Re: [OE-core] [PATCH 1/2] qemu: upgrade to 2.10.1

2017-10-26 Thread Patrick Ohly 
On Thu, 2017-10-26 at 09:37 -0500, Leonardo Sandoval wrote:
> I used devtool upgrade and the only hunk I need to remove was
> thisone, the rest were applied cleanly.

The rest was applied *silently*, but not *cleanly*. The lesson here is
basically that developers shouldn't blindly trust the tools. If
something is odd, investigate.

What was odd in this case is that it looked like a patch was partially
merged. Why would anyone do that? And indeed, it was merged completely.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/2] qemu: upgrade to 2.10.1

2017-10-26 Thread Leonardo Sandoval 

Hi Patrick

On Thu, Oct 26, 2017 at 4:33 AM, Patrick Ohly  
wrote:

On Thu, 2017-10-19 at 13:10 -0700,
leonardo.sandoval.gonza...@linux.intel.com wrote:

 From: Leonardo Sandoval 

 All CVE patches removed because these are already integrated in
 2.10.1.

...

  meta/recipes-devtools/qemu/qemu/glibc-2.25.patch   |  14 -

diff --git a/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch

 b/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch
 index a6908bdbf9..25569449e4 100644
 --- a/meta/recipes-devtools/qemu/qemu/glibc-
 2.25.patch
 +++ b/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch
 @@ -72,17 +72,3 @@ diff -uNr qemu-2.8.0.orig/configure qemu-
 2.8.0/configure
   # Hold two types of flag:
   #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting
 the name on
   # a thread we have a handle to
 -diff -uNr qemu-2.8.0.orig/include/sysemu/os-posix.h qemu-
 2.8.0/include/sysemu/os-posix.h
  qemu-2.8.0.orig/include/sysemu/os-posix.h 2016-12-20
 21:16:48.0 +0100
 -+++ qemu-2.8.0/include/sysemu/os-posix.h  2017-02-21
 19:07:18.009090381 +0100
 -@@ -34,6 +34,10 @@
 - #include 
 - #include 
 -
 -+#ifdef CONFIG_SYSMACROS
 -+#include 
 -+#endif
 -+
 - void os_set_line_buffering(void);
 - void os_set_proc_name(const char *s);
 - void os_setup_signal_handling(void);


Instead of removing just this hunk from the glibc-2.25.patch, please
remove the entire patch. It is already in 2.10.0.

I was about to send a patch doing just that when I saw your version
update. Here's the commit message for my patch:

The patch is already present in the upstream 2.10.0. Patching 
during a

build succeeds by adding the same hunks again to configure (which
seems to cause no problems during build) and skipping the one 
which it
detects as already applied, but "devtool modify qemu-native" is 
more

picky:


I used devtool upgrade and the only hunk I need to remove was this one, 
the rest were applied cleanly. Let me check again and send  a V2 asap.


Leo





ERROR: Applying 'glibc-2.25.patch' failed:
checking file configure
Hunk #1 succeeded at 4986 with fuzz 2 (offset 259 lines).
checking file configure
Hunk #1 succeeded at 6047 with fuzz 1 (offset 352 lines).
checking file include/sysemu/os-posix.h
Reversed (or previously applied) patch detected!  Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored
ERROR: Function failed: patch_do_patch
ERROR: Logfile of failure stored in: 
.../devtooltmp-6_22hcm3/temp/log.do_patch.31897
NOTE: Tasks Summary: Attempted 3 tasks of which 0 didn't need to 
be rerun and 1 failed.

ERROR: Extracting source for qemu-native failed

--
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/2] qemu: upgrade to 2.10.1

2017-10-26 Thread Alexander Kanavin 
On 10/26/2017 12:33 PM, Patrick Ohly wrote:>  The patch is already 
present in the upstream 2.10.0. Patching during a>  build succeeds 
by adding the same hunks again to configure (which>  seems to cause 
no problems during build) and skipping the one which it>  detects as 
already applied, but "devtool modify qemu-native" is more>  picky:
Seems like another instance of patch (the tool) being too permissive 
about the context by default. Git on the other hand is always strict.


When updating versions, I recommend everyone to use devtool 
upgrade/modify for this reason. There is at least one known case where 
applying a patch in an incorrect spot created a security issue:


https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450

Alex
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/2] qemu: upgrade to 2.10.1

2017-10-26 Thread Patrick Ohly 
On Thu, 2017-10-19 at 13:10 -0700,
leonardo.sandoval.gonza...@linux.intel.com wrote:
> From: Leonardo Sandoval 
> 
> All CVE patches removed because these are already integrated in
> 2.10.1.
...
>  meta/recipes-devtools/qemu/qemu/glibc-2.25.patch   |  14 -
diff --git a/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch
> b/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch
> index a6908bdbf9..25569449e4 100644
> --- a/meta/recipes-devtools/qemu/qemu/glibc-
> 2.25.patch
> +++ b/meta/recipes-devtools/qemu/qemu/glibc-2.25.patch
> @@ -72,17 +72,3 @@ diff -uNr qemu-2.8.0.orig/configure qemu-
> 2.8.0/configure
>   # Hold two types of flag:
>   #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting
> the name on
>   # a thread we have a handle to
> -diff -uNr qemu-2.8.0.orig/include/sysemu/os-posix.h qemu-
> 2.8.0/include/sysemu/os-posix.h
>  qemu-2.8.0.orig/include/sysemu/os-posix.h2016-12-20
> 21:16:48.0 +0100
> -+++ qemu-2.8.0/include/sysemu/os-posix.h 2017-02-21
> 19:07:18.009090381 +0100
> -@@ -34,6 +34,10 @@
> - #include 
> - #include 
> - 
> -+#ifdef CONFIG_SYSMACROS
> -+#include 
> -+#endif
> -+
> - void os_set_line_buffering(void);
> - void os_set_proc_name(const char *s);
> - void os_setup_signal_handling(void);

Instead of removing just this hunk from the glibc-2.25.patch, please
remove the entire patch. It is already in 2.10.0.

I was about to send a patch doing just that when I saw your version
update. Here's the commit message for my patch:

The patch is already present in the upstream 2.10.0. Patching during a
build succeeds by adding the same hunks again to configure (which
seems to cause no problems during build) and skipping the one which it
detects as already applied, but "devtool modify qemu-native" is more
picky:

ERROR: Applying 'glibc-2.25.patch' failed:
checking file configure
Hunk #1 succeeded at 4986 with fuzz 2 (offset 259 lines).
checking file configure
Hunk #1 succeeded at 6047 with fuzz 1 (offset 352 lines).
checking file include/sysemu/os-posix.h
Reversed (or previously applied) patch detected!  Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored
ERROR: Function failed: patch_do_patch
ERROR: Logfile of failure stored in: 
.../devtooltmp-6_22hcm3/temp/log.do_patch.31897
NOTE: Tasks Summary: Attempted 3 tasks of which 0 didn't need to be rerun 
and 1 failed.
ERROR: Extracting source for qemu-native failed

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/2] qemu: upgrade to 2.10.1

2017-10-19 Thread leonardo . sandoval . gonzalez 
From: Leonardo Sandoval 

All CVE patches removed because these are already integrated in 2.10.1.

Signed-off-by: Leonardo Sandoval 
---
 .../qemu/qemu/CVE-2017-13672.patch | 504 -
 .../qemu/qemu/CVE-2017-13673.patch |  53 ---
 .../qemu/qemu/CVE-2017-13711.patch |  87 
 .../qemu/qemu/CVE-2017-14167.patch |  70 ---
 meta/recipes-devtools/qemu/qemu/glibc-2.25.patch   |  14 -
 .../qemu/{qemu_2.10.0.bb => qemu_2.10.1.bb}|   8 +-
 6 files changed, 2 insertions(+), 734 deletions(-)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2017-13672.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2017-13673.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2017-13711.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2017-14167.patch
 rename meta/recipes-devtools/qemu/{qemu_2.10.0.bb => qemu_2.10.1.bb} (86%)

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2017-13672.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2017-13672.patch
deleted file mode 100644
index ce0b1ee3ed..00
--- a/meta/recipes-devtools/qemu/qemu/CVE-2017-13672.patch
+++ /dev/null
@@ -1,504 +0,0 @@
-From 3d90c6254863693a6b13d918d2b8682e08bbc681 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann 
-Date: Mon, 28 Aug 2017 14:29:06 +0200
-Subject: [PATCH] vga: stop passing pointers to vga_draw_line* functions
-
-Instead pass around the address (aka offset into vga memory).
-Add vga_read_* helper functions which apply vbe_size_mask to
-the address, to make sure the address stays within the valid
-range, similar to the cirrus blitter fixes (commits ffaf857778
-and 026aeffcb4).
-
-Impact:  DoS for privileged guest users.  qemu crashes with
-a segfault, when hitting the guard page after vga memory
-allocation, while reading vga memory for display updates.
-
-Fixes: CVE-2017-13672
-Cc: P J P 
-Reported-by: David Buchanan 
-Signed-off-by: Gerd Hoffmann 
-Message-id: 20170828122906.18993-1-kra...@redhat.com
-
-Upstream-Status: Backport
-[https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681]
-
-CVE: CVE-2017-13672
-
-Signed-off-by: Yi Zhao 

- hw/display/vga-helpers.h | 202 ++-
- hw/display/vga.c |   5 +-
- hw/display/vga_int.h |   1 +
- 3 files changed, 114 insertions(+), 94 deletions(-)
-
-diff --git a/hw/display/vga-helpers.h b/hw/display/vga-helpers.h
-index 94f6de2..5a752b3 100644
 a/hw/display/vga-helpers.h
-+++ b/hw/display/vga-helpers.h
-@@ -95,20 +95,46 @@ static void vga_draw_glyph9(uint8_t *d, int linesize,
- } while (--h);
- }
- 
-+static inline uint8_t vga_read_byte(VGACommonState *vga, uint32_t addr)
-+{
-+return vga->vram_ptr[addr & vga->vbe_size_mask];
-+}
-+
-+static inline uint16_t vga_read_word_le(VGACommonState *vga, uint32_t addr)
-+{
-+uint32_t offset = addr & vga->vbe_size_mask & ~1;
-+uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
-+return lduw_le_p(ptr);
-+}
-+
-+static inline uint16_t vga_read_word_be(VGACommonState *vga, uint32_t addr)
-+{
-+uint32_t offset = addr & vga->vbe_size_mask & ~1;
-+uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
-+return lduw_be_p(ptr);
-+}
-+
-+static inline uint32_t vga_read_dword_le(VGACommonState *vga, uint32_t addr)
-+{
-+uint32_t offset = addr & vga->vbe_size_mask & ~3;
-+uint32_t *ptr = (uint32_t *)(vga->vram_ptr + offset);
-+return ldl_le_p(ptr);
-+}
-+
- /*
-  * 4 color mode
-  */
--static void vga_draw_line2(VGACommonState *s1, uint8_t *d,
--   const uint8_t *s, int width)
-+static void vga_draw_line2(VGACommonState *vga, uint8_t *d,
-+   uint32_t addr, int width)
- {
- uint32_t plane_mask, *palette, data, v;
- int x;
- 
--palette = s1->last_palette;
--plane_mask = mask16[s1->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
-+palette = vga->last_palette;
-+plane_mask = mask16[vga->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
- width >>= 3;
- for(x = 0; x < width; x++) {
--data = ((uint32_t *)s)[0];
-+data = vga_read_dword_le(vga, addr);
- data &= plane_mask;
- v = expand2[GET_PLANE(data, 0)];
- v |= expand2[GET_PLANE(data, 2)] << 2;
-@@ -124,7 +150,7 @@ static void vga_draw_line2(VGACommonState *s1, uint8_t *d,
- ((uint32_t *)d)[6] = palette[(v >> 4) & 0xf];
- ((uint32_t *)d)[7] = palette[(v >> 0) & 0xf];
- d += 32;
--s += 4;
-+addr += 4;
- }
- }
- 
-@@ -134,17 +160,17 @@ static void vga_draw_line2(VGACommonState *s1, uint8_t 
*d,
- /*
-  * 4 color mode, dup2 horizontal
-  */
--static void vga_draw_line2d2(VGACommonState *s1, uint8_t *d,
-- const uint8_t *s, int