~ruther/guix-local

8ba237a280cf4a16e6ae41e9ba5d42cab852f1b4 — Efraim Flashner 9 years ago 79f3e82 
gnu: qemu: Patch CVE-2016-10155, CVE-2017-5552.

* gnu/packages/qemu.scm (qemu)[source]: Add patches.
* gnu/packages/patches/qemu-CVE-2016-10155.patch,
gnu/packages/patches/qemu-CVE-2017-5552.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
patch browse .tar.gz 
4 files changed, 99 insertions(+), 2 deletions(-)

M gnu/local.mk
A gnu/packages/patches/qemu-CVE-2016-10155.patch
A gnu/packages/patches/qemu-CVE-2017-5552.patch
M gnu/packages/qemu.scm

M gnu/local.mk => gnu/local.mk +2 -0
@@ 853,8 853,10 @@ dist_patch_DATA =						\
  %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch	\
  %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
  %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
  %D%/packages/patches/qemu-CVE-2016-10155.patch			\
  %D%/packages/patches/qemu-CVE-2017-5525.patch			\
  %D%/packages/patches/qemu-CVE-2017-5526.patch			\
  %D%/packages/patches/qemu-CVE-2017-5552.patch			\
  %D%/packages/patches/qt4-ldflags.patch			\
  %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
  %D%/packages/patches/rapicorn-isnan.patch			\


A gnu/packages/patches/qemu-CVE-2016-10155.patch => gnu/packages/patches/qemu-CVE-2016-10155.patch +49 -0
@@ 0,0 1,49 @@
From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 28 Nov 2016 17:49:04 -0800
Subject: [PATCH] watchdog: 6300esb: add exit function

When the Intel 6300ESB watchdog is hot unplug. The timer allocated
in realize isn't freed thus leaking memory leak. This patch avoid
this through adding the exit function.

http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
this patch is from qemu-git.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/watchdog/wdt_i6300esb.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
index a83d951..49b3cd1 100644
--- a/hw/watchdog/wdt_i6300esb.c
+++ b/hw/watchdog/wdt_i6300esb.c
@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
 }
 
+static void i6300esb_exit(PCIDevice *dev)
+{
+    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
+
+    timer_del(d->timer);
+    timer_free(d->timer);
+}
+
 static WatchdogTimerModel model = {
     .wdt_name = "i6300esb",
     .wdt_description = "Intel 6300ESB",
@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
     k->config_read = i6300esb_config_read;
     k->config_write = i6300esb_config_write;
     k->realize = i6300esb_realize;
+    k->exit = i6300esb_exit;
     k->vendor_id = PCI_VENDOR_ID_INTEL;
     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
     k->class_id = PCI_CLASS_SYSTEM_OTHER;
-- 
1.7.0.4



A gnu/packages/patches/qemu-CVE-2017-5552.patch => gnu/packages/patches/qemu-CVE-2017-5552.patch +44 -0
@@ 0,0 1,44 @@
From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Thu, 29 Dec 2016 03:11:26 -0500
Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

If the virgl_renderer_resource_attach_iov function fails the
'res_iovs' will be leaked. Add check of the return value to
free the 'res_iovs' when failing.

http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
this patch is from qemu-git.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/display/virtio-gpu-3d.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index e29f099..b13ced3 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
         return;
     }
 
-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
-                                       res_iovs, att_rb.nr_entries);
+    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
+                                             res_iovs, att_rb.nr_entries);
+
+    if (ret != 0)
+        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
 }
 
 static void virgl_resource_detach_backing(VirtIOGPU *g,
-- 
1.7.0.4



M gnu/packages/qemu.scm => gnu/packages/qemu.scm +4 -2
@@ 77,8 77,10 @@
             (sha256
              (base32
               "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
             (patches (search-patches "qemu-CVE-2017-5525.patch"
                                      "qemu-CVE-2017-5526.patch"))))
             (patches (search-patches "qemu-CVE-2016-10155.patch"
                                      "qemu-CVE-2017-5525.patch"
                                      "qemu-CVE-2017-5526.patch"
                                      "qemu-CVE-2017-5552.patch"))))
    (build-system gnu-build-system)
    (arguments
     '(;; Running tests in parallel can occasionally lead to failures, like: