Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-musl

From: Felix Janda <felix.janda@××××××.de>
To: gentoo-musl@l.g.o
Cc: "Anthony G. Basile" <basile@××××××××××××××.edu>
Subject: [gentoo-musl] [PATCH resent 1/2] app-emulation/qemu: bump to 2.5.0
Date: Sat, 30 Jan 2016 16:02:08
Message-Id: 20160130155850.GA3380@nyan
1 ---
2 The previous is archived at
3
4 https://archives.gentoo.org/gentoo-musl/message/ab39e78334a4ca595322412ad5df2e2d
5
6 but it's not trivial to extract the patch from it.
7 ---
8 app-emulation/qemu/Manifest | 13 +-
9 .../qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch | 241 ------------------
10 .../qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch | 58 -----
11 .../qemu/files/qemu-2.3.0-CVE-2015-3456.patch | 86 -------
12 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch | 50 ++++
13 .../qemu/files/qemu-2.5.0-CVE-2015-8567.patch | 95 +++++++
14 .../qemu/files/qemu-2.5.0-CVE-2015-8701.patch | 49 ++++
15 .../qemu/files/qemu-2.5.0-CVE-2015-8743.patch | 50 ++++
16 .../qemu/files/qemu-2.5.0-CVE-2016-1568.patch | 41 +++
17 app-emulation/qemu/files/qemu-2.5.0-cflags.patch | 13 +
18 ...qemu-2.2.1-r99.ebuild => qemu-2.5.0-r99.ebuild} | 274 ++++++++++++---------
19 11 files changed, 469 insertions(+), 501 deletions(-)
20 delete mode 100644 app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
21 delete mode 100644 app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
22 delete mode 100644 app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
23 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
24 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
25 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
26 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
27 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
28 create mode 100644 app-emulation/qemu/files/qemu-2.5.0-cflags.patch
29 rename app-emulation/qemu/{qemu-2.2.1-r99.ebuild => qemu-2.5.0-r99.ebuild} (73%)
30
31 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
32 index 2ecdb66..9fdb00d 100644
33 --- a/app-emulation/qemu/Manifest
34 +++ b/app-emulation/qemu/Manifest
35 @@ -4,11 +4,14 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053
36 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
37 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
38 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
39 -AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
40 -AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
41 -AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
42 +AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
43 +AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
44 +AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
45 +AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
46 +AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
47 +AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
48 AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c
49 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
50 -DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
51 -EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae
52 +DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
53 +EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 aeca48b0f3004f6d41077db6a763ef43c900cecf59d0f9d3ec6eb028846f0560 SHA512 31101660cd608272b6d6b24081ca095f3eb2fb2a33a2174fe62bf86fe006db6deb56590ae8a784fc69e3dd4f19c7a96035d38506f8a3d07e27397d710cf9e85c WHIRLPOOL 457f88c5e474183df7ae41a8d6c0ad49e76a6fdd69c59591c62f750c426e3998628f0770303536102d87509cfc2578813799e4052e09fb688460fa7bf424a2c4
54 MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8
55 diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
56 deleted file mode 100644
57 index 35ef8fd..0000000
58 --- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
59 +++ /dev/null
60 @@ -1,241 +0,0 @@
61 -From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
62 -From: "Daniel P. Berrange" <berrange@××××××.com>
63 -Date: Mon, 23 Mar 2015 22:58:21 +0000
64 -Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
65 -
66 -The logic for decoding websocket frames wants to fully
67 -decode the frame header and payload, before allowing the
68 -VNC server to see any of the payload data. There is no
69 -size limit on websocket payloads, so this allows a
70 -malicious network client to consume 2^64 bytes in memory
71 -in QEMU. It can trigger this denial of service before
72 -the VNC server even performs any authentication.
73 -
74 -The fix is to decode the header, and then incrementally
75 -decode the payload data as it is needed. With this fix
76 -the websocket decoder will allow at most 4k of data to
77 -be buffered before decoding and processing payload.
78 -
79 -Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
80 -
81 -[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
82 -
83 - @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
84 - - *payload_size = input->offset;
85 - + *payload_size = *payload_remain;
86 -
87 -[ kraxel: fix 32bit build ]
88 -
89 - @@ -306,7 +306,7 @@ struct VncState
90 - - uint64_t ws_payload_remain;
91 - + size_t ws_payload_remain;
92 -
93 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
94 ----
95 - ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
96 - ui/vnc-ws.h | 9 ++++--
97 - ui/vnc.h | 2 ++
98 - 3 files changed, 80 insertions(+), 36 deletions(-)
99 -
100 -diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
101 -index 85dbb7e..0b7de4e 100644
102 ---- a/ui/vnc-ws.c
103 -+++ b/ui/vnc-ws.c
104 -@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
105 - {
106 - int ret, err;
107 - uint8_t *payload;
108 -- size_t payload_size, frame_size;
109 -+ size_t payload_size, header_size;
110 - VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
111 - vs->ws_input.capacity, vs->ws_input.offset);
112 - buffer_reserve(&vs->ws_input, 4096);
113 -@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
114 - }
115 - vs->ws_input.offset += ret;
116 -
117 -- /* make sure that nothing is left in the ws_input buffer */
118 -+ ret = 0;
119 -+ /* consume as much of ws_input buffer as possible */
120 - do {
121 -- err = vncws_decode_frame(&vs->ws_input, &payload,
122 -- &payload_size, &frame_size);
123 -- if (err <= 0) {
124 -- return err;
125 -+ if (vs->ws_payload_remain == 0) {
126 -+ err = vncws_decode_frame_header(&vs->ws_input,
127 -+ &header_size,
128 -+ &vs->ws_payload_remain,
129 -+ &vs->ws_payload_mask);
130 -+ if (err <= 0) {
131 -+ return err;
132 -+ }
133 -+
134 -+ buffer_advance(&vs->ws_input, header_size);
135 - }
136 -+ if (vs->ws_payload_remain != 0) {
137 -+ err = vncws_decode_frame_payload(&vs->ws_input,
138 -+ &vs->ws_payload_remain,
139 -+ &vs->ws_payload_mask,
140 -+ &payload,
141 -+ &payload_size);
142 -+ if (err < 0) {
143 -+ return err;
144 -+ }
145 -+ if (err == 0) {
146 -+ return ret;
147 -+ }
148 -+ ret += err;
149 -
150 -- buffer_reserve(&vs->input, payload_size);
151 -- buffer_append(&vs->input, payload, payload_size);
152 -+ buffer_reserve(&vs->input, payload_size);
153 -+ buffer_append(&vs->input, payload, payload_size);
154 -
155 -- buffer_advance(&vs->ws_input, frame_size);
156 -+ buffer_advance(&vs->ws_input, payload_size);
157 -+ }
158 - } while (vs->ws_input.offset > 0);
159 -
160 - return ret;
161 -@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
162 - buffer_append(output, payload, payload_size);
163 - }
164 -
165 --int vncws_decode_frame(Buffer *input, uint8_t **payload,
166 -- size_t *payload_size, size_t *frame_size)
167 -+int vncws_decode_frame_header(Buffer *input,
168 -+ size_t *header_size,
169 -+ size_t *payload_remain,
170 -+ WsMask *payload_mask)
171 - {
172 - unsigned char opcode = 0, fin = 0, has_mask = 0;
173 -- size_t header_size = 0;
174 -- uint32_t *payload32;
175 -+ size_t payload_len;
176 - WsHeader *header = (WsHeader *)input->buffer;
177 -- WsMask mask;
178 -- int i;
179 -
180 - if (input->offset < WS_HEAD_MIN_LEN + 4) {
181 - /* header not complete */
182 -@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
183 - fin = (header->b0 & 0x80) >> 7;
184 - opcode = header->b0 & 0x0f;
185 - has_mask = (header->b1 & 0x80) >> 7;
186 -- *payload_size = header->b1 & 0x7f;
187 -+ payload_len = header->b1 & 0x7f;
188 -
189 - if (opcode == WS_OPCODE_CLOSE) {
190 - /* disconnect */
191 -@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
192 - return -2;
193 - }
194 -
195 -- if (*payload_size < 126) {
196 -- header_size = 6;
197 -- mask = header->u.m;
198 -- } else if (*payload_size == 126 && input->offset >= 8) {
199 -- *payload_size = be16_to_cpu(header->u.s16.l16);
200 -- header_size = 8;
201 -- mask = header->u.s16.m16;
202 -- } else if (*payload_size == 127 && input->offset >= 14) {
203 -- *payload_size = be64_to_cpu(header->u.s64.l64);
204 -- header_size = 14;
205 -- mask = header->u.s64.m64;
206 -+ if (payload_len < 126) {
207 -+ *payload_remain = payload_len;
208 -+ *header_size = 6;
209 -+ *payload_mask = header->u.m;
210 -+ } else if (payload_len == 126 && input->offset >= 8) {
211 -+ *payload_remain = be16_to_cpu(header->u.s16.l16);
212 -+ *header_size = 8;
213 -+ *payload_mask = header->u.s16.m16;
214 -+ } else if (payload_len == 127 && input->offset >= 14) {
215 -+ *payload_remain = be64_to_cpu(header->u.s64.l64);
216 -+ *header_size = 14;
217 -+ *payload_mask = header->u.s64.m64;
218 - } else {
219 - /* header not complete */
220 - return 0;
221 - }
222 -
223 -- *frame_size = header_size + *payload_size;
224 -+ return 1;
225 -+}
226 -+
227 -+int vncws_decode_frame_payload(Buffer *input,
228 -+ size_t *payload_remain, WsMask *payload_mask,
229 -+ uint8_t **payload, size_t *payload_size)
230 -+{
231 -+ size_t i;
232 -+ uint32_t *payload32;
233 -
234 -- if (input->offset < *frame_size) {
235 -- /* frame not complete */
236 -+ *payload = input->buffer;
237 -+ /* If we aren't at the end of the payload, then drop
238 -+ * off the last bytes, so we're always multiple of 4
239 -+ * for purpose of unmasking, except at end of payload
240 -+ */
241 -+ if (input->offset < *payload_remain) {
242 -+ *payload_size = input->offset - (input->offset % 4);
243 -+ } else {
244 -+ *payload_size = *payload_remain;
245 -+ }
246 -+ if (*payload_size == 0) {
247 - return 0;
248 - }
249 --
250 -- *payload = input->buffer + header_size;
251 -+ *payload_remain -= *payload_size;
252 -
253 - /* unmask frame */
254 - /* process 1 frame (32 bit op) */
255 - payload32 = (uint32_t *)(*payload);
256 - for (i = 0; i < *payload_size / 4; i++) {
257 -- payload32[i] ^= mask.u;
258 -+ payload32[i] ^= payload_mask->u;
259 - }
260 - /* process the remaining bytes (if any) */
261 - for (i *= 4; i < *payload_size; i++) {
262 -- (*payload)[i] ^= mask.c[i % 4];
263 -+ (*payload)[i] ^= payload_mask->c[i % 4];
264 - }
265 -
266 - return 1;
267 -diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
268 -index ef229b7..14d4230 100644
269 ---- a/ui/vnc-ws.h
270 -+++ b/ui/vnc-ws.h
271 -@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
272 - void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
273 - void vncws_encode_frame(Buffer *output, const void *payload,
274 - const size_t payload_size);
275 --int vncws_decode_frame(Buffer *input, uint8_t **payload,
276 -- size_t *payload_size, size_t *frame_size);
277 -+int vncws_decode_frame_header(Buffer *input,
278 -+ size_t *header_size,
279 -+ size_t *payload_remain,
280 -+ WsMask *payload_mask);
281 -+int vncws_decode_frame_payload(Buffer *input,
282 -+ size_t *payload_remain, WsMask *payload_mask,
283 -+ uint8_t **payload, size_t *payload_size);
284 -
285 - #endif /* __QEMU_UI_VNC_WS_H */
286 -diff --git a/ui/vnc.h b/ui/vnc.h
287 -index e19ac39..3f7c6a9 100644
288 ---- a/ui/vnc.h
289 -+++ b/ui/vnc.h
290 -@@ -306,6 +306,8 @@ struct VncState
291 - #ifdef CONFIG_VNC_WS
292 - Buffer ws_input;
293 - Buffer ws_output;
294 -+ size_t ws_payload_remain;
295 -+ WsMask ws_payload_mask;
296 - #endif
297 - /* current output mode information */
298 - VncWritePixels *write_pixels;
299 ---
300 -2.3.5
301 -
302 diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
303 deleted file mode 100644
304 index c7a8c8b..0000000
305 --- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
306 +++ /dev/null
307 @@ -1,58 +0,0 @@
308 -From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
309 -From: "Daniel P. Berrange" <berrange@××××××.com>
310 -Date: Mon, 23 Mar 2015 22:58:22 +0000
311 -Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
312 - clients
313 -
314 -The VNC server websockets decoder will read and buffer data from
315 -websockets clients until it sees the end of the HTTP headers,
316 -as indicated by \r\n\r\n. In theory this allows a malicious to
317 -trick QEMU into consuming an arbitrary amount of RAM. In practice,
318 -because QEMU runs g_strstr_len() across the buffered header data,
319 -it will spend increasingly long burning CPU time searching for
320 -the substring match and less & less time reading data. So while
321 -this does cause arbitrary memory growth, the bigger problem is
322 -that QEMU will be burning 100% of available CPU time.
