[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: qemu: Patch CVE-2016-10155, CVE-2017-5552.
|
From: |
Efraim Flashner |
|
Subject: |
01/01: gnu: qemu: Patch CVE-2016-10155, CVE-2017-5552. |
|
Date: |
Sun, 22 Jan 2017 14:00:09 +0000 (UTC) |
efraim pushed a commit to branch master
in repository guix.
commit 8ba237a280cf4a16e6ae41e9ba5d42cab852f1b4
Author: Efraim Flashner <address@hidden>
Date: Sun Jan 22 13:40:44 2017 +0200
gnu: qemu: Patch CVE-2016-10155, CVE-2017-5552.
* gnu/packages/qemu.scm (qemu)[source]: Add patches.
* gnu/packages/patches/qemu-CVE-2016-10155.patch,
gnu/packages/patches/qemu-CVE-2017-5552.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
---
gnu/local.mk | 2 +
gnu/packages/patches/qemu-CVE-2016-10155.patch | 49 ++++++++++++++++++++++++
gnu/packages/patches/qemu-CVE-2017-5552.patch | 44 +++++++++++++++++++++
gnu/packages/qemu.scm | 6 ++-
4 files changed, 99 insertions(+), 2 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index c2e7d49..d321824 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -853,8 +853,10 @@ dist_patch_DATA =
\
%D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \
%D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
%D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
+ %D%/packages/patches/qemu-CVE-2016-10155.patch \
%D%/packages/patches/qemu-CVE-2017-5525.patch \
%D%/packages/patches/qemu-CVE-2017-5526.patch \
+ %D%/packages/patches/qemu-CVE-2017-5552.patch \
%D%/packages/patches/qt4-ldflags.patch \
%D%/packages/patches/quickswitch-fix-dmenu-check.patch \
%D%/packages/patches/rapicorn-isnan.patch \
diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch
b/gnu/packages/patches/qemu-CVE-2016-10155.patch
new file mode 100644
index 0000000..825edaa
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch
@@ -0,0 +1,49 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <address@hidden>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ hw/watchdog/wdt_i6300esb.c | 9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+ /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+
++static void i6300esb_exit(PCIDevice *dev)
++{
++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++ timer_del(d->timer);
++ timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+ .wdt_name = "i6300esb",
+ .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void
*data)
+ k->config_read = i6300esb_config_read;
+ k->config_write = i6300esb_config_write;
+ k->realize = i6300esb_realize;
++ k->exit = i6300esb_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+ k->class_id = PCI_CLASS_SYSTEM_OTHER;
+--
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch
b/gnu/packages/patches/qemu-CVE-2017-5552.patch
new file mode 100644
index 0000000..50911f4
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch
@@ -0,0 +1,44 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <address@hidden>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <address@hidden>
+Reviewed-by: Marc-André Lureau <address@hidden>
+Message-id: address@hidden
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 7 +++++--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+ return;
+ }
+
+- virgl_renderer_resource_attach_iov(att_rb.resource_id,
+- res_iovs, att_rb.nr_entries);
++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++ res_iovs, att_rb.nr_entries);
++
++ if (ret != 0)
++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+--
+1.7.0.4
+
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 693864f..1c10ab9 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -77,8 +77,10 @@
(sha256
(base32
"0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
- (patches (search-patches "qemu-CVE-2017-5525.patch"
- "qemu-CVE-2017-5526.patch"))))
+ (patches (search-patches "qemu-CVE-2016-10155.patch"
+ "qemu-CVE-2017-5525.patch"
+ "qemu-CVE-2017-5526.patch"
+ "qemu-CVE-2017-5552.patch"))))
(build-system gnu-build-system)
(arguments
'(;; Running tests in parallel can occasionally lead to failures, like: