From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F2D4C138825 for ; Sat, 1 Nov 2014 16:16:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4EA8EE0C4D; Sat, 1 Nov 2014 16:15:01 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 986C8E0C46 for ; Sat, 1 Nov 2014 16:15:00 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6B6DA3404FF for ; Sat, 1 Nov 2014 16:14:59 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 984F39366 for ; Sat, 1 Nov 2014 16:14:57 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1414858520.cb62f9fd061fbf7feed13831bd12d19e8636b0af.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-dev:musl commit in: app-emulation/qemu/, app-emulation/qemu/files/ X-VCS-Repository: proj/hardened-dev X-VCS-Files: app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch app-emulation/qemu/qemu-2.1.0-r99.ebuild app-emulation/qemu/qemu-2.1.1-r99.ebuild X-VCS-Directories: app-emulation/qemu/ app-emulation/qemu/files/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: cb62f9fd061fbf7feed13831bd12d19e8636b0af X-VCS-Branch: musl Date: Sat, 1 Nov 2014 16:14:57 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0befc94d-3c53-4fd4-b73e-026fe7be40c0 X-Archives-Hash: 8c5f32a8ba48dcd19ac08350d22ca7b2 commit: cb62f9fd061fbf7feed13831bd12d19e8636b0af Author: Felix Janda posteo de> AuthorDate: Thu Oct 30 21:02:28 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Sat Nov 1 16:15:20 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=cb62f9fd app-emulation/qemu: bump to 2.1.1 Signed-off-by: Anthony G. Basile gentoo.org> --- .../qemu/files/qemu-2.1.1-readlink-self.patch | 81 ++++++++++++++++++++++ ...qemu-2.1.0-r99.ebuild => qemu-2.1.1-r99.ebuild} | 8 +-- 2 files changed, 85 insertions(+), 4 deletions(-) diff --git a/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch b/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch new file mode 100644 index 0000000..451a968 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch @@ -0,0 +1,81 @@ +fix already in upstream + +From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Fri, 8 Aug 2014 09:40:25 +0900 +Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink + +The current code always returns the length of the path when it should +be returning the number of bytes it wrote to the output string. + +Further, readlink is not supposed to append a NUL byte, but the current +snprintf logic will always do just that. + +Even further, if you pass in a length of 0, you're suppoesd to get back +an error (EINVAL), but the current logic just returns 0. + +Further still, if there was an error reading the symlink, we should not +go ahead and try to read the target buffer as it is garbage. + +Simple test for the first two issues: +$ cat test.c +int main() { + char buf[50]; + size_t len; + for (len = 0; len < 10; ++len) { + memset(buf, '!', sizeof(buf)); + ssize_t ret = readlink("/proc/self/exe", buf, len); + buf[20] = '\0'; + printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret); + } + return 0; +} + +Now compare the output of the native: +$ gcc test.c -o /tmp/x +$ /tmp/x +$ strace /tmp/x + +With what qemu does: +$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static +$ qemu-arm /tmp/x +$ qemu-arm -strace /tmp/x + +Signed-off-by: Mike Frysinger +Signed-off-by: Riku Voipio +--- + linux-user/syscall.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index fccf9f0..7c108ab 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, + p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0); + if (!p || !p2) { + ret = -TARGET_EFAULT; ++ } else if (!arg3) { ++ /* Short circuit this for the magic exe check. */ ++ ret = -TARGET_EINVAL; + } else if (is_proc_myself((const char *)p, "exe")) { + char real[PATH_MAX], *temp; + temp = realpath(exec_path, real); +- ret = temp == NULL ? get_errno(-1) : strlen(real) ; +- snprintf((char *)p2, arg3, "%s", real); ++ /* Return value is # of bytes that we wrote to the buffer. */ ++ if (temp == NULL) { ++ ret = get_errno(-1); ++ } else { ++ /* Don't worry about sign mismatch as earlier mapping ++ * logic would have thrown a bad address error. */ ++ ret = MIN(strlen(real), arg3); ++ /* We cannot NUL terminate the string. */ ++ memcpy(p2, real, ret); ++ } + } else { + ret = get_errno(readlink(path(p), p2, arg3)); + } +-- +2.0.0 + diff --git a/app-emulation/qemu/qemu-2.1.0-r99.ebuild b/app-emulation/qemu/qemu-2.1.1-r99.ebuild similarity index 98% rename from app-emulation/qemu/qemu-2.1.0-r99.ebuild rename to app-emulation/qemu/qemu-2.1.1-r99.ebuild index d885d11..8509734 100644 --- a/app-emulation/qemu/qemu-2.1.0-r99.ebuild +++ b/app-emulation/qemu/qemu-2.1.1-r99.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0-r1.ebuild,v 1.6 2014/09/13 17:07:04 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.1.ebuild,v 1.4 2014/10/23 14:53:45 ago Exp $ EAPI=5 @@ -52,7 +52,7 @@ IUSE+=" ${use_targets}" # Require at least one softmmu or user target. # Block USE flag configurations known to not work. REQUIRED_USE="|| ( ${use_targets} ) - python? ( ${PYTHON_REQUIRED_USE} ) + ${PYTHON_REQUIRED_USE} qemu_softmmu_targets_arm? ( fdt ) qemu_softmmu_targets_microblaze? ( fdt ) qemu_softmmu_targets_ppc? ( fdt ) @@ -255,9 +255,9 @@ src_prepare() { use nls || rm -f po/*.po epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688 + epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch #for musl - epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl + epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch