mirror of
https://git.yoctoproject.org/poky
synced 2026-04-16 15:32:13 +02:00
qemu: fix CVE-2018-20815
(From OE-Core rev: 0b73e48c64cb8e651c81b19ddabdd108e4024697) Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
committed by
Richard Purdie
Richard Purdie
parent
271c0c2dc1
commit
1eb6e018a3
@@ -31,6 +31,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
|
||||
file://0019-fix-CVE-2018-20216.patch \
|
||||
file://CVE-2019-3812.patch \
|
||||
file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
|
||||
file://CVE-2018-20815.patch \
|
||||
"
|
||||
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
|
||||
|
||||
|
||||
38
meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
Normal file
38
meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
Normal file
@@ -0,0 +1,38 @@
|
||||
From 8bb018af1a7f2b9965f872a4b1121864e73e1b61 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Maydell <peter.maydell@linaro.org>
|
||||
Date: Fri, 14 Dec 2018 13:30:52 +0000
|
||||
Subject: [PATCH] device_tree.c: Don't use load_image()
|
||||
|
||||
The load_image() function is deprecated, as it does not let the
|
||||
caller specify how large the buffer to read the file into is.
|
||||
Instead use load_image_size().
|
||||
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
|
||||
|
||||
Upstream-Status: Backport [https://github.com/qemu/qemu/commit/da885fe1ee8b4589047484bd7fa05a4905b52b17]
|
||||
CVE: CVE-2018-20815
|
||||
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
|
||||
---
|
||||
device_tree.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/device_tree.c b/device_tree.c
|
||||
index 6d9c9726f6..296278e12a 100644
|
||||
--- a/device_tree.c
|
||||
+++ b/device_tree.c
|
||||
@@ -91,7 +91,7 @@ void *load_device_tree(const char *filename_path, int *sizep)
|
||||
/* First allocate space in qemu for device tree */
|
||||
fdt = g_malloc0(dt_size);
|
||||
|
||||
- dt_file_load_size = load_image(filename_path, fdt);
|
||||
+ dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
|
||||
if (dt_file_load_size < 0) {
|
||||
error_report("Unable to open device tree file '%s'",
|
||||
filename_path);
|
||||
--
|
||||
2.17.1
|
||||
Reference in New Issue
Block a user