[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/, app-emulation/qemu/files/ - gentoo-commits

From:	Matthias Maier <tamiko@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
Date:	Wed, 12 Apr 2017 05:03:37
Message-Id:	`1491973392.a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.tamiko@gentoo`

1

commit:     a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7

2

Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

3

AuthorDate: Wed Apr 12 05:01:44 2017 +0000

4

Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

5

CommitDate: Wed Apr 12 05:03:12 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a583bc5e

7

8

app-emulation/qemu: apply patch for CVE-2017-7377, bug #614744

9

10

Package-Manager: Portage-2.3.5, Repoman-2.3.2

11

12

 .../qemu/files/qemu-2.8.0-CVE-2017-7377.patch      | 49 ++++++++++++++++++++++

13

 app-emulation/qemu/qemu-2.8.0-r10.ebuild           |  1 +

14

 app-emulation/qemu/qemu-2.8.1.ebuild               |  1 +

15

 3 files changed, 51 insertions(+)

16

17

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch

18

new file mode 100644

19

index 00000000000..f2d317c3c94

20

--- /dev/null

21

+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch

22

@@ -0,0 +1,49 @@

23

+From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001

24

+From: Li Qiang <liq3ea@×××××.com>

25

+Date: Mon, 27 Mar 2017 21:13:19 +0200

26

+Subject: [PATCH] 9pfs: fix file descriptor leak

27

+

28

+The v9fs_create() and v9fs_lcreate() functions are used to create a file

29

+on the backend and to associate it to a fid. The fid shouldn't be already

30

+in-use, otherwise both functions may silently leak a file descriptor or

31

+allocated memory. The current code doesn't check that.

32

+

33

+This patch ensures that the fid isn't already associated to anything

34

+before using it.

35

+

36

+Signed-off-by: Li Qiang <liqiang6-s@×××.cn>

37

+(reworded the changelog, Greg Kurz)

38

+Signed-off-by: Greg Kurz <groug@××××.org>

39

+---

40

+ hw/9pfs/9p.c | 8 ++++++++

41

+ 1 file changed, 8 insertions(+)

42

+

43

+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c

44

+index b8c0b99..48babce 100644

45

+--- a/hw/9pfs/9p.c

46

++++ b/hw/9pfs/9p.c

47

+@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)

48

+         err = -ENOENT;

49

+         goto out_nofid;

50

+     }

51

++    if (fidp->fid_type != P9_FID_NONE) {

52

++        err = -EINVAL;

53

++        goto out;

54

++    }

55

+

56

+     flags = get_dotl_openflags(pdu->s, flags);

57

+     err = v9fs_co_open2(pdu, fidp, &name, gid,

58

+@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)

59

+         err = -EINVAL;

60

+         goto out_nofid;

61

+     }

62

++    if (fidp->fid_type != P9_FID_NONE) {

63

++        err = -EINVAL;

64

++        goto out;

65

++    }

66

+     if (perm & P9_STAT_MODE_DIR) {

67

+         err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,

68

+                             fidp->uid, -1, &stbuf);

69

+--

70

+2.10.2

71

+

72

73

diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.8.0-r10.ebuild

74

index 8c8c3bdb820..4e6a2220fba 100644

75

--- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild

76

+++ b/app-emulation/qemu/qemu-2.8.0-r10.ebuild

77

@@ -218,6 +218,7 @@ PATCHES=(

78

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638

79

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206

80

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220

81

+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744

82

 	"${S}-CVE-2016-9602-patches"

83

)

84

85

86

diff --git a/app-emulation/qemu/qemu-2.8.1.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild

87

index f4352217474..60572f21d30 100644

88

--- a/app-emulation/qemu/qemu-2.8.1.ebuild

89

+++ b/app-emulation/qemu/qemu-2.8.1.ebuild

90

@@ -208,6 +208,7 @@ PATCHES=(

91

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334

92

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398

93

 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220

94

+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744

95

)

96

97

 STRIP_MASK="/usr/share/qemu/palcode-clipper"

1	commit: a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7
2	Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3	AuthorDate: Wed Apr 12 05:01:44 2017 +0000
4	Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5	CommitDate: Wed Apr 12 05:03:12 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a583bc5e
7
8	app-emulation/qemu: apply patch for CVE-2017-7377, bug #614744
9
10	Package-Manager: Portage-2.3.5, Repoman-2.3.2
11
12	.../qemu/files/qemu-2.8.0-CVE-2017-7377.patch \| 49 ++++++++++++++++++++++
13	app-emulation/qemu/qemu-2.8.0-r10.ebuild \| 1 +
14	app-emulation/qemu/qemu-2.8.1.ebuild \| 1 +
15	3 files changed, 51 insertions(+)
16
17	diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
18	new file mode 100644
19	index 00000000000..f2d317c3c94
20	--- /dev/null
21	+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
22	@@ -0,0 +1,49 @@
23	+From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
24	+From: Li Qiang <liq3ea@×××××.com>
25	+Date: Mon, 27 Mar 2017 21:13:19 +0200
26	+Subject: [PATCH] 9pfs: fix file descriptor leak
27	+
28	+The v9fs_create() and v9fs_lcreate() functions are used to create a file
29	+on the backend and to associate it to a fid. The fid shouldn't be already
30	+in-use, otherwise both functions may silently leak a file descriptor or
31	+allocated memory. The current code doesn't check that.
32	+
33	+This patch ensures that the fid isn't already associated to anything
34	+before using it.
35	+
36	+Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
37	+(reworded the changelog, Greg Kurz)
38	+Signed-off-by: Greg Kurz <groug@××××.org>
39	+---
40	+ hw/9pfs/9p.c \| 8 ++++++++
41	+ 1 file changed, 8 insertions(+)
42	+
43	+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
44	+index b8c0b99..48babce 100644
45	+--- a/hw/9pfs/9p.c
46	++++ b/hw/9pfs/9p.c
47	+@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
48	+ err = -ENOENT;
49	+ goto out_nofid;
50	+ }
51	++ if (fidp->fid_type != P9_FID_NONE) {
52	++ err = -EINVAL;
53	++ goto out;
54	++ }
55	+
56	+ flags = get_dotl_openflags(pdu->s, flags);
57	+ err = v9fs_co_open2(pdu, fidp, &name, gid,
58	+@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
59	+ err = -EINVAL;
60	+ goto out_nofid;
61	+ }
62	++ if (fidp->fid_type != P9_FID_NONE) {
63	++ err = -EINVAL;
64	++ goto out;
65	++ }
66	+ if (perm & P9_STAT_MODE_DIR) {
67	+ err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
68	+ fidp->uid, -1, &stbuf);
69	+--
70	+2.10.2
71	+
72
73	diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.8.0-r10.ebuild
74	index 8c8c3bdb820..4e6a2220fba 100644
75	--- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild
76	+++ b/app-emulation/qemu/qemu-2.8.0-r10.ebuild
77	@@ -218,6 +218,7 @@ PATCHES=(
78	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch #609638
79	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch #609206
80	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
81	+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
82	"${S}-CVE-2016-9602-patches"
83	)
84
85
86	diff --git a/app-emulation/qemu/qemu-2.8.1.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild
87	index f4352217474..60572f21d30 100644
88	--- a/app-emulation/qemu/qemu-2.8.1.ebuild
89	+++ b/app-emulation/qemu/qemu-2.8.1.ebuild
90	@@ -208,6 +208,7 @@ PATCHES=(
91	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334
92	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398
93	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
94	+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
95	)
96
97	STRIP_MASK="/usr/share/qemu/palcode-clipper"

Gentoo Archives: gentoo-commits