Hi everyone, I am pleased to announce that the QEMU v5.0.1 stable release is now available:
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v5.0.1 is now tagged in the official qemu.git repository, and the stable-5.0 branch has been updated accordingly: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-5.0 This update contains general fixes for various architectures/subsystems, including the following CVE fixes: ati-vga (CVE-2020-13800) MMIO (CVE-2020-13754) NBD server (CVE-2020-10761) sdcard (CVE-2020-13253) usb (CVE-2020-14364) virtiofsd (CVE-2020-10717) Please see the changelog for additional details and update accordingly. Thank you to everyone involved! CHANGELOG: 386b2a5767: Update version for 5.0.1 release (Michael Roth) 5c49f7ee3b: riscv: sifive_test: Allow 16-bit writes to memory region (Nathan Chancellor) b8fdfa9d63: virtio-ccw: fix virtio_set_ind_atomic (Halil Pasic) ebf5b3946e: nvram: Exit QEMU if NVRAM cannot contain all -prom-env data (Greg Kurz) f2fd6555c7: 9p: null terminate fs driver options list (Prasad J Pandit) f243bb4b0d: usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) a575af07b8: hw/arm/sbsa-ref: fix typo breaking PCIe IRQs (Graeme Gregory) 5e817ece11: virtio-net: align RSC fields with updated virtio-net header (Yuri Benditovich) b57df52546: nbd: Fix large trim/zero requests (Eric Blake) 921352867b: iotests/028: Add test for cross-base-EOF reads (Max Reitz) dcf682dd13: block: Fix bdrv_aligned_p*v() for qiov_offset != 0 (Max Reitz) 08550a9940: migration/block-dirty-bitmap: fix dirty_bitmap_mig_before_vm_start (Vladimir Sementsov-Ogievskiy) b52a91816e: Update OpenBIOS images to 7f28286f built from submodule. (Mark Cave-Ayland) eca194d43c: libvhost-user: Report descriptor index on panic (Philippe Mathieu-Daudé) d8f0b2bbf4: virtio-pci: Changed vdev to proxy for VirtIO PCI BAR callbacks. (Andrew Melnychenko) 58c523563d: intel_iommu: Use correct shift for 256 bits qi descriptor (Liu Yi L) 7c4c30e764: virtio-balloon: Replace free page hinting references to 'report' with 'hint' (Alexander Duyck) 595c40575b: linux-headers: update against Linux 5.7-rc3 (Cornelia Huck) 6261aa4ff5: virtio-balloon: always indicate S_DONE when migration fails (David Hildenbrand) 7eb63fccf4: virtio-balloon: Add locking to prevent possible race when starting hinting (Alexander Duyck) 67808fda37: virtio-balloon: Prevent guest from starting a report when we didn't request one (Alexander Duyck) c16fd8a2bb: qdev: Fix device_add DRIVER,help to print to monitor (Markus Armbruster) d2581f25ec: tests: tpm: Skip over pcrUpdateCounter byte in result comparison (Stefan Berger) 42e9a42083: tpm: tpm_spapr: Exit on TPM backend failures (Stefan Berger) 2f783fb459: target/hppa: Free some temps in do_sub (Richard Henderson) d7fab184e9: hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daudé) c8966bff5f: hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daudé) e569ca39fa: hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daudé) 6a34f7752f: hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daudé) 557980ba70: hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daudé) b6f4d5bf20: tests/acceptance/boot_linux: Expand SD card image to power of 2 (Philippe Mathieu-Daudé) bc67d011c3: tests/acceptance: refactor boot_linux_console test to allow code reuse (Pavel Dovgalyuk) 5bdcc0f3ed: tests/acceptance: refactor boot_linux to allow code reuse (Pavel Dovgalyuk) f756254e0a: tests/acceptance: allow console interaction with specific VMs (Pavel Dovgalyuk) 7b41093d14: tests/acceptance/boot_linux: Tag tests using a SD card with 'device:sd' (Philippe Mathieu-Daudé) acb988e20c: docs/orangepi: Add instructions for resizing SD image to power of two (Niek Linnenbank) 3ddb01cd14: qga: Use qemu_get_host_name() instead of g_get_host_name() (Michal Privoznik) ad1169e23c: util: Introduce qemu_get_host_name() (Michal Privoznik) a799013e71: qga: fix assert regression on guest-shutdown (Marc-André Lureau) 54e74a45a5: chardev/tcp: Fix error message double free error (lichun) 9380cb9de2: nbd: Avoid off-by-one in long export name truncation (Eric Blake) b3e49baa79: usb/dev-mtp: Fix Error double free after inotify failure (Markus Armbruster) 558905635b: error: Use error_reportf_err() where appropriate (Markus Armbruster) b17b3c209b: net/virtio: Fix failover_replug_primary() return value regression (Markus Armbruster) 7a1f17a51e: hw/audio/gus: Fix registers 32-bit access (Allan Peramaki) 0aad2a5255: virtiofsd: Whitelist fchmod (Max Reitz) 0fd3972e1c: hw/net/e1000e: Do not abort() on invalid PSRCTL register value (Philippe Mathieu-Daudé) 045849b078: hw/display/artist: Unbreak size mismatch memory accesses (Helge Deller) 974b857df6: acpi: accept byte and word access to core ACPI registers (Michael Tokarev) 782e94132a: xhci: fix valid.max_access_size to access address registers (Laurent Vivier) 182be02962: hw/riscv: Allow 64 bit access to SiFive CLINT (Alistair Francis) b14cd263ad: memory: Revert "memory: accept mismatching sizes in memory_region_access_valid" (Michael S. Tsirkin) 68d84b133d: libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) e399bb1bf1: libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) 160546b81e: linux-user/strace.list: fix epoll_create{,1} -strace output (Sergei Trofimovich) dcc935873b: aio-posix: disable fdmon-io_uring when GSource is used (Stefan Hajnoczi) 5145f2471c: aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy() (Stefan Hajnoczi) 458ae56d22: KVM: x86: believe what KVM says about WAITPKG (Paolo Bonzini) 521898ac31: net: use peer when purging queue in qemu_flush_or_purge_queue_packets() (Jason Wang) c1abbd0f04: virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) (Stefan Hajnoczi) a637ea0c52: virtiofsd: add --rlimit-nofile=NUM option (Stefan Hajnoczi) 73a01bc9b0: iotests/283: Use consistent size for source and target (Kevin Wolf) d723a57acd: Fix tulip breakage (Helge Deller) dd506af071: es1370: check total frame count against current frame (Prasad J Pandit) 387a3ac89d: ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) cb84d9d353: xen/9pfs: yield when there isn't enough room on the ring (Stefano Stabellini) b38d9cada4: Revert "9p: init_in_iov_from_pdu can truncate the size" (Stefano Stabellini) f56a86ad8d: xen-9pfs: Fix log messages of reply errors (Christian Schoenebeck) 5bfdf41d7c: 9pfs: include linux/limits.h for XATTR_SIZE_MAX (Dan Robertson) e37ba5c637: 9pfs: local: ignore O_NOATIME if we don't have permissions (Omar Sandoval) 4cc0a28a6e: block: Call attention to truncation of long NBD exports (Eric Blake) d1cba8ca60: virtio-balloon: unref the iothread when unrealizing (David Hildenbrand) 945d9273c8: virtio-balloon: fix free page hinting check on unrealize (David Hildenbrand) 99458fbb56: virtio-balloon: fix free page hinting without an iothread (David Hildenbrand) d48973dc26: nbd/server: Avoid long error message assertions CVE-2020-10761 (Eric Blake) c6414cb183: net: Do not include a newline in the id of -nic devices (Thomas Huth) 250322bfbd: 9p: Lock directory streams with a CoMutex (Greg Kurz) bdac9aabd9: qemu-nbd: Close inherited stderr (Raphael Pour) 352259fef8: target/arm: Clear tail in gvec_fmul_idx_*, gvec_fmla_idx_* (Richard Henderson) 9e6e3ba309: hostmem: don't use mbind() if host-nodes is empty (Igor Mammedov)