323 -
324 -A novnc websockets client typically sends headers of around
325 -512 bytes in length. As such it is reasonable to place a 4096
326 -byte limit on the amount of data buffered while searching for
327 -the end of HTTP headers.
328 -
329 -Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
330 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
331 ----
332 - ui/vnc-ws.c | 10 ++++++++--
333 - 1 file changed, 8 insertions(+), 2 deletions(-)
334 -
335 -diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
336 -index 0b7de4e..62eb97f 100644
337 ---- a/ui/vnc-ws.c
338 -+++ b/ui/vnc-ws.c
339 -@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
340 - VncState *vs = opaque;
341 - uint8_t *handshake_end;
342 - long ret;
343 -- buffer_reserve(&vs->ws_input, 4096);
344 -- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
345 -+ /* Typical HTTP headers from novnc are 512 bytes, so limiting
346 -+ * total header size to 4096 is easily enough. */
347 -+ size_t want = 4096 - vs->ws_input.offset;
348 -+ buffer_reserve(&vs->ws_input, want);
349 -+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
350 -
351 - if (!ret) {
352 - if (vs->csock == -1) {
353 -@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
354 - vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
355 - buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
356 - strlen(WS_HANDSHAKE_END));
357 -+ } else if (vs->ws_input.offset >= 4096) {
358 -+ VNC_DEBUG("End of headers not found in first 4096 bytes\n");
359 -+ vnc_client_error(vs);
360 - }
361 - }
362 -
363 ---
364 -2.3.5
365 -
366 diff --git a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
367 deleted file mode 100644
368 index 87697d0..0000000
369 --- a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
370 +++ /dev/null
371 @@ -1,86 +0,0 @@
372 -https://bugs.gentoo.org/549404
373 -
374 -From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
375 -From: Petr Matousek <pmatouse@××××××.com>
376 -Date: Wed, 6 May 2015 09:48:59 +0200
377 -Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
378 -
379 -During processing of certain commands such as FD_CMD_READ_ID and
380 -FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
381 -get out of bounds leading to memory corruption with values coming
382 -from the guest.
383 -
384 -Fix this by making sure that the index is always bounded by the
385 -allocated memory.
386 -
387 -This is CVE-2015-3456.
388 -
389 -Signed-off-by: Petr Matousek <pmatouse@××××××.com>
390 -Reviewed-by: John Snow <jsnow@××××××.com>
391 -Signed-off-by: John Snow <jsnow@××××××.com>
392 ----
393 - hw/block/fdc.c | 17 +++++++++++------
394 - 1 files changed, 11 insertions(+), 6 deletions(-)
395 -
396 -diff --git a/hw/block/fdc.c b/hw/block/fdc.c
397 -index f72a392..d8a8edd 100644
398 ---- a/hw/block/fdc.c
399 -+++ b/hw/block/fdc.c
400 -@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
401 - {
402 - FDrive *cur_drv;
403 - uint32_t retval = 0;
404 -- int pos;
405 -+ uint32_t pos;
406 -
407 - cur_drv = get_cur_drv(fdctrl);
408 - fdctrl->dsr &= ~FD_DSR_PWRDOWN;
409 -@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
410 - return 0;
411 - }
412 - pos = fdctrl->data_pos;
413 -+ pos %= FD_SECTOR_LEN;
414 - if (fdctrl->msr & FD_MSR_NONDMA) {
415 -- pos %= FD_SECTOR_LEN;
416 - if (pos == 0) {
417 - if (fdctrl->data_pos != 0)
418 - if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
419 -@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
420 - static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
421 - {
422 - FDrive *cur_drv = get_cur_drv(fdctrl);
423 -+ uint32_t pos;
424 -
425 -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
426 -+ pos = fdctrl->data_pos - 1;
427 -+ pos %= FD_SECTOR_LEN;
428 -+ if (fdctrl->fifo[pos] & 0x80) {
429 - /* Command parameters done */
430 -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
431 -+ if (fdctrl->fifo[pos] & 0x40) {
432 - fdctrl->fifo[0] = fdctrl->fifo[1];
433 - fdctrl->fifo[2] = 0;
434 - fdctrl->fifo[3] = 0;
435 -@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
436 - static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
437 - {
438 - FDrive *cur_drv;
439 -- int pos;
440 -+ uint32_t pos;
441 -
442 - /* Reset mode */
443 - if (!(fdctrl->dor & FD_DOR_nRESET)) {
444 -@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
445 - }
446 -
447 - FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
448 -- fdctrl->fifo[fdctrl->data_pos++] = value;
449 -+ pos = fdctrl->data_pos++;
450 -+ pos %= FD_SECTOR_LEN;
451 -+ fdctrl->fifo[pos] = value;
452 - if (fdctrl->data_pos == fdctrl->data_len) {
453 - /* We now have all parameters
454 - * and will be able to treat the command
455 ---
456 -1.7.0.4
457 -
458 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
459 new file mode 100644
460 index 0000000..fbc6a0a
461 --- /dev/null
462 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
463 @@ -0,0 +1,50 @@
464 +https://bugs.gentoo.org/568246
465 +
466 +From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
467 +From: Gerd Hoffmann <kraxel@××××××.com>
468 +Date: Mon, 14 Dec 2015 09:21:23 +0100
469 +Subject: [PATCH] ehci: make idt processing more robust
470 +
471 +Make ehci_process_itd return an error in case we didn't do any actual
472 +iso transfer because we've found no active transaction. That'll avoid
473 +ehci happily run in circles forever if the guest builds a loop out of
474 +idts.
475 +
476 +This is CVE-2015-8558.
477 +
478 +Cc: qemu-stable@××××××.org
479 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
480 +Tested-by: P J P <ppandit@××××××.com>
481 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
482 +---
483 + hw/usb/hcd-ehci.c | 5 +++--
484 + 1 file changed, 3 insertions(+), 2 deletions(-)
485 +
486 +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
487 +index 4e2161b..d07f228 100644
488 +--- a/hw/usb/hcd-ehci.c
489 ++++ b/hw/usb/hcd-ehci.c
490 +@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
491 + {
492 + USBDevice *dev;
493 + USBEndpoint *ep;
494 +- uint32_t i, len, pid, dir, devaddr, endp;
495 ++ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
496 + uint32_t pg, off, ptr1, ptr2, max, mult;
497 +
498 + ehci->periodic_sched_active = PERIODIC_ACTIVE;
499 +@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
500 + ehci_raise_irq(ehci, USBSTS_INT);
501 + }
502 + itd->transact[i] &= ~ITD_XACT_ACTIVE;
503 ++ xfers++;
504 + }
505 + }
506 +- return 0;
507 ++ return xfers ? 0 : -1;
508 + }
509 +
510 +
511 +--
512 +2.6.2
513 +
514 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
515 new file mode 100644
516 index 0000000..e196043
517 --- /dev/null
518 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
519 @@ -0,0 +1,95 @@
520 +https://bugs.gentoo.org/567868
521 +
522 +From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
523 +From: P J P <ppandit@××××××.com>
524 +Date: Tue, 15 Dec 2015 12:27:54 +0530
525 +Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
526 +
527 +Vmxnet3 device emulator does not check if the device is active
528 +before activating it, also it did not free the transmit & receive
529 +buffers while deactivating the device, thus resulting in memory
530 +leakage on the host. This patch fixes both these issues to avoid
531 +host memory leakage.
532 +
533 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
534 +Reviewed-by: Dmitry Fleytman <dmitry@××××××.com>
535 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
536 +Cc: qemu-stable@××××××.org
537 +Signed-off-by: Jason Wang <jasowang@××××××.com>
538 +---
539 + hw/net/vmxnet3.c | 24 ++++++++++++++++--------
540 + 1 file changed, 16 insertions(+), 8 deletions(-)
541 +
542 +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
543 +index a5dd79a..9c1adfc 100644
544 +--- a/hw/net/vmxnet3.c
545 ++++ b/hw/net/vmxnet3.c
546 +@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
547 +
548 + static void vmxnet3_deactivate_device(VMXNET3State *s)
549 + {
550 +- VMW_CBPRN("Deactivating vmxnet3...");
551 +- s->device_active = false;
552 ++ if (s->device_active) {
553 ++ VMW_CBPRN("Deactivating vmxnet3...");
554 ++ vmxnet_tx_pkt_reset(s->tx_pkt);
555 ++ vmxnet_tx_pkt_uninit(s->tx_pkt);
556 ++ vmxnet_rx_pkt_uninit(s->rx_pkt);
557 ++ s->device_active = false;
558 ++ }
559 + }
560 +
561 + static void vmxnet3_reset(VMXNET3State *s)
562 +@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
563 +
564 + vmxnet3_deactivate_device(s);
565 + vmxnet3_reset_interrupt_states(s);
566 +- vmxnet_tx_pkt_reset(s->tx_pkt);
567 + s->drv_shmem = 0;
568 + s->tx_sop = true;
569 + s->skip_current_tx_pkt = false;
570 +@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
571 + return;
572 + }
573 +
574 ++ /* Verify if device is active */
575 ++ if (s->device_active) {
576 ++ VMW_CFPRN("Vmxnet3 device is active");
577 ++ return;
578 ++ }
579 ++
580 + vmxnet3_adjust_by_guest_type(s);
581 + vmxnet3_update_features(s);
582 + vmxnet3_update_pm_state(s);
583 +@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
584 + break;
585 +
586 + case VMXNET3_CMD_QUIESCE_DEV:
587 +- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
588 ++ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
589 + vmxnet3_deactivate_device(s);
590 + break;
591 +
592 +@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
593 + * shared address only after we get the high part
594 + */
595 + if (val == 0) {
596 +- s->device_active = false;
597 ++ vmxnet3_deactivate_device(s);
598 + }
599 + s->temp_shared_guest_driver_memory = val;
600 + s->drv_shmem = 0;
601 +@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
602 + static void vmxnet3_net_uninit(VMXNET3State *s)
603 + {
604 + g_free(s->mcast_list);
605 +- vmxnet_tx_pkt_reset(s->tx_pkt);
606 +- vmxnet_tx_pkt_uninit(s->tx_pkt);
607 +- vmxnet_rx_pkt_uninit(s->rx_pkt);
608 ++ vmxnet3_deactivate_device(s);
609 + qemu_del_nic(s->nic);
610 + }
611 +
612 +--
613 +2.6.2
614 +
615 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
616 new file mode 100644
617 index 0000000..0dab1c3
618 --- /dev/null
619 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
620 @@ -0,0 +1,49 @@
621 +https://bugs.gentoo.org/570110
622 +
623 +From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
624 +From: Prasad J Pandit <pjp@×××××××××××××.org>
625 +Date: Mon, 28 Dec 2015 16:24:08 +0530
626 +Subject: [PATCH] net: rocker: fix an incorrect array bounds check
627 +
628 +While processing transmit(tx) descriptors in 'tx_consume' routine
629 +the switch emulator suffers from an off-by-one error, if a
630 +descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
631 +fragments. Fix an incorrect bounds check to avoid it.
