qemu (1:2.5+dfsg-5ubuntu10.39) xenial-security; urgency=medium

  * Disable patches from 1:2.5+dfsg-5ubuntu10.37 to prevent regression
    (LP: #1829245)
    - d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch
    - d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 16 May 2019 07:11:54 -0400

qemu (1:2.5+dfsg-5ubuntu10.38) xenial-security; urgency=medium

  * SECURITY UPDATE: Add support for exposing md-clear functionality
    to guests
    - d/p/ubuntu/enable-md-clear.patch
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * SECURITY UPDATE: heap overflow when loading device tree blob
    - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
      copy the device tree blob into is.
    - CVE-2018-20815
  * SECURITY UPDATE: information leak in SLiRP
    - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
      emulating ident.
    - CVE-2019-9824

 -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 08 May 2019 23:52:21 -0700

qemu (1:2.5+dfsg-5ubuntu10.38~test.1) xenial-security; urgency=medium

  * Add support for exposing md-clear functionality to guests
    - d/u/enable-md-clear.patch

 -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 29 Apr 2019 15:30:26 -0700

qemu (1:2.5+dfsg-5ubuntu10.37) xenial; urgency=medium

  * d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch,
    d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch:
    - Prevent crash due to race condition on shutdown;
      this is fixed differently upstream (starting in Bionic), but
      the change is too large to backport into Xenial.  These two very
      small patches work around the problem in an unintrusive way.
      (LP: #1823458)

 -- Dan Streetman <ddstreet@canonical.com>  Tue, 23 Apr 2019 05:19:55 -0400

qemu (1:2.5+dfsg-5ubuntu10.36) xenial-security; urgency=medium

  * Spectre/Meltdown fixes for ppc64 (LP: #1765364)
    - debian/patches/lp1765364/*.patches: add backported capabilities and
      spectre/meltdown commits.
  * SECURITY UPDATE: race during file renaming in v9fs_wstat
    - debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
    - CVE-2018-19489
  * SECURITY UPDATE: heap based buffer overflow in slirp
    - debian/patches/CVE-2019-6778.patch: check data length while emulating
      ident function in slirp/tcp_subr.c.
    - CVE-2019-6778

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 22 Mar 2019 14:19:08 -0400

qemu (1:2.5+dfsg-5ubuntu10.35) xenial; urgency=medium

  * Fix deadlock when detaching network interface (LP: #1818880)
    Fixed by upstream patch:
    - d/p/lp-1818880-rcu-disable-atfork.patch: rcu: completely disable
      pthread_atfork callbacks as soon as possible

 -- Heitor R. Alves de Siqueira <halves@canonical.com>  Fri, 01 Mar 2019 15:59:01 -0300

qemu (1:2.5+dfsg-5ubuntu10.34) xenial; urgency=medium

  * d/p/ubuntu/lp1807743-linux-user-timerfd.patch: fix define for
    timerfd_create system call (LP: #1807743)

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 12 Dec 2018 13:18:01 +0100

qemu (1:2.5+dfsg-5ubuntu10.33) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in NE2000 NIC emulation
    - debian/patches/CVE-2018-10839.patch: use proper type in
      hw/net/ne2000.c.
    - CVE-2018-10839
  * SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
    - debian/patches/CVE-2018-11806.patch: correct size computation in
      slirp/mbuf.c, slirp/mbuf.h.
    - CVE-2018-11806
  * SECURITY UPDATE: integer overflow via crafted QMP command
    - debian/patches/CVE-2018-12617.patch: check bytes count read by
      guest-file-read in qga/commands-posix.c.
    - CVE-2018-12617
  * SECURITY UPDATE: buffer overflow in rtl8139
    - debian/patches/CVE-2018-17958.patch: use proper type in
      hw/net/rtl8139.c.
    - CVE-2018-17958
  * SECURITY UPDATE: buffer overflow in pcnet
    - debian/patches/CVE-2018-17962.patch: use proper type in
      hw/net/pcnet.c.
    - CVE-2018-17962
  * SECURITY UPDATE: DoS via large packet sizes
    - debian/patches/CVE-2018-17963.patch: check size in net/net.c.
    - CVE-2018-17963
  * SECURITY UPDATE: DoS in lsi53c895a
    - debian/patches/CVE-2018-18849.patch: check message length value is
      valid in hw/scsi/lsi53c895a.c.
    - CVE-2018-18849
  * SECURITY UPDATE: race condition in 9p
    - debian/patches/CVE-2018-19364-1.patch: use write lock in
      hw/9pfs/cofile.c.
    - debian/patches/CVE-2018-19364-2.patch: use write lock in
      hw/9pfs/virtio-9p.c.
    - CVE-2018-19364

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 21 Nov 2018 14:53:19 -0500

qemu (1:2.5+dfsg-5ubuntu10.32) xenial; urgency=medium

  * fix migration of new guests on ppc64el (LP: #1783140)
    Fixed by backporting two patches from the 2.6.x stable branch
    - d/p/ubuntu/lp-1783140-virtio-set-low-features-early-on-load.patch
    - d/p/ubuntu/lp-1783140-Revert-virtio-net-unbreak-self-announcement.patch

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 11 Sep 2018 15:00:19 +0200

qemu (1:2.5+dfsg-5ubuntu10.31) xenial; urgency=medium

  * d/p/ubuntu/lp-1587065-qga-ignore-EBUSY-when-freezing-a-filesystem.patch:
    Fix qemu-guest-agent failing to freeze filesystems that were mounted
    multiple times like bind mounts. (LP: #1587065).

 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Jun 2018 11:35:05 +0200

# For older changelog entries, run 'apt-get changelog qemu-guest-agent'