diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2013-04-08 09:21:58 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2013-04-08 09:21:58 +0000 |
| commit | 82870cab68b87ed0480c13bc420d119b7bf0d4e8 (patch) | |
| tree | c0f453d2fb4a08872c8c5817e75d9e2ebec70a00 /main/qemu | |
| parent | 77048a363d89d6777bf41253509722ae8b37432f (diff) | |
| download | aports-82870cab68b87ed0480c13bc420d119b7bf0d4e8.tar.bz2 aports-82870cab68b87ed0480c13bc420d119b7bf0d4e8.tar.xz | |
security fix (CVE-2012-6075). Fixes #1633
Diffstat (limited to 'main/qemu')
| -rw-r--r-- | main/qemu/APKBUILD | 18 | ||||
| -rw-r--r-- | main/qemu/CVE-2012-6075.patch | 44 |
2 files changed, 60 insertions, 2 deletions
diff --git a/main/qemu/APKBUILD b/main/qemu/APKBUILD index 63c9c4986..53a748fbd 100644 --- a/main/qemu/APKBUILD +++ b/main/qemu/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=qemu pkgver=1.0.1 -pkgrel=3 +pkgrel=4 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="http://www.nongnu.org/qemu/" arch="all" @@ -41,6 +41,7 @@ source="http://wiki.qemu.org/download/qemu-$pkgver.tar.gz configure-libm.patch CVE-2012-2652.patch librt.patch + CVE-2012-6075.patch " prepare() { @@ -143,4 +144,17 @@ md5sums="5efd1091f01e3bc31bfdec27b8edeb00 qemu-1.0.1.tar.gz 66660f143235201249dc0648b39b86ee 80-kvm.rules a69fe6ff552b61606c5550cac4294abc configure-libm.patch 319652a41e46e4920b30c84b93241e93 CVE-2012-2652.patch -9f6c3143d61748eedc8cf8d0e53aee2c librt.patch" +9f6c3143d61748eedc8cf8d0e53aee2c librt.patch +abf8919e668120c44b4d1570c8a1e6c4 CVE-2012-6075.patch" +sha256sums="198902e10782517f607c9ed9e629b5e7708ea39eb373ed3ec3f1c8a169d98378 qemu-1.0.1.tar.gz +37f666f1cdb7d8a62171de69b531681dcb0fba74236729dac8b6c019232eba84 80-kvm.rules +36dcd4c2540d0d74f94dfae9a24d92f8895d24a2030250b88a2534e4f1355df1 configure-libm.patch +ac05d15dcd3f5f4d8ccc4333f91ad5c8068f891b210e207b0ce682bd790bbb94 CVE-2012-2652.patch +5e4e34229aa31b83e3fa762a7af7d4cdbadaf82125cddb8e8caff62b2466c6f7 librt.patch +33e9ee7b646aa40b58e7ffd6bff36c8d897d84cca03800f243c2737e55ee163d CVE-2012-6075.patch" +sha512sums="c3c311288bd9e843c3e9dae9ad36e370ffa6a379878fae1067e656e9a1f38e002314e59f0fc46c84df98bdd4d6b7acc6b99907b3cf04a2b100a752b837da0178 qemu-1.0.1.tar.gz +9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules +93c969bc4d077690f60f199f5628c7ae0ecbaa87bfc903770b0a0914eddfc7f694028281dbb2fb7086055ce341a723c9ad9aa0238ad08f91c9e9c2b21f04e6af configure-libm.patch +e7e0b49efe9ea67515665daa08927ed161197c8654d8eaf3d56d2084abcb8509ea8d748d65a2c2a021a5e7b95442ed6dba333f3ceb4b7d3a6ec03dbf13786a57 CVE-2012-2652.patch +66787fc829e09223eab05f8ea57dcf7bc3a2d5a231fa5276b5b5dd20f3852282c2e09f4890ed247150bbebabe88bc3dc6ab7a0af69b6e5f0f8e175d950d04ddf librt.patch +248720594d216390e9b2df47cc095442c9257a740a2cd6622b941a681f84a3e672494e23b8bdd4213aec263ed8ecf86e1ce49ef9227ea8ba54a96a65ee28f4d2 CVE-2012-6075.patch" diff --git a/main/qemu/CVE-2012-6075.patch b/main/qemu/CVE-2012-6075.patch new file mode 100644 index 000000000..e656960b4 --- /dev/null +++ b/main/qemu/CVE-2012-6075.patch @@ -0,0 +1,44 @@ +From: Michael Contreras <michael@inetric.com> +Date: Mon, 3 Dec 2012 04:11:22 +0000 (-0800) +Subject: e1000: Discard packets that are too long if !SBP and !LPE +X-Git-Tag: v1.3.0~1 +X-Git-Url: http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb + +e1000: Discard packets that are too long if !SBP and !LPE + +The e1000_receive function for the e1000 needs to discard packets longer than +1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes +this behavior and allocates memory based on this assumption. + +Signed-off-by: Michael Contreras <michael@inetric.com> +Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> +--- + +diff --git a/hw/e1000.c b/hw/e1000.c +index cb7e7e8..5537ad2 100644 +--- a/hw/e1000.c ++++ b/hw/e1000.c +@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + |