From c95a12941b05fe2af6e7fd7eccd0b7e4dfa26858 Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Tue, 18 Jan 2022 12:21:12 +1100 Subject: [PATCH 1/2] qemu: update to 6.2.0. Also: - clean up template - add build option for pulseaudio - use spice unconditionally - use system dtc, libslirp - fix CVE-2022-0358 --- srcpkgs/qemu/patches/cve-2022-0358.patch | 101 ++++++++++++++++++ srcpkgs/qemu/patches/musl-9p-limits_h.patch | 10 -- .../qemu/patches/musl-fix-SIOCGSTAMPNS.patch | 10 -- .../musl-fix-sigevent-and-sigval_t.patch | 7 +- srcpkgs/qemu/patches/musl-ppc.patch | 68 ++---------- srcpkgs/qemu/patches/xxx-ppcle.patch | 4 +- srcpkgs/qemu/template | 86 ++++++--------- 7 files changed, 152 insertions(+), 134 deletions(-) create mode 100644 srcpkgs/qemu/patches/cve-2022-0358.patch delete mode 100644 srcpkgs/qemu/patches/musl-9p-limits_h.patch delete mode 100644 srcpkgs/qemu/patches/musl-fix-SIOCGSTAMPNS.patch diff --git a/srcpkgs/qemu/patches/cve-2022-0358.patch b/srcpkgs/qemu/patches/cve-2022-0358.patch new file mode 100644 index 000000000000..1b573d567b52 --- /dev/null +++ b/srcpkgs/qemu/patches/cve-2022-0358.patch @@ -0,0 +1,101 @@ +From 449e8171f96a6a944d1f3b7d3627ae059eae21ca Mon Sep 17 00:00:00 2001 +From: Vivek Goyal +Date: Tue, 25 Jan 2022 13:51:14 -0500 +Subject: [PATCH] virtiofsd: Drop membership of all supplementary groups + (CVE-2022-0358) + +At the start, drop membership of all supplementary groups. This is +not required. + +If we have membership of "root" supplementary group and when we switch +uid/gid using setresuid/setsgid, we still retain membership of existing +supplemntary groups. And that can allow some operations which are not +normally allowed. + +For example, if root in guest creates a dir as follows. + +$ mkdir -m 03777 test_dir + +This sets SGID on dir as well as allows unprivileged users to write into +this dir. + +And now as unprivileged user open file as follows. + +$ su test +$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755); + +This will create SGID set executable in test_dir/. + +And that's a problem because now an unpriviliged user can execute it, +get egid=0 and get access to resources owned by "root" group. This is +privilege escalation. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 +Fixes: CVE-2022-0358 +Reported-by: JIETAO XIAO +Suggested-by: Miklos Szeredi +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Dr. David Alan Gilbert +Signed-off-by: Vivek Goyal +Message-Id: +Signed-off-by: Dr. David Alan Gilbert + dgilbert: Fixed missing {}'s style nit +--- + tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index 64b5b4fbb1..b3d0674f6d 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -54,6 +54,7 @@ + #include + #include + #include ++#include + + #include "qemu/cutils.h" + #include "passthrough_helpers.h" +@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) + #define OURSYS_setresuid SYS_setresuid + #endif + ++static void drop_supplementary_groups(void) ++{ ++ int ret; ++ ++ ret = getgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++ ++ if (!ret) { ++ return; ++ } ++ ++ /* Drop all supplementary groups. We should not need it */ ++ ret = setgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++} ++ + /* + * Change to uid/gid of caller so that file is created with + * ownership of caller. +@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[]) + + qemu_init_exec_dir(argv[0]); + ++ drop_supplementary_groups(); ++ + pthread_mutex_init(&lo.mutex, NULL); + lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal); + lo.root.fd = -1; +-- +2.35.0 + diff --git a/srcpkgs/qemu/patches/musl-9p-limits_h.patch b/srcpkgs/qemu/patches/musl-9p-limits_h.patch deleted file mode 100644 index ee0f89886352..000000000000 --- a/srcpkgs/qemu/patches/musl-9p-limits_h.