Package: qemu / 1:5.1+dfsg-4

Metadata

Package Version Patches format
qemu 1:5.1+dfsg-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
use fixed data path.patch | (download)

os-posix.c | 2 2 + 0 - 0 !
softmmu/vl.c | 7 1 + 6 - 0 !
2 files changed, 3 insertions(+), 6 deletions(-)

 use fixed data dir instead of determining it at runtime
microvm default machine type.patch | (download)

hw/i386/microvm.c | 3 3 + 0 - 0 !
hw/i386/pc_piix.c | 5 5 + 0 - 0 !
2 files changed, 8 insertions(+)

 set default machine type to be microvm if config_microvm is defined
Debian-Specific: yes
qboot stop using inttypes.patch | (download)

roms/qboot/include/bios.h | 2 1 + 1 - 0 !
roms/qboot/malloc.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---
qboot no jump tables.diff | (download)

roms/qboot/code32seg.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
openbios address of packet member.patch | (download)

roms/openbios/drivers/usbohci.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
openbios use source_date_epoch in makefile.patch | (download)

roms/openbios/Makefile.target | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 roms/openbios: use source_date_epoch in makefile.

Embedding the build time breaks reproducibility. Instead, use the date
specified by the SOURCE_DATE_EPOCH environment variable:

  https://reproducible-builds.org/docs/source-date-epoch/

This patch relies on features of GNU date, and will need further
changes for portability to other systems.


seabios hppa use consistent date and remove hostname.patch | (download)

roms/seabios-hppa/scripts/buildversion.py | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 roms/seabios-hppa: use consistent date and remove hostname.

Two issues break reproducibility; the time and hostname get embedded
in the resulting seabios binary.

Simply drop the hostname from the embedded version string, as it
shouldn't be needed in Debian package builds.

Use the SOURCE_DATE_EPOCH environment variable to set the build date
rather than the current time:

  https://reproducible-builds.org/docs/source-date-epoch/


seabios hppa fno ipa sra.patch | (download)

roms/seabios-hppa/Makefile.parisc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 add -fno-ipa-sra to seabios-hppa compiler flags
Date: Wed, 22 Jul 2020 22:15:46 +0300

This allows seabios-hppa to build with gcc-10. Or else the
compiler generates eg memset.isra.0 symbols instead of memset,
and the final link step fails due to missing memset.

index c0d5d958..1b7757e8 100644

slof remove user and host from release version.patch | (download)

roms/SLOF/Makefile.gen | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 roms/slof/makefile.gen: remove user and host from release version.

This version string ends up in the slof.bin, leading to
reproducibility issues.


slof ensure ld is called with C locale.patch | (download)

roms/SLOF/Makefile.gen | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 slof/makefile.gen: ensure ld is called with the c locale.

The output of "ld -V" changes based on the environment's locale.


usb fix setup_len init CVE 2020 14364.patch | (download)

hw/usb/core.c | 16 10 + 6 - 0 !
1 file changed, 10 insertions(+), 6 deletions(-)

 usb: fix setup_len init (cve-2020-14364)
Bug-Debian: https://bugs.debian.org/968947

Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.

This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>