[Qemu-devel] [ANNOUNCE] QEMU 2.0.2 Stable released

[Michael Roth]

Hi everyone,

I am pleased to announce that the QEMU v2.0.2 stable release is now
available at:

  http://wiki.qemu.org/download/qemu-2.0.2.tar.bz2

v2.0.2 is now tagged in the official qemu.git repository,
and the stable-2.0 branch has been updated accordingly:

  http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.0

This release contains 117 build/bug fixes, including important security
updates relating to untrusted guest image files and migration/savevm
sources. See the changelog below for relevant CVEs and additional
details. This also enables live commiting of the active image layer
to backing files via the QMP block-commit command.

Please note that due to some build issues identified just prior to
the v2.0.1 release, the version was bumped to 2.0.2 to capture fixes
for the issue. As a result, no separate tarball for 2.0.1 will be
released.

Thank you to everyone involved!

CHANGELOG:

f053f6b: Update VERSION for 2.0.2 release (Michael Roth)
3d79eb5: audio: fmopl: drop INLINE macro (Luiz Capitulino)
6ec48b0: fpu: softfloat: drop INLINE macro (Luiz Capitulino)
5433472: Update VERSION for 2.0.1 release (Michael Roth)
3c548f6: mirror: Fix qiov size for short requests (Kevin Wolf)
d0d83e8: qemu-iotests: Test 0-length image for mirror (Fam Zheng)
98103fa: block: make 'top' argument to block-commit optional (Jeff Cody)
e5f0eb0: qemu-iotests: Test BLOCK_JOB_READY event for 0Kb image active commit 
(Fam Zheng)
43ac708: mirror: Go through ready -> complete process for 0 len image (Fam 
Zheng)
8e09e20: blockjob: Add block_job_yield() (Fam Zheng)
520b341: mirror: Fix resource leak when bdrv_getlength fails (Fam Zheng)
e0efb02: hw/arm/boot: Set PC correctly when loading AArch64 ELF files (Peter 
Maydell)
d56b0b8: hw/misc/imx_ccm.c: Add missing VMState list terminator (Peter Maydell)
750f169: vmstate_xhci_event: fix unterminated field list (Laszlo Ersek)
046e357: kvm-all: Use 'tmpcpu' instead of 'cpu' in sub-looping to avoid 'cpu' 
be NULL (Chen Gang)
b1251db: cadence_uart: check for serial backend before using it. (KONRAD 
Frederic)
29cffd3: s390x/kvm: synchronize guest floating point registers (Jason J. Herne)
5a782bb: disas/libvixl: prepend the include path of libvixl header files 
(Stefano Stabellini)
ad0d183: mc146818rtc: register the clock reset notifier on the right clock 
(Paolo Bonzini)
210ec8f: pci: assign devfn to pci_dev before calling 
pci_device_iommu_address_space() (Le Tan)
55103ab: Allow mismatched virtio config-len (Dr. David Alan Gilbert)
3bb84a6: virtio: validate config_len on load (Michael S. Tsirkin)
48935f0: virtio: out-of-bounds buffer write on invalid state load (Michael S. 
Tsirkin)
3477445: hw: Fix qemu_allocate_irqs() leaks (Andreas Färber)
7be09af: sdhci: Fix misuse of qemu_free_irqs() (Andreas Färber)
cab7dfc: pc: make isapc and pc-0.10 to pc-0.13 have 1.7.0 memory layout (Don 
Slutz)
b5706a7: SMBIOS: Rename symbols to better reflect future use (Gabriel L. Somlo)
4197181: nbd: Shutdown socket before closing. (Hani Benhabiles)
3f977a5: nbd: Close socket on negotiation failure. (Hani Benhabiles)
80cfe4a: nbd: Don't validate from and len in NBD_CMD_DISC. (Hani Benhabiles)
01083f1: nbd: Don't export a block device with no medium. (Hani Benhabiles)
9221efd: virtio-serial: don't migrate the config space (Alexander Graf)
4ce91be: virtio-net: byteswap virtio-net header (Cédric Le Goater)
b2f0e92: target-i386: Filter FEAT_7_0_EBX TCG features too (Eduardo Habkost)
f9ac1dc: target-i386: Make TCG feature filtering more readable (Eduardo Habkost)
a1d8207: hw/xtensa/xtfpga: fix FLASH mapping to boot region for KC705 (Max 
Filippov)
e4b3a2b: coroutine-win32.c: Add noinline attribute to work around gcc bug 
(Peter Maydell)
84461c7: q35: Use PC_Q35_COMPAT_1_4 on pc-q35-1.4 compat_props (Eduardo Habkost)
552e70d: KVM: Fix GSI number space limit (Alexander Graf)
6ef0b7a: usb: Fix usb-bt-dongle initialization. (Hani Benhabiles)
aa69eda: virtio-scsi: define dummy handle_output for vhost-scsi vqs (Ming Lei)
8dedaf0: vhost: fix resource leak in error handling (Michael S. Tsirkin)
eb3eb3d: scsi-disk: fix bug in scsi_block_new_request() introduced by commit 
137745c (Ulrich Obergfell)
88efef6: qdev: recursively unrealize devices when unrealizing bus (Paolo 
Bonzini)
ab139bf: qdev: reorganize error reporting in bus_set_realized (Paolo Bonzini)
d728daf: hw: Consistently name Error ** objects errp, and not err (Markus 
Armbruster)
0f00455: rdma: bug fixes (Michael R. Hines)
6ea6bd5: migration: catch unknown flags in ram_load (Peter Lieven)
86cfc10: arch_init: Be sure of only one exit entry with DPRINTF() for 
ram_load() (Chen Gang)
fe7e98c: migration: remove duplicate code (ChenLiang)
ba980a5: qga: Fix handle fd leak in acquire_privilege() (Gonglei)
df54f5e: aio: fix qemu_bh_schedule() bh->ctx race condition (Stefan Hajnoczi)
0d38666: s390x/css: handle emw correctly for tsch (Cornelia Huck)
27fb65d: target-arm: Fix errors in writes to generic timer control registers 
(Peter Maydell)
6ea80ed: tcg-i386: Fix win64 qemu store (Richard Henderson)
f99329c: linux-user: Don't overrun guest buffer in sched_getaffinity (Peter 
Maydell)
207f61d: qcow2: Plug memory leak on qcow2_invalidate_cache() error paths 
(Markus Armbruster)
d1567e2: block: Plug memory leak on brv_open_image() error path (Markus 
Armbruster)
5e3322e: qemu-io: Plug memory leak in open command (Markus Armbruster)
5a0913f: blockdev: Plug memory leak in blockdev_init() (Markus Armbruster)
40a3fb5: blockdev: Plug memory leak in drive_init() (Markus Armbruster)
98646a1: block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR 
(Markus Armbruster)
53bdfb5: block/vvfat: Plug memory leak in check_directory_consistency() (Markus 
Armbruster)
a3e3f09: block/vvfat: Plug memory leak in read_directory() (Markus Armbruster)
7812cbe: block/sheepdog: Plug memory leak in sd_snapshot_create() (Markus 
Armbruster)
12d5fc6: qemu-img: Plug memory leak in convert command (Markus Armbruster)
b203bba: input (curses): mask keycodes to remove modifier bits (Andrew Oates)
91148de: cputlb: Fix regression with TCG interpreter (bug 1310324) (Stefan Weil)
ae2e18e: target-xtensa: fix cross-page jumps/calls at the end of TB (Max 
Filippov)
2dbd09f: virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path 
(Markus Armbruster)
3d5acbe: qcow1: Stricter backing file length check (Kevin Wolf)
a4b73ed: qcow1: Validate image size (CVE-2014-0223) (Kevin Wolf)
a3967c7: qcow1: Validate L2 table size (CVE-2014-0222) (Kevin Wolf)
5c85998: qcow1: Check maximum cluster size (Kevin Wolf)
d234c8f: qcow1: Make padding in the header explicit (Kevin Wolf)
3ba1e61: virtio: allow mapping up to max queue size (Michael S. Tsirkin)
