diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2018-02-20 17:44:43 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2018-02-20 17:44:43 +0100 |
| commit | 5fa6b52a548a806c36a450448972ae4007bbac17 (patch) | |
| tree | a42d8c56a3e6f388dc3db85128bf06ed0ccfc52d /gnu/packages/patches/qemu-CVE-2017-15038.patch | |
| parent | b1989c12501e880afab62d3ff961791906fef350 (diff) | |
gnu: qemu: Update to 2.11.1.
* gnu/packages/patches/qemu-CVE-2017-15038.patch,
gnu/packages/patches/qemu-CVE-2017-15289.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/virtualization.scm (qemu): Update to 2.11.1
[source](patches): Remove.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2017-15038.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-15038.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2017-15038.patch b/gnu/packages/patches/qemu-CVE-2017-15038.patch deleted file mode 100644 index 4791a186bf..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-15038.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-15038: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=7bd92756303f2158a68d5166264dc30139b813b6 - -From 7bd92756303f2158a68d5166264dc30139b813b6 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Mon, 16 Oct 2017 14:21:59 +0200 -Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr - -9p back-end first queries the size of an extended attribute, -allocates space for it via g_malloc() and then retrieves its -value into allocated buffer. Race between querying attribute -size and retrieving its could lead to memory bytes disclosure. -Use g_malloc0() to avoid it. - -Reported-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Greg Kurz <groug@kaod.org> ---- - hw/9pfs/9p.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 23ac7bb532..f8bbac251d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3234,7 +3234,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque) - xattr_fidp->fid_type = P9_FID_XATTR; - xattr_fidp->fs.xattr.xattrwalk_fid = true; - if (size) { -- xattr_fidp->fs.xattr.value = g_malloc(size); -+ xattr_fidp->fs.xattr.value = g_malloc0(size); - err = v9fs_co_llistxattr(pdu, &xattr_fidp->path, - xattr_fidp->fs.xattr.value, - xattr_fidp->fs.xattr.len); -@@ -3267,7 +3267,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque) - xattr_fidp->fid_type = P9_FID_XATTR; - xattr_fidp->fs.xattr.xattrwalk_fid = true; - if (size) { -- xattr_fidp->fs.xattr.value = g_malloc(size); -+ xattr_fidp->fs.xattr.value = g_malloc0(size); - err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path, - &name, xattr_fidp->fs.xattr.value, - xattr_fidp->fs.xattr.len); --- -2.15.0 - |