From: "Matthias Maier" <tamiko@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Wed, 26 Jul 2017 17:15:00 +0000 (UTC) [thread overview]
Message-ID: <1501089293.e67f10960bca69fdede54d77eb54c4ab72b98d08.tamiko@gentoo> (raw)
commit: e67f10960bca69fdede54d77eb54c4ab72b98d08
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 26 17:10:46 2017 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Wed Jul 26 17:14:53 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67f1096
app-emulation/qemu: security fixes
CVE-2017-11334, bug #621292
CVE-2017-11434, bug #625614
CVE-2017-9503, bug #621184
CVE-2017-9524, bug #621292
Package-Manager: Portage-2.3.6, Repoman-2.3.3
.../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 ++
.../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 +
.../qemu/files/qemu-2.9.0-CVE-2017-7539.patch | 272 +++++++
.../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ++++
.../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++
.../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 +++
.../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 +++++
app-emulation/qemu/qemu-2.9.0-r55.ebuild | 792 +++++++++++++++++++++
8 files changed, 1646 insertions(+)
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
new file mode 100644
index 00000000000..bfe4c7d89f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
@@ -0,0 +1,40 @@
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
+From: Prasad J Pandit <address@hidden>
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff8..ad103ce 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(buf, ptr, l);
+ }
+
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
new file mode 100644
index 00000000000..5d32067c7a0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
@@ -0,0 +1,29 @@
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
+From: Prasad J Pandit <address@hidden>
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c..5dd1a41 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+ if (p >= p_end)
+ break;
+ len = *p++;
++ if (p + len > p_end) {
++ break;
++ }
+ DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+
+ switch(tag) {
+--
+2.9.4
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
new file mode 100644
index 00000000000..0b5987c6623
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
@@ -0,0 +1,272 @@
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Date: Fri, 2 Jun 2017 18:01:41 +0300
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
+
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
+setting any handlers. But starting from ff82911cd nbd_rwv (was
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
+let's just use nbd_{read,write,drop} functions.
+
+Functions nbd_{read,write,drop} has errp parameter, which is unused in
+this patch. This will be fixed later.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 107 ++++++++++++-----------------------------------------------
+ 1 file changed, 22 insertions(+), 85 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index d8bd927013..7f44ef0b15 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -104,69 +104,6 @@ struct NBDClient {
+
+ static void nbd_client_receive_next_request(NBDClient *client);
+
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
+- GIOCondition condition,
+- void *opaque)
+-{
+- qemu_coroutine_enter(opaque);
+- return TRUE;
+-}
+-
+-static int nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
+-{
+- ssize_t ret;
+- guint watch;
+-
+- assert(qemu_in_coroutine());
+- /* Negotiation are always in main loop. */
+- watch = qio_channel_add_watch(ioc,
+- G_IO_IN,
+- nbd_negotiate_continue,
+- qemu_coroutine_self(),
+- NULL);
+- ret = nbd_read(ioc, buffer, size, NULL);
+- g_source_remove(watch);
+- return ret;
+-
+-}
+-
+-static int nbd_negotiate_write(QIOChannel *ioc, const void *buffer, size_t size)
+-{
+- ssize_t ret;
+- guint watch;
+-
+- assert(qemu_in_coroutine());
+- /* Negotiation are always in main loop. */
+- watch = qio_channel_add_watch(ioc,
+- G_IO_OUT,
+- nbd_negotiate_continue,
+- qemu_coroutine_self(),
+- NULL);
+- ret = nbd_write(ioc, buffer, size, NULL);
+- g_source_remove(watch);
+- return ret;
+-}
+-
+-static int nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
+-{
+- ssize_t ret;
+- uint8_t *buffer = g_malloc(MIN(65536, size));
+-
+- while (size > 0) {
+- size_t count = MIN(65536, size);
+- ret = nbd_negotiate_read(ioc, buffer, count);
+- if (ret < 0) {
+- g_free(buffer);
+- return ret;
+- }
+-
+- size -= count;
+- }
+-
+- g_free(buffer);
+- return 0;
+-}
+-
+ /* Basic flow for negotiation
+
+ Server Client
+@@ -205,22 +142,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
+ type, opt, len);
+
+ magic = cpu_to_be64(NBD_REP_MAGIC);
+- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) < 0) {
++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
+ LOG("write failed (rep magic)");
+ return -EINVAL;
+ }
+ opt = cpu_to_be32(opt);
+- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) < 0) {
++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
+ LOG("write failed (rep opt)");
+ return -EINVAL;
+ }
+ type = cpu_to_be32(type);
+- if (nbd_negotiate_write(ioc, &type, sizeof(type)) < 0) {
++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
+ LOG("write failed (rep type)");
+ return -EINVAL;
+ }
+ len = cpu_to_be32(len);
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+ LOG("write failed (rep data length)");
+ return -EINVAL;
+ }
+@@ -255,7 +192,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
+ if (ret < 0) {
+ goto out;
+ }
+- if (nbd_negotiate_write(ioc, msg, len) < 0) {
++ if (nbd_write(ioc, msg, len, NULL) < 0) {
+ LOG("write failed (error message)");
+ ret = -EIO;
+ } else {
+@@ -286,15 +223,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
+ }
+
+ len = cpu_to_be32(name_len);
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+ LOG("write failed (name length)");
+ return -EINVAL;
+ }
+- if (nbd_negotiate_write(ioc, name, name_len) < 0) {
++ if (nbd_write(ioc, name, name_len, NULL) < 0) {
+ LOG("write failed (name buffer)");
+ return -EINVAL;
+ }
+- if (nbd_negotiate_write(ioc, desc, desc_len) < 0) {
++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
+ LOG("write failed (description buffer)");
+ return -EINVAL;
+ }
+@@ -308,7 +245,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
+ NBDExport *exp;
+
+ if (length) {
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ return nbd_negotiate_send_rep_err(client->ioc,
+@@ -339,7 +276,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
+ LOG("Bad length received");
+ goto fail;
+ }
+- if (nbd_negotiate_read(client->ioc, name, length) < 0) {
++ if (nbd_read(client->ioc, name, length, NULL) < 0) {
+ LOG("read failed");
+ goto fail;
+ }
+@@ -372,7 +309,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+ TRACE("Setting up TLS");
+ ioc = client->ioc;
+ if (length) {
+- if (nbd_negotiate_drop_sync(ioc, length) < 0) {
++ if (nbd_drop(ioc, length, NULL) < 0) {
+ return NULL;
+ }
+ nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
+@@ -436,7 +373,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ ... Rest of request
+ */
+
+- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) < 0) {
++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
+ LOG("read failed");
+ return -EIO;
+ }
+@@ -462,7 +399,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ uint32_t clientflags, length;
+ uint64_t magic;
+
+- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) < 0) {
++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
+ LOG("read failed");
+ return -EINVAL;
+ }
+@@ -472,15 +409,15 @@ static int nbd_negotiate_options(NBDClient *client)
+ return -EINVAL;
+ }
+
+- if (nbd_negotiate_read(client->ioc, &clientflags,
+- sizeof(clientflags)) < 0)
++ if (nbd_read(client->ioc, &clientflags,
++ sizeof(clientflags), NULL) < 0)
+ {
+ LOG("read failed");
+ return -EINVAL;
+ }
+ clientflags = be32_to_cpu(clientflags);
+
+- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) < 0) {
++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
+ LOG("read failed");
+ return -EINVAL;
+ }
+@@ -510,7 +447,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ return -EINVAL;
+
+ default:
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -548,7 +485,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ return nbd_negotiate_handle_export_name(client, length);
+
+ case NBD_OPT_STARTTLS:
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ if (client->tlscreds) {
+@@ -567,7 +504,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ }
+ break;
+ default:
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -656,12 +593,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+ TRACE("TLS cannot be enabled with oldstyle protocol");
+ goto fail;
+ }
+- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) < 0) {
++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+ } else {
+- if (nbd_negotiate_write(client->ioc, buf, 18) < 0) {
++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+@@ -676,7 +613,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+ stq_be_p(buf + 18, client->exp->size);
+ stw_be_p(buf + 26, client->exp->nbdflags | myflags);
+ len = client->no_zeroes ? 10 : sizeof(buf) - 18;
+- if (nbd_negotiate_write(client->ioc, buf + 18, len) < 0) {
++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
new file mode 100644
index 00000000000..01c81d10ec0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
@@ -0,0 +1,122 @@
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:26:14 +0200
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
+
+This ensures that the request is unref'ed properly, and avoids a
+segmentation fault in the new qtest testcase that is added.
+This is CVE-2017-9503.
+
+Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 31 ++++++++++++++++---------------
+ 2 files changed, 51 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 135662df31..734fdaef90 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
+ static void megasas_abort_command(MegasasCmd *cmd)
+ {
+ /* Never abort internal commands. */
++ if (cmd->dcmd_opcode != -1) {
++ return;
++ }
+ if (cmd->req != NULL) {
+ scsi_req_cancel(cmd->req);
+ }
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ uint64_t pd_size;
+ uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+ uint8_t cmdbuf[6];
+- SCSIRequest *req;
+ size_t len, resid;
+
+ if (!cmd->iov_buf) {
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
+ info->vpd_page83[0] = 0x7f;
+ megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info std inquiry");
+ g_free(cmd->iov_buf);
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info std inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
+ megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info vpd inquiry");
+ return MFI_STAT_FLASH_ALLOC_FAIL;
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info vpd inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ struct mfi_ld_info *info = cmd->iov_buf;
+ size_t dcmd_size = sizeof(struct mfi_ld_info);
+ uint8_t cdb[6];
+- SCSIRequest *req;
+ ssize_t len, resid;
+ uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+ uint64_t ld_size;
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ cmd->iov_buf = g_malloc0(dcmd_size);
+ info = cmd->iov_buf;
+ megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
+- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "LD get info vpd inquiry");
+ g_free(cmd->iov_buf);
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "LD get info vpd inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
+ return;
+ }
+
+- if (cmd->req == NULL) {
++ if (cmd->dcmd_opcode != -1) {
+ /*
+ * Internal command complete
+ */
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
new file mode 100644
index 00000000000..74725a92736
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
@@ -0,0 +1,114 @@
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:18:23 +0200
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
+
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 25 +++++++++++--------------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index c353118882..a3f75c1650 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
+
+ hwaddr pa;
+ hwaddr pa_size;
++ uint32_t dcmd_opcode;
+ union mfi_frame *frame;
+ SCSIRequest *req;
+ QEMUSGList qsg;
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
+ cmd->context &= (uint64_t)0xFFFFFFFF;
+ }
+ cmd->count = count;
++ cmd->dcmd_opcode = -1;
+ s->busy++;
+
+ if (s->consumer_pa) {
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
+
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+- int opcode;
+ int retval = 0;
+ size_t len;
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- trace_megasas_handle_dcmd(cmd->index, opcode);
++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
+ if (megasas_map_dcmd(s, cmd) < 0) {
+ return MFI_STAT_MEMORY_NOT_AVAILABLE;
+ }
+- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
+ cmdptr++;
+ }
+ len = cmd->iov_size;
+ if (cmdptr->opcode == -1) {
+- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
+ retval = megasas_dcmd_dummy(s, cmd);
+ } else {
+ trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+ SCSIRequest *req)
+ {
+- int opcode;
+ int retval = MFI_STAT_OK;
+ int lun = req->lun;
+
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
+- switch (opcode) {
++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
++ switch (cmd->dcmd_opcode) {
+ case MFI_DCMD_PD_GET_INFO:
+ retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+ break;
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+ retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+ break;
+ default:
+- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
+ retval = MFI_STAT_INVALID_DCMD;
+ break;
+ }
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ {
+ MegasasCmd *cmd = req->hba_private;
+ uint8_t *buf;
+- uint32_t opcode;
+
+ trace_megasas_io_complete(cmd->index, len);
+
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ }
+
+ buf = scsi_req_get_buf(req);
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+ struct mfi_pd_info *info = cmd->iov_buf;
+
+ if (info->inquiry_data[0] == 0x7f) {
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ memcpy(info->vpd_page83, buf, len);
+ }
+ scsi_req_continue(req);
+- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
+ struct mfi_ld_info *info = cmd->iov_buf;
+
+ if (cmd->iov_buf) {
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
new file mode 100644
index 00000000000..9d77193b1f6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
@@ -0,0 +1,80 @@
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 26 May 2017 22:04:21 -0500
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
+
+If a non-NBD client connects to qemu-nbd, we would end up with
+a SIGSEGV in nbd_client_put() because we were trying to
+unregister the client's association to the export, even though
+we skipped inserting the client into that list. Easy trigger
+in two terminals:
+
+$ qemu-nbd -p 30001 --format=raw file
+$ nmap 127.0.0.1 -p 30001
+
+nmap claims that it thinks it connected to a pago-services1
+server (which probably means nmap could be updated to learn the
+NBD protocol and give a more accurate diagnosis of the open
+port - but that's not our problem), then terminates immediately,
+so our call to nbd_negotiate() fails. The fix is to reorder
+nbd_co_client_start() to ensure that all initialization occurs
+before we ever try talking to a client in nbd_negotiate(), so
+that the teardown sequence on negotiation failure doesn't fault
+while dereferencing a half-initialized object.
+
+While debugging this, I also noticed that nbd_update_server_watch()
+called by nbd_client_closed() was still adding a channel to accept
+the next client, even when the state was no longer RUNNING. That
+is fixed by making nbd_can_accept() pay attention to the current
+state.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170527030421.28366-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 8 +++-----
+ qemu-nbd.c | 2 +-
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index ee59e5d234..49b55f6ede 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+
+ if (exp) {
+ nbd_export_get(exp);
++ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+ }
++ qemu_co_mutex_init(&client->send_lock);
++
+ if (nbd_negotiate(data)) {
+ client_close(client);
+ goto out;
+ }
+- qemu_co_mutex_init(&client->send_lock);
+-
+- if (exp) {
+- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+- }
+
+ nbd_client_receive_next_request(client);
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index f60842fd86..651f85ecc1 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -325,7 +325,7 @@ out:
+
+ static int nbd_can_accept(void)
+ {
+- return nb_fds < shared;
++ return state == RUNNING && nb_fds < shared;
+ }
+
+ static void nbd_export_closed(NBDExport *exp)
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
new file mode 100644
index 00000000000..e6934b379a2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
@@ -0,0 +1,197 @@
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 8 Jun 2017 17:26:17 -0500
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan
+
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
+server would not quit, regardless of how many probe connections
+came and went, until a connection actually negotiated). But we
+broke that in commit ee7d7aa when removing the return value to
+nbd_client_new(), although that patch also introduced a bug causing
+an assertion failure on a client that fails negotiation. We then
+made it worse during refactoring in commit 1a6245a (a segfault
+before we could even assert); the (masked) assertion was cleaned
+up in d3780c2 (still in 2.6), and just recently we finally fixed
+the segfault ("nbd: Fully intialize client in case of failed
+negotiation"). But that still means that ever since we added
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed
+port-scan being able to cause a denial of service by taking down
+qemu-nbd before a real client has a chance to connect.
+
+Since negotiation is now handled asynchronously via coroutines,
+we no longer have a synchronous point of return by re-adding a
+return value to nbd_client_new(). So this patch instead wires
+things up to pass the negotiation status through the close_fn
+callback function.
+
+Simple test across two terminals:
+$ qemu-nbd -f raw -p 30001 file
+$ nmap 127.0.0.1 -p 30001 && \
+ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
+
+Note that this patch does not change what constitutes successful
+negotiation (thus, a client must enter transmission phase before
+that client can be considered as a reason to terminate the server
+when the connection ends). Perhaps we may want to tweak things
+in a later patch to also treat a client that uses NBD_OPT_ABORT
+as being a 'successful' negotiation (the client correctly talked
+the NBD protocol, and informed us it was not going to use our
+export after all), but that's a discussion for another day.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170608222617.20376-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ blockdev-nbd.c | 6 +++++-
+ include/block/nbd.h | 2 +-
+ nbd/server.c | 24 +++++++++++++++---------
+ qemu-nbd.c | 4 ++--
+ 4 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index dd0860f4a6..28f551a7b0 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -27,6 +27,10 @@ typedef struct NBDServerData {
+
+ static NBDServerData *nbd_server;
+
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
++{
++ nbd_client_put(client);
++}
+
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+ gpointer opaque)
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+ qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
+ nbd_client_new(NULL, cioc,
+ nbd_server->tlscreds, NULL,
+- nbd_client_put);
++ nbd_blockdev_client_closed);
+ object_unref(OBJECT(cioc));
+ return TRUE;
+ }
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index 416257abca..8fa5ce51f3 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
+ QIOChannelSocket *sioc,
+ QCryptoTLSCreds *tlscreds,
+ const char *tlsaclname,
+- void (*close)(NBDClient *));
++ void (*close_fn)(NBDClient *, bool));
+ void nbd_client_get(NBDClient *client);
+ void nbd_client_put(NBDClient *client);
+
+diff --git a/nbd/server.c b/nbd/server.c
+index 49b55f6ede..f2b1aa47ce 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+
+ struct NBDClient {
+ int refcount;
+- void (*close)(NBDClient *client);
++ void (*close_fn)(NBDClient *client, bool negotiated);
+
+ bool no_zeroes;
+ NBDExport *exp;
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
+ }
+ }
+
+-static void client_close(NBDClient *client)
++static void client_close(NBDClient *client, bool negotiated)
+ {
+ if (client->closing) {
+ return;
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
+ NULL);
+
+ /* Also tell the client, so that they release their reference. */
+- if (client->close) {
+- client->close(client);
++ if (client->close_fn) {
++ client->close_fn(client, negotiated);
+ }
+ }
+
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
+
+ nbd_export_get(exp);
+ QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
+- client_close(client);
++ client_close(client, true);
+ }
+ nbd_export_set_name(exp, NULL);
+ nbd_export_set_description(exp, NULL);
+@@ -1337,7 +1337,7 @@ done:
+
+ out:
+ nbd_request_put(req);
+- client_close(client);
++ client_close(client, true);
+ nbd_client_put(client);
+ }
+
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+ qemu_co_mutex_init(&client->send_lock);
+
+ if (nbd_negotiate(data)) {
+- client_close(client);
++ client_close(client, false);
+ goto out;
+ }
+
+@@ -1373,11 +1373,17 @@ out:
+ g_free(data);
+ }
+
++/*
++ * Create a new client listener on the given export @exp, using the
++ * given channel @sioc. Begin servicing it in a coroutine. When the
++ * connection closes, call @close_fn with an indication of whether the
++ * client completed negotiation.
++ */
+ void nbd_client_new(NBDExport *exp,
+ QIOChannelSocket *sioc,
+ QCryptoTLSCreds *tlscreds,
+ const char *tlsaclname,
+- void (*close_fn)(NBDClient *))
++ void (*close_fn)(NBDClient *, bool))
+ {
+ NBDClient *client;
+ NBDClientNewData *data = g_new(NBDClientNewData, 1);
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
+ object_ref(OBJECT(client->sioc));
+ client->ioc = QIO_CHANNEL(sioc);
+ object_ref(OBJECT(client->ioc));
+- client->close = close_fn;
++ client->close_fn = close_fn;
+
+ data->client = client;
+ data->co = qemu_coroutine_create(nbd_co_client_start, data);
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 651f85ecc1..9464a0461c 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
+
+ static void nbd_update_server_watch(void);
+
+-static void nbd_client_closed(NBDClient *client)
++static void nbd_client_closed(NBDClient *client, bool negotiated)
+ {
+ nb_fds--;
+- if (nb_fds == 0 && !persistent && state == RUNNING) {
++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
+ state = TERMINATE;
+ }
+ nbd_update_server_watch();
+--
+2.13.0
+
diff --git a/app-emulation/qemu/qemu-2.9.0-r55.ebuild b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
new file mode 100644
index 00000000000..4a7f4b1c5f1
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
@@ -0,0 +1,792 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+ user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+ EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+ inherit git-r3
+ SRC_URI=""
+else
+ SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+ KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
+ glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+ kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+ pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
+ spice ssh static static-user systemtap tci test usb usbredir vde
+ +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
+ mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
+ sparc64 x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+ lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+ armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ gtk2? ( gtk )
+ qemu_softmmu_targets_arm? ( fdt )
+ qemu_softmmu_targets_microblaze? ( fdt )
+ qemu_softmmu_targets_mips64el? ( fdt )
+ qemu_softmmu_targets_ppc? ( fdt )
+ qemu_softmmu_targets_ppc64? ( fdt )
+ sdl2? ( sdl )
+ static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
+ virtfs? ( xattr )
+ vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected). This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+ALL_DEPEND="
+ >=dev-libs/glib-2.0[static-libs(+)]
+ sys-libs/zlib[static-libs(+)]
+ python? ( ${PYTHON_DEPS} )
+ systemtap? ( dev-util/systemtap )
+ xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+ >=x11-libs/pixman-0.28.0[static-libs(+)]
+ accessibility? (
+ app-accessibility/brltty[api]
+ app-accessibility/brltty[static-libs(+)]
+ )
+ aio? ( dev-libs/libaio[static-libs(+)] )
+ alsa? ( >=media-libs/alsa-lib-1.0.13 )
+ bluetooth? ( net-wireless/bluez )
+ bzip2? ( app-arch/bzip2[static-libs(+)] )
+ caps? ( sys-libs/libcap-ng[static-libs(+)] )
+ curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+ fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+ glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+ gnutls? (
+ dev-libs/nettle:=[static-libs(+)]
+ >=net-libs/gnutls-3.0:=[static-libs(+)]
+ )
+ gtk? (
+ gtk2? (
+ x11-libs/gtk+:2
+ vte? ( x11-libs/vte:0 )
+ )
+ !gtk2? (
+ x11-libs/gtk+:3
+ vte? ( x11-libs/vte:2.91 )
+ )
+ )
+ infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+ iscsi? ( net-libs/libiscsi )
+ jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+ lzo? ( dev-libs/lzo:2[static-libs(+)] )
+ ncurses? (
+ sys-libs/ncurses:0=[unicode]
+ sys-libs/ncurses:0=[static-libs(+)]
+ )
+ nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+ numa? ( sys-process/numactl[static-libs(+)] )
+ opengl? (
+ virtual/opengl
+ media-libs/libepoxy[static-libs(+)]
+ media-libs/mesa[static-libs(+)]
+ media-libs/mesa[egl,gbm]
+ )
+ png? ( media-libs/libpng:0=[static-libs(+)] )
+ pulseaudio? ( media-sound/pulseaudio )
+ rbd? ( sys-cluster/ceph[static-libs(+)] )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+ sdl? (
+ !sdl2? (
+ media-libs/libsdl[X]
+ >=media-libs/libsdl-1.2.11[static-libs(+)]
+ )
+ sdl2? (
+ media-libs/libsdl2[X]
+ media-libs/libsdl2[static-libs(+)]
+ )
+ )
+ seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+ snappy? ( app-arch/snappy:=[static-libs(+)] )
+ spice? (
+ >=app-emulation/spice-protocol-0.12.3
+ >=app-emulation/spice-0.12.0[static-libs(+)]
+ )
+ ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+ vde? ( net-misc/vde[static-libs(+)] )
+ virgl? ( media-libs/virglrenderer[static-libs(+)] )
+ virtfs? ( sys-libs/libcap )
+ xen? ( app-emulation/xen-tools:= )
+ xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+ pin-upstream-blobs? (
+ ~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+ ~sys-firmware/ipxe-1.0.0_p20160620
+ ~sys-firmware/seabios-1.10.2[binary,seavgabios]
+ ~sys-firmware/sgabios-0.1_pre8
+ )
+ !pin-upstream-blobs? (
+ sys-firmware/edk2-ovmf
+ sys-firmware/ipxe
+ >=sys-firmware/seabios-1.10.2[seavgabios]
+ sys-firmware/sgabios
+ )"
+
+CDEPEND="
+ !static? (
+ ${ALL_DEPEND//\[static-libs(+)]}
+ ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+ )
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
+DEPEND="${CDEPEND}
+ dev-lang/perl
+ =dev-lang/python-2*
+ sys-apps/texinfo
+ virtual/pkgconfig
+ kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+ gtk? ( nls? ( sys-devel/gettext ) )
+ static? (
+ ${ALL_DEPEND}
+ ${SOFTMMU_TOOLS_DEPEND}
+ )
+ static-user? ( ${ALL_DEPEND} )
+ test? (
+ dev-libs/glib[utils]
+ sys-devel/bc
+ )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+ "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
+)
+
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+ usr/share/qemu/openbios-ppc
+ usr/share/qemu/openbios-sparc64
+ usr/share/qemu/openbios-sparc32
+ usr/share/qemu/palcode-clipper
+ usr/share/qemu/s390-ccw.img
+ usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+ usr/bin/qemu-x86_64
+ usr/bin/qemu-alpha
+ usr/bin/qemu-arm
+ usr/bin/qemu-cris
+ usr/bin/qemu-m68k
+ usr/bin/qemu-microblaze
+ usr/bin/qemu-microblazeel
+ usr/bin/qemu-mips
+ usr/bin/qemu-mipsel
+ usr/bin/qemu-or1k
+ usr/bin/qemu-ppc
+ usr/bin/qemu-ppc64
+ usr/bin/qemu-ppc64abi32
+ usr/bin/qemu-sh4
+ usr/bin/qemu-sh4eb
+ usr/bin/qemu-sparc
+ usr/bin/qemu-sparc64
+ usr/bin/qemu-armeb
+ usr/bin/qemu-sparc32plus
+ usr/bin/qemu-s390x
+ usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+ For AMD CPUs the module is called 'kvm-amd'.
+ For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+ $ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it. You can tell udev to reset ownership/perms:
+ $ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+ # rc-update add qemu-binfmt
+For systemd:
+ # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+ if use kernel_linux && kernel_is lt 2 6 25; then
+ eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+ elif use kernel_linux; then
+ if ! linux_config_exists; then
+ eerror "Unable to check your kernel for KVM support"
+ else
+ CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+ ERROR_KVM="You must enable KVM in your kernel to continue"
+ ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+ ERROR_KVM_AMD+=" your kernel configuration."
+ ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+ ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+ ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+ ERROR_TUN+=" into your kernel or loaded as a module to use the"
+ ERROR_TUN+=" virtual network device if using -net tap."
+ ERROR_BRIDGE="You will also need support for 802.1d"
+ ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+ use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+ ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+ ERROR_VHOST_NET+=" support"
+
+ if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+ CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+ fi
+
+ use python && CONFIG_CHECK+=" ~DEBUG_FS"
+ ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+ # Now do the actual checks setup above
+ check_extra_config
+ fi
+ fi
+
+ if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+ eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+ eerror "instances are still pointing to it. Please update your"
+ eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+ eerror "and the right system binary (e.g. qemu-system-x86_64)."
+ die "update your virt configs to not use qemu-kvm"
+ fi
+}
+
+pkg_setup() {
+ enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+ local var=$1 mak=$2
+ local detected sorted
+
+ pushd "${S}"/default-configs >/dev/null || die
+
+ # Force C locale until glibc is updated. #564936
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+ if [[ ${sorted} != "${detected}" ]] ; then
+ eerror "The ebuild needs to be kept in sync."
+ eerror "${var}: ${sorted}"
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+ die "sync ${var} to the list of targets"
+ fi
+
+ popd >/dev/null
+}
+
+handle_locales() {
+ # Make sure locale list is kept up-to-date.
+ local detected sorted
+ detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+ sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+ if [[ ${sorted} != "${detected}" ]] ; then
+ eerror "The ebuild needs to be kept in sync."
+ eerror "PLOCALES: ${sorted}"
+ eerror " po/*.po: ${detected}"
+ die "sync PLOCALES"
+ fi
+
+ # Deal with selective install of locales.
+ if use nls ; then
+ # Delete locales the user does not want. #577814
+ rm_loc() { rm po/$1.po || die; }
+ l10n_for_each_disabled_locale_do rm_loc
+ else
+ # Cheap hack to disable gettext .mo generation.
+ rm -f po/*.po
+ fi
+}
+
+src_prepare() {
+ check_targets IUSE_SOFTMMU_TARGETS softmmu
+ check_targets IUSE_USER_TARGETS linux-user
+
+ # Alter target makefiles to accept CFLAGS set via flag-o
+ sed -i -r \
+ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+ Makefile Makefile.target || die
+
+ default
+
+ # Fix ld and objcopy being called directly
+ tc-export AR LD OBJCOPY
+
+ # Verbose builds
+ MAKEOPTS+=" V=1"
+
+ # Run after we've applied all patches.
+ handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+ debug-print-function ${FUNCNAME} "$@"
+
+ local buildtype=$1
+ local builddir="${S}/${buildtype}-build"
+
+ mkdir "${builddir}"
+
+ local conf_opts=(
+ --prefix=/usr
+ --sysconfdir=/etc
+ --libdir=/usr/$(get_libdir)
+ --docdir=/usr/share/doc/${PF}/html
+ --disable-bsd-user
+ --disable-guest-agent
+ --disable-strip
+ --disable-werror
+ # We support gnutls/nettle for crypto operations. It is possible
+ # to use gcrypt when gnutls/nettle are disabled (but not when they
+ # are enabled), but it's not really worth the hassle. Disable it
+ # all the time to avoid automatically detecting it. #568856
+ --disable-gcrypt
+ --python="${PYTHON}"
+ --cc="$(tc-getCC)"
+ --cxx="$(tc-getCXX)"
+ --host-cc="$(tc-getBUILD_CC)"
+ $(use_enable debug debug-info)
+ $(use_enable debug debug-tcg)
+ --enable-docs
+ $(use_enable tci tcg-interpreter)
+ $(use_enable xattr attr)
+ )
+
+ # Disable options not used by user targets. This simplifies building
+ # static user targets (USE=static-user) considerably.
+ conf_notuser() {
+ if [[ ${buildtype} == "user" ]] ; then
+ echo "--disable-${2:-$1}"
+ else
+ use_enable "$@"
+ fi
+ }
+ conf_opts+=(
+ $(conf_notuser accessibility brlapi)
+ $(conf_notuser aio linux-aio)
+ $(conf_notuser bzip2)
+ $(conf_notuser bluetooth bluez)
+ $(conf_notuser caps cap-ng)
+ $(conf_notuser curl)
+ $(conf_notuser fdt)
+ $(conf_notuser glusterfs)
+ $(conf_notuser gnutls)
+ $(conf_notuser gnutls nettle)
+ $(conf_notuser gtk)
+ $(conf_notuser infiniband rdma)
+ $(conf_notuser iscsi libiscsi)
+ $(conf_notuser jpeg vnc-jpeg)
+ $(conf_notuser kernel_linux kvm)
+ $(conf_notuser lzo)
+ $(conf_notuser ncurses curses)
+ $(conf_notuser nfs libnfs)
+ $(conf_notuser numa)
+ $(conf_notuser opengl)
+ $(conf_notuser png vnc-png)
+ $(conf_notuser rbd)
+ $(conf_notuser sasl vnc-sasl)
+ $(conf_notuser sdl)
+ $(conf_notuser seccomp)
+ $(conf_notuser smartcard)
+ $(conf_notuser snappy)
+ $(conf_notuser spice)
+ $(conf_notuser ssh libssh2)
+ $(conf_notuser usb libusb)
+ $(conf_notuser usbredir usb-redir)
+ $(conf_notuser vde)
+ $(conf_notuser vhost-net)
+ $(conf_notuser virgl virglrenderer)
+ $(conf_notuser virtfs)
+ $(conf_notuser vnc)
+ $(conf_notuser vte)
+ $(conf_notuser xen)
+ $(conf_notuser xen xen-pci-passthrough)
+ $(conf_notuser xfs xfsctl)
+ )
+
+ if [[ ! ${buildtype} == "user" ]] ; then
+ # audio options
+ local audio_opts="oss"
+ use alsa && audio_opts="alsa,${audio_opts}"
+ use sdl && audio_opts="sdl,${audio_opts}"
+ use pulseaudio && audio_opts="pa,${audio_opts}"
+ conf_opts+=(
+ --audio-drv-list="${audio_opts}"
+ )
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+ fi
+
+ case ${buildtype} in
+ user)
+ conf_opts+=(
+ --enable-linux-user
+ --disable-system
+ --disable-blobs
+ --disable-tools
+ )
+ local static_flag="static-user"
+ ;;
+ softmmu)
+ conf_opts+=(
+ --disable-linux-user
+ --enable-system
+ --disable-tools
+ --with-system-pixman
+ )
+ local static_flag="static"
+ ;;
+ tools)
+ conf_opts+=(
+ --disable-linux-user
+ --disable-system
+ --disable-blobs
+ --enable-tools
+ )
+ local static_flag="static"
+ ;;
+ esac
+
+ local targets="${buildtype}_targets"
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+ # Add support for SystemTAP
+ use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+ # We always want to attempt to build with PIE support as it results
+ # in a more secure binary. But it doesn't work with static or if
+ # the current GCC doesn't have PIE support.
+ if use ${static_flag}; then
+ conf_opts+=( --static --disable-pie )
+ else
+ tc-enables-pie && conf_opts+=( --enable-pie )
+ fi
+
+ echo "../configure ${conf_opts[*]}"
+ cd "${builddir}"
+ ../configure "${conf_opts[@]}" || die "configure failed"
+
+ # FreeBSD's kernel does not support QEMU assigning/grabbing
+ # host USB devices yet
+ use kernel_FreeBSD && \
+ sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+ local target
+
+ python_setup
+
+ softmmu_targets= softmmu_bins=()
+ user_targets= user_bins=()
+
+ for target in ${IUSE_SOFTMMU_TARGETS} ; do
+ if use "qemu_softmmu_targets_${target}"; then
+ softmmu_targets+=",${target}-softmmu"
+ softmmu_bins+=( "qemu-system-${target}" )
+ fi
+ done
+
+ for target in ${IUSE_USER_TARGETS} ; do
+ if use "qemu_user_targets_${target}"; then
+ user_targets+=",${target}-linux-user"
+ user_bins+=( "qemu-${target}" )
+ fi
+ done
+
+ softmmu_targets=${softmmu_targets#,}
+ user_targets=${user_targets#,}
+
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+ [[ -n ${user_targets} ]] && qemu_src_configure "user"
+ qemu_src_configure "tools"
+}
+
+src_compile() {
+ if [[ -n ${user_targets} ]]; then
+ cd "${S}/user-build"
+ default
+ fi
+
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ default
+ fi
+
+ cd "${S}/tools-build"
+ default
+}
+
+src_test() {
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ pax-mark m */qemu-system-* #515550
+ emake -j1 check
+ emake -j1 check-report.html
+ fi
+}
+
+qemu_python_install() {
+ python_domodule "${S}/scripts/qmp/qmp.py"
+
+ python_doscript "${S}/scripts/kvm/vmxcap"
+ python_doscript "${S}/scripts/qmp/qmp-shell"
+ python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+ local out="${T}/qemu-binfmt"
+ local out_systemd="${T}/qemu.conf"
+ local d="${T}/binfmt.d"
+
+ einfo "Generating qemu binfmt scripts and configuration files"
+
+ # Generate the debian fragments first.
+ mkdir -p "${d}"
+ "${S}"/scripts/qemu-binfmt-conf.sh \
+ --debian \
+ --exportdir "${d}" \
+ --qemu-path "${EPREFIX}/usr/bin" \
+ || die
+ # Then turn the fragments into a shell script we can source.
+ sed -E -i \
+ -e 's:^([^ ]+) (.*)$:\1="\2":' \
+ "${d}"/* || die
+
+ # Generate the init.d script by assembling the fragments from above.
+ local f qcpu package interpreter magic mask
+ cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+ for f in "${d}"/qemu-* ; do
+ source "${f}"
+
+ # Normalize the cpu logic like we do in the init.d for the native cpu.
+ qcpu=${package#qemu-}
+ case ${qcpu} in
+ arm*) qcpu="arm";;
+ mips*) qcpu="mips";;
+ ppc*) qcpu="ppc";;
+ s390*) qcpu="s390";;
+ sh*) qcpu="sh";;
+ sparc*) qcpu="sparc";;
+ esac
+
+ cat <<EOF >>"${out}"
+ if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+ echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+ fi
+EOF
+
+ echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+ done
+ cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+ if [[ -n ${user_targets} ]]; then
+ cd "${S}/user-build"
+ emake DESTDIR="${ED}" install
+
+ # Install binfmt handler init script for user targets.
+ generate_initd
+ doinitd "${T}/qemu-binfmt"
+
+ # Install binfmt/qemu.conf.
+ insinto "/usr/share/qemu/binfmt.d"
+ doins "${T}/qemu.conf"
+ fi
+
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ emake DESTDIR="${ED}" install
+
+ # This might not exist if the test failed. #512010
+ [[ -e check-report.html ]] && dohtml check-report.html
+
+ if use kernel_linux; then
+ udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+ fi
+
+ if use python; then
+ python_foreach_impl qemu_python_install
+ fi
+ fi
+
+ cd "${S}/tools-build"
+ emake DESTDIR="${ED}" install
+
+ # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+ pushd "${ED}"/usr/bin >/dev/null
+ pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+ popd >/dev/null
+
+ # Install config file example for qemu-bridge-helper
+ insinto "/etc/qemu"
+ doins "${FILESDIR}/bridge.conf"
+
+ cd "${S}"
+ dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+ newdoc pc-bios/README README.pc-bios
+ dodoc docs/qmp-*.txt
+
+ if [[ -n ${softmmu_targets} ]]; then
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one
+ rm "${ED}/usr/share/qemu/bios.bin"
+ rm "${ED}/usr/share/qemu/bios-256k.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+ dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+ fi
+
+ # Remove vgabios since we're using the seavgabios packaged one
+ rm "${ED}/usr/share/qemu/vgabios.bin"
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+ rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+ dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+ dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+ dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+ dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+ dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+ fi
+
+ # Remove sgabios since we're using the sgabios packaged one
+ rm "${ED}/usr/share/qemu/sgabios.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+ fi
+
+ # Remove iPXE since we're using the iPXE packaged one
+ rm "${ED}"/usr/share/qemu/pxe-*.rom
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+ dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+ dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+ dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+ dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+ fi
+ fi
+
+ DISABLE_AUTOFORMATTING=true
+ readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+ local pv
+ for pv in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+ return 0
+ fi
+ done
+ return 1
+}
+
+pkg_postinst() {
+ if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+ udev_reload
+ fi
+
+ fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+ DISABLE_AUTOFORMATTING=true
+ readme.gentoo_print_elog
+
+ if use pin-upstream-blobs && firmware_abi_change; then
+ ewarn "This version of qemu pins new versions of firmware blobs:"
+ ewarn " $(best_version sys-firmware/edk2-ovmf)"
+ ewarn " $(best_version sys-firmware/ipxe)"
+ ewarn " $(best_version sys-firmware/seabios)"
+ ewarn " $(best_version sys-firmware/sgabios)"
+ ewarn "This might break resume of hibernated guests (started with a different"
+ ewarn "firmware version) and live migration to/from qemu versions with different"
+ ewarn "firmware. Please (cold) restart all running guests. For functional"
+ ewarn "guest migration ensure that all"
+ ewarn "hosts run at least"
+ ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+ fi
+}
+
+pkg_info() {
+ echo "Using:"
+ echo " $(best_version app-emulation/spice-protocol)"
+ echo " $(best_version sys-firmware/edk2-ovmf)"
+ if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+ echo " USE=binary"
+ else
+ echo " USE=''"
+ fi
+ echo " $(best_version sys-firmware/ipxe)"
+ echo " $(best_version sys-firmware/seabios)"
+ if has_version 'sys-firmware/seabios[binary]'; then
+ echo " USE=binary"
+ else
+ echo " USE=''"
+ fi
+ echo " $(best_version sys-firmware/sgabios)"
+}
next reply other threads:[~2017-07-26 17:15 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-26 17:15 Matthias Maier [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-05-07 18:41 [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/ Sam James
2025-02-26 6:31 Sam James
2025-02-20 17:17 Sam James
2024-04-29 2:38 Sam James
2023-07-02 23:35 Sam James
2023-07-02 23:01 Sam James
2023-05-18 21:07 Matthias Maier
2023-05-05 18:11 Matthias Maier
2023-02-21 6:50 Sam James
2023-02-04 16:46 Andreas K. Hüttel
2022-12-08 1:22 John Helmert III
2022-11-12 19:43 Andreas K. Hüttel
2022-09-27 17:31 John Helmert III
2022-08-03 18:21 Sam James
2022-07-05 1:05 WANG Xuerui
2022-06-04 3:01 Sam James
2022-05-22 15:59 John Helmert III
2022-03-29 5:38 Sam James
2022-01-01 1:22 John Helmert III
2021-12-21 23:53 John Helmert III
2021-06-26 19:59 Sergei Trofimovich
2021-04-12 19:39 Sergei Trofimovich
2021-02-28 23:24 Sergei Trofimovich
2020-12-12 23:53 Sergei Trofimovich
2020-12-12 8:33 Sergei Trofimovich
2020-12-10 15:03 Sergei Trofimovich
2020-10-21 20:55 Sergei Trofimovich
2020-09-08 7:33 Sergei Trofimovich
2020-04-24 19:59 Sergei Trofimovich
2020-04-16 22:16 Sergei Trofimovich
2019-05-21 3:53 Matthias Maier
2019-05-17 8:58 Matthias Maier
2019-05-17 7:43 Matthias Maier
2019-04-29 6:48 Matthias Maier
2019-02-19 0:19 Matthias Maier
2018-08-19 17:49 Matthias Maier
2018-06-15 14:10 Jason Donenfeld
2018-03-27 15:44 Matthias Maier
2018-03-18 20:02 Matthias Maier
2017-11-12 20:22 Matthias Maier
2017-05-18 4:20 Matthias Maier
2017-04-25 13:51 Matthias Maier
2017-03-27 4:03 Matthias Maier
2017-02-13 4:58 Matthias Maier
2016-12-29 18:47 Mike Frysinger
2016-11-12 17:29 Matthias Maier
2016-09-27 2:17 Matthias Maier
2016-09-09 5:23 Matthias Maier
2016-09-05 16:45 Matthias Maier
2016-09-05 5:30 Matthias Maier
2016-08-07 14:04 Luca Barbato
2016-06-07 3:02 Mike Frysinger
2016-05-17 4:41 Mike Frysinger
2016-04-23 20:30 Mike Frysinger
2016-03-23 5:25 Mike Frysinger
2015-12-15 5:55 Mike Frysinger
2015-12-08 3:17 Mike Frysinger
2015-11-23 0:41 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501089293.e67f10960bca69fdede54d77eb54c4ab72b98d08.tamiko@gentoo \
--to=tamiko@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox