diff --git a/0064-device_tree.c-Don-t-use-load_image.patch b/0064-device_tree.c-Don-t-use-load_image.patch new file mode 100644 index 00000000..a4d3900b --- /dev/null +++ b/0064-device_tree.c-Don-t-use-load_image.patch @@ -0,0 +1,34 @@ +From: Peter Maydell +Date: Fri, 14 Dec 2018 13:30:52 +0000 +Subject: device_tree.c: Don't use load_image() + +The load_image() function is deprecated, as it does not let the +caller specify how large the buffer to read the file into is. +Instead use load_image_size(). + +Signed-off-by: Peter Maydell +Reviewed-by: Richard Henderson +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Michael S. Tsirkin +Reviewed-by: Eric Blake +Message-id: 20181130151712.2312-9-peter.maydell@linaro.org +(cherry picked from commit da885fe1ee8b4589047484bd7fa05a4905b52b17) +[BR: BSC#1130675 CVE-2018-20815] +Signed-off-by: Bruce Rogers +--- + device_tree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/device_tree.c b/device_tree.c +index 6d9c9726f6..296278e12a 100644 +--- a/device_tree.c ++++ b/device_tree.c +@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep) + /* First allocate space in qemu for device tree */ + fdt = g_malloc0(dt_size); + +- dt_file_load_size = load_image(filename_path, fdt); ++ dt_file_load_size = load_image_size(filename_path, fdt, dt_size); + if (dt_file_load_size < 0) { + error_report("Unable to open device tree file '%s'", + filename_path); diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index 0ab642fc..039781f9 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Mar 27 16:59:53 UTC 2019 - Bruce Rogers + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 +* Patches added: + 0064-device_tree.c-Don-t-use-load_image.patch + ------------------------------------------------------------------- Mon Mar 25 20:45:10 UTC 2019 - Bruce Rogers diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index 24173087..d2eb0d26 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -95,6 +95,7 @@ Patch0060: 0060-target-i386-sev-Do-not-pin-the-ram-.patch Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch Patch0063: 0063-i2c-ddc-fix-oob-read.patch +Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. ExcludeArch: s390 @@ -189,6 +190,7 @@ syscall layer occurs on the native hardware and operating system. %patch0061 -p1 %patch0062 -p1 %patch0063 -p1 +%patch0064 -p1 %build ./configure \ diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index 519dd513..628cec21 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers + +- Tweak last spec file change to guard new Requires with conditional +- Fix DOS possibility in device tree processing (CVE-2018-20815 + bsc#1130675) + 0064-device_tree.c-Don-t-use-load_image.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 + ------------------------------------------------------------------- Mon Mar 25 20:45:08 UTC 2019 - Bruce Rogers diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index 8fe76bbf..af6654bd 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -206,6 +206,7 @@ Patch0060: 0060-target-i386-sev-Do-not-pin-the-ram-.patch Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch Patch0063: 0063-i2c-ddc-fix-oob-read.patch +Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -845,7 +846,9 @@ Release: 0 Provides: %name:%_libexecdir/qemu-bridge-helper Requires(pre): permissions Requires(pre): shadow +%if 0%{?suse_version} > 1320 Recommends: multipath-tools +%endif Recommends: qemu-block-curl %if 0%{?with_rbd} Recommends: qemu-block-rbd @@ -1007,6 +1010,7 @@ This package provides a service file for starting and stopping KSM. %patch0061 -p1 %patch0062 -p1 %patch0063 -p1 +%patch0064 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.changes b/qemu.changes index 519dd513..628cec21 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers + +- Tweak last spec file change to guard new Requires with conditional +- Fix DOS possibility in device tree processing (CVE-2018-20815 + bsc#1130675) + 0064-device_tree.c-Don-t-use-load_image.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 + ------------------------------------------------------------------- Mon Mar 25 20:45:08 UTC 2019 - Bruce Rogers diff --git a/qemu.spec b/qemu.spec index 5f2c4052..692a2fb6 100644 --- a/qemu.spec +++ b/qemu.spec @@ -206,6 +206,7 @@ Patch0060: 0060-target-i386-sev-Do-not-pin-the-ram-.patch Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch Patch0063: 0063-i2c-ddc-fix-oob-read.patch +Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -845,7 +846,9 @@ Release: 0 Provides: %name:%_libexecdir/qemu-bridge-helper Requires(pre): permissions Requires(pre): shadow +%if 0%{?suse_version} > 1320 Recommends: multipath-tools +%endif Recommends: qemu-block-curl %if 0%{?with_rbd} Recommends: qemu-block-rbd @@ -1007,6 +1010,7 @@ This package provides a service file for starting and stopping KSM. %patch0061 -p1 %patch0062 -p1 %patch0063 -p1 +%patch0064 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.spec.in b/qemu.spec.in index 135c8c3a..cee83d04 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -780,7 +780,9 @@ Release: 0 Provides: %name:%_libexecdir/qemu-bridge-helper Requires(pre): permissions Requires(pre): shadow +%if 0%{?suse_version} > 1320 Recommends: multipath-tools +%endif Recommends: qemu-block-curl %if 0%{?with_rbd} Recommends: qemu-block-rbd