|
Changelog:
System emulation
Incompatible changes
The aio=native option to "-drive" now requires the cache=none option, instead of silently disabling itself for other cache modes. The newly invalid combination had been warning since QEMU 2.3.
Specifying block device parameter aio=native is now an error on POSIX systems if qemu is compiled without libaio support. The newly invalid combination had been warning since QEMU 2.3.
The experimental x-drive option for the sdhci-pci device has been removed. Instead of passing a drive directly to the SD controller device you now must create an SD card object (which will automatically be plugged into the SD controller), so "-device sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]" becomes "-device sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,[...]".
The s390-virtio machine has been removed.
Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
The "virt" machine type's flash device has changed when TrustZone is active ("-machine virt,secure=on"). The first flash device is only available in secure memory, while the second is available in non-secure memory too.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
-readconfig will standardize on the name for the command line option.
Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
The original qcow2 image encryption is fatally flawed, and support for it will be disabled entirely from the system emulators. It'll remain available only in command line tools qemu-img, qemu-io, qemu-nbd to facilitate data liberation. It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to uncrypted ones. The new LUKS encryption driver can provide a secure replacement if raw files are acceptable, while a future release will integrate luks into qcow2 natively.
A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
ARM
Support for a separate EL3 address space
System mode supports BE8 and BE32. Note that qemu-system-arm can emulate both big-endian and little-endian guests (unlike user-mode emulation which has separate qemu-arm and qemu-armeb binaries).
Support for the SETEND instruction, used most notably on Raspbian through the arm-mem library (previously known as libcofi).
Faster boot thanks to DMA support in fw_cfg
The "virt" machine type supports a virtual power button and the "system_powerdown" monitor command
The "virt" machine type supports configuring network cards with -nic in addition to -netdev
The RAM limit for the "virt" machine type is now 255GB
The "xlnz-zynqmp" machine type now includes SPI controllers
The "xlnx-ep108" machine type now supports SPI flash
New partial Raspberry Pi 2 emulation with "raspi2" machine type. For now, it can boot older releases of Windows and Raspbian, but lacks a number of devices including USB.
New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC implementation
KVM
Support for guest debugging (software and hardware breakpoints, single step) on AArch64
MIPS
Support for FPU and MSA in KVM guests
Support for R6 Virtual Processors
Initial support for Cluster Power Controller and Global Configuration Registers allowing the guest to control the start of Virtual Processors
Support for Inter-Thread Communication Unit
Support for MAAR registers in P5600 CPU
PowerPC
Improved support for migration of g3beige and mac99 machines
Fix serial ports for g3beige and mac99 machines (OpenBIOS)
The gdb stub supports the VSX instruction set extensions
pSeries
pSeries machine types starting at pseries-2.6 use XHCI as the USB host controller instead of OHCI
Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and H_PAGE_INIT)
Support for EEH on assigned PCI devices can use the normal spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.
s390
Fixes and improvements in s390x PCI support
Support for hotplug of s390x cpus via cpu-add
Support for booting from virtio-scsi devices in the s390-ccw bios
SH
SPARC
sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs (MUTEX_HELD hang, libC error, Java WebStart segfault)
sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode
TileGX
Tricore
Support for context management, illegal opcode and opd traps
Support for FPU instructions
x86
TCG
Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features
KVM
Support for "split irqchip". In this mode, QEMU emulates the IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC emulation to the kernel. This mode reduces the attack surface of KVM.
Support for the new PKU feature found in some Skylake processors
Support for migrating the TSC rate
Xen
Q35
Support resume (S3)
Support for legacy Windows guests (XP/2003)
Device emulation and assignment
New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet exposed in SMBIOS and ACPI tables (do we want to docume?)
FIXME: what's the state of nvdimm?
ACPI
The floppy disk controller's characteristics are now exposed in the ACPI tables, which makes it possible to use floppies on Windows together with UEFI firmware.
Block devices
The floppy disk consk or an empty disk to a 2.88 MB disk
Improved compatibility of the SD device model with various operating systems and firmwares
The NVMe device supports the "bootindex" property.
The SDHCI device supports reset.
ivshmem
No longer available on hosts lacking eventfd(2), because inter-vm interrupts don't work there
New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible for guests, notable differences to ivshmem:
PCI revision is 1 instead of 0
ivshmem role=master becomes master=on, role=peer becomes master=off
ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
Property ioeventfd defaults to on instead of off
ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always has MSI-X capability
Device ivshmem is deprecated, and its experimental property x-memdev is gone
Interrupting a peer that reuses an unplugged peer's ID works again (broken in v1.2.0)
Unplug no longer destroys the character device, for consistency with other devices
The funny "no shared memory, yet" state is no longer guest-visible, and can no longer fail or mess up migration
Guests may require PCI revision 1 to make sure they're not exposed to the funny state
docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.
SCSI
Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note that some operating systems will not recognize disks attached to this adapter, unless the disks are assigned a world-wide name (WWN).
PCI/PCIe
PCIe Multi-root support (using the new pxb-pcie root-compex)
USB
MTP: initial support for events
VFIO
Support for AMD XGBE platform passthrough
New sysfsdev property provides a more general way to specify the device to attach to.
Provided PCI option ROMs are fixed to include the same vendor and device id as the device exposed to the guest. This facilitates changing the ids of the devices.
virtio
Performance improvements via optimized vring accesses
The balloon driver statistics now include the amount of available memory (corresponding to "Available" in /proc/meminfo for Linux guests).
Character devices
The socket character device backend can now enable TLS over TCP connections, acting either as a TLS server:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
-device isa-serial,chardev=s0 \
...other args...
or a TLS client:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
-device isa-serial,chardev=s0 \
...other args...
If operating in server mode, the same set of TLS credentials can be used for both character devices and the VNC server
All character devices can have their output logged to a plain file
$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
-mon chardev=mon0 \
...other args...
will result in logging of all output on the HMP monitor. The logappend parameter controls whether the file is truncated at startup, defaulting to append.
GUI
SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the only usable transport when OpenGL is enabled.
The "-vnc" and "-display vnc" options support ipv4=off and ipv6=off. Previously, only "ipv4" and "ipv6" were available.
Support getting input events directly from linux evdev devices, using "-object input-linux,id=$name,evdev=/dev/input/event$nr"
Support for ncurses on Windows.
Monitor
Support for a new "detach" option to "dump-guest-memory". The option dumps memory in the background. Progress can be queried using the new commands "info dump" (human monitor) and "query-dump" (QMP), as well as through the QMP event DUMP_COMPLETED.
Support for a new command "input-send-event" replacing the previous experimental command "x-input-send-event".
The human monitor command "drive_add -n" allows creating block devices that do not have a BlockBackend (similar to QMP blockdev-add).
Migration
Postcopy is not experimental anymore; the x-postcopy-ram capability was renamed to postcopy-ram.
Network
SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
redirector filter which can redirect traffic from netdev to socket chardev, vice versa.
Secret passing system
There is a new standard mechanism for securely passing secret credentials to QEMU, which will be used in combination with other subsystems. For example, network block device passwords, block device decryption passphrases, or TLS private key passwords can all use the same mechanism.
Passing credentials inline (insecure, only for developer testing)
$QEMU -object secret,id=sec0,data=letmein
Passing credentials via a plain file
$QEMU -object secret,id=sec0,file=mypassword.txt
Passing credentials via a base64 encoded file
$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64
Passing credentials inline, encrypted with a master key (recommended for management apps)
$QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
-object secret,id=sec0,data=[base64 ciphertext],\
keyid=master0,iv=[base64 IV],format=base64
TLS credential handling
It is now possible to use encrypted TLS private keys with credentials for TLS servers/clients in QEMU. The password for unlocking the private key is provided by a secret object whose id is specified via the passwordid' property
$QEMU -object secret,id=tlskey0,file=mypassword.txt \
-object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \
...other args...
Block devices
Block device throttling now support specifying a burst length as well. While previously the burst could only be specified as a total number of IOPS (e.g. 10000 IOPS), more complex specifications such as "10000 IOPS for 10 seconds" are now possible. Note that, because of the implementation of the algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will also be allowed to perform for example 5000 IOPS for 20 seconds.
The curl block device driver now supports HTTP authentication and HTTP proxy authentication via the new properties 'username', 'password-secret', 'proxy-username' and 'proxy-password-secret'.
$QEMU -object secret,id=sec0,file=password.txt \
-object secret,id=sec1,file=proxy-password.txt \
-drive driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \
...other args...
The RBD block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
-drive driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \
...other args...
The iSCSI block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.txt \
-iscsi user=fred,password-secret=sec0 \
-drive file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1
NB this syntax requires that all iSCSI backed drives use the same password
The qemu-io tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-io to an NBD server using TLS
qemu-io -c "read 0 512" \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
The qemu-nbd tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-nbd to an HTTP server with authentication and export it over NBD using TLS
qemu-nbd --readonly \
--object secret,id=sec0,file=passwd.txt \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
The qemu-img tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to a remote HTTP server with authentication
qemu-img info --object secret,id=sec0,file=passwd.txt \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
Support for deleting snapshots on Sheepdog devices.
The NBD client and server now support use of TLS. When enabled, the server will mandate that the client also enable TLS and drop any client which attempts to continue in plain text. To run a qemu-nbd server with TLS:
qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--tls-creds tls0 \
/path/to/disk/image
To connect to a server that requires TLS with qemu-img:
qemu-img info --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
To start a VM pointing to the NBD server
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
...other args...
