1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
new file mode 100644
index 0000000000..c3a5981488
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
@@ -0,0 +1,42 @@
+From da885fe1ee8b4589047484bd7fa05a4905b52b17 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Fri, 14 Dec 2018 13:30:52 +0000
+Subject: [PATCH] device_tree.c: Don't use load_image()
+The load_image() function is deprecated, as it does not let the
+caller specify how large the buffer to read the file into is.
+Instead use load_image_size().
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
+Upstream-Status: Backport
+CVE: CVE-2018-20815
+affects <= 3.0.1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ device_tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/device_tree.c b/device_tree.c
+index 6d9c972..296278e 100644
+--- a/device_tree.c
+++ b/device_tree.c
+@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
+     /* First allocate space in qemu for device tree */
+     fdt = g_malloc0(dt_size);
+ 
+-    dt_file_load_size = load_image(filename_path, fdt);
+    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+     if (dt_file_load_size < 0) {
+         error_report("Unable to open device tree file '%s'",
+                      filename_path);
+-- 
+2.7.4

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch new file mode 100644 index 0000000000..c3a5981488 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815_p1.patch
@@ -0,0 +1,42 @@
	1	From da885fe1ee8b4589047484bd7fa05a4905b52b17 Mon Sep 17 00:00:00 2001
	2	From: Peter Maydell <peter.maydell@linaro.org>
	3	Date: Fri, 14 Dec 2018 13:30:52 +0000
	4	Subject: [PATCH] device_tree.c: Don't use load_image()
	5
	6	The load_image() function is deprecated, as it does not let the
	7	caller specify how large the buffer to read the file into is.
	8	Instead use load_image_size().
	9
	10	Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
	11	Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
	12	Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
	13	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
	14	Reviewed-by: Eric Blake <eblake@redhat.com>
	15	Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
	16
	17	Upstream-Status: Backport
	18	CVE: CVE-2018-20815
	19	affects <= 3.0.1
	20
	21	Signed-off-by: Armin Kuster <akuster@mvista.com>
	22
	23	---
	24	device_tree.c \| 2 +-
	25	1 file changed, 1 insertion(+), 1 deletion(-)
	26
	27	diff --git a/device_tree.c b/device_tree.c
	28	index 6d9c972..296278e 100644
	29	--- a/device_tree.c
	30	+++ b/device_tree.c
	31	@@ -91,7 +91,7 @@ void load_device_tree(const char filename_path, int *sizep)
	32	/* First allocate space in qemu for device tree */
	33	fdt = g_malloc0(dt_size);
	34
	35	- dt_file_load_size = load_image(filename_path, fdt);
	36	+ dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
	37	if (dt_file_load_size < 0) {
	38	error_report("Unable to open device tree file '%s'",
	39	filename_path);
	40	--
	41	2.7.4
	42