[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [ANNOUNCE] QEMU 2.3.1 Stable released
From: |
Michael Roth |
Subject: |
[Qemu-stable] [ANNOUNCE] QEMU 2.3.1 Stable released |
Date: |
Tue, 11 Aug 2015 15:27:44 -0500 |
User-agent: |
alot/0.3.6 |
Hi everyone,
I am pleased to announce that the QEMU v2.3.1 stable release is now
available at:
http://wiki.qemu.org/download/qemu-2.3.1.tar.bz2
v2.3.1 is now tagged in the official qemu.git repository,
and the stable-2.3 branch has been updated accordingly:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.3
In addition to the normal array of general bug fixes, this release
includes a significant number of security fixes/hardening for a
broad range of subsystems, including rtl8139 NIC emulation,
Spice/Cirrus/vmware VGA emulation, i8254 PIT emulation, and
IDE/SCSI/FDC emulation. See commit/change logs for more details.
Users of QEMU 2.3.0 should upgrade to 2.3.1 or 2.4.0 (which also
contains above fixes) accordingly.
Thank you to everyone involved!
CHANGELOG:
dfa83a6: Update version for 2.3.1 release (Michael Roth)
35a616e: qemu-char: handle EINTR for TCP character devices (Paolo Bonzini)
35c30d3: rtl8139: check TCP Data Offset field (CVE-2015-5165) (Stefan Hajnoczi)
f4c861f: rtl8139: skip offload on short TCP header (CVE-2015-5165) (Stefan
Hajnoczi)
b7a197c: rtl8139: check IP Total Length field (CVE-2015-5165) (Stefan Hajnoczi)
8561109: rtl8139: check IP Header Length field (CVE-2015-5165) (Stefan Hajnoczi)
ce4f451: rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
(Stefan Hajnoczi)
6722c12: rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)
(Stefan Hajnoczi)
8dd45dc: rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) (Stefan
Hajnoczi)
e750591: tcg/mips: fix add2 (Aurelien Jarno)
f9c0ae2: tcg/mips: fix TLB loading for BE host with 32-bit guests (Aurelien
Jarno)
c8bd74d: Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
(Stefano Stabellini)
d155769: ide: Clear DRQ after handling all expected accesses (Kevin Wolf)
86d6fe4: ide/atapi: Fix START STOP UNIT command completion (Kevin Wolf)
9634e45: ide: Check array bounds before writing to io_buffer (CVE-2015-5154)
(Kevin Wolf)
0dc545e: block: qemu-iotests - add check for multiplication overflow in vpc
(Jeff Cody)
358f0ee: block: vpc - prevent overflow if max_table_entries >= 0x40000000 (Jeff
Cody)
961c74a: scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158) (Paolo
Bonzini)
98fe91e: vfio/pci: Fix bootindex (Alex Williamson)
46addaa: virtio-net: unbreak any layout (Jason Wang)
5a45687: vfio/pci: Fix RTL8168 NIC quirks (Alex Williamson)
87740ce: mips/kvm: Sign extend registers written to KVM (James Hogan)
8df2a9a: mips/kvm: Fix Big endian 32-bit register access (James Hogan)
c5c71e8: block: Initialize local_err in bdrv_append_temp_snapshot (Fam Zheng)
2060efa: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES (马文霜)
8d64975: target-ppc: fix hugepage support when using memory-backend-file
(Michael Roth)
9b4420a: spapr_vty: lookup should only return valid VTY objects (David Gibson)
99c3468: s390x/ipl: Fix boot if no bootindex was specified (Christian
Borntraeger)
1c17e8c: block/nfs: limit maximum readahead size to 1MB (Peter Lieven)
ffd060d: iotests: add QMP event waiting queue (John Snow)
e4fb4be: iotests: Use event_wait in wait_ready (Fam Zheng)
edc0a65: qemu-iotests: Add test case for mirror with unmap (Fam Zheng)
c62f6c8: qemu-iotests: Make block job methods common (Fam Zheng)
3d8b7ae: block: Fix dirty bitmap in bdrv_co_discard (Fam Zheng)
27ed14c: mirror: Do zero write on target if sectors not allocated (Fam Zheng)
6a45a1b: qmp: Add optional bool "unmap" to drive-mirror (Fam Zheng)
6cacd26: block: Add bdrv_get_block_status_above (Fam Zheng)
e8248a5: virtio-ccw: complete handling of guest-initiated resets (Cornelia Huck)
81cb0a5: vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
(Jason Wang)
6130c46: hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf() (Laszlo
Ersek)
49ef542: i8254: fix out-of-bounds memory access in pit_ioport_read() (Petr
Matousek)
c270245: spice-display: fix segfault in qemu_spice_create_update (Gerd Hoffmann)
9272707: sdl2: fix crash in handle_windowevent() when restoring the screen size
(Alberto Garcia)
c759f1a: vmdk: Use vmdk_find_index_in_cluster everywhere (Fam Zheng)
714b544: vmdk: Fix index_in_cluster calculation in vmdk_co_get_block_status
(Fam Zheng)
e7e0838: iotests: qcow2 COW with minimal L2 cache size (Max Reitz)
c631ee6: qcow2: Set MIN_L2_CACHE_SIZE to 2 (Max Reitz)
b153c8d: kbd: add brazil kbd keys to x11 evdev map (Gerd Hoffmann)
f450482: kbd: add brazil kbd keys to qemu (Gerd Hoffmann)
ae0fa48: qga/commands-posix: Fix bug in guest-fstrim (Justin Ossevoort)
bb3a1da: hw/acpi/aml-build: Fix memory leak (Shannon Zhao)
b48a391: qemu-iotests: Test unaligned sub-block zero write (Fam Zheng)
cc883fe: block: Fix NULL deference for unaligned write if qiov is NULL (Fam
Zheng)
4072585: Revert "block: Fix unaligned zero write" (Michael Roth)
959fad0: fdc: force the fifo access to be in bounds of the allocated buffer
(Petr Matousek)
a4bb522: target-arm: Avoid buffer overrun on UNPREDICTABLE ldrd/strd (Peter
Maydell)
cf6c213: virtio-net: fix the upper bound when trying to delete queues (Jason
Wang)
cf32978: usb: fix usb-net segfault (Michal Kazior)
ad9c167: qcow2: Flush pending discards before allocating cluster (Kevin Wolf)
d8e231f: vmdk: Fix overflow if l1_size is 0x20000000 (Fam Zheng)
53cd79c: vmdk: Fix next_cluster_sector for compressed write (Fam Zheng)
3dd15f3: nbd/trivial: fix type cast for ioctl (Bogdan Purcareata)
4c59860: Strip brackets from vnc host (Ján Tomko)
b575af0: block/iscsi: do not forget to logout from target (Peter Lieven)
d3b5978: bt-sdp: fix broken uuids power-of-2 calculation (Stefan Hajnoczi)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-stable] [ANNOUNCE] QEMU 2.3.1 Stable released,
Michael Roth <=