Gentoo Archives: gentoo-musl

From: Felix Janda <felix.janda@××××××.de>
To: gentoo-musl@l.g.o
Subject: [gentoo-musl] [PATCH] app-emulation/qemu: bump to 2.5.1
Date: Sun, 31 Jul 2016 18:46:31
Message-Id: 20160731184601.GA17551@nyan
1 ---
2 app-emulation/qemu/Manifest | 25 +----
3 app-emulation/qemu/files/qemu-1.7.0-cflags.patch | 11 --
4 .../qemu/files/qemu-2.5.0-9pfs-segfault.patch | 34 ------
5 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch | 50 ---------
6 .../qemu/files/qemu-2.5.0-CVE-2015-8567.patch | 95 ----------------
7 .../qemu/files/qemu-2.5.0-CVE-2015-8613.patch | 35 ------
8 .../qemu/files/qemu-2.5.0-CVE-2015-8619.patch | 121 ---------------------
9 .../qemu/files/qemu-2.5.0-CVE-2015-8701.patch | 49 ---------
10 .../qemu/files/qemu-2.5.0-CVE-2015-8743.patch | 50 ---------
11 .../qemu/files/qemu-2.5.0-CVE-2016-1568.patch | 41 -------
12 .../qemu/files/qemu-2.5.0-CVE-2016-1714.patch | 58 ----------
13 .../qemu/files/qemu-2.5.0-CVE-2016-1922.patch | 65 -----------
14 .../qemu/files/qemu-2.5.0-CVE-2016-1981.patch | 98 -----------------
15 .../qemu/files/qemu-2.5.0-CVE-2016-2197.patch | 43 --------
16 .../qemu/files/qemu-2.5.0-CVE-2016-2392.patch | 35 ------
17 .../qemu/files/qemu-2.5.0-ne2000-reg-check.patch | 37 -------
18 .../qemu/files/qemu-2.5.0-usb-ehci-oob.patch | 52 ---------
19 .../files/qemu-2.5.0-usb-ndis-int-overflow.patch | 59 ----------
20 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch | 107 ++++++++++++++++++
21 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch | 16 +++
22 .../files/qemu-2.5.1-stellaris_enet-overflow.patch | 47 ++++++++
23 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch | 82 ++++++++++++++
24 ...emu-2.5.0-r999.ebuild => qemu-2.5.1-r99.ebuild} | 30 ++---
25 23 files changed, 267 insertions(+), 973 deletions(-)
26 delete mode 100644 app-emulation/qemu/files/qemu-1.7.0-cflags.patch
27 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
28 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
29 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
30 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
31 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
32 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
33 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
34 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
35 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
36 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
37 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
38 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
39 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
40 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
41 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
42 delete mode 100644 app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
43 create mode 100644 app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
44 create mode 100644 app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
45 create mode 100644 app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
46 create mode 100644 app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
47 rename app-emulation/qemu/{qemu-2.5.0-r999.ebuild => qemu-2.5.1-r99.ebuild} (94%)
48
49 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
50 index 4e4858a..5d10f94 100644
51 --- a/app-emulation/qemu/Manifest
52 +++ b/app-emulation/qemu/Manifest
53 @@ -1,34 +1,21 @@
54 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
55 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
56 -AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78
57 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
58 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
59 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
60 -AUX qemu-2.5.0-9pfs-segfault.patch 1294 SHA256 707835ed8af1aa7e8fc9f0e06c6afa8e77fe7858b20ad4c2df2a1aec0627332d SHA512 2af7498939ba653c36808a7bccafe4a3d8c3d1cfa7199c5788f67fb001925dff17e4faba5e13c6b1517ca887209452f4ba7ed71f6b4464d55b5e942350406f90 WHIRLPOOL 591ba85bd9e5ab0665ed5835878886ec0d774a500ed966dd1b37e5478a4799a38d319a6bb88d214f202a83282db6a0434641b30c8b70ceef6bd2fb1e38f8faef
61 -AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
62 -AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
63 -AUX qemu-2.5.0-CVE-2015-8613.patch 1264 SHA256 c8df9bb4c0100ef6c8ae09acd73878e46b3ad4a9e04b9cfe30445922bc33299c SHA512 ea2bf909ec29bab0b2131bf9d3e8fc04f176393258c4ce578d3ac8d76f09a25b96f8a3b2aa450b47c0ba9bc9637e5b93e7cc53542362b48930de18ceebb07698 WHIRLPOOL f0d415b1df9f05cb0431801054535f8939d46e7dda6eaa5ce990eef82ddc458003eb9ae5dc06e3269ddb5ed8f8c903c1f3d058d41e63ea9a5192b6149283feb2
64 -AUX qemu-2.5.0-CVE-2015-8619.patch 4220 SHA256 325bb3df340a1f5115a345a145bed94e9b2d5721cf8cce1217138e8d5a8a0c1a SHA512 317e882da18332fe667c10c55b8f026d347d93c61f668e8ddb916f1b0f5e39a9e3104c14ab2306ce761024a02a78af3a4808627ad9f18c0d43d748fd30c21505 WHIRLPOOL feddd255cf3844cd270ca2662f6140cc7104f8328e51acb01dc2f6f1b4646061569f5faa629264ebeaa5a2b18e595c4a90b69a588aa05f1acf70d9570067c6c0
65 -AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
66 -AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
67 -AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
68 -AUX qemu-2.5.0-CVE-2016-1714.patch 2168 SHA256 2a366b01f5c05a87324ca765cea90bc93eda819d264932ac4588e6303e0b7dee SHA512 25f5f67dbcb2175bac1b5d6d11bf6b27019526c0ee43ed8580a0de10bf82ac62e5a71ded4d18c0e561d8d3832da630c92f9f118277da349367f55b4939029216 WHIRLPOOL 600d0c90779aaf7c1840e106359c909d486c7cce483edc0e5ddc627a127c907f5dd9cbd5b8ce561e2675f6bfe8cd0502efa96557601ce26eda2311b1072ab48b
69 -AUX qemu-2.5.0-CVE-2016-1922.patch 2114 SHA256 a10d23d5ff3d021aa0962c79a397b69518cec6cd570ebea771f03513d4b7eb1a SHA512 af895fd14e876f808203279176c5f5c28d95d0137385c6d0e56e27f9ad70b76552b8ce75a3be368ceed94fbc62999e8d6c5e6dbcd35e99d59c57787afe6ac57d WHIRLPOOL 199ec0c9bc766968778e5733e1ca0773999a3cccfa779d8fdf68c2ed866a1427048b0db9730eb2a1521be5e174ea6388b69053c85d0d25144e73df25ec7829a9
70 -AUX qemu-2.5.0-CVE-2016-1981.patch 4160 SHA256 ad440f4964670e68846a3469e0cb0eca3ecf11cfc5c2e32b09581b64eef43ab7 SHA512 f133a311da42cc831116251550359949e0f23f1163a7b0e638fc5f43edf1dea17a5e5843a06142c3086ef367d94898b074eebf8c371ea83b7a3981cfd20c4e27 WHIRLPOOL ba6e563917773d4488f51c11864a6ce1a4331ba6fc7925f47768282ea75f1a26c51792063c946579d49b28e3ed7a854a191732c1ba7ec40628395e971cf67782
71 -AUX qemu-2.5.0-CVE-2016-2197.patch 1358 SHA256 caa5eb42b21a3fc656982fdc4e511c8350eeb0511857d9b8f371e4e926c2ac80 SHA512 ee6467ef00c5db1e6c5f6331ec411afd139e7e8c5d5e23e3ee33b3161f0e79028ddecfa661bf4bfb5bac0cfa91385f69d66b57c5337384817f0756b7575aa099 WHIRLPOOL 67bab11771159560fd080d157477aa227aa351bb8101671c0e778a38a15d607a2346ade7b10310914f93d5a1faeb993003590e7bf75cd5c9d06db0c687085b51
72 AUX qemu-2.5.0-CVE-2016-2198.patch 1540 SHA256 0d6d81a27ffac1af7c478a050aa690eb007cf9735a1a0c4b398eabeb990d5ab4 SHA512 b0b3131bb2b9b2d3f2a3f3286eeb92b527f0d3366e657cf8bcbabc6426b57893936c5a8ef66697ad1014b4525c09fa4d067195600f96ab2b005fd52b6e77d9a4 WHIRLPOOL f5c56b87f934c573fc71169fcded579b9917285fbfff59fd9288011775f482ead2ac09e1399f325e826305fab2f7bc2cd21d333711c526c1658a069a5ee93491
73 -AUX qemu-2.5.0-CVE-2016-2392.patch 1265 SHA256 a81d906bcf18fb5cf76fa5fa686c848a33f43054bff03a7a2e0e391a34884be8 SHA512 cac6503176f1e37fa6e9bab1daa4bbec6fb6fb3be4ec2e30427356969f3310b8bb898356f9e7f786e75c3ba07b9bc7afb9f0ac7a99adc12847de49b55c0d7960 WHIRLPOOL 65456ade1b773ebfe629ab0fb0045613b4d2f0f5c2d9ec20409170cba5011de46800bf1dd42a78334fe5166a2c8201e6505f3db904474cd4c28d1e88df0f9daf
74 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
75 -AUX qemu-2.5.0-ne2000-reg-check.patch 1141 SHA256 b64fd5bfbd9c7b37b9003271e9902db4ea28b71095a51e161c7698e2f690183b SHA512 7f94ef8cb023224750abc5c2c7d515ccc6ce7f8b655a1454673ecc291193551b9ae00c248c609368a0cf143888ba2c3a5a929a4f9477e5efd27f92c45abc8722 WHIRLPOOL 43fec025a08e0aa0c14ab5ac11cd9aa49b03e52e3fcaacb6785ecd25aa531edfd04a5f8913330e27acf046f8cad2c57887e1a353779ee73ab8bb2dad65c446a7
76 AUX qemu-2.5.0-rng-stack-corrupt-0.patch 3125 SHA256 164b155db78a9291b9f8dea71a16b5779e1a9d382a8cb0f5ff380d1f2d811cef SHA512 7da544873dbefbbc7a2ed69bd7cca0053bfe71ef7f5c2faf12cb5dc6e07b8d9104e5bcf329b3355e886edc5805509623234c9fe8fb536544d6285b04ccc59919 WHIRLPOOL f076264ce4bae5be2f34e006e3e4dcc20042313cb6da4977b61529c3100e835952807738d53a86967f98abad68eba1c8dcbb6a04af162b048399e059b5eb9d6b
77 AUX qemu-2.5.0-rng-stack-corrupt-1.patch 4110 SHA256 16966eb20072a5d16fec46e5959e32708342af9a7266fe4a90a0abaf68af3529 SHA512 530d6a5f9b6795013bbe197cf0a0d7eddfb06d18c0f8410bcf5bcc2d32c4b72c325b8b0ade2c517bd305fcbdab03124cc527d24d73ce767daf51de65d00920c8 WHIRLPOOL c0b653c67993c6c6ed282f0c86099c8c80a241f10e23ef3fd8e33c6d86fbb5553049550e83954cfc6d3576735c4ce28099f813917966c0a05c84bb46a6bee413
78 AUX qemu-2.5.0-rng-stack-corrupt-2.patch 4601 SHA256 c2b4e1ee8ee4bb2f4d42012a847c1da83a9e2349238d37bba1a3b9c440957f7f SHA512 ba299d07c7382f39f177f8094594daf131727d3d28633b426064f7cc6bf75d19b1ae78db248fc70ddbdb43fd2a6b0c5ed7793e6f42aba2763cdb4c12d6816c54 WHIRLPOOL 62b6ab75c32574a4c53193d82c7f51efdaa4789154c2d2f9acee7ede240d2920d92e31dfead7edc17aa12f938919143ce049d2c9ef9733baccc27d382506437f
79 AUX qemu-2.5.0-rng-stack-corrupt-3.patch 5519 SHA256 5a3c2ed59bc30f395aee5cd0b77cdb06d868386e5bbe1b392169f8d96ae9474a SHA512 f62713130d3b989b274476a4cc2eafb95dc41de4723fe475e454132817a159eb729bbbe5a29aee755715100095670107c5762271184252e9d0cd43c4b25bc5d1 WHIRLPOOL f8e4aa90b90b03dd6e4dd68734cb16ee5f59a9585697ef3c48e7e861968798cb3c66018ad5a788f99b99e9fddab2ae83d977ec4b1a8599596a5ce03286726e3e
80 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
81 -AUX qemu-2.5.0-usb-ehci-oob.patch 2014 SHA256 e0593f8a645dfca3115ea56d1b74d701f07c60d80eadf0bf68133e7539de345a SHA512 c02e0881bb85ffbf7d401b4ee5801692262cddaef9245dfcbf323f0f4d310394e1fbbf639f7a3d2d39ae428c09513adcb9be7fdcf49b7accf133d911dc0b702c WHIRLPOOL 992b2c6d3464a53174054f0d2dc6ec70eeb1e17128ee65c7986d9f5ec80e037bca9bd5bfb65c66bb9bf85f0b56a1a6d008ab4dbe35602d7deea9489add2e7c4b
82 -AUX qemu-2.5.0-usb-ndis-int-overflow.patch 2404 SHA256 caa4ff5ab038e88b2b09f04f2a9528fc47d42d35fbd35bbd7907afd292ef66db SHA512 f87de0a9f161f14814fafc883bd557f8f007a53729dc3c36145dd19ea9c52eabb81f6ada4e4a7122a461c9bed6f524ea0b92f9182b77a4c7cf9c8ecfc217f8e0 WHIRLPOOL 6022a3e0b125beb85efa2b6c1edf5a94dce27bd299d247078d418cf6515c8fc0ca1d8032034ef427c3d4681cc3536900099391b623152b2609cab2f4f963d046
83 +AUX qemu-2.5.1-CVE-2015-8558.patch 3237 SHA256 3320c5624a33076b36f39566a4c3bbe5f95adae44207512d791175bcfc3959ff SHA512 c6ea0ca7d0ea221e9704001d26dae143861463ec45c7a543f041520874dd6e3a2d4bdb6d1eca25097f265aa2a1600858c9908b59cdd640007ab057cf7b86083f WHIRLPOOL 0c3c683a79f68ab3073a3b5e6afe2b6184d66254bd8278e131d5aa199ff51d52e5b186521ff8799345b1f1977afc112550e1a7d4b684b2a3267e9caddd0f1576
84 +AUX qemu-2.5.1-CVE-2016-4020.patch 567 SHA256 6c8e933593cfbedc98de81bf01e394d1ca1d016109fcc81e91f6472d2092b1a0 SHA512 90ac43329cbbcc0451470e010a1a1bd32ef8891c1f2d7d7e54e870e740c77ea8dfdec30989d586aaea250de6ca294504bf7e88818bf35e3269cf528ea3e50ce5 WHIRLPOOL 7ea7c7af1f2a3f11bc5bfe7b708021bbcb03c00d354a733c0fad14193110559cd1561939bd5bb6597a84bc01e74a914ef9dc51f28c522473b424919edc17cdb3
85 +AUX qemu-2.5.1-stellaris_enet-overflow.patch 1569 SHA256 5d20aef8139068eeb63c167856c8f0004e8761227d9bb1fd67240c4b922f704a SHA512 92c015af82eb92bf5f6f4d6fd86b402636a61f0ac9572cc2f002d4c795ce133f7858a38336fd5f4a25c7157dea969d288bb73f00d9a8b3b8f517ba2aea6e4ba8 WHIRLPOOL 94c49f8f78864ac3da247b569d2afc2ee0d801482a00117a7898fb396440118ef3bc54e1b61023496184f37404c893a1ef7725ce6ca9a27ca596cdf38e747603
86 +AUX qemu-2.5.1-xfs-linux-headers.patch 2634 SHA256 ca1eb8d4593d794541f375cb1425861e145aa036d440b9d29c4cb7b5102d018b SHA512 88b8a6178893e3354d90ad1a7cfc370fc05ffd2e3ea7c9cc8aeda9e129ea93d45838b5816afb46c0594886fbb129e3665a738f4c195183b843caedc0302530c0 WHIRLPOOL 193f1b89710ecbbb5b645a59ac6f3b7bad8191cc3228bad0427cb80c54e1b55d11d25abe1f59173b9669452f57a52f830d074bb106bdc3c05b6659826a4d561d
87 AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
88 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
89 -DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
90 -EBUILD qemu-2.5.0-r999.ebuild 21699 SHA256 8ca42bbf30baa2271e0a1a7be920a06dba32f7c0b6c0ea50d3dd93d949d6522f SHA512 182ccb339259864276e7540b630dfb46e98058df978ffe7ad1a13df541f70f949a62ece46699cc2ba4c3311a24ccd609933733226bb660cc28c37a4f9608c755 WHIRLPOOL 462aa47e61ad570fc9d874145bbca1ab5b804b590f97a34c62f2640b774f380d105c7d2a61790c1c229b8613f8aa74e2d78f8e01dcdce336e202ce64b4172e2b
91 +DIST qemu-2.5.1.tar.bz2 25464539 SHA256 028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f WHIRLPOOL 32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf
92 +EBUILD qemu-2.5.1-r99.ebuild 21104 SHA256 92637c4d36984ff78616a2ca9a1952d453f035608357b2f212cddc4b98bed5de SHA512 0dd1b5d37448371604efb213894bfde17ab08d234affc675dc2474ba395e4b854071711304c30be4a405ed98d6cb2be7f107958487080cd8dbeb15fada2da9f8 WHIRLPOOL cc8ed2d2140b669da67d8a5f15b93651638848f77b853d11b7e235ba37b75d945076266798fff1ccf8d74ba16113cbead260b10e9c8aaed03c07fb5d9d1f1ce3
93 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41
94 diff --git a/app-emulation/qemu/files/qemu-1.7.0-cflags.patch b/app-emulation/qemu/files/qemu-1.7.0-cflags.patch
95 deleted file mode 100644
96 index cd003f6..0000000
97 --- a/app-emulation/qemu/files/qemu-1.7.0-cflags.patch
98 +++ /dev/null
99 @@ -1,11 +0,0 @@
100 ---- a/configure
101 -+++ b/configure
102 -@@ -3131,8 +3131,6 @@ fi
103 - if test "$gcov" = "yes" ; then
104 - CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
105 - LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
106 --elif test "$debug" = "no" ; then
107 -- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
108 - fi
109 -
110 -
111 diff --git a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch b/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
112 deleted file mode 100644
113 index 0e27684..0000000
114 --- a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
115 +++ /dev/null
116 @@ -1,34 +0,0 @@
117 -From 4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 Mon Sep 17 00:00:00 2001
118 -From: Greg Kurz <gkurz@××××××××××××××.com>
119 -Date: Wed, 23 Dec 2015 10:56:58 +0100
120 -Subject: [PATCH] virtio-9p: use accessor to get thread_pool
121 -
122 -The aio_context_new() function does not allocate a thread pool. This is
123 -deferred to the first call to the aio_get_thread_pool() accessor. It is
124 -hence forbidden to access the thread_pool field directly, as it may be
125 -NULL. The accessor *must* be used always.
126 -
127 -Fixes: ebac1202c95a4f1b76b6ef3f0f63926fa76e753e
128 -Reviewed-by: Michael Tokarev <mjt@×××××××.ru>
129 -Tested-by: Michael Tokarev <mjt@×××××××.ru>
130 -Cc: qemu-stable@××××××.org
131 -Signed-off-by: Greg Kurz <gkurz@××××××××××××××.com>
132 ----
133 - hw/9pfs/virtio-9p-coth.c | 2 +-
134 - 1 file changed, 1 insertion(+), 1 deletion(-)
135 -
136 -diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
137 -index fb6e8f8..ab9425c 100644
138 ---- a/hw/9pfs/virtio-9p-coth.c
139 -+++ b/hw/9pfs/virtio-9p-coth.c
140 -@@ -36,6 +36,6 @@ static int coroutine_enter_func(void *arg)
141 - void co_run_in_worker_bh(void *opaque)
142 - {
143 - Coroutine *co = opaque;
144 -- thread_pool_submit_aio(qemu_get_aio_context()->thread_pool,
145 -+ thread_pool_submit_aio(aio_get_thread_pool(qemu_get_aio_context()),
146 - coroutine_enter_func, co, coroutine_enter_cb, co);
147 - }
148 ---
149 -2.7.4
150 -
151 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
152 deleted file mode 100644
153 index fbc6a0a..0000000
154 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
155 +++ /dev/null
156 @@ -1,50 +0,0 @@
157 -https://bugs.gentoo.org/568246
158 -
159 -From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
160 -From: Gerd Hoffmann <kraxel@××××××.com>
161 -Date: Mon, 14 Dec 2015 09:21:23 +0100
162 -Subject: [PATCH] ehci: make idt processing more robust
163 -
164 -Make ehci_process_itd return an error in case we didn't do any actual
165 -iso transfer because we've found no active transaction. That'll avoid
166 -ehci happily run in circles forever if the guest builds a loop out of
167 -idts.
168 -
169 -This is CVE-2015-8558.
170 -
171 -Cc: qemu-stable@××××××.org
172 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
173 -Tested-by: P J P <ppandit@××××××.com>
174 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
175 ----
176 - hw/usb/hcd-ehci.c | 5 +++--
177 - 1 file changed, 3 insertions(+), 2 deletions(-)
178 -
179 -diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
180 -index 4e2161b..d07f228 100644
181 ---- a/hw/usb/hcd-ehci.c
182 -+++ b/hw/usb/hcd-ehci.c
183 -@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
184 - {
185 - USBDevice *dev;
186 - USBEndpoint *ep;
187 -- uint32_t i, len, pid, dir, devaddr, endp;
188 -+ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
189 - uint32_t pg, off, ptr1, ptr2, max, mult;
190 -
191 - ehci->periodic_sched_active = PERIODIC_ACTIVE;
192 -@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
193 - ehci_raise_irq(ehci, USBSTS_INT);
194 - }
195 - itd->transact[i] &= ~ITD_XACT_ACTIVE;
196 -+ xfers++;
197 - }
198 - }
199 -- return 0;
200 -+ return xfers ? 0 : -1;
201 - }
202 -
203 -
204 ---
205 -2.6.2
206 -
207 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
208 deleted file mode 100644
209 index e196043..0000000
210 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
211 +++ /dev/null
212 @@ -1,95 +0,0 @@
213 -https://bugs.gentoo.org/567868
214 -
215 -From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
216 -From: P J P <ppandit@××××××.com>
217 -Date: Tue, 15 Dec 2015 12:27:54 +0530
218 -Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
219 -
220 -Vmxnet3 device emulator does not check if the device is active
221 -before activating it, also it did not free the transmit & receive
222 -buffers while deactivating the device, thus resulting in memory
223 -leakage on the host. This patch fixes both these issues to avoid
224 -host memory leakage.
225 -
226 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
227 -Reviewed-by: Dmitry Fleytman <dmitry@××××××.com>
228 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
229 -Cc: qemu-stable@××××××.org
230 -Signed-off-by: Jason Wang <jasowang@××××××.com>
231 ----
232 - hw/net/vmxnet3.c | 24 ++++++++++++++++--------
233 - 1 file changed, 16 insertions(+), 8 deletions(-)
234 -
235 -diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
236 -index a5dd79a..9c1adfc 100644
237 ---- a/hw/net/vmxnet3.c
238 -+++ b/hw/net/vmxnet3.c
239 -@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
240 -
241 - static void vmxnet3_deactivate_device(VMXNET3State *s)
242 - {
243 -- VMW_CBPRN("Deactivating vmxnet3...");
244 -- s->device_active = false;
245 -+ if (s->device_active) {
246 -+ VMW_CBPRN("Deactivating vmxnet3...");
247 -+ vmxnet_tx_pkt_reset(s->tx_pkt);
248 -+ vmxnet_tx_pkt_uninit(s->tx_pkt);
249 -+ vmxnet_rx_pkt_uninit(s->rx_pkt);
250 -+ s->device_active = false;
251 -+ }
252 - }
253 -
254 - static void vmxnet3_reset(VMXNET3State *s)
255 -@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
256 -
257 - vmxnet3_deactivate_device(s);
258 - vmxnet3_reset_interrupt_states(s);
259 -- vmxnet_tx_pkt_reset(s->tx_pkt);
260 - s->drv_shmem = 0;
261 - s->tx_sop = true;
262 - s->skip_current_tx_pkt = false;
263 -@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
264 - return;
265 - }
266 -
267 -+ /* Verify if device is active */
268 -+ if (s->device_active) {
269 -+ VMW_CFPRN("Vmxnet3 device is active");
270 -+ return;
271 -+ }
272 -+
273 - vmxnet3_adjust_by_guest_type(s);
274 - vmxnet3_update_features(s);
275 - vmxnet3_update_pm_state(s);
276 -@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
277 - break;
278 -
279 - case VMXNET3_CMD_QUIESCE_DEV:
280 -- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
281 -+ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
282 - vmxnet3_deactivate_device(s);
283 - break;
284 -
285 -@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
286 - * shared address only after we get the high part
287 - */
288 - if (val == 0) {
289 -- s->device_active = false;
290 -+ vmxnet3_deactivate_device(s);
291 - }
292 - s->temp_shared_guest_driver_memory = val;
293 - s->drv_shmem = 0;
294 -@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
295 - static void vmxnet3_net_uninit(VMXNET3State *s)
296 - {
297 - g_free(s->mcast_list);
298 -- vmxnet_tx_pkt_reset(s->tx_pkt);
299 -- vmxnet_tx_pkt_uninit(s->tx_pkt);
300 -- vmxnet_rx_pkt_uninit(s->rx_pkt);
301 -+ vmxnet3_deactivate_device(s);
302 - qemu_del_nic(s->nic);
303 - }
304 -
305 ---
306 -2.6.2
307 -
308 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
309 deleted file mode 100644
310 index 61a52ee..0000000
311 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
312 +++ /dev/null
313 @@ -1,35 +0,0 @@
314 -From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
315 -From: P J P <ppandit@××××××.com>
316 -Date: Mon, 21 Dec 2015 15:13:13 +0530
317 -Subject: [PATCH] scsi: initialise info object with appropriate size
318 -
319 -While processing controller 'CTRL_GET_INFO' command, the routine
320 -'megasas_ctrl_get_info' overflows the '&info' object size. Use its
321 -appropriate size to null initialise it.
322 -
323 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
324 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
325 -Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
326 -Cc: qemu-stable@××××××.org
327 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
328 -Signed-off-by: P J P <ppandit@××××××.com>
329 ----
330 - hw/scsi/megasas.c | 2 +-
331 - 1 file changed, 1 insertion(+), 1 deletion(-)
332 -
333 -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
334 -index d7dc667..576f56c 100644
335 ---- a/hw/scsi/megasas.c
336 -+++ b/hw/scsi/megasas.c
337 -@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
338 - BusChild *kid;
339 - int num_pd_disks = 0;
340 -
341 -- memset(&info, 0x0, cmd->iov_size);
342 -+ memset(&info, 0x0, dcmd_size);
343 - if (cmd->iov_size < dcmd_size) {
344 - trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
345 - dcmd_size);
346 ---
347 -2.7.4
348 -
349 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
350 deleted file mode 100644
351 index be67336..0000000
352 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
353 +++ /dev/null
354 @@ -1,121 +0,0 @@
355 -From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
356 -From: Wolfgang Bumiller <w.bumiller@×××××××.com>
357 -Date: Wed, 13 Jan 2016 09:09:58 +0100
358 -Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
359 -
360 -When processing 'sendkey' command, hmp_sendkey routine null
361 -terminates the 'keyname_buf' array. This results in an OOB
362 -write issue, if 'keyname_len' was to fall outside of
363 -'keyname_buf' array.
364 -
365 -Since the keyname's length is known the keyname_buf can be
366 -removed altogether by adding a length parameter to
367 -index_from_key() and using it for the error output as well.
368 -
369 -Reported-by: Ling Liu <liuling-it@×××.cn>
370 -Signed-off-by: Wolfgang Bumiller <w.bumiller@×××××××.com>
371 -Message-Id: <20160113080958.GA18934@olga>
372 -[Comparison with "<" dumbed down, test for junk after strtoul()
373 -tweaked]
374 -Signed-off-by: Markus Armbruster <armbru@××××××.com>
375 ----
376 - hmp.c | 18 ++++++++----------
377 - include/ui/console.h | 2 +-
378 - ui/input-legacy.c | 5 +++--
379 - 3 files changed, 12 insertions(+), 13 deletions(-)
380 -
381 -diff --git a/hmp.c b/hmp.c
382 -index 54f2620..9c571f5 100644
383 ---- a/hmp.c
384 -+++ b/hmp.c
385 -@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
386 - int has_hold_time = qdict_haskey(qdict, "hold-time");
387 - int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
388 - Error *err = NULL;
389 -- char keyname_buf[16];
390 - char *separator;
391 - int keyname_len;
392 -
393 - while (1) {
394 - separator = strchr(keys, '-');
395 - keyname_len = separator ? separator - keys : strlen(keys);
396 -- pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
397 -
398 - /* Be compatible with old interface, convert user inputted "<" */
399 -- if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
400 -- pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
401 -+ if (keys[0] == '<' && keyname_len == 1) {
402 -+ keys = "less";
403 - keyname_len = 4;
404 - }
405 -- keyname_buf[keyname_len] = 0;
406 -
407 - keylist = g_malloc0(sizeof(*keylist));
408 - keylist->value = g_malloc0(sizeof(*keylist->value));
409 -@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
410 - }
411 - tmp = keylist;
412 -
413 -- if (strstart(keyname_buf, "0x", NULL)) {
414 -+ if (strstart(keys, "0x", NULL)) {
415 - char *endp;
416 -- int value = strtoul(keyname_buf, &endp, 0);
417 -- if (*endp != '\0') {
418 -+ int value = strtoul(keys, &endp, 0);
419 -+ assert(endp <= keys + keyname_len);
420 -+ if (endp != keys + keyname_len) {
421 - goto err_out;
422 - }
423 - keylist->value->type = KEY_VALUE_KIND_NUMBER;
424 - keylist->value->u.number = value;
425 - } else {
426 -- int idx = index_from_key(keyname_buf);
427 -+ int idx = index_from_key(keys, keyname_len);
428 - if (idx == Q_KEY_CODE_MAX) {
429 - goto err_out;
430 - }
431 -@@ -1789,7 +1787,7 @@ out:
432 - return;
433 -
434 - err_out:
435 -- monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
436 -+ monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
437 - goto out;
438 - }
439 -
440 -diff --git a/include/ui/console.h b/include/ui/console.h
441 -index adac36d..116bc2b 100644
442 ---- a/include/ui/console.h
443 -+++ b/include/ui/console.h
444 -@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
445 - void curses_display_init(DisplayState *ds, int full_screen);
446 -
447 - /* input.c */
448 --int index_from_key(const char *key);
449 -+int index_from_key(const char *key, size_t key_length);
450 -
451 - /* gtk.c */
452 - void early_gtk_display_init(int opengl);
453 -diff --git a/ui/input-legacy.c b/ui/input-legacy.c
454 -index 35dfc27..3454055 100644
455 ---- a/ui/input-legacy.c
456 -+++ b/ui/input-legacy.c
457 -@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
458 - static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
459 - QTAILQ_HEAD_INITIALIZER(led_handlers);
460 -
461 --int index_from_key(const char *key)
462 -+int index_from_key(const char *key, size_t key_length)
463 - {
464 - int i;
465 -
466 - for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
467 -- if (!strcmp(key, QKeyCode_lookup[i])) {
468 -+ if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
469 -+ !QKeyCode_lookup[i][key_length]) {
470 - break;
471 - }
472 - }
473 ---
474 -2.7.4
475 -
476 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
477 deleted file mode 100644
478 index 0dab1c3..0000000
479 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
480 +++ /dev/null
481 @@ -1,49 +0,0 @@
482 -https://bugs.gentoo.org/570110
483 -
484 -From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
485 -From: Prasad J Pandit <pjp@×××××××××××××.org>
486 -Date: Mon, 28 Dec 2015 16:24:08 +0530
487 -Subject: [PATCH] net: rocker: fix an incorrect array bounds check
488 -
489 -While processing transmit(tx) descriptors in 'tx_consume' routine
490 -the switch emulator suffers from an off-by-one error, if a
491 -descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
492 -fragments. Fix an incorrect bounds check to avoid it.
