Index: head/emulators/qemu/Makefile =================================================================== --- head/emulators/qemu/Makefile (revision 390663) +++ head/emulators/qemu/Makefile (revision 390664) @@ -1,162 +1,162 @@ # Created by: Juergen Lock # $FreeBSD$ PORTNAME= qemu PORTVERSION= 0.11.1 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= emulators MASTER_SITES= SAVANNAH \ http://bellard.org/qemu/ DIST_SUBDIR= qemu MAINTAINER= nox@FreeBSD.org COMMENT= QEMU CPU Emulator HAS_CONFIGURE= yes USES= cpe gmake perl5 compiler:features USE_PERL5= build PATCH_STRIP= -p1 MAKE_ENV+= BSD_MAKE="${MAKE}" ONLY_FOR_ARCHS= amd64 i386 CONFLICTS= qemu-devel-[0-9]* qemu-sbruno-[0-9]* OPTIONS_DEFINE= KQEMU RTL8139_TIMER SAMBA SDL GNUTLS CURL PCAP GNS3 \ CDROM_DMA ADD_AUDIO ALL_TARGETS DOCS KQEMU_DESC= Build with (alpha!) accelerator module RTL8139_TIMER_DESC= allow use of re(4) nic with FreeBSD guests SAMBA_DESC= samba dependency (for -smb) SDL_DESC= SDL/X dependency (graphical output) GNUTLS_DESC= gnutls dependency (vnc encryption) CURL_DESC= libcurl dependency (remote images) PCAP_DESC= pcap dependency (networking with bpf) GNS3_DESC= gns3 patches (udp, promiscuous multicast) CDROM_DMA_DESC= IDE CDROM DMA ADD_AUDIO_DESC= Emulate more audio hardware (experimental!) ALL_TARGETS_DESC= Also build non-x86 targets OPTIONS_DEFAULT= SDL GNUTLS CURL PCAP GNS3 CDROM_DMA .include .if ${ARCH} == "i386" && ${COMPILER_TYPE} == "clang" # gcc49 breaks target-i386 on i386, and gcc48 breaks ALL_TARGETS on i386: # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196855 USE_GCC= 4.7 .else USE_GCC= any .endif .if empty(PORT_OPTIONS:MALL_TARGETS) CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu PLIST_SUB+= ALLTARGETS="@comment " .else PLIST_SUB+= ALLTARGETS="" .endif WITHOUT_CPU_CFLAGS=yes #to avoid problems with register allocation CFLAGS:= ${CFLAGS:C/-fno-tree-vrp//} CONFIGURE_ARGS+= --prefix=${PREFIX} --cc=${CC} .if empty(PORT_OPTIONS:MSDL) CONFIGURE_ARGS+= --disable-sdl .else USE_SDL= sdl .endif .if empty(PORT_OPTIONS:MGNUTLS) CONFIGURE_ARGS+= --disable-vnc-tls .else LIB_DEPENDS+= libgnutls.so:${PORTSDIR}/security/gnutls .endif .if empty(PORT_OPTIONS:MCURL) CONFIGURE_ARGS+= --disable-curl .else LIB_DEPENDS+= libcurl.so:${PORTSDIR}/ftp/curl .endif .if ${PORT_OPTIONS:MPCAP} CONFIGURE_ARGS+= --enable-pcap .endif .if ${PORT_OPTIONS:MADD_AUDIO} CONFIGURE_ARGS+= --audio-card-list=ac97,es1370,sb16,cs4231a,adlib,gus .endif # XXX CONFIGURE_ARGS+= --disable-bsd-user .if ${PORT_OPTIONS:MSAMBA} RUN_DEPENDS+= ${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba36 .endif .if ${PORT_OPTIONS:MKQEMU} BUILD_DEPENDS+= kqemu-kmod-devel>=1.4.0pre1:${PORTSDIR}/emulators/kqemu-kmod-devel RUN_DEPENDS+= kqemu-kmod-devel>=1.4.0pre1:${PORTSDIR}/emulators/kqemu-kmod-devel .else CONFIGURE_ARGS+= --disable-kqemu .endif .if ${PORT_OPTIONS:MDOCS} BUILD_DEPENDS+= texi2html:${PORTSDIR}/textproc/texi2html .else MAKE_ARGS+= NOPORTDOCS=1 .endif .if !defined(STRIP) || ${STRIP} == "" CONFIGURE_ARGS+=--disable-strip .endif .if ${ARCH} == "amd64" MAKE_ARGS+= ARCH=x86_64 .endif post-extract: @${MKDIR} ${WRKSRC}/kqemu @${TOUCH} ${WRKSRC}/kqemu/Makefile @${ECHO} all: > ${WRKSRC}/kqemu/Makefile.freebsd pre-patch: @for A in ${ONLY_FOR_ARCHS}; do \ ${MKDIR} ${WRKSRC}/bsd/$$A; \ done post-patch: .if ${PORT_OPTIONS:MRTL8139_TIMER} @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/rtl8139-re-patch .endif .if ${PORT_OPTIONS:MPCAP} @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/pcap-patch .endif .if ${PORT_OPTIONS:MGNS3} @cd ${WRKSRC} && ${PATCH} -p1 --quiet < ${FILESDIR}/gns3-patch .endif .if empty(PORT_OPTIONS:MCDROM_DMA) @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/cdrom-dma-patch .endif @${REINPLACE_CMD} -E \ -e "/^by Tibor .TS. S/s|Sch.*z.$$|Schuetz.|" \ ${WRKSRC}/qemu-doc.texi @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile.target @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing -I.|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile @${REINPLACE_CMD} -E \ -e "1s|^(#! )/usr/bin/perl|\1${PERL}|" \ ${WRKSRC}/texi2pod.pl # XXX need to disable usb host code on head while it's not ported to the # new usb stack yet post-configure: @${REINPLACE_CMD} -E \ -e "s|^(HOST_USB=)bsd|\1stub|" \ ${WRKSRC}/config-host.mak post-install: @${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifup.sample ${STAGEDIR}${PREFIX}/etc @${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifdown.sample ${STAGEDIR}${PREFIX}/etc .include Index: head/emulators/qemu/files/patch-CVE-2015-3209 =================================================================== --- head/emulators/qemu/files/patch-CVE-2015-3209 (nonexistent) +++ head/emulators/qemu/files/patch-CVE-2015-3209 (revision 390664) @@ -0,0 +1,82 @@ +--- a/hw/pcnet.c ++++ b/hw/pcnet.c +@@ -1263,7 +1263,7 @@ static void pcnet_transmit(PCNetState *s + target_phys_addr_t xmit_cxda = 0; + int count = CSR_XMTRL(s)-1; + int add_crc = 0; +- ++ int bcnt; + s->xmit_pos = -1; + + if (!CSR_TXON(s)) { +@@ -1289,34 +1289,47 @@ static void pcnet_transmit(PCNetState *s + if (BCR_SWSTYLE(s) != 1) + add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS); + } ++ ++ if (s->xmit_pos < 0) { ++ goto txdone; ++ } ++ ++ bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); ++ ++ /* if multi-tmd packet outsizes s->buffer then skip it silently. ++ Note: this is not what real hw does */ ++ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { ++ s->xmit_pos = -1; ++ goto txdone; ++ } ++ ++ s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), ++ s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); ++ s->xmit_pos += bcnt; ++ + if (!GET_FIELD(tmd.status, TMDS, ENP)) { +- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); +- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), +- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); +- s->xmit_pos += bcnt; +- } else if (s->xmit_pos >= 0) { +- int bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); +- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), +- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); +- s->xmit_pos += bcnt; ++ goto txdone; ++ } + #ifdef PCNET_DEBUG +- printf("pcnet_transmit size=%d\n", s->xmit_pos); ++ printf("pcnet_transmit size=%d\n", s->xmit_pos); + #endif +- if (CSR_LOOP(s)) { +- if (BCR_SWSTYLE(s) == 1) +- add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); +- s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; +- pcnet_receive(s->vc, s->buffer, s->xmit_pos); +- s->looptest = 0; +- } else +- if (s->vc) +- qemu_send_packet(s->vc, s->buffer, s->xmit_pos); +- +- s->csr[0] &= ~0x0008; /* clear TDMD */ +- s->csr[4] |= 0x0004; /* set TXSTRT */ +- s->xmit_pos = -1; ++ if (CSR_LOOP(s)) { ++ if (BCR_SWSTYLE(s) == 1) ++ add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); ++ s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; ++ pcnet_receive(s->vc, s->buffer, s->xmit_pos); ++ s->looptest = 0; ++ } else { ++ if (s->vc) { ++ qemu_send_packet(s->vc, s->buffer, s->xmit_pos); ++ } + } + ++ s->csr[0] &= ~0x0008; /* clear TDMD */ ++ s->csr[4] |= 0x0004; /* set TXSTRT */ ++ s->xmit_pos = -1; ++ ++ txdone: + SET_FIELD(&tmd.status, TMDS, OWN, 0); + TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s))); + if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT))) Property changes on: head/emulators/qemu/files/patch-CVE-2015-3209 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/emulators/qemu-devel/Makefile =================================================================== --- head/emulators/qemu-devel/Makefile (revision 390663) +++ head/emulators/qemu-devel/Makefile (revision 390664) @@ -1,285 +1,285 @@ # Created by: Juergen Lock # $FreeBSD$ PORTNAME= qemu PORTVERSION= 2.3.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= emulators MASTER_SITES= http://wiki.qemu.org/download/:release \ LOCAL/nox:snapshot PKGNAMESUFFIX?= -devel DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:release DIST_SUBDIR= qemu/${PORTVERSION} MAINTAINER= nox@FreeBSD.org COMMENT?= QEMU CPU Emulator - development version HAS_CONFIGURE= yes USES= cpe gmake pkgconfig bison perl5 python:2,build tar:bzip2 USE_PERL5= build USE_XORG= pixman USE_GNOME+= glib20 PATCH_STRIP= -p1 MAKE_ENV+= BSD_MAKE="${MAKE}" ONLY_FOR_ARCHS= amd64 i386 powerpc powerpc64 # XXX someone wants to debug sparc64 hosts? OPTIONS_DEFINE= SAMBA X11 GTK2 OPENGL GNUTLS SASL JPEG PNG CURL \ CDROM_DMA PCAP USBREDIR GNS3 X86_TARGETS \ STATIC_LINK DOCS SAMBA_DESC= samba dependency (for -smb) GNUTLS_DESC= gnutls dependency (vnc encryption) SASL_DESC= cyrus-sasl dependency (vnc encryption) JPEG_DESC= jpeg dependency (vnc lossy compression) PNG_DESC= png dependency (vnc compression) CDROM_DMA_DESC= IDE CDROM DMA PCAP_DESC= pcap dependency (networking with bpf) USBREDIR_DESC= usb device network redirection (experimental!) GNS3_DESC= gns3 patches (promiscuous multicast) X86_TARGETS_DESC= Don't build non-x86 system targets BSD_USER_DESC= Also build bsd-user targets (for testing) STATIC_LINK_DESC= Statically link the executables OPTIONS_DEFAULT=X11 GTK2 OPENGL GNUTLS SASL JPEG PNG CDROM_DMA CURL PCAP .if !defined(QEMU_USER_STATIC) CONFLICTS_INSTALL= qemu-[0-9]* qemu-sbruno-[0-9]* .endif .include CONFIGURE_ARGS+= --localstatedir=/var CONFIGURE_ARGS+= --extra-ldflags=-L${LOCALBASE}/lib CONFIGURE_ARGS+= --disable-smartcard-nss --disable-libssh2 PORTDOCS= docs qemu-doc.html qemu-tech.html qmp-commands.txt .if defined(QEMU_USER_STATIC) .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user .else CONFIGURE_ARGS+= --target-list=i386-bsd-user,x86_64-bsd-user,sparc-bsd-user,sparc64-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,mips64-bsd-user,mips64el-bsd-user .endif .else .if ${PORT_OPTIONS:MX86_TARGETS} .if ${PORT_OPTIONS:MBSD_USER} .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user .else CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,i386-bsd-user,x86_64-bsd-user,sparc-bsd-user,sparc64-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,mips64-bsd-user,mips64el-bsd-user .endif .else CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu .endif .else .if empty(PORT_OPTIONS:MBSD_USER) CONFIGURE_ARGS+= --disable-bsd-user .else .