From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42278)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1ZPG9R-00065Y-5n
	for qemu-devel@nongnu.org; Tue, 11 Aug 2015 16:28:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1ZPG9N-0001uz-Sx
	for qemu-devel@nongnu.org; Tue, 11 Aug 2015 16:28:01 -0400
Received: from e18.ny.us.ibm.com ([129.33.205.208]:43227)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1ZPG9N-0001un-P9
	for qemu-devel@nongnu.org; Tue, 11 Aug 2015 16:27:57 -0400
Received: from /spool/local
	by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
	Tue, 11 Aug 2015 16:27:55 -0400
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-ID: <20150811202744.5271.52233@loki>
Date: Tue, 11 Aug 2015 15:27:44 -0500
Subject: [Qemu-devel] [ANNOUNCE] QEMU 2.3.1 Stable released
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org

Hi everyone,

I am pleased to announce that the QEMU v2.3.1 stable release is now
available at:

  http://wiki.qemu.org/download/qemu-2.3.1.tar.bz2

v2.3.1 is now tagged in the official qemu.git repository,
and the stable-2.3 branch has been updated accordingly:

  http://git.qemu.org/?p=3Dqemu.git;a=3Dshortlog;h=3Drefs/heads/stable-2.3

In addition to the normal array of general bug fixes, this release
includes a significant number of security fixes/hardening for a
broad range of subsystems, including rtl8139 NIC emulation,
Spice/Cirrus/vmware VGA emulation, i8254 PIT emulation, and
IDE/SCSI/FDC emulation. See commit/change logs for more details.

Users of QEMU 2.3.0 should upgrade to 2.3.1 or 2.4.0 (which also
contains above fixes) accordingly.

Thank you to everyone involved!

CHANGELOG:

