index(s));
> ++}
> ++#define SPEC_in2_mri2_16s 0
> ++
> + static void in2_mri2_16u(DisasContext *s, DisasOps *o)
> + {
> +- in2_ri2(s, o);
> +- tcg_gen_qemu_ld16u(o->in2, o->in2, get_mem_index(s));
> ++ o->in2 = tcg_temp_new_i64();
> ++ tcg_gen_qemu_ld16u(o->in2, gen_ri2(s), get_mem_index(s));
> + }
> + #define SPEC_in2_mri2_16u 0
> +
> + static void in2_mri2_32s(DisasContext *s, DisasOps *o)
> + {
> +- in2_ri2(s, o);
> +- tcg_gen_qemu_ld32s(o->in2, o->in2, get_mem_index(s));
> ++ o->in2 = tcg_temp_new_i64();
> ++ tcg_gen_qemu_ld32s(o->in2, gen_ri2(s), get_mem_index(s));
> + }
> + #define SPEC_in2_mri2_32s 0
> +
> + static void in2_mri2_32u(DisasContext *s, DisasOps *o)
> + {
> +- in2_ri2(s, o);
> +- tcg_gen_qemu_ld32u(o->in2, o->in2, get_mem_index(s));
> ++ o->in2 = tcg_temp_new_i64();
> ++ tcg_gen_qemu_ld32u(o->in2, gen_ri2(s), get_mem_index(s));
> + }
> + #define SPEC_in2_mri2_32u 0
> +
> + static void in2_mri2_64(DisasContext *s, DisasOps *o)
> + {
> +- in2_ri2(s, o);
> +- tcg_gen_qemu_ld64(o->in2, o->in2, get_mem_index(s));
> ++ o->in2 = tcg_temp_new_i64();
> ++ tcg_gen_qemu_ld64(o->in2, gen_ri2(s), get_mem_index(s));
> + }
> + #define SPEC_in2_mri2_64 0
> +
> +diff --git a/ui/gtk.c b/ui/gtk.c
> +index 4817623c8f..dfaf6d33c3 100644
> +--- a/ui/gtk.c
> ++++ b/ui/gtk.c
> +@@ -1783,7 +1783,9 @@ static void gd_vc_chr_accept_input(Chardev *chr)
> + VCChardev *vcd = VC_CHARDEV(chr);
> + VirtualConsole *vc = vcd->console;
> +
> +- gd_vc_send_chars(vc);
> ++ if (vc) {
> ++ gd_vc_send_chars(vc);
> ++ }
> + }
> +
> + static void gd_vc_chr_set_echo(Chardev *chr, bool echo)
> +diff --git a/util/fdmon-epoll.c b/util/fdmon-epoll.c
> +index e11a8a022e..1683aa1105 100644
> +--- a/util/fdmon-epoll.c
> ++++ b/util/fdmon-epoll.c
> +@@ -127,6 +127,8 @@ static bool fdmon_epoll_try_enable(AioContext *ctx)
> +
> + bool fdmon_epoll_try_upgrade(AioContext *ctx, unsigned npfd)
> + {
> ++ bool ok;
> ++
> + if (ctx->epollfd < 0) {
> + return false;
> + }
> +@@ -136,14 +138,23 @@ bool fdmon_epoll_try_upgrade(AioContext *ctx, unsigned npfd)
> + return false;
> + }
> +
> +- if (npfd >= EPOLL_ENABLE_THRESHOLD) {
> +- if (fdmon_epoll_try_enable(ctx)) {
> +- return true;
> +- } else {
> +- fdmon_epoll_disable(ctx);
> +- }
> ++ if (npfd < EPOLL_ENABLE_THRESHOLD) {
> ++ return false;
> ++ }
> ++
> ++ /* The list must not change while we add fds to epoll */
> ++ if (!qemu_lockcnt_dec_if_lock(&ctx->list_lock)) {
> ++ return false;
> ++ }
> ++
> ++ ok = fdmon_epoll_try_enable(ctx);
> ++
> ++ qemu_lockcnt_inc_and_unlock(&ctx->list_lock);
> ++
> ++ if (!ok) {
> ++ fdmon_epoll_disable(ctx);
> + }
> +- return false;
> ++ return ok;
> + }
> +
> + void fdmon_epoll_setup(AioContext *ctx)
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/qemu.desktop qemu-7.2+dfsg-6/debian/qemu.desktop
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/qemu.desktop 2023-04-29 12:05:13.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/qemu.desktop 1970-01-01 03:00:00.000000000 +0300
> @@ -1,8 +0,0 @@
> -# Just for the icon under wayland.
> -# qemu-system-foo sets application name to qemu
> -[Desktop Entry]
> -Name=qemu
> -Comment=QEMU System Emulation
> -Icon=qemu
> -Type=Application
> -NoDisplay=true
> diff -upr --new-file qemu-7.2+dfsg-6-no-v7.2.2/debian/rules qemu-7.2+dfsg-6/debian/rules
> --- qemu-7.2+dfsg-6-no-v7.2.2/debian/rules 2023-04-29 12:05:13.000000000 +0300
> +++ qemu-7.2+dfsg-6/debian/rules 2023-03-05 20:03:09.000000000 +0300
> @@ -477,7 +477,7 @@ sysdata-components += skiboot
> build-vof: b/vof/vof.bin
> b/vof/vof.bin: | b
> mkdir -p b/vof
> - printf 'CC=$${CROSS}gcc\nLD=$${CROSS}ld\nOBJCOPY=$${CROSS}objcopy\nEXTRA_CFLAGS=-m32 -mbig-endian' > b/vof/config.mak
> + echo 'CC=$${CROSS}gcc\nLD=$${CROSS}ld\nOBJCOPY=$${CROSS}objcopy\nEXTRA_CFLAGS=-m32 -mbig-endian' > b/vof/config.mak
> ${MAKE} -C b/vof CROSS=${PPC64_CROSSPFX} SRC_DIR=../../pc-bios/vof -f../../pc-bios/vof/Makefile
> install-vof: b/vof/vof.bin
> install -m 0644 -t ${sysdataidir} $<
> @@ -614,11 +614,8 @@ build-indep: $(addprefix build-, ${sysda
>
> override_dh_auto_install-indep: $(addprefix install-, ${sysdata-components})
> # qemu-system-data
> -# icon for gtk ui
> install -Dp -m0644 ui/icons/qemu.svg \
> -t debian/qemu-system-data/usr/share/icons/hicolor/scalable/apps/
> - install -Dp -m0644 debian/qemu.desktop \
> - -t debian/qemu-system-data/usr/share/applications/
> # icon for sdl2 ui (non-sdl-image version)
> install -Dp -m0644 ui/icons/qemu_32x32.png \
> -t debian/qemu-system-data/usr/share/icons/hicolor/32x32/apps/
--
Sebastian Ramacher
Reply to: