diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-05-10 14:17:34 +0200 |
|---|---|---|
| committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-05-11 15:28:59 +0200 |
| commit | 17a9a734122e446bd2708a4273af1fe4eacb87ae (patch) | |
| tree | 55c8bf72fe305f7024b684a1642deb61dac12082 /meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch | |
| parent | 5c021b4550f77ddc7d32664a08e46ba69d16c2c7 (diff) | |
| download | poky-17a9a734122e446bd2708a4273af1fe4eacb87ae.tar.gz | |
qemu: upgrade to 2.7.0
This upgrade can fix a qemuppc + openssh bug, the ssh connection maybe
refused or closed randomly, and it's not easy to reproduce. RP pointed
that this upgrade can fix the problem, and it does work in my local
testing.
* Update add-ptest-in-makefile.patch
Here is the Changlog:
http://wiki.qemu.org/ChangeLog/2.7
(From OE-Core rev: 056ce17e168bf856ff95a6f659098403169cb889)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch deleted file mode 100644 index 5d3b9a92d5..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From 0a5e3685ea10c578f8063ca0dbb009af45693d85 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
| 3 | Date: Thu, 19 May 2016 16:09:30 +0530 | ||
| 4 | Subject: [PATCH] esp: check command buffer length before write(CVE-2016-4439) | ||
| 5 | |||
| 6 | The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte | ||
| 7 | FIFO buffer. It is used to handle command and data transfer. While | ||
| 8 | writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check | ||
| 9 | was missing to validate input length. Add check to avoid OOB write | ||
| 10 | access. | ||
| 11 | |||
| 12 | Fixes CVE-2016-4439. | ||
| 13 | |||
| 14 | Reported-by: Li Qiang <liqiang6-s@360.cn> | ||
| 15 | Cc: qemu-stable@nongnu.org | ||
| 16 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
| 17 | Message-Id: <1463654371-11169-2-git-send-email-ppandit@redhat.com> | ||
| 18 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | ||
| 19 | (cherry picked from commit c98c6c105f66f05aa0b7c1d2a4a3f716450907ef) | ||
| 20 | Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | ||
| 21 | |||
| 22 | Upstream-Status: Backport | ||
| 23 | CVE: CVE-2016-4439 | ||
| 24 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 25 | |||
| 26 | --- | ||
| 27 | hw/scsi/esp.c | 6 +++++- | ||
| 28 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
| 29 | |||
| 30 | Index: qemu-2.4.0/hw/scsi/esp.c | ||
| 31 | =================================================================== | ||
| 32 | --- qemu-2.4.0.orig/hw/scsi/esp.c | ||
| 33 | +++ qemu-2.4.0/hw/scsi/esp.c | ||
| 34 | @@ -446,7 +446,11 @@ void esp_reg_write(ESPState *s, uint32_t | ||
| 35 | break; | ||
| 36 | case ESP_FIFO: | ||
| 37 | if (s->do_cmd) { | ||
| 38 | - s->cmdbuf[s->cmdlen++] = val & 0xff; | ||
| 39 | + if (s->cmdlen < TI_BUFSZ) { | ||
| 40 | + s->cmdbuf[s->cmdlen++] = val & 0xff; | ||
| 41 | + } else { | ||
| 42 | + trace_esp_error_fifo_overrun(); | ||
| 43 | + } | ||
| 44 | } else if (s->ti_size == TI_BUFSZ - 1) { | ||
| 45 | trace_esp_error_fifo_overrun(); | ||
| 46 | } else { | ||