aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-05-04 16:51:04 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-05-04 16:51:31 -0600
commit76bd06da608677a8e5d05549d914632b03248442 (patch)
treeacb8c1835d587aeaec6b3e9779a49200372c1522
parented5c5416f115842b6c9068f6d5b55fe2180882da (diff)
community/qemu: add mitigation for CVE-2021-20255
-rw-r--r--community/qemu/APKBUILD13
-rw-r--r--community/qemu/CVE-2021-20255.patch43
2 files changed, 53 insertions, 3 deletions
diff --git a/community/qemu/APKBUILD b/community/qemu/APKBUILD
index a27467ebea1..2da854e1ee6 100644
--- a/community/qemu/APKBUILD
+++ b/community/qemu/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=qemu
pkgver=6.0.0
-pkgrel=0
+pkgrel=1
pkgdesc="QEMU is a generic machine emulator and virtualizer"
url="https://qemu.org/"
arch="all"
@@ -177,6 +177,8 @@ source="https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz
0001-virtio-host-input-use-safe-64-bit-time-accessors-for.patch
0002-virtio-user-input-use-safe-64-bit-time-accessors-for.patch
+ CVE-2021-20255.patch
+
$pkgname-guest-agent.confd
$pkgname-guest-agent.initd
80-kvm.rules
@@ -184,6 +186,8 @@ source="https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz
"
# secfixes:
+# 6.0.0-r1:
+# - CVE-2021-20255
# 5.1.0-r1:
# - CVE-2020-14364
# 2.8.1-r1:
@@ -395,7 +399,8 @@ _all_modules() {
mkdir -p "$subpkgdir"
}
-sha512sums="ee3ff00aebec4d8891d2ff6dabe4e667e510b2a4fe3f6190aa34673a91ea32dcd2db2e9bf94c2f1bf05aa79788f17cfbbedc6027c0988ea08a92587b79ee05e4 qemu-6.0.0.tar.xz
+sha512sums="
+ee3ff00aebec4d8891d2ff6dabe4e667e510b2a4fe3f6190aa34673a91ea32dcd2db2e9bf94c2f1bf05aa79788f17cfbbedc6027c0988ea08a92587b79ee05e4 qemu-6.0.0.tar.xz
98db5e23397cfad4a7210f9f7e1c5fa5c48f065785439521c5b39325c429f2dc367c40925adff6aa8677b3192a1a98a30e93d5b9c879df523deb019c40edd9d9 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
1ac043312864309e19f839a699ab2485bca51bbf3d5fdb39f1a87b87e3cbdd8cbda1a56e6b5c9ffccd65a8ac2f600da9ceb8713f4dbba26f245bc52bcd8a1c56 0001-linux-user-fix-build-with-musl-on-aarch64.patch
224f5b44da749921e8a821359478c5238d8b6e24a9c0b4c5738c34e82f3062ec4639d495b8b5883d304af4a0d567e38aa6623aac1aa3a7164a5757c036528ac0 musl-F_SHLCK-and-F_EXLCK.patch
@@ -407,7 +412,9 @@ d7de79ea74e36702cac4a59e472564a55f0a663be7e63c3755e32b4b5dfbc04b390ee79f09f43f6a
d6b81846cefd46b8fd1fb04450d4898f97dc77d11e049fb1bc8e2553bbb88c8325151d0e4bec70cc6820a5863c1d1749b99100b4747d91182856c3ca1946cb28 guest-agent-shutdown.patch
9541a94685cfe411120c4073e6714fd3e307d8a4954e7a760532224b3b018fc8948ee03f2338edbb6626b20b751263249c731ac1de83333048d80982371e1874 0001-virtio-host-input-use-safe-64-bit-time-accessors-for.patch
be84d316ebe4ec883e4d02a05721be5b5d478aaa5897bb8cf25431a893397b6834e46253f139b7b94d0f4186c0c90bba78968deb47a82fc06865097f8f4d7a1a 0002-virtio-user-input-use-safe-64-bit-time-accessors-for.patch
+e9389a6e3b2c3b59f66ea13eb7a3515e87341a68ca14afeb1ddd0084717bf4a13f5f58dc41dadbf0f2faf8fe1ae94ba7d1469c41539c79e45fa1624c6081e904 CVE-2021-20255.patch
d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd
1cd24c2444c5935a763c501af2b0da31635aad9cf62e55416d6477fcec153cddbe7de205d99616def11b085e0dd366ba22463d2270f831d884edbc307c7864a6 qemu-guest-agent.initd
9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules
-749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf"
+749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf
+"
diff --git a/community/qemu/CVE-2021-20255.patch b/community/qemu/CVE-2021-20255.patch
new file mode 100644
index 00000000000..970c00ceb7a
--- /dev/null
+++ b/community/qemu/CVE-2021-20255.patch
@@ -0,0 +1,43 @@
+CVE-2021-20255 patch adapted from QEMU patch by Stefan Weil
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1930646
+
+Signed-off-by: Neha Agarwal <nehaagarwal@microsoft.com>
+---
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 16e95ef9cc..2474cf3dc2 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -279,6 +279,9 @@ typedef struct {
+ /* Quasi static device properties (no need to save them). */
+ uint16_t stats_size;
+ bool has_extended_tcb_support;
++
++ /* Flag to avoid recursions. */
++ bool busy;
+ } EEPRO100State;
+
+ /* Word indices in EEPROM. */
+@@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s)
+ Therefore we limit the number of iterations. */
+ unsigned max_loop_count = 16;
+
++ if (s->busy) {
++ /* Prevent recursions. */
++ logout("recursion in %s:%u\n", __FILE__, __LINE__);
++ return;
++ }
++
++ s->busy = true;
++
+ for (;;) {
+ bool bit_el;
+ bool bit_s;
+@@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s)
+ }
+ TRACE(OTHER, logout("CU list empty\n"));
+ /* List is empty. Now CU is idle or suspended. */
++ s->busy = false;
+ }
+
+ static void eepro100_cu_command(EEPRO100State * s, uint8_t val)