[Buildroot] [PATCH] package/qemu: bump to version 8.0.2

[Buildroot] [PATCH] package/qemu: bump to version 8.0.2

[Romain Naour]

Fixes CVE-2023-0330:
A vulnerability in the lsi53c895a device affects the latest version of
qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.

See:
https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
 package/qemu/qemu.hash | 2 +-
 package/qemu/qemu.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/qemu/qemu.hash b/package/qemu/qemu.hash
index e76aef0b3a..b6fcad83e2 100644
--- a/package/qemu/qemu.hash
+++ b/package/qemu/qemu.hash
@@ -1,4 +1,4 @@
 # Locally computed, tarball verified with GPG signature
-sha256  bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0  qemu-8.0.0.tar.xz
+sha256  f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5  qemu-8.0.2.tar.xz
 sha256  6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk
index 6a6905d75f..c530896fa8 100644
--- a/package/qemu/qemu.mk
+++ b/package/qemu/qemu.mk
@@ -6,7 +6,7 @@
 
 # When updating the version, check whether the list of supported targets
 # needs to be updated.
-QEMU_VERSION = 8.0.0
+QEMU_VERSION = 8.0.2
 QEMU_SOURCE = qemu-$(QEMU_VERSION).tar.xz
 QEMU_SITE = https://download.qemu.org
 QEMU_LICENSE = GPL-2.0, LGPL-2.1, MIT, BSD-3-Clause, BSD-2-Clause, Others/BSD-1c
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/qemu: bump to version 8.0.2

[Peter Korsgaard]

>>>>> "Romain" == Romain Naour <romain.naour@smile.fr> writes:

 > Fixes CVE-2023-0330:
 > A vulnerability in the lsi53c895a device affects the latest version of
 > qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
 > like stack overflow or use-after-free.

 > See:
 > https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

Committed after marking it a security bump, thanks.

Looks like we need to bump 2023.02.x to 7.2.3 for the same fix:

https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00218.html

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/qemu: bump to version 8.0.2

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Romain" == Romain Naour <romain.naour@smile.fr> writes:
 >> Fixes CVE-2023-0330:
 >> A vulnerability in the lsi53c895a device affects the latest version of
 >> qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs
 >> like stack overflow or use-after-free.

 >> See:
 >> https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00221.html

 > Committed after marking it a security bump, thanks.

 > Looks like we need to bump 2023.02.x to 7.2.3 for the same fix:

 > https://lists.gnu.org/archive/html/qemu-devel/2023-06/msg00218.html

Committed to 2023.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot