Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On Wed, 2019-09-11 at 15:51 +0800, zhou li wrote:
> On 2019/09/11 15:38, Mittal, Anuj wrote:
> > On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote:
> > > Backporting patch from
> > > https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
> > > to solve CVE-2019-15890.
> > >
> > > Signed-off-by: Li Zhou
> > > ---
> > > meta/recipes-devtools/qemu/qemu.inc| 1 +
> > > .../qemu/qemu/CVE-2019-15890.patch | 48
> > > ++
> > > 2 files changed, 49 insertions(+)
> > > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-
> > > 15890.patch
> > >
> > > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-
> > > devtools/qemu/qemu.inc
> > > index 241f9db..de21d30 100644
> > > --- a/meta/recipes-devtools/qemu/qemu.inc
> > > +++ b/meta/recipes-devtools/qemu/qemu.inc
> > > @@ -23,6 +23,7 @@ SRC_URI = "
> > > https://download.qemu.org/${BPN}-${PV}.tar.xz \
> > > file://0008-linux-user-Fix-webkitgtk-hangs-on-32-
> > > bit-x86-
> > > target.patch \
> > > file://0009-Fix-webkitgtk-builds.patch \
> > > file://0010-configure-Add-pkg-config-handling-for-
> > > libgcrypt.patch \
> > > + file://CVE-2019-15890.patch \
> > > "
> > > UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
> > >
> > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> > > b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> > > new file mode 100644
> > > index 000..1d89431
> > > --- /dev/null
> > > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> > > @@ -0,0 +1,48 @@
> > > +From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17
> > > 00:00:00
> > > 2001
> > > +From: Li Zhou
> > Can you please fix the author name here?
>
> Do you mean it should be the original author?
>
> Here is my name because I have adapted sth (the file path) in the
> patch.
>
Yes, it should still reflect the name of original author here.
> Should I change it back by hand here?
>
git commit --amend --author "name "
should help.
Thanks,
Anuj
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On 2019/09/11 15:38, Mittal, Anuj wrote:
On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote:
Backporting patch from
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
to solve CVE-2019-15890.
Signed-off-by: Li Zhou
---
meta/recipes-devtools/qemu/qemu.inc| 1 +
.../qemu/qemu/CVE-2019-15890.patch | 48
++
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-
15890.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-
devtools/qemu/qemu.inc
index 241f9db..de21d30 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -23,6 +23,7 @@ SRC_URI = "
https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-
target.patch \
file://0009-Fix-webkitgtk-builds.patch \
file://0010-configure-Add-pkg-config-handling-for-
libgcrypt.patch \
+ file://CVE-2019-15890.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
new file mode 100644
index 000..1d89431
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
@@ -0,0 +1,48 @@
+From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17 00:00:00
2001
+From: Li Zhou
Can you please fix the author name here?
Do you mean it should be the original author?
Here is my name because I have adapted sth (the file path) in the patch.
Should I change it back by hand here?
Thanks.
Thanks,
Anuj
--
Best Regards!
Zhou Li
Phone number: 86-10-84778511
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] qemu: Security Advisory - qemu - CVE-2019-15890
On Wed, 2019-09-11 at 14:02 +0800, Li Zhou wrote:
> Backporting patch from
> https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
> to solve CVE-2019-15890.
>
> Signed-off-by: Li Zhou
> ---
> meta/recipes-devtools/qemu/qemu.inc| 1 +
> .../qemu/qemu/CVE-2019-15890.patch | 48
> ++
> 2 files changed, 49 insertions(+)
> create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-
> 15890.patch
>
> diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-
> devtools/qemu/qemu.inc
> index 241f9db..de21d30 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -23,6 +23,7 @@ SRC_URI = "
> https://download.qemu.org/${BPN}-${PV}.tar.xz \
> file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-
> target.patch \
> file://0009-Fix-webkitgtk-builds.patch \
> file://0010-configure-Add-pkg-config-handling-for-
> libgcrypt.patch \
> + file://CVE-2019-15890.patch \
> "
> UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
>
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> new file mode 100644
> index 000..1d89431
> --- /dev/null
> +++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-15890.patch
> @@ -0,0 +1,48 @@
> +From 4fc0d23e8f6d795c679623d2ed2cbe6a7a17b9c7 Mon Sep 17 00:00:00
> 2001
> +From: Li Zhou
Can you please fix the author name here?
Thanks,
Anuj
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
