diff options
author | Sakib Sajal <sakib.sajal@windriver.com> | 2020-06-19 14:12:59 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-06-23 12:31:03 +0100 |
commit | a3102471e4e789d77040f5ed0da1b8e438328b5f (patch) | |
tree | 083c7ac42e426047f32ba8de41d0a9b24615593f /meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch | |
parent | f5bbb3ba2d65ba7911b7ede5fb32b54b5b904a07 (diff) | |
download | poky-a3102471e4e789d77040f5ed0da1b8e438328b5f.tar.gz |
qemu: uprev v4.2.0 -> v5.0.0
Major update after v4.2.
Changes:
- os_find_datadir() was changed after the v4.2 release
causing v5.0 to not find the bios and not boot the
image. Fix is sent to upstream qemu.
See: qemu/find_datadir.patch
- v5.0 binary had host contamination for dynamically linked
libraries, "--extra-ldflags='${LDFLAGS}'" in EXTRA_OECONF
resolved the issue
- bluetooth code was removed: qemu.git$ git show 1d4ffe8dc7
hence removed PACKAGECONFIG[bluez]
- -show-cursor qemu option is now deprecated, updated
scripts/runqemu to use updated option instead
- added PACKAGECONFIG definitions
- added qemu-ptest to conf/distro/include/ptest-packagelists.inc
- increased support for ARM architecture, cpu and board
- removed patches merged upstream and refreshed
existing ones
Testing:
Build core-image-minimal against the machines in
openembedded-core/meta/conf/machine and succesfully
booted with qemu v5.0
Ran qemu-ptest on x86-64 and arm64 with identical results:
PASS: 1166
SKIP: 0
FAIL: 0
(From OE-Core rev: ee9ec9e344541c1ccd9b9b8e3b8c1e00d008ad85)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch deleted file mode 100644 index 11be4c92e7..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Mon, 13 Jan 2020 17:44:31 +0530 | ||
4 | Subject: [PATCH] slirp: tftp: restrict relative path access | ||
5 | |||
6 | tftp restricts relative or directory path access on Linux systems. | ||
7 | Apply same restrictions on Windows systems too. It helps to avoid | ||
8 | directory traversal issue. | ||
9 | |||
10 | Fixes: https://bugs.launchpad.net/qemu/+bug/1812451 | ||
11 | Reported-by: Peter Maydell <peter.maydell@linaro.org> | ||
12 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
13 | Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> | ||
14 | Message-Id: <20200113121431.156708-1-ppandit@redhat.com> | ||
15 | |||
16 | Upstream-Status: Backport [https://gitlab.freedesktop.org/slirp/libslirp/-/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.patch] | ||
17 | CVE: CVE-2020-7211 | ||
18 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
19 | |||
20 | --- | ||
21 | slirp/src/tftp.c | 9 +++++++-- | ||
22 | 1 file changed, 7 insertions(+), 2 deletions(-) | ||
23 | |||
24 | diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c | ||
25 | index 093c2e0..e52e71b 100644 | ||
26 | --- a/slirp/src/tftp.c | ||
27 | +++ b/slirp/src/tftp.c | ||
28 | @@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas, | ||
29 | k += 6; /* skipping octet */ | ||
30 | |||
31 | /* do sanity checks on the filename */ | ||
32 | - if (!strncmp(req_fname, "../", 3) || | ||
33 | - req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) { | ||
34 | + if ( | ||
35 | +#ifdef G_OS_WIN32 | ||
36 | + strstr(req_fname, "..\\") || | ||
37 | + req_fname[strlen(req_fname) - 1] == '\\' || | ||
38 | +#endif | ||
39 | + strstr(req_fname, "../") || | ||
40 | + req_fname[strlen(req_fname) - 1] == '/') { | ||
41 | tftp_send_error(spt, 2, "Access violation", tp); | ||
42 | return; | ||
43 | } | ||
44 | -- | ||
45 | 2.24.1 | ||
46 | |||