Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Aric Belsito <lluixhi@×××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Wed, 26 Jul 2017 19:11:43
Message-Id: 1501096269.733898218545d7f941e865f69a628b9792ca25ff.lluixhi@gentoo
1 commit: 733898218545d7f941e865f69a628b9792ca25ff
2 Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
3 AuthorDate: Wed Jul 26 19:10:10 2017 +0000
4 Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
5 CommitDate: Wed Jul 26 19:11:09 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=73389821
7
8 app-emulation/qemu: version bump to 2.9.0-r56
9
10 Remove qemu-2.8.1-r2
11
12 app-emulation/qemu/Manifest | 34 +-
13 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch | 32 -
14 .../qemu/files/qemu-2.8.0-CVE-2016-10028.patch | 40 --
15 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch | 46 --
16 .../qemu/files/qemu-2.8.0-CVE-2016-9908.patch | 35 -
17 .../qemu/files/qemu-2.8.0-CVE-2016-9912.patch | 38 -
18 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch | 52 --
19 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch | 55 --
20 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch | 41 --
21 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch | 35 -
22 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch | 40 --
23 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch | 64 --
24 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch | 38 -
25 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch | 35 -
26 .../qemu/files/qemu-2.8.0-CVE-2017-5973.patch | 87 ---
27 .../qemu/files/qemu-2.8.0-CVE-2017-5987.patch | 50 --
28 .../qemu/files/qemu-2.8.0-CVE-2017-6505.patch | 52 --
29 .../qemu/files/qemu-2.8.0-CVE-2017-7377.patch | 49 --
30 .../qemu/files/qemu-2.8.1-CVE-2017-7471.patch | 64 --
31 .../qemu/files/qemu-2.8.1-CVE-2017-8086.patch | 28 -
32 .../qemu/files/qemu-2.9.0-CVE-2017-10664.patch | 47 ++
33 .../qemu/files/qemu-2.9.0-CVE-2017-10806.patch | 50 ++
34 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 ++
35 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 +
36 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch | 601 ++++++++++++++++
37 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ++++
38 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++
39 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 +++
40 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 ++++++
41 app-emulation/qemu/qemu-2.8.1-r2.ebuild | 770 ---------------------
42 app-emulation/qemu/qemu-2.9.0-r2.ebuild | 4 +-
43 ...qemu-2.9.0-r54.ebuild => qemu-2.9.0-r56.ebuild} | 23 +-
44 32 files changed, 1309 insertions(+), 1683 deletions(-)
45
46 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
47 index c719930..5fe223b 100644
48 --- a/app-emulation/qemu/Manifest
49 +++ b/app-emulation/qemu/Manifest
50 @@ -4,36 +4,24 @@ AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SH
51 AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f
52 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
53 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
54 -AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be
55 -AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
56 -AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
57 -AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
58 -AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
59 -AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
60 -AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
61 -AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
62 -AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
63 -AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
64 -AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
65 -AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
66 -AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
67 -AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
68 -AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
69 -AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
70 -AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
71 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
72 -AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
73 -AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
74 +AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072
75 +AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
76 +AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
77 +AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
78 AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
79 +AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc
80 AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
81 AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
82 AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
83 AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
84 +AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8
85 +AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d
86 +AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374
87 +AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
88 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
89 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
90 -DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
91 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
92 -EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f
93 -EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 f722fa40663602c90dc07139580a3bcc5bcae60ce1a3808f2f38adc2d13211b1 SHA512 51822cc9753b27e6fed97bdd1e4845cbcfb0c8a4a9f55256820127994a1b3beda96765b83a8c578637a968b261f1bf6ef4c1d6ae09491e9f5f9d94af5cdb5ce4 WHIRLPOOL 20f5b6786e60eae4260df3bcdfb9f94d128abc03f9458cf3e42ddf5bb1b0749ea26bc18ba58c47c4d131cb5ab02898f7097dd85c3d9d19ac6bc49062d9d8a57b
94 -EBUILD qemu-2.9.0-r54.ebuild 23455 SHA256 cf27b44542770cf10be0bd69481e13ccdef4d512d4d02f2388eaf441b1b2b9b8 SHA512 e1344e489cb298807c992f257954e28c0c2d24a517bdd907bc60ebf2380cebc26861161e2a5deba8c95da5af700de198951696061ea916ea9c6f1037264e89dc WHIRLPOOL 3b764803988879ef45a1b28f016d0ac732d8aa18c1fab92e52e18677fea7d3777967281c075dcdc3daa7da083c66c423d7d30ffe2d876811a776bcc5e2de63da
95 +EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa
96 +EBUILD qemu-2.9.0-r56.ebuild 24010 SHA256 4185ac27c271ca09d383907cf914c020ba5f9614d5c3901d12e82d4069e0090f SHA512 fab143169a3c25fcf7b2532ec10c651c8b1c1875ea8cb0daa4ae29e153c9609ebc75184df1584944eadb541db76e931ff121866dcde58f3e25e29ad9eadc0a24 WHIRLPOOL 44d3f1fc2f01e61287508580beeacc9c1e1c709b6d19347f69a33ea3202ad7e8dd035d3df948dec11b3a62564a23a41a5c5a1e6faa1e2bde5f31d0ec9c02eb9b
97 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb
98
99 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
100 deleted file mode 100644
101 index cea8efc..0000000
102 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
103 +++ /dev/null
104 @@ -1,32 +0,0 @@
105 -http://bugs.gentoo.org/597108
106 -https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
107 -
108 -From: Prasad J Pandit <address@hidden>
109 -
110 -The JAZZ RC4030 chipset emulator has a periodic timer and
111 -associated interval reload register. The reload value is used
112 -as divider when computing timer's next tick value. If reload
113 -value is large, it could lead to divide by zero error. Limit
114 -the interval reload value to avoid it.
115 -
116 -Reported-by: Huawei PSIRT <address@hidden>
117 -Signed-off-by: Prasad J Pandit <address@hidden>
118 ----
119 - hw/dma/rc4030.c | 2 +-
120 - 1 file changed, 1 insertion(+), 1 deletion(-)
121 -
122 -diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
123 -index 2f2576f..c1b4997 100644
124 ---- a/hw/dma/rc4030.c
125 -+++ b/hw/dma/rc4030.c
126 -@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
127 - break;
128 - /* Interval timer reload */
129 - case 0x0228:
130 -- s->itr = val;
131 -+ s->itr = val & 0x01FF;
132 - qemu_irq_lower(s->timer_irq);
133 - set_next_tick(s);
134 - break;
135 ---
136 -2.5.5
137
138 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
139 deleted file mode 100644
140 index 466c819..0000000
141 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
142 +++ /dev/null
143 @@ -1,40 +0,0 @@
144 -https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
145 -https://bugs.gentoo.org/603444
146 -
147 -From: P J P
148 -Subject: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
149 -Date: Wed, 14 Dec 2016 12:31:56 +0530
150 -From: Prasad J Pandit <address@hidden>
151 -
152 -Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
153 -command, retrieves the maximum capabilities size to fill in the
154 -response object. It continues to fill in capabilities even if
155 -retrieved 'max_size' is zero(0), thus resulting in OOB access.
156 -Add check to avoid it.
157 -
158 -Reported-by: Zhenhao Hong <address@hidden>
159 -Signed-off-by: Prasad J Pandit <address@hidden>
160 ----
161 - hw/display/virtio-gpu-3d.c | 6 +++++-
162 - 1 file changed, 5 insertions(+), 1 deletion(-)
163 -
164 -diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
165 -index 758d33a..6ceeba3 100644
166 ---- a/hw/display/virtio-gpu-3d.c
167 -+++ b/hw/display/virtio-gpu-3d.c
168 -@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
169 -
170 - virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
171 - &max_size);
172 -+ if (!max_size) {
173 -+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
174 -+ return;
175 -+ }
176 -+
177 - resp = g_malloc0(sizeof(*resp) + max_size);
178 --
179 - resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
180 - virgl_renderer_fill_caps(gc.capset_id,
181 - gc.capset_version,
182 ---
183 -2.9.3
184
185 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
186 deleted file mode 100644
187 index c486295..0000000
188 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
189 +++ /dev/null
190 @@ -1,46 +0,0 @@
191 -From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
192 -From: Li Qiang <liqiang6-s@×××.cn>
193 -Date: Mon, 28 Nov 2016 17:49:04 -0800
194 -Subject: [PATCH] watchdog: 6300esb: add exit function
195 -
196 -When the Intel 6300ESB watchdog is hot unplug. The timer allocated
197 -in realize isn't freed thus leaking memory leak. This patch avoid
198 -this through adding the exit function.
199 -
200 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
201 -Message-Id: <583cde9c.3223ed0a.7f0c2.886e@×××××××××.com>
202 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
203 ----
204 - hw/watchdog/wdt_i6300esb.c | 9 +++++++++
205 - 1 file changed, 9 insertions(+)
206 -
207 -diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
208 -index a83d951..49b3cd1 100644
209 ---- a/hw/watchdog/wdt_i6300esb.c
210 -+++ b/hw/watchdog/wdt_i6300esb.c
211 -@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
212 - /* qemu_register_coalesced_mmio (addr, 0x10); ? */
213 - }
214 -
215 -+static void i6300esb_exit(PCIDevice *dev)
216 -+{
217 -+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
218 -+
219 -+ timer_del(d->timer);
220 -+ timer_free(d->timer);
221 -+}
222 -+
223 - static WatchdogTimerModel model = {
224 - .wdt_name = "i6300esb",
225 - .wdt_description = "Intel 6300ESB",
226 -@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
227 - k->config_read = i6300esb_config_read;
228 - k->config_write = i6300esb_config_write;
229 - k->realize = i6300esb_realize;
230 -+ k->exit = i6300esb_exit;
231 - k->vendor_id = PCI_VENDOR_ID_INTEL;
232 - k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
233 - k->class_id = PCI_CLASS_SYSTEM_OTHER;
234 ---
235 -2.10.2
236 -
237
238 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
239 deleted file mode 100644
240 index 841de65..0000000
241 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
242 +++ /dev/null
243 @@ -1,35 +0,0 @@
244 -https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
245 -https://bugs.gentoo.org/601826
246 -
247 -From: Li Qiang
248 -Subject: [Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch
249 -Date: Tue, 1 Nov 2016 05:37:57 -0700
250 -From: Li Qiang <address@hidden>
251 -
252 -In virgl_cmd_get_capset function, it uses g_malloc to allocate
253 -a response struct to the guest. As the 'resp'struct hasn't been full
254 -initialized it will lead the 'resp->padding' field to the guest.
255 -Use g_malloc0 to avoid this.
256 -
257 -Signed-off-by: Li Qiang <address@hidden>
258 ----
259 - hw/display/virtio-gpu-3d.c | 2 +-
260 - 1 file changed, 1 insertion(+), 1 deletion(-)
261 -
262 -diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
263 -index 23f39de..d98b140 100644
264 ---- a/hw/display/virtio-gpu-3d.c
265 -+++ b/hw/display/virtio-gpu-3d.c
266 -@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
267 -
268 - virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
269 - &max_size);
270 -- resp = g_malloc(sizeof(*resp) + max_size);
271 -+ resp = g_malloc0(sizeof(*resp) + max_size);
272 -
273 - resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
274 - virgl_renderer_fill_caps(gc.capset_id,
275 ---
276 -1.8.3.1
277 -
278 -
279
280 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
281 deleted file mode 100644
282 index 55963f7..0000000
283 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
284 +++ /dev/null
285 @@ -1,38 +0,0 @@
286 -https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
287 -https://bugs.gentoo.org/602630
288 -
289 -From: Li Qiang
290 -Subject: [Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
291 -Date: Mon, 28 Nov 2016 21:29:25 -0500
292 -If the guest destroy the resource before detach banking, the 'iov'
293 -and 'addrs' field in resource is not freed thus leading memory
294 -leak issue. This patch avoid this.
295 -
296 -Signed-off-by: Li Qiang <address@hidden>
297 ----
298 - hw/display/virtio-gpu.c | 3 +++
299 - 1 file changed, 3 insertions(+)
300 -
301 -diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
302 -index 60bce94..98dadf2 100644
303 ---- a/hw/display/virtio-gpu.c
304 -+++ b/hw/display/virtio-gpu.c
305 -@@ -28,6 +28,8 @@
306 - static struct virtio_gpu_simple_resource*
307 - virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
308 -
309 -+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
310 -+
311 - #ifdef CONFIG_VIRGL
312 - #include <virglrenderer.h>
313 - #define VIRGL(_g, _virgl, _simple, ...) \
314 -@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
315 - struct virtio_gpu_simple_resource *res)
316 - {
317 - pixman_image_unref(res->image);
318 -+ virtio_gpu_cleanup_mapping(res);
319 - QTAILQ_REMOVE(&g->reslist, res, next);
320 - g_free(res);
321 - }
322 ---
323 -1.8.3.1
324
325 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
326 deleted file mode 100644
327 index 24411b4..0000000
328 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
329 +++ /dev/null
330 @@ -1,52 +0,0 @@
331 -From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
332 -From: Li Qiang <liqiang6-s@×××.cn>
333 -Date: Wed, 14 Dec 2016 18:30:21 -0800
334 -Subject: [PATCH] audio: ac97: add exit function
335 -MIME-Version: 1.0
336 -Content-Type: text/plain; charset=UTF-8
337 -Content-Transfer-Encoding: 8bit
338 -
339 -Currently the ac97 device emulation doesn't have a exit function,
340 -hot unplug this device will leak some memory. Add a exit function to
341 -avoid this.
342 -
343 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
344 -Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
345 -Message-id: 58520052.4825ed0a.27a71.6cae@×××××××××.com
346 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
347 ----
348 - hw/audio/ac97.c | 11 +++++++++++
349 - 1 file changed, 11 insertions(+)
350 -
351 -diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
352 -index cbd959e..c306575 100644
353 ---- a/hw/audio/ac97.c
354 -+++ b/hw/audio/ac97.c
355 -@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
356 - ac97_on_reset (&s->dev.qdev);
357 - }
358 -
359 -+static void ac97_exit(PCIDevice *dev)
360 -+{
361 -+ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
362 -+
363 -+ AUD_close_in(&s->card, s->voice_pi);
364 -+ AUD_close_out(&s->card, s->voice_po);
365 -+ AUD_close_in(&s->card, s->voice_mc);
366 -+ AUD_remove_card(&s->card);
367 -+}
368 -+
369 - static int ac97_init (PCIBus *bus)
370 - {
371 - pci_create_simple (bus, -1, "AC97");
372 -@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
373 - PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
374 -
375 - k->realize = ac97_realize;
376 -+ k->exit = ac97_exit;
377 - k->vendor_id = PCI_VENDOR_ID_INTEL;
378 - k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
379 - k->revision = 0x01;
380 ---
381 -2.10.2
382 -
383
384 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
385 deleted file mode 100644
386 index 6bbac58..0000000
387 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
388 +++ /dev/null
389 @@ -1,55 +0,0 @@
390 -From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
391 -From: Li Qiang <liqiang6-s@×××.cn>
392 -Date: Wed, 14 Dec 2016 18:32:22 -0800
393 -Subject: [PATCH] audio: es1370: add exit function
394 -MIME-Version: 1.0
395 -Content-Type: text/plain; charset=UTF-8
396 -Content-Transfer-Encoding: 8bit
397 -
398 -Currently the es1370 device emulation doesn't have a exit function,
399 -hot unplug this device will leak some memory. Add a exit function to
400 -avoid this.
