From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33865) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eCrNx-0003vl-UP for guix-patches@gnu.org; Thu, 09 Nov 2017 13:17:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eCrNu-0004xb-MB for guix-patches@gnu.org; Thu, 09 Nov 2017 13:17:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:52064) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eCrNu-0004xU-IB for guix-patches@gnu.org; Thu, 09 Nov 2017 13:17:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eCrNu-0000zM-4Y for guix-patches@gnu.org; Thu, 09 Nov 2017 13:17:02 -0500 Subject: [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33711) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eCrMx-0003Yl-PB for guix-patches@gnu.org; Thu, 09 Nov 2017 13:16:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eCrMu-0004Kc-JN for guix-patches@gnu.org; Thu, 09 Nov 2017 13:16:03 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:59217) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eCrMu-0004Jq-EH for guix-patches@gnu.org; Thu, 09 Nov 2017 13:16:00 -0500 Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 0433B7FAB2 for ; Thu, 9 Nov 2017 13:15:57 -0500 (EST) From: Leo Famulari Date: Thu, 9 Nov 2017 13:15:53 -0500 Message-Id: <98773909c59c0ca327584f7d20ec35eedff74c79.1510251328.git.leo@famulari.name> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 29232@debbugs.gnu.org What do you think of fetching the patches like this, instead of copying them into the Guix source tree? * gnu/packages/virtualization.scm (qemu-patch): Use HTTPS. (qemu)[source]: Use qemu-patch. --- gnu/packages/virtualization.scm | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 14b1dfbe0..2a2f41626 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -69,7 +69,7 @@ (origin (method url-fetch) (uri (string-append - "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=" + "https://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=" commit)) (sha256 sha256) (file-name file-name))) @@ -78,13 +78,28 @@ (package (name "qemu") (version "2.10.1") - (source (origin - (method url-fetch) - (uri (string-append "https://download.qemu.org/qemu-" - version ".tar.xz")) - (sha256 - (base32 - "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x")))) + (source + (origin + (method url-fetch) + (uri (string-append "https://download.qemu.org/qemu-" + version ".tar.xz")) + (patches + (list + (qemu-patch "7bd92756303f2158a68d5166264dc30139b813b6" + "qemu-CVE-2017-15038.patch" + (base32 + "0wpgf8ivjdbaihf2l7720h1fydh7kdl36wj2nchjd9irfkhw399q")) + (qemu-patch "a7b20a8efa28e5f22c26c06cd06c2f12bc863493" + "qemu-CVE-2017-15268.patch" + (base32 + "1adhwj91pmgbmdvyrkvslbfsyz7l00xdrr6vzps6s58q5idvdp79")) + (qemu-patch "eb38e1bc3740725ca29a535351de94107ec58d51" + "qemu-CVE-2017-15289.patch" + (base32 + "1zshrlzbwgwrsnimbq8kqr7injd65ncsr8a4lrmgyfv185ma4z8d")))) + (sha256 + (base32 + "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- 2.15.0