1 |
commit: a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Apr 12 05:01:44 2017 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Apr 12 05:03:12 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a583bc5e |
7 |
|
8 |
app-emulation/qemu: apply patch for CVE-2017-7377, bug #614744 |
9 |
|
10 |
Package-Manager: Portage-2.3.5, Repoman-2.3.2 |
11 |
|
12 |
.../qemu/files/qemu-2.8.0-CVE-2017-7377.patch | 49 ++++++++++++++++++++++ |
13 |
app-emulation/qemu/qemu-2.8.0-r10.ebuild | 1 + |
14 |
app-emulation/qemu/qemu-2.8.1.ebuild | 1 + |
15 |
3 files changed, 51 insertions(+) |
16 |
|
17 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..f2d317c3c94 |
20 |
--- /dev/null |
21 |
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch |
22 |
@@ -0,0 +1,49 @@ |
23 |
+From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001 |
24 |
+From: Li Qiang <liq3ea@×××××.com> |
25 |
+Date: Mon, 27 Mar 2017 21:13:19 +0200 |
26 |
+Subject: [PATCH] 9pfs: fix file descriptor leak |
27 |
+ |
28 |
+The v9fs_create() and v9fs_lcreate() functions are used to create a file |
29 |
+on the backend and to associate it to a fid. The fid shouldn't be already |
30 |
+in-use, otherwise both functions may silently leak a file descriptor or |
31 |
+allocated memory. The current code doesn't check that. |
32 |
+ |
33 |
+This patch ensures that the fid isn't already associated to anything |
34 |
+before using it. |
35 |
+ |
36 |
+Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
37 |
+(reworded the changelog, Greg Kurz) |
38 |
+Signed-off-by: Greg Kurz <groug@××××.org> |
39 |
+--- |
40 |
+ hw/9pfs/9p.c | 8 ++++++++ |
41 |
+ 1 file changed, 8 insertions(+) |
42 |
+ |
43 |
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c |
44 |
+index b8c0b99..48babce 100644 |
45 |
+--- a/hw/9pfs/9p.c |
46 |
++++ b/hw/9pfs/9p.c |
47 |
+@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque) |
48 |
+ err = -ENOENT; |
49 |
+ goto out_nofid; |
50 |
+ } |
51 |
++ if (fidp->fid_type != P9_FID_NONE) { |
52 |
++ err = -EINVAL; |
53 |
++ goto out; |
54 |
++ } |
55 |
+ |
56 |
+ flags = get_dotl_openflags(pdu->s, flags); |
57 |
+ err = v9fs_co_open2(pdu, fidp, &name, gid, |
58 |
+@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque) |
59 |
+ err = -EINVAL; |
60 |
+ goto out_nofid; |
61 |
+ } |
62 |
++ if (fidp->fid_type != P9_FID_NONE) { |
63 |
++ err = -EINVAL; |
64 |
++ goto out; |
65 |
++ } |
66 |
+ if (perm & P9_STAT_MODE_DIR) { |
67 |
+ err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777, |
68 |
+ fidp->uid, -1, &stbuf); |
69 |
+-- |
70 |
+2.10.2 |
71 |
+ |
72 |
|
73 |
diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.8.0-r10.ebuild |
74 |
index 8c8c3bdb820..4e6a2220fba 100644 |
75 |
--- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild |
76 |
+++ b/app-emulation/qemu/qemu-2.8.0-r10.ebuild |
77 |
@@ -218,6 +218,7 @@ PATCHES=( |
78 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch #609638 |
79 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch #609206 |
80 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220 |
81 |
+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744 |
82 |
"${S}-CVE-2016-9602-patches" |
83 |
) |
84 |
|
85 |
|
86 |
diff --git a/app-emulation/qemu/qemu-2.8.1.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild |
87 |
index f4352217474..60572f21d30 100644 |
88 |
--- a/app-emulation/qemu/qemu-2.8.1.ebuild |
89 |
+++ b/app-emulation/qemu/qemu-2.8.1.ebuild |
90 |
@@ -208,6 +208,7 @@ PATCHES=( |
91 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334 |
92 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398 |
93 |
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220 |
94 |
+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744 |
95 |
) |
96 |
|
97 |
STRIP_MASK="/usr/share/qemu/palcode-clipper" |