Tree - rpms/qemu - CentOS Git server

Forked from rpms/qemu a year ago

Blob History Raw

		725f84	`From: Gerd Hoffmann <kraxel@redhat.com>`
		725f84	`Date: Wed, 29 Oct 2014 12:56:06 +0100`
		725f84	`Subject: [PATCH] vmware-vga: CVE-2014-3689: turn off hw accel`
		725f84
		725f84	`Quick & easy stopgap for CVE-2014-3689: We just compile out the`
		725f84	`hardware acceleration functions which lack sanity checks. Thankfully`
		725f84	`we have capability bits for them (SVGA_CAP_RECT_COPY and`
		725f84	`SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.`
		725f84
		725f84	`Subsequent patches will add the missing checks and re-enable the`
		725f84	`hardware acceleration emulation.`
		725f84
		725f84	`Cc: qemu-stable@nongnu.org`
		725f84	`Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>`
		725f84	`Reviewed-by: Don Koch <dkoch@verizon.com>`
		725f84	`---`
		725f84	`hw/display/vmware_vga.c \| 2 ++`
		725f84	`1 file changed, 2 insertions(+)`
		725f84
		725f84	`diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c`
		725f84	`index 591b645..4a4229b 100644`
		725f84	`--- a/hw/display/vmware_vga.c`
		725f84	`+++ b/hw/display/vmware_vga.c`
		725f84	`@@ -29,8 +29,10 @@`
		725f84	`#include "hw/pci/pci.h"`
		725f84
		725f84	`#undef VERBOSE`
		725f84	`+#if 0`
		725f84	`#define HW_RECT_ACCEL`
		725f84	`#define HW_FILL_ACCEL`
		725f84	`+#endif`
		725f84	`#define HW_MOUSE_ACCEL`
		725f84
		725f84	`#include "vga_int.h"`