diff options
-rw-r--r-- | system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch | 37 | ||||
-rw-r--r-- | system/qemu-kvm/qemu-kvm.SlackBuild | 7 | ||||
-rw-r--r-- | system/qemu-kvm/qemu-kvm.info | 6 |
3 files changed, 5 insertions, 45 deletions
diff --git a/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch b/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch deleted file mode 100644 index bd2bdc7425..0000000000 --- a/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001 -From: Anthony Liguori <aliguori@us.ibm.com> -Date: Mon, 23 Jan 2012 07:30:43 -0600 -Subject: [PATCH 26/26] e1000: bounds packet size against buffer size - -Otherwise we can write beyond the buffer and corrupt memory. This is tracked -as CVE-2012-0029. - -Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> ---- - hw/e1000.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/hw/e1000.c b/hw/e1000.c -index 986ed9c..e164d79 100644 ---- a/hw/e1000.c -+++ b/hw/e1000.c -@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - bytes = split_size; - if (tp->size + bytes > msh) - bytes = msh - tp->size; -+ -+ bytes = MIN(sizeof(tp->data) - tp->size, bytes); - pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes); - if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) - memmove(tp->header, tp->data, hdr); -@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - // context descriptor TSE is not set, while data descriptor TSE is set - DBGOUT(TXERR, "TCP segmentaion Error\n"); - } else { -+ split_size = MIN(sizeof(tp->data) - tp->size, split_size); - pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size); - tp->size += split_size; - } --- -1.7.7.6 - diff --git a/system/qemu-kvm/qemu-kvm.SlackBuild b/system/qemu-kvm/qemu-kvm.SlackBuild index 7a613b1b13..e5f6b7f898 100644 --- a/system/qemu-kvm/qemu-kvm.SlackBuild +++ b/system/qemu-kvm/qemu-kvm.SlackBuild @@ -22,8 +22,8 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=qemu-kvm -VERSION=${VERSION:-1.0} -BUILD=${BUILD:-2} +VERSION=${VERSION:-1.0.1} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} KVMGROUP=${KVMGROUP:-users} @@ -76,9 +76,6 @@ patch -p1 < $CWD/patches/fixup_udev_rules.patch # Fix build on recent kernels patch -p1 < $CWD/patches/deprecate-time-drift-fix.patch -# Fix CVE-2012-029 -patch -p1 < $CWD/patches/qemu-kvm-1.0-CVE-2012-029.patch - # Disable debug (hardcoded) and remove double CFLAGS sed -i "s|^CFLAGS=\"-g\ |CFLAGS=\"|" configure sed -i "s|^LDFLAGS=\"-g\ |LDFLAGS=\"|" configure diff --git a/system/qemu-kvm/qemu-kvm.info b/system/qemu-kvm/qemu-kvm.info index 8ce295348f..3ced6577f2 100644 --- a/system/qemu-kvm/qemu-kvm.info +++ b/system/qemu-kvm/qemu-kvm.info @@ -1,8 +1,8 @@ PRGNAM="qemu-kvm" -VERSION="1.0" +VERSION="1.0.1" HOMEPAGE="http://www.linux-kvm.org/page/Main_Page" -DOWNLOAD="http://downloads.sourceforge.net/kvm/qemu-kvm-1.0.tar.gz" -MD5SUM="00a825db46a70ba8ef9fc95da9cc7c1e" +DOWNLOAD="http://downloads.sourceforge.net/kvm/qemu-kvm-1.0.1.tar.gz" +MD5SUM="f23711fb9f3c70f802829b109ba9aa27" DOWNLOAD_x86_64="" MD5SUM_x86_64="" MAINTAINER="Stu Miller" |