[bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.

From:	Leo Famulari
Subject:	[bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.
Date:	Thu, 9 Nov 2017 13:15:53 -0500

What do you think of fetching the patches like this, instead of copying
them into the Guix source tree?

* gnu/packages/virtualization.scm (qemu-patch): Use HTTPS.
(qemu)[source]: Use qemu-patch.
---
 gnu/packages/virtualization.scm | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 14b1dfbe0..2a2f41626 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -69,7 +69,7 @@
   (origin
     (method url-fetch)
     (uri (string-append
-          "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=";
+          "https://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=";
           commit))
     (sha256 sha256)
     (file-name file-name)))
@@ -78,13 +78,28 @@
   (package
     (name "qemu")
     (version "2.10.1")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "https://download.qemu.org/qemu-";
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://download.qemu.org/qemu-";
+                            version ".tar.xz"))
+        (patches
+          (list
+            (qemu-patch "7bd92756303f2158a68d5166264dc30139b813b6"
+                        "qemu-CVE-2017-15038.patch"
+                        (base32
+                         
"0wpgf8ivjdbaihf2l7720h1fydh7kdl36wj2nchjd9irfkhw399q"))
+            (qemu-patch "a7b20a8efa28e5f22c26c06cd06c2f12bc863493"
+                        "qemu-CVE-2017-15268.patch"
+                        (base32
+                         
"1adhwj91pmgbmdvyrkvslbfsyz7l00xdrr6vzps6s58q5idvdp79"))
+            (qemu-patch "eb38e1bc3740725ca29a535351de94107ec58d51"
+                        "qemu-CVE-2017-15289.patch"
+                        (base32
+                         
"1zshrlzbwgwrsnimbq8kqr7injd65ncsr8a4lrmgyfv185ma4z8d"))))
+        (sha256
+         (base32
+          "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
-- 
2.15.0

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}., Leo Famulari <=
- [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}., Ludovic Courtès, 2017/11/09
  - bug#29232: [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}., Leo Famulari, 2017/11/10
    - [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}., Ludovic Courtès, 2017/11/10

Prev by Date: [bug#29229] [PATCH] gnu: postgresql: Update to 10.1
Next by Date: bug#29195: [PATCH] gnu: linux: Add linux-libre arm kernel.
Previous by thread: [bug#29229] [PATCH] gnu: postgresql: Update to 10.1
Next by thread: [bug#29232] [PATCH] gnu: qemu: Fix CVE-2017-{15038,15268,15289}.
Index(es):
- Date
- Thread