From b44d2090439187bcdc740736abd5a9879f455e51 Mon Sep 17 00:00:00 2001 From: Chee Yang Lee Date: Wed, 14 Sep 2022 14:04:11 +0800 Subject: qemu: fix and ignore several CVEs backport fixes: CVE-2020-13754, backport patches as debian security tracker notes https://security-tracker.debian.org/tracker/CVE-2020-13754 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216, does not include qtest in patches, the qtest code were not available in v4.2. Ignore: CVE-2020-27661, issue introduced in v5.1.0-rc0 https://security-tracker.debian.org/tracker/CVE-2020-27661 (From OE-Core rev: 16a6e8530c4820f070973a1b4d64764c20706087) Signed-off-by: Chee Yang Lee Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie --- meta/recipes-devtools/qemu/qemu.inc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'meta/recipes-devtools/qemu/qemu.inc') diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a773068499..c1db723e90 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -100,6 +100,17 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2020-13791.patch \ file://CVE-2022-35414.patch \ file://CVE-2020-27821.patch \ + file://CVE-2020-13754-1.patch \ + file://CVE-2020-13754-2.patch \ + file://CVE-2020-13754-3.patch \ + file://CVE-2020-13754-4.patch \ + file://CVE-2021-3713.patch \ + file://CVE-2021-3748.patch \ + file://CVE-2021-3930.patch \ + file://CVE-2021-4206.patch \ + file://CVE-2021-4207.patch \ + file://CVE-2022-0216-1.patch \ + file://CVE-2022-0216-2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" @@ -117,6 +128,9 @@ CVE_CHECK_WHITELIST += "CVE-2007-0998" # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 CVE_CHECK_WHITELIST += "CVE-2018-18438" +# the issue introduced in v5.1.0-rc0 +CVE_CHECK_WHITELIST += "CVE-2020-27661" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" -- cgit v1.2.3-54-g00ecf