[app-emulation/qemu] version bump

This commit is contained in:
Robert Förster 2014-09-12 13:33:43 +02:00
parent 630bd8e62b
commit 83fc7c72fc
4 changed files with 94 additions and 43 deletions

View File

@ -1 +1 @@
DIST qemu-2.1.0.tar.bz2 23563306 SHA256 397e23184f4bf613589a8fe0c6542461dc2afdf17ed337e97e6fd2f31e8f8802 SHA512 8c00fd61432420229d762fa2ccf91cb8cec20206e2ec02ab2df13c6b3b9de7605fbfacb0fadd21f20f13c1de4c5216d8b11538738c0d0e5094582ded7c668f2e WHIRLPOOL 9d28aab8e20a5a60e85709d7a192a45425605693e54452f54decd65ecc77b504f1bc6ff60f5e9428314fb04911f966753f39a189adc8aa85776fd3c49b5a6858
DIST qemu-2.1.1.tar.bz2 23567029 SHA256 be57bac8a8a1b47d76eecaa58b7eda390b7be8e5fdcbecfdf1a174380fc493e9 SHA512 4307b4d3d1227d69007391d87e1a3936dfbf188bbf512a0d97fbfdb475e7bf74593d5c5578b4e3aee396caa654a50ae3c132043087c1da78c182dad91b322295 WHIRLPOOL a1ff00a6f21e6667db87581f5975775c51ec0ef703ee6715ee8cc0b3cdca8b1c08607abfda956e8da2daa7be4f794e8f693f23d6fd15981c5c50b98388b0418d

View File

@ -1,36 +0,0 @@
https://bugs.gentoo.org/520688
From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001
From: Gonglei <arei.gonglei@huawei.com>
Date: Wed, 20 Aug 2014 13:52:30 +0800
Subject: [PATCH] pcihp: fix possible array out of bounds
Prevent out-of-bounds array access on
acpi_pcihp_pci_status.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
uint32_t val = 0;
int bsel = s->hotplug_select;
- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
--
2.0.0

View File

@ -0,0 +1,81 @@
fix already in upstream
From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Fri, 8 Aug 2014 09:40:25 +0900
Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink
The current code always returns the length of the path when it should
be returning the number of bytes it wrote to the output string.
Further, readlink is not supposed to append a NUL byte, but the current
snprintf logic will always do just that.
Even further, if you pass in a length of 0, you're suppoesd to get back
an error (EINVAL), but the current logic just returns 0.
Further still, if there was an error reading the symlink, we should not
go ahead and try to read the target buffer as it is garbage.
Simple test for the first two issues:
$ cat test.c
int main() {
char buf[50];
size_t len;
for (len = 0; len < 10; ++len) {
memset(buf, '!', sizeof(buf));
ssize_t ret = readlink("/proc/self/exe", buf, len);
buf[20] = '\0';
printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret);
}
return 0;
}
Now compare the output of the native:
$ gcc test.c -o /tmp/x
$ /tmp/x
$ strace /tmp/x
With what qemu does:
$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static
$ qemu-arm /tmp/x
$ qemu-arm -strace /tmp/x
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
linux-user/syscall.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index fccf9f0..7c108ab 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
if (!p || !p2) {
ret = -TARGET_EFAULT;
+ } else if (!arg3) {
+ /* Short circuit this for the magic exe check. */
+ ret = -TARGET_EINVAL;
} else if (is_proc_myself((const char *)p, "exe")) {
char real[PATH_MAX], *temp;
temp = realpath(exec_path, real);
- ret = temp == NULL ? get_errno(-1) : strlen(real) ;
- snprintf((char *)p2, arg3, "%s", real);
+ /* Return value is # of bytes that we wrote to the buffer. */
+ if (temp == NULL) {
+ ret = get_errno(-1);
+ } else {
+ /* Don't worry about sign mismatch as earlier mapping
+ * logic would have thrown a bad address error. */
+ ret = MIN(strlen(real), arg3);
+ /* We cannot NUL terminate the string. */
+ memcpy(p2, real, ret);
+ }
} else {
ret = get_errno(readlink(path(p), p2, arg3));
}
--
2.0.0

View File

@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0.ebuild,v 1.8 2014/08/05 09:29:12 vapier Exp $
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.1.ebuild,v 1.1 2014/09/12 07:01:42 vapier Exp $
EAPI=5
@ -64,8 +64,13 @@ REQUIRED_USE="|| ( ${use_targets} )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]"
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
@ -91,7 +96,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xattr? ( sys-apps/attr[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
@ -149,7 +153,9 @@ QA_PREBUILT="
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img"
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
@ -252,7 +258,7 @@ src_prepare() {
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688
epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
@ -300,6 +306,7 @@ qemu_src_configure() {
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
@ -348,7 +355,6 @@ qemu_src_configure() {
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xattr attr)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)