[app-emulation/qemu] bump to include cve fixes, remove vgabios stuff from it, pin seabios to in-overlay version so we don't clash with tree

2014-06-01 07:11:11 +02:00
parent ddbb7651f4
commit 341b78979a
6 changed files with 255 additions and 14 deletions
--- a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch
+++ b/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch
@@ -0,0 +1,52 @@
+From 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Wed, 7 May 2014 17:30:30 +0200
+Subject: [PATCH] qcow1: Check maximum cluster size
+
+Huge values for header.cluster_bits cause unbounded allocations (e.g.
+for s->cluster_cache) and crash qemu this way. Less huge values may
+survive those allocations, but can cause integer overflows later on.
+
+The only cluster sizes that qemu can create are 4k (for standalone
+images) and 512 (for images with backing files), so we can limit it
+to 64k.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Reviewed-by: Benoit Canet <benoit@irqsave.net>
+---
+ block/qcow.c               | 10 ++++++--
+ tests/qemu-iotests/092     | 63 ++++++++++++++++++++++++++++++++++++++++++++++
+ tests/qemu-iotests/092.out | 13 ++++++++++
+ tests/qemu-iotests/group   |  1 +
+ 4 files changed, 85 insertions(+), 2 deletions(-)
+ create mode 100755 tests/qemu-iotests/092
+ create mode 100644 tests/qemu-iotests/092.out
+
+diff --git a/block/qcow.c b/block/qcow.c
+index 3684794..e60df23 100644
+--- a/block/qcow.c
+++ b/block/qcow.c
+@@ -128,11 +128,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
+         goto fail;
+     }
+ 
+-    if (header.size <= 1 || header.cluster_bits < 9) {
+-        error_setg(errp, "invalid value in qcow header");
+    if (header.size <= 1) {
+        error_setg(errp, "Image size is too small (must be at least 2 bytes)");
+         ret = -EINVAL;
+         goto fail;
+     }
+    if (header.cluster_bits < 9 || header.cluster_bits > 16) {
+        error_setg(errp, "Cluster size must be between 512 and 64k");
+        ret = -EINVAL;
+        goto fail;
+    }
+
+     if (header.crypt_method > QCOW_CRYPT_AES) {
+         error_setg(errp, "invalid encryption method in qcow header");
+         ret = -EINVAL;
+-- 
+1.9.3
+