aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/qemu-CVE-2015-8701.patch
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2016-05-09 20:43:35 +0300
committerEfraim Flashner <efraim@flashner.co.il>2016-05-09 20:43:35 +0300
commitcc6561e6a1426a183a9b2c0756c86c83a9c4199e (patch)
tree2a75b8837e1b3c781b7032e59bb1e04b6c83077c /gnu/packages/patches/qemu-CVE-2015-8701.patch
parentf2bca8db37ecddbb3bde0c4a22c3d9010a65528b (diff)
downloadguix-cc6561e6a1426a183a9b2c0756c86c83a9c4199e.tar
guix-cc6561e6a1426a183a9b2c0756c86c83a9c4199e.tar.gz
gnu: qemu: Update to 2.5.1.
* gnu/packages/qemu.scm (qemu): Update to 2.5.1. [source]: Remove patches. * gnu/packages/patches/qemu-usb-ehci-oob-read.patch, gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch, gnu/packages/patches/qemu-CVE-2015-8558.patch, gnu/packages/patches/qemu-CVE-2015-8567.patch, gnu/packages/patches/qemu-CVE-2015-8613.patch, gnu/packages/patches/qemu-CVE-2015-8619.patch, gnu/packages/patches/qemu-CVE-2015-8701.patch, gnu/packages/patches/qemu-CVE-2015-8743.patch, gnu/packages/patches/qemu-CVE-2016-1568.patch, gnu/packages/patches/qemu-CVE-2016-1922.patch, gnu/packages/patches/qemu-CVE-2016-1981.patch, gnu/packages/patches/qemu-CVE-2016-2197.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-8701.patch')
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-8701.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-8701.patch b/gnu/packages/patches/qemu-CVE-2015-8701.patch
deleted file mode 100644
index c7ab7b68b0..0000000000
--- a/gnu/packages/patches/qemu-CVE-2015-8701.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 28 Dec 2015 16:24:08 +0530
-Subject: [PATCH] net: rocker: fix an incorrect array bounds check
-
-While processing transmit(tx) descriptors in 'tx_consume' routine
-the switch emulator suffers from an off-by-one error, if a
-descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
-fragments. Fix an incorrect bounds check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/rocker/rocker.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
-index c57f1a6..2e77e50 100644
---- a/hw/net/rocker/rocker.c
-+++ b/hw/net/rocker/rocker.c
-@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
- frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
- frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
-
-+ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
-+ goto err_too_many_frags;
-+ }
- iov[iovcnt].iov_len = frag_len;
- iov[iovcnt].iov_base = g_malloc(frag_len);
- if (!iov[iovcnt].iov_base) {
-@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
- err = -ROCKER_ENXIO;
- goto err_bad_io;
- }
--
-- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
-- goto err_too_many_frags;
-- }
-+ iovcnt++;
- }
-
- if (iovcnt) {
---
-2.6.3
-