From 706d5aacd7ab7b37c00df1a1b210e4ced06119e1 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Fri, 12 Feb 2021 15:55:30 -0600
Subject: Reset poky to before our libpam hacks

Things got a bit out of synch with openbmc-config due to the libpam
issues and the migration from the meta-* layers.

Revert the two previous commits and then put the latest poky in with the
libpam revert and get openbmc-config right again.

Revert "Revert "libpam: update 1.3.1 -> 1.5.1""

This reverts commit 87ddd3eab4df68e624b5350ccaab28b3b97547c0.

Revert "poky: subtree update:796be0593a..10c69538c0"

This reverts commit c723b72979bfac6362509cf1fe086900f6641f28.

Change-Id: I3a1f405193aee6a21fe0cd24be9927c143a23d9a
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
---
 poky/meta/recipes-devtools/qemu/qemu.inc           |  3 --
 .../qemu/qemu/CVE-2020-25723.patch                 | 51 ----------------------
 .../qemu/qemu/CVE-2020-28916.patch                 | 49 ---------------------
 3 files changed, 103 deletions(-)
 delete mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
 delete mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch

(limited to 'poky/meta/recipes-devtools/qemu')

diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 4864d7e93c..274c855d35 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -35,8 +35,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2020-24352.patch \
            file://CVE-2020-29129-CVE-2020-29130.patch \
            file://CVE-2020-25624.patch \
-           file://CVE-2020-25723.patch \
-           file://CVE-2020-28916.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -190,7 +188,6 @@ PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd,ceph,ceph"
 PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,,"
 PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust,"
 PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,,"
-PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
 
 INSANE_SKIP_${PN} = "arch"
 
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
deleted file mode 100644
index 90b3a2f41c..0000000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 2fdb42d840400d58f2e706ecca82c142b97bcbd6 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@163.com>
-Date: Wed, 12 Aug 2020 09:17:27 -0700
-Subject: [PATCH] hw: ehci: check return value of 'usb_packet_map'
-
-If 'usb_packet_map' fails, we should stop to process the usb
-request.
-
-Signed-off-by: Li Qiang <liq3ea@163.com>
-Message-Id: <20200812161727.29412-1-liq3ea@163.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Upstream-Status: Backport
-CVE: CVE-2020-25723
-[https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6]
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- hw/usb/hcd-ehci.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 1495e8f..1fbb02a 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1373,7 +1373,10 @@ static int ehci_execute(EHCIPacket *p, const char *action)
-         spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
-         usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
-                          (p->qtd.token & QTD_TOKEN_IOC) != 0);
--        usb_packet_map(&p->packet, &p->sgl);
-+        if (usb_packet_map(&p->packet, &p->sgl)) {
-+            qemu_sglist_destroy(&p->sgl);
-+            return -1;
-+        }
-         p->async = EHCI_ASYNC_INITIALIZED;
-     }
- 
-@@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci,
-             if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
-                 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
-                                  (itd->transact[i] & ITD_XACT_IOC) != 0);
--                usb_packet_map(&ehci->ipacket, &ehci->isgl);
-+                if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
-+                    qemu_sglist_destroy(&ehci->isgl);
-+                    return -1;
-+                }
-                 usb_handle_packet(dev, &ehci->ipacket);
-                 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
-             } else {
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
deleted file mode 100644
index 5212196837..0000000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 11 Nov 2020 18:36:36 +0530
-Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null
-descriptor
-
-While receiving packets via e1000e_write_packet_to_guest() routine,
-'desc_offset' is advanced only when RX descriptor is processed. And
-RX descriptor is not processed if it has NULL buffer address.
-This may lead to an infinite loop condition. Increament 'desc_offset'
-to process next descriptor in the ring to avoid infinite loop.
-
-Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-
-Upstream-Status: Backport
-CVE: CVE-2020-28916
-[https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a]
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- hw/net/e1000e_core.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
-index bcd186c..d3e3cdc 100644
---- a/hw/net/e1000e_core.c
-+++ b/hw/net/e1000e_core.c
-@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
-                           (const char *) &fcs_pad, e1000x_fcs_len(core->mac));
-                 }
-             }
--            desc_offset += desc_size;
--            if (desc_offset >= total_size) {
--                is_last = true;
--            }
-         } else { /* as per intel docs; skip descriptors with null buf addr */
-             trace_e1000e_rx_null_descriptor();
-         }
-+        desc_offset += desc_size;
-+        if (desc_offset >= total_size) {
-+            is_last = true;
-+        }
- 
-         e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
-                            rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
--- 
-2.17.1
-
-- 
cgit v1.2.3