From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: [PATCH] gnu: qemu: Patch CVE-2016-8910. Date: Tue, 25 Oct 2016 13:27:45 -0400 Message-ID: <87zils72zy.fsf@openmailbox.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35831) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bz5W3-0008Js-9t for guix-devel@gnu.org; Tue, 25 Oct 2016 13:28:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bz5W0-0007QZ-MB for guix-devel@gnu.org; Tue, 25 Oct 2016 13:27:59 -0400 Received: from smtp20.openmailbox.org ([62.4.1.54]:39563 helo=smtp5.openmailbox.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bz5W0-0007Q8-DJ for guix-devel@gnu.org; Tue, 25 Oct 2016 13:27:56 -0400 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain One of the email address was hidden on the list I got this patch from. I don't know whether that's a potential problem. See: http://www.openwall.com/lists/oss-security/2016/10/24/2 and https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-qemu-Patch-CVE-2016-8910.patch Content-Transfer-Encoding: quoted-printable From=204bc4920a96481d5c1a5c7f42cf3ec573f5096d39 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 25 Oct 2016 13:24:09 -0400 Subject: [PATCH] gnu: qemu: Patch CVE-2016-8910. * gnu/packages/qemu.scm (qemu)[source]: Add patch. * gnu/packages/patches/qemu-CVE-2016-8910.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. =2D-- gnu/local.mk | 1 + gnu/packages/patches/qemu-CVE-2016-8910.patch | 28 +++++++++++++++++++++++= ++++ gnu/packages/qemu.scm | 3 ++- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2016-8910.patch diff --git a/gnu/local.mk b/gnu/local.mk index ff2d976..5577b69 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -814,6 +814,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/qemu-CVE-2016-8576.patch \ %D%/packages/patches/qemu-CVE-2016-8577.patch \ %D%/packages/patches/qemu-CVE-2016-8578.patch \ + %D%/packages/patches/qemu-CVE-2016-8910.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2016-8910.patch b/gnu/packages/p= atches/qemu-CVE-2016-8910.patch new file mode 100644 index 0000000..7a38b3c =2D-- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-8910.patch @@ -0,0 +1,28 @@ +From: Prasad J Pandit + +RTL8139 ethernet controller in C+ mode supports multiple +descriptor rings, each with maximum of 64 descriptors. While +processing transmit descriptor ring in 'rtl8139_cplus_transmit', +it does not limit the descriptor count and runs forever. Add +check to avoid it. + +Reported-by: Andrew Henderson +Signed-off-by: Prasad J Pandit +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 3345bc6..f05e59c 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s) + { + int txcount =3D 0; + - while (rtl8139_cplus_transmit_one(s))=20 + ++ while (txcount < 64 && rtl8139_cplus_transmit_one(s)) + { + ++txcount; + } + diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 9bf8c3a..a386426 100644 =2D-- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -79,7 +79,8 @@ "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij")) (patches (search-patches "qemu-CVE-2016-8576.patch" "qemu-CVE-2016-8577.patch" =2D "qemu-CVE-2016-8578.patch")))) + "qemu-CVE-2016-8578.patch" + "qemu-CVE-2016-8910.patch")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, lik= e: =2D-=20 2.10.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYD5YRAAoJEOal7jwZRnoNDiYP/1HGMdXr7TthP+IHETpDEexU /qbtcjFG2mTpMt9zzbsrrNJ9Hh07Xk/hg5y/EL5qUgiOKWyVyNKFgVXP03qmBZN0 Als5x2YroAzsKz3KgUQAM42maVgK6ug+6IYLeJqU7Fng5nXN7FSvBtdZeoLI5/b5 S9UggGz8aAaqowQdLPxnfwAKwjtpeYTSayjdOsTWZCkt+nmRUzaSm9earGGvfKVX LjLuPdvk4Lsr571S+2ijWhkoO8glKCrIEYVL2hj7V4FOKGN6zZGIrMbmMsVVGOUQ BjOn8Bw/boGic5AYRsRtnnrQKhI0UKGtq2cASQwB50DW5khVIdFC9X5AcH6JB9Dt 0S33ZoQ0JhD5euq9WW4m8hRK0K7j/vsnrQTh36HfUVg580UIbSSNqc2C6cy9PHOL 0JFRlW8WLxXmFJQ178bY06SSgyKrO0dpY0EX4vW5ROVKrbTMKziMB2LPud+2N9nv +u/wBlvwl2mY1HZ7LnPPgq+f9itzz0Cp7Wy0dFUDniFBtvW+8i2ROWzBRS9R3SVj FFPPgz8I906YBO4do2qC9qwm2RCu72ebv1OobDdPOX+/iTP16KVyrZr+IKBS3t+3 xESRvIZ1vmV62Q4Ba+RVLU22fPnqNGww+ZtIt+WLRi+ioDBk95fTAl3C3jzhStfD GCPaiLGlPE5v8oUud6am =yv1W -----END PGP SIGNATURE----- --==-=-=--