diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-05-10 14:17:34 +0200 |
|---|---|---|
| committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-05-11 15:28:59 +0200 |
| commit | 17a9a734122e446bd2708a4273af1fe4eacb87ae (patch) | |
| tree | 55c8bf72fe305f7024b684a1642deb61dac12082 /meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch | |
| parent | 5c021b4550f77ddc7d32664a08e46ba69d16c2c7 (diff) | |
| download | poky-17a9a734122e446bd2708a4273af1fe4eacb87ae.tar.gz | |
qemu: upgrade to 2.7.0
This upgrade can fix a qemuppc + openssh bug, the ssh connection maybe
refused or closed randomly, and it's not easy to reproduce. RP pointed
that this upgrade can fix the problem, and it does work in my local
testing.
* Update add-ptest-in-makefile.patch
Here is the Changlog:
http://wiki.qemu.org/ChangeLog/2.7
(From OE-Core rev: 056ce17e168bf856ff95a6f659098403169cb889)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch deleted file mode 100644 index 69c11e27d9..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch +++ /dev/null | |||
| @@ -1,39 +0,0 @@ | |||
| 1 | From 7a2c32ec06533c54ddaf70136bfbd89eeaf6db16 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
| 3 | Date: Thu, 7 Apr 2016 15:56:02 +0530 | ||
| 4 | Subject: [PATCH] net: mipsnet: check packet length against buffer | ||
| 5 | |||
| 6 | When receiving packets over MIPSnet network device, it uses | ||
| 7 | receive buffer of size 1514 bytes. In case the controller | ||
| 8 | accepts large(MTU) packets, it could lead to memory corruption. | ||
| 9 | Add check to avoid it. | ||
| 10 | |||
| 11 | Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com> | ||
| 12 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
| 13 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
| 14 | |||
| 15 | (cherry picked from commit 3af9187fc6caaf415ab9c0c6d92c9678f65cb17f) | ||
| 16 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
| 17 | |||
| 18 | Upstream-Status: Backport | ||
| 19 | CVE: CVE-2016-4002 | ||
| 20 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 21 | |||
| 22 | --- | ||
| 23 | hw/net/mipsnet.c | 3 +++ | ||
| 24 | 1 file changed, 3 insertions(+) | ||
| 25 | |||
| 26 | Index: qemu-2.4.0/hw/net/mipsnet.c | ||
| 27 | =================================================================== | ||
| 28 | --- qemu-2.4.0.orig/hw/net/mipsnet.c | ||
| 29 | +++ qemu-2.4.0/hw/net/mipsnet.c | ||
| 30 | @@ -82,6 +82,9 @@ static ssize_t mipsnet_receive(NetClient | ||
| 31 | if (!mipsnet_can_receive(nc)) | ||
| 32 | return 0; | ||
| 33 | |||
| 34 | + if (size >= sizeof(s->rx_buffer)) { | ||
| 35 | + return 0; | ||
| 36 | + } | ||
| 37 | s->busy = 1; | ||
| 38 | |||
| 39 | /* Just accept everything. */ | ||