1 |
commit: 733898218545d7f941e865f69a628b9792ca25ff |
2 |
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
3 |
AuthorDate: Wed Jul 26 19:10:10 2017 +0000 |
4 |
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
5 |
CommitDate: Wed Jul 26 19:11:09 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=73389821 |
7 |
|
8 |
app-emulation/qemu: version bump to 2.9.0-r56 |
9 |
|
10 |
Remove qemu-2.8.1-r2 |
11 |
|
12 |
app-emulation/qemu/Manifest | 34 +- |
13 |
.../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch | 32 - |
14 |
.../qemu/files/qemu-2.8.0-CVE-2016-10028.patch | 40 -- |
15 |
.../qemu/files/qemu-2.8.0-CVE-2016-10155.patch | 46 -- |
16 |
.../qemu/files/qemu-2.8.0-CVE-2016-9908.patch | 35 - |
17 |
.../qemu/files/qemu-2.8.0-CVE-2016-9912.patch | 38 - |
18 |
.../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch | 52 -- |
19 |
.../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch | 55 -- |
20 |
.../qemu/files/qemu-2.8.0-CVE-2017-5552.patch | 41 -- |
21 |
.../qemu/files/qemu-2.8.0-CVE-2017-5578.patch | 35 - |
22 |
.../qemu/files/qemu-2.8.0-CVE-2017-5579.patch | 40 -- |
23 |
.../qemu/files/qemu-2.8.0-CVE-2017-5856.patch | 64 -- |
24 |
.../qemu/files/qemu-2.8.0-CVE-2017-5857.patch | 38 - |
25 |
.../qemu/files/qemu-2.8.0-CVE-2017-5898.patch | 35 - |
26 |
.../qemu/files/qemu-2.8.0-CVE-2017-5973.patch | 87 --- |
27 |
.../qemu/files/qemu-2.8.0-CVE-2017-5987.patch | 50 -- |
28 |
.../qemu/files/qemu-2.8.0-CVE-2017-6505.patch | 52 -- |
29 |
.../qemu/files/qemu-2.8.0-CVE-2017-7377.patch | 49 -- |
30 |
.../qemu/files/qemu-2.8.1-CVE-2017-7471.patch | 64 -- |
31 |
.../qemu/files/qemu-2.8.1-CVE-2017-8086.patch | 28 - |
32 |
.../qemu/files/qemu-2.9.0-CVE-2017-10664.patch | 47 ++ |
33 |
.../qemu/files/qemu-2.9.0-CVE-2017-10806.patch | 50 ++ |
34 |
.../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 ++ |
35 |
.../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 + |
36 |
.../qemu/files/qemu-2.9.0-CVE-2017-7539.patch | 601 ++++++++++++++++ |
37 |
.../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ++++ |
38 |
.../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++ |
39 |
.../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 +++ |
40 |
.../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 ++++++ |
41 |
app-emulation/qemu/qemu-2.8.1-r2.ebuild | 770 --------------------- |
42 |
app-emulation/qemu/qemu-2.9.0-r2.ebuild | 4 +- |
43 |
...qemu-2.9.0-r54.ebuild => qemu-2.9.0-r56.ebuild} | 23 +- |
44 |
32 files changed, 1309 insertions(+), 1683 deletions(-) |
45 |
|
46 |
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest |
47 |
index c719930..5fe223b 100644 |
48 |
--- a/app-emulation/qemu/Manifest |
49 |
+++ b/app-emulation/qemu/Manifest |
50 |
@@ -4,36 +4,24 @@ AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SH |
51 |
AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f |
52 |
AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154 |
53 |
AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73 |
54 |
-AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be |
55 |
-AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf |
56 |
-AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903 |
57 |
-AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8 |
58 |
-AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926 |
59 |
-AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495 |
60 |
-AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb |
61 |
-AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45 |
62 |
-AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876 |
63 |
-AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a |
64 |
-AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02 |
65 |
-AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1 |
66 |
-AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab |
67 |
-AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7 |
68 |
-AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365 |
69 |
-AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390 |
70 |
-AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574 |
71 |
AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354 |
72 |
-AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0 |
73 |
-AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3 |
74 |
+AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072 |
75 |
+AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c |
76 |
+AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f |
77 |
+AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2 |
78 |
AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451 |
79 |
+AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc |
80 |
AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556 |
81 |
AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1 |
82 |
AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5 |
83 |
AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37 |
84 |
+AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8 |
85 |
+AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d |
86 |
+AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374 |
87 |
+AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89 |
88 |
AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e |
89 |
AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4 |
90 |
-DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a |
91 |
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 |
92 |
-EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f |
93 |
-EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 f722fa40663602c90dc07139580a3bcc5bcae60ce1a3808f2f38adc2d13211b1 SHA512 51822cc9753b27e6fed97bdd1e4845cbcfb0c8a4a9f55256820127994a1b3beda96765b83a8c578637a968b261f1bf6ef4c1d6ae09491e9f5f9d94af5cdb5ce4 WHIRLPOOL 20f5b6786e60eae4260df3bcdfb9f94d128abc03f9458cf3e42ddf5bb1b0749ea26bc18ba58c47c4d131cb5ab02898f7097dd85c3d9d19ac6bc49062d9d8a57b |
94 |
-EBUILD qemu-2.9.0-r54.ebuild 23455 SHA256 cf27b44542770cf10be0bd69481e13ccdef4d512d4d02f2388eaf441b1b2b9b8 SHA512 e1344e489cb298807c992f257954e28c0c2d24a517bdd907bc60ebf2380cebc26861161e2a5deba8c95da5af700de198951696061ea916ea9c6f1037264e89dc WHIRLPOOL 3b764803988879ef45a1b28f016d0ac732d8aa18c1fab92e52e18677fea7d3777967281c075dcdc3daa7da083c66c423d7d30ffe2d876811a776bcc5e2de63da |
95 |
+EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa |
96 |
+EBUILD qemu-2.9.0-r56.ebuild 24010 SHA256 4185ac27c271ca09d383907cf914c020ba5f9614d5c3901d12e82d4069e0090f SHA512 fab143169a3c25fcf7b2532ec10c651c8b1c1875ea8cb0daa4ae29e153c9609ebc75184df1584944eadb541db76e931ff121866dcde58f3e25e29ad9eadc0a24 WHIRLPOOL 44d3f1fc2f01e61287508580beeacc9c1e1c709b6d19347f69a33ea3202ad7e8dd035d3df948dec11b3a62564a23a41a5c5a1e6faa1e2bde5f31d0ec9c02eb9b |
97 |
MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb |
98 |
|
99 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch |
100 |
deleted file mode 100644 |
101 |
index cea8efc..0000000 |
102 |
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch |
103 |
+++ /dev/null |
104 |
@@ -1,32 +0,0 @@ |
105 |
-http://bugs.gentoo.org/597108 |
106 |
-https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html |
107 |
- |
108 |
-From: Prasad J Pandit <address@hidden> |
109 |
- |
110 |
-The JAZZ RC4030 chipset emulator has a periodic timer and |
111 |
-associated interval reload register. The reload value is used |
112 |
-as divider when computing timer's next tick value. If reload |
113 |
-value is large, it could lead to divide by zero error. Limit |
114 |
-the interval reload value to avoid it. |
115 |
- |
116 |
-Reported-by: Huawei PSIRT <address@hidden> |
117 |
-Signed-off-by: Prasad J Pandit <address@hidden> |
118 |
---- |
119 |
- hw/dma/rc4030.c | 2 +- |
120 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
121 |
- |
122 |
-diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c |
123 |
-index 2f2576f..c1b4997 100644 |
124 |
---- a/hw/dma/rc4030.c |
125 |
-+++ b/hw/dma/rc4030.c |
126 |
-@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, |
127 |
- break; |
128 |
- /* Interval timer reload */ |
129 |
- case 0x0228: |
130 |
-- s->itr = val; |
131 |
-+ s->itr = val & 0x01FF; |
132 |
- qemu_irq_lower(s->timer_irq); |
133 |
- set_next_tick(s); |
134 |
- break; |
135 |
--- |
136 |
-2.5.5 |
137 |
|
138 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch |
139 |
deleted file mode 100644 |
140 |
index 466c819..0000000 |
141 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch |
142 |
+++ /dev/null |
143 |
@@ -1,40 +0,0 @@ |
144 |
-https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html |
145 |
-https://bugs.gentoo.org/603444 |
146 |
- |
147 |
-From: P J P |
148 |
-Subject: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size |
149 |
-Date: Wed, 14 Dec 2016 12:31:56 +0530 |
150 |
-From: Prasad J Pandit <address@hidden> |
151 |
- |
152 |
-Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET' |
153 |
-command, retrieves the maximum capabilities size to fill in the |
154 |
-response object. It continues to fill in capabilities even if |
155 |
-retrieved 'max_size' is zero(0), thus resulting in OOB access. |
156 |
-Add check to avoid it. |
157 |
- |
158 |
-Reported-by: Zhenhao Hong <address@hidden> |
159 |
-Signed-off-by: Prasad J Pandit <address@hidden> |
160 |
---- |
161 |
- hw/display/virtio-gpu-3d.c | 6 +++++- |
162 |
- 1 file changed, 5 insertions(+), 1 deletion(-) |
163 |
- |
164 |
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c |
165 |
-index 758d33a..6ceeba3 100644 |
166 |
---- a/hw/display/virtio-gpu-3d.c |
167 |
-+++ b/hw/display/virtio-gpu-3d.c |
168 |
-@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g, |
169 |
- |
170 |
- virgl_renderer_get_cap_set(gc.capset_id, &max_ver, |
171 |
- &max_size); |
172 |
-+ if (!max_size) { |
173 |
-+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; |
174 |
-+ return; |
175 |
-+ } |
176 |
-+ |
177 |
- resp = g_malloc0(sizeof(*resp) + max_size); |
178 |
-- |
179 |
- resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; |
180 |
- virgl_renderer_fill_caps(gc.capset_id, |
181 |
- gc.capset_version, |
182 |
--- |
183 |
-2.9.3 |
184 |
|
185 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch |
186 |
deleted file mode 100644 |
187 |
index c486295..0000000 |
188 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch |
189 |
+++ /dev/null |
190 |
@@ -1,46 +0,0 @@ |
191 |
-From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001 |
192 |
-From: Li Qiang <liqiang6-s@×××.cn> |
193 |
-Date: Mon, 28 Nov 2016 17:49:04 -0800 |
194 |
-Subject: [PATCH] watchdog: 6300esb: add exit function |
195 |
- |
196 |
-When the Intel 6300ESB watchdog is hot unplug. The timer allocated |
197 |
-in realize isn't freed thus leaking memory leak. This patch avoid |
198 |
-this through adding the exit function. |
199 |
- |
200 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
201 |
-Message-Id: <583cde9c.3223ed0a.7f0c2.886e@×××××××××.com> |
202 |
-Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
203 |
---- |
204 |
- hw/watchdog/wdt_i6300esb.c | 9 +++++++++ |
205 |
- 1 file changed, 9 insertions(+) |
206 |
- |
207 |
-diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c |
208 |
-index a83d951..49b3cd1 100644 |
209 |
---- a/hw/watchdog/wdt_i6300esb.c |
210 |
-+++ b/hw/watchdog/wdt_i6300esb.c |
211 |
-@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) |
212 |
- /* qemu_register_coalesced_mmio (addr, 0x10); ? */ |
213 |
- } |
214 |
- |
215 |
-+static void i6300esb_exit(PCIDevice *dev) |
216 |
-+{ |
217 |
-+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); |
218 |
-+ |
219 |
-+ timer_del(d->timer); |
220 |
-+ timer_free(d->timer); |
221 |
-+} |
222 |
-+ |
223 |
- static WatchdogTimerModel model = { |
224 |
- .wdt_name = "i6300esb", |
225 |
- .wdt_description = "Intel 6300ESB", |
226 |
-@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) |
227 |
- k->config_read = i6300esb_config_read; |
228 |
- k->config_write = i6300esb_config_write; |
229 |
- k->realize = i6300esb_realize; |
230 |
-+ k->exit = i6300esb_exit; |
231 |
- k->vendor_id = PCI_VENDOR_ID_INTEL; |
232 |
- k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; |
233 |
- k->class_id = PCI_CLASS_SYSTEM_OTHER; |
234 |
--- |
235 |
-2.10.2 |
236 |
- |
237 |
|
238 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch |
239 |
deleted file mode 100644 |
240 |
index 841de65..0000000 |
241 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch |
242 |
+++ /dev/null |
243 |
@@ -1,35 +0,0 @@ |
244 |
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html |
245 |
-https://bugs.gentoo.org/601826 |
246 |
- |
247 |
-From: Li Qiang |
248 |
-Subject: [Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch |
249 |
-Date: Tue, 1 Nov 2016 05:37:57 -0700 |
250 |
-From: Li Qiang <address@hidden> |
251 |
- |
252 |
-In virgl_cmd_get_capset function, it uses g_malloc to allocate |
253 |
-a response struct to the guest. As the 'resp'struct hasn't been full |
254 |
-initialized it will lead the 'resp->padding' field to the guest. |
255 |
-Use g_malloc0 to avoid this. |
256 |
- |
257 |
-Signed-off-by: Li Qiang <address@hidden> |
258 |
---- |
259 |
- hw/display/virtio-gpu-3d.c | 2 +- |
260 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
261 |
- |
262 |
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c |
263 |
-index 23f39de..d98b140 100644 |
264 |
---- a/hw/display/virtio-gpu-3d.c |
265 |
-+++ b/hw/display/virtio-gpu-3d.c |
266 |
-@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g, |
267 |
- |
268 |
- virgl_renderer_get_cap_set(gc.capset_id, &max_ver, |
269 |
- &max_size); |
270 |
-- resp = g_malloc(sizeof(*resp) + max_size); |
271 |
-+ resp = g_malloc0(sizeof(*resp) + max_size); |
272 |
- |
273 |
- resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; |
274 |
- virgl_renderer_fill_caps(gc.capset_id, |
275 |
--- |
276 |
-1.8.3.1 |
277 |
- |
278 |
- |
279 |
|
280 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch |
281 |
deleted file mode 100644 |
282 |
index 55963f7..0000000 |
283 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch |
284 |
+++ /dev/null |
285 |
@@ -1,38 +0,0 @@ |
286 |
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html |
287 |
-https://bugs.gentoo.org/602630 |
288 |
- |
289 |
-From: Li Qiang |
290 |
-Subject: [Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy |
291 |
-Date: Mon, 28 Nov 2016 21:29:25 -0500 |
292 |
-If the guest destroy the resource before detach banking, the 'iov' |
293 |
-and 'addrs' field in resource is not freed thus leading memory |
294 |
-leak issue. This patch avoid this. |
295 |
- |
296 |
-Signed-off-by: Li Qiang <address@hidden> |
297 |
---- |
298 |
- hw/display/virtio-gpu.c | 3 +++ |
299 |
- 1 file changed, 3 insertions(+) |
300 |
- |
301 |
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c |
302 |
-index 60bce94..98dadf2 100644 |
303 |
---- a/hw/display/virtio-gpu.c |
304 |
-+++ b/hw/display/virtio-gpu.c |
305 |
-@@ -28,6 +28,8 @@ |
306 |
- static struct virtio_gpu_simple_resource* |
307 |
- virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id); |
308 |
- |
309 |
-+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res); |
310 |
-+ |
311 |
- #ifdef CONFIG_VIRGL |
312 |
- #include <virglrenderer.h> |
313 |
- #define VIRGL(_g, _virgl, _simple, ...) \ |
314 |
-@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g, |
315 |
- struct virtio_gpu_simple_resource *res) |
316 |
- { |
317 |
- pixman_image_unref(res->image); |
318 |
-+ virtio_gpu_cleanup_mapping(res); |
319 |
- QTAILQ_REMOVE(&g->reslist, res, next); |
320 |
- g_free(res); |
321 |
- } |
322 |
--- |
323 |
-1.8.3.1 |
324 |
|
325 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch |
326 |
deleted file mode 100644 |
327 |
index 24411b4..0000000 |
328 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch |
329 |
+++ /dev/null |
330 |
@@ -1,52 +0,0 @@ |
331 |
-From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001 |
332 |
-From: Li Qiang <liqiang6-s@×××.cn> |
333 |
-Date: Wed, 14 Dec 2016 18:30:21 -0800 |
334 |
-Subject: [PATCH] audio: ac97: add exit function |
335 |
-MIME-Version: 1.0 |
336 |
-Content-Type: text/plain; charset=UTF-8 |
337 |
-Content-Transfer-Encoding: 8bit |
338 |
- |
339 |
-Currently the ac97 device emulation doesn't have a exit function, |
340 |
-hot unplug this device will leak some memory. Add a exit function to |
341 |
-avoid this. |
342 |
- |
343 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
344 |
-Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com> |
345 |
-Message-id: 58520052.4825ed0a.27a71.6cae@×××××××××.com |
346 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
347 |
---- |
348 |
- hw/audio/ac97.c | 11 +++++++++++ |
349 |
- 1 file changed, 11 insertions(+) |
350 |
- |
351 |
-diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c |
352 |
-index cbd959e..c306575 100644 |
353 |
---- a/hw/audio/ac97.c |
354 |
-+++ b/hw/audio/ac97.c |
355 |
-@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) |
356 |
- ac97_on_reset (&s->dev.qdev); |
357 |
- } |
358 |
- |
359 |
-+static void ac97_exit(PCIDevice *dev) |
360 |
-+{ |
361 |
-+ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); |
362 |
-+ |
363 |
-+ AUD_close_in(&s->card, s->voice_pi); |
364 |
-+ AUD_close_out(&s->card, s->voice_po); |
365 |
-+ AUD_close_in(&s->card, s->voice_mc); |
366 |
-+ AUD_remove_card(&s->card); |
367 |
-+} |
368 |
-+ |
369 |
- static int ac97_init (PCIBus *bus) |
370 |
- { |
371 |
- pci_create_simple (bus, -1, "AC97"); |
372 |
-@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) |
373 |
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); |
374 |
- |
375 |
- k->realize = ac97_realize; |
376 |
-+ k->exit = ac97_exit; |
377 |
- k->vendor_id = PCI_VENDOR_ID_INTEL; |
378 |
- k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; |
379 |
- k->revision = 0x01; |
380 |
--- |
381 |
-2.10.2 |
382 |
- |
383 |
|
384 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch |
385 |
deleted file mode 100644 |
386 |
index 6bbac58..0000000 |
387 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch |
388 |
+++ /dev/null |
389 |
@@ -1,55 +0,0 @@ |
390 |
-From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001 |
391 |
-From: Li Qiang <liqiang6-s@×××.cn> |
392 |
-Date: Wed, 14 Dec 2016 18:32:22 -0800 |
393 |
-Subject: [PATCH] audio: es1370: add exit function |
394 |
-MIME-Version: 1.0 |
395 |
-Content-Type: text/plain; charset=UTF-8 |
396 |
-Content-Transfer-Encoding: 8bit |
397 |
- |
398 |
-Currently the es1370 device emulation doesn't have a exit function, |
399 |
-hot unplug this device will leak some memory. Add a exit function to |
400 |
-avoid this. |
401 |
- |
402 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
403 |
-Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com> |
404 |
-Message-id: 585200c9.a968ca0a.1ab80.4c98@×××××××××.com |
405 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
406 |
---- |
407 |
- hw/audio/es1370.c | 14 ++++++++++++++ |
408 |
- 1 file changed, 14 insertions(+) |
409 |
- |
410 |
-diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c |
411 |
-index 8449b5f..883ec69 100644 |
412 |
---- a/hw/audio/es1370.c |
413 |
-+++ b/hw/audio/es1370.c |
414 |
-@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) |
415 |
- es1370_reset (s); |
416 |
- } |
417 |
- |
418 |
-+static void es1370_exit(PCIDevice *dev) |
419 |
-+{ |
420 |
-+ ES1370State *s = ES1370(dev); |
421 |
-+ int i; |
422 |
-+ |
423 |
-+ for (i = 0; i < 2; ++i) { |
424 |
-+ AUD_close_out(&s->card, s->dac_voice[i]); |
425 |
-+ } |
426 |
-+ |
427 |
-+ AUD_close_in(&s->card, s->adc_voice); |
428 |
-+ AUD_remove_card(&s->card); |
429 |
-+} |
430 |
-+ |
431 |
- static int es1370_init (PCIBus *bus) |
432 |
- { |
433 |
- pci_create_simple (bus, -1, TYPE_ES1370); |
434 |
-@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) |
435 |
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); |
436 |
- |
437 |
- k->realize = es1370_realize; |
438 |
-+ k->exit = es1370_exit; |
439 |
- k->vendor_id = PCI_VENDOR_ID_ENSONIQ; |
440 |
- k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; |
441 |
- k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; |
442 |
--- |
443 |
-2.10.2 |
444 |
- |
445 |
|
446 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch |
447 |
deleted file mode 100644 |
448 |
index 9475f3f..0000000 |
449 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch |
450 |
+++ /dev/null |
451 |
@@ -1,41 +0,0 @@ |
452 |
-From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001 |
453 |
-From: Li Qiang <liq3ea@×××××.com> |
454 |
-Date: Thu, 29 Dec 2016 03:11:26 -0500 |
455 |
-Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing |
456 |
-MIME-Version: 1.0 |
457 |
-Content-Type: text/plain; charset=UTF-8 |
458 |
-Content-Transfer-Encoding: 8bit |
459 |
- |
460 |
-If the virgl_renderer_resource_attach_iov function fails the |
461 |
-'res_iovs' will be leaked. Add check of the return value to |
462 |
-free the 'res_iovs' when failing. |
463 |
- |
464 |
-Signed-off-by: Li Qiang <liq3ea@×××××.com> |
465 |
-Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com> |
466 |
-Message-id: 1482999086-59795-1-git-send-email-liq3ea@×××××.com |
467 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
468 |
---- |
469 |
- hw/display/virtio-gpu-3d.c | 7 +++++-- |
470 |
- 1 file changed, 5 insertions(+), 2 deletions(-) |
471 |
- |
472 |
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c |
473 |
-index e29f099..b13ced3 100644 |
474 |
---- a/hw/display/virtio-gpu-3d.c |
475 |
-+++ b/hw/display/virtio-gpu-3d.c |
476 |
-@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, |
477 |
- return; |
478 |
- } |
479 |
- |
480 |
-- virgl_renderer_resource_attach_iov(att_rb.resource_id, |
481 |
-- res_iovs, att_rb.nr_entries); |
482 |
-+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, |
483 |
-+ res_iovs, att_rb.nr_entries); |
484 |
-+ |
485 |
-+ if (ret != 0) |
486 |
-+ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); |
487 |
- } |
488 |
- |
489 |
- static void virgl_resource_detach_backing(VirtIOGPU *g, |
490 |
--- |
491 |
-2.10.2 |
492 |
- |
493 |
|
494 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch |
495 |
deleted file mode 100644 |
496 |
index f93d1e7..0000000 |
497 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch |
498 |
+++ /dev/null |
499 |
@@ -1,35 +0,0 @@ |
500 |
-From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 |
501 |
-From: Li Qiang <liq3ea@×××××.com> |
502 |
-Date: Thu, 29 Dec 2016 04:28:41 -0500 |
503 |
-Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing |
504 |
- |
505 |
-In the resource attach backing function, everytime it will |
506 |
-allocate 'res->iov' thus can leading a memory leak. This |
507 |
-patch avoid this. |
508 |
- |
509 |
-Signed-off-by: Li Qiang <liq3ea@×××××.com> |
510 |
-Message-id: 1483003721-65360-1-git-send-email-liq3ea@×××××.com |
511 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
512 |
---- |
513 |
- hw/display/virtio-gpu.c | 5 +++++ |
514 |
- 1 file changed, 5 insertions(+) |
515 |
- |
516 |
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c |
517 |
-index 6a26258..ca88cf4 100644 |
518 |
---- a/hw/display/virtio-gpu.c |
519 |
-+++ b/hw/display/virtio-gpu.c |
520 |
-@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, |
521 |
- return; |
522 |
- } |
523 |
- |
524 |
-+ if (res->iov) { |
525 |
-+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; |
526 |
-+ return; |
527 |
-+ } |
528 |
-+ |
529 |
- ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); |
530 |
- if (ret != 0) { |
531 |
- cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; |
532 |
--- |
533 |
-2.10.2 |
534 |
- |
535 |
|
536 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch |
537 |
deleted file mode 100644 |
538 |
index e4572a8..0000000 |
539 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch |
540 |
+++ /dev/null |
541 |
@@ -1,40 +0,0 @@ |
542 |
-From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 |
543 |
-From: Li Qiang <liqiang6-s@×××.cn> |
544 |
-Date: Wed, 4 Jan 2017 00:43:16 -0800 |
545 |
-Subject: [PATCH] serial: fix memory leak in serial exit |
546 |
- |
547 |
-The serial_exit_core function doesn't free some resources. |
548 |
-This can lead memory leak when hotplug and unplug. This |
549 |
-patch avoid this. |
550 |
- |
551 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
552 |
-Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@×××××××××.com> |
553 |
-Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
554 |
---- |
555 |
- hw/char/serial.c | 10 ++++++++++ |
556 |
- 1 file changed, 10 insertions(+) |
557 |
- |
558 |
-diff --git a/hw/char/serial.c b/hw/char/serial.c |
559 |
-index ffbacd8..67b18ed 100644 |
560 |
---- a/hw/char/serial.c |
561 |
-+++ b/hw/char/serial.c |
562 |
-@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) |
563 |
- void serial_exit_core(SerialState *s) |
564 |
- { |
565 |
- qemu_chr_fe_deinit(&s->chr); |
566 |
-+ |
567 |
-+ timer_del(s->modem_status_poll); |
568 |
-+ timer_free(s->modem_status_poll); |
569 |
-+ |
570 |
-+ timer_del(s->fifo_timeout_timer); |
571 |
-+ timer_free(s->fifo_timeout_timer); |
572 |
-+ |
573 |
-+ fifo8_destroy(&s->recv_fifo); |
574 |
-+ fifo8_destroy(&s->xmit_fifo); |
575 |
-+ |
576 |
- qemu_unregister_reset(serial_reset, s); |
577 |
- } |
578 |
- |
579 |
--- |
580 |
-2.10.2 |
581 |
- |
582 |
|
583 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch |
584 |
deleted file mode 100644 |
585 |
index 2ebd49f..0000000 |
586 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch |
587 |
+++ /dev/null |
588 |
@@ -1,64 +0,0 @@ |
589 |
-From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 |
590 |
-From: Paolo Bonzini <pbonzini@××××××.com> |
591 |
-Date: Mon, 2 Jan 2017 11:03:33 +0100 |
592 |
-Subject: [PATCH] megasas: fix guest-triggered memory leak |
593 |
- |
594 |
-If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd |
595 |
-will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. |
596 |
-Avoid this by returning only the status from map_dcmd, and loading |
597 |
-cmd->iov_size in the caller. |
598 |
- |
599 |
-Reported-by: Li Qiang <liqiang6-s@×××.cn> |
600 |
-Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
601 |
---- |
602 |
- hw/scsi/megasas.c | 11 ++++++----- |
603 |
- 1 file changed, 6 insertions(+), 5 deletions(-) |
604 |
- |
605 |
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
606 |
-index 67fc1e7..6233865 100644 |
607 |
---- a/hw/scsi/megasas.c |
608 |
-+++ b/hw/scsi/megasas.c |
609 |
-@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) |
610 |
- trace_megasas_dcmd_invalid_sge(cmd->index, |
611 |
- cmd->frame->header.sge_count); |
612 |
- cmd->iov_size = 0; |
613 |
-- return -1; |
614 |
-+ return -EINVAL; |
615 |
- } |
616 |
- iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); |
617 |
- iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); |
618 |
- pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); |
619 |
- qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); |
620 |
- cmd->iov_size = iov_size; |
621 |
-- return cmd->iov_size; |
622 |
-+ return 0; |
623 |
- } |
624 |
- |
625 |
- static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) |
626 |
-@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { |
627 |
- |
628 |
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) |
629 |
- { |
630 |
-- int opcode, len; |
631 |
-+ int opcode; |
632 |
- int retval = 0; |
633 |
-+ size_t len; |
634 |
- const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; |
635 |
- |
636 |
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
637 |
- trace_megasas_handle_dcmd(cmd->index, opcode); |
638 |
-- len = megasas_map_dcmd(s, cmd); |
639 |
-- if (len < 0) { |
640 |
-+ if (megasas_map_dcmd(s, cmd) < 0) { |
641 |
- return MFI_STAT_MEMORY_NOT_AVAILABLE; |
642 |
- } |
643 |
- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { |
644 |
- cmdptr++; |
645 |
- } |
646 |
-+ len = cmd->iov_size; |
647 |
- if (cmdptr->opcode == -1) { |
648 |
- trace_megasas_dcmd_unhandled(cmd->index, opcode, len); |
649 |
- retval = megasas_dcmd_dummy(s, cmd); |
650 |
--- |
651 |
-2.10.2 |
652 |
- |
653 |
|
654 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch |
655 |
deleted file mode 100644 |
656 |
index 664a669..0000000 |
657 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch |
658 |
+++ /dev/null |
659 |
@@ -1,38 +0,0 @@ |
660 |
-When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the |
661 |
-backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING) |
662 |
-we'll leak memory. |
663 |
- |
664 |
-This patch fixes it for 3d mode, simliar to the 2d mode fix in commit |
665 |
-"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy". |
666 |
- |
667 |
-Reported-by: 李强 <address@hidden> |
668 |
-Signed-off-by: Gerd Hoffmann <address@hidden> |
669 |
---- |
670 |
- hw/display/virtio-gpu-3d.c | 8 ++++++++ |
671 |
- 1 file changed, 8 insertions(+) |
672 |
- |
673 |
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c |
674 |
-index f96a0c2..ecb09d1 100644 |
675 |
---- a/hw/display/virtio-gpu-3d.c |
676 |
-+++ b/hw/display/virtio-gpu-3d.c |
677 |
-@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g, |
678 |
- struct virtio_gpu_ctrl_command *cmd) |
679 |
- { |
680 |
- struct virtio_gpu_resource_unref unref; |
681 |
-+ struct iovec *res_iovs = NULL; |
682 |
-+ int num_iovs = 0; |
683 |
- |
684 |
- VIRTIO_GPU_FILL_CMD(unref); |
685 |
- trace_virtio_gpu_cmd_res_unref(unref.resource_id); |
686 |
- |
687 |
-+ virgl_renderer_resource_detach_iov(unref.resource_id, |
688 |
-+ &res_iovs, |
689 |
-+ &num_iovs); |
690 |
-+ if (res_iovs != NULL && num_iovs != 0) { |
691 |
-+ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs); |
692 |
-+ } |
693 |
- virgl_renderer_resource_unref(unref.resource_id); |
694 |
- } |
695 |
- |
696 |
--- |
697 |
-1.8.3.1 |
698 |
|
699 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch |
700 |
deleted file mode 100644 |
701 |
index 9f94477..0000000 |
702 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch |
703 |
+++ /dev/null |
704 |
@@ -1,35 +0,0 @@ |
705 |
-From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001 |
706 |
-From: Prasad J Pandit <pjp@×××××××××××××.org> |
707 |
-Date: Fri, 3 Feb 2017 00:52:28 +0530 |
708 |
-Subject: [PATCH] usb: ccid: check ccid apdu length |
709 |
- |
710 |
-CCID device emulator uses Application Protocol Data Units(APDU) |
711 |
-to exchange command and responses to and from the host. |
712 |
-The length in these units couldn't be greater than 65536. Add |
713 |
-check to ensure the same. It'd also avoid potential integer |
714 |
-overflow in emulated_apdu_from_guest. |
715 |
- |
716 |
-Reported-by: Li Qiang <liqiang6-s@×××.cn> |
717 |
-Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
718 |
-Message-id: 20170202192228.10847-1-ppandit@××××××.com |
719 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
720 |
---- |
721 |
- hw/usb/dev-smartcard-reader.c | 2 +- |
722 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
723 |
- |
724 |
-diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c |
725 |
-index 89e11b6..1325ea1 100644 |
726 |
---- a/hw/usb/dev-smartcard-reader.c |
727 |
-+++ b/hw/usb/dev-smartcard-reader.c |
728 |
-@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) |
729 |
- DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, |
730 |
- recv->hdr.bSeq, len); |
731 |
- ccid_add_pending_answer(s, (CCID_Header *)recv); |
732 |
-- if (s->card) { |
733 |
-+ if (s->card && len <= BULK_OUT_DATA_SIZE) { |
734 |
- ccid_card_apdu_from_guest(s->card, recv->abData, len); |
735 |
- } else { |
736 |
- DPRINTF(s, D_WARN, "warning: discarded apdu\n"); |
737 |
--- |
738 |
-2.10.2 |
739 |
- |
740 |
|
741 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch |
742 |
deleted file mode 100644 |
743 |
index 50ff3c9..0000000 |
744 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch |
745 |
+++ /dev/null |
746 |
@@ -1,87 +0,0 @@ |
747 |
-Limits should be big enough that normal guest should not hit it. |
748 |
-Add a tracepoint to log them, just in case. Also, while being |
749 |
-at it, log the existing link trb limit too. |
750 |
- |
751 |
-Reported-by: 李强 <address@hidden> |
752 |
-Signed-off-by: Gerd Hoffmann <address@hidden> |
753 |
---- |
754 |
- hw/usb/hcd-xhci.c | 15 ++++++++++++++- |
755 |
- hw/usb/trace-events | 1 + |
756 |
- 2 files changed, 15 insertions(+), 1 deletion(-) |
757 |
- |
758 |
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c |
759 |
-index fbf8a8b..28dd2f2 100644 |
760 |
---- a/hw/usb/hcd-xhci.c |
761 |
-+++ b/hw/usb/hcd-xhci.c |
762 |
-@@ -51,6 +51,8 @@ |
763 |
- #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS) |
764 |
- |
765 |
- #define TRB_LINK_LIMIT 4 |
766 |
-+#define COMMAND_LIMIT 256 |
767 |
-+#define TRANSFER_LIMIT 256 |
768 |
- |
769 |
- #define LEN_CAP 0x40 |
770 |
- #define LEN_OPER (0x400 + 0x10 * MAXPORTS) |
771 |
-@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, |
772 |
- return type; |
773 |
- } else { |
774 |
- if (++link_cnt > TRB_LINK_LIMIT) { |
775 |
-+ trace_usb_xhci_enforced_limit("trb-link"); |
776 |
- return 0; |
777 |
- } |
778 |
- ring->dequeue = xhci_mask64(trb->parameter); |
779 |
-@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid) |
