From dfa663c963a7c0745f18cbfab4b45eb335742602 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 7 Apr 2017 09:03:28 -0400
Subject: gnu: qemu: Update to 2.9.0 [security fixes].

Fixes CVE-2017-{5857,5973,5987,6058,6505,7377,7471,7718}.

* gnu/packages/qemu.scm (qemu): Update to 2.9.0.
[source]: Remove obsolete patches.
* gnu/packages/patches/qemu-CVE-2016-10155.patch,
gnu/packages/patches/qemu-CVE-2017-5525.patch,
gnu/packages/patches/qemu-CVE-2017-5526.patch,
gnu/packages/patches/qemu-CVE-2017-5552.patch,
gnu/packages/patches/qemu-CVE-2017-5578.patch,
gnu/packages/patches/qemu-CVE-2017-5579.patch,
gnu/packages/patches/qemu-CVE-2017-5856.patch,
gnu/packages/patches/qemu-CVE-2017-5898.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/packages/patches/qemu-CVE-2017-5898.patch | 44 ---------------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5898.patch

(limited to 'gnu/packages/patches/qemu-CVE-2017-5898.patch')

diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
deleted file mode 100644
index 5a94bb1ae4..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5898.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
-
-http://seclists.org/oss-sec/2017/q1/328
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
-
-Patch copied from upstream source repository:
-
-http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
-
-From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 3 Feb 2017 00:52:28 +0530
-Subject: [PATCH] usb: ccid: check ccid apdu length
-
-CCID device emulator uses Application Protocol Data Units(APDU)
-to exchange command and responses to and from the host.
-The length in these units couldn't be greater than 65536. Add
-check to ensure the same. It'd also avoid potential integer
-overflow in emulated_apdu_from_guest.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170202192228.10847-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-smartcard-reader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
-index 89e11b68c4..1325ea1659 100644
---- a/hw/usb/dev-smartcard-reader.c
-+++ b/hw/usb/dev-smartcard-reader.c
-@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
-     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
-                 recv->hdr.bSeq, len);
-     ccid_add_pending_answer(s, (CCID_Header *)recv);
--    if (s->card) {
-+    if (s->card && len <= BULK_OUT_DATA_SIZE) {
-         ccid_card_apdu_from_guest(s->card, recv->abData, len);
-     } else {
-         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
--- 
-2.11.1
-
-- 
cgit v1.2.3