diff options
| author | Leo Famulari <leo@famulari.name> | 2017-04-07 00:16:18 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-04-07 00:53:02 -0400 |
| commit | fbd6fb1a9d75bd7b5d1df24cb805b7df335b0223 (patch) | |
| tree | f3c44e6fad5ccde80fc4a093de28f17e8faa6642 /gnu/packages/patches/qemu-CVE-2017-2630.patch | |
| parent | 0715c0e69c2ec6f91551988d46de07e2e4cfaac2 (diff) | |
| download | guix-fbd6fb1a9d75bd7b5d1df24cb805b7df335b0223.tar.gz | |
gnu: qemu: Update to 2.8.1 [security fixes].
Fixes CVE-2016-{9602,9603} and CVE-2017-{2615,2620,2630,5667,5931}.
* gnu/packages/qemu.scm (qemu): Update to 2.8.1.
* gnu/packages/patches/qemu-CVE-2017-2615.patch,
gnu/packages/patches/qemu-CVE-2017-2620.patch,
gnu/packages/patches/qemu-CVE-2017-2630.patch,
gnu/packages/patches/qemu-CVE-2017-5667.patch,
gnu/packages/patches/qemu-CVE-2017-5931.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2017-2630.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-2630.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2017-2630.patch b/gnu/packages/patches/qemu-CVE-2017-2630.patch deleted file mode 100644 index b154d171f1..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-2630.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2017-2630: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2630 -https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html - -Patch copied from upstream source repository: - -http://git.qemu-project.org/?p=qemu.git;a=commit;h=2563c9c6b8670400c48e562034b321a7cf3d9a85 - -From 2563c9c6b8670400c48e562034b321a7cf3d9a85 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> -Date: Tue, 7 Mar 2017 09:16:27 -0600 -Subject: [PATCH] nbd/client: fix drop_sync [CVE-2017-2630] -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Comparison symbol is misused. It may lead to memory corruption. -Introduced in commit 7d3123e. - -Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> -Message-Id: <20170203154757.36140-6-vsementsov@virtuozzo.com> -[eblake: add CVE details, update conditional] -Signed-off-by: Eric Blake <eblake@redhat.com> -Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> -Message-Id: <20170307151627.27212-1-eblake@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - nbd/client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/nbd/client.c b/nbd/client.c -index 5c9dee37fa..3dc2564cd0 100644 ---- a/nbd/client.c -+++ b/nbd/client.c -@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size) - char small[1024]; - char *buffer; - -- buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size)); -+ buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size)); - while (size > 0) { - ssize_t count = read_sync(ioc, buffer, MIN(65536, size)); - --- -2.12.0 - |