Hi everyone, The QEMU v7.2.5 stable release is now available.
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v7.2.5 is now tagged in the official qemu.git repository, and the stable-7.2 branch has been updated accordingly: https://gitlab.com/qemu-project/qemu/-/commits/stable-7.2?ref_type=heads This update contains general fixes for various architectures/subsystems, including the following CVE fixes: virtio-crypto (CVE-2023-3180) QIOChannel (CVE-2023-3354) qemu-guest-agent w32 (CVE-2023-0664) VNC (CVE-2023-3255) Please see the changelog for additional details and update accordingly. Thank you to everyone involved! CHANGELOG: 9abcf9776d: Update version for 7.2.5 release (Michael Tokarev) 5e4beb092d: target/i386: Check CR0.TS before enter_mmx (Matt Borgerson) 5a8fdead85: target/ppc: Fix VRMA page size for ISA v3.0 (Nicholas Piggin) 4afce84629: target/ppc: Fix pending HDEC when entering PM state (Nicholas Piggin) 74619c052d: target/ppc: Implement ASDR register for ISA v3.0 for HPT (Nicholas Piggin) 1306708795: vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mq() (Hawkins Jiawei) 5e67da9668: vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mac() (Hawkins Jiawei) 4e9a35dfa7: vdpa: Fix possible use-after-free for VirtQueueElement (Hawkins Jiawei) 988eeb5930: vfio/pci: Disable INTx in vfio_realize error path (Zhenzhong Duan) da6d0af41d: include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts (Thomas Huth) b58abc4a2b: hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() (Thomas Huth) fd02247083: hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi() (Thomas Huth) 31e7ef997e: hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts (Thomas Huth) bbe3627f44: hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry (Thomas Huth) cf2be5881f: hw/i386/intel_iommu: Fix trivial endianness problems (Thomas Huth) 1451a86f6d: pci: do not respond config requests after PCI device eject (Yuri Benditovich) c9e7442882: target/hppa: Move iaoq registers and thus reduce generated code size (Helge Deller) 35a60ba42c: virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) c315f73841: hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command() (Eric Auger) 5bbd092495: target/m68k: Fix semihost lseek offset computation (Peter Maydell) 93b4033433: target/nios2: Fix semihost lseek offset computation (Keith Packard) 4d92f848f1: target/nios2: Pass semihosting arg to exit (Keith Packard) 5c6b1b20da: io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrangé) f120e4742c: xen-block: Avoid leaks on new error path (Anthony PERARD) e4aae3f819: thread-pool: signal "request_cond" while locked (Anthony PERARD) b629412e9d: qga/win32: Use rundll for VSS installation (Konstantin Kostiuk) daa3277175: linux-user/armeb: Fix __kernel_cmpxchg() for armeb (Helge Deller) d53d3f07dc: target/ppc: Disable goto_tb with architectural singlestep (Richard Henderson) 26a49f9f62: target/arm: Avoid writing to constant TCGv in trans_CSEL() (Peter Maydell) 8cce5d060a: hw/arm/smmu: Handle big-endian hosts correctly (Peter Maydell) ec934266fd: virtio-net: pass Device-TLB enable/disable events to vhost (Viktor Prutyanov) 9a541b2143: vhost: register and change IOMMU flag depending on Device-TLB state (Viktor Prutyanov) 61693479d8: virtio-pci: add handling of PCI ATS and Device-TLB enable/disable (Viktor Prutyanov) 0c8e6ac989: target/loongarch: Fix the CSRRD CPUID instruction on big endian hosts (Thomas Huth) c1bdd3cdc4: target/s390x: Fix assertion failure in VFMIN/VFMAX with type 13 (Ilya Leoshkevich) cdd6b6a764: target/s390x: Make MC raise specification exception when class >= 16 (Ilya Leoshkevich) 0ef0b83104: target/s390x: Fix ICM with M3=0 (Ilya Leoshkevich) 7cf3358451: target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs (Ilya Leoshkevich) 34009bfd68: target/s390x: Fix CLM with M3=0 (Ilya Leoshkevich) 772caa5f23: target/s390x: Make CKSM raise an exception if R2 is odd (Ilya Leoshkevich) 3b80317c91: qemu-nbd: regression with arguments passing into nbd_client_thread() (Denis V. Lunev) 742612345a: qemu-nbd: fix regression with qemu-nbd --fork run over ssh (Denis V. Lunev) 6e216d21b5: qemu-nbd: pass structure into nbd_client_thread instead of plain char* (Denis V. Lunev) 8f8a8f20f4: ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) 2b6a75b78e: hw/ide/piix: properly initialize the BMIBA register (Olaf Hering)
