diff options
| author | Jed Liu | 2015-07-01 15:35:10 -0400 |
|---|---|---|
| committer | Jed Liu | 2015-07-01 15:35:10 -0400 |
| commit | 6f9e0c16ebb1bbbadf369888c3c85362c8778e7d (patch) | |
| tree | 7df6d85697e1c1f11c18b415fae2a12f3189c14a | |
| download | aur-6f9e0c16ebb1bbbadf369888c3c85362c8778e7d.tar.gz | |
Initial import: 2.3.0-3
| -rw-r--r-- | .SRCINFO | 44 | ||||
| -rw-r--r-- | 65-kvm.rules | 2 | ||||
| -rw-r--r-- | CVE-2015-3456.patch | 84 | ||||
| -rw-r--r-- | PKGBUILD | 118 | ||||
| -rw-r--r-- | qemu.install | 19 |
5 files changed, 267 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..a311d04a5f97 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,44 @@ +pkgbase = qemu-minimal + pkgver = 2.3.0 + pkgrel = 3 + url = http://wiki.qemu.org/Index.html + arch = i686 + arch = x86_64 + license = GPL2 + license = LGPL2.1 + makedepends = libjpeg + makedepends = glib2 + makedepends = util-linux + makedepends = curl + makedepends = libsasl + makedepends = seabios + makedepends = libcap-ng + makedepends = libaio + makedepends = libseccomp + makedepends = python2 + conflicts = qemu + options = !strip + source = http://wiki.qemu.org/download/qemu-2.3.0.tar.bz2 + source = CVE-2015-3456.patch + source = 65-kvm.rules + md5sums = 2fab3ea4460de9b57192e5b8b311f221 + md5sums = 5e8a68940c4e0267e795a6ddd144e00e + md5sums = 33ab286a20242dda7743a900f369d68a + +pkgname = qemu-minimal + pkgdesc = A generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. This is a stripped-down version of the official package and requires only the bare essentials for running on a headless server. + install = qemu.install + depends = libjpeg + depends = glib2 + depends = util-linux + depends = curl + depends = libsasl + depends = seabios + depends = libcap-ng + depends = libaio + depends = libseccomp + depends = libssh2>=1.5.0 + optdepends = samba: for SMB Server support + replaces = qemu-kvm + backup = etc/qemu/target-x86_64.conf + diff --git a/65-kvm.rules b/65-kvm.rules new file mode 100644 index 000000000000..569ded9f972f --- /dev/null +++ b/65-kvm.rules @@ -0,0 +1,2 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" +KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net" diff --git a/CVE-2015-3456.patch b/CVE-2015-3456.patch new file mode 100644 index 000000000000..50c19d9f08fe --- /dev/null +++ b/CVE-2015-3456.patch @@ -0,0 +1,84 @@ +From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001 +From: Petr Matousek <pmatouse@redhat.com> +Date: Wed, 6 May 2015 09:48:59 +0200 +Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer + +During processing of certain commands such as FD_CMD_READ_ID and +FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could +get out of bounds leading to memory corruption with values coming +from the guest. + +Fix this by making sure that the index is always bounded by the +allocated memory. + +This is CVE-2015-3456. + +Signed-off-by: Petr Matousek <pmatouse@redhat.com> +Reviewed-by: John Snow <jsnow@redhat.com> +Signed-off-by: John Snow <jsnow@redhat.com> +--- + hw/block/fdc.c | 17 +++++++++++------ + 1 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index f72a392..d8a8edd 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + { + FDrive *cur_drv; + uint32_t retval = 0; +- int pos; ++ uint32_t pos; + + cur_drv = get_cur_drv(fdctrl); + fdctrl->dsr &= ~FD_DSR_PWRDOWN; +@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + return 0; + } + pos = fdctrl->data_pos; ++ pos %= FD_SECTOR_LEN; + if (fdctrl->msr & FD_MSR_NONDMA) { +- pos %= FD_SECTOR_LEN; + if (pos == 0) { + if (fdctrl->data_pos != 0) + if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { +@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction) + static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction) + { + FDrive *cur_drv = get_cur_drv(fdctrl); ++ uint32_t pos; + +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { ++ pos = fdctrl->data_pos - 1; ++ pos %= FD_SECTOR_LEN; ++ if (fdctrl->fifo[pos] & 0x80) { + /* Command parameters done */ +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { ++ if (fdctrl->fifo[pos] & 0x40) { + fdctrl->fifo[0] = fdctrl->fifo[1]; + fdctrl->fifo[2] = 0; + fdctrl->fifo[3] = 0; +@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256]; + static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + { + FDrive *cur_drv; +- int pos; ++ uint32_t pos; + + /* Reset mode */ + if (!(fdctrl->dor & FD_DOR_nRESET)) { +@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + } + + FLOPPY_DPRINTF("%s: %02x\n", __func__, value); +- fdctrl->fifo[fdctrl->data_pos++] = value; ++ pos = fdctrl->data_pos++; ++ pos %= FD_SECTOR_LEN; ++ fdctrl->fifo[pos] = value; + if (fdctrl->data_pos == fdctrl->data_len) { + /* We now have all parameters + * and will be able to treat the command +-- +1.7.0.4 + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..16ad2df966e3 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,118 @@ +# $Id: PKGBUILD 240417 2015-06-07 17:12:34Z seblu $ +# Maintainer: Tobias Powalowski <tpowa@archlinux.org> +#pkgname=('qemu' 'libcacard') +pkgname='qemu-minimal' +pkgver=2.3.0 +pkgrel=3 +arch=('i686' 'x86_64') +license=('GPL2' 'LGPL2.1') +url="http://wiki.qemu.org/Index.html" +#makedepends=('pixman' 'libjpeg' 'libpng' 'sdl' 'alsa-lib' 'nss' 'glib2' +# 'gnutls>=2.4.1' 'bluez-libs' 'vde2' 'util-linux' 'curl' 'libsasl' +# 'libgl' 'libpulse' 'seabios' 'libcap-ng' 'libaio' 'libseccomp' +# 'libiscsi' 'libcacard' 'spice' 'spice-protocol' 'python2' +# 'usbredir' 'ceph') +makedepends=('libjpeg' 'glib2' + 'util-linux' 'curl' 'libsasl' + 'seabios' 'libcap-ng' 'libaio' 'libseccomp' + 'python2' + ) +conflicts=('qemu') +options=(!strip) +source=(http://wiki.qemu.org/download/${pkgname:0:-8}-${pkgver}.tar.bz2 + CVE-2015-3456.patch + 65-kvm.rules) + +prepare() { + cd "${srcdir}/${pkgname:0:-8}-${pkgver}" + patch -p1 -i ${srcdir}/CVE-2015-3456.patch +} + +build () +{ + cd "${srcdir}/${pkgname:0:-8}-${pkgver}" + # qemu vs. make 4 == bad + export ARFLAGS="rv" + # http://permalink.gmane.org/gmane.comp.emulators.qemu/238740 + + # gtk gui breaks keymappings at the moment +# ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='pa alsa sdl' \ +# --python=/usr/bin/python2 --smbd=/usr/bin/smbd \ +# --enable-docs --libexecdir=/usr/lib/qemu \ +# --disable-gtk --enable-linux-aio --enable-seccomp \ +# --enable-spice --localstatedir=/var \ +# --enable-tpm + ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='' \ + --python=/usr/bin/python2 --smbd=/usr/bin/smbd \ + --enable-docs --libexecdir=/usr/lib/qemu \ + --disable-gtk --enable-linux-aio --enable-seccomp \ + --disable-spice --localstatedir=/var \ + --enable-tpm + make V=99 +} + +package() { + pkgdesc="A generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. This is a stripped-down version of the official package and requires only the bare essentials for running on a headless server." +# depends=('pixman' 'libjpeg' 'libpng' 'sdl' 'alsa-lib' 'nss' 'glib2' +# 'gnutls>=2.4.1' 'bluez-libs' 'vde2' 'util-linux' 'curl' 'libsasl' +# 'libgl' 'libpulse' 'seabios' 'libcap-ng' 'libaio' 'libseccomp' +# 'libiscsi' 'libcacard' 'spice' 'usbredir' 'libssh2>=1.5.0' 'ceph') + depends=('libjpeg' 'glib2' + 'util-linux' 'curl' 'libsasl' + 'seabios' 'libcap-ng' 'libaio' 'libseccomp' + 'libssh2>=1.5.0' + ) + backup=('etc/qemu/target-x86_64.conf') + replaces=('qemu-kvm') + optdepends=('samba: for SMB Server support') + install=qemu.install + cd "${srcdir}/${pkgname:0:-8}-${pkgver}" + make DESTDIR="${pkgdir}" libexecdir="/usr/lib/qemu" install + # provided by seabios package + rm "${pkgdir}/usr/share/qemu/bios.bin" + rm "${pkgdir}/usr/share/qemu/acpi-dsdt.aml" + rm "${pkgdir}/usr/share/qemu/q35-acpi-dsdt.aml" + rm "${pkgdir}/usr/share/qemu/bios-256k.bin" + rm "${pkgdir}/usr/share/qemu/vgabios-cirrus.bin" + rm "${pkgdir}/usr/share/qemu/vgabios-qxl.bin" + rm "${pkgdir}/usr/share/qemu/vgabios-stdvga.bin" + rm "${pkgdir}/usr/share/qemu/vgabios-vmware.bin" + + # remove conflicting /var/run directory + rm -r "${pkgdir}/var" + install -D -m644 "${srcdir}/65-kvm.rules" \ + "${pkgdir}/usr/lib/udev/rules.d/65-kvm.rules" + # bridge_helper needs suid + # https://bugs.archlinux.org/task/32565 + chmod u+s "${pkgdir}/usr/lib/qemu/qemu-bridge-helper" + # add sample config + echo "allow br0" > ${pkgdir}/etc/qemu/bridge.conf.sample + # strip scripts directory + find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "$binary")" in + *application/x-executable*) # Binaries + /usr/bin/strip $STRIP_BINARIES "$binary";; + esac + done + # remove libcacard files + rm -rf ${pkgdir}/usr/include/cacard + rm -rf ${pkgdir}/usr/lib/libcacard* + rm -rf ${pkgdir}/usr/lib/pkgconfig/libcacard.pc + rm -rf ${pkgdir}/usr/bin/vscclient +} + +#package_libcacard() { +# pkgdesc="Common Access Card (CAC) Emulation" +# options=('strip') +# depends=('nss' 'libaio' 'libcap-ng' 'libiscsi' 'curl' 'vde2' 'glib2') +# mkdir -p ${pkgdir}/usr/bin +# mkdir -p ${pkgdir}/usr/lib/pkgconfig +# mkdir -p ${pkgdir}/usr/include/cacard +# cp -a ${srcdir}/qemu-${pkgver}/libcacard/*.h ${pkgdir}/usr/include/cacard/ +# cp -a ${srcdir}/qemu-${pkgver}/.libs/libcacard.so* ${pkgdir}/usr/lib/ +# cp -a ${srcdir}/qemu-${pkgver}/libcacard.pc ${pkgdir}/usr/lib/pkgconfig/ +# cp -a ${srcdir}/qemu-${pkgver}/.libs/vscclient ${pkgdir}/usr/bin/ +#} +md5sums=('2fab3ea4460de9b57192e5b8b311f221' + '5e8a68940c4e0267e795a6ddd144e00e' + '33ab286a20242dda7743a900f369d68a') diff --git a/qemu.install b/qemu.install new file mode 100644 index 000000000000..59a32cd8ddda --- /dev/null +++ b/qemu.install @@ -0,0 +1,19 @@ +# kvm: the new package version +post_install() { + # + groupadd kvm -f -g 78 +} + +post_upgrade() { + if [ "$(vercmp $2 0.11)" -lt 0 ]; then + echo "With the release of qemu and qemu-kvm 0.12.X, the kqemu kernel module" + echo "is no longer supported and will be removed from the repositories. You" + echo "can safely uninstall it from your system." + fi + if [ "$(vercmp $2 1.3.1)" -lt 0 ]; then + echo "With the release of qemu 1.3.0, qemu-kvm binary is removed." + echo "You need to change the emulator path, if you use libvirt by using:" + echo "'virsh edit <vm-name>'" + fi +} + |