← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1830243] Re: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu

 

This bug was fixed in the package qemu - 1:4.0+dfsg-0ubuntu1

---------------
qemu (1:4.0+dfsg-0ubuntu1) eoan; urgency=medium

  * Merge with Upstream release of qemu 4.0.
    Among many other things this fixes LP Bugs:
    LP: #1782206 - SnowRidge Accelerator Interfacing Architecture (AIA)
    LP: #1828038 - Update s390x CPU Model for more HW support
    LP: #1832622 - count cache flush Spectre v2 mitigation for ppc64el
    Remaining Changes:
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.maintscript: clean old sysv and upstart scripts
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Enable nesting by default
      - d/qemu-system-x86.modprobe: set nested=1 module option on intel.
        (is default on amd)
      - d/qemu-system-x86.postinst: re-load kvm_intel.ko if it was loaded
        without nested=1
      - d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
        in qemu64 cpu type.
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
      - d/qemu-system-x86.README.Debian: document intention of nested being
        default is comfort, not full support
    - Distribution specific machine type (LP: 1304107 1621042)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
        types
      - d/qemu-system-x86.NEWS Info on fixed machine type defintions
        for host-phys-bits=true (LP: 1776189)
      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - provide pseries-bionic-2.11-sxxm type as convenience with all
        meltdown/spectre workarounds enabled by default. (LP: 1761372).
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
      - let qemu-utils recommend sharutils
    - s390x support
      - Create qemu-system-s390x package
      - Enable numa support for s390x
    - arch aware kvm wrappers
    - d/control: update VCS links
    - qemu-guest-agent: freeze-hook fixes (LP: 1484990)
      - d/qemu-guest-agent.install: provide /etc/qemu/fsfreeze-hook
      - d/qemu-guest-agent.dirs: provide /etc/qemu/fsfreeze-hook.d
    - d/control-in: enable RDMA support in qemu (LP: 1692476)
        - enable RDMA config option
        - add libibumad-dev build-dep
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/control-in: Disable capstone disassembler library support (universe)
    - Move s390x roms to a new qemu-system-data-s390x
      - d/qemu-system-data.install: install s390x roms as architecture:all in
        qemu-system-data
      - d/rules: build s390-ccw.img with upstream Makefile
      - d/rules: build s390-netboot.img with upstream Makefile
      - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: bring back
        some SLOF bits stripped in DFSG to be able to build s390x-netboot roms
        As that hack to build s390-ccw.img rom can't build s390x-netboot.img
        replace it with a build-indep using the upstream makefiles.
        This is less prone to miss future changes/fixes that are done to the
        makefiles
      - d/control-in: add breaks/replaces for moving s390x roms from
        qemu-system-s390x to qemu-system-data
    - remove /dev/kvm permission handling (moved to systemd 239-6) (#892945)
      [From not yet uploaded Debian branch]
    - d/p/debianize-qemu-guest-service.patch: fix path of qemu-ga
    - d/rules: fix qemu-kvm service for debhelper compat >=12
    - disable pvrdma - besides several security holes there are many other
      bugs there as well
  * Dropped patches that are upstream in v4.0
    - d/p/do-not-link-everything-with-xen.patch
    - d/p/usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
    - d/p/hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
    - d/p/scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
    - d/p/slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778
    - d/p/i2c-ddc-fix-oob-read-CVE-2019-3812.patch
    - d/p/ubuntu/lp-1759509-qmp-query-current-machine-with-wakeup-suspend-suppor
      (LP: 1759509)
    - d/p/ubuntu/lp-1759509-qga-update-guest-suspend-ram-and-guest-suspend-hybri
    - d/p/ubuntu/lp-1759509-qmp-hmp-Make-system_wakeup-check-wake-up-support-and
    - d/p/ubuntu/lp-1812384-s390x-Return-specification-exception-for-unimplement
    - d/p/ubuntu/CVE-2018-20815.patch
    - d/p/ubuntu/CVE-2019-5008.patch
    - d/p/ubuntu/CVE-2019-9824.patch
    - d/p/ubuntu/Revert-target-i386-kvm-add-VMX-migration-blocker.patch:
      avoid misdetection of simplified nesting blocking all migrations
  * Dropped further patches
    d/p/bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665
    [upstream deprecated the whole subsystem instead of applying the fix]
  * Added Changes
    - updated ubuntu machine types for v4.0
      - added eoan types
      - fixed s390x issue of upstream types having a "v" prefix
      - add back dropped machine types to avoid more issues like LP: 1802944
      - fix kvm split irqchip default in ubuntu q35 machine type
      - drop no more needed spapr_machine_2_11_sxxm_instance_options and
        adapt updated CamelCase
      - -hpb types now need to use GlobalProperties
      - pc_compat_2_0 got a _fn suffix and slight changes
    - d/p/ubuntu/lp-1790901-partial-SLOF-for-s390x-netboot.patch: update to
      SLOF of qemu 4.0
    - Refreshed patches still needed for v4.0 context changes
      - d/p/use-fixed-data-path.patch
      - d/p/ubuntu/enable-svm-by-default.patch
      - d/p/ubuntu/enable-md-clear.patch
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch
    - d/p/ubuntu/lp-1830243-*: s390x Secure Linux Boot Toleration
      (LP: #1830243)
    - d/control: disable bluetooth being deprecated
    - d/control*: remove sdlabi which was removed upstream
    - d/p/ubuntu/lp-1830238-*: s390x hardware cpu model (LP: #1830238)
    - d/control*: enable docs (now explicit) and provide new build-dep
      python3-sphinx
    - d/not-installed: ignore new interop docs and extra icons for now
    - d/not-installed: do not install elf2dmp until namespaced
    - d/qemu-utils.install: install new tools qemu-edid and qemu-keymap
    - d/qemu-system-data.install: use new paths for formerly used icons
    - d/p/ubuntu/linux-user-fix-__NR_semtimedop-undeclared-error.patch:
      fix i386 build error

 -- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>  Mon, 24 Jun
2019 16:33:19 +0200

** Changed in: qemu (Ubuntu Eoan)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16872

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19665

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20815

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3812

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5008

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6501

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6778

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9824

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1830243

Title:
  [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu

Status in Ubuntu on IBM z Systems:
  Triaged
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Xenial:
  New
Status in qemu source package in Bionic:
  New
Status in qemu source package in Cosmic:
  New
Status in qemu source package in Disco:
  New
Status in qemu source package in Eoan:
  Fix Released

Bug description:
  Secure boot enablement KVM.
  Will be made available with qemu 4.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1830243/+subscriptions