96e7f7a: pci-assign: limit # of msix vectors (Michael S. Tsirkin)
c230ab2: Revert "qapi: Clean up superfluous null check in 
qapi_dealloc_type_str()" (Peter Lieven)
274c96e: configure: remove bashism (Michael Tokarev)
32c113c: spapr_pci: Fix number of returned vectors in ibm, change-msi (Alexey 
Kardashevskiy)
912d9cc: linux-user/elfload.c: Fix A64 code which was incorrectly acting like 
A32 (Peter Maydell)
074f673: linux-user/elfload.c: Update ARM HWCAP bits (Peter Maydell)
83b1dc1: linux-user/elfload.c: Fix incorrect ARM HWCAP bits (Peter Maydell)
c2d3722: target-arm: Make vbar_write 64bit friendly on 32bit hosts (Edgar E. 
Iglesias)
e40585f: target-arm: A64: Handle blr lr (Edgar E. Iglesias)
837e02e: qdev: Fix crash by validating the object type (Amos Kong)
46a1b0e: target-i386: fix set of registers zeroed on reset (Paolo Bonzini)
a14d429: s390x/kvm: rework KVM synchronize to tracing for some ONEREGS 
(Christian Borntraeger)
2ac9549: stellaris_enet: block migration (Michael S. Tsirkin)
2f18e44: acpi: fix tables for no-hpet configuration (Michael S. Tsirkin)
4c1e064: po/Makefile: fix $SRC_PATH reference (Michael Tokarev)
4a7a497: s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG 
(David Hildenbrand)
7dfa87e: block: Prevent coroutine stack overflow when recursing in 
bdrv_open_backing_file. (Benoît Canet)
7b0387a: arm: translate.c: Fix smlald Instruction (Peter Crosthwaite)
1624861: megasas: Implement LD_LIST_QUERY (Hannes Reinecke)
fb03901: target-arm: A64: fix unallocated test of scalar SQXTUN (Alex Bennée)
5ad12b3: virtio-scsi: fix buffer overrun on invalid state load (Michael S. 
Tsirkin)
15c35df: usb: sanity check setup_index+setup_len in post_load (Michael S. 
Tsirkin)
e7ff139: zaurus: fix buffer overrun on invalid state load (Michael S. Tsirkin)
894f179: tsc210x: fix buffer overrun on invalid state load (Michael S. Tsirkin)
2265c71: ssd0323: fix buffer overun on invalid state load (Michael S. Tsirkin)
95d9149: ssi-sd: fix buffer overrun on invalid state load (Michael S. Tsirkin)
eb55958: pxa2xx: avoid buffer overrun on incoming migration (Michael S. Tsirkin)
1124696: openpic: avoid buffer overrun on incoming migration (Michael Roth)
4e48018: virtio: validate num_sg when mapping (Michael S. Tsirkin)
7297dba: virtio: avoid buffer overrun on incoming migration (Michael Roth)
9c01a91: vmstate: fix buffer overflow in target-arm/machine.c (Michael S. 
Tsirkin)
7cf5f5d: pl022: fix buffer overun on invalid state load (Michael S. Tsirkin)
f7ef3baa: hw/pci/pcie_aer.c: fix buffer overruns on invalid state load (Michael 
S. Tsirkin)
3c60661: hpet: fix buffer overrun on invalid state load (Michael S. Tsirkin)
d4c9095: ahci: fix buffer overrun on invalid state load (Michael S. Tsirkin)
331c549: virtio-net: out-of-bounds buffer write on load (Michael S. Tsirkin)
b24cfb0: virtio-net: out-of-bounds buffer write on invalid state load (Michael 
S. Tsirkin)
7872f3e: virtio-net: fix buffer overflow on invalid state load (Michael S. 
Tsirkin)
3902521: vmstate: add VMSTATE_VALIDATE (Michael S. Tsirkin)
49e8918: vmstate: add VMS_MUST_EXIST (Michael S. Tsirkin)
6067df7: vmstate: reduce code duplication (Michael S. Tsirkin)
9ee8ab5: hw/net/stellaris_enet: Correct handling of packet padding (Peter 
Maydell)
c8723d4: hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer 
overrun (Peter Maydell)