Accepting request 593874 from home:bfrogers:branches:Virtualization
- Be more specific about python version used in building package. Other minor spec file tweaks. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0080-vga-fix-region-calculation.patch - Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 - Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 OBS-URL: https://build.opensuse.org/request/show/593874 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=403
This commit is contained in:
parent
fdbbcb455c
commit
870785490c
37
0080-vga-fix-region-calculation.patch
Normal file
37
0080-vga-fix-region-calculation.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From e5bdf248c24feab41fc7b8245e37277f1ae60e3e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Fri, 9 Mar 2018 15:37:04 +0100
|
||||||
|
Subject: [PATCH] vga: fix region calculation
|
||||||
|
|
||||||
|
Typically the scanline length and the line offset are identical. But
|
||||||
|
in case they are not our calculation for region_end is incorrect. Using
|
||||||
|
line_offset is fine for all scanlines, except the last one where we have
|
||||||
|
to use the actual scanline length.
|
||||||
|
|
||||||
|
Fixes: CVE-2018-7858
|
||||||
|
Reported-by: Ross Lagerwall <ross.lagerwall@citrix.com>
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||||
|
Tested-by: Ross Lagerwall <ross.lagerwall@citrix.com>
|
||||||
|
Message-id: 20180309143704.13420-1-kraxel@redhat.com
|
||||||
|
(cherry picked from commit 7cdc61becd095b64a786b2625f321624e7111f3d)
|
||||||
|
[BR: BSC#1084604 CVE-2018-7858 (NOTE: Above CVE reference was modified
|
||||||
|
by me, because it was incorrect)]
|
||||||
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||||
|
---
|
||||||
|
hw/display/vga.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/hw/display/vga.c b/hw/display/vga.c
|
||||||
|
index d150a3a3eb..1fa66d597d 100644
|
||||||
|
--- a/hw/display/vga.c
|
||||||
|
+++ b/hw/display/vga.c
|
||||||
|
@@ -1489,6 +1489,8 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
|
||||||
|
|
||||||
|
region_start = (s->start_addr * 4);
|
||||||
|
region_end = region_start + (ram_addr_t)s->line_offset * height;
|
||||||
|
+ region_end += width * s->get_bpp(s) / 8; /* scanline length */
|
||||||
|
+ region_end -= s->line_offset;
|
||||||
|
if (region_end > s->vbe_size) {
|
||||||
|
/* wraps around (can happen with cirrus vbe modes) */
|
||||||
|
region_start = 0;
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 5 21:33:40 UTC 2018 - brogers@suse.com
|
||||||
|
|
||||||
|
- Be more specific about python version used in building package.
|
||||||
|
Other minor spec file tweaks.
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
|
||||||
|
* Patches added:
|
||||||
|
0080-vga-fix-region-calculation.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 5 18:18:59 UTC 2018 - lyan@suse.com
|
Thu Apr 5 18:18:59 UTC 2018 - lyan@suse.com
|
||||||
|
|
||||||
|
@ -105,6 +105,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
|
|||||||
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
||||||
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
||||||
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
||||||
|
Patch0080: 0080-vga-fix-region-calculation.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
Source400: update_git.sh
|
Source400: update_git.sh
|
||||||
@ -119,7 +120,11 @@ BuildRequires: glibc-devel-static
|
|||||||
BuildRequires: libattr-devel-static
|
BuildRequires: libattr-devel-static
|
||||||
BuildRequires: makeinfo
|
BuildRequires: makeinfo
|
||||||
BuildRequires: pcre-devel-static
|
BuildRequires: pcre-devel-static
|
||||||
BuildRequires: python
|
%if 0%{?suse_version} > 1320
|
||||||
|
BuildRequires: python3-base
|
||||||
|
%else
|
||||||
|
BuildRequires: python-base
|
||||||
|
%endif
|
||||||
BuildRequires: zlib-devel-static
|
BuildRequires: zlib-devel-static
|
||||||
# we must not install the qemu-linux-user package when under QEMU build
|
# we must not install the qemu-linux-user package when under QEMU build
|
||||||
%if 0%{?qemu_user_space_build:1}
|
%if 0%{?qemu_user_space_build:1}
|
||||||
@ -213,6 +218,7 @@ syscall layer occurs on the native hardware and operating system.
|
|||||||
%patch0077 -p1
|
%patch0077 -p1
|
||||||
%patch0078 -p1
|
%patch0078 -p1
|
||||||
%patch0079 -p1
|
%patch0079 -p1
|
||||||
|
%patch0080 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./configure \
|
./configure \
|
||||||
@ -222,9 +228,9 @@ syscall layer occurs on the native hardware and operating system.
|
|||||||
--libexecdir=%_libexecdir \
|
--libexecdir=%_libexecdir \
|
||||||
--localstatedir=%_localstatedir \
|
--localstatedir=%_localstatedir \
|
||||||
%if 0%{?suse_version} > 1320
|
%if 0%{?suse_version} > 1320
|
||||||
--python=%_bindir/python3 \
|
--python=%_bindir/python3 \
|
||||||
%else
|
%else
|
||||||
--python=%_bindir/python \
|
--python=%_bindir/python2 \
|
||||||
%endif
|
%endif
|
||||||
--extra-cflags="%{optflags}" \
|
--extra-cflags="%{optflags}" \
|
||||||
--disable-stack-protector \
|
--disable-stack-protector \
|
||||||
@ -328,9 +334,6 @@ install -d -m 755 %{buildroot}%_sbindir
|
|||||||
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
|
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
|
||||||
%fdupes -s %{buildroot}
|
%fdupes -s %{buildroot}
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf %{buildroot}
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-, root, root)
|
%defattr(-, root, root)
|
||||||
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE
|
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE
|
||||||
|
@ -41,7 +41,11 @@ BuildRequires: glibc-devel-static
|
|||||||
BuildRequires: libattr-devel-static
|
BuildRequires: libattr-devel-static
|
||||||
BuildRequires: makeinfo
|
BuildRequires: makeinfo
|
||||||
BuildRequires: pcre-devel-static
|
BuildRequires: pcre-devel-static
|
||||||
BuildRequires: python
|
%if 0%{?suse_version} > 1320
|
||||||
|
BuildRequires: python3-base
|
||||||
|
%else
|
||||||
|
BuildRequires: python-base
|
||||||
|
%endif
|
||||||
BuildRequires: zlib-devel-static
|
BuildRequires: zlib-devel-static
|
||||||
# we must not install the qemu-linux-user package when under QEMU build
|
# we must not install the qemu-linux-user package when under QEMU build
|
||||||
%if 0%{?qemu_user_space_build:1}
|
%if 0%{?qemu_user_space_build:1}
|
||||||
@ -66,9 +70,9 @@ PATCH_EXEC
|
|||||||
--libexecdir=%_libexecdir \
|
--libexecdir=%_libexecdir \
|
||||||
--localstatedir=%_localstatedir \
|
--localstatedir=%_localstatedir \
|
||||||
%if 0%{?suse_version} > 1320
|
%if 0%{?suse_version} > 1320
|
||||||
--python=%_bindir/python3 \
|
--python=%_bindir/python3 \
|
||||||
%else
|
%else
|
||||||
--python=%_bindir/python \
|
--python=%_bindir/python2 \
|
||||||
%endif
|
%endif
|
||||||
--extra-cflags="%{optflags}" \
|
--extra-cflags="%{optflags}" \
|
||||||
--disable-stack-protector \
|
--disable-stack-protector \
|
||||||
@ -172,9 +176,6 @@ install -d -m 755 %{buildroot}%_sbindir
|
|||||||
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
|
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
|
||||||
%fdupes -s %{buildroot}
|
%fdupes -s %{buildroot}
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf %{buildroot}
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-, root, root)
|
%defattr(-, root, root)
|
||||||
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE
|
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE
|
||||||
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 5 21:33:37 UTC 2018 - brogers@suse.com
|
||||||
|
|
||||||
|
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
|
||||||
|
0080-vga-fix-region-calculation.patch
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com
|
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com
|
||||||
|
|
||||||
|
@ -209,6 +209,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
|
|||||||
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
||||||
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
||||||
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
||||||
|
Patch0080: 0080-vga-fix-region-calculation.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -887,6 +888,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0077 -p1
|
%patch0077 -p1
|
||||||
%patch0078 -p1
|
%patch0078 -p1
|
||||||
%patch0079 -p1
|
%patch0079 -p1
|
||||||
|
%patch0080 -p1
|
||||||
|
|
||||||
%if 0%{?suse_version} > 1320
|
%if 0%{?suse_version} > 1320
|
||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 5 21:33:37 UTC 2018 - brogers@suse.com
|
||||||
|
|
||||||
|
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
|
||||||
|
0080-vga-fix-region-calculation.patch
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com
|
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com
|
||||||
|
|
||||||
|
@ -209,6 +209,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
|
|||||||
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
|
||||||
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
|
||||||
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
|
||||||
|
Patch0080: 0080-vga-fix-region-calculation.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -887,6 +888,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0077 -p1
|
%patch0077 -p1
|
||||||
%patch0078 -p1
|
%patch0078 -p1
|
||||||
%patch0079 -p1
|
%patch0079 -p1
|
||||||
|
%patch0080 -p1
|
||||||
|
|
||||||
%if 0%{?suse_version} > 1320
|
%if 0%{?suse_version} > 1320
|
||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user