1 |
commit: 8aedcac7a5fbef4e8d4ae23184be1c125a4ca289 |
2 |
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
3 |
AuthorDate: Mon Oct 31 23:24:48 2016 +0000 |
4 |
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
5 |
CommitDate: Mon Oct 31 23:24:48 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=8aedcac7 |
7 |
|
8 |
app-emulation/qemu: Sync with upstream |
9 |
|
10 |
Drop the r99 name. |
11 |
|
12 |
Add patch from ::musl-extras that disables an ifunc hack causing a segmentation |
13 |
fault on startup when the avx test passes in configure. |
14 |
|
15 |
app-emulation/qemu/Manifest | 21 ++++++-- |
16 |
.../qemu/files/qemu-2.2.0-_sigev_un.patch | 5 +- |
17 |
.../qemu/files/qemu-2.7.0-CVE-2016-7907.patch | 45 ++++++++++++++++ |
18 |
.../qemu/files/qemu-2.7.0-CVE-2016-7908.patch | 52 ++++++++++++++++++ |
19 |
.../qemu/files/qemu-2.7.0-CVE-2016-7909.patch | 32 ++++++++++++ |
20 |
.../qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch | 25 +++++++++ |
21 |
.../qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch | 26 +++++++++ |
22 |
.../qemu/files/qemu-2.7.0-CVE-2016-8576.patch | 61 ++++++++++++++++++++++ |
23 |
.../qemu/files/qemu-2.7.0-CVE-2016-8577.patch | 34 ++++++++++++ |
24 |
.../qemu/files/qemu-2.7.0-CVE-2016-8578.patch | 58 ++++++++++++++++++++ |
25 |
.../qemu/files/qemu-2.7.0-CVE-2016-8668.patch | 30 +++++++++++ |
26 |
.../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch | 29 ++++++++++ |
27 |
.../qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch | 34 ++++++++++++ |
28 |
.../qemu/files/qemu-2.7.0-CVE-2016-8909.patch | 31 +++++++++++ |
29 |
.../qemu/files/qemu-2.7.0-CVE-2016-8910.patch | 29 ++++++++++ |
30 |
.../qemu/files/qemu-2.7.0-configure-ifunc.patch | 13 +++++ |
31 |
app-emulation/qemu/files/qemu-binfmt.initd-r1 | 54 +++++++++++-------- |
32 |
app-emulation/qemu/files/qemu-kvm-1.4 | 3 -- |
33 |
...{qemu-2.7.0-r99.ebuild => qemu-2.7.0-r5.ebuild} | 19 ++++++- |
34 |
19 files changed, 568 insertions(+), 33 deletions(-) |
35 |
|
36 |
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest |
37 |
index 1eb09a6..3b5e653 100644 |
38 |
--- a/app-emulation/qemu/Manifest |
39 |
+++ b/app-emulation/qemu/Manifest |
40 |
@@ -2,7 +2,7 @@ AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd50070 |
41 |
AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35 |
42 |
AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5 |
43 |
AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3 |
44 |
-AUX qemu-2.2.0-_sigev_un.patch 465 SHA256 4d5a1359a1bc25f1f8dcb7f021efc235b9c8f2535258ca65706c5fde15946ebe SHA512 af90b8dcd8b14716df6270436ae1d77c998a04547bf17f961b2d9a594d1abfb573ca25283a633de6bcd3a81a778b88a4c7950dbd39c23ee35191626da14eb802 WHIRLPOOL cf40379cd0c9f3a8f89823a6d9415666a99885711bdde44067d4a3a082a9b33efbe69279c0782b2e84b7586389e82845dd30668240f236266f61ba447abb8241 |
45 |
+AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac |
46 |
AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154 |
47 |
AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73 |
48 |
AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82 |
49 |
@@ -15,8 +15,21 @@ AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a |
50 |
AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9 |
51 |
AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd |
52 |
AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b |
53 |
-AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4 |
54 |
-AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067 |
55 |
+AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256 58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512 5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51 WHIRLPOOL 69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec |
56 |
+AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256 3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512 441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd WHIRLPOOL 6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054 |
57 |
+AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256 8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512 e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca WHIRLPOOL b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414 |
58 |
+AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256 6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512 7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464 WHIRLPOOL 80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73 |
59 |
+AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256 c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512 4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce WHIRLPOOL c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105 |
60 |
+AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256 dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512 25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de WHIRLPOOL 25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e |