dfa83a6: Update version for 2.3.1 release (Michael Roth)
35a616e: qemu-char: handle EINTR for TCP character devices (Paolo Bonzini)
35c30d3: rtl8139: check TCP Data Offset field (CVE-2015-5165) (Stefan Hajno=
czi)
f4c861f: rtl8139: skip offload on short TCP header (CVE-2015-5165) (Stefan =
Hajnoczi)
b7a197c: rtl8139: check IP Total Length field (CVE-2015-5165) (Stefan Hajno=
czi)
8561109: rtl8139: check IP Header Length field (CVE-2015-5165) (Stefan Hajn=
oczi)
ce4f451: rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165) =
(Stefan Hajnoczi)
6722c12: rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165) =
(Stefan Hajnoczi)
8dd45dc: rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) (St=
efan Hajnoczi)
e750591: tcg/mips: fix add2 (Aurelien Jarno)
f9c0ae2: tcg/mips: fix TLB loading for BE host with 32-bit guests (Aurelien=
 Jarno)
c8bd74d: Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) =
(Stefano Stabellini)
d155769: ide: Clear DRQ after handling all expected accesses (Kevin Wolf)
86d6fe4: ide/atapi: Fix START STOP UNIT command completion (Kevin Wolf)
9634e45: ide: Check array bounds before writing to io_buffer (CVE-2015-5154=
) (Kevin Wolf)
0dc545e: block: qemu-iotests - add check for multiplication overflow in vpc=
 (Jeff Cody)
358f0ee: block: vpc - prevent overflow if max_table_entries >=3D 0x40000000=
 (Jeff Cody)
961c74a: scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158) (P=
aolo Bonzini)
98fe91e: vfio/pci: Fix bootindex (Alex Williamson)
46addaa: virtio-net: unbreak any layout (Jason Wang)
5a45687: vfio/pci: Fix RTL8168 NIC quirks (Alex Williamson)
87740ce: mips/kvm: Sign extend registers written to KVM (James Hogan)
8df2a9a: mips/kvm: Fix Big endian 32-bit register access (James Hogan)
c5c71e8: block: Initialize local_err in bdrv_append_temp_snapshot (Fam Zhen=
g)
2060efa: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES (=E9=A9=AC=E6=
=96=87=E9=9C=9C)
8d64975: target-ppc: fix hugepage support when using memory-backend-file (M=
ichael Roth)
9b4420a: spapr_vty: lookup should only return valid VTY objects (David Gibs=
on)
99c3468: s390x/ipl: Fix boot if no bootindex was specified (Christian Bornt=
raeger)
1c17e8c: block/nfs: limit maximum readahead size to 1MB (Peter Lieven)
ffd060d: iotests: add QMP event waiting queue (John Snow)
e4fb4be: iotests: Use event_wait in wait_ready (Fam Zheng)
edc0a65: qemu-iotests: Add test case for mirror with unmap (Fam Zheng)
c62f6c8: qemu-iotests: Make block job methods common (Fam Zheng)
3d8b7ae: block: Fix dirty bitmap in bdrv_co_discard (Fam Zheng)
27ed14c: mirror: Do zero write on target if sectors not allocated (Fam Zhen=
g)
6a45a1b: qmp: Add optional bool "unmap" to drive-mirror (Fam Zheng)
6cacd26: block: Add bdrv_get_block_status_above (Fam Zheng)
e8248a5: virtio-ccw: complete handling of guest-initiated resets (Cornelia =
Huck)
81cb0a5: vhost: correctly pass error to caller in vhost_dev_enable_notifier=
s() (Jason Wang)
6130c46: hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf() (Las=
zlo Ersek)
49ef542: i8254: fix out-of-bounds memory access in pit_ioport_read() (Petr =
Matousek)
c270245: spice-display: fix segfault in qemu_spice_create_update (Gerd Hoff=
mann)
9272707: sdl2: fix crash in handle_windowevent() when restoring the screen =
size (Alberto Garcia)
c759f1a: vmdk: Use vmdk_find_index_in_cluster everywhere (Fam Zheng)
714b544: vmdk: Fix index_in_cluster calculation in vmdk_co_get_block_status=
 (Fam Zheng)
e7e0838: iotests: qcow2 COW with minimal L2 cache size (Max Reitz)
c631ee6: qcow2: Set MIN_L2_CACHE_SIZE to 2 (Max Reitz)
b153c8d: kbd: add brazil kbd keys to x11 evdev map (Gerd Hoffmann)
f450482: kbd: add brazil kbd keys to qemu (Gerd Hoffmann)
ae0fa48: qga/commands-posix: Fix bug in guest-fstrim (Justin Ossevoort)
bb3a1da: hw/acpi/aml-build: Fix memory leak (Shannon Zhao)
b48a391: qemu-iotests: Test unaligned sub-block zero write (Fam Zheng)
cc883fe: block: Fix NULL deference for unaligned write if qiov is NULL (Fam=
 Zheng)
4072585: Revert "block: Fix unaligned zero write" (Michael Roth)
959fad0: fdc: force the fifo access to be in bounds of the allocated buffer=
 (Petr Matousek)
a4bb522: target-arm: Avoid buffer overrun on UNPREDICTABLE ldrd/strd (Peter=
 Maydell)
cf6c213: virtio-net: fix the upper bound when trying to delete queues (Jaso=
n Wang)
cf32978: usb: fix usb-net segfault (Michal Kazior)
ad9c167: qcow2: Flush pending discards before allocating cluster (Kevin Wol=
f)
d8e231f: vmdk: Fix overflow if l1_size is 0x20000000 (Fam Zheng)
53cd79c: vmdk: Fix next_cluster_sector for compressed write (Fam Zheng)
3dd15f3: nbd/trivial: fix type cast for ioctl (Bogdan Purcareata)
4c59860: Strip brackets from vnc host (J=C3=A1n Tomko)
b575af0: block/iscsi: do not forget to logout from target (Peter Lieven)
d3b5978: bt-sdp: fix broken uuids power-of-2 calculation (Stefan Hajnoczi)