From b978f9b01074ddad17a6085d04437fdc2bb24c2c Mon Sep 17 00:00:00 2001 From: kefren Date: Wed, 13 May 2009 19:02:18 +0000 Subject: Fix from upstream for CVE-2008-2004 PKGREVISION=1 --- emulators/qemu/Makefile | 3 ++- emulators/qemu/distinfo | 4 ++-- emulators/qemu/patches/patch-ac | 50 ++++++++++++++++++++++++++++++++++++----- 3 files changed, 49 insertions(+), 8 deletions(-) (limited to 'emulators') diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile index f1e8021b6c4..0924bb74e77 100644 --- a/emulators/qemu/Makefile +++ b/emulators/qemu/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.55 2009/03/24 15:13:40 abs Exp $ +# $NetBSD: Makefile,v 1.56 2009/05/13 19:02:18 kefren Exp $ # DISTNAME= qemu-0.9.1 +PKGREVISION= 1 CATEGORIES= emulators MASTER_SITES= http://bellard.org/qemu/ diff --git a/emulators/qemu/distinfo b/emulators/qemu/distinfo index d4eff518200..cd4beecc2a4 100644 --- a/emulators/qemu/distinfo +++ b/emulators/qemu/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.41 2009/01/23 08:15:27 jmmv Exp $ +$NetBSD: distinfo,v 1.42 2009/05/13 19:02:18 kefren Exp $ SHA1 (qemu-0.9.1.tar.gz) = 630ea20b5989f0df00128de7f7be661c573ed041 RMD160 (qemu-0.9.1.tar.gz) = ee7bdb55a4540df2082d4bde9ebfd2f4e6f201a5 Size (qemu-0.9.1.tar.gz) = 2804104 bytes SHA1 (patch-aa) = 455575215bad8864da285e1979da9ff7d8476a24 SHA1 (patch-ab) = ba77da578f528ca549c48336b40378dcbb2a2fbb -SHA1 (patch-ac) = 2f5abda6af41418af0a0f8bed320ebde160832a8 +SHA1 (patch-ac) = 3d73b46db4f824d16d40472cc3bd516599469966 SHA1 (patch-ad) = ac69a03e4945e8c8fd5aadca070b876d0970910d SHA1 (patch-ae) = a82f6c1a02c6bc03f4da9bc2b52f817b260ced8a SHA1 (patch-ag) = 3469af1ec2a4f95c09a67c16b1071f0ec27dab74 diff --git a/emulators/qemu/patches/patch-ac b/emulators/qemu/patches/patch-ac index 380305b39b8..d737c1e4ee2 100644 --- a/emulators/qemu/patches/patch-ac +++ b/emulators/qemu/patches/patch-ac @@ -1,7 +1,7 @@ -$NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $ +$NetBSD: patch-ac,v 1.11 2009/05/13 19:02:18 kefren Exp $ ---- vl.c.orig 2008-01-06 20:38:42.000000000 +0100 -+++ vl.c +--- vl.c.orig 2008-01-06 21:38:42.000000000 +0200 ++++ vl.c 2009-05-13 21:49:15.000000000 +0300 @@ -61,7 +61,7 @@ #include #ifdef _BSD @@ -11,7 +11,7 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $ #include #endif #elif defined (__GLIBC__) && defined (__FreeBSD_kernel__) -@@ -2385,6 +2385,9 @@ static int pp_hw_mode(ParallelCharDriver +@@ -2385,6 +2385,9 @@ static int pp_ioctl(CharDriverState *chr, int cmd, void *arg) { @@ -21,7 +21,7 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $ ParallelCharDriver *drv = chr->opaque; int fd = drv->fd; uint8_t b; -@@ -2473,6 +2476,9 @@ static void pp_close(CharDriverState *ch +@@ -2473,6 +2476,9 @@ static CharDriverState *qemu_chr_open_pp(const char *filename) { @@ -31,3 +31,43 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $ CharDriverState *chr; ParallelCharDriver *drv; int fd; +@@ -4877,13 +4883,14 @@ + int bus_id, unit_id; + int cyls, heads, secs, translation; + BlockDriverState *bdrv; ++ BlockDriver *drv = NULL; + int max_devs; + int index; + int cache; + int bdrv_flags; + char *params[] = { "bus", "unit", "if", "index", "cyls", "heads", + "secs", "trans", "media", "snapshot", "file", +- "cache", NULL }; ++ "cache", "format", NULL }; + + if (check_params(buf, sizeof(buf), params, str) < 0) { + fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n", +@@ -5051,6 +5058,14 @@ + } + } + ++ if (get_param_value(buf, sizeof(buf), "format", str)) { ++ drv = bdrv_find_format(buf); ++ if (!drv) { ++ fprintf(stderr, "qemu: '%s' invalid format\n", buf); ++ return -1; ++ } ++ } ++ + get_param_value(file, sizeof(file), "file", str); + + /* compute bus and unit according index */ +@@ -5150,7 +5165,7 @@ + bdrv_flags |= BDRV_O_SNAPSHOT; + if (!cache) + bdrv_flags |= BDRV_O_DIRECT; +- if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) { ++ if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) { + fprintf(stderr, "qemu: could not open disk image %s\n", + file); + return -1; -- cgit v1.2.3