summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-05-16 11:05:37 (GMT)
committerAdrian Dudau <adrian.dudau@enea.com>2017-05-19 12:32:39 (GMT)
commitbf0c5869f5f9a77d6c7c1adfb7c802d5bb0a1a74 (patch)
treeb2d65d194cb2c5a3bf2b14a74c7d8f8f5fc9ad70
parentcb2cf64b0b33e70b8f017b8757f8d4dd0ba10431 (diff)
downloadpoky-bf0c5869f5f9a77d6c7c1adfb7c802d5bb0a1a74.tar.gz
Qemu: update to 2.8.1.1
Fixed CVE: - CVE-2017-2620 (Severity = High) display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo Removed patches (already in upstream): - target-ppc-fix-user-mode.patch (already in upstream) Clean up: - CVE-2016-2198.patch (this patch is removed from recipes but the patch was not deleted) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch45
-rw-r--r--meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch48
-rw-r--r--meta/recipes-devtools/qemu/qemu_2.8.1.1.bb (renamed from meta/recipes-devtools/qemu/qemu_2.8.0.bb)5
3 files changed, 2 insertions, 96 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch
deleted file mode 100644
index f1201f0..0000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From: Prasad J Pandit <address@hidden>
2
3USB Ehci emulation supports host controller capability registers.
4But its mmio '.write' function was missing, which lead to a null
5pointer dereference issue. Add a do nothing 'ehci_caps_write'
6definition to avoid it; Do nothing because capability registers
7are Read Only(RO).
8
9Reported-by: Zuozhi Fzz <address@hidden>
10Signed-off-by: Prasad J Pandit <address@hidden>
11
12Upstream-Status: Backport
13https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html
14
15CVE: CVE-2016-2198
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 hw/usb/hcd-ehci.c | 6 ++++++
20 1 file changed, 6 insertions(+)
21
22Index: qemu-2.5.0/hw/usb/hcd-ehci.c
23===================================================================
24--- qemu-2.5.0.orig/hw/usb/hcd-ehci.c
25+++ qemu-2.5.0/hw/usb/hcd-ehci.c
26@@ -893,6 +893,11 @@ static uint64_t ehci_caps_read(void *ptr
27 return s->caps[addr];
28 }
29
30+static void ehci_caps_write(void *ptr, hwaddr addr,
31+ uint64_t val, unsigned size)
32+{
33+}
34+
35 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
36 unsigned size)
37 {
38@@ -2310,6 +2315,7 @@ static void ehci_frame_timer(void *opaqu
39
40 static const MemoryRegionOps ehci_mmio_caps_ops = {
41 .read = ehci_caps_read,
42+ .write = ehci_caps_write,
43 .valid.min_access_size = 1,
44 .valid.max_access_size = 4,
45 .impl.min_access_size = 1,
diff --git a/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch b/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch
deleted file mode 100644
index ba21e71..0000000
--- a/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1[Qemu-ppc] [PATCH 1/1] target-ppc, tcg: fix usermode segfault with pthread
2
3From: Sam Bobroff
4Subject: [Qemu-ppc] [PATCH 1/1] target-ppc, tcg: fix usermode segfault with pthread_create()
5Date: Mon, 30 Jan 2017 16:08:07 +1100
6Programs run under qemu-ppc64 on an x86_64 host currently segfault
7if they use pthread_create() due to the adjustment made to the NIP in
8commit bd6fefe71cec5a0c7d2be4ac96307f25db56abf9.
9
10This patch changes cpu_loop() to set the NIP back to the
11pre-incremented value before calling do_syscall(), which causes the
12correct address to be used for the new thread and corrects the fault.
13
14Signed-off-by: Sam Bobroff <address@hidden>
15
16Upstream-Status: Backport
17
18---
19
20linux-user/main.c | 4 +++-
211 file changed, 3 insertions(+), 1 deletion(-)
22
23diff --git a/linux-user/main.c b/linux-user/main.c
24index 30049581ef..b5dee01541 100644
25--- a/linux-user/main.c
26+++ b/linux-user/main.c
27@@ -1712,18 +1712,20 @@ void cpu_loop(CPUPPCState *env)
28 * in syscalls.
29 */
30 env->crf[0] &= ~0x1;
31+ env->nip += 4;
32 ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
33 env->gpr[5], env->gpr[6], env->gpr[7],
34 env->gpr[8], 0, 0);
35 if (ret == -TARGET_ERESTARTSYS) {
36+ env->nip -= 4;
37 break;
38 }
39 if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
40+ env->nip -= 4;
41 /* Returning from a successful sigreturn syscall.
42 Avoid corrupting register state. */
43 break;
44 }
45- env->nip += 4;
46 if (ret > (target_ulong)(-515)) {
47 env->crf[0] |= 0x1;
48 ret = -ret;
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
index 6129356..695ca74 100644
--- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
@@ -8,15 +8,14 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
8 file://no-valgrind.patch \ 8 file://no-valgrind.patch \
9 file://pathlimit.patch \ 9 file://pathlimit.patch \
10 file://qemu-2.5.0-cflags.patch \ 10 file://qemu-2.5.0-cflags.patch \
11 file://target-ppc-fix-user-mode.patch \
12 file://CVE-2016-9908.patch \ 11 file://CVE-2016-9908.patch \
13 file://CVE-2016-9912.patch \ 12 file://CVE-2016-9912.patch \
14" 13"
15 14
16SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2" 15SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
17 16
18SRC_URI[md5sum] = "17940dce063b6ce450a12e719a6c9c43" 17SRC_URI[md5sum] = "a6a23a0c59fd0f8ec564b0fb89a79954"
19SRC_URI[sha256sum] = "dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62" 18SRC_URI[sha256sum] = "f62ab18a1fb9ff5b4c81ed44becc945b11581eff777618141bdb787da55d3638"
20 19
21COMPATIBLE_HOST_mipsarchn32 = "null" 20COMPATIBLE_HOST_mipsarchn32 = "null"
22COMPATIBLE_HOST_mipsarchn64 = "null" 21COMPATIBLE_HOST_mipsarchn64 = "null"