1 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch b/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch
deleted file mode 100644
index e71bbf6205..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Upstream-Status: Backport [http://git.qemu.org/?p=qemu.git;a=commit;h=34e29ce]
-CVE: CVE-2016-7909
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
-From 34e29ce754c02bb6b3bdd244fbb85033460feaff Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 30 Sep 2016 00:27:33 +0530
-Subject: [PATCH] net: pcnet: check rx/tx descriptor ring length
-The AMD PC-Net II emulator has set of control and status(CSR)
-registers. Of these, CSR76 and CSR78 hold receive and transmit
-descriptor ring length respectively. This ring length could range
-from 1 to 65535. Setting ring length to zero leads to an infinite
-loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
---
- hw/net/pcnet.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
-index 198a01f..3078de8 100644
--- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
-     case 47: /* POLLINT */
-     case 72:
-     case 74:
-+        break;
-     case 76: /* RCVRL */
-     case 78: /* XMTRL */
-+        val = (val > 0) ? val : 512;
-+        break;
-     case 112:
-        if (CSR_STOP(s) || CSR_SPND(s))
-            break;
-- 
-2.10.1

diff --git a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch b/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch deleted file mode 100644 index e71bbf6205..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	Upstream-Status: Backport [http://git.qemu.org/?p=qemu.git;a=commit;h=34e29ce]
2	CVE: CVE-2016-7909
3
4	Signed-off-by: Kai Kang <kai.kang@windriver.com>
5	---
6	From 34e29ce754c02bb6b3bdd244fbb85033460feaff Mon Sep 17 00:00:00 2001
7	From: Prasad J Pandit <pjp@fedoraproject.org>
8	Date: Fri, 30 Sep 2016 00:27:33 +0530
9	Subject: [PATCH] net: pcnet: check rx/tx descriptor ring length
10
11	The AMD PC-Net II emulator has set of control and status(CSR)
12	registers. Of these, CSR76 and CSR78 hold receive and transmit
13	descriptor ring length respectively. This ring length could range
14	from 1 to 65535. Setting ring length to zero leads to an infinite
15	loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
16
17	Reported-by: Li Qiang <liqiang6-s@360.cn>
18	Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
19	Signed-off-by: Jason Wang <jasowang@redhat.com>
20	---
21	hw/net/pcnet.c \| 3 +++
22	1 file changed, 3 insertions(+)
23
24	diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
25	index 198a01f..3078de8 100644
26	--- a/hw/net/pcnet.c
27	+++ b/hw/net/pcnet.c
28	@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
29	case 47: /* POLLINT */
30	case 72:
31	case 74:
32	+ break;
33	case 76: /* RCVRL */
34	case 78: /* XMTRL */
35	+ val = (val > 0) ? val : 512;
36	+ break;
37	case 112:
38	if (CSR_STOP(s) \|\| CSR_SPND(s))
39	break;
40	--
41	2.10.1
42