package/qemu: bump to version 8.0.2

Message ID	20230614210926.7723-1-romain.naour@smile.fr
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Romain Naour <romain.naour@smile.fr> To: buildroot@buildroot.org Date: Wed, 14 Jun 2023 23:09:26 +0200 Message-Id: <20230614210926.7723-1-romain.naour@smile.fr> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile-fr.20221208.gappssmtp.com; s=20221208; t=1686776969; x=1689368969; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=UqJGgGFd/7BZCHIa/5z7IWTTWPmkP9Pfqg+8UDoP9WI=; b=LYJv7tZhoINq5Ca683KhRQeyDsJL9hD8B98AxmGyUdUOA8K0xafN2EQXG7jJpzt1Rw kHBTO2L9YtSjq/RtYFvsHe6inmPA509eAKNoyY4LhgM+6uvgLssjfj18eZRt8aMRdk/q LI/vMli1g8oGBGrLuUWg0ctiJC4rZc5PirfMaHCx7kYKLl1do14r70XD3aGhrJct+B2j G0TIAy1QsF3z4L+uwhQ/xZTI50eTN/wCZvwpXpIoaSqy5YOrVIv66Ljhaxn1eOOOm2LT 7cuKtqnbdMswgAlVCrMHXhRRzno+ZHbl6BI3lSBBzONQqLfzM8DoOpy5tHV+2cfxIArf 4UVw== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=smile-fr.20221208.gappssmtp.com header.i=@smile-fr.20221208.gappssmtp.com header.a=rsa-sha256 header.s=20221208 header.b=LYJv7tZh Subject: [Buildroot] [PATCH] package/qemu: bump to version 8.0.2 Precedence: list Cc: Romain Naour <romain.naour@smile.fr> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	package/qemu: bump to version 8.0.2 \| expand package/qemu: bump to version 8.0.2

Message ID

20230614210926.7723-1-romain.naour@smile.fr

State

Accepted

Headers

From: Romain Naour <romain.naour@smile.fr>
To: buildroot@buildroot.org
Date: Wed, 14 Jun 2023 23:09:26 +0200
Message-Id: <20230614210926.7723-1-romain.naour@smile.fr>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dkim=pass (2048-bit key) header.d=smile-fr.20221208.gappssmtp.com
 header.i=@smile-fr.20221208.gappssmtp.com header.a=rsa-sha256
 header.s=20221208 header.b=LYJv7tZh
Subject: [Buildroot] [PATCH] package/qemu: bump to version 8.0.2
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Romain Naour <romain.naour@smile.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

package/qemu: bump to version 8.0.2 | expand

Commit Message

Romain Naour June 14, 2023, 9:09 p.m. UTC

Fixes CVE-2023-0330:
A vulnerability in the lsi53c895a device affects the latest version of
qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.

See:
https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
 package/qemu/qemu.hash | 2 +-
 package/qemu/qemu.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Peter Korsgaard June 15, 2023, 6:54 a.m. UTC | #1

>>>>> "Romain" == Romain Naour <romain.naour@smile.fr> writes:

 > Fixes CVE-2023-0330:
 > A vulnerability in the lsi53c895a device affects the latest version of
 > qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
 > like stack overflow or use-after-free.

 > See:
 > https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

Committed after marking it a security bump, thanks.

Looks like we need to bump 2023.02.x to 7.2.3 for the same fix:

https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00218.html

Peter Korsgaard June 16, 2023, 8:39 a.m. UTC | #2

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Romain" == Romain Naour <romain.naour@smile.fr> writes:
 >> Fixes CVE-2023-0330:
 >> A vulnerability in the lsi53c895a device affects the latest version of
 >> qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
 >> like stack overflow or use-after-free.

 >> See:
 >> https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

 > Committed after marking it a security bump, thanks.

 > Looks like we need to bump 2023.02.x to 7.2.3 for the same fix:

 > https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00218.html

Committed to 2023.05.x, thanks.

diff --git a/package/qemu/qemu.hash b/package/qemu/qemu.hash
index e76aef0b3a..b6fcad83e2 100644
--- a/package/qemu/qemu.hash
+++ b/package/qemu/qemu.hash
@@ -1,4 +1,4 @@ 
 # Locally computed, tarball verified with GPG signature
-sha256  bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0  qemu-8.0.0.tar.xz
+sha256  f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5  qemu-8.0.2.tar.xz
 sha256  6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk
index 6a6905d75f..c530896fa8 100644
--- a/package/qemu/qemu.mk
+++ b/package/qemu/qemu.mk
@@ -6,7 +6,7 @@ 
 
 # When updating the version, check whether the list of supported targets
 # needs to be updated.
-QEMU_VERSION = 8.0.0
+QEMU_VERSION = 8.0.2
 QEMU_SOURCE = qemu-$(QEMU_VERSION).tar.xz
 QEMU_SITE = https://download.qemu.org
 QEMU_LICENSE = GPL-2.0, LGPL-2.1, MIT, BSD-3-Clause, BSD-2-Clause, Others/BSD-1c

package/qemu: bump to version 8.0.2

Commit Message

Comments

Patch