-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 27 Aug 2019 12:43:43 +0300 Source: qemu Architecture: source Version: 1:4.1-1 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 897054 916442 922461 922923 927924 931351 933741 935324 Changes: qemu (1:4.1-1) unstable; urgency=medium . * new upstream release v4.1 Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly) (use internal slirp copy for now) Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME) Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity) Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug) Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE) Closes: #927924 (new upstream version) Closes: #897054 (AMD Zen CPU support) Closes: #935324 (FTBFS due to gluster API change) Closes: #916442, CVE-2018-20123 (pvrdma: memleak after init error) Closes: #922461, CVE-2018-20124 (pvrdma: OOB access with large num_sge) Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings) Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings) Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.) Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c) * remove patches which are applied upstream, refresh remaining patches (bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream, bluetooth subsystem is going to be removed, we keep it for now) * debian/source/options: ignore slirp/ submodule * use python3 for building, not python * debian/optionrom.mk: add pvh.bin * switch from libssh2 to libssh, and enable libssh support in ubuntu * bump spice version requiriment to 0.12.5 * enable pvrdma * debian/control-in: remove reference to libsdl * debian/rules: add new objects for s390-ccw fw * debian/control: add build dependency on python3-sphinx for docs * install ui/icons/qemu.svg and qemu.desktop * debian/rules: remove pc-bios/bamboo.dtb before building it * install vhost-user-gpu binary and 50-qemu-gpu.json * debian/rules: remove old maintscript-helper invocations, not needed anymore * remove +dfsg for now, upload whole upstream source, will trim it later Checksums-Sha1: 0981c2f6e35546d7787d6ea4b4c36faf4ac47345 6102 qemu_4.1-1.dsc 29c99be326cd8f3b2b75d7fec9066ca24854df1e 54001708 qemu_4.1.orig.tar.xz ab5d0e86ae09511987cb5c12d5f14d63b97f0436 81024 qemu_4.1-1.debian.tar.xz 661143f9f74ff573da87191fbaf31558107cce60 7970 qemu_4.1-1_source.buildinfo Checksums-Sha256: 63f844d4d43d8933e80fc4c10e6293253fb7947ca8bd3319621f499d12f992b8 6102 qemu_4.1-1.dsc 656e60218689bdeec69903087fd7582d5d3e72238d02f4481d8dc6d79fd909c6 54001708 qemu_4.1.orig.tar.xz f701f2e6e8cd758ea4ecf422a351f72984ed6a4a873148ddf512a9cd29cf83de 81024 qemu_4.1-1.debian.tar.xz 3846ef36a892b02b5cacb4c391acaa14a1fb2eb9941f64245b03df4b1f5314c4 7970 qemu_4.1-1_source.buildinfo Files: 2d0f3096e4f77a06577d6e9edcc50a37 6102 otherosfs optional qemu_4.1-1.dsc cdf2b5ca52b9abac9bacb5842fa420f8 54001708 otherosfs optional qemu_4.1.orig.tar.xz 687c7663a5982d46f6edc3389ec35f3f 81024 otherosfs optional qemu_4.1-1.debian.tar.xz 2ec5b4b58509a2c4743cfc5f66c298dd 7970 otherosfs optional qemu_4.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl1k+7EPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZyhsIAI0tiZRWnNZAuJuq7a910TPt0eyLmsagec9q xuC8iJQalRipvWgQ9NIYLQ8dIbKGi7BZVx7xDt/u0pIRbvj4K2ugyBXVhCEH1Oeb mTvh64xrk1CXVvz63RVdqmQoYOnqe7kqZu6yFUgkcdyoQjovBvopJz4fGn5wqXwE zkM0MoojF+MlhRKBbyw0G8pxcQy6yB94Us/3XzmOXRmEP6Ou02cebIQDAxGu0P9j F8n0xTsMMI/tlgStnlbCW7g/X4hG2UK86M11yzRCIRvtmVsqK9tHcTM4YWV4R6XI GkrMh2skttrWsqYw0Uj08mTjwlT2VRE4NQ0xBA4hmAGVv5TIr1U= =CksG -----END PGP SIGNATURE-----