Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-10-01 06:32:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

system/qemu: Updated for version 2.4.0.

Browse source 
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
Edward W. Koenig 2015-09-06 13:05:57 +07:00 committed by Willy Sudiarto Raharjo
parent 8624e750c3
commit f2e429ddf4
5 changed files with 8 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
system/qemu/patches/qemu_atapi.patch
View file

@ -1,91 +0,0 @@
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 950e311..79dd167 100644 (file)
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -983,6 +983,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
if (pwrcnd) {
/* eject/load only happens for power condition == 0 */
+ ide_atapi_cmd_ok(s);
return;
}
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 122e955..50449ca 100644 (file)
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2021,11 +2021,17 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return;
+ }
+
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -2042,11 +2048,17 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -2063,11 +2075,17 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return;
+ }
+
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -2084,11 +2102,17 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}

18
system/qemu/patches/qemu_pcnet.patch
View file

@ -1,18 +0,0 @@
index bdfd38f..68b9981 100644 (file)
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
}
bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+ Note: this is not what real hw does */
+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+
s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
s->xmit_pos += bcnt;

58
system/qemu/patches/qemu_venom.patch
View file

@ -1,58 +0,0 @@
index f72a392..d8a8edd 100644 (file)
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
{
FDrive *cur_drv;
uint32_t retval = 0;
- int pos;
+ uint32_t pos;
cur_drv = get_cur_drv(fdctrl);
fdctrl->dsr &= ~FD_DSR_PWRDOWN;
@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
return 0;
}
pos = fdctrl->data_pos;
+ pos %= FD_SECTOR_LEN;
if (fdctrl->msr & FD_MSR_NONDMA) {
- pos %= FD_SECTOR_LEN;
if (pos == 0) {
if (fdctrl->data_pos != 0)
if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
{
FDrive *cur_drv = get_cur_drv(fdctrl);
+ uint32_t pos;
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
+ pos = fdctrl->data_pos - 1;
+ pos %= FD_SECTOR_LEN;
+ if (fdctrl->fifo[pos] & 0x80) {
/* Command parameters done */
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
+ if (fdctrl->fifo[pos] & 0x40) {
fdctrl->fifo[0] = fdctrl->fifo[1];
fdctrl->fifo[2] = 0;
fdctrl->fifo[3] = 0;
@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
{
FDrive *cur_drv;
- int pos;
+ uint32_t pos;
/* Reset mode */
if (!(fdctrl->dor & FD_DOR_nRESET)) {
@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
}
FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
- fdctrl->fifo[fdctrl->data_pos++] = value;
+ pos = fdctrl->data_pos++;
+ pos %= FD_SECTOR_LEN;
+ fdctrl->fifo[pos] = value;
if (fdctrl->data_pos == fdctrl->data_len) {
/* We now have all parameters
* and will be able to treat the command

18
system/qemu/qemu.SlackBuild
View file

@ -3,7 +3,7 @@
# Slackware build script for qemu
# Copyright 2009, 2010 Andrew Brouwers <abrouwers@gmail.com>
# Copyright 2013, 2014 Edward Koenig, Vancouver, USA <kingbeowulf@gmail.com>
# Copyright 2013-2015 Edward Koenig, Vancouver, USA <kingbeowulf@gmail.com>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@ -42,16 +42,17 @@
# 1.9 14-MAY-2015 patched for "Venom" CVE-2015-3456 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
# 2.0 11-JUL-2015 patched for Heap-based buffer overflow in the PCNET controller CVE-2015-3209 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f7c594c006289ad41169b854d70f5da6e400a2a
# 2.1 27-JUL-2015 patched for heap overflow flaw while processing certain ATAPI commands CVE-2015-5154 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e40db4c6d391419c0039fe274c74df32a6ca1a28;hp=f793d97e454a56d17e404004867985622ca1a63b
# 3.0 05-SEP-2015 uprgraded to new version
PRGNAM=qemu
VERSION=${VERSION:-2.3.0}
BUILD=${BUILD:-4}
VERSION=${VERSION:-2.4.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
KVMGROUP=${KVMGROUP:-users}
TARGETS=${TARGETS:-some}
VNC_ENABLE=${VNC_ENABLE:-yes}
AUDIODRIVERS=${AUDIODRIVERS:-alsa,oss,sdl,esd}
AUDIODRIVERS=${AUDIODRIVERS:-alsa,oss,sdl}
LIBUSB=${LIBUSB:-no}
if [ -z "$ARCH" ]; then
@ -139,15 +140,6 @@ if [ "$LIBUSB" = "yes" ]; then
USBSTATIC="$TMP/$PRGNAM-$VERSION/libusb-static/lib/pkgconfig"
fi
# patch Venom bug CVE-2015-3456
patch -p1 < $CWD/patches/qemu_venom.patch
# patch PCNET controller bug CVE-2015-3209
patch -p1 < $CWD/patches/qemu_pcnet.patch
# patch ATAPI heap overflow bug CVE-2015-5154
patch -p1 < $CWD/patches/qemu_atapi.patch
PKG_CONFIG_PATH+="${USBSTATIC}" \
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \

6
system/qemu/qemu.info
View file

@ -1,9 +1,9 @@
PRGNAM="qemu"
VERSION="2.3.0"
VERSION="2.4.0"
HOMEPAGE="http://wiki.qemu.org/Main_Page"
DOWNLOAD="http://wiki.qemu.org/download/qemu-2.3.0.tar.bz2 \
DOWNLOAD="http://wiki.qemu.org/download/qemu-2.4.0.tar.bz2 \
http://harrier.slackbuilds.org/misc/libusb-1.0.19.tar.xz"
MD5SUM="2fab3ea4460de9b57192e5b8b311f221 \
MD5SUM="186ee8194140a484a455f8e3c74589f4 \
30fcf0865e8945a39d7d136f907e933c"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""