~ruther/guix-local

f81039058cb2c7b0b4986109fca584a87112a9b9 — Efraim Flashner 8 years ago f00e328 
gnu: qemu: Fix CVE-2017-12809.

* gnu/packages/virtualization.scm (qemu)[source]: Add patch.
* gnu/packages/patches/qemu-CVE-2017-12809.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
patch browse .tar.gz 
3 files changed, 41 insertions(+), 1 deletions(-)

M gnu/local.mk
A gnu/packages/patches/qemu-CVE-2017-12809.patch
M gnu/packages/virtualization.scm

M gnu/local.mk => gnu/local.mk +1 -0
@@ 1003,6 1003,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/qemu-CVE-2017-10911.patch		\
  %D%/packages/patches/qemu-CVE-2017-11334.patch		\
  %D%/packages/patches/qemu-CVE-2017-11434.patch		\
  %D%/packages/patches/qemu-CVE-2017-12809.patch		\
  %D%/packages/patches/qt4-ldflags.patch			\
  %D%/packages/patches/qtscript-disable-tests.patch		\
  %D%/packages/patches/quagga-reproducible-build.patch          \


A gnu/packages/patches/qemu-CVE-2017-12809.patch => gnu/packages/patches/qemu-CVE-2017-12809.patch +38 -0
@@ 0,0 1,38 @@
http://openwall.com/lists/oss-security/2017/08/21/2
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html

The block backend changed in a way that flushing empty CDROM drives now
crashes.  Amend IDE to avoid doing so until the root problem can be
addressed for 2.11.

Original patch by John Snow <address@hidden>.

Reported-by: Kieron Shorrock <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
---
 hw/ide/core.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 0b48b64d3a..bea39536b0 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
     s->status |= BUSY_STAT;
     ide_set_retry(s);
     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
-    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
+
+    if (blk_bs(s->blk)) {
+        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
+    } else {
+        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
+         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
+         */
+        ide_flush_cb(s, 0);
+    }
 }
      
 static void ide_cfata_metadata_inquiry(IDEState *s)
-- 
2.13.3


M gnu/packages/virtualization.scm => gnu/packages/virtualization.scm +2 -1
@@ 87,7 87,8 @@
                                      "qemu-CVE-2017-10806.patch"
                                      "qemu-CVE-2017-10911.patch"
                                      "qemu-CVE-2017-11334.patch"
                                      "qemu-CVE-2017-11434.patch"))
                                      "qemu-CVE-2017-11434.patch"
                                      "qemu-CVE-2017-12809.patch"))
             (sha256
              (base32
               "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))