SHA256
1
0
forked from pool/qemu

Accepting request 593874 from home:bfrogers:branches:Virtualization

- Be more specific about python version used in building package.
  Other minor spec file tweaks.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
* Patches added:
  0080-vga-fix-region-calculation.patch
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
  0080-vga-fix-region-calculation.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
  0080-vga-fix-region-calculation.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11

OBS-URL: https://build.opensuse.org/request/show/593874
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=403
This commit is contained in:
Bruce Rogers 2018-04-05 22:27:33 +00:00 committed by Git OBS Bridge
parent fdbbcb455c
commit 870785490c
8 changed files with 80 additions and 12 deletions

View File

@ -0,0 +1,37 @@
From e5bdf248c24feab41fc7b8245e37277f1ae60e3e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 9 Mar 2018 15:37:04 +0100
Subject: [PATCH] vga: fix region calculation
Typically the scanline length and the line offset are identical. But
in case they are not our calculation for region_end is incorrect. Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.
Fixes: CVE-2018-7858
Reported-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Message-id: 20180309143704.13420-1-kraxel@redhat.com
(cherry picked from commit 7cdc61becd095b64a786b2625f321624e7111f3d)
[BR: BSC#1084604 CVE-2018-7858 (NOTE: Above CVE reference was modified
by me, because it was incorrect)]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/display/vga.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index d150a3a3eb..1fa66d597d 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1489,6 +1489,8 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
region_start = (s->start_addr * 4);
region_end = region_start + (ram_addr_t)s->line_offset * height;
+ region_end += width * s->get_bpp(s) / 8; /* scanline length */
+ region_end -= s->line_offset;
if (region_end > s->vbe_size) {
/* wraps around (can happen with cirrus vbe modes) */
region_start = 0;

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Apr 5 21:33:40 UTC 2018 - brogers@suse.com
- Be more specific about python version used in building package.
Other minor spec file tweaks.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
* Patches added:
0080-vga-fix-region-calculation.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 5 18:18:59 UTC 2018 - lyan@suse.com Thu Apr 5 18:18:59 UTC 2018 - lyan@suse.com

View File

@ -105,6 +105,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
Patch0080: 0080-vga-fix-region-calculation.patch
# Please do not add QEMU patches manually here. # Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue. # Run update_git.sh to regenerate this queue.
Source400: update_git.sh Source400: update_git.sh
@ -119,7 +120,11 @@ BuildRequires: glibc-devel-static
BuildRequires: libattr-devel-static BuildRequires: libattr-devel-static
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: pcre-devel-static BuildRequires: pcre-devel-static
BuildRequires: python %if 0%{?suse_version} > 1320
BuildRequires: python3-base
%else
BuildRequires: python-base
%endif
BuildRequires: zlib-devel-static BuildRequires: zlib-devel-static
# we must not install the qemu-linux-user package when under QEMU build # we must not install the qemu-linux-user package when under QEMU build
%if 0%{?qemu_user_space_build:1} %if 0%{?qemu_user_space_build:1}
@ -213,6 +218,7 @@ syscall layer occurs on the native hardware and operating system.
%patch0077 -p1 %patch0077 -p1
%patch0078 -p1 %patch0078 -p1
%patch0079 -p1 %patch0079 -p1
%patch0080 -p1
%build %build
./configure \ ./configure \
@ -222,9 +228,9 @@ syscall layer occurs on the native hardware and operating system.
--libexecdir=%_libexecdir \ --libexecdir=%_libexecdir \
--localstatedir=%_localstatedir \ --localstatedir=%_localstatedir \
%if 0%{?suse_version} > 1320 %if 0%{?suse_version} > 1320
--python=%_bindir/python3 \ --python=%_bindir/python3 \
%else %else
--python=%_bindir/python \ --python=%_bindir/python2 \
%endif %endif
--extra-cflags="%{optflags}" \ --extra-cflags="%{optflags}" \
--disable-stack-protector \ --disable-stack-protector \
@ -328,9 +334,6 @@ install -d -m 755 %{buildroot}%_sbindir
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
%clean
rm -rf %{buildroot}
%files %files
%defattr(-, root, root) %defattr(-, root, root)
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE %doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE

View File

@ -41,7 +41,11 @@ BuildRequires: glibc-devel-static
BuildRequires: libattr-devel-static BuildRequires: libattr-devel-static
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: pcre-devel-static BuildRequires: pcre-devel-static
BuildRequires: python %if 0%{?suse_version} > 1320
BuildRequires: python3-base
%else
BuildRequires: python-base
%endif
BuildRequires: zlib-devel-static BuildRequires: zlib-devel-static
# we must not install the qemu-linux-user package when under QEMU build # we must not install the qemu-linux-user package when under QEMU build
%if 0%{?qemu_user_space_build:1} %if 0%{?qemu_user_space_build:1}
@ -66,9 +70,9 @@ PATCH_EXEC
--libexecdir=%_libexecdir \ --libexecdir=%_libexecdir \
--localstatedir=%_localstatedir \ --localstatedir=%_localstatedir \
%if 0%{?suse_version} > 1320 %if 0%{?suse_version} > 1320
--python=%_bindir/python3 \ --python=%_bindir/python3 \
%else %else
--python=%_bindir/python \ --python=%_bindir/python2 \
%endif %endif
--extra-cflags="%{optflags}" \ --extra-cflags="%{optflags}" \
--disable-stack-protector \ --disable-stack-protector \
@ -172,9 +176,6 @@ install -d -m 755 %{buildroot}%_sbindir
install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir install -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
%clean
rm -rf %{buildroot}
%files %files
%defattr(-, root, root) %defattr(-, root, root)
%doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE %doc COPYING COPYING.LIB COPYING.PYTHON Changelog README VERSION LICENSE

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 5 21:33:37 UTC 2018 - brogers@suse.com
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
0080-vga-fix-region-calculation.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com

View File

@ -209,6 +209,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
Patch0080: 0080-vga-fix-region-calculation.patch
# Please do not add QEMU patches manually here. # Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue. # Run update_git.sh to regenerate this queue.
@ -887,6 +888,7 @@ This package provides a service file for starting and stopping KSM.
%patch0077 -p1 %patch0077 -p1
%patch0078 -p1 %patch0078 -p1
%patch0079 -p1 %patch0079 -p1
%patch0080 -p1
%if 0%{?suse_version} > 1320 %if 0%{?suse_version} > 1320
%patch1000 -p1 %patch1000 -p1

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 5 21:33:37 UTC 2018 - brogers@suse.com
- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
0080-vga-fix-region-calculation.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com Thu Apr 5 18:18:57 UTC 2018 - lyan@suse.com

View File

@ -209,6 +209,7 @@ Patch0076: 0076-smbios-support-setting-OEM-strings-.patch
Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch Patch0077: 0077-smbios-Add-1-terminator-if-any-stri.patch
Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch Patch0078: 0078-Remove-problematic-evdev-86-key-fro.patch
Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch Patch0079: 0079-tpm-lookup-cancel-path-under-tpm-de.patch
Patch0080: 0080-vga-fix-region-calculation.patch
# Please do not add QEMU patches manually here. # Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue. # Run update_git.sh to regenerate this queue.
@ -887,6 +888,7 @@ This package provides a service file for starting and stopping KSM.
%patch0077 -p1 %patch0077 -p1
%patch0078 -p1 %patch0078 -p1
%patch0079 -p1 %patch0079 -p1
%patch0080 -p1
%if 0%{?suse_version} > 1320 %if 0%{?suse_version} > 1320
%patch1000 -p1 %patch1000 -p1