gentoo resync : 25.08.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
commit: 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree: c513fe68548b40365c1c2ebfe35c58ad431cdd77 /app-emulation/qemu/files
parent: 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)
4 files changed, 97 insertions, 107 deletions
diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
deleted file mode 100644
index 173394fd02f2..000000000000
--- a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -4468,10 +4468,6 @@ fi
- if test "$gcov" = "yes" ; then
-   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
-   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$fortify_source" = "yes" ; then
--  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
--elif test "$debug" = "no"; then
--  CFLAGS="-O2 $CFLAGS"
- fi
- 
- ##########################################
diff --git a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
deleted file mode 100644
index 5f442f0fd07a..000000000000
--- a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-https://bugs.gentoo.org/719266
-
-From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001
-From: BALATON Zoltan <balaton@eik.bme.hu>
-Date: Mon, 6 Apr 2020 22:34:26 +0200
-Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash
-
-In some corner cases (that never happen during normal operation but a
-malicious guest could program wrong values) pixman functions were
-called with parameters that result in a crash. Fix this and add more
-checks to disallow such cases.
-
-Reported-by: Ziming Zhang <ezrakiez@gmail.com>
-Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
-Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++-----------
- 1 file changed, 26 insertions(+), 11 deletions(-)
-
---- a/hw/display/ati_2d.c
-+++ b/hw/display/ati_2d.c
-@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s)
-             s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
-             surface_bits_per_pixel(ds),
-             (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
--    int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
--                 s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
--    int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
--                 s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
-+    unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
-+                      s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
-+    unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
-+                      s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
-     int bpp = ati_bpp_from_datatype(s);
-+    if (!bpp) {
-+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
-+        return;
-+    }
-     int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
-+    if (!dst_stride) {
-+        qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
-+        return;
-+    }
-     uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
-                         s->regs.dst_offset : s->regs.default_offset);
- 
-@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s)
-     switch (s->regs.dp_mix & GMC_ROP3_MASK) {
-     case ROP3_SRCCOPY:
-     {
--        int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
--                     s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
--        int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
--                     s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
-+        unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
-+                       s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
-+        unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
-+                       s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
-         int src_stride = DEFAULT_CNTL ?
-                          s->regs.src_pitch : s->regs.default_pitch;
-+        if (!src_stride) {
-+            qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
-+            return;
-+        }
-         uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
-                             s->regs.src_offset : s->regs.default_offset);
- 
-@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s)
-                                     dst_y * surface_stride(ds),
-                                     s->regs.dst_height * surface_stride(ds));
-         }
--        s->regs.dst_x += s->regs.dst_width;
--        s->regs.dst_y += s->regs.dst_height;
-+        s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
-+                         dst_x + s->regs.dst_width : dst_x);
-+        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
-+                         dst_y + s->regs.dst_height : dst_y);
-         break;
-     }
-     case ROP3_PATCOPY:
-@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s)
-                                     dst_y * surface_stride(ds),
-                                     s->regs.dst_height * surface_stride(ds));
-         }
--        s->regs.dst_y += s->regs.dst_height;
-+        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
-+                         dst_y + s->regs.dst_height : dst_y);
-         break;
-     }
-     default:
--- 
-2.26.2
-
diff --git a/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch b/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch
new file mode 100644
index 000000000000..d1d3c49a58f6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.0.0-ipv6-slirp-CVE-2020-10756.patch
@@ -0,0 +1,35 @@
+https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0
+https://bugzilla.redhat.com/show_bug.cgi?id=1835986
+https://bugs.gentoo.org/731992
+
+From c7ede54cbd2e2b25385325600958ba0124e31cc0 Mon Sep 17 00:00:00 2001
+From: Ralf Haferkamp <rhafer@suse.com>
+Date: Fri, 3 Jul 2020 14:51:16 +0200
+Subject: [PATCH] Drop bogus IPv6 messages
+
+Drop IPv6 message shorter than what's mentioned in the payload
+length header (+ the size of the IPv6 header). They're invalid an could
+lead to data leakage in icmp6_send_echoreply().
+---
+ src/ip6_input.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/slirp/src/ip6_input.c
++++ b/slirp/src/ip6_input.c
+@@ -49,6 +49,13 @@ void ip6_input(struct mbuf *m)
+         goto bad;
+     }
+ 
++    // Check if the message size is big enough to hold what's
++    // set in the payload length header. If not this is an invalid
++    // packet
++    if (m->m_len < ntohs(ip6->ip_pl) + sizeof(struct ip6)) {
++        goto bad;
++    }
++
+     /* check ip_ttl for a correct ICMP reply */
+     if (ip6->ip_hl == 0) {
+         icmp6_send_error(m, ICMP6_TIMXCEED, ICMP6_TIMXCEED_INTRANS);
+-- 
+GitLab
+
diff --git a/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch b/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch
new file mode 100644
index 000000000000..4eb644fde543
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.1.0-pixman-for-vhost-user-gpu.patch
@@ -0,0 +1,62 @@
+https://bugs.gentoo.org/735146
+
+From 4fd46e6cdd976f4aecdc3fbbad728e00a7bc4ee0 Mon Sep 17 00:00:00 2001
+From: Rafael Kitover <rkitover@gmail.com>
+Date: Thu, 13 Aug 2020 20:19:24 +0000
+Subject: [PATCH] configure: Require pixman for vhost-user-gpu.
+
+Use the test from Makefile to check if vhost-user-gpu is being built,
+and if so require pixman.
+
+Signed-off-by: Rafael Kitover <rkitover@gmail.com>
+---
+ configure | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+--- a/configure
++++ b/configure
+@@ -4062,20 +4062,6 @@ if test "$modules" = yes; then
+     fi
+ fi
+ 
+-##########################################
+-# pixman support probe
+-
+-if test "$softmmu" = "no"; then
+-  pixman_cflags=
+-  pixman_libs=
+-elif $pkg_config --atleast-version=0.21.8 pixman-1 > /dev/null 2>&1; then
+-  pixman_cflags=$($pkg_config --cflags pixman-1)
+-  pixman_libs=$($pkg_config --libs pixman-1)
+-else
+-  error_exit "pixman >= 0.21.8 not present." \
+-      "Please install the pixman devel package."
+-fi
+-
+ ##########################################
+ # libmpathpersist probe
+ 
+@@ -4491,6 +4477,20 @@ if test "$opengl" = "yes" && test "$have_x11" = "yes"; then
+   done
+ fi
+ 
++##########################################
++# pixman support probe
++
++if test "$softmmu" = "no" && ! test "${linux} ${virglrenderer} ${gbm} ${want_tools}" = "yes yes yes yes";  then
++  pixman_cflags=
++  pixman_libs=
++elif $pkg_config --atleast-version=0.21.8 pixman-1 > /dev/null 2>&1; then
++  pixman_cflags=$($pkg_config --cflags pixman-1)
++  pixman_libs=$($pkg_config --libs pixman-1)
++else
++  error_exit "pixman >= 0.21.8 not present." \
++      "Please install the pixman devel package."
++fi
++
+ ##########################################
+ # libxml2 probe
+ if test "$libxml2" != "no" ; then
+-- 
+2.28.0
+
author	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
commit	3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree	c513fe68548b40365c1c2ebfe35c58ad431cdd77 /app-emulation/qemu/files
parent	05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)