- Update to 2008-03-02 snapshot [1]

- Fix unchecked block read/write vulnerability [2] Submitted by: nox [1] Obtained from: qemu cvs [2] Security: http://www.vuxml.org/freebsd/9cfbca7f-efb7-11dc-be01-0211060005df.html
author: Juergen Lock <nox@FreeBSD.org> 2008-03-11 23:34:14 +0000
committer: Juergen Lock <nox@FreeBSD.org> 2008-03-11 23:34:14 +0000
commit: cf1bcdae1c1c5616cbea6ab4e3569cbbaeff4bf7 (patch)
tree: 4008eebb14731e300053ac880e1c21209ad9f51b /emulators/qemu-devel
parent: - Fix typo (unclosed double-quote) (diff)
18 files changed, 335 insertions, 338 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile
index 1d7b1e516788..3ef8855a029d 100644
--- a/emulators/qemu-devel/Makefile
+++ b/emulators/qemu-devel/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	qemu
-PORTVERSION=	0.9.0s.20070802
-PORTREVISION=	1
+PORTVERSION=	0.9.1s.20080302
 CATEGORIES=	emulators
 MASTER_SITES=	http://qemu.org/:release \
 		http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
@@ -16,7 +15,7 @@ MASTER_SITES=	http://qemu.org/:release \
 		http://people.brandeis.edu/~jcoiner/qemu_idedma/:idedma \
 		http://people.freebsd.org/~maho/qemu/:misc
 PKGNAMESUFFIX=	-devel
-DISTNAME=	${PORTNAME}-snapshot-2007-08-02_05
+DISTNAME=	${PORTNAME}-snapshot-2008-03-02_05
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:snapshot
 DIST_SUBDIR=	qemu
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
@@ -30,23 +29,29 @@ USE_GMAKE=	yes
 USE_GETOPT_LONG=	yes
 USE_PERL5=	yes
 USE_GCC=	3.4
-PATCH_STRIP=	-p1
+PATCH_STRIP=	-lp1
 MAKE_ENV+=	BSD_MAKE="${MAKE}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
 MAN1=		qemu.1 qemu-img.1
 ONLY_FOR_ARCHS=	amd64 i386
 CONFLICTS=	qemu-[0-9]*
 
 OPTIONS=	KQEMU "Build with (alpha!) accelerator module" Off \
-		HACKS_CIRRUS "Large display speedup (buggy!)" Off \
 		RTL8139_TIMER "allow use of re(4) nic with FreeBSD guests" Off \
 		SAMBA "samba dependency (for -smb)" Off \
 		SDL "SDL/X dependency (graphical output)" On \
+		GNUTLS "gnutls dependency (vnc encryption)" On \
 		CDROM_DMA "IDE CDROM DMA" On
 
 .include <bsd.port.pre.mk>
 
+.if ${OSVERSION} < 600000
+# 5.x base gcc segfaults in target-mips/op_mem.c
+BUILD_DEPENDS+=	gcc34:${PORTSDIR}/lang/gcc34
+CC=	gcc34
+.endif
+
 WITHOUT_CPU_CFLAGS=yes	#to avoid problems with register allocation
-CFLAGS:=        ${CFLAGS:C/-fno-tree-vrp//}
+CFLAGS:=	${CFLAGS:C/-fno-tree-vrp//}
 CONFIGURE_ARGS+=	--prefix=${PREFIX} --cc=${CC}
 
 .if defined(WITHOUT_SDL)
@@ -55,6 +60,12 @@ CONFIGURE_ARGS+=	--disable-sdl --disable-gfx-check
 USE_SDL=	sdl
 .endif
 
+.if defined(WITHOUT_GNUTLS)
+CONFIGURE_ARGS+=	--disable-vnc-tls
+.else
+LIB_DEPENDS+=	gnutls:${PORTSDIR}/security/gnutls
+.endif
+
 .if defined (WITH_HACKS_CIRRUS) || defined (WITH_HACKS)
 DISTFILES+=	patch3_cirrus:misc
 .endif
@@ -65,7 +76,6 @@ RUN_DEPENDS+=	${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba3
 
 .if defined(WITH_KQEMU)
 BUILD_DEPENDS+=	kqemu-kmod>=1.3.0pre5:${PORTSDIR}/emulators/kqemu-kmod
-CONFIGURE_ARGS+=	--enable-kqemu
 .else
 CONFIGURE_ARGS+=	--disable-kqemu
 .endif
@@ -91,9 +101,6 @@ pre-patch:
 	done
 
 post-patch:
-.if defined(WITH_HACKS_CIRRUS) || defined (WITH_HACKS)
-	@cd ${WRKSRC} ; ${PATCH} --quiet < ${DISTDIR}/${DIST_SUBDIR}/patch3_cirrus
-.endif
 .if defined(WITH_RTL8139_TIMER)
 	@cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/rtl8139-re-patch
 .endif
diff --git a/emulators/qemu-devel/distinfo b/emulators/qemu-devel/distinfo
index 5cd7bc21eced..dd36f964e116 100644
--- a/emulators/qemu-devel/distinfo
+++ b/emulators/qemu-devel/distinfo
@@ -1,6 +1,3 @@
-MD5 (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = 35332948d2a3647c4b29b27c9fc9b5a5
-SHA256 (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = b3931bf1d3787cf854b2687bd8bd568aba1d5bb2fde798189a56935cb502cd56
-SIZE (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = 2054955
-MD5 (qemu/patch3_cirrus) = ebe7ed9fce804c49e024bc93bfdfc810
-SHA256 (qemu/patch3_cirrus) = e862371834b7d895a896fbdb84fd9f70d17b5729a6f6789a48a61504fc941e11
-SIZE (qemu/patch3_cirrus) = 8817
+MD5 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 832923647bb52f1f0408a707e98479ca
+SHA256 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = d4159530d7f6b7261a16346b013f303cfa703403e749ca49ce003ef61d7eaff1
+SIZE (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 2394602
diff --git a/emulators/qemu-devel/files/patch-90_security b/emulators/qemu-devel/files/patch-90_security
index d7325507b557..8de4cb5949f3 100644
--- a/emulators/qemu-devel/files/patch-90_security
+++ b/emulators/qemu-devel/files/patch-90_security
@@ -35,7 +35,7 @@ Index: qemu-0.8.2/hw/cirrus_vga.c
  
 -    dst = s->vram_ptr + s->cirrus_blt_dstaddr;
 +    dst = s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
-+    
++ 
 +    if (BLTUNSAFE(s))
 +        return 0;
 +
@@ -163,22 +163,17 @@ Index: qemu-0.8.2/hw/dma.c
  }
  
 Index: qemu-0.8.2/hw/fdc.c
-===================================================================
---- qemu-0.8.2.orig/hw/fdc.c	2006-07-22 20:23:34.000000000 +0300
-+++ qemu-0.8.2/hw/fdc.c	2007-04-20 06:05:59.000000000 +0300
-@@ -1110,8 +1110,13 @@ static uint32_t fdctrl_read_data (fdctrl
+@@ -1247,7 +1247,12 @@
              len = fdctrl->data_len - fdctrl->data_pos;
              if (len > FD_SECTOR_LEN)
                  len = FD_SECTOR_LEN;
--            bdrv_read(cur_drv->bs, fd_sector(cur_drv),
--                      fdctrl->fifo, len);
+-            bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
 +            if (cur_drv->bs) {
-+                bdrv_read(cur_drv->bs, fd_sector(cur_drv),
-+                          fdctrl->fifo, len);
++                bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
 +            } else {
 +                FLOPPY_ERROR("can't read data from drive\n");
 +                return 0;
-+            }
++           }
          }
      }
      retval = fdctrl->fifo[pos];
diff --git a/emulators/qemu-devel/files/patch-CVE-2008-0928 b/emulators/qemu-devel/files/patch-CVE-2008-0928
new file mode 100644
index 000000000000..e0d4a7d9b783
--- /dev/null
+++ b/emulators/qemu-devel/files/patch-CVE-2008-0928
@@ -0,0 +1,242 @@
+Index: qemu/block-qcow.c
+===================================================================
+RCS file: /sources/qemu/qemu/block-qcow.c,v
+retrieving revision 1.15
+retrieving revision 1.16
+diff -u -p -u -p -r1.15 -r1.16
+--- block-qcow.c	11 Nov 2007 02:51:16 -0000	1.15
++++ block-qcow.c	11 Mar 2008 17:17:58 -0000	1.16
+@@ -95,7 +95,7 @@ static int qcow_open(BlockDriverState *b
+     int len, i, shift, ret;
+     QCowHeader header;
+ 
+-    ret = bdrv_file_open(&s->hd, filename, flags);
++    ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
+     if (ret < 0)
+         return ret;
+     if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))
+Index: qemu/block-qcow2.c
+===================================================================
+RCS file: /sources/qemu/qemu/block-qcow2.c,v
+retrieving revision 1.10
+retrieving revision 1.11
+diff -u -p -u -p -r1.10 -r1.11
+--- block-qcow2.c	11 Nov 2007 02:51:16 -0000	1.10
++++ block-qcow2.c	11 Mar 2008 17:17:58 -0000	1.11
+@@ -191,7 +191,7 @@ static int qcow_open(BlockDriverState *b
+     int len, i, shift, ret;
+     QCowHeader header;
+ 
+-    ret = bdrv_file_open(&s->hd, filename, flags);
++    ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
+     if (ret < 0)
+         return ret;
+     if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))
+Index: qemu/block-vmdk.c
+===================================================================
+RCS file: /sources/qemu/qemu/block-vmdk.c,v
+retrieving revision 1.19
+retrieving revision 1.20
+diff -u -p -u -p -r1.19 -r1.20
+--- block-vmdk.c	14 Jan 2008 03:48:37 -0000	1.19
++++ block-vmdk.c	11 Mar 2008 17:17:58 -0000	1.20
+@@ -378,7 +378,7 @@ static int vmdk_open(BlockDriverState *b
+         flags = BDRV_O_RDONLY;
+     fprintf(stderr, "(VMDK) image open: flags=0x%x filename=%s\n", flags, bs->filename);
+ 
+-    ret = bdrv_file_open(&s->hd, filename, flags);
++    ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
+     if (ret < 0)
+         return ret;
+     if (bdrv_pread(s->hd, 0, &magic, sizeof(magic)) != sizeof(magic))
+Index: qemu/block.c
+===================================================================
+RCS file: /sources/qemu/qemu/block.c,v
+retrieving revision 1.54
+retrieving revision 1.55
+diff -u -p -u -p -r1.54 -r1.55
+--- block.c	10 Mar 2008 00:05:34 -0000	1.54
++++ block.c	11 Mar 2008 17:17:58 -0000	1.55
+@@ -123,6 +123,60 @@ void path_combine(char *dest, int dest_s
+     }
+ }
+ 
++static int bdrv_rd_badreq_sectors(BlockDriverState *bs,
++                                  int64_t sector_num, int nb_sectors)
++{
++    return
++        nb_sectors < 0 ||
++        sector_num < 0 ||
++        nb_sectors > bs->total_sectors ||
++        sector_num > bs->total_sectors - nb_sectors;
++}
++
++static int bdrv_rd_badreq_bytes(BlockDriverState *bs,
++                                int64_t offset, int count)
++{
++    int64_t size = bs->total_sectors << SECTOR_BITS;
++    return
++        count < 0 ||
++        size < 0 ||
++        count > size ||
++        offset > size - count;
++}
++
++static int bdrv_wr_badreq_sectors(BlockDriverState *bs,
++                                  int64_t sector_num, int nb_sectors)
++{
++    if (sector_num < 0 ||
++        nb_sectors < 0)
++        return 1;
++
++    if (sector_num > bs->total_sectors - nb_sectors) {
++        if (bs->autogrow)
++            bs->total_sectors = sector_num + nb_sectors;
++        else
++            return 1;
++    }
++    return 0;
++}
++
++static int bdrv_wr_badreq_bytes(BlockDriverState *bs,
++                                int64_t offset, int count)
++{
++    int64_t size = bs->total_sectors << SECTOR_BITS;
++    if (count < 0 ||
++        offset < 0)
++        return 1;
++
++    if (offset > size - count) {
++        if (bs->autogrow)
++            bs->total_sectors = (offset + count + SECTOR_SIZE - 1) >> SECTOR_BITS;
++        else
++            return 1;
++    }
++    return 0;
++}
++
+ 
+ static void bdrv_register(BlockDriver *bdrv)
+ {
+@@ -335,6 +389,10 @@ int bdrv_open2(BlockDriverState *bs, con
+     bs->read_only = 0;
+     bs->is_temporary = 0;
+     bs->encrypted = 0;
++    bs->autogrow = 0;
++
++    if (flags & BDRV_O_AUTOGROW)
++        bs->autogrow = 1;
+ 
+     if (flags & BDRV_O_SNAPSHOT) {
+         BlockDriverState *bs1;
+@@ -379,6 +437,7 @@ int bdrv_open2(BlockDriverState *bs, con
+     }
+     bs->drv = drv;
+     bs->opaque = qemu_mallocz(drv->instance_size);
++    bs->total_sectors = 0; /* driver will set if it does not do getlength */
+     if (bs->opaque == NULL && drv->instance_size > 0)
+         return -1;
+     /* Note: for compatibility, we open disk image files as RDWR, and
+@@ -444,6 +503,7 @@ void bdrv_close(BlockDriverState *bs)
+         bs->drv = NULL;
+ 
+         /* call the change callback */
++        bs->total_sectors = 0;
+         bs->media_changed = 1;
+         if (bs->change_cb)
+             bs->change_cb(bs->change_opaque);
+@@ -509,6 +569,8 @@ int bdrv_read(BlockDriverState *bs, int6
+     if (!drv)
+         return -ENOMEDIUM;
+ 
++    if (bdrv_rd_badreq_sectors(bs, sector_num, nb_sectors))
++        return -EDOM;
+     if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
+             memcpy(buf, bs->boot_sector_data, 512);
+         sector_num++;
+@@ -549,6 +611,8 @@ int bdrv_write(BlockDriverState *bs, int
+         return -ENOMEDIUM;
+     if (bs->read_only)
+         return -EACCES;
++    if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
++        return -EDOM;
+     if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
+         memcpy(bs->boot_sector_data, buf, 512);
+     }
+@@ -674,6 +738,8 @@ int bdrv_pread(BlockDriverState *bs, int
+         return -ENOMEDIUM;
+     if (!drv->bdrv_pread)
+         return bdrv_pread_em(bs, offset, buf1, count1);
++    if (bdrv_rd_badreq_bytes(bs, offset, count1))
++        return -EDOM;
+     return drv->bdrv_pread(bs, offset, buf1, count1);
+ }
+ 
+@@ -689,6 +755,8 @@ int bdrv_pwrite(BlockDriverState *bs, in
+         return -ENOMEDIUM;
+     if (!drv->bdrv_pwrite)
+         return bdrv_pwrite_em(bs, offset, buf1, count1);
++    if (bdrv_wr_badreq_bytes(bs, offset, count1))
++        return -EDOM;
+     return drv->bdrv_pwrite(bs, offset, buf1, count1);
+ }
+ 
+@@ -955,6 +1023,8 @@ int bdrv_write_compressed(BlockDriverSta
+         return -ENOMEDIUM;
+     if (!drv->bdrv_write_compressed)
+         return -ENOTSUP;
++    if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
++        return -EDOM;
+     return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
+ }
+ 
+@@ -1101,6 +1171,8 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDri
+ 
+     if (!drv)
+         return NULL;
++    if (bdrv_rd_badreq_sectors(bs, sector_num, nb_sectors))
++        return NULL;
+ 
+     /* XXX: we assume that nb_sectors == 0 is suppored by the async read */
+     if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
+@@ -1132,6 +1204,8 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDr
+         return NULL;
+     if (bs->read_only)
+         return NULL;
++    if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
++        return NULL;
+     if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
+         memcpy(bs->boot_sector_data, buf, 512);
+     }
+Index: qemu/block.h
+===================================================================
+RCS file: /sources/qemu/qemu/block.h,v
+retrieving revision 1.6
+retrieving revision 1.7
+diff -u -p -u -p -r1.6 -r1.7
+--- block.h	24 Dec 2007 16:10:43 -0000	1.6
++++ block.h	11 Mar 2008 17:17:59 -0000	1.7
+@@ -45,6 +45,7 @@ typedef struct QEMUSnapshotInfo {
+                                      it (default for
+                                      bdrv_file_open()) */
+ #define BDRV_O_DIRECT      0x0020
++#define BDRV_O_AUTOGROW    0x0040 /* Allow backing file to extend when writing past end of file */
+ 
+ #ifndef QEMU_IMG
+ void bdrv_info(void);
+Index: qemu/block_int.h
+===================================================================
+RCS file: /sources/qemu/qemu/block_int.h,v
+retrieving revision 1.16
+retrieving revision 1.17
+diff -u -p -u -p -r1.16 -r1.17
+--- block_int.h	24 Dec 2007 16:10:43 -0000	1.16
++++ block_int.h	11 Mar 2008 17:17:59 -0000	1.17
+@@ -97,6 +97,7 @@ struct BlockDriverState {
+     int locked;    /* if true, the media cannot temporarily be ejected */
+     int encrypted; /* if true, the media is encrypted */
+     int sg;        /* if true, the device is a /dev/sg* */
++    int autogrow;  /* if true, the backing store can auto-extend to allocate new extents */
+     /* event callback when inserting/removing */
+     void (*change_cb)(void *opaque);
+     void *change_opaque;
diff --git a/emulators/qemu-devel/files/patch-PRId64 b/emulators/qemu-devel/files/patch-PRId64
deleted file mode 100644
index 3d559d3be61b..000000000000
--- a/emulators/qemu-devel/files/patch-PRId64
+++ /dev/null
@@ -1,113 +0,0 @@
-Index: qemu/vl.h
-@@ -30,6 +30,12 @@
- #include <stdarg.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- #include <limits.h>
- #include <time.h>
- #include <ctype.h>
-Index: qemu/dis-asm.h
-@@ -13,6 +13,12 @@
- #include <stdio.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- 
- #define PARAMS(x) x
- typedef void *PTR;
-Index: qemu/kqemu.c
-@@ -33,6 +33,12 @@
- #include <errno.h>
- #include <unistd.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- 
- #include "cpu.h"
- #include "exec-all.h"
-Index: qemu/translate-all.c
-@@ -22,6 +22,12 @@
- #include <stdio.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- 
- #include "config.h"
- 
-Index: qemu/target-i386/helper.c
-@@ -21,6 +21,13 @@
- 
- //#define DEBUG_PCALL
- 
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
-+
- #if 0
- #define raise_exception_err(a, b)\
- do {\
-Index: qemu/target-i386/helper2.c
-@@ -22,6 +22,12 @@
- #include <stdio.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- #include <signal.h>
- #include <assert.h>
- 
-Index: qemu/target-ppc/translate.c
-@@ -22,6 +22,12 @@
- #include <stdio.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- 
- #include "cpu.h"
- #include "exec-all.h"
-Index: qemu/target-sparc/helper.c
-@@ -22,6 +22,12 @@
- #include <stdio.h>
- #include <string.h>
- #include <inttypes.h>
-+#ifndef PRId64
-+#define	PRId64	"lld"	/* int64_t */
-+#define	PRIo64	"llo"	/* int64_t */
-+#define	PRIx64	"llx"	/* int64_t */
-+#define	PRIu64	"llu"	/* int64_t */
-+#endif
- #include <signal.h>
- #include <assert.h>
- 
diff --git a/emulators/qemu-devel/files/patch-bg b/emulators/qemu-devel/files/patch-bg
index d93e26741ce8..eaa753d13cb4 100644
--- a/emulators/qemu-devel/files/patch-bg
+++ b/emulators/qemu-devel/files/patch-bg
@@ -9,11 +9,11 @@ Index: qemu/Makefile.target
  ifndef CONFIG_USER_ONLY
  LIBS+=-lz
 Index: qemu/vl.c
-@@ -89,10 +89,12 @@
- #include "exec-all.h"
+@@ -133,10 +133,12 @@
  
  #define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
-+#ifndef SMBD_COMMAND
+ #define DEFAULT_NETWORK_DOWN_SCRIPT "/etc/qemu-ifdown"
++#ifndef SMBD_COMMAND 
  #ifdef __sun__
  #define SMBD_COMMAND "/usr/sfw/sbin/smbd"
  #else
diff --git a/emulators/qemu-devel/files/patch-bk b/emulators/qemu-devel/files/patch-bk
index 09281f31aef2..07ddb13c2629 100644
--- a/emulators/qemu-devel/files/patch-bk
+++ b/emulators/qemu-devel/files/patch-bk
@@ -97,7 +97,7 @@ Index: qemu/slirp/bootp.c
 -    dprintf("bootp packet op=%d msgtype=%d\n", bp->bp_op, dhcp_msg_type);
 +    dhcp_decode(bp->bp_vend, DHCP_OPT_LEN, &dhcp_msg_type,&reqaddr);
 +    dprintf("bootp packet op=%d msgtype=%d reqaddr=%x\n", bp->bp_op, dhcp_msg_type,ntohl(reqaddr.sin_addr.s_addr));
-     
+  
      if (dhcp_msg_type == 0)
          dhcp_msg_type = DHCPREQUEST; /* Force reply for old BOOTP clients */
 @@ -152,21 +185,18 @@
@@ -122,14 +122,14 @@ Index: qemu/slirp/bootp.c
 +    bc=NULL;
 +    daddr.sin_addr.s_addr=htonl(0L);
 +    if (dhcp_msg_type == DHCPREQUEST) {
-+ 	   if (reqaddr.sin_addr.s_addr != htonl(0L))
-+ 		   bc = find_reqaddr(&daddr.sin_addr, &reqaddr.sin_addr, bp->bp_hwaddr);
-+ 	   else 
-+ 		   bc = find_addr(&daddr.sin_addr, bp->bp_hwaddr);
++            if (reqaddr.sin_addr.s_addr != htonl(0L))
++                    bc = find_reqaddr(&daddr.sin_addr, &reqaddr.sin_addr, bp->bp_hwaddr);
++            else 
++                    bc = find_addr(&daddr.sin_addr, bp->bp_hwaddr);
 +    }
 +    else if (dhcp_msg_type == DHCPDISCOVER) {
-+ 	   bc = find_addr(&daddr.sin_addr, bp->bp_hwaddr);
-+ 	   if (!bc)
++            bc = find_addr(&daddr.sin_addr, bp->bp_hwaddr);
++            if (!bc)
 +	       bc = get_new_addr(&daddr.sin_addr);
      }
      dprintf("offered addr=%08x\n", ntohl(daddr.sin_addr.s_addr));
@@ -165,7 +165,7 @@ Index: qemu/slirp/bootp.c
 -        *q++ = DHCPACK;
 -    }
 +    *q++ = replytype;
-         
+  
 -    if (dhcp_msg_type == DHCPDISCOVER ||
 -        dhcp_msg_type == DHCPREQUEST) {
 +    if ((dhcp_msg_type == DHCPDISCOVER ||
diff --git a/emulators/qemu-devel/files/patch-block-raw.c b/emulators/qemu-devel/files/patch-block-raw.c
deleted file mode 100644
index 7d68d282bdaa..000000000000
--- a/emulators/qemu-devel/files/patch-block-raw.c
+++ /dev/null
@@ -1,51 +0,0 @@
-Index: qemu/block-raw.c
-@@ -51,7 +51,10 @@
- #include <linux/cdrom.h>
- #include <linux/fd.h>
- #endif
- #ifdef __FreeBSD__
-+#include <signal.h>
-+#endif
-+#if defined(__FreeBSD__) && __FreeBSD__ > 4
- #include <sys/disk.h>
- #endif
- 
-@@ -167,9 +167,20 @@
- static int aio_sig_num = SIGUSR2;
- static RawAIOCB *first_aio; /* AIO issued */
- static int aio_initialized = 0;
-+// FreeBSD 4.x doesn't have sigwait
-+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
-+static int sigaio_dont = 0;
-+#endif
- 
- static void aio_signal_handler(int signum)
- {
-+// FreeBSD 4.x doesn't have sigwait
-+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
-+    if (sigaio_dont) {
-+	--sigaio_dont;
-+	return;
-+    }
-+#endif
- #ifndef QEMU_TOOL
-     CPUState *env = cpu_single_env;
-     if (env) {
-@@ -284,9 +295,17 @@
-     if (qemu_bh_poll())
-         return;
- #endif
-+// FreeBSD 4.x doesn't have sigwait
-+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
-+    ++sigaio_dont;
-+    do
-+	sigsuspend(&wait_oset);
-+    while (sigaio_dont);
-+#else
-     sigemptyset(&set);
-     sigaddset(&set, aio_sig_num);
-     sigwait(&set, &nb_sigs);
-+#endif
-     qemu_aio_poll();
- }
- 
diff --git a/emulators/qemu-devel/files/patch-bsdusb.patch b/emulators/qemu-devel/files/patch-bsdusb.patch
index b7cabe25d428..091161721518 100644
--- a/emulators/qemu-devel/files/patch-bsdusb.patch
+++ b/emulators/qemu-devel/files/patch-bsdusb.patch
@@ -35,16 +35,16 @@ Index: qemu/configure
  
  for target in $target_list; do
  target_dir="$target"
-Index: qemu/Makefile.target
-@@ -408,7 +408,7 @@
- VL_OBJS+= scsi-disk.o cdrom.o lsi53c895a.o
+Index: qemu/Makefile
+@@ -58,7 +58,7 @@
+ OBJS+=ssd0303.o ssd0323.o ads7846.o stellaris_input.o
+ OBJS+=scsi-disk.o cdrom.o
+ OBJS+=scsi-generic.o
+-OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
++OBJS+=usb.o usb-hub.o usb-$(HOST_USB).o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
+ OBJS+=sd.o ssi-sd.o
  
- # USB layer
--VL_OBJS+= usb.o usb-hub.o usb-linux.o usb-hid.o usb-ohci.o usb-msd.o
-+VL_OBJS+= usb.o usb-hub.o usb-$(HOST_USB).o usb-hid.o usb-ohci.o usb-msd.o
- VL_OBJS+= usb-wacom.o
- 
- # EEPROM emulation
+ ifdef CONFIG_WIN32
 Index: qemu/usb-stub.c
 @@ -0,0 +1,11 @@
 +#include "vl.h"
@@ -59,7 +59,7 @@ Index: qemu/usb-stub.c
 +    return NULL;
 +}
 Index: qemu/usb-bsd.c
-@@ -0,0 +1,600 @@
+@@ -0,0 +1,601 @@
 +/*
 + * BSD host USB redirector
 + *
@@ -86,7 +86,8 @@ Index: qemu/usb-bsd.c
 + * THE SOFTWARE.
 + */
 +
-+#include "vl.h"
++#include "qemu-common.h"
++#include "hw/usb.h"
 +
 +/* usb.h declares these */
 +#undef USB_SPEED_HIGH
diff --git a/emulators/qemu-devel/files/patch-cpu-exec.c b/emulators/qemu-devel/files/patch-cpu-exec.c
new file mode 100644
index 000000000000..3971fba6ddfc
--- /dev/null
+++ b/emulators/qemu-devel/files/patch-cpu-exec.c
@@ -0,0 +1,29 @@
+--- qemu.orig/cpu-exec.c	Mon Jan 14 11:11:02 2008
++++ qemu/cpu-exec.c	Thu Jan 17 23:03:00 2008
+@@ -449,16 +449,18 @@ int cpu_exec(CPUState *env1)
+                         (env->eflags & IF_MASK || env->hflags & HF_HIF_MASK) &&
+                         !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
+                         int intno;
+-                        svm_check_intercept(SVM_EXIT_INTR);
+                         env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
+                         intno = cpu_get_pic_interrupt(env);
+-                        if (loglevel & CPU_LOG_TB_IN_ASM) {
+-                            fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
+-                        }
+-                        do_interrupt(intno, 0, 0, 0, 1);
+-                        /* ensure that no TB jump will be modified as
+-                           the program flow was changed */
+-                        BREAK_CHAIN;
++	                     if(intno>=0) {
++                            svm_check_intercept(SVM_EXIT_INTR);
++                            if (loglevel & CPU_LOG_TB_IN_ASM) {
++                                fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
++                            }
++                            do_interrupt(intno, 0, 0, 0, 1);
++                           /* ensure that no TB jump will be modified as
++                              the program flow was changed */
++                            BREAK_CHAIN;
++                        }
+ #if !defined(CONFIG_USER_ONLY)
+                     } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
+                         (env->eflags & IF_MASK) && !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
diff --git a/emulators/qemu-devel/files/patch-fbsd b/emulators/qemu-devel/files/patch-fbsd
index 1fccf8b7cfe7..2492e0a4ea4c 100644
--- a/emulators/qemu-devel/files/patch-fbsd
+++ b/emulators/qemu-devel/files/patch-fbsd
@@ -20,17 +20,17 @@ Index: qemu/Makefile
  	rm -f *.o *.a $(TOOLS) dyngen$(EXESUF) TAGS *.pod *~ */*~
  	$(MAKE) -C tests clean
 Index: qemu/Makefile.target
-@@ -465,8 +465,8 @@
- SDL_LIBS := $(filter-out -mwindows, $(SDL_LIBS)) -mconsole
+@@ -649,8 +649,8 @@
+ main.o: CFLAGS+=-p
  endif
  
--$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a
--	$(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(VL_LIBS)
-+$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a ../bsd/libmath.a
-+	$(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(VL_LIBS) ../bsd/libmath.a
+-$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a
+-	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS)
++$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a ../bsd/libmath.a
++	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS) ../bsd/libmath.a
+ 
+ endif # !CONFIG_USER_ONLY
  
- cocoa.o: cocoa.m
- 	$(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $<
 Index: qemu/fpu/softfloat-native.c
 @@ -2,11 +2,16 @@
     context is supported */
diff --git a/emulators/qemu-devel/files/patch-fpu-softfloat-native.c b/emulators/qemu-devel/files/patch-fpu-softfloat-native.c
index 0a7f3018835c..7e2662eb7457 100644
--- a/emulators/qemu-devel/files/patch-fpu-softfloat-native.c
+++ b/emulators/qemu-devel/files/patch-fpu-softfloat-native.c
@@ -14,4 +14,4 @@ Index: qemu/fpu/softfloat-native.c
 +#endif
  }
  
- float64 float64_round_to_int( float64 a STATUS_PARAM )
-\ No newline at end of file
+ float64 float64_round_to_int( float64 a STATUS_PARAM )
diff --git a/emulators/qemu-devel/files/patch-hw-pxa2xx_gpio.c b/emulators/qemu-devel/files/patch-hw-pxa2xx_gpio.c
deleted file mode 100644
index 68dc9c54ace4..000000000000
--- a/emulators/qemu-devel/files/patch-hw-pxa2xx_gpio.c
+++ /dev/null
@@ -1,11 +0,0 @@
-Index: qemu/hw/pxa2xx_gpio.c
-@@ -152,6 +152,9 @@
-     case GPDR:		/* GPIO Pin-Direction registers */
-         return s->dir[bank];
- 
-+    case GPSR:		/* GPIO Pin-Output Set registers */
-+        return s->olevel[bank];
-+
-     case GRER:		/* GPIO Rising-Edge Detect Enable registers */
-         return s->rising[bank];
- 
diff --git a/emulators/qemu-devel/files/patch-qemu-img.c b/emulators/qemu-devel/files/patch-qemu-img.c
deleted file mode 100644
index b525b50a3bcb..000000000000
--- a/emulators/qemu-devel/files/patch-qemu-img.c
+++ /dev/null
@@ -1,10 +0,0 @@
-Index: qemu/qemu-img.c
-@@ -134,7 +134,7 @@
-            "Command syntax:\n"
-            "  create [-e] [-b base_image] [-f fmt] filename [size]\n"
-            "  commit [-f fmt] filename\n"
--           "  convert [-c] [-e] [-f fmt] filename [-O output_fmt] output_filename\n"
-+           "  convert [-c] [-e] [-f fmt] [-O output_fmt] filename output_filename\n"
-            "  info [-f fmt] filename\n"
-            "\n"
-            "Command parameters:\n"
diff --git a/emulators/qemu-devel/files/patch-qemu-img.texi b/emulators/qemu-devel/files/patch-qemu-img.texi
index 79693026dd2d..f89d1ea66664 100644
--- a/emulators/qemu-devel/files/patch-qemu-img.texi
+++ b/emulators/qemu-devel/files/patch-qemu-img.texi
@@ -1,10 +1,10 @@
 Index: qemu/qemu-img.texi
 @@ -10,7 +10,7 @@
  @table @option
- @item create [-e] [-b @var{base_image}] [-f @var{fmt}] @var{filename} [@var{size}]
+ @item create [-e] [-6] [-b @var{base_image}] [-f @var{fmt}] @var{filename} [@var{size}]
  @item commit [-f @var{fmt}] @var{filename}
--@item convert [-c] [-e] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
-+@item convert [-c] [-e] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
+-@item convert [-c] [-e] [-6] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
++@item convert [-c] [-e] [-6] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
  @item info [-f @var{fmt}] @var{filename}
  @end table
  
