From bf0c5869f5f9a77d6c7c1adfb7c802d5bb0a1a74 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Tue, 16 May 2017 13:05:37 +0200
Subject: Qemu: update to 2.8.1.1

Fixed CVE:

 - CVE-2017-2620 (Severity = High)
 display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

Removed patches (already in upstream):

 - target-ppc-fix-user-mode.patch (already in upstream)

Clean up:
 - CVE-2016-2198.patch (this patch is removed from recipes but the patch was not deleted)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 .../recipes-devtools/qemu/qemu/CVE-2016-2198.patch | 45 --------------------
 .../qemu/qemu/target-ppc-fix-user-mode.patch       | 48 ----------------------
 meta/recipes-devtools/qemu/qemu_2.8.0.bb           | 27 ------------
 meta/recipes-devtools/qemu/qemu_2.8.1.1.bb         | 26 ++++++++++++
 4 files changed, 26 insertions(+), 120 deletions(-)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu_2.8.0.bb
 create mode 100644 meta/recipes-devtools/qemu/qemu_2.8.1.1.bb

(limited to 'meta/recipes-devtools')

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch
deleted file mode 100644
index f1201f0613..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-USB Ehci emulation supports host controller capability registers.
-But its mmio '.write' function was missing, which lead to a null
-pointer dereference issue. Add a do nothing 'ehci_caps_write'
-definition to avoid it; Do nothing because capability registers
-are Read Only(RO).
-
-Reported-by: Zuozhi Fzz <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-
-Upstream-Status: Backport
-https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html
-
-CVE: CVE-2016-2198
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- hw/usb/hcd-ehci.c | 6 ++++++
-  1 file changed, 6 insertions(+)
-
-Index: qemu-2.5.0/hw/usb/hcd-ehci.c
-===================================================================
---- qemu-2.5.0.orig/hw/usb/hcd-ehci.c
-+++ qemu-2.5.0/hw/usb/hcd-ehci.c
-@@ -893,6 +893,11 @@ static uint64_t ehci_caps_read(void *ptr
-     return s->caps[addr];
- }
- 
-+static void ehci_caps_write(void *ptr, hwaddr addr,
-+                             uint64_t val, unsigned size)
-+{
-+}
-+
- static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
-                                 unsigned size)
- {
-@@ -2310,6 +2315,7 @@ static void ehci_frame_timer(void *opaqu
- 
- static const MemoryRegionOps ehci_mmio_caps_ops = {
-     .read = ehci_caps_read,
-+    .write = ehci_caps_write,
-     .valid.min_access_size = 1,
-     .valid.max_access_size = 4,
-     .impl.min_access_size = 1,
diff --git a/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch b/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch
deleted file mode 100644
index ba21e71b0f..0000000000
--- a/meta/recipes-devtools/qemu/qemu/target-ppc-fix-user-mode.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-[Qemu-ppc] [PATCH 1/1] target-ppc, tcg: fix usermode segfault with pthread
-
-From: Sam Bobroff
-Subject: [Qemu-ppc] [PATCH 1/1] target-ppc, tcg: fix usermode segfault with pthread_create()
-Date: Mon, 30 Jan 2017 16:08:07 +1100
-Programs run under qemu-ppc64 on an x86_64 host currently segfault
-if they use pthread_create() due to the adjustment made to the NIP in
-commit bd6fefe71cec5a0c7d2be4ac96307f25db56abf9.
-
-This patch changes cpu_loop() to set the NIP back to the
-pre-incremented value before calling do_syscall(), which causes the
-correct address to be used for the new thread and corrects the fault.
-
-Signed-off-by: Sam Bobroff <address@hidden>
-
-Upstream-Status: Backport
-
----
-
-linux-user/main.c | 4 +++-
-1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/linux-user/main.c b/linux-user/main.c
-index 30049581ef..b5dee01541 100644
---- a/linux-user/main.c
-+++ b/linux-user/main.c
-@@ -1712,18 +1712,20 @@ void cpu_loop(CPUPPCState *env)
-              * in syscalls.
-              */
-             env->crf[0] &= ~0x1;
-+            env->nip += 4;
-             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
-                              env->gpr[5], env->gpr[6], env->gpr[7],
-                              env->gpr[8], 0, 0);
-             if (ret == -TARGET_ERESTARTSYS) {
-+                env->nip -= 4;
-                 break;
-             }
-             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
-+                env->nip -= 4;
-                 /* Returning from a successful sigreturn syscall.
-                    Avoid corrupting register state.  */
-                 break;
-             }
--            env->nip += 4;
-             if (ret > (target_ulong)(-515)) {
-                 env->crf[0] |= 0x1;
-                 ret = -ret;
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.0.bb
deleted file mode 100644
index 6129356fc9..0000000000
--- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb
+++ /dev/null
@@ -1,27 +0,0 @@
-require qemu.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
-                    file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
-
-SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
-            file://qemu-enlarge-env-entry-size.patch \
-            file://no-valgrind.patch \
-            file://pathlimit.patch \
-            file://qemu-2.5.0-cflags.patch \
-            file://target-ppc-fix-user-mode.patch \
-            file://CVE-2016-9908.patch \
-            file://CVE-2016-9912.patch \
-"
-
-SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
-
-SRC_URI[md5sum] = "17940dce063b6ce450a12e719a6c9c43"
-SRC_URI[sha256sum] = "dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62"
-
-COMPATIBLE_HOST_mipsarchn32 = "null"
-COMPATIBLE_HOST_mipsarchn64 = "null"
-
-do_install_append() {
-    # Prevent QA warnings about installed ${localstatedir}/run
-    if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
-}
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
new file mode 100644
index 0000000000..695ca7426a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
@@ -0,0 +1,26 @@
+require qemu.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
+                    file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
+
+SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
+            file://qemu-enlarge-env-entry-size.patch \
+            file://no-valgrind.patch \
+            file://pathlimit.patch \
+            file://qemu-2.5.0-cflags.patch \
+            file://CVE-2016-9908.patch \
+            file://CVE-2016-9912.patch \
+"
+
+SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
+
+SRC_URI[md5sum] = "a6a23a0c59fd0f8ec564b0fb89a79954"
+SRC_URI[sha256sum] = "f62ab18a1fb9ff5b4c81ed44becc945b11581eff777618141bdb787da55d3638"
+
+COMPATIBLE_HOST_mipsarchn32 = "null"
+COMPATIBLE_HOST_mipsarchn64 = "null"
+
+do_install_append() {
+    # Prevent QA warnings about installed ${localstatedir}/run
+    if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
+}
-- 
cgit v1.2.3-54-g00ecf