group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #31099
[Bug 1830243] Re: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
This bug was fixed in the package qemu - 1:4.0+dfsg-0ubuntu1
---------------
qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium
* Merge with Upstream release of qemu 4.0.
Among many other things this fixes LP Bugs:
LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
LP: #1828038 - Update s390x CPU Model for more HW support
LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
Remaining Changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Enable nesting by default
- d/qemu-system-x86.modprobe: set nested=1 module option on intel.
(is default on amd)
- d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
- d/qemu-system-x86.README.Debian: document intention of nested being
default is comfort, not full support
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- s390x support
- Create qemu-system-s390x package
- Enable numa support for s390x
- arch aware kvm wrappers
- d/control: update VCS links
- qemu-guest-agent: freeze-hook fixes (LP: 1484990)
- d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
- d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
- d/control-in: enable RDMA support in qemu (LP: 1692476)
- enable RDMA config option
- add libibumad-dev build-dep
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- Move s390x roms to a new qemu-system-data-s390x
- d/qemu-system-data.install: install s390x roms as architecture:all in
qemu-system-data
- d/rules: build s390-ccw.img with upstream Makefile
- d/rules: build s390-netboot.img with upstream Makefile
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
As that hack to build s390-ccw.img rom can't build s390x-netboot.img
replace it with a build-indep using the upstream makefiles.
This is less prone to miss future changes/fixes that are done to the
makefiles
- d/control-in: add breaks/replaces for moving s390x roms from
qemu-system-s390x to qemu-system-data
- remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
[From not yet uploaded Debian branch]
- d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
- d/rules: fix qemu-kvm service for debhelper compat >=12
- disable pvrdma - besides several security holes there are many other
bugs there as well
* Dropped patches that are upstream in v4.0
- d/p/do-not-link-everything-with-xen.patch
- d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
- d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
- d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
- d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
- d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
- d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
(LP: 1759509)
- d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
- d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
- d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
- d/p/ubuntu/CVE-2018-20815.patch
- d/p/ubuntu/CVE-2019-5008.patch
- d/p/ubuntu/CVE-2019-9824.patch
- d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
avoid misdetection of simplified nesting blocking all migrations
* Dropped further patches
d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
[upstream deprecated the whole subsystem instead of applying the fix]
* Added Changes
- updated ubuntu machine types for v4.0
- added eoan types
- fixed s390x issue of upstream types having a "v" prefix
- add back dropped machine types to avoid more issues like LP: 1802944
- fix kvm split irqchip default in ubuntu q35 machine type
- drop no more needed spapr_machine_2_11_sxxm_instance_options and
adapt updated CamelCase
- -hpb types now need to use GlobalProperties
- pc_compat_2_0 got a _fn suffix and slight changes
- d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
SLOF of qemu 4.0
- Refreshed patches still needed for v4.0 context changes
- d/p/use-fixed-data-path.patch
- d/p/ubuntu/enable-svm-by-default.patch
- d/p/ubuntu/enable-md-clear.patch
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
- d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
(LP: #1830243)
- d/control: disable bluetooth being deprecated
- d/control*: remove sdlabi which was removed upstream
- d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
- d/control*: enable docs (now explicit) and provide new build-dep
python3-sphinx
- d/not-installed: ignore new interop docs and extra icons for now
- d/not-installed: do not install elf2dmp until namespaced
- d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
- d/qemu-system-data.install: use new paths for formerly used icons
- d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
fix i386 build error
-- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> Mon, 24 Jun
2019 16:33:19 +0200
** Changed in: qemu (Ubuntu Eoan)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16872
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19665
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20815
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3812
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5008
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6501
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6778
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9824
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1830243
Title:
[19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
Status in Ubuntu on IBM z Systems:
Triaged
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Xenial:
New
Status in qemu source package in Bionic:
New
Status in qemu source package in Cosmic:
New
Status in qemu source package in Disco:
New
Status in qemu source package in Eoan:
Fix Released
Bug description:
Secure boot enablement KVM.
Will be made available with qemu 4.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1830243/+subscriptions
