Accepting request 668736 from home:bfrogers:branches:Virtualization
a few fixes. OBS-URL: https://build.opensuse.org/request/show/668736 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=450
This commit is contained in:
parent
aac8f8ba72
commit
88bff2e18f
33
0056-slirp-check-data-length-while-emula.patch
Normal file
33
0056-slirp-check-data-length-while-emula.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Sun, 13 Jan 2019 23:29:48 +0530
|
||||
Subject: slirp: check data length while emulating ident function
|
||||
|
||||
While emulating identification protocol, tcp_emu() does not check
|
||||
available space in the 'sc_rcv->sb_data' buffer. It could lead to
|
||||
heap buffer overflow issue. Add check to avoid it.
|
||||
|
||||
Reported-by: Kira <864786842@qq.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||
(cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
|
||||
[BR: BSC#1123156 CVE-2019-6778, modify patch to use spaces instead of tabs]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
slirp/tcp_subr.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
|
||||
index fa61349cbb..7a23ce738c 100644
|
||||
--- a/slirp/tcp_subr.c
|
||||
+++ b/slirp/tcp_subr.c
|
||||
@@ -635,6 +635,10 @@ tcp_emu(struct socket *so, struct mbuf *m)
|
||||
socklen_t addrlen = sizeof(struct sockaddr_in);
|
||||
struct sbuf *so_rcv = &so->so_rcv;
|
||||
|
||||
+ if (m->m_len > so_rcv->sb_datalen - (so_rcv->sb_wptr - so_rcv->sb_data)) {
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
|
||||
so_rcv->sb_wptr += m->m_len;
|
||||
so_rcv->sb_rptr += m->m_len;
|
@ -0,0 +1,42 @@
|
||||
From 0ee72a15887b838d967c3b05070d5ad86f0d729a Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Fri, 25 Jan 2019 10:29:16 -0700
|
||||
Subject: [PATCH] [build] Disable gcc address of packed member warning
|
||||
|
||||
GCC 9.0 introduces a new warning for using pointers to packed
|
||||
structure and union members. ipxe code is replete with this usage,
|
||||
partly because the architectures it is designed for handle unaligned
|
||||
accesses. Therefore this warning is not very helpful and since the
|
||||
default build considers warnings to be errors, needs to be disabled.
|
||||
|
||||
[BR: BSC#1121464]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
src/Makefile.housekeeping | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
|
||||
index f8334921..e7f1ece0 100644
|
||||
--- a/src/Makefile.housekeeping
|
||||
+++ b/src/Makefile.housekeeping
|
||||
@@ -646,6 +646,17 @@ $(BIN)/.certificate.der.% : $(BIN)/.cert
|
||||
CERT_ALL := $(foreach i,$(call seq,1,$(CERT_COUNT)),\
|
||||
CERT ( $(i), \"$(word $(i),$(CERT_DERS))\" ))
|
||||
|
||||
+
|
||||
+# GCC 9.0 introduces a new warning for using pointers to packed
|
||||
+# structure and union members. ipxe code is replete with this usage,
|
||||
+# partly because the architectures it is designed for handle unaligned
|
||||
+# accesses. Therefore this warning is not very helpful and since the
|
||||
+# default build considers warnings to be errors, needs to be disabled.
|
||||
+#
|
||||
+WNAOPM_TEST = $(CC) -Waddress-of-packed-member -x c -c /dev/null -o /dev/null \
|
||||
+ >/dev/null 2>&1
|
||||
+WNAOPM_FLAGS := $(shell $(WNAOPM_TEST) && $(ECHO) '-Wno-address-of-packed-member')
|
||||
+WORKAROUND_CFLAGS += $(WNAOPM_FLAGS)
|
||||
endif
|
||||
|
||||
certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
|
||||
--
|
||||
2.20.1
|
||||
|
42
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
Normal file
42
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 1280c1f65b73d6d0c4833e39a3bb8194bd03f906 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Fri, 25 Jan 2019 09:37:44 -0700
|
||||
Subject: [PATCH] [efi] Simplify diagnostic for NULL handle
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Compiling with GCC 9 now warns as follows:
|
||||
interface/efi/efi_debug.c:334:3: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
|
||||
334 | printf ( "HANDLE %s could not retrieve protocols\n",
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
335 | efi_handle_name ( handle ) );
|
||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
cc1: all warnings being treated as errors
|
||||
|
||||
Simplify this diagnostic by simply indicating a <NULL> has been
|
||||
passed as a handle.
|
||||
|
||||
[BR: BSC#1121464]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
src/interface/efi/efi_debug.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/interface/efi/efi_debug.c b/src/interface/efi/efi_debug.c
|
||||
index 8ea0a822..19fba767 100644
|
||||
--- a/src/interface/efi/efi_debug.c
|
||||
+++ b/src/interface/efi/efi_debug.c
|
||||
@@ -331,8 +331,7 @@ void dbg_efi_protocols ( EFI_HANDLE handle ) {
|
||||
|
||||
/* Sanity check */
|
||||
if ( ! handle ) {
|
||||
- printf ( "HANDLE %s could not retrieve protocols\n",
|
||||
- efi_handle_name ( handle ) );
|
||||
+ printf ( "HANDLE <NULL> could not retrieve protocols\n" );
|
||||
return;
|
||||
}
|
||||
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 25 19:21:00 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||
* Patches added:
|
||||
0056-slirp-check-data-length-while-emula.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 17 21:58:04 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
@ -87,6 +87,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
|
||||
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
|
||||
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
|
||||
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
|
||||
Patch0056: 0056-slirp-check-data-length-while-emula.patch
|
||||
# Please do not add QEMU patches manually here.
|
||||
# Run update_git.sh to regenerate this queue.
|
||||
ExcludeArch: s390
|
||||
@ -173,6 +174,7 @@ syscall layer occurs on the native hardware and operating system.
|
||||
%patch0053 -p1
|
||||
%patch0054 -p1
|
||||
%patch0055 -p1
|
||||
%patch0056 -p1
|
||||
|
||||
%build
|
||||
./configure \
|
||||
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
|
||||
0056-slirp-check-data-length-while-emula.patch
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
|
||||
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
|
||||
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
@ -192,6 +192,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
|
||||
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
|
||||
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
|
||||
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
|
||||
Patch0056: 0056-slirp-check-data-length-while-emula.patch
|
||||
# Please do not add QEMU patches manually here.
|
||||
# Run update_git.sh to regenerate this queue.
|
||||
|
||||
@ -204,6 +205,8 @@ Patch1200: ipxe-stable-buildid.patch
|
||||
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
|
||||
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
|
||||
Patch1203: ipxe-fix-build.patch
|
||||
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
|
||||
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
|
||||
|
||||
# sgabios - path: roms/sgabios (patch range 1300-1399)
|
||||
Patch1300: sgabios-stable-buildid.patch
|
||||
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch0053 -p1
|
||||
%patch0054 -p1
|
||||
%patch0055 -p1
|
||||
%patch0056 -p1
|
||||
|
||||
pushd roms/seabios
|
||||
%patch1100 -p1
|
||||
@ -990,6 +994,8 @@ pushd roms/ipxe
|
||||
%endif
|
||||
%patch1202 -p1
|
||||
%patch1203 -p1
|
||||
%patch1204 -p1
|
||||
%patch1205 -p1
|
||||
popd
|
||||
|
||||
pushd roms/sgabios
|
||||
|
10
qemu.changes
10
qemu.changes
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 25 19:20:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
|
||||
0056-slirp-check-data-length-while-emula.patch
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
|
||||
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
|
||||
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 17 21:58:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
@ -192,6 +192,7 @@ Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch
|
||||
Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch
|
||||
Patch0054: 0054-linux-user-make-pwrite64-pread64-fd.patch
|
||||
Patch0055: 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
|
||||
Patch0056: 0056-slirp-check-data-length-while-emula.patch
|
||||
# Please do not add QEMU patches manually here.
|
||||
# Run update_git.sh to regenerate this queue.
|
||||
|
||||
@ -204,6 +205,8 @@ Patch1200: ipxe-stable-buildid.patch
|
||||
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
|
||||
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
|
||||
Patch1203: ipxe-fix-build.patch
|
||||
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
|
||||
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
|
||||
|
||||
# sgabios - path: roms/sgabios (patch range 1300-1399)
|
||||
Patch1300: sgabios-stable-buildid.patch
|
||||
@ -975,6 +978,7 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch0053 -p1
|
||||
%patch0054 -p1
|
||||
%patch0055 -p1
|
||||
%patch0056 -p1
|
||||
|
||||
pushd roms/seabios
|
||||
%patch1100 -p1
|
||||
@ -990,6 +994,8 @@ pushd roms/ipxe
|
||||
%endif
|
||||
%patch1202 -p1
|
||||
%patch1203 -p1
|
||||
%patch1204 -p1
|
||||
%patch1205 -p1
|
||||
popd
|
||||
|
||||
pushd roms/sgabios
|
||||
|
@ -147,6 +147,8 @@ Patch1200: ipxe-stable-buildid.patch
|
||||
Patch1201: ipxe-use-gcc6-for-more-compact-code.patch
|
||||
Patch1202: ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
|
||||
Patch1203: ipxe-fix-build.patch
|
||||
Patch1204: ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
|
||||
Patch1205: ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
|
||||
|
||||
# sgabios - path: roms/sgabios (patch range 1300-1399)
|
||||
Patch1300: sgabios-stable-buildid.patch
|
||||
@ -879,6 +881,8 @@ pushd roms/ipxe
|
||||
%endif
|
||||
%patch1202 -p1
|
||||
%patch1203 -p1
|
||||
%patch1204 -p1
|
||||
%patch1205 -p1
|
||||
popd
|
||||
|
||||
pushd roms/sgabios
|
||||
|
Loading…
Reference in New Issue
Block a user