mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 13:58:15 -05:00
gnu: qemu: Update to 2.8.1 [security fixes].
Fixes CVE-2016-{9602,9603} and CVE-2017-{2615,2620,2630,5667,5931}. * gnu/packages/qemu.scm (qemu): Update to 2.8.1. * gnu/packages/patches/qemu-CVE-2017-2615.patch, gnu/packages/patches/qemu-CVE-2017-2620.patch, gnu/packages/patches/qemu-CVE-2017-2630.patch, gnu/packages/patches/qemu-CVE-2017-5667.patch, gnu/packages/patches/qemu-CVE-2017-5931.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
parent
0715c0e69c
commit
fbd6fb1a9d
7 changed files with 4 additions and 347 deletions
|
@ -890,18 +890,13 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
|
%D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
|
||||||
%D%/packages/patches/python2-subprocess32-disable-input-test.patch \
|
%D%/packages/patches/python2-subprocess32-disable-input-test.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2016-10155.patch \
|
%D%/packages/patches/qemu-CVE-2016-10155.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-2615.patch \
|
|
||||||
%D%/packages/patches/qemu-CVE-2017-2620.patch \
|
|
||||||
%D%/packages/patches/qemu-CVE-2017-2630.patch \
|
|
||||||
%D%/packages/patches/qemu-CVE-2017-5525.patch \
|
%D%/packages/patches/qemu-CVE-2017-5525.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5526.patch \
|
%D%/packages/patches/qemu-CVE-2017-5526.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5552.patch \
|
%D%/packages/patches/qemu-CVE-2017-5552.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5578.patch \
|
%D%/packages/patches/qemu-CVE-2017-5578.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5579.patch \
|
%D%/packages/patches/qemu-CVE-2017-5579.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5667.patch \
|
|
||||||
%D%/packages/patches/qemu-CVE-2017-5856.patch \
|
%D%/packages/patches/qemu-CVE-2017-5856.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5898.patch \
|
%D%/packages/patches/qemu-CVE-2017-5898.patch \
|
||||||
%D%/packages/patches/qemu-CVE-2017-5931.patch \
|
|
||||||
%D%/packages/patches/qt4-ldflags.patch \
|
%D%/packages/patches/qt4-ldflags.patch \
|
||||||
%D%/packages/patches/quickswitch-fix-dmenu-check.patch \
|
%D%/packages/patches/quickswitch-fix-dmenu-check.patch \
|
||||||
%D%/packages/patches/rapicorn-isnan.patch \
|
%D%/packages/patches/rapicorn-isnan.patch \
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
|
|
||||||
this patch is from qemu-git.
|
|
||||||
|
|
||||||
|
|
||||||
From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Date: Wed, 1 Feb 2017 09:35:01 +0100
|
|
||||||
Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
|
|
||||||
|
|
||||||
When doing bitblt copy in backward mode, we should minus the
|
|
||||||
blt width first just like the adding in the forward mode. This
|
|
||||||
can avoid the oob access of the front of vga's vram.
