diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
commit | 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch) | |
tree | c513fe68548b40365c1c2ebfe35c58ad431cdd77 /app-emulation/qemu/files | |
parent | 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff) |
gentoo resync : 25.08.2020
Diffstat (limited to 'app-emulation/qemu/files')
4 files changed, 97 insertions, 107 deletions
diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch deleted file mode 100644 index 173394fd02f2..000000000000 --- a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/configure -+++ b/configure -@@ -4468,10 +4468,6 @@ fi - if test "$gcov" = "yes" ; then - CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" - LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" --elif test "$fortify_source" = "yes" ; then -- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" --elif test "$debug" = "no"; then -- CFLAGS="-O2 $CFLAGS" - fi - - ########################################## diff --git a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch deleted file mode 100644 index 5f442f0fd07a..000000000000 --- a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch +++ /dev/null @@ -1,94 +0,0 @@ -https://bugs.gentoo.org/719266 - -From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001 -From: BALATON Zoltan <balaton@eik.bme.hu> -Date: Mon, 6 Apr 2020 22:34:26 +0200 -Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash - -In some corner cases (that never happen during normal operation but a -malicious guest could program wrong values) pixman functions were -called with parameters that result in a crash. Fix this and add more -checks to disallow such cases. - -Reported-by: Ziming Zhang <ezrakiez@gmail.com> -Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> -Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> ---- - hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++----------- - 1 file changed, 26 insertions(+), 11 deletions(-) - ---- a/hw/display/ati_2d.c -+++ b/hw/display/ati_2d.c -@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s) - s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds), - surface_bits_per_pixel(ds), - (s->regs.dp_mix & GMC_ROP3_MASK) >> 16); -- int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? -- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); -- int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); -+ unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? -+ s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); -+ unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -+ s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); - int bpp = ati_bpp_from_datatype(s); -+ if (!bpp) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n"); -+ return; -+ } - int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch; -+ if (!dst_stride) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n"); -+ return; -+ } - uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? - s->regs.dst_offset : s->regs.default_offset); - -@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s) - switch (s->regs.dp_mix & GMC_ROP3_MASK) { - case ROP3_SRCCOPY: - { -- int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? -- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); -- int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); -+ unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? -+ s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); -+ unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -+ s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); - int src_stride = DEFAULT_CNTL ? - s->regs.src_pitch : s->regs.default_pitch; -+ if (!src_stride) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n"); -+ return; -+ } - uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? - s->regs.src_offset : s->regs.default_offset); - -@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s) - dst_y * surface_stride(ds), - s->regs.dst_height * surface_stride(ds)); - } -- s->regs.dst_x += s->regs.dst_width; -- s->regs.dst_y += s->regs.dst_height; -+ s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? -+ dst_x + s->regs.dst_width : dst_x); -+ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -+ dst_y + s->regs.dst_height : dst_y); - break; - } - case ROP3_PATCOPY: -@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s) - dst_y * surface_stride(ds), - s->regs.dst_height * surface_stride(ds)); - } -- s->regs.dst_y += s->regs.dst_height; -+ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? -+ dst_y + s->regs.dst_height : dst_y); - break; - } - default: --- -2.26.2 - diff --git a/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch b/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch new file mode 100644 index 000000000000..d1d3c49a58f6 --- /dev/null +++ b/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch @@ -0,0 +1,35 @@ +https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 +https://bugzilla.redhat.com/show_bug.cgi?id=1835986 +https://bugs.gentoo.org/731992 + +From c7ede54cbd2e2b25385325600958ba0124e31cc0 Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp <rhafer@suse.com> +Date: Fri, 3 Jul 2020 14:51:16 +0200 +Subject: [PATCH] Drop bogus IPv6 messages + +Drop IPv6 message shorter than what's mentioned in the payload +length header (+ the size of the IPv6 header). They're invalid an could +lead to data leakage in icmp6_send_echoreply(). +--- + src/ip6_input.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/slirp/src/ip6_input.c ++++ b/slirp/src/ip6_input.c +@@ -49,6 +49,13 @@ void ip6_input(struct mbuf *m) + goto bad; + } + ++ // Check if the message size is big enough to hold what's ++ // set in the payload length header. If not this is an invalid ++ // packet ++ if (m->m_len < ntohs(ip6->ip_pl) + sizeof(struct ip6)) { ++ goto bad; ++ } ++ + /* check ip_ttl for a correct ICMP reply */ + if (ip6->ip_hl == 0) { + icmp6_send_error(m, ICMP6_TIMXCEED, ICMP6_TIMXCEED_INTRANS); +-- +GitLab + diff --git a/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch b/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch new file mode 100644 index 000000000000..4eb644fde543 --- /dev/null +++ b/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch @@ -0,0 +1,62 @@ +https://bugs.gentoo.org/735146 + +From 4fd46e6cdd976f4aecdc3fbbad728e00a7bc4ee0 Mon Sep 17 00:00:00 2001 +From: Rafael Kitover <rkitover@gmail.com> +Date: Thu, 13 Aug 2020 20:19:24 +0000 +Subject: [PATCH] configure: Require pixman for vhost-user-gpu. + +Use the test from Makefile to check if vhost-user-gpu is being built, +and if so require pixman. + +Signed-off-by: Rafael Kitover <rkitover@gmail.com> +--- + configure | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +--- a/configure ++++ b/configure +@@ -4062,20 +4062,6 @@ if test "$modules" = yes; then + fi + fi + +-########################################## +-# pixman support probe +- +-if test "$softmmu" = "no"; then +- pixman_cflags= +- pixman_libs= +-elif $pkg_config --atleast-version=0.21.8 pixman-1 > /dev/null 2>&1; then +- pixman_cflags=$($pkg_config --cflags pixman-1) +- pixman_libs=$($pkg_config --libs pixman-1) +-else +- error_exit "pixman >= 0.21.8 not present." \ +- "Please install the pixman devel package." +-fi +- + ########################################## + # libmpathpersist probe + +@@ -4491,6 +4477,20 @@ if test "$opengl" = "yes" && test "$have_x11" = "yes"; then + done + fi + ++########################################## ++# pixman support probe ++ ++if test "$softmmu" = "no" && ! test "${linux} ${virglrenderer} ${gbm} ${want_tools}" = "yes yes yes yes"; then ++ pixman_cflags= ++ pixman_libs= ++elif $pkg_config --atleast-version=0.21.8 pixman-1 > /dev/null 2>&1; then ++ pixman_cflags=$($pkg_config --cflags pixman-1) ++ pixman_libs=$($pkg_config --libs pixman-1) ++else ++ error_exit "pixman >= 0.21.8 not present." \ ++ "Please install the pixman devel package." ++fi ++ + ########################################## + # libxml2 probe + if test "$libxml2" != "no" ; then +-- +2.28.0 + |