Index: head/emulators/qemu-sbruno/Makefile =================================================================== --- head/emulators/qemu-sbruno/Makefile +++ head/emulators/qemu-sbruno/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= qemu -PORTVERSION= 2.3.50.g20150713 +PORTVERSION= 2.4.50.g20150814 CATEGORIES= emulators MASTER_SITES= GH \ LOCAL/nox \ @@ -20,7 +20,7 @@ USE_GITHUB= yes GH_ACCOUNT= seanbruno GH_PROJECT= ${PORTNAME}-bsd-user -GH_TAGNAME= 754fb51 +GH_TAGNAME= 6764363 HAS_CONFIGURE= yes USES= gmake pkgconfig bison perl5 python:2,build USE_PERL5= build Index: head/emulators/qemu-sbruno/distinfo =================================================================== --- head/emulators/qemu-sbruno/distinfo +++ head/emulators/qemu-sbruno/distinfo @@ -1,4 +1,4 @@ -SHA256 (qemu/2.3.50.g20150713/seanbruno-qemu-bsd-user-2.3.50.g20150713-754fb51_GH0.tar.gz) = 82cbaecd850009fb1a69fc9615dce827642689e27fb9d20d1e86a58978eb27d2 -SIZE (qemu/2.3.50.g20150713/seanbruno-qemu-bsd-user-2.3.50.g20150713-754fb51_GH0.tar.gz) = 11012856 -SHA256 (qemu/2.3.50.g20150713/dtc-v1.4.0.tar.gz) = 39d0713efd82a27adc065ecb9ef36401c53d5ee87ae1764e2bb243fcd97488e3 -SIZE (qemu/2.3.50.g20150713/dtc-v1.4.0.tar.gz) = 131893 +SHA256 (qemu/2.4.50.g20150814/seanbruno-qemu-bsd-user-2.4.50.g20150814-6764363_GH0.tar.gz) = 6fef33fc642016ef762943e4327d6a88bff216121ec98157205ddcdc8c876870 +SIZE (qemu/2.4.50.g20150814/seanbruno-qemu-bsd-user-2.4.50.g20150814-6764363_GH0.tar.gz) = 11272282 +SHA256 (qemu/2.4.50.g20150814/dtc-v1.4.0.tar.gz) = 39d0713efd82a27adc065ecb9ef36401c53d5ee87ae1764e2bb243fcd97488e3 +SIZE (qemu/2.4.50.g20150814/dtc-v1.4.0.tar.gz) = 131893 Index: head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 =================================================================== --- head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 +++ head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 @@ -1,45 +0,0 @@ -From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001 -From: Petr Matousek -Date: Sun, 24 May 2015 10:53:44 +0200 -Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx - -4096 is the maximum length per TMD and it is also currently the size of -the relay buffer pcnet driver uses for sending the packet data to QEMU -for further processing. With packet spanning multiple TMDs it can -happen that the overall packet size will be bigger than sizeof(buffer), -which results in memory corruption. - -Fix this by only allowing to queue maximum sizeof(buffer) bytes. - -This is CVE-2015-3209. - -Signed-off-by: Petr Matousek -Reported-by: Matt Tait -Reviewed-by: Peter Maydell -Reviewed-by: Stefan Hajnoczi ---- - hw/net/pcnet.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index bdfd38f..6d32e4c 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s) - } - - bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); -+ -+ /* if multi-tmd packet outsizes s->buffer then skip it silently. -+ Note: this is not what real hw does */ -+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { -+ s->xmit_pos = -1; -+ goto txdone; -+ } -+ - s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), - s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); - s->xmit_pos += bcnt; --- -2.1.0 - Index: head/emulators/qemu-sbruno/files/patch-include-qemu-aes.h =================================================================== --- head/emulators/qemu-sbruno/files/patch-include-qemu-aes.h +++ head/emulators/qemu-sbruno/files/patch-include-qemu-aes.h @@ -1,18 +0,0 @@ ---- a/include/qemu/aes.h -+++ b/include/qemu/aes.h -@@ -10,6 +10,15 @@ struct aes_key_st { - }; - typedef struct aes_key_st AES_KEY; - -+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts */ -+#ifdef __FreeBSD__ -+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key -+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key -+#define AES_encrypt QEMU_AES_encrypt -+#define AES_decrypt QEMU_AES_decrypt -+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt -+#endif -+ - int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - int AES_set_decrypt_key(const unsigned char *userKey, const int bits,