[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
15/16: gnu: qemu: Update to 3.0.0 [mitigate CVE-2018-3639].
From: |
Tobias Geerinckx-Rice |
Subject: |
15/16: gnu: qemu: Update to 3.0.0 [mitigate CVE-2018-3639]. |
Date: |
Wed, 15 Aug 2018 21:02:59 -0400 (EDT) |
nckx pushed a commit to branch master
in repository guix.
commit 5dc8437fc0ff3dedf75de2183e3bf9d493e4aa81
Author: Tobias Geerinckx-Rice <address@hidden>
Date: Thu Aug 16 02:38:32 2018 +0200
gnu: qemu: Update to 3.0.0 [mitigate CVE-2018-3639].
* gnu/packages/virtualization.scm (qemu): Update to 3.0.0.
[source]: Remove patch.
* gnu/packages/patches/qemu-CVE-2018-11806.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/patches/qemu-CVE-2018-11806.patch | 105 -------------------------
gnu/packages/virtualization.scm | 5 +-
3 files changed, 2 insertions(+), 109 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index e3ca237..606b3ac 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1097,7 +1097,6 @@ dist_patch_DATA =
\
%D%/packages/patches/python-unittest2-remove-argparse.patch \
%D%/packages/patches/python-waitress-fix-tests.patch \
%D%/packages/patches/qemu-glibc-2.27.patch \
- %D%/packages/patches/qemu-CVE-2018-11806.patch \
%D%/packages/patches/qt4-ldflags.patch \
%D%/packages/patches/qtbase-use-TZDIR.patch \
%D%/packages/patches/qtoctave-qt-5.11-fix.patch \
diff --git a/gnu/packages/patches/qemu-CVE-2018-11806.patch
b/gnu/packages/patches/qemu-CVE-2018-11806.patch
deleted file mode 100644
index f021dfa..0000000
--- a/gnu/packages/patches/qemu-CVE-2018-11806.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-Fix CVE-2018-11806:
-
-https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=864036e251f54c99d31df124aad7f34f01f5344c
-
-From 864036e251f54c99d31df124aad7f34f01f5344c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <address@hidden>
-Date: Tue, 5 Jun 2018 23:38:35 +0530
-Subject: [PATCH] slirp: correct size computation while concatenating mbuf
-
-While reassembling incoming fragmented datagrams, 'm_cat' routine
-extends the 'mbuf' buffer, if it has insufficient room. It computes
-a wrong buffer size, which leads to overwriting adjacent heap buffer
-area. Correct this size computation in m_cat.
-
-Reported-by: ZDI Disclosures <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Signed-off-by: Samuel Thibault <address@hidden>
----
- slirp/mbuf.c | 11 +++++------
- slirp/mbuf.h | 8 +++-----
- 2 files changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/slirp/mbuf.c b/slirp/mbuf.c
-index 5ff24559fd..18cbf759a7 100644
---- a/slirp/mbuf.c
-+++ b/slirp/mbuf.c
-@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- * If there's no room, realloc
- */
- if (M_FREEROOM(m) < n->m_len)
-- m_inc(m,m->m_size+MINCSIZE);
-+ m_inc(m, m->m_len + n->m_len);
-
- memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
- m->m_len += n->m_len;
-@@ -147,7 +147,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- }
-
-
--/* make m size bytes large */
-+/* make m 'size' bytes large from m_data */
- void
- m_inc(struct mbuf *m, int size)
- {
-@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
-
- if (m->m_flags & M_EXT) {
