All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [ANNOUNCE] QEMU 1.7.2 Stable released
@ 2014-07-23 17:57 Michael Roth
  0 siblings, 0 replies; only message in thread
From: Michael Roth @ 2014-07-23 17:57 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-stable

Hi everyone,

I am pleased to announce that the QEMU v1.7.2 stable release is now
available at:

  http://wiki.qemu.org/download/qemu-1.7.2.tar.bz2

v1.7.2 is now tagged in the official qemu.git repository,
and the stable-1.7 branch has been updated accordingly:

  http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-1.7

This release contains 155 build/bug fixes, including important security
updates relating to untrusted guest image files and migration/savevm
sources. See the changelog below for relevant CVEs and additional
details.

Thank you to everyone involved!

CHANGELOG:

adba377: Update VERSION for 1.7.2 release (Michael Roth)                                       
8fde73e: Allow mismatched virtio config-len (Dr. David Alan Gilbert)
14d9fb0: pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() (Le Tan)
53e4895: hw: Fix qemu_allocate_irqs() leaks (Andreas Färber)
bb485bf: sdhci: Fix misuse of qemu_free_irqs() (Andreas Färber)
02835d5: vnc: Fix tight_detect_smooth_image() for lossless case (Markus Armbruster)
41ee918: qapi: zero-initialize all QMP command parameters (Michael Roth)
0c60b74: nbd: Shutdown socket before closing. (Hani Benhabiles)
25351f6: nbd: Close socket on negotiation failure. (Hani Benhabiles)
cf392d2: nbd: Don't validate from and len in NBD_CMD_DISC. (Hani Benhabiles)
3c3d8c6: nbd: Don't export a block device with no medium. (Hani Benhabiles)
62c754e: virtio-serial: don't migrate the config space (Alexander Graf)
0fd14a5: virtio-net: byteswap virtio-net header (Cédric Le Goater)
7a3cd5a: target-i386: Filter FEAT_7_0_EBX TCG features too (Eduardo Habkost)
8a93721: coroutine-win32.c: Add noinline attribute to work around gcc bug (Peter Maydell)
b47506f: KVM: Fix GSI number space limit (Alexander Graf)
f0c609d: usb: Fix usb-bt-dongle initialization. (Hani Benhabiles)
79bd778: vhost: fix resource leak in error handling (Michael S. Tsirkin)
36afdba: scsi-disk: fix bug in scsi_block_new_request() introduced by commit 137745c (Ulrich Obergfell)
63bf1e0: rdma: bug fixes (Michael R. Hines)
23dbc56: qga: Fix handle fd leak in acquire_privilege() (Gonglei)
4041945: aio: fix qemu_bh_schedule() bh->ctx race condition (Stefan Hajnoczi)
5019106: s390x/css: handle emw correctly for tsch (Cornelia Huck)
f784615: target-arm: Fix errors in writes to generic timer control registers (Peter Maydell)
e34feec: tcg-i386: Fix win64 qemu store (Richard Henderson)
ccb08f5: linux-user: Don't overrun guest buffer in sched_getaffinity (Peter Maydell)
cb34d1e: qemu-img: Plug memory leak in convert command (Markus Armbruster)
df9c108: block/sheepdog: Plug memory leak in sd_snapshot_create() (Markus Armbruster)
d3cd48a: block/vvfat: Plug memory leak in read_directory() (Markus Armbruster)
501da93: block/vvfat: Plug memory leak in check_directory_consistency() (Markus Armbruster)
7267e51: block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR (Markus Armbruster)
d1775fe: blockdev: Plug memory leak in drive_init() (Markus Armbruster)
d2b9874: blockdev: Plug memory leak in blockdev_init() (Markus Armbruster)
c2fb0f2: cputlb: Fix regression with TCG interpreter (bug 1310324) (Stefan Weil)
26b5102: target-xtensa: fix cross-page jumps/calls at the end of TB (Max Filippov)
44564f8: virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path (Markus Armbruster)
2f1eb04: qcow1: Stricter backing file length check (Kevin Wolf)
b53d866: qcow1: Validate image size (CVE-2014-0223) (Kevin Wolf)
8b17eb6: qcow1: Validate L2 table size (CVE-2014-0222) (Kevin Wolf)
e6c55cf: qcow1: Check maximum cluster size (Kevin Wolf)
41819e9: qcow1: Make padding in the header explicit (Kevin Wolf)
97a0e27: parallels: Sanity check for s->tracks (CVE-2014-0142) (Kevin Wolf)
750336b: parallels: Fix catalog size integer overflow (CVE-2014-0143) (Kevin Wolf)
cfa8008: qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) (Kevin Wolf)
d99c4e2: qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) (Kevin Wolf)
641c3ec: qcow2: Fix copy_sectors() with VM state (Kevin Wolf)
c2c5272: qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) (Kevin Wolf)
759d386: block: Limit request size (CVE-2014-0143) (Kevin Wolf) 
b6f7fbd: dmg: prevent chunk buffer overflow (CVE-2014-0145) (Stefan Hajnoczi)
d400b5d: dmg: use uint64_t consistently for sectors and lengths (Stefan Hajnoczi)
758c484: dmg: sanitize chunk length and sectorcount (CVE-2014-0145) (Stefan Hajnoczi)
4b50bd7: dmg: use appropriate types when reading chunks (Stefan Hajnoczi)
4ee5b9c: dmg: drop broken bdrv_pread() loop (Stefan Hajnoczi)
ad08cae: dmg: prevent out-of-bounds array access on terminator (Stefan Hajnoczi)
dedf4a5: dmg: coding style and indentation cleanup (Stefan Hajnoczi)
3c6347c: qcow2: Fix new L1 table size check (CVE-2014-0143) (Kevin Wolf)
e1c8770: qcow2: Protect against some integer overflows in bdrv_check (Kevin Wolf)
c874837: qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref (Kevin Wolf)
610ab7b: qcow2: Check new refcount table size on growth (Kevin Wolf)
7a6088c: qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) (Kevin Wolf)
ffa3ab0: qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) (Kevin Wolf) 
aeba415: qcow2: Zero-initialise first cluster for new images (Kevin Wolf)
2f59c95: qcow2: fix offset overflow in qcow2_alloc_clusters_at() (Hu Tao)
5ba151f: qcow2: Fix backing file name length check (Kevin Wolf)
cd598d4: qcow2: Validate active L1 table offset and size (CVE-2014-0144) (Kevin Wolf)
04bc698: qcow2: Validate snapshot table offset/size (CVE-2014-0144) (Kevin Wolf)
818ce84: qcow2: Validate refcount table offset (Kevin Wolf)
f6027f8: qcow2: Check refcount table size (CVE-2014-0144) (Kevin Wolf)
6f6db0c: qcow2: Check backing_file_offset (CVE-2014-0144) (Kevin Wolf)
665f3ad: qcow2: Check header_length (CVE-2014-0144) (Kevin Wolf) 
4854971: curl: check data size before memcpy to local buffer. (CVE-2014-0144) (Fam Zheng)
1786c42: vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) (Jeff Cody)
37173f5: vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) (Jeff Cody)
76d1edd: vpc: Validate block size (CVE-2014-0142) (Kevin Wolf)
b2390c7: vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144) (Jeff Cody)
6ee0d5f: bochs: Fix bitmap offset calculation (Kevin Wolf)
b0a7517: bochs: Check extent_size header field (CVE-2014-0142) (Kevin Wolf)
6b94cfe: bochs: Check catalog_size header field (CVE-2014-0143) (Kevin Wolf)
0e74862: bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147) (Kevin Wolf)
bb8b201: bochs: Unify header structs and make them QEMU_PACKED (Kevin Wolf)
ae9b5df: qemu-iotests: Support for bochs format (Kevin Wolf)
dbd3e4a: block/cloop: fix offsets[] size off-by-one (Stefan Hajnoczi)
0fda3e2: block/cloop: refuse images with bogus offsets (CVE-2014-0144) (Stefan Hajnoczi)
7dcffbb: block/cloop: refuse images with huge offsets arrays (CVE-2014-0144) (Stefan Hajnoczi)
d723971: block/cloop: prevent offsets_size integer overflow (CVE-2014-0143) (Stefan Hajnoczi)
1f6bda9: block/cloop: validate block_size header field (CVE-2014-0144) (Stefan Hajnoczi)
46c5cac: qemu-iotests: add cloop input validation tests (Stefan Hajnoczi)
95139b7: qemu-iotests: add ./check -cloop support (Stefan Hajnoczi)
69b7aac: migration: catch unknown flags in ram_load (Peter Lieven)
3102b1a: migration: remove duplicate code (ChenLiang)
84321ba: virtio: allow mapping up to max queue size (Michael S. Tsirkin)
9fbc298: pci-assign: limit # of msix vectors (Michael S. Tsirkin)
74dd27c: spapr_pci: Fix number of returned vectors in ibm, change-msi (Alexey Kardashevskiy)
b6760b6: linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32 (Peter Maydell)
64b210d: linux-user/elfload.c: Update ARM HWCAP bits (Peter Maydell)
f6de352: linux-user/elfload.c: Fix incorrect ARM HWCAP bits (Peter Maydell)
7c56952: target-arm: Make vbar_write 64bit friendly on 32bit hosts (Edgar E. Iglesias)
3c1162e: target-i386: fix set of registers zeroed on reset (Paolo Bonzini)
73d8965: stellaris_enet: block migration (Michael S. Tsirkin)
2003205: virtio: validate config_len on load (Michael S. Tsirkin)
7abee6c: savevm: Ignore minimum_version_id_old if there is no load_state_old (Peter Maydell)
c4bd2e4: usb: sanity check setup_index+setup_len in post_load (Michael S. Tsirkin)
0776525: vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/ (Michael S. Tsirkin)
a7fcb4c: virtio-scsi: fix buffer overrun on invalid state load (Michael S. Tsirkin)
8d948a0: zaurus: fix buffer overrun on invalid state load (Michael S. Tsirkin)
c75e43b: tsc210x: fix buffer overrun on invalid state load (Michael S. Tsirkin)
af44364: ssd0323: fix buffer overun on invalid state load (Michael S. Tsirkin)
45edb0c: ssi-sd: fix buffer overrun on invalid state load (Michael S. Tsirkin)
d92a768: pxa2xx: avoid buffer overrun on incoming migration (Michael S. Tsirkin)
68801b7: virtio: validate num_sg when mapping (Michael S. Tsirkin)
609f5bf: openpic: avoid buffer overrun on incoming migration (Michael Roth)
8f0e369: virtio: avoid buffer overrun on incoming migration (Michael Roth)
630ebef: vmstate: fix buffer overflow in target-arm/machine.c (Michael S. Tsirkin)
a2b4e84: Fix vmstate_info_int32_le comparison/assign (Dr. David Alan Gilbert)
f217f37: pl022: fix buffer overun on invalid state load (Michael S. Tsirkin)
e83444f: hw/pci/pcie_aer.c: fix buffer overruns on invalid state load (Michael S. Tsirkin)
d8aba74: hpet: fix buffer overrun on invalid state load (Michael S. Tsirkin)
d34e6f7: ahci: fix buffer overrun on invalid state load (Michael S. Tsirkin)
5544b7e: virtio: out-of-bounds buffer write on invalid state load (Michael S. Tsirkin)
7b6444a: virtio-net: out-of-bounds buffer write on load (Michael S. Tsirkin)
2b15f41: virtio-net: out-of-bounds buffer write on invalid state load (Michael S. Tsirkin)
95f118f: virtio-net: fix buffer overflow on invalid state load (Michael S. Tsirkin)
29e2bbe: vmstate: add VMSTATE_VALIDATE (Michael S. Tsirkin)
a075a3a: vmstate: add VMS_MUST_EXIST (Michael S. Tsirkin)
25062a7: vmstate: reduce code duplication (Michael S. Tsirkin)
f93614c: vmxnet3: validate queues configuration read on migration (Dmitry Fleytman)
709cc04: vmxnet3: validate interrupt indices read on migration (Dmitry Fleytman)
ed995c6: vmxnet3: validate queues configuration coming from guest (Dmitry Fleytman)
6bbbb93: vmxnet3: validate interrupt indices coming from guest (Dmitry Fleytman)
636fa8a: acpi: fix tables for no-hpet configuration (Michael S. Tsirkin)
1a6ea31: po/Makefile: fix $SRC_PATH reference (Michael Tokarev) 
012d778: s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG (David Hildenbrand)
dd8f80b: s390x/helper: Added format control bit to MMU translation (Thomas Huth)
b1a86eb: block: Use BDRV_O_NO_BACKING where appropriate (Kevin Wolf)
792a403: block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file. (Benoît Canet)
0655eee: arm: translate.c: Fix smlald Instruction (Peter Crosthwaite)
5cfd43b: megasas: Implement LD_LIST_QUERY (Hannes Reinecke)
c5dae2f: ide: Correct improper smart self test counter reset in ide core. (Benoît Canet)
3239a20: block-commit: speed is an optional parameter (Max Reitz)
a8b7e73: qcow2: Flush metadata during read-only reopen (Kevin Wolf)
38a55f3: hw/net/stellaris_enet: Correct handling of packet padding (Peter Maydell)
7d09fac: hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun (Peter Maydell)
11088ab: virtio-net: Do not filter VLANs without F_CTRL_VLAN (Stefan Fritsch)
0fd56fb: mirror: fix early wake from sleep due to aio (Stefan Hajnoczi)
8211eeb: mirror: fix throttling delay calculation (Paolo Bonzini)
0414abe: configure: Don't use __int128_t for clang versions before 3.2 (Stefan Weil)
151be4f: tests: Fix 'make test' for i686 hosts (build regression) (Stefan Weil)
a290aee: tap: avoid deadlocking rx (Stefan Hajnoczi)
7e42cd6: qom: Avoid leaking str and bool properties on failure (Stefan Hajnoczi)
4f577e9: scsi: Change scsi sense buf size to 252 (Fam Zheng)
6be38ee: target-i386: Fix ucomis and comis memory access (Richard Henderson)
2e191f8: target-i386: Fix CC_OP_CLR vs PF (Richard Henderson)
91ae1d3: s390x/virtio-hcall: Add range check for hypervisor call (Thomas Huth)
0a77a92: block/iscsi: fix deadlock on scsi check condition (Peter Lieven)
8b8dd2c: scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b (Markus Armbruster)
248de52: char: restore read callback on a reattached (hotplug) chardev (Gal Hammer)

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2014-07-23 17:57 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-23 17:57 [Qemu-devel] [ANNOUNCE] QEMU 1.7.2 Stable released Michael Roth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.