Fix from upstream for CVE-2008-2004

PKGREVISION=1
2009-05-13 19:02:18 +00:00 · 2009-05-13 19:02:18 +00:00 · 14a5807a8f
commit 14a5807a8f
parent 1df2950901
3 changed files with 49 additions and 8 deletions
--- a/emulators/qemu/Makefile
+++ b/emulators/qemu/Makefile
@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.55 2009/03/24 15:13:40 abs Exp $
+# $NetBSD: Makefile,v 1.56 2009/05/13 19:02:18 kefren Exp $
 #

 DISTNAME=		qemu-0.9.1
+PKGREVISION=		1
 CATEGORIES=		emulators
 MASTER_SITES=		http://bellard.org/qemu/

--- a/emulators/qemu/distinfo
+++ b/emulators/qemu/distinfo
@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.41 2009/01/23 08:15:27 jmmv Exp $
+$NetBSD: distinfo,v 1.42 2009/05/13 19:02:18 kefren Exp $

 SHA1 (qemu-0.9.1.tar.gz) = 630ea20b5989f0df00128de7f7be661c573ed041
 RMD160 (qemu-0.9.1.tar.gz) = ee7bdb55a4540df2082d4bde9ebfd2f4e6f201a5
 Size (qemu-0.9.1.tar.gz) = 2804104 bytes
 SHA1 (patch-aa) = 455575215bad8864da285e1979da9ff7d8476a24
 SHA1 (patch-ab) = ba77da578f528ca549c48336b40378dcbb2a2fbb
-SHA1 (patch-ac) = 2f5abda6af41418af0a0f8bed320ebde160832a8
+SHA1 (patch-ac) = 3d73b46db4f824d16d40472cc3bd516599469966
 SHA1 (patch-ad) = ac69a03e4945e8c8fd5aadca070b876d0970910d
 SHA1 (patch-ae) = a82f6c1a02c6bc03f4da9bc2b52f817b260ced8a
 SHA1 (patch-ag) = 3469af1ec2a4f95c09a67c16b1071f0ec27dab74
--- a/emulators/qemu/patches/patch-ac
+++ b/emulators/qemu/patches/patch-ac
@ -1,7 +1,7 @@
-$NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $
+$NetBSD: patch-ac,v 1.11 2009/05/13 19:02:18 kefren Exp $

--- vl.c.orig	2008-01-06 20:38:42.000000000 +0100
-+++ vl.c
+--- vl.c.orig	2008-01-06 21:38:42.000000000 +0200
+++ vl.c	2009-05-13 21:49:15.000000000 +0300
@@ -61,7 +61,7 @@
 #include <arpa/inet.h>
 #ifdef _BSD
@ -11,7 +11,7 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $
 #include <libutil.h>
 #endif
 #elif defined (__GLIBC__) && defined (__FreeBSD_kernel__)
-@@ -2385,6 +2385,9 @@ static int pp_hw_mode(ParallelCharDriver
+@@ -2385,6 +2385,9 @@
 
 static int pp_ioctl(CharDriverState *chr, int cmd, void *arg)
 {
@ -21,7 +21,7 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $
     ParallelCharDriver *drv = chr->opaque;
     int fd = drv->fd;
     uint8_t b;
-@@ -2473,6 +2476,9 @@ static void pp_close(CharDriverState *ch
+@@ -2473,6 +2476,9 @@
 
 static CharDriverState *qemu_chr_open_pp(const char *filename)
 {
@ -31,3 +31,43 @@ $NetBSD: patch-ac,v 1.10 2009/01/22 07:27:28 jmmv Exp $
     CharDriverState *chr;
     ParallelCharDriver *drv;
     int fd;
+@@ -4877,13 +4883,14 @@
+     int bus_id, unit_id;
+     int cyls, heads, secs, translation;
+     BlockDriverState *bdrv;
+    BlockDriver *drv = NULL;
+     int max_devs;
+     int index;
+     int cache;
+     int bdrv_flags;
+     char *params[] = { "bus", "unit", "if", "index", "cyls", "heads",
+                        "secs", "trans", "media", "snapshot", "file",
+-                       "cache", NULL };
+                       "cache", "format", NULL };
+ 
+     if (check_params(buf, sizeof(buf), params, str) < 0) {
+          fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n",
+@@ -5051,6 +5058,14 @@
+         }
+     }
+ 
+    if (get_param_value(buf, sizeof(buf), "format", str)) {
+	drv = bdrv_find_format(buf);
+	if (!drv) {
+	    fprintf(stderr, "qemu: '%s' invalid format\n", buf);
+	    return -1;
+	}
+    }
+
+     get_param_value(file, sizeof(file), "file", str);
+ 
+     /* compute bus and unit according index */
+@@ -5150,7 +5165,7 @@
+         bdrv_flags |= BDRV_O_SNAPSHOT;
+     if (!cache)
+         bdrv_flags |= BDRV_O_DIRECT;
+-    if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) {
+    if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) {
+         fprintf(stderr, "qemu: could not open disk image %s\n",
+                         file);
+         return -1;