diff options
author | Armin Kuster <akuster808@gmail.com> | 2019-08-15 07:26:42 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-08-15 08:18:28 -0700 |
commit | 0e1aa222b85048768c620ebf78d533311e138488 (patch) | |
tree | 2ad1f5f1376935097ecce2eca68d1670fe5eedf2 /meta/recipes-devtools/qemu | |
parent | 77c8456f3e2f778161f4b51d4e276646d81d1c8c (diff) | |
download | openembedded-core-contrib-0e1aa222b85048768c620ebf78d533311e138488.tar.gz |
qemu: fix CVE-2018-20815
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/qemu')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index ecf13dc78a..3de87d3d78 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0019-fix-CVE-2018-20216.patch \ file://CVE-2019-3812.patch \ file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \ + file://CVE-2018-20815.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch new file mode 100644 index 0000000000..c9508d9ba8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch @@ -0,0 +1,38 @@ +From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001 +From: Peter Maydell <peter.maydell@linaro.org> +Date: Fri, 14 Dec 2018 13:30:52 +0000 +Subject: [PATCH] device_tree.c: Don't use load_image() + +The load_image() function is deprecated, as it does not let the +caller specify how large the buffer to read the file into is. +Instead use load_image_size(). + +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> +Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Reviewed-by: Eric Blake <eblake@redhat.com> +Message-id: 20181130151712.2312-9-peter.maydell@linaro.org + +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17] +CVE: CVE-2018-20815 +Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> +--- + device_tree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/device_tree.c b/device_tree.c +index 6d9c9726f6..296278e12a 100644 +--- a/device_tree.c ++++ b/device_tree.c +@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep) + /* First allocate space in qemu for device tree */ + fdt = g_malloc0(dt_size); + +- dt_file_load_size = load_image(filename_path, fdt); ++ dt_file_load_size = load_image_size(filename_path, fdt, dt_size); + if (dt_file_load_size < 0) { + error_report("Unable to open device tree file '%s'", + filename_path); +-- +2.17.1 |