Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Aric Belsito <lluixhi@×××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Mon, 13 Feb 2017 06:46:16
Message-Id: 1486968309.b610381e7567e3d26aa70587a1e173de4e1fa48f.lluixhi@gentoo
1 commit: b610381e7567e3d26aa70587a1e173de4e1fa48f
2 Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
3 AuthorDate: Mon Feb 13 06:45:09 2017 +0000
4 Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
5 CommitDate: Mon Feb 13 06:45:09 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=b610381e
7
8 app-emulation/qemu: version bump to 2.8.0-r1
9
10 Drop 2.7.x (no longer in tree.)
11
12 app-emulation/qemu/Manifest | 52 +-
13 .../files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch | 23 -
14 .../qemu/files/qemu-2.7.0-CVE-2016-6836.patch | 27 -
15 .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch | 81 ---
16 .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch | 62 --
17 .../qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch | 28 -
18 .../qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch | 27 -
19 .../qemu/files/qemu-2.7.0-CVE-2016-7170.patch | 40 --
20 .../qemu/files/qemu-2.7.0-CVE-2016-7421.patch | 34 -
21 .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch | 38 --
22 .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch | 31 -
23 .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch | 26 -
24 .../qemu/files/qemu-2.7.0-CVE-2016-7907.patch | 45 --
25 .../qemu/files/qemu-2.7.0-CVE-2016-7908.patch | 52 --
26 .../qemu/files/qemu-2.7.0-CVE-2016-7909.patch | 32 -
27 .../qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch | 25 -
28 .../qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch | 26 -
29 .../qemu/files/qemu-2.7.0-CVE-2016-8576.patch | 61 --
30 .../qemu/files/qemu-2.7.0-CVE-2016-8577.patch | 34 -
31 .../qemu/files/qemu-2.7.0-CVE-2016-8578.patch | 58 --
32 .../qemu/files/qemu-2.7.0-CVE-2016-8668.patch | 30 -
33 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch | 3 +
34 .../qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch | 34 -
35 .../qemu/files/qemu-2.7.0-CVE-2016-8909.patch | 31 -
36 .../qemu/files/qemu-2.7.0-CVE-2016-8910.patch | 29 -
37 .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch | 21 -
38 .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch | 27 -
39 .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch | 92 ---
40 .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch | 25 -
41 .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch | 27 -
42 .../qemu/files/qemu-2.7.0-configure-ifunc.patch | 13 -
43 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch | 46 ++
44 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch | 48 ++
45 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch | 52 ++
46 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch | 55 ++
47 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch | 41 ++
48 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch | 35 +
49 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch | 40 ++
50 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch | 37 ++
51 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch | 64 ++
52 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch | 38 ++
53 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch | 35 +
54 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch | 46 ++
55 app-emulation/qemu/metadata.xml | 1 -
56 app-emulation/qemu/qemu-2.7.0-r7.ebuild | 713 ---------------------
57 .../{qemu-2.7.1.ebuild => qemu-2.8.0-r1.ebuild} | 53 +-
58 app-emulation/qemu/qemu-2.8.0.ebuild | 10 +-
59 47 files changed, 582 insertions(+), 1866 deletions(-)
60
61 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
62 index 7f02bb3..0acf0b7 100644
63 --- a/app-emulation/qemu/Manifest
64 +++ b/app-emulation/qemu/Manifest
65 @@ -1,48 +1,28 @@
66 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
67 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
68 -AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
69 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
70 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
71 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
72 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
73 -AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82
74 -AUX qemu-2.7.0-CVE-2016-7155.patch 2745 SHA256 addf638a53bfae8556e463e0b78a151eef0fdf171eb395a98dbdf0332ff74131 SHA512 96e9df733c5227899da7d2ecc346139df9830dd16fc16f1f14666f8be60205a43f434fd79e158c2000926656ffa137809f1cb3c57a04cb375011f816e92e2f4b WHIRLPOOL c04c0dda417a70e4acb289c6b296da93f3eb8e51f7cfad62351b7235512e04714fdc169a87f4cbf1ef82bfc6decc8ebb5b3958f23d001795c9ebcd08369185a3
75 -AUX qemu-2.7.0-CVE-2016-7156.patch 2314 SHA256 7fa0d7f1025a3435b692a6e7ed8fa3be38a918395a8253e8c27f416ff37e041d SHA512 db3009fdf6d85ffd24fd4a2a40b372b0e665274bba1ce01632aef0d583f2830b58f889166a34acd36409944ab3f7e264801bf89a78f55a586b5f43429a1c86dc WHIRLPOOL ce8101b7607612ed7b9c6fbe373f9b5dec07e0ea8af0b4be8e52b4add5dd0ba12c9e5eb7380d68e3d3867988e0cfc1bdd1e8357ce2b71ef19f51e316fac62161
76 -AUX qemu-2.7.0-CVE-2016-7157-1.patch 888 SHA256 7a1f6199b16c220df51002e1222763d1a7c7b3a08349f664e576a9facc553516 SHA512 5c104464dfa48804d94ccca9a9d881f9e22eba2c3d9a2cbf3a645c3a696e89ea3f4603ea28deba9a1cd800df9bc5ad4894606869eca3e1e9cf95414723846938 WHIRLPOOL af42ec7ca93c92c4df060b4efd61bcc3f7cb5582d00bfe174d81f2393ad3a7f06e27cc2b2186f664860c3ee98f76dd68cd7e6de7ff7e63b778f345c32a62b495
77 -AUX qemu-2.7.0-CVE-2016-7157-2.patch 812 SHA256 1db3b565b4762abbc1096286c9887400591af76bf422a105e457c6bdcb887b59 SHA512 8d2177adc638d384302ec89de65a0acd4f4069580c40d6c50cb78501f25f4d171f3b92a36464711337e07dbf208f9ad93eb2f86a7361dde52026c1764341e10d WHIRLPOOL e815e165bb23cd42aaba2310e3fa48bba33b0344069e6f54c4b26dddad746516053221969fad855d6c827d42371494c609123b002e1e2a96c366d11131b3243a
78 -AUX qemu-2.7.0-CVE-2016-7170.patch 1527 SHA256 37d600b5a4ba143f1d6b26acbcf23357fa41a5f852774f68b6b6736a6ecec024 SHA512 c84494ec4ee9607cef7b230a25d10de444a29fecba57566df5394d40b88596ef91fbd5edfb51a58c5ecff7fa7ef39b7d32ba7976dbd011fb1b29a2e46e4e0080 WHIRLPOOL ddd3d94da447556b24257c11068bef360da6cf35e22257869b09057f42ba027636e605db96d9a66253f423f5667814a1f8c551f8eece733fd997b03d6ac81e2b
79 -AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a51a0aa39f64b003a636f68dacef19db SHA512 51d07015e27e4dfbde2c3ffa37d91134374b49c136735845c34155238767483ede8bbc7232ea93b4e4cbcc28195cbe1986d44ac0dd96e914ec29df3a1da9dfcc WHIRLPOOL a4e27d329591b2a3b94a7abed81df1f87509f5a38beb490d7a4ca7c14df2a864f4126c26fc044bb4357467b0f9ed0ca5811d5e85812e318adcb3236c30bef7a1
80 -AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9
81 -AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd
82 -AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b
83 -AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256 58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512 5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51 WHIRLPOOL 69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec
84 -AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256 3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512 441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd WHIRLPOOL 6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054
85 -AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256 8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512 e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca WHIRLPOOL b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414
86 -AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256 6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512 7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464 WHIRLPOOL 80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73
87 -AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256 c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512 4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce WHIRLPOOL c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105
88 -AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256 dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512 25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de WHIRLPOOL 25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e
89 -AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256 fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512 364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de WHIRLPOOL 561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e
90 -AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256 9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512 326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875 WHIRLPOOL 88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99
91 -AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256 26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512 de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899 WHIRLPOOL 3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2
92 -AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512 23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de WHIRLPOOL 412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff
93 -AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c
94 -AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e
95 -AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b
96 -AUX qemu-2.7.0-CVE-2016-9102.patch 739 SHA256 ae425fbbaf6dedcf6eabe3d1f0bd300be70550f7bd77290536617372eed96766 SHA512 dbf40c7f0a055d10fbb5d02b21e8c3f62dc9bb2718639eb3dec007ba610aa0a045c1a449a7b3aa02a21056807a25d6e523eb782d79b2a249df1258af1dadefad WHIRLPOOL 89ea3815b9d744a98ff49df65a514a20966c7ada508e33dbc73704d60c75c48f6f544bf658180a2b73ca612bcc62e2e146b0efdbbc51456ba81518c5b28c80dc
97 -AUX qemu-2.7.0-CVE-2016-9103.patch 1002 SHA256 009696b3403c0481223fac6bc93976fc85727eeb0716a9e19545e8ac4da95e8d SHA512 0f47c2d13cbda36a7796773150865001060e4b530d76ca6b0c46d1041108a57830939b0dc7cdc960ccc705bcd463dd57505d748edf36610d7de2af2560e62597 WHIRLPOOL 8d4cb500025f59075a1038cefe0c8ccd063282527b35873cdd9d29ba58cdaa3fc285d5191657ecdef2b056a017f89d8f66f4a544f201e5952426d6dd619b23ba
98 -AUX qemu-2.7.0-CVE-2016-9104.patch 2890 SHA256 7ba38b43519eb8f9c8c70daaa1705c01a331cbb98b4d4f8eeed31da207f3a13b SHA512 7f6d84f12e8372b72fe4db8e47064ecc7ea0698bb7c5dc0285316354461edb35e01ba76a6e16c1bf7e03d5f0070822f4bb61655e44af5536ee81970b4ff937e0 WHIRLPOOL 3f8e973cf28040422d25394b14f3b99894796b64408a3c15957d628d74076bc1e577ea2e2803e428d85b94607c74f81d23219d9487aa0085a80a2e89d78a5829
99 -AUX qemu-2.7.0-CVE-2016-9105.patch 610 SHA256 f4303796ece1e46f6e622e8cd0c9029daa0a6ed29ef630a0c64a5c595dbeb1b3 SHA512 1ab19ef861b6fe55017d02b7cbf24ad60776ed64e052d6e1b670c9aac7e312207718fcf601e9dba4bdd2c9104b9be25bcf0055b42e080b1f8abf9bc3f7db0b36 WHIRLPOOL 07fe76de2d2d68bcd091e90cc9578b17d5a8ad12ab316683d6e4badea443d08e08060a4e206f555c88b60b0a45f4ba49c9d11f42ee44b5b43200843c37329dad
100 -AUX qemu-2.7.0-CVE-2016-9106.patch 835 SHA256 594213b4200ae109dfbc6ec8e536d275d798c756a25e130a86972c514730f541 SHA512 6a3249f47fecdbe28eec496eb1284296d04d9e75efab21ab226d6ef2d5254bd85a44aa08879b1922682b65b5bce2e699ccaafa3a2b8b6f60ccbc84432bc599cd WHIRLPOOL b80c2787cbe71f416a7ea2aa39e800922b0a8a410eacb038d0163dfbb91f6a41cc2ae5afb010a7395ef17207e6b1acda34cddd9ff9d1ab035330ade6334e8b8c
101 -AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
102 +AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be
103 AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
104 +AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
105 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
106 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
107 +AUX qemu-2.8.0-CVE-2017-2615.patch 1720 SHA256 33f3f81ff8e5dacfc4f33dd48bd7833843c209f6d2bd5b3102cc5694ad85a593 SHA512 32063428286a49a12daa481ba87f1b09be6504bf24c5759aacf88ef436312a890dfe44d08457d8b426f86ce7680700d32fb21a255a6db8eb512e612c16770d36 WHIRLPOOL 9f1eed6c6c3eeb1e8991d1aa82e12a004c223bdd635ec48e433ca93d054aa3dfb5986fe01e36df157ef20c685e07595eebdf5fe16ed7cf9034e1c9ddf8304dbb
108 +AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
109 +AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
110 +AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
111 +AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
112 +AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
113 +AUX qemu-2.8.0-CVE-2017-5667.patch 1497 SHA256 e05e21c45d8c05392215db0bff3e161c68d64b0b9e42add18307346b3a4d4bc3 SHA512 7c518736ac09d6c37fd359a8a503713f1b76d6041038f58e7648bb69251d6039c3449593eb14a5e0f2649d12856964a42d48e4ee0bb9dc664ada2852f9ea3cbd WHIRLPOOL 0e74b2671f148fa9f31674e6dd80634064fb8d24be474eaf9ea1efcb6cf427314da75187a32eed874ea4bde19e8dfc4562d5af06893ce3beeef7de8f902dd698
114 +AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
115 +AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
116 +AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
117 +AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580e34b88c11716e62fad69931eb3d7ac6 SHA512 5b9a00f0964b153df7630655480b646e6615e831fd981642987d8691e9ddd265f64285d0e70c4f536bb370adb03a75548f7258bee8dbc2b7de15a3984fc8421b WHIRLPOOL c6d9440adf57ad1b560da03a455d9bdc3094c952f3c82a5e88fa6f2d0336ab767f0617b2916b68a5e3f5d30293749be40c12dfe93e8b7525fec9b8a453a65123
118 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
119 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
120 -DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
121 -DIST qemu-2.7.1.tar.bz2 26868403 SHA256 68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898 WHIRLPOOL ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa
122 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
123 -EBUILD qemu-2.7.0-r7.ebuild 22495 SHA256 a606d5b6805d24191245b4191c1f62a09096d8ee283c62629f038851b4c8e6c5 SHA512 c45e516c4c45b5a1eaec06d046cebf129f1422c2d5910699c0a367a4c8c7d49e323a6addc765e1ec57209df12270e196169e52a7618afef28019be06feff70ea WHIRLPOOL 94ae6ab13fc03450ce5b6b0e5840e488401116d6bf60ec411cc01f39f2d10931bd65572f25bdf958e9f94bb4f6582795018039b5b4c988fa3bd5dee928014c65
124 -EBUILD qemu-2.7.1.ebuild 22161 SHA256 a7d2ff5c706a35a1b2c5610866215a5db04674ce68fb01e3e076b68839dcafd8 SHA512 7d30615832f2fecf89b472c4ea56446335176a330a7d64693ed7cc9becd47a1f40064fca191467deb8603116b4f69307d7968971c9b3845356b8b8d4cf053472 WHIRLPOOL 23bda8ca28ff8620739c604289a0d81ec4d16c1908b8c02df7833f9c0d98f698922650636456ac0bcc285357836af23ffd28bf3b8c2653a690a86fa5ae662a61
125 -EBUILD qemu-2.8.0.ebuild 20949 SHA256 468944f9506df374711bdc5e87fcd2bcc2b823061b23ab8561642c41755e510a SHA512 d3f7cefab4fe282c72f30e1c2232eca7faac63c2b4d4172cc5b9f8ccb43ee2eb7a5602ba895c4ee5221f8cccfe62b89dc65cedb7e6932b696952be7f2052605b WHIRLPOOL 50c2b17b13715a0750bc48ff24fd71ddc13a5af1a7f2f2de5edde261f4d9c3a7ccc07c665385c444183743610f85bd6cc623e57e322e85e19f8ce3b874ca093e
126 -MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41
127 +EBUILD qemu-2.8.0-r1.ebuild 21623 SHA256 6e5cf2427f830d730b93ef0526ceaf126af7513ed011d7ee3cf192ba7687e837 SHA512 03f49ad75e1fb4f43811624d7b8cd6b82a012b6a32f74f371421d246962cea88d2a498a664b659bbe1bda6cff9a9da43e550e7d4c71a55a5a2110a4b5b8c7462 WHIRLPOOL 06a247c8306de45b424266661797b4a64339daf4b8177c9eefb707bab06d497cb5410c59c9a89b0693cb14fd5ac293b537e81cf3da24b2be711d9db8fa3a0a9d
128 +EBUILD qemu-2.8.0.ebuild 20856 SHA256 5cf0517d3327eac95727067f80702639132b87603029951ef2db8086f6fd34ae SHA512 10bcdad90a85786f0d2e4044be010e5d87f54fd0710c889205060e1404e5a24004e0095d7d3ee0f62735e3ab88d2af5986d371769125b13ffc5689edc5a95be8 WHIRLPOOL af455544650a9c0cb4bc2be588e3687dea90d14bbc3dad1aa76bcf65376317b85374151eee761239868b3ce8aaae089e4278b3897e5f013e4652c6801c66c9b6
129 +MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1
130
131 diff --git a/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch b/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch
132 deleted file mode 100644
133 index fb5ad59..0000000
134 --- a/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch
135 +++ /dev/null
136 @@ -1,23 +0,0 @@
137 -Copied from Alpine Linux
138 -
139 -This patch was not upstreamed to qemu as those should probably be
140 -defined in musl libc.
141 -
142 -diff --git a/linux-user/syscall.c b/linux-user/syscall.c
143 -index c8989b6..00ed747 100644
144 ---- a/linux-user/syscall.c
145 -+++ b/linux-user/syscall.c
146 -@@ -114,6 +114,13 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
147 -
148 - #include "qemu.h"
149 -
150 -+#ifndef F_SHLCK
151 -+#define F_SHLCK 8
152 -+#endif
153 -+#ifndef F_EXLCK
154 -+#define F_EXLCK 4
155 -+#endif
156 -+
157 - #define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
158 - CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
159 -
160
161 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
162 deleted file mode 100644
163 index 56f7435..0000000
164 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
165 +++ /dev/null
166 @@ -1,27 +0,0 @@
167 -From: Li Qiang <address@hidden>
168 -
169 -In Vmxnet3 device emulator while processing transmit(tx) queue,
170 -when it reaches end of packet, it calls vmxnet3_complete_packet.
171 -In that local 'txcq_descr' object is not initialised, which could
172 -leak host memory bytes a guest.
173 -
174 -Reported-by: Li Qiang <address@hidden>
175 -Signed-off-by: Prasad J Pandit <address@hidden>
176 ----
177 - hw/net/vmxnet3.c | 1 +
178 - 1 file changed, 1 insertion(+)
179 -
180 -diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
181 -index 90f6943..92f6af9 100644
182 ---- a/hw/net/vmxnet3.c
183 -+++ b/hw/net/vmxnet3.c
184 -@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
185 -
186 - VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
187 -
188 -+ memset(&txcq_descr, 0, sizeof(txcq_descr));
189 - txcq_descr.txdIdx = tx_ridx;
190 - txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
191 -
192 ---
193 -2.5.5
194
195 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
196 deleted file mode 100644
197 index 495faf2..0000000
198 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
199 +++ /dev/null
200 @@ -1,81 +0,0 @@
201 -From: Prasad J Pandit <address@hidden>
202 -
203 -Vmware Paravirtual SCSI emulation uses command descriptors to
204 -process SCSI commands. These descriptors come with their ring
205 -buffers. A guest could set the page count for these rings to
206 -an arbitrary value, leading to infinite loop or OOB access.
207 -Add check to avoid it.
208 -
209 -Reported-by: Tom Victor <address@hidden>
210 -Reported-by: Li Qiang <address@hidden>
211 -Signed-off-by: Prasad J Pandit <address@hidden>
212 ----
213 - hw/scsi/vmw_pvscsi.c | 21 ++++++++++-----------
214 - 1 file changed, 10 insertions(+), 11 deletions(-)
215 -
216 -Update per review
217 - -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
218 -
219 -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
220 -index 5116f4a..4245c15 100644
221 ---- a/hw/scsi/vmw_pvscsi.c
222 -+++ b/hw/scsi/vmw_pvscsi.c
223 -@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
224 - return log;
225 - }
226 -
227 --static int
228 -+static void
229 - pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
230 - {
231 - int i;
232 -@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
233 - uint32_t req_ring_size, cmp_ring_size;
234 - m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
235 -
236 -- if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
237 -- || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
238 -- return -1;
239 -- }
240 - req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
241 - cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
242 - txr_len_log2 = pvscsi_log2(req_ring_size - 1);
243 -@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
244 -
245 - /* Flush ring state page changes */
246 - smp_wmb();
247 --
248 -- return 0;
249 - }
250 -
251 - static int
252 -@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
253 -
254 - trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
255 - for (i = 0; i < rc->cmpRingNumPages; i++) {
256 -- trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
257 -+ trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
258 - }
259 - }
260 -
261 -@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
262 -
263 - trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
264 -
265 -+ if (!rc->reqRingNumPages
266 -+ || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
267 -+ || !rc->cmpRingNumPages
268 -+ || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
269 -+ return PVSCSI_COMMAND_PROCESSING_FAILED;
270 -+ }
271 -+
272 - pvscsi_dbg_dump_tx_rings_config(rc);
273 -- if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
274 -- return PVSCSI_COMMAND_PROCESSING_FAILED;
275 -- }
276 -+ pvscsi_ring_init_data(&s->rings, rc);
277 -
278 - s->rings_info_valid = TRUE;
279 - return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
280 ---
281 -2.5.5
282
283 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
284 deleted file mode 100644
285 index 9c21a67..0000000
286 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
287 +++ /dev/null
288 @@ -1,62 +0,0 @@
289 -From: Prasad J Pandit <address@hidden>
290 -
291 -In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
292 -long time or go into an infinite loop due to two different bugs:
293 -
294 -1) the request descriptor data length is defined to be 64 bit. While
295 -building SG list from a request descriptor, it gets truncated to 32bit
296 -in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
297 -situation for large 'dataLen' values, when data_length is cast to uint32_t
298 -and chunk_size becomes always zero. Fix this by removing the incorrect
299 -cast.
300 -
301 -2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
302 -element has a zero length. Get out of the loop early when this happens,
303 -by introducing an upper limit on the number of SG list elements.
304 -
305 -Reported-by: Li Qiang <address@hidden>
306 -Signed-off-by: Prasad J Pandit <address@hidden>
307 ----
308 - hw/scsi/vmw_pvscsi.c | 11 ++++++-----
309 - 1 file changed, 6 insertions(+), 5 deletions(-)
310 -
311 -Update as per:
312 - -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html
313 -
314 -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
315 -index 4245c15..babac5a 100644
316 ---- a/hw/scsi/vmw_pvscsi.c
317 -+++ b/hw/scsi/vmw_pvscsi.c
318 -@@ -40,6 +40,8 @@
319 - #define PVSCSI_MAX_DEVS (64)
320 - #define PVSCSI_MSIX_NUM_VECTORS (1)
321 -
322 -+#define PVSCSI_MAX_SG_ELEM 2048
323 -+
324 - #define PVSCSI_MAX_CMD_DATA_WORDS \
325 - (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
326 -
327 -@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
328 - static void
329 - pvscsi_convert_sglist(PVSCSIRequest *r)
330 - {
331 -- int chunk_size;
332 -+ uint32_t chunk_size, elmcnt = 0;
333 - uint64_t data_length = r->req.dataLen;
334 - PVSCSISGState sg = r->sg;
335 -- while (data_length) {
336 -- while (!sg.resid) {
337 -+ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
338 -+ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
339 - pvscsi_get_next_sg_elem(&sg);
340 - trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
341 - r->sg.resid);
342 - }
343 -- assert(data_length > 0);
344 -- chunk_size = MIN((unsigned) data_length, sg.resid);
345 -+ chunk_size = MIN(data_length, sg.resid);
346 - if (chunk_size) {
347 - qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
348 - }
349 ---
350 -2.5.5
351
352 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
353 deleted file mode 100644
354 index 480de30..0000000
355 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
356 +++ /dev/null
357 @@ -1,28 +0,0 @@
358 -From: Prasad J Pandit <address@hidden>
359 -
360 -When LSI SAS1068 Host Bus emulator builds configuration page
361 -headers, the format string used in 'mptsas_config_manufacturing_1'
362 -was wrong. It could lead to an invalid memory access.
363 -
364 -Reported-by: Tom Victor <address@hidden>
365 -Fix-suggested-by: Paolo Bonzini <address@hidden>
366 -Signed-off-by: Prasad J Pandit <address@hidden>
367 ----
368 - hw/scsi/mptconfig.c | 2 +-
369 - 1 file changed, 1 insertion(+), 1 deletion(-)
370 -
371 -diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
372 -index 7071854..1ec895b 100644
373 ---- a/hw/scsi/mptconfig.c
374 -+++ b/hw/scsi/mptconfig.c
375 -@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
376 - {
377 - /* VPD - all zeros */
378 - return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
379 -- "s256");
380 -+ "*s256");
381 - }
382 -
383 - static
384 ---
385 -2.5.5
386
387 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
388 deleted file mode 100644
389 index 5e79608..0000000
390 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
391 +++ /dev/null
392 @@ -1,27 +0,0 @@
393 -From: Prasad J Pandit <address@hidden>
394 -
395 -When LSI SAS1068 Host Bus emulator builds configuration page
396 -headers, mptsas_config_pack() asserts to check returned size
397 -value is within limit of 256 bytes. Fix that assert expression.
398 -
399 -Suggested-by: Paolo Bonzini <address@hidden>
400 -Signed-off-by: Prasad J Pandit <address@hidden>
401 ----
402 - hw/scsi/mptconfig.c | 2 +-
403 - 1 file changed, 1 insertion(+), 1 deletion(-)
404 -
405 -diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
406 -index 1ec895b..531947f 100644
407 ---- a/hw/scsi/mptconfig.c
408 -+++ b/hw/scsi/mptconfig.c
409 -@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...)
410 - va_end(ap);
411 -
412 - if (data) {
413 -- assert(ret < 256 && (ret % 4) == 0);
414 -+ assert(ret / 4 < 256);
415 - stb_p(*data + 1, ret / 4);
416 - }
417 - return ret;
418 ---
419 -2.5.5
420
421 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
422 deleted file mode 100644
423 index 7eb5f76..0000000
424 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
425 +++ /dev/null
426 @@ -1,40 +0,0 @@
427 -From: Prasad J Pandit <address@hidden>
428 -
429 -When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
430 -the computed BITMAP and PIXMAP size are checked against the
431 -'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
432 -Correct these checks to avoid OOB memory access.
433 -
434 -Reported-by: Qinghao Tang <address@hidden>
435 -Reported-by: Li Qiang <address@hidden>
436 -Signed-off-by: Prasad J Pandit <address@hidden>
437 ----
438 - hw/display/vmware_vga.c | 12 +++++++-----
439 - 1 file changed, 7 insertions(+), 5 deletions(-)
440 -
441 -diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
442 -index e51a05e..6599cf0 100644
443 ---- a/hw/display/vmware_vga.c
444 -+++ b/hw/display/vmware_vga.c
445 -@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
446 - cursor.bpp = vmsvga_fifo_read(s);
447 -
448 - args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
449 -- if (cursor.width > 256 ||
450 -- cursor.height > 256 ||
451 -- cursor.bpp > 32 ||
452 -- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
453 -- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
454 -+ if (cursor.width > 256
455 -+ || cursor.height > 256
456 -+ || cursor.bpp > 32
457 -+ || SVGA_BITMAP_SIZE(x, y)
458 -+ > sizeof(cursor.mask) / sizeof(cursor.mask[0])
459 -+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
460 -+ > sizeof(cursor.image) / sizeof(cursor.image[0])) {
461 - goto badcmd;
462 - }
463 -
464 ---
465 -2.5.5
466 -
467
468 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
469 deleted file mode 100644
470 index b9f3545..0000000
471 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
472 +++ /dev/null
473 @@ -1,34 +0,0 @@
474 -From: Prasad J Pandit <address@hidden>
475 -
476 -Vmware Paravirtual SCSI emulator while processing IO requests
477 -could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
478 -always returned positive value. Limit IO loop to the ring size.
479 -
480 -Cc: address@hidden
481 -Reported-by: Li Qiang <address@hidden>
482 -Signed-off-by: Prasad J Pandit <address@hidden>
483 -Message-Id: <address@hidden>
484 -Signed-off-by: Paolo Bonzini <address@hidden>
485 ----
486 - hw/scsi/vmw_pvscsi.c | 5 ++++-
487 - 1 file changed, 4 insertions(+), 1 deletion(-)
488 -
489 -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
490 -index babac5a..a5ce7de 100644
491 ---- a/hw/scsi/vmw_pvscsi.c
492 -+++ b/hw/scsi/vmw_pvscsi.c
493 -@@ -247,8 +247,11 @@ static hwaddr
494 - pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr)
495 - {
496 - uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx);
497 -+ uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING
498 -+ * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
499 -
500 -- if (ready_ptr != mgr->consumed_ptr) {
501 -+ if (ready_ptr != mgr->consumed_ptr
502 -+ && ready_ptr - mgr->consumed_ptr < ring_size) {
503 - uint32_t next_ready_ptr =
504 - mgr->consumed_ptr++ & mgr->txr_len_mask;
505 - uint32_t next_ready_page =
506 ---
507 -1.8.3.1
508
509 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
510 deleted file mode 100644
511 index 6368e7f..0000000
512 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
513 +++ /dev/null
514 @@ -1,38 +0,0 @@
515 -From: Prasad J Pandit <address@hidden>
516 -
517 -virtio back end uses set of buffers to facilitate I/O operations.
518 -If its size is too large, 'cpu_physical_memory_map' could return
519 -a null address. This would result in a null dereference
520 -while un-mapping descriptors. Add check to avoid it.
521 -
522 -Reported-by: Qinghao Tang <address@hidden>
523 -Signed-off-by: Prasad J Pandit <address@hidden>
524 ----
525 - hw/virtio/virtio.c | 10 ++++++----
526 - 1 file changed, 6 insertions(+), 4 deletions(-)
527 -
528 -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
529 -index 15ee3a7..0a4c5b6 100644
530 ---- a/hw/virtio/virtio.c
531 -+++ b/hw/virtio/virtio.c
532 -@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
533 - }
534 -
535 - iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
536 -- iov[num_sg].iov_len = len;
537 -- addr[num_sg] = pa;
538 -+ if (iov[num_sg].iov_base) {
539 -+ iov[num_sg].iov_len = len;
540 -+ addr[num_sg] = pa;
541 -
542 -+ pa += len;
543 -+ num_sg++;
544 -+ }
545 - sz -= len;
546 -- pa += len;
547 -- num_sg++;
548 - }
549 - *p_num_sg = num_sg;
550 - }
551 ---
552 -2.5.5
553
554 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
555 deleted file mode 100644
556 index fdd871b..0000000
557 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
558 +++ /dev/null
559 @@ -1,31 +0,0 @@
560 -From: Li Qiang <address@hidden>
561 -
562 -When processing IO request in mptsas, it uses g_new to allocate
563 -a 'req' object. If an error occurs before 'req->sreq' is
564 -allocated, It could lead to an OOB write in mptsas_free_request
565 -function. Use g_new0 to avoid it.
566 -
567 -Reported-by: Li Qiang <address@hidden>
568 -Signed-off-by: Prasad J Pandit <address@hidden>
569 -Message-Id: <address@hidden>
570 -Cc: address@hidden
571 -Signed-off-by: Paolo Bonzini <address@hidden>
572 ----
573 - hw/scsi/mptsas.c | 2 +-
574 - 1 file changed, 1 insertion(+), 1 deletion(-)
575 -
576 -diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
577 -index 0e0a22f..eaae1bb 100644
578 ---- a/hw/scsi/mptsas.c
579 -+++ b/hw/scsi/mptsas.c
580 -@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
581 - goto bad;
582 - }
583 -
584 -- req = g_new(MPTSASRequest, 1);
585 -+ req = g_new0(MPTSASRequest, 1);
586 - QTAILQ_INSERT_TAIL(&s->pending, req, next);
587 - req->scsi_io = *scsi_io;
588 - req->dev = s;
589 ---
590 -1.8.3.1
591
592 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
593 deleted file mode 100644
594 index d5028bb..0000000
595 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
596 +++ /dev/null
597 @@ -1,26 +0,0 @@
598 -From: Li Qiang <address@hidden>
599 -
600 -If the xhci uses msix, it doesn't free the corresponding
601 -memory, thus leading a memory leak. This patch avoid this.
602 -
603 -Signed-off-by: Li Qiang <address@hidden>
604 ----
605 - hw/usb/hcd-xhci.c | 3 +--
606 - 1 file changed, 1 insertion(+), 2 deletions(-)
607 -
608 -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
609 -index 188f954..281a2a5 100644
610 ---- a/hw/usb/hcd-xhci.c
611 -+++ b/hw/usb/hcd-xhci.c
612 -@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
613 - /* destroy msix memory region */
614 - if (dev->msix_table && dev->msix_pba
615 - && dev->msix_entry_used) {
616 -- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
617 -- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
618 -+ msix_uninit(dev, &xhci->mem, &xhci->mem);
619 - }
620 -
621 - usb_bus_release(&xhci->bus);
622 ---
623 -1.8.3.1
624
625 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
626 deleted file mode 100644
627 index 34b095a..0000000
628 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
629 +++ /dev/null
630 @@ -1,45 +0,0 @@
631 -From: Prasad J Pandit <address@hidden>
632 -
633 -i.MX Fast Ethernet Controller uses buffer descriptors to manage
634 -data flow to/fro receive & transmit queues. While transmitting
635 -packets, it could continue to read buffer descriptors if a buffer
636 -descriptor has length of zero and has crafted values in bd.flags.
637 -Set an upper limit to number of buffer descriptors.
638 -
639 -Reported-by: Li Qiang <address@hidden>
640 -Signed-off-by: Prasad J Pandit <address@hidden>
641 ----
642 - hw/net/imx_fec.c | 6 ++++--
643 - 1 file changed, 4 insertions(+), 2 deletions(-)
644 -
645 -Update per
646 - -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html
647 -
648 -diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
649 -index 1c415ab..1d74827 100644
650 ---- a/hw/net/imx_fec.c
651 -+++ b/hw/net/imx_fec.c
652 -@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
653 - #define PHY_INT_PARFAULT (1 << 2)
654 - #define PHY_INT_AUTONEG_PAGE (1 << 1)
655 -
656 -+#define IMX_MAX_DESC 1024
657 -+
658 - static void imx_eth_update(IMXFECState *s);
659 -
660 - /*
661 -@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
662 -
663 - static void imx_fec_do_tx(IMXFECState *s)
664 - {
665 -- int frame_size = 0;
666 -+ int frame_size = 0, descnt = 0;
667 - uint8_t frame[ENET_MAX_FRAME_SIZE];
668 - uint8_t *ptr = frame;
669 - uint32_t addr = s->tx_descriptor;
670 -
671 -- while (1) {
672 -+ while (descnt++ < IMX_MAX_DESC) {
673 - IMXFECBufDesc bd;
674 - int len;
675 -
676
677 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
678 deleted file mode 100644
679 index 16d072f..0000000
680 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
681 +++ /dev/null
682 @@ -1,52 +0,0 @@
683 -From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001
684 -From: Prasad J Pandit <pjp@×××××××××××××.org>
685 -Date: Thu, 22 Sep 2016 16:02:37 +0530
686 -Subject: [PATCH] net: mcf: limit buffer descriptor count
687 -
688 -ColdFire Fast Ethernet Controller uses buffer descriptors to manage
689 -data flow to/fro receive & transmit queues. While transmitting
690 -packets, it could continue to read buffer descriptors if a buffer
691 -descriptor has length of zero and has crafted values in bd.flags.
692 -Set upper limit to number of buffer descriptors.
693 -
694 -Reported-by: Li Qiang <liqiang6-s@×××.cn>
695 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
696 -Reviewed-by: Paolo Bonzini <pbonzini@××××××.com>
697 -Signed-off-by: Jason Wang <jasowang@××××××.com>
698 ----
699 - hw/net/mcf_fec.c | 5 +++--
700 - 1 files changed, 3 insertions(+), 2 deletions(-)
701 -
702 -diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
703 -index 0ee8ad9..d31fea1 100644
704 ---- a/hw/net/mcf_fec.c
705 -+++ b/hw/net/mcf_fec.c
706 -@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
707 - #define DPRINTF(fmt, ...) do {} while(0)
708 - #endif
709 -
710 -+#define FEC_MAX_DESC 1024
711 - #define FEC_MAX_FRAME_SIZE 2032
712 -
713 - typedef struct {
714 -@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
715 - uint32_t addr;
716 - mcf_fec_bd bd;
717 - int frame_size;
718 -- int len;
719 -+ int len, descnt = 0;
720 - uint8_t frame[FEC_MAX_FRAME_SIZE];
721 - uint8_t *ptr;
722 -
723 -@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
724 - ptr = frame;
725 - frame_size = 0;
726 - addr = s->tx_descriptor;
727 -- while (1) {
728 -+ while (descnt++ < FEC_MAX_DESC) {
729 - mcf_fec_read_bd(&bd, addr);
730 - DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
731 - addr, bd.flags, bd.length, bd.data);
732 ---
733 -1.7.0.4
734 -
735
736 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
737 deleted file mode 100644
738 index 8e6ecff..0000000
739 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
740 +++ /dev/null
741 @@ -1,32 +0,0 @@
742 -From: Prasad J Pandit <address@hidden>
743 -
744 -The AMD PC-Net II emulator has set of control and status(CSR)
745 -registers. Of these, CSR76 and CSR78 hold receive and transmit
746 -descriptor ring length respectively. This ring length could range
747 -from 1 to 65535. Setting ring length to zero leads to an infinite
748 -loop in pcnet_rdra_addr. Add check to avoid it.
749 -
750 -Reported-by: Li Qiang <address@hidden>
751 -Signed-off-by: Prasad J Pandit <address@hidden>
752 ----
753 - hw/net/pcnet.c | 3 +++
754 - 1 file changed, 3 insertions(+)
755 -
756 -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
757 -index 198a01f..3078de8 100644
758 ---- a/hw/net/pcnet.c
759 -+++ b/hw/net/pcnet.c
760 -@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
761 - case 47: /* POLLINT */
762 - case 72:
763 - case 74:
764 -+ break;
765 - case 76: /* RCVRL */
766 - case 78: /* XMTRL */
767 -+ val = (val > 0) ? val : 512;
768 -+ break;
769 - case 112:
770 - if (CSR_STOP(s) || CSR_SPND(s))
771 - break;
772 ---
773 -2.5.5
774
775 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
776 deleted file mode 100644
777 index 6fe77f3..0000000
778 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
779 +++ /dev/null
780 @@ -1,25 +0,0 @@
781 -From: Li Qiang <address@hidden>
782 -
783 -In virtio gpu resource create dispatch, if the pixman format is zero
784 -it doesn't free the resource object allocated previously. Thus leading
785 -a host memory leak issue. This patch avoid this.
786 -
787 -Signed-off-by: Li Qiang <address@hidden>
788 ----
789 - hw/display/virtio-gpu.c | 1 +
790 - 1 file changed, 1 insertion(+)
791 -
792 -diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
793 -index 7fe6ed8..5b6d17b 100644
794 ---- a/hw/display/virtio-gpu.c
795 -+++ b/hw/display/virtio-gpu.c
796 -@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
797 - qemu_log_mask(LOG_GUEST_ERROR,
798 - "%s: host couldn't handle guest format %d\n",
799 - __func__, c2d.format);
800 -+ g_free(res);
801 - cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
802 - return;
803 - }
804 ---
805 -1.8.3.1
806
807 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
808 deleted file mode 100644
809 index dce1b2b..0000000
810 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
811 +++ /dev/null
812 @@ -1,26 +0,0 @@
813 -From: Li Qiang <address@hidden>
814 -
815 -While processing isochronous transfer descriptors(iTD), if the page
816 -select(PG) field value is out of bands it will return. In this
817 -situation the ehci's sg list doesn't be freed thus leading a memory
818 -leak issue. This patch avoid this.
819 -
820 -Signed-off-by: Li Qiang <address@hidden>
821 ----
822 - hw/usb/hcd-ehci.c | 1 +
823 - 1 file changed, 1 insertion(+)
824 -
825 -diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
826 -index b093db7..f4ece9a 100644
827 ---- a/hw/usb/hcd-ehci.c
828 -+++ b/hw/usb/hcd-ehci.c
829 -@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
830 - if (off + len > 4096) {
831 - /* transfer crosses page border */
832 - if (pg == 6) {
833 -+ qemu_sglist_destroy(&ehci->isgl);
834 - return -1; /* avoid page pg + 1 */
835 - }
836 - ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
837 ---
838 -1.8.3.1
839
840 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
841 deleted file mode 100644
842 index 9617cd5..0000000
843 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
844 +++ /dev/null
845 @@ -1,61 +0,0 @@
846 -From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
847 -From: Gerd Hoffmann <address@hidden>
848 -Date: Fri, 7 Oct 2016 10:15:29 +0200
849 -Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
850 -
851 -Signed-off-by: Gerd Hoffmann <address@hidden>
852 ----
853 - hw/usb/hcd-xhci.c | 10 ++++++++++
854 - 1 file changed, 10 insertions(+)
855 -
856 -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
857 -index 726435c..ee4fa48 100644
858 ---- a/hw/usb/hcd-xhci.c
859 -+++ b/hw/usb/hcd-xhci.c
860 -@@ -54,6 +54,8 @@
861 - * to the specs when it gets them */
862 - #define ER_FULL_HACK
863 -
864 -+#define TRB_LINK_LIMIT 4
865 -+
866 - #define LEN_CAP 0x40
867 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
868 - #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
869 -@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
870 - dma_addr_t *addr)
871 - {
872 - PCIDevice *pci_dev = PCI_DEVICE(xhci);
873 -+ uint32_t link_cnt = 0;
874 -
875 - while (1) {
876 - TRBType type;
877 -@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
878 - ring->dequeue += TRB_SIZE;
879 - return type;
880 - } else {
881 -+ if (++link_cnt > TRB_LINK_LIMIT) {
882 -+ return 0;
883 -+ }
884 - ring->dequeue = xhci_mask64(trb->parameter);
885 - if (trb->control & TRB_LK_TC) {
886 - ring->ccs = !ring->ccs;
887 -@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
888 - bool ccs = ring->ccs;
889 - /* hack to bundle together the two/three TDs that make a setup transfer */
890 - bool control_td_set = 0;
891 -+ uint32_t link_cnt = 0;
892 -
893 - while (1) {
894 - TRBType type;
895 -@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
896 - type = TRB_TYPE(trb);
897 -
898 - if (type == TR_LINK) {
899 -+ if (++link_cnt > TRB_LINK_LIMIT) {
900 -+ return -length;
901 -+ }
902 - dequeue = xhci_mask64(trb.parameter);
903 - if (trb.control & TRB_LK_TC) {
904 - ccs = !ccs;
905 ---
906 -1.8.3.1
907
908 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
909 deleted file mode 100644
910 index 8c29580..0000000
911 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
912 +++ /dev/null
913 @@ -1,34 +0,0 @@
914 -From: Li Qiang <address@hidden>
915 -
916 -In 9pfs read dispatch function, it doesn't free two QEMUIOVector
917 -object thus causing potential memory leak. This patch avoid this.
