1 |
commit: 153ded7835ad0fbd8ec8a7552f90c973d1c2dd28 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Sep 27 02:01:29 2016 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Sep 27 02:01:29 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=153ded78 |
7 |
|
8 |
app-emulation/qemu: security fixes, bug #594520, bug #594368 |
9 |
|
10 |
CVE-2016-7466.patch # bug 594520 |
11 |
CVE-2016-7423.patch # bug 594368 |
12 |
|
13 |
Package-Manager: portage-2.3.0 |
14 |
|
15 |
.../qemu/files/qemu-2.7.0-CVE-2016-7423.patch | 31 + |
16 |
.../qemu/files/qemu-2.7.0-CVE-2016-7466.patch | 26 + |
17 |
app-emulation/qemu/qemu-2.7.0-r4.ebuild | 689 +++++++++++++++++++++ |
18 |
3 files changed, 746 insertions(+) |
19 |
|
20 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch |
21 |
new file mode 100644 |
22 |
index 00000000..fdd871b |
23 |
--- /dev/null |
24 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch |
25 |
@@ -0,0 +1,31 @@ |
26 |
+From: Li Qiang <address@hidden> |
27 |
+ |
28 |
+When processing IO request in mptsas, it uses g_new to allocate |
29 |
+a 'req' object. If an error occurs before 'req->sreq' is |
30 |
+allocated, It could lead to an OOB write in mptsas_free_request |
31 |
+function. Use g_new0 to avoid it. |
32 |
+ |
33 |
+Reported-by: Li Qiang <address@hidden> |
34 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
35 |
+Message-Id: <address@hidden> |
36 |
+Cc: address@hidden |
37 |
+Signed-off-by: Paolo Bonzini <address@hidden> |
38 |
+--- |
39 |
+ hw/scsi/mptsas.c | 2 +- |
40 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
41 |
+ |
42 |
+diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c |
43 |
+index 0e0a22f..eaae1bb 100644 |
44 |
+--- a/hw/scsi/mptsas.c |
45 |
++++ b/hw/scsi/mptsas.c |
46 |
+@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, |
47 |
+ goto bad; |
48 |
+ } |
49 |
+ |
50 |
+- req = g_new(MPTSASRequest, 1); |
51 |
++ req = g_new0(MPTSASRequest, 1); |
52 |
+ QTAILQ_INSERT_TAIL(&s->pending, req, next); |
53 |
+ req->scsi_io = *scsi_io; |
54 |
+ req->dev = s; |
55 |
+-- |
56 |
+1.8.3.1 |
57 |
|
58 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch |
59 |
new file mode 100644 |
60 |
index 00000000..d5028bb |
61 |
--- /dev/null |
62 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch |
63 |
@@ -0,0 +1,26 @@ |
64 |
+From: Li Qiang <address@hidden> |
65 |
+ |
66 |
+If the xhci uses msix, it doesn't free the corresponding |
67 |
+memory, thus leading a memory leak. This patch avoid this. |
68 |
+ |
69 |
+Signed-off-by: Li Qiang <address@hidden> |
70 |
+--- |
71 |
+ hw/usb/hcd-xhci.c | 3 +-- |
72 |
+ 1 file changed, 1 insertion(+), 2 deletions(-) |
73 |
+ |
74 |
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c |
75 |
+index 188f954..281a2a5 100644 |
76 |
+--- a/hw/usb/hcd-xhci.c |
77 |
++++ b/hw/usb/hcd-xhci.c |
78 |
+@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev) |
79 |
+ /* destroy msix memory region */ |
80 |
+ if (dev->msix_table && dev->msix_pba |
81 |
+ && dev->msix_entry_used) { |
82 |
+- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio); |
83 |
+- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio); |
84 |
++ msix_uninit(dev, &xhci->mem, &xhci->mem); |
85 |
+ } |
86 |
+ |
87 |
+ usb_bus_release(&xhci->bus); |
88 |
+-- |
89 |
+1.8.3.1 |
90 |
|
91 |
diff --git a/app-emulation/qemu/qemu-2.7.0-r4.ebuild b/app-emulation/qemu/qemu-2.7.0-r4.ebuild |
92 |
new file mode 100644 |
93 |
index 00000000..66a65ec |
94 |
--- /dev/null |
95 |
+++ b/app-emulation/qemu/qemu-2.7.0-r4.ebuild |
96 |
@@ -0,0 +1,689 @@ |
97 |
+# Copyright 1999-2016 Gentoo Foundation |
98 |
+# Distributed under the terms of the GNU General Public License v2 |
99 |
+# $Id$ |
100 |
+ |
101 |
+EAPI="5" |
102 |
+ |
103 |
+PYTHON_COMPAT=( python2_7 ) |
104 |
+PYTHON_REQ_USE="ncurses,readline" |
105 |
+ |
106 |
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN" |
107 |
+ |
108 |
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ |
109 |
+ user udev fcaps readme.gentoo-r1 pax-utils l10n |
110 |
+ |
111 |
+if [[ ${PV} = *9999* ]]; then |
112 |
+ EGIT_REPO_URI="git://git.qemu.org/qemu.git" |
113 |
+ inherit git-2 |
114 |
+ SRC_URI="" |
115 |
+else |
116 |
+ SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" |
117 |
+ KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" |
118 |
+fi |
119 |
+ |
120 |
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
121 |
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" |
122 |
+ |
123 |
+LICENSE="GPL-2 LGPL-2 BSD-2" |
124 |
+SLOT="0" |
125 |
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \ |
126 |
+gnutls gtk gtk2 infiniband iscsi +jpeg \ |
127 |
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs |
128 |
++png pulseaudio python \ |
129 |
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu |
130 |
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \ |
131 |
+virgl virtfs +vnc vte xattr xen xfs" |
132 |
+ |
133 |
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips |
134 |
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 |
135 |
+x86_64" |
136 |
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" |
137 |
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" |
138 |
+ |
139 |
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
140 |
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
141 |
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}" |
142 |
+ |
143 |
+# Allow no targets to be built so that people can get a tools-only build. |
144 |
+# Block USE flag configurations known to not work. |
145 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE} |
146 |
+ gtk2? ( gtk ) |
147 |
+ qemu_softmmu_targets_arm? ( fdt ) |
148 |
+ qemu_softmmu_targets_microblaze? ( fdt ) |
149 |
+ qemu_softmmu_targets_ppc? ( fdt ) |
150 |
+ qemu_softmmu_targets_ppc64? ( fdt ) |
151 |
+ sdl2? ( sdl ) |
152 |
+ static? ( static-softmmu static-user ) |
153 |
+ static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) |
154 |
+ virtfs? ( xattr ) |
155 |
+ vte? ( gtk )" |
156 |
+ |
157 |
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. |
158 |
+# |
159 |
+# The attr lib isn't always linked in (although the USE flag is always |
160 |
+# respected). This is because qemu supports using the C library's API |
161 |
+# when available rather than always using the extranl library. |
162 |
+# |
163 |
+# Older versions of gnutls are supported, but it's simpler to just require |
164 |
+# the latest versions. This is also why we require nettle. |
165 |
+# |
166 |
+# TODO: Split out tools deps into another var. e.g. bzip2 is only used by |
167 |
+# system binaries and tools, not user binaries. |
168 |
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] |
169 |
+ dev-libs/libpcre[static-libs(+)] |
170 |
+ sys-libs/zlib[static-libs(+)] |
171 |
+ bzip2? ( app-arch/bzip2[static-libs(+)] ) |
172 |
+ xattr? ( sys-apps/attr[static-libs(+)] )" |
173 |
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} |
174 |
+ >=x11-libs/pixman-0.28.0[static-libs(+)] |
175 |
+ accessibility? ( app-accessibility/brltty[static-libs(+)] ) |
176 |
+ aio? ( dev-libs/libaio[static-libs(+)] ) |
177 |
+ alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
178 |
+ bluetooth? ( net-wireless/bluez ) |
179 |
+ caps? ( sys-libs/libcap-ng[static-libs(+)] ) |
180 |
+ curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) |
181 |
+ fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) |
182 |
+ glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) |
183 |
+ gnutls? ( |
184 |
+ dev-libs/nettle:=[static-libs(+)] |
185 |
+ >=net-libs/gnutls-3.0:=[static-libs(+)] |
186 |
+ ) |
187 |
+ gtk? ( |
188 |
+ gtk2? ( |
189 |
+ x11-libs/gtk+:2 |
190 |
+ vte? ( x11-libs/vte:0 ) |
191 |
+ ) |
192 |
+ !gtk2? ( |
193 |
+ x11-libs/gtk+:3 |
194 |
+ vte? ( x11-libs/vte:2.90 ) |
195 |
+ ) |
196 |
+ ) |
197 |
+ infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) |
198 |
+ iscsi? ( net-libs/libiscsi ) |
199 |
+ jpeg? ( virtual/jpeg:0=[static-libs(+)] ) |
200 |
+ lzo? ( dev-libs/lzo:2[static-libs(+)] ) |
201 |
+ ncurses? ( sys-libs/ncurses:0=[static-libs(+)] ) |
202 |
+ nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) |
203 |
+ numa? ( sys-process/numactl[static-libs(+)] ) |
204 |
+ opengl? ( |
205 |
+ virtual/opengl |
206 |
+ media-libs/libepoxy[static-libs(+)] |
207 |
+ media-libs/mesa[static-libs(+)] |
208 |
+ media-libs/mesa[egl,gles2,gbm] |
209 |
+ ) |
210 |
+ png? ( media-libs/libpng:0=[static-libs(+)] ) |
211 |
+ pulseaudio? ( media-sound/pulseaudio ) |
212 |
+ rbd? ( sys-cluster/ceph[static-libs(+)] ) |
213 |
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) |
214 |
+ sdl? ( |
215 |
+ !sdl2? ( |
216 |
+ media-libs/libsdl[X] |
217 |
+ >=media-libs/libsdl-1.2.11[static-libs(+)] |
218 |
+ ) |
219 |
+ sdl2? ( |
220 |
+ media-libs/libsdl2[X] |
221 |
+ media-libs/libsdl2[static-libs(+)] |
222 |
+ ) |
223 |
+ ) |
224 |
+ seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
225 |
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
226 |
+ snappy? ( app-arch/snappy[static-libs(+)] ) |
227 |
+ spice? ( |
228 |
+ >=app-emulation/spice-protocol-0.12.3 |
229 |
+ >=app-emulation/spice-0.12.0[static-libs(+)] |
230 |
+ ) |
231 |
+ ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) |
232 |
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) |
233 |
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) |
234 |
+ uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) |
235 |
+ vde? ( net-misc/vde[static-libs(+)] ) |
236 |
+ virgl? ( media-libs/virglrenderer[static-libs(+)] ) |
237 |
+ virtfs? ( sys-libs/libcap ) |
238 |
+ xfs? ( sys-fs/xfsprogs[static-libs(+)] )" |
239 |
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" |
240 |
+X86_FIRMWARE_DEPEND=" |
241 |
+ >=sys-firmware/ipxe-1.0.0_p20130624 |
242 |
+ pin-upstream-blobs? ( |
243 |
+ ~sys-firmware/seabios-1.8.2 |
244 |
+ ~sys-firmware/sgabios-0.1_pre8 |
245 |
+ ~sys-firmware/vgabios-0.7a |
246 |
+ ) |
247 |
+ !pin-upstream-blobs? ( |
248 |
+ sys-firmware/seabios |
249 |
+ sys-firmware/sgabios |
250 |
+ sys-firmware/vgabios |
251 |
+ )" |
252 |
+CDEPEND=" |
253 |
+ !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) |
254 |
+ !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) |
255 |
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) |
256 |
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) |
257 |
+ python? ( ${PYTHON_DEPS} ) |
258 |
+ systemtap? ( dev-util/systemtap ) |
259 |
+ xen? ( app-emulation/xen-tools:= )" |
260 |
+DEPEND="${CDEPEND} |
261 |
+ dev-lang/perl |
262 |
+ =dev-lang/python-2* |
263 |
+ sys-apps/texinfo |
264 |
+ virtual/pkgconfig |
265 |
+ kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) |
266 |
+ gtk? ( nls? ( sys-devel/gettext ) ) |
267 |
+ static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) |
268 |
+ static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) |
269 |
+ test? ( |
270 |
+ dev-libs/glib[utils] |
271 |
+ sys-devel/bc |
272 |
+ )" |
273 |
+RDEPEND="${CDEPEND} |
274 |
+ selinux? ( sec-policy/selinux-qemu ) |
275 |
+" |
276 |
+ |
277 |
+STRIP_MASK="/usr/share/qemu/palcode-clipper" |
278 |
+ |
279 |
+QA_PREBUILT=" |
280 |
+ usr/share/qemu/openbios-ppc |
281 |
+ usr/share/qemu/openbios-sparc64 |
282 |
+ usr/share/qemu/openbios-sparc32 |
283 |
+ usr/share/qemu/palcode-clipper |
284 |
+ usr/share/qemu/s390-ccw.img |
285 |
+ usr/share/qemu/u-boot.e500 |
286 |
+" |
287 |
+ |
288 |
+QA_WX_LOAD="usr/bin/qemu-i386 |
289 |
+ usr/bin/qemu-x86_64 |
290 |
+ usr/bin/qemu-alpha |
291 |
+ usr/bin/qemu-arm |
292 |
+ usr/bin/qemu-cris |
293 |
+ usr/bin/qemu-m68k |
294 |
+ usr/bin/qemu-microblaze |
295 |
+ usr/bin/qemu-microblazeel |
296 |
+ usr/bin/qemu-mips |
297 |
+ usr/bin/qemu-mipsel |
298 |
+ usr/bin/qemu-or32 |
299 |
+ usr/bin/qemu-ppc |
300 |
+ usr/bin/qemu-ppc64 |
301 |
+ usr/bin/qemu-ppc64abi32 |
302 |
+ usr/bin/qemu-sh4 |
303 |
+ usr/bin/qemu-sh4eb |
304 |
+ usr/bin/qemu-sparc |
305 |
+ usr/bin/qemu-sparc64 |
306 |
+ usr/bin/qemu-armeb |
307 |
+ usr/bin/qemu-sparc32plus |
308 |
+ usr/bin/qemu-s390x |
309 |
+ usr/bin/qemu-unicore32" |
310 |
+ |
311 |
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure |
312 |
+you have the kernel module loaded before running kvm. The easiest way to |
313 |
+ensure that the kernel module is loaded is to load it on boot.\n |
314 |
+For AMD CPUs the module is called 'kvm-amd'.\n |
315 |
+For Intel CPUs the module is called 'kvm-intel'.\n |
316 |
+Please review /etc/conf.d/modules for how to load these.\n\n |
317 |
+Make sure your user is in the 'kvm' group\n |
318 |
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n |
319 |
+For brand new installs, the default permissions on /dev/kvm might not let you |
320 |
+access it. You can tell udev to reset ownership/perms:\n |
321 |
+udevadm trigger -c add /dev/kvm" |
322 |
+ |
323 |
+qemu_support_kvm() { |
324 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ |
325 |
+ use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \ |
326 |
+ use qemu_softmmu_targets_s390x; then |
327 |
+ return 0 |
328 |
+ fi |
329 |
+ |
330 |
+ return 1 |
331 |
+} |
332 |
+ |
333 |
+pkg_pretend() { |
334 |
+ if use kernel_linux && kernel_is lt 2 6 25; then |
335 |
+ eerror "This version of KVM requres a host kernel of 2.6.25 or higher." |
336 |
+ elif use kernel_linux; then |
337 |
+ if ! linux_config_exists; then |
338 |
+ eerror "Unable to check your kernel for KVM support" |
339 |
+ else |
340 |
+ CONFIG_CHECK="~KVM ~TUN ~BRIDGE" |
341 |
+ ERROR_KVM="You must enable KVM in your kernel to continue" |
342 |
+ ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" |
343 |
+ ERROR_KVM_AMD+=" your kernel configuration." |
344 |
+ ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" |
345 |
+ ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." |
346 |
+ ERROR_TUN="You will need the Universal TUN/TAP driver compiled" |
347 |
+ ERROR_TUN+=" into your kernel or loaded as a module to use the" |
348 |
+ ERROR_TUN+=" virtual network device if using -net tap." |
349 |
+ ERROR_BRIDGE="You will also need support for 802.1d" |
350 |
+ ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." |
351 |
+ use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" |
352 |
+ ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" |
353 |
+ ERROR_VHOST_NET+=" support" |
354 |
+ |
355 |
+ if use amd64 || use x86 || use amd64-linux || use x86-linux; then |
356 |
+ CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" |
357 |
+ fi |
358 |
+ |
359 |
+ use python && CONFIG_CHECK+=" ~DEBUG_FS" |
360 |
+ ERROR_DEBUG_FS="debugFS support required for kvm_stat" |
361 |
+ |
362 |
+ # Now do the actual checks setup above |
363 |
+ check_extra_config |
364 |
+ fi |
365 |
+ fi |
366 |
+ |
367 |
+ if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then |
368 |
+ eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" |
369 |
+ eerror "instances are still pointing to it. Please update your" |
370 |
+ eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" |
371 |
+ eerror "and the right system binary (e.g. qemu-system-x86_64)." |
372 |
+ die "update your virt configs to not use qemu-kvm" |
373 |
+ fi |
374 |
+} |
375 |
+ |
376 |
+pkg_setup() { |
377 |
+ enewgroup kvm 78 |
378 |
+} |
379 |
+ |
380 |
+# Sanity check to make sure target lists are kept up-to-date. |
381 |
+check_targets() { |
382 |
+ local var=$1 mak=$2 |
383 |
+ local detected sorted |
384 |
+ |
385 |
+ pushd "${S}"/default-configs >/dev/null || die |
386 |
+ |
387 |
+ # Force C locale until glibc is updated. #564936 |
388 |
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) |
389 |
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) |
390 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
391 |
+ eerror "The ebuild needs to be kept in sync." |
392 |
+ eerror "${var}: ${sorted}" |
393 |
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}" |
394 |
+ die "sync ${var} to the list of targets" |
395 |
+ fi |
396 |
+ |
397 |
+ popd >/dev/null |
398 |
+} |
399 |
+ |
400 |
+handle_locales() { |
401 |
+ # Make sure locale list is kept up-to-date. |
402 |
+ local detected sorted |
403 |
+ detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) |
404 |
+ sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) |
405 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
406 |
+ eerror "The ebuild needs to be kept in sync." |
407 |
+ eerror "PLOCALES: ${sorted}" |
408 |
+ eerror " po/*.po: ${detected}" |
409 |
+ die "sync PLOCALES" |
410 |
+ fi |
411 |
+ |
412 |
+ # Deal with selective install of locales. |
413 |
+ if use nls ; then |
414 |
+ # Delete locales the user does not want. #577814 |
415 |
+ rm_loc() { rm po/$1.po || die; } |
416 |
+ l10n_for_each_disabled_locale_do rm_loc |
417 |
+ else |
418 |
+ # Cheap hack to disable gettext .mo generation. |
419 |
+ rm -f po/*.po |
420 |
+ fi |
421 |
+} |
422 |
+ |
423 |
+src_prepare() { |
424 |
+ check_targets IUSE_SOFTMMU_TARGETS softmmu |
425 |
+ check_targets IUSE_USER_TARGETS linux-user |
426 |
+ |
427 |
+ # Alter target makefiles to accept CFLAGS set via flag-o |
428 |
+ sed -i -r \ |
429 |
+ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ |
430 |
+ Makefile Makefile.target || die |
431 |
+ |
432 |
+ epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch |
433 |
+ epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
434 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242 |
435 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034 |
436 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036 |
437 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038 |
438 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038 |
439 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284 |
440 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950 |
441 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956 |
442 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520 |
443 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368 |
444 |
+ |
445 |
+ # Fix ld and objcopy being called directly |
446 |
+ tc-export AR LD OBJCOPY |
447 |
+ |
448 |
+ # Verbose builds |
449 |
+ MAKEOPTS+=" V=1" |
450 |
+ |
451 |
+ epatch_user |
452 |
+ |
453 |
+ # Run after we've applied all patches. |
454 |
+ handle_locales |
455 |
+} |
456 |
+ |
457 |
+## |
458 |
+# configures qemu based on the build directory and the build type |
459 |
+# we are using. |
460 |
+# |
461 |
+qemu_src_configure() { |
462 |
+ debug-print-function ${FUNCNAME} "$@" |
463 |
+ |
464 |
+ local buildtype=$1 |
465 |
+ local builddir="${S}/${buildtype}-build" |
466 |
+ local static_flag="static-${buildtype}" |
467 |
+ |
468 |
+ mkdir "${builddir}" |
469 |
+ |
470 |
+ local conf_opts=( |
471 |
+ --prefix=/usr |
472 |
+ --sysconfdir=/etc |
473 |
+ --libdir=/usr/$(get_libdir) |
474 |
+ --docdir=/usr/share/doc/${PF}/html |
475 |
+ --disable-bsd-user |
476 |
+ --disable-guest-agent |
477 |
+ --disable-strip |
478 |
+ --disable-werror |
479 |
+ # We support gnutls/nettle for crypto operations. It is possible |
480 |
+ # to use gcrypt when gnutls/nettle are disabled (but not when they |
481 |
+ # are enabled), but it's not really worth the hassle. Disable it |
482 |
+ # all the time to avoid automatically detecting it. #568856 |
483 |
+ --disable-gcrypt |
484 |
+ --python="${PYTHON}" |
485 |
+ --cc="$(tc-getCC)" |
486 |
+ --cxx="$(tc-getCXX)" |
487 |
+ --host-cc="$(tc-getBUILD_CC)" |
488 |
+ $(use_enable debug debug-info) |
489 |
+ $(use_enable debug debug-tcg) |
490 |
+ --enable-docs |
491 |
+ $(use_enable tci tcg-interpreter) |
492 |
+ $(use_enable xattr attr) |
493 |
+ ) |
494 |
+ |
495 |
+ # Disable options not used by user targets as the default configure |
496 |
+ # options will autoprobe and try to link in a bunch of unused junk. |
497 |
+ conf_softmmu() { |
498 |
+ if [[ ${buildtype} == "user" ]] ; then |
499 |
+ echo "--disable-${2:-$1}" |
500 |
+ else |
501 |
+ use_enable "$@" |
502 |
+ fi |
503 |
+ } |
504 |
+ conf_opts+=( |
505 |
+ $(conf_softmmu accessibility brlapi) |
506 |
+ $(conf_softmmu aio linux-aio) |
507 |
+ $(conf_softmmu bzip2) |
508 |
+ $(conf_softmmu bluetooth bluez) |
509 |
+ $(conf_softmmu caps cap-ng) |
510 |
+ $(conf_softmmu curl) |
511 |
+ $(conf_softmmu fdt) |
512 |
+ $(conf_softmmu glusterfs) |
513 |
+ $(conf_softmmu gnutls) |
514 |
+ $(conf_softmmu gnutls nettle) |
515 |
+ $(conf_softmmu gtk) |
516 |
+ $(conf_softmmu infiniband rdma) |
517 |
+ $(conf_softmmu iscsi libiscsi) |
518 |
+ $(conf_softmmu jpeg vnc-jpeg) |
519 |
+ $(conf_softmmu kernel_linux kvm) |
520 |
+ $(conf_softmmu lzo) |
521 |
+ $(conf_softmmu ncurses curses) |
522 |
+ $(conf_softmmu nfs libnfs) |
523 |
+ $(conf_softmmu numa) |
524 |
+ $(conf_softmmu opengl) |
525 |
+ $(conf_softmmu png vnc-png) |
526 |
+ $(conf_softmmu rbd) |
527 |
+ $(conf_softmmu sasl vnc-sasl) |
528 |
+ $(conf_softmmu sdl) |
529 |
+ $(conf_softmmu seccomp) |
530 |
+ $(conf_softmmu smartcard) |
531 |
+ $(conf_softmmu snappy) |
532 |
+ $(conf_softmmu spice) |
533 |
+ $(conf_softmmu ssh libssh2) |
534 |
+ $(conf_softmmu usb libusb) |
535 |
+ $(conf_softmmu usbredir usb-redir) |
536 |
+ $(conf_softmmu uuid) |
537 |
+ $(conf_softmmu vde) |
538 |
+ $(conf_softmmu vhost-net) |
539 |
+ $(conf_softmmu virgl virglrenderer) |
540 |
+ $(conf_softmmu virtfs) |
541 |
+ $(conf_softmmu vnc) |
542 |
+ $(conf_softmmu vte) |
543 |
+ $(conf_softmmu xen) |
544 |
+ $(conf_softmmu xen xen-pci-passthrough) |
545 |
+ $(conf_softmmu xfs xfsctl) |
546 |
+ ) |
547 |
+ |
548 |
+ case ${buildtype} in |
549 |
+ user) |
550 |
+ conf_opts+=( |
551 |
+ --enable-linux-user |
552 |
+ --disable-system |
553 |
+ --disable-blobs |
554 |
+ --disable-tools |
555 |
+ ) |
556 |
+ ;; |
557 |
+ softmmu) |
558 |
+ # audio options |
559 |
+ local audio_opts="oss" |
560 |
+ use alsa && audio_opts="alsa,${audio_opts}" |
561 |
+ use sdl && audio_opts="sdl,${audio_opts}" |
562 |
+ use pulseaudio && audio_opts="pa,${audio_opts}" |
563 |
+ |
564 |
+ conf_opts+=( |
565 |
+ --disable-linux-user |
566 |
+ --enable-system |
567 |
+ --with-system-pixman |
568 |
+ --audio-drv-list="${audio_opts}" |
569 |
+ ) |
570 |
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) |
571 |
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) |
572 |
+ ;; |
573 |
+ tools) |
574 |
+ conf_opts+=( |
575 |
+ --disable-linux-user |
576 |
+ --disable-system |
577 |
+ --disable-blobs |
578 |
+ $(use_enable bzip2) |
579 |
+ ) |
580 |
+ static_flag="static" |
581 |
+ ;; |
582 |
+ esac |
583 |
+ |
584 |
+ local targets="${buildtype}_targets" |
585 |
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) |
586 |
+ |
587 |
+ # Add support for SystemTAP |
588 |
+ use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) |
589 |
+ |
590 |
+ # We always want to attempt to build with PIE support as it results |
591 |
+ # in a more secure binary. But it doesn't work with static or if |
592 |
+ # the current GCC doesn't have PIE support. |
593 |
+ if use ${static_flag}; then |
594 |
+ conf_opts+=( --static --disable-pie ) |
595 |
+ else |
596 |
+ gcc-specs-pie && conf_opts+=( --enable-pie ) |
597 |
+ fi |
598 |
+ |
599 |
+ echo "../configure ${conf_opts[*]}" |
600 |
+ cd "${builddir}" |
601 |
+ ../configure "${conf_opts[@]}" || die "configure failed" |
602 |
+ |
603 |
+ # FreeBSD's kernel does not support QEMU assigning/grabbing |
604 |
+ # host USB devices yet |
605 |
+ use kernel_FreeBSD && \ |
606 |
+ sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak |
607 |
+} |
608 |
+ |
609 |
+src_configure() { |
610 |
+ local target |
611 |
+ |
612 |
+ python_setup |
613 |
+ |
614 |
+ softmmu_targets= softmmu_bins=() |
615 |
+ user_targets= user_bins=() |
616 |
+ |
617 |
+ for target in ${IUSE_SOFTMMU_TARGETS} ; do |
618 |
+ if use "qemu_softmmu_targets_${target}"; then |
619 |
+ softmmu_targets+=",${target}-softmmu" |
620 |
+ softmmu_bins+=( "qemu-system-${target}" ) |
621 |
+ fi |
622 |
+ done |
623 |
+ |
624 |
+ for target in ${IUSE_USER_TARGETS} ; do |
625 |
+ if use "qemu_user_targets_${target}"; then |
626 |
+ user_targets+=",${target}-linux-user" |
627 |
+ user_bins+=( "qemu-${target}" ) |
628 |
+ fi |
629 |
+ done |
630 |
+ |
631 |
+ softmmu_targets=${softmmu_targets#,} |
632 |
+ user_targets=${user_targets#,} |
633 |
+ |
634 |
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" |
635 |
+ [[ -n ${user_targets} ]] && qemu_src_configure "user" |
636 |
+ [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools" |
637 |
+} |
638 |
+ |
639 |
+src_compile() { |
640 |
+ if [[ -n ${user_targets} ]]; then |
641 |
+ cd "${S}/user-build" |
642 |
+ default |
643 |
+ fi |
644 |
+ |
645 |
+ if [[ -n ${softmmu_targets} ]]; then |
646 |
+ cd "${S}/softmmu-build" |
647 |
+ default |
648 |
+ fi |
649 |
+ |
650 |
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then |
651 |
+ cd "${S}/tools-build" |
652 |
+ default |
653 |
+ fi |
654 |
+} |
655 |
+ |
656 |
+src_test() { |
657 |
+ if [[ -n ${softmmu_targets} ]]; then |
658 |
+ cd "${S}/softmmu-build" |
659 |
+ pax-mark m */qemu-system-* #515550 |
660 |
+ emake -j1 check |
661 |
+ emake -j1 check-report.html |
662 |
+ fi |
663 |
+} |
664 |
+ |
665 |
+qemu_python_install() { |
666 |
+ python_domodule "${S}/scripts/qmp/qmp.py" |
667 |
+ |
668 |
+ python_doscript "${S}/scripts/kvm/vmxcap" |
669 |
+ python_doscript "${S}/scripts/qmp/qmp-shell" |
670 |
+ python_doscript "${S}/scripts/qmp/qemu-ga-client" |
671 |
+} |
672 |
+ |
673 |
+src_install() { |
674 |
+ if [[ -n ${user_targets} ]]; then |
675 |
+ cd "${S}/user-build" |
676 |
+ emake DESTDIR="${ED}" install |
677 |
+ |
678 |
+ # Install binfmt handler init script for user targets |
679 |
+ newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt |
680 |
+ fi |
681 |
+ |
682 |
+ if [[ -n ${softmmu_targets} ]]; then |
683 |
+ cd "${S}/softmmu-build" |
684 |
+ emake DESTDIR="${ED}" install |
685 |
+ |
686 |
+ # This might not exist if the test failed. #512010 |
687 |
+ [[ -e check-report.html ]] && dohtml check-report.html |
688 |
+ |
689 |
+ if use kernel_linux; then |
690 |
+ udev_dorules "${FILESDIR}"/65-kvm.rules |
691 |
+ fi |
692 |
+ |
693 |
+ if use python; then |
694 |
+ python_foreach_impl qemu_python_install |
695 |
+ fi |
696 |
+ fi |
697 |
+ |
698 |
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then |
699 |
+ cd "${S}/tools-build" |
700 |
+ emake DESTDIR="${ED}" install |
701 |
+ fi |
702 |
+ |
703 |
+ # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 |
704 |
+ pushd "${ED}"/usr/bin >/dev/null |
705 |
+ pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" |
706 |
+ popd >/dev/null |
707 |
+ |
708 |
+ # Install config file example for qemu-bridge-helper |
709 |
+ insinto "/etc/qemu" |
710 |
+ doins "${FILESDIR}/bridge.conf" |
711 |
+ |
712 |
+ # Remove the docdir placed qmp-commands.txt |
713 |
+ mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die |
714 |
+ |
715 |
+ cd "${S}" |
716 |
+ dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt |
717 |
+ newdoc pc-bios/README README.pc-bios |
718 |
+ dodoc docs/qmp-*.txt |
719 |
+ |
720 |
+ if [[ -n ${softmmu_targets} ]]; then |
721 |
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one |
722 |
+ rm "${ED}/usr/share/qemu/bios.bin" |
723 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
724 |
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
725 |
+ fi |
726 |
+ |
727 |
+ # Remove vgabios since we're using the vgabios packaged one |
728 |
+ rm "${ED}/usr/share/qemu/vgabios.bin" |
729 |
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" |
730 |
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin" |
731 |
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" |
732 |
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin" |
733 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
734 |
+ dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin |
735 |
+ dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin |
736 |
+ dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin |
737 |
+ dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin |
738 |
+ dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin |
739 |
+ fi |
740 |
+ |
741 |
+ # Remove sgabios since we're using the sgabios packaged one |
742 |
+ rm "${ED}/usr/share/qemu/sgabios.bin" |
743 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
744 |
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin |
745 |
+ fi |
746 |
+ |
747 |
+ # Remove iPXE since we're using the iPXE packaged one |
748 |
+ rm "${ED}"/usr/share/qemu/pxe-*.rom |
749 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
750 |
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom |
751 |
+ dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom |
752 |
+ dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom |
753 |
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom |
754 |
+ dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom |
755 |
+ dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom |
756 |
+ fi |
757 |
+ fi |
758 |
+ |
759 |
+ qemu_support_kvm && readme.gentoo_create_doc |
760 |
+} |
761 |
+ |
762 |
+pkg_postinst() { |
763 |
+ if qemu_support_kvm; then |
764 |
+ readme.gentoo_print_elog |
765 |
+ fi |
766 |
+ |
767 |
+ if [[ -n ${softmmu_targets} ]] && use kernel_linux; then |
768 |
+ udev_reload |
769 |
+ fi |
770 |
+ |
771 |
+ fcaps cap_net_admin /usr/libexec/qemu-bridge-helper |
772 |
+} |
773 |
+ |
774 |
+pkg_info() { |
775 |
+ echo "Using:" |
776 |
+ echo " $(best_version app-emulation/spice-protocol)" |
777 |
+ echo " $(best_version sys-firmware/ipxe)" |
778 |
+ echo " $(best_version sys-firmware/seabios)" |
779 |
+ if has_version 'sys-firmware/seabios[binary]'; then |
780 |
+ echo " USE=binary" |
781 |
+ else |
782 |
+ echo " USE=''" |
783 |
+ fi |
784 |
+ echo " $(best_version sys-firmware/vgabios)" |
785 |
+} |