-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 May 2024 08:44:38 +0300 Source: qemu Binary: qemu-system-data Architecture: all Version: 1:7.2+dfsg-7+deb12u6 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Michael Tokarev Description: qemu-system-data - QEMU full system emulation (data files) Closes: 1068819 1068820 1068821 Changes: qemu (1:7.2+dfsg-7+deb12u6) bookworm; urgency=medium . * update to upstream 7.2.11 stable/bugfix release, v7.2.11.diff, https://gitlab.com/qemu-project/qemu/-/commits/v7.2.11 : - Update version for 7.2.11 release - ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS. - ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. - target/sh4: add missing CHECK_NOT_DELAY_SLOT - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Closes: #1068821, CVE-2024-3447) - hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition - hw/net/lan9118: Fix overflow in MIL TX FIFO - backends/cryptodev: Do not abort for invalid session ID - hw/misc/applesmc: Fix memory leak in reset() handler - hw/block/nand: Fix out-of-bound access in NAND block buffer - hw/block/nand: Have blk_load() take unsigned offset and return boolean - hw/block/nand: Factor nand_load_iolen() method out - qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/virtio: Introduce virtio_bh_new_guarded() helper - linux-user: Fix waitid return of siginfo_t and rusage - tcg/optimize: Do not attempt to constant fold neg_vec - hw/virtio: Fix packed virtqueue flush used_idx - hw/net/virtio-net: fix qemu set used ring flag even vhost started - hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled - gitlab-ci/cirrus: switch from 'master' to 'latest' - target/hppa: Clear psw_n for BE on use_nullify_skip path - tcg/optimize: Fix sign_mask for logical right-shift - virtio-net: Fix vhost virtqueue notifiers for RSS - monitor/hmp-cmds-target: Append a space in error message in gpa2hva() - hw/scsi/scsi-generic: Fix io_timeout property not applying - target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int' - target/i386: Revert monitor_puts() in do_inject_x86_mce() - target/i386: fix direction of "32-bit MMU" test - target/i386: use separate MMU indexes for 32-bit accesses - target/i386: introduce function to query MMU indices - tests: Raise timeouts for bufferiszero and crypto-tlscredsx509 - tests/unit: Bump test-replication timeout to 60 seconds - tests/unit: Bump test-crypto-block test timeout to 5 minutes - tests/unit: Bump test-aio-multithread test timeout to 2 minutes - migration: Skip only empty block devices - hmat acpi: Fix out of bounds access due to missing use of indirection - pcie_sriov: Validate NumVFs (Closes: #1068819, CVE-2024-26327) - hw/nvme: Use pcie_sriov_num_vfs() (Closes: #1068819, CVE-2024-26328) - pcie: Introduce pcie_sriov_num_vfs - hw/nvme: add machine compatibility parameter to enable msix exclusive bar - hw/nvme: generalize the mbar size helper - hw/nvme: separate 'serial' property for VFs - hw/nvme: cleanup error reporting in nvme_init_pci() - hw/nvme: clean up confusing use of errp/local_err - Avoid unaligned fetch in ladr_match() - e1000e: fix link state on resume - make-release: switch to .xz format by default - hw/scsi/lsi53c895a: add timer to scripts processing - hw/scsi/lsi53c895a: add missing decrement of reentrancy counter - hw/scsi/lsi53c895a: stop script on phase mismatch - system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add() - hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later - target/arm: Fix SME full tile indexing - tests/tcg/aarch64/sysregs.c: Use S syntax for id_aa64zfr0_el1 and id_aa64smfr0_el1 - target/arm: align exposed ID registers with Linux - ui/cocoa: Fix window clipping on macOS 14 - gitlab: update FreeBSD Cirrus CI image to 13.3 * update to upstream 7.2.10 stable/bugfix release, v7.2.10.diff, https://gitlab.com/qemu-project/qemu/-/commits/v7.2.10 : - Update version for 7.2.10 release - target/i386: the sgx_epc_get_section stub is reachable - tests/unit/test-blockjob: Disable complete_in_standby test - tests/qtest/display-vga-test: Add proper checks if a device is available - test-vmstate: fix bad GTree usage, use-after-free - tests/unit/test-util-sockets: Remove temporary file after test - hw/usb/bus.c: PCAP adding 0xA in Windows version - gitlab: force allow use of pip in Cirrus jobs - tests/vm: avoid re-building the VM images all the time - tests/vm: update openbsd image to 7.4 - target/i386: leave the A20 bit set in the final NPT walk - target/i386: remove unnecessary/wrong application of the A20 mask - target/i386: Fix physical address truncation - target/i386: check validity of VMCB addresses - target/i386: mask high bits of CR3 in 32-bit mode - pl031: Update last RTCLR value on write in case it's read back - hw/nvme: fix invalid endian conversion - target/ppc: Fix lxv/stxv MSR facility check - .gitlab-ci.d/windows.yml: Drop msys2-32bit job - system/vl: Update description for input grab key - docs/system: Update description for input grab key - audio: Depend on dbus_display1_dep - meson: ensure dbus-display generated code is built before other units - ui/console: Fix console resize with placeholder surface - ui/clipboard: add asserts for update and request - ui/clipboard: mark type as not available when there is no data (Closes: CVE-2023-6683, already fixed in debian) - ui: reject extended clipboard message if not activated - target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix - i386/cpuid: Move leaf 7 to correct group - i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F - i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs - i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available - iotests: Make 144 deterministic again - target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU - target/arm: Fix SVE/SME gross MTE suppression checks - target/arm: Fix nregs computation in do_{ld,st}_zpa - linux-user/aarch64: Choose SYNC as the preferred MTE mode - tests/acpi: Update DSDT.cxl to reflect change _STA return value. - hw/i386: Fix _STA return value for ACPI0017 - tests/acpi: Allow update of DSDT.cxl - smmu: Clear SMMUPciBus pointer cache when system reset - virtio_iommu: Clear IOMMUPciBus pointer cache when system reset - hw/cxl: Pass CXLComponentState to cache_mem_ops - cxl/cdat: Fix header sum value in CDAT checksum - cxl/cdat: Handle cdat table build errors - vhost-user.rst: Fix vring address description - hw/smbios: Fix port connector option validation - hw/smbios: Fix OEM strings table option validation - pci-host: designware: Limit value range of iATU viewport register - qemu-options.hx: Improve -serial option documentation - system/vl.c: Fix handling of '-serial none -serial something' - target/arm: fix exception syndrome for AArch32 bkpt insn - block/blkio: Make s->mem_region_alignment be 64 bits - qemu-docs: Update options for graphical frontends - migration: Fix use-after-free of migration state object * d/patches: remove revert-monitor-only-run-coroutine-commands-in-qemu_aio_context.patch This one turned out to be innocent, cryptsetup CI fails anyway. * d/patches: remove now included upstream ui-clipboard-mark-type-as-not-available-when-no-data-CVE-2023-6683.patch * d/changelog: mention previous CVE fixes: - CVE-2023-3019 fixed by 7.2+dfsg-7+deb12u4 - CVE-2024-24474 & CVE-2023-5088 fixed by 7.2+dfsg-7+deb12u3 - CVE-2023-3301 fixed by 7.2+dfsg-7+deb12u1 Checksums-Sha1: c9f4254f69926e5b120484e37d6ede738fe5c791 1289376 qemu-system-data_7.2+dfsg-7+deb12u6_all.deb 98dc87419b8b1c1e6fb275fbb51f311f4980fdf2 24961 qemu_7.2+dfsg-7+deb12u6_all-buildd.buildinfo Checksums-Sha256: a17059d227caeec298990a0ceb7ffba5553be9565c1173b56131369da96e04fe 1289376 qemu-system-data_7.2+dfsg-7+deb12u6_all.deb 91041cbc4d8ac9d3d80d0d08d2cf66aefd1a83fc1033c50cc674dfa6bca366c8 24961 qemu_7.2+dfsg-7+deb12u6_all-buildd.buildinfo Files: 10e7685784fe9b95870a7693925e955e 1289376 otherosfs optional qemu-system-data_7.2+dfsg-7+deb12u6_all.deb ab1039a565df5092f52186533ff40839 24961 otherosfs optional qemu_7.2+dfsg-7+deb12u6_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmZSafkACgkQigL77i1G SVlPkA//fbUc+HiIBSYaDBRIjEVIATp+a166TXf2kX1HW05ImduGTARDGx6OmDM/ LYIr/cdDNHFuqUO0lIgmOOegx/i/E0RJM9Pf8Ny9g9F503WKUy1ThijanmB2I83G 93eK2IZnTHyI08Wlj2ylnQH4XvO4Xfjk07PvXZBAw0ivU/Fb81/4R4dYT939b0By mJq9xHPBeRvKSC9ynpoIEYzdhuMeQNFamXGutQXXkqRn1qjCJ/iCbWmPClGaNWi3 oL45epBReh1wqjn2bID5LKfB/m/d5+uicFUx5eHr7fd4yW1q01oxQEcjAZQ8/D5o NHeL2l5ZbFud0NEMkcEzx6QnDWi4vxz7DMwN7rQxsAyxa2doZts+26DStoh+XFb1 itVpIK6boeKQsLfJEZ3NNo2hZ+/nMKzGbz8HAs6isFM8gb9Xz1HOg45GYgwab9Pe AHjgpjvwk5EtifqmfUZtl9HJ2A8BWpgkJuUYYPYIS9VaMo7D6ec8U9sE3VTyiXEI OmwnkSJMvRp09nQhCOD5anQnTXik61574+dWCrP91KvYZt/0TTfTXPgQ7ZKyMMDo WsVfDCxr57XCLsOiV9w/miaBZtcIA5RWimMlQkkh7d2RcPVBPOcYDtUXVoHX9p+I w9CksAFe4xoBi0SprBteQ3Rh6lMno4yz3YnAepejJz8N4e34L/Q= =puTZ -----END PGP SIGNATURE-----