Hi everyone, I am pleased to announce that the QEMU v2.10.2 stable release is now available:
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v2.10.2 is now tagged in the official qemu.git repository, and the stable-2.10 branch has been updated accordingly: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.10 This update contains security fixes addressing potential buffer overruns when using cirrus VGA or NBD (CVE-2017-13672 and CVE-2017-15118, respectively) and potential host DoS through client-induced memory exhaustion when using VNC websockets or NBD (CVE-2017-15268 and CVE-2017-15119, respectively). There are also the normal range of general fixes. Please see the changelog for additional details and update accordingly. Thank you to everyone involved! CHANGELOG: ba87166e14: Update version for 2.10.2 release (Michael Roth) b7d059b91f: spapr: don't initialize PATB entry if max-cpu-compat < power9 (Laurent Vivier) 2f3e3890c4: target/ppc: Update setting of cpu features to account for compat modes (Suraj Jitindar Singh) 26c1b49d56: vfio: Fix vfio-kvm group registration (Alex Williamson) 5f214279d4: spapr: Include "pre-plugged" DIMMS in ram size calculation at reset (David Gibson) 9c7714afd7: vga: handle cirrus vbe mode wraparounds. (Gerd Hoffmann) a0ad811956: vga: drop line_offset variable (Gerd Hoffmann) b81833fe7d: nbd/client: Don't hard-disconnect on ESHUTDOWN from server (Eric Blake) 0fd80ef569: nbd-client: Refuse read-only client with BDRV_O_RDWR (Eric Blake) b01b1609e6: nbd/server: fix nbd_negotiate_handle_info (Vladimir Sementsov-Ogievskiy) 82ded5166b: vhost: fix error check in vhost_verify_ring_mappings() (Greg Kurz) 227196c1e7: nbd/server: CVE-2017-15118 Stack smash on large export name (Eric Blake) 2ce8993512: nbd/server: CVE-2017-15119 Reject options larger than 32M (Eric Blake) c2269a0b54: virtio-net: don't touch virtqueue if vm is stopped (Jason Wang) 30e499bdc9: block/nfs: fix nfs_client_open for filesize greater than 1TB (Peter Lieven) e1a2a27327: scripts/make-release: ship u-boot source as a tarball (Michael Roth) a77c5873fe: spapr: reset DRCs after devices (Greg Kurz) 0a5a2b938a: hw/ppc: clear pending_events on machine reset (Daniel Henrique Barboza) 0bc76c8d08: vhost: restore avail index from vring used index on disconnection (Maxime Coquelin) 059422ddbc: virtio: Add queue interface to restore avail index from vring used index (Maxime Coquelin) d6c99e8ff5: util/stats64: Fix min/max comparisons (Max Reitz) 56a10ff664: nbd/client: Use error_prepend() correctly (Eric Blake) 69f562ad9e: net: fix check for number of parameters to -netdev socket (Jens Freimann) 957bd48acf: net/socket: fix coverity issue (Jens Freimann) 3a82a03a2e: hw/intc/arm_gicv3_its: Don't abort on table save failure (Eric Auger) b637b865ed: translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD (Peter Maydell) 3342fd0286: ppc: fix setting of compat mode (Greg Kurz) e0809fcc4b: io: monitor encoutput buffer size from websocket GSource (Daniel P. Berrange) e31942b486: nios2: define tcg_env (Paolo Bonzini) 5aa698ab5f: iotests: Add cluster_size=64k to 125 (Max Reitz) 39475b8805: qcow2: Always execute preallocate() in a coroutine (Max Reitz) a25aca75f8: qcow2: Fix unaligned preallocated truncation (Max Reitz) 64f62e4e90: hw/sd: fix out-of-bounds check for multi block reads (Michael Olbrich) d765c5e577: memory: fix off-by-one error in memory_region_notify_one() (Maxime Coquelin) ae13e2cfa8: exec: simplify address_space_get_iotlb_entry (Peter Xu) c9dbe3e0fc: exec: add page_mask for flatview_do_translate (Peter Xu) 496f97293e: memory: Share special empty FlatView (Alexey Kardashevskiy) 639701e4f2: memory: seek FlatView sharing candidates among children subregions (Paolo Bonzini) 5dbd1f7884: memory: trace FlatView creation and destruction (Paolo Bonzini) 5b5e49ab5f: memory: Create FlatView directly (Alexey Kardashevskiy) a7bb94e784: memory: Get rid of address_space_init_shareable (Alexey Kardashevskiy) 7dd7f7ef44: memory: Do not allocate FlatView in address_space_init (Alexey Kardashevskiy) e8c7ea3e75: memory: Share FlatView's and dispatch trees between address spaces (Alexey Kardashevskiy) c943efe8b5: memory: Move address_space_update_ioeventfds (Alexey Kardashevskiy) c14ce078b2: memory: Alloc dispatch tree where topology is generared (Alexey Kardashevskiy) 260d3646b0: memory: Store physical root MR in FlatView (Alexey Kardashevskiy) 08101db63b: memory: Rename mem_begin/mem_commit/mem_add helpers (Alexey Kardashevskiy) eff5ed4ae9: memory: Cleanup after switching to FlatView (Alexey Kardashevskiy) f7774e329b: memory: Switch memory from using AddressSpace to FlatView (Alexey Kardashevskiy) 3568e11940: memory: avoid "resurrection" of dead FlatViews (Paolo Bonzini) d0136db812: memory: Remove AddressSpace pointer from AddressSpaceDispatch (Alexey Kardashevskiy) 4d2f8abb22: memory: Move AddressSpaceDispatch from AddressSpace to FlatView (Alexey Kardashevskiy) de7e6815b8: memory: Move FlatView allocation to a helper (Alexey Kardashevskiy) 1b04a15809: memory: Open code FlatView rendering (Alexey Kardashevskiy) 6424975ce9: exec: Explicitly export target AS from address_space_translate_internal (Alexey Kardashevskiy) 4af42e3cf1: block: Perform copy-on-read in loop (Eric Blake) 26914ce48d: kvmclock: use the updated system_timer_msr (Jim Somerville) 49958d37e7: block/mirror: check backing in bdrv_mirror_top_flush (Vladimir Sementsov-Ogievskiy) b234266086: hw/usb/bus: Remove bad object_unparent() from usb_try_create_simple() (Thomas Huth) 62695f60c3: hw/ppc: CAS reset on early device hotplug (Daniel Henrique Barboza)