|
|
||||||
|
|
||||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
|
|
||||||
{ kraxel: with backward blits (negative pitch) addr is the topmost
|
|
||||||
address, so check it as-is against vram size ]
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Cc: P J P <ppandit@redhat.com>
|
|
||||||
Cc: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
|
||||||
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
|
|
||||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
---
|
|
||||||
hw/display/cirrus_vga.c | 7 +++----
|
|
||||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
|
||||||
index 7db6409dc5..16f27e8ac5 100644
|
|
||||||
--- a/hw/display/cirrus_vga.c
|
|
||||||
+++ b/hw/display/cirrus_vga.c
|
|
||||||
@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
|
||||||
{
|
|
||||||
if (pitch < 0) {
|
|
||||||
int64_t min = addr
|
|
||||||
- + ((int64_t)s->cirrus_blt_height-1) * pitch;
|
|
||||||
- int32_t max = addr
|
|
||||||
- + s->cirrus_blt_width;
|
|
||||||
- if (min < 0 || max > s->vga.vram_size) {
|
|
||||||
+ + ((int64_t)s->cirrus_blt_height - 1) * pitch
|
|
||||||
+ - s->cirrus_blt_width;
|
|
||||||
+ if (min < -1 || addr >= s->vga.vram_size) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.11.0
|
|
||||||
|
|
|
@ -1,134 +0,0 @@
|
||||||
Fix CVE-2017-2620:
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
|
|
||||||
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
|
|
||||||
|
|
||||||
Both patches copied from upstream source repository:
|
|
||||||
|
|
||||||
Fixes CVE-2017-2620:
|
|
||||||
http://git.qemu-project.org/?p=qemu.git;a=commit;h=92f2b88cea48c6aeba8de568a45f2ed958f3c298
|
|
||||||
|
|
||||||
The CVE-2017-2620 bug-fix depends on this earlier patch:
|
|
||||||
http://git.qemu-project.org/?p=qemu.git;a=commit;h=913a87885f589d263e682c2eb6637c6e14538061
|
|
||||||
|
|
||||||
From 92f2b88cea48c6aeba8de568a45f2ed958f3c298 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
Date: Wed, 8 Feb 2017 11:18:36 +0100
|
|
||||||
Subject: [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
|
|
||||||
(CVE-2017-2620)
|
|
||||||
|
|
||||||
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
|
|
||||||
and blit width, at all. Oops. Fix it.
|
|
||||||
|
|
||||||
Security impact: high.
|
|
||||||
|
|
||||||
The missing blit destination check allows to write to host memory.
|
|
||||||
Basically same as CVE-2014-8106 for the other blit variants.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
---
|
|
||||||
hw/display/cirrus_vga.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
|
||||||
index 1deb52070a..b9e7cb1df1 100644
|
|
||||||
--- a/hw/display/cirrus_vga.c
|
|
||||||
+++ b/hw/display/cirrus_vga.c
|
|
||||||
@@ -900,6 +900,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
|
|
||||||
{
|
|
||||||
int w;
|
|
||||||
|
|
||||||
+ if (blit_is_unsafe(s, true)) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
|
|
||||||
s->cirrus_srcptr = &s->cirrus_bltbuf[0];
|
|
||||||
s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
|
|
||||||
@@ -925,6 +929,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
|
|
||||||
}
|
|
||||||
s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* the blit_is_unsafe call above should catch this */
|
|
||||||
+ assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
|
|
||||||
+
|
|
||||||
s->cirrus_srcptr = s->cirrus_bltbuf;
|
|
||||||
s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
|
|
||||||
cirrus_update_memory_access(s);
|
|
||||||
--
|
|
||||||
2.12.0
|
|
||||||
|
|
||||||
From 913a87885f589d263e682c2eb6637c6e14538061 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Bruce Rogers <brogers@suse.com>
|
|
||||||
Date: Mon, 9 Jan 2017 13:35:20 -0700
|
|
||||||
Subject: [PATCH] display: cirrus: ignore source pitch value as needed in
|
|
||||||
blit_is_unsafe
|
|
||||||
|
|
||||||
Commit 4299b90 added a check which is too broad, given that the source
|
|
||||||
pitch value is not required to be initialized for solid fill operations.
|
|
||||||
This patch refines the blit_is_unsafe() check to ignore source pitch in
|
|
||||||
that case. After applying the above commit as a security patch, we
|
|
||||||
noticed the SLES 11 SP4 guest gui failed to initialize properly.
