| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
affects qemu < 2.7.0
Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus
emulation support is vulnerable to an OOB r/w access issue. It could
occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or
'PVSCSI_CMD_SETUP_MSG_RING'.
A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.
References:
----------
http://www.openwall.com/lists/oss-security/2016/05/23/1
(From OE-Core rev: 3d6b4fd6bc4338b139ebcaf51b67c56cc97ba2ed)
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
affects qemu < 2.7.0
Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation
support is vulnerable to an OOB write access issue. The controller uses
16-byte FIFO buffer for command and data transfer. The OOB write occurs
while writing to this command buffer in routine get_cmd().
A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.
References:
----------
http://www.openwall.com/lists/oss-security/2016/05/19/4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4441
(From OE-Core rev: 1bc071172236ea020cac9db96e33de81950a15ff)
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.7.0-rc0
(From OE-Core rev: c53820180cdccd97de1f314078570fac1ff16052)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 4c6493e90c7102a5bfa8aba4c00b112d083e91b8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 72ee7cac11523a56b99282c03199b5b84326edf5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: b5c787631cd35fa5b3f10391c883ae7a3717690f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: ed78691a46a3c928297ae166e92fabdffa9e53c9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects Qemu < 2.6.0
(From OE-Core rev: aa366a5cb5c4ed84537381d71dd5e66514c575be)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 48909052e7b19ba108ee7813c1efdbed0c2e06ab)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: d1b972a55c59a3f3336b3ebd309532dc204ea97b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
confuses strace of qemu binaries with tons of irrelevant paths.
This patch stops the code indexing up front and instead only indexes
things if/as/when it needs to. This drastically reduces the files it
reads and reduces memory usage and cleans up strace.
It would also avoid the infinite directory traversal bug in [YOCTO #6996]
although the code could still be vulnerable if it parsed those specific
paths.
(From OE-Core rev: 9ac5017b3328a18561c2912edfda2d7d97c675f2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
(From OE-Core rev: 33b5c3b4822b6bbb06ad5fdf7a120acd520f665d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines
(From OE-Core rev: bbc41337d28cc54d115378d4cad32f7b1c6f6cd5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
(From OE-Core rev: b1b2f629f8e2febd086eae8fabd24322333ea172)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- cpus.c-qemu_mutex_lock_iothread-fix-race-condition-a.patch removed,
included upstream;
- smc91c111_fix*.patch patches removed, included upstream;
- trace-remove-malloc-tracing.patch patch removed, included upstream;
- some configure options disappeared or changed name, updated.
(From OE-Core rev: 11b14e80ac484df24459ef67746684bd49d1fbd8)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Allocation tracing has been removed from GLib 2.46 and trying to use
it results in an ugly warning: Backport patch to not use it in Qemu.
(From OE-Core rev: 5e6105a90acb86bf7e2c0d5e7fe51e6112080916)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Qemu has an automatic dependency on valgrind which cannot be disabled, which
causes non-deterministic builds and build failures. As Valgrind wasn't enabled
previously make this deterministic by forcibly disabling it.
(From OE-Core rev: 33960902b9c36575ddda3d926d70fa13bbad85f6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: f0189829498e30231d826c9f55aad73e622d076e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Remove redundant lines in smc91c111_fix.patch which caused command patch
of lower version fails to work.
(From OE-Core rev: 18f9e0393b27a57030a4dbee924e7946b902927b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The smc91c111.c driver appears to have several issues. The can_receive()
function can return that the driver is ready when rx_fifo has not been
freed yet. There is also no sanity check of rx_fifo() in _receive() which
can lead to corruption of the rx_fifo array.
release_packet() can also call qemu_flush_queued_packets() before rx_fifo
has been cleaned up, resulting in cases where packets are submitted
for which there is not yet any space.
This patch therefore:
* fixes the logic in can_receive()
* adds logic to receive() as a sanity check
* moves the flush() calls to the correct places where data is ready
to be received
Its currently undergoing discussion upstream about exactly which pieces
are the correct fix but for now, this stops the segfaults OE is seeing
which has to be an improvement.
[YOCTO #8234]
(From OE-Core rev: 414a5256d6f00d5682ce226ee4bc49674ee6c614)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When QEMU starts the RCU thread executes qemu_mutex_lock_thread
causing error "qemu:qemu_cpu_kick_thread: No such process" and exits.
For detail explanation see upstream patch.
[YOCTO #8143]
(From OE-Core rev: e4bbd98bf9648bbf3ffa7c4338f2302a92a413ef)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
All CVE patches removed, included in release.
(From OE-Core rev: 3b57ca0ad44e66a1ecd39c410f63d99705c56b1e)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are expecting some random failures in QEMU runs one of this is
related to qemu_cpu_kick_thread that ends on exit(1) on qemu.
To improve debug information add patch that prints the backtrace and
the status of qemu cpu.
[YOCTO #8143]
(From OE-Core rev: c9dd8fae8fd799f0f64328606904e047ed8ee9c3)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Add sub-package ptest which runs all unit tests cases for qemu.
(From OE-Core rev: a79435797ee60f5858c952646f864c04113e5803)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove it since we have 2.4.0, the git version is 1.3 can't be built by
deafult:
ERROR: Fetcher failure: Unable to find revision 04024dea2674861fcf13582a77b58130c67fccd8 in branch master even from upstream
We can fix it, but seems that no one uses it any more.
And move patches from "files" dir to "qemu" dir.
(From OE-Core rev: d3c3d62cfb2eeb224fa021af9cd550edf826445e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Get rid of direct use of gnutls APIs in quorum
blockdrv in favour of using the crypto APIs.
- Convert VNC websockets to use crypto APIs.
- quorum and vnc-ws packageconfig options no
longer exist, removed.
- All previous CVE are now included.
- larger_default_ram_size.patch patch removed,
no longer necessary.
(From OE-Core rev: ff384c084678dab33bbd7eb82ece21a2baa13dfb)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2015-3209.
http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594
(From OE-Core rev: ea85f36ad438353f5a8e64292dd27f457f1f665c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and
CVE-2015-4106. These patches are from debian, but they are originally
from:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1
(From OE-Core rev: 496b3ffba6755bb76709c88cf81399c9d23f830a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix qemuc CVE issue CVE-2015-3456.
Refs:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456
http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c
(From OE-Core rev: 1d9e6ef173bea8181fabc6abf0dbb53990b15fd8)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qemu-Arm-versatilepb-Add-memory-size-checking.patch
brought up to date;
37ed3bf1ee07bb1a26adca0df8718f601f231c0b.patch removed,
integrated upstream;
glx enable config option changed to opengl enable,
update accordingly.
(From OE-Core rev: b88e3808533a7280c85e570a1359efcba8dcc4bd)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, x86_64 images would show invalid EDSCA key errors
with sshd from openssh (but not dropbear) during init.
This would cause problems with operation with some distros where EDSCA
keys were mandatory. The issue was present in qemu 2.2.1 and not in
2.3.0-rc0, bisected to this commit which was then backported. This fixes
intermittent failures on the autobuilder. Issue is not present when
using KVM (consistent with a fault in TCG).
(From OE-Core rev: 27fe06cb7d30c79833769b3ebb080a7a8115439d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The wacom driver we use is missing a HID descriptor causing it not to work
with 3.17 kernels and later. This patch adds in a descriptor to make the
driver work again.
(From OE-Core rev: 51200e0151f0a3b0ed06649ffe77ef20bb296499)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Darwin target will not be detected correctly
if qemu is cross-compiled under a Linux host.
(From OE-Core rev: 47d1fc9f5c38f3d092937c47bd4c2f45adaa7fe6)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QEMU 2.1 comes with fixes and improvements.
See http://wiki.qemu.org/ChangeLog/2.1 for details.
- Added config for quorum support, depending on gnutls.
- pcie_better_hotplug_support.patch removed,
integrated upstream.
- Qemu-Arm-versatilepb-Add-memory-size-checking.patch updated
to 2.1 source code.
- no-strip.patch removed, no longer necessary due to code changes.
(From OE-Core rev: 3ae32d0d6c7cf8294300f32d346da36748e05f3d)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
- switched to ${BP} variable.
- updated download link;
- fxrstorssefix.patch no longer needed, superseded;
(From OE-Core rev: b6f6e389b68468266926856bd318c245696ea932)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
linux-user-Handle-SOCK_CLOEXEC-NONBLOCK-if-unavailab.patch
file no longer needed, included in upstream.
qemu-native tested on all architectures,
host machine is Ubuntu Linux 13.10 x86-64.
Basic X11 and networking tests performed.
(From OE-Core rev: 0f81a4b17ab9ea1b3cc69629aec3f3d2176f8153)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
