diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-07-23 20:09:54 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2021-07-28 20:22:04 +0300 |
| commit | 5f35090dc809872fb7b8f381c1ccf995b75f03a0 (patch) | |
| tree | 630551abdfa860e31458f442108bf4a3d91993d4 /poky/meta/recipes-devtools/qemu | |
| parent | 69721092c033f1c69060d2a5ae865f72a862e583 (diff) | |
| download | openbmc-5f35090dc809872fb7b8f381c1ccf995b75f03a0.tar.xz | |
poky: subtree update:2834c2f853..17aabc0127
Adam Romanek (3):
bitbake: fetch/git: run gc in foreground to avoid race with tar
bitbake: fetch2/s3: allow to use credentials from environment variables
own-mirrors: Add support for s3:// scheme in SOURCE_MIRROR_URL
Alexander Kanavin (44):
devtool upgrade: rebase override-only patches as well
cmake: update 3.20.3 -> 3.20.4
gnu-config: update to latest revision
bash: update 5.1 -> 5.1.8
dnf: updatee 4.7.0 -> 4.8.0
vulkan-samples: update to latest revision
bind: upgrade 9.16.16 -> 9.16.18
bluez5: upgrade 5.58 -> 5.59
dejagnu: upgrade 1.6.2 -> 1.6.3
libdnf: upgrade 0.63.0 -> 0.63.1
libpcre: upgrade 8.44 -> 8.45
libxi: upgrade 1.7.10 -> 1.7.99.2
mtools: upgrade 4.0.29 -> 4.0.31
python3-git: upgrade 3.1.17 -> 3.1.18
sqlite3: upgrade 3.35.5 -> 3.36.0
vte: upgrade 0.64.1 -> 0.64.2
x264: upgrade to latest revision
python3: apply test skipping patch unconditionally
pypi: set SRC_URI with _prepend, not with +=
man-pages: upgrade 5.11 -> 5.12
rt-tests: update 1.10 -> 2.1
python3-iniparse: update 0.4 -> 0.5
iputils: correct upstream version check
texinfo: update 6.7 -> 6.8
xserver-xorg: exclude development snapshots from upstream version checks
xwayland: exclude development snapshots from upstream version checks
devtool: correctly handle non-standard source tree locations in upgrades
llvm: make upgradable via devtool
xserver-xorg: update 1.20.11 -> 1.20.12
libmodulemd: update 2.12.1 -> 2.13.0
bluez5: upgrade 5.59 -> 5.60
createrepo-c: upgrade 0.17.3 -> 0.17.4
ethtool: upgrade 5.12 -> 5.13
gtk+3: upgrade 3.24.29 -> 3.24.30
harfbuzz: upgrade 2.8.1 -> 2.8.2
iproute2: upgrade 5.12.0 -> 5.13.0
libgit2: upgrade 1.1.0 -> 1.1.1
mpg123: upgrade 1.28.0 -> 1.28.2
mtools: upgrade 4.0.31 -> 4.0.32
ruby: upgrade 3.0.1 -> 3.0.2
stress-ng: upgrade 0.12.11 -> 0.12.12
webkitgtk: upgrade 2.32.1 -> 2.32.2
xwayland: upgrade 21.1.1 -> 21.1.2
tcl: fix upstream version check
Alexey Brodkin (3):
dpkg: Add ARC support
default-distrovars.inc: Remove seccomp for ARC
dhcpcd: add ARC support
Andreas Müller (4):
libdrm: upgrade 2.4.106 -> 2.4.107
mesa: upgrade 21.1.3 -> 21.1.4
pango: upgrade 1.48.5 -> 1.48.7
mesa: upgrade 21.1.4 -> 21.1.5
Andrej Valek (1):
busybox: add tmpdir option into mktemp applet
Armin Kuster (1):
maintainers.inc: remove myself as a Maintainer
Asfak Rahman (1):
openssh: Remove temporary keys before generating new ones
Bruce Ashfield (24):
linux-yocto/5.10: update to v5.10.46
linux-yocto/5.10: features/nft_tables: refresh config options
linux-yocto/5.4: update to v5.4.128
linux-yocto/5.10: rcu: Fix stall-warning deadlock due to non-release of rcu_node ->lock
linux-yocto/5.10: update to v5.10.47
linux-yocto/5.4: update to v5.4.129
linux-yocto/5.10: scsi-debug needs scsi-disk
linux-libc-headers: update to 5.13
kernel-devsrc: fix scripts/prepare for ARM64
kernel-devsrc: fix scripts prepare for powerpc
kernel-devsrc: powerpc64 add scripts prepare support
linux-yocto: introduce 5.13 recipes
linux-yocto/5.13: add devupstream support
linux-yocto-rt/5.13: integrate -rt1
linux-yocto: add vfat KERNEL_FEATURE when MACHINE_FEATURES include vfat
linux-yocto/5.10: update to v5.10.49
linux-yocto/5.4: update to v5.4.131
linux-yocto/5.13: update to v5.13.2
linux-yocto/5.10: update to v5.10.50
linux-yocto/5.4: update to v5.4.132
linux-yocto/5.13: update to v5.13.3
linux-yocto/5.13: update to v5.13.4
linux-yocto/5.10: update to v5.10.52
linux-yocto/5.4: update to v5.4.134
Changhyeok Bae (1):
iputils: Update to 20210202
Changqing Li (1):
boost-build-native: workaround one rarely hang problem on fedora34
Christoph Muellner (1):
ldconfig-native: Add RISC-V support
Damian Wrobel (1):
gobject-introspection: Fix the license (add MIT)
Denys Dmytriyenko (1):
bitbake: providers: replace newly added logger.warn() with logger.warning()
Fabio Berton (1):
lib/oe/package_manager: Don't ignore installation failures in install_complementary
Florian Amstutz (1):
devtool: deploy-target: Fix preserving attributes when using --strip
Jose Quaresma (3):
glslang: upgrade 11.4.0 -> 11.5.0
shaderc: upgrade 2021.0 -> 2021.1
spirv-tools: upgrade 2021.1 -> 2021.2
Joshua Watt (3):
ref-manual: Document BUILDHISTORY_PATH_PREFIX_STRIP
bitbake: bitbake: Add piping compression library
bitbake: server: Fix early parsing errors preventing zombie bitbake
Khem Raj (7):
glib-2.0: Fix signature of close_range
gnome-desktop-testing: Fix non-literal format string warning
util-linux: Disable chfn-chsh on non-target builds
libseccomp: Update to main branch
systemd: Fix libseccomp testcase involving __NR_ppoll
util-linux: Fix signature of close_range()
gpgme: Use glibc provided closefrom API when available
Lee Chee Yang (1):
qemu: fix CVE-2021-3527
Marek Vasut (2):
pulseaudio: Drop pulseaudio-conf
update-rc.d: update SRCREV to pull in fix for non-bash shell support
Mark Hatle (1):
populate_sdk_ext: Error if trying to generate an eSDK from a mulitconfig
Max Krummenacher (1):
xwayland: port packageconfig from xserver-xorg recipe
Michael Halstead (1):
releases: update to include 3.1.9
Michael Ho (1):
sstate.bbclass: fix errors about read-only sstate mirrors
Mike Crowe (1):
licence_image: Add lic-pkgs IMAGE_FEATURE
Mingli Yu (4):
pulseaudio: check if NEON code can be compiled on arm
perlcross: check the file if patched or not
perl: correct libpth and glibpth
parselogs.py: ignore rndr initialization failure
Patrick Williams (1):
docs: remove image-mklibs references
Paul Barker (1):
linux-yocto: Fix devupstream SRCREV assignment
Peter Bergin (1):
Revert "libubootenv: inherit uboot-config"
Quentin Schulz (1):
docs: replace remaining ``FOO`` by :term:`FOO`
Ralph Siemsen (1):
oeqa/manual/toaster: fix small typo
Richard Purdie (26):
package_pkgdata: Avoid task hash mismatches for generic task changes
selftest/fetch: Avoid occasional selftest failure from poor temp file name choice
kernel: Fix interaction when packaging disabled
kernel-devicetree: Fix interaction when packaging disabled
python3-pip/python3-pbr: Drop obsolete md5sum at upgrade
oeqa/selftest/runcmd: Tweal test timeouts
bash: Fix a rare make race build failure
sstate/staging: Handle directory creation race issue
oeqa/selftest/archiver: Allow tests to ignore empty directories
dwarfsrcfiles: Avoid races over debug-link files
oeqa/selftest/multiprocesslauch: Fix test race
runqemu: Remove potential lock races around tap device handling
glibc-testsuite: Fix build failures when directly running recipe
license: Drop adding RRECOMMENDS for license packages
report-error: Drop pointless inherit
pseudo: Add uninative configuration sanity check
pseudo: Update to latest version including statx fix
sstate: Drop pseudo exclusion
oeqa/qemurunner: Handle files no longer existing gracefully
python3: Add a fix for a make install race
Add README link to README.poky
README.OE-Core/README.qemu: Move to markdown format
bitbake: data_smart/parse: Allow ':' characters in variable/function names
zstd: Include pzstd in the build
buildtools-tarball: Add lz4 and ztsd (including pzstd)
build-appliance-image: Update to master head revision
Ross Burton (29):
glibc: backport MTE improvements from master
glibc: re-enable memory tagging
libgudev: fix SRC_URI
cantarell-fonts: fix SRC_URI
shadow: generate alternative links for chfn and chsh
util-linux: build chfn and chsh
util-linux: add missing ptest dependencies
util-linux: backport test suite fixes
util-linux: rewrite the ptest integration
glib-2.0: fix g-file-into modification time test
oeqa/selftest/recipetool: update socat version to fix failing download
parted: improve ptest execution
tcl: suffix all Tcl man pages instead of using alternatives
tcl: EXTRA_OECONF already passes --libdir, don't do it again
tcl: mark a patch as upstreamable
tcl: use tcl-core instead of patching out packages
tcl: use AUTOTOOLS_SCRIPT_PATH
tcl: remove redundant file creation
tcl: detect tests that error as well as fail
tcl: clock.test needs a timezone to be set
tcl: fix race in interp.test
parted: remove obsolete patch
parted: fix ptest RRECOMMENDS
busybox: support mounting swap via labels
meta: remove redundant ${libdir}/cmake from FILES_${PN}-dev
cups: update to 2.3.3op2
parted: skip tests that need vfat support
avahi: fix CVE-2021-36217, crash on pinging '.local'
parted: add device mappper PACKAGECONFIG
Sakib Sajal (3):
buildstats.bbclass: log host data on failure to task specific file
oe-time-dd-test.sh: add options and refactor
scripts/oe-time-dd-test.sh: run "uptime" on each iteration
Saul Wold (4):
qemurunner: Add info log for qemu startup
oeqa/qemurunner: add support qmp cmd args
oeqa/dump.py: Add support for QMP command arguments
testimage.bbclass: Add dump-guest-memory cmd
Scott Weaver (1):
meta-skeleton: update to satisfy yocto-check-layer tests
Tim Orling (6):
python3-importlib-metadata: upgrade 4.5.0 -> 4.6.0
python3-packaging: upgrade 20.9 -> 21.0
python3-hypothesis: upgrade 6.14.0 -> 6.14.1
python3-zipp: upgrade 3.4.1 -> 3.5.0
at-spi2-core: upgrade 2.40.2 -> 2.40.3
python3-hypothesis: upgrade 6.14.1 -> 6.14.3
Tony Tascioglu (1):
valgrind: skip flaky ptest fb_test_amd64
Trevor Gamblin (2):
python3-pip: upgrade 20.0.2 -> 21.1.2
python3-pip: add multiprocessing to RDEPENDS
Yi Zhao (1):
libffi: disable use of static exec trampolines
Zoltán Böszörményi (1):
tzdata: Allow controlling zoneinfo binary format
Zqiang (1):
ifupdown: Skip wrong test item
bkylerussell@gmail.com (1):
gstreamer: add libgst packages to PACKAGES_DYNAMIC
jbouchard (1):
Use the label provided when formating a dos partition
wangmy (19):
libcap: upgrade 2.50 -> 2.51
libhandy: upgrade 1.2.2 -> 1.2.3
libva: upgrade 2.11.0 -> 2.12.0
libxcrypt: upgrade 4.4.22 -> 4.4.23
python3-numpy: upgrade 1.20.3 -> 1.21.0
python3-pbr: upgrade 5.4.4 -> 5.6.0
cmake: upgrade 3.20.4 -> 3.20.5
gpgme: upgrade 1.15.1 -> 1.16.0
libglu: upgrade 9.0.1 -> 9.0.2
stress-ng: upgrade 0.12.10 -> 0.12.11
xf86-input-libinput: upgrade 1.0.1 -> 1.1.0
vulkan-headers: upgrade 1.2.176 -> 1.2.182
vulkan-loader: upgrade 1.2.176 -> 1.2.182
vulkan-tools: upgrade 1.2.176 -> 1.2.182
gnome-desktop-testing: upgrade 2018.1 -> 2021.1
python3-importlib-metadata: upgrade 4.6.0 -> 4.6.1
u-boot: upgrade 2021.04 -> 2021.07
python3-setuptools: upgrade 57.0.0 -> 57.1.0
btrfs-tools: upgrade 5.12.1 -> 5.13
zangrc (1):
python3-pip: upgrade 21.1.2 -> 21.1.3
zhengruoqin (3):
libffi: upgrade 3.3 -> 3.4.2
python3: upgrade 3.9.5 -> 3.9.6
python3-pathlib2: upgrade 2.3.5 -> 2.3.6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If493204235c3a1ce4e7fe65438168512d17a900e
Diffstat (limited to 'poky/meta/recipes-devtools/qemu')
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu.inc | 2 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch | 42 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch | 59 |
3 files changed, 103 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 6674936fef..33a8baea7f 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -37,6 +37,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch \ file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \ file://0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch \ + file://CVE-2021-3527-1.patch \ + file://CVE-2021-3527-2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch new file mode 100644 index 0000000000..77a5385692 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch @@ -0,0 +1,42 @@ +From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 3 May 2021 15:29:15 +0200 +Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527) + +usb-host and usb-redirect try to batch bulk transfers by combining many +small usb packets into a single, large transfer request, to reduce the +overhead and improve performance. + +This patch adds a size limit of 1 MiB for those combined packets to +restrict the host resources the guest can bind that way. + +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> + +Upstream-Status: Backport +https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c +CVE: CVE-2021-3527 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + hw/usb/combined-packet.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c +index 5d57e883dc..e56802f89a 100644 +--- a/hw/usb/combined-packet.c ++++ b/hw/usb/combined-packet.c +@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) + if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || + next == NULL || + /* Work around for Linux usbfs bulk splitting + migration */ +- (totalsize == (16 * KiB - 36) && p->int_req)) { ++ (totalsize == (16 * KiB - 36) && p->int_req) || ++ /* Next package may grow combined package over 1MiB */ ++ totalsize > 1 * MiB - ep->max_packet_size) { + usb_device_handle_data(ep->dev, first); + assert(first->status == USB_RET_ASYNC); + if (first->combined) { +-- +GitLab + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch new file mode 100644 index 0000000000..6371aced12 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch @@ -0,0 +1,59 @@ +From 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 3 May 2021 15:29:12 +0200 +Subject: [PATCH] usb/redir: avoid dynamic stack allocation (CVE-2021-3527) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use autofree heap allocation instead. + +Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket") +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-Id: <20210503132915.2335822-3-kraxel@redhat.com> + +Upstream-Status: Backport +https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 +CVE: CVE-2021-3527 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + hw/usb/redirect.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 17f06f3417..6a75b0dc4a 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, + .endpoint = ep, + .length = p->iov.size + }; +- uint8_t buf[p->iov.size]; ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); + /* No id, we look at the ep when receiving a status back */ + usb_packet_copy(p, buf, p->iov.size); + usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet, +@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p, + usbredirparser_send_bulk_packet(dev->parser, p->id, + &bulk_packet, NULL, 0); + } else { +- uint8_t buf[size]; ++ g_autofree uint8_t *buf = g_malloc(size); + usb_packet_copy(p, buf, size); + usbredir_log_data(dev, "bulk data out:", buf, size); + usbredirparser_send_bulk_packet(dev->parser, p->id, +@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev, + USBPacket *p, uint8_t ep) + { + struct usb_redir_interrupt_packet_header interrupt_packet; +- uint8_t buf[p->iov.size]; ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); + + DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep, + p->iov.size, p->id); +-- +GitLab + |