diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2017-08-23 21:56:34 +0300 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2017-08-23 21:56:55 +0300 |
commit | f81039058cb2c7b0b4986109fca584a87112a9b9 (patch) | |
tree | 7c905f573461d36f8a84e7467af2c6fffd0f50e8 | |
parent | f00e328fd37eda2ed0f706ca03a021e72a6b2350 (diff) |
gnu: qemu: Fix CVE-2017-12809.
* gnu/packages/virtualization.scm (qemu)[source]: Add patch.
* gnu/packages/patches/qemu-CVE-2017-12809.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-12809.patch | 38 | ||||
-rw-r--r-- | gnu/packages/virtualization.scm | 3 |
3 files changed, 41 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f72bb52011..71f1cb2441 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1003,6 +1003,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2017-10911.patch \ %D%/packages/patches/qemu-CVE-2017-11334.patch \ %D%/packages/patches/qemu-CVE-2017-11434.patch \ + %D%/packages/patches/qemu-CVE-2017-12809.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch new file mode 100644 index 0000000000..e40a14b4e0 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch @@ -0,0 +1,38 @@ +http://openwall.com/lists/oss-security/2017/08/21/2 +https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html + +The block backend changed in a way that flushing empty CDROM drives now +crashes. Amend IDE to avoid doing so until the root problem can be +addressed for 2.11. + +Original patch by John Snow <address@hidden>. + +Reported-by: Kieron Shorrock <address@hidden> +Signed-off-by: Stefan Hajnoczi <address@hidden> +--- + hw/ide/core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 0b48b64d3a..bea39536b0 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s) + s->status |= BUSY_STAT; + ide_set_retry(s); + block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); +- s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ ++ if (blk_bs(s->blk)) { ++ s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ } else { ++ /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this ++ * temporary workaround when blk_aio_*() functions handle NULL blk_bs. ++ */ ++ ide_flush_cb(s, 0); ++ } + } + + static void ide_cfata_metadata_inquiry(IDEState *s) +-- +2.13.3 diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index d76a6dfd85..d06c55bd57 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -87,7 +87,8 @@ "qemu-CVE-2017-10806.patch" "qemu-CVE-2017-10911.patch" "qemu-CVE-2017-11334.patch" - "qemu-CVE-2017-11434.patch")) + "qemu-CVE-2017-11434.patch" + "qemu-CVE-2017-12809.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) |