From fc6ad947e321108d696c439c5c984af98b51efb6 Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Mon, 28 Sep 2020 15:37:57 -0700
Subject: [PATCH 1/2] Nopatch qemu CVE-2016-7161

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
---
 SPECS/qemu-kvm/CVE-2016-7161.nopatch |  1 +
 SPECS/qemu-kvm/qemu-kvm.spec         | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 SPECS/qemu-kvm/CVE-2016-7161.nopatch

diff --git a/SPECS/qemu-kvm/CVE-2016-7161.nopatch b/SPECS/qemu-kvm/CVE-2016-7161.nopatch
new file mode 100644
index 00000000000..4070f5dc867
--- /dev/null
+++ b/SPECS/qemu-kvm/CVE-2016-7161.nopatch
@@ -0,0 +1 @@
+# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
\ No newline at end of file
diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec
index 9bac4327fab..dd5fc2fc76a 100644
--- a/SPECS/qemu-kvm/qemu-kvm.spec
+++ b/SPECS/qemu-kvm/qemu-kvm.spec
@@ -1,7 +1,7 @@
-Summary:	QEMU is a machine emulator and virtualizer
-Name:		qemu-kvm
-Version:	4.2.0
-Release:    11%{?dist}
+Summary:    QEMU is a machine emulator and virtualizer
+Name:       qemu-kvm
+Version:    4.2.0
+Release:    12%{?dist}
 License:    GPLv2 and GPLv2+ and CC-BY and BSD
 Group:      Development/Tools
 URL:        https://www.qemu.org/
@@ -18,6 +18,8 @@ Patch4:      CVE-2019-20175.patch
 Patch5:      CVE-2020-13659.patch
 Patch6:      CVE-2020-16092.patch
 Patch7:      CVE-2020-15863.patch
+# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
+Patch8:      CVE-2016-7161.nopatch
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 
@@ -114,6 +116,8 @@ chmod 755 %{buildroot}%{_bindir}/qemu
 %{_bindir}/qemu-nbd
 
 %changelog
+*   Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 4.2.0-12
+-   Nopatch CVE-2016-7161, it was fixed in 2.7
 *   Mon Sep 14 2020 Nicolas Guibourge <nicolasg@microsoft.com> 4.2.0-11
 -   Add patch for CVE-2020-15863
 *   Wed Sep 02 2020 Nicolas Ontiveros <niontive@microsoft.com> 4.2.0-10

From 813ef2ce8dec105a5ab8a7fe7240e0f981f01bde Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue, 29 Sep 2020 13:22:34 -0700
Subject: [PATCH 2/2] Address feedback

---
 SPECS/qemu-kvm/qemu-kvm.spec | 40 ++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec
index dd5fc2fc76a..24e1a464f45 100644
--- a/SPECS/qemu-kvm/qemu-kvm.spec
+++ b/SPECS/qemu-kvm/qemu-kvm.spec
@@ -1,27 +1,27 @@
-Summary:    QEMU is a machine emulator and virtualizer
-Name:       qemu-kvm
-Version:    4.2.0
-Release:    12%{?dist}
-License:    GPLv2 and GPLv2+ and CC-BY and BSD
-Group:      Development/Tools
-URL:        https://www.qemu.org/
-Source0:    https://download.qemu.org/qemu-%{version}.tar.xz
-Source1:    65-kvm.rules
+Summary:       QEMU is a machine emulator and virtualizer
+Name:          qemu-kvm
+Version:       4.2.0
+Release:       12%{?dist}
+License:       GPLv2 and GPLv2+ and CC-BY and BSD
+Group:         Development/Tools
+URL:           https://www.qemu.org/
+Vendor:        Microsoft Corporation
+Distribution:  Mariner
+Source0:       https://download.qemu.org/qemu-%{version}.tar.xz
+Source1:       65-kvm.rules
 # https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850
-Patch0:      CVE-2020-11102.patch
+Patch0:        CVE-2020-11102.patch
 # This vulnerability is in libslirp source code. And qemu is exposed to it when configured with libslirp.
 # Since Mariner does not have libslirp, it is not applicable.
-Patch1:      CVE-2020-7039.nopatch
-Patch2:      CVE-2020-1711.patch
-Patch3:      CVE-2020-7211.patch
-Patch4:      CVE-2019-20175.patch
-Patch5:      CVE-2020-13659.patch
-Patch6:      CVE-2020-16092.patch
-Patch7:      CVE-2020-15863.patch
+Patch1:        CVE-2020-7039.nopatch
+Patch2:        CVE-2020-1711.patch
+Patch3:        CVE-2020-7211.patch
+Patch4:        CVE-2019-20175.patch
+Patch5:        CVE-2020-13659.patch
+Patch6:        CVE-2020-16092.patch
+Patch7:        CVE-2020-15863.patch
 # CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
-Patch8:      CVE-2016-7161.nopatch
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
+Patch8:        CVE-2016-7161.nopatch
 
 BuildRequires: python3-devel
 BuildRequires: glib-devel