Hi Anthony, These are fix-ups for Laszlo's CVE-2013-2007 fix:
http://www.mail-archive.com/[email protected]/msg170944.html The main effect is to avoid cluttering filesystems with empty files if we hit an error path in the open/create/chmod path. I'm unable to confirm whether or not these error paths can actually be triggered in 1.5 or are just theoretical, but I plan to apply these to 1.4.2 to be sure and so I'm also submitting this for 1.5. If you think it's too late in the cycle to warrant these for 1.5 I can also cherry-pick them from my QGA tree for 1.4.2 instead. The following changes since commit 38ebb396c955ceb2ef7e246248ceb7f8bfe1b774: target-i386: ROR r8/r16 imm instruction fix (2013-05-10 19:59:54 +0200) are available in the git repository at: http://github.com/mdroth/qemu qga-pull-2013-05-13 for you to fetch changes up to 2b720018060179b394f8ce736983373ab80dd37c: qga: unlink just created guest-file if fchmod() or fdopen() fails on it (2013-05-13 09:45:49 -0500) ---------------------------------------------------------------- Laszlo Ersek (2): qga: distinguish binary modes in "guest_file_open_modes" map qga: unlink just created guest-file if fchmod() or fdopen() fails on it qga/commands-posix.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-)
