Quoting Michael Roth (2015-07-30 06:32:15)
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.3.1:
>
> https://github.com/mdroth/qemu/commits/stable-2.3-staging
>
> The release is planned for 2015-08-11:
>
> http://wiki.qemu.org/Planning/2.3
>
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
Updated with the following:
rtl8139: check TCP Data Offset field (CVE-2015-5165) (Stefan Hajnoczi)
rtl8139: skip offload on short TCP header (CVE-2015-5165) (Stefan Hajnoczi)
rtl8139: check IP Total Length field (CVE-2015-5165) (Stefan Hajnoczi)
rtl8139: check IP Header Length field (CVE-2015-5165) (Stefan Hajnoczi)
rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165) (Stefan
Hajnoczi)
rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165) (Stefan
Hajnoczi)
rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) (Stefan Hajnoczi)
tcg/mips: fix add2 (Aurelien Jarno)
tcg/mips: fix TLB loading for BE host with 32-bit guests (Aurelien Jarno)
Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) (Stefano
Stabellini)
>
> Testing/feedback is greatly appreciated.
>
> Thanks!
>
> ----------------------------------------------------------------
> Alberto Garcia (1):
> sdl2: fix crash in handle_windowevent() when restoring the screen size
>
> Alex Williamson (2):
> vfio/pci: Fix RTL8168 NIC quirks
> vfio/pci: Fix bootindex
>
> Bogdan Purcareata (1):
> nbd/trivial: fix type cast for ioctl
>
> Christian Borntraeger (1):
> s390x/ipl: Fix boot if no bootindex was specified
>
> Cornelia Huck (1):
> virtio-ccw: complete handling of guest-initiated resets
>
> David Gibson (1):
> spapr_vty: lookup should only return valid VTY objects
>
> Fam Zheng (14):
> vmdk: Fix next_cluster_sector for compressed write
> vmdk: Fix overflow if l1_size is 0x20000000
> block: Fix NULL deference for unaligned write if qiov is NULL
> qemu-iotests: Test unaligned sub-block zero write
> vmdk: Fix index_in_cluster calculation in vmdk_co_get_block_status
> vmdk: Use vmdk_find_index_in_cluster everywhere
> block: Add bdrv_get_block_status_above
> qmp: Add optional bool "unmap" to drive-mirror
> mirror: Do zero write on target if sectors not allocated
> block: Fix dirty bitmap in bdrv_co_discard
> qemu-iotests: Make block job methods common
> qemu-iotests: Add test case for mirror with unmap
> iotests: Use event_wait in wait_ready
> block: Initialize local_err in bdrv_append_temp_snapshot
>
> Gerd Hoffmann (3):
> kbd: add brazil kbd keys to qemu
> kbd: add brazil kbd keys to x11 evdev map
> spice-display: fix segfault in qemu_spice_create_update
>
> James Hogan (2):
> mips/kvm: Fix Big endian 32-bit register access
> mips/kvm: Sign extend registers written to KVM
>
> Jason Wang (3):
> virtio-net: fix the upper bound when trying to delete queues
> vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
> virtio-net: unbreak any layout
>
> Jeff Cody (2):
> block: vpc - prevent overflow if max_table_entries >= 0x40000000
> block: qemu-iotests - add check for multiplication overflow in vpc
>
> John Snow (1):
> iotests: add QMP event waiting queue
>
> Justin Ossevoort (1):
> qga/commands-posix: Fix bug in guest-fstrim
>
> Ján Tomko (1):
> Strip brackets from vnc host
>
> Kevin Wolf (4):
> qcow2: Flush pending discards before allocating cluster
> ide: Check array bounds before writing to io_buffer (CVE-2015-5154)
> ide/atapi: Fix START STOP UNIT command completion
> ide: Clear DRQ after handling all expected accesses
>
> Laszlo Ersek (1):
> hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf()
>
> Max Reitz (2):
> qcow2: Set MIN_L2_CACHE_SIZE to 2
> iotests: qcow2 COW with minimal L2 cache size
>
> Michael Roth (2):
> Revert "block: Fix unaligned zero write"
> target-ppc: fix hugepage support when using memory-backend-file
>
> Michal Kazior (1):
> usb: fix usb-net segfault
>
> Paolo Bonzini (1):
> scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
>
> Peter Lieven (2):
> block/iscsi: do not forget to logout from target
> block/nfs: limit maximum readahead size to 1MB
>
> Peter Maydell (1):
> target-arm: Avoid buffer overrun on UNPREDICTABLE ldrd/strd
>
> Petr Matousek (2):
> fdc: force the fifo access to be in bounds of the allocated buffer
> i8254: fix out-of-bounds memory access in pit_ioport_read()
>
> Shannon Zhao (1):
> hw/acpi/aml-build: Fix memory leak
>
> Stefan Hajnoczi (1):
> bt-sdp: fix broken uuids power-of-2 calculation
>
> 马文霜 (1):
> Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
>
> block.c | 215
> +++++++++++++++++++++++++++++++++++++++++++-------------------
> block/iscsi.c | 6 ++
> block/mirror.c | 28 ++++++--
> block/nfs.c | 7 ++
> block/qcow2-refcount.c | 5 ++
> block/qcow2.h | 3 +-
> block/vmdk.c | 40 ++++++++----
> block/vpc.c | 18 ++++--
> blockdev.c | 5 ++
> hmp.c | 2 +-
> hw/acpi/aml-build.c | 1 +
> hw/block/fdc.c | 17 +++--
> hw/bt/sdp.c | 2 +-
> hw/char/spapr_vty.c | 4 ++
> hw/core/sysbus.c | 16 ++---
> hw/ide/atapi.c | 1 +
> hw/ide/core.c | 32 ++++++++--
> hw/net/virtio-net.c | 25 ++++++--
> hw/s390x/ipl.c | 4 +-
> hw/s390x/virtio-ccw.c | 39 +++++++-----
> hw/scsi/scsi-bus.c | 7 +-
> hw/timer/i8254.c | 6 ++
> hw/usb/dev-network.c | 4 ++
> hw/vfio/pci.c | 10 +--
> hw/virtio/vhost.c | 8 +--
> include/block/block.h | 4 ++
> include/block/block_int.h | 2 +
> include/hw/virtio/virtio-access.h | 9 +++
> kvm-all.c | 17 +++--
> nbd.c | 2 +-
> qapi-schema.json | 4 +-
> qapi/block-core.json | 8 ++-
> qga/commands-posix.c | 9 ++-
> qmp-commands.hx | 3 +
> scripts/qmp/qmp.py | 95
> ++++++++++++++++++---------
> target-arm/translate.c | 56 +++++++++-------
> target-mips/kvm.c | 21 ++----
> target-ppc/kvm.c | 57 +++++++++++++++--
> tests/qemu-iotests/033 | 13 ++++
> tests/qemu-iotests/033.out | 30 +++++++++
> tests/qemu-iotests/041 | 66 +++++--------------
> tests/qemu-iotests/103 | 10 +++
> tests/qemu-iotests/103.out | 5 ++
> tests/qemu-iotests/132 | 59 +++++++++++++++++
> tests/qemu-iotests/132.out | 5 ++
> tests/qemu-iotests/135 | 54 ++++++++++++++++
> tests/qemu-iotests/135.out | 5 ++
> tests/qemu-iotests/group | 2 +
> tests/qemu-iotests/iotests.py | 61 ++++++++++++++++++
> tests/qemu-iotests/sample_images/afl5.img.bz2 | Bin 0 -> 175 bytes
> ui/input-keymap.c | 4 ++
> ui/sdl2.c | 4 ++
> ui/spice-display.c | 9 +--
> ui/vnc.c | 9 ++-
> ui/x_keymap.c | 4 +-
> 55 files changed, 839 insertions(+), 293 deletions(-)
> create mode 100644 tests/qemu-iotests/132
> create mode 100644 tests/qemu-iotests/132.out
> create mode 100755 tests/qemu-iotests/135
> create mode 100644 tests/qemu-iotests/135.out
> create mode 100644 tests/qemu-iotests/sample_images/afl5.img.bz2
>
>