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,aarch64-softmmu,alpha-softmmu,arm-softmmu,cris-softmmu,lm32-softmmu,m68k-softmmu,microblaze-softmmu,microblazeel-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,or32-softmmu,ppc-softmmu,ppcemb-softmmu,ppc64-softmmu,sh4-softmmu,sh4eb-softmmu,sparc-softmmu,sparc64-softmmu,s390x-softmmu,xtensa-softmmu,xtensaeb-softmmu,unicore32-softmmu,moxie-softmmu,i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user .endif .endif .endif .endif .if empty(PORT_OPTIONS:MBSD_USER) PLIST_SUB+= BSD_USER="@comment " .else PLIST_SUB+= BSD_USER="" .if ${ARCH} == "sparc64" IGNORE= bsd-user targets not tested on sparc64 .endif .endif .if empty(PORT_OPTIONS:MBSD_USER) || ${ARCH} != "amd64" PLIST_SUB+= BSD_USER64="@comment " .else PLIST_SUB+= BSD_USER64="" .endif .if ${PORT_OPTIONS:MX86_TARGETS} PLIST_SUB+= NONX86="@comment " .else PLIST_SUB+= NONX86="" .endif .if defined(QEMU_USER_STATIC) PLIST_SUB+= SOFTMMU="@comment " PLIST_SUB+= STATIC="-static" .else PLIST_SUB+= SOFTMMU="" PLIST_SUB+= STATIC="" .endif .if ${PORT_OPTIONS:MGNS3} EXTRA_PATCHES+= ${FILESDIR}/hw_e1000_c.patch .endif WITHOUT_CPU_CFLAGS=yes #to avoid problems with register allocation CFLAGS:= ${CFLAGS:C/-fno-tree-vrp//} CONFIGURE_ARGS+= --prefix=${PREFIX} --cc=${CC} --enable-docs \ --disable-linux-user --disable-linux-aio \ --disable-kvm --disable-xen \ --smbd=${LOCALBASE}/sbin/smbd \ --enable-debug \ --enable-debug-info \ --extra-cflags=-I${WRKSRC}\ -I${LOCALBASE}/include\ -DPREFIX=\\\"${PREFIX}\\\" .if empty(PORT_OPTIONS:MX11) CONFIGURE_ARGS+= --disable-sdl .else CONFIGURE_ARGS+= --enable-sdl USE_SDL= sdl .endif .if empty(PORT_OPTIONS:MGTK2) CONFIGURE_ARGS+= --disable-gtk --disable-vte PLIST_SUB+= GTK2="@comment " .else USE_GNOME+= gtk20 vte USES+= gettext PLIST_SUB+= GTK2="" .endif .if empty(PORT_OPTIONS:MGNUTLS) CONFIGURE_ARGS+= --disable-vnc-tls .else LIB_DEPENDS+= libgnutls.so:${PORTSDIR}/security/gnutls .endif .if empty(PORT_OPTIONS:MSASL) CONFIGURE_ARGS+= --disable-vnc-sasl .else LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 .endif .if empty(PORT_OPTIONS:MJPEG) CONFIGURE_ARGS+= --disable-vnc-jpeg .else USES+= jpeg .endif .if empty(PORT_OPTIONS:MPNG) CONFIGURE_ARGS+= --disable-vnc-png .else LIB_DEPENDS+= libpng.so:${PORTSDIR}/graphics/png .endif .if empty(PORT_OPTIONS:MCURL) CONFIGURE_ARGS+= --disable-curl .else LIB_DEPENDS+= libcurl.so:${PORTSDIR}/ftp/curl .endif .if empty(PORT_OPTIONS:MOPENGL) CONFIGURE_ARGS+= --disable-opengl .else USE_GL= yes .endif .if empty(PORT_OPTIONS:MUSBREDIR) CONFIGURE_ARGS+= --disable-usb-redir .else BUILD_DEPENDS+= usbredir>=0.6:${PORTSDIR}/net/usbredir RUN_DEPENDS+= usbredir>=0.6:${PORTSDIR}/net/usbredir .endif .if ${PORT_OPTIONS:MPCAP} CONFIGURE_ARGS+= --enable-pcap .endif .if ${PORT_OPTIONS:MSTATIC_LINK} .if ${PORT_OPTIONS:MGTK2} || ${PORT_OPTIONS:MX11} IGNORE= X11 ui cannot be built static .endif CONFIGURE_ARGS+= --static .endif .if ${PORT_OPTIONS:MSAMBA} RUN_DEPENDS+= ${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba36 .endif .if ${PORT_OPTIONS:MDOCS} BUILD_DEPENDS+= texi2html:${PORTSDIR}/textproc/texi2html USES+= makeinfo .else MAKE_ARGS+= NOPORTDOCS=1 .endif .if !defined(STRIP) || ${STRIP} == "" CONFIGURE_ARGS+=--disable-strip .endif .if ${ARCH} == "amd64" MAKE_ARGS+= ARCH=x86_64 .endif .if ${ARCH} == "powerpc" MAKE_ARGS+= ARCH=ppc .endif .if ${ARCH} == "powerpc64" MAKE_ARGS+= ARCH=ppc64 .endif .if ${ARCH} == "sparc64" CONFIGURE_ARGS+= --sparc_cpu=v9 .endif .if ${OSVERSION} < 900033 BUILD_DEPENDS+= ${LOCALBASE}/bin/as:${PORTSDIR}/devel/binutils CONFIGURE_ENV+= AS=${LOCALBASE}/bin/as CONFIGURE_ENV+= LD=${LOCALBASE}/bin/ld CONFIGURE_ENV+= COMPILER_PATH=${LOCALBASE}/bin MAKE_ENV+= COMPILER_PATH=${LOCALBASE}/bin .endif CONFIGURE_ARGS+= --python=${PYTHON_CMD} # -lprocstat actually only _needs_ -lelf after r249666 or r250870 (MFC) # but it shouldn't matter much post-patch: .if ${OSVERSION} < 900000 @${REINPLACE_CMD} -e '/LIBS/s|-lprocstat||' ${WRKSRC}/configure .else @${REINPLACE_CMD} -e '/LIBS/s|-lprocstat|-lprocstat -lelf|' \ ${WRKSRC}/configure .endif @${REINPLACE_CMD} -e '/libs_qga=/s|glib_libs|glib_libs -lintl|' ${WRKSRC}/configure .if ${PORT_OPTIONS:MPCAP} @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/pcap-patch .endif .if empty(PORT_OPTIONS:MCDROM_DMA) @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/cdrom-dma-patch .endif @${REINPLACE_CMD} -E \ -e "/^by Tibor .TS. S/s|Sch.*z.$$|Schuetz.|" \ ${WRKSRC}/qemu-doc.texi @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile.target @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing -I.|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile @${REINPLACE_CMD} -E \ -e "1s|^(#! )/usr/bin/perl|\1${PERL}|" \ ${WRKSRC}/scripts/texi2pod.pl # XXX need to disable usb host code on head while it's not ported to the # new usb stack yet post-configure: @${REINPLACE_CMD} -E \ -e "s|^(HOST_USB=)bsd|\1stub|" \ ${WRKSRC}/config-host.mak .if !target(post-install) post-install: .if ${PORT_OPTIONS:MDOCS} @(cd ${WRKSRC} && ${COPYTREE_SHARE} docs ${STAGEDIR}${DOCSDIR}/) .endif ${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifup.sample ${STAGEDIR}${PREFIX}/etc ${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifdown.sample ${STAGEDIR}${PREFIX}/etc @(cd ${STAGEDIR}${PREFIX}/etc/qemu && \ ${MV} -i target-x86_64.conf target-x86_64.conf.sample) @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/qemu-* .endif .include Index: head/emulators/qemu-devel/files/patch-CVE-2015-3209 =================================================================== --- head/emulators/qemu-devel/files/patch-CVE-2015-3209 (nonexistent) +++ head/emulators/qemu-devel/files/patch-CVE-2015-3209 (revision 390664) @@ -0,0 +1,45 @@ +From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Sun, 24 May 2015 10:53:44 +0200 +Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx + +4096 is the maximum length per TMD and it is also currently the size of +the relay buffer pcnet driver uses for sending the packet data to QEMU +for further processing. With packet spanning multiple TMDs it can +happen that the overall packet size will be bigger than sizeof(buffer), +which results in memory corruption. + +Fix this by only allowing to queue maximum sizeof(buffer) bytes. + +This is CVE-2015-3209. + +Signed-off-by: Petr Matousek +Reported-by: Matt Tait +Reviewed-by: Peter Maydell +Reviewed-by: Stefan Hajnoczi +--- + hw/net/pcnet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index bdfd38f..6d32e4c 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s) + } + + bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); ++ ++ /* if multi-tmd packet outsizes s->buffer then skip it silently. ++ Note: this is not what real hw does */ ++ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { ++ s->xmit_pos = -1; ++ goto txdone; ++ } ++ + s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), + s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); + s->xmit_pos += bcnt; +-- +2.1.0 + Property changes on: head/emulators/qemu-devel/files/patch-CVE-2015-3209 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/emulators/qemu-sbruno/Makefile =================================================================== --- head/emulators/qemu-sbruno/Makefile (revision 390663) +++ head/emulators/qemu-sbruno/Makefile (revision 390664) @@ -1,300 +1,301 @@ # Created by: Juergen Lock # $FreeBSD$ PORTNAME= qemu PORTVERSION= 2.3.50.g20150618 +PORTREVISION= 1 CATEGORIES= emulators MASTER_SITES= GH \ LOCAL/nox \ LOCAL/nox:dtc \ http://people.freebsd.org/~nox/tmp/distfiles/ \ http://people.freebsd.org/~nox/tmp/distfiles/:dtc PKGNAMESUFFIX?= -sbruno DISTFILES= ${DISTNAME}${EXTRACT_SUFX} \ dtc-v1.4.0${EXTRACT_SUFX}:dtc DIST_SUBDIR= qemu/${PORTVERSION} MAINTAINER= nox@FreeBSD.org COMMENT?= QEMU CPU Emulator - github bsd-user branch USE_GITHUB= yes GH_ACCOUNT= seanbruno GH_PROJECT= ${PORTNAME}-bsd-user GH_TAGNAME= 460c17e HAS_CONFIGURE= yes USES= gmake pkgconfig bison perl5 python:2,build USE_PERL5= build USE_XORG= pixman USE_GNOME+= glib20 PATCH_STRIP= -p1 MAKE_ENV+= BSD_MAKE="${MAKE}" ONLY_FOR_ARCHS= amd64 i386 powerpc powerpc64 # XXX someone wants to debug sparc64 hosts? OPTIONS_DEFINE= SAMBA X11 GTK2 OPENGL GNUTLS SASL JPEG PNG CURL \ CDROM_DMA PCAP USBREDIR X86_TARGETS BSD_USER \ STATIC_LINK DOCS SAMBA_DESC= samba dependency (for -smb) GNUTLS_DESC= gnutls dependency (vnc encryption) SASL_DESC= cyrus-sasl dependency (vnc encryption) JPEG_DESC= jpeg dependency (vnc lossy compression) PNG_DESC= png dependency (vnc compression) CDROM_DMA_DESC= IDE CDROM DMA PCAP_DESC= pcap dependency (networking with bpf) USBREDIR_DESC= usb device network redirection (experimental!) X86_TARGETS_DESC= Don't build non-x86 system targets BSD_USER_DESC= Also build bsd-user targets (for testing) STATIC_LINK_DESC= Statically link the executables OPTIONS_DEFAULT=X11 GTK2 OPENGL GNUTLS SASL JPEG PNG CDROM_DMA CURL PCAP .if !defined(QEMU_USER_STATIC) CONFLICTS_INSTALL= qemu-[0-9]* qemu-devel-* .endif .if defined(QEMU_USER_STATIC) .if exists(/usr/sbin/binmiscctl) USE_RC_SUBR= qemu_user_static SUB_LIST= NAME=qemu_user_static .endif .endif .include CONFIGURE_ARGS+= --localstatedir=/var CONFIGURE_ARGS+= --extra-ldflags=-L${LOCALBASE}/lib CONFIGURE_ARGS+= --disable-smartcard-nss --disable-libssh2 PORTDOCS= docs qemu-doc.html qemu-tech.html qmp-commands.txt .if defined(QEMU_USER_STATIC) .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,ppc-bsd-user .else CONFIGURE_ARGS+= --target-list=i386-bsd-user,x86_64-bsd-user,sparc-bsd-user,sparc64-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,mips64-bsd-user,mips64el-bsd-user,ppc-bsd-user,ppc64-bsd-user,aarch64-bsd-user .endif .else .if ${PORT_OPTIONS:MX86_TARGETS} .if ${PORT_OPTIONS:MBSD_USER} .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,ppc-bsd-user .else CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,i386-bsd-user,x86_64-bsd-user,sparc-bsd-user,sparc64-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,mips64-bsd-user,mips64el-bsd-user,ppc-bsd-user,ppc64-bsd-user,aarch64-bsd-user .endif .else CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu .endif .else .if empty(PORT_OPTIONS:MBSD_USER) CONFIGURE_ARGS+= --disable-bsd-user .else .if ${ARCH} != "amd64" CONFIGURE_ARGS+= --target-list=i386-softmmu,x86_64-softmmu,aarch64-softmmu,alpha-softmmu,arm-softmmu,cris-softmmu,lm32-softmmu,m68k-softmmu,microblaze-softmmu,microblazeel-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,or32-softmmu,ppc-softmmu,ppcemb-softmmu,ppc64-softmmu,sh4-softmmu,sh4eb-softmmu,sparc-softmmu,sparc64-softmmu,s390x-softmmu,xtensa-softmmu,xtensaeb-softmmu,unicore32-softmmu,moxie-softmmu,i386-bsd-user,sparc-bsd-user,arm-bsd-user,mips-bsd-user,mipsel-bsd-user,ppc-bsd-user .endif .endif .endif .endif .if empty(PORT_OPTIONS:MBSD_USER) PLIST_SUB+= BSD_USER="@comment " .else PLIST_SUB+= BSD_USER="" .if ${ARCH} == "sparc64" IGNORE= bsd-user targets not tested on sparc64 .endif .endif .if empty(PORT_OPTIONS:MBSD_USER) || ${ARCH} != "amd64" PLIST_SUB+= BSD_USER64="@comment " .else PLIST_SUB+= BSD_USER64="" .endif .if ${PORT_OPTIONS:MX86_TARGETS} PLIST_SUB+= NONX86="@comment " .else PLIST_SUB+= NONX86="" .endif .if defined(QEMU_USER_STATIC) PLIST_SUB+= SOFTMMU="@comment " PLIST_SUB+= STATIC="-static" .else PLIST_SUB+= SOFTMMU="" PLIST_SUB+= STATIC="" .endif #.if ${PORT_OPTIONS:MGNS3} #EXTRA_PATCHES+= ${FILESDIR}/hw_e1000_c.patch #.endif WITHOUT_CPU_CFLAGS=yes #to avoid problems with register allocation CFLAGS:= ${CFLAGS:C/-fno-tree-vrp//} CONFIGURE_ARGS+= --prefix=${PREFIX} --cc=${CC} --enable-docs \ --disable-linux-user --disable-linux-aio \ --disable-kvm --disable-xen \ --smbd=${LOCALBASE}/sbin/smbd \ --enable-debug \ --enable-debug-info \ --extra-cflags=-I${WRKSRC}\ -I${LOCALBASE}/include\ -DPREFIX=\\\"\"${PREFIX}\\\"\" .if empty(PORT_OPTIONS:MX11) CONFIGURE_ARGS+= --disable-sdl .else CONFIGURE_ARGS+= --enable-sdl USE_SDL= sdl .endif .if empty(PORT_OPTIONS:MGTK2) CONFIGURE_ARGS+= --disable-gtk --disable-vte PLIST_SUB+= GTK2="@comment " .else USE_GNOME+= gtk20 vte USES+= gettext PLIST_SUB+= GTK2="" .endif .if empty(PORT_OPTIONS:MGNUTLS) CONFIGURE_ARGS+= --disable-vnc-tls .else LIB_DEPENDS+= libgnutls.so:${PORTSDIR}/security/gnutls .endif .if empty(PORT_OPTIONS:MSASL) CONFIGURE_ARGS+= --disable-vnc-sasl .else LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 .endif .if empty(PORT_OPTIONS:MJPEG) CONFIGURE_ARGS+= --disable-vnc-jpeg .else USES+= jpeg .endif .if empty(PORT_OPTIONS:MPNG) CONFIGURE_ARGS+= --disable-vnc-png .else LIB_DEPENDS+= libpng.so:${PORTSDIR}/graphics/png .endif .if empty(PORT_OPTIONS:MCURL) CONFIGURE_ARGS+= --disable-curl .else LIB_DEPENDS+= libcurl.so:${PORTSDIR}/ftp/curl .endif .if empty(PORT_OPTIONS:MOPENGL) CONFIGURE_ARGS+= --disable-opengl .else USE_GL= yes .endif .if empty(PORT_OPTIONS:MUSBREDIR) CONFIGURE_ARGS+= --disable-usb-redir .else BUILD_DEPENDS+= usbredir>=0.6:${PORTSDIR}/net/usbredir RUN_DEPENDS+= usbredir>=0.6:${PORTSDIR}/net/usbredir .endif .if ${PORT_OPTIONS:MPCAP} CONFIGURE_ARGS+= --enable-pcap .else CONFIGURE_ARGS+= --disable-pcap .endif .if ${PORT_OPTIONS:MSTATIC_LINK} .if ${PORT_OPTIONS:MGTK2} || ${PORT_OPTIONS:MX11} IGNORE= X11 ui cannot be built static .endif CONFIGURE_ARGS+= --static .endif .if ${PORT_OPTIONS:MSAMBA} RUN_DEPENDS+= ${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba36 .endif .if ${PORT_OPTIONS:MDOCS} BUILD_DEPENDS+= texi2html:${PORTSDIR}/textproc/texi2html USES+= makeinfo .else MAKE_ARGS+= NOPORTDOCS=1 .endif .if !defined(STRIP) || ${STRIP} == "" CONFIGURE_ARGS+=--disable-strip .endif .if ${ARCH} == "amd64" MAKE_ARGS+= ARCH=x86_64 .endif .if ${ARCH} == "powerpc" MAKE_ARGS+= ARCH=ppc .endif .if ${ARCH} == "powerpc64" MAKE_ARGS+= ARCH=ppc64 .endif .if ${ARCH} == "sparc64" CONFIGURE_ARGS+= --sparc_cpu=v9 .endif .if ${OSVERSION} < 900033 BUILD_DEPENDS+= ${LOCALBASE}/bin/as:${PORTSDIR}/devel/binutils CONFIGURE_ENV+= LD=${LOCALBASE}/bin/ld CONFIGURE_ENV+= COMPILER_PATH=${LOCALBASE}/bin MAKE_ENV+= COMPILER_PATH=${LOCALBASE}/bin .endif