[arch-commits] Commit in qemu/trunk (2.0.0-usb-stack.patch PKGBUILD)

Tobias Powalowski tpowa at nymeria.archlinux.org
Thu May 15 06:48:39 UTC 2014 

    Date: Thursday, May 15, 2014 @ 08:48:39
  Author: tpowa
Revision: 212783

upgpkg: qemu 2.0.0-3

fix #40358

Added:
  qemu/trunk/2.0.0-usb-stack.patch
Modified:
  qemu/trunk/PKGBUILD

-----------------------+
 2.0.0-usb-stack.patch |   36 ++++++++++++++++++++++++++++++++++++
 PKGBUILD              |   15 ++++++++++++---
 2 files changed, 48 insertions(+), 3 deletions(-)

Added: 2.0.0-usb-stack.patch
===================================================================
--- 2.0.0-usb-stack.patch	                        (rev 0)
+++ 2.0.0-usb-stack.patch	2014-05-15 06:48:39 UTC (rev 212783)
@@ -0,0 +1,36 @@
+Correct post load checks:
+1. dev->setup_len == sizeof(dev->data_buf)
+    seems fine, no need to fail migration
+2. When state is DATA, passing index > len
+   will cause memcpy with negative length,
+   resulting in heap overflow
+
+First of the issues was reported by dgilbert.
+
+Reported-by: "Dr. David Alan Gilbert" <dgilbert <at> redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst <at> redhat.com>
+---
+
+changes from v1:
+- drop state check
+- lightly tested
+
+ hw/usb/bus.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/usb/bus.c b/hw/usb/bus.c
+index e48b19f..ff1dfe6 100644
+--- a/hw/usb/bus.c
++++ b/hw/usb/bus.c
+ <at>  <at>  -51,8 +51,8  <at>  <at>  static int usb_device_post_load(void *opaque, int version_id)
+     }
+     if (dev->setup_index < 0 ||
+         dev->setup_len < 0 ||
+-        dev->setup_index >= sizeof(dev->data_buf) ||
+-        dev->setup_len >= sizeof(dev->data_buf)) {
++        dev->setup_index > dev->setup_len ||
++        dev->setup_len > sizeof(dev->data_buf)) {
+         return -EINVAL;
+     }
+     return 0;
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-05-15 06:30:47 UTC (rev 212782)
+++ PKGBUILD	2014-05-15 06:48:39 UTC (rev 212783)
@@ -2,7 +2,7 @@
 # Maintainer: Tobias Powalowski <tpowa at archlinux.org>
 pkgname=('qemu' 'libcacard')
 pkgver=2.0.0
-pkgrel=2
+pkgrel=3
 arch=('i686' 'x86_64')
 license=('GPL2' 'LGPL2.1')
 url="http://wiki.qemu.org/Index.html"
@@ -14,8 +14,15 @@
 replaces=('qemu-kvm')
 options=(!strip)
 source=(http://wiki.qemu.org/download/${pkgname}-${pkgver}.tar.bz2
-        65-kvm.rules)
+        65-kvm.rules
+        2.0.0-usb-stack.patch)
 
+prepare ()
+{
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -Np1 -i "${srcdir}/2.0.0-usb-stack.patch"
+}
+
 build ()
 {
   cd "${srcdir}/${pkgname}-${pkgver}"
@@ -22,6 +29,7 @@
   # qemu vs. make 4 == bad
   export ARFLAGS="rv"
   # http://permalink.gmane.org/gmane.comp.emulators.qemu/238740
+
   # gtk gui breaks keymappings at the moment
   ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='pa alsa sdl' \
               --python=/usr/bin/python2 --smbd=/usr/bin/smbd \
@@ -82,4 +90,5 @@
  cp -a ${srcdir}/qemu-${pkgver}/.libs/vscclient ${pkgdir}/usr/bin/
 }
 md5sums=('2790f44fd76da5de5024b4aafeb594c2'
-         '33ab286a20242dda7743a900f369d68a')
+         '33ab286a20242dda7743a900f369d68a'
+         'f98a479ec4e656403f5f05b1914f7f1f')

More information about the arch-commits mailing list