401 -
402 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
403 -Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
404 -Message-id: 585200c9.a968ca0a.1ab80.4c98@×××××××××.com
405 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
406 ----
407 - hw/audio/es1370.c | 14 ++++++++++++++
408 - 1 file changed, 14 insertions(+)
409 -
410 -diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
411 -index 8449b5f..883ec69 100644
412 ---- a/hw/audio/es1370.c
413 -+++ b/hw/audio/es1370.c
414 -@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
415 - es1370_reset (s);
416 - }
417 -
418 -+static void es1370_exit(PCIDevice *dev)
419 -+{
420 -+ ES1370State *s = ES1370(dev);
421 -+ int i;
422 -+
423 -+ for (i = 0; i < 2; ++i) {
424 -+ AUD_close_out(&s->card, s->dac_voice[i]);
425 -+ }
426 -+
427 -+ AUD_close_in(&s->card, s->adc_voice);
428 -+ AUD_remove_card(&s->card);
429 -+}
430 -+
431 - static int es1370_init (PCIBus *bus)
432 - {
433 - pci_create_simple (bus, -1, TYPE_ES1370);
434 -@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
435 - PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
436 -
437 - k->realize = es1370_realize;
438 -+ k->exit = es1370_exit;
439 - k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
440 - k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
441 - k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
442 ---
443 -2.10.2
444 -
445
446 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
447 deleted file mode 100644
448 index 9475f3f..0000000
449 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
450 +++ /dev/null
451 @@ -1,41 +0,0 @@
452 -From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
453 -From: Li Qiang <liq3ea@×××××.com>
454 -Date: Thu, 29 Dec 2016 03:11:26 -0500
455 -Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
456 -MIME-Version: 1.0
457 -Content-Type: text/plain; charset=UTF-8
458 -Content-Transfer-Encoding: 8bit
459 -
460 -If the virgl_renderer_resource_attach_iov function fails the
461 -'res_iovs' will be leaked. Add check of the return value to
462 -free the 'res_iovs' when failing.
463 -
464 -Signed-off-by: Li Qiang <liq3ea@×××××.com>
465 -Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
466 -Message-id: 1482999086-59795-1-git-send-email-liq3ea@×××××.com
467 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
468 ----
469 - hw/display/virtio-gpu-3d.c | 7 +++++--
470 - 1 file changed, 5 insertions(+), 2 deletions(-)
471 -
472 -diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
473 -index e29f099..b13ced3 100644
474 ---- a/hw/display/virtio-gpu-3d.c
475 -+++ b/hw/display/virtio-gpu-3d.c
476 -@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
477 - return;
478 - }
479 -
480 -- virgl_renderer_resource_attach_iov(att_rb.resource_id,
481 -- res_iovs, att_rb.nr_entries);
482 -+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
483 -+ res_iovs, att_rb.nr_entries);
484 -+
485 -+ if (ret != 0)
486 -+ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
487 - }
488 -
489 - static void virgl_resource_detach_backing(VirtIOGPU *g,
490 ---
491 -2.10.2
492 -
493
494 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
495 deleted file mode 100644
496 index f93d1e7..0000000
497 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
498 +++ /dev/null
499 @@ -1,35 +0,0 @@
500 -From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
501 -From: Li Qiang <liq3ea@×××××.com>
502 -Date: Thu, 29 Dec 2016 04:28:41 -0500
503 -Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
504 -
505 -In the resource attach backing function, everytime it will
506 -allocate 'res->iov' thus can leading a memory leak. This
507 -patch avoid this.
508 -
509 -Signed-off-by: Li Qiang <liq3ea@×××××.com>
510 -Message-id: 1483003721-65360-1-git-send-email-liq3ea@×××××.com
511 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
512 ----
513 - hw/display/virtio-gpu.c | 5 +++++
514 - 1 file changed, 5 insertions(+)
515 -
516 -diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
517 -index 6a26258..ca88cf4 100644
518 ---- a/hw/display/virtio-gpu.c
519 -+++ b/hw/display/virtio-gpu.c
520 -@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
521 - return;
522 - }
523 -
524 -+ if (res->iov) {
525 -+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
526 -+ return;
527 -+ }
528 -+
529 - ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
530 - if (ret != 0) {
531 - cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
532 ---
533 -2.10.2
534 -
535
536 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
537 deleted file mode 100644
538 index e4572a8..0000000
539 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
540 +++ /dev/null
541 @@ -1,40 +0,0 @@
542 -From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
543 -From: Li Qiang <liqiang6-s@×××.cn>
544 -Date: Wed, 4 Jan 2017 00:43:16 -0800
545 -Subject: [PATCH] serial: fix memory leak in serial exit
546 -
547 -The serial_exit_core function doesn't free some resources.
548 -This can lead memory leak when hotplug and unplug. This
549 -patch avoid this.
550 -
551 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
552 -Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@×××××××××.com>
553 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
554 ----
555 - hw/char/serial.c | 10 ++++++++++
556 - 1 file changed, 10 insertions(+)
557 -
558 -diff --git a/hw/char/serial.c b/hw/char/serial.c
559 -index ffbacd8..67b18ed 100644
560 ---- a/hw/char/serial.c
561 -+++ b/hw/char/serial.c
562 -@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
563 - void serial_exit_core(SerialState *s)
564 - {
565 - qemu_chr_fe_deinit(&s->chr);
566 -+
567 -+ timer_del(s->modem_status_poll);
568 -+ timer_free(s->modem_status_poll);
569 -+
570 -+ timer_del(s->fifo_timeout_timer);
571 -+ timer_free(s->fifo_timeout_timer);
572 -+
573 -+ fifo8_destroy(&s->recv_fifo);
574 -+ fifo8_destroy(&s->xmit_fifo);
575 -+
576 - qemu_unregister_reset(serial_reset, s);
577 - }
578 -
579 ---
580 -2.10.2
581 -
582
583 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
584 deleted file mode 100644
585 index 2ebd49f..0000000
586 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
587 +++ /dev/null
588 @@ -1,64 +0,0 @@
589 -From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
590 -From: Paolo Bonzini <pbonzini@××××××.com>
591 -Date: Mon, 2 Jan 2017 11:03:33 +0100
592 -Subject: [PATCH] megasas: fix guest-triggered memory leak
593 -
594 -If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
595 -will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
596 -Avoid this by returning only the status from map_dcmd, and loading
597 -cmd->iov_size in the caller.
598 -
599 -Reported-by: Li Qiang <liqiang6-s@×××.cn>
600 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
601 ----
602 - hw/scsi/megasas.c | 11 ++++++-----
603 - 1 file changed, 6 insertions(+), 5 deletions(-)
604 -
605 -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
606 -index 67fc1e7..6233865 100644
607 ---- a/hw/scsi/megasas.c
608 -+++ b/hw/scsi/megasas.c
609 -@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
610 - trace_megasas_dcmd_invalid_sge(cmd->index,
611 - cmd->frame->header.sge_count);
612 - cmd->iov_size = 0;
613 -- return -1;
614 -+ return -EINVAL;
615 - }
616 - iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
617 - iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
618 - pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
619 - qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
620 - cmd->iov_size = iov_size;
621 -- return cmd->iov_size;
622 -+ return 0;
623 - }
624 -
625 - static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
626 -@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
627 -
628 - static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
629 - {
630 -- int opcode, len;
631 -+ int opcode;
632 - int retval = 0;
633 -+ size_t len;
634 - const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
635 -
636 - opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
637 - trace_megasas_handle_dcmd(cmd->index, opcode);
638 -- len = megasas_map_dcmd(s, cmd);
639 -- if (len < 0) {
640 -+ if (megasas_map_dcmd(s, cmd) < 0) {
641 - return MFI_STAT_MEMORY_NOT_AVAILABLE;
642 - }
643 - while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
644 - cmdptr++;
645 - }
646 -+ len = cmd->iov_size;
647 - if (cmdptr->opcode == -1) {
648 - trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
649 - retval = megasas_dcmd_dummy(s, cmd);
650 ---
651 -2.10.2
652 -
653
654 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
655 deleted file mode 100644
656 index 664a669..0000000
657 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
658 +++ /dev/null
659 @@ -1,38 +0,0 @@
660 -When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
661 -backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
662 -we'll leak memory.
663 -
664 -This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
665 -"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
666 -
667 -Reported-by: 李强 <address@hidden>
668 -Signed-off-by: Gerd Hoffmann <address@hidden>
669 ----
670 - hw/display/virtio-gpu-3d.c | 8 ++++++++
671 - 1 file changed, 8 insertions(+)
672 -
673 -diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
674 -index f96a0c2..ecb09d1 100644
675 ---- a/hw/display/virtio-gpu-3d.c
676 -+++ b/hw/display/virtio-gpu-3d.c
677 -@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
678 - struct virtio_gpu_ctrl_command *cmd)
679 - {
680 - struct virtio_gpu_resource_unref unref;
681 -+ struct iovec *res_iovs = NULL;
682 -+ int num_iovs = 0;
683 -
684 - VIRTIO_GPU_FILL_CMD(unref);
685 - trace_virtio_gpu_cmd_res_unref(unref.resource_id);
686 -
687 -+ virgl_renderer_resource_detach_iov(unref.resource_id,
688 -+ &res_iovs,
689 -+ &num_iovs);
690 -+ if (res_iovs != NULL && num_iovs != 0) {
691 -+ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
692 -+ }
693 - virgl_renderer_resource_unref(unref.resource_id);
694 - }
695 -
696 ---
697 -1.8.3.1
698
699 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
700 deleted file mode 100644
701 index 9f94477..0000000
702 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
703 +++ /dev/null
704 @@ -1,35 +0,0 @@
705 -From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
706 -From: Prasad J Pandit <pjp@×××××××××××××.org>
707 -Date: Fri, 3 Feb 2017 00:52:28 +0530
708 -Subject: [PATCH] usb: ccid: check ccid apdu length
709 -
710 -CCID device emulator uses Application Protocol Data Units(APDU)
711 -to exchange command and responses to and from the host.
712 -The length in these units couldn't be greater than 65536. Add
713 -check to ensure the same. It'd also avoid potential integer
714 -overflow in emulated_apdu_from_guest.
715 -
716 -Reported-by: Li Qiang <liqiang6-s@×××.cn>
717 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
718 -Message-id: 20170202192228.10847-1-ppandit@××××××.com
719 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
720 ----
721 - hw/usb/dev-smartcard-reader.c | 2 +-
722 - 1 file changed, 1 insertion(+), 1 deletion(-)
723 -
724 -diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
725 -index 89e11b6..1325ea1 100644
726 ---- a/hw/usb/dev-smartcard-reader.c
727 -+++ b/hw/usb/dev-smartcard-reader.c
728 -@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
729 - DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
730 - recv->hdr.bSeq, len);
731 - ccid_add_pending_answer(s, (CCID_Header *)recv);
732 -- if (s->card) {
733 -+ if (s->card && len <= BULK_OUT_DATA_SIZE) {
734 - ccid_card_apdu_from_guest(s->card, recv->abData, len);
735 - } else {
736 - DPRINTF(s, D_WARN, "warning: discarded apdu\n");
737 ---
738 -2.10.2
739 -
740
741 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
742 deleted file mode 100644
743 index 50ff3c9..0000000
744 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
745 +++ /dev/null
746 @@ -1,87 +0,0 @@
747 -Limits should be big enough that normal guest should not hit it.
748 -Add a tracepoint to log them, just in case. Also, while being
749 -at it, log the existing link trb limit too.
750 -
751 -Reported-by: 李强 <address@hidden>
752 -Signed-off-by: Gerd Hoffmann <address@hidden>
753 ----
754 - hw/usb/hcd-xhci.c | 15 ++++++++++++++-
755 - hw/usb/trace-events | 1 +
756 - 2 files changed, 15 insertions(+), 1 deletion(-)
757 -
758 -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
759 -index fbf8a8b..28dd2f2 100644
760 ---- a/hw/usb/hcd-xhci.c
761 -+++ b/hw/usb/hcd-xhci.c
762 -@@ -51,6 +51,8 @@
763 - #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
764 -
765 - #define TRB_LINK_LIMIT 4
766 -+#define COMMAND_LIMIT 256
767 -+#define TRANSFER_LIMIT 256
768 -
769 - #define LEN_CAP 0x40
770 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
771 -@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
772 - return type;
773 - } else {
774 - if (++link_cnt > TRB_LINK_LIMIT) {
775 -+ trace_usb_xhci_enforced_limit("trb-link");
776 - return 0;
777 - }
778 - ring->dequeue = xhci_mask64(trb->parameter);
779 -@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
780 - XHCIRing *ring;
781 - USBEndpoint *ep = NULL;
782 - uint64_t mfindex;
783 -+ unsigned int count = 0;
784 - int length;
785 - int i;
786 -
787 -@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
788 - epctx->retry = xfer;
789 - break;
790 - }
791 -+ if (count++ > TRANSFER_LIMIT) {
792 -+ trace_usb_xhci_enforced_limit("transfers");
793 -+ break;
794 -+ }
795 - }
796 - epctx->kick_active--;
797 -
798 -@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
799 - TRBType type;
800 - XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
801 - dma_addr_t addr;
802 -- unsigned int i, slotid = 0;
803 -+ unsigned int i, slotid = 0, count = 0;
804 -
805 - DPRINTF("xhci_process_commands()\n");
806 - if (!xhci_running(xhci)) {
807 -@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
808 - }
809 - event.slotid = slotid;
810 - xhci_event(xhci, &event, 0);
811 -+
812 -+ if (count++ > COMMAND_LIMIT) {
813 -+ trace_usb_xhci_enforced_limit("commands");
814 -+ return;
815 -+ }
816 - }
817 - }
818 -
819 -diff --git a/hw/usb/trace-events b/hw/usb/trace-events
820 -index fdd1d29..0c323d4 100644
821 ---- a/hw/usb/trace-events
822 -+++ b/hw/usb/trace-events
823 -@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
824 - usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
825 - usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
826 - usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
827 -+usb_xhci_enforced_limit(const char *item) "%s"
828 -
829 - # hw/usb/desc.c
830 - usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
831 ---
832 -1.8.3.1
833 -
834
835 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
836 deleted file mode 100644
837 index bfde2e9..0000000
838 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
839 +++ /dev/null
840 @@ -1,50 +0,0 @@
841 -From: Prasad J Pandit <address@hidden>
842 -
843 -In the SDHCI protocol, the transfer mode register value
844 -is used during multi block transfer to check if block count
845 -register is enabled and should be updated. Transfer mode
846 -register could be set such that, block count register would
847 -not be updated, thus leading to an infinite loop. Add check
848 -to avoid it.
849 -
850 -Reported-by: Wjjzhang <address@hidden>
851 -Reported-by: Jiang Xin <address@hidden>
852 -Signed-off-by: Prasad J Pandit <address@hidden>
853 ----
854 - hw/sd/sdhci.c | 10 +++++-----
855 - 1 file changed, 5 insertions(+), 5 deletions(-)
856 -
857 -Update: use qemu_log_mask(LOG_UNIMP, ...)
858 - -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
859 -
860 -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
861 -index 5bd5ab6..a9c744b 100644
862 ---- a/hw/sd/sdhci.c
863 -+++ b/hw/sd/sdhci.c
864 -@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
865 - uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
866 - uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
867 -
868 -+ if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
869 -+ qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
870 -+ return;
871 -+ }
872 -+
873 - /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
874 - * possible stop at page boundary if initial address is not page aligned,
875 - * allow them to work properly */
876 -@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
877 - if (s->trnmod & SDHC_TRNS_DMA) {
878 - switch (SDHC_DMA_TYPE(s->hostctl)) {
879 - case SDHC_CTRL_SDMA:
880 -- if ((s->trnmod & SDHC_TRNS_MULTI) &&
881 -- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
882 -- break;
883 -- }
884 --
885 - if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
886 - sdhci_sdma_transfer_single_block(s);
887 - } else {
888 ---
889 -2.9.3
890 -
891
892 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
893 deleted file mode 100644
894 index a15aa96..0000000
895 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
896 +++ /dev/null
897 @@ -1,52 +0,0 @@
898 -From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
899 -From: Li Qiang <liqiang6-s@×××.cn>
900 -Date: Tue, 7 Feb 2017 02:23:33 -0800
901 -Subject: [PATCH] usb: ohci: limit the number of link eds
902 -
903 -The guest may builds an infinite loop with link eds. This patch
904 -limit the number of linked ed to avoid this.
905 -
906 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
907 -Message-id: 5899a02e.45ca240a.6c373.93c1@×××××××××.com
908 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
909 ----
910 - hw/usb/hcd-ohci.c | 9 ++++++++-
911 - 1 file changed, 8 insertions(+), 1 deletion(-)
912 -
913 -diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
914 -index 2cba3e3..21c93e0 100644
915 ---- a/hw/usb/hcd-ohci.c
916 -+++ b/hw/usb/hcd-ohci.c
917 -@@ -42,6 +42,8 @@
918 -
919 - #define OHCI_MAX_PORTS 15
920 -
921 -+#define ED_LINK_LIMIT 4
922 -+
923 - static int64_t usb_frame_time;
924 - static int64_t usb_bit_time;
925 -
926 -@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
927 - uint32_t next_ed;
928 - uint32_t cur;
929 - int active;
930 --
931 -+ uint32_t link_cnt = 0;
932 - active = 0;
933 -
934 - if (head == 0)
935 -@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
936 -
937 - next_ed = ed.next & OHCI_DPTR_MASK;
938 -
939 -+ if (++link_cnt > ED_LINK_LIMIT) {
940 -+ ohci_die(ohci);
941 -+ return 0;
942 -+ }
943 -+
944 - if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
945 - uint32_t addr;
946 - /* Cancel pending packets for ED that have been paused. */
947 ---
948 -2.10.2
949 -
950
951 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
952 deleted file mode 100644
953 index f2d317c..0000000
954 --- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
955 +++ /dev/null
956 @@ -1,49 +0,0 @@
957 -From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
958 -From: Li Qiang <liq3ea@×××××.com>
959 -Date: Mon, 27 Mar 2017 21:13:19 +0200
960 -Subject: [PATCH] 9pfs: fix file descriptor leak
961 -
962 -The v9fs_create() and v9fs_lcreate() functions are used to create a file
963 -on the backend and to associate it to a fid. The fid shouldn't be already
964 -in-use, otherwise both functions may silently leak a file descriptor or
965 -allocated memory. The current code doesn't check that.
966 -
967 -This patch ensures that the fid isn't already associated to anything
968 -before using it.
969 -
970 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
971 -(reworded the changelog, Greg Kurz)
972 -Signed-off-by: Greg Kurz <groug@××××.org>
973 ----
974 - hw/9pfs/9p.c | 8 ++++++++
975 - 1 file changed, 8 insertions(+)
976 -
977 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
978 -index b8c0b99..48babce 100644
979 ---- a/hw/9pfs/9p.c
980 -+++ b/hw/9pfs/9p.c
981 -@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
982 - err = -ENOENT;
983 - goto out_nofid;
984 - }
985 -+ if (fidp->fid_type != P9_FID_NONE) {
986 -+ err = -EINVAL;
987 -+ goto out;
988 -+ }
989 -
990 - flags = get_dotl_openflags(pdu->s, flags);
991 - err = v9fs_co_open2(pdu, fidp, &name, gid,
992 -@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
993 - err = -EINVAL;
994 - goto out_nofid;
995 - }
996 -+ if (fidp->fid_type != P9_FID_NONE) {
997 -+ err = -EINVAL;
998 -+ goto out;
999 -+ }
1000 - if (perm & P9_STAT_MODE_DIR) {
1001 - err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
1002 - fidp->uid, -1, &stbuf);
1003 ---
1004 -2.10.2
1005 -
1006
1007 diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
1008 deleted file mode 100644
1009 index c5366f5..0000000
1010 --- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
1011 +++ /dev/null
1012 @@ -1,64 +0,0 @@
1013 -From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
1014 -From: Greg Kurz <groug@××××.org>
1015 -Date: Mon, 17 Apr 2017 10:53:23 +0200
1016 -Subject: [PATCH] 9pfs: local: set the path of the export root to "."
1017 -MIME-Version: 1.0
1018 -Content-Type: text/plain; charset=UTF-8
1019 -Content-Transfer-Encoding: 8bit
1020 -
1021 -The local backend was recently converted to using "at*()" syscalls in order
1022 -to ensure all accesses happen below the shared directory. This requires that
1023 -we only pass relative paths, otherwise the dirfd argument to the "at*()"
1024 -syscalls is ignored and the path is treated as an absolute path in the host.
1025 -This is actually the case for paths in all fids, with the notable exception
1026 -of the root fid, whose path is "/". This causes the following backend ops to
1027 -act on the "/" directory of the host instead of the virtfs shared directory
1028 -when the export root is involved:
1029 -- lstat
1030 -- chmod
1031 -- chown
1032 -- utimensat
1033 -
1034 -ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
1035 -host for example. This could cause security issues with a privileged QEMU.
1036 -
1037 -All "*at()" syscalls are being passed an open file descriptor. In the case
1038 -of the export root, this file descriptor points to the path in the host that
1039 -was passed to -fsdev.
1040 -
1041 -The fix is thus as simple as changing the path of the export root fid to be
1042 -"." instead of "/".
1043 -
1044 -This is CVE-2017-7471.
1045 -
1046 -Cc: qemu-stable@××××××.org
1047 -Reported-by: Léo Gaspard <leo@×××××××.io>
1048 -Signed-off-by: Greg Kurz <groug@××××.org>
1049 -Reviewed-by: Eric Blake <eblake@××××××.com>
1050 -Signed-off-by: Peter Maydell <peter.maydell@××××××.org>
1051 ----
1052 - hw/9pfs/9p-local.c | 7 ++++++-
1053 - 1 file changed, 6 insertions(+), 1 deletion(-)
1054 -
1055 -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
1056 -index 45e9a1f..f3ebca4 100644
1057 ---- a/hw/9pfs/9p-local.c
1058 -+++ b/hw/9pfs/9p-local.c
1059 -@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
1060 - {
1061 - if (dir_path) {
1062 - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
1063 -- } else {
1064 -+ } else if (strcmp(name, "/")) {
1065 - v9fs_path_sprintf(target, "%s", name);
1066 -+ } else {
1067 -+ /* We want the path of the export root to be relative, otherwise
1068 -+ * "*at()" syscalls would treat it as "/" in the host.
1069 -+ */
1070 -+ v9fs_path_sprintf(target, "%s", ".");
1071 - }
1072 - return 0;
1073 - }
1074 ---
1075 -2.10.2
1076 -
1077
1078 diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
1079 deleted file mode 100644
1080 index eac72f3..0000000
1081 --- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
1082 +++ /dev/null
1083 @@ -1,28 +0,0 @@
1084 -From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
1085 -From: Li Qiang <liq3ea@×××××.com>
1086 -Date: Fri, 7 Apr 2017 03:48:52 -0700
1087 -Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
1088 -
1089 -Free 'orig_value' in error path.
1090 -
1091 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1092 -Signed-off-by: Greg Kurz <groug@××××.org>
1093 ----
1094 - hw/9pfs/9p-xattr.c | 1 +
1095 - 1 file changed, 1 insertion(+)
1096 -
1097 -diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
1098 -index eec160b..d05c1a1 100644
1099 ---- a/hw/9pfs/9p-xattr.c
1100 -+++ b/hw/9pfs/9p-xattr.c
1101 -@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
1102 - g_free(name);
1103 - close_preserve_errno(dirfd);
1104 - if (xattr_len < 0) {
1105 -+ g_free(orig_value);
1106 - return -1;
1107 - }
1108 -
1109 ---
1110 -2.10.2
1111 -
1112
1113 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
1114 new file mode 100644
1115 index 0000000..7db0692
1116 --- /dev/null
1117 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
1118 @@ -0,0 +1,47 @@
1119 +From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
1120 +From: Max Reitz <mreitz@××××××.com>
1121 +Date: Sun, 11 Jun 2017 14:37:14 +0200
1122 +Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
1123 +
1124 +qemu proper has done so for 13 years
1125 +(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
1126 +done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
1127 +Ignoring this signal is especially important in qemu-nbd because
1128 +otherwise a client can easily take down the qemu-nbd server by dropping
1129 +the connection when the server wants to send something, for example:
1130 +
1131 +$ qemu-nbd -x foo -f raw -t null-co:// &
1132 +[1] 12726
1133 +$ qemu-io -c quit nbd://localhost/bar
1134 +can't open device nbd://localhost/bar: No export with name 'bar' available
1135 +[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co://
1136 +
1137 +In this case, the client sends an NBD_OPT_ABORT and closes the
1138 +connection (because it is not required to wait for a reply), but the
1139 +server replies with an NBD_REP_ACK (because it is required to reply).
1140 +
1141 +Signed-off-by: Max Reitz <mreitz@××××××.com>
1142 +Message-Id: <20170611123714.31292-1-mreitz@××××××.com>
1143 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1144 +---
1145 + qemu-nbd.c | 4 ++++
1146 + 1 file changed, 4 insertions(+)
1147 +
1148 +diff --git a/qemu-nbd.c b/qemu-nbd.c
1149 +index 9464a0461c..4dd3fd4732 100644
1150 +--- a/qemu-nbd.c
1151 ++++ b/qemu-nbd.c
1152 +@@ -581,6 +581,10 @@ int main(int argc, char **argv)
1153 + sa_sigterm.sa_handler = termsig_handler;
1154 + sigaction(SIGTERM, &sa_sigterm, NULL);
1155 +
1156 ++#ifdef CONFIG_POSIX
1157 ++ signal(SIGPIPE, SIG_IGN);
1158 ++#endif
1159 ++
1160 + module_call_init(MODULE_INIT_TRACE);
1161 + qcrypto_init(&error_fatal);
1162 +
1163 +--
1164 +2.13.0
1165 +
1166
1167 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
1168 new file mode 100644
1169 index 0000000..0074f5f
1170 --- /dev/null
1171 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
1172 @@ -0,0 +1,50 @@
1173 +From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
1174 +From: Gerd Hoffmann <kraxel@××××××.com>
1175 +Date: Tue, 9 May 2017 13:01:28 +0200
1176 +Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
1177 +MIME-Version: 1.0
1178 +Content-Type: text/plain; charset=UTF-8
1179 +Content-Transfer-Encoding: 8bit
1180 +
1181 +Don't reinvent a broken wheel, just use the hexdump function we have.
1182 +
1183 +Impact: low, broken code doesn't run unless you have debug logging
1184 +enabled.
1185 +
1186 +Reported-by: 李强 <liqiang6-s@×××.cn>
1187 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1188 +Message-id: 20170509110128.27261-1-kraxel@××××××.com
1189 +---
1190 + hw/usb/redirect.c | 13 +------------
1191 + 1 file changed, 1 insertion(+), 12 deletions(-)
1192 +
1193 +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
1194 +index b001a27f05..ad5ef783a6 100644
1195 +--- a/hw/usb/redirect.c
1196 ++++ b/hw/usb/redirect.c
1197 +@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
1198 + static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
1199 + const uint8_t *data, int len)
1200 + {
1201 +- int i, j, n;
1202 +-
1203 + if (dev->debug < usbredirparser_debug_data) {
1204 + return;
1205 + }
1206 +-
1207 +- for (i = 0; i < len; i += j) {
1208 +- char buf[128];
1209 +-
1210 +- n = sprintf(buf, "%s", desc);
1211 +- for (j = 0; j < 8 && i + j < len; j++) {
1212 +- n += sprintf(buf + n, " %02X", data[i + j]);
1213 +- }
1214 +- error_report("%s", buf);
1215 +- }
1216 ++ qemu_hexdump((char *)data, stderr, desc, len);
1217 + }
1218 +
1219 + /*
1220 +--
1221 +2.13.0
1222 +
1223
1224 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
1225 new file mode 100644
1226 index 0000000..bfe4c7d
1227 --- /dev/null
1228 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
1229 @@ -0,0 +1,40 @@
1230 +[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
1231 +From: Prasad J Pandit <address@hidden>
1232 +
1233 +When accessing guest's ram block during DMA operation, use
1234 +'qemu_ram_ptr_length' to get ram block pointer. It ensures
1235 +that DMA operation of given length is possible; And avoids
1236 +any OOB memory access situations.
1237 +
1238 +Reported-by: Alex <address@hidden>
1239 +Signed-off-by: Prasad J Pandit <address@hidden>
1240 +Message-Id: <address@hidden>
1241 +Signed-off-by: Paolo Bonzini <address@hidden>
1242 +---
1243 + exec.c | 4 ++--
1244 + 1 file changed, 2 insertions(+), 2 deletions(-)
1245 +
1246 +diff --git a/exec.c b/exec.c
1247 +index a083ff8..ad103ce 100644
1248 +--- a/exec.c
1249 ++++ b/exec.c
1250 +@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
1251 + }
1252 + } else {
1253 + /* RAM case */
1254 +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1255 ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
1256 + memcpy(ptr, buf, l);
1257 + invalidate_and_set_dirty(mr, addr1, l);
1258 + }
1259 +@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
1260 + }
1261 + } else {
1262 + /* RAM case */
1263 +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1264 ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
1265 + memcpy(buf, ptr, l);
1266 + }
1267 +
1268 +--
1269 +1.8.3.1
1270
1271 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
1272 new file mode 100644
1273 index 0000000..5d32067
1274 --- /dev/null
1275 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
1276 @@ -0,0 +1,29 @@
1277 +[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
1278 +From: Prasad J Pandit <address@hidden>
1279 +
1280 +While parsing dhcp options string in 'dhcp_decode', if an options'
1281 +length 'len' appeared towards the end of 'bp_vend' array, ensuing
1282 +read could lead to an OOB memory access issue. Add check to avoid it.
1283 +
1284 +Reported-by: Reno Robert <address@hidden>
1285 +Signed-off-by: Prasad J Pandit <address@hidden>
1286 +---
1287 + slirp/bootp.c | 3 +++
1288 + 1 file changed, 3 insertions(+)
1289 +
1290 +diff --git a/slirp/bootp.c b/slirp/bootp.c
1291 +index 5a4646c..5dd1a41 100644
1292 +--- a/slirp/bootp.c
1293 ++++ b/slirp/bootp.c
1294 +@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
1295 + if (p >= p_end)
1296 + break;
1297 + len = *p++;
1298 ++ if (p + len > p_end) {
1299 ++ break;
1300 ++ }
1301 + DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
1302 +
1303 + switch(tag) {
1304 +--
1305 +2.9.4
1306
1307 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
1308 new file mode 100644
1309 index 0000000..3af1697
1310 --- /dev/null
1311 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
1312 @@ -0,0 +1,601 @@
1313 +From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
1314 +From: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com>
1315 +Date: Fri, 2 Jun 2017 18:01:41 +0300
1316 +Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
1317 +
1318 +Functions nbd_negotiate_{read,write,drop_sync} were introduced in
1319 +1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
1320 +qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
1321 +qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
1322 +setting any handlers. But starting from ff82911cd nbd_rwv (was
1323 +nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
1324 +watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
1325 +let's just use nbd_{read,write,drop} functions.
1326 +
1327 +Functions nbd_{read,write,drop} has errp parameter, which is unused in
1328 +this patch. This will be fixed later.
1329 +
1330 +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com>
1331 +Reviewed-by: Eric Blake <eblake@××××××.com>
1332 +Message-Id: <20170602150150.258222-4-vsementsov@×××××××××.com>
1333 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1334 +---
1335 + nbd/server.c | 107 ++++++++++++-----------------------------------------------
1336 + 1 file changed, 22 insertions(+), 85 deletions(-)
1337 +
1338 +diff --git a/nbd/client.c b/nbd/client.c
1339 +index a58fb02..6b74a62 100644
1340 +--- a/nbd/client.c
1341 ++++ b/nbd/client.c
1342 +@@ -86,9 +86,9 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
1343 +
1344 + */
1345 +
1346 +-/* Discard length bytes from channel. Return -errno on failure, or
1347 +- * the amount of bytes consumed. */
1348 +-static ssize_t drop_sync(QIOChannel *ioc, size_t size)
1349 ++/* Discard length bytes from channel. Return -errno on failure and 0 on
1350 ++ * success*/
1351 ++static int drop_sync(QIOChannel *ioc, size_t size)
1352 + {
1353 + ssize_t ret = 0;
1354 + char small[1024];
1355 +@@ -96,14 +96,13 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
1356 +
1357 + buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
1358 + while (size > 0) {
1359 +- ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
1360 ++ ssize_t count = MIN(65536, size);
1361 ++ ret = read_sync(ioc, buffer, MIN(65536, size));
1362 +
1363 +- if (count <= 0) {
1364 ++ if (ret < 0) {
1365 + goto cleanup;
1366 + }
1367 +- assert(count <= size);
1368 + size -= count;
1369 +- ret += count;
1370 + }
1371 +
1372 + cleanup:
1373 +@@ -136,12 +135,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt,
1374 + stl_be_p(&req.option, opt);
1375 + stl_be_p(&req.length, len);
1376 +
1377 +- if (write_sync(ioc, &req, sizeof(req)) != sizeof(req)) {
1378 ++ if (write_sync(ioc, &req, sizeof(req)) < 0) {
1379 + error_setg(errp, "Failed to send option request header");
1380 + return -1;
1381 + }
1382 +
1383 +- if (len && write_sync(ioc, (char *) data, len) != len) {
1384 ++ if (len && write_sync(ioc, (char *) data, len) < 0) {
1385 + error_setg(errp, "Failed to send option request data");
1386 + return -1;
1387 + }
1388 +@@ -170,7 +169,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
1389 + nbd_opt_reply *reply, Error **errp)
1390 + {
1391 + QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
1392 +- if (read_sync(ioc, reply, sizeof(*reply)) != sizeof(*reply)) {
1393 ++ if (read_sync(ioc, reply, sizeof(*reply)) < 0) {
1394 + error_setg(errp, "failed to read option reply");
1395 + nbd_send_opt_abort(ioc);
1396 + return -1;
1397 +@@ -219,7 +218,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
1398 + goto cleanup;
1399 + }
1400 + msg = g_malloc(reply->length + 1);
1401 +- if (read_sync(ioc, msg, reply->length) != reply->length) {
1402 ++ if (read_sync(ioc, msg, reply->length) < 0) {
1403 + error_setg(errp, "failed to read option error message");
1404 + goto cleanup;
1405 + }
1406 +@@ -321,7 +320,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
1407 + nbd_send_opt_abort(ioc);
1408 + return -1;
1409 + }
1410 +- if (read_sync(ioc, &namelen, sizeof(namelen)) != sizeof(namelen)) {
1411 ++ if (read_sync(ioc, &namelen, sizeof(namelen)) < 0) {
1412 + error_setg(errp, "failed to read option name length");
1413 + nbd_send_opt_abort(ioc);
1414 + return -1;
1415 +@@ -334,7 +333,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
1416 + return -1;
1417 + }
1418 + if (namelen != strlen(want)) {
1419 +- if (drop_sync(ioc, len) != len) {
1420 ++ if (drop_sync(ioc, len) < 0) {
1421 + error_setg(errp, "failed to skip export name with wrong length");
1422 + nbd_send_opt_abort(ioc);
1423 + return -1;
1424 +@@ -343,14 +342,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
1425 + }
1426 +
1427 + assert(namelen < sizeof(name));
1428 +- if (read_sync(ioc, name, namelen) != namelen) {
1429 ++ if (read_sync(ioc, name, namelen) < 0) {
1430 + error_setg(errp, "failed to read export name");
1431 + nbd_send_opt_abort(ioc);
1432 + return -1;
1433 + }
1434 + name[namelen] = '\0';
1435 + len -= namelen;
1436 +- if (drop_sync(ioc, len) != len) {
1437 ++ if (drop_sync(ioc, len) < 0) {
1438 + error_setg(errp, "failed to read export description");
1439 + nbd_send_opt_abort(ioc);
1440 + return -1;
1441 +@@ -477,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1442 + goto fail;
1443 + }
1444 +
1445 +- if (read_sync(ioc, buf, 8) != 8) {
1446 ++ if (read_sync(ioc, buf, 8) < 0) {
1447 + error_setg(errp, "Failed to read data");
1448 + goto fail;
1449 + }
1450 +@@ -503,7 +502,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1451 + goto fail;
1452 + }
1453 +
1454 +- if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
1455 ++ if (read_sync(ioc, &magic, sizeof(magic)) < 0) {
1456 + error_setg(errp, "Failed to read magic");
1457 + goto fail;
1458 + }
1459 +@@ -515,8 +514,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1460 + uint16_t globalflags;
1461 + bool fixedNewStyle = false;
1462 +
1463 +- if (read_sync(ioc, &globalflags, sizeof(globalflags)) !=
1464 +- sizeof(globalflags)) {
1465 ++ if (read_sync(ioc, &globalflags, sizeof(globalflags)) < 0) {
1466 + error_setg(errp, "Failed to read server flags");
1467 + goto fail;
1468 + }
1469 +@@ -534,8 +532,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1470 + }
1471 + /* client requested flags */
1472 + clientflags = cpu_to_be32(clientflags);
1473 +- if (write_sync(ioc, &clientflags, sizeof(clientflags)) !=
1474 +- sizeof(clientflags)) {
1475 ++ if (write_sync(ioc, &clientflags, sizeof(clientflags)) < 0) {
1476 + error_setg(errp, "Failed to send clientflags field");
1477 + goto fail;
1478 + }
1479 +@@ -573,13 +570,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1480 + }
1481 +
1482 + /* Read the response */
1483 +- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
1484 ++ if (read_sync(ioc, &s, sizeof(s)) < 0) {
1485 + error_setg(errp, "Failed to read export length");
1486 + goto fail;
1487 + }
1488 + *size = be64_to_cpu(s);
1489 +
1490 +- if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) {
1491 ++ if (read_sync(ioc, flags, sizeof(*flags)) < 0) {
1492 + error_setg(errp, "Failed to read export flags");
1493 + goto fail;
1494 + }
1495 +@@ -596,14 +593,14 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1496 + goto fail;
1497 + }
1498 +
1499 +- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
1500 ++ if (read_sync(ioc, &s, sizeof(s)) < 0) {
1501 + error_setg(errp, "Failed to read export length");
1502 + goto fail;
1503 + }
1504 + *size = be64_to_cpu(s);
1505 + TRACE("Size is %" PRIu64, *size);
1506 +
1507 +- if (read_sync(ioc, &oldflags, sizeof(oldflags)) != sizeof(oldflags)) {
1508 ++ if (read_sync(ioc, &oldflags, sizeof(oldflags)) < 0) {
1509 + error_setg(errp, "Failed to read export flags");
1510 + goto fail;
1511 + }
1512 +@@ -619,7 +616,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
1513 + }
1514 +
1515 + TRACE("Size is %" PRIu64 ", export flags %" PRIx16, *size, *flags);
1516 +- if (zeroes && drop_sync(ioc, 124) != 124) {
1517 ++ if (zeroes && drop_sync(ioc, 124) < 0) {
1518 + error_setg(errp, "Failed to read reserved block");
1519 + goto fail;
1520 + }
1521 +@@ -744,7 +741,6 @@ int nbd_disconnect(int fd)
1522 + ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
1523 + {
1524 + uint8_t buf[NBD_REQUEST_SIZE];
1525 +- ssize_t ret;
1526 +
1527 + TRACE("Sending request to server: "
1528 + "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64
1529 +@@ -759,16 +755,7 @@ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
1530 + stq_be_p(buf + 16, request->from);
1531 + stl_be_p(buf + 24, request->len);
1532 +
1533 +- ret = write_sync(ioc, buf, sizeof(buf));
1534 +- if (ret < 0) {
1535 +- return ret;
1536 +- }
1537 +-
1538 +- if (ret != sizeof(buf)) {
1539 +- LOG("writing to socket failed");
1540 +- return -EINVAL;
1541 +- }
1542 +- return 0;
1543 ++ return write_sync(ioc, buf, sizeof(buf));
1544 + }
1545 +
1546 + ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
1547 +@@ -777,7 +764,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
1548 + uint32_t magic;
1549 + ssize_t ret;
1550 +
1551 +- ret = read_sync(ioc, buf, sizeof(buf));
1552 ++ ret = read_sync_eof(ioc, buf, sizeof(buf));
1553 + if (ret <= 0) {
1554 + return ret;
1555 + }
1556 +diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
1557 +index f43d990..e6bbc7c 100644
1558 +--- a/nbd/nbd-internal.h
1559 ++++ b/nbd/nbd-internal.h
1560 +@@ -94,7 +94,13 @@
1561 + #define NBD_ENOSPC 28
1562 + #define NBD_ESHUTDOWN 108
1563 +
1564 +-static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
1565 ++/* read_sync_eof
1566 ++ * Tries to read @size bytes from @ioc. Returns number of bytes actually read.
1567 ++ * May return a value >= 0 and < size only on EOF, i.e. when iteratively called
1568 ++ * qio_channel_readv() returns 0. So, there are no needs to call read_sync_eof
1569 ++ * iteratively.
1570 ++ */
1571 ++static inline ssize_t read_sync_eof(QIOChannel *ioc, void *buffer, size_t size)
1572 + {
1573 + struct iovec iov = { .iov_base = buffer, .iov_len = size };
1574 + /* Sockets are kept in blocking mode in the negotiation phase. After
1575 +@@ -105,12 +111,32 @@ static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
1576 + return nbd_wr_syncv(ioc, &iov, 1, size, true);
1577 + }
1578 +
1579 +-static inline ssize_t write_sync(QIOChannel *ioc, const void *buffer,
1580 +- size_t size)
1581 ++/* read_sync
1582 ++ * Reads @size bytes from @ioc. Returns 0 on success.
1583 ++ */
1584 ++static inline int read_sync(QIOChannel *ioc, void *buffer, size_t size)
1585 ++{
1586 ++ ssize_t ret = read_sync_eof(ioc, buffer, size);
1587 ++
1588 ++ if (ret >= 0 && ret != size) {
1589 ++ ret = -EINVAL;
1590 ++ }
1591 ++
1592 ++ return ret < 0 ? ret : 0;
1593 ++}
1594 ++
1595 ++/* write_sync
1596 ++ * Writes @size bytes to @ioc. Returns 0 on success.
1597 ++ */
1598 ++static inline int write_sync(QIOChannel *ioc, const void *buffer, size_t size)
1599 + {
1600 + struct iovec iov = { .iov_base = (void *) buffer, .iov_len = size };
1601 +
1602 +- return nbd_wr_syncv(ioc, &iov, 1, size, false);
1603 ++ ssize_t ret = nbd_wr_syncv(ioc, &iov, 1, size, false);
1604 ++
1605 ++ assert(ret < 0 || ret == size);
1606 ++
1607 ++ return ret < 0 ? ret : 0;
1608 + }
1609 +
1610 + struct NBDTLSHandshakeData {
1611 +diff --git a/nbd/server.c b/nbd/server.c
1612 +index 924a1fe..a1f106b 100644
1613 +--- a/nbd/server.c
1614 ++++ b/nbd/server.c
1615 +@@ -104,69 +104,6 @@ struct NBDClient {
1616 +
1617 + static void nbd_client_receive_next_request(NBDClient *client);
1618 +
1619 +-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
1620 +- GIOCondition condition,
1621 +- void *opaque)
1622 +-{
1623 +- qemu_coroutine_enter(opaque);
1624 +- return TRUE;
1625 +-}
1626 +-
1627 +-static ssize_t nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
1628 +-{
1629 +- ssize_t ret;
1630 +- guint watch;
1631 +-
1632 +- assert(qemu_in_coroutine());
1633 +- /* Negotiation are always in main loop. */
1634 +- watch = qio_channel_add_watch(ioc,
1635 +- G_IO_IN,
1636 +- nbd_negotiate_continue,
1637 +- qemu_coroutine_self(),
1638 +- NULL);
1639 +- ret = read_sync(ioc, buffer, size);
1640 +- g_source_remove(watch);
1641 +- return ret;
1642 +-
1643 +-}
1644 +-
1645 +-static ssize_t nbd_negotiate_write(QIOChannel *ioc, const void *buffer,
1646 +- size_t size)
1647 +-{
1648 +- ssize_t ret;
1649 +- guint watch;
1650 +-
1651 +- assert(qemu_in_coroutine());
1652 +- /* Negotiation are always in main loop. */
1653 +- watch = qio_channel_add_watch(ioc,
1654 +- G_IO_OUT,
1655 +- nbd_negotiate_continue,
1656 +- qemu_coroutine_self(),
1657 +- NULL);
1658 +- ret = write_sync(ioc, buffer, size);
1659 +- g_source_remove(watch);
1660 +- return ret;
1661 +-}
1662 +-
1663 +-static ssize_t nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
1664 +-{
1665 +- ssize_t ret, dropped = size;
1666 +- uint8_t *buffer = g_malloc(MIN(65536, size));
1667 +-
1668 +- while (size > 0) {
1669 +- ret = nbd_negotiate_read(ioc, buffer, MIN(65536, size));
1670 +- if (ret < 0) {
1671 +- g_free(buffer);
1672 +- return ret;
1673 +- }
1674 +-
1675 +- assert(ret <= size);
1676 +- size -= ret;
1677 +- }
1678 +-
1679 +- g_free(buffer);
1680 +- return dropped;
1681 +-}
1682 +
1683 + /* Basic flow for negotiation
1684 +
1685 +@@ -206,22 +143,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
1686 + type, opt, len);
1687 +
1688 + magic = cpu_to_be64(NBD_REP_MAGIC);
1689 +- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
1690 ++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
1691 + LOG("write failed (rep magic)");
1692 + return -EINVAL;
1693 + }
1694 + opt = cpu_to_be32(opt);
1695 +- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) != sizeof(opt)) {
1696 ++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
1697 + LOG("write failed (rep opt)");
1698 + return -EINVAL;
1699 + }
1700 + type = cpu_to_be32(type);
1701 +- if (nbd_negotiate_write(ioc, &type, sizeof(type)) != sizeof(type)) {
1702 ++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
1703 + LOG("write failed (rep type)");
1704 + return -EINVAL;
1705 + }
1706 + len = cpu_to_be32(len);
1707 +- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
1708 ++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
1709 + LOG("write failed (rep data length)");
1710 + return -EINVAL;
1711 + }
1712 +@@ -256,7 +193,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
1713 + if (ret < 0) {
1714 + goto out;
1715 + }
1716 +- if (nbd_negotiate_write(ioc, msg, len) != len) {
1717 ++ if (nbd_write(ioc, msg, len, NULL) < 0) {
1718 + LOG("write failed (error message)");
1719 + ret = -EIO;
1720 + } else {
1721 +@@ -287,15 +224,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
1722 + }
1723 +
1724 + len = cpu_to_be32(name_len);
1725 +- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
1726 ++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
1727 + LOG("write failed (name length)");
1728 + return -EINVAL;
1729 + }
1730 +- if (nbd_negotiate_write(ioc, name, name_len) != name_len) {
1731 ++ if (nbd_write(ioc, name, name_len, NULL) < 0) {
1732 + LOG("write failed (name buffer)");
1733 + return -EINVAL;
1734 + }
1735 +- if (nbd_negotiate_write(ioc, desc, desc_len) != desc_len) {
1736 ++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
1737 + LOG("write failed (description buffer)");
1738 + return -EINVAL;
1739 + }
1740 +@@ -309,7 +246,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
1741 + NBDExport *exp;
1742 +
1743 + if (length) {
1744 +- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
1745 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
1746 + return -EIO;
1747 + }
1748 + return nbd_negotiate_send_rep_err(client->ioc,
1749 +@@ -340,7 +277,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
1750 + LOG("Bad length received");
1751 + goto fail;
1752 + }
1753 +- if (nbd_negotiate_read(client->ioc, name, length) != length) {
1754 ++ if (nbd_read(client->ioc, name, length, NULL) < 0) {
1755 + LOG("read failed");
1756 + goto fail;
1757 + }
1758 +@@ -373,7 +310,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
1759 + TRACE("Setting up TLS");
1760 + ioc = client->ioc;
1761 + if (length) {
1762 +- if (nbd_negotiate_drop_sync(ioc, length) != length) {
1763 ++ if (nbd_drop(ioc, length, NULL) < 0) {
1764 + return NULL;
1765 + }
1766 + nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
1767 +@@ -437,8 +374,7 @@ static int nbd_negotiate_options(NBDClient *client)
1768 + ... Rest of request
1769 + */
1770 +
1771 +- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) !=
1772 +- sizeof(flags)) {
1773 ++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
1774 + LOG("read failed");
1775 + return -EIO;
1776 + }
1777 +@@ -464,8 +400,7 @@ static int nbd_negotiate_options(NBDClient *client)
1778 + uint32_t clientflags, length;
1779 + uint64_t magic;
1780 +
1781 +- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) !=
1782 +- sizeof(magic)) {
1783 ++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
1784 + LOG("read failed");
1785 + return -EINVAL;
1786 + }
1787 +@@ -475,15 +410,15 @@ static int nbd_negotiate_options(NBDClient *client)
1788 + return -EINVAL;
1789 + }
1790 +
1791 +- if (nbd_negotiate_read(client->ioc, &clientflags,
1792 +- sizeof(clientflags)) != sizeof(clientflags)) {
1793 ++ if (nbd_read(client->ioc, &clientflags,
1794 ++ sizeof(clientflags), NULL) < 0)
1795 ++ {
1796 + LOG("read failed");
1797 + return -EINVAL;
1798 + }
1799 + clientflags = be32_to_cpu(clientflags);
1800 +
1801 +- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) !=
1802 +- sizeof(length)) {
1803 ++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
1804 + LOG("read failed");
1805 + return -EINVAL;
1806 + }
1807 +@@ -513,7 +448,7 @@ static int nbd_negotiate_options(NBDClient *client)
1808 + return -EINVAL;
1809 +
1810 + default:
1811 +- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
1812 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
1813 + return -EIO;
1814 + }
1815 + ret = nbd_negotiate_send_rep_err(client->ioc,
1816 +@@ -551,7 +486,7 @@ static int nbd_negotiate_options(NBDClient *client)
1817 + return nbd_negotiate_handle_export_name(client, length);
1818 +
1819 + case NBD_OPT_STARTTLS:
1820 +- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
1821 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
1822 + return -EIO;
1823 + }
1824 + if (client->tlscreds) {
1825 +@@ -570,7 +505,7 @@ static int nbd_negotiate_options(NBDClient *client)
1826 + }
1827 + break;
1828 + default:
1829 +- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
1830 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
1831 + return -EIO;
1832 + }
1833 + ret = nbd_negotiate_send_rep_err(client->ioc,
1834 +@@ -659,12 +594,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
1835 + TRACE("TLS cannot be enabled with oldstyle protocol");
1836 + goto fail;
1837 + }
1838 +- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) != sizeof(buf)) {
1839 ++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
1840 + LOG("write failed");
1841 + goto fail;
1842 + }
1843 + } else {
1844 +- if (nbd_negotiate_write(client->ioc, buf, 18) != 18) {
1845 ++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
1846 + LOG("write failed");
1847 + goto fail;
1848 + }
1849 +@@ -679,7 +614,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
1850 + stq_be_p(buf + 18, client->exp->size);
1851 + stw_be_p(buf + 26, client->exp->nbdflags | myflags);
1852 + len = client->no_zeroes ? 10 : sizeof(buf) - 18;
1853 +- if (nbd_negotiate_write(client->ioc, buf + 18, len) != len) {
1854 ++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
1855 + LOG("write failed");
1856 + goto fail;
1857 + }
1858 +@@ -702,11 +637,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
1859 + return ret;
1860 + }
1861 +
1862 +- if (ret != sizeof(buf)) {
1863 +- LOG("read failed");
1864 +- return -EINVAL;
1865 +- }
1866 +-
1867 + /* Request
1868 + [ 0 .. 3] magic (NBD_REQUEST_MAGIC)
1869 + [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...)
1870 +@@ -737,7 +667,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
1871 + static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
1872 + {
1873 + uint8_t buf[NBD_REPLY_SIZE];
1874 +- ssize_t ret;
1875 +
1876 + reply->error = system_errno_to_nbd_errno(reply->error);
1877 +
1878 +@@ -754,16 +683,7 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
1879 + stl_be_p(buf + 4, reply->error);
1880 + stq_be_p(buf + 8, reply->handle);
1881 +
1882 +- ret = write_sync(ioc, buf, sizeof(buf));
1883 +- if (ret < 0) {
1884 +- return ret;
1885 +- }
1886 +-
1887 +- if (ret != sizeof(buf)) {
1888 +- LOG("writing to socket failed");
1889 +- return -EINVAL;
1890 +- }
1891 +- return 0;
1892 ++ return write_sync(ioc, buf, sizeof(buf));
1893 + }
1894 +
1895 + #define MAX_NBD_REQUESTS 16
1896 +@@ -1067,7 +987,7 @@ static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply,
1897 + rc = nbd_send_reply(client->ioc, reply);
1898 + if (rc >= 0) {
1899 + ret = write_sync(client->ioc, req->data, len);
1900 +- if (ret != len) {
1901 ++ if (ret < 0) {
1902 + rc = -EIO;
1903 + }
1904 + }
1905 +@@ -1141,7 +1061,7 @@ static ssize_t nbd_co_receive_request(NBDRequestData *req,
1906 + if (request->type == NBD_CMD_WRITE) {
1907 + TRACE("Reading %" PRIu32 " byte(s)", request->len);
1908 +
1909 +- if (read_sync(client->ioc, req->data, request->len) != request->len) {
1910 ++ if (read_sync(client->ioc, req->data, request->len) < 0) {
1911 + LOG("reading from socket failed");
1912 + rc = -EIO;
1913 + goto out;
1914
1915 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
1916 new file mode 100644
1917 index 0000000..01c81d1
1918 --- /dev/null
1919 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
1920 @@ -0,0 +1,122 @@
1921 +From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
1922 +From: Paolo Bonzini <pbonzini@××××××.com>
1923 +Date: Thu, 1 Jun 2017 17:26:14 +0200
1924 +Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
1925 +
1926 +This ensures that the request is unref'ed properly, and avoids a
1927 +segmentation fault in the new qtest testcase that is added.
1928 +This is CVE-2017-9503.
1929 +
1930 +Reported-by: Zhangyanyu <zyy4013@×××××××××××.cn>
1931 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1932 +---
1933 + hw/scsi/megasas.c | 31 ++++++++++++++++---------------
1934 + 2 files changed, 51 insertions(+), 15 deletions(-)
1935 +
1936 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
1937 +index 135662df31..734fdaef90 100644
1938 +--- a/hw/scsi/megasas.c
1939 ++++ b/hw/scsi/megasas.c
1940 +@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
1941 + static void megasas_abort_command(MegasasCmd *cmd)
1942 + {
1943 + /* Never abort internal commands. */
1944 ++ if (cmd->dcmd_opcode != -1) {
1945 ++ return;
1946 ++ }
1947 + if (cmd->req != NULL) {
1948 + scsi_req_cancel(cmd->req);
1949 + }
1950 +@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
1951 + uint64_t pd_size;
1952 + uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
1953 + uint8_t cmdbuf[6];
1954 +- SCSIRequest *req;
1955 + size_t len, resid;
1956 +
1957 + if (!cmd->iov_buf) {
1958 +@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
1959 + info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
1960 + info->vpd_page83[0] = 0x7f;
1961 + megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
1962 +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1963 +- if (!req) {
1964 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1965 ++ if (!cmd->req) {
1966 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
1967 + "PD get info std inquiry");
1968 + g_free(cmd->iov_buf);
1969 +@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
1970 + }
1971 + trace_megasas_dcmd_internal_submit(cmd->index,
1972 + "PD get info std inquiry", lun);
1973 +- len = scsi_req_enqueue(req);
1974 ++ len = scsi_req_enqueue(cmd->req);
1975 + if (len > 0) {
1976 + cmd->iov_size = len;
1977 +- scsi_req_continue(req);
1978 ++ scsi_req_continue(cmd->req);
1979 + }
1980 + return MFI_STAT_INVALID_STATUS;
1981 + } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
1982 + megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
1983 +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1984 +- if (!req) {
1985 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1986 ++ if (!cmd->req) {
1987 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
1988 + "PD get info vpd inquiry");
1989 + return MFI_STAT_FLASH_ALLOC_FAIL;
1990 + }
1991 + trace_megasas_dcmd_internal_submit(cmd->index,
1992 + "PD get info vpd inquiry", lun);
1993 +- len = scsi_req_enqueue(req);
1994 ++ len = scsi_req_enqueue(cmd->req);
1995 + if (len > 0) {
1996 + cmd->iov_size = len;
1997 +- scsi_req_continue(req);
1998 ++ scsi_req_continue(cmd->req);
1999 + }
2000 + return MFI_STAT_INVALID_STATUS;
2001 + }
2002 +@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
2003 + struct mfi_ld_info *info = cmd->iov_buf;
2004 + size_t dcmd_size = sizeof(struct mfi_ld_info);
2005 + uint8_t cdb[6];
2006 +- SCSIRequest *req;
2007 + ssize_t len, resid;
2008 + uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
2009 + uint64_t ld_size;
2010 +@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
2011 + cmd->iov_buf = g_malloc0(dcmd_size);
2012 + info = cmd->iov_buf;
2013 + megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
2014 +- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
2015 +- if (!req) {
2016 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
2017 ++ if (!cmd->req) {
2018 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
2019 + "LD get info vpd inquiry");
2020 + g_free(cmd->iov_buf);
2021 +@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
2022 + }
2023 + trace_megasas_dcmd_internal_submit(cmd->index,
2024 + "LD get info vpd inquiry", lun);
2025 +- len = scsi_req_enqueue(req);
2026 ++ len = scsi_req_enqueue(cmd->req);
2027 + if (len > 0) {
2028 + cmd->iov_size = len;
2029 +- scsi_req_continue(req);
2030 ++ scsi_req_continue(cmd->req);
2031 + }
2032 + return MFI_STAT_INVALID_STATUS;
2033 + }
2034 +@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
2035 + return;
2036 + }
2037 +
2038 +- if (cmd->req == NULL) {
2039 ++ if (cmd->dcmd_opcode != -1) {
2040 + /*
2041 + * Internal command complete
2042 + */
2043
2044 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
2045 new file mode 100644
2046 index 0000000..74725a9
2047 --- /dev/null
2048 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
2049 @@ -0,0 +1,114 @@
2050 +From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
2051 +From: Paolo Bonzini <pbonzini@××××××.com>
2052 +Date: Thu, 1 Jun 2017 17:18:23 +0200
2053 +Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
2054 +
2055 +Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
2056 +
2057 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
2058 +---
2059 + hw/scsi/megasas.c | 25 +++++++++++--------------
2060 + 1 file changed, 11 insertions(+), 14 deletions(-)
2061 +
2062 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
2063 +index c353118882..a3f75c1650 100644
2064 +--- a/hw/scsi/megasas.c
2065 ++++ b/hw/scsi/megasas.c
2066 +@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
2067 +
2068 + hwaddr pa;
2069 + hwaddr pa_size;
2070 ++ uint32_t dcmd_opcode;
2071 + union mfi_frame *frame;
2072 + SCSIRequest *req;
2073 + QEMUSGList qsg;
2074 +@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
2075 + cmd->context &= (uint64_t)0xFFFFFFFF;
2076 + }
2077 + cmd->count = count;
2078 ++ cmd->dcmd_opcode = -1;
2079 + s->busy++;
2080 +
2081 + if (s->consumer_pa) {
2082 +@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
2083 +
2084 + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
2085 + {
2086 +- int opcode;
2087 + int retval = 0;
2088 + size_t len;
2089 + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
2090 +
2091 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
2092 +- trace_megasas_handle_dcmd(cmd->index, opcode);
2093 ++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
2094 ++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
2095 + if (megasas_map_dcmd(s, cmd) < 0) {
2096 + return MFI_STAT_MEMORY_NOT_AVAILABLE;
2097 + }
2098 +- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
2099 ++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
2100 + cmdptr++;
2101 + }
2102 + len = cmd->iov_size;
2103 + if (cmdptr->opcode == -1) {
2104 +- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
2105 ++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
2106 + retval = megasas_dcmd_dummy(s, cmd);
2107 + } else {
2108 + trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
2109 +@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
2110 + static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
2111 + SCSIRequest *req)
2112 + {
2113 +- int opcode;
2114 + int retval = MFI_STAT_OK;
2115 + int lun = req->lun;
2116 +
2117 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
2118 +- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
2119 +- switch (opcode) {
2120 ++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
2121 ++ switch (cmd->dcmd_opcode) {
2122 + case MFI_DCMD_PD_GET_INFO:
2123 + retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
2124 + break;
2125 +@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
2126 + retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
2127 + break;
2128 + default:
2129 +- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
2130 ++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
2131 + retval = MFI_STAT_INVALID_DCMD;
2132 + break;
2133 + }
2134 +@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
2135 + {
2136 + MegasasCmd *cmd = req->hba_private;
2137 + uint8_t *buf;
2138 +- uint32_t opcode;
2139 +
2140 + trace_megasas_io_complete(cmd->index, len);
2141 +
2142 +@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
2143 + }
2144 +
2145 + buf = scsi_req_get_buf(req);
2146 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
2147 +- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
2148 ++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
2149 + struct mfi_pd_info *info = cmd->iov_buf;
2150 +
2151 + if (info->inquiry_data[0] == 0x7f) {
2152 +@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
2153 + memcpy(info->vpd_page83, buf, len);
2154 + }
2155 + scsi_req_continue(req);
2156 +- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
2157 ++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
2158 + struct mfi_ld_info *info = cmd->iov_buf;
2159 +
2160 + if (cmd->iov_buf) {
2161 +--
2162 +2.13.0
2163 +
2164
2165 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
2166 new file mode 100644
2167 index 0000000..9d77193
2168 --- /dev/null
2169 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
2170 @@ -0,0 +1,80 @@
2171 +From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
2172 +From: Eric Blake <eblake@××××××.com>
2173 +Date: Fri, 26 May 2017 22:04:21 -0500
2174 +Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
2175 +
2176 +If a non-NBD client connects to qemu-nbd, we would end up with
2177 +a SIGSEGV in nbd_client_put() because we were trying to
2178 +unregister the client's association to the export, even though
2179 +we skipped inserting the client into that list. Easy trigger
2180 +in two terminals:
2181 +
2182 +$ qemu-nbd -p 30001 --format=raw file
2183 +$ nmap 127.0.0.1 -p 30001
2184 +
2185 +nmap claims that it thinks it connected to a pago-services1
2186 +server (which probably means nmap could be updated to learn the
2187 +NBD protocol and give a more accurate diagnosis of the open
2188 +port - but that's not our problem), then terminates immediately,
2189 +so our call to nbd_negotiate() fails. The fix is to reorder
2190 +nbd_co_client_start() to ensure that all initialization occurs
2191 +before we ever try talking to a client in nbd_negotiate(), so
2192 +that the teardown sequence on negotiation failure doesn't fault
2193 +while dereferencing a half-initialized object.
2194 +
2195 +While debugging this, I also noticed that nbd_update_server_watch()
2196 +called by nbd_client_closed() was still adding a channel to accept
2197 +the next client, even when the state was no longer RUNNING. That
2198 +is fixed by making nbd_can_accept() pay attention to the current
2199 +state.
2200 +
2201 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
2202 +
2203 +Signed-off-by: Eric Blake <eblake@××××××.com>
2204 +Message-Id: <20170527030421.28366-1-eblake@××××××.com>
2205 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
2206 +---
2207 + nbd/server.c | 8 +++-----
2208 + qemu-nbd.c | 2 +-
2209 + 2 files changed, 4 insertions(+), 6 deletions(-)
2210 +
2211 +diff --git a/nbd/server.c b/nbd/server.c
2212 +index ee59e5d234..49b55f6ede 100644
2213 +--- a/nbd/server.c
2214 ++++ b/nbd/server.c
2215 +@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
2216 +
2217 + if (exp) {
2218 + nbd_export_get(exp);
2219 ++ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
2220 + }
2221 ++ qemu_co_mutex_init(&client->send_lock);
2222 ++
2223 + if (nbd_negotiate(data)) {
2224 + client_close(client);
2225 + goto out;
2226 + }
2227 +- qemu_co_mutex_init(&client->send_lock);
2228 +-
2229 +- if (exp) {
2230 +- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
2231 +- }
2232 +
2233 + nbd_client_receive_next_request(client);
2234 +
2235 +diff --git a/qemu-nbd.c b/qemu-nbd.c
2236 +index f60842fd86..651f85ecc1 100644
2237 +--- a/qemu-nbd.c
2238 ++++ b/qemu-nbd.c
2239 +@@ -325,7 +325,7 @@ out:
2240 +
2241 + static int nbd_can_accept(void)
2242 + {
2243 +- return nb_fds < shared;
2244 ++ return state == RUNNING && nb_fds < shared;
2245 + }
2246 +
2247 + static void nbd_export_closed(NBDExport *exp)
2248 +--
2249 +2.13.0
2250 +
2251
2252 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
2253 new file mode 100644
2254 index 0000000..e6934b3
2255 --- /dev/null
2256 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
2257 @@ -0,0 +1,197 @@
2258 +From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
2259 +From: Eric Blake <eblake@××××××.com>
2260 +Date: Thu, 8 Jun 2017 17:26:17 -0500
2261 +Subject: [PATCH] nbd: Fix regression on resiliency to port scan
2262 +
2263 +Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
2264 +server would not quit, regardless of how many probe connections
2265 +came and went, until a connection actually negotiated). But we
2266 +broke that in commit ee7d7aa when removing the return value to
2267 +nbd_client_new(), although that patch also introduced a bug causing
2268 +an assertion failure on a client that fails negotiation. We then
2269 +made it worse during refactoring in commit 1a6245a (a segfault
2270 +before we could even assert); the (masked) assertion was cleaned
2271 +up in d3780c2 (still in 2.6), and just recently we finally fixed
2272 +the segfault ("nbd: Fully intialize client in case of failed
2273 +negotiation"). But that still means that ever since we added
2274 +TLS support to qemu-nbd, we have been vulnerable to an ill-timed
2275 +port-scan being able to cause a denial of service by taking down
2276 +qemu-nbd before a real client has a chance to connect.
2277 +
2278 +Since negotiation is now handled asynchronously via coroutines,
2279 +we no longer have a synchronous point of return by re-adding a
2280 +return value to nbd_client_new(). So this patch instead wires
2281 +things up to pass the negotiation status through the close_fn
2282 +callback function.
2283 +
2284 +Simple test across two terminals:
2285 +$ qemu-nbd -f raw -p 30001 file
2286 +$ nmap 127.0.0.1 -p 30001 && \
2287 + qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
2288 +
2289 +Note that this patch does not change what constitutes successful
2290 +negotiation (thus, a client must enter transmission phase before
2291 +that client can be considered as a reason to terminate the server
2292 +when the connection ends). Perhaps we may want to tweak things
2293 +in a later patch to also treat a client that uses NBD_OPT_ABORT
2294 +as being a 'successful' negotiation (the client correctly talked
2295 +the NBD protocol, and informed us it was not going to use our
2296 +export after all), but that's a discussion for another day.
2297 +
2298 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
2299 +
2300 +Signed-off-by: Eric Blake <eblake@××××××.com>
2301 +Message-Id: <20170608222617.20376-1-eblake@××××××.com>
2302 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
2303 +---
2304 + blockdev-nbd.c | 6 +++++-
2305 + include/block/nbd.h | 2 +-
2306 + nbd/server.c | 24 +++++++++++++++---------
2307 + qemu-nbd.c | 4 ++--
2308 + 4 files changed, 23 insertions(+), 13 deletions(-)
2309 +
2310 +diff --git a/blockdev-nbd.c b/blockdev-nbd.c
2311 +index dd0860f4a6..28f551a7b0 100644
2312 +--- a/blockdev-nbd.c
2313 ++++ b/blockdev-nbd.c
2314 +@@ -27,6 +27,10 @@ typedef struct NBDServerData {
2315 +
2316 + static NBDServerData *nbd_server;
2317 +
2318 ++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
2319 ++{
2320 ++ nbd_client_put(client);
2321 ++}
2322 +
2323 + static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
2324 + gpointer opaque)
2325 +@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
2326 + qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
2327 + nbd_client_new(NULL, cioc,
2328 + nbd_server->tlscreds, NULL,
2329 +- nbd_client_put);
2330 ++ nbd_blockdev_client_closed);
2331 + object_unref(OBJECT(cioc));
2332 + return TRUE;
2333 + }
2334 +diff --git a/include/block/nbd.h b/include/block/nbd.h
2335 +index 416257abca..8fa5ce51f3 100644
2336 +--- a/include/block/nbd.h
2337 ++++ b/include/block/nbd.h
2338 +@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
2339 + QIOChannelSocket *sioc,
2340 + QCryptoTLSCreds *tlscreds,
2341 + const char *tlsaclname,
2342 +- void (*close)(NBDClient *));
2343 ++ void (*close_fn)(NBDClient *, bool));
2344 + void nbd_client_get(NBDClient *client);
2345 + void nbd_client_put(NBDClient *client);
2346 +
2347 +diff --git a/nbd/server.c b/nbd/server.c
2348 +index 49b55f6ede..f2b1aa47ce 100644
2349 +--- a/nbd/server.c
2350 ++++ b/nbd/server.c
2351 +@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
2352 +
2353 + struct NBDClient {
2354 + int refcount;
2355 +- void (*close)(NBDClient *client);
2356 ++ void (*close_fn)(NBDClient *client, bool negotiated);
2357 +
2358 + bool no_zeroes;
2359 + NBDExport *exp;
2360 +@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
2361 + }
2362 + }
2363 +
2364 +-static void client_close(NBDClient *client)
2365 ++static void client_close(NBDClient *client, bool negotiated)
2366 + {
2367 + if (client->closing) {
2368 + return;
2369 +@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
2370 + NULL);
2371 +
2372 + /* Also tell the client, so that they release their reference. */
2373 +- if (client->close) {
2374 +- client->close(client);
2375 ++ if (client->close_fn) {
2376 ++ client->close_fn(client, negotiated);
2377 + }
2378 + }
2379 +
2380 +@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
2381 +
2382 + nbd_export_get(exp);
2383 + QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
2384 +- client_close(client);
2385 ++ client_close(client, true);
2386 + }
2387 + nbd_export_set_name(exp, NULL);
2388 + nbd_export_set_description(exp, NULL);
2389 +@@ -1337,7 +1337,7 @@ done:
2390 +
2391 + out:
2392 + nbd_request_put(req);
2393 +- client_close(client);
2394 ++ client_close(client, true);
2395 + nbd_client_put(client);
2396 + }
2397 +
2398 +@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
2399 + qemu_co_mutex_init(&client->send_lock);
2400 +
2401 + if (nbd_negotiate(data)) {
2402 +- client_close(client);
2403 ++ client_close(client, false);
2404 + goto out;
2405 + }
2406 +
2407 +@@ -1373,11 +1373,17 @@ out:
2408 + g_free(data);
2409 + }
2410 +
2411 ++/*
2412 ++ * Create a new client listener on the given export @exp, using the
2413 ++ * given channel @sioc. Begin servicing it in a coroutine. When the
2414 ++ * connection closes, call @close_fn with an indication of whether the
2415 ++ * client completed negotiation.
2416 ++ */
2417 + void nbd_client_new(NBDExport *exp,
2418 + QIOChannelSocket *sioc,
2419 + QCryptoTLSCreds *tlscreds,
2420 + const char *tlsaclname,
2421 +- void (*close_fn)(NBDClient *))
2422 ++ void (*close_fn)(NBDClient *, bool))
2423 + {
2424 + NBDClient *client;
2425 + NBDClientNewData *data = g_new(NBDClientNewData, 1);
2426 +@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
2427 + object_ref(OBJECT(client->sioc));
2428 + client->ioc = QIO_CHANNEL(sioc);
2429 + object_ref(OBJECT(client->ioc));
2430 +- client->close = close_fn;
2431 ++ client->close_fn = close_fn;
2432 +
2433 + data->client = client;
2434 + data->co = qemu_coroutine_create(nbd_co_client_start, data);
2435 +diff --git a/qemu-nbd.c b/qemu-nbd.c
2436 +index 651f85ecc1..9464a0461c 100644
2437 +--- a/qemu-nbd.c
2438 ++++ b/qemu-nbd.c
2439 +@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
2440 +
2441 + static void nbd_update_server_watch(void);
2442 +
2443 +-static void nbd_client_closed(NBDClient *client)
2444 ++static void nbd_client_closed(NBDClient *client, bool negotiated)
2445 + {
2446 + nb_fds--;
2447 +- if (nb_fds == 0 && !persistent && state == RUNNING) {
2448 ++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
2449 + state = TERMINATE;
2450 + }
2451 + nbd_update_server_watch();
2452 +--
2453 +2.13.0
2454 +
2455
2456 diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
2457 deleted file mode 100644
2458 index ff24476..0000000
2459 --- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild
2460 +++ /dev/null
2461 @@ -1,770 +0,0 @@
2462 -# Copyright 1999-2017 Gentoo Foundation
2463 -# Distributed under the terms of the GNU General Public License v2
2464 -
2465 -EAPI="6"
2466 -
2467 -PYTHON_COMPAT=( python2_7 )
2468 -PYTHON_REQ_USE="ncurses,readline"
2469 -
2470 -PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
2471 -
2472 -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
2473 - user udev fcaps readme.gentoo-r1 pax-utils l10n
2474 -
2475 -if [[ ${PV} = *9999* ]]; then
2476 - EGIT_REPO_URI="git://git.qemu.org/qemu.git"
2477 - inherit git-r3
2478 - SRC_URI=""
2479 -else
2480 - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
2481 - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
2482 -fi
2483 -
2484 -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
2485 -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
2486 -
2487 -LICENSE="GPL-2 LGPL-2 BSD-2"
2488 -SLOT="0"
2489 -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
2490 - glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
2491 - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
2492 - pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
2493 - spice ssh static static-user systemtap tci test usb usbredir vde
2494 - +vhost-net virgl virtfs +vnc vte xattr xen xfs"
2495 -
2496 -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
2497 - mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
2498 - sparc64 x86_64"
2499 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
2500 - lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
2501 -IUSE_USER_TARGETS="${COMMON_TARGETS}
2502 - armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
2503 -
2504 -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
2505 -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
2506 -IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
2507 -
2508 -# Allow no targets to be built so that people can get a tools-only build.
2509 -# Block USE flag configurations known to not work.
2510 -REQUIRED_USE="${PYTHON_REQUIRED_USE}
2511 - gtk2? ( gtk )
2512 - qemu_softmmu_targets_arm? ( fdt )
2513 - qemu_softmmu_targets_microblaze? ( fdt )
2514 - qemu_softmmu_targets_ppc? ( fdt )
2515 - qemu_softmmu_targets_ppc64? ( fdt )
2516 - sdl2? ( sdl )
2517 - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
2518 - virtfs? ( xattr )
2519 - vte? ( gtk )"
2520 -
2521 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
2522 -# and user/softmmu targets (qemu-*, qemu-system-*).
2523 -#
2524 -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
2525 -#
2526 -# The attr lib isn't always linked in (although the USE flag is always
2527 -# respected). This is because qemu supports using the C library's API
2528 -# when available rather than always using the extranl library.
2529 -ALL_DEPEND="
2530 - >=dev-libs/glib-2.0[static-libs(+)]
2531 - sys-libs/zlib[static-libs(+)]
2532 - python? ( ${PYTHON_DEPS} )
2533 - systemtap? ( dev-util/systemtap )
2534 - xattr? ( sys-apps/attr[static-libs(+)] )"
2535 -
2536 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
2537 -# softmmu targets (qemu-system-*).
2538 -SOFTMMU_TOOLS_DEPEND="
2539 - >=x11-libs/pixman-0.28.0[static-libs(+)]
2540 - accessibility? (
2541 - app-accessibility/brltty[api]
2542 - app-accessibility/brltty[static-libs(+)]
2543 - )
2544 - aio? ( dev-libs/libaio[static-libs(+)] )
2545 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
2546 - bluetooth? ( net-wireless/bluez )
2547 - bzip2? ( app-arch/bzip2[static-libs(+)] )
2548 - caps? ( sys-libs/libcap-ng[static-libs(+)] )
2549 - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
2550 - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
2551 - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
2552 - gnutls? (
2553 - dev-libs/nettle:=[static-libs(+)]
2554 - >=net-libs/gnutls-3.0:=[static-libs(+)]
2555 - )
2556 - gtk? (
2557 - gtk2? (
2558 - x11-libs/gtk+:2
2559 - vte? ( x11-libs/vte:0 )
2560 - )
2561 - !gtk2? (
2562 - x11-libs/gtk+:3
2563 - vte? ( x11-libs/vte:2.91 )
2564 - )
2565 - )
2566 - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
2567 - iscsi? ( net-libs/libiscsi )
2568 - jpeg? ( virtual/jpeg:0=[static-libs(+)] )
2569 - lzo? ( dev-libs/lzo:2[static-libs(+)] )
2570 - ncurses? (
2571 - sys-libs/ncurses:0=[unicode]
2572 - sys-libs/ncurses:0=[static-libs(+)]
2573 - )
2574 - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
2575 - numa? ( sys-process/numactl[static-libs(+)] )
2576 - opengl? (
2577 - virtual/opengl
2578 - media-libs/libepoxy[static-libs(+)]
2579 - media-libs/mesa[static-libs(+)]
2580 - media-libs/mesa[egl,gbm]
2581 - )
2582 - png? ( media-libs/libpng:0=[static-libs(+)] )
2583 - pulseaudio? ( media-sound/pulseaudio )
2584 - rbd? ( sys-cluster/ceph[static-libs(+)] )
2585 - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
2586 - sdl? (
2587 - !sdl2? (
2588 - media-libs/libsdl[X]
2589 - >=media-libs/libsdl-1.2.11[static-libs(+)]
2590 - )
2591 - sdl2? (
2592 - media-libs/libsdl2[X]
2593 - media-libs/libsdl2[static-libs(+)]
2594 - )
2595 - )
2596 - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
2597 - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
2598 - snappy? ( app-arch/snappy[static-libs(+)] )
2599 - spice? (
2600 - >=app-emulation/spice-protocol-0.12.3
2601 - >=app-emulation/spice-0.12.0[static-libs(+)]
2602 - )
2603 - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
2604 - usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
2605 - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
2606 - vde? ( net-misc/vde[static-libs(+)] )
2607 - virgl? ( media-libs/virglrenderer[static-libs(+)] )
2608 - virtfs? ( sys-libs/libcap )
2609 - xen? ( app-emulation/xen-tools:= )
2610 - xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
2611 -
2612 -X86_FIRMWARE_DEPEND="
2613 - >=sys-firmware/ipxe-1.0.0_p20130624
2614 - pin-upstream-blobs? (
2615 - ~sys-firmware/seabios-1.10.1
2616 - ~sys-firmware/sgabios-0.1_pre8
2617 - ~sys-firmware/vgabios-0.7a
2618 - )
2619 - !pin-upstream-blobs? (
2620 - sys-firmware/seabios
2621 - sys-firmware/sgabios
2622 - sys-firmware/vgabios
2623 - )"
2624 -
2625 -CDEPEND="
2626 - !static? (
2627 - ${ALL_DEPEND//\[static-libs(+)]}
2628 - ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
2629 - )
2630 - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
2631 - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
2632 -DEPEND="${CDEPEND}
2633 - dev-lang/perl
2634 - =dev-lang/python-2*
2635 - sys-apps/texinfo
2636 - virtual/pkgconfig
2637 - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
2638 - gtk? ( nls? ( sys-devel/gettext ) )
2639 - static? (
2640 - ${ALL_DEPEND}
2641 - ${SOFTMMU_TOOLS_DEPEND}
2642 - )
2643 - static-user? ( ${ALL_DEPEND} )
2644 - test? (
2645 - dev-libs/glib[utils]
2646 - sys-devel/bc
2647 - )"
2648 -RDEPEND="${CDEPEND}
2649 - selinux? ( sec-policy/selinux-qemu )"
2650 -
2651 -PATCHES=(
2652 - # musl patches
2653 - "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
2654 - "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
2655 - "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
2656 -
2657 - # gentoo patches
2658 - "${FILESDIR}"/${PN}-2.5.0-cflags.patch
2659 - "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
2660 - "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
2661 - "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
2662 - "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
2663 - "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
2664 - "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
2665 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
2666 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
2667 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
2668 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
2669 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
2670 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
2671 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
2672 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
2673 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334
2674 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398
2675 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
2676 - "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
2677 - "${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch #616484
2678 - "${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch #616460
2679 -)
2680 -
2681 -STRIP_MASK="/usr/share/qemu/palcode-clipper"
2682 -
2683 -QA_PREBUILT="
2684 - usr/share/qemu/openbios-ppc
2685 - usr/share/qemu/openbios-sparc64
2686 - usr/share/qemu/openbios-sparc32
2687 - usr/share/qemu/palcode-clipper
2688 - usr/share/qemu/s390-ccw.img
2689 - usr/share/qemu/u-boot.e500"
2690 -
2691 -QA_WX_LOAD="usr/bin/qemu-i386
2692 - usr/bin/qemu-x86_64
2693 - usr/bin/qemu-alpha
2694 - usr/bin/qemu-arm
2695 - usr/bin/qemu-cris
2696 - usr/bin/qemu-m68k
2697 - usr/bin/qemu-microblaze
2698 - usr/bin/qemu-microblazeel
2699 - usr/bin/qemu-mips
2700 - usr/bin/qemu-mipsel
2701 - usr/bin/qemu-or32
2702 - usr/bin/qemu-ppc
2703 - usr/bin/qemu-ppc64
2704 - usr/bin/qemu-ppc64abi32
2705 - usr/bin/qemu-sh4
2706 - usr/bin/qemu-sh4eb
2707 - usr/bin/qemu-sparc
2708 - usr/bin/qemu-sparc64
2709 - usr/bin/qemu-armeb
2710 - usr/bin/qemu-sparc32plus
2711 - usr/bin/qemu-s390x
2712 - usr/bin/qemu-unicore32"
2713 -
2714 -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
2715 -kernel module loaded before running kvm. The easiest way to ensure that the
2716 -kernel module is loaded is to load it on boot.
2717 - For AMD CPUs the module is called 'kvm-amd'.
2718 - For Intel CPUs the module is called 'kvm-intel'.
2719 -Please review /etc/conf.d/modules for how to load these.
2720 -
2721 -Make sure your user is in the 'kvm' group. Just run
2722 - $ gpasswd -a <USER> kvm
2723 -then have <USER> re-login.
2724 -
2725 -For brand new installs, the default permissions on /dev/kvm might not let
2726 -you access it. You can tell udev to reset ownership/perms:
2727 - $ udevadm trigger -c add /dev/kvm
2728 -
2729 -If you want to register binfmt handlers for qemu user targets:
2730 -For openrc:
2731 - # rc-update add qemu-binfmt
2732 -For systemd:
2733 - # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
2734 -
2735 -pkg_pretend() {
2736 - if use kernel_linux && kernel_is lt 2 6 25; then
2737 - eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
2738 - elif use kernel_linux; then
2739 - if ! linux_config_exists; then
2740 - eerror "Unable to check your kernel for KVM support"
2741 - else
2742 - CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
2743 - ERROR_KVM="You must enable KVM in your kernel to continue"
2744 - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
2745 - ERROR_KVM_AMD+=" your kernel configuration."
2746 - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
2747 - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
2748 - ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
2749 - ERROR_TUN+=" into your kernel or loaded as a module to use the"
2750 - ERROR_TUN+=" virtual network device if using -net tap."
2751 - ERROR_BRIDGE="You will also need support for 802.1d"
2752 - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
2753 - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
2754 - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
2755 - ERROR_VHOST_NET+=" support"
2756 -
2757 - if use amd64 || use x86 || use amd64-linux || use x86-linux; then
2758 - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
2759 - fi
2760 -
2761 - use python && CONFIG_CHECK+=" ~DEBUG_FS"
2762 - ERROR_DEBUG_FS="debugFS support required for kvm_stat"
2763 -
2764 - # Now do the actual checks setup above
2765 - check_extra_config
2766 - fi
2767 - fi
2768 -
2769 - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
2770 - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
2771 - eerror "instances are still pointing to it. Please update your"
2772 - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
2773 - eerror "and the right system binary (e.g. qemu-system-x86_64)."
2774 - die "update your virt configs to not use qemu-kvm"
2775 - fi
2776 -}
2777 -
2778 -pkg_setup() {
2779 - enewgroup kvm 78
2780 -}
2781 -
2782 -# Sanity check to make sure target lists are kept up-to-date.
2783 -check_targets() {
2784 - local var=$1 mak=$2
2785 - local detected sorted
2786 -
2787 - pushd "${S}"/default-configs >/dev/null || die
2788 -
2789 - # Force C locale until glibc is updated. #564936
2790 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
2791 - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
2792 - if [[ ${sorted} != "${detected}" ]] ; then
2793 - eerror "The ebuild needs to be kept in sync."
2794 - eerror "${var}: ${sorted}"
2795 - eerror "$(printf '%-*s' ${#var} configure): ${detected}"
2796 - die "sync ${var} to the list of targets"
2797 - fi
2798 -
2799 - popd >/dev/null
2800 -}
2801 -
2802 -handle_locales() {
2803 - # Make sure locale list is kept up-to-date.
2804 - local detected sorted
2805 - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
2806 - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
2807 - if [[ ${sorted} != "${detected}" ]] ; then
2808 - eerror "The ebuild needs to be kept in sync."
2809 - eerror "PLOCALES: ${sorted}"
2810 - eerror " po/*.po: ${detected}"
2811 - die "sync PLOCALES"
2812 - fi
2813 -
2814 - # Deal with selective install of locales.
2815 - if use nls ; then
2816 - # Delete locales the user does not want. #577814
2817 - rm_loc() { rm po/$1.po || die; }
2818 - l10n_for_each_disabled_locale_do rm_loc
2819 - else
2820 - # Cheap hack to disable gettext .mo generation.
2821 - rm -f po/*.po
2822 - fi
2823 -}
2824 -
2825 -src_prepare() {
2826 - check_targets IUSE_SOFTMMU_TARGETS softmmu
2827 - check_targets IUSE_USER_TARGETS linux-user
2828 -
2829 - # Alter target makefiles to accept CFLAGS set via flag-o
2830 - sed -i -r \
2831 - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
2832 - Makefile Makefile.target || die
2833 -
2834 - default
2835 -
2836 - # Fix ld and objcopy being called directly
2837 - tc-export AR LD OBJCOPY
2838 -
2839 - # Verbose builds
2840 - MAKEOPTS+=" V=1"
2841 -
2842 - # Run after we've applied all patches.
2843 - handle_locales
2844 -}
2845 -
2846 -##
2847 -# configures qemu based on the build directory and the build type
2848 -# we are using.
