From d7b5d85f677ff8eff6f6c093bce8b18ad54c2dbca525a2c7870fd6e3eb7f4f05 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Wed, 26 Aug 2020 01:50:23 +0000
Subject: [PATCH] Accepting request 829656 from
 home:bfrogers:branches:Virtualization

- Fix OOB access while processing USB packets (CVE-2020-14364
  bsc#1175441)
  usb-fix-setup_len-init-CVE-2020-14364.patch
- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
  is the openSUSE one with this entry providing the intervening
  SLE CVE, JIRA, and bugzilla references, which are still addressed
  in this package, and not yet called out in this changes file.
* CVE-2020-1983  CVE-2020-10761 CVE-2020-13361 CVE-2020-13362
  CVE-2020-13659 CVE-2020-13800
* bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384
  bsc#1172386 bsc#1172495 bsc#1172710
* Patches dropped (SLE) (included in current release tarball):
  exec-set-map-length-to-zero-when-returni.patch
  i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch
  megasas-use-unsigned-type-for-reply_queu.patch

OBS-URL: https://build.opensuse.org/request/show/829656
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=566
---
 qemu.changes                                                  | 4 +---
 qemu.spec                                                     | 2 ++
 ...14364.patch => usb-fix-setup_len-init-CVE-2020-14364.patch | 0
 3 files changed, 3 insertions(+), 3 deletions(-)
 rename sb-fix-setup_len-init-CVE-2020-14364.patch => usb-fix-setup_len-init-CVE-2020-14364.patch (100%)

diff --git a/qemu.changes b/qemu.changes
index c1328efc..a38e7974 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -3,9 +3,7 @@ Tue Aug 25 22:42:27 UTC 2020 - Bruce Rogers <brogers@suse.com>
 
 - Fix OOB access while processing USB packets (CVE-2020-14364
   bsc#1175441)
-  (somehow our script processing the patches stripped the first
-  character "u" - will address later)
-  sb-fix-setup_len-init-CVE-2020-14364.patch
+  usb-fix-setup_len-init-CVE-2020-14364.patch
 - Re-sync openSUSE and SUSE SLE qemu packages. This changes file
   is the openSUSE one with this entry providing the intervening
   SLE CVE, JIRA, and bugzilla references, which are still addressed
diff --git a/qemu.spec b/qemu.spec
index aea309de..3772eb6a 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -183,6 +183,7 @@ Patch00042:     docs-add-SUSE-support-statements-to-html.patch
 Patch00043:     s390x-Fix-stringop-truncation-issue-repo.patch
 Patch00044:     Revert-qht-constify-qht_statistics_init.patch
 Patch00045:     qht-Revert-some-constification-in-qht.c.patch
+Patch00046:     usb-fix-setup_len-init-CVE-2020-14364.patch
 # Patches applied in roms/seabios/:
 Patch01000:     seabios-use-python2-explicitly-as-needed.patch
 Patch01001:     seabios-switch-to-python3-as-needed.patch
@@ -1006,6 +1007,7 @@ This package provides a service file for starting and stopping KSM.
 %patch00043 -p1
 %patch00044 -p1
 %patch00045 -p1
+%patch00046 -p1
 %patch01000 -p1
 %patch01001 -p1
 %patch01002 -p1
diff --git a/sb-fix-setup_len-init-CVE-2020-14364.patch b/usb-fix-setup_len-init-CVE-2020-14364.patch
similarity index 100%
rename from sb-fix-setup_len-init-CVE-2020-14364.patch
rename to usb-fix-setup_len-init-CVE-2020-14364.patch