qemu: Upgrade 2.1.0 to 2.4.0 to address some CVEs

The upgrade addresses following CVEs: CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2016-1568 CVE-2016-2197 CVE-2016-2198 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2016-04-27 11:48:16 +0200
committer: Nora Björklund <nora.bjorklund@enea.com> 2016-04-28 09:02:11 +0200
commit: d3d0c7af34b996b4518b26d4f3b4eff831a651af (patch)
tree: d8dc6be1d65668e4cbaf04f47011542ed35b2031 /meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch
parent: c6477d7bc514c951746d6b717c033475fc45f3fc (diff)
download: poky-d3d0c7af34b996b4518b26d4f3b4eff831a651af.tar.gz
1 files changed, 0 insertions, 57 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch b/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch
deleted file mode 100644
index 4f992bae14..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0be839a2701369f669532ea5884c15bead1c6e08 Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Wed, 12 Nov 2014 11:44:39 +0200
-Subject: [PATCH] migration: fix parameter validation on ram load
-During migration, the values read from migration stream during ram load
-are not validated. Especially offset in host_from_stream_offset() and
-also the length of the writes in the callers of said function.
-To fix this, we need to make sure that the [offset, offset + length]
-range fits into one of the allocated memory regions.
-Validating addr < len should be sufficient since data seems to always be
-managed in TARGET_PAGE_SIZE chunks.
-Fixes: CVE-2014-7840
-Upstream-Status: Backport
-Note: follow-up patches add extra checks on each block->host access.
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- arch_init.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/arch_init.c b/arch_init.c
-index 88a5ba0..593a990 100644
--- a/arch_init.c
-+++ b/arch_init.c
-@@ -1006,7 +1006,7 @@ static inline void *host_from_stream_offset(QEMUFile *f,
-     uint8_t len;
- 
-     if (flags & RAM_SAVE_FLAG_CONTINUE) {
-        if (!block) {
-+        if (!block || block->length <= offset) {
-             error_report("Ack, bad migration stream!");
-             return NULL;
-         }
-@@ -1019,8 +1019,9 @@ static inline void *host_from_stream_offset(QEMUFile *f,
-     id[len] = 0;
- 
-     QTAILQ_FOREACH(block, &ram_list.blocks, next) {
-        if (!strncmp(id, block->idstr, sizeof(id)))
-+        if (!strncmp(id, block->idstr, sizeof(id)) && block->length > offset) {
-             return memory_region_get_ram_ptr(block->mr) + offset;
-+        }
-     }
- 
-     error_report("Can't find block %s!", id);
-- 
-1.9.1
author	Sona Sarmadi <sona.sarmadi@enea.com>	2016-04-27 11:48:16 +0200
committer	Nora Björklund <nora.bjorklund@enea.com>	2016-04-28 09:02:11 +0200
commit	d3d0c7af34b996b4518b26d4f3b4eff831a651af (patch)
tree	d8dc6be1d65668e4cbaf04f47011542ed35b2031 /meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch
parent	c6477d7bc514c951746d6b717c033475fc45f3fc (diff)
download	poky-d3d0c7af34b996b4518b26d4f3b4eff831a651af.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch b/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch deleted file mode 100644 index 4f992bae14..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2014-7840.patch +++ /dev/null
@@ -1,57 +0,0 @@
1	From 0be839a2701369f669532ea5884c15bead1c6e08 Mon Sep 17 00:00:00 2001
2	From: "Michael S. Tsirkin" <mst@redhat.com>
3	Date: Wed, 12 Nov 2014 11:44:39 +0200
4	Subject: [PATCH] migration: fix parameter validation on ram load
5
6	During migration, the values read from migration stream during ram load
7	are not validated. Especially offset in host_from_stream_offset() and
8	also the length of the writes in the callers of said function.
9
10	To fix this, we need to make sure that the [offset, offset + length]
11	range fits into one of the allocated memory regions.
12
13	Validating addr < len should be sufficient since data seems to always be
14	managed in TARGET_PAGE_SIZE chunks.
15
16	Fixes: CVE-2014-7840
17
18	Upstream-Status: Backport
19
20	Note: follow-up patches add extra checks on each block->host access.
21
22	Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
23	Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
24	Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
25	Signed-off-by: Amit Shah <amit.shah@redhat.com>
26	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
27	---
28	arch_init.c \| 5 +++--
29	1 file changed, 3 insertions(+), 2 deletions(-)
30
31	diff --git a/arch_init.c b/arch_init.c
32	index 88a5ba0..593a990 100644
33	--- a/arch_init.c
34	+++ b/arch_init.c
35	@@ -1006,7 +1006,7 @@ static inline void host_from_stream_offset(QEMUFile f,
36	uint8_t len;
37
38	if (flags & RAM_SAVE_FLAG_CONTINUE) {
39	- if (!block) {
40	+ if (!block \|\| block->length <= offset) {
41	error_report("Ack, bad migration stream!");
42	return NULL;
43	}
44	@@ -1019,8 +1019,9 @@ static inline void host_from_stream_offset(QEMUFile f,
45	id[len] = 0;
46
47	QTAILQ_FOREACH(block, &ram_list.blocks, next) {
48	- if (!strncmp(id, block->idstr, sizeof(id)))
49	+ if (!strncmp(id, block->idstr, sizeof(id)) && block->length > offset) {
50	return memory_region_get_ram_ptr(block->mr) + offset;
51	+ }
52	}
53
54	error_report("Can't find block %s!", id);
55	--
56	1.9.1
57