diff options
author | Chee Yang Lee <chee.yang.lee@intel.com> | 2022-09-14 14:04:11 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-23 16:22:59 +0100 |
commit | b44d2090439187bcdc740736abd5a9879f455e51 (patch) | |
tree | ba68286c3d0e5f131ca625055bda0b0b2c6474f1 /meta/recipes-devtools/qemu/qemu.inc | |
parent | 20087e04b32722b0b24f8da3e3bf4dce3281571e (diff) | |
download | poky-b44d2090439187bcdc740736abd5a9879f455e51.tar.gz |
qemu: fix and ignore several CVEs
backport fixes:
CVE-2020-13754, backport patches as debian security tracker notes
https://security-tracker.debian.org/tracker/CVE-2020-13754
CVE-2021-3713
CVE-2021-3748
CVE-2021-3930
CVE-2021-4206
CVE-2021-4207
CVE-2022-0216, does not include qtest in patches, the qtest code were not available in v4.2.
Ignore:
CVE-2020-27661, issue introduced in v5.1.0-rc0
https://security-tracker.debian.org/tracker/CVE-2020-27661
(From OE-Core rev: 16a6e8530c4820f070973a1b4d64764c20706087)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a773068499..c1db723e90 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -100,6 +100,17 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
100 | file://CVE-2020-13791.patch \ | 100 | file://CVE-2020-13791.patch \ |
101 | file://CVE-2022-35414.patch \ | 101 | file://CVE-2022-35414.patch \ |
102 | file://CVE-2020-27821.patch \ | 102 | file://CVE-2020-27821.patch \ |
103 | file://CVE-2020-13754-1.patch \ | ||
104 | file://CVE-2020-13754-2.patch \ | ||
105 | file://CVE-2020-13754-3.patch \ | ||
106 | file://CVE-2020-13754-4.patch \ | ||
107 | file://CVE-2021-3713.patch \ | ||
108 | file://CVE-2021-3748.patch \ | ||
109 | file://CVE-2021-3930.patch \ | ||
110 | file://CVE-2021-4206.patch \ | ||
111 | file://CVE-2021-4207.patch \ | ||
112 | file://CVE-2022-0216-1.patch \ | ||
113 | file://CVE-2022-0216-2.patch \ | ||
103 | " | 114 | " |
104 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 115 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
105 | 116 | ||
@@ -117,6 +128,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998" | |||
117 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 | 128 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 |
118 | CVE_CHECK_WHITELIST += "CVE-2018-18438" | 129 | CVE_CHECK_WHITELIST += "CVE-2018-18438" |
119 | 130 | ||
131 | # the issue introduced in v5.1.0-rc0 | ||
132 | CVE_CHECK_WHITELIST += "CVE-2020-27661" | ||
133 | |||
120 | COMPATIBLE_HOST_mipsarchn32 = "null" | 134 | COMPATIBLE_HOST_mipsarchn32 = "null" |
121 | COMPATIBLE_HOST_mipsarchn64 = "null" | 135 | COMPATIBLE_HOST_mipsarchn64 = "null" |
122 | 136 | ||