From: Michael Roth
Subject: [Qemu-devel] [ANNOUNCE] QEMU 2.6.1 Stable released
Date: Wed, 17 Aug 2016 14:30:46 -0500
Hi everyone,

I am pleased to announce that the QEMU v2.6.1 stable release is now


v2.6.1 is now tagged in the official qemu.git repository,
and the stable-2.6 branch has been updated accordingly:


This is a fairly large update that addresses a broad range of bugs
and security issues. Users should upgrade accordingly.

Thank you to everyone involved!


fcf75ad: Update version for 2.6.1 release (Michael Roth)
5125bef: timer: set vm_clock disabled default (Gonglei)
beeff74: Xen PCI passthrough: fix passthrough failure when no interrupt pin 
(Bruce Rogers)
1f1b96a: ppc64: fix compressed dump with pseries kernel (Laurent Vivier)
236039b: scsi: esp: check TI buffer index before read/write (Prasad J Pandit)
407fb6f: scsi: megasas: null terminate bios version buffer (Prasad J Pandit)
27fa5e7: scsi: esp: make cmdbuf big enough for maximum CDB size (Prasad J 
8c04a29: scsi: esp: clean up handle_ti/esp_do_dma if s->do_cmd (Paolo Bonzini)
aa6905d: scsi: esp: respect FIFO invariant after message phase (Paolo Bonzini)
e5c4e64: scsi: esp: check buffer length before reading scsi command (Prasad J 
80eb9b8: scsi: megasas: check 'read_queue_head' index value (Prasad J Pandit)
19dcd48: scsi: megasas: initialise local configuration data buffer (Prasad J 
1467b93: scsi: megasas: use appropriate property buffer size (Prasad J Pandit)
7a2c32e: net: mipsnet: check packet length against buffer (Prasad J Pandit)
780d831: hw/arm/virt: Reject gic-version=host for non-KVM (Cole Robinson)
c5ba71b: ui: spice: Exit if gl=on EGL init fails (Cole Robinson)
84da2c6: sdl2: skip init without outputs (Gerd Hoffmann)
ccecdf7: ui: sdl2: Release grab before opening console window (Cole Robinson)
0f9745a: ui: gtk: fix crash when terminal inner-border is NULL (Cole Robinson)
94c8340: ahci: free irqs array (Marc-André Lureau)
3d34297: ahci: fix sglist leak on retry (Marc-André Lureau)
ff71767: macio: set res_count value to 0 after non-block ATAPI DMA transfers 
(Mark Cave-Ayland)
ec211e7: atapi: fix halted DMA reset (John Snow)
16a87c4: ide: fix halted IO segfault at reset (John Snow)
86cc089: virtio: error out if guest exceeds virtqueue size (Stefan Hajnoczi)
502c8e8: target-i386: fix typo in xsetbv implementation (Dave Hansen)
a87cef8: pcie: fix link active status bit migration (Michael S. Tsirkin)
97b5a97: nbd: Limit nbdflags to 16 bits (Eric Blake)
2317b32: nbd: Don't use *_to_cpup() functions (Peter Maydell)
ce00e52: nbd: More debug typo fixes, use correct formats (Eric Blake)
28eae0a: Fix some typos found by codespell (Stefan Weil)
5634eb8: block/iscsi: fix rounding in iscsi_allocationmap_set (Peter Lieven)
b6ece2c: util: Fix MIN_NON_ZERO (Fam Zheng)
8d7d776: qemu-iotests: Test naming of throttling groups (Alberto Garcia)
704ab2f: blockdev: Fix regression with the default naming of throttling groups 
(Alberto Garcia)
025c4e3: s390x/ipl: fix reboots for migration from different bios (David 
82c8516: Revert "virtio-net: unbreak self announcement and guest offloads after 
migration" (Michael S. Tsirkin)
909d87d: virtio: set low features early on load (Michael S. Tsirkin)
9566cee: target-sparc: fix register corruption in ldstub if there is no write 
permission (Artyom Tarasenko)
44152ec: scsi: Advertise limits by blocksize, not 512 (Eric Blake)
c9fb07b: scsi-generic: Merge block max xfer len in INQUIRY response (Fam Zheng)
ab2aac5: nbd: Allow larger requests (Eric Blake)
e19b9ad: vfio/pci: Fix VGA quirks (Alex Williamson)
4f696c8: pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c 
(Lin Ma)
a50bb5f: qapi: Fix crash on missing alternate member of QAPI struct (Eric Blake)
4bfe16b: qcow2: Avoid making the L1 table too big (Max Reitz)
683c1c5: backup: Don't leak BackupBlockJob in error path (Kevin Wolf)
45f4e4b: net: fix qemu_announce_self not emitting packets (Peter Lieven)
d1911a6: ui: fix regression in printing VNC host/port on startup (Daniel P. 
510531e: io: remove mistaken call to object_ref on QTask (Daniel P. Berrange)
d59d37d: vmsvga: don't process more than 1024 fifo commands at once (Gerd 
71798fd: vmsvga: shadow fifo registers (Gerd Hoffmann)
3141be6: vmsvga: add more fifo checks (Gerd Hoffmann)
394647d: vmsvga: move fifo sanity checks to vmsvga_fifo_length (Gerd Hoffmann)
63a396d: block: Drop bdrv_ioctl_bh_cb (Fam Zheng)
f882993: scsi: mptsas: infinite loop while fetching requests (Prasad J Pandit)
8b95d8e: scsi: pvscsi: check command descriptor ring buffer size 
(CVE-2016-4952) (Prasad J Pandit)
54eb4cf: Fix configure test for PBKDF2 in nettle (Steven Luo)
e81a24a: savevm: fail if migration blockers are present (Greg Kurz)
fb26337: nbd: Don't trim unrequested bytes (Eric Blake)
509e132: block/iscsi: avoid potential overflow of acb->task->cdb (Peter Lieven)
6e7ee98: vfio: Fix broken EEH (Gavin Shan)
7ff5dc4: vga: add sr_vbe register set (Gerd Hoffmann)
a1f006f: usb/ohci: Fix crash with when specifying too many num-ports (Thomas 
cba9a80: block/nfs: refuse readahead if cache.direct is on (Peter Lieven)
9b28a7f: esp: check dma length before reading scsi command(CVE-2016-4441) 
(Prasad J Pandit)
0a5e368: esp: check command buffer length before write(CVE-2016-4439) (Prasad J 
2522f0f: json-streamer: fix double-free on exiting during a parse (Paolo 
ebe0376: json-streamer: Don't leak tokens on incomplete parse (Eric Blake)
9520c6c: migration: regain control of images when migration fails to complete 
(Greg Kurz)
dbbadeb: configure: Allow builds with extra warnings (Stefan Weil)
bd5d278: target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2 
(Paolo Bonzini)
a525dec: target-mips: fix call to memset in soft reset code (Aurelien Jarno)
2cf1a12: usb:xhci: no DMA on HC reset (Roman Kagan)
ea819be: exec.c: Ensure right alignment also for file backed ram (Dominik 
5a908cb: tools: kvm_stat: Powerpc related fixes (Hemant Kumar)
07a3a48: vl: change runstate only if new state is different from current state 
(Li Zhijian)
5b6c12e: spice/gl: add & use qemu_spice_gl_monitor_config (Gerd Hoffmann)
d00ba3f: i386: kvmvapic: initialise imm32 variable (Prasad J Pandit)

