Hi everyone, I am pleased to announce that the QEMU v6.0.1 stable release is now available.
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v6.0.1 is now tagged in the official qemu.git repository, and the stable-6.0 branch has been updated accordingly: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-6.0 This update contains general fixes for various architectures/subsystems, including the following CVE fixes: MPTSAS (CVE-2021-3392) RDMA (CVE-2021-3582, CVE-2021-3607, CVE-2021-3608) USB/UAS (CVE-2021-3527, CVE-2021-3713) vhost-user-gpu (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) virtio-net (CVE-2021-3748) Please see the changelog for additional details and update accordingly. Thank you to everyone involved! CHANGELOG: 9654e55a74: Update version for 6.0.1 release (Michael Roth) db882c5c18: Partially revert "build: -no-pie is no functional linker flag" (Jessica Clarke) 62a012b0f4: hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write() (Helge Deller) 487a0956a1: libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr (David Hildenbrand) c18bc855ad: vhost-user: fix duplicated notifier MR init (Xueming Li) 27c6f20d9d: pvrdma: Fix the ring init error flow (CVE-2021-3608) (Marcel Apfelbaum) 46d3c9e9f5: pvrdma: Ensure correct input on ring init (CVE-2021-3607) (Marcel Apfelbaum) d25db58213: hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) (Marcel Apfelbaum) 4787501893: vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) (Li Qiang) 07daff4a9a: vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) (Li Qiang) 4dda63d7ed: vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) (Li Qiang) 457053998d: vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) (Li Qiang) 6ae68dfd10: vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) (Li Qiang) c5300b8a94: vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) (Li Qiang) 168299eb7d: vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545) (Li Qiang) e204dca909: usb: limit combined packets to 1 MiB (CVE-2021-3527) (Gerd Hoffmann) 606f618b3c: usb/redir: avoid dynamic stack allocation (CVE-2021-3527) (Gerd Hoffmann) 36403e8788: uas: add stream number sanity checks. (Gerd Hoffmann) 5a964fe8d9: virtio-mem-pci: Fix memory leak when creating MEMORY_DEVICE_SIZE_CHANGE event (David Hildenbrand) f22c225e23: hmp: Unbreak "change vnc" (Markus Armbruster) 916372e48f: qemu-nbd: Change default cache mode to writeback (Nir Soffer) 5881d76ff4: virtio-net: fix use after unmap/free for sg (Jason Wang) 2ae61d81a5: target/arm: Don't skip M-profile reset entirely in user mode (Peter Maydell) 4fca33b4be: audio: Never send migration section (Dr. David Alan Gilbert) 978c11b013: hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30 (Philippe Mathieu-Daudé) 21611dd0a5: hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT (Philippe Mathieu-Daudé) 4d3cfb2f6b: hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes (Pavel Pisa) 7999d5b12f: virtio-balloon: don't start free page hinting if postcopy is possible (David Hildenbrand) 6576f6ab87: hw/nvme: fix pin-based interrupt behavior (again) (Klaus Jensen) bef905cd8a: hw/nvme: fix missing check for PMR capability (Klaus Jensen) aa99651295: hw/block/nvme: align with existing style (Gollu Appalanaidu) 765ed56e76: tests: acpi: pc: update expected DSDT blobs (Igor Mammedov) b989641145: acpi: pc: revert back to v5.2 PCI slot enumeration (Igor Mammedov) e23fe27ed9: tests: acpi: prepare for changing DSDT tables (Igor Mammedov) 22de6752c1: yank: Unregister function when using TLS migration (Leonardo Bras) 747fd3cb13: crypto: Make QCryptoTLSCreds* structures private (Philippe Mathieu-Daudé) 43844c2fb2: ui/vnc: Use qcrypto_tls_creds_check_endpoint() (Philippe Mathieu-Daudé) a1c966bdf4: migration/tls: Use qcrypto_tls_creds_check_endpoint() (Philippe Mathieu-Daudé) 0a7e2c99f9: chardev/socket: Use qcrypto_tls_creds_check_endpoint() (Philippe Mathieu-Daudé) 8d5c255a25: qemu-nbd: Use qcrypto_tls_creds_check_endpoint() (Philippe Mathieu-Daudé) 738ff4bf07: block/nbd: Use qcrypto_tls_creds_check_endpoint() (Philippe Mathieu-Daudé) 7e84d58e8b: crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper (Philippe Mathieu-Daudé) 072a8d3693: block/nvme: Fix VFIO_MAP_DMA failed: No space left on device (Philippe Mathieu-Daudé) 0a579d4389: hw/pci-host/q35: Ignore write of reserved PCIEXBAR LENGTH field (Philippe Mathieu-Daudé) 059ad82f38: tcg: Allocate sufficient storage in temp_allocate_frame (Richard Henderson) 1a0a1c4964: tcg/sparc: Fix temp_allocate_frame vs sparc stack bias (Richard Henderson) cdb8a71e2e: vl: Fix an assert failure in error path (Zhenzhong Duan) 5b55370e28: vfio: Fix unregister SaveVMHandler in vfio_migration_finalize (Kunkun Jiang) d1000ee07b: runstate: Initialize Error * to NULL (Peng Liang) b6f5c02f5f: esp: only set ESP_RSEQ at the start of the select sequence (Mark Cave-Ayland) 44e5878ce3: esp: only assert INTR_DC interrupt flag if selection fails (Mark Cave-Ayland) 8d719825d9: vhost-vdpa: don't initialize backend_features (Jason Wang) ad8c49081a: configure: fix detection of gdbus-codegen (Paolo Bonzini) fcfe1509a1: hmp: Fix loadvm to resume the VM on success instead of failure (Kevin Wolf) 9b0ee423a1: sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog (Stefan Hajnoczi) 5b96b36a61: vl: plug -object back into -readconfig (Paolo Bonzini) c675ba821c: vl: plumb keyval-based options into -readconfig (Paolo Bonzini) 203f0ba144: qemu-config: parse configuration files to a QDict (Paolo Bonzini) 701ff59cc4: qemu-config: load modules when instantiating option groups (Paolo Bonzini) 4e1eef8611: qemu-option: support accept-any QemuOptsList in qemu_opts_absorb_qdict (Paolo Bonzini) ab33188125: target/xtensa: fix access ring in l32ex (Max Filippov) b20eff3ba4: vl: allow not specifying size in -m when using -M memory-backend (Paolo Bonzini) 59ac5e6d61: target/ppc: Fix load endianness for lxvwsx/lxvdsx (Giuseppe Musacchio) e2258e5279: target/i386: Exit tb after wrmsr (Richard Henderson) fdf58b451b: migration/rdma: Fix cm_event used before being initialized (Li Zhijian) 318b076356: monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB (Stefan Reiter) c1d1c0b4c3: docs/system: Document the removal of "compat" property for POWER CPUs (Greg Kurz) 5d0c78455e: linux-user/aarch64: Enable hwcap for RND, BTI, and MTE (Richard Henderson) 1513997aa2: multi-process: Initialize variables declared with g_auto* (Zenghui Yu)
