Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
Date: Sat, 30 Jan 2016 17:19:50
Message-Id: 1454174885.db375501bb3b42701ab7b00e15a76ec00779332b.blueness@gentoo
1 commit: db375501bb3b42701ab7b00e15a76ec00779332b
2 Author: Felix Janda <felix.janda <AT> posteo <DOT> de>
3 AuthorDate: Sat Jan 30 15:58:50 2016 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Jan 30 17:28:05 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=db375501
7
8 app-emulation/qemu: bump to 2.5.0
9
10 app-emulation/qemu/Manifest | 13 +-
11 .../qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch | 241 ------------------
12 .../qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch | 58 -----
13 .../qemu/files/qemu-2.3.0-CVE-2015-3456.patch | 86 -------
14 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch | 50 ++++
15 .../qemu/files/qemu-2.5.0-CVE-2015-8567.patch | 95 +++++++
16 .../qemu/files/qemu-2.5.0-CVE-2015-8701.patch | 49 ++++
17 .../qemu/files/qemu-2.5.0-CVE-2015-8743.patch | 50 ++++
18 .../qemu/files/qemu-2.5.0-CVE-2016-1568.patch | 41 +++
19 app-emulation/qemu/files/qemu-2.5.0-cflags.patch | 13 +
20 ...qemu-2.2.1-r99.ebuild => qemu-2.5.0-r99.ebuild} | 274 ++++++++++++---------
21 11 files changed, 469 insertions(+), 501 deletions(-)
22
23 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
24 index 2ecdb66..9fdb00d 100644
25 --- a/app-emulation/qemu/Manifest
26 +++ b/app-emulation/qemu/Manifest
27 @@ -4,11 +4,14 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053
28 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
29 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
30 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
31 -AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
32 -AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
33 -AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
34 +AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
35 +AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
36 +AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
37 +AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
38 +AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
39 +AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
40 AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c
41 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
42 -DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
43 -EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae
44 +DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
45 +EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 aeca48b0f3004f6d41077db6a763ef43c900cecf59d0f9d3ec6eb028846f0560 SHA512 31101660cd608272b6d6b24081ca095f3eb2fb2a33a2174fe62bf86fe006db6deb56590ae8a784fc69e3dd4f19c7a96035d38506f8a3d07e27397d710cf9e85c WHIRLPOOL 457f88c5e474183df7ae41a8d6c0ad49e76a6fdd69c59591c62f750c426e3998628f0770303536102d87509cfc2578813799e4052e09fb688460fa7bf424a2c4
46 MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8
47
48 diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
49 deleted file mode 100644
50 index 35ef8fd..0000000
51 --- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
52 +++ /dev/null
53 @@ -1,241 +0,0 @@
54 -From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
55 -From: "Daniel P. Berrange" <berrange@××××××.com>
56 -Date: Mon, 23 Mar 2015 22:58:21 +0000
57 -Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
58 -
59 -The logic for decoding websocket frames wants to fully
60 -decode the frame header and payload, before allowing the
61 -VNC server to see any of the payload data. There is no
62 -size limit on websocket payloads, so this allows a
63 -malicious network client to consume 2^64 bytes in memory
64 -in QEMU. It can trigger this denial of service before
65 -the VNC server even performs any authentication.
66 -
67 -The fix is to decode the header, and then incrementally
68 -decode the payload data as it is needed. With this fix
69 -the websocket decoder will allow at most 4k of data to
70 -be buffered before decoding and processing payload.
71 -
72 -Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
73 -
74 -[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
75 -
76 - @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
77 - - *payload_size = input->offset;
78 - + *payload_size = *payload_remain;
79 -
80 -[ kraxel: fix 32bit build ]
81 -
82 - @@ -306,7 +306,7 @@ struct VncState
83 - - uint64_t ws_payload_remain;
84 - + size_t ws_payload_remain;
85 -
86 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
87 ----
88 - ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
89 - ui/vnc-ws.h | 9 ++++--
90 - ui/vnc.h | 2 ++
91 - 3 files changed, 80 insertions(+), 36 deletions(-)
92 -
93 -diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
94 -index 85dbb7e..0b7de4e 100644
95 ---- a/ui/vnc-ws.c
96 -+++ b/ui/vnc-ws.c
97 -@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
98 - {
99 - int ret, err;
100 - uint8_t *payload;
101 -- size_t payload_size, frame_size;
102 -+ size_t payload_size, header_size;
103 - VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
104 - vs->ws_input.capacity, vs->ws_input.offset);
105 - buffer_reserve(&vs->ws_input, 4096);
106 -@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
107 - }
108 - vs->ws_input.offset += ret;
109 -
110 -- /* make sure that nothing is left in the ws_input buffer */
111 -+ ret = 0;
112 -+ /* consume as much of ws_input buffer as possible */
113 - do {
114 -- err = vncws_decode_frame(&vs->ws_input, &payload,
115 -- &payload_size, &frame_size);
116 -- if (err <= 0) {
117 -- return err;
118 -+ if (vs->ws_payload_remain == 0) {
119 -+ err = vncws_decode_frame_header(&vs->ws_input,
120 -+ &header_size,
121 -+ &vs->ws_payload_remain,
122 -+ &vs->ws_payload_mask);
123 -+ if (err <= 0) {
124 -+ return err;
125 -+ }
126 -+
127 -+ buffer_advance(&vs->ws_input, header_size);
128 - }
129 -+ if (vs->ws_payload_remain != 0) {
130 -+ err = vncws_decode_frame_payload(&vs->ws_input,
131 -+ &vs->ws_payload_remain,
132 -+ &vs->ws_payload_mask,
133 -+ &payload,
134 -+ &payload_size);
135 -+ if (err < 0) {
136 -+ return err;
137 -+ }
138 -+ if (err == 0) {
139 -+ return ret;
140 -+ }
141 -+ ret += err;
142 -
