Backport fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild).

Package-Manager: portage-2.2.0_alpha84_p18/cvs/Linux x86_64
author: Sergei Trofimovich <slyfox@gentoo.org> 2012-01-28 11:45:00 +0000
committer: Sergei Trofimovich <slyfox@gentoo.org> 2012-01-28 11:45:00 +0000
commit: 74f3e2d1e9a1a7f78c9efcdabb6f4562544895db (patch)
tree: 0e8b5f4f653c1a99ae68eb6a5b0b603d2078d740 /app-emulation
parent: USE="athena Xaw3d" is a valid combination, so don't warn. (diff)
download: historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.tar.gz
historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.tar.bz2
historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.zip
5 files changed, 203 insertions, 10 deletions
diff --git a/app-emulation/emul-linux-x86-gstplugins/Manifest b/app-emulation/emul-linux-x86-gstplugins/Manifest
index 810943207714..6aa7a89a9c49 100644
--- a/app-emulation/emul-linux-x86-gstplugins/Manifest
+++ b/app-emulation/emul-linux-x86-gstplugins/Manifest
@@ -1,14 +1,14 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-DIST emul-linux-x86-gstplugins-20120127.tar.xz 6395008 RMD160 2562e864224c4a10736b7ae057e7b0f7e383a0be SHA1 bd4d66b3f78b2b5c7da387c3dfd58a15028c71a2 SHA256 2ff98764ddb394a4904e5168e0549ecc361ee608fe42e244075100c19baef408
+DIST emul-linux-x86-gstplugins-20120127.tar.xz 5575244 RMD160 7fcd6a44a820362a9869f850d4aeedb55b3bc966 SHA1 379f8006e03eb77162c0118a5ebf223064389d9f SHA256 29b390a9637f547d883c4647a5a673f3f423e2dfa0660fb07704ae62d71735b5
 EBUILD emul-linux-x86-gstplugins-20120127.ebuild 588 RMD160 d3453fa7b179b609dd898f95836bf33771fc7c29 SHA1 5bc47c88f05a2b7964d46fe5afa66e3f9b141237 SHA256 c73c3ffc7748bea4dea0462a1a03a18a47dfa7c70cfa2f461df08aa53d39e9bf
-MISC ChangeLog 451 RMD160 24c4bc0d7f62b4aaa912ccf83c8fc026986c0df3 SHA1 e3936687a3f3757112dac876b4e0079a22b53c98 SHA256 83f4e1f9204ed9fb326e69b271e41f35d02eecebb3e1a4eaf6086524980bc1d5
+MISC ChangeLog 576 RMD160 352ff8a5d0db3fa8e5d62b0177c6d82db9e7f90d SHA1 f5b09e9396506e22720aff33806bd777622abdc0 SHA256 a2a54e5975f50b3c7d1a1d386827469d79bdfcfdc3fba3ef1069265132f61e22
 MISC metadata.xml 225 RMD160 a4128fba81c97533725f589d51de117055011d3b SHA1 873f20f8dbcaf11a00b55546daaebd1ec63a657c SHA256 0ce288a649a1cbdf01d699a90300d341736ab0fd3456fd1002e2ffa8d409f453
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk8i5uIACgkQCaWpQKGI+9SvrgCeN8LarzZt8XT/MJ9O3tnfssJE
-cC8An0N7LPvRMiw/vL/D7kJXQgM34wFE
-=mjCQ
+iEYEARECAAYFAk8j4KIACgkQCaWpQKGI+9R2NwCfSrW1XCiag3ic/NRpvd8BJgfR
+EXoAniwzs1VpgxfTtkZPN0+9RG3NjTxM
+=hrl/
 -----END PGP SIGNATURE-----
diff --git a/app-emulation/qemu/ChangeLog b/app-emulation/qemu/ChangeLog
index 21b4ef107421..f2a6dbba3830 100644
--- a/app-emulation/qemu/ChangeLog
+++ b/app-emulation/qemu/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-emulation/qemu
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.100 2012/01/27 21:35:16 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.101 2012/01/28 11:45:00 slyfox Exp $
+
+*qemu-0.11.1-r1 (28 Jan 2012)
+
+  28 Jan 2012; Sergei Trofimovich <slyfox@gentoo.org>
+  +files/qemu-0.11.1-CVE-2012-0029-backport.patch, +qemu-0.11.1-r1.ebuild:
+  Backport fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild).
 
   27 Jan 2012; Sergei Trofimovich <slyfox@gentoo.org> metadata.xml,
   qemu-9999.ebuild:
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 4a7300db6190..a899192f92b8 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,20 +2,22 @@
 Hash: SHA1
 
 AUX qemu-0.11.0-mips64-user-fix.patch 313 RMD160 db016e0a48990a435dd6cf6e807145b33ada4908 SHA1 2ea913b1bcd29734a6d4011794bdb4aa3599a184 SHA256 b4173fc177bd0d0ba67f5551a3512047a19a9b2c0a122f968e32fbd834848d2f
+AUX qemu-0.11.1-CVE-2012-0029-backport.patch 1448 RMD160 efdf7bfe481bbfec2106d4a1652ec4df3242eb97 SHA1 dd44a1c1224c90f93bfcb19c612c6920325e6624 SHA256 fb739ca478977f17b73489823b92d8964da1bb308db997596e1160900f2c9236
 AUX qemu-ifdown 478 RMD160 2187fbf352e6b84686f0cf0e9e9ebe5d26359858 SHA1 1daccb4785fe503687562798f90be1414267e27d SHA256 7d90c39184fd7531d9b8ae787122b68ac768b41afeb0ef2b3baa6461f77af03d
 AUX qemu-ifup 554 RMD160 9769d79ab6456bdd7e3e689005f629e2a67b858d SHA1 dde2b27acabe6fe23ca40f90ff6950bb12a4b506 SHA256 eae9b50680442acc29c65a245a2d26a63756ad4cb894e08cb5ea249686801f1d
 AUX qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch 1412 RMD160 53749555d464e56cfab39b0fa2e8120ab2c024db SHA1 9046e72b8c7496840e340f6fc351434b8830f191 SHA256 9a06665c47b76b2501f148713c46f8ce0b14ed03da5e6cb03c0d141f5d91900a
 DIST qemu-0.11.1.tar.gz 3830070 RMD160 4da00fa6c01d7ff6af0ee781bc9260da577ea7d3 SHA1 7b983cd18f44c6e7627532b662f010389d3bcdff SHA256 2ecd2fc0af2ce5d96067ae82cc98a08275c596de53fc929484bedee1d6e7893a
 DIST qemu-1.0.tar.gz 10848714 RMD160 3a60aef6cfebba6896bdb12c99525da5456172fd SHA1 7dcb1b3516554d6d899d7488cd444dbb7721fcee SHA256 47674b7da559d5e1b44cc401af9ac5ad962d14e9eede12567b13e4b841989737
+EBUILD qemu-0.11.1-r1.ebuild 4919 RMD160 f447972f186a5128ba80b2c8c5bce8871fa38fde SHA1 e09fd89788f6d628ac4701e31f43282023fe7c4a SHA256 571c7ea28e703e86d1ca5be1eacb7b9249b9bec16527355eed38d721e56b13ea
 EBUILD qemu-0.11.1.ebuild 4851 RMD160 14c27fb758125ffa52b22562ee910e89e8dc053b SHA1 405d7858cfb66c7ad4ca3f846ad6048f3f59d49b SHA256 0cccf6126e9ddb442ff37e1c5b3be9ba095059323cf63b9ee0f707e2876f1123
 EBUILD qemu-1.0-r2.ebuild 6912 RMD160 1155a584070a3ecabd696335c7c301b936f22d95 SHA1 96c3ce1bd440025541ef08751d03478eff78bd46 SHA256 0b9afc45f9af381e672c632faa5c15aab60b65cae4b4380aea57721df286879a
 EBUILD qemu-9999.ebuild 6937 RMD160 4432f7bda60db3c57847a8a8c030972eae133248 SHA1 134bead98a8e9025fb59f0c7d7b8a3c03c7e7826 SHA256 fde00cf0f292746ed743f70d6ff0a9d11b91e545776f8fc3cf6db9a412c7a22f
-MISC ChangeLog 14550 RMD160 ac9a01027e55c5e4bbae641385dab43fb4c9a3f2 SHA1 26b96eb6ecae1d19d810730ae24c1ad8aab98fac SHA256 3a76ed0226ec1a4219b7c3b853a068948b7aff4f684ceb307b7f626b6c154859
+MISC ChangeLog 14789 RMD160 f4ea132a0839f167c8da7ce43d371ed519c7aede SHA1 286444ae1ae61daf11aa0425ff36bc6bd07bccde SHA256 3e94e1757d304cae2202f8faa5d4b7647f80b90de445f82eacd2878b920c5fd9
 MISC metadata.xml 2575 RMD160 d53217a49f76391725580cb4ebb22c0ed43588bf SHA1 0b1f51a4bf30e8899cb0379e14eba26c6aa00b7f SHA256 a07e1dd5932d91789f481394b318cf20f4c5a529168b8e5adb299736a643b94b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk8jGZ8ACgkQcaHudmEf86p3DwCfT1XUlpVmvtkVGkiDT/cJdQLi
-pKwAn1nTDiD9oI9OtF2ZZBPJdiOGXdqW
-=u+mX
+iEYEARECAAYFAk8j4MkACgkQcaHudmEf86oAEwCdER9rphURxSGjn6P43IJzUB05
+6oIAnjDWqqTUvexLC++6IER+/k0MuH3t
+=mR9l
 -----END PGP SIGNATURE-----
diff --git a/app-emulation/qemu/files/qemu-0.11.1-CVE-2012-0029-backport.patch b/app-emulation/qemu/files/qemu-0.11.1-CVE-2012-0029-backport.patch
new file mode 100644
index 000000000000..d8935e31c3b5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-0.11.1-CVE-2012-0029-backport.patch
@@ -0,0 +1,35 @@
+Backported upstream patch:
+> From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001
+> From: Anthony Liguori <aliguori@us.ibm.com>
+> Date: Mon, 23 Jan 2012 07:30:43 -0600
+> Subject: [PATCH 26/26] e1000: bounds packet size against buffer size
+>
+> Otherwise we can write beyond the buffer and corrupt memory.  This is tracked
+> as CVE-2012-0029.
+>
+> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+---
+ hw/e1000.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/hw/e1000.c b/hw/e1000.c
+index b0542d7..54ade40 100644
+--- a/hw/e1000.c
++++ b/hw/e1000.c
+@@ -447,6 +447,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+             bytes = split_size;
+             if (tp->size + bytes > msh)
+                 bytes = msh - tp->size;
++
++            bytes = MIN(sizeof(tp->data) - tp->size, bytes);
+             cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
+             if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
+                 memmove(tp->header, tp->data, hdr);
+@@ -462,6 +464,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+         // context descriptor TSE is not set, while data descriptor TSE is set
+         DBGOUT(TXERR, "TCP segmentaion Error\n");
+     } else {
++        split_size = MIN(sizeof(tp->data) - tp->size, split_size);
+         cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
+         tp->size += split_size;
+     }
diff --git a/app-emulation/qemu/qemu-0.11.1-r1.ebuild b/app-emulation/qemu/qemu-0.11.1-r1.ebuild
new file mode 100644
index 000000000000..1a9b65e50f5a
--- /dev/null
+++ b/app-emulation/qemu/qemu-0.11.1-r1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-0.11.1-r1.ebuild,v 1.1 2012/01/28 11:45:00 slyfox Exp $
+
+EAPI="2"
+
+inherit eutils flag-o-matic toolchain-funcs linux-info
+
+DESCRIPTION="QEMU emulator and ABI wrapper"
+HOMEPAGE="http://www.qemu.org"
+SRC_URI="http://download.savannah.gnu.org/releases/qemu/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="alsa bluetooth esd gnutls ncurses pulseaudio sasl +sdl vde kqemu kvm"
+
+COMMON_TARGETS="i386 x86_64 arm cris m68k mips mipsel mips64 mips64el ppc ppc64 sh4 sh4eb sparc"
+
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} ppcemb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} alpha armeb ppc64abi32 sparc64 sparc32plus"
+
+for target in ${IUSE_SOFTMMU_TARGETS}; do
+	IUSE="${IUSE} +qemu_softmmu_targets_${target}"
+done
+
+for target in ${IUSE_USER_TARGETS}; do
+	IUSE="${IUSE} +qemu_user_targets_${target}"
+done
+
+RDEPEND="
+	!app-emulation/qemu-user
+	sys-libs/zlib
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	esd? ( media-sound/esound )
+	pulseaudio? ( media-sound/pulseaudio )
+	gnutls? ( net-libs/gnutls )
+	ncurses? ( sys-libs/ncurses )
+	sasl? ( dev-libs/cyrus-sasl )
+	sdl? ( >=media-libs/libsdl-1.2.11 )
+	vde? ( net-misc/vde )
+	kvm? ( >=sys-kernel/linux-headers-2.6.29 )
+	bluetooth? ( net-wireless/bluez )
+	kqemu? ( >=app-emulation/kqemu-1.4.0_pre1 )"
+#	fdt? ( sys-apps/dtc )
+
+DEPEND="${RDEPEND}
+		gnutls? ( dev-util/pkgconfig )
+		app-text/texi2html"
+
+src_prepare() {
+	# avoid fdt till an updated release appears
+	sed -i -e 's:fdt="yes":fdt="no":' configure
+	# prevent docs to get automatically installed
+	sed -i '/$(DESTDIR)$(docdir)/d' Makefile
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i 's/^\(C\|OP_C\|HELPER_C\)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target tests/Makefile
+	[[ -x /sbin/paxctl ]] && \
+		sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \
+			Makefile.target
+	# Append CFLAGS while linking
+	sed -i 's/$(LDFLAGS)/$(QEMU_CFLAGS) $(CFLAGS) $(LDFLAGS)/' rules.mak
+	epatch "${FILESDIR}/qemu-0.11.0-mips64-user-fix.patch"
+	epatch "${FILESDIR}/qemu-0.11.1-CVE-2012-0029-backport.patch"
+}
+
+src_configure() {
+	local mycc conf_opts audio_opts softmmu_targets user_targets target_list
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		use "qemu_softmmu_targets_${target}" && \
+			softmmu_targets="${softmmu_targets} ${target}-softmmu"
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		use "qemu_user_targets_${target}" && \
+			user_targets="${user_targets} ${target}-linux-user"
+	done
+
+	conf_opts="--disable-darwin-user --disable-bsd-user --disable-strip"
+
+	if test ! -z "${softmmu_targets}" ; then
+		einfo "Building following softmmu targets: ${softmmu_targets}"
+		use gnutls || conf_opts="$conf_opts --disable-vnc-tls"
+		use ncurses || conf_opts="$conf_opts --disable-curses"
+		use sasl || conf_opts="$conf_opts --disable-vnc-sasl"
+		use sdl || conf_opts="$conf_opts --disable-sdl"
+		use vde || conf_opts="$conf_opts --disable-vde"
+		use bluetooth || conf_opts="$conf_opts --disable-bluez"
+		use kqemu || conf_opts="$conf_opts --disable-kqemu"
+		use kvm || conf_opts="$conf_opts --disable-kvm"
+
+		audio_opts="oss"
+		use alsa && audio_opts="alsa $audio_opts"
+		use esd && audio_opts="esd $audio_opts"
+		use pulseaudio && audio_opts="pa $audio_opts"
+		use sdl && audio_opts="sdl $audio_opts"
+	else
+		einfo "Disabling softmmu emulation (no softmmu targets specified)"
+		conf_opts="$conf_opts --disable-system --disable-vnc-tls \
+		--disable-curses --disable-sdl --disable-vde \
+		--disable-kqemu --disable-kvm"
+	fi
+
+	if test ! -z "${user_targets}" ; then
+		einfo "Building following user targets: ${user_targets}"
+		conf_opts="$conf_opts --enable-linux-user"
+	else
+		einfo "Disabling usermode emulation (no usermode targets specified)"
+		conf_opts="$conf_opts --disable-linux-user"
+	fi
+
+#	use fdt || conf_opts="$conf_opts --disable-fdt"
+
+	conf_opts="$conf_opts --prefix=/usr"
+
+	target_list="${softmmu_targets} ${user_targets}"
+
+	filter-flags -fPIE
+
+	./configure ${conf_opts} \
+		--audio-drv-list="$audio_opts" \
+		--cc="$(tc-getCC)" --host-cc="$(tc-getCC)" \
+		--target-list="${target_list}" \
+		|| die "configure failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "make install failed"
+
+	exeinto /etc/qemu
+	doexe \
+		"${FILESDIR}/qemu-ifup" \
+		"${FILESDIR}/qemu-ifdown" \
+		|| die "qemu interface scripts failed"
+
+	dodoc Changelog MAINTAINERS TODO pci-ids.txt || die
+	newdoc pc-bios/README README.pc-bios || die
+	dohtml qemu-doc.html qemu-tech.html || die
+}
+
+pkg_postinst() {
+	elog "You will need the Universal TUN/TAP driver compiled into your"
+	elog "kernel or loaded as a module to use the virtual network device"
+	elog "if using -net tap.  You will also need support for 802.1d"
+	elog "Ethernet Bridging and a configured bridge if using the provided"
+	elog "qemu-ifup script from /etc/qemu."
+	echo
+}
author	Sergei Trofimovich <slyfox@gentoo.org>	2012-01-28 11:45:00 +0000
committer	Sergei Trofimovich <slyfox@gentoo.org>	2012-01-28 11:45:00 +0000
commit	74f3e2d1e9a1a7f78c9efcdabb6f4562544895db (patch)
tree	0e8b5f4f653c1a99ae68eb6a5b0b603d2078d740 /app-emulation
parent	USE="athena Xaw3d" is a valid combination, so don't warn. (diff)
download	historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.tar.gz historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.tar.bz2 historical-74f3e2d1e9a1a7f78c9efcdabb6f4562544895db.zip