- datasize = m->m_data - m->m_ext;
-- m->m_ext = g_realloc(m->m_ext, size);
-+ m->m_ext = g_realloc(m->m_ext, size + datasize);
- m->m_data = m->m_ext + datasize;
- } else {
- char *dat;
- datasize = m->m_data - m->m_dat;
-- dat = g_malloc(size);
-+ dat = g_malloc(size + datasize);
- memcpy(dat, m->m_dat, m->m_size);
-
- m->m_ext = dat;
-@@ -171,8 +171,7 @@ m_inc(struct mbuf *m, int size)
- m->m_flags |= M_EXT;
- }
-
-- m->m_size = size;
--
-+ m->m_size = size + datasize;
- }
-
-
-diff --git a/slirp/mbuf.h b/slirp/mbuf.h
-index 893601ff9d..33b84485d6 100644
---- a/slirp/mbuf.h
-+++ b/slirp/mbuf.h
-@@ -33,8 +33,6 @@
- #ifndef MBUF_H
- #define MBUF_H
-
--#define MINCSIZE 4096 /* Amount to increase mbuf if too small */
--
- /*
- * Macros for type conversion
- * mtod(m,t) - convert mbuf pointer to data pointer of correct type
-@@ -72,11 +70,11 @@ struct mbuf {
- struct mbuf *m_prevpkt; /* Flags aren't used in the output
queue */
- int m_flags; /* Misc flags */
-
-- int m_size; /* Size of data */
-+ int m_size; /* Size of mbuf, from m_dat or m_ext */
- struct socket *m_so;
-
-- caddr_t m_data; /* Location of data */
-- int m_len; /* Amount of data in this mbuf */
-+ caddr_t m_data; /* Current location of data */
-+ int m_len; /* Amount of data in this mbuf, from
m_data */
-
- Slirp *slirp;
- bool resolution_requested;
---
-2.17.1
-
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 8e7eded5..a39f2fa 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -94,15 +94,14 @@
(define-public qemu
(package
(name "qemu")
- (version "2.12.1")
+ (version "3.0.0")
(source (origin
(method url-fetch)
(uri (string-append "https://download.qemu.org/qemu-"
version ".tar.xz"))
- (patches (search-patches "qemu-CVE-2018-11806.patch"))
(sha256
(base32
- "0krnp2wvggpchc7fdlmyasqy7j17baz8asr2g05x0v00w003hn1k"))))
+ "04sp3f1gp4bdb913jf7fw761njaqp2l32wgipp1sapmxx17zcyld"))))
(build-system gnu-build-system)
(arguments
'(;; Running tests in parallel can occasionally lead to failures, like:
- 05/16: gnu: s6-dns: Update to 2.3.0.1., (continued)
- 05/16: gnu: s6-dns: Update to 2.3.0.1., Tobias Geerinckx-Rice, 2018/08/15
- 04/16: gnu: s6: Update to 2.7.2.0., Tobias Geerinckx-Rice, 2018/08/15
- 11/16: gnu: s6-linux-utils: Update to 2.5.0.0., Tobias Geerinckx-Rice, 2018/08/15
- 06/16: gnu: s6-networking: Update to 2.3.0.3., Tobias Geerinckx-Rice, 2018/08/15
- 08/16: gnu: s6-portable-utils: Update to 2.2.1.2., Tobias Geerinckx-Rice, 2018/08/15
- 07/16: gnu: s6-rc: Update to 0.4.1.0., Tobias Geerinckx-Rice, 2018/08/15
- 09/16: gnu: s6-linux-init: Update to 0.4.0.0., Tobias Geerinckx-Rice, 2018/08/15
- 16/16: gnu: protobuf-c: Update to 1.3.1., Tobias Geerinckx-Rice, 2018/08/15
- 12/16: gnu: armadillo: Update to 9.100.4., Tobias Geerinckx-Rice, 2018/08/15
- 13/16: gnu: stellarium: Use HTTPS home page., Tobias Geerinckx-Rice, 2018/08/15
- 15/16: gnu: qemu: Update to 3.0.0 [mitigate CVE-2018-3639].,
Tobias Geerinckx-Rice <=
- 10/16: gnu: s6-linux-init: Remove superfluous spaces from description., Tobias Geerinckx-Rice, 2018/08/15
- 14/16: gnu: stellarium: Remove redundant FILE-NAME., Tobias Geerinckx-Rice, 2018/08/15