summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/qemu-CVE-2015-6855.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-02-02 21:57:43 -0500
committerMark H Weaver <mhw@netris.org>2016-02-03 00:05:22 -0500
commitfd9a5b0fc3594cf3c62099f01502a150a54823fc (patch)
treebd8566f193f9a8921750a49a203395fa75f946bf /gnu/packages/patches/qemu-CVE-2015-6855.patch
parent80cc3a0a4a4e3b7deca4d1e3e4533eb400e3fde9 (diff)
gnu: qemu: Update to 2.5.0; add fixes for security flaws.
* gnu/packages/patches/qemu-CVE-2015-6855.patch: Delete file. * gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch, gnu/packages/patches/qemu-CVE-2015-8558.patch, gnu/packages/patches/qemu-CVE-2015-8567.patch, gnu/packages/patches/qemu-CVE-2015-8613.patch, gnu/packages/patches/qemu-CVE-2015-8701.patch, gnu/packages/patches/qemu-CVE-2015-8743.patch, gnu/packages/patches/qemu-CVE-2016-1568.patch, gnu/packages/patches/qemu-CVE-2016-1922.patch: New files. * gnu-system.am (dist_patch_DATA): Remove 'qemu-CVE-2015-6855.patch'; add the new patches. * gnu/packages/qemu.scm (qemu): Update to 2.5.0. [source]: Remove old patches and add new ones. [arguments]: Add 'disable-test-qga' phase. (%glib-memory-vtable-patch, %glib-duplicate-test-patch): Remove variables.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-6855.patch')
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-6855.patch144
1 files changed, 0 insertions, 144 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-6855.patch b/gnu/packages/patches/qemu-CVE-2015-6855.patch
deleted file mode 100644
index e058dadd69..0000000000
--- a/gnu/packages/patches/qemu-CVE-2015-6855.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From d9033e1d3aa666c5071580617a57bd853c5d794a Mon Sep 17 00:00:00 2001
-From: John Snow <jsnow@redhat.com>
-Date: Thu, 17 Sep 2015 14:17:05 -0400
-Subject: [PATCH] ide: fix ATAPI command permissions
-
-We're a little too lenient with what we'll let an ATAPI drive handle.
-Clamp down on the IDE command execution table to remove CD_OK permissions
-from commands that are not and have never been ATAPI commands.
-
-For ATAPI command validity, please see:
-- ATA4 Section 6.5 ("PACKET Command feature set")
-- ATA8/ACS Section 4.3 ("The PACKET feature set")
-- ACS3 Section 4.3 ("The PACKET feature set")
-
-ACS3 has a historical command validity table in Table B.4
-("Historical Command Assignments") that can be referenced to find when
-a command was introduced, deprecated, obsoleted, etc.
-
-The only reference for ATAPI command validity is by checking that
-version's PACKET feature set section.
-
-ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
-therefore are assumed to have never been ATAPI commands.
-
-Mandatory commands, as listed in ATA8-ACS3, are:
-
-- DEVICE RESET
-- EXECUTE DEVICE DIAGNOSTIC
-- IDENTIFY DEVICE
-- IDENTIFY PACKET DEVICE
-- NOP
-- PACKET
-- READ SECTOR(S)
-- SET FEATURES
-
-Optional commands as listed in ATA8-ACS3, are:
-
-- FLUSH CACHE
-- READ LOG DMA EXT
-- READ LOG EXT
-- WRITE LOG DMA EXT
-- WRITE LOG EXT
-
-All other commands are illegal to send to an ATAPI device and should
-be rejected by the device.
-
-CD_OK removal justifications:
-
-0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
-0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
-0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
-0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
-0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
-0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
-0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
-0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
-0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
-0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
-0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
-0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
-0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
-0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
-0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
-
-This patch fixes a divide by zero fault that can be caused by sending
-the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
-attempt to use zeroed CHS values to perform sector arithmetic.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
-Reviewed-by: Markus Armbruster <armbru@redhat.com>
-Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
-CC: qemu-stable@nongnu.org
----
- hw/ide/core.c | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 8ba04df..1cc6945 100644
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -1746,11 +1746,11 @@ static const struct {
- } ide_cmd_table[0x100] = {
- /* NOP not implemented, mandatory for CD */
- [CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
-- [WIN_DSM] = { cmd_data_set_management, ALL_OK },
-+ [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
- [WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
- [WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
- [WIN_READ] = { cmd_read_pio, ALL_OK },
-- [WIN_READ_ONCE] = { cmd_read_pio, ALL_OK },
-+ [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
- [WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
- [WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
- [WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
-@@ -1769,12 +1769,12 @@ static const struct {
- [CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
- [WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
- [WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
-- [WIN_STANDBYNOW2] = { cmd_nop, ALL_OK },
-- [WIN_IDLEIMMEDIATE2] = { cmd_nop, ALL_OK },
-- [WIN_STANDBY2] = { cmd_nop, ALL_OK },
-- [WIN_SETIDLE2] = { cmd_nop, ALL_OK },
-- [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, ALL_OK | SET_DSC },
-- [WIN_SLEEPNOW2] = { cmd_nop, ALL_OK },
-+ [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
-+ [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
-+ [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
-+ [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
-+ [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
-+ [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
- [WIN_PACKETCMD] = { cmd_packet, CD_OK },
- [WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
- [WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
-@@ -1788,19 +1788,19 @@ static const struct {
- [WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
- [WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
- [CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
-- [WIN_STANDBYNOW1] = { cmd_nop, ALL_OK },
-- [WIN_IDLEIMMEDIATE] = { cmd_nop, ALL_OK },
-- [WIN_STANDBY] = { cmd_nop, ALL_OK },
-- [WIN_SETIDLE1] = { cmd_nop, ALL_OK },
-- [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, ALL_OK | SET_DSC },
-- [WIN_SLEEPNOW1] = { cmd_nop, ALL_OK },
-+ [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
-+ [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
-+ [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
-+ [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
-+ [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
-+ [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
- [WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
- [WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
- [WIN_IDENTIFY] = { cmd_identify, ALL_OK },
- [WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
- [IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
- [CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
-- [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, ALL_OK | SET_DSC },
-+ [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
- };
-
- static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
---
-2.4.3
-
generated by cgit v1.2.3 (git 2.47.1) at 2025-01-24 23:37:01 +0000