-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 May 2024 08:44:38 +0300 Source: qemu Architecture: source Version: 1:7.2+dfsg-7+deb12u6 Distribution: bookworm Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 1068819 1068820 1068821 Changes: qemu (1:7.2+dfsg-7+deb12u6) bookworm; urgency=medium . * update to upstream 7.2.11 stable/bugfix release, v7.2.11.diff, https://gitlab.com/qemu-project/qemu/-/commits/v7.2.11 : - Update version for 7.2.11 release - ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS. - ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. - target/sh4: add missing CHECK_NOT_DELAY_SLOT - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Closes: #1068821, CVE-2024-3447) - hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition - hw/net/lan9118: Fix overflow in MIL TX FIFO - backends/cryptodev: Do not abort for invalid session ID - hw/misc/applesmc: Fix memory leak in reset() handler - hw/block/nand: Fix out-of-bound access in NAND block buffer - hw/block/nand: Have blk_load() take unsigned offset and return boolean - hw/block/nand: Factor nand_load_iolen() method out - qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Closes: #1068820, CVE-2024-3446) - hw/virtio: Introduce virtio_bh_new_guarded() helper - linux-user: Fix waitid return of siginfo_t and rusage - tcg/optimize: Do not attempt to constant fold neg_vec - hw/virtio: Fix packed virtqueue flush used_idx - hw/net/virtio-net: fix qemu set used ring flag even vhost started - hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled - gitlab-ci/cirrus: switch from 'master' to 'latest' - target/hppa: Clear psw_n for BE on use_nullify_skip path - tcg/optimize: Fix sign_mask for logical right-shift - virtio-net: Fix vhost virtqueue notifiers for RSS - monitor/hmp-cmds-target: Append a space in error message in gpa2hva() - hw/scsi/scsi-generic: Fix io_timeout property not applying - target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int' - target/i386: Revert monitor_puts() in do_inject_x86_mce() - target/i386: fix direction of "32-bit MMU" test - target/i386: use separate MMU indexes for 32-bit accesses - target/i386: introduce function to query MMU indices - tests: Raise timeouts for bufferiszero and crypto-tlscredsx509 - tests/unit: Bump test-replication timeout to 60 seconds - tests/unit: Bump test-crypto-block test timeout to 5 minutes - tests/unit: Bump test-aio-multithread test timeout to 2 minutes - migration: Skip only empty block devices - hmat acpi: Fix out of bounds access due to missing use of indirection - pcie_sriov: Validate NumVFs (Closes: #1068819, CVE-2024-26327) - hw/nvme: Use pcie_sriov_num_vfs() (Closes: #1068819, CVE-2024-26328) - pcie: Introduce pcie_sriov_num_vfs - hw/nvme: add machine compatibility parameter to enable msix exclusive bar - hw/nvme: generalize the mbar size helper - hw/nvme: separate 'serial' property for VFs - hw/nvme: cleanup error reporting in nvme_init_pci() - hw/nvme: clean up confusing use of errp/local_err - Avoid unaligned fetch in ladr_match() - e1000e: fix link state on resume - make-release: switch to .xz format by default - hw/scsi/lsi53c895a: add timer to scripts processing - hw/scsi/lsi53c895a: add missing decrement of reentrancy counter - hw/scsi/lsi53c895a: stop script on phase mismatch - system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add() - hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later - target/arm: Fix SME full tile indexing - tests/tcg/aarch64/sysregs.c: Use S syntax for id_aa64zfr0_el1 and id_aa64smfr0_el1 - target/arm: align exposed ID registers with Linux - ui/cocoa: Fix window clipping on macOS 14 - gitlab: update FreeBSD Cirrus CI image to 13.3 * update to upstream 7.2.10 stable/bugfix release, v7.2.10.diff, https://gitlab.com/qemu-project/qemu/-/commits/v7.2.10 : - Update version for 7.2.10 release - target/i386: the sgx_epc_get_section stub is reachable - tests/unit/test-blockjob: Disable complete_in_standby test - tests/qtest/display-vga-test: Add proper checks if a device is available - test-vmstate: fix bad GTree usage, use-after-free - tests/unit/test-util-sockets: Remove temporary file after test - hw/usb/bus.c: PCAP adding 0xA in Windows version - gitlab: force allow use of pip in Cirrus jobs - tests/vm: avoid re-building the VM images all the time - tests/vm: update openbsd image to 7.4 - target/i386: leave the A20 bit set in the final NPT walk - target/i386: remove unnecessary/wrong application of the A20 mask - target/i386: Fix physical address truncation - target/i386: check validity of VMCB addresses - target/i386: mask high bits of CR3 in 32-bit mode - pl031: Update last RTCLR value on write in case it's read back - hw/nvme: fix invalid endian conversion - target/ppc: Fix lxv/stxv MSR facility check - .gitlab-ci.d/windows.yml: Drop msys2-32bit job - system/vl: Update description for input grab key - docs/system: Update description for input grab key - audio: Depend on dbus_display1_dep - meson: ensure dbus-display generated code is built before other units - ui/console: Fix console resize with placeholder surface - ui/clipboard: add asserts for update and request - ui/clipboard: mark type as not available when there is no data (Closes: CVE-2023-6683, already fixed in debian) - ui: reject extended clipboard message if not activated - target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix - i386/cpuid: Move leaf 7 to correct group - i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F - i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs - i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available - iotests: Make 144 deterministic again - target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU - target/arm: Fix SVE/SME gross MTE suppression checks - target/arm: Fix nregs computation in do_{ld,st}_zpa - linux-user/aarch64: Choose SYNC as the preferred MTE mode - tests/acpi: Update DSDT.cxl to reflect change _STA return value. - hw/i386: Fix _STA return value for ACPI0017 - tests/acpi: Allow update of DSDT.cxl - smmu: Clear SMMUPciBus pointer cache when system reset - virtio_iommu: Clear IOMMUPciBus pointer cache when system reset - hw/cxl: Pass CXLComponentState to cache_mem_ops - cxl/cdat: Fix header sum value in CDAT checksum - cxl/cdat: Handle cdat table build errors - vhost-user.rst: Fix vring address description - hw/smbios: Fix port connector option validation - hw/smbios: Fix OEM strings table option validation - pci-host: designware: Limit value range of iATU viewport register - qemu-options.hx: Improve -serial option documentation - system/vl.c: Fix handling of '-serial none -serial something' - target/arm: fix exception syndrome for AArch32 bkpt insn - block/blkio: Make s->mem_region_alignment be 64 bits - qemu-docs: Update options for graphical frontends - migration: Fix use-after-free of migration state object * d/patches: remove revert-monitor-only-run-coroutine-commands-in-qemu_aio_context.patch This one turned out to be innocent, cryptsetup CI fails anyway. * d/patches: remove now included upstream ui-clipboard-mark-type-as-not-available-when-no-data-CVE-2023-6683.patch * d/changelog: mention previous CVE fixes: - CVE-2023-3019 fixed by 7.2+dfsg-7+deb12u4 - CVE-2024-24474 & CVE-2023-5088 fixed by 7.2+dfsg-7+deb12u3 - CVE-2023-3301 fixed by 7.2+dfsg-7+deb12u1 Checksums-Sha1: aa68e7378e49b5e34a33d19442ba4f4e7dde4ced 6482 qemu_7.2+dfsg-7+deb12u6.dsc 3eb6b9c9b2521a41a1ac83d38460dea80c61a1fb 279820 qemu_7.2+dfsg-7+deb12u6.debian.tar.xz 57bb6f17ba44d8be320e74602d00f533252ebf46 19358 qemu_7.2+dfsg-7+deb12u6_source.buildinfo Checksums-Sha256: 9d4b0990e394dea6c7b929006ec2c8ef915f429d0433cf33104036aa6230e252 6482 qemu_7.2+dfsg-7+deb12u6.dsc 98b3786d502b0e980c94c35f9edb1c9f63ef029ee8296ed2b9d5f9ebecdc6606 279820 qemu_7.2+dfsg-7+deb12u6.debian.tar.xz 71cd03fa51027339430f684eea95d84fe59e9d216cbfa750d7f847398964cc70 19358 qemu_7.2+dfsg-7+deb12u6_source.buildinfo Files: af18503a9b6e90138db051da3ea2d297 6482 otherosfs optional qemu_7.2+dfsg-7+deb12u6.dsc 829eac8c2a8d4b0fc1ef69bd40b7bb52 279820 otherosfs optional qemu_7.2+dfsg-7+deb12u6.debian.tar.xz 6d071aee8e8c27397982d5bb274a2dbd 19358 otherosfs optional qemu_7.2+dfsg-7+deb12u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmZOEmoPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5Zce4IAMeZRwk3utWX5itjkvJg1Wtk5pLtkSkgLwcH JEeqkddhK5MPNQJIEMkEvvmQ+npf4Qlp0+2MoWT5z4VU332F8Fqb3ILilkP4krzq R8d+pNm6GV1qK4ZGql7jErX6iUOZvLkUydd5HPLnp+DHlwpjUM93hDg8Q9uH5Tb7 pn2e0bhFMahLD0nleeiu1zXPAjY8hJFmsn/UXVxz7FNN20Mt5y14L4ywQaznsZnk CKWgCHaseEm2wuK8+vWn4qAeK6nminY226+zK34d6vIEMn1AZuNN70wuwciHKXs+ DV1ETAMoIWeNlSl55p/HwcAMCMSYQwrgyYBl16rBvZ7zBiIYZSQ= =B8oi -----END PGP SIGNATURE-----