diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-02-02 21:57:43 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-02-03 00:05:22 -0500 |
| commit | fd9a5b0fc3594cf3c62099f01502a150a54823fc (patch) | |
| tree | bd8566f193f9a8921750a49a203395fa75f946bf /gnu/packages/patches/qemu-CVE-2015-8743.patch | |
| parent | 80cc3a0a4a4e3b7deca4d1e3e4533eb400e3fde9 (diff) | |
gnu: qemu: Update to 2.5.0; add fixes for security flaws.
* gnu/packages/patches/qemu-CVE-2015-6855.patch: Delete file.
* gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch,
gnu/packages/patches/qemu-CVE-2015-8558.patch,
gnu/packages/patches/qemu-CVE-2015-8567.patch,
gnu/packages/patches/qemu-CVE-2015-8613.patch,
gnu/packages/patches/qemu-CVE-2015-8701.patch,
gnu/packages/patches/qemu-CVE-2015-8743.patch,
gnu/packages/patches/qemu-CVE-2016-1568.patch,
gnu/packages/patches/qemu-CVE-2016-1922.patch: New files.
* gnu-system.am (dist_patch_DATA): Remove 'qemu-CVE-2015-6855.patch'; add the
new patches.
* gnu/packages/qemu.scm (qemu): Update to 2.5.0.
[source]: Remove old patches and add new ones.
[arguments]: Add 'disable-test-qga' phase.
(%glib-memory-vtable-patch, %glib-duplicate-test-patch): Remove variables.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-8743.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2015-8743.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-8743.patch b/gnu/packages/patches/qemu-CVE-2015-8743.patch new file mode 100644 index 0000000000..4a9d0e2f2d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2015-8743.patch @@ -0,0 +1,48 @@ +From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Thu, 31 Dec 2015 17:05:27 +0530 +Subject: [PATCH] net: ne2000: fix bounds check in ioport operations + +While doing ioport r/w operations, ne2000 device emulation suffers +from OOB r/w errors. Update respective array bounds check to avoid +OOB access. + +Reported-by: Ling Liu <liuling-it@360.cn> +Cc: qemu-stable@nongnu.org +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Jason Wang <jasowang@redhat.com> +--- + hw/net/ne2000.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c +index 010f9ef..a3dffff 100644 +--- a/hw/net/ne2000.c ++++ b/hw/net/ne2000.c +@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr, + uint32_t val) + { + addr &= ~1; /* XXX: check exact behaviour if not even */ +- if (addr < 32 || +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) { ++ if (addr < 32 ++ || (addr >= NE2000_PMEM_START ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { + stl_le_p(s->mem + addr, val); + } + } +@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr) + static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr) + { + addr &= ~1; /* XXX: check exact behaviour if not even */ +- if (addr < 32 || +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) { ++ if (addr < 32 ++ || (addr >= NE2000_PMEM_START ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { + return ldl_le_p(s->mem + addr); + } else { + return 0xffffffff; +-- +2.6.3 + |