CONFIGURE_ARGS+= --python=${PYTHON_CMD} # -lprocstat actually only _needs_ -lelf after r249666 or r250870 (MFC) # but it shouldn't matter much post-patch: @${MV} ${WRKDIR}/dtc ${WRKSRC} .if ${OSVERSION} < 900000 @${REINPLACE_CMD} -e '/LIBS/s|-lprocstat||' ${WRKSRC}/configure .else @${REINPLACE_CMD} -e '/LIBS/s|-lprocstat|-lprocstat -lelf|' \ ${WRKSRC}/configure .endif @${REINPLACE_CMD} -e '/libs_qga=/s|glib_libs|glib_libs -lintl|' ${WRKSRC}/configure #.if ${PORT_OPTIONS:MPCAP} # @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/pcap-patch #.endif .if empty(PORT_OPTIONS:MCDROM_DMA) @cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/cdrom-dma-patch .endif @${REINPLACE_CMD} -E \ -e "/^by Tibor .TS. S/s|Sch.*z.$$|Schuetz.|" \ ${WRKSRC}/qemu-doc.texi @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile.target @${REINPLACE_CMD} -E \ -e "s|^(CFLAGS=).*|\1${CFLAGS} -fno-strict-aliasing -I.|" \ -e "s|^(LDFLAGS=).*|\1${LDFLAGS}|" \ ${WRKSRC}/Makefile @${REINPLACE_CMD} -E \ -e "1s|^(#! )/usr/bin/perl|\1${PERL}|" \ ${WRKSRC}/scripts/texi2pod.pl # XXX need to disable usb host code on head while it's not ported to the # new usb stack yet post-configure: @${REINPLACE_CMD} -E \ -e "s|^(HOST_USB=)bsd|\1stub|" \ ${WRKSRC}/config-host.mak .if !target(post-install) post-install: .if ${PORT_OPTIONS:MDOCS} @(cd ${WRKSRC} && ${COPYTREE_SHARE} docs ${STAGEDIR}${DOCSDIR}/) .endif ${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifup.sample ${STAGEDIR}${PREFIX}/etc ${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifdown.sample ${STAGEDIR}${PREFIX}/etc @(cd ${STAGEDIR}${PREFIX}/etc/qemu && \ ${MV} -i target-x86_64.conf target-x86_64.conf.sample) @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/qemu-* .endif .include Index: head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 =================================================================== --- head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 (nonexistent) +++ head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 (revision 390664) @@ -0,0 +1,45 @@ +From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Sun, 24 May 2015 10:53:44 +0200 +Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx + +4096 is the maximum length per TMD and it is also currently the size of +the relay buffer pcnet driver uses for sending the packet data to QEMU +for further processing. With packet spanning multiple TMDs it can +happen that the overall packet size will be bigger than sizeof(buffer), +which results in memory corruption. + +Fix this by only allowing to queue maximum sizeof(buffer) bytes. + +This is CVE-2015-3209. + +Signed-off-by: Petr Matousek +Reported-by: Matt Tait +Reviewed-by: Peter Maydell +Reviewed-by: Stefan Hajnoczi +--- + hw/net/pcnet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index bdfd38f..6d32e4c 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s) + } + + bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); ++ ++ /* if multi-tmd packet outsizes s->buffer then skip it silently. ++ Note: this is not what real hw does */ ++ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { ++ s->xmit_pos = -1; ++ goto txdone; ++ } ++ + s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), + s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); + s->xmit_pos += bcnt; +-- +2.1.0 + Property changes on: head/emulators/qemu-sbruno/files/patch-CVE-2015-3209 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property