Accepting request 668736 from home:bfrogers:branches:Virtualization

a few fixes. OBS-URL: https://build.opensuse.org/request/show/668736 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=450
2019-01-25 20:55:31 +00:00 · 2019-01-25 20:55:31 +00:00 · 837c7a8012
commit 837c7a8012
parent cfef1a70be
10 changed files with 162 additions and 0 deletions
--- a/0056-slirp-check-data-length-while-emula.patch
+++ b/0056-slirp-check-data-length-while-emula.patch
@ -0,0 +1,33 @@
 From: Prasad J Pandit <pjp@fedoraproject.org>
 Date: Sun, 13 Jan 2019 23:29:48 +0530
 Subject: slirp: check data length while emulating ident function
 While emulating identification protocol, tcp_emu() does not check
 available space in the 'sc_rcv->sb_data' buffer. It could lead to
 heap buffer overflow issue. Add check to avoid it.
 Reported-by: Kira <864786842@qq.com>
 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
 Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
 (cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
 [BR: BSC#1123156 CVE-2019-6778,  modify patch to use spaces instead of tabs]
 Signed-off-by: Bruce Rogers <brogers@suse.com>
 ---
 slirp/tcp_subr.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
 index fa61349cbb..7a23ce738c 100644
 --- a/slirp/tcp_subr.c
 +++ b/slirp/tcp_subr.c
@@ -635,6 +635,10 @@ tcp_emu(struct socket *so, struct mbuf *m)
 			socklen_t addrlen = sizeof(struct sockaddr_in);
 			struct sbuf *so_rcv = &so->so_rcv;
 +    if (m->m_len > so_rcv->sb_datalen - (so_rcv->sb_wptr - so_rcv->sb_data)) {
 +        return 1;
 +    }
 +
 			memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
 			so_rcv->sb_wptr += m->m_len;
 			so_rcv->sb_rptr += m->m_len;
--- a/ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
+++ b/ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
@ -0,0 +1,42 @@
 From 0ee72a15887b838d967c3b05070d5ad86f0d729a Mon Sep 17 00:00:00 2001
 From: Bruce Rogers <brogers@suse.com>
 Date: Fri, 25 Jan 2019 10:29:16 -0700
 Subject: [PATCH] [build] Disable gcc address of packed member warning
 GCC 9.0 introduces a new warning for using pointers to packed
 structure and union members. ipxe code is replete with this usage,
 partly because the architectures it is designed for handle unaligned
 accesses. Therefore this warning is not very helpful and since the
 default build considers warnings to be errors, needs to be disabled.
 [BR: BSC#1121464]
 Signed-off-by: Bruce Rogers <brogers@suse.com>
 ---
 src/Makefile.housekeeping | 11 +++++++++++
 1 file changed, 11 insertions(+)
 diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
 index f8334921..e7f1ece0 100644
 --- a/src/Makefile.housekeeping
 +++ b/src/Makefile.housekeeping
@@ -646,6 +646,17 @@ $(BIN)/.certificate.der.% : $(BIN)/.cert
 CERT_ALL := $(foreach i,$(call seq,1,$(CERT_COUNT)),\
 	      CERT ( $(i), \"$(word $(i),$(CERT_DERS))\" ))
 +
 +# GCC 9.0 introduces a new warning for using pointers to packed
 +# structure and union members. ipxe code is replete with this usage,
 +# partly because the architectures it is designed for handle unaligned
 +# accesses. Therefore this warning is not very helpful and since the 
 +# default build considers warnings to be errors, needs to be disabled.
 +#
 +WNAOPM_TEST = $(CC) -Waddress-of-packed-member -x c -c /dev/null -o /dev/null \
 +		  >/dev/null 2>&1
 +WNAOPM_FLAGS := $(shell $(WNAOPM_TEST) && $(ECHO) '-Wno-address-of-packed-member')
 +WORKAROUND_CFLAGS += $(WNAOPM_FLAGS)
 endif
 certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
 -- 
 2.20.1
--- a/ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
+++ b/ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
@ -0,0 +1,42 @@
 From 1280c1f65b73d6d0c4833e39a3bb8194bd03f906 Mon Sep 17 00:00:00 2001
 From: Bruce Rogers <brogers@suse.com>
 Date: Fri, 25 Jan 2019 09:37:44 -0700
 Subject: [PATCH] [efi] Simplify diagnostic for NULL handle
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Compiling with GCC 9 now warns as follows:
 interface/efi/efi_debug.c:334:3: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  334 |   printf ( "HANDLE %s could not retrieve protocols\n",
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  335 |     efi_handle_name ( handle ) );
      |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 cc1: all warnings being treated as errors
 Simplify this diagnostic by simply indicating a <NULL> has been
 passed as a handle.
 [BR: BSC#1121464]
 Signed-off-by: Bruce Rogers <brogers@suse.com>
 ---
 src/interface/efi/efi_debug.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 diff --git a/src/interface/efi/efi_debug.c b/src/interface/efi/efi_debug.c
 index 8ea0a822..19fba767 100644
 --- a/src/interface/efi/efi_debug.c
 +++ b/src/interface/efi/efi_debug.c
@@ -331,8 +331,7 @@ void dbg_efi_protocols ( EFI_HANDLE handle ) {
 	/* Sanity check */
 	if ( ! handle ) {
 -		printf ( "HANDLE %s could not retrieve protocols\n",
 -			 efi_handle_name ( handle ) );
 +		printf ( "HANDLE <NULL> could not retrieve protocols\n" );
 		return;
 	}
 -- 
 2.20.1
--- a/qemu-linux-user.changes
+++ b/qemu-linux-user.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Fri Jan 25 19:21:00 UTC 2019 - Bruce Rogers <brogers@suse.com>
 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
 * Patches added:
  0056-slirp-check-data-length-while-emula.patch
 -------------------------------------------------------------------
 Thu Jan 17 21:58:04 UTC 2019 - Bruce Rogers <brogers@suse.com>
--- a/qemu-linux-user.spec
+++ b/qemu-linux-user.spec
@ -87,6 +87,7 @@ Patch0052:      0052-pvrdma-release-ring-object-in-case-.patch
 Patch0053:      0053-block-Fix-hangs-in-synchronous-APIs.patch
 Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 ExcludeArch:    s390
@ -173,6 +174,7 @@ syscall layer occurs on the native hardware and operating system.
 %patch0053 -p1
 %patch0054 -p1
 %patch0055 -p1
 %patch0056 -p1
 %build
 ./configure \
--- a/qemu-testsuite.changes
+++ b/qemu-testsuite.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
 - Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
  0056-slirp-check-data-length-while-emula.patch
 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
 - Fix ipxe GCC 9 incompatibilities (bsc#1121464)
  ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
  ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
 -------------------------------------------------------------------
 Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
--- a/qemu-testsuite.spec
+++ b/qemu-testsuite.spec
@ -192,6 +192,7 @@ Patch0052:      0052-pvrdma-release-ring-object-in-case-.patch
 Patch0053:      0053-block-Fix-hangs-in-synchronous-APIs.patch
 Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
@ -204,6 +205,8 @@ Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
 Patch1203:      ipxe-fix-build.patch
 Patch1204:      ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
 Patch1205:      ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
 # sgabios - path: roms/sgabios (patch range 1300-1399)
 Patch1300:      sgabios-stable-buildid.patch
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0053 -p1
 %patch0054 -p1
 %patch0055 -p1
 %patch0056 -p1
 pushd roms/seabios
 %patch1100 -p1
@ -990,6 +994,8 @@ pushd roms/ipxe
 %endif
 %patch1202 -p1
 %patch1203 -p1
 %patch1204 -p1
 %patch1205 -p1
 popd
 pushd roms/sgabios
--- a/qemu.changes
+++ b/qemu.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
 - Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
  0056-slirp-check-data-length-while-emula.patch
 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
 - Fix ipxe GCC 9 incompatibilities (bsc#1121464)
  ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
  ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
 -------------------------------------------------------------------
 Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
--- a/qemu.spec
+++ b/qemu.spec
@ -192,6 +192,7 @@ Patch0052:      0052-pvrdma-release-ring-object-in-case-.patch
 Patch0053:      0053-block-Fix-hangs-in-synchronous-APIs.patch
 Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
@ -204,6 +205,8 @@ Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
 Patch1203:      ipxe-fix-build.patch
 Patch1204:      ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
 Patch1205:      ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
 # sgabios - path: roms/sgabios (patch range 1300-1399)
 Patch1300:      sgabios-stable-buildid.patch
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0053 -p1
 %patch0054 -p1
 %patch0055 -p1
 %patch0056 -p1
 pushd roms/seabios
 %patch1100 -p1
@ -990,6 +994,8 @@ pushd roms/ipxe
 %endif
 %patch1202 -p1
 %patch1203 -p1
 %patch1204 -p1
 %patch1205 -p1
 popd
 pushd roms/sgabios
--- a/qemu.spec.in
+++ b/qemu.spec.in
@ -147,6 +147,8 @@ Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
 Patch1203:      ipxe-fix-build.patch
 Patch1204:      ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
 Patch1205:      ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
 # sgabios - path: roms/sgabios (patch range 1300-1399)
 Patch1300:      sgabios-stable-buildid.patch
@ -879,6 +881,8 @@ pushd roms/ipxe
 %endif
 %patch1202 -p1
 %patch1203 -p1
 %patch1204 -p1
 %patch1205 -p1
 popd
 pushd roms/sgabios