qemu security update

[15:3.0.0-1.el7]

• net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963}
• pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962}
• rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958}
• ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839}
• seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746}
• virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724]
• kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty)
• Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}
• qemu.spec: Initial qemu.spec (Mark Kanda)
• virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda)
• qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda)
• qmp-regdump: Initial qmp-regdump (Mark Kanda)
• bridge.conf: Initial bridge.conf (Mark Kanda)
• kvm.conf: Initial kvm.conf (Mark Kanda)
• 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)
• Update version for v3.0.0 release (Peter Maydell)
• Update version for v3.0.0-rc4 release (Peter Maydell)
• virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau)
• slirp: Correct size check in m_inc() (Peter Maydell)
• target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth)
• hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell)
• hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell)
• target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell)
• hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell)
• hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell)
• tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson)
• tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin)
• pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov)
• tests/acpi-test: update ACPI tables test blobs (Dou Liyang)
• hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang)
• vhost: check region type before casting (Tiwei Bie)
• sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan)
• hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth)
• Update version for v3.0.0-rc3 release (Peter Maydell)
• monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau)
• linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat)
• tests: add check_invalid_maps to test-mmap (Alex Bennee)
• linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee)
• s390x/sclp: fix maxram calculation (Christian Borntraeger)
• target/arm: Remove duplicate ‘host’ entry in ‘-cpu ?’ output (Philippe Mathieu-Daude)
• hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell)
• hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell)
• armv7m_nvic: Fix m-security subsection name (Peter Maydell)
• hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven)
• arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert)
• qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf)
• block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf)
• block/qapi: Add ‘qdev’ field to query-blockstats result (Kevin Wolf)
• file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf)
• block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf)
• iotests: Add test for ‘qemu-img convert -C’ compatibility (Fam Zheng)
• qemu-img: Add -C option for convert with copy offloading (Fam Zheng)
• Revert ‘qemu-img: Document copy offloading implications with -S and -c’ (Fam Zheng)
• iotests: Dont lock /dev/null in 226 (Fam Zheng)
• docs: Describe using images in writing iotests (Fam Zheng)
• file-posix: Handle EINTR in preallocation=full write (Fam Zheng)
• qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch)
• qcow: fix a reference leak (KONRAD Frederic)
• backends/cryptodev: remove dead code (Jay Zhou)
• timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk)
• i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini)
• i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini)
• qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster)
• qstring: Assert size calculations dont overflow (Markus Armbruster)
• qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie)
• Update version for v3.0.0-rc2 release (Peter Maydell)
• tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange)
• tests: use error_abort in places expecting errors (Daniel P. Berrange)
• tests: dont silence error reporting for all tests (Daniel P. Berrange)
• tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange)
• migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen)
• tests: only update last_byte when at the edge (Peter Xu)
• migration: disallow recovery for release-ram (Peter Xu)
• migration: update recv bitmap only on dest vm (Peter Xu)
• audio/hda: Fix migration (Dr. David Alan Gilbert)
• migrate: Fix cancelling state warning (Dr. David Alan Gilbert)
• migration: fix potential overflow in multifd send (Peter Xu)
• block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan)
• tests/tcg: remove runcom test (Alex Bennee)
• docker: perform basic binfmt_misc validation in docker.py (Alex Bennee)
• docker: ignore distro versioning of debootstrap (Alex Bennee)
• docker: add commentary to debian-bootstrap.docker (Alex Bennee)
• docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude)
• docker: report hint when docker.py check fails (Alex Bennee)
• docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee)
• docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee)
• docker: add test-unit runner (Alex Bennee)
• docker: Makefile.include dont include partial images (Alex Bennee)
• docker: gracefully skip check_qemu (Alex Bennee)
• docker: move make check into check_qemu helper (Alex Bennee)
• docker: split configure_qemu from build_qemu (Alex Bennee)
• docker: fail more gracefully on docker.py check (Alex Bennee)
• docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee)
• docker: base debian-tricore on qemu:debian9 (Alex Bennee)
• tests/.gitignore: dont ignore docker tests (Alex Bennee)
• target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell)
• hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell)
• ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle)
• qga: process_event() simplification and leak fix (Marc-Andre Lureau)
• qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran)
• tcg/i386: Mark xmm registers call-clobbered (Richard Henderson)
• i386: Rename enum CacheType members (Eduardo Habkost)
• block/vvfat: Disable debug message by default (Thomas Huth)
• iotests: Disallow compat=0.10 in 223 (Max Reitz)
• iotest: Fix filtering order in 226 (Max Reitz)
• iotests: remove LUKS support from test 226 (John Snow)
• qemu-img: avoid overflow of min_sparse parameter (Peter Lieven)
• block: Fix typos in comments (found by codespell) (Stefan Weil)
• qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf)
• hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth)
• hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth)
• target/arm: Correctly handle overlapping small MPU regions (Peter Maydell)
• hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck)
• hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in ‘xlnx, zynqmp-pmu-soc’ (Thomas Huth)
• monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu)
• qapi: Make ‘allow-oob’ optional in SchemaInfoCommand (Markus Armbruster)
• po: Dont include comments with location (Stefan Weil)
• linux-user/ppc: Implement swapcontext syscall (Richard Henderson)
• linux-user: fix ELF load alignment error (Laurent Vivier)
• tap: fix memory leak on success to create a tap device (Yunjian Wang)
• e1000e: Prevent MSI/MSI-X storms (Jan Kiszka)
• tcg/aarch64: limit mul_vec size (Alex Bennee)
• spike: Fix crash when introspecting the device (Alistair Francis)
• riscv_hart: Fix crash when introspecting the device (Alistair Francis)
• virt: Fix crash when introspecting the device (Alistair Francis)
• sifive_u: Fix crash when introspecting the device (Alistair Francis)
• sifive_e: Fix crash when introspecting the device (Alistair Francis)
• tracing: Use double-dash spelling for trace option (Yaowei Bai)
• throttle-groups: fix hang when group member leaves (Stefan Hajnoczi)
• s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand)
• Update version for v3.0.0-rc1 release (Peter Maydell)
• Document command line options with single dash (BALATON Zoltan)
• opts: remove redundant check for NULL parameter (Daniel P. Berrange)
• i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange)
• i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange)
• hw/arm/xlnx-zynqmp: Fix crash when introspecting the ‘xlnx, zynqmp’ device (Thomas Huth)
• hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini)
• hw/arm/stm32f205_soc: Fix introspection problem with ‘stm32f205-soc’ device (Thomas Huth)
• hw/arm/allwinner-a10: Fix introspection problem with ‘allwinner-a10’ (Thomas Huth)
• hw/*/realview: Fix introspection problem with ‘realview_mpcore’ & ‘realview_gic’ (Thomas Huth)
• hw/cpu/arm11mpcore: Fix introspection problem with ‘arm11mpcore_priv’ (Thomas Huth)
• hw/arm/fsl-imx31: Fix introspection problem with the ‘fsl, imx31’ device (Thomas Huth)
• hw/arm/fsl-imx25: Fix introspection problem with the ‘fsl, imx25’ device (Thomas Huth)
• hw/arm/fsl-imx7: Fix introspection problems with the ‘fsl, imx7’ device (Thomas Huth)
• hw/arm/fsl-imx6: Fix introspection problems with the ‘fsl, imx6’ device (Thomas Huth)
• hw/cpu/a9mpcore: Fix introspection problems with the ‘a9mpcore_priv’ device (Thomas Huth)
• hw/arm/msf2-soc: Fix introspection problem with the ‘msf2-soc’ device (Thomas Huth)
• hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth)
• hw/arm/armv7: Fix crash when introspecting the ‘iotkit’ device (Thomas Huth)
• hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth)
• hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth)
• qom/object: Add a new function object_initialize_child() (Thomas Huth)
• qga: fix file descriptor leak (Paolo Bonzini)
• qga: fix ‘driver’ leak in guest-get-fsinfo (Marc-Andre Lureau)
• accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell)
• accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell)
• bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck)
• hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth)
• hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell)
• hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell)
• aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery)
• target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson)
• virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi)
• qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi)
• hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau)
• PC Chipset: Improve serial divisor calculation (Calvin Lee)
• vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito)
• hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan)
• hyperv: rename vcpu_id to vp_index (Roman Kagan)
• accel: Fix typo and grammar in comment (Stefan Weil)
• dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov)
• monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster)
• MAINTAINERS: New section ‘Incompatible changes’, copy libvir-list (Markus Armbruster)
• qemu-doc: Move appendix ‘Deprecated features’ to its own file (Markus Armbruster)
• cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster)
• qapi: Do not expose ‘allow-preconfig’ in query-qmp-schema (Markus Armbruster)
• sm501: Fix warning about unreachable code (BALATON Zoltan)
• sam460ex: Correct use after free error (BALATON Zoltan)
• etsec: fix IRQ (un)masking (Michael Davidsaver)
• ppc/xics: fix ICP reset path (Greg Kurz)
• spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson)
• sm501: Update screen on frame buffer address change (BALATON Zoltan)
• Zero out the hosts ‘msg_control’ buffer (Jonas Schievink)
• linux-user: fix mmap_find_vma_reserved() (Laurent Vivier)
• linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier)
• linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat)
• docs: Grammar and spelling fixes (Ville Skytte)
• qemu-img: align result of is_allocated_sectors (Peter Lieven)
• scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza)
• iotests: add test 226 for file driver types (John Snow)
• file-posix: specify expected filetypes (John Snow)
• iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng)
• iotests: 153: Fix dead code (Fam Zheng)
• ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle)
• seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau)
• vfio/pci: do not set the PCIDevice ‘has_rom’ attribute (Cedric Le Goater)
• monitor: fix double-free of request error (Marc-Andre Lureau)
• error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude)
• s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda)
  [12:2.11.1-2.el7]
• hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753]
• qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753]
• pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753]
• nvdimm: add a macro for property ‘label-size’ (Haozhong Zhang) [Orabug: 27509753]
• nvdimm: add ‘unarmed’ option (Haozhong Zhang) [Orabug: 27509753]
• block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106]
• Revert ‘IDE: Do not flush empty CDROM drives’ (Stefan Hajnoczi) [Orabug: 27832106]
• block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106]
• block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106]
• block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106]
• aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106]
• qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300]
• multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550}
• CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030}
• vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858}
• keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795]
• qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337]
  [12:2.11.1-1.el7]
• BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04
• Update qemu.spec version for 2.11.1