QEMU update to 2.4.0

- remove patch files accepted and merge upstream - Add new vgabios-virtio
svn path=/head/; revision=395861
2025-01-05 06:27:37 +00:00 · 2015-09-02 16:12:36 +00:00 · 2015-09-02 16:12:36 +00:00 · a1606ef670 · 2021-03-31 03:12:20 +00:00
commit a1606ef670
parent 60886023c9
8 changed files with 5 additions and 203 deletions
--- a/emulators/qemu-devel/Makefile
+++ b/emulators/qemu-devel/Makefile
@ -2,8 +2,7 @@
 # $FreeBSD$

 PORTNAME=	qemu
-PORTVERSION=	2.3.0
-PORTREVISION=	2
+PORTVERSION=	2.4.0
 CATEGORIES=	emulators
 MASTER_SITES=	http://wiki.qemu.org/download/:release \
 		LOCAL/nox:snapshot
@ -119,7 +118,7 @@ CONFIGURE_ARGS+=	--prefix=${PREFIX} --cc=${CC} --enable-docs \
 	--smbd=${LOCALBASE}/sbin/smbd \
 	--enable-debug \
 	--enable-debug-info \
-	--extra-cflags=-I${WRKSRC}\ -I${LOCALBASE}/include\ -DPREFIX=\\\"${PREFIX}\\\"
+	--extra-cflags=-I${WRKSRC}\ -I${LOCALBASE}/include\ -DPREFIX=\\\"\"${PREFIX}\\\"\"

 .if empty(PORT_OPTIONS:MX11)
 CONFIGURE_ARGS+=	--disable-sdl
@ -277,8 +276,6 @@ post-install:
 .endif
 	${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifup.sample ${STAGEDIR}${PREFIX}/etc
 	${INSTALL_SCRIPT} ${FILESDIR}/qemu-ifdown.sample ${STAGEDIR}${PREFIX}/etc
-	@(cd ${STAGEDIR}${PREFIX}/etc/qemu && \
-		${MV} -i target-x86_64.conf target-x86_64.conf.sample)
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/qemu-*
 .endif

--- a/emulators/qemu-devel/distinfo
+++ b/emulators/qemu-devel/distinfo
@ -1,2 +1,2 @@
-SHA256 (qemu/2.3.0/qemu-2.3.0.tar.bz2) = b6bab7f763d5be73e7cb5ee7d4c8365b7a8df2972c52fa5ded18893bd8281588
-SIZE (qemu/2.3.0/qemu-2.3.0.tar.bz2) = 24683085
+SHA256 (qemu/2.4.0/qemu-2.4.0.tar.bz2) = 72b0b991bbcc540663a019e1e8c4f714053b691dda32c9b9ee80b25f367e6620
+SIZE (qemu/2.4.0/qemu-2.4.0.tar.bz2) = 25070979
--- a/emulators/qemu-devel/files/patch-90_security
+++ b/emulators/qemu-devel/files/patch-90_security
@ -1,30 +0,0 @@
-Index: qemu/hw/dma/i8257.c
-@@ -344,9 +344,11 @@ static void channel_run (int ncont, int 
-     }
- #endif
- 
-    n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
-                             r->now[COUNT], (r->base[COUNT] + 1) << ncont);
-    r->now[COUNT] = n;
-+    if (r->transfer_handler) {
-+        n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
-+                                 r->now[COUNT], (r->base[COUNT] + 1) << ncont);
-+        r->now[COUNT] = n;
-+    }
-     ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
- }
- 
-Index: qemu-0.8.2/hw/audio/sb16.c
-@@ -1235,8 +1235,10 @@ static int SB_read_DMA (void *opaque, in
-             s->block_size);
- #endif
- 
-    while (s->left_till_irq <= 0) {
-        s->left_till_irq = s->block_size + s->left_till_irq;
-+    if (s->block_size) {
-+        while (s->left_till_irq <= 0) {
-+            s->left_till_irq = s->block_size + s->left_till_irq;
-+        }
-     }
- 
-     return dma_pos;
--- a/emulators/qemu-devel/files/patch-CVE-2015-3209
+++ b/emulators/qemu-devel/files/patch-CVE-2015-3209
@ -1,45 +0,0 @@
-From 2630672ab22255de252f877709851c0557a1c647 Mon Sep 17 00:00:00 2001
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Sun, 24 May 2015 10:53:44 +0200
-Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx
-
-4096 is the maximum length per TMD and it is also currently the size of
-the relay buffer pcnet driver uses for sending the packet data to QEMU
-for further processing. With packet spanning multiple TMDs it can
-happen that the overall packet size will be bigger than sizeof(buffer),
-which results in memory corruption.
-
-Fix this by only allowing to queue maximum sizeof(buffer) bytes.
-
-This is CVE-2015-3209.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-Reported-by: Matt Tait <matttait@google.com>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
---
- hw/net/pcnet.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
-index bdfd38f..6d32e4c 100644
--- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
-         }
-
-         bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
-+
-+        /* if multi-tmd packet outsizes s->buffer then skip it silently.
-+           Note: this is not what real hw does */
-+        if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
-+           s->xmit_pos = -1;
-+           goto txdone;
-+        }
-+
-         s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
-                          s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
-         s->xmit_pos += bcnt;
-- 
-2.1.0
-
--- a/emulators/qemu-devel/files/patch-CVE-2015-3456
+++ b/emulators/qemu-devel/files/patch-CVE-2015-3456
@ -1,84 +0,0 @@
-From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Wed, 6 May 2015 09:48:59 +0200
-Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
-
-During processing of certain commands such as FD_CMD_READ_ID and
-FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
-get out of bounds leading to memory corruption with values coming
-from the guest.
-
-Fix this by making sure that the index is always bounded by the
-allocated memory.
-
-This is CVE-2015-3456.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
---
- hw/block/fdc.c |   17 +++++++++++------
- 1 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c
-index f72a392..d8a8edd 100644
--- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- {
-     FDrive *cur_drv;
-     uint32_t retval = 0;
-    int pos;
-+    uint32_t pos;
- 
-     cur_drv = get_cur_drv(fdctrl);
-     fdctrl->dsr &= ~FD_DSR_PWRDOWN;
-@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
-         return 0;
-     }
-     pos = fdctrl->data_pos;
-+    pos %= FD_SECTOR_LEN;
-     if (fdctrl->msr & FD_MSR_NONDMA) {
-        pos %= FD_SECTOR_LEN;
-         if (pos == 0) {
-             if (fdctrl->data_pos != 0)
-                 if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
-@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
- {
-     FDrive *cur_drv = get_cur_drv(fdctrl);
-+    uint32_t pos;
- 
-    if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
-+    pos = fdctrl->data_pos - 1;
-+    pos %= FD_SECTOR_LEN;
-+    if (fdctrl->fifo[pos] & 0x80) {
-         /* Command parameters done */
-        if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
-+        if (fdctrl->fifo[pos] & 0x40) {
-             fdctrl->fifo[0] = fdctrl->fifo[1];
-             fdctrl->fifo[2] = 0;
-             fdctrl->fifo[3] = 0;
-@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- {
-     FDrive *cur_drv;
-    int pos;
-+    uint32_t pos;
- 
-     /* Reset mode */
-     if (!(fdctrl->dor & FD_DOR_nRESET)) {
-@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
-     }
- 
-     FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
-    fdctrl->fifo[fdctrl->data_pos++] = value;
-+    pos = fdctrl->data_pos++;
-+    pos %= FD_SECTOR_LEN;
-+    fdctrl->fifo[pos] = value;
-     if (fdctrl->data_pos == fdctrl->data_len) {
-         /* We now have all parameters
-          * and will be able to treat the command
-- 
-1.7.0.4
-
--- a/emulators/qemu-devel/files/patch-include-qemu-aes.h
+++ b/emulators/qemu-devel/files/patch-include-qemu-aes.h
@ -1,18 +0,0 @@
--- a/include/qemu/aes.h
-+++ b/include/qemu/aes.h
-@@ -10,6 +10,15 @@ struct aes_key_st {
- };
- typedef struct aes_key_st AES_KEY;
- 
-+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts */
-+#ifdef __FreeBSD__
-+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
-+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
-+#define AES_encrypt QEMU_AES_encrypt
-+#define AES_decrypt QEMU_AES_decrypt
-+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt
-+#endif
-+
- int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- 	AES_KEY *key);
- int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
--- a/emulators/qemu-devel/files/patch-tapclose
+++ b/emulators/qemu-devel/files/patch-tapclose
@ -1,18 +0,0 @@
-Index: qemu/net/tap.c
-@@ -286,12 +286,13 @@ static void tap_cleanup(NetClientState *
- 
-     qemu_purge_queued_packets(nc);
- 
-    if (s->down_script[0])
-        launch_script(s->down_script, s->down_script_arg, s->fd);
-
-     tap_read_poll(s, false);
-     tap_write_poll(s, false);
-     close(s->fd);
-+
-+    if (s->down_script[0])
-+        launch_script(s->down_script, s->down_script_arg, s->fd);
-+
-     s->fd = -1;
- }
- 
--- a/emulators/qemu-devel/pkg-plist
+++ b/emulators/qemu-devel/pkg-plist
@ -44,7 +44,6 @@
 %%SOFTMMU%%man/man8/qemu-nbd.8.gz
 %%SOFTMMU%%@sample etc/qemu-ifup.sample
 %%SOFTMMU%%@sample etc/qemu-ifdown.sample
-%%SOFTMMU%%@sample etc/qemu/target-x86_64.conf.sample
 %%SOFTMMU%%%%DATADIR%%/QEMU,tcx.bin
 %%SOFTMMU%%%%DATADIR%%/QEMU,cgthree.bin
 %%SOFTMMU%%%%DATADIR%%/acpi-dsdt.aml
@ -62,6 +61,7 @@
 %%SOFTMMU%%%%DATADIR%%/vgabios-cirrus.bin
 %%SOFTMMU%%%%DATADIR%%/vgabios-qxl.bin
 %%SOFTMMU%%%%DATADIR%%/vgabios-stdvga.bin
+%%SOFTMMU%%%%DATADIR%%/vgabios-virtio.bin
 %%SOFTMMU%%%%DATADIR%%/vgabios-vmware.bin
 %%SOFTMMU%%%%DATADIR%%/palcode-clipper
 %%SOFTMMU%%%%DATADIR%%/ppc_rom.bin