From 35fba9455f55e38f5f2d83a40cea95bfb869833f Mon Sep 17 00:00:00 2001
From: Luis <lumaro@disroot.org>
Date: Sat, 27 May 2023 19:56:22 +0000
Subject: [PATCH] qemu: added patch CVE-2021-20255

---
 main/qemu/.checksums           |  1 +
 main/qemu/.pkgfiles            |  2 +-
 main/qemu/CVE-2021-20255.patch | 43 ++++++++++++++++++++++++++++++++++
 main/qemu/spkgbuild            |  7 ++++--
 4 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 main/qemu/CVE-2021-20255.patch

diff --git a/main/qemu/.checksums b/main/qemu/.checksums
index f08792d7e..51ede2750 100644
--- a/main/qemu/.checksums
+++ b/main/qemu/.checksums
@@ -1 +1,2 @@
+d1b0d89f8f5254114828f0e56ba45262  CVE-2021-20255.patch
 f871d2602f5db527533db0f13aa79ab9  qemu-8.0.0.tar.xz
diff --git a/main/qemu/.pkgfiles b/main/qemu/.pkgfiles
index 8788ccf6e..715d80e8e 100644
--- a/main/qemu/.pkgfiles
+++ b/main/qemu/.pkgfiles
@@ -1,4 +1,4 @@
-qemu-8.0.0-2
+qemu-8.0.0-3
 drwxr-xr-x root/root    etc/
 drwxr-xr-x root/root    etc/udev/
 drwxr-xr-x root/root    etc/udev/rules.d/
diff --git a/main/qemu/CVE-2021-20255.patch b/main/qemu/CVE-2021-20255.patch
new file mode 100644
index 000000000..63c489313
--- /dev/null
+++ b/main/qemu/CVE-2021-20255.patch
@@ -0,0 +1,43 @@
+CVE-2021-20255 patch adapted from QEMU patch by Stefan Weil
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1930646
+
+Signed-off-by: Neha Agarwal <nehaagarwal@microsoft.com>
+---
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 679f52f..9c178c1 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -279,6 +279,9 @@ typedef struct {
+     /* Quasi static device properties (no need to save them). */
+     uint16_t stats_size;
+     bool has_extended_tcb_support;
++
++    /* Flag to avoid recursions. */
++    bool busy;
+ } EEPRO100State;
+ 
+ /* Word indices in EEPROM. */
+@@ -844,6 +847,14 @@ static void action_command(EEPRO100State *s)
+        Therefore we limit the number of iterations. */
+     unsigned max_loop_count = 16;
+ 
++    if (s->busy) {
++        /* Prevent recursions. */
++        logout("recursion in %s:%u\n", __FILE__, __LINE__);
++        return;
++    }
++
++    s->busy = true;
++
+     for (;;) {
+         bool bit_el;
+         bool bit_s;
+@@ -940,6 +951,7 @@ static void action_command(EEPRO100State *s)
+     }
+     TRACE(OTHER, logout("CU list empty\n"));
+     /* List is empty. Now CU is idle or suspended. */
++    s->busy = false;
+ }
+ 
+ static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
diff --git a/main/qemu/spkgbuild b/main/qemu/spkgbuild
index 481b8b114..e3708831a 100644
--- a/main/qemu/spkgbuild
+++ b/main/qemu/spkgbuild
@@ -3,12 +3,15 @@
 
 name=qemu
 version=8.0.0
-release=2
-source="http://download.qemu.org/$name-$version.tar.xz"
+release=3
+source="http://download.qemu.org/$name-$version.tar.xz
+	CVE-2021-20255.patch"
 
 build() {
 	cd $name-$version
 
+	patch -Np1 -i $SRC/CVE-2021-20255.patch
+
 	./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc \