Here is an update to QEMU 1.0.1.
Index: Makefile =================================================================== RCS file: /home/cvs/ports/emulators/qemu/Makefile,v retrieving revision 1.84 diff -u -p -r1.84 Makefile --- Makefile 2 Feb 2012 22:07:33 -0000 1.84 +++ Makefile 24 Feb 2012 20:01:07 -0000 @@ -1,14 +1,13 @@ # $OpenBSD: Makefile,v 1.84 2012/02/02 22:07:33 sthen Exp $ -ONLY_FOR_ARCHS= amd64 i386 mips64 mips64el powerpc sparc sparc64 +ONLY_FOR_ARCHS= amd64 arm hppa i386 mips64 mips64el powerpc sparc sparc64 +BROKEN-hppa= compiler bug with gcc 4.2 COMMENT= multi system emulator -DISTNAME= qemu-1.0 -REVISION= 1 +DISTNAME= qemu-1.0.1 CATEGORIES= emulators -MASTER_SITES= http://wiki.qemu.org/download/ \ - http://comstyle.com/source/ +MASTER_SITES= http://wiki.qemu.org/download/ HOMEPAGE= http://www.qemu.org/ Index: distinfo =================================================================== RCS file: /home/cvs/ports/emulators/qemu/distinfo,v retrieving revision 1.18 diff -u -p -r1.18 distinfo --- distinfo 12 Dec 2011 10:56:56 -0000 1.18 +++ distinfo 17 Feb 2012 20:59:39 -0000 @@ -1,5 +1,5 @@ -MD5 (qemu-1.0.tar.gz) = pks2BnoZFFEyOw0067RJVA== -RMD160 (qemu-1.0.tar.gz) = OmCu9s/rumiWvbEsmVJdpUVhcv0= -SHA1 (qemu-1.0.tar.gz) = fcsbNRZVTW2JnXSIzURNu3ch/O4= -SHA256 (qemu-1.0.tar.gz) = R2dLfaVZ1eG0TMQBr5rFrZYtFOnu3hJWexPkuEGYlzc= -SIZE (qemu-1.0.tar.gz) = 10848714 +MD5 (qemu-1.0.1.tar.gz) = Xv0QkfAeO8Mb/ewnuO3rAA== +RMD160 (qemu-1.0.1.tar.gz) = 3O80TxUOI4iAhxdo8vB8y26OzOc= +SHA1 (qemu-1.0.1.tar.gz) = TQi1qDU4/NeyIr7G8cWE2o0SSXo= +SHA256 (qemu-1.0.1.tar.gz) = GYkC4QeCUX9gfJ7Z5im153COo56zc+0+w/HIoWnZg3g= +SIZE (qemu-1.0.1.tar.gz) = 10853005 Index: patches/patch-configure =================================================================== RCS file: /home/cvs/ports/emulators/qemu/patches/patch-configure,v retrieving revision 1.21 diff -u -p -r1.21 patch-configure --- patches/patch-configure 12 Dec 2011 10:56:56 -0000 1.21 +++ patches/patch-configure 17 Feb 2012 21:03:10 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-configure,v 1.21 2011/12/12 10:56:56 sthen Exp $ ---- configure.orig Mon Nov 28 17:22:15 2011 -+++ configure Mon Nov 28 18:32:45 2011 +--- configure.orig Fri Feb 17 14:45:39 2012 ++++ configure Fri Feb 17 16:02:57 2012 @@ -235,13 +235,11 @@ sdl_config="${SDL_CONFIG-${cross_prefix}sdl-config}" # default flags for all hosts @@ -15,15 +15,6 @@ $OpenBSD: patch-configure,v 1.21 2011/12 # make source path absolute source_path=`cd "$source_path"; pwd` -@@ -1116,7 +1114,7 @@ fi - - if test "$pie" = ""; then - case "$cpu-$targetos" in -- i386-Linux|x86_64-Linux) -+ i386-Linux|x86_64-Linux|i386-OpenBSD|x86_64-OpenBSD) - ;; - *) - pie="no" @@ -2684,8 +2682,9 @@ fi # End of CC checks # After here, no more $cc or $ld runs Index: patches/patch-hw_e1000_c =================================================================== RCS file: patches/patch-hw_e1000_c diff -N patches/patch-hw_e1000_c --- patches/patch-hw_e1000_c 2 Feb 2012 22:07:33 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-hw_e1000_c,v 1.4 2012/02/02 22:07:33 sthen Exp $ - -Bounds packet size against buffer size, otherwise??we??can??write??beyond -the??buffer??and??corrupt??memory.???? CVE-2012-0029. - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=65f82df0d7a71ce1b10cd4c5ab08888d176ac840 - ---- hw/e1000.c.orig Thu Feb 2 20:07:37 2012 -+++ hw/e1000.c Thu Feb 2 20:11:43 2012 -@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *d - bytes = split_size; - if (tp->size + bytes > msh) - bytes = msh - tp->size; -+ -+ bytes = MIN(sizeof(tp->data) - tp->size, bytes); - pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes); - if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) - memmove(tp->header, tp->data, hdr); -@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *d - // context descriptor TSE is not set, while data descriptor TSE is set - DBGOUT(TXERR, "TCP segmentaion Error\n"); - } else { -+ split_size = MIN(sizeof(tp->data) - tp->size, split_size); - pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size); - tp->size += split_size; - } Index: patches/patch-target-i386_translate_c =================================================================== RCS file: patches/patch-target-i386_translate_c diff -N patches/patch-target-i386_translate_c --- patches/patch-target-i386_translate_c 12 Dec 2011 10:56:56 -0000 1.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,32 +0,0 @@ -$OpenBSD: patch-target-i386_translate_c,v 1.6 2011/12/12 10:56:56 sthen Exp $ ---- target-i386/translate.c.orig Mon Nov 7 16:24:56 2011 -+++ target-i386/translate.c Mon Nov 7 17:39:18 2011 -@@ -4870,20 +4870,24 @@ static target_ulong disas_insn(DisasContext *s, target - tcg_gen_sub_tl(t2, cpu_regs[R_EAX], t0); - gen_extu(ot, t2); - tcg_gen_brcondi_tl(TCG_COND_EQ, t2, 0, label1); -+ label2 = gen_new_label(); - if (mod == 3) { -- label2 = gen_new_label(); - gen_op_mov_reg_v(ot, R_EAX, t0); - tcg_gen_br(label2); - gen_set_label(label1); - gen_op_mov_reg_v(ot, rm, t1); -- gen_set_label(label2); - } else { -- tcg_gen_mov_tl(t1, t0); -+ /* perform no-op store cycle like physical cpu; must be -+ before changing accumulator to ensure idempotency if -+ the store faults and the instruction is restarted -+ */ -+ gen_op_st_v(ot + s->mem_index, t0, a0); - gen_op_mov_reg_v(ot, R_EAX, t0); -+ tcg_gen_br(label2); - gen_set_label(label1); -- /* always store */ - gen_op_st_v(ot + s->mem_index, t1, a0); - } -+ gen_set_label(label2); - tcg_gen_mov_tl(cpu_cc_src, t0); - tcg_gen_mov_tl(cpu_cc_dst, t2); - s->cc_op = CC_OP_SUBB + ot; -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
