# upstream 2.1.2 stable patch
v2.1.2.diff

02_kfreebsd.patch
use-fixed-data-path.patch
use-data-path.patch
mjt-set-oem-in-rsdt-like-slic.diff
imx_timer_TIMER_MAX_clash.diff
9p-readdir.patch
9p-use-little-endian-format-for-xattr-values.patch
qemu-options-add-missing--drive-discard-option-to-cmdline-help.diff
# 5 patches to fix CVE-2014-3689 from upstream, #765496
CVE-2014-3689-vmware-vga/1-CVE-2014-3689-turn-off-hw-accel.patch
CVE-2014-3689-vmware-vga/2-add-vmsvga_verify_rect.patch
CVE-2014-3689-vmware-vga/3-use-vmsvga_verify_rect-in-vmsvga_update_rect.patch
CVE-2014-3689-vmware-vga/4-use-vmsvga_verify_rect-in-vmsvga_copy_rect.patch
CVE-2014-3689-vmware-vga/5-use-vmsvga_verify_rect-in-vmsvga_fill_rect.patch

vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch

net-slirp-specify-logbase-for-smbd.patch
slirp-smbd-modify-set-several-parameters-in-generated-smb-conf.patch

block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch
block-raw-posix-use-seek_hole-ahead-of-fiemap.patch
tcg-mips-fix-store-softmmu-slow-path.patch
# CVE-2014-7840
migration-fix-parameter-validation-on-ram-load.patch
usb-host-fix-usb_host_speed_compat-tyops.patch
xen_disk-fix-unmapping-of-persistent-grants.patch
qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch

cirrus-fix-blit-region-check-CVE-2014-8106.patch
cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf-CVE-2014-8106.patch

CVE-2015-1779-incrementally-decode-websocket-frames.patch
CVE-2015-1779-limit-size-of-HTTP-headers-from-websockets-clients.patch
ide-correct-handling-of-malformed-short-PRDTs-CVE-2014-9718.patch
CVE-2015-2756-xen-limit-guest-control-of-PCI-command-register.patch
fdc-force-the-fifo-access-to-be-in-bounds-CVE-2015-3456.patch
slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
# Xen PCI pass-through issues CVE-2015-4103..4106 (XSA-128..131), #787547
xen-pt/01-xen-properly-gate-host-writes-of-modified-PCI-CFG-contents-CVE-2015-4103.patch
xen-pt/02-xen-dont-allow-guest-to-control-MSI-mask-register-CVE-2015-4104.patch
xen-pt/03-xen-MSI-X-limit-error-messages-CVE-2015-4105.patch
xen-pt/04-xen-MSI-dont-open-code-pass-through-of-enable-bit-mod-CVE-2015-4106.patch
xen-pt/05-xen-pt-consolidate-PM-capability-emu_mask-CVE-2015-4106.patch
xen-pt/06-xen-pt-correctly-handle-PM-status-bit-CVE-2015-4106.patch
xen-pt/07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch
xen-pt/08-xen-pt-mark-all-PCIe-capability-bits-read-only-CVE-2015-4106.patch
xen-pt/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch
xen-pt/10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch
xen-pt/11-xen-pt-unknown-PCI-config-space-fields-should-be-readonly-CVE-2015-4106.patch
pcnet-fix-negative-array-index-read.patch
pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch

i8254-fix-out-of-bounds-memory-access-in-pit_ioport_read-CVE-2015-3214.patch
ide-check-array-bounds-before-writing-to-io_buffer-CVE-2015-5154.patch
ide-atapi-fix-START-STOP-UNIT-command-completion.patch
ide-clear-DRQ-after-handling-all-expected-accesses.patch
vnc-fix-memory-corruption-CVE-2015-5225.patch
virtio-serial-fix-ANY_LAYOUT-CVE-2015-5745.patch
rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-2015-5165.patch
rtl8139-drop-tautologous-if-ip-statement-CVE-2015-5165.patch
rtl8139-skip-offload-on-short-ethernet-IP-header-CVE-2015-5165.patch
rtl8139-check-IP-header-length-field-CVE-2015-5165.patch
rtl8139-check-IP-total-length-field-CVE-2015-5165.patch
rtl8139-skip-offload-on-short-TCP-header-CVE-2015-5165.patch
rtl8139-check-TCP-data-offset-field-CVE-2015-5165.patch
e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch
ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch
ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch

virtio-introduce-virtqueue_unmap_sg-for-CVE-2015-7295.patch
virtio-introduce-virtqueue_discard-for-CVE-2015-7295.patch
virtio-net-correctly-drop-truncated-packets-CVE-2015-7295.patch
pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
msix-implement-pba-write-but-read-only-CVE-2015-7549.patch
eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
vnc-avoid-floating-point-exception-CVE-2015-8504.patch
ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
xenfb-avoid-reading-twice-the-same-fields-from-the-shared-page-CVE-2015-8550.patch
xen-blkif-avoid-double-access-to-src-nr_segments-CVE-2015-8550.patch
net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
net-vmxnet3-avoid-memory-leakage-in-activate_device-CVE-2015-8567-CVE-2015-8568.patch
scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch
vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch
fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch

# CVE-2016-3710
vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch

# CVE-2016-3712
vga-add-vbe_enabled-helper.patch
vga-factor-out-vga-register-setup.patch
vga-update-vga-register-setup-on-vbe-changes.patch
vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch
