summaryrefslogtreecommitdiff
path: root/system/qemu
diff options
context:
space:
mode:
Diffstat (limited to 'system/qemu')
-rw-r--r--system/qemu/patches/qemu_atapi.patch91
-rw-r--r--system/qemu/patches/qemu_pcnet.patch18
-rw-r--r--system/qemu/patches/qemu_venom.patch58
-rw-r--r--system/qemu/qemu.SlackBuild18
-rw-r--r--system/qemu/qemu.info6
5 files changed, 8 insertions, 183 deletions
diff --git a/system/qemu/patches/qemu_atapi.patch b/system/qemu/patches/qemu_atapi.patch
deleted file mode 100644
index f977b4f281..0000000000
--- a/system/qemu/patches/qemu_atapi.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
-index 950e311..79dd167 100644 (file)
---- a/hw/ide/atapi.c
-+++ b/hw/ide/atapi.c
-@@ -983,6 +983,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
-
- if (pwrcnd) {
- /* eject/load only happens for power condition == 0 */
-+ ide_atapi_cmd_ok(s);
- return;
- }
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 122e955..50449ca 100644 (file)
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -2021,11 +2021,17 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
- }
-
- p = s->data_ptr;
-+ if (p + 2 > s->data_end) {
-+ return;
-+ }
-+
- *(uint16_t *)p = le16_to_cpu(val);
- p += 2;
- s->data_ptr = p;
-- if (p >= s->data_end)
-+ if (p >= s->data_end) {
-+ s->status &= ~DRQ_STAT;
- s->end_transfer_func(s);
-+ }
- }
-
- uint32_t ide_data_readw(void *opaque, uint32_t addr)
-@@ -2042,11 +2048,17 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
- }
-
- p = s->data_ptr;
-+ if (p + 2 > s->data_end) {
-+ return 0;
-+ }
-+
- ret = cpu_to_le16(*(uint16_t *)p);
- p += 2;
- s->data_ptr = p;
-- if (p >= s->data_end)
-+ if (p >= s->data_end) {
-+ s->status &= ~DRQ_STAT;
- s->end_transfer_func(s);
-+ }
- return ret;
- }
-
-@@ -2063,11 +2075,17 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
- }
-
- p = s->data_ptr;
-+ if (p + 4 > s->data_end) {
-+ return;
-+ }
-+
- *(uint32_t *)p = le32_to_cpu(val);
- p += 4;
- s->data_ptr = p;
-- if (p >= s->data_end)
-+ if (p >= s->data_end) {
-+ s->status &= ~DRQ_STAT;
- s->end_transfer_func(s);
-+ }
- }
-
- uint32_t ide_data_readl(void *opaque, uint32_t addr)
-@@ -2084,11 +2102,17 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
- }
-
- p = s->data_ptr;
-+ if (p + 4 > s->data_end) {
-+ return 0;
-+ }
-+
- ret = cpu_to_le32(*(uint32_t *)p);
- p += 4;
- s->data_ptr = p;
-- if (p >= s->data_end)
-+ if (p >= s->data_end) {
-+ s->status &= ~DRQ_STAT;
- s->end_transfer_func(s);
-+ }
- return ret;
- }
diff --git a/system/qemu/patches/qemu_pcnet.patch b/system/qemu/patches/qemu_pcnet.patch
deleted file mode 100644
index 25c89cd90b..0000000000
--- a/system/qemu/patches/qemu_pcnet.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-index bdfd38f..68b9981 100644 (file)
---- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
- }
-
- bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
-+
-+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
-+ Note: this is not what real hw does */
-+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
-+ s->xmit_pos = -1;
-+ goto txdone;
-+ }
-+
- s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
- s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
- s->xmit_pos += bcnt;
diff --git a/system/qemu/patches/qemu_venom.patch b/system/qemu/patches/qemu_venom.patch
deleted file mode 100644
index 0bbd18c223..0000000000
--- a/system/qemu/patches/qemu_venom.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-index f72a392..d8a8edd 100644 (file)
---- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- {
- FDrive *cur_drv;
- uint32_t retval = 0;
-- int pos;
-+ uint32_t pos;
-
- cur_drv = get_cur_drv(fdctrl);
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
-@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- return 0;
- }
- pos = fdctrl->data_pos;
-+ pos %= FD_SECTOR_LEN;
- if (fdctrl->msr & FD_MSR_NONDMA) {
-- pos %= FD_SECTOR_LEN;
- if (pos == 0) {
- if (fdctrl->data_pos != 0)
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
-@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
- {
- FDrive *cur_drv = get_cur_drv(fdctrl);
-+ uint32_t pos;
-
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
-+ pos = fdctrl->data_pos - 1;
-+ pos %= FD_SECTOR_LEN;
-+ if (fdctrl->fifo[pos] & 0x80) {
- /* Command parameters done */
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
-+ if (fdctrl->fifo[pos] & 0x40) {
- fdctrl->fifo[0] = fdctrl->fifo[1];
- fdctrl->fifo[2] = 0;
- fdctrl->fifo[3] = 0;
-@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- {
- FDrive *cur_drv;
-- int pos;
-+ uint32_t pos;
-
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
-@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- }
-
- FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
-- fdctrl->fifo[fdctrl->data_pos++] = value;
-+ pos = fdctrl->data_pos++;
-+ pos %= FD_SECTOR_LEN;
-+ fdctrl->fifo[pos] = value;
- if (fdctrl->data_pos == fdctrl->data_len) {
- /* We now have all parameters
- * and will be able to treat the command
diff --git a/system/qemu/qemu.SlackBuild b/system/qemu/qemu.SlackBuild
index 2d563cf528..a06d2ec635 100644
--- a/system/qemu/qemu.SlackBuild
+++ b/system/qemu/qemu.SlackBuild
@@ -3,7 +3,7 @@
# Slackware build script for qemu
# Copyright 2009, 2010 Andrew Brouwers <abrouwers@gmail.com>
-# Copyright 2013, 2014 Edward Koenig, Vancouver, USA <kingbeowulf@gmail.com>
+# Copyright 2013-2015 Edward Koenig, Vancouver, USA <kingbeowulf@gmail.com>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -42,16 +42,17 @@
# 1.9 14-MAY-2015 patched for "Venom" CVE-2015-3456 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
# 2.0 11-JUL-2015 patched for Heap-based buffer overflow in the PCNET controller CVE-2015-3209 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f7c594c006289ad41169b854d70f5da6e400a2a
# 2.1 27-JUL-2015 patched for heap overflow flaw while processing certain ATAPI commands CVE-2015-5154 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e40db4c6d391419c0039fe274c74df32a6ca1a28;hp=f793d97e454a56d17e404004867985622ca1a63b
+# 3.0 05-SEP-2015 uprgraded to new version
PRGNAM=qemu
-VERSION=${VERSION:-2.3.0}
-BUILD=${BUILD:-4}
+VERSION=${VERSION:-2.4.0}
+BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
KVMGROUP=${KVMGROUP:-users}
TARGETS=${TARGETS:-some}
VNC_ENABLE=${VNC_ENABLE:-yes}
-AUDIODRIVERS=${AUDIODRIVERS:-alsa,oss,sdl,esd}
+AUDIODRIVERS=${AUDIODRIVERS:-alsa,oss,sdl}
LIBUSB=${LIBUSB:-no}
if [ -z "$ARCH" ]; then
@@ -139,15 +140,6 @@ if [ "$LIBUSB" = "yes" ]; then
USBSTATIC="$TMP/$PRGNAM-$VERSION/libusb-static/lib/pkgconfig"
fi
-# patch Venom bug CVE-2015-3456
-patch -p1 < $CWD/patches/qemu_venom.patch
-
-# patch PCNET controller bug CVE-2015-3209
-patch -p1 < $CWD/patches/qemu_pcnet.patch
-
-# patch ATAPI heap overflow bug CVE-2015-5154
-patch -p1 < $CWD/patches/qemu_atapi.patch
-
PKG_CONFIG_PATH+="${USBSTATIC}" \
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
diff --git a/system/qemu/qemu.info b/system/qemu/qemu.info
index c8fa221825..2967356d4a 100644
--- a/system/qemu/qemu.info
+++ b/system/qemu/qemu.info
@@ -1,9 +1,9 @@
PRGNAM="qemu"
-VERSION="2.3.0"
+VERSION="2.4.0"
HOMEPAGE="http://wiki.qemu.org/Main_Page"
-DOWNLOAD="http://wiki.qemu.org/download/qemu-2.3.0.tar.bz2 \
+DOWNLOAD="http://wiki.qemu.org/download/qemu-2.4.0.tar.bz2 \
http://harrier.slackbuilds.org/misc/libusb-1.0.19.tar.xz"
-MD5SUM="2fab3ea4460de9b57192e5b8b311f221 \
+MD5SUM="186ee8194140a484a455f8e3c74589f4 \
30fcf0865e8945a39d7d136f907e933c"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""