From: Leo Famulari <leo@famulari.name>
To: 29232@debbugs.gnu.org
Subject: [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.
Date: Thu, 9 Nov 2017 13:15:53 -0500 [thread overview]
Message-ID: <98773909c59c0ca327584f7d20ec35eedff74c79.1510251328.git.leo@famulari.name> (raw)
What do you think of fetching the patches like this, instead of copying
them into the Guix source tree?
* gnu/packages/virtualization.scm (qemu-patch): Use HTTPS.
(qemu)[source]: Use qemu-patch.
---
gnu/packages/virtualization.scm | 31 +++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 14b1dfbe0..2a2f41626 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -69,7 +69,7 @@
(origin
(method url-fetch)
(uri (string-append
- "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h="
+ "https://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h="
commit))
(sha256 sha256)
(file-name file-name)))
@@ -78,13 +78,28 @@
(package
(name "qemu")
(version "2.10.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://download.qemu.org/qemu-"
- version ".tar.xz"))
- (sha256
- (base32
- "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://download.qemu.org/qemu-"
+ version ".tar.xz"))
+ (patches
+ (list
+ (qemu-patch "7bd92756303f2158a68d5166264dc30139b813b6"
+ "qemu-CVE-2017-15038.patch"
+ (base32
+ "0wpgf8ivjdbaihf2l7720h1fydh7kdl36wj2nchjd9irfkhw399q"))
+ (qemu-patch "a7b20a8efa28e5f22c26c06cd06c2f12bc863493"
+ "qemu-CVE-2017-15268.patch"
+ (base32
+ "1adhwj91pmgbmdvyrkvslbfsyz7l00xdrr6vzps6s58q5idvdp79"))
+ (qemu-patch "eb38e1bc3740725ca29a535351de94107ec58d51"
+ "qemu-CVE-2017-15289.patch"
+ (base32
+ "1zshrlzbwgwrsnimbq8kqr7injd65ncsr8a4lrmgyfv185ma4z8d"))))
+ (sha256
+ (base32
+ "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
(build-system gnu-build-system)
(arguments
'(;; Running tests in parallel can occasionally lead to failures, like:
--
2.15.0
next reply other threads:[~2017-11-09 18:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-09 18:15 Leo Famulari [this message]
2017-11-09 22:51 ` [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289} Ludovic Courtès
2017-11-10 17:17 ` bug#29232: " Leo Famulari
2017-11-10 21:42 ` [bug#29232] " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98773909c59c0ca327584f7d20ec35eedff74c79.1510251328.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=29232@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.