Accepting request 689150 from home:bfrogers:branches:Virtualization

A tweak was needed to previous submit, and in the interim another security bug came in, so fix that as well.

OBS-URL: https://build.opensuse.org/request/show/689150
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=461

0064-device_tree.c-Don-t-use-load_image.patch

@@ -0,0 +1,34 @@
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Fri, 14 Dec 2018 13:30:52 +0000
+Subject: device_tree.c: Don't use load_image()
+
+The load_image() function is deprecated, as it does not let the
+caller specify how large the buffer to read the file into is.
+Instead use load_image_size().
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
+(cherry picked from commit da885fe1ee8b4589047484bd7fa05a4905b52b17)
+[BR: BSC#1130675 CVE-2018-20815]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ device_tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/device_tree.c b/device_tree.c
+index 6d9c9726f6..296278e12a 100644
+--- a/device_tree.c
++++ b/device_tree.c
+@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
+     /* First allocate space in qemu for device tree */
+     fdt = g_malloc0(dt_size);
+ 
+-    dt_file_load_size = load_image(filename_path, fdt);
++    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+     if (dt_file_load_size < 0) {
+         error_report("Unable to open device tree file '%s'",
+                      filename_path);

qemu-linux-user.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Mar 27 16:59:53 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+* Patches added:
+  0064-device_tree.c-Don-t-use-load_image.patch
+
 -------------------------------------------------------------------
 Mon Mar 25 20:45:10 UTC 2019 - Bruce Rogers <brogers@suse.com>
 

qemu-linux-user.spec

@@ -95,6 +95,7 @@ Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 Patch0061:      0061-slirp-check-sscanf-result-when-emul.patch
 Patch0062:      0062-ppc-add-host-serial-and-host-model-.patch
 Patch0063:      0063-i2c-ddc-fix-oob-read.patch
+Patch0064:      0064-device_tree.c-Don-t-use-load_image.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 ExcludeArch:    s390
@@ -189,6 +190,7 @@ syscall layer occurs on the native hardware and operating system.
 %patch0061 -p1
 %patch0062 -p1
 %patch0063 -p1
+%patch0064 -p1
 
 %build
 ./configure \

qemu-testsuite.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Tweak last spec file change to guard new Requires with conditional
+- Fix DOS possibility in device tree processing (CVE-2018-20815
+  bsc#1130675)
+  0064-device_tree.c-Don-t-use-load_image.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+
 -------------------------------------------------------------------
 Mon Mar 25 20:45:08 UTC 2019 - Bruce Rogers <brogers@suse.com>
 

qemu-testsuite.spec

@@ -206,6 +206,7 @@ Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 Patch0061:      0061-slirp-check-sscanf-result-when-emul.patch
 Patch0062:      0062-ppc-add-host-serial-and-host-model-.patch
 Patch0063:      0063-i2c-ddc-fix-oob-read.patch
+Patch0064:      0064-device_tree.c-Don-t-use-load_image.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -845,7 +846,9 @@ Release:        0
 Provides:       %name:%_libexecdir/qemu-bridge-helper
 Requires(pre):  permissions
 Requires(pre):  shadow
+%if 0%{?suse_version} > 1320
 Recommends:     multipath-tools
+%endif
 Recommends:     qemu-block-curl
 %if 0%{?with_rbd}
 Recommends:     qemu-block-rbd
@@ -1007,6 +1010,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0061 -p1
 %patch0062 -p1
 %patch0063 -p1
+%patch0064 -p1
 
 pushd roms/seabios
 %patch1100 -p1

qemu.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Tweak last spec file change to guard new Requires with conditional
+- Fix DOS possibility in device tree processing (CVE-2018-20815
+  bsc#1130675)
+  0064-device_tree.c-Don-t-use-load_image.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+
 -------------------------------------------------------------------
 Mon Mar 25 20:45:08 UTC 2019 - Bruce Rogers <brogers@suse.com>
 

qemu.spec

@@ -206,6 +206,7 @@ Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 Patch0061:      0061-slirp-check-sscanf-result-when-emul.patch
 Patch0062:      0062-ppc-add-host-serial-and-host-model-.patch
 Patch0063:      0063-i2c-ddc-fix-oob-read.patch
+Patch0064:      0064-device_tree.c-Don-t-use-load_image.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -845,7 +846,9 @@ Release:        0
 Provides:       %name:%_libexecdir/qemu-bridge-helper
 Requires(pre):  permissions
 Requires(pre):  shadow
+%if 0%{?suse_version} > 1320
 Recommends:     multipath-tools
+%endif
 Recommends:     qemu-block-curl
 %if 0%{?with_rbd}
 Recommends:     qemu-block-rbd
@@ -1007,6 +1010,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0061 -p1
 %patch0062 -p1
 %patch0063 -p1
+%patch0064 -p1
 
 pushd roms/seabios
 %patch1100 -p1

qemu.spec.in

@@ -780,7 +780,9 @@ Release:        0
 Provides:       %name:%_libexecdir/qemu-bridge-helper
 Requires(pre):  permissions
 Requires(pre):  shadow
+%if 0%{?suse_version} > 1320
 Recommends:     multipath-tools
+%endif
 Recommends:     qemu-block-curl
 %if 0%{?with_rbd}
 Recommends:     qemu-block-rbd