780 |
- XHCIRing *ring; |
781 |
- USBEndpoint *ep = NULL; |
782 |
- uint64_t mfindex; |
783 |
-+ unsigned int count = 0; |
784 |
- int length; |
785 |
- int i; |
786 |
- |
787 |
-@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid) |
788 |
- epctx->retry = xfer; |
789 |
- break; |
790 |
- } |
791 |
-+ if (count++ > TRANSFER_LIMIT) { |
792 |
-+ trace_usb_xhci_enforced_limit("transfers"); |
793 |
-+ break; |
794 |
-+ } |
795 |
- } |
796 |
- epctx->kick_active--; |
797 |
- |
798 |
-@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci) |
799 |
- TRBType type; |
800 |
- XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS}; |
801 |
- dma_addr_t addr; |
802 |
-- unsigned int i, slotid = 0; |
803 |
-+ unsigned int i, slotid = 0, count = 0; |
804 |
- |
805 |
- DPRINTF("xhci_process_commands()\n"); |
806 |
- if (!xhci_running(xhci)) { |
807 |
-@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci) |
808 |
- } |
809 |
- event.slotid = slotid; |
810 |
- xhci_event(xhci, &event, 0); |
811 |
-+ |
812 |
-+ if (count++ > COMMAND_LIMIT) { |
813 |
-+ trace_usb_xhci_enforced_limit("commands"); |
814 |
-+ return; |
815 |
-+ } |
816 |
- } |
817 |
- } |
818 |
- |
819 |
-diff --git a/hw/usb/trace-events b/hw/usb/trace-events |
820 |
-index fdd1d29..0c323d4 100644 |
821 |
---- a/hw/usb/trace-events |
822 |
-+++ b/hw/usb/trace-events |
823 |
-@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p" |
824 |
- usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d" |
825 |
- usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d" |
826 |
- usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)" |
827 |
-+usb_xhci_enforced_limit(const char *item) "%s" |
828 |
- |
829 |
- # hw/usb/desc.c |
830 |
- usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d" |
831 |
--- |
832 |
-1.8.3.1 |
833 |
- |
834 |
|
835 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch |
836 |
deleted file mode 100644 |
837 |
index bfde2e9..0000000 |
838 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch |
839 |
+++ /dev/null |
840 |
@@ -1,50 +0,0 @@ |
841 |
-From: Prasad J Pandit <address@hidden> |
842 |
- |
843 |
-In the SDHCI protocol, the transfer mode register value |
844 |
-is used during multi block transfer to check if block count |
845 |
-register is enabled and should be updated. Transfer mode |
846 |
-register could be set such that, block count register would |
847 |
-not be updated, thus leading to an infinite loop. Add check |
848 |
-to avoid it. |
849 |
- |
850 |
-Reported-by: Wjjzhang <address@hidden> |
851 |
-Reported-by: Jiang Xin <address@hidden> |
852 |
-Signed-off-by: Prasad J Pandit <address@hidden> |
853 |
---- |
854 |
- hw/sd/sdhci.c | 10 +++++----- |
855 |
- 1 file changed, 5 insertions(+), 5 deletions(-) |
856 |
- |
857 |
-Update: use qemu_log_mask(LOG_UNIMP, ...) |
858 |
- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html |
859 |
- |
860 |
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c |
861 |
-index 5bd5ab6..a9c744b 100644 |
862 |
---- a/hw/sd/sdhci.c |
863 |
-+++ b/hw/sd/sdhci.c |
864 |
-@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) |
865 |
- uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12); |
866 |
- uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk); |
867 |
- |
868 |
-+ if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) { |
869 |
-+ qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n"); |
870 |
-+ return; |
871 |
-+ } |
872 |
-+ |
873 |
- /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for |
874 |
- * possible stop at page boundary if initial address is not page aligned, |
875 |
- * allow them to work properly */ |
876 |
-@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque) |
877 |
- if (s->trnmod & SDHC_TRNS_DMA) { |
878 |
- switch (SDHC_DMA_TYPE(s->hostctl)) { |
879 |
- case SDHC_CTRL_SDMA: |
880 |
-- if ((s->trnmod & SDHC_TRNS_MULTI) && |
881 |
-- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) { |
882 |
-- break; |
883 |
-- } |
884 |
-- |
885 |
- if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) { |
886 |
- sdhci_sdma_transfer_single_block(s); |
887 |
- } else { |
888 |
--- |
889 |
-2.9.3 |
890 |
- |
891 |
|
892 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch |
893 |
deleted file mode 100644 |
894 |
index a15aa96..0000000 |
895 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch |
896 |
+++ /dev/null |
897 |
@@ -1,52 +0,0 @@ |
898 |
-From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001 |
899 |
-From: Li Qiang <liqiang6-s@×××.cn> |
900 |
-Date: Tue, 7 Feb 2017 02:23:33 -0800 |
901 |
-Subject: [PATCH] usb: ohci: limit the number of link eds |
902 |
- |
903 |
-The guest may builds an infinite loop with link eds. This patch |
904 |
-limit the number of linked ed to avoid this. |
905 |
- |
906 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
907 |
-Message-id: 5899a02e.45ca240a.6c373.93c1@×××××××××.com |
908 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
909 |
---- |
910 |
- hw/usb/hcd-ohci.c | 9 ++++++++- |
911 |
- 1 file changed, 8 insertions(+), 1 deletion(-) |
912 |
- |
913 |
-diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c |
914 |
-index 2cba3e3..21c93e0 100644 |
915 |
---- a/hw/usb/hcd-ohci.c |
916 |
-+++ b/hw/usb/hcd-ohci.c |
917 |
-@@ -42,6 +42,8 @@ |
918 |
- |
919 |
- #define OHCI_MAX_PORTS 15 |
920 |
- |
921 |
-+#define ED_LINK_LIMIT 4 |
922 |
-+ |
923 |
- static int64_t usb_frame_time; |
924 |
- static int64_t usb_bit_time; |
925 |
- |
926 |
-@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion) |
927 |
- uint32_t next_ed; |
928 |
- uint32_t cur; |
929 |
- int active; |
930 |
-- |
931 |
-+ uint32_t link_cnt = 0; |
932 |
- active = 0; |
933 |
- |
934 |
- if (head == 0) |
935 |
-@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion) |
936 |
- |
937 |
- next_ed = ed.next & OHCI_DPTR_MASK; |
938 |
- |
939 |
-+ if (++link_cnt > ED_LINK_LIMIT) { |
940 |
-+ ohci_die(ohci); |
941 |
-+ return 0; |
942 |
-+ } |
943 |
-+ |
944 |
- if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) { |
945 |
- uint32_t addr; |
946 |
- /* Cancel pending packets for ED that have been paused. */ |
947 |
--- |
948 |
-2.10.2 |
949 |
- |
950 |
|
951 |
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch |
952 |
deleted file mode 100644 |
953 |
index f2d317c..0000000 |
954 |
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch |
955 |
+++ /dev/null |
956 |
@@ -1,49 +0,0 @@ |
957 |
-From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001 |
958 |
-From: Li Qiang <liq3ea@×××××.com> |
959 |
-Date: Mon, 27 Mar 2017 21:13:19 +0200 |
960 |
-Subject: [PATCH] 9pfs: fix file descriptor leak |
961 |
- |
962 |
-The v9fs_create() and v9fs_lcreate() functions are used to create a file |
963 |
-on the backend and to associate it to a fid. The fid shouldn't be already |
964 |
-in-use, otherwise both functions may silently leak a file descriptor or |
965 |
-allocated memory. The current code doesn't check that. |
966 |
- |
967 |
-This patch ensures that the fid isn't already associated to anything |
968 |
-before using it. |
969 |
- |
970 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
971 |
-(reworded the changelog, Greg Kurz) |
972 |
-Signed-off-by: Greg Kurz <groug@××××.org> |
973 |
---- |
974 |
- hw/9pfs/9p.c | 8 ++++++++ |
975 |
- 1 file changed, 8 insertions(+) |
976 |
- |
977 |
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c |
978 |
-index b8c0b99..48babce 100644 |
979 |
---- a/hw/9pfs/9p.c |
980 |
-+++ b/hw/9pfs/9p.c |
981 |
-@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque) |
982 |
- err = -ENOENT; |
983 |
- goto out_nofid; |
984 |
- } |
985 |
-+ if (fidp->fid_type != P9_FID_NONE) { |
986 |
-+ err = -EINVAL; |
987 |
-+ goto out; |
988 |
-+ } |
989 |
- |
990 |
- flags = get_dotl_openflags(pdu->s, flags); |
991 |
- err = v9fs_co_open2(pdu, fidp, &name, gid, |
992 |
-@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque) |
993 |
- err = -EINVAL; |
994 |
- goto out_nofid; |
995 |
- } |
996 |
-+ if (fidp->fid_type != P9_FID_NONE) { |
997 |
-+ err = -EINVAL; |
998 |
-+ goto out; |
999 |
-+ } |
1000 |
- if (perm & P9_STAT_MODE_DIR) { |
1001 |
- err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777, |
1002 |
- fidp->uid, -1, &stbuf); |
1003 |
--- |
1004 |
-2.10.2 |
1005 |
- |
1006 |
|
1007 |
diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch |
1008 |
deleted file mode 100644 |
1009 |
index c5366f5..0000000 |
1010 |
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch |
1011 |
+++ /dev/null |
1012 |
@@ -1,64 +0,0 @@ |
1013 |
-From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001 |
1014 |
-From: Greg Kurz <groug@××××.org> |
1015 |
-Date: Mon, 17 Apr 2017 10:53:23 +0200 |
1016 |
-Subject: [PATCH] 9pfs: local: set the path of the export root to "." |
1017 |
-MIME-Version: 1.0 |
1018 |
-Content-Type: text/plain; charset=UTF-8 |
1019 |
-Content-Transfer-Encoding: 8bit |
1020 |
- |
1021 |
-The local backend was recently converted to using "at*()" syscalls in order |
1022 |
-to ensure all accesses happen below the shared directory. This requires that |
1023 |
-we only pass relative paths, otherwise the dirfd argument to the "at*()" |
1024 |
-syscalls is ignored and the path is treated as an absolute path in the host. |
1025 |
-This is actually the case for paths in all fids, with the notable exception |
1026 |
-of the root fid, whose path is "/". This causes the following backend ops to |
1027 |
-act on the "/" directory of the host instead of the virtfs shared directory |
1028 |
-when the export root is involved: |
1029 |
-- lstat |
1030 |
-- chmod |
1031 |
-- chown |
1032 |
-- utimensat |
1033 |
- |
1034 |
-ie, chmod /9p_mount_point in the guest will be converted to chmod / in the |
1035 |
-host for example. This could cause security issues with a privileged QEMU. |
1036 |
- |
1037 |
-All "*at()" syscalls are being passed an open file descriptor. In the case |
1038 |
-of the export root, this file descriptor points to the path in the host that |
1039 |
-was passed to -fsdev. |
1040 |
- |
1041 |
-The fix is thus as simple as changing the path of the export root fid to be |
1042 |
-"." instead of "/". |
1043 |
- |
1044 |
-This is CVE-2017-7471. |
1045 |
- |
1046 |
-Cc: qemu-stable@××××××.org |
1047 |
-Reported-by: Léo Gaspard <leo@×××××××.io> |
1048 |
-Signed-off-by: Greg Kurz <groug@××××.org> |
1049 |
-Reviewed-by: Eric Blake <eblake@××××××.com> |
1050 |
-Signed-off-by: Peter Maydell <peter.maydell@××××××.org> |
1051 |
---- |
1052 |
- hw/9pfs/9p-local.c | 7 ++++++- |
1053 |
- 1 file changed, 6 insertions(+), 1 deletion(-) |
1054 |
- |
1055 |
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c |
1056 |
-index 45e9a1f..f3ebca4 100644 |
1057 |
---- a/hw/9pfs/9p-local.c |
1058 |
-+++ b/hw/9pfs/9p-local.c |
1059 |
-@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, |
1060 |
- { |
1061 |
- if (dir_path) { |
1062 |
- v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); |
1063 |
-- } else { |
1064 |
-+ } else if (strcmp(name, "/")) { |
1065 |
- v9fs_path_sprintf(target, "%s", name); |
1066 |
-+ } else { |
1067 |
-+ /* We want the path of the export root to be relative, otherwise |
1068 |
-+ * "*at()" syscalls would treat it as "/" in the host. |
1069 |
-+ */ |
1070 |
-+ v9fs_path_sprintf(target, "%s", "."); |
1071 |
- } |
1072 |
- return 0; |
1073 |
- } |
1074 |
--- |
1075 |
-2.10.2 |
1076 |
- |
1077 |
|
1078 |
diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch |
1079 |
deleted file mode 100644 |
1080 |
index eac72f3..0000000 |
1081 |
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch |
1082 |
+++ /dev/null |
1083 |
@@ -1,28 +0,0 @@ |
1084 |
-From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001 |
1085 |
-From: Li Qiang <liq3ea@×××××.com> |
1086 |
-Date: Fri, 7 Apr 2017 03:48:52 -0700 |
1087 |
-Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr |
1088 |
- |
1089 |
-Free 'orig_value' in error path. |
1090 |
- |
1091 |
-Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
1092 |
-Signed-off-by: Greg Kurz <groug@××××.org> |
1093 |
---- |
1094 |
- hw/9pfs/9p-xattr.c | 1 + |
1095 |
- 1 file changed, 1 insertion(+) |
1096 |
- |
1097 |
-diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c |
1098 |
-index eec160b..d05c1a1 100644 |
1099 |
---- a/hw/9pfs/9p-xattr.c |
1100 |
-+++ b/hw/9pfs/9p-xattr.c |
1101 |
-@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path, |
1102 |
- g_free(name); |
1103 |
- close_preserve_errno(dirfd); |
1104 |
- if (xattr_len < 0) { |
1105 |
-+ g_free(orig_value); |
1106 |
- return -1; |
1107 |
- } |
1108 |
- |
1109 |
--- |
1110 |
-2.10.2 |
1111 |
- |
1112 |
|
1113 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch |
1114 |
new file mode 100644 |
1115 |
index 0000000..7db0692 |
1116 |
--- /dev/null |
1117 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch |
1118 |
@@ -0,0 +1,47 @@ |
1119 |
+From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001 |
1120 |
+From: Max Reitz <mreitz@××××××.com> |
1121 |
+Date: Sun, 11 Jun 2017 14:37:14 +0200 |
1122 |
+Subject: [PATCH] qemu-nbd: Ignore SIGPIPE |
1123 |
+ |
1124 |
+qemu proper has done so for 13 years |
1125 |
+(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have |
1126 |
+done so for four years (526eda14a68d5b3596be715505289b541288ef2a). |
1127 |
+Ignoring this signal is especially important in qemu-nbd because |
1128 |
+otherwise a client can easily take down the qemu-nbd server by dropping |
1129 |
+the connection when the server wants to send something, for example: |
1130 |
+ |
1131 |
+$ qemu-nbd -x foo -f raw -t null-co:// & |
1132 |
+[1] 12726 |
1133 |
+$ qemu-io -c quit nbd://localhost/bar |
1134 |
+can't open device nbd://localhost/bar: No export with name 'bar' available |
1135 |
+[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// |
1136 |
+ |
1137 |
+In this case, the client sends an NBD_OPT_ABORT and closes the |
1138 |
+connection (because it is not required to wait for a reply), but the |
1139 |
+server replies with an NBD_REP_ACK (because it is required to reply). |
1140 |
+ |
1141 |
+Signed-off-by: Max Reitz <mreitz@××××××.com> |
1142 |
+Message-Id: <20170611123714.31292-1-mreitz@××××××.com> |
1143 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
1144 |
+--- |
1145 |
+ qemu-nbd.c | 4 ++++ |
1146 |
+ 1 file changed, 4 insertions(+) |
1147 |
+ |
1148 |
+diff --git a/qemu-nbd.c b/qemu-nbd.c |
1149 |
+index 9464a0461c..4dd3fd4732 100644 |
1150 |
+--- a/qemu-nbd.c |
1151 |
++++ b/qemu-nbd.c |
1152 |
+@@ -581,6 +581,10 @@ int main(int argc, char **argv) |
1153 |
+ sa_sigterm.sa_handler = termsig_handler; |
1154 |
+ sigaction(SIGTERM, &sa_sigterm, NULL); |
1155 |
+ |
1156 |
++#ifdef CONFIG_POSIX |
1157 |
++ signal(SIGPIPE, SIG_IGN); |
1158 |
++#endif |
1159 |
++ |
1160 |
+ module_call_init(MODULE_INIT_TRACE); |
1161 |
+ qcrypto_init(&error_fatal); |
1162 |
+ |
1163 |
+-- |
1164 |
+2.13.0 |
1165 |
+ |
1166 |
|
1167 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch |
1168 |
new file mode 100644 |
1169 |
index 0000000..0074f5f |
1170 |
--- /dev/null |
1171 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch |
1172 |
@@ -0,0 +1,50 @@ |
1173 |
+From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001 |
1174 |
+From: Gerd Hoffmann <kraxel@××××××.com> |
1175 |
+Date: Tue, 9 May 2017 13:01:28 +0200 |
1176 |
+Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data |
1177 |
+MIME-Version: 1.0 |
1178 |
+Content-Type: text/plain; charset=UTF-8 |
1179 |
+Content-Transfer-Encoding: 8bit |
1180 |
+ |
1181 |
+Don't reinvent a broken wheel, just use the hexdump function we have. |
1182 |
+ |
1183 |
+Impact: low, broken code doesn't run unless you have debug logging |
1184 |
+enabled. |
1185 |
+ |
1186 |
+Reported-by: 李强 <liqiang6-s@×××.cn> |
1187 |
+Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
1188 |
+Message-id: 20170509110128.27261-1-kraxel@××××××.com |
1189 |
+--- |
1190 |
+ hw/usb/redirect.c | 13 +------------ |
1191 |
+ 1 file changed, 1 insertion(+), 12 deletions(-) |
1192 |
+ |
1193 |
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c |
1194 |
+index b001a27f05..ad5ef783a6 100644 |
1195 |
+--- a/hw/usb/redirect.c |
1196 |
++++ b/hw/usb/redirect.c |
1197 |
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) |
1198 |
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc, |
1199 |
+ const uint8_t *data, int len) |
1200 |
+ { |
1201 |
+- int i, j, n; |
1202 |
+- |
1203 |
+ if (dev->debug < usbredirparser_debug_data) { |
1204 |
+ return; |
1205 |
+ } |
1206 |
+- |
1207 |
+- for (i = 0; i < len; i += j) { |
1208 |
+- char buf[128]; |
1209 |
+- |
1210 |
+- n = sprintf(buf, "%s", desc); |
1211 |
+- for (j = 0; j < 8 && i + j < len; j++) { |
1212 |
+- n += sprintf(buf + n, " %02X", data[i + j]); |
1213 |
+- } |
1214 |
+- error_report("%s", buf); |
1215 |
+- } |
1216 |
++ qemu_hexdump((char *)data, stderr, desc, len); |
1217 |
+ } |
1218 |
+ |
1219 |
+ /* |
1220 |
+-- |
1221 |
+2.13.0 |
1222 |
+ |
1223 |
|
1224 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch |
1225 |
new file mode 100644 |
1226 |
index 0000000..bfe4c7d |
1227 |
--- /dev/null |
1228 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch |
1229 |
@@ -0,0 +1,40 @@ |
1230 |
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest |
1231 |
+From: Prasad J Pandit <address@hidden> |
1232 |
+ |
1233 |
+When accessing guest's ram block during DMA operation, use |
1234 |
+'qemu_ram_ptr_length' to get ram block pointer. It ensures |
1235 |
+that DMA operation of given length is possible; And avoids |
1236 |
+any OOB memory access situations. |
1237 |
+ |
1238 |
+Reported-by: Alex <address@hidden> |
1239 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
1240 |
+Message-Id: <address@hidden> |
1241 |
+Signed-off-by: Paolo Bonzini <address@hidden> |
1242 |
+--- |
1243 |
+ exec.c | 4 ++-- |
1244 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
1245 |
+ |
1246 |
+diff --git a/exec.c b/exec.c |
1247 |
+index a083ff8..ad103ce 100644 |
1248 |
+--- a/exec.c |
1249 |
++++ b/exec.c |
1250 |
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, |
1251 |
+ } |
1252 |
+ } else { |
1253 |
+ /* RAM case */ |
1254 |
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); |
1255 |
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); |
1256 |
+ memcpy(ptr, buf, l); |
1257 |
+ invalidate_and_set_dirty(mr, addr1, l); |
1258 |
+ } |
1259 |
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, |
1260 |
+ } |
1261 |
+ } else { |
1262 |
+ /* RAM case */ |
1263 |
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); |
1264 |
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); |
1265 |
+ memcpy(buf, ptr, l); |
1266 |
+ } |
1267 |
+ |
1268 |
+-- |
1269 |
+1.8.3.1 |
1270 |
|
1271 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch |
1272 |
new file mode 100644 |
1273 |
index 0000000..5d32067 |
1274 |
--- /dev/null |
1275 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch |
1276 |
@@ -0,0 +1,29 @@ |
1277 |
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end |
1278 |
+From: Prasad J Pandit <address@hidden> |
1279 |
+ |
1280 |
+While parsing dhcp options string in 'dhcp_decode', if an options' |
1281 |
+length 'len' appeared towards the end of 'bp_vend' array, ensuing |
1282 |
+read could lead to an OOB memory access issue. Add check to avoid it. |
1283 |
+ |
1284 |
+Reported-by: Reno Robert <address@hidden> |
1285 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
1286 |
+--- |
1287 |
+ slirp/bootp.c | 3 +++ |
1288 |
+ 1 file changed, 3 insertions(+) |
1289 |
+ |
1290 |
+diff --git a/slirp/bootp.c b/slirp/bootp.c |
1291 |
+index 5a4646c..5dd1a41 100644 |
1292 |
+--- a/slirp/bootp.c |
1293 |
++++ b/slirp/bootp.c |
1294 |
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, |
1295 |
+ if (p >= p_end) |
1296 |
+ break; |
1297 |
+ len = *p++; |
1298 |
++ if (p + len > p_end) { |
1299 |
++ break; |
1300 |
++ } |
1301 |
+ DPRINTF("dhcp: tag=%d len=%d\n", tag, len); |
1302 |
+ |
1303 |
+ switch(tag) { |
1304 |
+-- |
1305 |
+2.9.4 |
1306 |
|
1307 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch |
1308 |
new file mode 100644 |
1309 |
index 0000000..3af1697 |
1310 |
--- /dev/null |
1311 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch |
1312 |
@@ -0,0 +1,601 @@ |
1313 |
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001 |
1314 |
+From: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com> |
1315 |
+Date: Fri, 2 Jun 2017 18:01:41 +0300 |
1316 |
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends |
1317 |
+ |
1318 |
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in |
1319 |
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through |
1320 |
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} -> |
1321 |
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without |
1322 |
+setting any handlers. But starting from ff82911cd nbd_rwv (was |
1323 |
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so |
1324 |
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then, |
1325 |
+let's just use nbd_{read,write,drop} functions. |
1326 |
+ |
1327 |
+Functions nbd_{read,write,drop} has errp parameter, which is unused in |
1328 |
+this patch. This will be fixed later. |
1329 |
+ |
1330 |
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com> |
1331 |
+Reviewed-by: Eric Blake <eblake@××××××.com> |
1332 |
+Message-Id: <20170602150150.258222-4-vsementsov@×××××××××.com> |
1333 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
1334 |
+--- |
1335 |
+ nbd/server.c | 107 ++++++++++++----------------------------------------------- |
1336 |
+ 1 file changed, 22 insertions(+), 85 deletions(-) |
1337 |
+ |
1338 |
+diff --git a/nbd/client.c b/nbd/client.c |
1339 |
+index a58fb02..6b74a62 100644 |
1340 |
+--- a/nbd/client.c |
1341 |
++++ b/nbd/client.c |
1342 |
+@@ -86,9 +86,9 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); |
1343 |
+ |
1344 |
+ */ |
1345 |
+ |
1346 |
+-/* Discard length bytes from channel. Return -errno on failure, or |
1347 |
+- * the amount of bytes consumed. */ |
1348 |
+-static ssize_t drop_sync(QIOChannel *ioc, size_t size) |
1349 |
++/* Discard length bytes from channel. Return -errno on failure and 0 on |
1350 |
++ * success*/ |
1351 |
++static int drop_sync(QIOChannel *ioc, size_t size) |
1352 |
+ { |
1353 |
+ ssize_t ret = 0; |
1354 |
+ char small[1024]; |
1355 |
+@@ -96,14 +96,13 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size) |
1356 |
+ |
1357 |
+ buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size)); |
1358 |
+ while (size > 0) { |
1359 |
+- ssize_t count = read_sync(ioc, buffer, MIN(65536, size)); |
1360 |
++ ssize_t count = MIN(65536, size); |
1361 |
++ ret = read_sync(ioc, buffer, MIN(65536, size)); |
1362 |
+ |
1363 |
+- if (count <= 0) { |
1364 |
++ if (ret < 0) { |
1365 |
+ goto cleanup; |
1366 |
+ } |
1367 |
+- assert(count <= size); |
1368 |
+ size -= count; |
1369 |
+- ret += count; |
1370 |
+ } |
1371 |
+ |
1372 |
+ cleanup: |
1373 |
+@@ -136,12 +135,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt, |
1374 |
+ stl_be_p(&req.option, opt); |
1375 |
+ stl_be_p(&req.length, len); |
1376 |
+ |
1377 |
+- if (write_sync(ioc, &req, sizeof(req)) != sizeof(req)) { |
1378 |
++ if (write_sync(ioc, &req, sizeof(req)) < 0) { |
1379 |
+ error_setg(errp, "Failed to send option request header"); |
1380 |
+ return -1; |
1381 |
+ } |
1382 |
+ |
1383 |
+- if (len && write_sync(ioc, (char *) data, len) != len) { |
1384 |
++ if (len && write_sync(ioc, (char *) data, len) < 0) { |
1385 |
+ error_setg(errp, "Failed to send option request data"); |
1386 |
+ return -1; |
1387 |
+ } |
1388 |
+@@ -170,7 +169,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt, |
1389 |
+ nbd_opt_reply *reply, Error **errp) |
1390 |
+ { |
1391 |
+ QEMU_BUILD_BUG_ON(sizeof(*reply) != 20); |
1392 |
+- if (read_sync(ioc, reply, sizeof(*reply)) != sizeof(*reply)) { |
1393 |
++ if (read_sync(ioc, reply, sizeof(*reply)) < 0) { |
1394 |
+ error_setg(errp, "failed to read option reply"); |
1395 |
+ nbd_send_opt_abort(ioc); |
1396 |
+ return -1; |
1397 |
+@@ -219,7 +218,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply, |
1398 |
+ goto cleanup; |
1399 |
+ } |
1400 |
+ msg = g_malloc(reply->length + 1); |
1401 |
+- if (read_sync(ioc, msg, reply->length) != reply->length) { |
1402 |
++ if (read_sync(ioc, msg, reply->length) < 0) { |
1403 |
+ error_setg(errp, "failed to read option error message"); |
1404 |
+ goto cleanup; |
1405 |
+ } |
1406 |
+@@ -321,7 +320,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, |
1407 |
+ nbd_send_opt_abort(ioc); |
1408 |
+ return -1; |
1409 |
+ } |
1410 |
+- if (read_sync(ioc, &namelen, sizeof(namelen)) != sizeof(namelen)) { |
1411 |
++ if (read_sync(ioc, &namelen, sizeof(namelen)) < 0) { |
1412 |
+ error_setg(errp, "failed to read option name length"); |
1413 |
+ nbd_send_opt_abort(ioc); |
1414 |
+ return -1; |
1415 |
+@@ -334,7 +333,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, |
1416 |
+ return -1; |
1417 |
+ } |
1418 |
+ if (namelen != strlen(want)) { |
1419 |
+- if (drop_sync(ioc, len) != len) { |
1420 |
++ if (drop_sync(ioc, len) < 0) { |
1421 |
+ error_setg(errp, "failed to skip export name with wrong length"); |
1422 |
+ nbd_send_opt_abort(ioc); |
1423 |
+ return -1; |
1424 |
+@@ -343,14 +342,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match, |
1425 |
+ } |
1426 |
+ |
1427 |
+ assert(namelen < sizeof(name)); |
1428 |
+- if (read_sync(ioc, name, namelen) != namelen) { |
1429 |
++ if (read_sync(ioc, name, namelen) < 0) { |
1430 |
+ error_setg(errp, "failed to read export name"); |
1431 |
+ nbd_send_opt_abort(ioc); |
1432 |
+ return -1; |
1433 |
+ } |
1434 |
+ name[namelen] = '\0'; |
1435 |
+ len -= namelen; |
1436 |
+- if (drop_sync(ioc, len) != len) { |
1437 |
++ if (drop_sync(ioc, len) < 0) { |
1438 |
+ error_setg(errp, "failed to read export description"); |
1439 |
+ nbd_send_opt_abort(ioc); |
1440 |
+ return -1; |
1441 |
+@@ -477,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1442 |
+ goto fail; |
1443 |
+ } |
1444 |
+ |
1445 |
+- if (read_sync(ioc, buf, 8) != 8) { |
1446 |
++ if (read_sync(ioc, buf, 8) < 0) { |
1447 |
+ error_setg(errp, "Failed to read data"); |
1448 |
+ goto fail; |
1449 |
+ } |
1450 |
+@@ -503,7 +502,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1451 |
+ goto fail; |
1452 |
+ } |
1453 |
+ |
1454 |
+- if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) { |
1455 |
++ if (read_sync(ioc, &magic, sizeof(magic)) < 0) { |
1456 |
+ error_setg(errp, "Failed to read magic"); |
1457 |
+ goto fail; |
1458 |
+ } |
1459 |
+@@ -515,8 +514,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1460 |
+ uint16_t globalflags; |
1461 |
+ bool fixedNewStyle = false; |
1462 |
+ |
1463 |
+- if (read_sync(ioc, &globalflags, sizeof(globalflags)) != |
1464 |
+- sizeof(globalflags)) { |
1465 |
++ if (read_sync(ioc, &globalflags, sizeof(globalflags)) < 0) { |
1466 |
+ error_setg(errp, "Failed to read server flags"); |
1467 |
+ goto fail; |
1468 |
+ } |
1469 |
+@@ -534,8 +532,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1470 |
+ } |
1471 |
+ /* client requested flags */ |
1472 |
+ clientflags = cpu_to_be32(clientflags); |
1473 |
+- if (write_sync(ioc, &clientflags, sizeof(clientflags)) != |
1474 |
+- sizeof(clientflags)) { |
1475 |
++ if (write_sync(ioc, &clientflags, sizeof(clientflags)) < 0) { |
1476 |
+ error_setg(errp, "Failed to send clientflags field"); |
1477 |
+ goto fail; |
1478 |
+ } |
1479 |
+@@ -573,13 +570,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1480 |
+ } |
1481 |
+ |
1482 |
+ /* Read the response */ |
1483 |
+- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) { |
1484 |
++ if (read_sync(ioc, &s, sizeof(s)) < 0) { |
1485 |
+ error_setg(errp, "Failed to read export length"); |
1486 |
+ goto fail; |
1487 |
+ } |
1488 |
+ *size = be64_to_cpu(s); |
1489 |
+ |
1490 |
+- if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) { |
1491 |
++ if (read_sync(ioc, flags, sizeof(*flags)) < 0) { |
1492 |
+ error_setg(errp, "Failed to read export flags"); |
1493 |
+ goto fail; |
1494 |
+ } |
1495 |
+@@ -596,14 +593,14 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1496 |
+ goto fail; |
1497 |
+ } |
1498 |
+ |
1499 |
+- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) { |
1500 |
++ if (read_sync(ioc, &s, sizeof(s)) < 0) { |
1501 |
+ error_setg(errp, "Failed to read export length"); |
1502 |
+ goto fail; |
1503 |
+ } |
1504 |
+ *size = be64_to_cpu(s); |
1505 |
+ TRACE("Size is %" PRIu64, *size); |
1506 |
+ |
1507 |
+- if (read_sync(ioc, &oldflags, sizeof(oldflags)) != sizeof(oldflags)) { |
1508 |
++ if (read_sync(ioc, &oldflags, sizeof(oldflags)) < 0) { |
1509 |
+ error_setg(errp, "Failed to read export flags"); |
1510 |
+ goto fail; |
1511 |
+ } |
1512 |
+@@ -619,7 +616,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags, |
1513 |
+ } |
1514 |
+ |
1515 |
+ TRACE("Size is %" PRIu64 ", export flags %" PRIx16, *size, *flags); |
1516 |
+- if (zeroes && drop_sync(ioc, 124) != 124) { |
1517 |
++ if (zeroes && drop_sync(ioc, 124) < 0) { |
1518 |
+ error_setg(errp, "Failed to read reserved block"); |
1519 |
+ goto fail; |
1520 |
+ } |
1521 |
+@@ -744,7 +741,6 @@ int nbd_disconnect(int fd) |
1522 |
+ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request) |
1523 |
+ { |
1524 |
+ uint8_t buf[NBD_REQUEST_SIZE]; |
1525 |
+- ssize_t ret; |
1526 |
+ |
1527 |
+ TRACE("Sending request to server: " |
1528 |
+ "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64 |
1529 |
+@@ -759,16 +755,7 @@ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request) |
1530 |
+ stq_be_p(buf + 16, request->from); |
1531 |
+ stl_be_p(buf + 24, request->len); |
1532 |
+ |
1533 |
+- ret = write_sync(ioc, buf, sizeof(buf)); |
1534 |
+- if (ret < 0) { |
1535 |
+- return ret; |
1536 |
+- } |
1537 |
+- |
1538 |
+- if (ret != sizeof(buf)) { |
1539 |
+- LOG("writing to socket failed"); |
1540 |
+- return -EINVAL; |
1541 |
+- } |
1542 |
+- return 0; |
1543 |
++ return write_sync(ioc, buf, sizeof(buf)); |
1544 |
+ } |
1545 |
+ |
1546 |
+ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply) |
1547 |
+@@ -777,7 +764,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply) |
1548 |
+ uint32_t magic; |
1549 |
+ ssize_t ret; |
1550 |
+ |
1551 |
+- ret = read_sync(ioc, buf, sizeof(buf)); |
1552 |
++ ret = read_sync_eof(ioc, buf, sizeof(buf)); |
1553 |
+ if (ret <= 0) { |
1554 |
+ return ret; |
1555 |
+ } |
1556 |
+diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h |
1557 |
+index f43d990..e6bbc7c 100644 |
1558 |
+--- a/nbd/nbd-internal.h |
1559 |
++++ b/nbd/nbd-internal.h |
1560 |
+@@ -94,7 +94,13 @@ |
1561 |
+ #define NBD_ENOSPC 28 |
1562 |
+ #define NBD_ESHUTDOWN 108 |
1563 |
+ |
1564 |
+-static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size) |
1565 |
++/* read_sync_eof |
1566 |
++ * Tries to read @size bytes from @ioc. Returns number of bytes actually read. |
1567 |
++ * May return a value >= 0 and < size only on EOF, i.e. when iteratively called |
1568 |
++ * qio_channel_readv() returns 0. So, there are no needs to call read_sync_eof |
1569 |
++ * iteratively. |
1570 |
++ */ |
1571 |
++static inline ssize_t read_sync_eof(QIOChannel *ioc, void *buffer, size_t size) |
1572 |
+ { |
1573 |
+ struct iovec iov = { .iov_base = buffer, .iov_len = size }; |
1574 |
+ /* Sockets are kept in blocking mode in the negotiation phase. After |
1575 |
+@@ -105,12 +111,32 @@ static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size) |
1576 |
+ return nbd_wr_syncv(ioc, &iov, 1, size, true); |
1577 |
+ } |
1578 |
+ |
1579 |
+-static inline ssize_t write_sync(QIOChannel *ioc, const void *buffer, |
1580 |
+- size_t size) |
1581 |
++/* read_sync |
1582 |
++ * Reads @size bytes from @ioc. Returns 0 on success. |
1583 |
++ */ |
1584 |
++static inline int read_sync(QIOChannel *ioc, void *buffer, size_t size) |
1585 |
++{ |
1586 |
++ ssize_t ret = read_sync_eof(ioc, buffer, size); |
1587 |
++ |
1588 |
++ if (ret >= 0 && ret != size) { |
1589 |
++ ret = -EINVAL; |
1590 |
++ } |
1591 |
++ |
1592 |
++ return ret < 0 ? ret : 0; |
1593 |
++} |
1594 |
++ |
1595 |
++/* write_sync |
1596 |
++ * Writes @size bytes to @ioc. Returns 0 on success. |
1597 |
++ */ |
1598 |
++static inline int write_sync(QIOChannel *ioc, const void *buffer, size_t size) |
1599 |
+ { |
1600 |
+ struct iovec iov = { .iov_base = (void *) buffer, .iov_len = size }; |
1601 |
+ |
1602 |
+- return nbd_wr_syncv(ioc, &iov, 1, size, false); |
1603 |
++ ssize_t ret = nbd_wr_syncv(ioc, &iov, 1, size, false); |
1604 |
++ |
1605 |
++ assert(ret < 0 || ret == size); |
1606 |
++ |
1607 |
++ return ret < 0 ? ret : 0; |
1608 |
+ } |
1609 |
+ |
1610 |
+ struct NBDTLSHandshakeData { |
1611 |
+diff --git a/nbd/server.c b/nbd/server.c |
1612 |
+index 924a1fe..a1f106b 100644 |
1613 |
+--- a/nbd/server.c |
1614 |
++++ b/nbd/server.c |
1615 |
+@@ -104,69 +104,6 @@ struct NBDClient { |
1616 |
+ |
1617 |
+ static void nbd_client_receive_next_request(NBDClient *client); |
1618 |
+ |
1619 |
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc, |
1620 |
+- GIOCondition condition, |
1621 |
+- void *opaque) |
1622 |
+-{ |
1623 |
+- qemu_coroutine_enter(opaque); |
1624 |
+- return TRUE; |
1625 |
+-} |
1626 |
+- |
1627 |
+-static ssize_t nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size) |
1628 |
+-{ |
1629 |
+- ssize_t ret; |
1630 |
+- guint watch; |
1631 |
+- |
1632 |
+- assert(qemu_in_coroutine()); |
1633 |
+- /* Negotiation are always in main loop. */ |
1634 |
+- watch = qio_channel_add_watch(ioc, |
1635 |
+- G_IO_IN, |
1636 |
+- nbd_negotiate_continue, |
1637 |
+- qemu_coroutine_self(), |
1638 |
+- NULL); |
1639 |
+- ret = read_sync(ioc, buffer, size); |
1640 |
+- g_source_remove(watch); |
1641 |
+- return ret; |
1642 |
+- |
1643 |
+-} |
1644 |
+- |
1645 |
+-static ssize_t nbd_negotiate_write(QIOChannel *ioc, const void *buffer, |
1646 |
+- size_t size) |
1647 |
+-{ |
1648 |
+- ssize_t ret; |
1649 |
+- guint watch; |
1650 |
+- |
1651 |
+- assert(qemu_in_coroutine()); |
1652 |
+- /* Negotiation are always in main loop. */ |
1653 |
+- watch = qio_channel_add_watch(ioc, |
1654 |
+- G_IO_OUT, |
1655 |
+- nbd_negotiate_continue, |
1656 |
+- qemu_coroutine_self(), |
1657 |
+- NULL); |
1658 |
+- ret = write_sync(ioc, buffer, size); |
1659 |
+- g_source_remove(watch); |
1660 |
+- return ret; |
1661 |
+-} |
1662 |
+- |
1663 |
+-static ssize_t nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size) |
1664 |
+-{ |
1665 |
+- ssize_t ret, dropped = size; |
1666 |
+- uint8_t *buffer = g_malloc(MIN(65536, size)); |
1667 |
+- |
1668 |
+- while (size > 0) { |
1669 |
+- ret = nbd_negotiate_read(ioc, buffer, MIN(65536, size)); |
1670 |
+- if (ret < 0) { |
1671 |
+- g_free(buffer); |
1672 |
+- return ret; |
1673 |
+- } |
1674 |
+- |
1675 |
+- assert(ret <= size); |
1676 |
+- size -= ret; |
1677 |
+- } |
1678 |
+- |
1679 |
+- g_free(buffer); |
1680 |
+- return dropped; |
1681 |
+-} |
1682 |
+ |
1683 |
+ /* Basic flow for negotiation |
1684 |
+ |
1685 |
+@@ -206,22 +143,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type, |
1686 |
+ type, opt, len); |
1687 |
+ |
1688 |
+ magic = cpu_to_be64(NBD_REP_MAGIC); |
1689 |
+- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) { |
1690 |
++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) { |
1691 |
+ LOG("write failed (rep magic)"); |
1692 |
+ return -EINVAL; |
1693 |
+ } |
1694 |
+ opt = cpu_to_be32(opt); |
1695 |
+- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) != sizeof(opt)) { |
1696 |
++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) { |
1697 |
+ LOG("write failed (rep opt)"); |
1698 |
+ return -EINVAL; |
1699 |
+ } |
1700 |
+ type = cpu_to_be32(type); |
1701 |
+- if (nbd_negotiate_write(ioc, &type, sizeof(type)) != sizeof(type)) { |
1702 |
++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) { |
1703 |
+ LOG("write failed (rep type)"); |
1704 |
+ return -EINVAL; |
1705 |
+ } |
1706 |
+ len = cpu_to_be32(len); |
1707 |
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) { |
1708 |
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) { |
1709 |
+ LOG("write failed (rep data length)"); |
1710 |
+ return -EINVAL; |
1711 |
+ } |
1712 |
+@@ -256,7 +193,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type, |
1713 |
+ if (ret < 0) { |
1714 |
+ goto out; |
1715 |
+ } |
1716 |
+- if (nbd_negotiate_write(ioc, msg, len) != len) { |
1717 |
++ if (nbd_write(ioc, msg, len, NULL) < 0) { |
1718 |
+ LOG("write failed (error message)"); |
1719 |
+ ret = -EIO; |
1720 |
+ } else { |
1721 |
+@@ -287,15 +224,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp) |
1722 |
+ } |
1723 |
+ |
1724 |
+ len = cpu_to_be32(name_len); |
1725 |
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) { |
1726 |
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) { |
1727 |
+ LOG("write failed (name length)"); |
1728 |
+ return -EINVAL; |
1729 |
+ } |
1730 |
+- if (nbd_negotiate_write(ioc, name, name_len) != name_len) { |
1731 |
++ if (nbd_write(ioc, name, name_len, NULL) < 0) { |
1732 |
+ LOG("write failed (name buffer)"); |
1733 |
+ return -EINVAL; |
1734 |
+ } |
1735 |
+- if (nbd_negotiate_write(ioc, desc, desc_len) != desc_len) { |
1736 |
++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) { |
1737 |
+ LOG("write failed (description buffer)"); |
1738 |
+ return -EINVAL; |
1739 |
+ } |
1740 |
+@@ -309,7 +246,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) |
1741 |
+ NBDExport *exp; |
1742 |
+ |
1743 |
+ if (length) { |
1744 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) { |
1745 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
1746 |
+ return -EIO; |
1747 |
+ } |
1748 |
+ return nbd_negotiate_send_rep_err(client->ioc, |
1749 |
+@@ -340,7 +277,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) |
1750 |
+ LOG("Bad length received"); |
1751 |
+ goto fail; |
1752 |
+ } |
1753 |
+- if (nbd_negotiate_read(client->ioc, name, length) != length) { |
1754 |
++ if (nbd_read(client->ioc, name, length, NULL) < 0) { |
1755 |
+ LOG("read failed"); |
1756 |
+ goto fail; |
1757 |
+ } |
1758 |
+@@ -373,7 +310,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, |
1759 |
+ TRACE("Setting up TLS"); |
1760 |
+ ioc = client->ioc; |
1761 |
+ if (length) { |
1762 |
+- if (nbd_negotiate_drop_sync(ioc, length) != length) { |
1763 |
++ if (nbd_drop(ioc, length, NULL) < 0) { |
1764 |
+ return NULL; |
1765 |
+ } |
1766 |
+ nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS, |
1767 |
+@@ -437,8 +374,7 @@ static int nbd_negotiate_options(NBDClient *client) |
1768 |
+ ... Rest of request |
1769 |
+ */ |
1770 |
+ |
1771 |
+- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) != |
1772 |
+- sizeof(flags)) { |
1773 |
++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) { |
1774 |
+ LOG("read failed"); |
1775 |
+ return -EIO; |
1776 |
+ } |
1777 |
+@@ -464,8 +400,7 @@ static int nbd_negotiate_options(NBDClient *client) |
1778 |
+ uint32_t clientflags, length; |
1779 |
+ uint64_t magic; |
1780 |
+ |
1781 |
+- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) != |
1782 |
+- sizeof(magic)) { |
1783 |
++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) { |
1784 |
+ LOG("read failed"); |
1785 |
+ return -EINVAL; |
1786 |
+ } |
1787 |
+@@ -475,15 +410,15 @@ static int nbd_negotiate_options(NBDClient *client) |
1788 |
+ return -EINVAL; |
1789 |
+ } |
1790 |
+ |
1791 |
+- if (nbd_negotiate_read(client->ioc, &clientflags, |
1792 |
+- sizeof(clientflags)) != sizeof(clientflags)) { |
1793 |
++ if (nbd_read(client->ioc, &clientflags, |
1794 |
++ sizeof(clientflags), NULL) < 0) |
1795 |
++ { |
1796 |
+ LOG("read failed"); |
1797 |
+ return -EINVAL; |
1798 |
+ } |
1799 |
+ clientflags = be32_to_cpu(clientflags); |
1800 |
+ |
1801 |
+- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) != |
1802 |
+- sizeof(length)) { |
1803 |
++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) { |
1804 |
+ LOG("read failed"); |
1805 |
+ return -EINVAL; |
1806 |
+ } |
1807 |
+@@ -513,7 +448,7 @@ static int nbd_negotiate_options(NBDClient *client) |
1808 |
+ return -EINVAL; |
1809 |
+ |
1810 |
+ default: |
1811 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) { |
1812 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
1813 |
+ return -EIO; |
1814 |
+ } |
1815 |
+ ret = nbd_negotiate_send_rep_err(client->ioc, |
1816 |
+@@ -551,7 +486,7 @@ static int nbd_negotiate_options(NBDClient *client) |
1817 |
+ return nbd_negotiate_handle_export_name(client, length); |
1818 |
+ |
1819 |
+ case NBD_OPT_STARTTLS: |
1820 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) { |
1821 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
1822 |
+ return -EIO; |
1823 |
+ } |
1824 |
+ if (client->tlscreds) { |
1825 |
+@@ -570,7 +505,7 @@ static int nbd_negotiate_options(NBDClient *client) |
1826 |
+ } |
1827 |
+ break; |
1828 |
+ default: |
1829 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) { |
1830 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
1831 |
+ return -EIO; |
1832 |
+ } |
1833 |
+ ret = nbd_negotiate_send_rep_err(client->ioc, |
1834 |
+@@ -659,12 +594,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) |
1835 |
+ TRACE("TLS cannot be enabled with oldstyle protocol"); |
1836 |
+ goto fail; |
1837 |
+ } |
1838 |
+- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) != sizeof(buf)) { |
1839 |
++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) { |
1840 |
+ LOG("write failed"); |
1841 |
+ goto fail; |
1842 |
+ } |
1843 |
+ } else { |
1844 |
+- if (nbd_negotiate_write(client->ioc, buf, 18) != 18) { |
1845 |
++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) { |
1846 |
+ LOG("write failed"); |
1847 |
+ goto fail; |
1848 |
+ } |
1849 |
+@@ -679,7 +614,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) |
1850 |
+ stq_be_p(buf + 18, client->exp->size); |
1851 |
+ stw_be_p(buf + 26, client->exp->nbdflags | myflags); |
1852 |
+ len = client->no_zeroes ? 10 : sizeof(buf) - 18; |
1853 |
+- if (nbd_negotiate_write(client->ioc, buf + 18, len) != len) { |
1854 |
++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) { |
1855 |
+ LOG("write failed"); |
1856 |
+ goto fail; |
1857 |
+ } |
1858 |
+@@ -702,11 +637,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request) |
1859 |
+ return ret; |
1860 |
+ } |
1861 |
+ |
1862 |
+- if (ret != sizeof(buf)) { |
1863 |
+- LOG("read failed"); |
1864 |
+- return -EINVAL; |
1865 |
+- } |
1866 |
+- |
1867 |
+ /* Request |
1868 |
+ [ 0 .. 3] magic (NBD_REQUEST_MAGIC) |
1869 |
+ [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...) |
1870 |
+@@ -737,7 +667,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request) |
1871 |
+ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply) |
1872 |
+ { |
1873 |
+ uint8_t buf[NBD_REPLY_SIZE]; |
1874 |
+- ssize_t ret; |
1875 |
+ |
1876 |
+ reply->error = system_errno_to_nbd_errno(reply->error); |
1877 |
+ |
1878 |
+@@ -754,16 +683,7 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply) |
1879 |
+ stl_be_p(buf + 4, reply->error); |
1880 |
+ stq_be_p(buf + 8, reply->handle); |
1881 |
+ |
1882 |
+- ret = write_sync(ioc, buf, sizeof(buf)); |
1883 |
+- if (ret < 0) { |
1884 |
+- return ret; |
1885 |
+- } |
1886 |
+- |
1887 |
+- if (ret != sizeof(buf)) { |
1888 |
+- LOG("writing to socket failed"); |
1889 |
+- return -EINVAL; |
1890 |
+- } |
1891 |
+- return 0; |
1892 |
++ return write_sync(ioc, buf, sizeof(buf)); |
1893 |
+ } |
1894 |
+ |
1895 |
+ #define MAX_NBD_REQUESTS 16 |
1896 |
+@@ -1067,7 +987,7 @@ static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply, |
1897 |
+ rc = nbd_send_reply(client->ioc, reply); |
1898 |
+ if (rc >= 0) { |
1899 |
+ ret = write_sync(client->ioc, req->data, len); |
1900 |
+- if (ret != len) { |
1901 |
++ if (ret < 0) { |
1902 |
+ rc = -EIO; |
1903 |
+ } |
1904 |
+ } |
1905 |
+@@ -1141,7 +1061,7 @@ static ssize_t nbd_co_receive_request(NBDRequestData *req, |
1906 |
+ if (request->type == NBD_CMD_WRITE) { |
1907 |
+ TRACE("Reading %" PRIu32 " byte(s)", request->len); |
1908 |
+ |
1909 |
+- if (read_sync(client->ioc, req->data, request->len) != request->len) { |
1910 |
++ if (read_sync(client->ioc, req->data, request->len) < 0) { |
1911 |
+ LOG("reading from socket failed"); |
1912 |
+ rc = -EIO; |
1913 |
+ goto out; |
1914 |
|
1915 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch |
1916 |
new file mode 100644 |
1917 |
index 0000000..01c81d1 |
1918 |
--- /dev/null |
1919 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch |
1920 |
@@ -0,0 +1,122 @@ |
1921 |
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001 |
1922 |
+From: Paolo Bonzini <pbonzini@××××××.com> |
1923 |
+Date: Thu, 1 Jun 2017 17:26:14 +0200 |
1924 |
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd |
1925 |
+ |
1926 |
+This ensures that the request is unref'ed properly, and avoids a |
1927 |
+segmentation fault in the new qtest testcase that is added. |
1928 |
+This is CVE-2017-9503. |
1929 |
+ |
1930 |
+Reported-by: Zhangyanyu <zyy4013@×××××××××××.cn> |
1931 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
1932 |
+--- |
1933 |
+ hw/scsi/megasas.c | 31 ++++++++++++++++--------------- |
1934 |
+ 2 files changed, 51 insertions(+), 15 deletions(-) |
1935 |
+ |
1936 |
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
1937 |
+index 135662df31..734fdaef90 100644 |
1938 |
+--- a/hw/scsi/megasas.c |
1939 |
++++ b/hw/scsi/megasas.c |
1940 |
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s) |
1941 |
+ static void megasas_abort_command(MegasasCmd *cmd) |
1942 |
+ { |
1943 |
+ /* Never abort internal commands. */ |
1944 |
++ if (cmd->dcmd_opcode != -1) { |
1945 |
++ return; |
1946 |
++ } |
1947 |
+ if (cmd->req != NULL) { |
1948 |
+ scsi_req_cancel(cmd->req); |
1949 |
+ } |
1950 |
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
1951 |
+ uint64_t pd_size; |
1952 |
+ uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); |
1953 |
+ uint8_t cmdbuf[6]; |
1954 |
+- SCSIRequest *req; |
1955 |
+ size_t len, resid; |
1956 |
+ |
1957 |
+ if (!cmd->iov_buf) { |
1958 |
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
1959 |
+ info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */ |
1960 |
+ info->vpd_page83[0] = 0x7f; |
1961 |
+ megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data)); |
1962 |
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
1963 |
+- if (!req) { |
1964 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
1965 |
++ if (!cmd->req) { |
1966 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
1967 |
+ "PD get info std inquiry"); |
1968 |
+ g_free(cmd->iov_buf); |
1969 |
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
1970 |
+ } |
1971 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
1972 |
+ "PD get info std inquiry", lun); |
1973 |
+- len = scsi_req_enqueue(req); |
1974 |
++ len = scsi_req_enqueue(cmd->req); |
1975 |
+ if (len > 0) { |
1976 |
+ cmd->iov_size = len; |
1977 |
+- scsi_req_continue(req); |
1978 |
++ scsi_req_continue(cmd->req); |
1979 |
+ } |
1980 |
+ return MFI_STAT_INVALID_STATUS; |
1981 |
+ } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) { |
1982 |
+ megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83)); |
1983 |
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
1984 |
+- if (!req) { |
1985 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
1986 |
++ if (!cmd->req) { |
1987 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
1988 |
+ "PD get info vpd inquiry"); |
1989 |
+ return MFI_STAT_FLASH_ALLOC_FAIL; |
1990 |
+ } |
1991 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
1992 |
+ "PD get info vpd inquiry", lun); |
1993 |
+- len = scsi_req_enqueue(req); |
1994 |
++ len = scsi_req_enqueue(cmd->req); |
1995 |
+ if (len > 0) { |
1996 |
+ cmd->iov_size = len; |
1997 |
+- scsi_req_continue(req); |
1998 |
++ scsi_req_continue(cmd->req); |
1999 |
+ } |
2000 |
+ return MFI_STAT_INVALID_STATUS; |
2001 |
+ } |
2002 |
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
2003 |
+ struct mfi_ld_info *info = cmd->iov_buf; |
2004 |
+ size_t dcmd_size = sizeof(struct mfi_ld_info); |
2005 |
+ uint8_t cdb[6]; |
2006 |
+- SCSIRequest *req; |
2007 |
+ ssize_t len, resid; |
2008 |
+ uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); |
2009 |
+ uint64_t ld_size; |
2010 |
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
2011 |
+ cmd->iov_buf = g_malloc0(dcmd_size); |
2012 |
+ info = cmd->iov_buf; |
2013 |
+ megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83)); |
2014 |
+- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); |
2015 |
+- if (!req) { |
2016 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); |
2017 |
++ if (!cmd->req) { |
2018 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
2019 |
+ "LD get info vpd inquiry"); |
2020 |
+ g_free(cmd->iov_buf); |
2021 |
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
2022 |
+ } |
2023 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
2024 |
+ "LD get info vpd inquiry", lun); |
2025 |
+- len = scsi_req_enqueue(req); |
2026 |
++ len = scsi_req_enqueue(cmd->req); |
2027 |
+ if (len > 0) { |
2028 |
+ cmd->iov_size = len; |
2029 |
+- scsi_req_continue(req); |
2030 |
++ scsi_req_continue(cmd->req); |
2031 |
+ } |
2032 |
+ return MFI_STAT_INVALID_STATUS; |
2033 |
+ } |
2034 |
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status, |
2035 |
+ return; |
2036 |
+ } |
2037 |
+ |
2038 |
+- if (cmd->req == NULL) { |
2039 |
++ if (cmd->dcmd_opcode != -1) { |
2040 |
+ /* |
2041 |
+ * Internal command complete |
2042 |
+ */ |
2043 |
|
2044 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch |
2045 |
new file mode 100644 |
2046 |
index 0000000..74725a9 |
2047 |
--- /dev/null |
2048 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch |
2049 |
@@ -0,0 +1,114 @@ |
2050 |
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001 |
2051 |
+From: Paolo Bonzini <pbonzini@××××××.com> |
2052 |
+Date: Thu, 1 Jun 2017 17:18:23 +0200 |
2053 |
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame |
2054 |
+ |
2055 |
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd |
2056 |
+ |
2057 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
2058 |
+--- |
2059 |
+ hw/scsi/megasas.c | 25 +++++++++++-------------- |
2060 |
+ 1 file changed, 11 insertions(+), 14 deletions(-) |
2061 |
+ |
2062 |
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
2063 |
+index c353118882..a3f75c1650 100644 |
2064 |
+--- a/hw/scsi/megasas.c |
2065 |
++++ b/hw/scsi/megasas.c |
2066 |
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd { |
2067 |
+ |
2068 |
+ hwaddr pa; |
2069 |
+ hwaddr pa_size; |
2070 |
++ uint32_t dcmd_opcode; |
2071 |
+ union mfi_frame *frame; |
2072 |
+ SCSIRequest *req; |
2073 |
+ QEMUSGList qsg; |
2074 |
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s, |
2075 |
+ cmd->context &= (uint64_t)0xFFFFFFFF; |
2076 |
+ } |
2077 |
+ cmd->count = count; |
2078 |
++ cmd->dcmd_opcode = -1; |
2079 |
+ s->busy++; |
2080 |
+ |
2081 |
+ if (s->consumer_pa) { |
2082 |
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t { |
2083 |
+ |
2084 |
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) |
2085 |
+ { |
2086 |
+- int opcode; |
2087 |
+ int retval = 0; |
2088 |
+ size_t len; |
2089 |
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; |
2090 |
+ |
2091 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
2092 |
+- trace_megasas_handle_dcmd(cmd->index, opcode); |
2093 |
++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
2094 |
++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode); |
2095 |
+ if (megasas_map_dcmd(s, cmd) < 0) { |
2096 |
+ return MFI_STAT_MEMORY_NOT_AVAILABLE; |
2097 |
+ } |
2098 |
+- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { |
2099 |
++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) { |
2100 |
+ cmdptr++; |
2101 |
+ } |
2102 |
+ len = cmd->iov_size; |
2103 |
+ if (cmdptr->opcode == -1) { |
2104 |
+- trace_megasas_dcmd_unhandled(cmd->index, opcode, len); |
2105 |
++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len); |
2106 |
+ retval = megasas_dcmd_dummy(s, cmd); |
2107 |
+ } else { |
2108 |
+ trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len); |
2109 |
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) |
2110 |
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, |
2111 |
+ SCSIRequest *req) |
2112 |
+ { |
2113 |
+- int opcode; |
2114 |
+ int retval = MFI_STAT_OK; |
2115 |
+ int lun = req->lun; |
2116 |
+ |
2117 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
2118 |
+- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun); |
2119 |
+- switch (opcode) { |
2120 |
++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun); |
2121 |
++ switch (cmd->dcmd_opcode) { |
2122 |
+ case MFI_DCMD_PD_GET_INFO: |
2123 |
+ retval = megasas_pd_get_info_submit(req->dev, lun, cmd); |
2124 |
+ break; |
2125 |
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, |
2126 |
+ retval = megasas_ld_get_info_submit(req->dev, lun, cmd); |
2127 |
+ break; |
2128 |
+ default: |
2129 |
+- trace_megasas_dcmd_internal_invalid(cmd->index, opcode); |
2130 |
++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode); |
2131 |
+ retval = MFI_STAT_INVALID_DCMD; |
2132 |
+ break; |
2133 |
+ } |
2134 |
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
2135 |
+ { |
2136 |
+ MegasasCmd *cmd = req->hba_private; |
2137 |
+ uint8_t *buf; |
2138 |
+- uint32_t opcode; |
2139 |
+ |
2140 |
+ trace_megasas_io_complete(cmd->index, len); |
2141 |
+ |
2142 |
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
2143 |
+ } |
2144 |
+ |
2145 |
+ buf = scsi_req_get_buf(req); |
2146 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
2147 |
+- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { |
2148 |
++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { |
2149 |
+ struct mfi_pd_info *info = cmd->iov_buf; |
2150 |
+ |
2151 |
+ if (info->inquiry_data[0] == 0x7f) { |
2152 |
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
2153 |
+ memcpy(info->vpd_page83, buf, len); |
2154 |
+ } |
2155 |
+ scsi_req_continue(req); |
2156 |
+- } else if (opcode == MFI_DCMD_LD_GET_INFO) { |
2157 |
++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) { |
2158 |
+ struct mfi_ld_info *info = cmd->iov_buf; |
2159 |
+ |
2160 |
+ if (cmd->iov_buf) { |
2161 |
+-- |
2162 |
+2.13.0 |
2163 |
+ |
2164 |
|
2165 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch |
2166 |
new file mode 100644 |
2167 |
index 0000000..9d77193 |
2168 |
--- /dev/null |
2169 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch |
2170 |
@@ -0,0 +1,80 @@ |
2171 |
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001 |
2172 |
+From: Eric Blake <eblake@××××××.com> |
2173 |
+Date: Fri, 26 May 2017 22:04:21 -0500 |
2174 |
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation |
2175 |
+ |
2176 |
+If a non-NBD client connects to qemu-nbd, we would end up with |
2177 |
+a SIGSEGV in nbd_client_put() because we were trying to |
2178 |
+unregister the client's association to the export, even though |
2179 |
+we skipped inserting the client into that list. Easy trigger |
2180 |
+in two terminals: |
2181 |
+ |
2182 |
+$ qemu-nbd -p 30001 --format=raw file |
2183 |
+$ nmap 127.0.0.1 -p 30001 |
2184 |
+ |
2185 |
+nmap claims that it thinks it connected to a pago-services1 |
2186 |
+server (which probably means nmap could be updated to learn the |
2187 |
+NBD protocol and give a more accurate diagnosis of the open |
2188 |
+port - but that's not our problem), then terminates immediately, |
2189 |
+so our call to nbd_negotiate() fails. The fix is to reorder |
2190 |
+nbd_co_client_start() to ensure that all initialization occurs |
2191 |
+before we ever try talking to a client in nbd_negotiate(), so |
2192 |
+that the teardown sequence on negotiation failure doesn't fault |
2193 |
+while dereferencing a half-initialized object. |
2194 |
+ |
2195 |
+While debugging this, I also noticed that nbd_update_server_watch() |
2196 |
+called by nbd_client_closed() was still adding a channel to accept |
2197 |
+the next client, even when the state was no longer RUNNING. That |
2198 |
+is fixed by making nbd_can_accept() pay attention to the current |
2199 |
+state. |
2200 |
+ |
2201 |
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 |
2202 |
+ |
2203 |
+Signed-off-by: Eric Blake <eblake@××××××.com> |
2204 |
+Message-Id: <20170527030421.28366-1-eblake@××××××.com> |
2205 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
2206 |
+--- |
2207 |
+ nbd/server.c | 8 +++----- |
2208 |
+ qemu-nbd.c | 2 +- |
2209 |
+ 2 files changed, 4 insertions(+), 6 deletions(-) |
2210 |
+ |
2211 |
+diff --git a/nbd/server.c b/nbd/server.c |
2212 |
+index ee59e5d234..49b55f6ede 100644 |
2213 |
+--- a/nbd/server.c |
2214 |
++++ b/nbd/server.c |
2215 |
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque) |
2216 |
+ |
2217 |
+ if (exp) { |
2218 |
+ nbd_export_get(exp); |
2219 |
++ QTAILQ_INSERT_TAIL(&exp->clients, client, next); |
2220 |
+ } |
2221 |
++ qemu_co_mutex_init(&client->send_lock); |
2222 |
++ |
2223 |
+ if (nbd_negotiate(data)) { |
2224 |
+ client_close(client); |
2225 |
+ goto out; |
2226 |
+ } |
2227 |
+- qemu_co_mutex_init(&client->send_lock); |
2228 |
+- |
2229 |
+- if (exp) { |
2230 |
+- QTAILQ_INSERT_TAIL(&exp->clients, client, next); |
2231 |
+- } |
2232 |
+ |
2233 |
+ nbd_client_receive_next_request(client); |
2234 |
+ |
2235 |
+diff --git a/qemu-nbd.c b/qemu-nbd.c |
2236 |
+index f60842fd86..651f85ecc1 100644 |
2237 |
+--- a/qemu-nbd.c |
2238 |
++++ b/qemu-nbd.c |
2239 |
+@@ -325,7 +325,7 @@ out: |
2240 |
+ |
2241 |
+ static int nbd_can_accept(void) |
2242 |
+ { |
2243 |
+- return nb_fds < shared; |
2244 |
++ return state == RUNNING && nb_fds < shared; |
2245 |
+ } |
2246 |
+ |
2247 |
+ static void nbd_export_closed(NBDExport *exp) |
2248 |
+-- |
2249 |
+2.13.0 |
2250 |
+ |
2251 |
|
2252 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch |
2253 |
new file mode 100644 |
2254 |
index 0000000..e6934b3 |
2255 |
--- /dev/null |
2256 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch |
2257 |
@@ -0,0 +1,197 @@ |
2258 |
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001 |
2259 |
+From: Eric Blake <eblake@××××××.com> |
2260 |
+Date: Thu, 8 Jun 2017 17:26:17 -0500 |
2261 |
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan |
2262 |
+ |
2263 |
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient |
2264 |
+server would not quit, regardless of how many probe connections |
2265 |
+came and went, until a connection actually negotiated). But we |
2266 |
+broke that in commit ee7d7aa when removing the return value to |
2267 |
+nbd_client_new(), although that patch also introduced a bug causing |
2268 |
+an assertion failure on a client that fails negotiation. We then |
2269 |
+made it worse during refactoring in commit 1a6245a (a segfault |
2270 |
+before we could even assert); the (masked) assertion was cleaned |
2271 |
+up in d3780c2 (still in 2.6), and just recently we finally fixed |
2272 |
+the segfault ("nbd: Fully intialize client in case of failed |
2273 |
+negotiation"). But that still means that ever since we added |
2274 |
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed |
2275 |
+port-scan being able to cause a denial of service by taking down |
2276 |
+qemu-nbd before a real client has a chance to connect. |
2277 |
+ |
2278 |
+Since negotiation is now handled asynchronously via coroutines, |
2279 |
+we no longer have a synchronous point of return by re-adding a |
2280 |
+return value to nbd_client_new(). So this patch instead wires |
2281 |
+things up to pass the negotiation status through the close_fn |
2282 |
+callback function. |
2283 |
+ |
2284 |
+Simple test across two terminals: |
2285 |
+$ qemu-nbd -f raw -p 30001 file |
2286 |
+$ nmap 127.0.0.1 -p 30001 && \ |
2287 |
+ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 |
2288 |
+ |
2289 |
+Note that this patch does not change what constitutes successful |
2290 |
+negotiation (thus, a client must enter transmission phase before |
2291 |
+that client can be considered as a reason to terminate the server |
2292 |
+when the connection ends). Perhaps we may want to tweak things |
2293 |
+in a later patch to also treat a client that uses NBD_OPT_ABORT |
2294 |
+as being a 'successful' negotiation (the client correctly talked |
2295 |
+the NBD protocol, and informed us it was not going to use our |
2296 |
+export after all), but that's a discussion for another day. |
2297 |
+ |
2298 |
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 |
2299 |
+ |
2300 |
+Signed-off-by: Eric Blake <eblake@××××××.com> |
2301 |
+Message-Id: <20170608222617.20376-1-eblake@××××××.com> |
2302 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
2303 |
+--- |
2304 |
+ blockdev-nbd.c | 6 +++++- |
2305 |
+ include/block/nbd.h | 2 +- |
2306 |
+ nbd/server.c | 24 +++++++++++++++--------- |
2307 |
+ qemu-nbd.c | 4 ++-- |
2308 |
+ 4 files changed, 23 insertions(+), 13 deletions(-) |
2309 |
+ |
2310 |
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c |
2311 |
+index dd0860f4a6..28f551a7b0 100644 |
2312 |
+--- a/blockdev-nbd.c |
2313 |
++++ b/blockdev-nbd.c |
2314 |
+@@ -27,6 +27,10 @@ typedef struct NBDServerData { |
2315 |
+ |
2316 |
+ static NBDServerData *nbd_server; |
2317 |
+ |
2318 |
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) |
2319 |
++{ |
2320 |
++ nbd_client_put(client); |
2321 |
++} |
2322 |
+ |
2323 |
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, |
2324 |
+ gpointer opaque) |
2325 |
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, |
2326 |
+ qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); |
2327 |
+ nbd_client_new(NULL, cioc, |
2328 |
+ nbd_server->tlscreds, NULL, |
2329 |
+- nbd_client_put); |
2330 |
++ nbd_blockdev_client_closed); |
2331 |
+ object_unref(OBJECT(cioc)); |
2332 |
+ return TRUE; |
2333 |
+ } |
2334 |
+diff --git a/include/block/nbd.h b/include/block/nbd.h |
2335 |
+index 416257abca..8fa5ce51f3 100644 |
2336 |
+--- a/include/block/nbd.h |
2337 |
++++ b/include/block/nbd.h |
2338 |
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp, |
2339 |
+ QIOChannelSocket *sioc, |
2340 |
+ QCryptoTLSCreds *tlscreds, |
2341 |
+ const char *tlsaclname, |
2342 |
+- void (*close)(NBDClient *)); |
2343 |
++ void (*close_fn)(NBDClient *, bool)); |
2344 |
+ void nbd_client_get(NBDClient *client); |
2345 |
+ void nbd_client_put(NBDClient *client); |
2346 |
+ |
2347 |
+diff --git a/nbd/server.c b/nbd/server.c |
2348 |
+index 49b55f6ede..f2b1aa47ce 100644 |
2349 |
+--- a/nbd/server.c |
2350 |
++++ b/nbd/server.c |
2351 |
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); |
2352 |
+ |
2353 |
+ struct NBDClient { |
2354 |
+ int refcount; |
2355 |
+- void (*close)(NBDClient *client); |
2356 |
++ void (*close_fn)(NBDClient *client, bool negotiated); |
2357 |
+ |
2358 |
+ bool no_zeroes; |
2359 |
+ NBDExport *exp; |
2360 |
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client) |
2361 |
+ } |
2362 |
+ } |
2363 |
+ |
2364 |
+-static void client_close(NBDClient *client) |
2365 |
++static void client_close(NBDClient *client, bool negotiated) |
2366 |
+ { |
2367 |
+ if (client->closing) { |
2368 |
+ return; |
2369 |
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client) |
2370 |
+ NULL); |
2371 |
+ |
2372 |
+ /* Also tell the client, so that they release their reference. */ |
2373 |
+- if (client->close) { |
2374 |
+- client->close(client); |
2375 |
++ if (client->close_fn) { |
2376 |
++ client->close_fn(client, negotiated); |
2377 |
+ } |
2378 |
+ } |
2379 |
+ |
2380 |
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp) |
2381 |
+ |
2382 |
+ nbd_export_get(exp); |
2383 |
+ QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { |
2384 |
+- client_close(client); |
2385 |
++ client_close(client, true); |
2386 |
+ } |
2387 |
+ nbd_export_set_name(exp, NULL); |
2388 |
+ nbd_export_set_description(exp, NULL); |
2389 |
+@@ -1337,7 +1337,7 @@ done: |
2390 |
+ |
2391 |
+ out: |
2392 |
+ nbd_request_put(req); |
2393 |
+- client_close(client); |
2394 |
++ client_close(client, true); |
2395 |
+ nbd_client_put(client); |
2396 |
+ } |
2397 |
+ |
2398 |
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) |
2399 |
+ qemu_co_mutex_init(&client->send_lock); |
2400 |
+ |
2401 |
+ if (nbd_negotiate(data)) { |
2402 |
+- client_close(client); |
2403 |
++ client_close(client, false); |
2404 |
+ goto out; |
2405 |
+ } |
2406 |
+ |
2407 |
+@@ -1373,11 +1373,17 @@ out: |
2408 |
+ g_free(data); |
2409 |
+ } |
2410 |
+ |
2411 |
++/* |
2412 |
++ * Create a new client listener on the given export @exp, using the |
2413 |
++ * given channel @sioc. Begin servicing it in a coroutine. When the |
2414 |
++ * connection closes, call @close_fn with an indication of whether the |
2415 |
++ * client completed negotiation. |
2416 |
++ */ |
2417 |
+ void nbd_client_new(NBDExport *exp, |
2418 |
+ QIOChannelSocket *sioc, |
2419 |
+ QCryptoTLSCreds *tlscreds, |
2420 |
+ const char *tlsaclname, |
2421 |
+- void (*close_fn)(NBDClient *)) |
2422 |
++ void (*close_fn)(NBDClient *, bool)) |
2423 |
+ { |
2424 |
+ NBDClient *client; |
2425 |
+ NBDClientNewData *data = g_new(NBDClientNewData, 1); |
2426 |
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp, |
2427 |
+ object_ref(OBJECT(client->sioc)); |
2428 |
+ client->ioc = QIO_CHANNEL(sioc); |
2429 |
+ object_ref(OBJECT(client->ioc)); |
2430 |
+- client->close = close_fn; |
2431 |
++ client->close_fn = close_fn; |
2432 |
+ |
2433 |
+ data->client = client; |
2434 |
+ data->co = qemu_coroutine_create(nbd_co_client_start, data); |
2435 |
+diff --git a/qemu-nbd.c b/qemu-nbd.c |
2436 |
+index 651f85ecc1..9464a0461c 100644 |
2437 |
+--- a/qemu-nbd.c |
2438 |
++++ b/qemu-nbd.c |
2439 |
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp) |
2440 |
+ |
2441 |
+ static void nbd_update_server_watch(void); |
2442 |
+ |
2443 |
+-static void nbd_client_closed(NBDClient *client) |
2444 |
++static void nbd_client_closed(NBDClient *client, bool negotiated) |
2445 |
+ { |
2446 |
+ nb_fds--; |
2447 |
+- if (nb_fds == 0 && !persistent && state == RUNNING) { |
2448 |
++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) { |
2449 |
+ state = TERMINATE; |
2450 |
+ } |
2451 |
+ nbd_update_server_watch(); |
2452 |
+-- |
2453 |
+2.13.0 |
2454 |
+ |
2455 |
|
2456 |
diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild |
2457 |
deleted file mode 100644 |
2458 |
index ff24476..0000000 |
2459 |
--- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild |
2460 |
+++ /dev/null |
2461 |
@@ -1,770 +0,0 @@ |
2462 |
-# Copyright 1999-2017 Gentoo Foundation |
2463 |
-# Distributed under the terms of the GNU General Public License v2 |
2464 |
- |
2465 |
-EAPI="6" |
2466 |
- |
2467 |
-PYTHON_COMPAT=( python2_7 ) |
2468 |
-PYTHON_REQ_USE="ncurses,readline" |
2469 |
- |
2470 |
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN" |
2471 |
- |
2472 |
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ |
2473 |
- user udev fcaps readme.gentoo-r1 pax-utils l10n |
2474 |
- |
2475 |
-if [[ ${PV} = *9999* ]]; then |
2476 |
- EGIT_REPO_URI="git://git.qemu.org/qemu.git" |
2477 |
- inherit git-r3 |
2478 |
- SRC_URI="" |
2479 |
-else |
2480 |
- SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" |
2481 |
- KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" |
2482 |
-fi |
2483 |
- |
2484 |
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
2485 |
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" |
2486 |
- |
2487 |
-LICENSE="GPL-2 LGPL-2 BSD-2" |
2488 |
-SLOT="0" |
2489 |
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt |
2490 |
- glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux |
2491 |
- kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png |
2492 |
- pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy |
2493 |
- spice ssh static static-user systemtap tci test usb usbredir vde |
2494 |
- +vhost-net virgl virtfs +vnc vte xattr xen xfs" |
2495 |
- |
2496 |
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel |
2497 |
- mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc |
2498 |
- sparc64 x86_64" |
2499 |
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} |
2500 |
- lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" |
2501 |
-IUSE_USER_TARGETS="${COMMON_TARGETS} |
2502 |
- armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" |
2503 |
- |
2504 |
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
2505 |
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
2506 |
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}" |
2507 |
- |
2508 |
-# Allow no targets to be built so that people can get a tools-only build. |
2509 |
-# Block USE flag configurations known to not work. |
2510 |
-REQUIRED_USE="${PYTHON_REQUIRED_USE} |
2511 |
- gtk2? ( gtk ) |
2512 |
- qemu_softmmu_targets_arm? ( fdt ) |
2513 |
- qemu_softmmu_targets_microblaze? ( fdt ) |
2514 |
- qemu_softmmu_targets_ppc? ( fdt ) |
2515 |
- qemu_softmmu_targets_ppc64? ( fdt ) |
2516 |
- sdl2? ( sdl ) |
2517 |
- static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) |
2518 |
- virtfs? ( xattr ) |
2519 |
- vte? ( gtk )" |
2520 |
- |
2521 |
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
2522 |
-# and user/softmmu targets (qemu-*, qemu-system-*). |
2523 |
-# |
2524 |
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. |
2525 |
-# |
2526 |
-# The attr lib isn't always linked in (although the USE flag is always |
2527 |
-# respected). This is because qemu supports using the C library's API |
2528 |
-# when available rather than always using the extranl library. |
2529 |
-ALL_DEPEND=" |
2530 |
- >=dev-libs/glib-2.0[static-libs(+)] |
2531 |
- sys-libs/zlib[static-libs(+)] |
2532 |
- python? ( ${PYTHON_DEPS} ) |
2533 |
- systemtap? ( dev-util/systemtap ) |
2534 |
- xattr? ( sys-apps/attr[static-libs(+)] )" |
2535 |
- |
2536 |
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
2537 |
-# softmmu targets (qemu-system-*). |
2538 |
-SOFTMMU_TOOLS_DEPEND=" |
2539 |
- >=x11-libs/pixman-0.28.0[static-libs(+)] |
2540 |
- accessibility? ( |
2541 |
- app-accessibility/brltty[api] |
2542 |
- app-accessibility/brltty[static-libs(+)] |
2543 |
- ) |
2544 |
- aio? ( dev-libs/libaio[static-libs(+)] ) |
2545 |
- alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
2546 |
- bluetooth? ( net-wireless/bluez ) |
2547 |
- bzip2? ( app-arch/bzip2[static-libs(+)] ) |
2548 |
- caps? ( sys-libs/libcap-ng[static-libs(+)] ) |
2549 |
- curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) |
2550 |
- fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) |
2551 |
- glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) |
2552 |
- gnutls? ( |
2553 |
- dev-libs/nettle:=[static-libs(+)] |
2554 |
- >=net-libs/gnutls-3.0:=[static-libs(+)] |
2555 |
- ) |
2556 |
- gtk? ( |
2557 |
- gtk2? ( |
2558 |
- x11-libs/gtk+:2 |
2559 |
- vte? ( x11-libs/vte:0 ) |
2560 |
- ) |
2561 |
- !gtk2? ( |
2562 |
- x11-libs/gtk+:3 |
2563 |
- vte? ( x11-libs/vte:2.91 ) |
2564 |
- ) |
2565 |
- ) |
2566 |
- infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) |
2567 |
- iscsi? ( net-libs/libiscsi ) |
2568 |
- jpeg? ( virtual/jpeg:0=[static-libs(+)] ) |
2569 |
- lzo? ( dev-libs/lzo:2[static-libs(+)] ) |
2570 |
- ncurses? ( |
2571 |
- sys-libs/ncurses:0=[unicode] |
2572 |
- sys-libs/ncurses:0=[static-libs(+)] |
2573 |
- ) |
2574 |
- nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) |
2575 |
- numa? ( sys-process/numactl[static-libs(+)] ) |
2576 |
- opengl? ( |
2577 |
- virtual/opengl |
2578 |
- media-libs/libepoxy[static-libs(+)] |
2579 |
- media-libs/mesa[static-libs(+)] |
2580 |
- media-libs/mesa[egl,gbm] |
2581 |
- ) |
2582 |
- png? ( media-libs/libpng:0=[static-libs(+)] ) |
2583 |
- pulseaudio? ( media-sound/pulseaudio ) |
2584 |
- rbd? ( sys-cluster/ceph[static-libs(+)] ) |
2585 |
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) |
2586 |
- sdl? ( |
2587 |
- !sdl2? ( |
2588 |
- media-libs/libsdl[X] |
2589 |
- >=media-libs/libsdl-1.2.11[static-libs(+)] |
2590 |
- ) |
2591 |
- sdl2? ( |
2592 |
- media-libs/libsdl2[X] |
2593 |
- media-libs/libsdl2[static-libs(+)] |
2594 |
- ) |
2595 |
- ) |
2596 |
- seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
2597 |
- smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
2598 |
- snappy? ( app-arch/snappy[static-libs(+)] ) |
2599 |
- spice? ( |
2600 |
- >=app-emulation/spice-protocol-0.12.3 |
2601 |
- >=app-emulation/spice-0.12.0[static-libs(+)] |
2602 |
- ) |
2603 |
- ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) |
2604 |
- usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) |
2605 |
- usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) |
2606 |
- vde? ( net-misc/vde[static-libs(+)] ) |
2607 |
- virgl? ( media-libs/virglrenderer[static-libs(+)] ) |
2608 |
- virtfs? ( sys-libs/libcap ) |
2609 |
- xen? ( app-emulation/xen-tools:= ) |
2610 |
- xfs? ( sys-fs/xfsprogs[static-libs(+)] )" |
2611 |
- |
2612 |
-X86_FIRMWARE_DEPEND=" |
2613 |
- >=sys-firmware/ipxe-1.0.0_p20130624 |
2614 |
- pin-upstream-blobs? ( |
2615 |
- ~sys-firmware/seabios-1.10.1 |
2616 |
- ~sys-firmware/sgabios-0.1_pre8 |
2617 |
- ~sys-firmware/vgabios-0.7a |
2618 |
- ) |
2619 |
- !pin-upstream-blobs? ( |
2620 |
- sys-firmware/seabios |
2621 |
- sys-firmware/sgabios |
2622 |
- sys-firmware/vgabios |
2623 |
- )" |
2624 |
- |
2625 |
-CDEPEND=" |
2626 |
- !static? ( |
2627 |
- ${ALL_DEPEND//\[static-libs(+)]} |
2628 |
- ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} |
2629 |
- ) |
2630 |
- qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) |
2631 |
- qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" |
2632 |
-DEPEND="${CDEPEND} |
2633 |
- dev-lang/perl |
2634 |
- =dev-lang/python-2* |
2635 |
- sys-apps/texinfo |
2636 |
- virtual/pkgconfig |
2637 |
- kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) |
2638 |
- gtk? ( nls? ( sys-devel/gettext ) ) |
2639 |
- static? ( |
2640 |
- ${ALL_DEPEND} |
2641 |
- ${SOFTMMU_TOOLS_DEPEND} |
2642 |
- ) |
2643 |
- static-user? ( ${ALL_DEPEND} ) |
2644 |
- test? ( |
2645 |
- dev-libs/glib[utils] |
2646 |
- sys-devel/bc |
2647 |
- )" |
2648 |
-RDEPEND="${CDEPEND} |
2649 |
- selinux? ( sec-policy/selinux-qemu )" |
2650 |
- |
2651 |
-PATCHES=( |
2652 |
- # musl patches |
2653 |
- "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch |
2654 |
- "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch |
2655 |
- "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch |
2656 |
- |
2657 |
- # gentoo patches |
2658 |
- "${FILESDIR}"/${PN}-2.5.0-cflags.patch |
2659 |
- "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
2660 |
- "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108 |
2661 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826 |
2662 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630 |
2663 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444 |
2664 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720 |
2665 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264 |
2666 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch |
2667 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722 |
2668 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000 |
2669 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100 |
2670 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036 |
2671 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038 |
2672 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520 |
2673 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334 |
2674 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398 |
2675 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220 |
2676 |
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744 |
2677 |
- "${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch #616484 |
2678 |
- "${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch #616460 |
2679 |
-) |
2680 |
- |
2681 |
-STRIP_MASK="/usr/share/qemu/palcode-clipper" |
2682 |
- |
2683 |
-QA_PREBUILT=" |
2684 |
- usr/share/qemu/openbios-ppc |
2685 |
- usr/share/qemu/openbios-sparc64 |
2686 |
- usr/share/qemu/openbios-sparc32 |
2687 |
- usr/share/qemu/palcode-clipper |
2688 |
- usr/share/qemu/s390-ccw.img |
2689 |
- usr/share/qemu/u-boot.e500" |
2690 |
- |
2691 |
-QA_WX_LOAD="usr/bin/qemu-i386 |
2692 |
- usr/bin/qemu-x86_64 |
2693 |
- usr/bin/qemu-alpha |
2694 |
- usr/bin/qemu-arm |
2695 |
- usr/bin/qemu-cris |
2696 |
- usr/bin/qemu-m68k |
2697 |
- usr/bin/qemu-microblaze |
2698 |
- usr/bin/qemu-microblazeel |
2699 |
- usr/bin/qemu-mips |
2700 |
- usr/bin/qemu-mipsel |
2701 |
- usr/bin/qemu-or32 |
2702 |
- usr/bin/qemu-ppc |
2703 |
- usr/bin/qemu-ppc64 |
2704 |
- usr/bin/qemu-ppc64abi32 |
2705 |
- usr/bin/qemu-sh4 |
2706 |
- usr/bin/qemu-sh4eb |
2707 |
- usr/bin/qemu-sparc |
2708 |
- usr/bin/qemu-sparc64 |
2709 |
- usr/bin/qemu-armeb |
2710 |
- usr/bin/qemu-sparc32plus |
2711 |
- usr/bin/qemu-s390x |
2712 |
- usr/bin/qemu-unicore32" |
2713 |
- |
2714 |
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the |
2715 |
-kernel module loaded before running kvm. The easiest way to ensure that the |
2716 |
-kernel module is loaded is to load it on boot. |
2717 |
- For AMD CPUs the module is called 'kvm-amd'. |
2718 |
- For Intel CPUs the module is called 'kvm-intel'. |
2719 |
-Please review /etc/conf.d/modules for how to load these. |
2720 |
- |
2721 |
-Make sure your user is in the 'kvm' group. Just run |
2722 |
- $ gpasswd -a <USER> kvm |
2723 |
-then have <USER> re-login. |
2724 |
- |
2725 |
-For brand new installs, the default permissions on /dev/kvm might not let |
2726 |
-you access it. You can tell udev to reset ownership/perms: |
2727 |
- $ udevadm trigger -c add /dev/kvm |
2728 |
- |
2729 |
-If you want to register binfmt handlers for qemu user targets: |
2730 |
-For openrc: |
2731 |
- # rc-update add qemu-binfmt |
2732 |
-For systemd: |
2733 |
- # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" |
2734 |
- |
2735 |
-pkg_pretend() { |
2736 |
- if use kernel_linux && kernel_is lt 2 6 25; then |
2737 |
- eerror "This version of KVM requres a host kernel of 2.6.25 or higher." |
2738 |
- elif use kernel_linux; then |
2739 |
- if ! linux_config_exists; then |
2740 |
- eerror "Unable to check your kernel for KVM support" |
2741 |
- else |
2742 |
- CONFIG_CHECK="~KVM ~TUN ~BRIDGE" |
2743 |
- ERROR_KVM="You must enable KVM in your kernel to continue" |
2744 |
- ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" |
2745 |
- ERROR_KVM_AMD+=" your kernel configuration." |
2746 |
- ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" |
2747 |
- ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." |
2748 |
- ERROR_TUN="You will need the Universal TUN/TAP driver compiled" |
2749 |
- ERROR_TUN+=" into your kernel or loaded as a module to use the" |
2750 |
- ERROR_TUN+=" virtual network device if using -net tap." |
2751 |
- ERROR_BRIDGE="You will also need support for 802.1d" |
2752 |
- ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." |
2753 |
- use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" |
2754 |
- ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" |
2755 |
- ERROR_VHOST_NET+=" support" |
2756 |
- |
2757 |
- if use amd64 || use x86 || use amd64-linux || use x86-linux; then |
2758 |
- CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" |
2759 |
- fi |
2760 |
- |
2761 |
- use python && CONFIG_CHECK+=" ~DEBUG_FS" |
2762 |
- ERROR_DEBUG_FS="debugFS support required for kvm_stat" |
2763 |
- |
2764 |
- # Now do the actual checks setup above |
2765 |
- check_extra_config |
2766 |
- fi |
2767 |
- fi |
2768 |
- |
2769 |
- if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then |
2770 |
- eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" |
2771 |
- eerror "instances are still pointing to it. Please update your" |
2772 |
- eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" |
2773 |
- eerror "and the right system binary (e.g. qemu-system-x86_64)." |
2774 |
- die "update your virt configs to not use qemu-kvm" |
2775 |
- fi |
2776 |
-} |
2777 |
- |
2778 |
-pkg_setup() { |
2779 |
- enewgroup kvm 78 |
2780 |
-} |
2781 |
- |
2782 |
-# Sanity check to make sure target lists are kept up-to-date. |
2783 |
-check_targets() { |
2784 |
- local var=$1 mak=$2 |
2785 |
- local detected sorted |
2786 |
- |
2787 |
- pushd "${S}"/default-configs >/dev/null || die |
2788 |
- |
2789 |
- # Force C locale until glibc is updated. #564936 |
2790 |
- detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) |
2791 |
- sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) |
2792 |
- if [[ ${sorted} != "${detected}" ]] ; then |
2793 |
- eerror "The ebuild needs to be kept in sync." |
2794 |
- eerror "${var}: ${sorted}" |
2795 |
- eerror "$(printf '%-*s' ${#var} configure): ${detected}" |
2796 |
- die "sync ${var} to the list of targets" |
2797 |
- fi |
2798 |
- |
2799 |
- popd >/dev/null |
2800 |
-} |
2801 |
- |
2802 |
-handle_locales() { |
2803 |
- # Make sure locale list is kept up-to-date. |
2804 |
- local detected sorted |
2805 |
- detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) |
2806 |
- sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) |
2807 |
- if [[ ${sorted} != "${detected}" ]] ; then |
2808 |
- eerror "The ebuild needs to be kept in sync." |
2809 |
- eerror "PLOCALES: ${sorted}" |
2810 |
- eerror " po/*.po: ${detected}" |
2811 |
- die "sync PLOCALES" |
2812 |
- fi |
2813 |
- |
2814 |
- # Deal with selective install of locales. |
2815 |
- if use nls ; then |
2816 |
- # Delete locales the user does not want. #577814 |
2817 |
- rm_loc() { rm po/$1.po || die; } |
2818 |
- l10n_for_each_disabled_locale_do rm_loc |
2819 |
- else |
2820 |
- # Cheap hack to disable gettext .mo generation. |
2821 |
- rm -f po/*.po |
2822 |
- fi |
2823 |
-} |
2824 |
- |
2825 |
-src_prepare() { |
2826 |
- check_targets IUSE_SOFTMMU_TARGETS softmmu |
2827 |
- check_targets IUSE_USER_TARGETS linux-user |
2828 |
- |
2829 |
- # Alter target makefiles to accept CFLAGS set via flag-o |
2830 |
- sed -i -r \ |
2831 |
- -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ |
2832 |
- Makefile Makefile.target || die |
2833 |
- |
2834 |
- default |
2835 |
- |
2836 |
- # Fix ld and objcopy being called directly |
2837 |
- tc-export AR LD OBJCOPY |
2838 |
- |
2839 |
- # Verbose builds |
2840 |
- MAKEOPTS+=" V=1" |
2841 |
- |
2842 |
- # Run after we've applied all patches. |
2843 |
- handle_locales |
2844 |
-} |
2845 |
- |
2846 |
-## |
2847 |
-# configures qemu based on the build directory and the build type |
2848 |
-# we are using. |
2849 |
-# |
2850 |
-qemu_src_configure() { |
2851 |
- debug-print-function ${FUNCNAME} "$@" |
2852 |
- |
2853 |
- local buildtype=$1 |
2854 |
- local builddir="${S}/${buildtype}-build" |
2855 |
- |
2856 |
- mkdir "${builddir}" |
2857 |
- |
2858 |
- local conf_opts=( |
2859 |
- --prefix=/usr |
2860 |
- --sysconfdir=/etc |
2861 |
- --libdir=/usr/$(get_libdir) |
2862 |
- --docdir=/usr/share/doc/${PF}/html |
2863 |
- --disable-bsd-user |
2864 |
- --disable-guest-agent |
2865 |
- --disable-strip |
2866 |
- --disable-werror |
2867 |
- # We support gnutls/nettle for crypto operations. It is possible |
2868 |
- # to use gcrypt when gnutls/nettle are disabled (but not when they |
2869 |
- # are enabled), but it's not really worth the hassle. Disable it |
2870 |
- # all the time to avoid automatically detecting it. #568856 |
2871 |
- --disable-gcrypt |
2872 |
- --python="${PYTHON}" |
2873 |
- --cc="$(tc-getCC)" |
2874 |
- --cxx="$(tc-getCXX)" |
2875 |
- --host-cc="$(tc-getBUILD_CC)" |
2876 |
- $(use_enable debug debug-info) |
2877 |
- $(use_enable debug debug-tcg) |
2878 |
- --enable-docs |
2879 |
- $(use_enable tci tcg-interpreter) |
2880 |
- $(use_enable xattr attr) |
2881 |
- ) |
2882 |
- |
2883 |
- # Disable options not used by user targets. This simplifies building |
2884 |
- # static user targets (USE=static-user) considerably. |
2885 |
- conf_notuser() { |
2886 |
- if [[ ${buildtype} == "user" ]] ; then |
2887 |
- echo "--disable-${2:-$1}" |
2888 |
- else |
2889 |
- use_enable "$@" |
2890 |
- fi |
2891 |
- } |
2892 |
- conf_opts+=( |
2893 |
- $(conf_notuser accessibility brlapi) |
2894 |
- $(conf_notuser aio linux-aio) |
2895 |
- $(conf_notuser bzip2) |
2896 |
- $(conf_notuser bluetooth bluez) |
2897 |
- $(conf_notuser caps cap-ng) |
2898 |
- $(conf_notuser curl) |
2899 |
- $(conf_notuser fdt) |
2900 |
- $(conf_notuser glusterfs) |
2901 |
- $(conf_notuser gnutls) |
2902 |
- $(conf_notuser gnutls nettle) |
2903 |
- $(conf_notuser gtk) |
2904 |
- $(conf_notuser infiniband rdma) |
2905 |
- $(conf_notuser iscsi libiscsi) |
2906 |
- $(conf_notuser jpeg vnc-jpeg) |
2907 |
- $(conf_notuser kernel_linux kvm) |
2908 |
- $(conf_notuser lzo) |
2909 |
- $(conf_notuser ncurses curses) |
2910 |
- $(conf_notuser nfs libnfs) |
2911 |
- $(conf_notuser numa) |
2912 |
- $(conf_notuser opengl) |
2913 |
- $(conf_notuser png vnc-png) |
2914 |
- $(conf_notuser rbd) |
2915 |
- $(conf_notuser sasl vnc-sasl) |
2916 |
- $(conf_notuser sdl) |
2917 |
- $(conf_notuser seccomp) |
2918 |
- $(conf_notuser smartcard) |
2919 |
- $(conf_notuser snappy) |
2920 |
- $(conf_notuser spice) |
2921 |
- $(conf_notuser ssh libssh2) |
2922 |
- $(conf_notuser usb libusb) |
2923 |
- $(conf_notuser usbredir usb-redir) |
2924 |
- $(conf_notuser vde) |
2925 |
- $(conf_notuser vhost-net) |
2926 |
- $(conf_notuser virgl virglrenderer) |
2927 |
- $(conf_notuser virtfs) |
2928 |
- $(conf_notuser vnc) |
2929 |
- $(conf_notuser vte) |
2930 |
- $(conf_notuser xen) |
2931 |
- $(conf_notuser xen xen-pci-passthrough) |
2932 |
- $(conf_notuser xfs xfsctl) |
2933 |
- ) |
2934 |
- |
2935 |
- if [[ ! ${buildtype} == "user" ]] ; then |
2936 |
- # audio options |
2937 |
- local audio_opts="oss" |
2938 |
- use alsa && audio_opts="alsa,${audio_opts}" |
2939 |
- use sdl && audio_opts="sdl,${audio_opts}" |
2940 |
- use pulseaudio && audio_opts="pa,${audio_opts}" |
2941 |
- conf_opts+=( |
2942 |
- --audio-drv-list="${audio_opts}" |
2943 |
- ) |
2944 |
- use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) |
2945 |
- use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) |
2946 |
- fi |
2947 |
- |
2948 |
- case ${buildtype} in |
2949 |
- user) |
2950 |
- conf_opts+=( |
2951 |
- --enable-linux-user |
2952 |
- --disable-system |
2953 |
- --disable-blobs |
2954 |
- --disable-tools |
2955 |
- ) |
2956 |
- local static_flag="static-user" |
2957 |
- ;; |
2958 |
- softmmu) |
2959 |
- conf_opts+=( |
2960 |
- --disable-linux-user |
2961 |
- --enable-system |
2962 |
- --disable-tools |
2963 |
- --with-system-pixman |
2964 |
- ) |
2965 |
- local static_flag="static" |
2966 |
- ;; |
2967 |
- tools) |
2968 |
- conf_opts+=( |
2969 |
- --disable-linux-user |
2970 |
- --disable-system |
2971 |
- --disable-blobs |
2972 |
- --enable-tools |
2973 |
- ) |
2974 |
- local static_flag="static" |
2975 |
- ;; |
2976 |
- esac |
2977 |
- |
2978 |
- local targets="${buildtype}_targets" |
2979 |
- [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) |
2980 |
- |
2981 |
- # Add support for SystemTAP |
2982 |
- use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) |
2983 |
- |
2984 |
- # We always want to attempt to build with PIE support as it results |
2985 |
- # in a more secure binary. But it doesn't work with static or if |
2986 |
- # the current GCC doesn't have PIE support. |
2987 |
- if use ${static_flag}; then |
2988 |
- conf_opts+=( --static --disable-pie ) |
2989 |
- else |
2990 |
- gcc-specs-pie && conf_opts+=( --enable-pie ) |
2991 |
- fi |
2992 |
- |
2993 |
- echo "../configure ${conf_opts[*]}" |
2994 |
- cd "${builddir}" |
2995 |
- ../configure "${conf_opts[@]}" || die "configure failed" |
2996 |
- |
2997 |
- # FreeBSD's kernel does not support QEMU assigning/grabbing |
2998 |
- # host USB devices yet |
2999 |
- use kernel_FreeBSD && \ |
3000 |
- sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak |
3001 |
-} |
3002 |
- |
3003 |
-src_configure() { |
3004 |
- local target |
3005 |
- |
3006 |
- python_setup |
3007 |
- |
3008 |
- softmmu_targets= softmmu_bins=() |
3009 |
- user_targets= user_bins=() |
3010 |
- |
3011 |
- for target in ${IUSE_SOFTMMU_TARGETS} ; do |
3012 |
- if use "qemu_softmmu_targets_${target}"; then |
3013 |
- softmmu_targets+=",${target}-softmmu" |
3014 |
- softmmu_bins+=( "qemu-system-${target}" ) |
3015 |
- fi |
3016 |
- done |
3017 |
- |
3018 |
- for target in ${IUSE_USER_TARGETS} ; do |
3019 |
- if use "qemu_user_targets_${target}"; then |
3020 |
- user_targets+=",${target}-linux-user" |
3021 |
- user_bins+=( "qemu-${target}" ) |
3022 |
- fi |
3023 |
- done |
3024 |
- |
3025 |
- softmmu_targets=${softmmu_targets#,} |
3026 |
- user_targets=${user_targets#,} |
3027 |
- |
3028 |
- [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" |
3029 |
- [[ -n ${user_targets} ]] && qemu_src_configure "user" |
3030 |
- qemu_src_configure "tools" |
3031 |
-} |
3032 |
- |
3033 |
-src_compile() { |
3034 |
- if [[ -n ${user_targets} ]]; then |
3035 |
- cd "${S}/user-build" |
3036 |
- default |
3037 |
- fi |
3038 |
- |
3039 |
- if [[ -n ${softmmu_targets} ]]; then |
3040 |
- cd "${S}/softmmu-build" |
3041 |
- default |
3042 |
- fi |
3043 |
- |
3044 |
- cd "${S}/tools-build" |
3045 |
- default |
3046 |
-} |
3047 |
- |
3048 |
-src_test() { |
3049 |
- if [[ -n ${softmmu_targets} ]]; then |
3050 |
- cd "${S}/softmmu-build" |
3051 |
- pax-mark m */qemu-system-* #515550 |
3052 |
- emake -j1 check |
3053 |
- emake -j1 check-report.html |
3054 |
- fi |
3055 |
-} |
3056 |
- |
3057 |
-qemu_python_install() { |
3058 |
- python_domodule "${S}/scripts/qmp/qmp.py" |
3059 |
- |
3060 |
- python_doscript "${S}/scripts/kvm/vmxcap" |
3061 |
- python_doscript "${S}/scripts/qmp/qmp-shell" |
3062 |
- python_doscript "${S}/scripts/qmp/qemu-ga-client" |
3063 |
-} |
3064 |
- |
3065 |
-# Generate binfmt support files. |
3066 |
-# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) |
3067 |
-# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) |
3068 |
-generate_initd() { |
3069 |
- local out="${T}/qemu-binfmt" |
3070 |
- local out_systemd="${T}/qemu.conf" |
3071 |
- local d="${T}/binfmt.d" |
3072 |
- |
3073 |
- einfo "Generating qemu binfmt scripts and configuration files" |
3074 |
- |
3075 |
- # Generate the debian fragments first. |
3076 |
- mkdir -p "${d}" |
3077 |
- "${S}"/scripts/qemu-binfmt-conf.sh \ |
3078 |
- --debian \ |
3079 |
- --exportdir "${d}" \ |
3080 |
- --qemu-path "${EPREFIX}/usr/bin" \ |
3081 |
- || die |
3082 |
- # Then turn the fragments into a shell script we can source. |
3083 |
- sed -E -i \ |
3084 |
- -e 's:^([^ ]+) (.*)$:\1="\2":' \ |
3085 |
- "${d}"/* || die |
3086 |
- |
3087 |
- # Generate the init.d script by assembling the fragments from above. |
3088 |
- local f qcpu package interpreter magic mask |
3089 |
- cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die |
3090 |
- for f in "${d}"/qemu-* ; do |
3091 |
- source "${f}" |
3092 |
- |
3093 |
- # Normalize the cpu logic like we do in the init.d for the native cpu. |
3094 |
- qcpu=${package#qemu-} |
3095 |
- case ${qcpu} in |
3096 |
- arm*) qcpu="arm";; |
3097 |
- mips*) qcpu="mips";; |
3098 |
- ppc*) qcpu="ppc";; |
3099 |
- s390*) qcpu="s390";; |
3100 |
- sh*) qcpu="sh";; |
3101 |
- sparc*) qcpu="sparc";; |
3102 |
- esac |
3103 |
- |
3104 |
- cat <<EOF >>"${out}" |
3105 |
- if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then |
3106 |
- echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register |
3107 |
- fi |
3108 |
-EOF |
3109 |
- |
3110 |
- echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" |
3111 |
- |
3112 |
- done |
3113 |
- cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die |
3114 |
-} |
3115 |
- |
3116 |
-src_install() { |
3117 |
- if [[ -n ${user_targets} ]]; then |
3118 |
- cd "${S}/user-build" |
3119 |
- emake DESTDIR="${ED}" install |
3120 |
- |
3121 |
- # Install binfmt handler init script for user targets. |
3122 |
- generate_initd |
3123 |
- doinitd "${T}/qemu-binfmt" |
3124 |
- |
3125 |
- # Install binfmt/qemu.conf. |
3126 |
- insinto "/usr/share/qemu/binfmt.d" |
3127 |
- doins "${T}/qemu.conf" |
3128 |
- fi |
3129 |
- |
3130 |
- if [[ -n ${softmmu_targets} ]]; then |
3131 |
- cd "${S}/softmmu-build" |
3132 |
- emake DESTDIR="${ED}" install |
3133 |
- |
3134 |
- # This might not exist if the test failed. #512010 |
3135 |
- [[ -e check-report.html ]] && dohtml check-report.html |
3136 |
- |
3137 |
- if use kernel_linux; then |
3138 |
- udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules |
3139 |
- fi |
3140 |
- |
3141 |
- if use python; then |
3142 |
- python_foreach_impl qemu_python_install |
3143 |
- fi |
3144 |
- fi |
3145 |
- |
3146 |
- cd "${S}/tools-build" |
3147 |
- emake DESTDIR="${ED}" install |
3148 |
- |
3149 |
- # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 |
3150 |
- pushd "${ED}"/usr/bin >/dev/null |
3151 |
- pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 |
3152 |
- popd >/dev/null |
3153 |
- |
3154 |
- # Install config file example for qemu-bridge-helper |
3155 |
- insinto "/etc/qemu" |
3156 |
- doins "${FILESDIR}/bridge.conf" |
3157 |
- |
3158 |
- # Remove the docdir placed qmp-commands.txt |
3159 |
- mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die |
3160 |
- |
3161 |
- cd "${S}" |
3162 |
- dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt |
3163 |
- newdoc pc-bios/README README.pc-bios |
3164 |
- dodoc docs/qmp-*.txt |
3165 |
- |
3166 |
- if [[ -n ${softmmu_targets} ]]; then |
3167 |
- # Remove SeaBIOS since we're using the SeaBIOS packaged one |
3168 |
- rm "${ED}/usr/share/qemu/bios.bin" |
3169 |
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
3170 |
- dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
3171 |
- fi |
3172 |
- |
3173 |
- # Remove vgabios since we're using the vgabios packaged one |
3174 |
- rm "${ED}/usr/share/qemu/vgabios.bin" |
3175 |
- rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" |
3176 |
- rm "${ED}/usr/share/qemu/vgabios-qxl.bin" |
3177 |
- rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" |
3178 |
- rm "${ED}/usr/share/qemu/vgabios-vmware.bin" |
3179 |
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
3180 |
- dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin |
3181 |
- dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin |
3182 |
- dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin |
3183 |
- dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin |
3184 |
- dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin |
3185 |
- fi |
3186 |
- |
3187 |
- # Remove sgabios since we're using the sgabios packaged one |
3188 |
- rm "${ED}/usr/share/qemu/sgabios.bin" |
3189 |
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
3190 |
- dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin |
3191 |
- fi |
3192 |
- |
3193 |
- # Remove iPXE since we're using the iPXE packaged one |
3194 |
- rm "${ED}"/usr/share/qemu/pxe-*.rom |
3195 |
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
3196 |
- dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom |
3197 |
- dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom |
3198 |
- dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom |
3199 |
- dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom |
3200 |
- dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom |
3201 |
- dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom |
3202 |
- fi |
3203 |
- fi |
3204 |
- |
3205 |
- DISABLE_AUTOFORMATTING=true |
3206 |
- readme.gentoo_create_doc |
3207 |
-} |
3208 |
- |
3209 |
-pkg_postinst() { |
3210 |
- DISABLE_AUTOFORMATTING=true |
3211 |
- readme.gentoo_print_elog |
3212 |
- |
3213 |
- if [[ -n ${softmmu_targets} ]] && use kernel_linux; then |
3214 |
- udev_reload |
3215 |
- fi |
3216 |
- |
3217 |
- fcaps cap_net_admin /usr/libexec/qemu-bridge-helper |
3218 |
-} |
3219 |
- |
3220 |
-pkg_info() { |
3221 |
- echo "Using:" |
3222 |
- echo " $(best_version app-emulation/spice-protocol)" |
3223 |
- echo " $(best_version sys-firmware/ipxe)" |
3224 |
- echo " $(best_version sys-firmware/seabios)" |
3225 |
- if has_version 'sys-firmware/seabios[binary]'; then |
3226 |
- echo " USE=binary" |
3227 |
- else |
3228 |
- echo " USE=''" |
3229 |
- fi |
3230 |
- echo " $(best_version sys-firmware/vgabios)" |
3231 |
-} |
3232 |
|
3233 |
diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild |
3234 |
index 3efa65c..397b86c 100644 |
3235 |
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild |
3236 |
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild |
3237 |
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then |
3238 |
SRC_URI="" |
3239 |
else |
3240 |
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" |
3241 |
- KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" |
3242 |
+ KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" |
3243 |
fi |
3244 |
|
3245 |
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
3246 |
@@ -513,7 +513,7 @@ qemu_src_configure() { |
3247 |
if use ${static_flag}; then |
3248 |
conf_opts+=( --static --disable-pie ) |
3249 |
else |
3250 |
- gcc-specs-pie && conf_opts+=( --enable-pie ) |
3251 |
+ tc-enables-pie && conf_opts+=( --enable-pie ) |
3252 |
fi |
3253 |
|
3254 |
echo "../configure ${conf_opts[*]}" |
3255 |
|
3256 |
diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild |
3257 |
similarity index 96% |
3258 |
rename from app-emulation/qemu/qemu-2.9.0-r54.ebuild |
3259 |
rename to app-emulation/qemu/qemu-2.9.0-r56.ebuild |
3260 |
index c36797b..ad2e5f7 100644 |
3261 |
--- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild |
3262 |
+++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild |
3263 |
@@ -137,7 +137,7 @@ SOFTMMU_TOOLS_DEPEND=" |
3264 |
) |
3265 |
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
3266 |
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
3267 |
- snappy? ( app-arch/snappy[static-libs(+)] ) |
3268 |
+ snappy? ( app-arch/snappy:=[static-libs(+)] ) |
3269 |
spice? ( |
3270 |
>=app-emulation/spice-protocol-0.12.3 |
3271 |
>=app-emulation/spice-0.12.0[static-libs(+)] |
3272 |
@@ -200,11 +200,20 @@ PATCHES=( |
3273 |
# gentoo patches |
3274 |
"${FILESDIR}"/${PN}-2.5.0-cflags.patch |
3275 |
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
3276 |
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 |
3277 |
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 |
3278 |
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 |
3279 |
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 |
3280 |
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 |
3281 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 |
3282 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 |
3283 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 |
3284 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 |
3285 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 |
3286 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 |
3287 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 |
3288 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 |
3289 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch |
3290 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 |
3291 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch |
3292 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016 |
3293 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088 |
3294 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7539.patch # bug 625850 |
3295 |
) |
3296 |
|
3297 |
STRIP_MASK="/usr/share/qemu/palcode-clipper" |
3298 |
@@ -516,7 +525,7 @@ qemu_src_configure() { |
3299 |
if use ${static_flag}; then |
3300 |
conf_opts+=( --static --disable-pie ) |
3301 |
else |
3302 |
- gcc-specs-pie && conf_opts+=( --enable-pie ) |
3303 |
+ tc-enables-pie && conf_opts+=( --enable-pie ) |
3304 |
fi |
3305 |
|
3306 |
echo "../configure ${conf_opts[*]}" |