diff options
| -rw-r--r-- | emulators/qemu-sbruno/Makefile | 4 | ||||
| -rw-r--r-- | emulators/qemu-sbruno/distinfo | 8 | ||||
| -rw-r--r-- | emulators/qemu-sbruno/files/patch-CVE-2015-3209 | 45 | ||||
| -rw-r--r-- | emulators/qemu-sbruno/files/patch-include-qemu-aes.h | 18 |
4 files changed, 6 insertions, 69 deletions
diff --git a/emulators/qemu-sbruno/Makefile b/emulators/qemu-sbruno/Makefile index 3f218433990a..4a0fddf7b53b 100644 --- a/emulators/qemu-sbruno/Makefile +++ b/emulators/qemu-sbruno/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= qemu -PORTVERSION= 2.3.50.g20150713 +PORTVERSION= 2.4.50.g20150814 CATEGORIES= emulators MASTER_SITES= GH \ LOCAL/nox \ @@ -20,7 +20,7 @@ COMMENT?= QEMU CPU Emulator - github bsd-user branch USE_GITHUB= yes GH_ACCOUNT= seanbruno GH_PROJECT= ${PORTNAME}-bsd-user -GH_TAGNAME= 754fb51 +GH_TAGNAME= 6764363 HAS_CONFIGURE= yes USES= gmake pkgconfig bison perl5 python:2,build USE_PERL5= build diff --git a/emulators/qemu-sbruno/distinfo b/emulators/qemu-sbruno/distinfo index b43dc252c283..3060a1a5934c 100644 --- a/emulators/qemu-sbruno/distinfo +++ b/emulators/qemu-sbruno/distinfo @@ -1,4 +1,4 @@ -SHA256 (qemu/2.3.50.g20150713/seanbruno-qemu-bsd-user-2.3.50.g20150713-754fb51_GH0.tar.gz) = 82cbaecd850009fb1a69fc9615dce827642689e27fb9d20d1e86a58978eb27d2 -SIZE (qemu/2.3.50.g20150713/seanbruno-qemu-bsd-user-2.3.50.g20150713-754fb51_GH0.tar.gz) = 11012856 -SHA256 (qemu/2.3.50.g20150713/dtc-v1.4.0.tar.gz) = 39d0713efd82a27adc065ecb9ef36401c53d5ee87ae1764e2bb243fcd97488e3 -SIZE (qemu/2.3.50.g20150713/dtc-v1.4.0.tar.gz) = 131893 +SHA256 (qemu/2.4.50.g20150814/seanbruno-qemu-bsd-user-2.4.50.g20150814-6764363_GH0.tar.gz) = 6fef33fc642016ef762943e4327d6a88bff216121ec98157205ddcdc8c876870 +SIZE (qemu/2.4.50.g20150814/seanbruno-qemu-bsd-user-2.4.50.g20150814-6764363_GH0.tar.gz) = 11272282 +SHA256 (qemu/2.4.50.g20150814/dtc-v1.4.0.tar.gz) = 39d0713efd82a27adc065ecb9ef36401c53d5ee87ae1764e2bb243fcd97488e3 +SIZE (qemu/2.4.50.g20150814/dtc-v1.4.0.tar.gz) = 131893 diff --git a/emulators/qemu-sbruno/files/patch-CVE-2015-3209 b/emulators/qemu-sbruno/files/patch-CVE-2015-3209 deleted file mode 100644 index 4fe7df5440fd..000000000000 --- a/emulators/qemu-sbruno/files/patch-CVE-2015-3209 +++ /dev/null @@ -1,45 +0,0 @@ -From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001 -From: Petr Matousek <pmatouse@redhat.com> -Date: Sun, 24 May 2015 10:53:44 +0200 -Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx - -4096 is the maximum length per TMD and it is also currently the size of -the relay buffer pcnet driver uses for sending the packet data to QEMU -for further processing. With packet spanning multiple TMDs it can -happen that the overall packet size will be bigger than sizeof(buffer), -which results in memory corruption. - -Fix this by only allowing to queue maximum sizeof(buffer) bytes. - -This is CVE-2015-3209. - -Signed-off-by: Petr Matousek <pmatouse@redhat.com> -Reported-by: Matt Tait <matttait@google.com> -Reviewed-by: Peter Maydell <peter.maydell@linaro.org> -Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> ---- - hw/net/pcnet.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index bdfd38f..6d32e4c 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s) - } - - bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); -+ -+ /* if multi-tmd packet outsizes s->buffer then skip it silently. -+ Note: this is not what real hw does */ -+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { -+ s->xmit_pos = -1; -+ goto txdone; -+ } -+ - s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), - s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); - s->xmit_pos += bcnt; --- -2.1.0 - diff --git a/emulators/qemu-sbruno/files/patch-include-qemu-aes.h b/emulators/qemu-sbruno/files/patch-include-qemu-aes.h deleted file mode 100644 index 7c9b8d1d52d9..000000000000 --- a/emulators/qemu-sbruno/files/patch-include-qemu-aes.h +++ /dev/null @@ -1,18 +0,0 @@ ---- a/include/qemu/aes.h -+++ b/include/qemu/aes.h -@@ -10,6 +10,15 @@ struct aes_key_st { - }; - typedef struct aes_key_st AES_KEY; - -+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts */ -+#ifdef __FreeBSD__ -+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key -+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key -+#define AES_encrypt QEMU_AES_encrypt -+#define AES_decrypt QEMU_AES_decrypt -+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt -+#endif -+ - int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - int AES_set_decrypt_key(const unsigned char *userKey, const int bits, |