Hi everyone, I am pleased to announce that the QEMU v2.0.2 stable release is now available at:
http://wiki.qemu.org/download/qemu-2.0.2.tar.bz2 v2.0.2 is now tagged in the official qemu.git repository, and the stable-2.0 branch has been updated accordingly: http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0 This release contains 117 build/bug fixes, including important security updates relating to untrusted guest image files and migration/savevm sources. See the changelog below for relevant CVEs and additional details. This also enables live commiting of the active image layer to backing files via the QMP block-commit command. Please note that due to some build issues identified just prior to the v2.0.1 release, the version was bumped to 2.0.2 to capture fixes for the issue. As a result, no separate tarball for 2.0.1 will be released. Thank you to everyone involved! CHANGELOG: f053f6b: Update VERSION for 2.0.2 release (Michael Roth) 3d79eb5: audio: fmopl: drop INLINE macro (Luiz Capitulino) 6ec48b0: fpu: softfloat: drop INLINE macro (Luiz Capitulino) 5433472: Update VERSION for 2.0.1 release (Michael Roth) 3c548f6: mirror: Fix qiov size for short requests (Kevin Wolf) d0d83e8: qemu-iotests: Test 0-length image for mirror (Fam Zheng) 98103fa: block: make 'top' argument to block-commit optional (Jeff Cody) e5f0eb0: qemu-iotests: Test BLOCK_JOB_READY event for 0Kb image active commit (Fam Zheng) 43ac708: mirror: Go through ready -> complete process for 0 len image (Fam Zheng) 8e09e20: blockjob: Add block_job_yield() (Fam Zheng) 520b341: mirror: Fix resource leak when bdrv_getlength fails (Fam Zheng) e0efb02: hw/arm/boot: Set PC correctly when loading AArch64 ELF files (Peter Maydell) d56b0b8: hw/misc/imx_ccm.c: Add missing VMState list terminator (Peter Maydell) 750f169: vmstate_xhci_event: fix unterminated field list (Laszlo Ersek) 046e357: kvm-all: Use 'tmpcpu' instead of 'cpu' in sub-looping to avoid 'cpu' be NULL (Chen Gang) b1251db: cadence_uart: check for serial backend before using it. (KONRAD Frederic) 29cffd3: s390x/kvm: synchronize guest floating point registers (Jason J. Herne) 5a782bb: disas/libvixl: prepend the include path of libvixl header files (Stefano Stabellini) ad0d183: mc146818rtc: register the clock reset notifier on the right clock (Paolo Bonzini) 210ec8f: pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() (Le Tan) 55103ab: Allow mismatched virtio config-len (Dr. David Alan Gilbert) 3bb84a6: virtio: validate config_len on load (Michael S. Tsirkin) 48935f0: virtio: out-of-bounds buffer write on invalid state load (Michael S. Tsirkin) 3477445: hw: Fix qemu_allocate_irqs() leaks (Andreas Färber) 7be09af: sdhci: Fix misuse of qemu_free_irqs() (Andreas Färber) cab7dfc: pc: make isapc and pc-0.10 to pc-0.13 have 1.7.0 memory layout (Don Slutz) b5706a7: SMBIOS: Rename symbols to better reflect future use (Gabriel L. Somlo) 4197181: nbd: Shutdown socket before closing. (Hani Benhabiles) 3f977a5: nbd: Close socket on negotiation failure. (Hani Benhabiles) 80cfe4a: nbd: Don't validate from and len in NBD_CMD_DISC. (Hani Benhabiles) 01083f1: nbd: Don't export a block device with no medium. (Hani Benhabiles) 9221efd: virtio-serial: don't migrate the config space (Alexander Graf) 4ce91be: virtio-net: byteswap virtio-net