commit: df65719acd9be2df4ca8599231667aaab051f0a1 Author: Felix Janda <felix.janda <AT> posteo <DOT> de> AuthorDate: Sun Nov 9 20:20:34 2014 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Tue Nov 18 21:59:05 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=df65719a
app-emulation/qemu: bump to 2.1.2 Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> --- .../qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch | 50 ++++++++++++++++++++++ ...qemu-2.1.1-r99.ebuild => qemu-2.1.2-r99.ebuild} | 15 ++++--- 2 files changed, 59 insertions(+), 6 deletions(-) diff --git a/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch b/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch new file mode 100644 index 0000000..34f136f --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch @@ -0,0 +1,50 @@ +https://bugs.gentoo.org/527088 + +From e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Mon Sep 17 00:00:00 2001 +From: Petr Matousek <[email protected]> +Date: Mon, 27 Oct 2014 12:41:44 +0100 +Subject: [PATCH] vnc: sanitize bits_per_pixel from the client + +bits_per_pixel that are less than 8 could result in accessing +non-initialized buffers later in the code due to the expectation +that bytes_per_pixel value that is used to initialize these buffers is +never zero. + +To fix this check that bits_per_pixel from the client is one of the +values that the rfb protocol specification allows. + +This is CVE-2014-7815. + +Signed-off-by: Petr Matousek <[email protected]> + +[ kraxel: apply codestyle fix ] + +Signed-off-by: Gerd Hoffmann <[email protected]> +--- + ui/vnc.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 0fe6eff..8bca597 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs, + return; + } + ++ switch (bits_per_pixel) { ++ case 8: ++ case 16: ++ case 32: ++ break; ++ default: ++ vnc_client_error(vs); ++ return; ++ } ++ + vs->client_pf.rmax = red_max; + vs->client_pf.rbits = hweight_long(red_max); + vs->client_pf.rshift = red_shift; +-- +2.1.2 + diff --git a/app-emulation/qemu/qemu-2.1.1-r99.ebuild b/app-emulation/qemu/qemu-2.1.2-r99.ebuild similarity index 98% rename from app-emulation/qemu/qemu-2.1.1-r99.ebuild rename to app-emulation/qemu/qemu-2.1.2-r99.ebuild index 8509734..4a1c813 100644 --- a/app-emulation/qemu/qemu-2.1.1-r99.ebuild +++ b/app-emulation/qemu/qemu-2.1.2-r99.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.1.ebuild,v 1.4 2014/10/23 14:53:45 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.2-r1.ebuild,v 1.4 2014/11/08 18:09:33 ago Exp $ EAPI=5 @@ -21,7 +21,7 @@ else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 ${BACKPORTS:+ http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"; - KEYWORDS="amd64 x86" + KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -108,7 +108,7 @@ X86_FIRMWARE_DEPEND=" sys-firmware/sgabios sys-firmware/vgabios )" -RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) +CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) @@ -124,14 +124,13 @@ RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) pulseaudio? ( media-sound/pulseaudio ) python? ( ${PYTHON_DEPS} ) sdl? ( media-libs/libsdl[X] ) - selinux? ( sec-policy/selinux-qemu ) smartcard? ( dev-libs/nss !app-emulation/libcacard ) spice? ( >=app-emulation/spice-protocol-0.12.3 ) systemtap? ( dev-util/systemtap ) usbredir? ( >=sys-apps/usbredir-0.6 ) virtfs? ( sys-libs/libcap ) xen? ( app-emulation/xen-tools )" -DEPEND="${RDEPEND} +DEPEND="${CDEPEND} dev-lang/perl =dev-lang/python-2* sys-apps/texinfo @@ -144,6 +143,9 @@ DEPEND="${RDEPEND} dev-libs/glib[utils] sys-devel/bc )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-qemu ) +" STRIP_MASK="/usr/share/qemu/palcode-clipper" @@ -256,8 +258,9 @@ src_prepare() { epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch + epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088 epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch #for musl - epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl + epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch
