[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [ANNOUNCE] QEMU 1.7.2 Stable released

From: Michael Roth
Subject: [Qemu-stable] [ANNOUNCE] QEMU 1.7.2 Stable released
Date: Wed, 23 Jul 2014 12:57:04 -0500
User-agent: alot/0.3.4

Hi everyone,

I am pleased to announce that the QEMU v1.7.2 stable release is now
available at:


v1.7.2 is now tagged in the official qemu.git repository,
and the stable-1.7 branch has been updated accordingly:


This release contains 155 build/bug fixes, including important security
updates relating to untrusted guest image files and migration/savevm
sources. See the changelog below for relevant CVEs and additional

Thank you to everyone involved!


adba377: Update VERSION for 1.7.2 release (Michael Roth)                        
8fde73e: Allow mismatched virtio config-len (Dr. David Alan Gilbert)
14d9fb0: pci: assign devfn to pci_dev before calling 
pci_device_iommu_address_space() (Le Tan)
53e4895: hw: Fix qemu_allocate_irqs() leaks (Andreas Färber)
bb485bf: sdhci: Fix misuse of qemu_free_irqs() (Andreas Färber)
02835d5: vnc: Fix tight_detect_smooth_image() for lossless case (Markus 
41ee918: qapi: zero-initialize all QMP command parameters (Michael Roth)
0c60b74: nbd: Shutdown socket before closing. (Hani Benhabiles)
25351f6: nbd: Close socket on negotiation failure. (Hani Benhabiles)
cf392d2: nbd: Don't validate from and len in NBD_CMD_DISC. (Hani Benhabiles)
3c3d8c6: nbd: Don't export a block device with no medium. (Hani Benhabiles)
62c754e: virtio-serial: don't migrate the config space (Alexander Graf)
0fd14a5: virtio-net: byteswap virtio-net header (Cédric Le Goater)
7a3cd5a: target-i386: Filter FEAT_7_0_EBX TCG features too (Eduardo Habkost)
8a93721: coroutine-win32.c: Add noinline attribute to work around gcc bug 
(Peter Maydell)
b47506f: KVM: Fix GSI number space limit (Alexander Graf)
f0c609d: usb: Fix usb-bt-dongle initialization. (Hani Benhabiles)
79bd778: vhost: fix resource leak in error handling (Michael S. Tsirkin)
36afdba: scsi-disk: fix bug in scsi_block_new_request() introduced by commit 
137745c (Ulrich Obergfell)
63bf1e0: rdma: bug fixes (Michael R. Hines)
23dbc56: qga: Fix handle fd leak in acquire_privilege() (Gonglei)
4041945: aio: fix qemu_bh_schedule() bh->ctx race condition (Stefan Hajnoczi)
5019106: s390x/css: handle emw correctly for tsch (Cornelia Huck)
f784615: target-arm: Fix errors in writes to generic timer control registers 
(Peter Maydell)
e34feec: tcg-i386: Fix win64 qemu store (Richard Henderson)
ccb08f5: linux-user: Don't overrun guest buffer in sched_getaffinity (Peter 
cb34d1e: qemu-img: Plug memory leak in convert command (Markus Armbruster)
df9c108: block/sheepdog: Plug memory leak in sd_snapshot_create() (Markus 
d3cd48a: block/vvfat: Plug memory leak in read_directory() (Markus Armbruster)
501da93: block/vvfat: Plug memory leak in check_directory_consistency() (Markus 
7267e51: block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR 
(Markus Armbruster)
d1775fe: blockdev: Plug memory leak in drive_init() (Markus Armbruster)
d2b9874: blockdev: Plug memory leak in blockdev_init() (Markus Armbruster)
c2fb0f2: cputlb: Fix regression with TCG interpreter (bug 1310324) (Stefan Weil)
26b5102: target-xtensa: fix cross-page jumps/calls at the end of TB (Max 
44564f8: virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path 
(Markus Armbruster)
2f1eb04: qcow1: Stricter backing file length check (Kevin Wolf)
b53d866: qcow1: Validate image size (CVE-2014-0223) (Kevin Wolf)
8b17eb6: qcow1: Validate L2 table size (CVE-2014-0222) (Kevin Wolf)
e6c55cf: qcow1: Check maximum cluster size (Kevin Wolf)
41819e9: qcow1: Make padding in the header explicit (Kevin Wolf)
97a0e27: parallels: Sanity check for s->tracks (CVE-2014-0142) (Kevin Wolf)
750336b: parallels: Fix catalog size integer overflow (CVE-2014-0143) (Kevin 
cfa8008: qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() 
(CVE-2014-0143) (Kevin Wolf)
d99c4e2: qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() 
(CVE-2014-0145) (Kevin Wolf)
641c3ec: qcow2: Fix copy_sectors() with VM state (Kevin Wolf)
c2c5272: qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) 
(Kevin Wolf)
759d386: block: Limit request size (CVE-2014-0143) (Kevin Wolf) 
b6f7fbd: dmg: prevent chunk buffer overflow (CVE-2014-0145) (Stefan Hajnoczi)
d400b5d: dmg: use uint64_t consistently for sectors and lengths (Stefan 
758c484: dmg: sanitize chunk length and sectorcount (CVE-2014-0145) (Stefan 
4b50bd7: dmg: use appropriate types when reading chunks (Stefan Hajnoczi)
4ee5b9c: dmg: drop broken bdrv_pread() loop (Stefan Hajnoczi)
ad08cae: dmg: prevent out-of-bounds array access on terminator (Stefan Hajnoczi)
dedf4a5: dmg: coding style and indentation cleanup (Stefan Hajnoczi)
3c6347c: qcow2: Fix new L1 table size check (CVE-2014-0143) (Kevin Wolf)
e1c8770: qcow2: Protect against some integer overflows in bdrv_check (Kevin 
c874837: qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref 
(Kevin Wolf)
610ab7b: qcow2: Check new refcount table size on growth (Kevin Wolf)
7a6088c: qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) (Kevin 
ffa3ab0: qcow2: Don't rely on free_cluster_index in alloc_refcount_block() 
(CVE-2014-0147) (Kevin Wolf) 
aeba415: qcow2: Zero-initialise first cluster for new images (Kevin Wolf)
2f59c95: qcow2: fix offset overflow in qcow2_alloc_clusters_at() (Hu Tao)
5ba151f: qcow2: Fix backing file name length check (Kevin Wolf)
cd598d4: qcow2: Validate active L1 table offset and size (CVE-2014-0144) (Kevin 
04bc698: qcow2: Validate snapshot table offset/size (CVE-2014-0144) (Kevin Wolf)
818ce84: qcow2: Validate refcount table offset (Kevin Wolf)
f6027f8: qcow2: Check refcount table size (CVE-2014-0144) (Kevin Wolf)
6f6db0c: qcow2: Check backing_file_offset (CVE-2014-0144) (Kevin Wolf)
665f3ad: qcow2: Check header_length (CVE-2014-0144) (Kevin Wolf) 
4854971: curl: check data size before memcpy to local buffer. (CVE-2014-0144) 
(Fam Zheng)
1786c42: vhdx: Bounds checking for block_size and logical_sector_size 
(CVE-2014-0148) (Jeff Cody)
37173f5: vdi: add bounds checks for blocks_in_image and disk_size header fields 
(CVE-2014-0144) (Jeff Cody)
76d1edd: vpc: Validate block size (CVE-2014-0142) (Kevin Wolf)
b2390c7: vpc/vhd: add bounds check for max_table_entries and block_size 
(CVE-2014-0144) (Jeff Cody)
6ee0d5f: bochs: Fix bitmap offset calculation (Kevin Wolf)
b0a7517: bochs: Check extent_size header field (CVE-2014-0142) (Kevin Wolf)
6b94cfe: bochs: Check catalog_size header field (CVE-2014-0143) (Kevin Wolf)
0e74862: bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147) 
(Kevin Wolf)
bb8b201: bochs: Unify header structs and make them QEMU_PACKED (Kevin Wolf)
ae9b5df: qemu-iotests: Support for bochs format (Kevin Wolf)
dbd3e4a: block/cloop: fix offsets[] size off-by-one (Stefan Hajnoczi)
0fda3e2: block/cloop: refuse images with bogus offsets (CVE-2014-0144) (Stefan 
7dcffbb: block/cloop: refuse images with huge offsets arrays (CVE-2014-0144) 
(Stefan Hajnoczi)
d723971: block/cloop: prevent offsets_size integer overflow (CVE-2014-0143) 
(Stefan Hajnoczi)
1f6bda9: block/cloop: validate block_size header field (CVE-2014-0144) (Stefan 
46c5cac: qemu-iotests: add cloop input validation tests (Stefan Hajnoczi)
95139b7: qemu-iotests: add ./check -cloop support (Stefan Hajnoczi)
69b7aac: migration: catch unknown flags in ram_load (Peter Lieven)
3102b1a: migration: remove duplicate code (ChenLiang)
84321ba: virtio: allow mapping up to max queue size (Michael S. Tsirkin)
9fbc298: pci-assign: limit # of msix vectors (Michael S. Tsirkin)
74dd27c: spapr_pci: Fix number of returned vectors in ibm, change-msi (Alexey 
b6760b6: linux-user/elfload.c: Fix A64 code which was incorrectly acting like 
A32 (Peter Maydell)
64b210d: linux-user/elfload.c: Update ARM HWCAP bits (Peter Maydell)
f6de352: linux-user/elfload.c: Fix incorrect ARM HWCAP bits (Peter Maydell)
7c56952: target-arm: Make vbar_write 64bit friendly on 32bit hosts (Edgar E. 
3c1162e: target-i386: fix set of registers zeroed on reset (Paolo Bonzini)
73d8965: stellaris_enet: block migration (Michael S. Tsirkin)
2003205: virtio: validate config_len on load (Michael S. Tsirkin)
7abee6c: savevm: Ignore minimum_version_id_old if there is no load_state_old 
(Peter Maydell)
c4bd2e4: usb: sanity check setup_index+setup_len in post_load (Michael S. 
0776525: vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/ (Michael S. 
a7fcb4c: virtio-scsi: fix buffer overrun on invalid state load (Michael S. 
8d948a0: zaurus: fix buffer overrun on invalid state load (Michael S. Tsirkin)
c75e43b: tsc210x: fix buffer overrun on invalid state load (Michael S. Tsirkin)
af44364: ssd0323: fix buffer overun on invalid state load (Michael S. Tsirkin)
45edb0c: ssi-sd: fix buffer overrun on invalid state load (Michael S. Tsirkin)
d92a768: pxa2xx: avoid buffer overrun on incoming migration (Michael S. Tsirkin)
68801b7: virtio: validate num_sg when mapping (Michael S. Tsirkin)
609f5bf: openpic: avoid buffer overrun on incoming migration (Michael Roth)
8f0e369: virtio: avoid buffer overrun on incoming migration (Michael Roth)
630ebef: vmstate: fix buffer overflow in target-arm/machine.c (Michael S. 
a2b4e84: Fix vmstate_info_int32_le comparison/assign (Dr. David Alan Gilbert)
f217f37: pl022: fix buffer overun on invalid state load (Michael S. Tsirkin)
e83444f: hw/pci/pcie_aer.c: fix buffer overruns on invalid state load (Michael 
S. Tsirkin)
d8aba74: hpet: fix buffer overrun on invalid state load (Michael S. Tsirkin)
d34e6f7: ahci: fix buffer overrun on invalid state load (Michael S. Tsirkin)
5544b7e: virtio: out-of-bounds buffer write on invalid state load (Michael S. 
7b6444a: virtio-net: out-of-bounds buffer write on load (Michael S. Tsirkin)
2b15f41: virtio-net: out-of-bounds buffer write on invalid state load (Michael 
S. Tsirkin)
95f118f: virtio-net: fix buffer overflow on invalid state load (Michael S. 
29e2bbe: vmstate: add VMSTATE_VALIDATE (Michael S. Tsirkin)
a075a3a: vmstate: add VMS_MUST_EXIST (Michael S. Tsirkin)
25062a7: vmstate: reduce code duplication (Michael S. Tsirkin)
f93614c: vmxnet3: validate queues configuration read on migration (Dmitry 
709cc04: vmxnet3: validate interrupt indices read on migration (Dmitry Fleytman)
ed995c6: vmxnet3: validate queues configuration coming from guest (Dmitry 
6bbbb93: vmxnet3: validate interrupt indices coming from guest (Dmitry Fleytman)
636fa8a: acpi: fix tables for no-hpet configuration (Michael S. Tsirkin)
1a6ea31: po/Makefile: fix $SRC_PATH reference (Michael Tokarev) 
012d778: s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG 
(David Hildenbrand)
dd8f80b: s390x/helper: Added format control bit to MMU translation (Thomas Huth)
b1a86eb: block: Use BDRV_O_NO_BACKING where appropriate (Kevin Wolf)
792a403: block: Prevent coroutine stack overflow when recursing in 
bdrv_open_backing_file. (Benoît Canet)
0655eee: arm: translate.c: Fix smlald Instruction (Peter Crosthwaite)
5cfd43b: megasas: Implement LD_LIST_QUERY (Hannes Reinecke)
c5dae2f: ide: Correct improper smart self test counter reset in ide core. 
(Benoît Canet)
3239a20: block-commit: speed is an optional parameter (Max Reitz)
a8b7e73: qcow2: Flush metadata during read-only reopen (Kevin Wolf)
38a55f3: hw/net/stellaris_enet: Correct handling of packet padding (Peter 
7d09fac: hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer 
overrun (Peter Maydell)
11088ab: virtio-net: Do not filter VLANs without F_CTRL_VLAN (Stefan Fritsch)
0fd56fb: mirror: fix early wake from sleep due to aio (Stefan Hajnoczi)
8211eeb: mirror: fix throttling delay calculation (Paolo Bonzini)
0414abe: configure: Don't use __int128_t for clang versions before 3.2 (Stefan 
151be4f: tests: Fix 'make test' for i686 hosts (build regression) (Stefan Weil)
a290aee: tap: avoid deadlocking rx (Stefan Hajnoczi)
7e42cd6: qom: Avoid leaking str and bool properties on failure (Stefan Hajnoczi)
4f577e9: scsi: Change scsi sense buf size to 252 (Fam Zheng)
6be38ee: target-i386: Fix ucomis and comis memory access (Richard Henderson)
2e191f8: target-i386: Fix CC_OP_CLR vs PF (Richard Henderson)
91ae1d3: s390x/virtio-hcall: Add range check for hypervisor call (Thomas Huth)
0a77a92: block/iscsi: fix deadlock on scsi check condition (Peter Lieven)
8b8dd2c: scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b (Markus 
248de52: char: restore read callback on a reattached (hotplug) chardev (Gal 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]