From: Li Wang <li.w...@windriver.com> Issue: LIN7-2153
the patch comes from: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689 http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc vmware-vga: CVE-2014-3689: turn off hw accel Quick & easy stopgap for CVE-2014-3689: We just compile out the hardware acceleration functions which lack sanity checks. Thankfully we have capability bits for them (SVGA_CAP_RECT_COPY and SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory. Subsequent patches will add the missing checks and re-enable the hardware acceleration emulation. Cc: qemu-sta...@nongnu.org Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Reviewed-by: Don Koch <dk...@verizon.com> Signed-off-by: Li Wang <li.w...@windriver.com> --- .../qemu/qemu/qemu-CVE-2014-3689.patch | 46 ++++++++++++++++++++++ meta/recipes-devtools/qemu/qemu_2.3.0.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch diff --git a/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch b/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch new file mode 100644 index 0000000..a0c3931 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/qemu-CVE-2014-3689.patch @@ -0,0 +1,46 @@ +qemu: CVE-2014-3689 + +the patch comes from: +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3689 +http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc + +vmware-vga: CVE-2014-3689: turn off hw accel + +Quick & easy stopgap for CVE-2014-3689: We just compile out the +hardware acceleration functions which lack sanity checks. Thankfully +we have capability bits for them (SVGA_CAP_RECT_COPY and +SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory. + +Subsequent patches will add the missing checks and re-enable the +hardware acceleration emulation. + +Cc: qemu-sta...@nongnu.org +Signed-off-by: Gerd Hoffmann <kra...@redhat.com> +Reviewed-by: Don Koch <dk...@verizon.com> + +Upstream-Status: Backport + +Signed-off-by: Li Wang <li.w...@windriver.com> +--- + hw/display/vmware_vga.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c +index 591b645..99a97fe 100644 +--- a/hw/display/vmware_vga.c ++++ b/hw/display/vmware_vga.c +@@ -29,9 +29,11 @@ + #include "hw/pci/pci.h" + + #undef VERBOSE ++#if 0 + #define HW_RECT_ACCEL + #define HW_FILL_ACCEL + #define HW_MOUSE_ACCEL ++#endif + + #include "vga_int.h" + +-- +1.7.9.5 + diff --git a/meta/recipes-devtools/qemu/qemu_2.3.0.bb b/meta/recipes-devtools/qemu/qemu_2.3.0.bb index ec1b101..917febe 100644 --- a/meta/recipes-devtools/qemu/qemu_2.3.0.bb +++ b/meta/recipes-devtools/qemu/qemu_2.3.0.bb @@ -18,6 +18,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \ file://09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch \ file://10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch \ file://11-xen-pt-unknown-PCI-config-space-fields-should-be-readonly-CVE-2015-4106.patch \ + file://qemu-CVE-2014-3689.patch \ " SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"; SRC_URI[md5sum] = "2fab3ea4460de9b57192e5b8b311f221" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
