1 |
commit: db375501bb3b42701ab7b00e15a76ec00779332b |
2 |
Author: Felix Janda <felix.janda <AT> posteo <DOT> de> |
3 |
AuthorDate: Sat Jan 30 15:58:50 2016 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jan 30 17:28:05 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=db375501 |
7 |
|
8 |
app-emulation/qemu: bump to 2.5.0 |
9 |
|
10 |
app-emulation/qemu/Manifest | 13 +- |
11 |
.../qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch | 241 ------------------ |
12 |
.../qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch | 58 ----- |
13 |
.../qemu/files/qemu-2.3.0-CVE-2015-3456.patch | 86 ------- |
14 |
.../qemu/files/qemu-2.5.0-CVE-2015-8558.patch | 50 ++++ |
15 |
.../qemu/files/qemu-2.5.0-CVE-2015-8567.patch | 95 +++++++ |
16 |
.../qemu/files/qemu-2.5.0-CVE-2015-8701.patch | 49 ++++ |
17 |
.../qemu/files/qemu-2.5.0-CVE-2015-8743.patch | 50 ++++ |
18 |
.../qemu/files/qemu-2.5.0-CVE-2016-1568.patch | 41 +++ |
19 |
app-emulation/qemu/files/qemu-2.5.0-cflags.patch | 13 + |
20 |
...qemu-2.2.1-r99.ebuild => qemu-2.5.0-r99.ebuild} | 274 ++++++++++++--------- |
21 |
11 files changed, 469 insertions(+), 501 deletions(-) |
22 |
|
23 |
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest |
24 |
index 2ecdb66..9fdb00d 100644 |
25 |
--- a/app-emulation/qemu/Manifest |
26 |
+++ b/app-emulation/qemu/Manifest |
27 |
@@ -4,11 +4,14 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053 |
28 |
AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5 |
29 |
AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3 |
30 |
AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac |
31 |
-AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac |
32 |
-AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc |
33 |
-AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729 |
34 |
+AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798 |
35 |
+AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731 |
36 |
+AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3 |
37 |
+AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330 |
38 |
+AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95 |
39 |
+AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154 |
40 |
AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c |
41 |
AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067 |
42 |
-DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788 |
43 |
-EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae |
44 |
+DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef |
45 |
+EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 aeca48b0f3004f6d41077db6a763ef43c900cecf59d0f9d3ec6eb028846f0560 SHA512 31101660cd608272b6d6b24081ca095f3eb2fb2a33a2174fe62bf86fe006db6deb56590ae8a784fc69e3dd4f19c7a96035d38506f8a3d07e27397d710cf9e85c WHIRLPOOL 457f88c5e474183df7ae41a8d6c0ad49e76a6fdd69c59591c62f750c426e3998628f0770303536102d87509cfc2578813799e4052e09fb688460fa7bf424a2c4 |
46 |
MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8 |
47 |
|
48 |
diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch |
49 |
deleted file mode 100644 |
50 |
index 35ef8fd..0000000 |
51 |
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch |
52 |
+++ /dev/null |
53 |
@@ -1,241 +0,0 @@ |
54 |
-From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001 |
55 |
-From: "Daniel P. Berrange" <berrange@××××××.com> |
56 |
-Date: Mon, 23 Mar 2015 22:58:21 +0000 |
57 |
-Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames |
58 |
- |
59 |
-The logic for decoding websocket frames wants to fully |
60 |
-decode the frame header and payload, before allowing the |
61 |
-VNC server to see any of the payload data. There is no |
62 |
-size limit on websocket payloads, so this allows a |
63 |
-malicious network client to consume 2^64 bytes in memory |
64 |
-in QEMU. It can trigger this denial of service before |
65 |
-the VNC server even performs any authentication. |
66 |
- |
67 |
-The fix is to decode the header, and then incrementally |
68 |
-decode the payload data as it is needed. With this fix |
69 |
-the websocket decoder will allow at most 4k of data to |
70 |
-be buffered before decoding and processing payload. |
71 |
- |
72 |
-Signed-off-by: Daniel P. Berrange <berrange@××××××.com> |
73 |
- |
74 |
-[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ] |
75 |
- |
76 |
- @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input, |
77 |
- - *payload_size = input->offset; |
78 |
- + *payload_size = *payload_remain; |
79 |
- |
80 |
-[ kraxel: fix 32bit build ] |
81 |
- |
82 |
- @@ -306,7 +306,7 @@ struct VncState |
83 |
- - uint64_t ws_payload_remain; |
84 |
- + size_t ws_payload_remain; |
85 |
- |
86 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
87 |
---- |
88 |
- ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++-------------------- |
89 |
- ui/vnc-ws.h | 9 ++++-- |
90 |
- ui/vnc.h | 2 ++ |
91 |
- 3 files changed, 80 insertions(+), 36 deletions(-) |
92 |
- |
93 |
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c |
94 |
-index 85dbb7e..0b7de4e 100644 |
95 |
---- a/ui/vnc-ws.c |
96 |
-+++ b/ui/vnc-ws.c |
97 |
-@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs) |
98 |
- { |
99 |
- int ret, err; |
100 |
- uint8_t *payload; |
101 |
-- size_t payload_size, frame_size; |
102 |
-+ size_t payload_size, header_size; |
103 |
- VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer, |
104 |
- vs->ws_input.capacity, vs->ws_input.offset); |
105 |
- buffer_reserve(&vs->ws_input, 4096); |
106 |
-@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs) |
107 |
- } |
108 |
- vs->ws_input.offset += ret; |
109 |
- |
110 |
-- /* make sure that nothing is left in the ws_input buffer */ |
111 |
-+ ret = 0; |
112 |
-+ /* consume as much of ws_input buffer as possible */ |
113 |
- do { |
114 |
-- err = vncws_decode_frame(&vs->ws_input, &payload, |
115 |
-- &payload_size, &frame_size); |
116 |
-- if (err <= 0) { |
117 |
-- return err; |
118 |
-+ if (vs->ws_payload_remain == 0) { |
119 |
-+ err = vncws_decode_frame_header(&vs->ws_input, |
120 |
-+ &header_size, |
121 |
-+ &vs->ws_payload_remain, |
122 |
-+ &vs->ws_payload_mask); |
123 |
-+ if (err <= 0) { |
124 |
-+ return err; |
125 |
-+ } |
126 |
-+ |
127 |
-+ buffer_advance(&vs->ws_input, header_size); |
128 |
- } |
129 |
-+ if (vs->ws_payload_remain != 0) { |
130 |
-+ err = vncws_decode_frame_payload(&vs->ws_input, |
131 |
-+ &vs->ws_payload_remain, |
132 |
-+ &vs->ws_payload_mask, |
133 |
-+ &payload, |
134 |
-+ &payload_size); |
135 |
-+ if (err < 0) { |
136 |
-+ return err; |
137 |
-+ } |
138 |
-+ if (err == 0) { |
139 |
-+ return ret; |
140 |
-+ } |
141 |
-+ ret += err; |
142 |
- |
143 |
-- buffer_reserve(&vs->input, payload_size); |
144 |
-- buffer_append(&vs->input, payload, payload_size); |
145 |
-+ buffer_reserve(&vs->input, payload_size); |
146 |
-+ buffer_append(&vs->input, payload, payload_size); |
147 |
- |
148 |
-- buffer_advance(&vs->ws_input, frame_size); |
149 |
-+ buffer_advance(&vs->ws_input, payload_size); |
150 |
-+ } |
151 |
- } while (vs->ws_input.offset > 0); |
152 |
- |
153 |
- return ret; |
154 |
-@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload, |
155 |
- buffer_append(output, payload, payload_size); |
156 |
- } |
157 |
- |
158 |
--int vncws_decode_frame(Buffer *input, uint8_t **payload, |
159 |
-- size_t *payload_size, size_t *frame_size) |
160 |
-+int vncws_decode_frame_header(Buffer *input, |
161 |
-+ size_t *header_size, |
162 |
-+ size_t *payload_remain, |
163 |
-+ WsMask *payload_mask) |
164 |
- { |
165 |
- unsigned char opcode = 0, fin = 0, has_mask = 0; |
166 |
-- size_t header_size = 0; |
167 |
-- uint32_t *payload32; |
168 |
-+ size_t payload_len; |
169 |
- WsHeader *header = (WsHeader *)input->buffer; |
170 |
-- WsMask mask; |
171 |
-- int i; |
172 |
- |
173 |
- if (input->offset < WS_HEAD_MIN_LEN + 4) { |
174 |
- /* header not complete */ |
175 |
-@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload, |
176 |
- fin = (header->b0 & 0x80) >> 7; |
177 |
- opcode = header->b0 & 0x0f; |
178 |
- has_mask = (header->b1 & 0x80) >> 7; |
179 |
-- *payload_size = header->b1 & 0x7f; |
180 |
-+ payload_len = header->b1 & 0x7f; |
181 |
- |
182 |
- if (opcode == WS_OPCODE_CLOSE) { |
183 |
- /* disconnect */ |
184 |
-@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload, |
185 |
- return -2; |
186 |
- } |
187 |
- |
188 |
-- if (*payload_size < 126) { |
189 |
-- header_size = 6; |
190 |
-- mask = header->u.m; |
191 |
-- } else if (*payload_size == 126 && input->offset >= 8) { |
192 |
-- *payload_size = be16_to_cpu(header->u.s16.l16); |
193 |
-- header_size = 8; |
194 |
-- mask = header->u.s16.m16; |
195 |
-- } else if (*payload_size == 127 && input->offset >= 14) { |
196 |
-- *payload_size = be64_to_cpu(header->u.s64.l64); |
197 |
-- header_size = 14; |
198 |
-- mask = header->u.s64.m64; |
199 |
-+ if (payload_len < 126) { |
200 |
-+ *payload_remain = payload_len; |
201 |
-+ *header_size = 6; |
202 |
-+ *payload_mask = header->u.m; |
203 |
-+ } else if (payload_len == 126 && input->offset >= 8) { |
204 |
-+ *payload_remain = be16_to_cpu(header->u.s16.l16); |
205 |
-+ *header_size = 8; |
206 |
-+ *payload_mask = header->u.s16.m16; |
207 |
-+ } else if (payload_len == 127 && input->offset >= 14) { |
208 |
-+ *payload_remain = be64_to_cpu(header->u.s64.l64); |
209 |
-+ *header_size = 14; |
210 |
-+ *payload_mask = header->u.s64.m64; |
211 |
- } else { |
212 |
- /* header not complete */ |
213 |
- return 0; |
214 |
- } |
215 |
- |
216 |
-- *frame_size = header_size + *payload_size; |
217 |
-+ return 1; |
218 |
-+} |
219 |
-+ |
220 |
-+int vncws_decode_frame_payload(Buffer *input, |
221 |
-+ size_t *payload_remain, WsMask *payload_mask, |
222 |
-+ uint8_t **payload, size_t *payload_size) |
223 |
-+{ |
224 |
-+ size_t i; |
225 |
-+ uint32_t *payload32; |
226 |
- |
227 |
-- if (input->offset < *frame_size) { |
228 |
-- /* frame not complete */ |
229 |
-+ *payload = input->buffer; |
230 |
-+ /* If we aren't at the end of the payload, then drop |
231 |
-+ * off the last bytes, so we're always multiple of 4 |
232 |
-+ * for purpose of unmasking, except at end of payload |
233 |
-+ */ |
234 |
-+ if (input->offset < *payload_remain) { |
235 |
-+ *payload_size = input->offset - (input->offset % 4); |
236 |
-+ } else { |
237 |
-+ *payload_size = *payload_remain; |
238 |
-+ } |
239 |
-+ if (*payload_size == 0) { |
240 |
- return 0; |
241 |
- } |
242 |
-- |
243 |
-- *payload = input->buffer + header_size; |
244 |
-+ *payload_remain -= *payload_size; |
245 |
- |
246 |
- /* unmask frame */ |
247 |
- /* process 1 frame (32 bit op) */ |
248 |
- payload32 = (uint32_t *)(*payload); |
249 |
- for (i = 0; i < *payload_size / 4; i++) { |
250 |
-- payload32[i] ^= mask.u; |
251 |
-+ payload32[i] ^= payload_mask->u; |
252 |
- } |
253 |
- /* process the remaining bytes (if any) */ |
254 |
- for (i *= 4; i < *payload_size; i++) { |
255 |
-- (*payload)[i] ^= mask.c[i % 4]; |
256 |
-+ (*payload)[i] ^= payload_mask->c[i % 4]; |
257 |
- } |
258 |
- |
259 |
- return 1; |
260 |
-diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h |
261 |
-index ef229b7..14d4230 100644 |
262 |
---- a/ui/vnc-ws.h |
263 |
-+++ b/ui/vnc-ws.h |
264 |
-@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs); |
265 |
- void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size); |
266 |
- void vncws_encode_frame(Buffer *output, const void *payload, |
267 |
- const size_t payload_size); |
268 |
--int vncws_decode_frame(Buffer *input, uint8_t **payload, |
269 |
-- size_t *payload_size, size_t *frame_size); |
270 |
-+int vncws_decode_frame_header(Buffer *input, |
271 |
-+ size_t *header_size, |
272 |
-+ size_t *payload_remain, |
273 |
-+ WsMask *payload_mask); |
274 |
-+int vncws_decode_frame_payload(Buffer *input, |
275 |
-+ size_t *payload_remain, WsMask *payload_mask, |
276 |
-+ uint8_t **payload, size_t *payload_size); |
277 |
- |
278 |
- #endif /* __QEMU_UI_VNC_WS_H */ |
279 |
-diff --git a/ui/vnc.h b/ui/vnc.h |
280 |
-index e19ac39..3f7c6a9 100644 |
281 |
---- a/ui/vnc.h |
282 |
-+++ b/ui/vnc.h |
283 |
-@@ -306,6 +306,8 @@ struct VncState |
284 |
- #ifdef CONFIG_VNC_WS |
285 |
- Buffer ws_input; |
286 |
- Buffer ws_output; |
287 |
-+ size_t ws_payload_remain; |
288 |
-+ WsMask ws_payload_mask; |
289 |
- #endif |
290 |
- /* current output mode information */ |
291 |
- VncWritePixels *write_pixels; |
292 |
--- |
293 |
-2.3.5 |
294 |
- |
295 |
|
296 |
diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch |
297 |
deleted file mode 100644 |
298 |
index c7a8c8b..0000000 |
299 |
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch |
300 |
+++ /dev/null |
301 |
@@ -1,58 +0,0 @@ |
302 |
-From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001 |
303 |
-From: "Daniel P. Berrange" <berrange@××××××.com> |
304 |
-Date: Mon, 23 Mar 2015 22:58:22 +0000 |
305 |
-Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets |
306 |
- clients |
307 |
- |
308 |
-The VNC server websockets decoder will read and buffer data from |
309 |
-websockets clients until it sees the end of the HTTP headers, |
310 |
-as indicated by \r\n\r\n. In theory this allows a malicious to |
311 |
-trick QEMU into consuming an arbitrary amount of RAM. In practice, |
312 |
-because QEMU runs g_strstr_len() across the buffered header data, |
313 |
-it will spend increasingly long burning CPU time searching for |
314 |
-the substring match and less & less time reading data. So while |
315 |
-this does cause arbitrary memory growth, the bigger problem is |
316 |
-that QEMU will be burning 100% of available CPU time. |
317 |
- |
318 |
-A novnc websockets client typically sends headers of around |
319 |
-512 bytes in length. As such it is reasonable to place a 4096 |
320 |
-byte limit on the amount of data buffered while searching for |
321 |
-the end of HTTP headers. |
322 |
- |
323 |
-Signed-off-by: Daniel P. Berrange <berrange@××××××.com> |
324 |
-Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
325 |
---- |
326 |
- ui/vnc-ws.c | 10 ++++++++-- |
327 |
- 1 file changed, 8 insertions(+), 2 deletions(-) |
328 |
- |
329 |
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c |
330 |
-index 0b7de4e..62eb97f 100644 |
331 |
---- a/ui/vnc-ws.c |
332 |
-+++ b/ui/vnc-ws.c |
333 |
-@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque) |
334 |
- VncState *vs = opaque; |
335 |
- uint8_t *handshake_end; |
336 |
- long ret; |
337 |
-- buffer_reserve(&vs->ws_input, 4096); |
338 |
-- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096); |
339 |
-+ /* Typical HTTP headers from novnc are 512 bytes, so limiting |
340 |
-+ * total header size to 4096 is easily enough. */ |
341 |
-+ size_t want = 4096 - vs->ws_input.offset; |
342 |
-+ buffer_reserve(&vs->ws_input, want); |
343 |
-+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want); |
344 |
- |
345 |
- if (!ret) { |
346 |
- if (vs->csock == -1) { |
347 |
-@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque) |
348 |
- vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset); |
349 |
- buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer + |
350 |
- strlen(WS_HANDSHAKE_END)); |
351 |
-+ } else if (vs->ws_input.offset >= 4096) { |
352 |
-+ VNC_DEBUG("End of headers not found in first 4096 bytes\n"); |
353 |
-+ vnc_client_error(vs); |
354 |
- } |
355 |
- } |
356 |
- |
357 |
--- |
358 |
-2.3.5 |
359 |
- |
360 |
|
361 |
diff --git a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch |
362 |
deleted file mode 100644 |
363 |
index 87697d0..0000000 |
364 |
--- a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch |
365 |
+++ /dev/null |
366 |
@@ -1,86 +0,0 @@ |
367 |
-https://bugs.gentoo.org/549404 |
368 |
- |
369 |
-From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001 |
370 |
-From: Petr Matousek <pmatouse@××××××.com> |
371 |
-Date: Wed, 6 May 2015 09:48:59 +0200 |
372 |
-Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer |
373 |
- |
374 |
-During processing of certain commands such as FD_CMD_READ_ID and |
375 |
-FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could |
376 |
-get out of bounds leading to memory corruption with values coming |
377 |
-from the guest. |
378 |
- |
379 |
-Fix this by making sure that the index is always bounded by the |
380 |
-allocated memory. |
381 |
- |
382 |
-This is CVE-2015-3456. |
383 |
- |
384 |
-Signed-off-by: Petr Matousek <pmatouse@××××××.com> |
385 |
-Reviewed-by: John Snow <jsnow@××××××.com> |
386 |
-Signed-off-by: John Snow <jsnow@××××××.com> |
387 |
---- |
388 |
- hw/block/fdc.c | 17 +++++++++++------ |
389 |
- 1 files changed, 11 insertions(+), 6 deletions(-) |
390 |
- |
391 |
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c |
392 |
-index f72a392..d8a8edd 100644 |
393 |
---- a/hw/block/fdc.c |
394 |
-+++ b/hw/block/fdc.c |
395 |
-@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) |
396 |
- { |
397 |
- FDrive *cur_drv; |
398 |
- uint32_t retval = 0; |
399 |
-- int pos; |
400 |
-+ uint32_t pos; |
401 |
- |
402 |
- cur_drv = get_cur_drv(fdctrl); |
403 |
- fdctrl->dsr &= ~FD_DSR_PWRDOWN; |
404 |
-@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) |
405 |
- return 0; |
406 |
- } |
407 |
- pos = fdctrl->data_pos; |
408 |
-+ pos %= FD_SECTOR_LEN; |
409 |
- if (fdctrl->msr & FD_MSR_NONDMA) { |
410 |
-- pos %= FD_SECTOR_LEN; |
411 |
- if (pos == 0) { |
412 |
- if (fdctrl->data_pos != 0) |
413 |
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { |
414 |
-@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction) |
415 |
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction) |
416 |
- { |
417 |
- FDrive *cur_drv = get_cur_drv(fdctrl); |
418 |
-+ uint32_t pos; |
419 |
- |
420 |
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { |
421 |
-+ pos = fdctrl->data_pos - 1; |
422 |
-+ pos %= FD_SECTOR_LEN; |
423 |
-+ if (fdctrl->fifo[pos] & 0x80) { |
424 |
- /* Command parameters done */ |
425 |
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { |
426 |
-+ if (fdctrl->fifo[pos] & 0x40) { |
427 |
- fdctrl->fifo[0] = fdctrl->fifo[1]; |
428 |
- fdctrl->fifo[2] = 0; |
429 |
- fdctrl->fifo[3] = 0; |
430 |
-@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256]; |
431 |
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) |
432 |
- { |
433 |
- FDrive *cur_drv; |
434 |
-- int pos; |
435 |
-+ uint32_t pos; |
436 |
- |
437 |
- /* Reset mode */ |
438 |
- if (!(fdctrl->dor & FD_DOR_nRESET)) { |
439 |
-@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) |
440 |
- } |
441 |
- |
442 |
- FLOPPY_DPRINTF("%s: %02x\n", __func__, value); |
443 |
-- fdctrl->fifo[fdctrl->data_pos++] = value; |
444 |
-+ pos = fdctrl->data_pos++; |
445 |
-+ pos %= FD_SECTOR_LEN; |
446 |
-+ fdctrl->fifo[pos] = value; |
447 |
- if (fdctrl->data_pos == fdctrl->data_len) { |
448 |
- /* We now have all parameters |
449 |
- * and will be able to treat the command |
450 |
--- |
451 |
-1.7.0.4 |
452 |
- |
453 |
|
454 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch |
455 |
new file mode 100644 |
456 |
index 0000000..fbc6a0a |
457 |
--- /dev/null |
458 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch |
459 |
@@ -0,0 +1,50 @@ |
460 |
+https://bugs.gentoo.org/568246 |
461 |
+ |
462 |
+From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001 |
463 |
+From: Gerd Hoffmann <kraxel@××××××.com> |
464 |
+Date: Mon, 14 Dec 2015 09:21:23 +0100 |
465 |
+Subject: [PATCH] ehci: make idt processing more robust |
466 |
+ |
467 |
+Make ehci_process_itd return an error in case we didn't do any actual |
468 |
+iso transfer because we've found no active transaction. That'll avoid |
469 |
+ehci happily run in circles forever if the guest builds a loop out of |
470 |
+idts. |
471 |
+ |
472 |
+This is CVE-2015-8558. |
473 |
+ |
474 |
+Cc: qemu-stable@××××××.org |
475 |
+Reported-by: Qinghao Tang <luodalongde@×××××.com> |
476 |
+Tested-by: P J P <ppandit@××××××.com> |
477 |
+Signed-off-by: Gerd Hoffmann <kraxel@××××××.com> |
478 |
+--- |
479 |
+ hw/usb/hcd-ehci.c | 5 +++-- |
480 |
+ 1 file changed, 3 insertions(+), 2 deletions(-) |
481 |
+ |
482 |
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c |
483 |
+index 4e2161b..d07f228 100644 |
484 |
+--- a/hw/usb/hcd-ehci.c |
485 |
++++ b/hw/usb/hcd-ehci.c |
486 |
+@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci, |
487 |
+ { |
488 |
+ USBDevice *dev; |
489 |
+ USBEndpoint *ep; |
490 |
+- uint32_t i, len, pid, dir, devaddr, endp; |
491 |
++ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0; |
492 |
+ uint32_t pg, off, ptr1, ptr2, max, mult; |
493 |
+ |
494 |
+ ehci->periodic_sched_active = PERIODIC_ACTIVE; |
495 |
+@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci, |
496 |
+ ehci_raise_irq(ehci, USBSTS_INT); |
497 |
+ } |
498 |
+ itd->transact[i] &= ~ITD_XACT_ACTIVE; |
499 |
++ xfers++; |
500 |
+ } |
501 |
+ } |
502 |
+- return 0; |
503 |
++ return xfers ? 0 : -1; |
504 |
+ } |
505 |
+ |
506 |
+ |
507 |
+-- |
508 |
+2.6.2 |
509 |
+ |
510 |
|
511 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch |
512 |
new file mode 100644 |
513 |
index 0000000..e196043 |
514 |
--- /dev/null |
515 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch |
516 |
@@ -0,0 +1,95 @@ |
517 |
+https://bugs.gentoo.org/567868 |
518 |
+ |
519 |
+From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001 |
520 |
+From: P J P <ppandit@××××××.com> |
521 |
+Date: Tue, 15 Dec 2015 12:27:54 +0530 |
522 |
+Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device |
523 |
+ |
524 |
+Vmxnet3 device emulator does not check if the device is active |
525 |
+before activating it, also it did not free the transmit & receive |
526 |
+buffers while deactivating the device, thus resulting in memory |
527 |
+leakage on the host. This patch fixes both these issues to avoid |
528 |
+host memory leakage. |
529 |
+ |
530 |
+Reported-by: Qinghao Tang <luodalongde@×××××.com> |
531 |
+Reviewed-by: Dmitry Fleytman <dmitry@××××××.com> |
532 |
+Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
533 |
+Cc: qemu-stable@××××××.org |
534 |
+Signed-off-by: Jason Wang <jasowang@××××××.com> |
535 |
+--- |
536 |
+ hw/net/vmxnet3.c | 24 ++++++++++++++++-------- |
537 |
+ 1 file changed, 16 insertions(+), 8 deletions(-) |
538 |
+ |
539 |
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c |
540 |
+index a5dd79a..9c1adfc 100644 |
541 |
+--- a/hw/net/vmxnet3.c |
542 |
++++ b/hw/net/vmxnet3.c |
543 |
+@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s) |
544 |
+ |
545 |
+ static void vmxnet3_deactivate_device(VMXNET3State *s) |
546 |
+ { |
547 |
+- VMW_CBPRN("Deactivating vmxnet3..."); |
548 |
+- s->device_active = false; |
549 |
++ if (s->device_active) { |
550 |
++ VMW_CBPRN("Deactivating vmxnet3..."); |
551 |
++ vmxnet_tx_pkt_reset(s->tx_pkt); |
552 |
++ vmxnet_tx_pkt_uninit(s->tx_pkt); |
553 |
++ vmxnet_rx_pkt_uninit(s->rx_pkt); |
554 |
++ s->device_active = false; |
555 |
++ } |
556 |
+ } |
557 |
+ |
558 |
+ static void vmxnet3_reset(VMXNET3State *s) |
559 |
+@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s) |
560 |
+ |
561 |
+ vmxnet3_deactivate_device(s); |
562 |
+ vmxnet3_reset_interrupt_states(s); |
563 |
+- vmxnet_tx_pkt_reset(s->tx_pkt); |
564 |
+ s->drv_shmem = 0; |
565 |
+ s->tx_sop = true; |
566 |
+ s->skip_current_tx_pkt = false; |
567 |
+@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s) |
568 |
+ return; |
569 |
+ } |
570 |
+ |
571 |
++ /* Verify if device is active */ |
572 |
++ if (s->device_active) { |
573 |
++ VMW_CFPRN("Vmxnet3 device is active"); |
574 |
++ return; |
575 |
++ } |
576 |
++ |
577 |
+ vmxnet3_adjust_by_guest_type(s); |
578 |
+ vmxnet3_update_features(s); |
579 |
+ vmxnet3_update_pm_state(s); |
580 |
+@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd) |
581 |
+ break; |
582 |
+ |
583 |
+ case VMXNET3_CMD_QUIESCE_DEV: |
584 |
+- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device"); |
585 |
++ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device"); |
586 |
+ vmxnet3_deactivate_device(s); |
587 |
+ break; |
588 |
+ |
589 |
+@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque, |
590 |
+ * shared address only after we get the high part |
591 |
+ */ |
592 |
+ if (val == 0) { |
593 |
+- s->device_active = false; |
594 |
++ vmxnet3_deactivate_device(s); |
595 |
+ } |
596 |
+ s->temp_shared_guest_driver_memory = val; |
597 |
+ s->drv_shmem = 0; |
598 |
+@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s) |
599 |
+ static void vmxnet3_net_uninit(VMXNET3State *s) |
600 |
+ { |
601 |
+ g_free(s->mcast_list); |
602 |
+- vmxnet_tx_pkt_reset(s->tx_pkt); |
603 |
+- vmxnet_tx_pkt_uninit(s->tx_pkt); |
604 |
+- vmxnet_rx_pkt_uninit(s->rx_pkt); |
605 |
++ vmxnet3_deactivate_device(s); |
606 |
+ qemu_del_nic(s->nic); |
607 |
+ } |
608 |
+ |
609 |
+-- |
610 |
+2.6.2 |
611 |
+ |
612 |
|
613 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch |
614 |
new file mode 100644 |
615 |
index 0000000..0dab1c3 |
616 |
--- /dev/null |
617 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch |
618 |
@@ -0,0 +1,49 @@ |
619 |
+https://bugs.gentoo.org/570110 |
620 |
+ |
621 |
+From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001 |
622 |
+From: Prasad J Pandit <pjp@×××××××××××××.org> |
623 |
+Date: Mon, 28 Dec 2015 16:24:08 +0530 |
624 |
+Subject: [PATCH] net: rocker: fix an incorrect array bounds check |
625 |
+ |
626 |
+While processing transmit(tx) descriptors in 'tx_consume' routine |
627 |
+the switch emulator suffers from an off-by-one error, if a |
628 |
+descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16) |
629 |
+fragments. Fix an incorrect bounds check to avoid it. |
630 |
+ |
631 |
+Reported-by: Qinghao Tang <luodalongde@×××××.com> |
632 |
+Cc: qemu-stable@××××××.org |
633 |
+Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
634 |
+Signed-off-by: Jason Wang <jasowang@××××××.com> |
635 |
+--- |
636 |
+ hw/net/rocker/rocker.c | 8 ++++---- |
637 |
+ 1 file changed, 4 insertions(+), 4 deletions(-) |
638 |
+ |
639 |
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c |
640 |
+index c57f1a6..2e77e50 100644 |
641 |
+--- a/hw/net/rocker/rocker.c |
642 |
++++ b/hw/net/rocker/rocker.c |
643 |
+@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info) |
644 |
+ frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]); |
645 |
+ frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]); |
646 |
+ |
647 |
++ if (iovcnt >= ROCKER_TX_FRAGS_MAX) { |
648 |
++ goto err_too_many_frags; |
649 |
++ } |
650 |
+ iov[iovcnt].iov_len = frag_len; |
651 |
+ iov[iovcnt].iov_base = g_malloc(frag_len); |
652 |
+ if (!iov[iovcnt].iov_base) { |
653 |
+@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info) |
654 |
+ err = -ROCKER_ENXIO; |
655 |
+ goto err_bad_io; |
656 |
+ } |
657 |
+- |
658 |
+- if (++iovcnt > ROCKER_TX_FRAGS_MAX) { |
659 |
+- goto err_too_many_frags; |
660 |
+- } |
661 |
++ iovcnt++; |
662 |
+ } |
663 |
+ |
664 |
+ if (iovcnt) { |
665 |
+-- |
666 |
+2.6.2 |
667 |
+ |
668 |
|
669 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch |
670 |
new file mode 100644 |
671 |
index 0000000..b2bca56 |
672 |
--- /dev/null |
673 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch |
674 |
@@ -0,0 +1,50 @@ |
675 |
+https://bugs.gentoo.org/570988 |
676 |
+ |
677 |
+From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001 |
678 |
+From: Prasad J Pandit <pjp@×××××××××××××.org> |
679 |
+Date: Thu, 31 Dec 2015 17:05:27 +0530 |
680 |
+Subject: [PATCH] net: ne2000: fix bounds check in ioport operations |
681 |
+ |
682 |
+While doing ioport r/w operations, ne2000 device emulation suffers |
683 |
+from OOB r/w errors. Update respective array bounds check to avoid |
684 |
+OOB access. |
685 |
+ |
686 |
+Reported-by: Ling Liu <liuling-it@×××.cn> |
687 |
+Cc: qemu-stable@××××××.org |
688 |
+Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
689 |
+Signed-off-by: Jason Wang <jasowang@××××××.com> |
690 |
+--- |
691 |
+ hw/net/ne2000.c | 10 ++++++---- |
692 |
+ 1 file changed, 6 insertions(+), 4 deletions(-) |
693 |
+ |
694 |
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c |
695 |
+index 010f9ef..a3dffff 100644 |
696 |
+--- a/hw/net/ne2000.c |
697 |
++++ b/hw/net/ne2000.c |
698 |
+@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr, |
699 |
+ uint32_t val) |
700 |
+ { |
701 |
+ addr &= ~1; /* XXX: check exact behaviour if not even */ |
702 |
+- if (addr < 32 || |
703 |
+- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) { |
704 |
++ if (addr < 32 |
705 |
++ || (addr >= NE2000_PMEM_START |
706 |
++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { |
707 |
+ stl_le_p(s->mem + addr, val); |
708 |
+ } |
709 |
+ } |
710 |
+@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr) |
711 |
+ static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr) |
712 |
+ { |
713 |
+ addr &= ~1; /* XXX: check exact behaviour if not even */ |
714 |
+- if (addr < 32 || |
715 |
+- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) { |
716 |
++ if (addr < 32 |
717 |
++ || (addr >= NE2000_PMEM_START |
718 |
++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { |
719 |
+ return ldl_le_p(s->mem + addr); |
720 |
+ } else { |
721 |
+ return 0xffffffff; |
722 |
+-- |
723 |
+2.6.2 |
724 |
+ |
725 |
|
726 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch |
727 |
new file mode 100644 |
728 |
index 0000000..4ce9a35 |
729 |
--- /dev/null |
730 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch |
731 |
@@ -0,0 +1,41 @@ |
732 |
+https://bugs.gentoo.org/571566 |
733 |
+ |
734 |
+From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001 |
735 |
+From: Prasad J Pandit <pjp@×××××××××××××.org> |
736 |
+Date: Mon, 11 Jan 2016 14:10:42 -0500 |
737 |
+Subject: [PATCH] ide: ahci: reset ncq object to unused on error |
738 |
+ |
739 |
+When processing NCQ commands, AHCI device emulation prepares a |
740 |
+NCQ transfer object; To which an aio control block(aiocb) object |
741 |
+is assigned in 'execute_ncq_command'. In case, when the NCQ |
742 |
+command is invalid, the 'aiocb' object is not assigned, and NCQ |
743 |
+transfer object is left as 'used'. This leads to a use after |
744 |
+free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. |
745 |
+Reset NCQ transfer object to 'unused' to avoid it. |
746 |
+ |
747 |
+[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js] |
748 |
+ |
749 |
+Reported-by: Qinghao Tang <luodalongde@×××××.com> |
750 |
+Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
751 |
+Reviewed-by: John Snow <jsnow@××××××.com> |
752 |
+Message-id: 1452282511-4116-1-git-send-email-ppandit@××××××.com |
753 |
+Signed-off-by: John Snow <jsnow@××××××.com> |
754 |
+--- |
755 |
+ hw/ide/ahci.c | 1 + |
756 |
+ 1 file changed, 1 insertion(+) |
757 |
+ |
758 |
+diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c |
759 |
+index dd1912e..17f1cbd 100644 |
760 |
+--- a/hw/ide/ahci.c |
761 |
++++ b/hw/ide/ahci.c |
762 |
+@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs) |
763 |
+ ide_state->error = ABRT_ERR; |
764 |
+ ide_state->status = READY_STAT | ERR_STAT; |
765 |
+ ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); |
766 |
++ ncq_tfs->used = 0; |
767 |
+ } |
768 |
+ |
769 |
+ static void ncq_finish(NCQTransferState *ncq_tfs) |
770 |
+-- |
771 |
+2.6.2 |
772 |
+ |
773 |
|
774 |
diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch |
775 |
new file mode 100644 |
776 |
index 0000000..173394f |
777 |
--- /dev/null |
778 |
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch |
779 |
@@ -0,0 +1,13 @@ |
780 |
+--- a/configure |
781 |
++++ b/configure |
782 |
+@@ -4468,10 +4468,6 @@ fi |
783 |
+ if test "$gcov" = "yes" ; then |
784 |
+ CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" |
785 |
+ LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" |
786 |
+-elif test "$fortify_source" = "yes" ; then |
787 |
+- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" |
788 |
+-elif test "$debug" = "no"; then |
789 |
+- CFLAGS="-O2 $CFLAGS" |
790 |
+ fi |
791 |
+ |
792 |
+ ########################################## |
793 |
|
794 |
diff --git a/app-emulation/qemu/qemu-2.2.1-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r99.ebuild |
795 |
similarity index 73% |
796 |
rename from app-emulation/qemu/qemu-2.2.1-r99.ebuild |
797 |
rename to app-emulation/qemu/qemu-2.5.0-r99.ebuild |
798 |
index 5b8baf1..2fe26b3 100644 |
799 |
--- a/app-emulation/qemu/qemu-2.2.1-r99.ebuild |
800 |
+++ b/app-emulation/qemu/qemu-2.5.0-r99.ebuild |
801 |
@@ -1,6 +1,6 @@ |
802 |
# Copyright 1999-2015 Gentoo Foundation |
803 |
# Distributed under the terms of the GNU General Public License v2 |
804 |
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1-r2.ebuild,v 1.3 2015/05/14 07:09:58 ago Exp $ |
805 |
+# $Id$ |
806 |
|
807 |
EAPI=5 |
808 |
|
809 |
@@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then |
810 |
EGIT_REPO_URI="git://git.qemu.org/qemu.git" |
811 |
inherit git-2 |
812 |
SRC_URI="" |
813 |
- KEYWORDS="" |
814 |
else |
815 |
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 |
816 |
${BACKPORTS:+ |
817 |
- http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" |
818 |
- KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd" |
819 |
+ https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" |
820 |
+ KEYWORDS="amd64 ~ppc x86" |
821 |
fi |
822 |
|
823 |
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
824 |
@@ -30,76 +29,119 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" |
825 |
LICENSE="GPL-2 LGPL-2 BSD-2" |
826 |
SLOT="0" |
827 |
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ |
828 |
-gtk infiniband iscsi +jpeg \ |
829 |
+gnutls gtk gtk2 infiniband iscsi +jpeg \ |
830 |
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs |
831 |
+png pulseaudio python \ |
832 |
-rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ |
833 |
-static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ |
834 |
-virtfs +vnc xattr xen xfs" |
835 |
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu |
836 |
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \ |
837 |
+virgl virtfs +vnc vte xattr xen xfs" |
838 |
|
839 |
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips |
840 |
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 |
841 |
x86_64" |
842 |
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb" |
843 |
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus" |
844 |
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" |
845 |
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" |
846 |
|
847 |
-use_targets=" |
848 |
- $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
849 |
- $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
850 |
-" |
851 |
-IUSE+=" ${use_targets}" |
852 |
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
853 |
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
854 |
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}" |
855 |
|
856 |
-# Require at least one softmmu or user target. |
857 |
+# Allow no targets to be built so that people can get a tools-only build. |
858 |
# Block USE flag configurations known to not work. |
859 |
-REQUIRED_USE="|| ( ${use_targets} ) |
860 |
- ${PYTHON_REQUIRED_USE} |
861 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE} |
862 |
+ gtk2? ( gtk ) |
863 |
qemu_softmmu_targets_arm? ( fdt ) |
864 |
qemu_softmmu_targets_microblaze? ( fdt ) |
865 |
qemu_softmmu_targets_ppc? ( fdt ) |
866 |
qemu_softmmu_targets_ppc64? ( fdt ) |
867 |
+ sdl2? ( sdl ) |
868 |
static? ( static-softmmu static-user ) |
869 |
- static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk ) |
870 |
- virtfs? ( xattr )" |
871 |
+ static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) |
872 |
+ virtfs? ( xattr ) |
873 |
+ vte? ( gtk )" |
874 |
|
875 |
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. |
876 |
# |
877 |
# The attr lib isn't always linked in (although the USE flag is always |
878 |
# respected). This is because qemu supports using the C library's API |
879 |
# when available rather than always using the extranl library. |
880 |
+# |
881 |
+# Older versions of gnutls are supported, but it's simpler to just require |
882 |
+# the latest versions. This is also why we require nettle. |
883 |
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] |
884 |
sys-libs/zlib[static-libs(+)] |
885 |
xattr? ( sys-apps/attr[static-libs(+)] )" |
886 |
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} |
887 |
>=x11-libs/pixman-0.28.0[static-libs(+)] |
888 |
+ accessibility? ( app-accessibility/brltty[static-libs(+)] ) |
889 |
aio? ( dev-libs/libaio[static-libs(+)] ) |
890 |
+ alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
891 |
+ bluetooth? ( net-wireless/bluez ) |
892 |
caps? ( sys-libs/libcap-ng[static-libs(+)] ) |
893 |
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) |
894 |
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) |
895 |
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) |
896 |
+ gnutls? ( |
897 |
+ dev-libs/nettle[static-libs(+)] |
898 |
+ >=net-libs/gnutls-3.0[static-libs(+)] |
899 |
+ ) |
900 |
+ gtk? ( |
901 |
+ gtk2? ( |
902 |
+ x11-libs/gtk+:2 |
903 |
+ vte? ( x11-libs/vte:0 ) |
904 |
+ ) |
905 |
+ !gtk2? ( |
906 |
+ x11-libs/gtk+:3 |
907 |
+ vte? ( x11-libs/vte:2.90 ) |
908 |
+ ) |
909 |
+ ) |
910 |
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] ) |
911 |
+ iscsi? ( net-libs/libiscsi ) |
912 |
jpeg? ( virtual/jpeg:=[static-libs(+)] ) |
913 |
lzo? ( dev-libs/lzo:2[static-libs(+)] ) |
914 |
- ncurses? ( sys-libs/ncurses[static-libs(+)] ) |
915 |
+ ncurses? ( sys-libs/ncurses:0=[static-libs(+)] ) |
916 |
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) |
917 |
numa? ( sys-process/numactl[static-libs(+)] ) |
918 |
+ opengl? ( |
919 |
+ virtual/opengl |
920 |
+ media-libs/libepoxy[static-libs(+)] |
921 |
+ media-libs/mesa[static-libs(+)] |
922 |
+ media-libs/mesa[egl,gles2] |
923 |
+ ) |
924 |
png? ( media-libs/libpng:0=[static-libs(+)] ) |
925 |
+ pulseaudio? ( media-sound/pulseaudio ) |
926 |
rbd? ( sys-cluster/ceph[static-libs(+)] ) |
927 |
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) |
928 |
- sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) |
929 |
+ sdl? ( |
930 |
+ !sdl2? ( |
931 |
+ media-libs/libsdl[X] |
932 |
+ >=media-libs/libsdl-1.2.11[static-libs(+)] |
933 |
+ ) |
934 |
+ sdl2? ( |
935 |
+ media-libs/libsdl2[X] |
936 |
+ media-libs/libsdl2[static-libs(+)] |
937 |
+ ) |
938 |
+ ) |
939 |
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
940 |
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
941 |
snappy? ( app-arch/snappy[static-libs(+)] ) |
942 |
- spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) |
943 |
+ spice? ( |
944 |
+ >=app-emulation/spice-protocol-0.12.3 |
945 |
+ >=app-emulation/spice-0.12.0[static-libs(+)] |
946 |
+ ) |
947 |
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) |
948 |
- tls? ( net-libs/gnutls[static-libs(+)] ) |
949 |
- usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] ) |
950 |
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) |
951 |
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) |
952 |
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) |
953 |
vde? ( net-misc/vde[static-libs(+)] ) |
954 |
+ virgl? ( media-libs/virglrenderer[static-libs(+)] ) |
955 |
+ virtfs? ( sys-libs/libcap ) |
956 |
xfs? ( sys-fs/xfsprogs[static-libs(+)] )" |
957 |
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" |
958 |
X86_FIRMWARE_DEPEND=" |
959 |
>=sys-firmware/ipxe-1.0.0_p20130624 |
960 |
pin-upstream-blobs? ( |
961 |
- ~sys-firmware/seabios-1.7.5 |
962 |
+ ~sys-firmware/seabios-1.8.2 |
963 |
~sys-firmware/sgabios-0.1_pre8 |
964 |
~sys-firmware/vgabios-0.7a |
965 |
) |
966 |
@@ -108,28 +150,14 @@ X86_FIRMWARE_DEPEND=" |
967 |
sys-firmware/sgabios |
968 |
sys-firmware/vgabios |
969 |
)" |
970 |
-CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) |
971 |
- !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) |
972 |
+CDEPEND=" |
973 |
+ !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) |
974 |
+ !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) |
975 |
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) |
976 |
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) |
977 |
- accessibility? ( app-accessibility/brltty ) |
978 |
- alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
979 |
- bluetooth? ( net-wireless/bluez ) |
980 |
- gtk? ( |
981 |
- x11-libs/gtk+:3 |
982 |
- x11-libs/vte:2.90 |
983 |
- ) |
984 |
- iscsi? ( net-libs/libiscsi ) |
985 |
- opengl? ( virtual/opengl ) |
986 |
- pulseaudio? ( media-sound/pulseaudio ) |
987 |
python? ( ${PYTHON_DEPS} ) |
988 |
- sdl? ( media-libs/libsdl[X] ) |
989 |
- smartcard? ( dev-libs/nss !app-emulation/libcacard ) |
990 |
- spice? ( >=app-emulation/spice-protocol-0.12.3 ) |
991 |
systemtap? ( dev-util/systemtap ) |
992 |
- usbredir? ( >=sys-apps/usbredir-0.6 ) |
993 |
- virtfs? ( sys-libs/libcap ) |
994 |
- xen? ( app-emulation/xen-tools )" |
995 |
+ xen? ( app-emulation/xen-tools:= )" |
996 |
DEPEND="${CDEPEND} |
997 |
dev-lang/perl |
998 |
=dev-lang/python-2* |
999 |
@@ -137,8 +165,8 @@ DEPEND="${CDEPEND} |
1000 |
virtual/pkgconfig |
1001 |
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) |
1002 |
gtk? ( nls? ( sys-devel/gettext ) ) |
1003 |
- static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) |
1004 |
- static-user? ( ${USER_LIB_DEPEND} ) |
1005 |
+ static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) |
1006 |
+ static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) |
1007 |
test? ( |
1008 |
dev-libs/glib[utils] |
1009 |
sys-devel/bc |
1010 |
@@ -245,10 +273,32 @@ pkg_pretend() { |
1011 |
|
1012 |
pkg_setup() { |
1013 |
enewgroup kvm 78 |
1014 |
- python_setup |
1015 |
+} |
1016 |
+ |
1017 |
+# Sanity check to make sure target lists are kept up-to-date. |
1018 |
+check_targets() { |
1019 |
+ local var=$1 mak=$2 |
1020 |
+ local detected sorted |
1021 |
+ |
1022 |
+ pushd "${S}"/default-configs >/dev/null || die |
1023 |
+ |
1024 |
+ # Force C locale until glibc is updated. #564936 |
1025 |
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) |
1026 |
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) |
1027 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
1028 |
+ eerror "The ebuild needs to be kept in sync." |
1029 |
+ eerror "${var}: ${sorted}" |
1030 |
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}" |
1031 |
+ die "sync ${var} to the list of targets" |
1032 |
+ fi |
1033 |
+ |
1034 |
+ popd >/dev/null |
1035 |
} |
1036 |
|
1037 |
src_prepare() { |
1038 |
+ check_targets IUSE_SOFTMMU_TARGETS softmmu |
1039 |
+ check_targets IUSE_USER_TARGETS linux-user |
1040 |
+ |
1041 |
# Alter target makefiles to accept CFLAGS set via flag-o |
1042 |
sed -i -r \ |
1043 |
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ |
1044 |
@@ -257,20 +307,22 @@ src_prepare() { |
1045 |
# Cheap hack to disable gettext .mo generation. |
1046 |
use nls || rm -f po/*.po |
1047 |
|
1048 |
- epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch |
1049 |
- epatch "${FILESDIR}"/${P}-CVE-2015-1779-1.patch #544328 |
1050 |
- epatch "${FILESDIR}"/${P}-CVE-2015-1779-2.patch #544328 |
1051 |
- epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3456.patch #549404 |
1052 |
- |
1053 |
# Patching for musl |
1054 |
epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch |
1055 |
epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch |
1056 |
epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch |
1057 |
|
1058 |
+ epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch |
1059 |
[[ -n ${BACKPORTS} ]] && \ |
1060 |
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ |
1061 |
epatch |
1062 |
|
1063 |
+ epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868 |
1064 |
+ epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246 |
1065 |
+ epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110 |
1066 |
+ epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988 |
1067 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566 |
1068 |
+ |
1069 |
# Fix ld and objcopy being called directly |
1070 |
tc-export AR LD OBJCOPY |
1071 |
|
1072 |
@@ -288,14 +340,10 @@ qemu_src_configure() { |
1073 |
debug-print-function ${FUNCNAME} "$@" |
1074 |
|
1075 |
local buildtype=$1 |
1076 |
- local builddir=$2 |
1077 |
+ local builddir="${S}/${buildtype}-build" |
1078 |
local static_flag="static-${buildtype}" |
1079 |
|
1080 |
- # audio options |
1081 |
- local audio_opts="oss" |
1082 |
- use alsa && audio_opts="alsa,${audio_opts}" |
1083 |
- use sdl && audio_opts="sdl,${audio_opts}" |
1084 |
- use pulseaudio && audio_opts="pa,${audio_opts}" |
1085 |
+ mkdir "${builddir}" |
1086 |
|
1087 |
local conf_opts=( |
1088 |
--prefix=/usr |
1089 |
@@ -306,6 +354,11 @@ qemu_src_configure() { |
1090 |
--disable-guest-agent |
1091 |
--disable-strip |
1092 |
--disable-werror |
1093 |
+ # We support gnutls/nettle for crypto operations. It is possible |
1094 |
+ # to use gcrypt when gnutls/nettle are disabled (but not when they |
1095 |
+ # are enabled), but it's not really worth the hassle. Disable it |
1096 |
+ # all the time to avoid automatically detecting it. #568856 |
1097 |
+ --disable-gcrypt |
1098 |
--python="${PYTHON}" |
1099 |
--cc="$(tc-getCC)" |
1100 |
--cxx="$(tc-getCXX)" |
1101 |
@@ -334,6 +387,8 @@ qemu_src_configure() { |
1102 |
$(conf_softmmu curl) |
1103 |
$(conf_softmmu fdt) |
1104 |
$(conf_softmmu glusterfs) |
1105 |
+ $(conf_softmmu gnutls) |
1106 |
+ $(conf_softmmu gnutls nettle) |
1107 |
$(conf_softmmu gtk) |
1108 |
$(conf_softmmu infiniband rdma) |
1109 |
$(conf_softmmu iscsi libiscsi) |
1110 |
@@ -343,26 +398,25 @@ qemu_src_configure() { |
1111 |
$(conf_softmmu ncurses curses) |
1112 |
$(conf_softmmu nfs libnfs) |
1113 |
$(conf_softmmu numa) |
1114 |
- $(conf_softmmu opengl glx) |
1115 |
+ $(conf_softmmu opengl) |
1116 |
$(conf_softmmu png vnc-png) |
1117 |
$(conf_softmmu rbd) |
1118 |
$(conf_softmmu sasl vnc-sasl) |
1119 |
$(conf_softmmu sdl) |
1120 |
$(conf_softmmu seccomp) |
1121 |
- $(conf_softmmu smartcard smartcard-nss) |
1122 |
+ $(conf_softmmu smartcard) |
1123 |
$(conf_softmmu snappy) |
1124 |
$(conf_softmmu spice) |
1125 |
$(conf_softmmu ssh libssh2) |
1126 |
- $(conf_softmmu tls quorum) |
1127 |
- $(conf_softmmu tls vnc-tls) |
1128 |
- $(conf_softmmu tls vnc-ws) |
1129 |
$(conf_softmmu usb libusb) |
1130 |
$(conf_softmmu usbredir usb-redir) |
1131 |
$(conf_softmmu uuid) |
1132 |
$(conf_softmmu vde) |
1133 |
$(conf_softmmu vhost-net) |
1134 |
+ $(conf_softmmu virgl virglrenderer) |
1135 |
$(conf_softmmu virtfs) |
1136 |
$(conf_softmmu vnc) |
1137 |
+ $(conf_softmmu vte) |
1138 |
$(conf_softmmu xen) |
1139 |
$(conf_softmmu xen xen-pci-passthrough) |
1140 |
$(conf_softmmu xfs xfsctl) |
1141 |
@@ -373,23 +427,39 @@ qemu_src_configure() { |
1142 |
conf_opts+=( |
1143 |
--enable-linux-user |
1144 |
--disable-system |
1145 |
- --target-list="${user_targets}" |
1146 |
--disable-blobs |
1147 |
--disable-tools |
1148 |
) |
1149 |
;; |
1150 |
softmmu) |
1151 |
+ # audio options |
1152 |
+ local audio_opts="oss" |
1153 |
+ use alsa && audio_opts="alsa,${audio_opts}" |
1154 |
+ use sdl && audio_opts="sdl,${audio_opts}" |
1155 |
+ use pulseaudio && audio_opts="pa,${audio_opts}" |
1156 |
+ |
1157 |
conf_opts+=( |
1158 |
--disable-linux-user |
1159 |
--enable-system |
1160 |
- --target-list="${softmmu_targets}" |
1161 |
--with-system-pixman |
1162 |
--audio-drv-list="${audio_opts}" |
1163 |
) |
1164 |
- use gtk && conf_opts+=( --with-gtkabi=3.0 ) |
1165 |
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) |
1166 |
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) |
1167 |
+ ;; |
1168 |
+ tools) |
1169 |
+ conf_opts+=( |
1170 |
+ --disable-linux-user |
1171 |
+ --disable-system |
1172 |
+ --disable-blobs |
1173 |
+ ) |
1174 |
+ static_flag="static" |
1175 |
;; |
1176 |
esac |
1177 |
|
1178 |
+ local targets="${buildtype}_targets" |
1179 |
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) |
1180 |
+ |
1181 |
# Add support for SystemTAP |
1182 |
use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) |
1183 |
|
1184 |
@@ -402,7 +472,7 @@ qemu_src_configure() { |
1185 |
gcc-specs-pie && conf_opts+=( --enable-pie ) |
1186 |
fi |
1187 |
|
1188 |
- einfo "../configure ${conf_opts[*]}" |
1189 |
+ echo "../configure ${conf_opts[*]}" |
1190 |
cd "${builddir}" |
1191 |
../configure "${conf_opts[@]}" || die "configure failed" |
1192 |
|
1193 |
@@ -415,7 +485,7 @@ qemu_src_configure() { |
1194 |
src_configure() { |
1195 |
local target |
1196 |
|
1197 |
- python_export_best |
1198 |
+ python_setup |
1199 |
|
1200 |
softmmu_targets= softmmu_bins=() |
1201 |
user_targets= user_bins=() |
1202 |
@@ -434,21 +504,12 @@ src_configure() { |
1203 |
fi |
1204 |
done |
1205 |
|
1206 |
- [[ -n ${softmmu_targets} ]] && \ |
1207 |
- einfo "Building the following softmmu targets: ${softmmu_targets}" |
1208 |
- |
1209 |
- [[ -n ${user_targets} ]] && \ |
1210 |
- einfo "Building the following user targets: ${user_targets}" |
1211 |
- |
1212 |
- if [[ -n ${softmmu_targets} ]]; then |
1213 |
- mkdir "${S}/softmmu-build" |
1214 |
- qemu_src_configure "softmmu" "${S}/softmmu-build" |
1215 |
- fi |
1216 |
+ softmmu_targets=${softmmu_targets#,} |
1217 |
+ user_targets=${user_targets#,} |
1218 |
|
1219 |
- if [[ -n ${user_targets} ]]; then |
1220 |
- mkdir "${S}/user-build" |
1221 |
- qemu_src_configure "user" "${S}/user-build" |
1222 |
- fi |
1223 |
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" |
1224 |
+ [[ -n ${user_targets} ]] && qemu_src_configure "user" |
1225 |
+ [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools" |
1226 |
} |
1227 |
|
1228 |
src_compile() { |
1229 |
@@ -461,6 +522,11 @@ src_compile() { |
1230 |
cd "${S}/softmmu-build" |
1231 |
default |
1232 |
fi |
1233 |
+ |
1234 |
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then |
1235 |
+ cd "${S}/tools-build" |
1236 |
+ default |
1237 |
+ fi |
1238 |
} |
1239 |
|
1240 |
src_test() { |
1241 |
@@ -506,6 +572,11 @@ src_install() { |
1242 |
fi |
1243 |
fi |
1244 |
|
1245 |
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then |
1246 |
+ cd "${S}/tools-build" |
1247 |
+ emake DESTDIR="${ED}" install |
1248 |
+ fi |
1249 |
+ |
1250 |
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348 |
1251 |
pushd "${ED}"/usr/bin >/dev/null |
1252 |
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" |
1253 |
@@ -516,21 +587,21 @@ src_install() { |
1254 |
doins "${FILESDIR}/bridge.conf" |
1255 |
|
1256 |
# Remove the docdir placed qmp-commands.txt |
1257 |
- mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" |
1258 |
+ mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die |
1259 |
|
1260 |
cd "${S}" |
1261 |
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt |
1262 |
newdoc pc-bios/README README.pc-bios |
1263 |
- dodoc docs/qmp/*.txt |
1264 |
+ dodoc docs/qmp-*.txt |
1265 |
|
1266 |
- # Remove SeaBIOS since we're using the SeaBIOS packaged one |
1267 |
- rm "${ED}/usr/share/qemu/bios.bin" |
1268 |
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1269 |
- dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
1270 |
- fi |
1271 |
- |
1272 |
- # Remove vgabios since we're using the vgabios packaged one |
1273 |
if [[ -n ${softmmu_targets} ]]; then |
1274 |
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one |
1275 |
+ rm "${ED}/usr/share/qemu/bios.bin" |
1276 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1277 |
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
1278 |
+ fi |
1279 |
+ |
1280 |
+ # Remove vgabios since we're using the vgabios packaged one |
1281 |
rm "${ED}/usr/share/qemu/vgabios.bin" |
1282 |
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" |
1283 |
rm "${ED}/usr/share/qemu/vgabios-qxl.bin" |
1284 |
@@ -568,21 +639,6 @@ src_install() { |
1285 |
pkg_postinst() { |
1286 |
if qemu_support_kvm; then |
1287 |
readme.gentoo_print_elog |
1288 |
- ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" |
1289 |
- ewarn "save states has been removed starting with the 1.6.2 release" |
1290 |
- ewarn |
1291 |
- ewarn "It is recommended that you migrate any VMs that may be running" |
1292 |
- ewarn "on qemu-kvm to a host with a newer qemu and regenerate" |
1293 |
- ewarn "any saved states with a newer qemu." |
1294 |
- ewarn |
1295 |
- ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x" |
1296 |
- |
1297 |
- if use x86 || use amd64; then |
1298 |
- ewarn |
1299 |
- ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer" |
1300 |
- ewarn "installed. In order to use kvm acceleration, pass the flag" |
1301 |
- ewarn "-enable-kvm when running your system target." |
1302 |
- fi |
1303 |
fi |
1304 |
|
1305 |
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then |
1306 |
@@ -590,10 +646,6 @@ pkg_postinst() { |
1307 |
fi |
1308 |
|
1309 |
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper |
1310 |
- if use virtfs && [ -n "${softmmu_targets}" ]; then |
1311 |
- local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid" |
1312 |
- fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper |
1313 |
- fi |
1314 |
} |
1315 |
|
1316 |
pkg_info() { |
1317 |
@@ -601,7 +653,7 @@ pkg_info() { |
1318 |
echo " $(best_version app-emulation/spice-protocol)" |
1319 |
echo " $(best_version sys-firmware/ipxe)" |
1320 |
echo " $(best_version sys-firmware/seabios)" |
1321 |
- if has_version sys-firmware/seabios[binary]; then |
1322 |
+ if has_version 'sys-firmware/seabios[binary]'; then |
1323 |
echo " USE=binary" |
1324 |
else |
1325 |
echo " USE=''" |