From e00b4617797ce89865a6f8318b6abedcddae3046 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Wed, 15 Aug 2018 15:25:19 -0700 Subject: qemu: Upgrade QEMU 2.12 -> 3.0 (From OE-Core rev: 4e37ca369205dccfaf730d6ac4d33c23fb995b5f) Signed-off-by: Alistair Francis Signed-off-by: Richard Purdie --- ...018-11806-QEMU-slirp-heap-buffer-overflow.patch | 70 ---------------------- meta/recipes-devtools/qemu/qemu_2.12.0.bb | 57 ------------------ meta/recipes-devtools/qemu/qemu_3.0.0.bb | 56 +++++++++++++++++ 3 files changed, 56 insertions(+), 127 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch delete mode 100644 meta/recipes-devtools/qemu/qemu_2.12.0.bb create mode 100644 meta/recipes-devtools/qemu/qemu_3.0.0.bb (limited to 'meta/recipes-devtools/qemu') diff --git a/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch b/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch deleted file mode 100644 index 837b65a79a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch +++ /dev/null @@ -1,70 +0,0 @@ -CVE: CVE-2018-11806 -Upstream-Status: Backport - -https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html - -From dc21a9d2951f0a2a7e63633e2b5c68c54e4edc4b Mon Sep 17 00:00:00 2001 -From: Jeremy Puhlman -Date: Thu, 14 Jun 2018 01:28:49 +0000 -Subject: [PATCH] CVE-2018-11806 QEMU: slirp: heap buffer overflow - -Subject: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf -Date: Tue, 5 Jun 2018 23:38:35 +0530 -From: Prasad J Pandit - -While reassembling incoming fragmented datagrams, 'm_cat' routine -extends the 'mbuf' buffer, if it has insufficient room. It computes -a wrong buffer size, which leads to overwriting adjacent heap buffer -area. Correct this size computation in m_cat. - -Reported-by: ZDI Disclosures -Signed-off-by: Prasad J Pandit ---- - slirp/mbuf.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -Signed-off-by: Jeremy Puhlman ---- - slirp/mbuf.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/slirp/mbuf.c b/slirp/mbuf.c -index 5ff2455..7fb4501 100644 ---- a/slirp/mbuf.c -+++ b/slirp/mbuf.c -@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n) - * If there's no room, realloc - */ - if (M_FREEROOM(m) < n->m_len) -- m_inc(m,m->m_size+MINCSIZE); -+ m_inc(m, m->m_len + n->m_len); - - memcpy(m->m_data+m->m_len, n->m_data, n->m_len); - m->m_len += n->m_len; -@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size) - - if (m->m_flags & M_EXT) { - datasize = m->m_data - m->m_ext; -- m->m_ext = g_realloc(m->m_ext, size); -+ m->m_ext = g_realloc(m->m_ext, size + datasize); - m->m_data = m->m_ext + datasize; - } else { - char *dat; - datasize = m->m_data - m->m_dat; -- dat = g_malloc(size); -+ dat = g_malloc(size + datasize); - memcpy(dat, m->m_dat, m->m_size); - - m->m_ext = dat; -@@ -171,7 +171,7 @@ m_inc(struct mbuf *m, int size) - m->m_flags |= M_EXT; - } - -- m->m_size = size; -+ m->m_size = size + datasize; - - } - --- -2.13.3 - diff --git a/meta/recipes-devtools/qemu/qemu_2.12.0.bb b/meta/recipes-devtools/qemu/qemu_2.12.0.bb deleted file mode 100644 index 98db44a8ef..0000000000 --- a/meta/recipes-devtools/qemu/qemu_2.12.0.bb +++ /dev/null @@ -1,57 +0,0 @@ -require qemu.inc - -inherit ptest - -RDEPENDS_${PN}-ptest = "bash make" - -LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ - file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913" - -SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \ - file://powerpc_rom.bin \ - file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \ - file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \ - file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ - file://run-ptest \ - file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ - file://0005-qemu-disable-Valgrind.patch \ - file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \ - file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ - file://0008-chardev-connect-socket-to-a-spawned-command.patch \ - file://0009-apic-fixup-fallthrough-to-PIC.patch \ - file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ - file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ - file://0001-CVE-2018-11806-QEMU-slirp-heap-buffer-overflow.patch \ - " -UPSTREAM_CHECK_REGEX = "qemu-(?P\d+\..*)\.tar" - -SRC_URI_append_class-native = " \ - file://0012-fix-libcap-header-issue-on-some-distro.patch \ - file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ - " - -SRC_URI[md5sum] = "122fd7cdf241ff7eb1e42c0b503b5d1b" -SRC_URI[sha256sum] = "c9f4a147bc915d24df9784affc611a115f42d24720a89210b479f1ba7a3f679c" - -COMPATIBLE_HOST_mipsarchn32 = "null" -COMPATIBLE_HOST_mipsarchn64 = "null" - -do_install_append() { - # Prevent QA warnings about installed ${localstatedir}/run - if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi - install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu -} - -do_compile_ptest() { - make buildtest-TESTS -} - -do_install_ptest() { - cp -rL ${B}/tests ${D}${PTEST_PATH} - find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {} - - cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests - # Don't check the file genreated by configure - sed -i -e '/wildcard config-host.mak/d' \ - -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include -} diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/meta/recipes-devtools/qemu/qemu_3.0.0.bb new file mode 100644 index 0000000000..80da0810f1 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu_3.0.0.bb @@ -0,0 +1,56 @@ +require qemu.inc + +inherit ptest + +RDEPENDS_${PN}-ptest = "bash make" + +LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ + file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913" + +SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ + file://powerpc_rom.bin \ + file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \ + file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \ + file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ + file://run-ptest \ + file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ + file://0005-qemu-disable-Valgrind.patch \ + file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \ + file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ + file://0008-chardev-connect-socket-to-a-spawned-command.patch \ + file://0009-apic-fixup-fallthrough-to-PIC.patch \ + file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ + file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ + " +UPSTREAM_CHECK_REGEX = "qemu-(?P\d+\..*)\.tar" + +SRC_URI_append_class-native = " \ + file://0012-fix-libcap-header-issue-on-some-distro.patch \ + file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ + " + +SRC_URI[md5sum] = "6a5c8df583406ea24ef25b239c3243e0" +SRC_URI[sha256sum] = "8d7af64fe8bd5ea5c3bdf17131a8b858491bcce1ee3839425a6d91fb821b5713" + +COMPATIBLE_HOST_mipsarchn32 = "null" +COMPATIBLE_HOST_mipsarchn64 = "null" + +do_install_append() { + # Prevent QA warnings about installed ${localstatedir}/run + if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi + install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu +} + +do_compile_ptest() { + make buildtest-TESTS +} + +do_install_ptest() { + cp -rL ${B}/tests ${D}${PTEST_PATH} + find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {} + + cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests + # Don't check the file genreated by configure + sed -i -e '/wildcard config-host.mak/d' \ + -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include +} -- cgit v1.2.3-54-g00ecf