diff options
| author | Rutger Helling <rhelling@mykolab.com> | 2019-08-19 09:03:44 +0200 |
|---|---|---|
| committer | Rutger Helling <rhelling@mykolab.com> | 2019-08-19 09:06:47 +0200 |
| commit | 04b9b7bb05aff4c41f46cd79aa7bc953ace16e86 (patch) | |
| tree | cd37236650909f412836168f9f07ef4224e6d6f4 /gnu/packages/patches/qemu-CVE-2019-6778.patch | |
| parent | ab4561489e9e3a07be121582160df128e38a44e1 (diff) | |
| download | guix-04b9b7bb05aff4c41f46cd79aa7bc953ace16e86.tar.gz | |
gnu: qemu: Update to 4.1.0.
* gnu/local.mk: Remove qemu-CVE-2018-16872.patch and qemu-CVE-2019-6778.patch. * gnu/packages/patches/qemu-CVE-2018-16872.patch: Remove file. * gnu/packages/patches/qemu-CVE-2019-6778.patch: Remove file. * gnu/packages/virtualization.scm (qemu): Update to 4.1.0. [source]: Remove obsolete patches. [arguments]: Add phases 'prevent-network-configuration and 'disable-unusable-tests.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2019-6778.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2019-6778.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2019-6778.patch b/gnu/packages/patches/qemu-CVE-2019-6778.patch deleted file mode 100644 index 315f2922da..0000000000 --- a/gnu/packages/patches/qemu-CVE-2019-6778.patch +++ /dev/null @@ -1,43 +0,0 @@ -Fixes CVE-2019-6778: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6778 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7104eda7dab99d0cdbd3595c211864cba415905 - -From a7104eda7dab99d0cdbd3595c211864cba415905 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Sun, 13 Jan 2019 23:29:48 +0530 -Subject: [PATCH] slirp: check data length while emulating ident function - -While emulating identification protocol, tcp_emu() does not check -available space in the 'sc_rcv->sb_data' buffer. It could lead to -heap buffer overflow issue. Add check to avoid it. - -Reported-by: Kira <864786842@qq.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> ---- - slirp/tcp_subr.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c -index 4a9a5b5edc..23a841f26e 100644 ---- a/slirp/tcp_subr.c -+++ b/slirp/tcp_subr.c -@@ -634,6 +634,11 @@ tcp_emu(struct socket *so, struct mbuf *m) - socklen_t addrlen = sizeof(struct sockaddr_in); - struct sbuf *so_rcv = &so->so_rcv; - -+ if (m->m_len > so_rcv->sb_datalen -+ - (so_rcv->sb_wptr - so_rcv->sb_data)) { -+ return 1; -+ } -+ - memcpy(so_rcv->sb_wptr, m->m_data, m->m_len); - so_rcv->sb_wptr += m->m_len; - so_rcv->sb_rptr += m->m_len; --- -2.20.1 - |