632 +
633 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
634 +Cc: qemu-stable@××××××.org
635 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
636 +Signed-off-by: Jason Wang <jasowang@××××××.com>
637 +---
638 + hw/net/rocker/rocker.c | 8 ++++----
639 + 1 file changed, 4 insertions(+), 4 deletions(-)
640 +
641 +diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
642 +index c57f1a6..2e77e50 100644
643 +--- a/hw/net/rocker/rocker.c
644 ++++ b/hw/net/rocker/rocker.c
645 +@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
646 + frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
647 + frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
648 +
649 ++ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
650 ++ goto err_too_many_frags;
651 ++ }
652 + iov[iovcnt].iov_len = frag_len;
653 + iov[iovcnt].iov_base = g_malloc(frag_len);
654 + if (!iov[iovcnt].iov_base) {
655 +@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
656 + err = -ROCKER_ENXIO;
657 + goto err_bad_io;
658 + }
659 +-
660 +- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
661 +- goto err_too_many_frags;
662 +- }
663 ++ iovcnt++;
664 + }
665 +
666 + if (iovcnt) {
667 +--
668 +2.6.2
669 +
670 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
671 new file mode 100644
672 index 0000000..b2bca56
673 --- /dev/null
674 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
675 @@ -0,0 +1,50 @@
676 +https://bugs.gentoo.org/570988
677 +
678 +From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
679 +From: Prasad J Pandit <pjp@×××××××××××××.org>
680 +Date: Thu, 31 Dec 2015 17:05:27 +0530
681 +Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
682 +
683 +While doing ioport r/w operations, ne2000 device emulation suffers
684 +from OOB r/w errors. Update respective array bounds check to avoid
685 +OOB access.
686 +
687 +Reported-by: Ling Liu <liuling-it@×××.cn>
688 +Cc: qemu-stable@××××××.org
689 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
690 +Signed-off-by: Jason Wang <jasowang@××××××.com>
691 +---
692 + hw/net/ne2000.c | 10 ++++++----
693 + 1 file changed, 6 insertions(+), 4 deletions(-)
694 +
695 +diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
696 +index 010f9ef..a3dffff 100644
697 +--- a/hw/net/ne2000.c
698 ++++ b/hw/net/ne2000.c
699 +@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
700 + uint32_t val)
701 + {
702 + addr &= ~1; /* XXX: check exact behaviour if not even */
703 +- if (addr < 32 ||
704 +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
705 ++ if (addr < 32
706 ++ || (addr >= NE2000_PMEM_START
707 ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
708 + stl_le_p(s->mem + addr, val);
709 + }
710 + }
711 +@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
712 + static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
713 + {
714 + addr &= ~1; /* XXX: check exact behaviour if not even */
715 +- if (addr < 32 ||
716 +- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
717 ++ if (addr < 32
718 ++ || (addr >= NE2000_PMEM_START
719 ++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
720 + return ldl_le_p(s->mem + addr);
721 + } else {
722 + return 0xffffffff;
723 +--
724 +2.6.2
725 +
726 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
727 new file mode 100644
728 index 0000000..4ce9a35
729 --- /dev/null
730 +++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
731 @@ -0,0 +1,41 @@
732 +https://bugs.gentoo.org/571566
733 +
734 +From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
735 +From: Prasad J Pandit <pjp@×××××××××××××.org>
736 +Date: Mon, 11 Jan 2016 14:10:42 -0500
737 +Subject: [PATCH] ide: ahci: reset ncq object to unused on error
738 +
739 +When processing NCQ commands, AHCI device emulation prepares a
740 +NCQ transfer object; To which an aio control block(aiocb) object
741 +is assigned in 'execute_ncq_command'. In case, when the NCQ
742 +command is invalid, the 'aiocb' object is not assigned, and NCQ
743 +transfer object is left as 'used'. This leads to a use after
744 +free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
745 +Reset NCQ transfer object to 'unused' to avoid it.
746 +
747 +[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
748 +
749 +Reported-by: Qinghao Tang <luodalongde@×××××.com>
750 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
751 +Reviewed-by: John Snow <jsnow@××××××.com>
752 +Message-id: 1452282511-4116-1-git-send-email-ppandit@××××××.com
753 +Signed-off-by: John Snow <jsnow@××××××.com>
754 +---
755 + hw/ide/ahci.c | 1 +
756 + 1 file changed, 1 insertion(+)
757 +
758 +diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
759 +index dd1912e..17f1cbd 100644
760 +--- a/hw/ide/ahci.c
761 ++++ b/hw/ide/ahci.c
762 +@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
763 + ide_state->error = ABRT_ERR;
764 + ide_state->status = READY_STAT | ERR_STAT;
765 + ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
766 ++ ncq_tfs->used = 0;
767 + }
768 +
769 + static void ncq_finish(NCQTransferState *ncq_tfs)
770 +--
771 +2.6.2
772 +
773 diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
774 new file mode 100644
775 index 0000000..173394f
776 --- /dev/null
777 +++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
778 @@ -0,0 +1,13 @@
779 +--- a/configure
780 ++++ b/configure
781 +@@ -4468,10 +4468,6 @@ fi
782 + if test "$gcov" = "yes" ; then
783 + CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
784 + LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
785 +-elif test "$fortify_source" = "yes" ; then
786 +- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
787 +-elif test "$debug" = "no"; then
788 +- CFLAGS="-O2 $CFLAGS"
789 + fi
790 +
791 + ##########################################
792 diff --git a/app-emulation/qemu/qemu-2.2.1-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
793 similarity index 73%
794 rename from app-emulation/qemu/qemu-2.2.1-r99.ebuild
795 rename to app-emulation/qemu/qemu-2.5.0-r99.ebuild
796 index 5b8baf1..2fe26b3 100644
797 --- a/app-emulation/qemu/qemu-2.2.1-r99.ebuild
798 +++ b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
799 @@ -1,6 +1,6 @@
800 # Copyright 1999-2015 Gentoo Foundation
801 # Distributed under the terms of the GNU General Public License v2
802 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1-r2.ebuild,v 1.3 2015/05/14 07:09:58 ago Exp $
803 +# $Id$
804
805 EAPI=5
806
807 @@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then
808 EGIT_REPO_URI="git://git.qemu.org/qemu.git"
809 inherit git-2
810 SRC_URI=""
811 - KEYWORDS=""
812 else
813 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
814 ${BACKPORTS:+
815 - http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
816 - KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
817 + https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
818 + KEYWORDS="amd64 ~ppc x86"
819 fi
820
821 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
822 @@ -30,76 +29,119 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
823 LICENSE="GPL-2 LGPL-2 BSD-2"
824 SLOT="0"
825 IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
826 -gtk infiniband iscsi +jpeg \
827 +gnutls gtk gtk2 infiniband iscsi +jpeg \
828 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
829 +png pulseaudio python \
830 -rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
831 -static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
832 -virtfs +vnc xattr xen xfs"
833 +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
834 +static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
835 +virgl virtfs +vnc vte xattr xen xfs"
836
837 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
838 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
839 x86_64"
840 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
841 -IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
842 +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
843 +IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
844
845 -use_targets="
846 - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
847 - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
848 -"
849 -IUSE+=" ${use_targets}"
850 +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
851 +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
852 +IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
853
854 -# Require at least one softmmu or user target.
855 +# Allow no targets to be built so that people can get a tools-only build.
856 # Block USE flag configurations known to not work.
857 -REQUIRED_USE="|| ( ${use_targets} )
858 - ${PYTHON_REQUIRED_USE}
859 +REQUIRED_USE="${PYTHON_REQUIRED_USE}
860 + gtk2? ( gtk )
861 qemu_softmmu_targets_arm? ( fdt )
862 qemu_softmmu_targets_microblaze? ( fdt )
863 qemu_softmmu_targets_ppc? ( fdt )
864 qemu_softmmu_targets_ppc64? ( fdt )
865 + sdl2? ( sdl )
866 static? ( static-softmmu static-user )
867 - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
868 - virtfs? ( xattr )"
869 + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
870 + virtfs? ( xattr )
871 + vte? ( gtk )"
872
873 # Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
874 #
875 # The attr lib isn't always linked in (although the USE flag is always
876 # respected). This is because qemu supports using the C library's API
877 # when available rather than always using the extranl library.
878 +#
879 +# Older versions of gnutls are supported, but it's simpler to just require
880 +# the latest versions. This is also why we require nettle.
881 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
882 sys-libs/zlib[static-libs(+)]
883 xattr? ( sys-apps/attr[static-libs(+)] )"
884 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
885 >=x11-libs/pixman-0.28.0[static-libs(+)]
886 + accessibility? ( app-accessibility/brltty[static-libs(+)] )
887 aio? ( dev-libs/libaio[static-libs(+)] )
888 + alsa? ( >=media-libs/alsa-lib-1.0.13 )
889 + bluetooth? ( net-wireless/bluez )
890 caps? ( sys-libs/libcap-ng[static-libs(+)] )
891 curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
892 fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
893 glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
894 + gnutls? (
895 + dev-libs/nettle[static-libs(+)]
896 + >=net-libs/gnutls-3.0[static-libs(+)]
897 + )
898 + gtk? (
899 + gtk2? (
900 + x11-libs/gtk+:2
901 + vte? ( x11-libs/vte:0 )
902 + )
903 + !gtk2? (
904 + x11-libs/gtk+:3
905 + vte? ( x11-libs/vte:2.90 )
906 + )
907 + )
908 infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
909 + iscsi? ( net-libs/libiscsi )
910 jpeg? ( virtual/jpeg:=[static-libs(+)] )
911 lzo? ( dev-libs/lzo:2[static-libs(+)] )
912 - ncurses? ( sys-libs/ncurses[static-libs(+)] )
913 + ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
914 nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
915 numa? ( sys-process/numactl[static-libs(+)] )
916 + opengl? (
917 + virtual/opengl
918 + media-libs/libepoxy[static-libs(+)]
919 + media-libs/mesa[static-libs(+)]
920 + media-libs/mesa[egl,gles2]
921 + )
922 png? ( media-libs/libpng:0=[static-libs(+)] )
923 + pulseaudio? ( media-sound/pulseaudio )
924 rbd? ( sys-cluster/ceph[static-libs(+)] )
925 sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
926 - sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
927 + sdl? (
928 + !sdl2? (
929 + media-libs/libsdl[X]
930 + >=media-libs/libsdl-1.2.11[static-libs(+)]
931 + )
932 + sdl2? (
933 + media-libs/libsdl2[X]
934 + media-libs/libsdl2[static-libs(+)]
935 + )
936 + )
937 seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
938 + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
939 snappy? ( app-arch/snappy[static-libs(+)] )
940 - spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
941 + spice? (
942 + >=app-emulation/spice-protocol-0.12.3
943 + >=app-emulation/spice-0.12.0[static-libs(+)]
944 + )
945 ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
946 - tls? ( net-libs/gnutls[static-libs(+)] )
947 - usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
948 + usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
949 + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
950 uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
951 vde? ( net-misc/vde[static-libs(+)] )
952 + virgl? ( media-libs/virglrenderer[static-libs(+)] )
953 + virtfs? ( sys-libs/libcap )
954 xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
955 USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
956 X86_FIRMWARE_DEPEND="
957 >=sys-firmware/ipxe-1.0.0_p20130624
958 pin-upstream-blobs? (
959 - ~sys-firmware/seabios-1.7.5
960 + ~sys-firmware/seabios-1.8.2
961 ~sys-firmware/sgabios-0.1_pre8
962 ~sys-firmware/vgabios-0.7a
963 )
964 @@ -108,28 +150,14 @@ X86_FIRMWARE_DEPEND="
965 sys-firmware/sgabios
966 sys-firmware/vgabios
967 )"
968 -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
969 - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
970 +CDEPEND="
971 + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
972 + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
973 qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
974 qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
975 - accessibility? ( app-accessibility/brltty )
976 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
977 - bluetooth? ( net-wireless/bluez )
978 - gtk? (
979 - x11-libs/gtk+:3
980 - x11-libs/vte:2.90
981 - )
982 - iscsi? ( net-libs/libiscsi )
983 - opengl? ( virtual/opengl )
984 - pulseaudio? ( media-sound/pulseaudio )
985 python? ( ${PYTHON_DEPS} )
986 - sdl? ( media-libs/libsdl[X] )
987 - smartcard? ( dev-libs/nss !app-emulation/libcacard )
988 - spice? ( >=app-emulation/spice-protocol-0.12.3 )
989 systemtap? ( dev-util/systemtap )
990 - usbredir? ( >=sys-apps/usbredir-0.6 )
991 - virtfs? ( sys-libs/libcap )
992 - xen? ( app-emulation/xen-tools )"
993 + xen? ( app-emulation/xen-tools:= )"
994 DEPEND="${CDEPEND}
995 dev-lang/perl
996 =dev-lang/python-2*
997 @@ -137,8 +165,8 @@ DEPEND="${CDEPEND}
998 virtual/pkgconfig
999 kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
1000 gtk? ( nls? ( sys-devel/gettext ) )
1001 - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
1002 - static-user? ( ${USER_LIB_DEPEND} )
1003 + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
1004 + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
1005 test? (
1006 dev-libs/glib[utils]
1007 sys-devel/bc
1008 @@ -245,10 +273,32 @@ pkg_pretend() {
1009
1010 pkg_setup() {
1011 enewgroup kvm 78
1012 - python_setup
1013 +}
1014 +
1015 +# Sanity check to make sure target lists are kept up-to-date.
1016 +check_targets() {
1017 + local var=$1 mak=$2
1018 + local detected sorted
1019 +
1020 + pushd "${S}"/default-configs >/dev/null || die
1021 +
1022 + # Force C locale until glibc is updated. #564936
1023 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
1024 + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
1025 + if [[ ${sorted} != "${detected}" ]] ; then
1026 + eerror "The ebuild needs to be kept in sync."
1027 + eerror "${var}: ${sorted}"
1028 + eerror "$(printf '%-*s' ${#var} configure): ${detected}"
1029 + die "sync ${var} to the list of targets"
1030 + fi
1031 +
1032 + popd >/dev/null
1033 }
1034
1035 src_prepare() {
1036 + check_targets IUSE_SOFTMMU_TARGETS softmmu
1037 + check_targets IUSE_USER_TARGETS linux-user
1038 +
1039 # Alter target makefiles to accept CFLAGS set via flag-o
1040 sed -i -r \
1041 -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
1042 @@ -257,20 +307,22 @@ src_prepare() {
1043 # Cheap hack to disable gettext .mo generation.
1044 use nls || rm -f po/*.po
1045
1046 - epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
1047 - epatch "${FILESDIR}"/${P}-CVE-2015-1779-1.patch #544328
1048 - epatch "${FILESDIR}"/${P}-CVE-2015-1779-2.patch #544328
1049 - epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3456.patch #549404
1050 -
1051 # Patching for musl
1052 epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
1053 epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
1054 epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
1055
1056 + epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
1057 [[ -n ${BACKPORTS} ]] && \
1058 EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
1059 epatch
1060
1061 + epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
1062 + epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
1063 + epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
1064 + epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
1065 + epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
1066 +
1067 # Fix ld and objcopy being called directly
1068 tc-export AR LD OBJCOPY
1069
1070 @@ -288,14 +340,10 @@ qemu_src_configure() {
1071 debug-print-function ${FUNCNAME} "$@"
1072
1073 local buildtype=$1
1074 - local builddir=$2
1075 + local builddir="${S}/${buildtype}-build"
1076 local static_flag="static-${buildtype}"
1077
1078 - # audio options
1079 - local audio_opts="oss"
1080 - use alsa && audio_opts="alsa,${audio_opts}"
1081 - use sdl && audio_opts="sdl,${audio_opts}"
1082 - use pulseaudio && audio_opts="pa,${audio_opts}"
1083 + mkdir "${builddir}"
1084
1085 local conf_opts=(
1086 --prefix=/usr
1087 @@ -306,6 +354,11 @@ qemu_src_configure() {
1088 --disable-guest-agent
1089 --disable-strip
1090 --disable-werror
1091 + # We support gnutls/nettle for crypto operations. It is possible
1092 + # to use gcrypt when gnutls/nettle are disabled (but not when they
1093 + # are enabled), but it's not really worth the hassle. Disable it
1094 + # all the time to avoid automatically detecting it. #568856
1095 + --disable-gcrypt
1096 --python="${PYTHON}"
1097 --cc="$(tc-getCC)"
1098 --cxx="$(tc-getCXX)"
1099 @@ -334,6 +387,8 @@ qemu_src_configure() {
1100 $(conf_softmmu curl)
1101 $(conf_softmmu fdt)
1102 $(conf_softmmu glusterfs)
1103 + $(conf_softmmu gnutls)
1104 + $(conf_softmmu gnutls nettle)
1105 $(conf_softmmu gtk)
1106 $(conf_softmmu infiniband rdma)
1107 $(conf_softmmu iscsi libiscsi)
1108 @@ -343,26 +398,25 @@ qemu_src_configure() {
1109 $(conf_softmmu ncurses curses)
1110 $(conf_softmmu nfs libnfs)
1111 $(conf_softmmu numa)
1112 - $(conf_softmmu opengl glx)
1113 + $(conf_softmmu opengl)
1114 $(conf_softmmu png vnc-png)
1115 $(conf_softmmu rbd)
1116 $(conf_softmmu sasl vnc-sasl)
1117 $(conf_softmmu sdl)
1118 $(conf_softmmu seccomp)
1119 - $(conf_softmmu smartcard smartcard-nss)
1120 + $(conf_softmmu smartcard)
1121 $(conf_softmmu snappy)
1122 $(conf_softmmu spice)
1123 $(conf_softmmu ssh libssh2)
1124 - $(conf_softmmu tls quorum)
1125 - $(conf_softmmu tls vnc-tls)
1126 - $(conf_softmmu tls vnc-ws)
1127 $(conf_softmmu usb libusb)
1128 $(conf_softmmu usbredir usb-redir)
1129 $(conf_softmmu uuid)
1130 $(conf_softmmu vde)
1131 $(conf_softmmu vhost-net)
1132 + $(conf_softmmu virgl virglrenderer)
1133 $(conf_softmmu virtfs)
1134 $(conf_softmmu vnc)
1135 + $(conf_softmmu vte)
1136 $(conf_softmmu xen)
1137 $(conf_softmmu xen xen-pci-passthrough)
1138 $(conf_softmmu xfs xfsctl)
1139 @@ -373,23 +427,39 @@ qemu_src_configure() {
1140 conf_opts+=(
1141 --enable-linux-user
1142 --disable-system
1143 - --target-list="${user_targets}"
1144 --disable-blobs
1145 --disable-tools
1146 )
1147 ;;
1148 softmmu)
1149 + # audio options
1150 + local audio_opts="oss"
1151 + use alsa && audio_opts="alsa,${audio_opts}"
1152 + use sdl && audio_opts="sdl,${audio_opts}"
1153 + use pulseaudio && audio_opts="pa,${audio_opts}"
1154 +
1155 conf_opts+=(
1156 --disable-linux-user
1157 --enable-system
1158 - --target-list="${softmmu_targets}"
1159 --with-system-pixman
1160 --audio-drv-list="${audio_opts}"
1161 )
1162 - use gtk && conf_opts+=( --with-gtkabi=3.0 )
1163 + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
1164 + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
1165 + ;;
1166 + tools)
1167 + conf_opts+=(
1168 + --disable-linux-user
1169 + --disable-system
1170 + --disable-blobs
1171 + )
1172 + static_flag="static"
1173 ;;
1174 esac
1175
1176 + local targets="${buildtype}_targets"
1177 + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
1178 +
1179 # Add support for SystemTAP
1180 use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
1181
1182 @@ -402,7 +472,7 @@ qemu_src_configure() {
1183 gcc-specs-pie && conf_opts+=( --enable-pie )
1184 fi
1185
1186 - einfo "../configure ${conf_opts[*]}"
1187 + echo "../configure ${conf_opts[*]}"
1188 cd "${builddir}"
1189 ../configure "${conf_opts[@]}" || die "configure failed"
1190
1191 @@ -415,7 +485,7 @@ qemu_src_configure() {
1192 src_configure() {
1193 local target
1194
1195 - python_export_best
1196 + python_setup
1197
1198 softmmu_targets= softmmu_bins=()
1199 user_targets= user_bins=()
1200 @@ -434,21 +504,12 @@ src_configure() {
1201 fi
1202 done
1203
1204 - [[ -n ${softmmu_targets} ]] && \
1205 - einfo "Building the following softmmu targets: ${softmmu_targets}"
1206 -
1207 - [[ -n ${user_targets} ]] && \
1208 - einfo "Building the following user targets: ${user_targets}"
1209 -
1210 - if [[ -n ${softmmu_targets} ]]; then
1211 - mkdir "${S}/softmmu-build"
1212 - qemu_src_configure "softmmu" "${S}/softmmu-build"
1213 - fi
1214 + softmmu_targets=${softmmu_targets#,}
1215 + user_targets=${user_targets#,}
1216
1217 - if [[ -n ${user_targets} ]]; then
1218 - mkdir "${S}/user-build"
1219 - qemu_src_configure "user" "${S}/user-build"
1220 - fi
1221 + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
1222 + [[ -n ${user_targets} ]] && qemu_src_configure "user"
1223 + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
1224 }
1225
1226 src_compile() {
1227 @@ -461,6 +522,11 @@ src_compile() {
1228 cd "${S}/softmmu-build"
1229 default
1230 fi
1231 +
1232 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1233 + cd "${S}/tools-build"
1234 + default
1235 + fi
1236 }
1237
1238 src_test() {
1239 @@ -506,6 +572,11 @@ src_install() {
1240 fi
1241 fi
1242
1243 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1244 + cd "${S}/tools-build"
1245 + emake DESTDIR="${ED}" install
1246 + fi
1247 +
1248 # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
1249 pushd "${ED}"/usr/bin >/dev/null
1250 pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
1251 @@ -516,21 +587,21 @@ src_install() {
1252 doins "${FILESDIR}/bridge.conf"
1253
1254 # Remove the docdir placed qmp-commands.txt
1255 - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
1256 + mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
1257
1258 cd "${S}"
1259 dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
1260 newdoc pc-bios/README README.pc-bios
1261 - dodoc docs/qmp/*.txt
1262 + dodoc docs/qmp-*.txt
1263
1264 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
1265 - rm "${ED}/usr/share/qemu/bios.bin"
1266 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1267 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1268 - fi
1269 -
1270 - # Remove vgabios since we're using the vgabios packaged one
1271 if [[ -n ${softmmu_targets} ]]; then
1272 + # Remove SeaBIOS since we're using the SeaBIOS packaged one
1273 + rm "${ED}/usr/share/qemu/bios.bin"
1274 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1275 + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1276 + fi
1277 +
1278 + # Remove vgabios since we're using the vgabios packaged one
1279 rm "${ED}/usr/share/qemu/vgabios.bin"
1280 rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
1281 rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
1282 @@ -568,21 +639,6 @@ src_install() {
1283 pkg_postinst() {
1284 if qemu_support_kvm; then
1285 readme.gentoo_print_elog
1286 - ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
1287 - ewarn "save states has been removed starting with the 1.6.2 release"
1288 - ewarn
1289 - ewarn "It is recommended that you migrate any VMs that may be running"
1290 - ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
1291 - ewarn "any saved states with a newer qemu."
1292 - ewarn
1293 - ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
1294 -
1295 - if use x86 || use amd64; then
1296 - ewarn
1297 - ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
1298 - ewarn "installed. In order to use kvm acceleration, pass the flag"
1299 - ewarn "-enable-kvm when running your system target."
1300 - fi
1301 fi
1302
1303 if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
1304 @@ -590,10 +646,6 @@ pkg_postinst() {
1305 fi
1306
1307 fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
1308 - if use virtfs && [ -n "${softmmu_targets}" ]; then
1309 - local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
1310 - fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
1311 - fi
1312 }
1313
1314 pkg_info() {
1315 @@ -601,7 +653,7 @@ pkg_info() {
1316 echo " $(best_version app-emulation/spice-protocol)"
1317 echo " $(best_version sys-firmware/ipxe)"
1318 echo " $(best_version sys-firmware/seabios)"
1319 - if has_version sys-firmware/seabios[binary]; then
1320 + if has_version 'sys-firmware/seabios[binary]'; then
1321 echo " USE=binary"
1322 else
1323 echo " USE=''"
1324 --
1325 2.4.10
Report Message
Find on MARC Find on Google Groups