From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45989)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eCvg6-0003sw-Hp
	for guix-patches@gnu.org; Thu, 09 Nov 2017 17:52:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eCvg3-0003TD-FZ
	for guix-patches@gnu.org; Thu, 09 Nov 2017 17:52:06 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:52344)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eCvg3-0003T9-C0
	for guix-patches@gnu.org; Thu, 09 Nov 2017 17:52:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eCvg3-0000MY-5K
	for guix-patches@gnu.org; Thu, 09 Nov 2017 17:52:03 -0500
Subject: [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.
Resent-Message-ID: <handler.29232.B29232.15102679121364@debbugs.gnu.org>
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
References: <98773909c59c0ca327584f7d20ec35eedff74c79.1510251328.git.leo@famulari.name>
Date: Thu, 09 Nov 2017 23:51:48 +0100
In-Reply-To: <98773909c59c0ca327584f7d20ec35eedff74c79.1510251328.git.leo@famulari.name>
	(Leo Famulari's message of "Thu, 9 Nov 2017 13:15:53 -0500")
Message-ID: <87a7zvhxq3.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: 29232@debbugs.gnu.org

Hello,

Leo Famulari <leo@famulari.name> skribis:

> What do you think of fetching the patches like this, instead of copying
> them into the Guix source tree?

I think it=E2=80=99s OK.  If the Gitweb instance disappears, or if it chang=
es
somehow, hopefully the patch itself will still have the same hash, so we
can always change to different URL or a local file.

> * gnu/packages/virtualization.scm (qemu-patch): Use HTTPS.
> (qemu)[source]: Use qemu-patch.

[=E2=80=A6]

> +            (qemu-patch "7bd92756303f2158a68d5166264dc30139b813b6"
> +                        "qemu-CVE-2017-15038.patch"
> +                        (base32
> +                         "0wpgf8ivjdbaihf2l7720h1fydh7kdl36wj2nchjd9irfk=
hw399q"))
> +            (qemu-patch "a7b20a8efa28e5f22c26c06cd06c2f12bc863493"
> +                        "qemu-CVE-2017-15268.patch"
> +                        (base32
> +                         "1adhwj91pmgbmdvyrkvslbfsyz7l00xdrr6vzps6s58q5i=
dvdp79"))
> +            (qemu-patch "eb38e1bc3740725ca29a535351de94107ec58d51"
> +                        "qemu-CVE-2017-15289.patch"
> +                        (base32
> +                         "1zshrlzbwgwrsnimbq8kqr7injd65ncsr8a4lrmgyfv185=
ma4z8d"))))

I trust these commits correspond to these CVEs.

Thanks,
Ludo=E2=80=99.