summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-08-23 21:56:34 +0300
committerEfraim Flashner <efraim@flashner.co.il>2017-08-23 21:56:55 +0300
commitf81039058cb2c7b0b4986109fca584a87112a9b9 (patch)
tree7c905f573461d36f8a84e7467af2c6fffd0f50e8 /gnu
parentf00e328fd37eda2ed0f706ca03a021e72a6b2350 (diff)
downloadguix-f81039058cb2c7b0b4986109fca584a87112a9b9.tar.gz
gnu: qemu: Fix CVE-2017-12809.
* gnu/packages/virtualization.scm (qemu)[source]: Add patch.
* gnu/packages/patches/qemu-CVE-2017-12809.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-12809.patch38
-rw-r--r--gnu/packages/virtualization.scm3
3 files changed, 41 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index f72bb52011..71f1cb2441 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1003,6 +1003,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/qemu-CVE-2017-10911.patch		\
   %D%/packages/patches/qemu-CVE-2017-11334.patch		\
   %D%/packages/patches/qemu-CVE-2017-11434.patch		\
+  %D%/packages/patches/qemu-CVE-2017-12809.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
   %D%/packages/patches/quagga-reproducible-build.patch          \
diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch
new file mode 100644
index 0000000000..e40a14b4e0
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch
@@ -0,0 +1,38 @@
+http://openwall.com/lists/oss-security/2017/08/21/2
+https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
+
+The block backend changed in a way that flushing empty CDROM drives now
+crashes.  Amend IDE to avoid doing so until the root problem can be
+addressed for 2.11.
+
+Original patch by John Snow <address@hidden>.
+
+Reported-by: Kieron Shorrock <address@hidden>
+Signed-off-by: Stefan Hajnoczi <address@hidden>
+---
+ hw/ide/core.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/hw/ide/core.c b/hw/ide/core.c
+index 0b48b64d3a..bea39536b0 100644
+--- a/hw/ide/core.c
++++ b/hw/ide/core.c
+@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
+     s->status |= BUSY_STAT;
+     ide_set_retry(s);
+     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
+-    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++
++    if (blk_bs(s->blk)) {
++        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++    } else {
++        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
++         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
++         */
++        ide_flush_cb(s, 0);
++    }
+ }
+      
+ static void ide_cfata_metadata_inquiry(IDEState *s)
+-- 
+2.13.3
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index d76a6dfd85..d06c55bd57 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -87,7 +87,8 @@
                                       "qemu-CVE-2017-10806.patch"
                                       "qemu-CVE-2017-10911.patch"
                                       "qemu-CVE-2017-11334.patch"
-                                      "qemu-CVE-2017-11434.patch"))
+                                      "qemu-CVE-2017-11434.patch"
+                                      "qemu-CVE-2017-12809.patch"))
              (sha256
               (base32
                "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))