openembedded-core.git/meta/recipes-devtools/qemu, branch krogoth Mirror of openembedded-core qemu: Secuirty fix for CVE-2016-5403 2016-09-23T14:26:37+00:00 Armin Kuster akuster@mvista.com 2016-09-20T03:01:16+00:00 c53820180cdccd97de1f314078570fac1ff16052 affects qemu < 2.7.0-rc0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects qemu < 2.7.0-rc0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security fix for CVE-2016-4002 2016-09-23T14:26:35+00:00 Armin Kuster akuster@mvista.com 2016-09-20T02:56:19+00:00 4c6493e90c7102a5bfa8aba4c00b112d083e91b8 affects qemu < 2.6.0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects qemu < 2.6.0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security fix CVE-2016-6351 2016-09-23T14:26:34+00:00 Armin Kuster akuster@mvista.com 2016-09-20T02:52:57+00:00 72ee7cac11523a56b99282c03199b5b84326edf5 affects qemu < 2.6.0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects qemu < 2.6.0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security fix CVE-2016-4439 2016-09-23T14:26:33+00:00 Armin Kuster akuster@mvista.com 2016-09-20T02:48:42+00:00 b5c787631cd35fa5b3f10391c883ae7a3717690f affects qemu < 2.6.0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects qemu < 2.6.0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security Fix CVE-2016-3712 2016-09-23T14:26:32+00:00 Armin Kuster akuster@mvista.com 2016-09-20T01:12:42+00:00 ed78691a46a3c928297ae166e92fabdffa9e53c9 affects qemu < 2.6.0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects qemu < 2.6.0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security Fix CVE-2016-3710 2016-09-23T14:26:31+00:00 Armin Kuster akuster@mvista.com 2016-09-20T01:02:55+00:00 aa366a5cb5c4ed84537381d71dd5e66514c575be affects Qemu < 2.6.0 Signed-off-by: Armin Kuster <akuster@mvista.com> 
affects Qemu < 2.6.0

Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: remove explicit but redundant native build dependencies 2016-06-29T18:33:24+00:00 Ross Burton ross.burton@intel.com 2016-04-27T08:28:35+00:00 9558dfc37abfbdd3e66107b346b78ac31074c4dd qemu-native was optionally depending on libxext-native if the DISTRO_FEATURES included x11. This dependency was required back when we didn't build libsdl-native and causes an undesirable relationship between DISTRO_FEATURES and qemu-native. As the dependency isn't required anymore, remove it. (From OE-Core rev: f58f364b1ae97805abc5f9eb7b300617f59826b2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> 
qemu-native was optionally depending on libxext-native if the DISTRO_FEATURES
included x11.  This dependency was required back when we didn't build
libsdl-native and causes an undesirable relationship between DISTRO_FEATURES and
qemu-native.

As the dependency isn't required anymore, remove it.

(From OE-Core rev: f58f364b1ae97805abc5f9eb7b300617f59826b2)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
qemu: Security fix CVE-2016-2858 2016-04-29T06:36:30+00:00 Armin Kuster akuster@mvista.com 2016-04-28T18:23:31+00:00 48909052e7b19ba108ee7813c1efdbed0c2e06ab Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2016-2857 2016-04-29T06:36:30+00:00 Armin Kuster akuster@mvista.com 2016-04-28T18:23:30+00:00 d1b972a55c59a3f3336b3ebd309532dc204ea97b Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Limit paths searched during user mode emulation 2016-03-10T23:06:16+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-03-09T22:49:02+00:00 9ac5017b3328a18561c2912edfda2d7d97c675f2 By default qemu builds a complete list of directories within the user emulation sysroot (-L option). The OE sysroot directory is large and this is confusing, for example it indexes all pkgdata. In particular this confuses strace of qemu binaries with tons of irrelevant paths. This patch stops the code indexing up front and instead only indexes things if/as/when it needs to. This drastically reduces the files it reads and reduces memory usage and cleans up strace. It would also avoid the infinite directory traversal bug in [YOCTO #6996] although the code could still be vulnerable if it parsed those specific paths. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
By default qemu builds a complete list of directories within the user
emulation sysroot (-L option). The OE sysroot directory is large and
this is confusing, for example it indexes all pkgdata. In particular this
confuses strace of qemu binaries with tons of irrelevant paths.

This patch stops the code indexing up front and instead only indexes
things if/as/when it needs to. This drastically reduces the files it
reads and reduces memory usage and cleans up strace.

It would also avoid the infinite directory traversal bug in [YOCTO #6996]
although the code could still be vulnerable if it parsed those specific
paths.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>