qemu: added patch CVE-2021-20255

main/qemu/.checksums

@@ -1 +1,2 @@
+d1b0d89f8f5254114828f0e56ba45262  CVE-2021-20255.patch
 f871d2602f5db527533db0f13aa79ab9  qemu-8.0.0.tar.xz

main/qemu/.pkgfiles

@@ -1,4 +1,4 @@
-qemu-8.0.0-2
+qemu-8.0.0-3
 drwxr-xr-x root/root    etc/
 drwxr-xr-x root/root    etc/udev/
 drwxr-xr-x root/root    etc/udev/rules.d/

main/qemu/CVE-2021-20255.patch

@@ -0,0 +1,43 @@
+CVE-2021-20255 patch adapted from QEMU patch by Stefan Weil
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1930646
+
+Signed-off-by: Neha Agarwal <nehaagarwal@microsoft.com>
+---
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 679f52f..9c178c1 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -279,6 +279,9 @@ typedef struct {
+     /* Quasi static device properties (no need to save them). */
+     uint16_t stats_size;
+     bool has_extended_tcb_support;
++
++    /* Flag to avoid recursions. */
++    bool busy;
+ } EEPRO100State;
+ 
+ /* Word indices in EEPROM. */
+@@ -844,6 +847,14 @@ static void action_command(EEPRO100State *s)
+        Therefore we limit the number of iterations. */
+     unsigned max_loop_count = 16;
+ 
++    if (s->busy) {
++        /* Prevent recursions. */
++        logout("recursion in %s:%u\n", __FILE__, __LINE__);
++        return;
++    }
++
++    s->busy = true;
++
+     for (;;) {
+         bool bit_el;
+         bool bit_s;
+@@ -940,6 +951,7 @@ static void action_command(EEPRO100State *s)
+     }
+     TRACE(OTHER, logout("CU list empty\n"));
+     /* List is empty. Now CU is idle or suspended. */
++    s->busy = false;
+ }
+ 
+ static void eepro100_cu_command(EEPRO100State * s, uint8_t val)

main/qemu/spkgbuild

@@ -3,12 +3,15 @@
 
 name=qemu
 version=8.0.0
-release=2
-source="http://download.qemu.org/$name-$version.tar.xz"
+release=3
+source="http://download.qemu.org/$name-$version.tar.xz
+	CVE-2021-20255.patch"
 
 build() {
 	cd $name-$version
 
+	patch -Np1 -i $SRC/CVE-2021-20255.patch
+
 	./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc \