GNU bug report logs - #39225
[PATCH 0/2] QEMU updates

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 21 Jan 2020 18:57:02 UTC

Severity: normal

Tags: patch

Merged with 39226, 39227

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#39225: closed (Re: [PATCH 0/2] QEMU updates)
Date: Sat, 25 Jan 2020 02:15:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#39225: [PATCH 0/2] QEMU updates

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 39225 <at> debbugs.gnu.org.

-- 
39225: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=39225
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: 39225-done <at> debbugs.gnu.org
Subject: Re: [PATCH 0/2] QEMU updates
Date: Fri, 24 Jan 2020 21:13:59 -0500

[Message part 3 (text/plain, inline)]
On Tue, Jan 21, 2020 at 01:55:50PM -0500, Leo Famulari wrote:
> The security updates work with our current QEMU package of 4.1.1 as well
> as 4.2.0.
> 
> I tested both 4.2.0 and the patched 4.1.1 by creating a vm-image and
> running it with the "full" QEMU package, and the SLIRP networking works
> fine in both cases.

Pushed as 3778b3d9d013a443eec7990c31f47f887f72fe59, along with a 3rd
patch that brings back the QEMU man pages. QEMU 4.0 began requiring the
use of Sphinx to build them:

https://wiki.qemu.org/ChangeLog/4.0#Build_Dependencies

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH 0/2] QEMU updates
Date: Tue, 21 Jan 2020 13:55:50 -0500

The security updates work with our current QEMU package of 4.1.1 as well
as 4.2.0.

I tested both 4.2.0 and the patched 4.1.1 by creating a vm-image and
running it with the "full" QEMU package, and the SLIRP networking works
fine in both cases.

Leo Famulari (2):
  gnu: QEMU: Fix CVE-2020-{7039,7211}.
  gnu: QEMU: Update to 4.2.0.

 gnu/local.mk                                  |   3 +
 gnu/packages/patches/qemu-CVE-2020-7039.patch | 173 ++++++++++++++++++
 gnu/packages/patches/qemu-CVE-2020-7211.patch |  49 +++++
 ...qemu-fix-documentation-build-failure.patch |  43 +++++
 gnu/packages/virtualization.scm               |   7 +-
 5 files changed, 273 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/qemu-CVE-2020-7039.patch
 create mode 100644 gnu/packages/patches/qemu-CVE-2020-7211.patch
 create mode 100644 gnu/packages/patches/qemu-fix-documentation-build-failure.patch

-- 
2.25.0
This bug report was last modified 5 years and 115 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.