|
|
||||||
|
|
||||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
||||||
Message-id: 20170109203520.5619-1-brogers@suse.com
|
|
||||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
||||||
---
|
|
||||||
hw/display/cirrus_vga.c | 11 +++++++----
|
|
||||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
|
||||||
index bdb092ee9d..379910db2d 100644
|
|
||||||
--- a/hw/display/cirrus_vga.c
|
|
||||||
+++ b/hw/display/cirrus_vga.c
|
|
||||||
@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static bool blit_is_unsafe(struct CirrusVGAState *s)
|
|
||||||
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
|
||||||
{
|
|
||||||
/* should be the case, see cirrus_bitblt_start */
|
|
||||||
assert(s->cirrus_blt_width > 0);
|
|
||||||
@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
|
|
||||||
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
+ if (dst_only) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
|
||||||
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
|
||||||
return true;
|
|
||||||
@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
|
||||||
|
|
||||||
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
|
||||||
|
|
||||||
- if (blit_is_unsafe(s))
|
|
||||||
+ if (blit_is_unsafe(s, false))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
(*s->cirrus_rop) (s, dst, src,
|
|
||||||
@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
|
||||||
{
|
|
||||||
cirrus_fill_t rop_func;
|
|
||||||
|
|
||||||
- if (blit_is_unsafe(s)) {
|
|
||||||
+ if (blit_is_unsafe(s, true)) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
|
||||||
@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
|
||||||
|
|
||||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
|
||||||
{
|
|
||||||
- if (blit_is_unsafe(s))
|
|
||||||
+ if (blit_is_unsafe(s, false))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
|
||||||
--
|
|
||||||
2.12.0
|
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
Fix CVE-2017-2630:
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2630
|
|
||||||
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
http://git.qemu-project.org/?p=qemu.git;a=commit;h=2563c9c6b8670400c48e562034b321a7cf3d9a85
|
|
||||||
|
|
||||||
From 2563c9c6b8670400c48e562034b321a7cf3d9a85 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
||||||
Date: Tue, 7 Mar 2017 09:16:27 -0600
|
|
||||||
Subject: [PATCH] nbd/client: fix drop_sync [CVE-2017-2630]
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Comparison symbol is misused. It may lead to memory corruption.
|
|
||||||
Introduced in commit 7d3123e.
|
|
||||||
|
|
||||||
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
|
|
||||||
Message-Id: <20170203154757.36140-6-vsementsov@virtuozzo.com>
|
|
||||||
[eblake: add CVE details, update conditional]
|
|
||||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
|
||||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
||||||
Message-Id: <20170307151627.27212-1-eblake@redhat.com>
|
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
---
|
|
||||||
nbd/client.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/nbd/client.c b/nbd/client.c
|
|
||||||
index 5c9dee37fa..3dc2564cd0 100644
|
|
||||||
--- a/nbd/client.c
|
|
||||||
+++ b/nbd/client.c
|
|
||||||
@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
|
|
||||||
char small[1024];
|
|
||||||
char *buffer;
|
|
||||||
|
|
||||||
- buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
|
|
||||||
+ buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
|
|
||||||
while (size > 0) {
|
|
||||||
ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
|
|
||||||
|
|
||||||
--
|
|
||||||
2.12.0
|
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
|
|
||||||
|
|
||||||
http://seclists.org/oss-sec/2017/q1/243
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
|
|
||||||
|
|
||||||
From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Date: Tue, 7 Feb 2017 18:29:59 +0000
|
|
||||||
Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
|
|
||||||
|
|
||||||
While doing multi block SDMA transfer in routine
|
|
||||||
'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
|
|
||||||
index 'begin' and data length 's->data_count' could end up to be same.
|
|
||||||
This could lead to an OOB access issue. Correct transfer data length
|
|
||||||
to avoid it.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reported-by: Jiang Xin <jiangxin1@huawei.com>
|
|
||||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
||||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
|
||||||
Message-id: 20170130064736.9236-1-ppandit@redhat.com
|
|
||||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
||||||
---
|
|
||||||
hw/sd/sdhci.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
|
|
||||||
index 01fbf228be..5bd5ab6319 100644
|
|
||||||
--- a/hw/sd/sdhci.c
|
|
||||||
+++ b/hw/sd/sdhci.c
|
|
||||||
@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
|
|
||||||
boundary_count -= block_size - begin;
|
|
||||||
}
|
|
||||||
dma_memory_read(&address_space_memory, s->sdmasysad,
|
|
||||||
- &s->fifo_buffer[begin], s->data_count);
|
|
||||||
+ &s->fifo_buffer[begin], s->data_count - begin);
|
|
||||||
s->sdmasysad += s->data_count - begin;
|
|
||||||
if (s->data_count == block_size) {
|
|
||||||
for (n = 0; n < block_size; n++) {
|
|
||||||
--
|
|
||||||
2.11.1
|
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
|
|
||||||
|
|
||||||
http://seclists.org/oss-sec/2017/q1/337
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
|
|
||||||
|
|
||||||
From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gonglei <arei.gonglei@huawei.com>
|
|
||||||
Date: Tue, 3 Jan 2017 14:50:03 +0800
|
|
||||||
Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
|
|
||||||
|
|
||||||
Because the 'size_t' type is 4 bytes in 32-bit platform, which
|
|
||||||
is the same with 'int'. It's easy to make 'max_len' to zero when
|
|
||||||
integer overflow and then cause heap overflow if 'max_len' is zero.
|
|
||||||
|
|
||||||
Using uint_64 instead of size_t to avoid the integer overflow.
|
|
||||||
|
|
||||||
Cc: qemu-stable@nongnu.org
|
|
||||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
|
|
||||||
Tested-by: Li Qiang <liqiang6-s@360.cn>
|
|
||||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
||||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
||||||
---
|
|
||||||
hw/virtio/virtio-crypto.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
|
|
||||||
index 2f2467e859..c23e1ad458 100644
|
|
||||||
--- a/hw/virtio/virtio-crypto.c
|
|
||||||
+++ b/hw/virtio/virtio-crypto.c
|
|
||||||
@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
|
|
||||||
uint32_t hash_start_src_offset = 0, len_to_hash = 0;
|
|
||||||
uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
|
|
||||||
|
|
||||||
- size_t max_len, curr_size = 0;
|
|
||||||
+ uint64_t max_len, curr_size = 0;
|
|
||||||
size_t s;
|
|
||||||
|
|
||||||
/* Plain cipher */
|
|
||||||
@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
|
|
||||||
+ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
|
|
||||||
if (unlikely(max_len > vcrypto->conf.max_size)) {
|
|
||||||
virtio_error(vdev, "virtio-crypto too big length");
|
|
||||||
return NULL;
|
|
||||||
--
|
|
||||||
2.11.1
|
|
||||||
|
|
|
@ -69,27 +69,23 @@ (define (qemu-patch commit file-name sha256)
|
||||||
(define-public qemu
|
(define-public qemu
|
||||||
(package
|
(package
|
||||||
(name "qemu")
|
(name "qemu")
|
||||||
(version "2.8.0")
|
(version "2.8.1")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://wiki.qemu-project.org/download/qemu-"
|
(uri (string-append "http://wiki.qemu-project.org/download/qemu-"
|
||||||
version ".tar.bz2"))
|
version ".tar.xz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
|
"0h342v4n44kh89yyfas4iazvhhsy5m5qk94vsjqpz5zpq1i2ykad"))
|
||||||
(patches (search-patches "qemu-CVE-2016-10155.patch"
|
(patches (search-patches "qemu-CVE-2016-10155.patch"
|
||||||
"qemu-CVE-2017-2615.patch"
|
|
||||||
"qemu-CVE-2017-2620.patch"
|
|
||||||
"qemu-CVE-2017-2630.patch"
|
|
||||||
"qemu-CVE-2017-5525.patch"
|
"qemu-CVE-2017-5525.patch"
|
||||||
"qemu-CVE-2017-5526.patch"
|
"qemu-CVE-2017-5526.patch"
|
||||||
"qemu-CVE-2017-5552.patch"
|
"qemu-CVE-2017-5552.patch"
|
||||||
"qemu-CVE-2017-5578.patch"
|
"qemu-CVE-2017-5578.patch"
|
||||||
"qemu-CVE-2017-5579.patch"
|
"qemu-CVE-2017-5579.patch"
|
||||||
"qemu-CVE-2017-5667.patch"
|
|
||||||
"qemu-CVE-2017-5856.patch"
|
"qemu-CVE-2017-5856.patch"
|
||||||
"qemu-CVE-2017-5898.patch"
|
"qemu-CVE-2017-5898.patch"
|
||||||
"qemu-CVE-2017-5931.patch"))))
|
))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(;; Running tests in parallel can occasionally lead to failures, like:
|
'(;; Running tests in parallel can occasionally lead to failures, like:
|
||||||
|
|
Loading…
Reference in a new issue