From 83fc7c72fcee5d94c80a336b4f56b65b73429541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20F=C3=B6rster?= Date: Fri, 12 Sep 2014 13:33:43 +0200 Subject: [PATCH] [app-emulation/qemu] version bump --- app-emulation/qemu/Manifest | 2 +- .../qemu/files/qemu-2.1.0-CVE-2014-5388.patch | 36 --------- .../qemu/files/qemu-2.1.1-readlink-self.patch | 81 +++++++++++++++++++ ...qemu-2.1.0-r1.ebuild => qemu-2.1.1.ebuild} | 18 +++-- 4 files changed, 94 insertions(+), 43 deletions(-) delete mode 100644 app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch create mode 100644 app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch rename app-emulation/qemu/{qemu-2.1.0-r1.ebuild => qemu-2.1.1.ebuild} (97%) diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest index b6de635..994e11b 100644 --- a/app-emulation/qemu/Manifest +++ b/app-emulation/qemu/Manifest @@ -1 +1 @@ -DIST qemu-2.1.0.tar.bz2 23563306 SHA256 397e23184f4bf613589a8fe0c6542461dc2afdf17ed337e97e6fd2f31e8f8802 SHA512 8c00fd61432420229d762fa2ccf91cb8cec20206e2ec02ab2df13c6b3b9de7605fbfacb0fadd21f20f13c1de4c5216d8b11538738c0d0e5094582ded7c668f2e WHIRLPOOL 9d28aab8e20a5a60e85709d7a192a45425605693e54452f54decd65ecc77b504f1bc6ff60f5e9428314fb04911f966753f39a189adc8aa85776fd3c49b5a6858 +DIST qemu-2.1.1.tar.bz2 23567029 SHA256 be57bac8a8a1b47d76eecaa58b7eda390b7be8e5fdcbecfdf1a174380fc493e9 SHA512 4307b4d3d1227d69007391d87e1a3936dfbf188bbf512a0d97fbfdb475e7bf74593d5c5578b4e3aee396caa654a50ae3c132043087c1da78c182dad91b322295 WHIRLPOOL a1ff00a6f21e6667db87581f5975775c51ec0ef703ee6715ee8cc0b3cdca8b1c08607abfda956e8da2daa7be4f794e8f693f23d6fd15981c5c50b98388b0418d diff --git a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch deleted file mode 100644 index 26a012b..0000000 --- a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch +++ /dev/null @@ -1,36 +0,0 @@ -https://bugs.gentoo.org/520688 - -From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001 -From: Gonglei -Date: Wed, 20 Aug 2014 13:52:30 +0800 -Subject: [PATCH] pcihp: fix possible array out of bounds - -Prevent out-of-bounds array access on -acpi_pcihp_pci_status. - -Signed-off-by: Gonglei -Reviewed-by: Peter Crosthwaite -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Cc: qemu-stable@nongnu.org -Reviewed-by: Marcel Apfelbaum ---- - hw/acpi/pcihp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c -index fae663a..34dedf1 100644 ---- a/hw/acpi/pcihp.c -+++ b/hw/acpi/pcihp.c -@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size) - uint32_t val = 0; - int bsel = s->hotplug_select; - -- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) { -+ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) { - return 0; - } - --- -2.0.0 - diff --git a/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch b/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch new file mode 100644 index 0000000..451a968 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch @@ -0,0 +1,81 @@ +fix already in upstream + +From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Fri, 8 Aug 2014 09:40:25 +0900 +Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink + +The current code always returns the length of the path when it should +be returning the number of bytes it wrote to the output string. + +Further, readlink is not supposed to append a NUL byte, but the current +snprintf logic will always do just that. + +Even further, if you pass in a length of 0, you're suppoesd to get back +an error (EINVAL), but the current logic just returns 0. + +Further still, if there was an error reading the symlink, we should not +go ahead and try to read the target buffer as it is garbage. + +Simple test for the first two issues: +$ cat test.c +int main() { + char buf[50]; + size_t len; + for (len = 0; len < 10; ++len) { + memset(buf, '!', sizeof(buf)); + ssize_t ret = readlink("/proc/self/exe", buf, len); + buf[20] = '\0'; + printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret); + } + return 0; +} + +Now compare the output of the native: +$ gcc test.c -o /tmp/x +$ /tmp/x +$ strace /tmp/x + +With what qemu does: +$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static +$ qemu-arm /tmp/x +$ qemu-arm -strace /tmp/x + +Signed-off-by: Mike Frysinger +Signed-off-by: Riku Voipio +--- + linux-user/syscall.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index fccf9f0..7c108ab 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, + p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0); + if (!p || !p2) { + ret = -TARGET_EFAULT; ++ } else if (!arg3) { ++ /* Short circuit this for the magic exe check. */ ++ ret = -TARGET_EINVAL; + } else if (is_proc_myself((const char *)p, "exe")) { + char real[PATH_MAX], *temp; + temp = realpath(exec_path, real); +- ret = temp == NULL ? get_errno(-1) : strlen(real) ; +- snprintf((char *)p2, arg3, "%s", real); ++ /* Return value is # of bytes that we wrote to the buffer. */ ++ if (temp == NULL) { ++ ret = get_errno(-1); ++ } else { ++ /* Don't worry about sign mismatch as earlier mapping ++ * logic would have thrown a bad address error. */ ++ ret = MIN(strlen(real), arg3); ++ /* We cannot NUL terminate the string. */ ++ memcpy(p2, real, ret); ++ } + } else { + ret = get_errno(readlink(path(p), p2, arg3)); + } +-- +2.0.0 + diff --git a/app-emulation/qemu/qemu-2.1.0-r1.ebuild b/app-emulation/qemu/qemu-2.1.1.ebuild similarity index 97% rename from app-emulation/qemu/qemu-2.1.0-r1.ebuild rename to app-emulation/qemu/qemu-2.1.1.ebuild index e6fa241..5c75b77 100644 --- a/app-emulation/qemu/qemu-2.1.0-r1.ebuild +++ b/app-emulation/qemu/qemu-2.1.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0.ebuild,v 1.8 2014/08/05 09:29:12 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.1.ebuild,v 1.1 2014/09/12 07:01:42 vapier Exp $ EAPI=5 @@ -64,8 +64,13 @@ REQUIRED_USE="|| ( ${use_targets} ) virtfs? ( xattr )" # Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)]" + sys-libs/zlib[static-libs(+)] + xattr? ( sys-apps/attr[static-libs(+)] )" SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} >=x11-libs/pixman-0.28.0[static-libs(+)] aio? ( dev-libs/libaio[static-libs(+)] ) @@ -91,7 +96,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] ) - xattr? ( sys-apps/attr[static-libs(+)] ) xfs? ( sys-fs/xfsprogs[static-libs(+)] )" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" X86_FIRMWARE_DEPEND=" @@ -149,7 +153,9 @@ QA_PREBUILT=" usr/share/qemu/openbios-sparc64 usr/share/qemu/openbios-sparc32 usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img" + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500 +" QA_WX_LOAD="usr/bin/qemu-i386 usr/bin/qemu-x86_64 @@ -252,7 +258,7 @@ src_prepare() { use nls || rm -f po/*.po epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688 + epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch @@ -300,6 +306,7 @@ qemu_src_configure() { $(use_enable debug debug-tcg) --enable-docs $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) ) # Disable options not used by user targets as the default configure @@ -348,7 +355,6 @@ qemu_src_configure() { $(conf_softmmu vhost-net) $(conf_softmmu virtfs) $(conf_softmmu vnc) - $(conf_softmmu xattr attr) $(conf_softmmu xen) $(conf_softmmu xen xen-pci-passthrough) $(conf_softmmu xfs xfsctl)