diff options
author | Martin Borg <martin.borg@enea.com> | 2018-03-01 10:34:33 +0100 |
---|---|---|
committer | Martin Borg <martin.borg@enea.com> | 2018-03-01 10:38:09 +0100 |
commit | 2c0b43b3032f9a55edd395ae37f45fffce44fa9d (patch) | |
tree | 55c40c584ea4872482dd26290d57f4ac6320e2b6 /recipes-devtools | |
parent | 4a27c73bb707b3e3952e399286f83968b5d3c093 (diff) | |
download | meta-nfv-access-common-2c0b43b3032f9a55edd395ae37f45fffce44fa9d.tar.gz |
qemu: Drop CVE patches
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
Diffstat (limited to 'recipes-devtools')
-rw-r--r-- | recipes-devtools/qemu/qemu/0001-CVE-2017-2620.patch | 77 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu/0002-CVE-2017-2620.patch | 55 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu/CVE-2017-5931.patch | 52 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu/CVE-2017-6505.patch | 56 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu/CVE-2017-7471.patch | 70 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu/CVE-2017-8309.patch | 42 | ||||
-rw-r--r-- | recipes-devtools/qemu/qemu_%.bbappend | 10 |
7 files changed, 0 insertions, 362 deletions
diff --git a/recipes-devtools/qemu/qemu/0001-CVE-2017-2620.patch b/recipes-devtools/qemu/qemu/0001-CVE-2017-2620.patch deleted file mode 100644 index 5684062..0000000 --- a/recipes-devtools/qemu/qemu/0001-CVE-2017-2620.patch +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | From 2ab8276a1cb2bcd0d14d4e05c193252f370b8251 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bruce Rogers <brogers@suse.com> | ||
3 | Date: Mon, 9 Jan 2017 13:35:20 -0700 | ||
4 | Subject: [PATCH] display: cirrus: ignore source pitch value as needed in | ||
5 | blit_is_unsafe | ||
6 | |||
7 | Commit 4299b90 added a check which is too broad, given that the source | ||
8 | pitch value is not required to be initialized for solid fill operations. | ||
9 | This patch refines the blit_is_unsafe() check to ignore source pitch in | ||
10 | that case. After applying the above commit as a security patch, we | ||
11 | noticed the SLES 11 SP4 guest gui failed to initialize properly. | ||
12 | |||
13 | Upstream-Status: Backport [this patch is needed for CVE-2017-2620] | ||
14 | |||
15 | Signed-off-by: Bruce Rogers <brogers@suse.com> | ||
16 | Message-id: 20170109203520.5619-1-brogers@suse.com | ||
17 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
18 | (cherry picked from commit 913a87885f589d263e682c2eb6637c6e14538061) | ||
19 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
20 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
21 | --- | ||
22 | hw/display/cirrus_vga.c | 11 +++++++---- | ||
23 | 1 file changed, 7 insertions(+), 4 deletions(-) | ||
24 | |||
25 | diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c | ||
26 | index bdb092e..379910d 100644 | ||
27 | --- a/hw/display/cirrus_vga.c | ||
28 | +++ b/hw/display/cirrus_vga.c | ||
29 | @@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, | ||
30 | return false; | ||
31 | } | ||
32 | |||
33 | -static bool blit_is_unsafe(struct CirrusVGAState *s) | ||
34 | +static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only) | ||
35 | { | ||
36 | /* should be the case, see cirrus_bitblt_start */ | ||
37 | assert(s->cirrus_blt_width > 0); | ||
38 | @@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s) | ||
39 | s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) { | ||
40 | return true; | ||
41 | } | ||
42 | + if (dst_only) { | ||
43 | + return false; | ||
44 | + } | ||
45 | if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch, | ||
46 | s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) { | ||
47 | return true; | ||
48 | @@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s, | ||
49 | |||
50 | dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask); | ||
51 | |||
52 | - if (blit_is_unsafe(s)) | ||
53 | + if (blit_is_unsafe(s, false)) | ||
54 | return 0; | ||
55 | |||
56 | (*s->cirrus_rop) (s, dst, src, | ||
57 | @@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) | ||
58 | { | ||
59 | cirrus_fill_t rop_func; | ||
60 | |||
61 | - if (blit_is_unsafe(s)) { | ||
62 | + if (blit_is_unsafe(s, true)) { | ||
63 | return 0; | ||
64 | } | ||
65 | rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; | ||
66 | @@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) | ||
67 | |||
68 | static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s) | ||
69 | { | ||
70 | - if (blit_is_unsafe(s)) | ||
71 | + if (blit_is_unsafe(s, false)) | ||
72 | return 0; | ||
73 | |||
74 | return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr, | ||
75 | -- | ||
76 | 1.9.1 | ||
77 | |||
diff --git a/recipes-devtools/qemu/qemu/0002-CVE-2017-2620.patch b/recipes-devtools/qemu/qemu/0002-CVE-2017-2620.patch deleted file mode 100644 index 3910fb9..0000000 --- a/recipes-devtools/qemu/qemu/0002-CVE-2017-2620.patch +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | From fc8e94c3e5e74437c4e73a5582f17cfd4cae5ccf Mon Sep 17 00:00:00 2001 | ||
2 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
3 | Date: Wed, 8 Feb 2017 11:18:36 +0100 | ||
4 | Subject: [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo | ||
5 | (CVE-2017-2620) | ||
6 | |||
7 | CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination | ||
8 | and blit width, at all. Oops. Fix it. | ||
9 | |||
10 | Security impact: high. | ||
11 | |||
12 | The missing blit destination check allows to write to host memory. | ||
13 | Basically same as CVE-2014-8106 for the other blit variants. | ||
14 | |||
15 | CVE: CVE-2017-2620 | ||
16 | Upstream-Status: Backport | ||
17 | |||
18 | Cc: qemu-stable@nongnu.org | ||
19 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
20 | (cherry picked from commit 92f2b88cea48c6aeba8de568a45f2ed958f3c298) | ||
21 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
22 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
23 | --- | ||
24 | hw/display/cirrus_vga.c | 8 ++++++++ | ||
25 | 1 file changed, 8 insertions(+) | ||
26 | |||
27 | diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c | ||
28 | index 629a5c8..6766349 100644 | ||
29 | --- a/hw/display/cirrus_vga.c | ||
30 | +++ b/hw/display/cirrus_vga.c | ||
31 | @@ -873,6 +873,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s) | ||
32 | { | ||
33 | int w; | ||
34 | |||
35 | + if (blit_is_unsafe(s, true)) { | ||
36 | + return 0; | ||
37 | + } | ||
38 | + | ||
39 | s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC; | ||
40 | s->cirrus_srcptr = &s->cirrus_bltbuf[0]; | ||
41 | s->cirrus_srcptr_end = &s->cirrus_bltbuf[0]; | ||
42 | @@ -898,6 +902,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s) | ||
43 | } | ||
44 | s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height; | ||
45 | } | ||
46 | + | ||
47 | + /* the blit_is_unsafe call above should catch this */ | ||
48 | + assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE); | ||
49 | + | ||
50 | s->cirrus_srcptr = s->cirrus_bltbuf; | ||
51 | s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; | ||
52 | cirrus_update_memory_access(s); | ||
53 | -- | ||
54 | 1.9.1 | ||
55 | |||
diff --git a/recipes-devtools/qemu/qemu/CVE-2017-5931.patch b/recipes-devtools/qemu/qemu/CVE-2017-5931.patch deleted file mode 100644 index 4c35c26..0000000 --- a/recipes-devtools/qemu/qemu/CVE-2017-5931.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From d6f119475d3c9c913f9140771895036be66d5c33 Mon Sep 17 00:00:00 2001 | ||
2 | From: Gonglei <arei.gonglei@huawei.com> | ||
3 | Date: Tue, 3 Jan 2017 14:50:03 +0800 | ||
4 | Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow | ||
5 | |||
6 | Because the 'size_t' type is 4 bytes in 32-bit platform, which | ||
7 | is the same with 'int'. It's easy to make 'max_len' to zero when | ||
8 | integer overflow and then cause heap overflow if 'max_len' is zero. | ||
9 | |||
10 | Using uint_64 instead of size_t to avoid the integer overflow. | ||
11 | |||
12 | CVE: CVE-2017-5931 | ||
13 | Upstream-Status: Backport [backport from 2.8.1.1 releases: https://git.qemu.org/?p=qemu.git;a=commit;h=d6f119475d3c9c913f9140771895036be66d5c33] | ||
14 | |||
15 | Cc: qemu-stable@nongnu.org | ||
16 | Reported-by: Li Qiang <liqiang6-s@360.cn> | ||
17 | Signed-off-by: Gonglei <arei.gonglei@huawei.com> | ||
18 | Tested-by: Li Qiang <liqiang6-s@360.cn> | ||
19 | Reviewed-by: Michael S. Tsirkin <mst@redhat.com> | ||
20 | Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | ||
21 | (cherry picked from commit a08aaff811fb194950f79711d2afe5a892ae03a4) | ||
22 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
23 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
24 | --- | ||
25 | hw/virtio/virtio-crypto.c | 4 ++-- | ||
26 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
27 | |||
28 | diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c | ||
29 | index 2f2467e..c23e1ad 100644 | ||
30 | --- a/hw/virtio/virtio-crypto.c | ||
31 | +++ b/hw/virtio/virtio-crypto.c | ||
32 | @@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, | ||
33 | uint32_t hash_start_src_offset = 0, len_to_hash = 0; | ||
34 | uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; | ||
35 | |||
36 | - size_t max_len, curr_size = 0; | ||
37 | + uint64_t max_len, curr_size = 0; | ||
38 | size_t s; | ||
39 | |||
40 | /* Plain cipher */ | ||
41 | @@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, | ||
42 | return NULL; | ||
43 | } | ||
44 | |||
45 | - max_len = iv_len + aad_len + src_len + dst_len + hash_result_len; | ||
46 | + max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; | ||
47 | if (unlikely(max_len > vcrypto->conf.max_size)) { | ||
48 | virtio_error(vdev, "virtio-crypto too big length"); | ||
49 | return NULL; | ||
50 | -- | ||
51 | 1.9.1 | ||
52 | |||
diff --git a/recipes-devtools/qemu/qemu/CVE-2017-6505.patch b/recipes-devtools/qemu/qemu/CVE-2017-6505.patch deleted file mode 100644 index a939e85..0000000 --- a/recipes-devtools/qemu/qemu/CVE-2017-6505.patch +++ /dev/null | |||
@@ -1,56 +0,0 @@ | |||
1 | From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Qiang <liqiang6-s@360.cn> | ||
3 | Date: Tue, 7 Feb 2017 02:23:33 -0800 | ||
4 | Subject: [PATCH] usb: ohci: limit the number of link eds | ||
5 | |||
6 | The guest may builds an infinite loop with link eds. This patch | ||
7 | limit the number of linked ed to avoid this. | ||
8 | |||
9 | CVE: CVE-2017-6505 | ||
10 | Upstream-Status: Backport [backport from v2.9.0-rc0~85^2~8] | ||
11 | |||
12 | Signed-off-by: Li Qiang <liqiang6-s@360.cn> | ||
13 | Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com | ||
14 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
16 | --- | ||
17 | hw/usb/hcd-ohci.c | 9 ++++++++- | ||
18 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c | ||
21 | index 2cba3e3..21c93e0 100644 | ||
22 | --- a/hw/usb/hcd-ohci.c | ||
23 | +++ b/hw/usb/hcd-ohci.c | ||
24 | @@ -42,6 +42,8 @@ | ||
25 | |||
26 | #define OHCI_MAX_PORTS 15 | ||
27 | |||
28 | +#define ED_LINK_LIMIT 4 | ||
29 | + | ||
30 | static int64_t usb_frame_time; | ||
31 | static int64_t usb_bit_time; | ||
32 | |||
33 | @@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion) | ||
34 | uint32_t next_ed; | ||
35 | uint32_t cur; | ||
36 | int active; | ||
37 | - | ||
38 | + uint32_t link_cnt = 0; | ||
39 | active = 0; | ||
40 | |||
41 | if (head == 0) | ||
42 | @@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion) | ||
43 | |||
44 | next_ed = ed.next & OHCI_DPTR_MASK; | ||
45 | |||
46 | + if (++link_cnt > ED_LINK_LIMIT) { | ||
47 | + ohci_die(ohci); | ||
48 | + return 0; | ||
49 | + } | ||
50 | + | ||
51 | if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) { | ||
52 | uint32_t addr; | ||
53 | /* Cancel pending packets for ED that have been paused. */ | ||
54 | -- | ||
55 | 1.9.1 | ||
56 | |||
diff --git a/recipes-devtools/qemu/qemu/CVE-2017-7471.patch b/recipes-devtools/qemu/qemu/CVE-2017-7471.patch deleted file mode 100644 index af233d3..0000000 --- a/recipes-devtools/qemu/qemu/CVE-2017-7471.patch +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | From 96bae145e27d4df62671b4eebd6c735f412016cf Mon Sep 17 00:00:00 2001 | ||
2 | From: Greg Kurz <groug@kaod.org> | ||
3 | Date: Mon, 17 Apr 2017 10:53:23 +0200 | ||
4 | Subject: [PATCH] 9pfs: local: set the path of the export root to "." | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | The local backend was recently converted to using "at*()" syscalls in order | ||
10 | to ensure all accesses happen below the shared directory. This requires that | ||
11 | we only pass relative paths, otherwise the dirfd argument to the "at*()" | ||
12 | syscalls is ignored and the path is treated as an absolute path in the host. | ||
13 | This is actually the case for paths in all fids, with the notable exception | ||
14 | of the root fid, whose path is "/". This causes the following backend ops to | ||
15 | act on the "/" directory of the host instead of the virtfs shared directory | ||
16 | when the export root is involved: | ||
17 | - lstat | ||
18 | - chmod | ||
19 | - chown | ||
20 | - utimensat | ||
21 | |||
22 | ie, chmod /9p_mount_point in the guest will be converted to chmod / in the | ||
23 | host for example. This could cause security issues with a privileged QEMU. | ||
24 | |||
25 | All "*at()" syscalls are being passed an open file descriptor. In the case | ||
26 | of the export root, this file descriptor points to the path in the host that | ||
27 | was passed to -fsdev. | ||
28 | |||
29 | The fix is thus as simple as changing the path of the export root fid to be | ||
30 | "." instead of "/". | ||
31 | |||
32 | This is CVE-2017-7471. | ||
33 | |||
34 | CVE: CVE-2017-7471 | ||
35 | Upstream-Status: Backport | ||
36 | |||
37 | Cc: qemu-stable@nongnu.org | ||
38 | Reported-by: Léo Gaspard <leo@gaspard.io> | ||
39 | Signed-off-by: Greg Kurz <groug@kaod.org> | ||
40 | Reviewed-by: Eric Blake <eblake@redhat.com> | ||
41 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
42 | (cherry picked from commit 9c6b899f7a46893ab3b671e341a2234e9c0c060e) | ||
43 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
44 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
45 | --- | ||
46 | hw/9pfs/9p-local.c | 7 ++++++- | ||
47 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
48 | |||
49 | diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c | ||
50 | index 227de61..293e0dc 100644 | ||
51 | --- a/hw/9pfs/9p-local.c | ||
52 | +++ b/hw/9pfs/9p-local.c | ||
53 | @@ -1099,8 +1099,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, | ||
54 | { | ||
55 | if (dir_path) { | ||
56 | v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); | ||
57 | - } else { | ||
58 | + } else if (strcmp(name, "/")) { | ||
59 | v9fs_path_sprintf(target, "%s", name); | ||
60 | + } else { | ||
61 | + /* We want the path of the export root to be relative, otherwise | ||
62 | + * "*at()" syscalls would treat it as "/" in the host. | ||
63 | + */ | ||
64 | + v9fs_path_sprintf(target, "%s", "."); | ||
65 | } | ||
66 | return 0; | ||
67 | } | ||
68 | -- | ||
69 | 1.9.1 | ||
70 | |||
diff --git a/recipes-devtools/qemu/qemu/CVE-2017-8309.patch b/recipes-devtools/qemu/qemu/CVE-2017-8309.patch deleted file mode 100644 index 812e64b..0000000 --- a/recipes-devtools/qemu/qemu/CVE-2017-8309.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001 | ||
2 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
3 | Date: Fri, 28 Apr 2017 09:56:12 +0200 | ||
4 | Subject: [PATCH] audio: release capture buffers | ||
5 | |||
6 | AUD_add_capture() allocates two buffers which are never released. | ||
7 | Add the missing calls to AUD_del_capture(). | ||
8 | |||
9 | Impact: Allows vnc clients to exhaust host memory by repeatedly | ||
10 | starting and stopping audio capture. | ||
11 | |||
12 | Fixes: CVE-2017-8309 | ||
13 | |||
14 | CVE-2017-8309 | ||
15 | Upstream-Status: Backport [backport from master, v2.10.0-rc0~214^2~27] | ||
16 | |||
17 | Cc: P J P <ppandit@redhat.com> | ||
18 | Cc: Huawei PSIRT <PSIRT@huawei.com> | ||
19 | Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com> | ||
20 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
21 | Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
22 | Message-id: 20170428075612.9997-1-kraxel@redhat.com | ||
23 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
24 | --- | ||
25 | audio/audio.c | 2 ++ | ||
26 | 1 file changed, 2 insertions(+) | ||
27 | |||
28 | diff --git a/audio/audio.c b/audio/audio.c | ||
29 | index c8898d8..beafed2 100644 | ||
30 | --- a/audio/audio.c | ||
31 | +++ b/audio/audio.c | ||
32 | @@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) | ||
33 | sw = sw1; | ||
34 | } | ||
35 | QLIST_REMOVE (cap, entries); | ||
36 | + g_free (cap->hw.mix_buf); | ||
37 | + g_free (cap->buf); | ||
38 | g_free (cap); | ||
39 | } | ||
40 | return; | ||
41 | -- | ||
42 | 1.9.1 | ||
diff --git a/recipes-devtools/qemu/qemu_%.bbappend b/recipes-devtools/qemu/qemu_%.bbappend deleted file mode 100644 index e27553c..0000000 --- a/recipes-devtools/qemu/qemu_%.bbappend +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | # look for files in the layer first | ||
2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
3 | |||
4 | SRC_URI += "file://0001-CVE-2017-2620.patch \ | ||
5 | file://0002-CVE-2017-2620.patch \ | ||
6 | file://CVE-2017-7471.patch \ | ||
7 | file://CVE-2017-6505.patch \ | ||
8 | file://CVE-2017-8309.patch \ | ||
9 | file://CVE-2017-5931.patch \ | ||
10 | " | ||