header (Cédric Le Goater) b2f0e92: target-i386: Filter FEAT_7_0_EBX TCG features too (Eduardo Habkost) f9ac1dc: target-i386: Make TCG feature filtering more readable (Eduardo Habkost) a1d8207: hw/xtensa/xtfpga: fix FLASH mapping to boot region for KC705 (Max Filippov) e4b3a2b: coroutine-win32.c: Add noinline attribute to work around gcc bug (Peter Maydell) 84461c7: q35: Use PC_Q35_COMPAT_1_4 on pc-q35-1.4 compat_props (Eduardo Habkost) 552e70d: KVM: Fix GSI number space limit (Alexander Graf) 6ef0b7a: usb: Fix usb-bt-dongle initialization. (Hani Benhabiles) aa69eda: virtio-scsi: define dummy handle_output for vhost-scsi vqs (Ming Lei) 8dedaf0: vhost: fix resource leak in error handling (Michael S. Tsirkin) eb3eb3d: scsi-disk: fix bug in scsi_block_new_request() introduced by commit 137745c (Ulrich Obergfell) 88efef6: qdev: recursively unrealize devices when unrealizing bus (Paolo Bonzini) ab139bf: qdev: reorganize error reporting in bus_set_realized (Paolo Bonzini) d728daf: hw: Consistently name Error ** objects errp, and not err (Markus Armbruster) 0f00455: rdma: bug fixes (Michael R. Hines) 6ea6bd5: migration: catch unknown flags in ram_load (Peter Lieven) 86cfc10: arch_init: Be sure of only one exit entry with DPRINTF() for ram_load() (Chen Gang) fe7e98c: migration: remove duplicate code (ChenLiang) ba980a5: qga: Fix handle fd leak in acquire_privilege() (Gonglei) df54f5e: aio: fix qemu_bh_schedule() bh->ctx race condition (Stefan Hajnoczi) 0d38666: s390x/css: handle emw correctly for tsch (Cornelia Huck) 27fb65d: target-arm: Fix errors in writes to generic timer control registers (Peter Maydell) 6ea80ed: tcg-i386: Fix win64 qemu store (Richard Henderson) f99329c: linux-user: Don't overrun guest buffer in sched_getaffinity (Peter Maydell) 207f61d: qcow2: Plug memory leak on qcow2_invalidate_cache() error paths (Markus Armbruster) d1567e2: block: Plug memory leak on brv_open_image() error path (Markus Armbruster) 5e3322e: qemu-io: Plug memory leak in open command (Markus Armbruster) 5a0913f: blockdev: Plug memory leak in blockdev_init() (Markus Armbruster) 40a3fb5: blockdev: Plug memory leak in drive_init() (Markus Armbruster) 98646a1: block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR (Markus Armbruster) 53bdfb5: block/vvfat: Plug memory leak in check_directory_consistency() (Markus Armbruster) a3e3f09: block/vvfat: Plug memory leak in read_directory() (Markus Armbruster) 7812cbe: block/sheepdog: Plug memory leak in sd_snapshot_create() (Markus Armbruster) 12d5fc6: qemu-img: Plug memory leak in convert command (Markus Armbruster) b203bba: input (curses): mask keycodes to remove modifier bits (Andrew Oates) 91148de: cputlb: Fix regression with TCG interpreter (bug 1310324) (Stefan Weil) ae2e18e: target-xtensa: fix cross-page jumps/calls at the end of TB (Max Filippov) 2dbd09f: virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path (Markus Armbruster) 3d5acbe: qcow1: Stricter backing file length check (Kevin Wolf) a4b73ed: qcow1: Validate image size (CVE-2014-0223) (Kevin Wolf) a3967c7: qcow1: Validate L2 table size (CVE-2014-0222) (Kevin Wolf) 5c85998: qcow1: Check maximum cluster size (Kevin Wolf) d234c8f: qcow1: Make padding in the header explicit (Kevin Wolf) 3ba1e61: virtio: allow mapping up to max queue size (Michael S. Tsirkin) 96e7f7a: pci-assign: limit # of msix vectors (Michael S. Tsirkin) c230ab2: Revert "qapi: Clean up superfluous null check in qapi_dealloc_type_str()" (Peter Lieven) 274c96e: configure: remove bashism (Michael Tokarev) 32c113c: spapr_pci: Fix number of returned vectors in ibm, change-msi (Alexey Kardashevskiy) 912d9cc: linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32 (Peter Maydell) 074f673: linux-user/elfload.c: Update ARM HWCAP bits (Peter Maydell) 83b1dc1: linux-user/elfload.c: Fix incorrect ARM HWCAP bits (Peter Maydell) c2d3722: target-arm: Make vbar_write 64bit friendly on 32bit hosts (Edgar E. Iglesias) e40585f: target-arm: A64: Handle blr lr (Edgar E. Iglesias) 837e02e: qdev: Fix crash by validating the object type (Amos Kong) 46a1b0e: target-i386: fix set of registers zeroed on reset (Paolo Bonzini) a14d429: s390x/kvm: rework KVM synchronize to tracing for some ONEREGS (Christian Borntraeger) 2ac9549: stellaris_enet: block migration (Michael S. Tsirkin) 2f18e44: acpi: fix tables for no-hpet configuration (Michael S. Tsirkin) 4c1e064: po/Makefile: fix $SRC_PATH reference (Michael Tokarev) 4a7a497: s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG (David Hildenbrand) 7dfa87e: block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file. (Benoît Canet) 7b0387a: arm: translate.c: Fix smlald Instruction (Peter Crosthwaite) 1624861: megasas: Implement LD_LIST_QUERY (Hannes Reinecke) fb03901: target-arm: A64: fix unallocated test of scalar SQXTUN (Alex Bennée) 5ad12b3: virtio-scsi: fix buffer overrun on invalid state load (Michael S. Tsirkin) 15c35df: usb: sanity check setup_index+setup_len in post_load (Michael S. Tsirkin) e7ff139: zaurus: fix buffer overrun on invalid state load (Michael S. Tsirkin) 894f179: tsc210x: fix buffer overrun on invalid state load (Michael S. Tsirkin) 2265c71: ssd0323: fix buffer overun on invalid state load (Michael S. Tsirkin) 95d9149: ssi-sd: fix buffer overrun on invalid state load (Michael S. Tsirkin) eb55958: pxa2xx: avoid buffer overrun on incoming migration (Michael S. Tsirkin) 1124696: openpic: avoid buffer overrun on incoming migration (Michael Roth) 4e48018: virtio: validate num_sg when mapping (Michael S. Tsirkin) 7297dba: virtio: avoid buffer overrun on incoming migration (Michael Roth) 9c01a91: vmstate: fix buffer overflow in target-arm/machine.c (Michael S. Tsirkin) 7cf5f5d: pl022: fix buffer overun on invalid state load (Michael S. Tsirkin) f7ef3baa: hw/pci/pcie_aer.c: fix buffer overruns on invalid state load (Michael S. Tsirkin) 3c60661: hpet: fix buffer overrun on invalid state load (Michael S. Tsirkin) d4c9095: ahci: fix buffer overrun on invalid state load (Michael S. Tsirkin) 331c549: virtio-net: out-of-bounds buffer write on load (Michael S. Tsirkin) b24cfb0: virtio-net: out-of-bounds buffer write on invalid state load (Michael S. Tsirkin) 7872f3e: virtio-net: fix buffer overflow on invalid state load (Michael S. Tsirkin) 3902521: vmstate: add VMSTATE_VALIDATE (Michael S. Tsirkin) 49e8918: vmstate: add VMS_MUST_EXIST (Michael S. Tsirkin) 6067df7: vmstate: reduce code duplication (Michael S. Tsirkin) 9ee8ab5: hw/net/stellaris_enet: Correct handling of packet padding (Peter Maydell) c8723d4: hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun (Peter Maydell)