143 -- buffer_reserve(&vs->input, payload_size);
144 -- buffer_append(&vs->input, payload, payload_size);
145 -+ buffer_reserve(&vs->input, payload_size);
146 -+ buffer_append(&vs->input, payload, payload_size);
147 -
148 -- buffer_advance(&vs->ws_input, frame_size);
149 -+ buffer_advance(&vs->ws_input, payload_size);
150 -+ }
151 - } while (vs->ws_input.offset > 0);
152 -
153 - return ret;
154 -@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
155 - buffer_append(output, payload, payload_size);
156 - }
157 -
158 --int vncws_decode_frame(Buffer *input, uint8_t **payload,
159 -- size_t *payload_size, size_t *frame_size)
160 -+int vncws_decode_frame_header(Buffer *input,
161 -+ size_t *header_size,
162 -+ size_t *payload_remain,
163 -+ WsMask *payload_mask)
164 - {
165 - unsigned char opcode = 0, fin = 0, has_mask = 0;
166 -- size_t header_size = 0;
167 -- uint32_t *payload32;
168 -+ size_t payload_len;
169 - WsHeader *header = (WsHeader *)input->buffer;
170 -- WsMask mask;
171 -- int i;
172 -
173 - if (input->offset < WS_HEAD_MIN_LEN + 4) {
174 - /* header not complete */
175 -@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
176 - fin = (header->b0 & 0x80) >> 7;
177 - opcode = header->b0 & 0x0f;
178 - has_mask = (header->b1 & 0x80) >> 7;
179 -- *payload_size = header->b1 & 0x7f;
180 -+ payload_len = header->b1 & 0x7f;
181 -
182 - if (opcode == WS_OPCODE_CLOSE) {
183 - /* disconnect */
184 -@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
185 - return -2;
186 - }
187 -
188 -- if (*payload_size < 126) {
189 -- header_size = 6;
190 -- mask = header->u.m;
191 -- } else if (*payload_size == 126 && input->offset >= 8) {
192 -- *payload_size = be16_to_cpu(header->u.s16.l16);
193 -- header_size = 8;
194 -- mask = header->u.s16.m16;
195 -- } else if (*payload_size == 127 && input->offset >= 14) {
196 -- *payload_size = be64_to_cpu(header->u.s64.l64);
197 -- header_size = 14;
198 -- mask = header->u.s64.m64;
199 -+ if (payload_len < 126) {
200 -+ *payload_remain = payload_len;
201 -+ *header_size = 6;
202 -+ *payload_mask = header->u.m;
203 -+ } else if (payload_len == 126 && input->offset >= 8) {
204 -+ *payload_remain = be16_to_cpu(header->u.s16.l16);
205 -+ *header_size = 8;
206 -+ *payload_mask = header->u.s16.m16;
207 -+ } else if (payload_len == 127 && input->offset >= 14) {
208 -+ *payload_remain = be64_to_cpu(header->u.s64.l64);
209 -+ *header_size = 14;
210 -+ *payload_mask = header->u.s64.m64;
211 - } else {
212 - /* header not complete */
213 - return 0;
214 - }
215 -
216 -- *frame_size = header_size + *payload_size;
217 -+ return 1;
218 -+}
219 -+
220 -+int vncws_decode_frame_payload(Buffer *input,
221 -+ size_t *payload_remain, WsMask *payload_mask,
222 -+ uint8_t **payload, size_t *payload_size)
223 -+{
224 -+ size_t i;
225 -+ uint32_t *payload32;
226 -
227 -- if (input->offset < *frame_size) {
228 -- /* frame not complete */
229 -+ *payload = input->buffer;
230 -+ /* If we aren't at the end of the payload, then drop
231 -+ * off the last bytes, so we're always multiple of 4
232 -+ * for purpose of unmasking, except at end of payload
233 -+ */
234 -+ if (input->offset < *payload_remain) {
235 -+ *payload_size = input->offset - (input->offset % 4);
236 -+ } else {
237 -+ *payload_size = *payload_remain;
238 -+ }
239 -+ if (*payload_size == 0) {
240 - return 0;
241 - }
242 --
243 -- *payload = input->buffer + header_size;
244 -+ *payload_remain -= *payload_size;
245 -
246 - /* unmask frame */
247 - /* process 1 frame (32 bit op) */
248 - payload32 = (uint32_t *)(*payload);
249 - for (i = 0; i < *payload_size / 4; i++) {
250 -- payload32[i] ^= mask.u;
251 -+ payload32[i] ^= payload_mask->u;
252 - }
253 - /* process the remaining bytes (if any) */
254 - for (i *= 4; i < *payload_size; i++) {
255 -- (*payload)[i] ^= mask.c[i % 4];
256 -+ (*payload)[i] ^= payload_mask->c[i % 4];
257 - }
258 -
259 - return 1;
260 -diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
261 -index ef229b7..14d4230 100644
262 ---- a/ui/vnc-ws.h
263 -+++ b/ui/vnc-ws.h
264 -@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
265 - void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
266 - void vncws_encode_frame(Buffer *output, const void *payload,
267 - const size_t payload_size);
268 --int vncws_decode_frame(Buffer *input, uint8_t **payload,
269 -- size_t *payload_size, size_t *frame_size);
270 -+int vncws_decode_frame_header(Buffer *input,
271 -+ size_t *header_size,
272 -+ size_t *payload_remain,
273 -+ WsMask *payload_mask);
274 -+int vncws_decode_frame_payload(Buffer *input,
275 -+ size_t *payload_remain, WsMask *payload_mask,
276 -+ uint8_t **payload, size_t *payload_size);
277 -
278 - #endif /* __QEMU_UI_VNC_WS_H */
279 -diff --git a/ui/vnc.h b/ui/vnc.h
280 -index e19ac39..3f7c6a9 100644
281 ---- a/ui/vnc.h
282 -+++ b/ui/vnc.h
283 -@@ -306,6 +306,8 @@ struct VncState
284 - #ifdef CONFIG_VNC_WS
285 - Buffer ws_input;
286 - Buffer ws_output;
287 -+ size_t ws_payload_remain;
288 -+ WsMask ws_payload_mask;
289 - #endif
290 - /* current output mode information */
291 - VncWritePixels *write_pixels;
292 ---
293 -2.3.5
294 -
295
296 diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
297 deleted file mode 100644
298 index c7a8c8b..0000000
299 --- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
300 +++ /dev/null
301 @@ -1,58 +0,0 @@
302 -From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
303 -From: "Daniel P. Berrange" <berrange@××××××.com>
304 -Date: Mon, 23 Mar 2015 22:58:22 +0000
305 -Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
306 - clients
307 -
308 -The VNC server websockets decoder will read and buffer data from
309 -websockets clients until it sees the end of the HTTP headers,
310 -as indicated by \r\n\r\n. In theory this allows a malicious to
311 -trick QEMU into consuming an arbitrary amount of RAM. In practice,
312 -because QEMU runs g_strstr_len() across the buffered header data,
313 -it will spend increasingly long burning CPU time searching for
314 -the substring match and less & less time reading data. So while
315 -this does cause arbitrary memory growth, the bigger problem is
316 -that QEMU will be burning 100% of available CPU time.
317 -
318 -A novnc websockets client typically sends headers of around
319 -512 bytes in length. As such it is reasonable to place a 4096
320 -byte limit on the amount of data buffered while searching for
321 -the end of HTTP headers.
322 -
323 -Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
324 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
325 ----
326 - ui/vnc-ws.c | 10 ++++++++--
327 - 1 file changed, 8 insertions(+), 2 deletions(-)
328 -
329 -diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
330 -index 0b7de4e..62eb97f 100644
331 ---- a/ui/vnc-ws.c
332 -+++ b/ui/vnc-ws.c
333 -@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
334 - VncState *vs = opaque;
335 - uint8_t *handshake_end;
336 - long ret;
337 -- buffer_reserve(&vs->ws_input, 4096);
338 -- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
339 -+ /* Typical HTTP headers from novnc are 512 bytes, so limiting
340 -+ * total header size to 4096 is easily enough. */
341 -+ size_t want = 4096 - vs->ws_input.offset;
342 -+ buffer_reserve(&vs->ws_input, want);
343 -+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
344 -
345 - if (!ret) {
346 - if (vs->csock == -1) {
347 -@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
348 - vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
349 - buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
350 - strlen(WS_HANDSHAKE_END));
351 -+ } else if (vs->ws_input.offset >= 4096) {
352 -+ VNC_DEBUG("End of headers not found in first 4096 bytes\n");
353 -+ vnc_client_error(vs);
354 - }
355 - }
356 -
357 ---
358 -2.3.5
359 -
360
361 diff --git a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
362 deleted file mode 100644
363 index 87697d0..0000000
364 --- a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
365 +++ /dev/null
366 @@ -1,86 +0,0 @@
367 -https://bugs.gentoo.org/549404
368 -
369 -From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
370 -From: Petr Matousek <pmatouse@××××××.com>
371 -Date: Wed, 6 May 2015 09:48:59 +0200
372 -Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
373 -
374 -During processing of certain commands such as FD_CMD_READ_ID and
375 -FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
376 -get out of bounds leading to memory corruption with values coming
377 -from the guest.
378 -
379 -Fix this by making sure that the index is always bounded by the
380 -allocated memory.
381 -
382 -This is CVE-2015-3456.
383 -
384 -Signed-off-by: Petr Matousek <pmatouse@××××××.com>
385 -Reviewed-by: John Snow <jsnow@××××××.com>
386 -Signed-off-by: John Snow <jsnow@××××××.com>
387 ----
388 - hw/block/fdc.c | 17 +++++++++++------
389 - 1 files changed, 11 insertions(+), 6 deletions(-)
390 -
391 -diff --git a/hw/block/fdc.c b/hw/block/fdc.c
392 -index f72a392..d8a8edd 100644
393 ---- a/hw/block/fdc.c
394 -+++ b/hw/block/fdc.c
395 -@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
396 - {
397 - FDrive *cur_drv;
398 - uint32_t retval = 0;
399 -- int pos;
400 -+ uint32_t pos;
401 -
402 - cur_drv = get_cur_drv(fdctrl);
403 - fdctrl->dsr &= ~FD_DSR_PWRDOWN;
404 -@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
405 - return 0;
406 - }
407 - pos = fdctrl->data_pos;
408 -+ pos %= FD_SECTOR_LEN;
409 - if (fdctrl->msr & FD_MSR_NONDMA) {
410 -- pos %= FD_SECTOR_LEN;
411 - if (pos == 0) {
412 - if (fdctrl->data_pos != 0)
413 - if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
414 -@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
415 - static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
416 - {
417 - FDrive *cur_drv = get_cur_drv(fdctrl);
418 -+ uint32_t pos;
419 -
420 -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
421 -+ pos = fdctrl->data_pos - 1;
422 -+ pos %= FD_SECTOR_LEN;
423 -+ if (fdctrl->fifo[pos] & 0x80) {
424 - /* Command parameters done */
425 -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
426 -+ if (fdctrl->fifo[pos] & 0x40) {
427 - fdctrl->fifo[0] = fdctrl->fifo[1];
428 - fdctrl->fifo[2] = 0;
429 - fdctrl->fifo[3] = 0;
430 -@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
431 - static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
432 - {
433 - FDrive *cur_drv;
434 -- int pos;
435 -+ uint32_t pos;
436 -
437 - /* Reset mode */
438 - if (!(fdctrl->dor & FD_DOR_nRESET)) {
439 -@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
440 - }
441 -
442 - FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
443 -- fdctrl->fifo[fdctrl->data_pos++] = value;
444 -+ pos = fdctrl->data_pos++;
445 -+ pos %= FD_SECTOR_LEN;
446 -+ fdctrl->fifo[pos] = value;
447 - if (fdctrl->data_pos == fdctrl->data_len) {
448 - /* We now have all parameters
449 - * and will be able to treat the command
450 ---
451 -1.7.0.4
452 -
453
454 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
455 new file mode 100644
456 index 0000000..fbc6a0a
457 --- /dev/null
458 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
459 @@ -0,0 +1,50 @@
460 +https://bugs.gentoo.org/568246
461 +
462 +From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
463 +From: Gerd Hoffmann <kraxel@××××××.com>
464 +Date: Mon, 14 Dec 2015 09:21:23 +0100
465 +Subject: [PATCH] ehci: make idt processing more robust
466 +
467 +Make ehci_process_itd return an error in case we didn't do any actual
468 +iso transfer because we've found no active transaction. That'll avoid
469 +ehci happily run in circles forever if the guest builds a loop out of
470 +idts.
471 +
472 +This is CVE-2015-8558.
473 +
474 +Cc: qemu-stable@××××××.org
475 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
476 +Tested-by: P J P <ppandit@××××××.com>
477 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
478 +---
479 + hw/usb/hcd-ehci.c | 5 +++--
480 + 1 file changed, 3 insertions(+), 2 deletions(-)
481 +
482 +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
483 +index 4e2161b..d07f228 100644
484 +--- a/hw/usb/hcd-ehci.c
485 ++++ b/hw/usb/hcd-ehci.c
486 +@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
487 + {
488 + USBDevice *dev;
489 + USBEndpoint *ep;
490 +- uint32_t i, len, pid, dir, devaddr, endp;
491 ++ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
492 + uint32_t pg, off, ptr1, ptr2, max, mult;
493 +
494 + ehci->periodic_sched_active = PERIODIC_ACTIVE;
495 +@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
496 + ehci_raise_irq(ehci, USBSTS_INT);
497 + }
498 + itd->transact[i] &= ~ITD_XACT_ACTIVE;
499 ++ xfers++;
500 + }
501 + }
502 +- return 0;
503 ++ return xfers ? 0 : -1;
504 + }
505 +
506 +
507 +--
508 +2.6.2
509 +
510
511 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
512 new file mode 100644
513 index 0000000..e196043
514 --- /dev/null
515 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
516 @@ -0,0 +1,95 @@
517 +https://bugs.gentoo.org/567868
518 +
519 +From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
520 +From: P J P <ppandit@××××××.com>
521 +Date: Tue, 15 Dec 2015 12:27:54 +0530
522 +Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
523 +
524 +Vmxnet3 device emulator does not check if the device is active
525 +before activating it, also it did not free the transmit & receive
526 +buffers while deactivating the device, thus resulting in memory
527 +leakage on the host. This patch fixes both these issues to avoid
528 +host memory leakage.
529 +
530 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
531 +Reviewed-by: Dmitry Fleytman <dmitry@××××××.com>
532 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
533 +Cc: qemu-stable@××××××.org
534 +Signed-off-by: Jason Wang <jasowang@××××××.com>
535 +---
536 + hw/net/vmxnet3.c | 24 ++++++++++++++++--------
537 + 1 file changed, 16 insertions(+), 8 deletions(-)
538 +
539 +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
540 +index a5dd79a..9c1adfc 100644
541 +--- a/hw/net/vmxnet3.c
542 ++++ b/hw/net/vmxnet3.c
543 +@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
544 +
545 + static void vmxnet3_deactivate_device(VMXNET3State *s)
546 + {
547 +- VMW_CBPRN("Deactivating vmxnet3...");
548 +- s->device_active = false;
549 ++ if (s->device_active) {
550 ++ VMW_CBPRN("Deactivating vmxnet3...");
551 ++ vmxnet_tx_pkt_reset(s->tx_pkt);
552 ++ vmxnet_tx_pkt_uninit(s->tx_pkt);
553 ++ vmxnet_rx_pkt_uninit(s->rx_pkt);
554 ++ s->device_active = false;
555 ++ }
556 + }
557 +
558 + static void vmxnet3_reset(VMXNET3State *s)
559 +@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
560 +
561 + vmxnet3_deactivate_device(s);
562 + vmxnet3_reset_interrupt_states(s);
563 +- vmxnet_tx_pkt_reset(s->tx_pkt);
564 + s->drv_shmem = 0;
565 + s->tx_sop = true;
566 + s->skip_current_tx_pkt = false;
567 +@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
568 + return;
569 + }
570 +
571 ++ /* Verify if device is active */
572 ++ if (s->device_active) {
573 ++ VMW_CFPRN("Vmxnet3 device is active");
574 ++ return;
575 ++ }
576 ++
577 + vmxnet3_adjust_by_guest_type(s);
578 + vmxnet3_update_features(s);
579 + vmxnet3_update_pm_state(s);
580 +@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
581 + break;
582 +
583 + case VMXNET3_CMD_QUIESCE_DEV:
584 +- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
585 ++ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
586 + vmxnet3_deactivate_device(s);
587 + break;
588 +
589 +@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
590 + * shared address only after we get the high part
591 + */
592 + if (val == 0) {
593 +- s->device_active = false;
594 ++ vmxnet3_deactivate_device(s);
595 + }
596 + s->temp_shared_guest_driver_memory = val;
597 + s->drv_shmem = 0;
598 +@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
599 + static void vmxnet3_net_uninit(VMXNET3State *s)
600 + {
601 + g_free(s->mcast_list);
602 +- vmxnet_tx_pkt_reset(s->tx_pkt);
603 +- vmxnet_tx_pkt_uninit(s->tx_pkt);
604 +- vmxnet_rx_pkt_uninit(s->rx_pkt);
605 ++ vmxnet3_deactivate_device(s);
606 + qemu_del_nic(s->nic);
607 + }
608 +
609 +--
610 +2.6.2
611 +
612
613 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
614 new file mode 100644
615 index 0000000..0dab1c3
616 --- /dev/null
617 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
618 @@ -0,0 +1,49 @@
619 +https://bugs.gentoo.org/570110
620 +
621 +From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
622 +From: Prasad J Pandit <pjp@×××××××××××××.org>
623 +Date: Mon, 28 Dec 2015 16:24:08 +0530
624 +Subject: [PATCH] net: rocker: fix an incorrect array bounds check
625 +
626 +While processing transmit(tx) descriptors in 'tx_consume' routine
627 +the switch emulator suffers from an off-by-one error, if a
628 +descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
629 +fragments. Fix an incorrect bounds check to avoid it.
630 +
631 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
632 +Cc: qemu-stable@××××××.org
633 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
634 +Signed-off-by: Jason Wang <jasowang@××××××.com>
635 +---
636 + hw/net/rocker/rocker.c | 8 ++++----
637 + 1 file changed, 4 insertions(+), 4 deletions(-)
638 +
639 +diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
640 +index c57f1a6..2e77e50 100644
641 +--- a/hw/net/rocker/rocker.c
642 ++++ b/hw/net/rocker/rocker.c
643 +@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
644 + frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
645 + frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
646 +
647 ++ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
648 ++ goto err_too_many_frags;
649 ++ }
650 + iov[iovcnt].iov_len = frag_len;
651 + iov[iovcnt].iov_base = g_malloc(frag_len);
652 + if (!iov[iovcnt].iov_base) {
653 +@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
654 + err = -ROCKER_ENXIO;
655 + goto err_bad_io;
656 + }
657 +-
658 +- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
659 +- goto err_too_many_frags;
660 +- }
661 ++ iovcnt++;
662 + }
663 +
664 + if (iovcnt) {
665 +--
666 +2.6.2
667 +
668
669 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
670 new file mode 100644
671 index 0000000..b2bca56
672 --- /dev/null
673 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
674 @@ -0,0 +1,50 @@
675 +https://bugs.gentoo.org/570988
676 +
677 +From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
678 +From: Prasad J Pandit <pjp@×××××××××××××.org>
679 +Date: Thu, 31 Dec 2015 17:05:27 +0530
680 +Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
681 +
682 +While doing ioport r/w operations, ne2000 device emulation suffers
683 +from OOB r/w errors. Update respective array bounds check to avoid
684 +OOB access.
685 +
686 +Reported-by: Ling Liu <liuling-it@×××.cn>
687 +Cc: qemu-stable@××××××.org
688 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
689 +Signed-off-by: Jason Wang <jasowang@××××××.com>
690 +---
691 + hw/net/ne2000.c | 10 ++++++----
692 + 1 file changed, 6 insertions(+), 4 deletions(-)
693 +
694 +diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
695 +index 010f9ef..a3dffff 100644
696 +--- a/hw/net/ne2000.c
697 ++++ b/hw/net/ne2000.c
698 +@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
699 + uint32_t val)
700 + {
701 + addr &= ~1; /* XXX: check exact behaviour if not even */
702 +- if (addr < 32 ||
703 +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
704 ++ if (addr < 32
705 ++ || (addr >= NE2000_PMEM_START
706 ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
707 + stl_le_p(s->mem + addr, val);
708 + }
709 + }
710 +@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
711 + static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
712 + {
713 + addr &= ~1; /* XXX: check exact behaviour if not even */
714 +- if (addr < 32 ||
715 +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
716 ++ if (addr < 32
717 ++ || (addr >= NE2000_PMEM_START
718 ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
719 + return ldl_le_p(s->mem + addr);
720 + } else {
721 + return 0xffffffff;
722 +--
723 +2.6.2
724 +
725
726 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
727 new file mode 100644
728 index 0000000..4ce9a35
729 --- /dev/null
730 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
731 @@ -0,0 +1,41 @@
732 +https://bugs.gentoo.org/571566
733 +
734 +From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
735 +From: Prasad J Pandit <pjp@×××××××××××××.org>
736 +Date: Mon, 11 Jan 2016 14:10:42 -0500
737 +Subject: [PATCH] ide: ahci: reset ncq object to unused on error
738 +
739 +When processing NCQ commands, AHCI device emulation prepares a
740 +NCQ transfer object; To which an aio control block(aiocb) object
741 +is assigned in 'execute_ncq_command'. In case, when the NCQ
742 +command is invalid, the 'aiocb' object is not assigned, and NCQ
743 +transfer object is left as 'used'. This leads to a use after
744 +free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
745 +Reset NCQ transfer object to 'unused' to avoid it.
746 +
747 +[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
748 +
749 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
750 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
751 +Reviewed-by: John Snow <jsnow@××××××.com>
752 +Message-id: 1452282511-4116-1-git-send-email-ppandit@××××××.com
753 +Signed-off-by: John Snow <jsnow@××××××.com>
754 +---
755 + hw/ide/ahci.c | 1 +
756 + 1 file changed, 1 insertion(+)
757 +
758 +diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
759 +index dd1912e..17f1cbd 100644
760 +--- a/hw/ide/ahci.c
761 ++++ b/hw/ide/ahci.c
762 +@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
763 + ide_state->error = ABRT_ERR;
764 + ide_state->status = READY_STAT | ERR_STAT;
765 + ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
766 ++ ncq_tfs->used = 0;
767 + }
768 +
769 + static void ncq_finish(NCQTransferState *ncq_tfs)
770 +--
771 +2.6.2
772 +
773
774 diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
775 new file mode 100644
776 index 0000000..173394f
777 --- /dev/null
778 +++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
779 @@ -0,0 +1,13 @@
780 +--- a/configure
781 ++++ b/configure
782 +@@ -4468,10 +4468,6 @@ fi
783 + if test "$gcov" = "yes" ; then
784 + CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
785 + LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
786 +-elif test "$fortify_source" = "yes" ; then
787 +- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
788 +-elif test "$debug" = "no"; then
789 +- CFLAGS="-O2 $CFLAGS"
790 + fi
791 +
792 + ##########################################
793
794 diff --git a/app-emulation/qemu/qemu-2.2.1-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
795 similarity index 73%
796 rename from app-emulation/qemu/qemu-2.2.1-r99.ebuild
797 rename to app-emulation/qemu/qemu-2.5.0-r99.ebuild
798 index 5b8baf1..2fe26b3 100644
799 --- a/app-emulation/qemu/qemu-2.2.1-r99.ebuild
800 +++ b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
801 @@ -1,6 +1,6 @@
802 # Copyright 1999-2015 Gentoo Foundation
803 # Distributed under the terms of the GNU General Public License v2
804 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1-r2.ebuild,v 1.3 2015/05/14 07:09:58 ago Exp $
805 +# $Id$
806
807 EAPI=5
808
809 @@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then
810 EGIT_REPO_URI="git://git.qemu.org/qemu.git"
811 inherit git-2
812 SRC_URI=""
813 - KEYWORDS=""
814 else
815 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
816 ${BACKPORTS:+
817 - http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
818 - KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
819 + https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
820 + KEYWORDS="amd64 ~ppc x86"
821 fi
822
823 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
824 @@ -30,76 +29,119 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
825 LICENSE="GPL-2 LGPL-2 BSD-2"
826 SLOT="0"
827 IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
828 -gtk infiniband iscsi +jpeg \
829 +gnutls gtk gtk2 infiniband iscsi +jpeg \
830 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
831 +png pulseaudio python \
832 -rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
833 -static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
834 -virtfs +vnc xattr xen xfs"
835 +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
836 +static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
837 +virgl virtfs +vnc vte xattr xen xfs"
838
839 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
840 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
841 x86_64"
842 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
843 -IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
844 +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
845 +IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
846
847 -use_targets="
848 - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
849 - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
850 -"
851 -IUSE+=" ${use_targets}"
852 +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
853 +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
854 +IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
855
856 -# Require at least one softmmu or user target.
857 +# Allow no targets to be built so that people can get a tools-only build.
858 # Block USE flag configurations known to not work.
859 -REQUIRED_USE="|| ( ${use_targets} )
860 - ${PYTHON_REQUIRED_USE}
861 +REQUIRED_USE="${PYTHON_REQUIRED_USE}
862 + gtk2? ( gtk )
863 qemu_softmmu_targets_arm? ( fdt )
864 qemu_softmmu_targets_microblaze? ( fdt )
865 qemu_softmmu_targets_ppc? ( fdt )
866 qemu_softmmu_targets_ppc64? ( fdt )
867 + sdl2? ( sdl )
868 static? ( static-softmmu static-user )
869 - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
870 - virtfs? ( xattr )"
871 + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
872 + virtfs? ( xattr )
873 + vte? ( gtk )"
874
875 # Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
876 #
877 # The attr lib isn't always linked in (although the USE flag is always
878 # respected). This is because qemu supports using the C library's API
879 # when available rather than always using the extranl library.
880 +#
881 +# Older versions of gnutls are supported, but it's simpler to just require
882 +# the latest versions. This is also why we require nettle.
883 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
884 sys-libs/zlib[static-libs(+)]
885 xattr? ( sys-apps/attr[static-libs(+)] )"
886 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
887 >=x11-libs/pixman-0.28.0[static-libs(+)]
888 + accessibility? ( app-accessibility/brltty[static-libs(+)] )
889 aio? ( dev-libs/libaio[static-libs(+)] )
890 + alsa? ( >=media-libs/alsa-lib-1.0.13 )
891 + bluetooth? ( net-wireless/bluez )
892 caps? ( sys-libs/libcap-ng[static-libs(+)] )
893 curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
894 fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
895 glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
896 + gnutls? (
897 + dev-libs/nettle[static-libs(+)]
898 + >=net-libs/gnutls-3.0[static-libs(+)]
899 + )
900 + gtk? (
901 + gtk2? (
902 + x11-libs/gtk+:2
903 + vte? ( x11-libs/vte:0 )
904 + )
905 + !gtk2? (
906 + x11-libs/gtk+:3
907 + vte? ( x11-libs/vte:2.90 )
908 + )
909 + )
910 infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
911 + iscsi? ( net-libs/libiscsi )
912 jpeg? ( virtual/jpeg:=[static-libs(+)] )
913 lzo? ( dev-libs/lzo:2[static-libs(+)] )
914 - ncurses? ( sys-libs/ncurses[static-libs(+)] )
915 + ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
916 nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
917 numa? ( sys-process/numactl[static-libs(+)] )
918 + opengl? (
919 + virtual/opengl
920 + media-libs/libepoxy[static-libs(+)]
921 + media-libs/mesa[static-libs(+)]
922 + media-libs/mesa[egl,gles2]
923 + )
924 png? ( media-libs/libpng:0=[static-libs(+)] )
925 + pulseaudio? ( media-sound/pulseaudio )
926 rbd? ( sys-cluster/ceph[static-libs(+)] )
927 sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
928 - sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
929 + sdl? (
930 + !sdl2? (
931 + media-libs/libsdl[X]
932 + >=media-libs/libsdl-1.2.11[static-libs(+)]
933 + )
934 + sdl2? (
935 + media-libs/libsdl2[X]
936 + media-libs/libsdl2[static-libs(+)]
937 + )
938 + )
939 seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
940 + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
941 snappy? ( app-arch/snappy[static-libs(+)] )
942 - spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
943 + spice? (
944 + >=app-emulation/spice-protocol-0.12.3
945 + >=app-emulation/spice-0.12.0[static-libs(+)]
946 + )
947 ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
948 - tls? ( net-libs/gnutls[static-libs(+)] )
949 - usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
950 + usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
951 + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
952 uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
953 vde? ( net-misc/vde[static-libs(+)] )
954 + virgl? ( media-libs/virglrenderer[static-libs(+)] )
955 + virtfs? ( sys-libs/libcap )
956 xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
957 USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
958 X86_FIRMWARE_DEPEND="
959 >=sys-firmware/ipxe-1.0.0_p20130624
960 pin-upstream-blobs? (
961 - ~sys-firmware/seabios-1.7.5
962 + ~sys-firmware/seabios-1.8.2
963 ~sys-firmware/sgabios-0.1_pre8
964 ~sys-firmware/vgabios-0.7a
965 )
966 @@ -108,28 +150,14 @@ X86_FIRMWARE_DEPEND="
967 sys-firmware/sgabios
968 sys-firmware/vgabios
969 )"
970 -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
971 - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
972 +CDEPEND="
973 + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
974 + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
975 qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
976 qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
977 - accessibility? ( app-accessibility/brltty )
978 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
979 - bluetooth? ( net-wireless/bluez )
980 - gtk? (
981 - x11-libs/gtk+:3
982 - x11-libs/vte:2.90
983 - )
984 - iscsi? ( net-libs/libiscsi )
985 - opengl? ( virtual/opengl )
986 - pulseaudio? ( media-sound/pulseaudio )
987 python? ( ${PYTHON_DEPS} )
988 - sdl? ( media-libs/libsdl[X] )
989 - smartcard? ( dev-libs/nss !app-emulation/libcacard )
990 - spice? ( >=app-emulation/spice-protocol-0.12.3 )
991 systemtap? ( dev-util/systemtap )
992 - usbredir? ( >=sys-apps/usbredir-0.6 )
993 - virtfs? ( sys-libs/libcap )
994 - xen? ( app-emulation/xen-tools )"
995 + xen? ( app-emulation/xen-tools:= )"
996 DEPEND="${CDEPEND}
997 dev-lang/perl
998 =dev-lang/python-2*
999 @@ -137,8 +165,8 @@ DEPEND="${CDEPEND}
1000 virtual/pkgconfig
1001 kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
1002 gtk? ( nls? ( sys-devel/gettext ) )
1003 - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
1004 - static-user? ( ${USER_LIB_DEPEND} )
1005 + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
1006 + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
1007 test? (
1008 dev-libs/glib[utils]
1009 sys-devel/bc
1010 @@ -245,10 +273,32 @@ pkg_pretend() {
1011
1012 pkg_setup() {
1013 enewgroup kvm 78
1014 - python_setup
1015 +}
1016 +
1017 +# Sanity check to make sure target lists are kept up-to-date.
1018 +check_targets() {
1019 + local var=$1 mak=$2
1020 + local detected sorted
1021 +
1022 + pushd "${S}"/default-configs >/dev/null || die
1023 +
1024 + # Force C locale until glibc is updated. #564936
1025 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
1026 + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
1027 + if [[ ${sorted} != "${detected}" ]] ; then
1028 + eerror "The ebuild needs to be kept in sync."
1029 + eerror "${var}: ${sorted}"
1030 + eerror "$(printf '%-*s' ${#var} configure): ${detected}"
1031 + die "sync ${var} to the list of targets"
1032 + fi
1033 +
1034 + popd >/dev/null
1035 }
1036
1037 src_prepare() {
1038 + check_targets IUSE_SOFTMMU_TARGETS softmmu
1039 + check_targets IUSE_USER_TARGETS linux-user
1040 +
1041 # Alter target makefiles to accept CFLAGS set via flag-o
1042 sed -i -r \
1043 -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
1044 @@ -257,20 +307,22 @@ src_prepare() {
1045 # Cheap hack to disable gettext .mo generation.
1046 use nls || rm -f po/*.po
1047
1048 - epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
1049 - epatch "${FILESDIR}"/${P}-CVE-2015-1779-1.patch #544328
1050 - epatch "${FILESDIR}"/${P}-CVE-2015-1779-2.patch #544328
1051 - epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3456.patch #549404
1052 -
1053 # Patching for musl
1054 epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
1055 epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
1056 epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
1057
1058 + epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
1059 [[ -n ${BACKPORTS} ]] && \
1060 EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
1061 epatch
1062
1063 + epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
1064 + epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
1065 + epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
1066 + epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
1067 + epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
1068 +
1069 # Fix ld and objcopy being called directly
1070 tc-export AR LD OBJCOPY
1071
1072 @@ -288,14 +340,10 @@ qemu_src_configure() {
1073 debug-print-function ${FUNCNAME} "$@"
1074
1075 local buildtype=$1
1076 - local builddir=$2
1077 + local builddir="${S}/${buildtype}-build"
1078 local static_flag="static-${buildtype}"
1079
1080 - # audio options
1081 - local audio_opts="oss"
1082 - use alsa && audio_opts="alsa,${audio_opts}"
1083 - use sdl && audio_opts="sdl,${audio_opts}"
1084 - use pulseaudio && audio_opts="pa,${audio_opts}"
1085 + mkdir "${builddir}"
1086
1087 local conf_opts=(
1088 --prefix=/usr
1089 @@ -306,6 +354,11 @@ qemu_src_configure() {
1090 --disable-guest-agent
1091 --disable-strip
1092 --disable-werror
1093 + # We support gnutls/nettle for crypto operations. It is possible
1094 + # to use gcrypt when gnutls/nettle are disabled (but not when they
1095 + # are enabled), but it's not really worth the hassle. Disable it
1096 + # all the time to avoid automatically detecting it. #568856
1097 + --disable-gcrypt
1098 --python="${PYTHON}"
1099 --cc="$(tc-getCC)"
1100 --cxx="$(tc-getCXX)"
1101 @@ -334,6 +387,8 @@ qemu_src_configure() {
1102 $(conf_softmmu curl)
1103 $(conf_softmmu fdt)
1104 $(conf_softmmu glusterfs)
1105 + $(conf_softmmu gnutls)
1106 + $(conf_softmmu gnutls nettle)
1107 $(conf_softmmu gtk)
1108 $(conf_softmmu infiniband rdma)
1109 $(conf_softmmu iscsi libiscsi)
1110 @@ -343,26 +398,25 @@ qemu_src_configure() {
1111 $(conf_softmmu ncurses curses)
1112 $(conf_softmmu nfs libnfs)
1113 $(conf_softmmu numa)
1114 - $(conf_softmmu opengl glx)
1115 + $(conf_softmmu opengl)
1116 $(conf_softmmu png vnc-png)
1117 $(conf_softmmu rbd)
1118 $(conf_softmmu sasl vnc-sasl)
1119 $(conf_softmmu sdl)
1120 $(conf_softmmu seccomp)
1121 - $(conf_softmmu smartcard smartcard-nss)
1122 + $(conf_softmmu smartcard)
1123 $(conf_softmmu snappy)
1124 $(conf_softmmu spice)
1125 $(conf_softmmu ssh libssh2)
1126 - $(conf_softmmu tls quorum)
1127 - $(conf_softmmu tls vnc-tls)
1128 - $(conf_softmmu tls vnc-ws)
1129 $(conf_softmmu usb libusb)
1130 $(conf_softmmu usbredir usb-redir)
1131 $(conf_softmmu uuid)
1132 $(conf_softmmu vde)
1133 $(conf_softmmu vhost-net)
1134 + $(conf_softmmu virgl virglrenderer)
1135 $(conf_softmmu virtfs)
1136 $(conf_softmmu vnc)
1137 + $(conf_softmmu vte)
1138 $(conf_softmmu xen)
1139 $(conf_softmmu xen xen-pci-passthrough)
1140 $(conf_softmmu xfs xfsctl)
1141 @@ -373,23 +427,39 @@ qemu_src_configure() {
1142 conf_opts+=(
1143 --enable-linux-user
1144 --disable-system
1145 - --target-list="${user_targets}"
1146 --disable-blobs
1147 --disable-tools
1148 )
1149 ;;
1150 softmmu)
1151 + # audio options
1152 + local audio_opts="oss"
1153 + use alsa && audio_opts="alsa,${audio_opts}"
1154 + use sdl && audio_opts="sdl,${audio_opts}"
1155 + use pulseaudio && audio_opts="pa,${audio_opts}"
1156 +
1157 conf_opts+=(
1158 --disable-linux-user
1159 --enable-system
1160 - --target-list="${softmmu_targets}"
1161 --with-system-pixman
1162 --audio-drv-list="${audio_opts}"
1163 )
1164 - use gtk && conf_opts+=( --with-gtkabi=3.0 )
1165 + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
1166 + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
1167 + ;;
1168 + tools)
1169 + conf_opts+=(
1170 + --disable-linux-user
1171 + --disable-system
1172 + --disable-blobs
1173 + )
1174 + static_flag="static"
1175 ;;
1176 esac
1177
1178 + local targets="${buildtype}_targets"
1179 + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
1180 +
1181 # Add support for SystemTAP
1182 use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
1183
1184 @@ -402,7 +472,7 @@ qemu_src_configure() {
1185 gcc-specs-pie && conf_opts+=( --enable-pie )
1186 fi
1187
1188 - einfo "../configure ${conf_opts[*]}"
1189 + echo "../configure ${conf_opts[*]}"
1190 cd "${builddir}"
1191 ../configure "${conf_opts[@]}" || die "configure failed"
1192
1193 @@ -415,7 +485,7 @@ qemu_src_configure() {
1194 src_configure() {
1195 local target
1196
1197 - python_export_best
1198 + python_setup
1199
1200 softmmu_targets= softmmu_bins=()
1201 user_targets= user_bins=()
1202 @@ -434,21 +504,12 @@ src_configure() {
1203 fi
1204 done
1205
1206 - [[ -n ${softmmu_targets} ]] && \
1207 - einfo "Building the following softmmu targets: ${softmmu_targets}"
1208 -
1209 - [[ -n ${user_targets} ]] && \
1210 - einfo "Building the following user targets: ${user_targets}"
1211 -
1212 - if [[ -n ${softmmu_targets} ]]; then
1213 - mkdir "${S}/softmmu-build"
1214 - qemu_src_configure "softmmu" "${S}/softmmu-build"
1215 - fi
1216 + softmmu_targets=${softmmu_targets#,}
1217 + user_targets=${user_targets#,}
1218
1219 - if [[ -n ${user_targets} ]]; then
1220 - mkdir "${S}/user-build"
1221 - qemu_src_configure "user" "${S}/user-build"
1222 - fi
1223 + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
1224 + [[ -n ${user_targets} ]] && qemu_src_configure "user"
1225 + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
1226 }
1227
1228 src_compile() {
1229 @@ -461,6 +522,11 @@ src_compile() {
1230 cd "${S}/softmmu-build"
1231 default
1232 fi
1233 +
1234 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1235 + cd "${S}/tools-build"
1236 + default
1237 + fi
1238 }
1239
1240 src_test() {
1241 @@ -506,6 +572,11 @@ src_install() {
1242 fi
1243 fi
1244
1245 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1246 + cd "${S}/tools-build"
1247 + emake DESTDIR="${ED}" install
1248 + fi
1249 +
1250 # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
1251 pushd "${ED}"/usr/bin >/dev/null
1252 pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
1253 @@ -516,21 +587,21 @@ src_install() {
1254 doins "${FILESDIR}/bridge.conf"
1255
1256 # Remove the docdir placed qmp-commands.txt
1257 - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
1258 + mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
1259
1260 cd "${S}"
1261 dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
1262 newdoc pc-bios/README README.pc-bios
1263 - dodoc docs/qmp/*.txt
1264 + dodoc docs/qmp-*.txt
1265
1266 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
1267 - rm "${ED}/usr/share/qemu/bios.bin"
1268 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1269 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1270 - fi
1271 -
1272 - # Remove vgabios since we're using the vgabios packaged one
1273 if [[ -n ${softmmu_targets} ]]; then
1274 + # Remove SeaBIOS since we're using the SeaBIOS packaged one
1275 + rm "${ED}/usr/share/qemu/bios.bin"
1276 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1277 + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1278 + fi
1279 +
1280 + # Remove vgabios since we're using the vgabios packaged one
1281 rm "${ED}/usr/share/qemu/vgabios.bin"
1282 rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
1283 rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
1284 @@ -568,21 +639,6 @@ src_install() {
1285 pkg_postinst() {
1286 if qemu_support_kvm; then
1287 readme.gentoo_print_elog
1288 - ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
1289 - ewarn "save states has been removed starting with the 1.6.2 release"
1290 - ewarn
1291 - ewarn "It is recommended that you migrate any VMs that may be running"
1292 - ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
1293 - ewarn "any saved states with a newer qemu."
1294 - ewarn
1295 - ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
1296 -
1297 - if use x86 || use amd64; then
1298 - ewarn
1299 - ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
1300 - ewarn "installed. In order to use kvm acceleration, pass the flag"
1301 - ewarn "-enable-kvm when running your system target."
1302 - fi
1303 fi
1304
1305 if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
1306 @@ -590,10 +646,6 @@ pkg_postinst() {
1307 fi
1308
1309 fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
1310 - if use virtfs && [ -n "${softmmu_targets}" ]; then
1311 - local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
1312 - fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
1313 - fi
1314 }
1315
1316 pkg_info() {
1317 @@ -601,7 +653,7 @@ pkg_info() {
1318 echo " $(best_version app-emulation/spice-protocol)"
1319 echo " $(best_version sys-firmware/ipxe)"
1320 echo " $(best_version sys-firmware/seabios)"
1321 - if has_version sys-firmware/seabios[binary]; then
1322 + if has_version 'sys-firmware/seabios[binary]'; then
1323 echo " USE=binary"
1324 else
1325 echo " USE=''"