Here is a set of bugfixes against Qemu Traditional, which are from the
XenServer patch queue.
Patches 1 to 4 are build fixes in a CentOS environment
Patches 5 to 8 are backports of public CVEs, including two remote code
execution vulnerabilities.
Patches 9 to 11 are fixes for crashes which guest activity can cause
Patch 12 is a functional fix to command line parsing
Patches 13 to 15 are fixes from the use of valgrind
Patches 16 to 32 are fixes from Coverity analysis
I have identified Coverity Scan IDs where applicable.
Andrew Cooper (9):
cirrus_vga: default all I/O port reads to 0xff
lm832x: don't overrun file buffer on save/restore
block-vvfat: fix fat_chksum() buffer overrun warning
CVE-2014-8106: cirrus: fix blit region check
CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
CVE-2014-3615: vbe: rework sanity checks
smbios: Don't allocate smbus eeprom buffer
pic: Don't allocate irq buffers
signal: Don't use uninitalised sival_ptr
Aurelien Jarno (1):
cirrus_vga: fix division by 0 for color expansion rop
Chunjie Zhu (2):
ide: cancel dma operations on command abort or error
dma: fix incorrect bh scheduling
Jim Paris (1):
usb-linux.c: fix buffer overflow
Kaifeng Zhu (11):
cmdline: Parse -pciemulation before trying to use it
readline: fix memory corruption when adding history
block-cow: don't close cow_fd twice on error
console: Avoid overrunning the dmask arrays
hw/device-hotplug: fix test of drive_add() return
qemu-char: fix memory leak in qemu_char_open_pty()
hw/ide: fix memory leak from qemu_allocate_irqs()
net: don't leak an fd after an error
net: Fix memory/handle leaks in net_socket_listen_init()
block-vvfat: fix memory/handle leaks in commit_one_file()
block-vvfat: fix memory leak in check_directory_consistency()
Yunlei Ding (8):
virtio-blk: initialise unused blkcfg.size_max field
hw/msmouse.c: Fix deref_after_free and double free
virtio-blk: correctly link new request in virtio_blk_load()
net: initialize parameters before use in net_socket_fd_init_dgram()
ide: don't leak irq array in pci_cmd646_ide_init()
block-nbd: close sock in nbd_open() error path
block-raw-posix: Fix memory leak in posix_aio_init()
block-vvfat: fix resource leaks in read_directory()
block-cow.c |1 -
block-nbd.c |3 +
block-raw-posix.c |1 +
block-vvfat.c | 37 ++---
console.c |9 +--
dma-helpers.c | 16 +-
hw/cirrus_vga.c | 138 +++--
hw/device-hotplug.c |2 +-
hw/ide.c| 15 ++---
hw/irq.c| 18 +-
hw/irq.h|4 ++
hw/lm832x.c | 11 +++-
hw/msmouse.c|1 -
hw/pc.c | 16 +-
hw/vga.c| 154 +++
hw/virtio-blk.c |3 +-
net.c | 13 -
qemu-char.c |2 +
readline.c |2 +-
usb-linux.c | 12 +++-
vl.c| 21 ---
vnc.c | 10
22 files changed, 320 insertions(+), 169 deletions(-)
--
1.7.10.4
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel