Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On Wed, 2019-09-11 at 15:51 +0800, zhou li wrote: > On 2019/09/11 15:38, Mittal, Anuj wrote: > > On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote: > > > Backporting patch from > > > https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 > > > to solve CVE-2019-15890. > > > > > > Signed-off-by: Li Zhou > > > --- > > > meta/recipes-devtools/qemu/qemu.inc| 1 + > > > .../qemu/qemu/CVE-2019-15890.patch | 48 > > > ++ > > > 2 files changed, 49 insertions(+) > > > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019- > > > 15890.patch > > > > > > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes- > > > devtools/qemu/qemu.inc > > > index 241f9db..de21d30 100644 > > > --- a/meta/recipes-devtools/qemu/qemu.inc > > > +++ b/meta/recipes-devtools/qemu/qemu.inc > > > @@ -23,6 +23,7 @@ SRC_URI = " > > > https://download.qemu.org/${BPN}-${PV}.tar.xz \ > > > file://0008-linux-user-Fix-webkitgtk-hangs-on-32- > > > bit-x86- > > > target.patch \ > > > file://0009-Fix-webkitgtk-builds.patch \ > > > file://0010-configure-Add-pkg-config-handling-for- > > > libgcrypt.patch \ > > > + file://CVE-2019-15890.patch \ > > > " > > > UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" > > > > > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > > > b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > > > new file mode 100644 > > > index 000..1d89431 > > > --- /dev/null > > > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > > > @@ -0,0 +1,48 @@ > > > +From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17 > > > 00:00:00 > > > 2001 > > > +From: Li Zhou > > Can you please fix the author name here? > > Do you mean it should be the original author? > > Here is my name because I have adapted sth (the file path) in the > patch. > Yes, it should still reflect the name of original author here. > Should I change it back by hand here? > git commit --amend --author "name " should help. Thanks, Anuj -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On 2019/09/11 15:38, Mittal, Anuj wrote: On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote: Backporting patch from https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 to solve CVE-2019-15890. Signed-off-by: Li Zhou --- meta/recipes-devtools/qemu/qemu.inc| 1 + .../qemu/qemu/CVE-2019-15890.patch | 48 ++ 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019- 15890.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes- devtools/qemu/qemu.inc index 241f9db..de21d30 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -23,6 +23,7 @@ SRC_URI = " https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86- target.patch \ file://0009-Fix-webkitgtk-builds.patch \ file://0010-configure-Add-pkg-config-handling-for- libgcrypt.patch \ + file://CVE-2019-15890.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch new file mode 100644 index 000..1d89431 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch @@ -0,0 +1,48 @@ +From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17 00:00:00 2001 +From: Li Zhou Can you please fix the author name here? Do you mean it should be the original author? Here is my name because I have adapted sth (the file path) in the patch. Should I change it back by hand here? Thanks. Thanks, Anuj -- Best Regards! Zhou Li Phone number: 86-10-84778511 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote: > Backporting patch from > https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 > to solve CVE-2019-15890. > > Signed-off-by: Li Zhou > --- > meta/recipes-devtools/qemu/qemu.inc| 1 + > .../qemu/qemu/CVE-2019-15890.patch | 48 > ++ > 2 files changed, 49 insertions(+) > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019- > 15890.patch > > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes- > devtools/qemu/qemu.inc > index 241f9db..de21d30 100644 > --- a/meta/recipes-devtools/qemu/qemu.inc > +++ b/meta/recipes-devtools/qemu/qemu.inc > @@ -23,6 +23,7 @@ SRC_URI = " > https://download.qemu.org/${BPN}-${PV}.tar.xz \ > file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86- > target.patch \ > file://0009-Fix-webkitgtk-builds.patch \ > file://0010-configure-Add-pkg-config-handling-for- > libgcrypt.patch \ > + file://CVE-2019-15890.patch \ > " > UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > new file mode 100644 > index 000..1d89431 > --- /dev/null > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch > @@ -0,0 +1,48 @@ > +From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17 00:00:00 > 2001 > +From: Li Zhou Can you please fix the author name here? Thanks, Anuj -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core