Hello community, here is the log from the commit of package qemu for openSUSE:Factory checked in at 2016-07-14 09:41:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qemu (Old) and /work/SRC/openSUSE:Factory/.qemu.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu" Changes: -------- --- /work/SRC/openSUSE:Factory/qemu/qemu-testsuite.changes 2016-06-14 23:06:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.qemu.new/qemu-testsuite.changes 2016-07-14 09:41:58.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Jul 4 06:20:16 UTC 2016 - [email protected] + +- Fix OVMF iPXE network menu (bsc#986033, boo#987488) + ipxe-efi-fix-garbage-bytes-in-device-path.patch + ipxe-efi-fix-uninitialised-data-in-HII.patch + +------------------------------------------------------------------- qemu.changes: same change New: ---- ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qemu-testsuite.spec ++++++ --- /var/tmp/diff_new_pack.MOtoyY/_old 2016-07-14 09:42:00.000000000 +0200 +++ /var/tmp/diff_new_pack.MOtoyY/_new 2016-07-14 09:42:00.000000000 +0200 @@ -143,6 +143,8 @@ Patch1104: ipxe-ath-Fix-building-with-GCC-6.patch Patch1105: ipxe-legacy-Fix-building-with-GCC-6.patch Patch1106: ipxe-util-v5.24-perl-errors-on-redeclare.patch +Patch1107: ipxe-efi-fix-garbage-bytes-in-device-path.patch +Patch1108: ipxe-efi-fix-uninitialised-data-in-HII.patch %endif # this is to make lint happy @@ -749,6 +751,8 @@ %patch1104 -p1 %patch1105 -p1 %patch1106 -p1 +%patch1107 -p1 +%patch1108 -p1 popd # as a safeguard, delete the firmware files that we intend to build qemu.spec: same change ++++++ ipxe-efi-fix-garbage-bytes-in-device-path.patch ++++++ >From 632e57f0f36d9b48f574db273a19e26bf592fc99 Mon Sep 17 00:00:00 2001 From: Michael Brown <[email protected]> Date: Wed, 22 Jun 2016 09:07:20 +0100 Subject: [PATCH] [efi] Do not copy garbage bytes into SNP device path MAC address The SNP device path includes the network device's MAC address within the MAC_ADDR_DEVICE_PATH.MacAddress field. We check that the link-layer address will fit within this field, and then perform the copy using the length of the destination buffer. At 32 bytes, the MacAddress field is actually larger than the current maximum iPXE link-layer address. The copy therefore overflows the source buffer, resulting in trailing garbage bytes being appended to the device path's MacAddress. This is invisible in debug messages, since the DevicePathToText protocol will render only the length implied by the interface type. Fix by copying only the actual length of the link-layer address (which we have already verified will not overflow the destination buffer). Debugged-by: Laszlo Ersek <[email protected]> Signed-off-by: Michael Brown <[email protected]> --- src/interface/efi/efi_snp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: ipxe/src/interface/efi/efi_snp.c =================================================================== --- ipxe.orig/src/interface/efi/efi_snp.c +++ ipxe/src/interface/efi/efi_snp.c @@ -1049,7 +1049,7 @@ static int efi_snp_probe ( struct net_de macpath->Header.SubType = MSG_MAC_ADDR_DP; macpath->Header.Length[0] = sizeof ( *macpath ); memcpy ( &macpath->MacAddress, netdev->ll_addr, - sizeof ( macpath->MacAddress ) ); + netdev->ll_protocol->ll_addr_len ); macpath->IfType = ntohs ( netdev->ll_protocol->ll_proto ); memset ( path_end, 0, sizeof ( *path_end ) ); path_end->Type = END_DEVICE_PATH_TYPE; ++++++ ipxe-efi-fix-uninitialised-data-in-HII.patch ++++++ >From c9f6a8605955926017cdbe2fa99a4b72fd0985a2 Mon Sep 17 00:00:00 2001 From: Michael Brown <[email protected]> Date: Wed, 29 Jun 2016 15:13:35 +0100 Subject: [PATCH] [efi] Fix uninitialised data in HII IFR structures The HII IFR structures are allocated via realloc() rather than zalloc(), and so are not automatically zeroed. This results in the presence of uninitialised and invalid data, causing crashes elsewhere in the UEFI firmware. Fix by explicitly zeroing the newly allocated portion of any IFR structure in efi_ifr_op(). Debugged-by: Laszlo Ersek <[email protected]> Debugged-by: Gary Lin <[email protected]> Signed-off-by: Michael Brown <[email protected]> --- src/interface/efi/efi_hii.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/interface/efi/efi_hii.c b/src/interface/efi/efi_hii.c index 0ea970e..506fc88 100644 --- a/src/interface/efi/efi_hii.c +++ b/src/interface/efi/efi_hii.c @@ -117,6 +117,7 @@ static void * efi_ifr_op ( struct efi_ifr_builder *ifr, unsigned int opcode, ifr->ops_len = new_ops_len; /* Fill in opcode header */ + memset ( op, 0, len ); op->OpCode = opcode; op->Length = len; -- 2.8.4 ++++++ qemu.spec.in ++++++ --- /var/tmp/diff_new_pack.MOtoyY/_old 2016-07-14 09:42:01.000000000 +0200 +++ /var/tmp/diff_new_pack.MOtoyY/_new 2016-07-14 09:42:01.000000000 +0200 @@ -83,6 +83,8 @@ Patch1104: ipxe-ath-Fix-building-with-GCC-6.patch Patch1105: ipxe-legacy-Fix-building-with-GCC-6.patch Patch1106: ipxe-util-v5.24-perl-errors-on-redeclare.patch +Patch1107: ipxe-efi-fix-garbage-bytes-in-device-path.patch +Patch1108: ipxe-efi-fix-uninitialised-data-in-HII.patch %endif # this is to make lint happy @@ -629,6 +631,8 @@ %patch1104 -p1 %patch1105 -p1 %patch1106 -p1 +%patch1107 -p1 +%patch1108 -p1 popd
