-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Dec 2025 10:01:50 +0300 Source: qemu Architecture: source Version: 1:10.0.7+ds-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian QEMU Team Changed-By: Michael Tokarev Closes: 1035676 1117153 1119917 1120146 Changes: qemu (1:10.0.7+ds-0+deb13u1) trixie; urgency=medium . * 10.0.7 upstream stable/bugfix release: - Update version for 10.0.7 release - kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value - docs/devel: Update URL for make-pullreq script - target/arm: Fix assert on BRA. - hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN - hw/core/machine: Provide a description for aux-ram-share property - hw/pci: Make msix_init take a uint32_t for nentries - block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() - block-backend: Fix race when resuming queued requests - ui/vnc: Fix qemu abort when query vnc info - chardev/char-pty: Do not ignore chr_write() failures - hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() - hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs - hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure - migration: Fix transition to COLO state from precopy - qmp: Fix a typo for a USO feature - MAINTAINERS: Add functional tests that are not covered yet - tests/functional: Remove unnecessary import statements - tests/functional: Remove semicolons at the end of lines - Remove the remainders of the Avocado tests - docs/devel/testing: Dissolve the ci-definitions.rst.inc file - gitlab-ci: Update QEMU_JOB_AVOCADO and QEMU_CI_AVOCADO_TESTING - tests/functional: Convert the SMMU test to the functional framework - tests/functional: Use the tuxrun kernel for the aarch64 replay test - tests/functional: Use the tuxrun kernel for the x86 replay test - tests/avocado: Remove the boot_linux.py tests - tests/functional: Convert the 64-bit big endian Wheezy mips test - tests/functional: Convert the 64-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit big endian Wheezy mips test - tests/avocado: Remove the LinuxKernelTest class - tests/functional: Convert the i386 replay avocado test - tests/functional: Convert reverse_debugging tests to the functional framework - tests/functional: Move the check for the parameters from avocado to functional - gitlab-ci: Remove the avocado tests from the CI pipelines - tests/functional/test_vnc: skip test if no crypto backend available - target/i386: fix stack size when delivering real mode interrupts - target/i386: svm: fix sign extension of exit code - target/i386/tcg: validate segment registers - target/i386: Mark VPERMILPS as not valid with prefix 0 - hw/southbridge/lasi: Correct LasiState parent - hw/dma/zynq-devcfg: Fix register memory - tests/functional: handle URLError when fetching assets - tests/functional: fix formatting of exception args - block/io: Take reqs_lock for tracked_requests - nvme: Fix coroutine waking - nvme: Kick and check completions in BDS context - curl: Fix coroutine waking - nfs: Run co BH CB in the coroutine’s AioContext - rbd: Run co BH CB in the coroutine’s AioContext - tests: move test_virt_gpu to share.linaro.org - tests: move test_kvm_xen to share.linaro.org - tests: move test_netdev_ethtool to share.linaro.org - tests: move test_virt assets to share.linaro.org - tests: move test_xen assets to share.linaro.org - block: add test non-active commit with zeroed data - block: allow commit to unmap zero blocks - block: refactor error handling of commit_iteration - block: move commit_run loop to separate function - block: get type of block allocation in commit_run - hw/misc/npcm_clk: Don't divide by zero when calculating frequency - hw/display/xlnx_dp: Don't abort for unsupported graphics formats - hw/display/xlnx_dp.c: Don't abort on AUX FIFO overrun/underrun - net: pad packets to minimum length in qemu_receive_packet() Closes: #1119917, CVE-2025-12464 (buffer overflow in e1000_receive_iov) - hw/net/e1000e_core: Adjust e1000e_write_payload_frag_to_rx_buffers() assert - hw/net/e1000e_core: Correct rx oversize packet checks - hw/net/e1000e_core: Don't advance desc_offset for NULL buffer RX descriptors - qio: Protect NetListener callback with mutex - qio: Remember context of qio_net_listener_set_client_func_full - qio: Unwatch before notify in QIONetListener - qio: Add trace points to net_listener - tests/qemu-iotest: fix iotest 024 with qed images - qemu-img rebase: don't exceed IO_BUF_SIZE in one operation - qemu-img: Fix amend option parse error handling - tests/qtest/bios-tables-test: Update DSDT blobs after GPEX _DSM change - hw/pci-host/gpex-acpi: Fix _DSM function 0 support return value - tests/qtest/bios-tables-test: Prepare for _DSM change in the DSDT table - vhost-user: fix shared object lookup handler logic - target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns - hostmem/shm: Allow shm memory backend serve as shared memory for coco-VMs - tests/tcg/s390x: Test SET CLOCK COMPARATOR - target/s390x: Use address generation for register branch targets - target/s390x: Fix missing clock-comparator interrupts after reset - target/s390x: Fix missing interrupts for small CKC values - target/microblaze: Handle signed division overflows - target/microblaze: div: Break out raise_divzero() - target/microblaze: Remove unused arg from check_divz() - gdbstub: Fix %s formatting - block/curl.c: Fix CURLOPT_VERBOSE parameter type - block: fix luks 'amend' when run in coroutine - block: remove 'detached-header' option from opts after use - i386/kvm/cpu: Init SMM cpu address space for hotplugged CPUs - hw/i386/pc: Avoid overlap between CXL window and PCI 64bit BARs in QEMU 10.0.x - target/i386: clear CPU_INTERRUPT_SIPI for all accelerators - linux-user: permit sendto() with NULL buf and 0 len - linux-user: Use correct type for FIBMAP and FIGETBSZ emulation - qtest/am53c974-test: add additional test for cmdfifo overflow - esp.c: fix esp_cdb_ready() FIFO wraparound limit calculation - hw/hppa: Fix interrupt of LASI parallel port - nw/nvram/ds1225y: Fix nvram MemoryRegion owner - target/hppa: Set FPCR exception flag bits for non-trapped exceptions - hw/scsi: avoid deadlock upon TMF request cancelling with VirtIO - crypto: stop requiring "key encipherment" usage in x509 certs - io: fix use after free in websocket handshake code Closes: #1117153, CVE-2025-11234 (UAF in websocket handshake code) - io: move websock resource release to close method - io: release active GSource in TLS channel finalizer - target/riscv: fix riscv_cpu_sirq_pending() mask - target/riscv/kvm: fix env->priv setting in reset_regs_csr() - target/riscv/kvm: add scounteren CSR - target/riscv/kvm: read/write KVM regs via env size - target/riscv/kvm: add senvcfg CSR - aplic: fix mask for smsiaddrcfgh - hw/riscv: Correct mmu-type property of sifive_u harts in device tree - target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode - hw/ppc/e500: Check for compatible CPU type instead of aborting ungracefully - ui/gtk-gl-area: Remove extra draw call in refresh - tests/tcg/multiarch/linux/linux-test: Don't try to test atime update * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch: remove, applied upstream * d/control: qemu-system-xen: add the forgotten ipxe-qemu dependency qemu-system binaries require pxe boot roms for the network adaptors. When splitting qemu-system-xen into its own package, this dependency has been forgotten initally, but has been enabled for bookworm (#1035676). However, this change were lost when uploading the next version of qemu aimed for trixie. So trixie has this issue too, despite it's been fixed in bookworm already. (Closes: #1035676, #1120146) Checksums-Sha1: 7e05f302751d96a8ff789b5c85efe332d1d987c6 12553 qemu_10.0.7+ds-0+deb13u1.dsc 1ea615b058aed39fcb0dc7d47a993a1a7ccb637b 39963708 qemu_10.0.7+ds.orig.tar.xz 9179eead3995992b34c232ca5e714c54721e47d4 143132 qemu_10.0.7+ds-0+deb13u1.debian.tar.xz b2fd1b4832cafa3aa04a3f0530a3c09a8f61e593 7785 qemu_10.0.7+ds-0+deb13u1_source.buildinfo Checksums-Sha256: 8887c9340e07cacdf3275831b9e4c96419ea65ed88aa6087c43724dcc3cd9617 12553 qemu_10.0.7+ds-0+deb13u1.dsc 920a06f539f7527bbddfa30d32ddc67e2b4b8a094fedeb07bfb16c53d4c4db7c 39963708 qemu_10.0.7+ds.orig.tar.xz 1f5bb8fe98dbbf8c3f529c272640e989e430bd037d48c1ff3b21772266cf85a8 143132 qemu_10.0.7+ds-0+deb13u1.debian.tar.xz 5dde6b9e20db5b7e2c03d7a81601477c0d6e187bdd6971f39fedf1002a96a7f1 7785 qemu_10.0.7+ds-0+deb13u1_source.buildinfo Files: 69a6c4171853bb45c255872d34f70eff 12553 otherosfs optional qemu_10.0.7+ds-0+deb13u1.dsc a96651fd6d05d95bb18ecec3b9411159 39963708 otherosfs optional qemu_10.0.7+ds.orig.tar.xz d9ab5506290dff7bcd3a2cc887819598 143132 otherosfs optional qemu_10.0.7+ds-0+deb13u1.debian.tar.xz 0dabc6a2f3f0faf2944f23f8fc203d67 7785 otherosfs optional qemu_10.0.7+ds-0+deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJpSpViCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmc+rnIVBhxuB3/KSblK1C6PTsGEHEs0eOTit/eG7dlv ixYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AACfBxAAnmK0B0FeNv7p2S5UM9NaSVoJ lvWIJ+kizLc0Rxyr+VIgn9n6Loz1H0Su7204s6R7Za5RCV+y52bMDAPDc44i9AX4 YGAyCpONMnLs71oooUFcLWXu8xpRgY752CF83zKUEetOa6jjbAmUJXwdOoQzH7BB q2wTQwVQUypKtiJqDYh6iYf2LAuBAOr3Rok3nMjcwVwgxws++anB3IVVWFbJHQ15 spybo8Pn9A9yfwyDtQyrkcE2T4mzo+jn1e6NgiiY81YNU0MfMTu07Ojd5WlgyRup lhcbYjW6UGAV4JTXlnPpq2Y1OB7MJtwM/20tzs7NDKZWt149L4zG74y0tkATafzq tHh5CYvSo/T5BuymSR8OqQBMmZoDAOIsGocNMAU3daub/FhCc7X/WfcjPl3/6lSX 2W20JtzZMvQ5hTB/E5a6iCrDYJFvM2udGblWdRjMG5PZ9dCg1TSxgwcOLbTp1IS3 kV6q8dg6JCOwvL0YbiIXB0D9zT5NIlKY08356UTmsAaC5bO2dbuu7BH8p5S7w6Xp kiuhhzP0ZdI7NqGSfozaUtbB84qvtjKxyQobxa800jQZVIboeM+EYBLWp9vauKy+ 9TQ+vWhU/HcUeDepQQydCjiGL2NSpVmv5FFdPix56oRp1OTKKMeiCpe97WpAb5Ox pW+mtqQTTxBnMxg4fFw= =5bDr -----END PGP SIGNATURE-----