2849 -#
2850 -qemu_src_configure() {
2851 - debug-print-function ${FUNCNAME} "$@"
2852 -
2853 - local buildtype=$1
2854 - local builddir="${S}/${buildtype}-build"
2855 -
2856 - mkdir "${builddir}"
2857 -
2858 - local conf_opts=(
2859 - --prefix=/usr
2860 - --sysconfdir=/etc
2861 - --libdir=/usr/$(get_libdir)
2862 - --docdir=/usr/share/doc/${PF}/html
2863 - --disable-bsd-user
2864 - --disable-guest-agent
2865 - --disable-strip
2866 - --disable-werror
2867 - # We support gnutls/nettle for crypto operations. It is possible
2868 - # to use gcrypt when gnutls/nettle are disabled (but not when they
2869 - # are enabled), but it's not really worth the hassle. Disable it
2870 - # all the time to avoid automatically detecting it. #568856
2871 - --disable-gcrypt
2872 - --python="${PYTHON}"
2873 - --cc="$(tc-getCC)"
2874 - --cxx="$(tc-getCXX)"
2875 - --host-cc="$(tc-getBUILD_CC)"
2876 - $(use_enable debug debug-info)
2877 - $(use_enable debug debug-tcg)
2878 - --enable-docs
2879 - $(use_enable tci tcg-interpreter)
2880 - $(use_enable xattr attr)
2881 - )
2882 -
2883 - # Disable options not used by user targets. This simplifies building
2884 - # static user targets (USE=static-user) considerably.
2885 - conf_notuser() {
2886 - if [[ ${buildtype} == "user" ]] ; then
2887 - echo "--disable-${2:-$1}"
2888 - else
2889 - use_enable "$@"
2890 - fi
2891 - }
2892 - conf_opts+=(
2893 - $(conf_notuser accessibility brlapi)
2894 - $(conf_notuser aio linux-aio)
2895 - $(conf_notuser bzip2)
2896 - $(conf_notuser bluetooth bluez)
2897 - $(conf_notuser caps cap-ng)
2898 - $(conf_notuser curl)
2899 - $(conf_notuser fdt)
2900 - $(conf_notuser glusterfs)
2901 - $(conf_notuser gnutls)
2902 - $(conf_notuser gnutls nettle)
2903 - $(conf_notuser gtk)
2904 - $(conf_notuser infiniband rdma)
2905 - $(conf_notuser iscsi libiscsi)
2906 - $(conf_notuser jpeg vnc-jpeg)
2907 - $(conf_notuser kernel_linux kvm)
2908 - $(conf_notuser lzo)
2909 - $(conf_notuser ncurses curses)
2910 - $(conf_notuser nfs libnfs)
2911 - $(conf_notuser numa)
2912 - $(conf_notuser opengl)
2913 - $(conf_notuser png vnc-png)
2914 - $(conf_notuser rbd)
2915 - $(conf_notuser sasl vnc-sasl)
2916 - $(conf_notuser sdl)
2917 - $(conf_notuser seccomp)
2918 - $(conf_notuser smartcard)
2919 - $(conf_notuser snappy)
2920 - $(conf_notuser spice)
2921 - $(conf_notuser ssh libssh2)
2922 - $(conf_notuser usb libusb)
2923 - $(conf_notuser usbredir usb-redir)
2924 - $(conf_notuser vde)
2925 - $(conf_notuser vhost-net)
2926 - $(conf_notuser virgl virglrenderer)
2927 - $(conf_notuser virtfs)
2928 - $(conf_notuser vnc)
2929 - $(conf_notuser vte)
2930 - $(conf_notuser xen)
2931 - $(conf_notuser xen xen-pci-passthrough)
2932 - $(conf_notuser xfs xfsctl)
2933 - )
2934 -
2935 - if [[ ! ${buildtype} == "user" ]] ; then
2936 - # audio options
2937 - local audio_opts="oss"
2938 - use alsa && audio_opts="alsa,${audio_opts}"
2939 - use sdl && audio_opts="sdl,${audio_opts}"
2940 - use pulseaudio && audio_opts="pa,${audio_opts}"
2941 - conf_opts+=(
2942 - --audio-drv-list="${audio_opts}"
2943 - )
2944 - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
2945 - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
2946 - fi
2947 -
2948 - case ${buildtype} in
2949 - user)
2950 - conf_opts+=(
2951 - --enable-linux-user
2952 - --disable-system
2953 - --disable-blobs
2954 - --disable-tools
2955 - )
2956 - local static_flag="static-user"
2957 - ;;
2958 - softmmu)
2959 - conf_opts+=(
2960 - --disable-linux-user
2961 - --enable-system
2962 - --disable-tools
2963 - --with-system-pixman
2964 - )
2965 - local static_flag="static"
2966 - ;;
2967 - tools)
2968 - conf_opts+=(
2969 - --disable-linux-user
2970 - --disable-system
2971 - --disable-blobs
2972 - --enable-tools
2973 - )
2974 - local static_flag="static"
2975 - ;;
2976 - esac
2977 -
2978 - local targets="${buildtype}_targets"
2979 - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
2980 -
2981 - # Add support for SystemTAP
2982 - use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
2983 -
2984 - # We always want to attempt to build with PIE support as it results
2985 - # in a more secure binary. But it doesn't work with static or if
2986 - # the current GCC doesn't have PIE support.
2987 - if use ${static_flag}; then
2988 - conf_opts+=( --static --disable-pie )
2989 - else
2990 - gcc-specs-pie && conf_opts+=( --enable-pie )
2991 - fi
2992 -
2993 - echo "../configure ${conf_opts[*]}"
2994 - cd "${builddir}"
2995 - ../configure "${conf_opts[@]}" || die "configure failed"
2996 -
2997 - # FreeBSD's kernel does not support QEMU assigning/grabbing
2998 - # host USB devices yet
2999 - use kernel_FreeBSD && \
3000 - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
3001 -}
3002 -
3003 -src_configure() {
3004 - local target
3005 -
3006 - python_setup
3007 -
3008 - softmmu_targets= softmmu_bins=()
3009 - user_targets= user_bins=()
3010 -
3011 - for target in ${IUSE_SOFTMMU_TARGETS} ; do
3012 - if use "qemu_softmmu_targets_${target}"; then
3013 - softmmu_targets+=",${target}-softmmu"
3014 - softmmu_bins+=( "qemu-system-${target}" )
3015 - fi
3016 - done
3017 -
3018 - for target in ${IUSE_USER_TARGETS} ; do
3019 - if use "qemu_user_targets_${target}"; then
3020 - user_targets+=",${target}-linux-user"
3021 - user_bins+=( "qemu-${target}" )
3022 - fi
3023 - done
3024 -
3025 - softmmu_targets=${softmmu_targets#,}
3026 - user_targets=${user_targets#,}
3027 -
3028 - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
3029 - [[ -n ${user_targets} ]] && qemu_src_configure "user"
3030 - qemu_src_configure "tools"
3031 -}
3032 -
3033 -src_compile() {
3034 - if [[ -n ${user_targets} ]]; then
3035 - cd "${S}/user-build"
3036 - default
3037 - fi
3038 -
3039 - if [[ -n ${softmmu_targets} ]]; then
3040 - cd "${S}/softmmu-build"
3041 - default
3042 - fi
3043 -
3044 - cd "${S}/tools-build"
3045 - default
3046 -}
3047 -
3048 -src_test() {
3049 - if [[ -n ${softmmu_targets} ]]; then
3050 - cd "${S}/softmmu-build"
3051 - pax-mark m */qemu-system-* #515550
3052 - emake -j1 check
3053 - emake -j1 check-report.html
3054 - fi
3055 -}
3056 -
3057 -qemu_python_install() {
3058 - python_domodule "${S}/scripts/qmp/qmp.py"
3059 -
3060 - python_doscript "${S}/scripts/kvm/vmxcap"
3061 - python_doscript "${S}/scripts/qmp/qmp-shell"
3062 - python_doscript "${S}/scripts/qmp/qemu-ga-client"
3063 -}
3064 -
3065 -# Generate binfmt support files.
3066 -# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
3067 -# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
3068 -generate_initd() {
3069 - local out="${T}/qemu-binfmt"
3070 - local out_systemd="${T}/qemu.conf"
3071 - local d="${T}/binfmt.d"
3072 -
3073 - einfo "Generating qemu binfmt scripts and configuration files"
3074 -
3075 - # Generate the debian fragments first.
3076 - mkdir -p "${d}"
3077 - "${S}"/scripts/qemu-binfmt-conf.sh \
3078 - --debian \
3079 - --exportdir "${d}" \
3080 - --qemu-path "${EPREFIX}/usr/bin" \
3081 - || die
3082 - # Then turn the fragments into a shell script we can source.
3083 - sed -E -i \
3084 - -e 's:^([^ ]+) (.*)$:\1="\2":' \
3085 - "${d}"/* || die
3086 -
3087 - # Generate the init.d script by assembling the fragments from above.
3088 - local f qcpu package interpreter magic mask
3089 - cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
3090 - for f in "${d}"/qemu-* ; do
3091 - source "${f}"
3092 -
3093 - # Normalize the cpu logic like we do in the init.d for the native cpu.
3094 - qcpu=${package#qemu-}
3095 - case ${qcpu} in
3096 - arm*) qcpu="arm";;
3097 - mips*) qcpu="mips";;
3098 - ppc*) qcpu="ppc";;
3099 - s390*) qcpu="s390";;
3100 - sh*) qcpu="sh";;
3101 - sparc*) qcpu="sparc";;
3102 - esac
3103 -
3104 - cat <<EOF >>"${out}"
3105 - if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
3106 - echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
3107 - fi
3108 -EOF
3109 -
3110 - echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
3111 -
3112 - done
3113 - cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
3114 -}
3115 -
3116 -src_install() {
3117 - if [[ -n ${user_targets} ]]; then
3118 - cd "${S}/user-build"
3119 - emake DESTDIR="${ED}" install
3120 -
3121 - # Install binfmt handler init script for user targets.
3122 - generate_initd
3123 - doinitd "${T}/qemu-binfmt"
3124 -
3125 - # Install binfmt/qemu.conf.
3126 - insinto "/usr/share/qemu/binfmt.d"
3127 - doins "${T}/qemu.conf"
3128 - fi
3129 -
3130 - if [[ -n ${softmmu_targets} ]]; then
3131 - cd "${S}/softmmu-build"
3132 - emake DESTDIR="${ED}" install
3133 -
3134 - # This might not exist if the test failed. #512010
3135 - [[ -e check-report.html ]] && dohtml check-report.html
3136 -
3137 - if use kernel_linux; then
3138 - udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
3139 - fi
3140 -
3141 - if use python; then
3142 - python_foreach_impl qemu_python_install
3143 - fi
3144 - fi
3145 -
3146 - cd "${S}/tools-build"
3147 - emake DESTDIR="${ED}" install
3148 -
3149 - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
3150 - pushd "${ED}"/usr/bin >/dev/null
3151 - pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
3152 - popd >/dev/null
3153 -
3154 - # Install config file example for qemu-bridge-helper
3155 - insinto "/etc/qemu"
3156 - doins "${FILESDIR}/bridge.conf"
3157 -
3158 - # Remove the docdir placed qmp-commands.txt
3159 - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
3160 -
3161 - cd "${S}"
3162 - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
3163 - newdoc pc-bios/README README.pc-bios
3164 - dodoc docs/qmp-*.txt
3165 -
3166 - if [[ -n ${softmmu_targets} ]]; then
3167 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
3168 - rm "${ED}/usr/share/qemu/bios.bin"
3169 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
3170 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
3171 - fi
3172 -
3173 - # Remove vgabios since we're using the vgabios packaged one
3174 - rm "${ED}/usr/share/qemu/vgabios.bin"
3175 - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
3176 - rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
3177 - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
3178 - rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
3179 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
3180 - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
3181 - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
3182 - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
3183 - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
3184 - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
3185 - fi
3186 -
3187 - # Remove sgabios since we're using the sgabios packaged one
3188 - rm "${ED}/usr/share/qemu/sgabios.bin"
3189 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
3190 - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
3191 - fi
3192 -
3193 - # Remove iPXE since we're using the iPXE packaged one
3194 - rm "${ED}"/usr/share/qemu/pxe-*.rom
3195 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
3196 - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
3197 - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
3198 - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
3199 - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
3200 - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
3201 - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
3202 - fi
3203 - fi
3204 -
3205 - DISABLE_AUTOFORMATTING=true
3206 - readme.gentoo_create_doc
3207 -}
3208 -
3209 -pkg_postinst() {
3210 - DISABLE_AUTOFORMATTING=true
3211 - readme.gentoo_print_elog
3212 -
3213 - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
3214 - udev_reload
3215 - fi
3216 -
3217 - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
3218 -}
3219 -
3220 -pkg_info() {
3221 - echo "Using:"
3222 - echo " $(best_version app-emulation/spice-protocol)"
3223 - echo " $(best_version sys-firmware/ipxe)"
3224 - echo " $(best_version sys-firmware/seabios)"
3225 - if has_version 'sys-firmware/seabios[binary]'; then
3226 - echo " USE=binary"
3227 - else
3228 - echo " USE=''"
3229 - fi
3230 - echo " $(best_version sys-firmware/vgabios)"
3231 -}
3232
3233 diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
3234 index 3efa65c..397b86c 100644
3235 --- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
3236 +++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
3237 @@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
3238 SRC_URI=""
3239 else
3240 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
3241 - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
3242 + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
3243 fi
3244
3245 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
3246 @@ -513,7 +513,7 @@ qemu_src_configure() {
3247 if use ${static_flag}; then
3248 conf_opts+=( --static --disable-pie )
3249 else
3250 - gcc-specs-pie && conf_opts+=( --enable-pie )
3251 + tc-enables-pie && conf_opts+=( --enable-pie )
3252 fi
3253
3254 echo "../configure ${conf_opts[*]}"
3255
3256 diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
3257 similarity index 96%
3258 rename from app-emulation/qemu/qemu-2.9.0-r54.ebuild
3259 rename to app-emulation/qemu/qemu-2.9.0-r56.ebuild
3260 index c36797b..ad2e5f7 100644
3261 --- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild
3262 +++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
3263 @@ -137,7 +137,7 @@ SOFTMMU_TOOLS_DEPEND="
3264 )
3265 seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
3266 smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
3267 - snappy? ( app-arch/snappy[static-libs(+)] )
3268 + snappy? ( app-arch/snappy:=[static-libs(+)] )
3269 spice? (
3270 >=app-emulation/spice-protocol-0.12.3
3271 >=app-emulation/spice-0.12.0[static-libs(+)]
3272 @@ -200,11 +200,20 @@ PATCHES=(
3273 # gentoo patches
3274 "${FILESDIR}"/${PN}-2.5.0-cflags.patch
3275 "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
3276 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
3277 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
3278 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
3279 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
3280 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
3281 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
3282 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
3283 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
3284 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
3285 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
3286 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
3287 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
3288 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
3289 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
3290 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
3291 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
3292 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
3293 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
3294 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7539.patch # bug 625850
3295 )
3296
3297 STRIP_MASK="/usr/share/qemu/palcode-clipper"
3298 @@ -516,7 +525,7 @@ qemu_src_configure() {
3299 if use ${static_flag}; then
3300 conf_opts+=( --static --disable-pie )
3301 else
3302 - gcc-specs-pie && conf_opts+=( --enable-pie )
3303 + tc-enables-pie && conf_opts+=( --enable-pie )
3304 fi
3305
3306 echo "../configure ${conf_opts[*]}"
Report Message
Find on MARC Find on Google Groups