diff options
Diffstat (limited to 'emulators/qemu')
-rw-r--r-- | emulators/qemu/Makefile | 2 | ||||
-rw-r--r-- | emulators/qemu/files/patch-CVE-2008-2004 | 56 |
2 files changed, 57 insertions, 1 deletions
diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile index c56ac93b5fa4..42b4874cfcc2 100644 --- a/emulators/qemu/Makefile +++ b/emulators/qemu/Makefile @@ -7,7 +7,7 @@ PORTNAME= qemu PORTVERSION= 0.9.1 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= emulators MASTER_SITES= http://fabrice.bellard.free.fr/qemu/:release \ http://qemu.org/:release \ diff --git a/emulators/qemu/files/patch-CVE-2008-2004 b/emulators/qemu/files/patch-CVE-2008-2004 new file mode 100644 index 000000000000..6b767fba39b3 --- /dev/null +++ b/emulators/qemu/files/patch-CVE-2008-2004 @@ -0,0 +1,56 @@ +Index: qemu/vl.c +@@ -4886,13 +4886,14 @@ + int bus_id, unit_id; + int cyls, heads, secs, translation; + BlockDriverState *bdrv; ++ BlockDriver *drv = NULL; + int max_devs; + int index; + int cache; + int bdrv_flags; + char *params[] = { "bus", "unit", "if", "index", "cyls", "heads", + "secs", "trans", "media", "snapshot", "file", +- "cache", NULL }; ++ "cache", "format", NULL }; + + if (check_params(buf, sizeof(buf), params, str) < 0) { + fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n", +@@ -5060,6 +5061,14 @@ + } + } + ++ if (get_param_value(buf, sizeof(buf), "format", str)) { ++ drv = bdrv_find_format(buf); ++ if (!drv) { ++ fprintf(stderr, "qemu: '%s' invalid format\n", buf); ++ return -1; ++ } ++ } ++ + get_param_value(file, sizeof(file), "file", str); + + /* compute bus and unit according index */ +@@ -5159,7 +5168,7 @@ + bdrv_flags |= BDRV_O_SNAPSHOT; + if (!cache) + bdrv_flags |= BDRV_O_DIRECT; +- if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) { ++ if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) { + fprintf(stderr, "qemu: could not open disk image %s\n", + file); + return -1; +Index: qemu/qemu-doc.texi +=================================================================== +--- qemu-doc.texi (revision 4276) ++++ qemu-doc.texi (revision 4277) +@@ -261,6 +261,10 @@ + @var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}). + @item cache=@var{cache} + @var{cache} is "on" or "off" and allows to disable host cache to access data. ++@item format=@var{format} ++Specify which disk @var{format} will be used rather than detecting ++the format. Can be used to specifiy format=raw to avoid interpreting ++an untrusted format header. + @end table + + Instead of @option{-cdrom} you can use: |