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/hw/9pfs/9p.c.orig 2016-12-21 15:53:59.997900753 +0100 -+++ b/hw/9pfs/9p.c 2016-12-21 15:54:03.006935717 +0100 -@@ -11,6 +11,7 @@ - * - */ - -+#include - #include "qemu/osdep.h" - #include - #include "hw/virtio/virtio.h" diff --git a/srcpkgs/qemu/patches/musl-fix-SIOCGSTAMPNS.patch b/srcpkgs/qemu/patches/musl-fix-SIOCGSTAMPNS.patch deleted file mode 100644 index e0b76c4d3c25..000000000000 --- a/srcpkgs/qemu/patches/musl-fix-SIOCGSTAMPNS.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/linux-user/syscall.c.orig 2017-04-25 23:46:47.896819860 +0200 -+++ b/linux-user/syscall.c 2017-04-26 08:43:48.821452132 +0200 -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - #include - #include - #ifdef __ia64__ diff --git a/srcpkgs/qemu/patches/musl-fix-sigevent-and-sigval_t.patch b/srcpkgs/qemu/patches/musl-fix-sigevent-and-sigval_t.patch index 8bed0c8d7ee9..4b4f1117c15f 100644 --- a/srcpkgs/qemu/patches/musl-fix-sigevent-and-sigval_t.patch +++ b/srcpkgs/qemu/patches/musl-fix-sigevent-and-sigval_t.patch @@ -2,9 +2,10 @@ Note: Remove this patch with musl 1.2.2 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5020,9 +5020,20 @@ - return 0; - } +@@ -5020,10 +5020,21 @@ + #ifndef HAVE_SIGEV_NOTIFY_THREAD_ID + #define sigev_notify_thread_id _sigev_un._tid + #endif -static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp, +struct host_sigevent { diff --git a/srcpkgs/qemu/patches/musl-ppc.patch b/srcpkgs/qemu/patches/musl-ppc.patch index 744efe6a4980..0b77aa8fc63d 100644 --- a/srcpkgs/qemu/patches/musl-ppc.patch +++ b/srcpkgs/qemu/patches/musl-ppc.patch @@ -1,63 +1,15 @@ ---- a/accel/tcg/user-exec.c -+++ b/accel/tcg/user-exec.c -@@ -286,6 +286,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, - */ - #ifdef linux - /* All Registers access - only for local access */ -+#if defined(__GLIBC__) - #define REG_sig(reg_name, context) \ - ((context)->uc_mcontext.regs->reg_name) - /* Gpr Registers access */ -@@ -302,6 +303,19 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #define LR_sig(context) REG_sig(link, context) - /* Condition register */ - #define CR_sig(context) REG_sig(ccr, context) -+#else /* musl */ -+#if defined(_ARCH_PPC64) -+#define REG_sig(reg_num, context) ((context)->uc_mcontext.gp_regs[reg_num]) -+#else -+#define REG_sig(reg_num, context) ((context)->uc_mcontext.gregs[reg_num]) -+#endif -+#define IAR_sig(context) REG_sig(32, context) -+#define MSR_sig(context) REG_sig(33, context) -+#define CTR_sig(context) REG_sig(35, context) -+#define XER_sig(context) REG_sig(37, context) -+#define LR_sig(context) REG_sig(36, context) -+#define CR_sig(context) REG_sig(38, context) -+#endif +--- a/linux-user/signal.c ++++ b/linux-user/signal.c +@@ -21,5 +21,9 @@ + #include "exec/gdbstub.h" + #include "hw/core/tcg-cpu-ops.h" - /* Float Registers access */ - #define FLOAT_sig(reg_num, context) \ -@@ -309,9 +323,15 @@ int cpu_signal_handler(int host_signum, void *pinfo, - #define FPSCR_sig(context) \ - (*(int *)((char *)((context)->uc_mcontext.regs + (48 + 32 * 2) * 4))) - /* Exception Registers access */ -+#if defined(__GLIBC__) - #define DAR_sig(context) REG_sig(dar, context) - #define DSISR_sig(context) REG_sig(dsisr, context) - #define TRAP_sig(context) REG_sig(trap, context) -+#else /* musl */ -+#define DAR_sig(context) REG_sig(41, context) -+#define DSISR_sig(context) REG_sig(42, context) -+#define TRAP_sig(context) REG_sig(40, context) ++#if defined(_ARCH_PPC64) && !defined(__GLIBC__) /* musl */ ++#include +#endif - #endif /* linux */ - - #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ---- a/linux-user/host/ppc64/hostdep.h -+++ b/linux-user/host/ppc64/hostdep.h -@@ -27,7 +27,11 @@ extern char safe_syscall_end[]; - static inline void rewind_if_in_safe_syscall(void *puc) - { - ucontext_t *uc = puc; -+#if defined(__GLIBC__) - unsigned long *pcreg = &uc->uc_mcontext.gp_regs[PT_NIP]; -+#else /* musl */ -+ unsigned long *pcreg = &uc->uc_mcontext.gp_regs[32]; -+#endif - - if (*pcreg > (uintptr_t)safe_syscall_start - && *pcreg < (uintptr_t)safe_syscall_end) { ++ + #include + #include --- a/util/mmap-alloc.c +++ b/util/mmap-alloc.c @@ -25,6 +25,10 @@ diff --git a/srcpkgs/qemu/patches/xxx-ppcle.patch b/srcpkgs/qemu/patches/xxx-ppcle.patch index d382a4f8ce4b..3e1159c74ed9 100644 --- a/srcpkgs/qemu/patches/xxx-ppcle.patch +++ b/srcpkgs/qemu/patches/xxx-ppcle.patch @@ -49,8 +49,8 @@ index 18c26e0..03d3e18 100755 ;; s390x) @@ -6960,6 +6967,9 @@ if test -n "$cross_prefix"; then - i386|x86_64) - echo "cpu_family = 'x86'" >> $cross + x86_64|x32) + echo "cpu_family = 'x86_64'" >> $cross ;; + ppcle) + echo "cpu_family = 'ppc'" >> $cross diff --git a/srcpkgs/qemu/template b/srcpkgs/qemu/template index 1c4465234c7f..b64284d3b180 100644 --- a/srcpkgs/qemu/template +++ b/srcpkgs/qemu/template @@ -1,39 +1,41 @@ # Template file for 'qemu' # This package should be updated together with qemu-user-static pkgname=qemu -version=6.1.0 -revision=3 +version=6.2.0 +revision=1 build_style=configure -hostmakedepends="gettext pkg-config perl python3 automake libtool flex - python3-Sphinx python3-sphinx_rtd_theme texinfo ninja" -makedepends="libpng-devel libjpeg-turbo-devel pixman-devel snappy-devel +configure_args="--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec --localstatedir=/var + --disable-glusterfs --disable-xen --enable-docs --enable-kvm --enable-libusb --enable-pie + --enable-snappy --enable-tpm --enable-usb-redir --enable-vhost-net --enable-virtfs --enable-vnc-png + --audio-drv-list=alsa$(vopt_if sdl2 ,sdl)$(vopt_if jack ,jack)$(vopt_if pulseaudio ,pa) + $(vopt_enable opengl) $(vopt_enable pulseaudio pa) $(vopt_enable sdl2 sdl) $(vopt_enable smartcard) + $(vopt_enable spice) $(vopt_enable virgl virglrenderer) $(vopt_if gtk3 '--enable-gtk')" +hostmakedepends="gettext pkg-config perl python3 python3-Sphinx python3-sphinx_rtd_theme ninja" +makedepends="dtc-devel libpng-devel libjpeg-turbo-devel pixman-devel snappy-devel libuuid-devel libX11-devel alsa-lib-devel libaio-devel gnutls-devel libsasl-devel libglib-devel ncurses-devel libseccomp-devel nss-devel - libcurl-devel xfsprogs-devel libcap-ng-devel libcap-devel vde2-devel usbredir-devel - libbluetooth-devel libssh2-devel libusb-devel pulseaudio-devel libnfs-devel - libzstd-devel $(vopt_if sdl2 'SDL2-devel SDL2_image-devel') - $(vopt_if gtk3 "gtk+3-devel vte3-devel") - $(vopt_if spice spice-devel) $(vopt_if virgl virglrenderer-devel) + libcurl-devel xfsprogs-devel libcap-ng-devel vde2-devel usbredir-devel + libbluetooth-devel libssh2-devel libusb-devel libnfs-devel libslirp-devel + libxkbcommon-devel libzstd-devel $(vopt_if sdl2 'SDL2-devel SDL2_image-devel') + $(vopt_if gtk3 'gtk+3-devel vte3-devel') + $(vopt_if spice 'spice-devel pcsclite-devel') $(vopt_if virgl virglrenderer-devel) $(vopt_if opengl 'libepoxy-devel libdrm-devel MesaLib-devel') $(vopt_if iscsi 'libiscsi-devel') $(vopt_if smartcard libcacard-devel) $(vopt_if numa 'libnuma-devel') - $(vopt_if spice 'pcsclite-devel') - $(vopt_if jack 'jack-devel')" + $(vopt_if jack 'jack-devel') $(vopt_if pulseaudio 'pulseaudio-devel')" short_desc="Open Source Processor Emulator" maintainer="Orphaned " license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://www.qemu.org" distfiles="https://wiki.qemu.org/download/qemu-${version}.tar.bz2" -checksum=6bc93a46361450b2c701c4f4e7cc81adc50e3ae0f2005b8f0fbf14fc23372a24 +checksum=2fde1a30a7dcc15dde0875319ecaf3dc249072dee46ba7ad1f7c8df1faece93f ignore_elf_dirs="/usr/share/qemu" nostrip_files="hppa-firmware.img openbios-ppc openbios-sparc32 openbios-sparc64 palcode-clipper s390-ccw.img s390-netboot.img u-boot.e500 opensbi-riscv32-generic-fw_dynamic.elf opensbi-riscv64-generic-fw_dynamic.elf" -# FIXME -make_check=extended -build_options="gtk3 opengl sdl2 spice virgl smartcard numa iscsi jack" -build_options_default="opengl gtk3 virgl sdl2 numa iscsi jack" +build_options="gtk3 opengl sdl2 spice virgl smartcard numa iscsi jack pulseaudio" +build_options_default="opengl gtk3 virgl sdl2 numa iscsi jack pulseaudio spice" desc_option_sdl2="Enable SDL (2.x) video output" desc_option_spice="Enable support for SPICE" desc_option_virgl="Enable support for VirGL (A Virtual 3D GPU renderer)" @@ -42,51 +44,33 @@ desc_option_numa="Enable support for host NUMA" desc_option_iscsi="Enable support for iSCSI" case "$XBPS_TARGET_MACHINE" in - i686*|x86_64*|ppc64le*) build_options_default+=" spice";; aarch64-musl) CFLAGS="-D_LINUX_SYSINFO_H";; esac -if [ -z "$CROSS_BUILD" ]; then +if [ "$CROSS_BUILD" ]; then + configure_args+=" --cross-prefix=${XBPS_CROSS_TRIPLET}-" +else build_options_default+=" smartcard" fi -pre_configure() { - vsed -i 's/__u64/unsigned long/' linux-user/host/aarch64/hostdep.h -} - -do_configure() { - local args= - - if [ "$CROSS_BUILD" ]; then - args+=" --cross-prefix=${XBPS_CROSS_TRIPLET}-" - export LIBTOOL=libtool - fi - unset CPP +if [ "$XBPS_CHECK_PKGS" != full ]; then + make_check_target=check-unit +fi - local want_sdl="--disable-sdl" - local audio_sdl="" - if [ "$build_option_sdl2" ]; then - want_sdl="--enable-sdl" - audio_sdl=",sdl" - fi - if [ "$build_option_jack" ]; then - audio_jack=",jack" +post_extract() { + if [ "$XBPS_TARGET_LIBC" = "musl" ]; then + grep -rl 'Input/output error' tests/qemu-iotests | + xargs -n1 sed -i -e 's;Input/output error;I/O error;g' + grep -rl 'Operation not supported' tests/qemu-iotests | + xargs -n1 sed -i -e 's;Operation not supported;Not supported;g' fi +} - ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec \ - --enable-kvm --audio-drv-list=alsa,pa${audio_sdl}${audio_jack} \ - --disable-xen --enable-tpm \ - --enable-vhost-net --enable-vnc-png --enable-virtfs \ - --enable-libusb --disable-glusterfs --enable-snappy --enable-usb-redir \ - --enable-pie --localstatedir=/var --enable-docs \ - $(vopt_enable virgl virglrenderer) $(vopt_enable opengl) $(vopt_enable spice) \ - ${want_sdl} \ - $(vopt_enable smartcard) \ - $(vopt_if gtk3 "--enable-gtk") ${args} +pre_configure() { + unset CPP } -do_install() { - make DESTDIR=${DESTDIR} install +post_install() { # qemu-bridge-helper must be setuid for non privileged users. chmod u+s ${DESTDIR}/usr/libexec/qemu-bridge-helper From 00cbd3aeefe7e85fe7a39d5be92ed5e47221f1b8 Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Tue, 18 Jan 2022 16:47:40 +1100 Subject: [PATCH 2/2] qemu-user-static: update to 6.2.0. --- srcpkgs/qemu-user-static/template | 34 ++++++++++++------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/srcpkgs/qemu-user-static/template b/srcpkgs/qemu-user-static/template index 7bccf271c746..59101021c537 100644 --- a/srcpkgs/qemu-user-static/template +++ b/srcpkgs/qemu-user-static/template @@ -1,18 +1,21 @@ # Template file for 'qemu-user-static' # This package should be updated together with qemu pkgname=qemu-user-static -version=6.1.0 -revision=2 +version=6.2.0 +revision=1 wrksrc="qemu-${version}" build_style=configure -hostmakedepends="pkg-config automake python3 ninja" +configure_args="--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec + --disable-kvm --disable-vnc-png --disable-virtfs --disable-fdt --disable-seccomp + --enable-linux-user --disable-system --static" +hostmakedepends="pkg-config perl python3 ninja" makedepends="dtc-devel libglib-devel pixman-devel libuuid-devel" short_desc="QEMU User-mode emulators (statically compiled)" maintainer="Orphaned " license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://www.qemu.org" distfiles="https://wiki.qemu.org/download/qemu-${version}.tar.bz2" -checksum=6bc93a46361450b2c701c4f4e7cc81adc50e3ae0f2005b8f0fbf14fc23372a24 +checksum=2fde1a30a7dcc15dde0875319ecaf3dc249072dee46ba7ad1f7c8df1faece93f _fmts="aarch64 aarch64_be alpha arm armeb cris hppa i386 m68k microblaze microblazeel mips mipsel mips64 mips64el mipsn32 mipsn32el or1k @@ -86,6 +89,10 @@ _xtensa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\x _xtensaeb_magic='\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x5e' _xtensaeb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff' +if [ "$CROSS_BUILD" ]; then + configure_args+=" --cross-prefix=${XBPS_CROSS_TRIPLET}-" +fi + case "$XBPS_TARGET_MACHINE" in x86_64*) _omit="i386|x86_64" ;; aarch64*) _omit="aarch64" ;; @@ -105,26 +112,11 @@ done binfmts="${binfmts%?}" -post_extract() { - vsed -i 's/__u64/unsigned long/' linux-user/host/aarch64/hostdep.h -} - -do_configure() { - if [ "$CROSS_BUILD" ]; then - _args="--cross-prefix=${XBPS_CROSS_TRIPLET}-" - export LIBTOOL=libtool - fi +pre_configure() { unset CPP - - ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec \ - --disable-kvm --disable-vnc-png \ - --disable-virtfs --disable-fdt --disable-seccomp \ - --enable-linux-user --disable-system \ - --static ${_args} } -do_install() { - make DESTDIR=${DESTDIR} install +post_install() { # Remove unneeded stuff. rm -rf ${DESTDIR}/etc ${DESTDIR}/usr/share ${DESTDIR}/usr/libexec for f in nbd io img; do