guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

04/06: gnu: qemu: Update to 2.10.1.


From: Marius Bakke
Subject: 04/06: gnu: qemu: Update to 2.10.1.
Date: Tue, 3 Oct 2017 17:26:53 -0400 (EDT)

mbakke pushed a commit to branch master
in repository guix.

commit f9bd2051f041d5530f88fb2e8b183193209b5f41
Author: Marius Bakke <address@hidden>
Date:   Tue Oct 3 23:00:23 2017 +0200

    gnu: qemu: Update to 2.10.1.
    
    * gnu/packages/patches/qemu-CVE-2017-13711.patch,
      gnu/packages/patches/qemu-CVE-2017-14167.patch: Delete files.
    * gnu/local.mk (dist_patch_DATA): Remove them.
    * gnu/packages/virtualization.scm (qemu): Update to 2.10.1.
    [source](patches): Remove.
---
 gnu/local.mk                                   |  2 -
 gnu/packages/patches/qemu-CVE-2017-13711.patch | 89 --------------------------
 gnu/packages/patches/qemu-CVE-2017-14167.patch | 69 --------------------
 gnu/packages/virtualization.scm                |  6 +-
 4 files changed, 2 insertions(+), 164 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index c802b7b..9f4c639 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -999,8 +999,6 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
   %D%/packages/patches/python2-subprocess32-disable-input-test.patch   \
-  %D%/packages/patches/qemu-CVE-2017-13711.patch               \
-  %D%/packages/patches/qemu-CVE-2017-14167.patch               \
   %D%/packages/patches/qt4-ldflags.patch                       \
   %D%/packages/patches/qtscript-disable-tests.patch            \
   %D%/packages/patches/quagga-reproducible-build.patch          \
diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch 
b/gnu/packages/patches/qemu-CVE-2017-13711.patch
deleted file mode 100644
index 4070115..0000000
--- a/gnu/packages/patches/qemu-CVE-2017-13711.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Fix CVE-2017-13711:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384
-
-From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
-From: Samuel Thibault <address@hidden>
-Date: Fri, 25 Aug 2017 01:35:53 +0200
-Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The if_fastq and if_batchq contain not only packets, but queues of packets
-for the same socket. When sofree frees a socket, it thus has to clear ifq_so
-from all the packets from the queues, not only the first.
-
-Signed-off-by: Samuel Thibault <address@hidden>
-Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
-Cc: address@hidden
-Signed-off-by: Peter Maydell <address@hidden>
----
- slirp/socket.c | 39 +++++++++++++++++++++++----------------
- 1 file changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/slirp/socket.c b/slirp/socket.c
-index ecec0295a9..cb7b5b608d 100644
---- a/slirp/socket.c
-+++ b/slirp/socket.c
-@@ -59,6 +59,27 @@ socreate(Slirp *slirp)
-   return(so);
- }
- 
-+/*
-+ * Remove references to so from the given message queue.
-+ */
-+static void
-+soqfree(struct socket *so, struct quehead *qh)
-+{
-+    struct mbuf *ifq;
-+
-+    for (ifq = (struct mbuf *) qh->qh_link;
-+             (struct quehead *) ifq != qh;
-+             ifq = ifq->ifq_next) {
-+        if (ifq->ifq_so == so) {
-+            struct mbuf *ifm;
-+            ifq->ifq_so = NULL;
-+            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
-+                ifm->ifq_so = NULL;
-+            }
-+        }
-+    }
-+}
-+
- /*
-  * remque and free a socket, clobber cache
-  */
-@@ -66,23 +87,9 @@ void
- sofree(struct socket *so)
- {
-   Slirp *slirp = so->slirp;
--  struct mbuf *ifm;
- 
--  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
--       (struct quehead *) ifm != &slirp->if_fastq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
--
--  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
--       (struct quehead *) ifm != &slirp->if_batchq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
-+  soqfree(so, &slirp->if_fastq);
-+  soqfree(so, &slirp->if_batchq);
- 
-   if (so->so_emu==EMU_RSH && so->extra) {
-       sofree(so->extra);
--- 
-2.14.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch 
b/gnu/packages/patches/qemu-CVE-2017-14167.patch
deleted file mode 100644
index a6007ac..0000000
--- a/gnu/packages/patches/qemu-CVE-2017-14167.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Fix CVE-2017-14167:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
-http://seclists.org/oss-sec/2017/q3/407
-
-Patch copied from upstream development mailing list:
-
-https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
-
-From: Prasad J Pandit <address@hidden>
-
-While loading kernel via multiboot-v1 image, (flags & 0x00010000)
-indicates that multiboot header contains valid addresses to load
-the kernel image. These addresses are used to compute kernel
-size and kernel text offset in the OS image. Validate these
-address values to avoid an OOB access issue.
-
-This is CVE-2017-14167.
-
-Reported-by: Thomas Garnier <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/i386/multiboot.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-Update: add CVE-ID to the commit message.
-
-diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
-index 6001f4caa2..c7b70c91d5 100644
---- a/hw/i386/multiboot.c
-+++ b/hw/i386/multiboot.c
-@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg,
-         uint32_t mh_header_addr = ldl_p(header+i+12);
-         uint32_t mh_load_end_addr = ldl_p(header+i+20);
-         uint32_t mh_bss_end_addr = ldl_p(header+i+24);
-+
-         mh_load_addr = ldl_p(header+i+16);
-+        if (mh_header_addr < mh_load_addr) {
-+            fprintf(stderr, "invalid mh_load_addr address\n");
-+            exit(1);
-+        }
-+
-         uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
-         uint32_t mb_load_size = 0;
-         mh_entry_addr = ldl_p(header+i+28);
- 
-         if (mh_load_end_addr) {
-+            if (mh_bss_end_addr < mh_load_addr) {
-+                fprintf(stderr, "invalid mh_bss_end_addr address\n");
-+                exit(1);
-+            }
-             mb_kernel_size = mh_bss_end_addr - mh_load_addr;
-+
-+            if (mh_load_end_addr < mh_load_addr) {
-+                fprintf(stderr, "invalid mh_load_end_addr address\n");
-+                exit(1);
-+            }
-             mb_load_size = mh_load_end_addr - mh_load_addr;
-         } else {
-+            if (kernel_file_size < mb_kernel_text_offset) {
-+                fprintf(stderr, "invalid kernel_file_size\n");
-+                exit(1);
-+            }
-             mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
-             mb_load_size = mb_kernel_size;
-         }
--- 
-2.13.5
-
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 344ffc7..a8e54d6 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -72,16 +72,14 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "2.10.0")
+    (version "2.10.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qemu.org/qemu-";
                                  version ".tar.xz"))
-             (patches (search-patches "qemu-CVE-2017-13711.patch"
-                                      "qemu-CVE-2017-14167.patch"))
              (sha256
               (base32
-               "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m"))))
+               "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:



reply via email to

[Prev in Thread] Current Thread [Next in Thread]