Package: qemu / 1:10.1.0~rc3+ds-2

Metadata

Package Version Patches format
qemu 1:10.1.0~rc3+ds-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
microvm default machine type.patch | (download)

hw/i386/microvm.c | 3 3 + 0 - 0 !
hw/i386/pc_piix.c | 8 7 + 1 - 0 !
2 files changed, 10 insertions(+), 1 deletion(-)

 
 set default machine type to be microvm if config_microvm is defined
Debian-Specific: yes
static linux user stubs.diff | (download)

linux-user/main.c | 20 20 + 0 - 0 !
1 file changed, 20 insertions(+)

 
 static linux-user stubs
note missing module pkg name.diff | (download)

audio/audio.c | 6 5 + 1 - 0 !
block.c | 12 11 + 1 - 0 !
system/vl.c | 11 9 + 2 - 0 !
ui/console.c | 6 4 + 2 - 0 !
4 files changed, 29 insertions(+), 6 deletions(-)

 
 note missing module package name
Debian-Specific: yes
skip unpack edk2 blobs.patch | (download)

pc-bios/meson.build | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 skip unpacking of edk2 blobs
Date: Sat, 01 Apr 2023 18:46:55 +0300
Debian-Specific: yes
skip install dtb.patch | (download)

pc-bios/meson.build | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 skip installing dtb files
Debian-Specific: yes
qemu bridge helper path.patch | (download)

qemu-options.hx | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 set proper path for qemu-bridge-helper binary in the docs
Bug-Debian: https://bugs.debian.org/1027447
gnu hurd.patch | (download)

block/file-posix.c | 5 5 + 0 - 0 !
configure | 2 2 + 0 - 0 !
include/qemu/osdep.h | 7 7 + 0 - 0 !
meson.build | 2 1 + 1 - 0 !
4 files changed, 15 insertions(+), 1 deletion(-)

 
 add os detection and support for gnu/hurd
qboot Disable LTO for ELF binary build step.patch | (download)

roms/qboot/meson.build | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 [patch] qboot: disable lto for elf binary build step

If LTO is enabled by default qboot fails to link as it exposes
a few issues that break the build:

  ../code16.c: Assembler messages:
  ../code16.c:37: Error: redundant addr32 prefix
  ../code16.c:27: Error: redundant addr32 prefix
  ../code16.c:18: Error: redundant addr32 prefix

Until fixed suppress this behavior by adding -fno-lto to the end
of the linker flags.

Fixes: #31

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
u boot sam460ex fdi.patch | (download)

roms/u-boot-sam460ex/board/ACube/common/vesa.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 u-boot-sam460ex: fdi fix
Date: Sat Apr 1 17:34:09 2023 +0300
u boot sam460ex mstring.patch | (download)

roms/u-boot-sam460ex/arch/powerpc/cpu/ppc4xx/config.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 u-boot-sam460ex: remove obsolete -mstring gcc option
Date: Sun Oct 22 23:35:45 2023 +0300
u boot sam460ex build.patch | (download)

roms/u-boot-sam460ex/board/ACube/Sam460ex/Sam460ex.c | 2 1 + 1 - 0 !
roms/u-boot-sam460ex/common/usb.c | 2 1 + 1 - 0 !
roms/u-boot-sam460ex/config.mk | 5 5 + 0 - 0 !
3 files changed, 7 insertions(+), 2 deletions(-)

 
 u-boot-sam460ex: build fixes
openbios use source_date_epoch in makefile.patch | (download)

roms/openbios/Makefile.target | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 roms/openbios: use source_date_epoch in makefile.
seabios hppa use consistent date and remove hostname.patch | (download)

roms/seabios-hppa/scripts/buildversion.py | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 
 roms/seabios-hppa: use consistent date and remove hostname.

Two issues break reproducibility; the time and hostname get embedded
in the resulting seabios binary.

Simply drop the hostname from the embedded version string, as it
shouldn't be needed in Debian package builds.

Use the SOURCE_DATE_EPOCH environment variable to set the build date
rather than the current time:

  https://reproducible-builds.org/docs/source-date-epoch/
slof remove user and host from release version.patch | (download)

roms/SLOF/Makefile.gen | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 roms/slof/makefile.gen: remove user and host from release version.

This version string ends up in the slof.bin, leading to
reproducibility issues.
slof ensure ld is called with C locale.patch | (download)

roms/SLOF/Makefile.gen | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 slof/makefile.gen: ensure ld is called with the c locale.

The output of "ld -V" changes based on the environment's locale.
disable pycotap.patch | (download)

pythondeps.toml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 disable pycotap for now
Date: Fri, 27 Dec 2024 13:23:28 +0300
hw uefi clear uefi vars buffer in uefi_vars_write CVE 2025 8860.patch | (download)

hw/uefi/var-service-core.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 hw/uefi: clear uefi-vars buffer in uefi_vars_write callback
Bug-Debian: https://bugs.debian.org/1111030

When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write
callback `uefi_vars_write` is invoked. The function allocates a
heap buffer without zeroing the memory, leaving the buffer filled with
residual data from prior allocations. When the guest later reads from
register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback
`uefi_vars_read` returns leftover metadata or other sensitive process
memory from the previously allocated buffer, leading to an information
disclosure vulnerability.

Fixes: CVE-2025-8860
Fixes: 90ca4e03c27d ("hw/uefi: add var-service-core.c")
Reported-by: ZDI <zdi-disclosures@trendmicro.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-ID: <20250811101128.17661-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>