From a3288e2b4afa1afcecd466d62d97bc14feaa9096 Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Thu, 21 Apr 2022 23:15:24 +1100 Subject: [PATCH 1/2] qemu: update to 7.0.0. --- ...l.c-define-__SIGRTMIN-MAX-for-non-GN.patch | 37 ------- srcpkgs/qemu/patches/cve-2022-0358.patch | 101 ------------------ .../qemu/patches/fix-acpi-slic-table.patch | 90 ---------------- srcpkgs/qemu/patches/musl-rlimit-rttime.patch | 13 +++ srcpkgs/qemu/patches/xxx-ppcle.patch | 35 ++---- srcpkgs/qemu/template | 6 +- 6 files changed, 24 insertions(+), 258 deletions(-) delete mode 100644 srcpkgs/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch delete mode 100644 srcpkgs/qemu/patches/cve-2022-0358.patch delete mode 100644 srcpkgs/qemu/patches/fix-acpi-slic-table.patch create mode 100644 srcpkgs/qemu/patches/musl-rlimit-rttime.patch diff --git a/srcpkgs/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch b/srcpkgs/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch deleted file mode 100644 index 528b5d5d8bf6d8..00000000000000 --- a/srcpkgs/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8fbb4e6797ed67310b74cbaaa061269db45a5b71 Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Tue, 29 Apr 2014 15:51:31 +0200 -Subject: [PATCH] linux-user/signal.c: define __SIGRTMIN/MAX for non-GNU - platforms - -The __SIGRTMIN and __SIGRTMAX are glibc internals and are not available -on all platforms, so we define those if they are missing. - -This is needed for musl libc. - -Signed-off-by: Natanael Copa ---- - linux-user/signal.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/linux-user/signal.c b/linux-user/signal.c -index 5ca6d62b15..e917c16d91 100644 ---- a/linux-user/signal.c -+++ b/linux-user/signal.c -@@ -25,6 +25,13 @@ - #include "trace.h" - #include "signal-common.h" - -+#ifndef __SIGRTMIN -+#define __SIGRTMIN 32 -+#endif -+#ifndef __SIGRTMAX -+#define __SIGRTMAX (NSIG-1) -+#endif -+ - static struct target_sigaction sigact_table[TARGET_NSIG]; - - static void host_signal_handler(int host_signum, siginfo_t *info, --- -2.23.0 - diff --git a/srcpkgs/qemu/patches/cve-2022-0358.patch b/srcpkgs/qemu/patches/cve-2022-0358.patch deleted file mode 100644 index 1b573d567b528a..00000000000000 --- a/srcpkgs/qemu/patches/cve-2022-0358.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 449e8171f96a6a944d1f3b7d3627ae059eae21ca Mon Sep 17 00:00:00 2001 -From: Vivek Goyal -Date: Tue, 25 Jan 2022 13:51:14 -0500 -Subject: [PATCH] virtiofsd: Drop membership of all supplementary groups - (CVE-2022-0358) - -At the start, drop membership of all supplementary groups. This is -not required. - -If we have membership of "root" supplementary group and when we switch -uid/gid using setresuid/setsgid, we still retain membership of existing -supplemntary groups. And that can allow some operations which are not -normally allowed. - -For example, if root in guest creates a dir as follows. - -$ mkdir -m 03777 test_dir - -This sets SGID on dir as well as allows unprivileged users to write into -this dir. - -And now as unprivileged user open file as follows. - -$ su test -$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755); - -This will create SGID set executable in test_dir/. - -And that's a problem because now an unpriviliged user can execute it, -get egid=0 and get access to resources owned by "root" group. This is -privilege escalation. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 -Fixes: CVE-2022-0358 -Reported-by: JIETAO XIAO -Suggested-by: Miklos Szeredi -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Vivek Goyal -Message-Id: -Signed-off-by: Dr. David Alan Gilbert - dgilbert: Fixed missing {}'s style nit ---- - tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 64b5b4fbb1..b3d0674f6d 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -54,6 +54,7 @@ - #include - #include - #include -+#include - - #include "qemu/cutils.h" - #include "passthrough_helpers.h" -@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) - #define OURSYS_setresuid SYS_setresuid - #endif - -+static void drop_supplementary_groups(void) -+{ -+ int ret; -+ -+ ret = getgroups(0, NULL); -+ if (ret == -1) { -+ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n", -+ errno, strerror(errno)); -+ exit(1); -+ } -+ -+ if (!ret) { -+ return; -+ } -+ -+ /* Drop all supplementary groups. We should not need it */ -+ ret = setgroups(0, NULL); -+ if (ret == -1) { -+ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n", -+ errno, strerror(errno)); -+ exit(1); -+ } -+} -+ - /* - * Change to uid/gid of caller so that file is created with - * ownership of caller. -@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[]) - - qemu_init_exec_dir(argv[0]); - -+ drop_supplementary_groups(); -+ - pthread_mutex_init(&lo.mutex, NULL); - lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal); - lo.root.fd = -1; --- -2.35.0 - diff --git a/srcpkgs/qemu/patches/fix-acpi-slic-table.patch b/srcpkgs/qemu/patches/fix-acpi-slic-table.patch deleted file mode 100644 index 1a55ec5aa88cfc..00000000000000 --- a/srcpkgs/qemu/patches/fix-acpi-slic-table.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 8cdb99af45365727ac17f45239a9b8c1d5155c6d Mon Sep 17 00:00:00 2001 -From: Igor Mammedov -Date: Mon, 27 Dec 2021 14:31:17 -0500 -Subject: [PATCH] acpi: fix QEMU crash when started with SLIC table -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -if QEMU is started with used provided SLIC table blob, - - -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null -it will assert with: - - hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen) - -and following backtrace: - - ... - build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61 - acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727 - build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064 - ... - -which happens due to acpi_table_begin() expecting NULL terminated -oem_id and oem_table_id strings, which is normally the case, but -in case of user provided SLIC table, oem_id points to table's blob -directly and as result oem_id became longer than expected. - -Fix issue by handling oem_id consistently and make acpi_get_slic_oem() -return NULL terminated strings. - -PS: -After [1] refactoring, oem_id semantics became inconsistent, where -NULL terminated string was coming from machine and old way pointer -into byte array coming from -acpitable option. That used to work -since build_header() wasn't expecting NULL terminated string and -blindly copied the 1st 6 bytes only. - -However commit [2] broke that by replacing build_header() with -acpi_table_begin(), which was expecting NULL terminated string -and was checking oem_id size. - -1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed") -2) -Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()") -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786 -Signed-off-by: Igor Mammedov -Message-Id: <20211227193120.1084176-2-imammedo@redhat.com> -Reviewed-by: Philippe Mathieu-Daudé -Tested-by: Denis Lisov -Tested-by: Alexander Tsoy -Cc: qemu-stable@nongnu.org -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin ---- - hw/acpi/core.c | 4 ++-- - hw/i386/acpi-build.c | 2 ++ - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/hw/acpi/core.c b/hw/acpi/core.c -index 1e004d0078..3e811bf03c 100644 ---- a/hw/acpi/core.c -+++ b/hw/acpi/core.c -@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem) - struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length)); - - if (memcmp(hdr->sig, "SLIC", 4) == 0) { -- oem->id = hdr->oem_id; -- oem->table_id = hdr->oem_table_id; -+ oem->id = g_strndup(hdr->oem_id, 6); -+ oem->table_id = g_strndup(hdr->oem_table_id, 8); - return 0; - } - } -diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c -index 8383b83ee3..0234fe7588 100644 ---- a/hw/i386/acpi-build.c -+++ b/hw/i386/acpi-build.c -@@ -2723,6 +2723,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine) - - /* Cleanup memory that's no longer used. */ - g_array_free(table_offsets, true); -+ g_free(slic_oem.id); -+ g_free(slic_oem.table_id); - } - - static void acpi_ram_update(MemoryRegion *mr, GArray *data) --- -GitLab - diff --git a/srcpkgs/qemu/patches/musl-rlimit-rttime.patch b/srcpkgs/qemu/patches/musl-rlimit-rttime.patch new file mode 100644 index 00000000000000..0cbf9be36a8f10 --- /dev/null +++ b/srcpkgs/qemu/patches/musl-rlimit-rttime.patch @@ -0,0 +1,13 @@ +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -141,6 +141,10 @@ + #include "fd-trans.h" + #include "tcg/tcg.h" + ++#ifndef RLIMIT_RTTIME ++#define RLIMIT_RTTIME 15 ++#endif ++ + #ifndef CLONE_IO + #define CLONE_IO 0x80000000 /* Clone io context */ + #endif diff --git a/srcpkgs/qemu/patches/xxx-ppcle.patch b/srcpkgs/qemu/patches/xxx-ppcle.patch index 3e1159c74ed93f..7418ca8d2c63a3 100644 --- a/srcpkgs/qemu/patches/xxx-ppcle.patch +++ b/srcpkgs/qemu/patches/xxx-ppcle.patch @@ -29,35 +29,16 @@ index 18c26e0..03d3e18 100755 fi elif check_define __mips__ ; then cpu="mips" -@@ -683,6 +687,9 @@ ARCH= - case "$cpu" in - ppc|ppc64|s390x|sparc64|x32|riscv32|riscv64) - ;; +@@ -638,6 +642,9 @@ + + ppc) + CPU_CFLAGS="-m32" ;; + ppcle) -+ ARCH="ppc" -+ ;; ++ cpu="ppc" ++ CPU_CFLAGS="-m32 -mlittle-endian" ;; + ppc64) + CPU_CFLAGS="-m64 -mbig-endian" ;; ppc64le) - ARCH="ppc64" - ;; -@@ -6783,7 +6790,7 @@ if test "$linux" = "yes" ; then - i386|x86_64|x32) - linux_arch=x86 - ;; -- ppc|ppc64|ppc64le) -+ ppc|ppcle|ppc64|ppc64le) - linux_arch=powerpc - ;; - s390x) -@@ -6960,6 +6967,9 @@ if test -n "$cross_prefix"; then - x86_64|x32) - echo "cpu_family = 'x86_64'" >> $cross - ;; -+ ppcle) -+ echo "cpu_family = 'ppc'" >> $cross -+ ;; - ppc64le) - echo "cpu_family = 'ppc64'" >> $cross - ;; diff --git a/configs/targets/ppcle-linux-user.mak b/configs/targets/ppcle-linux-user.mak new file mode 100644 index 0000000..2259243 diff --git a/srcpkgs/qemu/template b/srcpkgs/qemu/template index 042ba79299e1bf..fad2bd02b47721 100644 --- a/srcpkgs/qemu/template +++ b/srcpkgs/qemu/template @@ -1,8 +1,8 @@ # Template file for 'qemu' # This package should be updated together with qemu-user-static pkgname=qemu -version=6.2.0 -revision=3 +version=7.0.0 +revision=1 build_style=configure configure_args="--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec --localstatedir=/var --disable-glusterfs --disable-xen --enable-docs --enable-kvm --enable-libusb --enable-pie @@ -28,7 +28,7 @@ maintainer="Orphaned " license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://www.qemu.org" distfiles="https://wiki.qemu.org/download/qemu-${version}.tar.bz2" -checksum=2fde1a30a7dcc15dde0875319ecaf3dc249072dee46ba7ad1f7c8df1faece93f +checksum=a83032c6ce0dba35479610a4e11a7d8c4a6dffb17152653c183eec3c58616d4e ignore_elf_dirs="/usr/share/qemu" nostrip_files="hppa-firmware.img openbios-ppc openbios-sparc32 openbios-sparc64 palcode-clipper s390-ccw.img s390-netboot.img u-boot.e500 opensbi-riscv32-generic-fw_dynamic.elf From 12bee1cea040487c54d8b0d1441fe0e547f004e4 Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Thu, 21 Apr 2022 23:15:32 +1100 Subject: [PATCH 2/2] qemu-user-static: update to 7.0.0. --- srcpkgs/qemu-user-static/template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srcpkgs/qemu-user-static/template b/srcpkgs/qemu-user-static/template index cca001f8835ba1..34de456db4a91c 100644 --- a/srcpkgs/qemu-user-static/template +++ b/srcpkgs/qemu-user-static/template @@ -1,8 +1,8 @@ # Template file for 'qemu-user-static' # This package should be updated together with qemu pkgname=qemu-user-static -version=6.2.0 -revision=2 +version=7.0.0 +revision=1 wrksrc="qemu-${version}" build_style=configure configure_args="--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec @@ -15,7 +15,7 @@ maintainer="Orphaned " license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://www.qemu.org" distfiles="https://wiki.qemu.org/download/qemu-${version}.tar.bz2" -checksum=2fde1a30a7dcc15dde0875319ecaf3dc249072dee46ba7ad1f7c8df1faece93f +checksum=a83032c6ce0dba35479610a4e11a7d8c4a6dffb17152653c183eec3c58616d4e _fmts="aarch64 aarch64_be alpha arm armeb cris hppa i386 m68k microblaze microblazeel mips mipsel mips64 mips64el mipsn32 mipsn32el or1k