diff --git a/emulators/qemu-devel/files/patch-tlb-vuln b/emulators/qemu-devel/files/patch-tlb-vuln
deleted file mode 100644
index 491d88f86ca8..000000000000
--- a/emulators/qemu-devel/files/patch-tlb-vuln
+++ /dev/null
@@ -1,92 +0,0 @@
-Index: qemu/cpu-exec.c
-diff -u qemu/cpu-exec.c:1.128 qemu/cpu-exec.c:1.129
---- qemu/cpu-exec.c:1.128	Sun Dec  2 06:18:23 2007
-+++ qemu/cpu-exec.c	Tue Dec 11 19:35:45 2007
-@@ -133,7 +133,7 @@
-     tb->tc_ptr = tc_ptr;
-     tb->cs_base = cs_base;
-     tb->flags = flags;
--    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
-+    cpu_gen_code(env, tb, &code_gen_size);
-     code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
- 
-     /* check next page if needed */
-Index: qemu/exec-all.h
-diff -u qemu/exec-all.h:1.72 qemu/exec-all.h:1.73
---- qemu/exec-all.h:1.72	Mon Nov 19 00:38:33 2007
-+++ qemu/exec-all.h	Tue Dec 11 19:35:45 2007
-@@ -64,8 +64,9 @@
- int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
- int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb);
- void dump_ops(const uint16_t *opc_buf, const uint32_t *opparam_buf);
-+unsigned long code_gen_max_block_size(void);
- int cpu_gen_code(CPUState *env, struct TranslationBlock *tb,
--                 int max_code_size, int *gen_code_size_ptr);
-+                 int *gen_code_size_ptr);
- int cpu_restore_state(struct TranslationBlock *tb, 
-                       CPUState *env, unsigned long searched_pc,
-                       void *puc);
-@@ -94,7 +95,6 @@
-     return tlb_set_page_exec(env, vaddr, paddr, prot, mmu_idx, is_softmmu);
- }
- 
--#define CODE_GEN_MAX_SIZE        65536
- #define CODE_GEN_ALIGN           16 /* must be >= of the size of a icache line */
- 
- #define CODE_GEN_PHYS_HASH_BITS     15
-Index: qemu/exec.c
-diff -u qemu/exec.c:1.117 qemu/exec.c:1.118
---- qemu/exec.c:1.117	Sun Dec  9 02:22:56 2007
-+++ qemu/exec.c	Tue Dec 11 19:35:45 2007
-@@ -56,7 +56,7 @@
- #endif
- 
- /* threshold to flush the translated code buffer */
--#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
-+#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - code_gen_max_block_size())
- 
- #define SMC_BITMAP_USE_THRESHOLD 10
- 
-@@ -622,7 +622,7 @@
-     tb->cs_base = cs_base;
-     tb->flags = flags;
-     tb->cflags = cflags;
--    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
-+    cpu_gen_code(env, tb, &code_gen_size);
-     code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
- 
-     /* check next page if needed */
-Index: qemu/translate-all.c
-diff -u qemu/translate-all.c:1.23 qemu/translate-all.c:1.24
---- qemu/translate-all.c:1.23	Sun Dec  2 06:10:02 2007
-+++ qemu/translate-all.c	Tue Dec 11 19:35:45 2007
-@@ -132,14 +132,27 @@
-     }
- }
- 
-+unsigned long code_gen_max_block_size(void)
-+{
-+    static unsigned long max;
-+
-+    if (max == 0) {
-+#define DEF(s, n, copy_size) max = copy_size > max? copy_size : max;
-+#include "opc.h"
-+#undef DEF
-+        max *= OPC_MAX_SIZE;
-+    }
-+
-+    return max;
-+}
-+
- /* return non zero if the very first instruction is invalid so that
-    the virtual CPU can trigger an exception. 
- 
-    '*gen_code_size_ptr' contains the size of the generated code (host
-    code).
- */
--int cpu_gen_code(CPUState *env, TranslationBlock *tb,
--                 int max_code_size, int *gen_code_size_ptr)
-+int cpu_gen_code(CPUState *env, TranslationBlock *tb, int *gen_code_size_ptr)
- {
-     uint8_t *gen_code_buf;
-     int gen_code_size;
diff --git a/emulators/qemu-devel/files/patch-vl.c b/emulators/qemu-devel/files/patch-vl.c
index 3d23a23d855e..9acd842bbda6 100644
--- a/emulators/qemu-devel/files/patch-vl.c
+++ b/emulators/qemu-devel/files/patch-vl.c
@@ -18,7 +18,7 @@ Index: qemu/vl.c
      struct termios tty;
      char slave_name[1024];
      int master_fd, slave_fd;
-     
+  
 -#if defined(__linux__)
 +#if defined(__linux__) || defined(__FreeBSD__)
      /* Not satisfying */
diff --git a/emulators/qemu-devel/pkg-plist b/emulators/qemu-devel/pkg-plist
index 362ce051c405..2df1145002d5 100644
--- a/emulators/qemu-devel/pkg-plist
+++ b/emulators/qemu-devel/pkg-plist
@@ -1,6 +1,7 @@
 bin/qemu
 bin/qemu-img
 bin/qemu-system-arm
+bin/qemu-system-cris
 bin/qemu-system-m68k
 bin/qemu-system-mips
 bin/qemu-system-mips64
@@ -9,6 +10,8 @@ bin/qemu-system-mipsel
 bin/qemu-system-ppc
 bin/qemu-system-ppc64
 bin/qemu-system-ppcemb
+bin/qemu-system-sh4
+bin/qemu-system-sh4eb
 bin/qemu-system-sparc
 bin/qemu-system-x86_64
 %%PORTDOCS%%%%DOCSDIR%%/qemu-doc.html
author	Juergen Lock <nox@FreeBSD.org>	2008-03-11 23:34:14 +0000
committer	Juergen Lock <nox@FreeBSD.org>	2008-03-11 23:34:14 +0000
commit	cf1bcdae1c1c5616cbea6ab4e3569cbbaeff4bf7 (patch)
tree	4008eebb14731e300053ac880e1c21209ad9f51b /emulators/qemu-devel
parent	- Fix typo (unclosed double-quote) (diff)