gnu: qemu: Update to 4.1.0.

* gnu/local.mk: Remove qemu-CVE-2018-16872.patch and qemu-CVE-2019-6778.patch. * gnu/packages/patches/qemu-CVE-2018-16872.patch: Remove file. * gnu/packages/patches/qemu-CVE-2019-6778.patch: Remove file. * gnu/packages/virtualization.scm (qemu): Update to 4.1.0. [source]: Remove obsolete patches. [arguments]: Add phases 'prevent-network-configuration and 'disable-unusable-tests.
2019-08-19 09:03:44 +02:00 · 2019-08-19 09:03:44 +02:00 · 04b9b7bb05
parent ab4561489e
commit 04b9b7bb05
4 changed files with 14 additions and 138 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1253,8 +1253,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/python-unittest2-remove-argparse.patch	\
  %D%/packages/patches/python-waitress-fix-tests.patch		\
  %D%/packages/patches/qemu-glibc-2.27.patch 			\
-  %D%/packages/patches/qemu-CVE-2018-16872.patch 		\
-  %D%/packages/patches/qemu-CVE-2019-6778.patch 		\
  %D%/packages/patches/qt4-ldflags.patch			\
  %D%/packages/patches/qtbase-old-kernel.patch			\
  %D%/packages/patches/qtbase-use-TZDIR.patch			\
--- a/gnu/packages/patches/qemu-CVE-2018-16872.patch
+++ b/gnu/packages/patches/qemu-CVE-2018-16872.patch
@ -1,88 +0,0 @@
-Fixes CVE-2018-16872:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16872
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
-
-From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 13 Dec 2018 13:25:11 +0100
-Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
-
-Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
-While being at it also add O_CLOEXEC.
-
-usb-mtp only handles regular files and directories and ignores
-everything else, so users should not see a difference.
-
-Because qemu ignores symlinks, carrying out a successful symlink attack
-requires swapping an existing file or directory below rootdir for a
-symlink and winning the race against the inotify notification to qemu.
-
-Fixes: CVE-2018-16872
-Cc: Prasad J Pandit <ppandit@redhat.com>
-Cc: Bandan Das <bsd@redhat.com>
-Reported-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Message-id: 20181213122511.13853-1-kraxel@redhat.com
---
- hw/usb/dev-mtp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
-index 100b7171f4..36c43b8c20 100644
--- a/hw/usb/dev-mtp.c
-+++ b/hw/usb/dev-mtp.c
-@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
- {
-     struct dirent *entry;
-     DIR *dir;
-+    int fd;
- 
-     if (o->have_children) {
-         return;
-     }
-     o->have_children = true;
- 
-    dir = opendir(o->path);
-+    fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
-+    if (fd < 0) {
-+        return;
-+    }
-+    dir = fdopendir(fd);
-     if (!dir) {
-         return;
-     }
-@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
- 
-     trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
- 
-    d->fd = open(o->path, O_RDONLY);
-+    d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
-     if (d->fd == -1) {
-         usb_mtp_data_free(d);
-         return NULL;
-@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
-                                         c->argv[1], c->argv[2]);
- 
-     d = usb_mtp_data_alloc(c);
-    d->fd = open(o->path, O_RDONLY);
-+    d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
-     if (d->fd == -1) {
-         usb_mtp_data_free(d);
-         return NULL;
-@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
-                                  0, 0, 0, 0);
-             goto done;
-         }
-        d->fd = open(path, O_CREAT | O_WRONLY, mask);
-+        d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
-         if (d->fd == -1) {
-             usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
-                                  0, 0, 0, 0);
-- 
-2.20.1
-
--- a/gnu/packages/patches/qemu-CVE-2019-6778.patch
+++ b/gnu/packages/patches/qemu-CVE-2019-6778.patch
@ -1,43 +0,0 @@
-Fixes CVE-2019-6778:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6778
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a7104eda7dab99d0cdbd3595c211864cba415905
-
-From a7104eda7dab99d0cdbd3595c211864cba415905 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Sun, 13 Jan 2019 23:29:48 +0530
-Subject: [PATCH] slirp: check data length while emulating ident function
-
-While emulating identification protocol, tcp_emu() does not check
-available space in the 'sc_rcv->sb_data' buffer. It could lead to
-heap buffer overflow issue. Add check to avoid it.
-
-Reported-by: Kira <864786842@qq.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
- slirp/tcp_subr.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
-index 4a9a5b5edc..23a841f26e 100644
--- a/slirp/tcp_subr.c
-+++ b/slirp/tcp_subr.c
-@@ -634,6 +634,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
- 			socklen_t addrlen = sizeof(struct sockaddr_in);
- 			struct sbuf *so_rcv = &so->so_rcv;
- 
-+			if (m->m_len > so_rcv->sb_datalen
-+					- (so_rcv->sb_wptr - so_rcv->sb_data)) {
-+			    return 1;
-+			}
-+
- 			memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
- 			so_rcv->sb_wptr += m->m_len;
- 			so_rcv->sb_rptr += m->m_len;
-- 
-2.20.1
-
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@ -107,16 +107,14 @@
 (define-public qemu
  (package
    (name "qemu")
-    (version "3.1.0")
+    (version "4.1.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://download.qemu.org/qemu-"
                                 version ".tar.xz"))
-             (patches (search-patches "qemu-CVE-2018-16872.patch"
-                                      "qemu-CVE-2019-6778.patch"))
             (sha256
              (base32
-               "1z5bd5nfyjvhfi1s95labc82y4hjdjjkdabw931362ls0zghh1ba"))))
+               "1ih9v6gxgild3m4g80ld4dr3wp9db3bpy203k73fxgc9hqhn0vk5"))))
    (build-system gnu-build-system)
    (arguments
     '(;; Running tests in parallel can occasionally lead to failures, like:
@ -180,13 +178,24 @@ exec smbd $@")))
               (chmod "samba-wrapper" #o755)
               (install-file "samba-wrapper" libexec))
             #t))
-         (add-before 'check 'disable-test-qga
+         (add-before 'configure 'prevent-network-configuration
           (lambda _
+             ;; Prevent the build from trying to use git to fetch from the net.
+             (substitute* "Makefile"
+               (("@./config.status")
+                "")) #t))
+         (add-before 'check 'disable-unusable-tests
+           (lambda* (#:key inputs outputs #:allow-other-keys)
             (substitute* "tests/Makefile.include"
               ;; Comment out the test-qga test, which needs /sys and
               ;; fails within the build environment.
               (("check-unit-.* tests/test-qga" all)
                (string-append "# " all)))
+             (substitute* "tests/Makefile.include"
+               ;; Comment out the test-char test, which needs networking and
+               ;; fails within the build environment.
+               (("check-unit-.* tests/test-char" all)
+                (string-append "# " all)))
             #t)))))
    (inputs                                       ; TODO: Add optional inputs.
     `(("alsa-lib" ,alsa-lib)