guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: gnu: qemu: Update to 2.11.1.


From: Marius Bakke
Subject: 01/02: gnu: qemu: Update to 2.11.1.
Date: Tue, 20 Feb 2018 12:28:57 -0500 (EST)

mbakke pushed a commit to branch master
in repository guix.

commit 5fa6b52a548a806c36a450448972ae4007bbac17
Author: Marius Bakke <address@hidden>
Date:   Tue Feb 20 17:44:43 2018 +0100

    gnu: qemu: Update to 2.11.1.
    
    * gnu/packages/patches/qemu-CVE-2017-15038.patch,
    gnu/packages/patches/qemu-CVE-2017-15289.patch: Delete files.
    * gnu/local.mk (dist_patch_DATA): Remove them.
    * gnu/packages/virtualization.scm (qemu): Update to 2.11.1
    [source](patches): Remove.
---
 gnu/local.mk                                   |  2 -
 gnu/packages/patches/qemu-CVE-2017-15038.patch | 51 --------------------
 gnu/packages/patches/qemu-CVE-2017-15289.patch | 66 --------------------------
 gnu/packages/virtualization.scm                |  6 +--
 4 files changed, 2 insertions(+), 123 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 35c7fb4..530b8d5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1045,8 +1045,6 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/python-unittest2-python3-compat.patch   \
   %D%/packages/patches/python-unittest2-remove-argparse.patch  \
   %D%/packages/patches/python-waitress-fix-tests.patch         \
-  %D%/packages/patches/qemu-CVE-2017-15038.patch               \
-  %D%/packages/patches/qemu-CVE-2017-15289.patch               \
   %D%/packages/patches/qt4-ldflags.patch                       \
   %D%/packages/patches/qtbase-use-TZDIR.patch                  \
   %D%/packages/patches/qtscript-disable-tests.patch            \
diff --git a/gnu/packages/patches/qemu-CVE-2017-15038.patch 
b/gnu/packages/patches/qemu-CVE-2017-15038.patch
deleted file mode 100644
index 4791a18..0000000
--- a/gnu/packages/patches/qemu-CVE-2017-15038.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2017-15038:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=7bd92756303f2158a68d5166264dc30139b813b6
-
-From 7bd92756303f2158a68d5166264dc30139b813b6 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <address@hidden>
-Date: Mon, 16 Oct 2017 14:21:59 +0200
-Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr
-
-9p back-end first queries the size of an extended attribute,
-allocates space for it via g_malloc() and then retrieves its
-value into allocated buffer. Race between querying attribute
-size and retrieving its could lead to memory bytes disclosure.
-Use g_malloc0() to avoid it.
-
-Reported-by: Tuomas Tynkkynen <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Signed-off-by: Greg Kurz <address@hidden>
----
- hw/9pfs/9p.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 23ac7bb532..f8bbac251d 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -3234,7 +3234,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
-         xattr_fidp->fid_type = P9_FID_XATTR;
-         xattr_fidp->fs.xattr.xattrwalk_fid = true;
-         if (size) {
--            xattr_fidp->fs.xattr.value = g_malloc(size);
-+            xattr_fidp->fs.xattr.value = g_malloc0(size);
-             err = v9fs_co_llistxattr(pdu, &xattr_fidp->path,
-                                      xattr_fidp->fs.xattr.value,
-                                      xattr_fidp->fs.xattr.len);
-@@ -3267,7 +3267,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
-         xattr_fidp->fid_type = P9_FID_XATTR;
-         xattr_fidp->fs.xattr.xattrwalk_fid = true;
-         if (size) {
--            xattr_fidp->fs.xattr.value = g_malloc(size);
-+            xattr_fidp->fs.xattr.value = g_malloc0(size);
-             err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path,
-                                     &name, xattr_fidp->fs.xattr.value,
-                                     xattr_fidp->fs.xattr.len);
--- 
-2.15.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-15289.patch 
b/gnu/packages/patches/qemu-CVE-2017-15289.patch
deleted file mode 100644
index d4b536a..0000000
--- a/gnu/packages/patches/qemu-CVE-2017-15289.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Fix CVE-2017-15289:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=eb38e1bc3740725ca29a535351de94107ec58d51
 
-
-From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <address@hidden>
-Date: Wed, 11 Oct 2017 10:43:14 +0200
-Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
-
-Move dst calculation into the loop, so we apply the mask on each
-interation and will not overflow vga memory.
-
-Cc: Prasad J Pandit <address@hidden>
-Reported-by: Niu Guoxiang <address@hidden>
-Signed-off-by: Gerd Hoffmann <address@hidden>
-Message-id: address@hidden
----
- hw/display/cirrus_vga.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index b4d579857a..bc32bf1e39 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -2038,15 +2038,14 @@ static void 
cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
-+        dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
-       if (val & 0x80) {
-           *dst = s->cirrus_shadow_gr1;
-       } else if (mode == 5) {
-           *dst = s->cirrus_shadow_gr0;
-       }
-       val <<= 1;
--      dst++;
-     }
-     memory_region_set_dirty(&s->vga.vram, offset, 8);
- }
-@@ -2060,8 +2059,8 @@ static void 
cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
-+        dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
-       if (val & 0x80) {
-           *dst = s->cirrus_shadow_gr1;
-           *(dst + 1) = s->vga.gr[0x11];
-@@ -2070,7 +2069,6 @@ static void 
cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
-           *(dst + 1) = s->vga.gr[0x10];
-       }
-       val <<= 1;
--      dst += 2;
-     }
-     memory_region_set_dirty(&s->vga.vram, offset, 16);
- }
--- 
-2.15.0
-
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index d49cdc2..f8f9de1 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -82,16 +82,14 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "2.10.2")
+    (version "2.11.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qemu.org/qemu-";
                                  version ".tar.xz"))
-             (patches (search-patches "qemu-CVE-2017-15038.patch"
-                                      "qemu-CVE-2017-15289.patch"))
              (sha256
               (base32
-               "17w21spvaxaidi2am5lpsln8yjpyp2zi3s3gc6nsxj5arlgamzgw"))))
+               "11l6cs6mib16rgdrnqrhkqs033fjik316gkgfz3asbmxz38lalca"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:



reply via email to

[Prev in Thread] Current Thread [Next in Thread]