aboutsummaryrefslogtreecommitdiff
path: root/emulators/qemu
diff options
context:
space:
mode:
Diffstat (limited to 'emulators/qemu')
-rw-r--r--emulators/qemu/Makefile2
-rw-r--r--emulators/qemu/files/patch-CVE-2008-200456
2 files changed, 57 insertions, 1 deletions
diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile
index c56ac93b5fa4..42b4874cfcc2 100644
--- a/emulators/qemu/Makefile
+++ b/emulators/qemu/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.1
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= emulators
MASTER_SITES= http://fabrice.bellard.free.fr/qemu/:release \
http://qemu.org/:release \
diff --git a/emulators/qemu/files/patch-CVE-2008-2004 b/emulators/qemu/files/patch-CVE-2008-2004
new file mode 100644
index 000000000000..6b767fba39b3
--- /dev/null
+++ b/emulators/qemu/files/patch-CVE-2008-2004
@@ -0,0 +1,56 @@
+Index: qemu/vl.c
+@@ -4886,13 +4886,14 @@
+ int bus_id, unit_id;
+ int cyls, heads, secs, translation;
+ BlockDriverState *bdrv;
++ BlockDriver *drv = NULL;
+ int max_devs;
+ int index;
+ int cache;
+ int bdrv_flags;
+ char *params[] = { "bus", "unit", "if", "index", "cyls", "heads",
+ "secs", "trans", "media", "snapshot", "file",
+- "cache", NULL };
++ "cache", "format", NULL };
+
+ if (check_params(buf, sizeof(buf), params, str) < 0) {
+ fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n",
+@@ -5060,6 +5061,14 @@
+ }
+ }
+
++ if (get_param_value(buf, sizeof(buf), "format", str)) {
++ drv = bdrv_find_format(buf);
++ if (!drv) {
++ fprintf(stderr, "qemu: '%s' invalid format\n", buf);
++ return -1;
++ }
++ }
++
+ get_param_value(file, sizeof(file), "file", str);
+
+ /* compute bus and unit according index */
+@@ -5159,7 +5168,7 @@
+ bdrv_flags |= BDRV_O_SNAPSHOT;
+ if (!cache)
+ bdrv_flags |= BDRV_O_DIRECT;
+- if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) {
++ if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) {
+ fprintf(stderr, "qemu: could not open disk image %s\n",
+ file);
+ return -1;
+Index: qemu/qemu-doc.texi
+===================================================================
+--- qemu-doc.texi (revision 4276)
++++ qemu-doc.texi (revision 4277)
+@@ -261,6 +261,10 @@
+ @var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}).
+ @item cache=@var{cache}
+ @var{cache} is "on" or "off" and allows to disable host cache to access data.
++@item format=@var{format}
++Specify which disk @var{format} will be used rather than detecting
++the format. Can be used to specifiy format=raw to avoid interpreting
++an untrusted format header.
+ @end table
+
+ Instead of @option{-cdrom} you can use: