diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2016-05-09 20:43:35 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2016-05-09 20:43:35 +0300 |
| commit | cc6561e6a1426a183a9b2c0756c86c83a9c4199e (patch) | |
| tree | 2a75b8837e1b3c781b7032e59bb1e04b6c83077c /gnu/packages/patches/qemu-CVE-2015-8701.patch | |
| parent | f2bca8db37ecddbb3bde0c4a22c3d9010a65528b (diff) | |
| download | gnu-guix-cc6561e6a1426a183a9b2c0756c86c83a9c4199e.tar gnu-guix-cc6561e6a1426a183a9b2c0756c86c83a9c4199e.tar.gz | |
gnu: qemu: Update to 2.5.1.
* gnu/packages/qemu.scm (qemu): Update to 2.5.1.
[source]: Remove patches.
* gnu/packages/patches/qemu-usb-ehci-oob-read.patch,
gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch,
gnu/packages/patches/qemu-CVE-2015-8558.patch,
gnu/packages/patches/qemu-CVE-2015-8567.patch,
gnu/packages/patches/qemu-CVE-2015-8613.patch,
gnu/packages/patches/qemu-CVE-2015-8619.patch,
gnu/packages/patches/qemu-CVE-2015-8701.patch,
gnu/packages/patches/qemu-CVE-2015-8743.patch,
gnu/packages/patches/qemu-CVE-2016-1568.patch,
gnu/packages/patches/qemu-CVE-2016-1922.patch,
gnu/packages/patches/qemu-CVE-2016-1981.patch,
gnu/packages/patches/qemu-CVE-2016-2197.patch: Remove files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-8701.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2015-8701.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-8701.patch b/gnu/packages/patches/qemu-CVE-2015-8701.patch deleted file mode 100644 index c7ab7b68b0..0000000000 --- a/gnu/packages/patches/qemu-CVE-2015-8701.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Mon, 28 Dec 2015 16:24:08 +0530 -Subject: [PATCH] net: rocker: fix an incorrect array bounds check - -While processing transmit(tx) descriptors in 'tx_consume' routine -the switch emulator suffers from an off-by-one error, if a -descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16) -fragments. Fix an incorrect bounds check to avoid it. - -Reported-by: Qinghao Tang <luodalongde@gmail.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Jason Wang <jasowang@redhat.com> ---- - hw/net/rocker/rocker.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c -index c57f1a6..2e77e50 100644 ---- a/hw/net/rocker/rocker.c -+++ b/hw/net/rocker/rocker.c -@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info) - frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]); - frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]); - -+ if (iovcnt >= ROCKER_TX_FRAGS_MAX) { -+ goto err_too_many_frags; -+ } - iov[iovcnt].iov_len = frag_len; - iov[iovcnt].iov_base = g_malloc(frag_len); - if (!iov[iovcnt].iov_base) { -@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info) - err = -ROCKER_ENXIO; - goto err_bad_io; - } -- -- if (++iovcnt > ROCKER_TX_FRAGS_MAX) { -- goto err_too_many_frags; -- } -+ iovcnt++; - } - - if (iovcnt) { --- -2.6.3 - |