The NBD server gained support for specifying an export name. When the client negotiates use of the new style NBD protocol the default export name is "". The --exportname argument allows this to be customized:
qemu-nbd --exportname myvol /path/to/myvol.qcow2
QEMU gained support for volumes formatted with the LUKSv1 data format. To format a new LUKS volume
qemu-img create -f luks \
--object secret,id=sec0,file=passphrase.txt \
-o key-secret=sec0 \
demo.luks 10G
To boot a guest from a LUKS volume:
$QEMU -object secret,id=sec0,file=passphrase.txt \
-drive driver=luks,key-secret=sec0,file=demo.luks \
...other args...
The LUKS implementation is intended to be compatible with that used by cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably between them. The only caveat is that some less common cipher/hash algorithms are not yet supported by QEMU. It is also not yet possible to manage key-slots with qemu-img.
TCG
Record/replay support extended to cover character devices.
Tracing
The "stderr" tracing backend was replaced by the "log" tracing backend, which is now the default. This backend prints tracing messages to the destination specified with the "-D" option.
In addition to the existing "-trace file=...", tracepoints can be enabled using "-trace [enable=]...". The new option also supports globbing, as in "-trace bdrv_aio_*".
In addition to the existing "-trace file=...", tracepoints can be enabling using "-d trace:...". This option also supports globbing, as in "-d trace:bdrv_aio_*".
When using "-daemonize", the "-D" option also provides the file to which QEMU's stderr output will be redirected.
TCG supports a new "-dfilter" option to limit exec, out_asm, op and op_opt logging to a range of guest physical addresses. ARM also applies the filter to in_asm logging; this will be extended to other targets in future releases (FIXME: probably should do it now instead...)
A "%d" substring in the log file name is replaced with QEMU's pid.
User-mode emulation
The default CPU for ppc64 and ppc64le is now POWER8
|
|
Additions include:
- Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap.
- S/MIME: Add screen to manage certificates.
- S/MIME: Signatures are validated using the user's certificates instead of the ones included in the message. Behavior can be disabled by disabling the option "Validate Using Certificate Store Only" which is enabled by default.
- S/MIME: sign messages using intermediate certificates when needed and possible.
- S/MIME: validation of certificates for servers that modify signed content.
- S/MIME: signed and encrypted messages will be signed first and encrypted second, so that they can be decoded by other clients.
- S/MIME: add the sender certificate to the list of certificates in encrypted messages to make it possible for the sender to decrypt the message they sent.
- S/MIME: When transferring certificates to a local container, create container with default names PublicContainer, PrivateContainer and CAContainer, as appropriate for these files, unless the user has provided some other names.
- HTML: Style tag in body of html message causes Alpine to not write its content until a new </style>
- HTML: <BR>, <BR />, and <BR/> are considered the same inline tag, the same is valid for the <HR> tag.
- S/MIME: Forwarding a message will include the signed part as part of the text and not as a multipart message, just as the reply command does.
- Unix Alpine: If a password file is defined, and S/MIME is enabled, the key and certificate used to encrypt the password file are saved in the ~/.alpine-smime/.pwd directory, or in the directory specified by the -pwdcertdir command line option.
- Add support to selective expunge through a subcommand of the select-apply commands.
- Pico: New subcommand of the search command, allows to reverse the direction of search.
- Add /tls1, /tls1_1, /tls1_2 and /dtls1 to the definition of a server to use different ways to connect using ssl, for example {server.com/tls1} will attempt to connect to server.com at the ssl imap port (port 993) and establish a connection using TLSv1. These flags can be used in conjunction with the /ssl flag, the ssl flag is redundant. Conversely, however, the /ssl flag does not imply any of these flags; the /ssl flag means SSLv3 or, if not available, SSLv2 in the SSL port.
- Alpine does not attempt to automatically reopen a collection that was not opened due to cancellation by the user. Instead, the user must try to open it explicitly.
- Alpine searches for a certificate that matches an email address in all addresses in a certificate (instead of just the first one) but when it tries to unlock the certificate, it asks for the password for the first email address in that certificate.
- Experimental: Write the content-type of a message in lowercase, as some non-compliant servers do not understand uppercase content-type, such as those of GMX.de.
- Experimental: Do not send the RSET command before attempting to send a message, as this causes a delay in some evily managed servers.
- Opening a folder updates recent count in maildrops (this already works for other types of folders)
- Automatically redraw screen after opening an attachment instead of simply clearing it.
- Pico: Justification works without need of a predefined quote string. This allows justification of blocks of text that are indented with spaces.
- Decode the name of attachment names, so they can be written as part of the description of the part.
- Check bounds and tie strings off to improve security. Contributed by James Jerkins.
- Replace tabs by spaces in From and Subject fields to control for size in screen of these fields. Change only in index screen display.
- Aggregate operations allows bouncing a list of messages using a role. Suggested by Ulf-Dietrich Braumann.
- Disable saving new passwords to the password file. Implemented by Louis Raphael from dpslabs.com.
- Makefile: Add $(LIBINTL) to the flags to link rpdump, rpload, alpined and alpineldap because MAC OSX 10.8 x86_64 needs it. Reported by Charles M. Register.
Bugs that have been addressed include:
- S/MIME: signed messages that contained an attachment would not validate.
- S/MIME: signed and encrypted messages from Thunderbird would not validate.
Thanks to Andreas Schamanek for testing, debugging and advising during the
process of fixing this problem.
- S/MIME: Forwarding messages with multipart content-type failed to be signed
with "Error writing pipe" message. Reported by Andreas Schamanek and Stefan
Mueller.
- S/MIME: Certificates are lost when using a pinerc file outside of the home
directory.
- S/MIME: accessing the S/MIME configuration screen would deinitialize SMIME
making it not possible to sign or encrypt messages.
- S/MIME: Forwarding a signed message might make the body contain mime
information that is not part of the body, and hence making the body of the
message seem wrong.
- S/MIME Alpine would compute incorrectly the signature of a message that
contains 8bit if the option "Enable 8bit ESMTP Negotiation" is enabled, the
message contains 8bit characters and the smtp server supports 8bit sending.
- When replying to several messages, subject will be decoded first, and then
stripped from re/fwd before they are compared to determine the subject of
the replied message.
- Fix in WebAlpine: do not use deprecated dereference in pointer, needs to
use tcl_getstringresult() instead. Reported by Ulf-Dietrich Braumann.
- WebAlpine: fail to build with debug disabled. Fix from Sam Hathaway.
- WebAlpine: add _GNU_SOURCE to make pubcookie build.
- Transformation of UTF-8 to MUTF7 was not being done when creating a folder
in an IMAP server.
- Fix _INIT_ token for reply quote string to include support for 8-bit in
personal names. Reported by Lev Gorenstein.
- When writing the .pinerc file, lines were truncated if they were longer
than 10,000 characters. This could cause data corruption, so now lines are
allowed to be of any length.
- In Unix Alpine (but not in MAC OSX) fix a problem that made Alpine remove
attachments before they were open by a mailcap viewer. It requires that the
user has an equivalent to a command such as "ps auxww" to list the list of
processes, and check if there is any program using the attachment. The default
is "/bin/ps auxww", but it can be changed at compile time with the option
--with-ps-cmd. See the help of the variable mailcap-check-interval for more
information.
- Crash when tcp connection to NNTP server was lost after connection had been
established, but lost immediately afterwards.
- Crash with message "lock when already locked", when painting an index was
based on scores that needed information from a remote addressbook in the
same server as the folder opened. Reported by Peter Koellner.
- Crash in message/rfc822 attachments encoded in base64.
- Postponed messages whose content-type is text/html, text/enriched and
text/richtext are sent with that content-type, even though, after resuming
composition, Alpine had changed its type to text/plain.
- Alpine cannot handle correctly some characters in the Windows-1256
character set, which might lead to a crash or a corruption in the screen.
Work was done to contain the bug. A more complete fix will be done in a future
release. Reported by Professor Robert Funnell.
- WebAlpine: add _GNU_SOURCE to make pubcookie build.
- Save command did not warn of existence of a message with a deleted
attachment in an aggregate save, unless cursor was positioned on a message
with a deleted attachment. Reported by Florian Herzig.
- DATE tokens were not internally transformed to UTF-8, which made their
values not appear complete in the screen. Reported by Werner Scheinast.
- Fixes to configure script so that it will not require PAM for every system.
- Fix to configure script so that it will use CPPFLAGS instead of CPPCFLAGS,
and so the --with-ssl-include-dir option take effect during the build. Fix
by Ulf-Dietrich Braumann.
- Quoted string in URL Viewers configuration variable were not unquoted
before passing to viewer.
- Fix in configure script to detect location of tcl library; add /usr/local
in FreeBSD and fix a bug in configure script that used $alpine_TCLINC
instead of $alpine_TCLINC/tcl.h. Reported and fixed by Werner Scheinast.
- Move SSL configurations from UW-IMAP to configure script, and update
OpenSSL configuration for Mac OSX.
- Remove -lregex from linker flags when building --with-supplied-regex.
- When the download of an attachment is interrumpted, Alpine stills caches
what was downloaded, making the download incomplete for subsequent calls of
Alpine attempting to open the attachment. In the future, Alpine will not cache
any downloaded part of the attachment when it is interrupted. CVS:
----------------------------------------------------------------------
|