918 -
919 -Signed-off-by: Li Qiang <address@hidden>
920 ----
921 - hw/9pfs/9p.c | 5 +++--
922 - 1 file changed, 3 insertions(+), 2 deletions(-)
923 -
924 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
925 -index 119ee58..543a791 100644
926 ---- a/hw/9pfs/9p.c
927 -+++ b/hw/9pfs/9p.c
928 -@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
929 - if (len < 0) {
930 - /* IO error return the error */
931 - err = len;
932 -- goto out;
933 -+ goto out_free_iovec;
934 - }
935 - } while (count < max_count && len > 0);
936 - err = pdu_marshal(pdu, offset, "d", count);
937 - if (err < 0) {
938 -- goto out;
939 -+ goto out_free_iovec;
940 - }
941 - err += offset + count;
942 -+out_free_iovec:
943 - qemu_iovec_destroy(&qiov);
944 - qemu_iovec_destroy(&qiov_full);
945 - } else if (fidp->fid_type == P9_FID_XATTR) {
946 ---
947 -1.8.3.1
948
949 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
950 deleted file mode 100644
951 index 74eee7e..0000000
952 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
953 +++ /dev/null
954 @@ -1,58 +0,0 @@
955 -From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001
956 -From: Li Qiang <liqiang6-s@×××.cn>
957 -Date: Mon, 17 Oct 2016 14:13:58 +0200
958 -Subject: [PATCH] 9pfs: allocate space for guest originated empty strings
959 -
960 -If a guest sends an empty string paramater to any 9P operation, the current
961 -code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
962 -
963 -This is unfortunate because it can cause NULL pointer dereference to happen
964 -at various locations in the 9pfs code. And we don't want to check str->data
965 -everywhere we pass it to strcmp() or any other function which expects a
966 -dereferenceable pointer.
967 -
968 -This patch enforces the allocation of genuine C empty strings instead, so
969 -callers don't have to bother.
970 -
971 -Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
972 -the returned string is empty. It now uses v9fs_string_size() since
973 -name.data cannot be NULL anymore.
974 -
975 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
976 -[groug, rewritten title and changelog,
977 - fix empty string check in v9fs_xattrwalk()]
978 -Signed-off-by: Greg Kurz <groug@××××.org>
979 ----
980 - fsdev/9p-iov-marshal.c | 2 +-
981 - hw/9pfs/9p.c | 2 +-
982 - 2 files changed, 2 insertions(+), 2 deletions(-)
983 -
984 -diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
985 -index 663cad5..1d16f8d 100644
986 ---- a/fsdev/9p-iov-marshal.c
987 -+++ b/fsdev/9p-iov-marshal.c
988 -@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
989 - str->data = g_malloc(str->size + 1);
990 - copied = v9fs_unpack(str->data, out_sg, out_num, offset,
991 - str->size);
992 -- if (copied > 0) {
993 -+ if (copied >= 0) {
994 - str->data[str->size] = 0;
995 - } else {
996 - v9fs_string_free(str);
997 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
998 -index 119ee58..39a7e1d 100644
999 ---- a/hw/9pfs/9p.c
1000 -+++ b/hw/9pfs/9p.c
1001 -@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque)
1002 - goto out;
1003 - }
1004 - v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
1005 -- if (name.data == NULL) {
1006 -+ if (!v9fs_string_size(&name)) {
1007 - /*
1008 - * listxattr request. Get the size first
1009 - */
1010 ---
1011 -2.7.3
1012 -
1013
1014 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
1015 deleted file mode 100644
1016 index a27d3a6..0000000
1017 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
1018 +++ /dev/null
1019 @@ -1,30 +0,0 @@
1020 -From: Prasad J Pandit <address@hidden>
1021 -
1022 -Rocker network switch emulator has test registers to help debug
1023 -DMA operations. While testing host DMA access, a buffer address
1024 -is written to register 'TEST_DMA_ADDR' and its size is written to
1025 -register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
1026 -test, if DMA buffer size was greater than 'INT_MAX', it leads to
1027 -an invalid buffer access. Limit the DMA buffer size to avoid it.
1028 -
1029 -Reported-by: Huawei PSIRT <address@hidden>
1030 -Signed-off-by: Prasad J Pandit <address@hidden>
1031 ----
1032 - hw/net/rocker/rocker.c | 2 +-
1033 - 1 file changed, 1 insertion(+), 1 deletion(-)
1034 -
1035 -diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
1036 -index 30f2ce4..e9d215a 100644
1037 ---- a/hw/net/rocker/rocker.c
1038 -+++ b/hw/net/rocker/rocker.c
1039 -@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
1040 - rocker_msix_irq(r, val);
1041 - break;
1042 - case ROCKER_TEST_DMA_SIZE:
1043 -- r->test_dma_size = val;
1044 -+ r->test_dma_size = val & 0xFFFF;
1045 - break;
1046 - case ROCKER_TEST_DMA_ADDR + 4:
1047 - r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
1048 ---
1049 -2.5.5
1050
1051 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
1052 index 457f022..cea8efc 100644
1053 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
1054 +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
1055 @@ -1,3 +1,6 @@
1056 +http://bugs.gentoo.org/597108
1057 +https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
1058 +
1059 From: Prasad J Pandit <address@hidden>
1060
1061 The JAZZ RC4030 chipset emulator has a periodic timer and
1062
1063 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
1064 deleted file mode 100644
1065 index 23393b7..0000000
1066 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
1067 +++ /dev/null
1068 @@ -1,34 +0,0 @@
1069 -From: Prasad J Pandit <address@hidden>
1070 -
1071 -16550A UART device uses an oscillator to generate frequencies
1072 -(baud base), which decide communication speed. This speed could
1073 -be changed by dividing it by a divider. If the divider is
1074 -greater than the baud base, speed is set to zero, leading to a
1075 -divide by zero error. Add check to avoid it.
1076 -
1077 -Reported-by: Huawei PSIRT <address@hidden>
1078 -Signed-off-by: Prasad J Pandit <address@hidden>
1079 ----
1080 - hw/char/serial.c | 3 ++-
1081 - 1 file changed, 2 insertions(+), 1 deletion(-)
1082 -
1083 -Update per
1084 - -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
1085 -
1086 -diff --git a/hw/char/serial.c b/hw/char/serial.c
1087 -index 3442f47..eec72b7 100644
1088 ---- a/hw/char/serial.c
1089 -+++ b/hw/char/serial.c
1090 -@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
1091 - int speed, parity, data_bits, stop_bits, frame_size;
1092 - QEMUSerialSetParams ssp;
1093 -
1094 -- if (s->divider == 0)
1095 -+ if (s->divider == 0 || s->divider > s->baudbase) {
1096 - return;
1097 -+ }
1098 -
1099 - /* Start bit. */
1100 - frame_size = 1;
1101 ---
1102 -2.5.5
1103
1104 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
1105 deleted file mode 100644
1106 index ed6613f..0000000
1107 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
1108 +++ /dev/null
1109 @@ -1,31 +0,0 @@
1110 -From: Prasad J Pandit <address@hidden>
1111 -
1112 -Intel HDA emulator uses stream of buffers during DMA data
1113 -transfers. Each entry has buffer length and buffer pointer
1114 -position, which are used to derive bytes to 'copy'. If this
1115 -length and buffer pointer were to be same, 'copy' could be
1116 -set to zero(0), leading to an infinite loop. Add check to
1117 -avoid it.
1118 -
1119 -Reported-by: Huawei PSIRT <address@hidden>
1120 -Signed-off-by: Prasad J Pandit <address@hidden>
1121 ----
1122 - hw/audio/intel-hda.c | 3 ++-
1123 - 1 file changed, 2 insertions(+), 1 deletion(-)
1124 -
1125 -diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
1126 -index cd95340..537face 100644
1127 ---- a/hw/audio/intel-hda.c
1128 -+++ b/hw/audio/intel-hda.c
1129 -@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
1130 - }
1131 -
1132 - left = len;
1133 -- while (left > 0) {
1134 -+ s = st->bentries;
1135 -+ while (left > 0 && s-- > 0) {
1136 - copy = left;
1137 - if (copy > st->bsize - st->lpib)
1138 - copy = st->bsize - st->lpib;
1139 ---
1140 -2.7.4
1141
1142 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
1143 deleted file mode 100644
1144 index c93f796..0000000
1145 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
1146 +++ /dev/null
1147 @@ -1,29 +0,0 @@
1148 -From: Prasad J Pandit <address@hidden>
1149 -
1150 -RTL8139 ethernet controller in C+ mode supports multiple
1151 -descriptor rings, each with maximum of 64 descriptors. While
1152 -processing transmit descriptor ring in 'rtl8139_cplus_transmit',
1153 -it does not limit the descriptor count and runs forever. Add
1154 -check to avoid it.
1155 -
1156 -Reported-by: Andrew Henderson <address@hidden>
1157 -Signed-off-by: Prasad J Pandit <address@hidden>
1158 ----
1159 - hw/net/rtl8139.c | 2 +-
1160 - 1 file changed, 1 insertion(+), 1 deletion(-)
1161 -
1162 -diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
1163 -index 3345bc6..f05e59c 100644
1164 ---- a/hw/net/rtl8139.c
1165 -+++ b/hw/net/rtl8139.c
1166 -@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
1167 - {
1168 - int txcount = 0;
1169 -
1170 -- while (rtl8139_cplus_transmit_one(s))
1171 -+ while (txcount < 64 && rtl8139_cplus_transmit_one(s))
1172 - {
1173 - ++txcount;
1174 - }
1175 ---
1176 -2.7.4
1177
1178 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
1179 deleted file mode 100644
1180 index 963eca9..0000000
1181 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
1182 +++ /dev/null
1183 @@ -1,21 +0,0 @@
1184 -From: Li Qiang <address@hidden>
1185 -
1186 -The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
1187 -situation that this field has been allocated previously. Every time, it
1188 -will be allocated directly. This leads a host memory leak issue. This
1189 -patch fix this.
1190 -
1191 ---
1192 -1.8.3.1
1193 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
1194 -index 75ba5f1..a4c7109 100644
1195 ---- a/hw/9pfs/9p.c
1196 -+++ b/hw/9pfs/9p.c
1197 -@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
1198 - xattr_fidp->fs.xattr.flags = flags;
1199 - v9fs_string_init(&xattr_fidp->fs.xattr.name);
1200 - v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
1201 -+ g_free(xattr_fidp->fs.xattr.value);
1202 - xattr_fidp->fs.xattr.value = g_malloc(size);
1203 - err = offset;
1204 - put_fid(pdu, file_fidp);
1205
1206 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
1207 deleted file mode 100644
1208 index 7520863..0000000
1209 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
1210 +++ /dev/null
1211 @@ -1,27 +0,0 @@
1212 -Author: Li Qiang <liqiang6-s@×××.cn>
1213 -Date: Mon Oct 17 14:13:58 2016 +0200
1214 -
1215 - 9pfs: fix information leak in xattr read
1216 -
1217 - 9pfs uses g_malloc() to allocate the xattr memory space, if the guest
1218 - reads this memory before writing to it, this will leak host heap memory
1219 - to the guest. This patch avoid this.
1220 -
1221 - Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1222 - Reviewed-by: Greg Kurz <groug@××××.org>
1223 - Signed-off-by: Greg Kurz <groug@××××.org>
1224 -
1225 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
1226 -index 26aa7d5..bf23b01 100644
1227 ---- a/hw/9pfs/9p.c
1228 -+++ b/hw/9pfs/9p.c
1229 -@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
1230 - xattr_fidp->fs.xattr.flags = flags;
1231 - v9fs_string_init(&xattr_fidp->fs.xattr.name);
1232 - v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
1233 - g_free(xattr_fidp->fs.xattr.value);
1234 -- xattr_fidp->fs.xattr.value = g_malloc(size);
1235 -+ xattr_fidp->fs.xattr.value = g_malloc0(size);
1236 - err = offset;
1237 - put_fid(pdu, file_fidp);
1238 - out_nofid:
1239
1240 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
1241 deleted file mode 100644
1242 index f1aec55..0000000
1243 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
1244 +++ /dev/null
1245 @@ -1,92 +0,0 @@
1246 -From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
1247 -From: Li Qiang <liqiang6-s@×××.cn>
1248 -Date: Tue, 1 Nov 2016 12:00:40 +0100
1249 -Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
1250 -MIME-Version: 1.0
1251 -Content-Type: text/plain; charset=UTF-8
1252 -Content-Transfer-Encoding: 8bit
1253 -
1254 -The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
1255 -originated offset: they must ensure this offset does not go beyond
1256 -the size of the extended attribute that was set in v9fs_xattrcreate().
1257 -Unfortunately, the current code implement these checks with unsafe
1258 -calculations on 32 and 64 bit values, which may allow a malicious
1259 -guest to cause OOB access anyway.
1260 -
1261 -Fix this by comparing the offset and the xattr size, which are
1262 -both uint64_t, before trying to compute the effective number of bytes
1263 -to read or write.
1264 -
1265 -Suggested-by: Greg Kurz <groug@××××.org>
1266 -Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1267 -Reviewed-by: Greg Kurz <groug@××××.org>
1268 -Reviewed-By: Guido Günther <agx@×××××××.org>
1269 -Signed-off-by: Greg Kurz <groug@××××.org>
1270 ----
1271 - hw/9pfs/9p.c | 32 ++++++++++++--------------------
1272 - 1 file changed, 12 insertions(+), 20 deletions(-)
1273 -
1274 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
1275 -index ab18ef2..7705ead 100644
1276 ---- a/hw/9pfs/9p.c
1277 -+++ b/hw/9pfs/9p.c
1278 -@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
1279 - {
1280 - ssize_t err;
1281 - size_t offset = 7;
1282 -- int read_count;
1283 -- int64_t xattr_len;
1284 -+ uint64_t read_count;
1285 - V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
1286 - VirtQueueElement *elem = v->elems[pdu->idx];
1287 -
1288 -- xattr_len = fidp->fs.xattr.len;
1289 -- read_count = xattr_len - off;
1290 -+ if (fidp->fs.xattr.len < off) {
1291 -+ read_count = 0;
1292 -+ } else {
1293 -+ read_count = fidp->fs.xattr.len - off;
1294 -+ }
1295 - if (read_count > max_count) {
1296 - read_count = max_count;
1297 -- } else if (read_count < 0) {
1298 -- /*
1299 -- * read beyond XATTR value
1300 -- */
1301 -- read_count = 0;
1302 - }
1303 - err = pdu_marshal(pdu, offset, "d", read_count);
1304 - if (err < 0) {
1305 -@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
1306 - {
1307 - int i, to_copy;
1308 - ssize_t err = 0;
1309 -- int write_count;
1310 -- int64_t xattr_len;
1311 -+ uint64_t write_count;
1312 - size_t offset = 7;
1313 -
1314 -
1315 -- xattr_len = fidp->fs.xattr.len;
1316 -- write_count = xattr_len - off;
1317 -- if (write_count > count) {
1318 -- write_count = count;
1319 -- } else if (write_count < 0) {
1320 -- /*
1321 -- * write beyond XATTR value len specified in
1322 -- * xattrcreate
1323 -- */
1324 -+ if (fidp->fs.xattr.len < off) {
1325 - err = -ENOSPC;
1326 - goto out;
1327 - }
1328 -+ write_count = fidp->fs.xattr.len - off;
1329 -+ if (write_count > count) {
1330 -+ write_count = count;
1331 -+ }
1332 - err = pdu_marshal(pdu, offset, "d", write_count);
1333 - if (err < 0) {
1334 - return err;
1335 ---
1336 -2.7.3
1337 -
1338
1339 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
1340 deleted file mode 100644
1341 index cddff97..0000000
1342 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
1343 +++ /dev/null
1344 @@ -1,25 +0,0 @@
1345 -From: Li Qiang <address@hidden>
1346 -
1347 -In v9fs_link dispatch function, it doesn't put the 'oldfidp'
1348 -fid object, this will make the 'oldfidp->ref' never reach to 0,
1349 -thus leading a memory leak issue. This patch fix this.
1350 -
1351 -Signed-off-by: Li Qiang <address@hidden>
1352 ----
1353 - hw/9pfs/9p.c | 1 +
1354 - 1 file changed, 1 insertion(+)
1355 -
1356 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
1357 -index 8b50bfb..29f8b7a 100644
1358 ---- a/hw/9pfs/9p.c
1359 -+++ b/hw/9pfs/9p.c
1360 -@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque)
1361 - if (!err) {
1362 - err = offset;
1363 - }
1364 -+ put_fid(pdu, oldfidp);
1365 - out:
1366 - put_fid(pdu, dfidp);
1367 - out_nofid:
1368 ---
1369 -1.8.3.1
1370
1371 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
1372 deleted file mode 100644
1373 index 137272d..0000000
1374 --- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
1375 +++ /dev/null
1376 @@ -1,27 +0,0 @@
1377 -Author: Li Qiang <liqiang6-s@×××.cn>
1378 -Date: Mon Oct 17 14:13:58 2016 +0200
1379 -
1380 - 9pfs: fix memory leak in v9fs_write
1381 -
1382 - If an error occurs when marshalling the transfer length to the guest, the
1383 - v9fs_write() function doesn't free an IO vector, thus leading to a memory
1384 - leak. This patch fixes the issue.
1385 -
1386 - Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1387 - Reviewed-by: Greg Kurz <groug@××××.org>
1388 - [groug, rephrased the changelog]
1389 - Signed-off-by: Greg Kurz <groug@××××.org>
1390 -
1391 -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
1392 -index d43a552..e88cf25 100644
1393 ---- a/hw/9pfs/9p.c
1394 -+++ b/hw/9pfs/9p.c
1395 -@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque)
1396 - offset = 7;
1397 - err = pdu_marshal(pdu, offset, "d", total);
1398 - if (err < 0) {
1399 -- goto out;
1400 -+ goto out_qiov;
1401 - }
1402 - err += offset;
1403 -
1404
1405 diff --git a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
1406 deleted file mode 100644
1407 index d090323..0000000
1408 --- a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
1409 +++ /dev/null
1410 @@ -1,13 +0,0 @@
1411 -diff -Naur qemu-2.7.0.orig/configure qemu-2.7.0/configure
1412 ---- qemu-2.7.0.orig/configure 2016-09-05 18:30:41.722529882 -0700
1413 -+++ qemu-2.7.0/configure 2016-09-05 18:32:22.473649654 -0700
1414 -@@ -1805,7 +1805,8 @@
1415 - EOF
1416 - if compile_object "" ; then
1417 - if has readelf; then
1418 -- if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
1419 -+ if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" &&
1420 -+ ldd $TMPO >dev/null 2>&1; then
1421 - avx2_opt="yes"
1422 - fi
1423 - fi
1424
1425 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
1426 new file mode 100644
1427 index 0000000..c486295
1428 --- /dev/null
1429 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
1430 @@ -0,0 +1,46 @@
1431 +From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
1432 +From: Li Qiang <liqiang6-s@×××.cn>
1433 +Date: Mon, 28 Nov 2016 17:49:04 -0800
1434 +Subject: [PATCH] watchdog: 6300esb: add exit function
1435 +
1436 +When the Intel 6300ESB watchdog is hot unplug. The timer allocated
1437 +in realize isn't freed thus leaking memory leak. This patch avoid
1438 +this through adding the exit function.
1439 +
1440 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1441 +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@×××××××××.com>
1442 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1443 +---
1444 + hw/watchdog/wdt_i6300esb.c | 9 +++++++++
1445 + 1 file changed, 9 insertions(+)
1446 +
1447 +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
1448 +index a83d951..49b3cd1 100644
1449 +--- a/hw/watchdog/wdt_i6300esb.c
1450 ++++ b/hw/watchdog/wdt_i6300esb.c
1451 +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
1452 + /* qemu_register_coalesced_mmio (addr, 0x10); ? */
1453 + }
1454 +
1455 ++static void i6300esb_exit(PCIDevice *dev)
1456 ++{
1457 ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
1458 ++
1459 ++ timer_del(d->timer);
1460 ++ timer_free(d->timer);
1461 ++}
1462 ++
1463 + static WatchdogTimerModel model = {
1464 + .wdt_name = "i6300esb",
1465 + .wdt_description = "Intel 6300ESB",
1466 +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
1467 + k->config_read = i6300esb_config_read;
1468 + k->config_write = i6300esb_config_write;
1469 + k->realize = i6300esb_realize;
1470 ++ k->exit = i6300esb_exit;
1471 + k->vendor_id = PCI_VENDOR_ID_INTEL;
1472 + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
1473 + k->class_id = PCI_CLASS_SYSTEM_OTHER;
1474 +--
1475 +2.10.2
1476 +
1477
1478 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
1479 new file mode 100644
1480 index 0000000..f0bba80
1481 --- /dev/null
1482 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
1483 @@ -0,0 +1,48 @@
1484 +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
1485 +From: Li Qiang <liqiang6-s@×××.cn>
1486 +Date: Wed, 1 Feb 2017 09:35:01 +0100
1487 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
1488 +
1489 +When doing bitblt copy in backward mode, we should minus the
1490 +blt width first just like the adding in the forward mode. This
1491 +can avoid the oob access of the front of vga's vram.
1492 +
1493 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1494 +
1495 +{ kraxel: with backward blits (negative pitch) addr is the topmost
1496 + address, so check it as-is against vram size ]
1497 +
1498 +Cc: qemu-stable@××××××.org
1499 +Cc: P J P <ppandit@××××××.com>
1500 +Cc: Laszlo Ersek <lersek@××××××.com>
1501 +Cc: Paolo Bonzini <pbonzini@××××××.com>
1502 +Cc: Wolfgang Bumiller <w.bumiller@×××××××.com>
1503 +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
1504 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1505 +Message-id: 1485938101-26602-1-git-send-email-kraxel@××××××.com
1506 +Reviewed-by: Laszlo Ersek <lersek@××××××.com>
1507 +---
1508 + hw/display/cirrus_vga.c | 7 +++----
1509 + 1 file changed, 3 insertions(+), 4 deletions(-)
1510 +
1511 +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
1512 +index 7db6409..16f27e8 100644
1513 +--- a/hw/display/cirrus_vga.c
1514 ++++ b/hw/display/cirrus_vga.c
1515 +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
1516 + {
1517 + if (pitch < 0) {
1518 + int64_t min = addr
1519 +- + ((int64_t)s->cirrus_blt_height-1) * pitch;
1520 +- int32_t max = addr
1521 +- + s->cirrus_blt_width;
1522 +- if (min < 0 || max > s->vga.vram_size) {
1523 ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch
1524 ++ - s->cirrus_blt_width;
1525 ++ if (min < -1 || addr >= s->vga.vram_size) {
1526 + return true;
1527 + }
1528 + } else {
1529 +--
1530 +2.10.2
1531 +
1532
1533 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
1534 new file mode 100644
1535 index 0000000..24411b4
1536 --- /dev/null
1537 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
1538 @@ -0,0 +1,52 @@
1539 +From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
1540 +From: Li Qiang <liqiang6-s@×××.cn>
1541 +Date: Wed, 14 Dec 2016 18:30:21 -0800
1542 +Subject: [PATCH] audio: ac97: add exit function
1543 +MIME-Version: 1.0
1544 +Content-Type: text/plain; charset=UTF-8
1545 +Content-Transfer-Encoding: 8bit
1546 +
1547 +Currently the ac97 device emulation doesn't have a exit function,
1548 +hot unplug this device will leak some memory. Add a exit function to
1549 +avoid this.
1550 +
1551 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1552 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
1553 +Message-id: 58520052.4825ed0a.27a71.6cae@×××××××××.com
1554 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1555 +---
1556 + hw/audio/ac97.c | 11 +++++++++++
1557 + 1 file changed, 11 insertions(+)
1558 +
1559 +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
1560 +index cbd959e..c306575 100644
1561 +--- a/hw/audio/ac97.c
1562 ++++ b/hw/audio/ac97.c
1563 +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
1564 + ac97_on_reset (&s->dev.qdev);
1565 + }
1566 +
1567 ++static void ac97_exit(PCIDevice *dev)
1568 ++{
1569 ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
1570 ++
1571 ++ AUD_close_in(&s->card, s->voice_pi);
1572 ++ AUD_close_out(&s->card, s->voice_po);
1573 ++ AUD_close_in(&s->card, s->voice_mc);
1574 ++ AUD_remove_card(&s->card);
1575 ++}
1576 ++
1577 + static int ac97_init (PCIBus *bus)
1578 + {
1579 + pci_create_simple (bus, -1, "AC97");
1580 +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
1581 + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
1582 +
1583 + k->realize = ac97_realize;
1584 ++ k->exit = ac97_exit;
1585 + k->vendor_id = PCI_VENDOR_ID_INTEL;
1586 + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
1587 + k->revision = 0x01;
1588 +--
1589 +2.10.2
1590 +
1591
1592 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
1593 new file mode 100644
1594 index 0000000..6bbac58
1595 --- /dev/null
1596 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
1597 @@ -0,0 +1,55 @@
1598 +From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
1599 +From: Li Qiang <liqiang6-s@×××.cn>
1600 +Date: Wed, 14 Dec 2016 18:32:22 -0800
1601 +Subject: [PATCH] audio: es1370: add exit function
1602 +MIME-Version: 1.0
1603 +Content-Type: text/plain; charset=UTF-8
1604 +Content-Transfer-Encoding: 8bit
1605 +
1606 +Currently the es1370 device emulation doesn't have a exit function,
1607 +hot unplug this device will leak some memory. Add a exit function to
1608 +avoid this.
1609 +
1610 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1611 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
1612 +Message-id: 585200c9.a968ca0a.1ab80.4c98@×××××××××.com
1613 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1614 +---
1615 + hw/audio/es1370.c | 14 ++++++++++++++
1616 + 1 file changed, 14 insertions(+)
1617 +
1618 +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
1619 +index 8449b5f..883ec69 100644
1620 +--- a/hw/audio/es1370.c
1621 ++++ b/hw/audio/es1370.c
1622 +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
1623 + es1370_reset (s);
1624 + }
1625 +
1626 ++static void es1370_exit(PCIDevice *dev)
1627 ++{
1628 ++ ES1370State *s = ES1370(dev);
1629 ++ int i;
1630 ++
1631 ++ for (i = 0; i < 2; ++i) {
1632 ++ AUD_close_out(&s->card, s->dac_voice[i]);
1633 ++ }
1634 ++
1635 ++ AUD_close_in(&s->card, s->adc_voice);
1636 ++ AUD_remove_card(&s->card);
1637 ++}
1638 ++
1639 + static int es1370_init (PCIBus *bus)
1640 + {
1641 + pci_create_simple (bus, -1, TYPE_ES1370);
1642 +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
1643 + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
1644 +
1645 + k->realize = es1370_realize;
1646 ++ k->exit = es1370_exit;
1647 + k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
1648 + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
1649 + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
1650 +--
1651 +2.10.2
1652 +
1653
1654 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
1655 new file mode 100644
1656 index 0000000..9475f3f
1657 --- /dev/null
1658 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
1659 @@ -0,0 +1,41 @@
1660 +From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
1661 +From: Li Qiang <liq3ea@×××××.com>
1662 +Date: Thu, 29 Dec 2016 03:11:26 -0500
1663 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
1664 +MIME-Version: 1.0
1665 +Content-Type: text/plain; charset=UTF-8
1666 +Content-Transfer-Encoding: 8bit
1667 +
1668 +If the virgl_renderer_resource_attach_iov function fails the
1669 +'res_iovs' will be leaked. Add check of the return value to
1670 +free the 'res_iovs' when failing.
1671 +
1672 +Signed-off-by: Li Qiang <liq3ea@×××××.com>
1673 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
1674 +Message-id: 1482999086-59795-1-git-send-email-liq3ea@×××××.com
1675 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1676 +---
1677 + hw/display/virtio-gpu-3d.c | 7 +++++--
1678 + 1 file changed, 5 insertions(+), 2 deletions(-)
1679 +
1680 +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
1681 +index e29f099..b13ced3 100644
1682 +--- a/hw/display/virtio-gpu-3d.c
1683 ++++ b/hw/display/virtio-gpu-3d.c
1684 +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
1685 + return;
1686 + }
1687 +
1688 +- virgl_renderer_resource_attach_iov(att_rb.resource_id,
1689 +- res_iovs, att_rb.nr_entries);
1690 ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
1691 ++ res_iovs, att_rb.nr_entries);
1692 ++
1693 ++ if (ret != 0)
1694 ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
1695 + }
1696 +
1697 + static void virgl_resource_detach_backing(VirtIOGPU *g,
1698 +--
1699 +2.10.2
1700 +
1701
1702 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
1703 new file mode 100644
1704 index 0000000..f93d1e7
1705 --- /dev/null
1706 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
1707 @@ -0,0 +1,35 @@
1708 +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
1709 +From: Li Qiang <liq3ea@×××××.com>
1710 +Date: Thu, 29 Dec 2016 04:28:41 -0500
1711 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
1712 +
1713 +In the resource attach backing function, everytime it will
1714 +allocate 'res->iov' thus can leading a memory leak. This
1715 +patch avoid this.
1716 +
1717 +Signed-off-by: Li Qiang <liq3ea@×××××.com>
1718 +Message-id: 1483003721-65360-1-git-send-email-liq3ea@×××××.com
1719 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1720 +---
1721 + hw/display/virtio-gpu.c | 5 +++++
1722 + 1 file changed, 5 insertions(+)
1723 +
1724 +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
1725 +index 6a26258..ca88cf4 100644
1726 +--- a/hw/display/virtio-gpu.c
1727 ++++ b/hw/display/virtio-gpu.c
1728 +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
1729 + return;
1730 + }
1731 +
1732 ++ if (res->iov) {
1733 ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
1734 ++ return;
1735 ++ }
1736 ++
1737 + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
1738 + if (ret != 0) {
1739 + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
1740 +--
1741 +2.10.2
1742 +
1743
1744 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
1745 new file mode 100644
1746 index 0000000..e4572a8
1747 --- /dev/null
1748 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
1749 @@ -0,0 +1,40 @@
1750 +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
1751 +From: Li Qiang <liqiang6-s@×××.cn>
1752 +Date: Wed, 4 Jan 2017 00:43:16 -0800
1753 +Subject: [PATCH] serial: fix memory leak in serial exit
1754 +
1755 +The serial_exit_core function doesn't free some resources.
1756 +This can lead memory leak when hotplug and unplug. This
1757 +patch avoid this.
1758 +
1759 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
1760 +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@×××××××××.com>
1761 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1762 +---
1763 + hw/char/serial.c | 10 ++++++++++
1764 + 1 file changed, 10 insertions(+)
1765 +
1766 +diff --git a/hw/char/serial.c b/hw/char/serial.c
1767 +index ffbacd8..67b18ed 100644
1768 +--- a/hw/char/serial.c
1769 ++++ b/hw/char/serial.c
1770 +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
1771 + void serial_exit_core(SerialState *s)
1772 + {
1773 + qemu_chr_fe_deinit(&s->chr);
1774 ++
1775 ++ timer_del(s->modem_status_poll);
1776 ++ timer_free(s->modem_status_poll);
1777 ++
1778 ++ timer_del(s->fifo_timeout_timer);
1779 ++ timer_free(s->fifo_timeout_timer);
1780 ++
1781 ++ fifo8_destroy(&s->recv_fifo);
1782 ++ fifo8_destroy(&s->xmit_fifo);
1783 ++
1784 + qemu_unregister_reset(serial_reset, s);
1785 + }
1786 +
1787 +--
1788 +2.10.2
1789 +
1790
1791 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
1792 new file mode 100644
1793 index 0000000..93e9c94
1794 --- /dev/null
1795 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
1796 @@ -0,0 +1,37 @@
1797 +From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
1798 +From: Prasad J Pandit <pjp@×××××××××××××.org>
1799 +Date: Tue, 7 Feb 2017 18:29:59 +0000
1800 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
1801 +
1802 +While doing multi block SDMA transfer in routine
1803 +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
1804 +index 'begin' and data length 's->data_count' could end up to be same.
1805 +This could lead to an OOB access issue. Correct transfer data length
1806 +to avoid it.
1807 +
1808 +Cc: qemu-stable@××××××.org
1809 +Reported-by: Jiang Xin <jiangxin1@××××××.com>
1810 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
1811 +Reviewed-by: Peter Maydell <peter.maydell@××××××.org>
1812 +Message-id: 20170130064736.9236-1-ppandit@××××××.com
1813 +Signed-off-by: Peter Maydell <peter.maydell@××××××.org>
1814 +---
1815 + hw/sd/sdhci.c | 2 +-
1816 + 1 file changed, 1 insertion(+), 1 deletion(-)
1817 +
1818 +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
1819 +index 01fbf22..5bd5ab6 100644
1820 +--- a/hw/sd/sdhci.c
1821 ++++ b/hw/sd/sdhci.c
1822 +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
1823 + boundary_count -= block_size - begin;
1824 + }
1825 + dma_memory_read(&address_space_memory, s->sdmasysad,
1826 +- &s->fifo_buffer[begin], s->data_count);
1827 ++ &s->fifo_buffer[begin], s->data_count - begin);
1828 + s->sdmasysad += s->data_count - begin;
1829 + if (s->data_count == block_size) {
1830 + for (n = 0; n < block_size; n++) {
1831 +--
1832 +2.10.2
1833 +
1834
1835 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
1836 new file mode 100644
1837 index 0000000..2ebd49f
1838 --- /dev/null
1839 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
1840 @@ -0,0 +1,64 @@
1841 +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
1842 +From: Paolo Bonzini <pbonzini@××××××.com>
1843 +Date: Mon, 2 Jan 2017 11:03:33 +0100
1844 +Subject: [PATCH] megasas: fix guest-triggered memory leak
1845 +
1846 +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
1847 +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
1848 +Avoid this by returning only the status from map_dcmd, and loading
1849 +cmd->iov_size in the caller.
1850 +
1851 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
1852 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1853 +---
1854 + hw/scsi/megasas.c | 11 ++++++-----
1855 + 1 file changed, 6 insertions(+), 5 deletions(-)
1856 +
1857 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
1858 +index 67fc1e7..6233865 100644
1859 +--- a/hw/scsi/megasas.c
1860 ++++ b/hw/scsi/megasas.c
1861 +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
1862 + trace_megasas_dcmd_invalid_sge(cmd->index,
1863 + cmd->frame->header.sge_count);
1864 + cmd->iov_size = 0;
1865 +- return -1;
1866 ++ return -EINVAL;
1867 + }
1868 + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
1869 + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
1870 + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
1871 + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
1872 + cmd->iov_size = iov_size;
1873 +- return cmd->iov_size;
1874 ++ return 0;
1875 + }
1876 +
1877 + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
1878 +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
1879 +
1880 + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
1881 + {
1882 +- int opcode, len;
1883 ++ int opcode;
1884 + int retval = 0;
1885 ++ size_t len;
1886 + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
1887 +
1888 + opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
1889 + trace_megasas_handle_dcmd(cmd->index, opcode);
1890 +- len = megasas_map_dcmd(s, cmd);
1891 +- if (len < 0) {
1892 ++ if (megasas_map_dcmd(s, cmd) < 0) {
1893 + return MFI_STAT_MEMORY_NOT_AVAILABLE;
1894 + }
1895 + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
1896 + cmdptr++;
1897 + }
1898 ++ len = cmd->iov_size;
1899 + if (cmdptr->opcode == -1) {
1900 + trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
1901 + retval = megasas_dcmd_dummy(s, cmd);
1902 +--
1903 +2.10.2
1904 +
1905
1906 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
1907 new file mode 100644
1908 index 0000000..664a669
1909 --- /dev/null
1910 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
1911 @@ -0,0 +1,38 @@
1912 +When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
1913 +backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
1914 +we'll leak memory.
1915 +
1916 +This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
1917 +"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
1918 +
1919 +Reported-by: 李强 <address@hidden>
1920 +Signed-off-by: Gerd Hoffmann <address@hidden>
1921 +---
1922 + hw/display/virtio-gpu-3d.c | 8 ++++++++
1923 + 1 file changed, 8 insertions(+)
1924 +
1925 +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
1926 +index f96a0c2..ecb09d1 100644
1927 +--- a/hw/display/virtio-gpu-3d.c
1928 ++++ b/hw/display/virtio-gpu-3d.c
1929 +@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
1930 + struct virtio_gpu_ctrl_command *cmd)
1931 + {
1932 + struct virtio_gpu_resource_unref unref;
1933 ++ struct iovec *res_iovs = NULL;
1934 ++ int num_iovs = 0;
1935 +
1936 + VIRTIO_GPU_FILL_CMD(unref);
1937 + trace_virtio_gpu_cmd_res_unref(unref.resource_id);
1938 +
1939 ++ virgl_renderer_resource_detach_iov(unref.resource_id,
1940 ++ &res_iovs,
1941 ++ &num_iovs);
1942 ++ if (res_iovs != NULL && num_iovs != 0) {
1943 ++ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
1944 ++ }
1945 + virgl_renderer_resource_unref(unref.resource_id);
1946 + }
1947 +
1948 +--
1949 +1.8.3.1
1950
1951 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
1952 new file mode 100644
1953 index 0000000..9f94477
1954 --- /dev/null
1955 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
1956 @@ -0,0 +1,35 @@
1957 +From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
1958 +From: Prasad J Pandit <pjp@×××××××××××××.org>
1959 +Date: Fri, 3 Feb 2017 00:52:28 +0530
1960 +Subject: [PATCH] usb: ccid: check ccid apdu length
1961 +
1962 +CCID device emulator uses Application Protocol Data Units(APDU)
1963 +to exchange command and responses to and from the host.
1964 +The length in these units couldn't be greater than 65536. Add
1965 +check to ensure the same. It'd also avoid potential integer
1966 +overflow in emulated_apdu_from_guest.
1967 +
1968 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
1969 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
1970 +Message-id: 20170202192228.10847-1-ppandit@××××××.com
1971 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1972 +---
1973 + hw/usb/dev-smartcard-reader.c | 2 +-
1974 + 1 file changed, 1 insertion(+), 1 deletion(-)
1975 +
1976 +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
1977 +index 89e11b6..1325ea1 100644
1978 +--- a/hw/usb/dev-smartcard-reader.c
1979 ++++ b/hw/usb/dev-smartcard-reader.c
1980 +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
1981 + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
1982 + recv->hdr.bSeq, len);
1983 + ccid_add_pending_answer(s, (CCID_Header *)recv);
1984 +- if (s->card) {
1985 ++ if (s->card && len <= BULK_OUT_DATA_SIZE) {
1986 + ccid_card_apdu_from_guest(s->card, recv->abData, len);
1987 + } else {
1988 + DPRINTF(s, D_WARN, "warning: discarded apdu\n");
1989 +--
1990 +2.10.2
1991 +
1992
1993 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
1994 new file mode 100644
1995 index 0000000..f24d557
1996 --- /dev/null
1997 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
1998 @@ -0,0 +1,46 @@
1999 +From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
2000 +From: Gonglei <arei.gonglei@××××××.com>
2001 +Date: Tue, 3 Jan 2017 14:50:03 +0800
2002 +Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
2003 +
2004 +Because the 'size_t' type is 4 bytes in 32-bit platform, which
2005 +is the same with 'int'. It's easy to make 'max_len' to zero when
2006 +integer overflow and then cause heap overflow if 'max_len' is zero.
2007 +
2008 +Using uint_64 instead of size_t to avoid the integer overflow.
2009 +
2010 +Cc: qemu-stable@××××××.org
2011 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
2012 +Signed-off-by: Gonglei <arei.gonglei@××××××.com>
2013 +Tested-by: Li Qiang <liqiang6-s@×××.cn>
2014 +Reviewed-by: Michael S. Tsirkin <mst@××××××.com>
2015 +Signed-off-by: Michael S. Tsirkin <mst@××××××.com>
2016 +---
2017 + hw/virtio/virtio-crypto.c | 4 ++--
2018 + 1 file changed, 2 insertions(+), 2 deletions(-)
2019 +
2020 +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
2021 +index 2f2467e..c23e1ad 100644
2022 +--- a/hw/virtio/virtio-crypto.c
2023 ++++ b/hw/virtio/virtio-crypto.c
2024 +@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
2025 + uint32_t hash_start_src_offset = 0, len_to_hash = 0;
2026 + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
2027 +
2028 +- size_t max_len, curr_size = 0;
2029 ++ uint64_t max_len, curr_size = 0;
2030 + size_t s;
2031 +
2032 + /* Plain cipher */
2033 +@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
2034 + return NULL;
2035 + }
2036 +
2037 +- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
2038 ++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
2039 + if (unlikely(max_len > vcrypto->conf.max_size)) {
2040 + virtio_error(vdev, "virtio-crypto too big length");
2041 + return NULL;
2042 +--
2043 +2.10.2
2044 +
2045
2046 diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
2047 index d036967..1866d8a 100644
2048 --- a/app-emulation/qemu/metadata.xml
2049 +++ b/app-emulation/qemu/metadata.xml
2050 @@ -42,7 +42,6 @@
2051 <flag name="png">Enable png image support for the VNC console server</flag>
2052 <flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
2053 <flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
2054 - <flag name="uuid">Enable UUID support in the vdi block driver</flag>
2055 <flag name="vde">Enable VDE-based networking</flag>
2056 <flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
2057 <flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
2058
2059 diff --git a/app-emulation/qemu/qemu-2.7.0-r7.ebuild b/app-emulation/qemu/qemu-2.7.0-r7.ebuild
2060 deleted file mode 100644
2061 index e77efc8..0000000
2062 --- a/app-emulation/qemu/qemu-2.7.0-r7.ebuild
2063 +++ /dev/null
2064 @@ -1,713 +0,0 @@
2065 -# Copyright 1999-2016 Gentoo Foundation
2066 -# Distributed under the terms of the GNU General Public License v2
2067 -# $Id$
2068 -
2069 -EAPI="5"
2070 -
2071 -PYTHON_COMPAT=( python2_7 )
2072 -PYTHON_REQ_USE="ncurses,readline"
2073 -
2074 -PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
2075 -
2076 -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
2077 - user udev fcaps readme.gentoo-r1 pax-utils l10n
2078 -
2079 -if [[ ${PV} = *9999* ]]; then
2080 - EGIT_REPO_URI="git://git.qemu.org/qemu.git"
2081 - inherit git-2
2082 - SRC_URI=""
2083 -else
2084 - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
2085 - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
2086 -fi
2087 -
2088 -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
2089 -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
2090 -
2091 -LICENSE="GPL-2 LGPL-2 BSD-2"
2092 -SLOT="0"
2093 -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
2094 -gnutls gtk gtk2 infiniband iscsi +jpeg \
2095 -kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
2096 -+png pulseaudio python \
2097 -rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
2098 -static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
2099 -virgl virtfs +vnc vte xattr xen xfs"
2100 -
2101 -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
2102 -mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
2103 -x86_64"
2104 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
2105 -IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
2106 -
2107 -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
2108 -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
2109 -IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
2110 -
2111 -# Allow no targets to be built so that people can get a tools-only build.
2112 -# Block USE flag configurations known to not work.
2113 -REQUIRED_USE="${PYTHON_REQUIRED_USE}
2114 - gtk2? ( gtk )
2115 - qemu_softmmu_targets_arm? ( fdt )
2116 - qemu_softmmu_targets_microblaze? ( fdt )
2117 - qemu_softmmu_targets_ppc? ( fdt )
2118 - qemu_softmmu_targets_ppc64? ( fdt )
2119 - sdl2? ( sdl )
2120 - static? ( static-softmmu static-user )
2121 - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
2122 - virtfs? ( xattr )
2123 - vte? ( gtk )"
2124 -
2125 -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
2126 -#
2127 -# The attr lib isn't always linked in (although the USE flag is always
2128 -# respected). This is because qemu supports using the C library's API
2129 -# when available rather than always using the extranl library.
2130 -#
2131 -# Older versions of gnutls are supported, but it's simpler to just require
2132 -# the latest versions. This is also why we require nettle.
2133 -#
2134 -# TODO: Split out tools deps into another var. e.g. bzip2 is only used by
2135 -# system binaries and tools, not user binaries.
2136 -COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
2137 - sys-libs/zlib[static-libs(+)]
2138 - bzip2? ( app-arch/bzip2[static-libs(+)] )
2139 - xattr? ( sys-apps/attr[static-libs(+)] )"
2140 -SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
2141 - >=x11-libs/pixman-0.28.0[static-libs(+)]
2142 - accessibility? ( app-accessibility/brltty[static-libs(+)] )
2143 - aio? ( dev-libs/libaio[static-libs(+)] )
2144 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
2145 - bluetooth? ( net-wireless/bluez )
2146 - caps? ( sys-libs/libcap-ng[static-libs(+)] )
2147 - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
2148 - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
2149 - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
2150 - gnutls? (
2151 - dev-libs/nettle:=[static-libs(+)]
2152 - >=net-libs/gnutls-3.0:=[static-libs(+)]
2153 - )
2154 - gtk? (
2155 - gtk2? (
2156 - x11-libs/gtk+:2
2157 - vte? ( x11-libs/vte:0 )
2158 - )
2159 - !gtk2? (
2160 - x11-libs/gtk+:3
2161 - vte? ( x11-libs/vte:2.91 )
2162 - )
2163 - )
2164 - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
2165 - iscsi? ( net-libs/libiscsi )
2166 - jpeg? ( virtual/jpeg:0=[static-libs(+)] )
2167 - lzo? ( dev-libs/lzo:2[static-libs(+)] )
2168 - ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
2169 - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
2170 - numa? ( sys-process/numactl[static-libs(+)] )
2171 - opengl? (
2172 - virtual/opengl
2173 - media-libs/libepoxy[static-libs(+)]
2174 - media-libs/mesa[static-libs(+)]
2175 - media-libs/mesa[egl,gles2,gbm]
2176 - )
2177 - png? ( media-libs/libpng:0=[static-libs(+)] )
2178 - pulseaudio? ( media-sound/pulseaudio )
2179 - rbd? ( sys-cluster/ceph[static-libs(+)] )
2180 - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
2181 - sdl? (
2182 - !sdl2? (
2183 - media-libs/libsdl[X]
2184 - >=media-libs/libsdl-1.2.11[static-libs(+)]
2185 - )
2186 - sdl2? (
2187 - media-libs/libsdl2[X]
2188 - media-libs/libsdl2[static-libs(+)]
2189 - )
2190 - )
2191 - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
2192 - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
2193 - snappy? ( app-arch/snappy[static-libs(+)] )
2194 - spice? (
2195 - >=app-emulation/spice-protocol-0.12.3
2196 - >=app-emulation/spice-0.12.0[static-libs(+)]
2197 - )
2198 - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
2199 - usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
2200 - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
2201 - uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
2202 - vde? ( net-misc/vde[static-libs(+)] )
2203 - virgl? ( media-libs/virglrenderer[static-libs(+)] )
2204 - virtfs? ( sys-libs/libcap )
2205 - xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
2206 -USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
2207 -X86_FIRMWARE_DEPEND="
2208 - >=sys-firmware/ipxe-1.0.0_p20130624
2209 - pin-upstream-blobs? (
2210 - ~sys-firmware/seabios-1.8.2
2211 - ~sys-firmware/sgabios-0.1_pre8
2212 - ~sys-firmware/vgabios-0.7a
2213 - )
2214 - !pin-upstream-blobs? (
2215 - sys-firmware/seabios
2216 - sys-firmware/sgabios
2217 - sys-firmware/vgabios
2218 - )"
2219 -CDEPEND="
2220 - !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
2221 - !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
2222 - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
2223 - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
2224 - python? ( ${PYTHON_DEPS} )
2225 - systemtap? ( dev-util/systemtap )
2226 - xen? ( app-emulation/xen-tools:= )"
2227 -DEPEND="${CDEPEND}
2228 - dev-lang/perl
2229 - =dev-lang/python-2*
2230 - sys-apps/texinfo
2231 - virtual/pkgconfig
2232 - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
2233 - gtk? ( nls? ( sys-devel/gettext ) )
2234 - static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
2235 - static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
2236 - test? (
2237 - dev-libs/glib[utils]
2238 - sys-devel/bc
2239 - )"
2240 -RDEPEND="${CDEPEND}
2241 - selinux? ( sec-policy/selinux-qemu )
2242 -"
2243 -
2244 -STRIP_MASK="/usr/share/qemu/palcode-clipper"
2245 -
2246 -QA_PREBUILT="
2247 - usr/share/qemu/openbios-ppc
2248 - usr/share/qemu/openbios-sparc64
2249 - usr/share/qemu/openbios-sparc32
2250 - usr/share/qemu/palcode-clipper
2251 - usr/share/qemu/s390-ccw.img
2252 - usr/share/qemu/u-boot.e500
2253 -"
2254 -
2255 -QA_WX_LOAD="usr/bin/qemu-i386
2256 - usr/bin/qemu-x86_64
2257 - usr/bin/qemu-alpha
2258 - usr/bin/qemu-arm
2259 - usr/bin/qemu-cris
2260 - usr/bin/qemu-m68k
2261 - usr/bin/qemu-microblaze
2262 - usr/bin/qemu-microblazeel
2263 - usr/bin/qemu-mips
2264 - usr/bin/qemu-mipsel
2265 - usr/bin/qemu-or32
2266 - usr/bin/qemu-ppc
2267 - usr/bin/qemu-ppc64
2268 - usr/bin/qemu-ppc64abi32
2269 - usr/bin/qemu-sh4
2270 - usr/bin/qemu-sh4eb
2271 - usr/bin/qemu-sparc
2272 - usr/bin/qemu-sparc64
2273 - usr/bin/qemu-armeb
2274 - usr/bin/qemu-sparc32plus
2275 - usr/bin/qemu-s390x
2276 - usr/bin/qemu-unicore32"
2277 -
2278 -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
2279 -you have the kernel module loaded before running kvm. The easiest way to
2280 -ensure that the kernel module is loaded is to load it on boot.\n
2281 -For AMD CPUs the module is called 'kvm-amd'.\n
2282 -For Intel CPUs the module is called 'kvm-intel'.\n
2283 -Please review /etc/conf.d/modules for how to load these.\n\n
2284 -Make sure your user is in the 'kvm' group\n
2285 -Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
2286 -For brand new installs, the default permissions on /dev/kvm might not let you
2287 -access it. You can tell udev to reset ownership/perms:\n
2288 -udevadm trigger -c add /dev/kvm"
2289 -
2290 -qemu_support_kvm() {
2291 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
2292 - use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
2293 - use qemu_softmmu_targets_s390x; then
2294 - return 0
2295 - fi
2296 -
2297 - return 1
2298 -}
2299 -
2300 -pkg_pretend() {
2301 - if use kernel_linux && kernel_is lt 2 6 25; then
2302 - eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
2303 - elif use kernel_linux; then
2304 - if ! linux_config_exists; then
2305 - eerror "Unable to check your kernel for KVM support"
2306 - else
2307 - CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
2308 - ERROR_KVM="You must enable KVM in your kernel to continue"
2309 - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
2310 - ERROR_KVM_AMD+=" your kernel configuration."
2311 - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
2312 - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
2313 - ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
2314 - ERROR_TUN+=" into your kernel or loaded as a module to use the"
2315 - ERROR_TUN+=" virtual network device if using -net tap."
2316 - ERROR_BRIDGE="You will also need support for 802.1d"
2317 - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
2318 - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
2319 - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
2320 - ERROR_VHOST_NET+=" support"
2321 -
2322 - if use amd64 || use x86 || use amd64-linux || use x86-linux; then
2323 - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
2324 - fi
2325 -
2326 - use python && CONFIG_CHECK+=" ~DEBUG_FS"
2327 - ERROR_DEBUG_FS="debugFS support required for kvm_stat"
2328 -
2329 - # Now do the actual checks setup above
2330 - check_extra_config
2331 - fi
2332 - fi
2333 -
2334 - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
2335 - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
2336 - eerror "instances are still pointing to it. Please update your"
2337 - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
2338 - eerror "and the right system binary (e.g. qemu-system-x86_64)."
2339 - die "update your virt configs to not use qemu-kvm"
2340 - fi
2341 -}
2342 -
2343 -pkg_setup() {
2344 - enewgroup kvm 78
2345 -}
2346 -
2347 -# Sanity check to make sure target lists are kept up-to-date.
2348 -check_targets() {
2349 - local var=$1 mak=$2
2350 - local detected sorted
2351 -
2352 - pushd "${S}"/default-configs >/dev/null || die
2353 -
2354 - # Force C locale until glibc is updated. #564936
2355 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
2356 - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
2357 - if [[ ${sorted} != "${detected}" ]] ; then
2358 - eerror "The ebuild needs to be kept in sync."
2359 - eerror "${var}: ${sorted}"
2360 - eerror "$(printf '%-*s' ${#var} configure): ${detected}"
2361 - die "sync ${var} to the list of targets"
2362 - fi
2363 -
2364 - popd >/dev/null
2365 -}
2366 -
2367 -handle_locales() {
2368 - # Make sure locale list is kept up-to-date.
2369 - local detected sorted
2370 - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
2371 - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
2372 - if [[ ${sorted} != "${detected}" ]] ; then
2373 - eerror "The ebuild needs to be kept in sync."
2374 - eerror "PLOCALES: ${sorted}"
2375 - eerror " po/*.po: ${detected}"
2376 - die "sync PLOCALES"
2377 - fi
2378 -
2379 - # Deal with selective install of locales.
2380 - if use nls ; then
2381 - # Delete locales the user does not want. #577814
2382 - rm_loc() { rm po/$1.po || die; }
2383 - l10n_for_each_disabled_locale_do rm_loc
2384 - else
2385 - # Cheap hack to disable gettext .mo generation.
2386 - rm -f po/*.po
2387 - fi
2388 -}
2389 -
2390 -src_prepare() {
2391 - check_targets IUSE_SOFTMMU_TARGETS softmmu
2392 - check_targets IUSE_USER_TARGETS linux-user
2393 -
2394 - # Alter target makefiles to accept CFLAGS set via flag-o
2395 - sed -i -r \
2396 - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
2397 - Makefile Makefile.target || die
2398 -
2399 - # Patching for musl
2400 - epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
2401 - epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
2402 - epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
2403 - epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
2404 -
2405 - epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
2406 - epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
2407 -
2408 - epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242
2409 - epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034
2410 - epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036
2411 - epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
2412 - epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
2413 - epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284
2414 - epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950
2415 - epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956
2416 - epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368
2417 - epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520
2418 - epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048
2419 - epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049
2420 - epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048
2421 - epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
2422 - epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
2423 - epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752
2424 - epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776
2425 - epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774
2426 - epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110
2427 - epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
2428 - epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
2429 - epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044
2430 - epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046
2431 - epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch # bug 598328
2432 - epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch # bug 598328
2433 - epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch # bug 598328
2434 - epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch # bug 598328
2435 - epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch # bug 598772
2436 -
2437 - # Fix ld and objcopy being called directly
2438 - tc-export AR LD OBJCOPY
2439 -
2440 - # Verbose builds
2441 - MAKEOPTS+=" V=1"
2442 -
2443 - epatch_user
2444 -
2445 - # Run after we've applied all patches.
2446 - handle_locales
2447 -}
2448 -
2449 -##
2450 -# configures qemu based on the build directory and the build type
2451 -# we are using.
2452 -#
2453 -qemu_src_configure() {
2454 - debug-print-function ${FUNCNAME} "$@"
2455 -
2456 - local buildtype=$1
2457 - local builddir="${S}/${buildtype}-build"
2458 - local static_flag="static-${buildtype}"
2459 -
2460 - mkdir "${builddir}"
2461 -
2462 - local conf_opts=(
2463 - --prefix=/usr
2464 - --sysconfdir=/etc
2465 - --libdir=/usr/$(get_libdir)
2466 - --docdir=/usr/share/doc/${PF}/html
2467 - --disable-bsd-user
2468 - --disable-guest-agent
2469 - --disable-strip
2470 - --disable-werror
2471 - # We support gnutls/nettle for crypto operations. It is possible
2472 - # to use gcrypt when gnutls/nettle are disabled (but not when they
2473 - # are enabled), but it's not really worth the hassle. Disable it
2474 - # all the time to avoid automatically detecting it. #568856
2475 - --disable-gcrypt
2476 - --python="${PYTHON}"
2477 - --cc="$(tc-getCC)"
2478 - --cxx="$(tc-getCXX)"
2479 - --host-cc="$(tc-getBUILD_CC)"
2480 - $(use_enable debug debug-info)
2481 - $(use_enable debug debug-tcg)
2482 - --enable-docs
2483 - $(use_enable tci tcg-interpreter)
2484 - $(use_enable xattr attr)
2485 - )
2486 -
2487 - # Disable options not used by user targets as the default configure
2488 - # options will autoprobe and try to link in a bunch of unused junk.
2489 - conf_softmmu() {
2490 - if [[ ${buildtype} == "user" ]] ; then
2491 - echo "--disable-${2:-$1}"
2492 - else
2493 - use_enable "$@"
2494 - fi
2495 - }
2496 - conf_opts+=(
2497 - $(conf_softmmu accessibility brlapi)
2498 - $(conf_softmmu aio linux-aio)
2499 - $(conf_softmmu bzip2)
2500 - $(conf_softmmu bluetooth bluez)
2501 - $(conf_softmmu caps cap-ng)
2502 - $(conf_softmmu curl)
2503 - $(conf_softmmu fdt)
2504 - $(conf_softmmu glusterfs)
2505 - $(conf_softmmu gnutls)
2506 - $(conf_softmmu gnutls nettle)
2507 - $(conf_softmmu gtk)
2508 - $(conf_softmmu infiniband rdma)
2509 - $(conf_softmmu iscsi libiscsi)
2510 - $(conf_softmmu jpeg vnc-jpeg)
2511 - $(conf_softmmu kernel_linux kvm)
2512 - $(conf_softmmu lzo)
2513 - $(conf_softmmu ncurses curses)
2514 - $(conf_softmmu nfs libnfs)
2515 - $(conf_softmmu numa)
2516 - $(conf_softmmu opengl)
2517 - $(conf_softmmu png vnc-png)
2518 - $(conf_softmmu rbd)
2519 - $(conf_softmmu sasl vnc-sasl)
2520 - $(conf_softmmu sdl)
2521 - $(conf_softmmu seccomp)
2522 - $(conf_softmmu smartcard)
2523 - $(conf_softmmu snappy)
2524 - $(conf_softmmu spice)
2525 - $(conf_softmmu ssh libssh2)
2526 - $(conf_softmmu usb libusb)
2527 - $(conf_softmmu usbredir usb-redir)
2528 - $(conf_softmmu uuid)
2529 - $(conf_softmmu vde)
2530 - $(conf_softmmu vhost-net)
2531 - $(conf_softmmu virgl virglrenderer)
2532 - $(conf_softmmu virtfs)
2533 - $(conf_softmmu vnc)
2534 - $(conf_softmmu vte)
2535 - $(conf_softmmu xen)
2536 - $(conf_softmmu xen xen-pci-passthrough)
2537 - $(conf_softmmu xfs xfsctl)
2538 - )
2539 -
2540 - case ${buildtype} in
2541 - user)
2542 - conf_opts+=(
2543 - --enable-linux-user
2544 - --disable-system
2545 - --disable-blobs
2546 - --disable-tools
2547 - )
2548 - ;;
2549 - softmmu)
2550 - # audio options
2551 - local audio_opts="oss"
2552 - use alsa && audio_opts="alsa,${audio_opts}"
2553 - use sdl && audio_opts="sdl,${audio_opts}"
2554 - use pulseaudio && audio_opts="pa,${audio_opts}"
2555 -
2556 - conf_opts+=(
2557 - --disable-linux-user
2558 - --enable-system
2559 - --with-system-pixman
2560 - --audio-drv-list="${audio_opts}"
2561 - )
2562 - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
2563 - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
2564 - ;;
2565 - tools)
2566 - conf_opts+=(
2567 - --disable-linux-user
2568 - --disable-system
2569 - --disable-blobs
2570 - $(use_enable bzip2)
2571 - )
2572 - static_flag="static"
2573 - ;;
2574 - esac
2575 -
2576 - local targets="${buildtype}_targets"
2577 - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
2578 -
2579 - # Add support for SystemTAP
2580 - use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
2581 -
2582 - # We always want to attempt to build with PIE support as it results
2583 - # in a more secure binary. But it doesn't work with static or if
2584 - # the current GCC doesn't have PIE support.
2585 - if use ${static_flag}; then
2586 - conf_opts+=( --static --disable-pie )
2587 - else
2588 - gcc-specs-pie && conf_opts+=( --enable-pie )
2589 - fi
2590 -
2591 - echo "../configure ${conf_opts[*]}"
2592 - cd "${builddir}"
2593 - ../configure "${conf_opts[@]}" || die "configure failed"
2594 -
2595 - # FreeBSD's kernel does not support QEMU assigning/grabbing
2596 - # host USB devices yet
2597 - use kernel_FreeBSD && \
2598 - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
2599 -}
2600 -
2601 -src_configure() {
2602 - local target
2603 -
2604 - python_setup
2605 -
2606 - softmmu_targets= softmmu_bins=()
2607 - user_targets= user_bins=()
2608 -
2609 - for target in ${IUSE_SOFTMMU_TARGETS} ; do
2610 - if use "qemu_softmmu_targets_${target}"; then
2611 - softmmu_targets+=",${target}-softmmu"
2612 - softmmu_bins+=( "qemu-system-${target}" )
2613 - fi
2614 - done
2615 -
2616 - for target in ${IUSE_USER_TARGETS} ; do
2617 - if use "qemu_user_targets_${target}"; then
2618 - user_targets+=",${target}-linux-user"
2619 - user_bins+=( "qemu-${target}" )
2620 - fi
2621 - done
2622 -
2623 - softmmu_targets=${softmmu_targets#,}
2624 - user_targets=${user_targets#,}
2625 -
2626 - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
2627 - [[ -n ${user_targets} ]] && qemu_src_configure "user"
2628 - [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
2629 -}
2630 -
2631 -src_compile() {
2632 - if [[ -n ${user_targets} ]]; then
2633 - cd "${S}/user-build"
2634 - default
2635 - fi
2636 -
2637 - if [[ -n ${softmmu_targets} ]]; then
2638 - cd "${S}/softmmu-build"
2639 - default
2640 - fi
2641 -
2642 - if [[ -z ${softmmu_targets}${user_targets} ]]; then
2643 - cd "${S}/tools-build"
2644 - default
2645 - fi
2646 -}
2647 -
2648 -src_test() {
2649 - if [[ -n ${softmmu_targets} ]]; then
2650 - cd "${S}/softmmu-build"
2651 - pax-mark m */qemu-system-* #515550
2652 - emake -j1 check
2653 - emake -j1 check-report.html
2654 - fi
2655 -}
2656 -
2657 -qemu_python_install() {
2658 - python_domodule "${S}/scripts/qmp/qmp.py"
2659 -
2660 - python_doscript "${S}/scripts/kvm/vmxcap"
2661 - python_doscript "${S}/scripts/qmp/qmp-shell"
2662 - python_doscript "${S}/scripts/qmp/qemu-ga-client"
2663 -}
2664 -
2665 -src_install() {
2666 - if [[ -n ${user_targets} ]]; then
2667 - cd "${S}/user-build"
2668 - emake DESTDIR="${ED}" install
2669 -
2670 - # Install binfmt handler init script for user targets
2671 - newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
2672 - fi
2673 -
2674 - if [[ -n ${softmmu_targets} ]]; then
2675 - cd "${S}/softmmu-build"
2676 - emake DESTDIR="${ED}" install
2677 -
2678 - # This might not exist if the test failed. #512010
2679 - [[ -e check-report.html ]] && dohtml check-report.html
2680 -
2681 - if use kernel_linux; then
2682 - udev_dorules "${FILESDIR}"/65-kvm.rules
2683 - fi
2684 -
2685 - if use python; then
2686 - python_foreach_impl qemu_python_install
2687 - fi
2688 - fi
2689 -
2690 - if [[ -z ${softmmu_targets}${user_targets} ]]; then
2691 - cd "${S}/tools-build"
2692 - emake DESTDIR="${ED}" install
2693 - fi
2694 -
2695 - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
2696 - pushd "${ED}"/usr/bin >/dev/null
2697 - pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
2698 - popd >/dev/null
2699 -
2700 - # Install config file example for qemu-bridge-helper
2701 - insinto "/etc/qemu"
2702 - doins "${FILESDIR}/bridge.conf"
2703 -
2704 - # Remove the docdir placed qmp-commands.txt
2705 - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
2706 -
2707 - cd "${S}"
2708 - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
2709 - newdoc pc-bios/README README.pc-bios
2710 - dodoc docs/qmp-*.txt
2711 -
2712 - if [[ -n ${softmmu_targets} ]]; then
2713 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
2714 - rm "${ED}/usr/share/qemu/bios.bin"
2715 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2716 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
2717 - fi
2718 -
2719 - # Remove vgabios since we're using the vgabios packaged one
2720 - rm "${ED}/usr/share/qemu/vgabios.bin"
2721 - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
2722 - rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
2723 - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
2724 - rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
2725 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2726 - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
2727 - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
2728 - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
2729 - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
2730 - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
2731 - fi
2732 -
2733 - # Remove sgabios since we're using the sgabios packaged one
2734 - rm "${ED}/usr/share/qemu/sgabios.bin"
2735 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2736 - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
2737 - fi
2738 -
2739 - # Remove iPXE since we're using the iPXE packaged one
2740 - rm "${ED}"/usr/share/qemu/pxe-*.rom
2741 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2742 - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
2743 - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
2744 - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
2745 - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
2746 - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
2747 - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
2748 - fi
2749 - fi
2750 -
2751 - qemu_support_kvm && readme.gentoo_create_doc
2752 -}
2753 -
2754 -pkg_postinst() {
2755 - if qemu_support_kvm; then
2756 - readme.gentoo_print_elog
2757 - fi
2758 -
2759 - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
2760 - udev_reload
2761 - fi
2762 -
2763 - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
2764 -}
2765 -
2766 -pkg_info() {
2767 - echo "Using:"
2768 - echo " $(best_version app-emulation/spice-protocol)"
2769 - echo " $(best_version sys-firmware/ipxe)"
2770 - echo " $(best_version sys-firmware/seabios)"
2771 - if has_version 'sys-firmware/seabios[binary]'; then
2772 - echo " USE=binary"
2773 - else
2774 - echo " USE=''"
2775 - fi
2776 - echo " $(best_version sys-firmware/vgabios)"
2777 -}
2778
2779 diff --git a/app-emulation/qemu/qemu-2.7.1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
2780 similarity index 92%
2781 rename from app-emulation/qemu/qemu-2.7.1.ebuild
2782 rename to app-emulation/qemu/qemu-2.8.0-r1.ebuild
2783 index 49087c8..006c657 100644
2784 --- a/app-emulation/qemu/qemu-2.7.1.ebuild
2785 +++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
2786 @@ -1,4 +1,4 @@
2787 -# Copyright 1999-2016 Gentoo Foundation
2788 +# Copyright 1999-2017 Gentoo Foundation
2789 # Distributed under the terms of the GNU General Public License v2
2790
2791 EAPI="5"
2792 @@ -30,13 +30,13 @@ gnutls gtk gtk2 infiniband iscsi +jpeg \
2793 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
2794 +png pulseaudio python \
2795 rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
2796 -static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
2797 +static-user systemtap tci test +threads usb usbredir vde +vhost-net \
2798 virgl virtfs +vnc vte xattr xen xfs"
2799
2800 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
2801 -mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
2802 +mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
2803 x86_64"
2804 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
2805 +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
2806 IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
2807
2808 use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
2809 @@ -107,7 +107,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
2810 virtual/opengl
2811 media-libs/libepoxy[static-libs(+)]
2812 media-libs/mesa[static-libs(+)]
2813 - media-libs/mesa[egl,gles2,gbm]
2814 + media-libs/mesa[egl,gbm]
2815 )
2816 png? ( media-libs/libpng:0=[static-libs(+)] )
2817 pulseaudio? ( media-sound/pulseaudio )
2818 @@ -133,7 +133,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
2819 ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
2820 usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
2821 usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
2822 - uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
2823 vde? ( net-misc/vde[static-libs(+)] )
2824 virgl? ( media-libs/virglrenderer[static-libs(+)] )
2825 virtfs? ( sys-libs/libcap )
2826 @@ -142,7 +141,7 @@ USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
2827 X86_FIRMWARE_DEPEND="
2828 >=sys-firmware/ipxe-1.0.0_p20130624
2829 pin-upstream-blobs? (
2830 - ~sys-firmware/seabios-1.8.2
2831 + ~sys-firmware/seabios-1.10.1
2832 ~sys-firmware/sgabios-0.1_pre8
2833 ~sys-firmware/vgabios-0.7a
2834 )
2835 @@ -332,35 +331,28 @@ src_prepare() {
2836 Makefile Makefile.target || die
2837
2838 # Patching for musl
2839 - epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
2840 + epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
2841 epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
2842 epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
2843 - epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
2844
2845 epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
2846 epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
2847 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-6836.patch #591242
2848 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7156.patch #593036
2849 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7170.patch #593284
2850 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7422.patch #593956
2851 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7466.patch #594520
2852 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7907.patch #596048
2853 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7908.patch #596049
2854 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7909.patch #596048
2855 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-1.patch #596738
2856 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-2.patch #596738
2857 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8576.patch #596752
2858 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8577.patch #596776
2859 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8578.patch #596774
2860 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8668.patch #597110
2861 epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
2862 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-2.patch #597108
2863 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8909.patch #598044
2864 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9102.patch #598328
2865 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9103.patch #598328
2866 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9104.patch #598328
2867 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9105.patch #598328
2868 - epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9106.patch #598772
2869 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
2870 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
2871 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
2872 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
2873 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch #608034
2874 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
2875 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
2876 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
2877 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
2878 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
2879 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch #607766
2880 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
2881 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
2882 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
2883 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch #608728
2884
2885 # Fix ld and objcopy being called directly
2886 tc-export AR LD OBJCOPY
2887 @@ -453,7 +445,6 @@ qemu_src_configure() {
2888 $(conf_softmmu ssh libssh2)
2889 $(conf_softmmu usb libusb)
2890 $(conf_softmmu usbredir usb-redir)
2891 - $(conf_softmmu uuid)
2892 $(conf_softmmu vde)
2893 $(conf_softmmu vhost-net)
2894 $(conf_softmmu virgl virglrenderer)
2895
2896 diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
2897 index 4020d7c..2922f9d 100644
2898 --- a/app-emulation/qemu/qemu-2.8.0.ebuild
2899 +++ b/app-emulation/qemu/qemu-2.8.0.ebuild
2900 @@ -1,4 +1,4 @@
2901 -# Copyright 1999-2016 Gentoo Foundation
2902 +# Copyright 1999-2017 Gentoo Foundation
2903 # Distributed under the terms of the GNU General Public License v2
2904
2905 EAPI="5"
2906 @@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
2907 SRC_URI=""
2908 else
2909 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
2910 - KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
2911 + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
2912 fi
2913
2914 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
2915 @@ -30,7 +30,7 @@ gnutls gtk gtk2 infiniband iscsi +jpeg \
2916 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
2917 +png pulseaudio python \
2918 rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
2919 -static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
2920 +static-user systemtap tci test +threads usb usbredir vde +vhost-net \
2921 virgl virtfs +vnc vte xattr xen xfs"
2922
2923 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
2924 @@ -107,7 +107,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
2925 virtual/opengl
2926 media-libs/libepoxy[static-libs(+)]
2927 media-libs/mesa[static-libs(+)]
2928 - media-libs/mesa[egl,gles2,gbm]
2929 + media-libs/mesa[egl,gbm]
2930 )
2931 png? ( media-libs/libpng:0=[static-libs(+)] )
2932 pulseaudio? ( media-sound/pulseaudio )
2933 @@ -133,7 +133,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
2934 ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
2935 usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
2936 usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
2937 - uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
2938 vde? ( net-misc/vde[static-libs(+)] )
2939 virgl? ( media-libs/virglrenderer[static-libs(+)] )
2940 virtfs? ( sys-libs/libcap )
2941 @@ -434,7 +433,6 @@ qemu_src_configure() {
2942 $(conf_softmmu ssh libssh2)
2943 $(conf_softmmu usb libusb)
2944 $(conf_softmmu usbredir usb-redir)
2945 - $(conf_softmmu uuid)
2946 $(conf_softmmu vde)
2947 $(conf_softmmu vhost-net)
2948 $(conf_softmmu virgl virglrenderer)
Report Message
Find on MARC Find on Google Groups