summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2016-12-21 21:28:15 +0200
committerEfraim Flashner <efraim@flashner.co.il>2016-12-21 21:28:15 +0200
commitd229ba95024525a20a34106d875cde604c27817d (patch)
treea9adc4deefa6d4814b700a69d631715dace412c5 /gnu/packages/patches
parent4da696877cc01077a3a159a7ef4c71ab214458e5 (diff)
downloadguix-d229ba95024525a20a34106d875cde604c27817d.tar.gz
gnu: qemu: Update to 2.8.0.
* gnu/packages/qemu.scm (qemu): Update to 2.8.0.
[source]: Remove patches.
[arguments]: Set host_cc during 'configure.
* gnu/packages/patches/qemu-CVE-2016-8576.patch,
gnu/packages/patches/qemu-CVE-2016-8577.patch,
gnu/packages/patches/qemu-CVE-2016-8577.patch: Remove files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8576.patch62
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8577.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8578.patch27
3 files changed, 0 insertions, 125 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch
deleted file mode 100644
index 5031b59d81..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8576.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 7 Oct 2016 10:15:29 +0200
-Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-xhci.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 726435c..ee4fa48 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -54,6 +54,8 @@
-  * to the specs when it gets them */
- #define ER_FULL_HACK
- 
-+#define TRB_LINK_LIMIT  4
-+
- #define LEN_CAP         0x40
- #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
- #define LEN_RUNTIME     ((MAXINTRS + 1) * 0x20)
-@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
-                                dma_addr_t *addr)
- {
-     PCIDevice *pci_dev = PCI_DEVICE(xhci);
-+    uint32_t link_cnt = 0;
- 
-     while (1) {
-         TRBType type;
-@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
-             ring->dequeue += TRB_SIZE;
-             return type;
-         } else {
-+            if (++link_cnt > TRB_LINK_LIMIT) {
-+                return 0;
-+            }
-             ring->dequeue = xhci_mask64(trb->parameter);
-             if (trb->control & TRB_LK_TC) {
-                 ring->ccs = !ring->ccs;
-@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
-     bool ccs = ring->ccs;
-     /* hack to bundle together the two/three TDs that make a setup transfer */
-     bool control_td_set = 0;
-+    uint32_t link_cnt = 0;
- 
-     while (1) {
-         TRBType type;
-@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
-         type = TRB_TYPE(trb);
- 
-         if (type == TR_LINK) {
-+            if (++link_cnt > TRB_LINK_LIMIT) {
-+                return -length;
-+            }
-             dequeue = xhci_mask64(trb.parameter);
-             if (trb.control & TRB_LK_TC) {
-                 ccs = !ccs;
--- 
-1.8.3.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch
deleted file mode 100644
index c4132d2fb1..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8577.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read
-From: Li Qiang <liq3ea@gmail.com>
-
-In 9pfs read dispatch function, it doesn't free two QEMUIOVector
-object thus causing potential memory leak. This patch avoid this.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
----
- hw/9pfs/9p.c | 5 +++--
-  1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 119ee58..543a791 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
-             if (len < 0) {
-                 /* IO error return the error */
-                 err = len;
--                goto out;
-+                goto out_free_iovec;
-             }
-         } while (count < max_count && len > 0);
-         err = pdu_marshal(pdu, offset, "d", count);
-         if (err < 0) {
--            goto out;
-+            goto out_free_iovec;
-         }
-         err += offset + count;
-+out_free_iovec:
-         qemu_iovec_destroy(&qiov);
-         qemu_iovec_destroy(&qiov_full);
-     } else if (fidp->fid_type == P9_FID_XATTR) {
--- 
-1.8.3.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch
deleted file mode 100644
index 92ba365727..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8578.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Li Qiang <liq3ea@gmail.com>
-
-In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
-for empty string. This will cause several NULL pointer dereference
-issues. this patch fix this issue.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
----
- fsdev/9p-iov-marshal.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
-index 663cad5..1d16f8d 100644
---- a/fsdev/9p-iov-marshal.c
-+++ b/fsdev/9p-iov-marshal.c
-@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
-                 str->data = g_malloc(str->size + 1);
-                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
-                                      str->size);
--                if (copied > 0) {
-+                if (copied >= 0) {
-                     str->data[str->size] = 0;
-                 } else {
-                     v9fs_string_free(str);
--- 
-1.8.3.1
-