diff options
Diffstat (limited to 'poky/meta/recipes-devtools/qemu')
32 files changed, 749 insertions, 173 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb index 372eebd88..2fc07669d 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb @@ -5,7 +5,10 @@ PR = "r1" LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5d4e0b4c28f999" -SRC_URI = "file://tunctl.c" +SRC_URI = "\ + file://tunctl.c \ + file://qemu-oe-bridge-helper \ + " S = "${WORKDIR}" @@ -18,6 +21,8 @@ do_compile() { do_install() { install -d ${D}${bindir} install tunctl ${D}${bindir}/ + + install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/ } DEPENDS += "qemu-system-native" diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper new file mode 100755 index 000000000..f057d4eef --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper @@ -0,0 +1,25 @@ +#! /bin/sh +# Copyright 2020 Garmin Ltd. or its subsidiaries +# +# SPDX-License-Identifier: GPL-2.0 +# +# Attempts to find and exec the host qemu-bridge-helper program + +# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it. +if [ -n "$QEMU_BRIDGE_HELPER" ]; then + exec "$QEMU_BRIDGE_HELPER" "$@" +fi + +# Search common paths for the helper program +BN="qemu-bridge-helper" +PATHS="/usr/libexec/ /usr/lib/qemu/" + +for p in $PATHS; do + if [ -e "$p/$BN" ]; then + exec "$p/$BN" "$@" + fi +done + +echo "$BN not found!" > /dev/stderr +exit 1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu-native.inc b/poky/meta/recipes-devtools/qemu/qemu-native.inc index 69c2c43e6..28cfd2cca 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native.inc +++ b/poky/meta/recipes-devtools/qemu/qemu-native.inc @@ -3,8 +3,8 @@ inherit native require qemu.inc SRC_URI_append = " \ - file://0010-fix-libcap-header-issue-on-some-distro.patch \ - file://0011-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ + file://0012-fix-libcap-header-issue-on-some-distro.patch \ + file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ " EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_4.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_4.2.0.bb index c8acff8e1..c8acff8e1 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_4.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_4.2.0.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_4.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_4.2.0.bb index d83ee5937..7394385d3 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_4.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_4.2.0.bb @@ -9,7 +9,9 @@ DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native bison-native" EXTRA_OECONF_append = " --target-list=${@get_qemu_system_target_list(d)}" -PACKAGECONFIG ??= "fdt alsa kvm" +PACKAGECONFIG ??= "fdt alsa kvm \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '' ,d)} \ +" # Handle distros such as CentOS 5 32-bit that do not have kvm support PACKAGECONFIG_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" diff --git a/poky/meta/recipes-devtools/qemu/qemu-targets.inc b/poky/meta/recipes-devtools/qemu/qemu-targets.inc index 8184ef578..24f9a0394 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-targets.inc +++ b/poky/meta/recipes-devtools/qemu/qemu-targets.inc @@ -13,7 +13,7 @@ def get_qemu_target_list(d): softmmuonly += arch + "-softmmu," archs.remove(arch) linuxuseronly = "" - for arch in ['armeb', 'alpha', 'ppc64abi32', 'sparc32plus', 'aarch64_be']: + for arch in ['armeb', 'alpha', 'ppc64abi32', 'ppc64le', 'sparc32plus', 'aarch64_be']: if arch in archs: linuxuseronly += arch + "-linux-user," archs.remove(arch) diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 601fc2286..126e7d442 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -27,13 +27,22 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ file://0009-Fix-webkitgtk-builds.patch \ file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ + file://0011-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch \ file://CVE-2019-15890.patch \ - file://CVE-2019-12068.patch \ - " + file://CVE-2020-1711.patch \ + file://CVE-2020-7039-1.patch \ + file://CVE-2020-7039-2.patch \ + file://CVE-2020-7039-3.patch \ + file://0001-Add-enable-disable-udev.patch \ + file://CVE-2020-7211.patch \ + file://0001-qemu-Do-not-include-file-if-not-exists.patch \ + file://CVE-2020-11102.patch \ + file://CVE-2020-11869.patch \ + " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8" -SRC_URI[sha256sum] = "656e60218689bdeec69903087fd7582d5d3e72238d02f4481d8dc6d79fd909c6" +SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" +SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" @@ -55,10 +64,12 @@ do_install_ptest() { # Don't check the file genreated by configure sed -i -e '/wildcard config-host.mak/d' \ -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include + sed -i -e 's,${HOSTTOOLS_DIR}/python3,${bindir}/python3,' \ + ${D}/${PTEST_PATH}/tests/qemu-iotests/common.env } # QEMU_TARGETS is overridable variable -QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 riscv32 riscv64 sh4 x86_64" +QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 ppc64le riscv32 riscv64 sh4 x86_64" EXTRA_OECONF = " \ --prefix=${prefix} \ @@ -75,6 +86,8 @@ EXTRA_OECONF = " \ --disable-strip \ --disable-werror \ --extra-cflags='${CFLAGS}' \ + --with-git=/bin/false \ + --disable-git-update \ ${PACKAGECONFIG_CONFARGS} \ " @@ -135,7 +148,7 @@ PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr," PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs," -PACKAGECONFIG[xen] = "--enable-xen,--disable-xen,xen,xen-libxenstore xen-libxenctrl xen-libxenguest" +PACKAGECONFIG[xen] = "--enable-xen,--disable-xen,xen-tools,xen-tools-libxenstore xen-tools-libxenctrl xen-tools-libxenguest" PACKAGECONFIG[vnc-sasl] = "--enable-vnc --enable-vnc-sasl,--disable-vnc-sasl,cyrus-sasl," PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpeg," PACKAGECONFIG[vnc-png] = "--enable-vnc --enable-vnc-png,--disable-vnc-png,libpng," @@ -165,6 +178,10 @@ PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice" # usbredir will be in meta-networking layer PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir" PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy" +PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs" +PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" +PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" +PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" INSANE_SKIP_${PN} = "arch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch new file mode 100644 index 000000000..c2c5849d6 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch @@ -0,0 +1,29 @@ +From a471cf4e4c73350e090eb2cd87ec959d138012e5 Mon Sep 17 00:00:00 2001 +From: Jeremy Puhlman <jpuhlman@mvista.com> +Date: Thu, 19 Mar 2020 11:54:26 -0700 +Subject: [PATCH] Add enable/disable libudev + +Upstream-Status: Pending +Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> +--- + configure | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure b/configure +index cac271c..bd116eb 100755 +--- a/configure ++++ b/configure +@@ -1539,6 +1539,10 @@ for opt do + ;; + --disable-plugins) plugins="no" + ;; ++ --enable-libudev) libudev="yes" ++ ;; ++ --disable-libudev) libudev="no" ++ ;; + *) + echo "ERROR: unknown option $opt" + echo "Try '$0 --help' for more information" +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch index 9478102ae..66ff99650 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch @@ -1,4 +1,4 @@ -From 4655dc18074e0be9d239f51dac32b61435da8549 Mon Sep 17 00:00:00 2001 +From 526cb7e26f6dd96c9ee2ffa05ce0a358d3bfbfb3 Mon Sep 17 00:00:00 2001 From: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Thu, 27 Nov 2014 14:04:29 +0000 Subject: [PATCH] qemu: Add missing wacom HID descriptor @@ -19,7 +19,7 @@ Upstream-Status: Submitted 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c -index 8c43db93..3ff8ca28 100644 +index 8ed57b3b..1502928b 100644 --- a/hw/usb/dev-wacom.c +++ b/hw/usb/dev-wacom.c @@ -74,6 +74,89 @@ static const USBDescStrings desc_strings = { diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch new file mode 100644 index 000000000..eccac0509 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch @@ -0,0 +1,31 @@ +From 98c2da129db19ee63d7e21b77a0ef70822c95069 Mon Sep 17 00:00:00 2001 +From: Oleksiy Obitotskyy <oobitots@cisco.com> +Date: Wed, 25 Mar 2020 21:21:35 +0200 +Subject: [PATCH] qemu: Do not include file if not exists + +Script configure checks for if_alg.h and check failed but +if_alg.h still included. + +Upstream-status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg07188.html] +Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> +--- + linux-user/syscall.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index fc18f244..68d62666 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -106,7 +106,9 @@ + #include <linux/blkpg.h> + #include <netpacket/packet.h> + #include <linux/netlink.h> ++#if defined(CONFIG_AF_ALG) + #include <linux/if_alg.h> ++#endif + #include "linux_loop.h" + #include "uname.h" + +-- +2.20.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch index 2ccddd53c..7f7da5100 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch @@ -1,4 +1,4 @@ -From 67751f3a23e3db3012f391b3b3b73a4484488ce9 Mon Sep 17 00:00:00 2001 +From 8ee6281516bd9210e75e91d705da8916bab3bf51 Mon Sep 17 00:00:00 2001 From: Juro Bystricky <juro.bystricky@intel.com> Date: Thu, 31 Aug 2017 11:06:56 -0700 Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for @@ -15,10 +15,10 @@ Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> 1 file changed, 8 insertions(+) diff --git a/tests/Makefile.include b/tests/Makefile.include -index fd7fdb86..83b7f409 100644 +index 8566f5f1..52d0320b 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include -@@ -1183,4 +1183,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) +@@ -1210,4 +1210,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) -include $(wildcard tests/*.d) -include $(wildcard tests/libqos/*.d) diff --git a/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch index 5c42d6803..012d60d8f 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -1,4 +1,4 @@ -From 235b94f1188597873c8776b019fed49947983392 Mon Sep 17 00:00:00 2001 +From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> Date: Fri, 28 Mar 2014 17:42:43 +0800 Subject: [PATCH] qemu: Add addition environment space to boot loader @@ -19,15 +19,15 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c -index 20e019bf..d150b01c 100644 +index 92e9ca5b..3a7f3954 100644 --- a/hw/mips/mips_malta.c +++ b/hw/mips/mips_malta.c -@@ -60,7 +60,7 @@ +@@ -59,7 +59,7 @@ - #define ENVP_ADDR 0x80002000l - #define ENVP_NB_ENTRIES 16 --#define ENVP_ENTRY_SIZE 256 -+#define ENVP_ENTRY_SIZE 1024 + #define ENVP_ADDR 0x80002000l + #define ENVP_NB_ENTRIES 16 +-#define ENVP_ENTRY_SIZE 256 ++#define ENVP_ENTRY_SIZE 1024 /* Hardware addresses */ - #define FLASH_ADDRESS 0x1e000000ULL + #define FLASH_ADDRESS 0x1e000000ULL diff --git a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch index 0ac4ab40b..bc30397e8 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch @@ -1,4 +1,4 @@ -From 3ad7a375015d47fdf5016e03e11fa93440d6d8bd Mon Sep 17 00:00:00 2001 +From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Tue, 20 Oct 2015 22:19:08 +0100 Subject: [PATCH] qemu: disable Valgrind @@ -13,10 +13,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> 1 file changed, 9 deletions(-) diff --git a/configure b/configure -index 714e7fb6..dad4fc59 100755 +index 6099be1d..a766017b 100755 --- a/configure +++ b/configure -@@ -5335,15 +5335,6 @@ fi +@@ -5390,15 +5390,6 @@ fi # check if we have valgrind/valgrind.h valgrind_h=no diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch index a73681510..ec303371b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch @@ -1,4 +1,4 @@ -From 80e6070bcdfe636b103a13598e6c38ad0d0e7624 Mon Sep 17 00:00:00 2001 +From 6cdf82af2eba312b9b8da86dda28b98d3d51f4d4 Mon Sep 17 00:00:00 2001 From: Stephen Arnold <sarnold@vctlabs.com> Date: Sun, 12 Jun 2016 18:09:56 -0700 Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment @@ -10,10 +10,10 @@ Upstream-Status: Pending 1 file changed, 4 deletions(-) diff --git a/configure b/configure -index dad4fc59..685bbe5e 100755 +index a766017b..72f11aca 100755 --- a/configure +++ b/configure -@@ -5971,10 +5971,6 @@ write_c_skeleton +@@ -6085,10 +6085,6 @@ write_c_skeleton if test "$gcov" = "yes" ; then CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch index a42385530..0810ae84c 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch @@ -1,4 +1,4 @@ -From ad853601e75f6d0dd09672bcca05fbe4fac766a4 Mon Sep 17 00:00:00 2001 +From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001 From: Alistair Francis <alistair.francis@xilinx.com> Date: Thu, 21 Dec 2017 11:35:16 -0800 Subject: [PATCH] chardev: connect socket to a spawned command @@ -52,10 +52,10 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> 3 files changed, 109 insertions(+) diff --git a/chardev/char-socket.c b/chardev/char-socket.c -index 7ca5d97a..207fae4a 100644 +index 185fe38d..54fa4234 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c -@@ -1278,6 +1278,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock, +@@ -1288,6 +1288,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock, return true; } @@ -123,7 +123,7 @@ index 7ca5d97a..207fae4a 100644 static void qmp_chardev_open_socket(Chardev *chr, ChardevBackend *backend, -@@ -1286,6 +1347,9 @@ static void qmp_chardev_open_socket(Chardev *chr, +@@ -1296,6 +1357,9 @@ static void qmp_chardev_open_socket(Chardev *chr, { SocketChardev *s = SOCKET_CHARDEV(chr); ChardevSocket *sock = backend->u.socket.data; @@ -133,7 +133,7 @@ index 7ca5d97a..207fae4a 100644 bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; bool is_listen = sock->has_server ? sock->server : true; bool is_telnet = sock->has_telnet ? sock->telnet : false; -@@ -1351,6 +1415,14 @@ static void qmp_chardev_open_socket(Chardev *chr, +@@ -1361,6 +1425,14 @@ static void qmp_chardev_open_socket(Chardev *chr, update_disconnected_filename(s); @@ -148,7 +148,7 @@ index 7ca5d97a..207fae4a 100644 if (s->is_listen) { if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, is_waitconnect, errp) < 0) { -@@ -1370,9 +1442,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, +@@ -1380,9 +1452,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, const char *host = qemu_opt_get(opts, "host"); const char *port = qemu_opt_get(opts, "port"); const char *fd = qemu_opt_get(opts, "fd"); @@ -175,7 +175,7 @@ index 7ca5d97a..207fae4a 100644 if ((!!path + !!fd + !!host) != 1) { error_setg(errp, "Exactly one of 'path', 'fd' or 'host' required"); -@@ -1415,12 +1504,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, +@@ -1425,12 +1514,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); diff --git a/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch index b50e8c254..89baad9b7 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch @@ -1,4 +1,4 @@ -From f51e49e7d7d87b7254242b7360f99c2df94a5a2d Mon Sep 17 00:00:00 2001 +From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Tue, 26 Feb 2013 11:43:28 -0500 Subject: [PATCH] apic: fixup fallthrough to PIC @@ -30,7 +30,7 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/apic.c b/hw/intc/apic.c -index bce89911..df4b582e 100644 +index 2a74f7b4..4d5da365 100644 --- a/hw/intc/apic.c +++ b/hw/intc/apic.c @@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev) diff --git a/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch index e562f25be..30bb4ddf2 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch @@ -1,4 +1,4 @@ -From 25a064f91f73630e5dff2a6aeb23d953c469cea6 Mon Sep 17 00:00:00 2001 +From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 From: Alistair Francis <alistair.francis@xilinx.com> Date: Wed, 17 Jan 2018 10:51:49 -0800 Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target @@ -19,15 +19,15 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/main.c b/linux-user/main.c -index 8ffc5251..4067e739 100644 +index 6ff7851e..ebff0485 100644 --- a/linux-user/main.c +++ b/linux-user/main.c -@@ -77,7 +77,7 @@ int have_guest_base; +@@ -78,7 +78,7 @@ int have_guest_base; (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) /* There are a number of places where we assign reserved_va to a variable of type abi_ulong and expect it to fit. Avoid the last page. */ --# define MAX_RESERVED_VA (0xfffffffful & TARGET_PAGE_MASK) -+# define MAX_RESERVED_VA (0x7ffffffful & TARGET_PAGE_MASK) +-# define MAX_RESERVED_VA(CPU) (0xfffffffful & TARGET_PAGE_MASK) ++# define MAX_RESERVED_VA(CPU) (0x7ffffffful & TARGET_PAGE_MASK) # else - # define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS) + # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) # endif diff --git a/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch index 4072d9455..7e273eece 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch @@ -1,4 +1,4 @@ -From b633b9a1813fcd715dce44659a89293f1c64ae8c Mon Sep 17 00:00:00 2001 +From 613166007e3b852c99caf2cd34a972e2c8460737 Mon Sep 17 00:00:00 2001 From: Martin Jansa <martin.jansa@lge.com> Date: Fri, 1 Jun 2018 08:41:07 +0000 Subject: [PATCH] Fix webkitgtk builds @@ -18,6 +18,7 @@ This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. Upstream-Status: Pending Signed-off-by: Alistair Francis <alistair.francis@wdc.com> + --- include/exec/cpu-all.h | 6 +----- include/exec/cpu_ldst.h | 5 ++++- @@ -26,7 +27,7 @@ Signed-off-by: Alistair Francis <alistair.francis@wdc.com> 4 files changed, 10 insertions(+), 23 deletions(-) diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h -index 536ea58f81..4c63a6a2e4 100644 +index e96781a4..a369f81a 100644 --- a/include/exec/cpu-all.h +++ b/include/exec/cpu-all.h @@ -162,12 +162,8 @@ extern unsigned long guest_base; @@ -44,7 +45,7 @@ index 536ea58f81..4c63a6a2e4 100644 #include "exec/hwaddr.h" diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h -index 9151fdb042..cb2b8f329f 100644 +index fd499f7e..30575f60 100644 --- a/include/exec/cpu_ldst.h +++ b/include/exec/cpu_ldst.h @@ -65,7 +65,10 @@ typedef uint64_t abi_ptr; @@ -60,7 +61,7 @@ index 9151fdb042..cb2b8f329f 100644 #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 46a6e3a761..7735465462 100644 +index 46a6e3a7..77354654 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -78,7 +78,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot) @@ -110,10 +111,10 @@ index 46a6e3a761..7735465462 100644 if (flags & MREMAP_FIXED) { diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 8b41a03901..bc5d85de02 100644 +index 171c0cae..fc18f244 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -4031,9 +4031,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, +@@ -4138,9 +4138,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, return -TARGET_EINVAL; } } @@ -123,7 +124,7 @@ index 8b41a03901..bc5d85de02 100644 mmap_lock(); -@@ -6881,7 +6878,7 @@ static int open_self_maps(void *cpu_env, int fd) +@@ -6990,7 +6987,7 @@ static int open_self_maps(void *cpu_env, int fd) } if (h2g_valid(min)) { int flags = page_get_flags(h2g(min)); @@ -132,6 +133,3 @@ index 8b41a03901..bc5d85de02 100644 if (page_check_range(h2g(min), max - min, flags) == -1) { continue; } --- -2.22.0 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch index a8ab7daa4..34df78b7f 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch @@ -1,7 +1,7 @@ -From 5214dd4461f2090ef0965b4d2518f49927d61cbc Mon Sep 17 00:00:00 2001 +From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001 From: He Zhe <zhe.he@windriver.com> Date: Wed, 28 Aug 2019 19:56:28 +0800 -Subject: [Qemu-devel] [PATCH] configure: Add pkg-config handling for libgcrypt +Subject: [PATCH] configure: Add pkg-config handling for libgcrypt libgcrypt may also be controlled by pkg-config, this patch adds pkg-config handling for libgcrypt. @@ -9,12 +9,13 @@ handling for libgcrypt. Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] Signed-off-by: He Zhe <zhe.he@windriver.com> + --- configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/configure b/configure -index e44e454..0f362a7 100755 +index 72f11aca..cac271ce 100755 --- a/configure +++ b/configure @@ -2875,6 +2875,30 @@ has_libgcrypt() { @@ -48,7 +49,7 @@ index e44e454..0f362a7 100755 if test "$nettle" != "no"; then pass="no" -@@ -2902,7 +2926,14 @@ fi +@@ -2915,7 +2939,14 @@ fi if test "$gcrypt" != "no"; then pass="no" @@ -64,7 +65,7 @@ index e44e454..0f362a7 100755 gcrypt_cflags=$(libgcrypt-config --cflags) gcrypt_libs=$(libgcrypt-config --libs) # Debian has removed -lgpg-error from libgcrypt-config -@@ -2912,15 +2943,16 @@ if test "$gcrypt" != "no"; then +@@ -2925,15 +2956,16 @@ if test "$gcrypt" != "no"; then then gcrypt_libs="$gcrypt_libs -lgpg-error" fi @@ -88,6 +89,3 @@ index e44e454..0f362a7 100755 if test "$pass" = "yes"; then gcrypt="yes" cat > $TMPC << EOF --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/0011-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch new file mode 100644 index 000000000..2fe0850a3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0011-hw-i386-pc-fix-regression-in-parsing-vga-cmdline-par.patch @@ -0,0 +1,54 @@ +From a88c40f02ace88f09b2a85a64831b277b2ebc88c Mon Sep 17 00:00:00 2001 +From: Peter Wu <peter@lekensteyn.nl> +Date: Sat, 21 Dec 2019 17:21:24 +0100 +Subject: [PATCH] hw/i386/pc: fix regression in parsing vga cmdline parameter + +When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0 +would refuse to start with a rather cryptic message: + + $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet' + qemu: can't parse 'vga' parameter: Invalid argument + +It was not clear whether this applied to the '-vga std' parameter or the +'-append' one. Fix the parsing regression and clarify the error. + +Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()") +Cc: Sergio Lopez <slp@redhat.com> +Signed-off-by: Peter Wu <peter@lekensteyn.nl> +Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl> +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a88c40f02ace88f09b2a85a64831b277b2ebc88c] +--- + hw/i386/x86.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hw/i386/x86.c b/hw/i386/x86.c +index d8bb5c2a96..9b9a4d5837 100644 +--- a/hw/i386/x86.c ++++ b/hw/i386/x86.c +@@ -612,6 +612,7 @@ void x86_load_linux(X86MachineState *x86ms, + vmode = strstr(kernel_cmdline, "vga="); + if (vmode) { + unsigned int video_mode; ++ const char *end; + int ret; + /* skip "vga=" */ + vmode += 4; +@@ -622,10 +623,9 @@ void x86_load_linux(X86MachineState *x86ms, + } else if (!strncmp(vmode, "ask", 3)) { + video_mode = 0xfffd; + } else { +- ret = qemu_strtoui(vmode, NULL, 0, &video_mode); +- if (ret != 0) { +- fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n", +- strerror(-ret)); ++ ret = qemu_strtoui(vmode, &end, 0, &video_mode); ++ if (ret != 0 || (*end && *end != ' ')) { ++ fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n"); + exit(1); + } + } +-- +2.25.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0010-fix-libcap-header-issue-on-some-distro.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch index 3a7d7bbd3..3a7d7bbd3 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0010-fix-libcap-header-issue-on-some-distro.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch diff --git a/poky/meta/recipes-devtools/qemu/qemu/0011-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch index e5ebfc126..e5ebfc126 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0011-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch deleted file mode 100644 index f1655e407..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch +++ /dev/null @@ -1,108 +0,0 @@ -From de594e47659029316bbf9391efb79da0a1a08e08 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Wed, 14 Aug 2019 17:35:21 +0530 -Subject: [PATCH] scsi: lsi: exit infinite loop while executing script - (CVE-2019-12068) - -When executing script in lsi_execute_script(), the LSI scsi adapter -emulator advances 's->dsp' index to read next opcode. This can lead -to an infinite loop if the next opcode is empty. Move the existing -loop exit after 10k iterations so that it covers no-op opcodes as -well. - -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08] -CVE: CVE-2019-12068 - -Reported-by: Bugs SysSec <bugs-syssec@rub.de> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - hw/scsi/lsi53c895a.c | 41 +++++++++++++++++++++++++++-------------- - 1 file changed, 27 insertions(+), 14 deletions(-) - -diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c -index 222a286..ec53b14 100644 ---- a/hw/scsi/lsi53c895a.c -+++ b/hw/scsi/lsi53c895a.c -@@ -186,6 +186,9 @@ static const char *names[] = { - /* Flag set if this is a tagged command. */ - #define LSI_TAG_VALID (1 << 16) - -+/* Maximum instructions to process. */ -+#define LSI_MAX_INSN 10000 -+ - typedef struct lsi_request { - SCSIRequest *req; - uint32_t tag; -@@ -1133,7 +1136,21 @@ static void lsi_execute_script(LSIState *s) - - s->istat1 |= LSI_ISTAT1_SRUN; - again: -- insn_processed++; -+ if (++insn_processed > LSI_MAX_INSN) { -+ /* Some windows drivers make the device spin waiting for a memory -+ location to change. If we have been executed a lot of code then -+ assume this is the case and force an unexpected device disconnect. -+ This is apparently sufficient to beat the drivers into submission. -+ */ -+ if (!(s->sien0 & LSI_SIST0_UDC)) { -+ qemu_log_mask(LOG_GUEST_ERROR, -+ "lsi_scsi: inf. loop with UDC masked"); -+ } -+ lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); -+ lsi_disconnect(s); -+ trace_lsi_execute_script_stop(); -+ return; -+ } - insn = read_dword(s, s->dsp); - if (!insn) { - /* If we receive an empty opcode increment the DSP by 4 bytes -@@ -1570,19 +1587,7 @@ again: - } - } - } -- if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) { -- /* Some windows drivers make the device spin waiting for a memory -- location to change. If we have been executed a lot of code then -- assume this is the case and force an unexpected device disconnect. -- This is apparently sufficient to beat the drivers into submission. -- */ -- if (!(s->sien0 & LSI_SIST0_UDC)) { -- qemu_log_mask(LOG_GUEST_ERROR, -- "lsi_scsi: inf. loop with UDC masked"); -- } -- lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); -- lsi_disconnect(s); -- } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { -+ if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { - if (s->dcntl & LSI_DCNTL_SSM) { - lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); - } else { -@@ -1970,6 +1975,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) - case 0x2f: /* DSP[24:31] */ - s->dsp &= 0x00ffffff; - s->dsp |= val << 24; -+ /* -+ * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one -+ * instruction. Is this correct? -+ */ - if ((s->dmode & LSI_DMODE_MAN) == 0 - && (s->istat1 & LSI_ISTAT1_SRUN) == 0) - lsi_execute_script(s); -@@ -1988,6 +1997,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) - break; - case 0x3b: /* DCNTL */ - s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); -+ /* -+ * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one -+ * instruction. Is this correct? -+ */ - if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) - lsi_execute_script(s); - break; --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11102.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11102.patch new file mode 100644 index 000000000..e8f3e1dbd --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11102.patch @@ -0,0 +1,148 @@ +From 8ffb7265af64ec81748335ec8f20e7ab542c3850 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Tue, 24 Mar 2020 22:57:22 +0530 +Subject: [PATCH] net: tulip: check frame size and r/w data length + +Tulip network driver while copying tx/rx buffers does not check +frame size against r/w data length. This may lead to OOB buffer +access. Add check to avoid it. + +Limit iterations over descriptors to avoid potential infinite +loop issue in tulip_xmit_list_update. + +Reported-by: Li Qiang <pangpei.lq@antfin.com> +Reported-by: Ziming Zhang <ezrakiez@gmail.com> +Reported-by: Jason Wang <jasowang@redhat.com> +Tested-by: Li Qiang <liq3ea@gmail.com> +Reviewed-by: Li Qiang <liq3ea@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850] +CVE: CVE-2020-11102 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + hw/net/tulip.c | 36 +++++++++++++++++++++++++++--------- + 1 file changed, 27 insertions(+), 9 deletions(-) + +diff --git a/hw/net/tulip.c b/hw/net/tulip.c +index cfac271..1295f51 100644 +--- a/hw/net/tulip.c ++++ b/hw/net/tulip.c +@@ -170,6 +170,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc) + } else { + len = s->rx_frame_len; + } ++ ++ if (s->rx_frame_len + len > sizeof(s->rx_frame)) { ++ return; ++ } + pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame + + (s->rx_frame_size - s->rx_frame_len), len); + s->rx_frame_len -= len; +@@ -181,6 +185,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc) + } else { + len = s->rx_frame_len; + } ++ ++ if (s->rx_frame_len + len > sizeof(s->rx_frame)) { ++ return; ++ } + pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame + + (s->rx_frame_size - s->rx_frame_len), len); + s->rx_frame_len -= len; +@@ -227,7 +235,8 @@ static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size) + + trace_tulip_receive(buf, size); + +- if (size < 14 || size > 2048 || s->rx_frame_len || tulip_rx_stopped(s)) { ++ if (size < 14 || size > sizeof(s->rx_frame) - 4 ++ || s->rx_frame_len || tulip_rx_stopped(s)) { + return 0; + } + +@@ -275,7 +284,6 @@ static ssize_t tulip_receive_nc(NetClientState *nc, + return tulip_receive(qemu_get_nic_opaque(nc), buf, size); + } + +- + static NetClientInfo net_tulip_info = { + .type = NET_CLIENT_DRIVER_NIC, + .size = sizeof(NICState), +@@ -558,7 +566,7 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc) + if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) { + /* Internal or external Loopback */ + tulip_receive(s, s->tx_frame, s->tx_frame_len); +- } else { ++ } else if (s->tx_frame_len <= sizeof(s->tx_frame)) { + qemu_send_packet(qemu_get_queue(s->nic), + s->tx_frame, s->tx_frame_len); + } +@@ -570,23 +578,31 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc) + } + } + +-static void tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc) ++static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc) + { + int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK; + int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK; + ++ if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) { ++ return -1; ++ } + if (len1) { + pci_dma_read(&s->dev, desc->buf_addr1, + s->tx_frame + s->tx_frame_len, len1); + s->tx_frame_len += len1; + } + ++ if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) { ++ return -1; ++ } + if (len2) { + pci_dma_read(&s->dev, desc->buf_addr2, + s->tx_frame + s->tx_frame_len, len2); + s->tx_frame_len += len2; + } + desc->status = (len1 + len2) ? 0 : 0x7fffffff; ++ ++ return 0; + } + + static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n) +@@ -651,13 +667,15 @@ static uint32_t tulip_ts(TULIPState *s) + + static void tulip_xmit_list_update(TULIPState *s) + { ++#define TULIP_DESC_MAX 128 ++ uint8_t i = 0; + struct tulip_descriptor desc; + + if (tulip_ts(s) != CSR5_TS_SUSPENDED) { + return; + } + +- for (;;) { ++ for (i = 0; i < TULIP_DESC_MAX; i++) { + tulip_desc_read(s, s->current_tx_desc, &desc); + tulip_dump_tx_descriptor(s, &desc); + +@@ -675,10 +693,10 @@ static void tulip_xmit_list_update(TULIPState *s) + s->tx_frame_len = 0; + } + +- tulip_copy_tx_buffers(s, &desc); +- +- if (desc.control & TDES1_LS) { +- tulip_tx(s, &desc); ++ if (!tulip_copy_tx_buffers(s, &desc)) { ++ if (desc.control & TDES1_LS) { ++ tulip_tx(s, &desc); ++ } + } + } + tulip_desc_write(s, s->current_tx_desc, &desc); +-- +1.8.3.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch new file mode 100644 index 000000000..ca7ffed93 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-11869.patch @@ -0,0 +1,97 @@ +From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001 +From: BALATON Zoltan <balaton@eik.bme.hu> +Date: Mon, 6 Apr 2020 22:34:26 +0200 +Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash + +In some corner cases (that never happen during normal operation but a +malicious guest could program wrong values) pixman functions were +called with parameters that result in a crash. Fix this and add more +checks to disallow such cases. + +Reported-by: Ziming Zhang <ezrakiez@gmail.com> +Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> +Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7] +CVE: CVE-2020-11869 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++----------- + 1 file changed, 26 insertions(+), 11 deletions(-) + +diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c +index 42e8231..23a8ae0 100644 +--- a/hw/display/ati_2d.c ++++ b/hw/display/ati_2d.c +@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s) + s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds), + surface_bits_per_pixel(ds), + (s->regs.dp_mix & GMC_ROP3_MASK) >> 16); +- int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? +- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); +- int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? +- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); ++ unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width); ++ unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height); + int bpp = ati_bpp_from_datatype(s); ++ if (!bpp) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n"); ++ return; ++ } + int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch; ++ if (!dst_stride) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n"); ++ return; ++ } + uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? + s->regs.dst_offset : s->regs.default_offset); + +@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s) + switch (s->regs.dp_mix & GMC_ROP3_MASK) { + case ROP3_SRCCOPY: + { +- int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? +- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); +- int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? +- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); ++ unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width); ++ unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height); + int src_stride = DEFAULT_CNTL ? + s->regs.src_pitch : s->regs.default_pitch; ++ if (!src_stride) { ++ qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n"); ++ return; ++ } + uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ? + s->regs.src_offset : s->regs.default_offset); + +@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s) + dst_y * surface_stride(ds), + s->regs.dst_height * surface_stride(ds)); + } +- s->regs.dst_x += s->regs.dst_width; +- s->regs.dst_y += s->regs.dst_height; ++ s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? ++ dst_x + s->regs.dst_width : dst_x); ++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ dst_y + s->regs.dst_height : dst_y); + break; + } + case ROP3_PATCOPY: +@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s) + dst_y * surface_stride(ds), + s->regs.dst_height * surface_stride(ds)); + } +- s->regs.dst_y += s->regs.dst_height; ++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? ++ dst_y + s->regs.dst_height : dst_y); + break; + } + default: +-- +1.8.3.1 diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch new file mode 100644 index 000000000..aa7bc8232 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch @@ -0,0 +1,64 @@ +From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001 +From: Felipe Franciosi <felipe@nutanix.com> +Date: Thu, 23 Jan 2020 12:44:59 +0000 +Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) + +When querying an iSCSI server for the provisioning status of blocks (via +GET LBA STATUS), Qemu only validates that the response descriptor zero's +LBA matches the one requested. Given the SCSI spec allows servers to +respond with the status of blocks beyond the end of the LUN, Qemu may +have its heap corrupted by clearing/setting too many bits at the end of +its allocmap for the LUN. + +A malicious guest in control of the iSCSI server could carefully program +Qemu's heap (by selectively setting the bitmap) and then smash it. + +This limits the number of bits that iscsi_co_block_status() will try to +update in the allocmap so it can't overflow the bitmap. + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc] +CVE: CVE-2020-1711 + +Fixes: CVE-2020-1711 +Cc: qemu-stable@nongnu.org +Signed-off-by: Felipe Franciosi <felipe@nutanix.com> +Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com> +Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com> +Signed-off-by: Kevin Wolf <kwolf@redhat.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + block/iscsi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/iscsi.c b/block/iscsi.c +index 2aea7e3..cbd5729 100644 +--- a/block/iscsi.c ++++ b/block/iscsi.c +@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + struct scsi_get_lba_status *lbas = NULL; + struct scsi_lba_status_descriptor *lbasd = NULL; + struct IscsiTask iTask; +- uint64_t lba; ++ uint64_t lba, max_bytes; + int ret; + + iscsi_co_init_iscsitask(iscsilun, &iTask); +@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + } + + lba = offset / iscsilun->block_size; ++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; + + qemu_mutex_lock(&iscsilun->mutex); + retry: +@@ -764,7 +765,7 @@ retry: + goto out_unlock; + } + +- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; ++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); + + if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || + lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { +-- +1.8.3.1 diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch new file mode 100644 index 000000000..df6bca6db --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch @@ -0,0 +1,44 @@ +From b2663d527a1992ba98c0266458b21ada3b9d0d2e Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Feb 2020 12:07:35 +0800 +Subject: [PATCH] tcp_emu: Fix oob access + +The main loop only checks for one available byte, while we sometimes +need two bytes. + +CVE: CVE-2020-7039 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + slirp/src/tcp_subr.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c +index d6dd133..4bea2d4 100644 +--- a/slirp/src/tcp_subr.c ++++ b/slirp/src/tcp_subr.c +@@ -886,6 +886,8 @@ int tcp_emu(struct socket *so, struct mbuf *m) + break; + + case 5: ++ if (bptr == m->m_data + m->m_len - 1) ++ return 1; /* We need two bytes */ + /* + * The difference between versions 1.0 and + * 2.0 is here. For future versions of +@@ -901,6 +903,10 @@ int tcp_emu(struct socket *so, struct mbuf *m) + /* This is the field containing the port + * number that RA-player is listening to. + */ ++ ++ if (bptr == m->m_data + m->m_len - 1) ++ return 1; /* We need two bytes */ ++ + lport = (((uint8_t *)bptr)[0] << 8) + ((uint8_t *)bptr)[1]; + if (lport < 6970) + lport += 256; /* don't know why */ +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch new file mode 100644 index 000000000..4a00fa2af --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch @@ -0,0 +1,59 @@ +From 8f67e76e4148e37f3d8d2bcbdee7417fdedb7669 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Feb 2020 12:10:34 +0800 +Subject: [PATCH] slirp: use correct size while emulating commands + +While emulating services in tcp_emu(), it uses 'mbuf' size +'m->m_size' to write commands via snprintf(3). Use M_FREEROOM(m) +size to avoid possible OOB access. +Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Samuel Thibault's avatarSamuel Thibault +<samuel.thibault@ens-lyon.org> +Message-Id: <20200109094228.79764-3-ppandit@redhat.com> + +CVE: CVE-2020-7039 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + slirp/src/tcp_subr.