[OE-core] [warrior][PATCH] qemu: fix CVE-2018-20815

[akuster808]

On 7/29/19 12:41 AM, Naveen Saini wrote:
> Signed-off-by: Naveen Saini <naveen.kumar.saini at intel.com>
> ---
>  meta/recipes-devtools/qemu/qemu.inc           |  1 +
>  .../qemu/qemu/CVE-2018-20815.patch            | 39 +++++++++++++++++++
>  2 files changed, 40 insertions(+)

This is causing build failures, see
https://errors.yoctoproject.org/Errors/Details/260333/

on a multitude of targets: qemuarm64, beaglebone, musl-qemux86-64,
qemumip64

- armin


>  create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
>
> diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
> index e503aa866d..4f21bae99c 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -30,6 +30,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
>             file://0018-fix-CVE-2018-20191.patch \
>             file://0019-fix-CVE-2018-20216.patch \
>             file://CVE-2019-3812.patch \
> +           file://CVE-2018-20815.patch \
>             "
>  UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
>  
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
> new file mode 100644
> index 0000000000..f1fcaaf56d
> --- /dev/null
> +++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
> @@ -0,0 +1,39 @@
> +From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001
> +From: Peter Maydell <peter.maydell at linaro.org>
> +Date: Fri, 14 Dec 2018 13:30:52 +0000
> +Subject: [PATCH] device_tree.c: Don't use load_image()
> +
> +The load_image() function is deprecated, as it does not let the
> +caller specify how large the buffer to read the file into is.
> +Instead use load_image_size().
> +
> +Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
> +Reviewed-by: Richard Henderson <richard.henderson at linaro.org>
> +Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com>
> +Reviewed-by: Michael S. Tsirkin <mst at redhat.com>
> +Reviewed-by: Eric Blake <eblake at redhat.com>
> +Message-id: 20181130151712.2312-9-peter.maydell at linaro.org
> +
> +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17]
> +CVE: CVE-2018-20815
> +Signed-off-by: Naveen Saini <naveen.kumar.saini at intel.com>
> +---
> + device_tree.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/device_tree.c b/device_tree.c
> +index 6d9c9726f6..296278e12a 100644
> +--- a/device_tree.c
> ++++ b/device_tree.c
> +@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
> +     /* First allocate space in qemu for device tree */
> +     fdt = g_malloc0(dt_size);
> + 
> +-    dt_file_load_size = load_image(filename_path, fdt);
> ++    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
> +     if (dt_file_load_size < 0) {
> +         error_report("Unable to open device tree file '%s'",
> +                      filename_path);
> +-- 
> +2.17.1
> +