1 |
commit: e67f10960bca69fdede54d77eb54c4ab72b98d08 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jul 26 17:10:46 2017 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jul 26 17:14:53 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67f1096 |
7 |
|
8 |
app-emulation/qemu: security fixes |
9 |
|
10 |
CVE-2017-11334, bug #621292 |
11 |
CVE-2017-11434, bug #625614 |
12 |
CVE-2017-9503, bug #621184 |
13 |
CVE-2017-9524, bug #621292 |
14 |
|
15 |
Package-Manager: Portage-2.3.6, Repoman-2.3.3 |
16 |
|
17 |
.../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 ++ |
18 |
.../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 + |
19 |
.../qemu/files/qemu-2.9.0-CVE-2017-7539.patch | 272 +++++++ |
20 |
.../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ++++ |
21 |
.../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++ |
22 |
.../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 +++ |
23 |
.../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 +++++ |
24 |
app-emulation/qemu/qemu-2.9.0-r55.ebuild | 792 +++++++++++++++++++++ |
25 |
8 files changed, 1646 insertions(+) |
26 |
|
27 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch |
28 |
new file mode 100644 |
29 |
index 00000000000..bfe4c7d89f2 |
30 |
--- /dev/null |
31 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch |
32 |
@@ -0,0 +1,40 @@ |
33 |
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest |
34 |
+From: Prasad J Pandit <address@hidden> |
35 |
+ |
36 |
+When accessing guest's ram block during DMA operation, use |
37 |
+'qemu_ram_ptr_length' to get ram block pointer. It ensures |
38 |
+that DMA operation of given length is possible; And avoids |
39 |
+any OOB memory access situations. |
40 |
+ |
41 |
+Reported-by: Alex <address@hidden> |
42 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
43 |
+Message-Id: <address@hidden> |
44 |
+Signed-off-by: Paolo Bonzini <address@hidden> |
45 |
+--- |
46 |
+ exec.c | 4 ++-- |
47 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
48 |
+ |
49 |
+diff --git a/exec.c b/exec.c |
50 |
+index a083ff8..ad103ce 100644 |
51 |
+--- a/exec.c |
52 |
++++ b/exec.c |
53 |
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, |
54 |
+ } |
55 |
+ } else { |
56 |
+ /* RAM case */ |
57 |
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); |
58 |
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); |
59 |
+ memcpy(ptr, buf, l); |
60 |
+ invalidate_and_set_dirty(mr, addr1, l); |
61 |
+ } |
62 |
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, |
63 |
+ } |
64 |
+ } else { |
65 |
+ /* RAM case */ |
66 |
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); |
67 |
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); |
68 |
+ memcpy(buf, ptr, l); |
69 |
+ } |
70 |
+ |
71 |
+-- |
72 |
+1.8.3.1 |
73 |
|
74 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch |
75 |
new file mode 100644 |
76 |
index 00000000000..5d32067c7a0 |
77 |
--- /dev/null |
78 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch |
79 |
@@ -0,0 +1,29 @@ |
80 |
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end |
81 |
+From: Prasad J Pandit <address@hidden> |
82 |
+ |
83 |
+While parsing dhcp options string in 'dhcp_decode', if an options' |
84 |
+length 'len' appeared towards the end of 'bp_vend' array, ensuing |
85 |
+read could lead to an OOB memory access issue. Add check to avoid it. |
86 |
+ |
87 |
+Reported-by: Reno Robert <address@hidden> |
88 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
89 |
+--- |
90 |
+ slirp/bootp.c | 3 +++ |
91 |
+ 1 file changed, 3 insertions(+) |
92 |
+ |
93 |
+diff --git a/slirp/bootp.c b/slirp/bootp.c |
94 |
+index 5a4646c..5dd1a41 100644 |
95 |
+--- a/slirp/bootp.c |
96 |
++++ b/slirp/bootp.c |
97 |
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, |
98 |
+ if (p >= p_end) |
99 |
+ break; |
100 |
+ len = *p++; |
101 |
++ if (p + len > p_end) { |
102 |
++ break; |
103 |
++ } |
104 |
+ DPRINTF("dhcp: tag=%d len=%d\n", tag, len); |
105 |
+ |
106 |
+ switch(tag) { |
107 |
+-- |
108 |
+2.9.4 |
109 |
|
110 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch |
111 |
new file mode 100644 |
112 |
index 00000000000..0b5987c6623 |
113 |
--- /dev/null |
114 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch |
115 |
@@ -0,0 +1,272 @@ |
116 |
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001 |
117 |
+From: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com> |
118 |
+Date: Fri, 2 Jun 2017 18:01:41 +0300 |
119 |
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends |
120 |
+ |
121 |
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in |
122 |
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through |
123 |
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} -> |
124 |
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without |
125 |
+setting any handlers. But starting from ff82911cd nbd_rwv (was |
126 |
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so |
127 |
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then, |
128 |
+let's just use nbd_{read,write,drop} functions. |
129 |
+ |
130 |
+Functions nbd_{read,write,drop} has errp parameter, which is unused in |
131 |
+this patch. This will be fixed later. |
132 |
+ |
133 |
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com> |
134 |
+Reviewed-by: Eric Blake <eblake@××××××.com> |
135 |
+Message-Id: <20170602150150.258222-4-vsementsov@×××××××××.com> |
136 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
137 |
+--- |
138 |
+ nbd/server.c | 107 ++++++++++++----------------------------------------------- |
139 |
+ 1 file changed, 22 insertions(+), 85 deletions(-) |
140 |
+ |
141 |
+diff --git a/nbd/server.c b/nbd/server.c |
142 |
+index d8bd927013..7f44ef0b15 100644 |
143 |
+--- a/nbd/server.c |
144 |
++++ b/nbd/server.c |
145 |
+@@ -104,69 +104,6 @@ struct NBDClient { |
146 |
+ |
147 |
+ static void nbd_client_receive_next_request(NBDClient *client); |
148 |
+ |
149 |
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc, |
150 |
+- GIOCondition condition, |
151 |
+- void *opaque) |
152 |
+-{ |
153 |
+- qemu_coroutine_enter(opaque); |
154 |
+- return TRUE; |
155 |
+-} |
156 |
+- |
157 |
+-static int nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size) |
158 |
+-{ |
159 |
+- ssize_t ret; |
160 |
+- guint watch; |
161 |
+- |
162 |
+- assert(qemu_in_coroutine()); |
163 |
+- /* Negotiation are always in main loop. */ |
164 |
+- watch = qio_channel_add_watch(ioc, |
165 |
+- G_IO_IN, |
166 |
+- nbd_negotiate_continue, |
167 |
+- qemu_coroutine_self(), |
168 |
+- NULL); |
169 |
+- ret = nbd_read(ioc, buffer, size, NULL); |
170 |
+- g_source_remove(watch); |
171 |
+- return ret; |
172 |
+- |
173 |
+-} |
174 |
+- |
175 |
+-static int nbd_negotiate_write(QIOChannel *ioc, const void *buffer, size_t size) |
176 |
+-{ |
177 |
+- ssize_t ret; |
178 |
+- guint watch; |
179 |
+- |
180 |
+- assert(qemu_in_coroutine()); |
181 |
+- /* Negotiation are always in main loop. */ |
182 |
+- watch = qio_channel_add_watch(ioc, |
183 |
+- G_IO_OUT, |
184 |
+- nbd_negotiate_continue, |
185 |
+- qemu_coroutine_self(), |
186 |
+- NULL); |
187 |
+- ret = nbd_write(ioc, buffer, size, NULL); |
188 |
+- g_source_remove(watch); |
189 |
+- return ret; |
190 |
+-} |
191 |
+- |
192 |
+-static int nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size) |
193 |
+-{ |
194 |
+- ssize_t ret; |
195 |
+- uint8_t *buffer = g_malloc(MIN(65536, size)); |
196 |
+- |
197 |
+- while (size > 0) { |
198 |
+- size_t count = MIN(65536, size); |
199 |
+- ret = nbd_negotiate_read(ioc, buffer, count); |
200 |
+- if (ret < 0) { |
201 |
+- g_free(buffer); |
202 |
+- return ret; |
203 |
+- } |
204 |
+- |
205 |
+- size -= count; |
206 |
+- } |
207 |
+- |
208 |
+- g_free(buffer); |
209 |
+- return 0; |
210 |
+-} |
211 |
+- |
212 |
+ /* Basic flow for negotiation |
213 |
+ |
214 |
+ Server Client |
215 |
+@@ -205,22 +142,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type, |
216 |
+ type, opt, len); |
217 |
+ |
218 |
+ magic = cpu_to_be64(NBD_REP_MAGIC); |
219 |
+- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) < 0) { |
220 |
++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) { |
221 |
+ LOG("write failed (rep magic)"); |
222 |
+ return -EINVAL; |
223 |
+ } |
224 |
+ opt = cpu_to_be32(opt); |
225 |
+- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) < 0) { |
226 |
++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) { |
227 |
+ LOG("write failed (rep opt)"); |
228 |
+ return -EINVAL; |
229 |
+ } |
230 |
+ type = cpu_to_be32(type); |
231 |
+- if (nbd_negotiate_write(ioc, &type, sizeof(type)) < 0) { |
232 |
++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) { |
233 |
+ LOG("write failed (rep type)"); |
234 |
+ return -EINVAL; |
235 |
+ } |
236 |
+ len = cpu_to_be32(len); |
237 |
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) { |
238 |
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) { |
239 |
+ LOG("write failed (rep data length)"); |
240 |
+ return -EINVAL; |
241 |
+ } |
242 |
+@@ -255,7 +192,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type, |
243 |
+ if (ret < 0) { |
244 |
+ goto out; |
245 |
+ } |
246 |
+- if (nbd_negotiate_write(ioc, msg, len) < 0) { |
247 |
++ if (nbd_write(ioc, msg, len, NULL) < 0) { |
248 |
+ LOG("write failed (error message)"); |
249 |
+ ret = -EIO; |
250 |
+ } else { |
251 |
+@@ -286,15 +223,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp) |
252 |
+ } |
253 |
+ |
254 |
+ len = cpu_to_be32(name_len); |
255 |
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) { |
256 |
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) { |
257 |
+ LOG("write failed (name length)"); |
258 |
+ return -EINVAL; |
259 |
+ } |
260 |
+- if (nbd_negotiate_write(ioc, name, name_len) < 0) { |
261 |
++ if (nbd_write(ioc, name, name_len, NULL) < 0) { |
262 |
+ LOG("write failed (name buffer)"); |
263 |
+ return -EINVAL; |
264 |
+ } |
265 |
+- if (nbd_negotiate_write(ioc, desc, desc_len) < 0) { |
266 |
++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) { |
267 |
+ LOG("write failed (description buffer)"); |
268 |
+ return -EINVAL; |
269 |
+ } |
270 |
+@@ -308,7 +245,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) |
271 |
+ NBDExport *exp; |
272 |
+ |
273 |
+ if (length) { |
274 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { |
275 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
276 |
+ return -EIO; |
277 |
+ } |
278 |
+ return nbd_negotiate_send_rep_err(client->ioc, |
279 |
+@@ -339,7 +276,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) |
280 |
+ LOG("Bad length received"); |
281 |
+ goto fail; |
282 |
+ } |
283 |
+- if (nbd_negotiate_read(client->ioc, name, length) < 0) { |
284 |
++ if (nbd_read(client->ioc, name, length, NULL) < 0) { |
285 |
+ LOG("read failed"); |
286 |
+ goto fail; |
287 |
+ } |
288 |
+@@ -372,7 +309,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, |
289 |
+ TRACE("Setting up TLS"); |
290 |
+ ioc = client->ioc; |
291 |
+ if (length) { |
292 |
+- if (nbd_negotiate_drop_sync(ioc, length) < 0) { |
293 |
++ if (nbd_drop(ioc, length, NULL) < 0) { |
294 |
+ return NULL; |
295 |
+ } |
296 |
+ nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS, |
297 |
+@@ -436,7 +373,7 @@ static int nbd_negotiate_options(NBDClient *client) |
298 |
+ ... Rest of request |
299 |
+ */ |
300 |
+ |
301 |
+- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) < 0) { |
302 |
++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) { |
303 |
+ LOG("read failed"); |
304 |
+ return -EIO; |
305 |
+ } |
306 |
+@@ -462,7 +399,7 @@ static int nbd_negotiate_options(NBDClient *client) |
307 |
+ uint32_t clientflags, length; |
308 |
+ uint64_t magic; |
309 |
+ |
310 |
+- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) < 0) { |
311 |
++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) { |
312 |
+ LOG("read failed"); |
313 |
+ return -EINVAL; |
314 |
+ } |
315 |
+@@ -472,15 +409,15 @@ static int nbd_negotiate_options(NBDClient *client) |
316 |
+ return -EINVAL; |
317 |
+ } |
318 |
+ |
319 |
+- if (nbd_negotiate_read(client->ioc, &clientflags, |
320 |
+- sizeof(clientflags)) < 0) |
321 |
++ if (nbd_read(client->ioc, &clientflags, |
322 |
++ sizeof(clientflags), NULL) < 0) |
323 |
+ { |
324 |
+ LOG("read failed"); |
325 |
+ return -EINVAL; |
326 |
+ } |
327 |
+ clientflags = be32_to_cpu(clientflags); |
328 |
+ |
329 |
+- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) < 0) { |
330 |
++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) { |
331 |
+ LOG("read failed"); |
332 |
+ return -EINVAL; |
333 |
+ } |
334 |
+@@ -510,7 +447,7 @@ static int nbd_negotiate_options(NBDClient *client) |
335 |
+ return -EINVAL; |
336 |
+ |
337 |
+ default: |
338 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { |
339 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
340 |
+ return -EIO; |
341 |
+ } |
342 |
+ ret = nbd_negotiate_send_rep_err(client->ioc, |
343 |
+@@ -548,7 +485,7 @@ static int nbd_negotiate_options(NBDClient *client) |
344 |
+ return nbd_negotiate_handle_export_name(client, length); |
345 |
+ |
346 |
+ case NBD_OPT_STARTTLS: |
347 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { |
348 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
349 |
+ return -EIO; |
350 |
+ } |
351 |
+ if (client->tlscreds) { |
352 |
+@@ -567,7 +504,7 @@ static int nbd_negotiate_options(NBDClient *client) |
353 |
+ } |
354 |
+ break; |
355 |
+ default: |
356 |
+- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) { |
357 |
++ if (nbd_drop(client->ioc, length, NULL) < 0) { |
358 |
+ return -EIO; |
359 |
+ } |
360 |
+ ret = nbd_negotiate_send_rep_err(client->ioc, |
361 |
+@@ -656,12 +593,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) |
362 |
+ TRACE("TLS cannot be enabled with oldstyle protocol"); |
363 |
+ goto fail; |
364 |
+ } |
365 |
+- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) < 0) { |
366 |
++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) { |
367 |
+ LOG("write failed"); |
368 |
+ goto fail; |
369 |
+ } |
370 |
+ } else { |
371 |
+- if (nbd_negotiate_write(client->ioc, buf, 18) < 0) { |
372 |
++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) { |
373 |
+ LOG("write failed"); |
374 |
+ goto fail; |
375 |
+ } |
376 |
+@@ -676,7 +613,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) |
377 |
+ stq_be_p(buf + 18, client->exp->size); |
378 |
+ stw_be_p(buf + 26, client->exp->nbdflags | myflags); |
379 |
+ len = client->no_zeroes ? 10 : sizeof(buf) - 18; |
380 |
+- if (nbd_negotiate_write(client->ioc, buf + 18, len) < 0) { |
381 |
++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) { |
382 |
+ LOG("write failed"); |
383 |
+ goto fail; |
384 |
+ } |
385 |
+-- |
386 |
+2.13.0 |
387 |
+ |
388 |
|
389 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch |
390 |
new file mode 100644 |
391 |
index 00000000000..01c81d10ec0 |
392 |
--- /dev/null |
393 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch |
394 |
@@ -0,0 +1,122 @@ |
395 |
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001 |
396 |
+From: Paolo Bonzini <pbonzini@××××××.com> |
397 |
+Date: Thu, 1 Jun 2017 17:26:14 +0200 |
398 |
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd |
399 |
+ |
400 |
+This ensures that the request is unref'ed properly, and avoids a |
401 |
+segmentation fault in the new qtest testcase that is added. |
402 |
+This is CVE-2017-9503. |
403 |
+ |
404 |
+Reported-by: Zhangyanyu <zyy4013@×××××××××××.cn> |
405 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
406 |
+--- |
407 |
+ hw/scsi/megasas.c | 31 ++++++++++++++++--------------- |
408 |
+ 2 files changed, 51 insertions(+), 15 deletions(-) |
409 |
+ |
410 |
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
411 |
+index 135662df31..734fdaef90 100644 |
412 |
+--- a/hw/scsi/megasas.c |
413 |
++++ b/hw/scsi/megasas.c |
414 |
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s) |
415 |
+ static void megasas_abort_command(MegasasCmd *cmd) |
416 |
+ { |
417 |
+ /* Never abort internal commands. */ |
418 |
++ if (cmd->dcmd_opcode != -1) { |
419 |
++ return; |
420 |
++ } |
421 |
+ if (cmd->req != NULL) { |
422 |
+ scsi_req_cancel(cmd->req); |
423 |
+ } |
424 |
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
425 |
+ uint64_t pd_size; |
426 |
+ uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); |
427 |
+ uint8_t cmdbuf[6]; |
428 |
+- SCSIRequest *req; |
429 |
+ size_t len, resid; |
430 |
+ |
431 |
+ if (!cmd->iov_buf) { |
432 |
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
433 |
+ info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */ |
434 |
+ info->vpd_page83[0] = 0x7f; |
435 |
+ megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data)); |
436 |
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
437 |
+- if (!req) { |
438 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
439 |
++ if (!cmd->req) { |
440 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
441 |
+ "PD get info std inquiry"); |
442 |
+ g_free(cmd->iov_buf); |
443 |
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, |
444 |
+ } |
445 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
446 |
+ "PD get info std inquiry", lun); |
447 |
+- len = scsi_req_enqueue(req); |
448 |
++ len = scsi_req_enqueue(cmd->req); |
449 |
+ if (len > 0) { |
450 |
+ cmd->iov_size = len; |
451 |
+- scsi_req_continue(req); |
452 |
++ scsi_req_continue(cmd->req); |
453 |
+ } |
454 |
+ return MFI_STAT_INVALID_STATUS; |
455 |
+ } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) { |
456 |
+ megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83)); |
457 |
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
458 |
+- if (!req) { |
459 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); |
460 |
++ if (!cmd->req) { |
461 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
462 |
+ "PD get info vpd inquiry"); |
463 |
+ return MFI_STAT_FLASH_ALLOC_FAIL; |
464 |
+ } |
465 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
466 |
+ "PD get info vpd inquiry", lun); |
467 |
+- len = scsi_req_enqueue(req); |
468 |
++ len = scsi_req_enqueue(cmd->req); |
469 |
+ if (len > 0) { |
470 |
+ cmd->iov_size = len; |
471 |
+- scsi_req_continue(req); |
472 |
++ scsi_req_continue(cmd->req); |
473 |
+ } |
474 |
+ return MFI_STAT_INVALID_STATUS; |
475 |
+ } |
476 |
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
477 |
+ struct mfi_ld_info *info = cmd->iov_buf; |
478 |
+ size_t dcmd_size = sizeof(struct mfi_ld_info); |
479 |
+ uint8_t cdb[6]; |
480 |
+- SCSIRequest *req; |
481 |
+ ssize_t len, resid; |
482 |
+ uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); |
483 |
+ uint64_t ld_size; |
484 |
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
485 |
+ cmd->iov_buf = g_malloc0(dcmd_size); |
486 |
+ info = cmd->iov_buf; |
487 |
+ megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83)); |
488 |
+- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); |
489 |
+- if (!req) { |
490 |
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); |
491 |
++ if (!cmd->req) { |
492 |
+ trace_megasas_dcmd_req_alloc_failed(cmd->index, |
493 |
+ "LD get info vpd inquiry"); |
494 |
+ g_free(cmd->iov_buf); |
495 |
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, |
496 |
+ } |
497 |
+ trace_megasas_dcmd_internal_submit(cmd->index, |
498 |
+ "LD get info vpd inquiry", lun); |
499 |
+- len = scsi_req_enqueue(req); |
500 |
++ len = scsi_req_enqueue(cmd->req); |
501 |
+ if (len > 0) { |
502 |
+ cmd->iov_size = len; |
503 |
+- scsi_req_continue(req); |
504 |
++ scsi_req_continue(cmd->req); |
505 |
+ } |
506 |
+ return MFI_STAT_INVALID_STATUS; |
507 |
+ } |
508 |
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status, |
509 |
+ return; |
510 |
+ } |
511 |
+ |
512 |
+- if (cmd->req == NULL) { |
513 |
++ if (cmd->dcmd_opcode != -1) { |
514 |
+ /* |
515 |
+ * Internal command complete |
516 |
+ */ |
517 |
|
518 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch |
519 |
new file mode 100644 |
520 |
index 00000000000..74725a92736 |
521 |
--- /dev/null |
522 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch |
523 |
@@ -0,0 +1,114 @@ |
524 |
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001 |
525 |
+From: Paolo Bonzini <pbonzini@××××××.com> |
526 |
+Date: Thu, 1 Jun 2017 17:18:23 +0200 |
527 |
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame |
528 |
+ |
529 |
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd |
530 |
+ |
531 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
532 |
+--- |
533 |
+ hw/scsi/megasas.c | 25 +++++++++++-------------- |
534 |
+ 1 file changed, 11 insertions(+), 14 deletions(-) |
535 |
+ |
536 |
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c |
537 |
+index c353118882..a3f75c1650 100644 |
538 |
+--- a/hw/scsi/megasas.c |
539 |
++++ b/hw/scsi/megasas.c |
540 |
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd { |
541 |
+ |
542 |
+ hwaddr pa; |
543 |
+ hwaddr pa_size; |
544 |
++ uint32_t dcmd_opcode; |
545 |
+ union mfi_frame *frame; |
546 |
+ SCSIRequest *req; |
547 |
+ QEMUSGList qsg; |
548 |
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s, |
549 |
+ cmd->context &= (uint64_t)0xFFFFFFFF; |
550 |
+ } |
551 |
+ cmd->count = count; |
552 |
++ cmd->dcmd_opcode = -1; |
553 |
+ s->busy++; |
554 |
+ |
555 |
+ if (s->consumer_pa) { |
556 |
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t { |
557 |
+ |
558 |
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) |
559 |
+ { |
560 |
+- int opcode; |
561 |
+ int retval = 0; |
562 |
+ size_t len; |
563 |
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; |
564 |
+ |
565 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
566 |
+- trace_megasas_handle_dcmd(cmd->index, opcode); |
567 |
++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
568 |
++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode); |
569 |
+ if (megasas_map_dcmd(s, cmd) < 0) { |
570 |
+ return MFI_STAT_MEMORY_NOT_AVAILABLE; |
571 |
+ } |
572 |
+- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { |
573 |
++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) { |
574 |
+ cmdptr++; |
575 |
+ } |
576 |
+ len = cmd->iov_size; |
577 |
+ if (cmdptr->opcode == -1) { |
578 |
+- trace_megasas_dcmd_unhandled(cmd->index, opcode, len); |
579 |
++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len); |
580 |
+ retval = megasas_dcmd_dummy(s, cmd); |
581 |
+ } else { |
582 |
+ trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len); |
583 |
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) |
584 |
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, |
585 |
+ SCSIRequest *req) |
586 |
+ { |
587 |
+- int opcode; |
588 |
+ int retval = MFI_STAT_OK; |
589 |
+ int lun = req->lun; |
590 |
+ |
591 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
592 |
+- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun); |
593 |
+- switch (opcode) { |
594 |
++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun); |
595 |
++ switch (cmd->dcmd_opcode) { |
596 |
+ case MFI_DCMD_PD_GET_INFO: |
597 |
+ retval = megasas_pd_get_info_submit(req->dev, lun, cmd); |
598 |
+ break; |
599 |
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, |
600 |
+ retval = megasas_ld_get_info_submit(req->dev, lun, cmd); |
601 |
+ break; |
602 |
+ default: |
603 |
+- trace_megasas_dcmd_internal_invalid(cmd->index, opcode); |
604 |
++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode); |
605 |
+ retval = MFI_STAT_INVALID_DCMD; |
606 |
+ break; |
607 |
+ } |
608 |
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
609 |
+ { |
610 |
+ MegasasCmd *cmd = req->hba_private; |
611 |
+ uint8_t *buf; |
612 |
+- uint32_t opcode; |
613 |
+ |
614 |
+ trace_megasas_io_complete(cmd->index, len); |
615 |
+ |
616 |
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
617 |
+ } |
618 |
+ |
619 |
+ buf = scsi_req_get_buf(req); |
620 |
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); |
621 |
+- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { |
622 |
++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { |
623 |
+ struct mfi_pd_info *info = cmd->iov_buf; |
624 |
+ |
625 |
+ if (info->inquiry_data[0] == 0x7f) { |
626 |
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) |
627 |
+ memcpy(info->vpd_page83, buf, len); |
628 |
+ } |
629 |
+ scsi_req_continue(req); |
630 |
+- } else if (opcode == MFI_DCMD_LD_GET_INFO) { |
631 |
++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) { |
632 |
+ struct mfi_ld_info *info = cmd->iov_buf; |
633 |
+ |
634 |
+ if (cmd->iov_buf) { |
635 |
+-- |
636 |
+2.13.0 |
637 |
+ |
638 |
|
639 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch |
640 |
new file mode 100644 |
641 |
index 00000000000..9d77193b1f6 |
642 |
--- /dev/null |
643 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch |
644 |
@@ -0,0 +1,80 @@ |
645 |
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001 |
646 |
+From: Eric Blake <eblake@××××××.com> |
647 |
+Date: Fri, 26 May 2017 22:04:21 -0500 |
648 |
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation |
649 |
+ |
650 |
+If a non-NBD client connects to qemu-nbd, we would end up with |
651 |
+a SIGSEGV in nbd_client_put() because we were trying to |
652 |
+unregister the client's association to the export, even though |
653 |
+we skipped inserting the client into that list. Easy trigger |
654 |
+in two terminals: |
655 |
+ |
656 |
+$ qemu-nbd -p 30001 --format=raw file |
657 |
+$ nmap 127.0.0.1 -p 30001 |
658 |
+ |
659 |
+nmap claims that it thinks it connected to a pago-services1 |
660 |
+server (which probably means nmap could be updated to learn the |
661 |
+NBD protocol and give a more accurate diagnosis of the open |
662 |
+port - but that's not our problem), then terminates immediately, |
663 |
+so our call to nbd_negotiate() fails. The fix is to reorder |
664 |
+nbd_co_client_start() to ensure that all initialization occurs |
665 |
+before we ever try talking to a client in nbd_negotiate(), so |
666 |
+that the teardown sequence on negotiation failure doesn't fault |
667 |
+while dereferencing a half-initialized object. |
668 |
+ |
669 |
+While debugging this, I also noticed that nbd_update_server_watch() |
670 |
+called by nbd_client_closed() was still adding a channel to accept |
671 |
+the next client, even when the state was no longer RUNNING. That |
672 |
+is fixed by making nbd_can_accept() pay attention to the current |
673 |
+state. |
674 |
+ |
675 |
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 |
676 |
+ |
677 |
+Signed-off-by: Eric Blake <eblake@××××××.com> |
678 |
+Message-Id: <20170527030421.28366-1-eblake@××××××.com> |
679 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
680 |
+--- |
681 |
+ nbd/server.c | 8 +++----- |
682 |
+ qemu-nbd.c | 2 +- |
683 |
+ 2 files changed, 4 insertions(+), 6 deletions(-) |
684 |
+ |
685 |
+diff --git a/nbd/server.c b/nbd/server.c |
686 |
+index ee59e5d234..49b55f6ede 100644 |
687 |
+--- a/nbd/server.c |
688 |
++++ b/nbd/server.c |
689 |
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque) |
690 |
+ |
691 |
+ if (exp) { |
692 |
+ nbd_export_get(exp); |
693 |
++ QTAILQ_INSERT_TAIL(&exp->clients, client, next); |
694 |
+ } |
695 |
++ qemu_co_mutex_init(&client->send_lock); |
696 |
++ |
697 |
+ if (nbd_negotiate(data)) { |
698 |
+ client_close(client); |
699 |
+ goto out; |
700 |
+ } |
701 |
+- qemu_co_mutex_init(&client->send_lock); |
702 |
+- |
703 |
+- if (exp) { |
704 |
+- QTAILQ_INSERT_TAIL(&exp->clients, client, next); |
705 |
+- } |
706 |
+ |
707 |
+ nbd_client_receive_next_request(client); |
708 |
+ |
709 |
+diff --git a/qemu-nbd.c b/qemu-nbd.c |
710 |
+index f60842fd86..651f85ecc1 100644 |
711 |
+--- a/qemu-nbd.c |
712 |
++++ b/qemu-nbd.c |
713 |
+@@ -325,7 +325,7 @@ out: |
714 |
+ |
715 |
+ static int nbd_can_accept(void) |
716 |
+ { |
717 |
+- return nb_fds < shared; |
718 |
++ return state == RUNNING && nb_fds < shared; |
719 |
+ } |
720 |
+ |
721 |
+ static void nbd_export_closed(NBDExport *exp) |
722 |
+-- |
723 |
+2.13.0 |
724 |
+ |
725 |
|
726 |
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch |
727 |
new file mode 100644 |
728 |
index 00000000000..e6934b379a2 |
729 |
--- /dev/null |
730 |
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch |
731 |
@@ -0,0 +1,197 @@ |
732 |
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001 |
733 |
+From: Eric Blake <eblake@××××××.com> |
734 |
+Date: Thu, 8 Jun 2017 17:26:17 -0500 |
735 |
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan |
736 |
+ |
737 |
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient |
738 |
+server would not quit, regardless of how many probe connections |
739 |
+came and went, until a connection actually negotiated). But we |
740 |
+broke that in commit ee7d7aa when removing the return value to |
741 |
+nbd_client_new(), although that patch also introduced a bug causing |
742 |
+an assertion failure on a client that fails negotiation. We then |
743 |
+made it worse during refactoring in commit 1a6245a (a segfault |
744 |
+before we could even assert); the (masked) assertion was cleaned |
745 |
+up in d3780c2 (still in 2.6), and just recently we finally fixed |
746 |
+the segfault ("nbd: Fully intialize client in case of failed |
747 |
+negotiation"). But that still means that ever since we added |
748 |
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed |
749 |
+port-scan being able to cause a denial of service by taking down |
750 |
+qemu-nbd before a real client has a chance to connect. |
751 |
+ |
752 |
+Since negotiation is now handled asynchronously via coroutines, |
753 |
+we no longer have a synchronous point of return by re-adding a |
754 |
+return value to nbd_client_new(). So this patch instead wires |
755 |
+things up to pass the negotiation status through the close_fn |
756 |
+callback function. |
757 |
+ |
758 |
+Simple test across two terminals: |
759 |
+$ qemu-nbd -f raw -p 30001 file |
760 |
+$ nmap 127.0.0.1 -p 30001 && \ |
761 |
+ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 |
762 |
+ |
763 |
+Note that this patch does not change what constitutes successful |
764 |
+negotiation (thus, a client must enter transmission phase before |
765 |
+that client can be considered as a reason to terminate the server |
766 |
+when the connection ends). Perhaps we may want to tweak things |
767 |
+in a later patch to also treat a client that uses NBD_OPT_ABORT |
768 |
+as being a 'successful' negotiation (the client correctly talked |
769 |
+the NBD protocol, and informed us it was not going to use our |
770 |
+export after all), but that's a discussion for another day. |
771 |
+ |
772 |
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 |
773 |
+ |
774 |
+Signed-off-by: Eric Blake <eblake@××××××.com> |
775 |
+Message-Id: <20170608222617.20376-1-eblake@××××××.com> |
776 |
+Signed-off-by: Paolo Bonzini <pbonzini@××××××.com> |
777 |
+--- |
778 |
+ blockdev-nbd.c | 6 +++++- |
779 |
+ include/block/nbd.h | 2 +- |
780 |
+ nbd/server.c | 24 +++++++++++++++--------- |
781 |
+ qemu-nbd.c | 4 ++-- |
782 |
+ 4 files changed, 23 insertions(+), 13 deletions(-) |
783 |
+ |
784 |
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c |
785 |
+index dd0860f4a6..28f551a7b0 100644 |
786 |
+--- a/blockdev-nbd.c |
787 |
++++ b/blockdev-nbd.c |
788 |
+@@ -27,6 +27,10 @@ typedef struct NBDServerData { |
789 |
+ |
790 |
+ static NBDServerData *nbd_server; |
791 |
+ |
792 |
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) |
793 |
++{ |
794 |
++ nbd_client_put(client); |
795 |
++} |
796 |
+ |
797 |
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, |
798 |
+ gpointer opaque) |
799 |
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, |
800 |
+ qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); |
801 |
+ nbd_client_new(NULL, cioc, |
802 |
+ nbd_server->tlscreds, NULL, |
803 |
+- nbd_client_put); |
804 |
++ nbd_blockdev_client_closed); |
805 |
+ object_unref(OBJECT(cioc)); |
806 |
+ return TRUE; |
807 |
+ } |
808 |
+diff --git a/include/block/nbd.h b/include/block/nbd.h |
809 |
+index 416257abca..8fa5ce51f3 100644 |
810 |
+--- a/include/block/nbd.h |
811 |
++++ b/include/block/nbd.h |
812 |
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp, |
813 |
+ QIOChannelSocket *sioc, |
814 |
+ QCryptoTLSCreds *tlscreds, |
815 |
+ const char *tlsaclname, |
816 |
+- void (*close)(NBDClient *)); |
817 |
++ void (*close_fn)(NBDClient *, bool)); |
818 |
+ void nbd_client_get(NBDClient *client); |
819 |
+ void nbd_client_put(NBDClient *client); |
820 |
+ |
821 |
+diff --git a/nbd/server.c b/nbd/server.c |
822 |
+index 49b55f6ede..f2b1aa47ce 100644 |
823 |
+--- a/nbd/server.c |
824 |
++++ b/nbd/server.c |
825 |
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); |
826 |
+ |
827 |
+ struct NBDClient { |
828 |
+ int refcount; |
829 |
+- void (*close)(NBDClient *client); |
830 |
++ void (*close_fn)(NBDClient *client, bool negotiated); |
831 |
+ |
832 |
+ bool no_zeroes; |
833 |
+ NBDExport *exp; |
834 |
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client) |
835 |
+ } |
836 |
+ } |
837 |
+ |
838 |
+-static void client_close(NBDClient *client) |
839 |
++static void client_close(NBDClient *client, bool negotiated) |
840 |
+ { |
841 |
+ if (client->closing) { |
842 |
+ return; |
843 |
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client) |
844 |
+ NULL); |
845 |
+ |
846 |
+ /* Also tell the client, so that they release their reference. */ |
847 |
+- if (client->close) { |
848 |
+- client->close(client); |
849 |
++ if (client->close_fn) { |
850 |
++ client->close_fn(client, negotiated); |
851 |
+ } |
852 |
+ } |
853 |
+ |
854 |
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp) |
855 |
+ |
856 |
+ nbd_export_get(exp); |
857 |
+ QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { |
858 |
+- client_close(client); |
859 |
++ client_close(client, true); |
860 |
+ } |
861 |
+ nbd_export_set_name(exp, NULL); |
862 |
+ nbd_export_set_description(exp, NULL); |
863 |
+@@ -1337,7 +1337,7 @@ done: |
864 |
+ |
865 |
+ out: |
866 |
+ nbd_request_put(req); |
867 |
+- client_close(client); |
868 |
++ client_close(client, true); |
869 |
+ nbd_client_put(client); |
870 |
+ } |
871 |
+ |
872 |
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) |
873 |
+ qemu_co_mutex_init(&client->send_lock); |
874 |
+ |
875 |
+ if (nbd_negotiate(data)) { |
876 |
+- client_close(client); |
877 |
++ client_close(client, false); |
878 |
+ goto out; |
879 |
+ } |
880 |
+ |
881 |
+@@ -1373,11 +1373,17 @@ out: |
882 |
+ g_free(data); |
883 |
+ } |
884 |
+ |
885 |
++/* |
886 |
++ * Create a new client listener on the given export @exp, using the |
887 |
++ * given channel @sioc. Begin servicing it in a coroutine. When the |
888 |
++ * connection closes, call @close_fn with an indication of whether the |
889 |
++ * client completed negotiation. |
890 |
++ */ |
891 |
+ void nbd_client_new(NBDExport *exp, |
892 |
+ QIOChannelSocket *sioc, |
893 |
+ QCryptoTLSCreds *tlscreds, |
894 |
+ const char *tlsaclname, |
895 |
+- void (*close_fn)(NBDClient *)) |
896 |
++ void (*close_fn)(NBDClient *, bool)) |
897 |
+ { |
898 |
+ NBDClient *client; |
899 |
+ NBDClientNewData *data = g_new(NBDClientNewData, 1); |
900 |
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp, |
901 |
+ object_ref(OBJECT(client->sioc)); |
902 |
+ client->ioc = QIO_CHANNEL(sioc); |
903 |
+ object_ref(OBJECT(client->ioc)); |
904 |
+- client->close = close_fn; |
905 |
++ client->close_fn = close_fn; |
906 |
+ |
907 |
+ data->client = client; |
908 |
+ data->co = qemu_coroutine_create(nbd_co_client_start, data); |
909 |
+diff --git a/qemu-nbd.c b/qemu-nbd.c |
910 |
+index 651f85ecc1..9464a0461c 100644 |
911 |
+--- a/qemu-nbd.c |
912 |
++++ b/qemu-nbd.c |
913 |
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp) |
914 |
+ |
915 |
+ static void nbd_update_server_watch(void); |
916 |
+ |
917 |
+-static void nbd_client_closed(NBDClient *client) |
918 |
++static void nbd_client_closed(NBDClient *client, bool negotiated) |
919 |
+ { |
920 |
+ nb_fds--; |
921 |
+- if (nb_fds == 0 && !persistent && state == RUNNING) { |
922 |
++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) { |
923 |
+ state = TERMINATE; |
924 |
+ } |
925 |
+ nbd_update_server_watch(); |
926 |
+-- |
927 |
+2.13.0 |
928 |
+ |
929 |
|
930 |
diff --git a/app-emulation/qemu/qemu-2.9.0-r55.ebuild b/app-emulation/qemu/qemu-2.9.0-r55.ebuild |
931 |
new file mode 100644 |
932 |
index 00000000000..4a7f4b1c5f1 |
933 |
--- /dev/null |
934 |
+++ b/app-emulation/qemu/qemu-2.9.0-r55.ebuild |
935 |
@@ -0,0 +1,792 @@ |
936 |
+# Copyright 1999-2017 Gentoo Foundation |
937 |
+# Distributed under the terms of the GNU General Public License v2 |
938 |
+ |
939 |
+EAPI="6" |
940 |
+ |
941 |
+PYTHON_COMPAT=( python2_7 ) |
942 |
+PYTHON_REQ_USE="ncurses,readline" |
943 |
+ |
944 |
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN" |
945 |
+ |
946 |
+FIRMWARE_ABI_VERSION="2.9.0-r52" |
947 |
+ |
948 |
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ |
949 |
+ user udev fcaps readme.gentoo-r1 pax-utils l10n |
950 |
+ |
951 |
+if [[ ${PV} = *9999* ]]; then |
952 |
+ EGIT_REPO_URI="git://git.qemu.org/qemu.git" |
953 |
+ inherit git-r3 |
954 |
+ SRC_URI="" |
955 |
+else |
956 |
+ SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" |
957 |
+ KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" |
958 |
+fi |
959 |
+ |
960 |
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
961 |
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" |
962 |
+ |
963 |
+LICENSE="GPL-2 LGPL-2 BSD-2" |
964 |
+SLOT="0" |
965 |
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt |
966 |
+ glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux |
967 |
+ kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png |
968 |
+ pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy |
969 |
+ spice ssh static static-user systemtap tci test usb usbredir vde |
970 |
+ +vhost-net virgl virtfs +vnc vte xattr xen xfs" |
971 |
+ |
972 |
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel |
973 |
+ mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc |
974 |
+ sparc64 x86_64" |
975 |
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} |
976 |
+ lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" |
977 |
+IUSE_USER_TARGETS="${COMMON_TARGETS} |
978 |
+ armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" |
979 |
+ |
980 |
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) |
981 |
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) |
982 |
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}" |
983 |
+ |
984 |
+# Allow no targets to be built so that people can get a tools-only build. |
985 |
+# Block USE flag configurations known to not work. |
986 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE} |
987 |
+ gtk2? ( gtk ) |
988 |
+ qemu_softmmu_targets_arm? ( fdt ) |
989 |
+ qemu_softmmu_targets_microblaze? ( fdt ) |
990 |
+ qemu_softmmu_targets_mips64el? ( fdt ) |
991 |
+ qemu_softmmu_targets_ppc? ( fdt ) |
992 |
+ qemu_softmmu_targets_ppc64? ( fdt ) |
993 |
+ sdl2? ( sdl ) |
994 |
+ static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) |
995 |
+ virtfs? ( xattr ) |
996 |
+ vte? ( gtk )" |
997 |
+ |
998 |
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
999 |
+# and user/softmmu targets (qemu-*, qemu-system-*). |
1000 |
+# |
1001 |
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. |
1002 |
+# |
1003 |
+# The attr lib isn't always linked in (although the USE flag is always |
1004 |
+# respected). This is because qemu supports using the C library's API |
1005 |
+# when available rather than always using the extranl library. |
1006 |
+ALL_DEPEND=" |
1007 |
+ >=dev-libs/glib-2.0[static-libs(+)] |
1008 |
+ sys-libs/zlib[static-libs(+)] |
1009 |
+ python? ( ${PYTHON_DEPS} ) |
1010 |
+ systemtap? ( dev-util/systemtap ) |
1011 |
+ xattr? ( sys-apps/attr[static-libs(+)] )" |
1012 |
+ |
1013 |
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) |
1014 |
+# softmmu targets (qemu-system-*). |
1015 |
+SOFTMMU_TOOLS_DEPEND=" |
1016 |
+ >=x11-libs/pixman-0.28.0[static-libs(+)] |
1017 |
+ accessibility? ( |
1018 |
+ app-accessibility/brltty[api] |
1019 |
+ app-accessibility/brltty[static-libs(+)] |
1020 |
+ ) |
1021 |
+ aio? ( dev-libs/libaio[static-libs(+)] ) |
1022 |
+ alsa? ( >=media-libs/alsa-lib-1.0.13 ) |
1023 |
+ bluetooth? ( net-wireless/bluez ) |
1024 |
+ bzip2? ( app-arch/bzip2[static-libs(+)] ) |
1025 |
+ caps? ( sys-libs/libcap-ng[static-libs(+)] ) |
1026 |
+ curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) |
1027 |
+ fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) |
1028 |
+ glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) |
1029 |
+ gnutls? ( |
1030 |
+ dev-libs/nettle:=[static-libs(+)] |
1031 |
+ >=net-libs/gnutls-3.0:=[static-libs(+)] |
1032 |
+ ) |
1033 |
+ gtk? ( |
1034 |
+ gtk2? ( |
1035 |
+ x11-libs/gtk+:2 |
1036 |
+ vte? ( x11-libs/vte:0 ) |
1037 |
+ ) |
1038 |
+ !gtk2? ( |
1039 |
+ x11-libs/gtk+:3 |
1040 |
+ vte? ( x11-libs/vte:2.91 ) |
1041 |
+ ) |
1042 |
+ ) |
1043 |
+ infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) |
1044 |
+ iscsi? ( net-libs/libiscsi ) |
1045 |
+ jpeg? ( virtual/jpeg:0=[static-libs(+)] ) |
1046 |
+ lzo? ( dev-libs/lzo:2[static-libs(+)] ) |
1047 |
+ ncurses? ( |
1048 |
+ sys-libs/ncurses:0=[unicode] |
1049 |
+ sys-libs/ncurses:0=[static-libs(+)] |
1050 |
+ ) |
1051 |
+ nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) |
1052 |
+ numa? ( sys-process/numactl[static-libs(+)] ) |
1053 |
+ opengl? ( |
1054 |
+ virtual/opengl |
1055 |
+ media-libs/libepoxy[static-libs(+)] |
1056 |
+ media-libs/mesa[static-libs(+)] |
1057 |
+ media-libs/mesa[egl,gbm] |
1058 |
+ ) |
1059 |
+ png? ( media-libs/libpng:0=[static-libs(+)] ) |
1060 |
+ pulseaudio? ( media-sound/pulseaudio ) |
1061 |
+ rbd? ( sys-cluster/ceph[static-libs(+)] ) |
1062 |
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) |
1063 |
+ sdl? ( |
1064 |
+ !sdl2? ( |
1065 |
+ media-libs/libsdl[X] |
1066 |
+ >=media-libs/libsdl-1.2.11[static-libs(+)] |
1067 |
+ ) |
1068 |
+ sdl2? ( |
1069 |
+ media-libs/libsdl2[X] |
1070 |
+ media-libs/libsdl2[static-libs(+)] |
1071 |
+ ) |
1072 |
+ ) |
1073 |
+ seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) |
1074 |
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) |
1075 |
+ snappy? ( app-arch/snappy:=[static-libs(+)] ) |
1076 |
+ spice? ( |
1077 |
+ >=app-emulation/spice-protocol-0.12.3 |
1078 |
+ >=app-emulation/spice-0.12.0[static-libs(+)] |
1079 |
+ ) |
1080 |
+ ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) |
1081 |
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) |
1082 |
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) |
1083 |
+ vde? ( net-misc/vde[static-libs(+)] ) |
1084 |
+ virgl? ( media-libs/virglrenderer[static-libs(+)] ) |
1085 |
+ virtfs? ( sys-libs/libcap ) |
1086 |
+ xen? ( app-emulation/xen-tools:= ) |
1087 |
+ xfs? ( sys-fs/xfsprogs[static-libs(+)] )" |
1088 |
+ |
1089 |
+X86_FIRMWARE_DEPEND=" |
1090 |
+ pin-upstream-blobs? ( |
1091 |
+ ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] |
1092 |
+ ~sys-firmware/ipxe-1.0.0_p20160620 |
1093 |
+ ~sys-firmware/seabios-1.10.2[binary,seavgabios] |
1094 |
+ ~sys-firmware/sgabios-0.1_pre8 |
1095 |
+ ) |
1096 |
+ !pin-upstream-blobs? ( |
1097 |
+ sys-firmware/edk2-ovmf |
1098 |
+ sys-firmware/ipxe |
1099 |
+ >=sys-firmware/seabios-1.10.2[seavgabios] |
1100 |
+ sys-firmware/sgabios |
1101 |
+ )" |
1102 |
+ |
1103 |
+CDEPEND=" |
1104 |
+ !static? ( |
1105 |
+ ${ALL_DEPEND//\[static-libs(+)]} |
1106 |
+ ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} |
1107 |
+ ) |
1108 |
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) |
1109 |
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" |
1110 |
+DEPEND="${CDEPEND} |
1111 |
+ dev-lang/perl |
1112 |
+ =dev-lang/python-2* |
1113 |
+ sys-apps/texinfo |
1114 |
+ virtual/pkgconfig |
1115 |
+ kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) |
1116 |
+ gtk? ( nls? ( sys-devel/gettext ) ) |
1117 |
+ static? ( |
1118 |
+ ${ALL_DEPEND} |
1119 |
+ ${SOFTMMU_TOOLS_DEPEND} |
1120 |
+ ) |
1121 |
+ static-user? ( ${ALL_DEPEND} ) |
1122 |
+ test? ( |
1123 |
+ dev-libs/glib[utils] |
1124 |
+ sys-devel/bc |
1125 |
+ )" |
1126 |
+RDEPEND="${CDEPEND} |
1127 |
+ selinux? ( sec-policy/selinux-qemu )" |
1128 |
+ |
1129 |
+PATCHES=( |
1130 |
+ "${FILESDIR}"/${PN}-2.5.0-cflags.patch |
1131 |
+ "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
1132 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 |
1133 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 |
1134 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 |
1135 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 |
1136 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 |
1137 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 |
1138 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 |
1139 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 |
1140 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch |
1141 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 |
1142 |
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch |
1143 |
+) |
1144 |
+ |
1145 |
+ |
1146 |
+STRIP_MASK="/usr/share/qemu/palcode-clipper" |
1147 |
+ |
1148 |
+QA_PREBUILT=" |
1149 |
+ usr/share/qemu/openbios-ppc |
1150 |
+ usr/share/qemu/openbios-sparc64 |
1151 |
+ usr/share/qemu/openbios-sparc32 |
1152 |
+ usr/share/qemu/palcode-clipper |
1153 |
+ usr/share/qemu/s390-ccw.img |
1154 |
+ usr/share/qemu/u-boot.e500" |
1155 |
+ |
1156 |
+QA_WX_LOAD="usr/bin/qemu-i386 |
1157 |
+ usr/bin/qemu-x86_64 |
1158 |
+ usr/bin/qemu-alpha |
1159 |
+ usr/bin/qemu-arm |
1160 |
+ usr/bin/qemu-cris |
1161 |
+ usr/bin/qemu-m68k |
1162 |
+ usr/bin/qemu-microblaze |
1163 |
+ usr/bin/qemu-microblazeel |
1164 |
+ usr/bin/qemu-mips |
1165 |
+ usr/bin/qemu-mipsel |
1166 |
+ usr/bin/qemu-or1k |
1167 |
+ usr/bin/qemu-ppc |
1168 |
+ usr/bin/qemu-ppc64 |
1169 |
+ usr/bin/qemu-ppc64abi32 |
1170 |
+ usr/bin/qemu-sh4 |
1171 |
+ usr/bin/qemu-sh4eb |
1172 |
+ usr/bin/qemu-sparc |
1173 |
+ usr/bin/qemu-sparc64 |
1174 |
+ usr/bin/qemu-armeb |
1175 |
+ usr/bin/qemu-sparc32plus |
1176 |
+ usr/bin/qemu-s390x |
1177 |
+ usr/bin/qemu-unicore32" |
1178 |
+ |
1179 |
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the |
1180 |
+kernel module loaded before running kvm. The easiest way to ensure that the |
1181 |
+kernel module is loaded is to load it on boot. |
1182 |
+ For AMD CPUs the module is called 'kvm-amd'. |
1183 |
+ For Intel CPUs the module is called 'kvm-intel'. |
1184 |
+Please review /etc/conf.d/modules for how to load these. |
1185 |
+ |
1186 |
+Make sure your user is in the 'kvm' group. Just run |
1187 |
+ $ gpasswd -a <USER> kvm |
1188 |
+then have <USER> re-login. |
1189 |
+ |
1190 |
+For brand new installs, the default permissions on /dev/kvm might not let |
1191 |
+you access it. You can tell udev to reset ownership/perms: |
1192 |
+ $ udevadm trigger -c add /dev/kvm |
1193 |
+ |
1194 |
+If you want to register binfmt handlers for qemu user targets: |
1195 |
+For openrc: |
1196 |
+ # rc-update add qemu-binfmt |
1197 |
+For systemd: |
1198 |
+ # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" |
1199 |
+ |
1200 |
+pkg_pretend() { |
1201 |
+ if use kernel_linux && kernel_is lt 2 6 25; then |
1202 |
+ eerror "This version of KVM requres a host kernel of 2.6.25 or higher." |
1203 |
+ elif use kernel_linux; then |
1204 |
+ if ! linux_config_exists; then |
1205 |
+ eerror "Unable to check your kernel for KVM support" |
1206 |
+ else |
1207 |
+ CONFIG_CHECK="~KVM ~TUN ~BRIDGE" |
1208 |
+ ERROR_KVM="You must enable KVM in your kernel to continue" |
1209 |
+ ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" |
1210 |
+ ERROR_KVM_AMD+=" your kernel configuration." |
1211 |
+ ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" |
1212 |
+ ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." |
1213 |
+ ERROR_TUN="You will need the Universal TUN/TAP driver compiled" |
1214 |
+ ERROR_TUN+=" into your kernel or loaded as a module to use the" |
1215 |
+ ERROR_TUN+=" virtual network device if using -net tap." |
1216 |
+ ERROR_BRIDGE="You will also need support for 802.1d" |
1217 |
+ ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." |
1218 |
+ use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" |
1219 |
+ ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" |
1220 |
+ ERROR_VHOST_NET+=" support" |
1221 |
+ |
1222 |
+ if use amd64 || use x86 || use amd64-linux || use x86-linux; then |
1223 |
+ CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" |
1224 |
+ fi |
1225 |
+ |
1226 |
+ use python && CONFIG_CHECK+=" ~DEBUG_FS" |
1227 |
+ ERROR_DEBUG_FS="debugFS support required for kvm_stat" |
1228 |
+ |
1229 |
+ # Now do the actual checks setup above |
1230 |
+ check_extra_config |
1231 |
+ fi |
1232 |
+ fi |
1233 |
+ |
1234 |
+ if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then |
1235 |
+ eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" |
1236 |
+ eerror "instances are still pointing to it. Please update your" |
1237 |
+ eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" |
1238 |
+ eerror "and the right system binary (e.g. qemu-system-x86_64)." |
1239 |
+ die "update your virt configs to not use qemu-kvm" |
1240 |
+ fi |
1241 |
+} |
1242 |
+ |
1243 |
+pkg_setup() { |
1244 |
+ enewgroup kvm 78 |
1245 |
+} |
1246 |
+ |
1247 |
+# Sanity check to make sure target lists are kept up-to-date. |
1248 |
+check_targets() { |
1249 |
+ local var=$1 mak=$2 |
1250 |
+ local detected sorted |
1251 |
+ |
1252 |
+ pushd "${S}"/default-configs >/dev/null || die |
1253 |
+ |
1254 |
+ # Force C locale until glibc is updated. #564936 |
1255 |
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) |
1256 |
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) |
1257 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
1258 |
+ eerror "The ebuild needs to be kept in sync." |
1259 |
+ eerror "${var}: ${sorted}" |
1260 |
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}" |
1261 |
+ die "sync ${var} to the list of targets" |
1262 |
+ fi |
1263 |
+ |
1264 |
+ popd >/dev/null |
1265 |
+} |
1266 |
+ |
1267 |
+handle_locales() { |
1268 |
+ # Make sure locale list is kept up-to-date. |
1269 |
+ local detected sorted |
1270 |
+ detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) |
1271 |
+ sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) |
1272 |
+ if [[ ${sorted} != "${detected}" ]] ; then |
1273 |
+ eerror "The ebuild needs to be kept in sync." |
1274 |
+ eerror "PLOCALES: ${sorted}" |
1275 |
+ eerror " po/*.po: ${detected}" |
1276 |
+ die "sync PLOCALES" |
1277 |
+ fi |
1278 |
+ |
1279 |
+ # Deal with selective install of locales. |
1280 |
+ if use nls ; then |
1281 |
+ # Delete locales the user does not want. #577814 |
1282 |
+ rm_loc() { rm po/$1.po || die; } |
1283 |
+ l10n_for_each_disabled_locale_do rm_loc |
1284 |
+ else |
1285 |
+ # Cheap hack to disable gettext .mo generation. |
1286 |
+ rm -f po/*.po |
1287 |
+ fi |
1288 |
+} |
1289 |
+ |
1290 |
+src_prepare() { |
1291 |
+ check_targets IUSE_SOFTMMU_TARGETS softmmu |
1292 |
+ check_targets IUSE_USER_TARGETS linux-user |
1293 |
+ |
1294 |
+ # Alter target makefiles to accept CFLAGS set via flag-o |
1295 |
+ sed -i -r \ |
1296 |
+ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ |
1297 |
+ Makefile Makefile.target || die |
1298 |
+ |
1299 |
+ default |
1300 |
+ |
1301 |
+ # Fix ld and objcopy being called directly |
1302 |
+ tc-export AR LD OBJCOPY |
1303 |
+ |
1304 |
+ # Verbose builds |
1305 |
+ MAKEOPTS+=" V=1" |
1306 |
+ |
1307 |
+ # Run after we've applied all patches. |
1308 |
+ handle_locales |
1309 |
+} |
1310 |
+ |
1311 |
+## |
1312 |
+# configures qemu based on the build directory and the build type |
1313 |
+# we are using. |
1314 |
+# |
1315 |
+qemu_src_configure() { |
1316 |
+ debug-print-function ${FUNCNAME} "$@" |
1317 |
+ |
1318 |
+ local buildtype=$1 |
1319 |
+ local builddir="${S}/${buildtype}-build" |
1320 |
+ |
1321 |
+ mkdir "${builddir}" |
1322 |
+ |
1323 |
+ local conf_opts=( |
1324 |
+ --prefix=/usr |
1325 |
+ --sysconfdir=/etc |
1326 |
+ --libdir=/usr/$(get_libdir) |
1327 |
+ --docdir=/usr/share/doc/${PF}/html |
1328 |
+ --disable-bsd-user |
1329 |
+ --disable-guest-agent |
1330 |
+ --disable-strip |
1331 |
+ --disable-werror |
1332 |
+ # We support gnutls/nettle for crypto operations. It is possible |
1333 |
+ # to use gcrypt when gnutls/nettle are disabled (but not when they |
1334 |
+ # are enabled), but it's not really worth the hassle. Disable it |
1335 |
+ # all the time to avoid automatically detecting it. #568856 |
1336 |
+ --disable-gcrypt |
1337 |
+ --python="${PYTHON}" |
1338 |
+ --cc="$(tc-getCC)" |
1339 |
+ --cxx="$(tc-getCXX)" |
1340 |
+ --host-cc="$(tc-getBUILD_CC)" |
1341 |
+ $(use_enable debug debug-info) |
1342 |
+ $(use_enable debug debug-tcg) |
1343 |
+ --enable-docs |
1344 |
+ $(use_enable tci tcg-interpreter) |
1345 |
+ $(use_enable xattr attr) |
1346 |
+ ) |
1347 |
+ |
1348 |
+ # Disable options not used by user targets. This simplifies building |
1349 |
+ # static user targets (USE=static-user) considerably. |
1350 |
+ conf_notuser() { |
1351 |
+ if [[ ${buildtype} == "user" ]] ; then |
1352 |
+ echo "--disable-${2:-$1}" |
1353 |
+ else |
1354 |
+ use_enable "$@" |
1355 |
+ fi |
1356 |
+ } |
1357 |
+ conf_opts+=( |
1358 |
+ $(conf_notuser accessibility brlapi) |
1359 |
+ $(conf_notuser aio linux-aio) |
1360 |
+ $(conf_notuser bzip2) |
1361 |
+ $(conf_notuser bluetooth bluez) |
1362 |
+ $(conf_notuser caps cap-ng) |
1363 |
+ $(conf_notuser curl) |
1364 |
+ $(conf_notuser fdt) |
1365 |
+ $(conf_notuser glusterfs) |
1366 |
+ $(conf_notuser gnutls) |
1367 |
+ $(conf_notuser gnutls nettle) |
1368 |
+ $(conf_notuser gtk) |
1369 |
+ $(conf_notuser infiniband rdma) |
1370 |
+ $(conf_notuser iscsi libiscsi) |
1371 |
+ $(conf_notuser jpeg vnc-jpeg) |
1372 |
+ $(conf_notuser kernel_linux kvm) |
1373 |
+ $(conf_notuser lzo) |
1374 |
+ $(conf_notuser ncurses curses) |
1375 |
+ $(conf_notuser nfs libnfs) |
1376 |
+ $(conf_notuser numa) |
1377 |
+ $(conf_notuser opengl) |
1378 |
+ $(conf_notuser png vnc-png) |
1379 |
+ $(conf_notuser rbd) |
1380 |
+ $(conf_notuser sasl vnc-sasl) |
1381 |
+ $(conf_notuser sdl) |
1382 |
+ $(conf_notuser seccomp) |
1383 |
+ $(conf_notuser smartcard) |
1384 |
+ $(conf_notuser snappy) |
1385 |
+ $(conf_notuser spice) |
1386 |
+ $(conf_notuser ssh libssh2) |
1387 |
+ $(conf_notuser usb libusb) |
1388 |
+ $(conf_notuser usbredir usb-redir) |
1389 |
+ $(conf_notuser vde) |
1390 |
+ $(conf_notuser vhost-net) |
1391 |
+ $(conf_notuser virgl virglrenderer) |
1392 |
+ $(conf_notuser virtfs) |
1393 |
+ $(conf_notuser vnc) |
1394 |
+ $(conf_notuser vte) |
1395 |
+ $(conf_notuser xen) |
1396 |
+ $(conf_notuser xen xen-pci-passthrough) |
1397 |
+ $(conf_notuser xfs xfsctl) |
1398 |
+ ) |
1399 |
+ |
1400 |
+ if [[ ! ${buildtype} == "user" ]] ; then |
1401 |
+ # audio options |
1402 |
+ local audio_opts="oss" |
1403 |
+ use alsa && audio_opts="alsa,${audio_opts}" |
1404 |
+ use sdl && audio_opts="sdl,${audio_opts}" |
1405 |
+ use pulseaudio && audio_opts="pa,${audio_opts}" |
1406 |
+ conf_opts+=( |
1407 |
+ --audio-drv-list="${audio_opts}" |
1408 |
+ ) |
1409 |
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) |
1410 |
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) |
1411 |
+ fi |
1412 |
+ |
1413 |
+ case ${buildtype} in |
1414 |
+ user) |
1415 |
+ conf_opts+=( |
1416 |
+ --enable-linux-user |
1417 |
+ --disable-system |
1418 |
+ --disable-blobs |
1419 |
+ --disable-tools |
1420 |
+ ) |
1421 |
+ local static_flag="static-user" |
1422 |
+ ;; |
1423 |
+ softmmu) |
1424 |
+ conf_opts+=( |
1425 |
+ --disable-linux-user |
1426 |
+ --enable-system |
1427 |
+ --disable-tools |
1428 |
+ --with-system-pixman |
1429 |
+ ) |
1430 |
+ local static_flag="static" |
1431 |
+ ;; |
1432 |
+ tools) |
1433 |
+ conf_opts+=( |
1434 |
+ --disable-linux-user |
1435 |
+ --disable-system |
1436 |
+ --disable-blobs |
1437 |
+ --enable-tools |
1438 |
+ ) |
1439 |
+ local static_flag="static" |
1440 |
+ ;; |
1441 |
+ esac |
1442 |
+ |
1443 |
+ local targets="${buildtype}_targets" |
1444 |
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) |
1445 |
+ |
1446 |
+ # Add support for SystemTAP |
1447 |
+ use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) |
1448 |
+ |
1449 |
+ # We always want to attempt to build with PIE support as it results |
1450 |
+ # in a more secure binary. But it doesn't work with static or if |
1451 |
+ # the current GCC doesn't have PIE support. |
1452 |
+ if use ${static_flag}; then |
1453 |
+ conf_opts+=( --static --disable-pie ) |
1454 |
+ else |
1455 |
+ tc-enables-pie && conf_opts+=( --enable-pie ) |
1456 |
+ fi |
1457 |
+ |
1458 |
+ echo "../configure ${conf_opts[*]}" |
1459 |
+ cd "${builddir}" |
1460 |
+ ../configure "${conf_opts[@]}" || die "configure failed" |
1461 |
+ |
1462 |
+ # FreeBSD's kernel does not support QEMU assigning/grabbing |
1463 |
+ # host USB devices yet |
1464 |
+ use kernel_FreeBSD && \ |
1465 |
+ sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak |
1466 |
+} |
1467 |
+ |
1468 |
+src_configure() { |
1469 |
+ local target |
1470 |
+ |
1471 |
+ python_setup |
1472 |
+ |
1473 |
+ softmmu_targets= softmmu_bins=() |
1474 |
+ user_targets= user_bins=() |
1475 |
+ |
1476 |
+ for target in ${IUSE_SOFTMMU_TARGETS} ; do |
1477 |
+ if use "qemu_softmmu_targets_${target}"; then |
1478 |
+ softmmu_targets+=",${target}-softmmu" |
1479 |
+ softmmu_bins+=( "qemu-system-${target}" ) |
1480 |
+ fi |
1481 |
+ done |
1482 |
+ |
1483 |
+ for target in ${IUSE_USER_TARGETS} ; do |
1484 |
+ if use "qemu_user_targets_${target}"; then |
1485 |
+ user_targets+=",${target}-linux-user" |
1486 |
+ user_bins+=( "qemu-${target}" ) |
1487 |
+ fi |
1488 |
+ done |
1489 |
+ |
1490 |
+ softmmu_targets=${softmmu_targets#,} |
1491 |
+ user_targets=${user_targets#,} |
1492 |
+ |
1493 |
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" |
1494 |
+ [[ -n ${user_targets} ]] && qemu_src_configure "user" |
1495 |
+ qemu_src_configure "tools" |
1496 |
+} |
1497 |
+ |
1498 |
+src_compile() { |
1499 |
+ if [[ -n ${user_targets} ]]; then |
1500 |
+ cd "${S}/user-build" |
1501 |
+ default |
1502 |
+ fi |
1503 |
+ |
1504 |
+ if [[ -n ${softmmu_targets} ]]; then |
1505 |
+ cd "${S}/softmmu-build" |
1506 |
+ default |
1507 |
+ fi |
1508 |
+ |
1509 |
+ cd "${S}/tools-build" |
1510 |
+ default |
1511 |
+} |
1512 |
+ |
1513 |
+src_test() { |
1514 |
+ if [[ -n ${softmmu_targets} ]]; then |
1515 |
+ cd "${S}/softmmu-build" |
1516 |
+ pax-mark m */qemu-system-* #515550 |
1517 |
+ emake -j1 check |
1518 |
+ emake -j1 check-report.html |
1519 |
+ fi |
1520 |
+} |
1521 |
+ |
1522 |
+qemu_python_install() { |
1523 |
+ python_domodule "${S}/scripts/qmp/qmp.py" |
1524 |
+ |
1525 |
+ python_doscript "${S}/scripts/kvm/vmxcap" |
1526 |
+ python_doscript "${S}/scripts/qmp/qmp-shell" |
1527 |
+ python_doscript "${S}/scripts/qmp/qemu-ga-client" |
1528 |
+} |
1529 |
+ |
1530 |
+# Generate binfmt support files. |
1531 |
+# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) |
1532 |
+# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) |
1533 |
+generate_initd() { |
1534 |
+ local out="${T}/qemu-binfmt" |
1535 |
+ local out_systemd="${T}/qemu.conf" |
1536 |
+ local d="${T}/binfmt.d" |
1537 |
+ |
1538 |
+ einfo "Generating qemu binfmt scripts and configuration files" |
1539 |
+ |
1540 |
+ # Generate the debian fragments first. |
1541 |
+ mkdir -p "${d}" |
1542 |
+ "${S}"/scripts/qemu-binfmt-conf.sh \ |
1543 |
+ --debian \ |
1544 |
+ --exportdir "${d}" \ |
1545 |
+ --qemu-path "${EPREFIX}/usr/bin" \ |
1546 |
+ || die |
1547 |
+ # Then turn the fragments into a shell script we can source. |
1548 |
+ sed -E -i \ |
1549 |
+ -e 's:^([^ ]+) (.*)$:\1="\2":' \ |
1550 |
+ "${d}"/* || die |
1551 |
+ |
1552 |
+ # Generate the init.d script by assembling the fragments from above. |
1553 |
+ local f qcpu package interpreter magic mask |
1554 |
+ cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die |
1555 |
+ for f in "${d}"/qemu-* ; do |
1556 |
+ source "${f}" |
1557 |
+ |
1558 |
+ # Normalize the cpu logic like we do in the init.d for the native cpu. |
1559 |
+ qcpu=${package#qemu-} |
1560 |
+ case ${qcpu} in |
1561 |
+ arm*) qcpu="arm";; |
1562 |
+ mips*) qcpu="mips";; |
1563 |
+ ppc*) qcpu="ppc";; |
1564 |
+ s390*) qcpu="s390";; |
1565 |
+ sh*) qcpu="sh";; |
1566 |
+ sparc*) qcpu="sparc";; |
1567 |
+ esac |
1568 |
+ |
1569 |
+ cat <<EOF >>"${out}" |
1570 |
+ if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then |
1571 |
+ echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register |
1572 |
+ fi |
1573 |
+EOF |
1574 |
+ |
1575 |
+ echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" |
1576 |
+ |
1577 |
+ done |
1578 |
+ cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die |
1579 |
+} |
1580 |
+ |
1581 |
+src_install() { |
1582 |
+ if [[ -n ${user_targets} ]]; then |
1583 |
+ cd "${S}/user-build" |
1584 |
+ emake DESTDIR="${ED}" install |
1585 |
+ |
1586 |
+ # Install binfmt handler init script for user targets. |
1587 |
+ generate_initd |
1588 |
+ doinitd "${T}/qemu-binfmt" |
1589 |
+ |
1590 |
+ # Install binfmt/qemu.conf. |
1591 |
+ insinto "/usr/share/qemu/binfmt.d" |
1592 |
+ doins "${T}/qemu.conf" |
1593 |
+ fi |
1594 |
+ |
1595 |
+ if [[ -n ${softmmu_targets} ]]; then |
1596 |
+ cd "${S}/softmmu-build" |
1597 |
+ emake DESTDIR="${ED}" install |
1598 |
+ |
1599 |
+ # This might not exist if the test failed. #512010 |
1600 |
+ [[ -e check-report.html ]] && dohtml check-report.html |
1601 |
+ |
1602 |
+ if use kernel_linux; then |
1603 |
+ udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules |
1604 |
+ fi |
1605 |
+ |
1606 |
+ if use python; then |
1607 |
+ python_foreach_impl qemu_python_install |
1608 |
+ fi |
1609 |
+ fi |
1610 |
+ |
1611 |
+ cd "${S}/tools-build" |
1612 |
+ emake DESTDIR="${ED}" install |
1613 |
+ |
1614 |
+ # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 |
1615 |
+ pushd "${ED}"/usr/bin >/dev/null |
1616 |
+ pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 |
1617 |
+ popd >/dev/null |
1618 |
+ |
1619 |
+ # Install config file example for qemu-bridge-helper |
1620 |
+ insinto "/etc/qemu" |
1621 |
+ doins "${FILESDIR}/bridge.conf" |
1622 |
+ |
1623 |
+ cd "${S}" |
1624 |
+ dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt |
1625 |
+ newdoc pc-bios/README README.pc-bios |
1626 |
+ dodoc docs/qmp-*.txt |
1627 |
+ |
1628 |
+ if [[ -n ${softmmu_targets} ]]; then |
1629 |
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one |
1630 |
+ rm "${ED}/usr/share/qemu/bios.bin" |
1631 |
+ rm "${ED}/usr/share/qemu/bios-256k.bin" |
1632 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1633 |
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin |
1634 |
+ dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin |
1635 |
+ fi |
1636 |
+ |
1637 |
+ # Remove vgabios since we're using the seavgabios packaged one |
1638 |
+ rm "${ED}/usr/share/qemu/vgabios.bin" |
1639 |
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" |
1640 |
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin" |
1641 |
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" |
1642 |
+ rm "${ED}/usr/share/qemu/vgabios-virtio.bin" |
1643 |
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin" |
1644 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1645 |
+ dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin |
1646 |
+ dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin |
1647 |
+ dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin |
1648 |
+ dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin |
1649 |
+ dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin |
1650 |
+ dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin |
1651 |
+ fi |
1652 |
+ |
1653 |
+ # Remove sgabios since we're using the sgabios packaged one |
1654 |
+ rm "${ED}/usr/share/qemu/sgabios.bin" |
1655 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1656 |
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin |
1657 |
+ fi |
1658 |
+ |
1659 |
+ # Remove iPXE since we're using the iPXE packaged one |
1660 |
+ rm "${ED}"/usr/share/qemu/pxe-*.rom |
1661 |
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then |
1662 |
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom |
1663 |
+ dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom |
1664 |
+ dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom |
1665 |
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom |
1666 |
+ dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom |
1667 |
+ dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom |
1668 |
+ fi |
1669 |
+ fi |
1670 |
+ |
1671 |
+ DISABLE_AUTOFORMATTING=true |
1672 |
+ readme.gentoo_create_doc |
1673 |
+} |
1674 |
+ |
1675 |
+firmware_abi_change() { |
1676 |
+ local pv |
1677 |
+ for pv in ${REPLACING_VERSIONS}; do |
1678 |
+ if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then |
1679 |
+ return 0 |
1680 |
+ fi |
1681 |
+ done |
1682 |
+ return 1 |
1683 |
+} |
1684 |
+ |
1685 |
+pkg_postinst() { |
1686 |
+ if [[ -n ${softmmu_targets} ]] && use kernel_linux; then |
1687 |
+ udev_reload |
1688 |
+ fi |
1689 |
+ |
1690 |
+ fcaps cap_net_admin /usr/libexec/qemu-bridge-helper |
1691 |
+ |
1692 |
+ DISABLE_AUTOFORMATTING=true |
1693 |
+ readme.gentoo_print_elog |
1694 |
+ |
1695 |
+ if use pin-upstream-blobs && firmware_abi_change; then |
1696 |
+ ewarn "This version of qemu pins new versions of firmware blobs:" |
1697 |
+ ewarn " $(best_version sys-firmware/edk2-ovmf)" |
1698 |
+ ewarn " $(best_version sys-firmware/ipxe)" |
1699 |
+ ewarn " $(best_version sys-firmware/seabios)" |
1700 |
+ ewarn " $(best_version sys-firmware/sgabios)" |
1701 |
+ ewarn "This might break resume of hibernated guests (started with a different" |
1702 |
+ ewarn "firmware version) and live migration to/from qemu versions with different" |
1703 |
+ ewarn "firmware. Please (cold) restart all running guests. For functional" |
1704 |
+ ewarn "guest migration ensure that all" |
1705 |
+ ewarn "hosts run at least" |
1706 |
+ ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." |
1707 |
+ fi |
1708 |
+} |
1709 |
+ |
1710 |
+pkg_info() { |
1711 |
+ echo "Using:" |
1712 |
+ echo " $(best_version app-emulation/spice-protocol)" |
1713 |
+ echo " $(best_version sys-firmware/edk2-ovmf)" |
1714 |
+ if has_version 'sys-firmware/edk2-ovmf[binary]'; then |
1715 |
+ echo " USE=binary" |
1716 |
+ else |
1717 |
+ echo " USE=''" |
1718 |
+ fi |
1719 |
+ echo " $(best_version sys-firmware/ipxe)" |
1720 |
+ echo " $(best_version sys-firmware/seabios)" |
1721 |
+ if has_version 'sys-firmware/seabios[binary]'; then |
1722 |
+ echo " USE=binary" |
1723 |
+ else |
1724 |
+ echo " USE=''" |
1725 |
+ fi |
1726 |
+ echo " $(best_version sys-firmware/sgabios)" |
1727 |
+} |