aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornox <nox@FreeBSD.org>2008-11-03 06:59:10 +0800
committernox <nox@FreeBSD.org>2008-11-03 06:59:10 +0800
commit23ff2a8b0b28304bd0a1e04685860a1e4235bc1f (patch)
tree4725dc2ed6958dd7e929a0a758da98b6953494bc
parent3a92e907d8198c4855b8aafa1dae61f518f1a4ff (diff)
downloadfreebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.tar.gz
freebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.tar.zst
freebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.zip
Fix heap overflow in Cirrus emulation
Obtained from: qemu svn Security: http://www.vuxml.org/freebsd/07bb3bd2-a920-11dd-8503-0211060005df.html
-rw-r--r--emulators/qemu-devel/Makefile2
-rw-r--r--emulators/qemu-devel/files/patch-CVE-2008-453927
-rw-r--r--emulators/qemu/Makefile2
-rw-r--r--emulators/qemu/files/patch-CVE-2008-453927
4 files changed, 56 insertions, 2 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile
index 3cd4951c5614..841502d644c2 100644
--- a/emulators/qemu-devel/Makefile
+++ b/emulators/qemu-devel/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.1s.20080620
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= emulators
MASTER_SITES= http://bellard.org/qemu/:release \
http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
diff --git a/emulators/qemu-devel/files/patch-CVE-2008-4539 b/emulators/qemu-devel/files/patch-CVE-2008-4539
new file mode 100644
index 000000000000..c2348bd4cf91
--- /dev/null
+++ b/emulators/qemu-devel/files/patch-CVE-2008-4539
@@ -0,0 +1,27 @@
+Index: qemu/hw/cirrus_vga.c
+===================================================================
+--- trunk/hw/cirrus_vga.c 2008-11-01 00:53:30 UTC (rev 5586)
++++ trunk/hw/cirrus_vga.c 2008-11-01 00:53:39 UTC (rev 5587)
+@@ -785,15 +785,14 @@
+
+ static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
+ {
++ if (BLTUNSAFE(s))
++ return 0;
++
+ if (s->ds->dpy_copy) {
+ cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr,
+ s->cirrus_blt_srcaddr - s->start_addr,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+ } else {
+-
+- if (BLTUNSAFE(s))
+- return 0;
+-
+ (*s->cirrus_rop) (s, s->vram_ptr +
+ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ s->vram_ptr +
+
+
+
+
diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile
index 9a9a35992272..d9cb1d2439c4 100644
--- a/emulators/qemu/Makefile
+++ b/emulators/qemu/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.1
-PORTREVISION= 9
+PORTREVISION= 10
CATEGORIES= emulators
MASTER_SITES= http://bellard.org/qemu/:release \
http://qemu.org/:release \
diff --git a/emulators/qemu/files/patch-CVE-2008-4539 b/emulators/qemu/files/patch-CVE-2008-4539
new file mode 100644
index 000000000000..c2348bd4cf91
--- /dev/null
+++ b/emulators/qemu/files/patch-CVE-2008-4539
@@ -0,0 +1,27 @@
+Index: qemu/hw/cirrus_vga.c
+===================================================================
+--- trunk/hw/cirrus_vga.c 2008-11-01 00:53:30 UTC (rev 5586)
++++ trunk/hw/cirrus_vga.c 2008-11-01 00:53:39 UTC (rev 5587)
+@@ -785,15 +785,14 @@
+
+ static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
+ {
++ if (BLTUNSAFE(s))
++ return 0;
++
+ if (s->ds->dpy_copy) {
+ cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr,
+ s->cirrus_blt_srcaddr - s->start_addr,
+ s->cirrus_blt_width, s->cirrus_blt_height);
+ } else {
+-
+- if (BLTUNSAFE(s))
+- return 0;
+-
+ (*s->cirrus_rop) (s, s->vram_ptr +
+ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ s->vram_ptr +
+
+
+
+