[OE-core] [warrior][PATCH] qemu: fix CVE-2018-20815

Naveen Saini naveen.kumar.saini at intel.com
Mon Jul 29 07:41:54 UTC 2019 

Signed-off-by: Naveen Saini <naveen.kumar.saini at intel.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2018-20815.patch            | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e503aa866d..4f21bae99c 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -30,6 +30,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0018-fix-CVE-2018-20191.patch \
            file://0019-fix-CVE-2018-20216.patch \
            file://CVE-2019-3812.patch \
+           file://CVE-2018-20815.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
new file mode 100644
index 0000000000..f1fcaaf56d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
@@ -0,0 +1,39 @@
+From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell at linaro.org>
+Date: Fri, 14 Dec 2018 13:30:52 +0000
+Subject: [PATCH] device_tree.c: Don't use load_image()
+
+The load_image() function is deprecated, as it does not let the
+caller specify how large the buffer to read the file into is.
+Instead use load_image_size().
+
+Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson at linaro.org>
+Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst at redhat.com>
+Reviewed-by: Eric Blake <eblake at redhat.com>
+Message-id: 20181130151712.2312-9-peter.maydell at linaro.org
+
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17]
+CVE: CVE-2018-20815
+Signed-off-by: Naveen Saini <naveen.kumar.saini at intel.com>
+---
+ device_tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/device_tree.c b/device_tree.c
+index 6d9c9726f6..296278e12a 100644
+--- a/device_tree.c
++++ b/device_tree.c
+@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
+     /* First allocate space in qemu for device tree */
+     fdt = g_malloc0(dt_size);
+ 
+-    dt_file_load_size = load_image(filename_path, fdt);
++    dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+     if (dt_file_load_size < 0) {
+         error_report("Unable to open device tree file '%s'",
+                      filename_path);
+-- 
+2.17.1
+
-- 
2.17.1

More information about the Openembedded-core mailing list