[15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access in ne2000_receive [Orabug: 28763758] {CVE-2018-10839} - seccomp: set the seccomp filter to all threads [Orabug: 28763748] {CVE-2018-15746} - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net [Orabug: 28763724] - kvm: add call to qemu_add_opts for -overcommit option - Document various CVEs as fixed [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} - qemu.spec: Initial qemu.spec - virtio-pci: Set subsystem vendor ID to Oracle - qemu_regdump.py: Initial qemu_regdump.py - qmp-regdump: Initial qmp-regdump - bridge.conf: Initial bridge.conf - kvm.conf: Initial kvm.conf - 80-kvm.rules: Initial 80-kvm.rules - Update version for v3.0.0 release - Update version for v3.0.0-rc4 release - virtio-gpu: fix crashes upon warm reboot with vga mode - slirp: Correct size check in m_inc - target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn - hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load - hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD - target/arm: Add dummy needed functions to M profile vmstate subsections - hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu - hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function - tcg/optimize: Do not skip default processing of dup_vec - tests/acpi: update tables after memory hotplug changes - pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size - tests/acpi-test: update ACPI tables test blobs - hw/acpi-build: Add a check for memory-less NUMA nodes - vhost: check region type before casting - sam460ex: Fix PCI interrupts with multiple devices - hw/misc/macio: Fix device introspection problems in macio devices - Update version for v3.0.0-rc3 release - monitor: temporary fix for dead-lock on event recursion - linux-user: ppc64: dont use volatile register during safe_syscall - tests: add check_invalid_maps to test-mmap - linux-user/mmap.c: handle invalid len maps correctly - s390x/sclp: fix maxram calculation - target/arm: Remove duplicate "host" entry in "-cpu ?" output - hw/misc/tz-mpc: Zero the LUT on initialization, not just reset - hw/arm/iotkit: Fix IRQ number for timer1 - armv7m_nvic: Fix m-security subsection name - hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host - arm/smmuv3: Fix missing VMSD terminator - qemu-iotests: Test query-blockstats with -drive and -blockdev - block/qapi: Include anonymous BBs in query-blockstats - block/qapi: Add "qdev" field to query-blockstats result - file-posix: Fix write_zeroes with unmap on block devices - block: Fix documentation for BDRV_REQ_MAY_UNMAP - iotests: Add test for "qemu-img convert -C" compatibility - qemu-img: Add -C option for convert with copy offloading - Revert "qemu-img: Document copy offloading implications with -S and -c" - iotests: Dont lock /dev/null in 226 - docs: Describe using images in writing iotests - file-posix: Handle EINTR in preallocation=full write - qcow2: A grammar fix in conflicting cache sizing error message - qcow: fix a reference leak - backends/cryptodev: remove dead code - timer: remove replay clock probe in deadline calculation - i386: implement MSR_SMI_COUNT for TCG - i386: do not migrate MSR_SMI_COUNT on machine types - qstring: Move qstring_from_substrs @end one to the right - qstring: Assert size calculations dont overflow - qstring: Fix qstring_from_substr not to provoke int overflow - Update version for v3.0.0-rc2 release - tests: fix TLS handshake failure with TLS 1.3 - tests: use error_abort in places expecting errors - tests: dont silence error reporting for all tests - tests: call qcrypto_init instead of gnutls_global_init - migration: fix duplicate initialization for expected_downtime and cleanup_bh - tests: only update last_byte when at the edge - migration: disallow recovery for release-ram - migration: update recv bitmap only on dest vm - audio/hda: Fix migration - migrate: Fix cancelling state warning - migration: fix potential overflow in multifd send - block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom - tests/tcg: remove runcom test - docker: perform basic binfmt_misc validation in docker.py - docker: ignore distro versioning of debootstrap - docker: add commentary to debian-bootstrap.docker - docker: Update debootstrap script after Debian migration from Alioth to Salsa - docker: report hint when docker.py check fails - docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set - docker: add expansion for docker-test-FOO to Makefile.include - docker: add test-unit runner - docker: Makefile.include dont include partial images - docker: gracefully skip check_qemu - docker: move make check into check_qemu helper - docker: split configure_qemu from build_qemu - docker: fail more gracefully on docker.py check - docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross - docker: base debian-tricore on qemu:debian9 - tests/.gitignore: dont ignore docker tests - target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set - hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ - ui/cocoa.m: prevent stuck command key when going into full screen mode - qga: process_event simplification and leak fix - qga-win: Handle fstrim for OSes lower than Win8 - tcg/i386: Mark xmm registers call-clobbered - i386: Rename enum CacheType members - block/vvfat: Disable debug message by default - iotests: Disallow compat=0.10 in 223 - iotest: Fix filtering order in 226 - iotests: remove LUKS support from test 226 - qemu-img: avoid overflow of min_sparse parameter - block: Fix typos in comments - qemu-iotests: Use host_device instead of file in 149 - hw/intc/exynos4210_gic: Turn instance_init into realize function - hw/arm/spitz: Move problematic nand_init code to realize function - target/arm: Correctly handle overlapping small MPU regions - hw/sd/bcm2835_sdhost: Fix PIO mode writes - hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in "xlnx, zynqmp-pmu-soc" - monitor: Fix unsafe sharing of @cur_mon among threads - qapi: Make "allow-oob" optional in SchemaInfoCommand - po: Dont include comments with location - linux-user/ppc: Implement swapcontext syscall - linux-user: fix ELF load alignment error - tap: fix memory leak on success to create a tap device - e1000e: Prevent MSI/MSI-X storms - tcg/aarch64: limit mul_vec size - spike: Fix crash when introspecting the device - riscv_hart: Fix crash when introspecting the device - virt: Fix crash when introspecting the device - sifive_u: Fix crash when introspecting the device - sifive_e: Fix crash when introspecting the device - tracing: Use double-dash spelling for trace option - throttle-groups: fix hang when group member leaves - s390x/cpumodel: fix segmentation fault when baselining models - Update version for v3.0.0-rc1 release - Document command line options with single dash - opts: remove redundant check for NULL parameter - i386: only parse the initrd_filename once for multiboot modules - i386: fix regression parsing multiboot initrd modules - hw/arm/xlnx-zynqmp: Fix crash when introspecting the "xlnx, zynqmp" device - hw/display/xlnx_dp: Move problematic code from instance_init to realize - hw/arm/stm32f205_soc: Fix introspection problem with "stm32f205-soc" device - hw/arm/allwinner-a10: Fix introspection problem with "allwinner-a10" - hw/*/realview: Fix introspection problem with "realview_mpcore" "realview_gic" - hw/cpu/arm11mpcore: Fix introspection problem with "arm11mpcore_priv" - hw/arm/fsl-imx31: Fix introspection problem with the "fsl, imx31" device - hw/arm/fsl-imx25: Fix introspection problem with the "fsl, imx25" device - hw/arm/fsl-imx7: Fix introspection problems with the "fsl, imx7" device - hw/arm/fsl-imx6: Fix introspection problems with the "fsl, imx6" device - hw/cpu/a9mpcore: Fix introspection problems with the "a9mpcore_priv" device - hw/arm/msf2-soc: Fix introspection problem with the "msf2-soc" device - hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device - hw/arm/armv7: Fix crash when introspecting the "iotkit" device - hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines - hw/core/sysbus: Add a function for creating and attaching an object - qom/object: Add a new function object_initialize_child - qga: fix file descriptor leak - qga: fix "driver" leak in guest-get-fsinfo - accel/tcg: Assert that tlb fill gave us a valid TLB entry - accel/tcg: Use correct test when looking in victim TLB for code - bcm2835_aux: Swap RX and TX interrupt assignments - hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false - hw/intc/arm_gic: Fix handling of GICD_ITARGETSR - hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq - aspeed: Implement write-1-{set, clear} for AST2500 strapping - target/arm: Fix LD1W and LDFF1W - virtio-scsi: fix hotplug -