Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #4876 - requested by ryoon
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.147-1.148
- emulators/qemu/PLIST 1.44-1.45
- emulators/qemu/distinfo 1.109-1.110
- emulators/qemu/options.mk 1.2
- emulators/qemu/patches/patch-Makefile.objs 1.1
- emulators/qemu/patches/patch-configure 1.7-1.8
- emulators/qemu/patches/patch-default-configs_pci.mak 1.1
- emulators/qemu/patches/patch-tests_Makefile 1.3
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Dec 18 22:39:33 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo
pkgsrc/emulators/qemu/patches: patch-configure patch-tests_Makefile
Log Message:
Update to 2.5.0
Changelog:
== System emulation ==
* guard pages are now inserted after guest RAM, to guard against \
guest-triggered buffer overflow attacks
=== Incompatible changes ===
* The mips32r5-generic CPU was renamed to P5600
* Host floppy device pass-through (block driver "host_floppy") has \
been removed; it is still possible to use them just like any other device file, \
however, a medium change will no longer be passed
through to the guest
=== Future incompatible changes ===
* Three options are using different names on the command line and in \
configuration file. In particular:
** The "acpi" configuration file section matches command-line \
option "acpitable";
** The "boot-opts" configuration file section matches command-line \
option "boot";
** The "smp-opts" configuration file section matches command-line \
option "smp".
:-readconfig will standardize on the name for the command line option.
* Behavior of automatic calculation of SMP topology when some SMP topology \
options for -smp are omitted (sockets, cores, threads) will change in the \
future. If guest ABI needs to be preserved on
upgrades while using the SMP topology options, users should either set set \
all options explicitly (sockets, cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely. It'll \
remain available only in qemu-img, so you can use 'qemu-img convert' to convert \
encrypted images to uncrypted ones.
* Block device parameter aio=native has no effect without cache.direct=on. \
It will be made an error.
* Block device parameter aio=native has no effect if qemu is compiled without \
libaio support. It will be made an error.
* A few devices will be configured with explicit properties instead of \
implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress. It doesn't support \
all block drivers, it lacks a matching blockdev-del, and more. It might change \
incompatibly.
* The s390-virtio machine has been deprecated for 2.5; it will be removed in \
2.6. s390x users should switch to the (default) s390-ccw-virtio machine.
* Changes to device "sdhci-pci" will make migration between old and \
new versions impossible.
* We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU \
2.6 release, unless somebody who uses it wishes to step forward and help us with \
regular testing.
=== Alpha ===
=== ARM ===
* The "virt" machine type supports passing SMBIOS to the firmware.
* Semihosting support on AArch64
* New i.MX31 SoC.
* The ZynqMP and Allwinner A10 platforms support AHCI.
* Support for VGICv3 in KVM
* Support for GICv3 in the ACPI tables.
* The "virt" machine now has a second PCIe MMIO region of 512GB in \
size in high memory. Note that older 32-bit ARM Linux kernels built without \
CONFIG_LPAE have a bug where the presence of this region
in high memory causes them to refuse to use the PCIe controller at all. In \
this case you can either reconfigure your kernel with CONFIG_LPAE=y, or pass \
QEMU the "-machine highmem=off" option to
disable the use of high memory for PCIe. The kernel bug is expected to be \
fixed in Linux kernel release 4.4.
=== MIPS ===
* The mips32r5-generic CPU was renamed to P5600
* Improvements to MIPS R6 emulation
=== PowerPC ===
==== pSeries ====
* Support for memory hotplug
* The shipped version of SLOF includes GPT support.
* Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore.
* virtio-vga now supported on sPAPR guests.
* [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing \
good random data to the guests.
==== Mac99 ====
* Improve ability to boot MacOS 9 (based upon GSoC project "Implement \
support for Mac OS 9 in QEMU " by Cormac O'Brien)
=== s390 ===
* Storage keys are migrated.
* New "info skeys" command in HMP to dump the storage key for a \
given address.
* Support for virtio 1 in the virtio-ccw devices.
** A maximum virtio-ccw revision can be specified via the \
"max_revision" property: max_revision=0 may be used to enforce usage \
of legacy virtio mode.
* Support for boot from El Torito iso images on virtio-blk has been added.
=== SH ===
=== SPARC ===
* sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS)
=== TileGX ===
* New target.
=== x86 ===
* The emulated IOMMU (VT-d) supports devices behind a bridge
* QEMU will warn when using a "-cpu" model that includes \
unsupported features. These features are disabled automatically, just like in \
previous versions of QEMU
* /machine/icc-bridge was removed from the QOM tree. Software relying on \
icc-bridge to find CPU objects should use the "qom_path" field of \
"query-cpus" QMP command
==== CPU models and features ====
* Haswell and Broadwell CPU models now include ABM
* Cache information passthrough (which was enabled by default on "-cpu \
host") is now disabled by default
* ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, \
qemu32) anymore, as many hosts don't support it
* RDTSCP was removed from AMD CPU models, as current KVM versions can't \
expose RDTSCP to guests in AMD hosts
* New Intel memory instructions (clflushopt/clwb/pcommit) are now supported
* TCG now supports Debug Extensions (CR4.DE)
==== KVM ====
* Support for Hyper-V-compatible reporting of crashes.
==== Xen ====
* Support for passthrough of Intel integrated GPUs.
=== Device emulation and assignment ===
* fw_cfg supports a DMA interface on ARM and x86. This interface makes \
-kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the \
DMA interface starting with release 1.9.0
(commit 06316c9d). The UEFI guest fw for ARM VMs (known as ArmVirtQemu or \
AAVMF) supports the DMA interface starting with git commit 953bcbcc / SVN \
r18545.
==== ACPI ====
==== Audio ====
==== Block devices ====
==== Character devices ====
==== IDE ====
* AHCI ATAPI PIO transfers greater than one sector are fixe 0. On guest
acknowledge, all functions are ejected together.
==== TPM ====
==== VFIO ====
==== virtio ====
* virtio-gpu now supports 3D mode
* vhost-user now supports live migration. client changes are required to \
enable this. When used with an old client without migration support, vhost-user \
will now block migration (instead of failing
silently)
* vhost-user now supports multi-queue. Use queues=# to enable this. client \
changes are required to enable this mode. When used with an old client without \
multi-queue support, device will
automatically fall back on using a single pair of queues.
* vhost-user protocol now includes protocol feature negotiation, including \
multiple new messages. When used with old clients, all new messages are \
automatically disabled.
* vhost-user no longer sents the RESET_OWNER message on device stop. The only \
QEMU version that sent it was 2.4, the message is now officially deprecated.
* migration now works when virtio 1 is enabled for virtio-pci
* For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved \
(on kernel 4.4 and up).
* a new flag modern-pio-notify can be used to enable PIO for notifications in \
virtio 1 mode, to improve performance for host kernels older than 4.4, and \
processors without EPT support.
* virtio devices can now be placed on the pci express bus
* vhost is no longer disabled when guest does not use MSI-X. The vhostforce \
flag is no longer required.
* in virtio 1 mode, scsi passthrough is now disabled for virtio blk
* Please note that for virtio-pci, the modern (virtio 1) interface is still \
disabled by default. To enable, set the flag disable-modern=off.
==== VGA ====
=== Character devices ===
=== GUI ===
* New syntax for enabling TLS in the VNC server:
** Equivalent to <tt>-vnc hostname:0,tls</tt>: <tt>-object \
tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc \
hostname:0,tls,x509=/path/to/certs</tt>: <tt>-object \
tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc \
hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc \
hostname:0,tls,x509verify=/path/to/certs</tt>: <tt>-object \
tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc \
hostname:0,tls-creds=tls0</tt>
* The Cocoa GUI does not have show an 'open image file' dialog box anymore \
even if QEMU is started without arguments
* Thu curses GUI supports 256 colors and line graphics.
=== Monitor ===
* New "info iothreads" command.
* New "query-qmp-schema" command allows the caller to \
[[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU.
=== Migration ===
* [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of \
large/busy guests
* A more flexible [[Features/AutoconvergeLiveMigration | auto-converge \
mechanism]] (for busy guests)
=== Network ===
* Support for multiqueue in vhost-user.
* Support for network filters. Currently, the only filter objects are \
"filter-buffer", which batches packets every N microseconds, and \
"filter-dump", which can be used to log the network traffic in
a file. Filters are attached to a netdev device using e.g. "-object \
filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates \
a 1ms filter-buffer).
=== Block devices in system emulation ===
=== Command-line options ===
=== TCG ===
* Improved system emulation performance for targets with software TLBs (e.g. \
SPARC).
* Initial support for [[Features/record-replay | record/replay]].
== Block devices and tools ==
* The HMP "change" command (QMP's \
“"lockdev-change-medium") now allows you to change the \
read-only mode of the device (e.g. when inserting a read-only floppy disk image \
into a previously R/W drive)
* Fine-grained control over a block device's tray with the new QMP commands \
"blockdev-open-tray", "blockdev-close-tray", \
"x-blockdev-insert-medium", and "x-blockdev-remove-medium" \
(the latter two are
experimental for now)
* New "reopen" command in qemu-io
* block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions \
have been added to now fully support (transient) incremental bitmap usage and \
management.
* QMP transactions now support a "completion-mode" parameter which \
controls the completion behavior of jobs launched by transactions, which will \
allow them to fail together. See the
[https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] \
documentation for how this affects incremental backups.
* Block I/O accounting can now report average queue depth, min/avg/max \
latency, and failed/invalid request counts
* qcow2 learnt a new option ''cache-clean-interval'', which allows to free \
unused cache entries after some time.
* An experimental QMP command ''x-blockdev-del'' was added as a completement \
for the (also still experimental) ''blockdev-add'' command.
* A new QMP command ''blockdev-snapshot'' that allows creating a snapshot \
using as overlay an image previously opened with ''blockdev-add''. This allows \
opening the overlay image with arbitrary
run-time options, solving one of the limitations of ''blockdev-snapshot-sync''.
* It is now possible to open an image without its backing file by specifying \
the empty string as a backing file reference when opening the image. This is \
useful for creating snapshots, since images
opened with ''blockdev-add'' are not supposed to have a backing file before \
the ''blockdev-snapshot'' operation.
* Host CD-ROM support now works on Mac OS X hosts
* Host floppy support has been removed (it was deprecated in QEMU 2.3)
* The temporary "x-data-plane=on/off" option for virtio-blk device \
is removed now, all users are requested to use the canonical "-object \
iothread,id=<id> -device virtio-blk,iothread=<id>,..." syntax.
== Audio ==
== Guest agent ==
* Add an optional qemu-ga.conf system configuration
* Support for dumping the configuration current file with --dump-conf
* Win32 support for guest-set-user-password
* New command guest-exec
== User-mode emulation ==
* The configure option --disable-guest-base has been removed.
== Build dependencies ==
* libcacard has been moved to a standalone project, hosted at \
git://anongit.freedesktop.org/spice/libcacard. The libcacard library from QEMU \
2.4 can also be used to build QEMU 2.5.
* virtio-gpu 3D support requires virglrenderer.
== Known issues ==
* SDL audio only works with SDL 1.x.
* 64-bit QEMU might crash on Windows (problems with stack unwinding, depends \
on build environment, \
[http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb \
possible fix])
* QEMU's configure script fails with pdksh from OpenBSD (see \
[https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell \
with configure should work.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Dec 21 12:10:22 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo options.mk
pkgsrc/emulators/qemu/patches: patch-configure
Added Files:
pkgsrc/emulators/qemu/patches: patch-Makefile.objs
patch-default-configs_pci.mak
Log Message:
Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.