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c +index 4bea2d4..e8ed4ef 100644 +--- a/slirp/src/tcp_subr.c ++++ b/slirp/src/tcp_subr.c +@@ -696,7 +696,7 @@ int tcp_emu(struct socket *so, struct mbuf *m) + n4 = (laddr & 0xff); + + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size - m->m_len, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "ORT %d,%d,%d,%d,%d,%d\r\n%s", n1, n2, n3, n4, + n5, n6, x == 7 ? buff : ""); + return 1; +@@ -731,8 +731,7 @@ int tcp_emu(struct socket *so, struct mbuf *m) + n4 = (laddr & 0xff); + + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += +- snprintf(bptr, m->m_size - m->m_len, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), + "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s", + n1, n2, n3, n4, n5, n6, x == 7 ? buff : ""); + +@@ -758,8 +757,8 @@ int tcp_emu(struct socket *so, struct mbuf *m) + if (m->m_data[m->m_len - 1] == '\0' && lport != 0 && + (so = tcp_listen(slirp, INADDR_ANY, 0, so->so_laddr.s_addr, + htons(lport), SS_FACCEPTONCE)) != NULL) +- m->m_len = +- snprintf(m->m_data, m->m_size, "%d", ntohs(so->so_fport)) + 1; ++ m->m_len = snprintf(m->m_data, M_ROOM(m), ++ "%d", ntohs(so->so_fport)) + 1; + return 1; + + case EMU_IRC: +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch new file mode 100644 index 000000000..70ce480d8 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch @@ -0,0 +1,64 @@ +From 0b03959b72036afce151783720d9e54988cf76ef Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Feb 2020 12:15:04 +0800 +Subject: [PATCH] slirp: use correct size while emulating IRC commands + +While emulating IRC DCC commands, tcp_emu() uses 'mbuf' size +'m->m_size' to write DCC commands via snprintf(3). This may +lead to OOB write access, because 'bptr' points somewhere in +the middle of 'mbuf' buffer, not at the start. Use M_FREEROOM(m) +size to avoid OOB access. +Reported-by: default avatarVishnu Dev TJ <vishnudevtj@gmail.com> +Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Samuel Thibault's avatarSamuel Thibault +<samuel.thibault@ens-lyon.org> +Message-Id: <20200109094228.79764-2-ppandit@redhat.com> + +CVE: CVE-2020-7039 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + slirp/src/tcp_subr.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/slirp/src/tcp_subr.c b/slirp/src/tcp_subr.c +index e8ed4ef..3a4a8ee 100644 +--- a/slirp/src/tcp_subr.c ++++ b/slirp/src/tcp_subr.c +@@ -777,7 +777,8 @@ int tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += snprintf(bptr, m->m_size, "DCC CHAT chat %lu %u%c\n", ++ m->m_len += snprintf(bptr, M_FREEROOM(m), ++ "DCC CHAT chat %lu %u%c\n", + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), 1); + } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, +@@ -787,8 +788,8 @@ int tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += +- snprintf(bptr, m->m_size, "DCC SEND %s %lu %u %u%c\n", buff, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), ++ "DCC SEND %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); + } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, +@@ -798,8 +799,8 @@ int tcp_emu(struct socket *so, struct mbuf *m) + return 1; + } + m->m_len = bptr - m->m_data; /* Adjust length */ +- m->m_len += +- snprintf(bptr, m->m_size, "DCC MOVE %s %lu %u %u%c\n", buff, ++ m->m_len += snprintf(bptr, M_FREEROOM(m), ++ "DCC MOVE %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); + } +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch new file mode 100644 index 000000000..11be4c92e --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-7211.patch @@ -0,0 +1,46 @@ +From 14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Mon, 13 Jan 2020 17:44:31 +0530 +Subject: [PATCH] slirp: tftp: restrict relative path access + +tftp restricts relative or directory path access on Linux systems. +Apply same restrictions on Windows systems too. It helps to avoid +directory traversal issue. + +Fixes: https://bugs.launchpad.net/qemu/+bug/1812451 +Reported-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> +Message-Id: <20200113121431.156708-1-ppandit@redhat.com> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/slirp/libslirp/-/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4.patch] +CVE: CVE-2020-7211 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + slirp/src/tftp.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/slirp/src/tftp.c b/slirp/src/tftp.c +index 093c2e0..e52e71b 100644 +--- a/slirp/src/tftp.c ++++ b/slirp/src/tftp.c +@@ -344,8 +344,13 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas, + k += 6; /* skipping octet */ + + /* do sanity checks on the filename */ +- if (!strncmp(req_fname, "../", 3) || +- req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) { ++ if ( ++#ifdef G_OS_WIN32 ++ strstr(req_fname, "..\\") || ++ req_fname[strlen(req_fname) - 1] == '\\' || ++#endif ++ strstr(req_fname, "../") || ++ req_fname[strlen(req_fname) - 1] == '/') { + tftp_send_error(spt, 2, "Access violation", tp); + return; + } +-- +2.24.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/run-ptest b/poky/meta/recipes-devtools/qemu/qemu/run-ptest index 2206b3192..b25a792d4 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/run-ptest +++ b/poky/meta/recipes-devtools/qemu/qemu/run-ptest @@ -7,4 +7,4 @@ ptestdir=$(dirname "$(readlink -f "$0")") export SRC_PATH=$ptestdir cd $ptestdir/tests -make -f Makefile.include -k runtest-TESTS | sed '/: OK/ s/^/PASS: /g' +make -f Makefile.include -k runtest-TESTS | sed '/^ok /s/ok /PASS: /g' diff --git a/poky/meta/recipes-devtools/qemu/qemu_4.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu_4.2.0.bb index f0c1daabe..a4018cc44 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_4.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_4.2.0.bb @@ -21,5 +21,8 @@ do_install_append_class-nativesdk() { PACKAGECONFIG ??= " \ fdt sdl kvm \ ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '' ,d)} \ +" +PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '' ,d)} \ " -PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm" |