SHA256
1
0
forked from pool/qemu

Accepting request 668736 from home:bfrogers:branches:Virtualization

a few fixes.

OBS-URL: https://build.opensuse.org/request/show/668736
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=450
This commit is contained in:
Bruce Rogers 2019-01-25 20:55:31 +00:00 committed by Git OBS Bridge
parent aac8f8ba72
commit 88bff2e18f
10 changed files with 162 additions and 0 deletions

View File

@ -0,0 +1,33 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Sun, 13 Jan 2019 23:29:48 +0530
Subject: slirp: check data length while emulating ident function
While emulating identification protocol, tcp_emu() does not check
available space in the 'sc_rcv->sb_data' buffer. It could lead to
heap buffer overflow issue. Add check to avoid it.
Reported-by: Kira <864786842@qq.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
[BR: BSC#1123156 CVE-2019-6778, modify patch to use spaces instead of tabs]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
slirp/tcp_subr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index fa61349cbb..7a23ce738c 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -635,6 +635,10 @@ tcp_emu(struct socket *so, struct mbuf *m)
socklen_t addrlen = sizeof(struct sockaddr_in);
struct sbuf *so_rcv = &so->so_rcv;
+ if (m->m_len > so_rcv->sb_datalen - (so_rcv->sb_wptr - so_rcv->sb_data)) {
+ return 1;
+ }
+
memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
so_rcv->sb_wptr += m->m_len;
so_rcv->sb_rptr += m->m_len;

View File

@ -0,0 +1,42 @@
From 0ee72a15887b838d967c3b05070d5ad86f0d729a Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Fri, 25 Jan 2019 10:29:16 -0700
Subject: [PATCH] [build] Disable gcc address of packed member warning
GCC 9.0 introduces a new warning for using pointers to packed
structure and union members. ipxe code is replete with this usage,
partly because the architectures it is designed for handle unaligned
accesses. Therefore this warning is not very helpful and since the
default build considers warnings to be errors, needs to be disabled.
[BR: BSC#1121464]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
src/Makefile.housekeeping | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
index f8334921..e7f1ece0 100644
--- a/src/Makefile.housekeeping
+++ b/src/Makefile.housekeeping
@@ -646,6 +646,17 @@ $(BIN)/.certificate.der.% : $(BIN)/.cert
CERT_ALL := $(foreach i,$(call seq,1,$(CERT_COUNT)),\
CERT ( $(i), \"$(word $(i),$(CERT_DERS))\" ))
+
+# GCC 9.0 introduces a new warning for using pointers to packed
+# structure and union members. ipxe code is replete with this usage,
+# partly because the architectures it is designed for handle unaligned
+# accesses. Therefore this warning is not very helpful and since the
+# default build considers warnings to be errors, needs to be disabled.
+#
+WNAOPM_TEST = $(CC) -Waddress-of-packed-member -x c -c /dev/null -o /dev/null \
+ >/dev/null 2>&1
+WNAOPM_FLAGS := $(shell $(WNAOPM_TEST) && $(ECHO) '-Wno-address-of-packed-member')
+WORKAROUND_CFLAGS += $(WNAOPM_FLAGS)
endif
certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
--
2.20.1

View File

@ -0,0 +1,42 @@
From 1280c1f65b73d6d0c4833e39a3bb8194bd03f906 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Fri, 25 Jan 2019 09:37:44 -0700
Subject: [PATCH] [efi] Simplify diagnostic for NULL handle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Compiling with GCC 9 now warns as follows:
interface/efi/efi_debug.c:334:3: error: %s directive argument is null [-Werror=format-overflow=]
334 | printf ( "HANDLE %s could not retrieve protocols\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
335 | efi_handle_name ( handle ) );
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Simplify this diagnostic by simply indicating a <NULL> has been
passed as a handle.
[BR: BSC#1121464]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
src/interface/efi/efi_debug.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/interface/efi/efi_debug.c b/src/interface/efi/efi_debug.c
index 8ea0a822..19fba767 100644
--- a/src/interface/efi/efi_debug.c
+++ b/src/interface/efi/efi_debug.c
@@ -331,8 +331,7 @@ void dbg_efi_protocols ( EFI_HANDLE handle ) {
/* Sanity check */
if ( ! handle ) {
- printf ( "HANDLE %s could not retrieve protocols\n",
- efi_handle_name ( handle ) );
+ printf ( "HANDLE <NULL> could not retrieve protocols\n" );
return;
}
--
2.20.1

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Jan 25 19:21:00 UTC 2019 - Bruce Rogers <brogers@suse.com>
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0056-slirp-check-data-length-while-emula.patch
-------------------------------------------------------------------
Thu Jan 17 21:58:04 UTC 2019 - Bruce Rogers <brogers@suse.com>

View File

@ -87,6 +87,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
Patch0056: 0056-slirp-check-data-length-while-emula.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
ExcludeArch: s390
@ -173,6 +174,7 @@ syscall layer occurs on the native hardware and operating system.
%patch0053 -p1
%patch0054 -p1
%patch0055 -p1
%patch0056 -p1
%build
./configure \

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
0056-slirp-check-data-length-while-emula.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
-------------------------------------------------------------------
Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>

View File

@ -192,6 +192,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
Patch0056: 0056-slirp-check-data-length-while-emula.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -204,6 +205,8 @@ Patch1200: ipxe-stable-buildid.patch
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
Patch1203: ipxe-fix-build.patch
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
# sgabios - path: roms/sgabios (patch range 1300-1399)
Patch1300: sgabios-stable-buildid.patch
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
%patch0053 -p1
%patch0054 -p1
%patch0055 -p1
%patch0056 -p1
pushd roms/seabios
%patch1100 -p1
@ -990,6 +994,8 @@ pushd roms/ipxe
%endif
%patch1202 -p1
%patch1203 -p1
%patch1204 -p1
%patch1205 -p1
popd
pushd roms/sgabios

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
0056-slirp-check-data-length-while-emula.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
-------------------------------------------------------------------
Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>

View File

@ -192,6 +192,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
Patch0056: 0056-slirp-check-data-length-while-emula.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -204,6 +205,8 @@ Patch1200: ipxe-stable-buildid.patch
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
Patch1203: ipxe-fix-build.patch
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
# sgabios - path: roms/sgabios (patch range 1300-1399)
Patch1300: sgabios-stable-buildid.patch
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
%patch0053 -p1
%patch0054 -p1
%patch0055 -p1
%patch0056 -p1
pushd roms/seabios
%patch1100 -p1
@ -990,6 +994,8 @@ pushd roms/ipxe
%endif
%patch1202 -p1
%patch1203 -p1
%patch1204 -p1
%patch1205 -p1
popd
pushd roms/sgabios

View File

@ -147,6 +147,8 @@ Patch1200: ipxe-stable-buildid.patch
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
Patch1203: ipxe-fix-build.patch
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
# sgabios - path: roms/sgabios (patch range 1300-1399)
Patch1300: sgabios-stable-buildid.patch
@ -879,6 +881,8 @@ pushd roms/ipxe
%endif
%patch1202 -p1
%patch1203 -p1
%patch1204 -p1
%patch1205 -p1
popd
pushd roms/sgabios