61 |
+AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256 fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512 364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de WHIRLPOOL 561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e |
62 |
+AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256 9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512 326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875 WHIRLPOOL 88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99 |
63 |
+AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256 26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512 de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899 WHIRLPOOL 3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2 |
64 |
+AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512 23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de WHIRLPOOL 412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff |
65 |
+AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c |
66 |
+AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e |
67 |
+AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b |
68 |
+AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59 |
69 |
+AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9 |
70 |
DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d |
71 |
-EBUILD qemu-2.7.0-r99.ebuild 21332 SHA256 a6d13be36bb59bf53727dba5fe1dd5f397652531d339cf622acd15aef6cd482f SHA512 fd1ef102a4b7d4554a2b864d321419413b967f9f585031f74c600dc350db541588fa98a150329aa1134dbc761933484a2ce2e14979c096fe076cf92f7bdfedee WHIRLPOOL 50e36b66bfd83516ce4003681bcba2327da80c679aad3ab658007a87652c22f7e584eb4fb5d635b570096243abd361075c6c8e35197c2e9bbed34a4d7353537c |
72 |
+EBUILD qemu-2.7.0-r5.ebuild 22219 SHA256 3241db5ffacb81638a3b9dcd01676d59bc5abe87ef374baa44685231d7cb6de2 SHA512 2dbbf9f2a1eab0b9d52dd3609f5bac95f511a5f243c3def7d6b074bda97ef1383c2afc3290261f81a7af25ea7021eed4826da73a244bcad2e9677c7909c38618 WHIRLPOOL 591b38c5bba7b5566dfc2fce30f398153aec9b0986baf8bb82e83b5f68ce20dc4b0fb000e511355dca058ac8c7355b3add2c00e0db9573e6f507ad65ce451d86 |
73 |
MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41 |
74 |
|
75 |
diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch |
76 |
index 588291c..5827c2e 100644 |
77 |
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch |
78 |
+++ b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch |
79 |
@@ -1,5 +1,6 @@ |
80 |
---- a/linux-user/syscall.c |
81 |
-+++ b/linux-user/syscall.c |
82 |
+diff -ur a/qemu-2.2.0/linux-user/syscall.c b/qemu-2.2.0/linux-user/syscall.c |
83 |
+--- a/qemu-2.2.0/linux-user/syscall.c 2014-12-09 15:45:43.000000000 -0100 |
84 |
++++ b/qemu-2.2.0/linux-user/syscall.c 2015-03-16 19:09:49.050386155 -0100 |
85 |
@@ -5033,7 +5033,7 @@ |
86 |
host_sevp->sigev_signo = |
87 |
target_to_host_signal(tswap32(target_sevp->sigev_signo)); |
88 |
|
89 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch |
90 |
new file mode 100644 |
91 |
index 0000000..34b095a |
92 |
--- /dev/null |
93 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch |
94 |
@@ -0,0 +1,45 @@ |
95 |
+From: Prasad J Pandit <address@hidden> |
96 |
+ |
97 |
+i.MX Fast Ethernet Controller uses buffer descriptors to manage |
98 |
+data flow to/fro receive & transmit queues. While transmitting |
99 |
+packets, it could continue to read buffer descriptors if a buffer |
100 |
+descriptor has length of zero and has crafted values in bd.flags. |
101 |
+Set an upper limit to number of buffer descriptors. |
102 |
+ |
103 |
+Reported-by: Li Qiang <address@hidden> |
104 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
105 |
+--- |
106 |
+ hw/net/imx_fec.c | 6 ++++-- |
107 |
+ 1 file changed, 4 insertions(+), 2 deletions(-) |
108 |
+ |
109 |
+Update per |
110 |
+ -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html |
111 |
+ |
112 |
+diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c |
113 |
+index 1c415ab..1d74827 100644 |
114 |
+--- a/hw/net/imx_fec.c |
115 |
++++ b/hw/net/imx_fec.c |
116 |
+@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = { |
117 |
+ #define PHY_INT_PARFAULT (1 << 2) |
118 |
+ #define PHY_INT_AUTONEG_PAGE (1 << 1) |
119 |
+ |
120 |
++#define IMX_MAX_DESC 1024 |
121 |
++ |
122 |
+ static void imx_eth_update(IMXFECState *s); |
123 |
+ |
124 |
+ /* |
125 |
+@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s) |
126 |
+ |
127 |
+ static void imx_fec_do_tx(IMXFECState *s) |
128 |
+ { |
129 |
+- int frame_size = 0; |
130 |
++ int frame_size = 0, descnt = 0; |
131 |
+ uint8_t frame[ENET_MAX_FRAME_SIZE]; |
132 |
+ uint8_t *ptr = frame; |
133 |
+ uint32_t addr = s->tx_descriptor; |
134 |
+ |
135 |
+- while (1) { |
136 |
++ while (descnt++ < IMX_MAX_DESC) { |
137 |
+ IMXFECBufDesc bd; |
138 |
+ int len; |
139 |
+ |
140 |
|
141 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch |
142 |
new file mode 100644 |
143 |
index 0000000..16d072f |
144 |
--- /dev/null |
145 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch |
146 |
@@ -0,0 +1,52 @@ |
147 |
+From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001 |
148 |
+From: Prasad J Pandit <pjp@×××××××××××××.org> |
149 |
+Date: Thu, 22 Sep 2016 16:02:37 +0530 |
150 |
+Subject: [PATCH] net: mcf: limit buffer descriptor count |
151 |
+ |
152 |
+ColdFire Fast Ethernet Controller uses buffer descriptors to manage |
153 |
+data flow to/fro receive & transmit queues. While transmitting |
154 |
+packets, it could continue to read buffer descriptors if a buffer |
155 |
+descriptor has length of zero and has crafted values in bd.flags. |
156 |
+Set upper limit to number of buffer descriptors. |
157 |
+ |
158 |
+Reported-by: Li Qiang <liqiang6-s@×××.cn> |
159 |
+Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org> |
160 |
+Reviewed-by: Paolo Bonzini <pbonzini@××××××.com> |
161 |
+Signed-off-by: Jason Wang <jasowang@××××××.com> |
162 |
+--- |
163 |
+ hw/net/mcf_fec.c | 5 +++-- |
164 |
+ 1 files changed, 3 insertions(+), 2 deletions(-) |
165 |
+ |
166 |
+diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c |
167 |
+index 0ee8ad9..d31fea1 100644 |
168 |
+--- a/hw/net/mcf_fec.c |
169 |
++++ b/hw/net/mcf_fec.c |
170 |
+@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0) |
171 |
+ #define DPRINTF(fmt, ...) do {} while(0) |
172 |
+ #endif |
173 |
+ |
174 |
++#define FEC_MAX_DESC 1024 |
175 |
+ #define FEC_MAX_FRAME_SIZE 2032 |
176 |
+ |
177 |
+ typedef struct { |
178 |
+@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) |
179 |
+ uint32_t addr; |
180 |
+ mcf_fec_bd bd; |
181 |
+ int frame_size; |
182 |
+- int len; |
183 |
++ int len, descnt = 0; |
184 |
+ uint8_t frame[FEC_MAX_FRAME_SIZE]; |
185 |
+ uint8_t *ptr; |
186 |
+ |
187 |
+@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) |
188 |
+ ptr = frame; |
189 |
+ frame_size = 0; |
190 |
+ addr = s->tx_descriptor; |
191 |
+- while (1) { |
192 |
++ while (descnt++ < FEC_MAX_DESC) { |
193 |
+ mcf_fec_read_bd(&bd, addr); |
194 |
+ DPRINTF("tx_bd %x flags %04x len %d data %08x\n", |
195 |
+ addr, bd.flags, bd.length, bd.data); |
196 |
+-- |
197 |
+1.7.0.4 |
198 |
+ |
199 |
|
200 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch |
201 |
new file mode 100644 |
202 |
index 0000000..8e6ecff |
203 |
--- /dev/null |
204 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch |
205 |
@@ -0,0 +1,32 @@ |
206 |
+From: Prasad J Pandit <address@hidden> |
207 |
+ |
208 |
+The AMD PC-Net II emulator has set of control and status(CSR) |
209 |
+registers. Of these, CSR76 and CSR78 hold receive and transmit |
210 |
+descriptor ring length respectively. This ring length could range |
211 |
+from 1 to 65535. Setting ring length to zero leads to an infinite |
212 |
+loop in pcnet_rdra_addr. Add check to avoid it. |
213 |
+ |
214 |
+Reported-by: Li Qiang <address@hidden> |
215 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
216 |
+--- |
217 |
+ hw/net/pcnet.c | 3 +++ |
218 |
+ 1 file changed, 3 insertions(+) |
219 |
+ |
220 |
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c |
221 |
+index 198a01f..3078de8 100644 |
222 |
+--- a/hw/net/pcnet.c |
223 |
++++ b/hw/net/pcnet.c |
224 |
+@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value) |
225 |
+ case 47: /* POLLINT */ |
226 |
+ case 72: |
227 |
+ case 74: |
228 |
++ break; |
229 |
+ case 76: /* RCVRL */ |
230 |
+ case 78: /* XMTRL */ |
231 |
++ val = (val > 0) ? val : 512; |
232 |
++ break; |
233 |
+ case 112: |
234 |
+ if (CSR_STOP(s) || CSR_SPND(s)) |
235 |
+ break; |
236 |
+-- |
237 |
+2.5.5 |
238 |
|
239 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch |
240 |
new file mode 100644 |
241 |
index 0000000..6fe77f3 |
242 |
--- /dev/null |
243 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch |
244 |
@@ -0,0 +1,25 @@ |
245 |
+From: Li Qiang <address@hidden> |
246 |
+ |
247 |
+In virtio gpu resource create dispatch, if the pixman format is zero |
248 |
+it doesn't free the resource object allocated previously. Thus leading |
249 |
+a host memory leak issue. This patch avoid this. |
250 |
+ |
251 |
+Signed-off-by: Li Qiang <address@hidden> |
252 |
+--- |
253 |
+ hw/display/virtio-gpu.c | 1 + |
254 |
+ 1 file changed, 1 insertion(+) |
255 |
+ |
256 |
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c |
257 |
+index 7fe6ed8..5b6d17b 100644 |
258 |
+--- a/hw/display/virtio-gpu.c |
259 |
++++ b/hw/display/virtio-gpu.c |
260 |
+@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, |
261 |
+ qemu_log_mask(LOG_GUEST_ERROR, |
262 |
+ "%s: host couldn't handle guest format %d\n", |
263 |
+ __func__, c2d.format); |
264 |
++ g_free(res); |
265 |
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; |
266 |
+ return; |
267 |
+ } |
268 |
+-- |
269 |
+1.8.3.1 |
270 |
|
271 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch |
272 |
new file mode 100644 |
273 |
index 0000000..dce1b2b |
274 |
--- /dev/null |
275 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch |
276 |
@@ -0,0 +1,26 @@ |
277 |
+From: Li Qiang <address@hidden> |
278 |
+ |
279 |
+While processing isochronous transfer descriptors(iTD), if the page |
280 |
+select(PG) field value is out of bands it will return. In this |
281 |
+situation the ehci's sg list doesn't be freed thus leading a memory |
282 |
+leak issue. This patch avoid this. |
283 |
+ |
284 |
+Signed-off-by: Li Qiang <address@hidden> |
285 |
+--- |
286 |
+ hw/usb/hcd-ehci.c | 1 + |
287 |
+ 1 file changed, 1 insertion(+) |
288 |
+ |
289 |
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c |
290 |
+index b093db7..f4ece9a 100644 |
291 |
+--- a/hw/usb/hcd-ehci.c |
292 |
++++ b/hw/usb/hcd-ehci.c |
293 |
+@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, |
294 |
+ if (off + len > 4096) { |
295 |
+ /* transfer crosses page border */ |
296 |
+ if (pg == 6) { |
297 |
++ qemu_sglist_destroy(&ehci->isgl); |
298 |
+ return -1; /* avoid page pg + 1 */ |
299 |
+ } |
300 |
+ ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); |
301 |
+-- |
302 |
+1.8.3.1 |
303 |
|
304 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch |
305 |
new file mode 100644 |
306 |
index 0000000..9617cd5 |
307 |
--- /dev/null |
308 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch |
309 |
@@ -0,0 +1,61 @@ |
310 |
+From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 |
311 |
+From: Gerd Hoffmann <address@hidden> |
312 |
+Date: Fri, 7 Oct 2016 10:15:29 +0200 |
313 |
+Subject: [PATCH] xhci: limit the number of link trbs we are willing to process |
314 |
+ |
315 |
+Signed-off-by: Gerd Hoffmann <address@hidden> |
316 |
+--- |
317 |
+ hw/usb/hcd-xhci.c | 10 ++++++++++ |
318 |
+ 1 file changed, 10 insertions(+) |
319 |
+ |
320 |
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c |
321 |
+index 726435c..ee4fa48 100644 |
322 |
+--- a/hw/usb/hcd-xhci.c |
323 |
++++ b/hw/usb/hcd-xhci.c |
324 |
+@@ -54,6 +54,8 @@ |
325 |
+ * to the specs when it gets them */ |
326 |
+ #define ER_FULL_HACK |
327 |
+ |
328 |
++#define TRB_LINK_LIMIT 4 |
329 |
++ |
330 |
+ #define LEN_CAP 0x40 |
331 |
+ #define LEN_OPER (0x400 + 0x10 * MAXPORTS) |
332 |
+ #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) |
333 |
+@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, |
334 |
+ dma_addr_t *addr) |
335 |
+ { |
336 |
+ PCIDevice *pci_dev = PCI_DEVICE(xhci); |
337 |
++ uint32_t link_cnt = 0; |
338 |
+ |
339 |
+ while (1) { |
340 |
+ TRBType type; |
341 |
+@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, |
342 |
+ ring->dequeue += TRB_SIZE; |
343 |
+ return type; |
344 |
+ } else { |
345 |
++ if (++link_cnt > TRB_LINK_LIMIT) { |
346 |
++ return 0; |
347 |
++ } |
348 |
+ ring->dequeue = xhci_mask64(trb->parameter); |
349 |
+ if (trb->control & TRB_LK_TC) { |
350 |
+ ring->ccs = !ring->ccs; |
351 |
+@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) |
352 |
+ bool ccs = ring->ccs; |
353 |
+ /* hack to bundle together the two/three TDs that make a setup transfer */ |
354 |
+ bool control_td_set = 0; |
355 |
++ uint32_t link_cnt = 0; |
356 |
+ |
357 |
+ while (1) { |
358 |
+ TRBType type; |
359 |
+@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) |
360 |
+ type = TRB_TYPE(trb); |
361 |
+ |
362 |
+ if (type == TR_LINK) { |
363 |
++ if (++link_cnt > TRB_LINK_LIMIT) { |
364 |
++ return -length; |
365 |
++ } |
366 |
+ dequeue = xhci_mask64(trb.parameter); |
367 |
+ if (trb.control & TRB_LK_TC) { |
368 |
+ ccs = !ccs; |
369 |
+-- |
370 |
+1.8.3.1 |
371 |
|
372 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch |
373 |
new file mode 100644 |
374 |
index 0000000..8c29580 |
375 |
--- /dev/null |
376 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch |
377 |
@@ -0,0 +1,34 @@ |
378 |
+From: Li Qiang <address@hidden> |
379 |
+ |
380 |
+In 9pfs read dispatch function, it doesn't free two QEMUIOVector |
381 |
+object thus causing potential memory leak. This patch avoid this. |
382 |
+ |
383 |
+Signed-off-by: Li Qiang <address@hidden> |
384 |
+--- |
385 |
+ hw/9pfs/9p.c | 5 +++-- |
386 |
+ 1 file changed, 3 insertions(+), 2 deletions(-) |
387 |
+ |
388 |
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c |
389 |
+index 119ee58..543a791 100644 |
390 |
+--- a/hw/9pfs/9p.c |
391 |
++++ b/hw/9pfs/9p.c |
392 |
+@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) |
393 |
+ if (len < 0) { |
394 |
+ /* IO error return the error */ |
395 |
+ err = len; |
396 |
+- goto out; |
397 |
++ goto out_free_iovec; |
398 |
+ } |
399 |
+ } while (count < max_count && len > 0); |
400 |
+ err = pdu_marshal(pdu, offset, "d", count); |
401 |
+ if (err < 0) { |
402 |
+- goto out; |
403 |
++ goto out_free_iovec; |
404 |
+ } |
405 |
+ err += offset + count; |
406 |
++out_free_iovec: |
407 |
+ qemu_iovec_destroy(&qiov); |
408 |
+ qemu_iovec_destroy(&qiov_full); |
409 |
+ } else if (fidp->fid_type == P9_FID_XATTR) { |
410 |
+-- |
411 |
+1.8.3.1 |
412 |
|
413 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch |
414 |
new file mode 100644 |
415 |
index 0000000..74eee7e |
416 |
--- /dev/null |
417 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch |
418 |
@@ -0,0 +1,58 @@ |
419 |
+From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001 |
420 |
+From: Li Qiang <liqiang6-s@×××.cn> |
421 |
+Date: Mon, 17 Oct 2016 14:13:58 +0200 |
422 |
+Subject: [PATCH] 9pfs: allocate space for guest originated empty strings |
423 |
+ |
424 |
+If a guest sends an empty string paramater to any 9P operation, the current |
425 |
+code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }. |
426 |
+ |
427 |
+This is unfortunate because it can cause NULL pointer dereference to happen |
428 |
+at various locations in the 9pfs code. And we don't want to check str->data |
429 |
+everywhere we pass it to strcmp() or any other function which expects a |
430 |
+dereferenceable pointer. |
431 |
+ |
432 |
+This patch enforces the allocation of genuine C empty strings instead, so |
433 |
+callers don't have to bother. |
434 |
+ |
435 |
+Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if |
436 |
+the returned string is empty. It now uses v9fs_string_size() since |
437 |
+name.data cannot be NULL anymore. |
438 |
+ |
439 |
+Signed-off-by: Li Qiang <liqiang6-s@×××.cn> |
440 |
+[groug, rewritten title and changelog, |
441 |
+ fix empty string check in v9fs_xattrwalk()] |
442 |
+Signed-off-by: Greg Kurz <groug@××××.org> |
443 |
+--- |
444 |
+ fsdev/9p-iov-marshal.c | 2 +- |
445 |
+ hw/9pfs/9p.c | 2 +- |
446 |
+ 2 files changed, 2 insertions(+), 2 deletions(-) |
447 |
+ |
448 |
+diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c |
449 |
+index 663cad5..1d16f8d 100644 |
450 |
+--- a/fsdev/9p-iov-marshal.c |
451 |
++++ b/fsdev/9p-iov-marshal.c |
452 |
+@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, |
453 |
+ str->data = g_malloc(str->size + 1); |
454 |
+ copied = v9fs_unpack(str->data, out_sg, out_num, offset, |
455 |
+ str->size); |
456 |
+- if (copied > 0) { |
457 |
++ if (copied >= 0) { |
458 |
+ str->data[str->size] = 0; |
459 |
+ } else { |
460 |
+ v9fs_string_free(str); |
461 |
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c |
462 |
+index 119ee58..39a7e1d 100644 |
463 |
+--- a/hw/9pfs/9p.c |
464 |
++++ b/hw/9pfs/9p.c |
465 |
+@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque) |
466 |
+ goto out; |
467 |
+ } |
468 |
+ v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); |
469 |
+- if (name.data == NULL) { |
470 |
++ if (!v9fs_string_size(&name)) { |
471 |
+ /* |
472 |
+ * listxattr request. Get the size first |
473 |
+ */ |
474 |
+-- |
475 |
+2.7.3 |
476 |
+ |
477 |
|
478 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch |
479 |
new file mode 100644 |
480 |
index 0000000..a27d3a6 |
481 |
--- /dev/null |
482 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch |
483 |
@@ -0,0 +1,30 @@ |
484 |
+From: Prasad J Pandit <address@hidden> |
485 |
+ |
486 |
+Rocker network switch emulator has test registers to help debug |
487 |
+DMA operations. While testing host DMA access, a buffer address |
488 |
+is written to register 'TEST_DMA_ADDR' and its size is written to |
489 |
+register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT |
490 |
+test, if DMA buffer size was greater than 'INT_MAX', it leads to |
491 |
+an invalid buffer access. Limit the DMA buffer size to avoid it. |
492 |
+ |
493 |
+Reported-by: Huawei PSIRT <address@hidden> |
494 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
495 |
+--- |
496 |
+ hw/net/rocker/rocker.c | 2 +- |
497 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
498 |
+ |
499 |
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c |
500 |
+index 30f2ce4..e9d215a 100644 |
501 |
+--- a/hw/net/rocker/rocker.c |
502 |
++++ b/hw/net/rocker/rocker.c |
503 |
+@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val) |
504 |
+ rocker_msix_irq(r, val); |
505 |
+ break; |
506 |
+ case ROCKER_TEST_DMA_SIZE: |
507 |
+- r->test_dma_size = val; |
508 |
++ r->test_dma_size = val & 0xFFFF; |
509 |
+ break; |
510 |
+ case ROCKER_TEST_DMA_ADDR + 4: |
511 |
+ r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32; |
512 |
+-- |
513 |
+2.5.5 |
514 |
|
515 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch |
516 |
new file mode 100644 |
517 |
index 0000000..457f022 |
518 |
--- /dev/null |
519 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch |
520 |
@@ -0,0 +1,29 @@ |
521 |
+From: Prasad J Pandit <address@hidden> |
522 |
+ |
523 |
+The JAZZ RC4030 chipset emulator has a periodic timer and |
524 |
+associated interval reload register. The reload value is used |
525 |
+as divider when computing timer's next tick value. If reload |
526 |
+value is large, it could lead to divide by zero error. Limit |
527 |
+the interval reload value to avoid it. |
528 |
+ |
529 |
+Reported-by: Huawei PSIRT <address@hidden> |
530 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
531 |
+--- |
532 |
+ hw/dma/rc4030.c | 2 +- |
533 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
534 |
+ |
535 |
+diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c |
536 |
+index 2f2576f..c1b4997 100644 |
537 |
+--- a/hw/dma/rc4030.c |
538 |
++++ b/hw/dma/rc4030.c |
539 |
+@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, |
540 |
+ break; |
541 |
+ /* Interval timer reload */ |
542 |
+ case 0x0228: |
543 |
+- s->itr = val; |
544 |
++ s->itr = val & 0x01FF; |
545 |
+ qemu_irq_lower(s->timer_irq); |
546 |
+ set_next_tick(s); |
547 |
+ break; |
548 |
+-- |
549 |
+2.5.5 |
550 |
|
551 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch |
552 |
new file mode 100644 |
553 |
index 0000000..23393b7 |
554 |
--- /dev/null |
555 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch |
556 |
@@ -0,0 +1,34 @@ |
557 |
+From: Prasad J Pandit <address@hidden> |
558 |
+ |
559 |
+16550A UART device uses an oscillator to generate frequencies |
560 |
+(baud base), which decide communication speed. This speed could |
561 |
+be changed by dividing it by a divider. If the divider is |
562 |
+greater than the baud base, speed is set to zero, leading to a |
563 |
+divide by zero error. Add check to avoid it. |
564 |
+ |
565 |
+Reported-by: Huawei PSIRT <address@hidden> |
566 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
567 |
+--- |
568 |
+ hw/char/serial.c | 3 ++- |
569 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
570 |
+ |
571 |
+Update per |
572 |
+ -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html |
573 |
+ |
574 |
+diff --git a/hw/char/serial.c b/hw/char/serial.c |
575 |
+index 3442f47..eec72b7 100644 |
576 |
+--- a/hw/char/serial.c |
577 |
++++ b/hw/char/serial.c |
578 |
+@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) |
579 |
+ int speed, parity, data_bits, stop_bits, frame_size; |
580 |
+ QEMUSerialSetParams ssp; |
581 |
+ |
582 |
+- if (s->divider == 0) |
583 |
++ if (s->divider == 0 || s->divider > s->baudbase) { |
584 |
+ return; |
585 |
++ } |
586 |
+ |
587 |
+ /* Start bit. */ |
588 |
+ frame_size = 1; |
589 |
+-- |
590 |
+2.5.5 |
591 |
|
592 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch |
593 |
new file mode 100644 |
594 |
index 0000000..ed6613f |
595 |
--- /dev/null |
596 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch |
597 |
@@ -0,0 +1,31 @@ |
598 |
+From: Prasad J Pandit <address@hidden> |
599 |
+ |
600 |
+Intel HDA emulator uses stream of buffers during DMA data |
601 |
+transfers. Each entry has buffer length and buffer pointer |
602 |
+position, which are used to derive bytes to 'copy'. If this |
603 |
+length and buffer pointer were to be same, 'copy' could be |
604 |
+set to zero(0), leading to an infinite loop. Add check to |
605 |
+avoid it. |
606 |
+ |
607 |
+Reported-by: Huawei PSIRT <address@hidden> |
608 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
609 |
+--- |
610 |
+ hw/audio/intel-hda.c | 3 ++- |
611 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
612 |
+ |
613 |
+diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c |
614 |
+index cd95340..537face 100644 |
615 |
+--- a/hw/audio/intel-hda.c |
616 |
++++ b/hw/audio/intel-hda.c |
617 |
+@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output, |
618 |
+ } |
619 |
+ |
620 |
+ left = len; |
621 |
+- while (left > 0) { |
622 |
++ s = st->bentries; |
623 |
++ while (left > 0 && s-- > 0) { |
624 |
+ copy = left; |
625 |
+ if (copy > st->bsize - st->lpib) |
626 |
+ copy = st->bsize - st->lpib; |
627 |
+-- |
628 |
+2.7.4 |
629 |
|
630 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch |
631 |
new file mode 100644 |
632 |
index 0000000..c93f796 |
633 |
--- /dev/null |
634 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch |
635 |
@@ -0,0 +1,29 @@ |
636 |
+From: Prasad J Pandit <address@hidden> |
637 |
+ |
638 |
+RTL8139 ethernet controller in C+ mode supports multiple |
639 |
+descriptor rings, each with maximum of 64 descriptors. While |
640 |
+processing transmit descriptor ring in 'rtl8139_cplus_transmit', |
641 |
+it does not limit the descriptor count and runs forever. Add |
642 |
+check to avoid it. |
643 |
+ |
644 |
+Reported-by: Andrew Henderson <address@hidden> |
645 |
+Signed-off-by: Prasad J Pandit <address@hidden> |
646 |
+--- |
647 |
+ hw/net/rtl8139.c | 2 +- |
648 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
649 |
+ |
650 |
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c |
651 |
+index 3345bc6..f05e59c 100644 |
652 |
+--- a/hw/net/rtl8139.c |
653 |
++++ b/hw/net/rtl8139.c |
654 |
+@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s) |
655 |
+ { |
656 |
+ int txcount = 0; |
657 |
+ |
658 |
+- while (rtl8139_cplus_transmit_one(s)) |
659 |
++ while (txcount < 64 && rtl8139_cplus_transmit_one(s)) |
660 |
+ { |
661 |
+ ++txcount; |
662 |
+ } |
663 |
+-- |
664 |
+2.7.4 |
665 |
|
666 |
diff --git a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch |
667 |
new file mode 100644 |
668 |
index 0000000..d090323 |
669 |
--- /dev/null |
670 |
+++ b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch |
671 |
@@ -0,0 +1,13 @@ |
672 |
+diff -Naur qemu-2.7.0.orig/configure qemu-2.7.0/configure |
673 |
+--- qemu-2.7.0.orig/configure 2016-09-05 18:30:41.722529882 -0700 |
674 |
++++ qemu-2.7.0/configure 2016-09-05 18:32:22.473649654 -0700 |
675 |
+@@ -1805,7 +1805,8 @@ |
676 |
+ EOF |
677 |
+ if compile_object "" ; then |
678 |
+ if has readelf; then |
679 |
+- if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then |
680 |
++ if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" && |
681 |
++ ldd $TMPO >dev/null 2>&1; then |
682 |
+ avx2_opt="yes" |
683 |
+ fi |
684 |
+ fi |
685 |
|
686 |
diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1 |
687 |
index 84e909f..18adb65 100644 |
688 |
--- a/app-emulation/qemu/files/qemu-binfmt.initd-r1 |
689 |
+++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1 |
690 |
@@ -1,16 +1,22 @@ |
691 |
-#!/sbin/runscript |
692 |
-# Copyright 1999-2013 Gentoo Foundation |
693 |
+#!/sbin/openrc-run |
694 |
+# Copyright 1999-2016 Gentoo Foundation |
695 |
# Distributed under the terms of the GNU General Public License v2 |
696 |
# $Id$ |
697 |
|
698 |
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel |
699 |
|
700 |
+# Defaulting to OC should be safe because it comes down to: |
701 |
+# - do we trust the interp itself to not be malicious? yes; we built it. |
702 |
+# - do we trust the programs we're running? ish; same permission as native |
703 |
+# binaries apply. so if user can do bad stuff natively, cross isn't worse. |
704 |
+: ${QEMU_BINFMT_FLAGS:=OC} |
705 |
+ |
706 |
depend() { |
707 |
after procfs |
708 |
} |
709 |
|
710 |
start() { |
711 |
- ebegin "Registering qemu-user binaries" |
712 |
+ ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})" |
713 |
|
714 |
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then |
715 |
modprobe -q binfmt_misc |
716 |
@@ -50,55 +56,58 @@ start() { |
717 |
|
718 |
# register the interpreter for each cpu except for the native one |
719 |
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then |
720 |
- echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register |
721 |
- echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register |
722 |
+ echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
723 |
+ echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
724 |
fi |
725 |
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then |
726 |
- echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:P' > /proc/sys/fs/binfmt_misc/register |
727 |
+ echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
728 |
fi |
729 |
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then |
730 |
- echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:P' > /proc/sys/fs/binfmt_misc/register |
731 |
+ echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
732 |
fi |
733 |
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then |
734 |
- echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:P' > /proc/sys/fs/binfmt_misc/register |
735 |
+ echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
736 |
+ fi |
737 |
+ if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then |
738 |
+ echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
739 |
fi |
740 |
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then |
741 |
- echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:P' > /proc/sys/fs/binfmt_misc/register |
742 |
+ echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
743 |
fi |
744 |
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then |
745 |
- echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:P' > /proc/sys/fs/binfmt_misc/register |
746 |
+ echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
747 |
fi |
748 |
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then |
749 |
- echo 'Please check cpu value and header information for m68k!' |
750 |
- echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:P' > /proc/sys/fs/binfmt_misc/register |
751 |
+ #echo 'Please check cpu value and header information for m68k!' |
752 |
+ echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
753 |
fi |
754 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then |
755 |
# FIXME: We could use the other endianness on a MIPS host. |
756 |
- echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:P' > /proc/sys/fs/binfmt_misc/register |
757 |
+ echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
758 |
fi |
759 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then |
760 |
- echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:P' > /proc/sys/fs/binfmt_misc/register |
761 |
+ echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
762 |
fi |
763 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then |
764 |
- echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:P' > /proc/sys/fs/binfmt_misc/register |
765 |
+ echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
766 |
fi |
767 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then |
768 |
- echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:P' > /proc/sys/fs/binfmt_misc/register |
769 |
+ echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
770 |
fi |
771 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then |
772 |
- echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:P' > /proc/sys/fs/binfmt_misc/register |
773 |
+ echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
774 |
fi |
775 |
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then |
776 |
- echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:P' > /proc/sys/fs/binfmt_misc/register |
777 |
+ echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
778 |
fi |
779 |
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then |
780 |
- echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:P' > /proc/sys/fs/binfmt_misc/register |
781 |
+ echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
782 |
fi |
783 |
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then |
784 |
- echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:P' > /proc/sys/fs/binfmt_misc/register |
785 |
+ echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
786 |
fi |
787 |
- if [ $cpu != "s390x" -a -x "/usr/local/bin/qemu-s390x" ] ; then |
788 |
- echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:P' > /proc/sys/fs/binfmt_misc/register |
789 |
+ if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then |
790 |
+ echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register |
791 |
fi |
792 |
eend $? |
793 |
} |
794 |
@@ -110,6 +119,7 @@ stop() { |
795 |
arches="${arches} i386 i486" |
796 |
arches="${arches} alpha" |
797 |
arches="${arches} arm armeb" |
798 |
+ arches="${arches} aarch64" |
799 |
arches="${arches} sparc" |
800 |
arches="${arches} ppc" |
801 |
arches="${arches} m68k" |
802 |
|
803 |
diff --git a/app-emulation/qemu/files/qemu-kvm-1.4 b/app-emulation/qemu/files/qemu-kvm-1.4 |
804 |
deleted file mode 100644 |
805 |
index 08da00b..0000000 |
806 |
--- a/app-emulation/qemu/files/qemu-kvm-1.4 |
807 |
+++ /dev/null |
808 |
@@ -1,3 +0,0 @@ |
809 |
-#!/bin/sh |
810 |
- |
811 |
-exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@" |
812 |
|
813 |
diff --git a/app-emulation/qemu/qemu-2.7.0-r99.ebuild b/app-emulation/qemu/qemu-2.7.0-r5.ebuild |
814 |
similarity index 95% |
815 |
rename from app-emulation/qemu/qemu-2.7.0-r99.ebuild |
816 |
rename to app-emulation/qemu/qemu-2.7.0-r5.ebuild |
817 |
index f8432d3..5872941 100644 |
818 |
--- a/app-emulation/qemu/qemu-2.7.0-r99.ebuild |
819 |
+++ b/app-emulation/qemu/qemu-2.7.0-r5.ebuild |
820 |
@@ -18,7 +18,7 @@ if [[ ${PV} = *9999* ]]; then |
821 |
SRC_URI="" |
822 |
else |
823 |
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" |
824 |
- KEYWORDS="amd64 ~ppc x86" |
825 |
+ KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" |
826 |
fi |
827 |
|
828 |
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" |
829 |
@@ -337,9 +337,11 @@ src_prepare() { |
830 |
epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch |
831 |
epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch |
832 |
epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch |
833 |
+ epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch |
834 |
|
835 |
epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch |
836 |
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch |
837 |
+ |
838 |
epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242 |
839 |
epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034 |
840 |
epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036 |
841 |
@@ -348,8 +350,21 @@ src_prepare() { |
842 |
epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284 |
843 |
epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950 |
844 |
epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956 |
845 |
- epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520 |
846 |
epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368 |
847 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520 |
848 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048 |
849 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049 |
850 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048 |
851 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738 |
852 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738 |
853 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752 |
854 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776 |
855 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774 |
856 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110 |
857 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108 |
858 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108 |
859 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044 |
860 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046 |
861 |
|
862 |
# Fix ld and objcopy being called directly |
863 |
tc-export AR LD OBJCOPY |