493 -
494 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
495 -Cc: qemu-stable@××××××.org
496 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
497 -Signed-off-by: Jason Wang <jasowang@××××××.com>
498 ----
499 - hw/net/rocker/rocker.c | 8 ++++----
500 - 1 file changed, 4 insertions(+), 4 deletions(-)
501 -
502 -diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
503 -index c57f1a6..2e77e50 100644
504 ---- a/hw/net/rocker/rocker.c
505 -+++ b/hw/net/rocker/rocker.c
506 -@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
507 - frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
508 - frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
509 -
510 -+ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
511 -+ goto err_too_many_frags;
512 -+ }
513 - iov[iovcnt].iov_len = frag_len;
514 - iov[iovcnt].iov_base = g_malloc(frag_len);
515 - if (!iov[iovcnt].iov_base) {
516 -@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
517 - err = -ROCKER_ENXIO;
518 - goto err_bad_io;
519 - }
520 --
521 -- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
522 -- goto err_too_many_frags;
523 -- }
524 -+ iovcnt++;
525 - }
526 -
527 - if (iovcnt) {
528 ---
529 -2.6.2
530 -
531 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
532 deleted file mode 100644
533 index b2bca56..0000000
534 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
535 +++ /dev/null
536 @@ -1,50 +0,0 @@
537 -https://bugs.gentoo.org/570988
538 -
539 -From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
540 -From: Prasad J Pandit <pjp@×××××××××××××.org>
541 -Date: Thu, 31 Dec 2015 17:05:27 +0530
542 -Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
543 -
544 -While doing ioport r/w operations, ne2000 device emulation suffers
545 -from OOB r/w errors. Update respective array bounds check to avoid
546 -OOB access.
547 -
548 -Reported-by: Ling Liu <liuling-it@×××.cn>
549 -Cc: qemu-stable@××××××.org
550 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
551 -Signed-off-by: Jason Wang <jasowang@××××××.com>
552 ----
553 - hw/net/ne2000.c | 10 ++++++----
554 - 1 file changed, 6 insertions(+), 4 deletions(-)
555 -
556 -diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
557 -index 010f9ef..a3dffff 100644
558 ---- a/hw/net/ne2000.c
559 -+++ b/hw/net/ne2000.c
560 -@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
561 - uint32_t val)
562 - {
563 - addr &= ~1; /* XXX: check exact behaviour if not even */
564 -- if (addr < 32 ||
565 -- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
566 -+ if (addr < 32
567 -+ || (addr >= NE2000_PMEM_START
568 -+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
569 - stl_le_p(s->mem + addr, val);
570 - }
571 - }
572 -@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
573 - static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
574 - {
575 - addr &= ~1; /* XXX: check exact behaviour if not even */
576 -- if (addr < 32 ||
577 -- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
578 -+ if (addr < 32
579 -+ || (addr >= NE2000_PMEM_START
580 -+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
581 - return ldl_le_p(s->mem + addr);
582 - } else {
583 - return 0xffffffff;
584 ---
585 -2.6.2
586 -
587 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
588 deleted file mode 100644
589 index 4ce9a35..0000000
590 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
591 +++ /dev/null
592 @@ -1,41 +0,0 @@
593 -https://bugs.gentoo.org/571566
594 -
595 -From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
596 -From: Prasad J Pandit <pjp@×××××××××××××.org>
597 -Date: Mon, 11 Jan 2016 14:10:42 -0500
598 -Subject: [PATCH] ide: ahci: reset ncq object to unused on error
599 -
600 -When processing NCQ commands, AHCI device emulation prepares a
601 -NCQ transfer object; To which an aio control block(aiocb) object
602 -is assigned in 'execute_ncq_command'. In case, when the NCQ
603 -command is invalid, the 'aiocb' object is not assigned, and NCQ
604 -transfer object is left as 'used'. This leads to a use after
605 -free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
606 -Reset NCQ transfer object to 'unused' to avoid it.
607 -
608 -[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
609 -
610 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
611 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
612 -Reviewed-by: John Snow <jsnow@××××××.com>
613 -Message-id: 1452282511-4116-1-git-send-email-ppandit@××××××.com
614 -Signed-off-by: John Snow <jsnow@××××××.com>
615 ----
616 - hw/ide/ahci.c | 1 +
617 - 1 file changed, 1 insertion(+)
618 -
619 -diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
620 -index dd1912e..17f1cbd 100644
621 ---- a/hw/ide/ahci.c
622 -+++ b/hw/ide/ahci.c
623 -@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
624 - ide_state->error = ABRT_ERR;
625 - ide_state->status = READY_STAT | ERR_STAT;
626 - ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
627 -+ ncq_tfs->used = 0;
628 - }
629 -
630 - static void ncq_finish(NCQTransferState *ncq_tfs)
631 ---
632 -2.6.2
633 -
634 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
635 deleted file mode 100644
636 index 917fa2f..0000000
637 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
638 +++ /dev/null
639 @@ -1,58 +0,0 @@
640 -From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
641 -From: "Gabriel L. Somlo" <somlo@×××.edu>
642 -Date: Thu, 5 Nov 2015 09:32:50 -0500
643 -Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
644 -MIME-Version: 1.0
645 -Content-Type: text/plain; charset=UTF-8
646 -Content-Transfer-Encoding: 8bit
647 -
648 -When calculating a pointer to the currently selected fw_cfg item, the
649 -following is used:
650 -
651 - FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
652 -
653 -When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
654 -a non-existent element in s->entries[arch][...], which is undefined.
655 -
656 -This patch ensures the resulting entry pointer is set to NULL whenever
657 -s->cur_entry is FW_CFG_INVALID.
658 -
659 -Reported-by: Laszlo Ersek <lersek@××××××.com>
660 -Reviewed-by: Laszlo Ersek <lersek@××××××.com>
661 -Signed-off-by: Gabriel Somlo <somlo@×××.edu>
662 -Message-id: 1446733972-1602-5-git-send-email-somlo@×××.edu
663 -Cc: Marc Marí <markmb@××××××.com>
664 -Signed-off-by: Gabriel Somlo <somlo@×××.edu>
665 -Reviewed-by: Laszlo Ersek <lersek@××××××.com>
666 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
667 ----
668 - hw/nvram/fw_cfg.c | 6 ++++--
669 - 1 file changed, 4 insertions(+), 2 deletions(-)
670 -
671 -diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
672 -index c2d3a0a..046fa74 100644
673 ---- a/hw/nvram/fw_cfg.c
674 -+++ b/hw/nvram/fw_cfg.c
675 -@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
676 - static uint8_t fw_cfg_read(FWCfgState *s)
677 - {
678 - int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
679 -- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
680 -+ FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
681 -+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
682 - uint8_t ret;
683 -
684 - if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
685 -@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
686 - }
687 -
688 - arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
689 -- e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
690 -+ e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
691 -+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
692 -
693 - if (dma.control & FW_CFG_DMA_CTL_READ) {
694 - read = 1;
695 ---
696 -2.7.4
697 -
698 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
699 deleted file mode 100644
700 index 23c2341..0000000
701 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
702 +++ /dev/null
703 @@ -1,65 +0,0 @@
704 -From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
705 -From: P J P <ppandit@××××××.com>
706 -Date: Fri, 18 Dec 2015 11:35:07 +0530
707 -Subject: [PATCH] i386: avoid null pointer dereference
708 -
709 - Hello,
710 -
711 -A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
712 -occurs while doing I/O port write operations via hmp interface. In that,
713 -'current_cpu' remains null as it is not called from cpu_exec loop, which
714 -results in the said issue.
715 -
716 -Below is a proposed (tested)patch to fix this issue; Does it look okay?
717 -
718 -===
719 -From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
720 -From: Prasad J Pandit <pjp@×××××××××××××.org>
721 -Date: Fri, 18 Dec 2015 11:16:07 +0530
722 -Subject: [PATCH] i386: avoid null pointer dereference
723 -
724 -When I/O port write operation is called from hmp interface,
725 -'current_cpu' remains null, as it is not called from cpu_exec()
726 -loop. This leads to a null pointer dereference in vapic_write
727 -routine. Add check to avoid it.
728 -
729 -Reported-by: Ling Liu <liuling-it@×××.cn>
730 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
731 -Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
732 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
733 -Signed-off-by: P J P <ppandit@××××××.com>
734 ----
735 - hw/i386/kvmvapic.c | 15 ++++++++++-----
736 - 1 file changed, 10 insertions(+), 5 deletions(-)
737 -
738 -diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
739 -index c6d34b2..f0922da 100644
740 ---- a/hw/i386/kvmvapic.c
741 -+++ b/hw/i386/kvmvapic.c
742 -@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
743 - static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
744 - unsigned int size)
745 - {
746 -- CPUState *cs = current_cpu;
747 -- X86CPU *cpu = X86_CPU(cs);
748 -- CPUX86State *env = &cpu->env;
749 -- hwaddr rom_paddr;
750 - VAPICROMState *s = opaque;
751 -+ X86CPU *cpu;
752 -+ CPUX86State *env;
753 -+ hwaddr rom_paddr;
754 -
755 -- cpu_synchronize_state(cs);
756 -+ if (!current_cpu) {
757 -+ return;
758 -+ }
759 -+
760 -+ cpu_synchronize_state(current_cpu);
761 -+ cpu = X86_CPU(current_cpu);
762 -+ env = &cpu->env;
763 -
764 - /*
765 - * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
766 ---
767 -2.7.4
768 -
769 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
770 deleted file mode 100644
771 index 2922193..0000000
772 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
773 +++ /dev/null
774 @@ -1,98 +0,0 @@
775 -From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
776 -From: Laszlo Ersek <lersek@××××××.com>
777 -Date: Tue, 19 Jan 2016 14:17:20 +0100
778 -Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
779 - start
780 -
781 -The start_xmit() and e1000_receive_iov() functions implement DMA transfers
782 -iterating over a set of descriptors that the guest's e1000 driver
783 -prepares:
784 -
785 -- the TDLEN and RDLEN registers store the total size of the descriptor
786 - area,
787 -
788 -- while the TDH and RDH registers store the offset (in whole tx / rx
789 - descriptors) into the area where the transfer is supposed to start.
790 -
791 -Each time a descriptor is processed, the TDH and RDH register is bumped
792 -(as appropriate for the transfer direction).
793 -
794 -QEMU already contains logic to deal with bogus transfers submitted by the
795 -guest:
796 -
797 -- Normally, the transmit case wants to increase TDH from its initial value
798 - to TDT. (TDT is allowed to be numerically smaller than the initial TDH
799 - value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
800 - that QEMU currently has here is a check against reaching the original
801 - TDH value again -- a complete wraparound, which should never happen.
802 -
803 -- In the receive case RDH is increased from its initial value until
804 - "total_size" bytes have been received; preferably in a single step, or
805 - in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
806 - RX descriptors are skipped without receiving data, while RDH is
807 - incremented just the same. QEMU tries to prevent an infinite loop
808 - (processing only null RX descriptors) by detecting whether RDH assumes
809 - its original value during the loop. (Again, wrapping from RDLEN to 0 is
810 - normal.)
811 -
812 -What both directions miss is that the guest could program TDLEN and RDLEN
813 -so low, and the initial TDH and RDH so high, that these registers will
814 -immediately be truncated to zero, and then never reassume their initial
815 -values in the loop -- a full wraparound will never occur.
816 -
817 -The condition that expresses this is:
818 -
819 - xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
820 -
821 -i.e., TDH or RDH start out after the last whole rx or tx descriptor that
822 -fits into the TDLEN or RDLEN sized area.
823 -
824 -This condition could be checked before we enter the loops, but
825 -pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
826 -bogus DMA addresses, so we just extend the existing failsafes with the
827 -above condition.
828 -
829 -This is CVE-2016-1981.
830 -
831 -Cc: "Michael S. Tsirkin" <mst@××××××.com>
832 -Cc: Petr Matousek <pmatouse@××××××.com>
833 -Cc: Stefano Stabellini <stefano.stabellini@×××××××××.com>
834 -Cc: Prasad Pandit <ppandit@××××××.com>
835 -Cc: Michael Roth <mdroth@××××××××××××××.com>
836 -Cc: Jason Wang <jasowang@××××××.com>
837 -Cc: qemu-stable@××××××.org
838 -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
839 -Signed-off-by: Laszlo Ersek <lersek@××××××.com>
840 -Reviewed-by: Jason Wang <jasowang@××××××.com>
841 -Signed-off-by: Jason Wang <jasowang@××××××.com>
842 ----
843 - hw/net/e1000.c | 6 ++++--
844 - 1 file changed, 4 insertions(+), 2 deletions(-)
845 -
846 -diff --git a/hw/net/e1000.c b/hw/net/e1000.c
847 -index 4eda7a3..0387fa0 100644
848 ---- a/hw/net/e1000.c
849 -+++ b/hw/net/e1000.c
850 -@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
851 - * bogus values to TDT/TDLEN.
852 - * there's nothing too intelligent we could do about this.
853 - */
854 -- if (s->mac_reg[TDH] == tdh_start) {
855 -+ if (s->mac_reg[TDH] == tdh_start ||
856 -+ tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
857 - DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
858 - tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
859 - break;
860 -@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
861 - if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
862 - s->mac_reg[RDH] = 0;
863 - /* see comment in start_xmit; same here */
864 -- if (s->mac_reg[RDH] == rdh_start) {
865 -+ if (s->mac_reg[RDH] == rdh_start ||
866 -+ rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
867 - DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
868 - rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
869 - set_ics(s, 0, E1000_ICS_RXO);
870 ---
871 -2.7.4
872 -
873 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
874 deleted file mode 100644
875 index 0ab7b02..0000000
876 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
877 +++ /dev/null
878 @@ -1,43 +0,0 @@
879 -From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
880 -From: John Snow <jsnow@××××××.com>
881 -Date: Wed, 10 Feb 2016 13:29:40 -0500
882 -Subject: [PATCH] ahci: Do not unmap NULL addresses
883 -
884 -Definitely don't try to unmap a garbage address.
885 -
886 -Reported-by: Zuozhi fzz <zuozhi.fzz@×××××××××××.com>
887 -Signed-off-by: John Snow <jsnow@××××××.com>
888 -Message-id: 1454103689-13042-2-git-send-email-jsnow@××××××.com
889 ----
890 - hw/ide/ahci.c | 8 ++++++++
891 - 1 file changed, 8 insertions(+)
892 -
893 -diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
894 -index 7e87b18..3a95dad 100644
895 ---- a/hw/ide/ahci.c
896 -+++ b/hw/ide/ahci.c
897 -@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
898 -
899 - static void ahci_unmap_fis_address(AHCIDevice *ad)
900 - {
901 -+ if (ad->res_fis == NULL) {
902 -+ DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
903 -+ return;
904 -+ }
905 - dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
906 - DMA_DIRECTION_FROM_DEVICE, 256);
907 - ad->res_fis = NULL;
908 -@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
909 -
910 - static void ahci_unmap_clb_address(AHCIDevice *ad)
911 - {
912 -+ if (ad->lst == NULL) {
913 -+ DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
914 -+ return;
915 -+ }
916 - dma_memory_unmap(ad->hba->as, ad->lst, 1024,
917 - DMA_DIRECTION_FROM_DEVICE, 1024);
918 - ad->lst = NULL;
919 ---
920 -2.7.4
921 -
922 diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
923 deleted file mode 100644
924 index e7aa5ca..0000000
925 --- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
926 +++ /dev/null
927 @@ -1,35 +0,0 @@
928 -From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
929 -From: Prasad J Pandit <pjp@×××××××××××××.org>
930 -Date: Thu, 11 Feb 2016 16:31:20 +0530
931 -Subject: [PATCH] usb: check USB configuration descriptor object
932 -
933 -When processing remote NDIS control message packets, the USB Net
934 -device emulator checks to see if the USB configuration descriptor
935 -object is of RNDIS type(2). But it does not check if it is null,
936 -which leads to a null dereference error. Add check to avoid it.
937 -
938 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
939 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
940 -Message-id: 1455188480-14688-1-git-send-email-ppandit@××××××.com
941 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
942 ----
943 - hw/usb/dev-network.c | 3 ++-
944 - 1 file changed, 2 insertions(+), 1 deletion(-)
945 -
946 -diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
947 -index 985a629..5dc4538 100644
948 ---- a/hw/usb/dev-network.c
949 -+++ b/hw/usb/dev-network.c
950 -@@ -654,7 +654,8 @@ typedef struct USBNetState {
951 -
952 - static int is_rndis(USBNetState *s)
953 - {
954 -- return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
955 -+ return s->dev.config ?
956 -+ s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
957 - }
958 -
959 - static int ndis_query(USBNetState *s, uint32_t oid,
960 ---
961 -2.7.4
962 -
963 diff --git a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch b/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
964 deleted file mode 100644
965 index 2874b75..0000000
966 --- a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
967 +++ /dev/null
968 @@ -1,37 +0,0 @@
969 -From 415ab35a441eca767d033a2702223e785b9d5190 Mon Sep 17 00:00:00 2001
970 -From: Prasad J Pandit <pjp@×××××××××××××.org>
971 -Date: Wed, 24 Feb 2016 11:41:33 +0530
972 -Subject: [PATCH] net: ne2000: check ring buffer control registers
973 -
974 -Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
975 -bytes to process network packets. Registers PSTART & PSTOP
976 -define ring buffer size & location. Setting these registers
977 -to invalid values could lead to infinite loop or OOB r/w
978 -access issues. Add check to avoid it.
979 -
980 -Reported-by: Yang Hongke <yanghongke@××××××.com>
981 -Tested-by: Yang Hongke <yanghongke@××××××.com>
982 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
983 -Signed-off-by: Jason Wang <jasowang@××××××.com>
984 ----
985 - hw/net/ne2000.c | 4 ++++
986 - 1 file changed, 4 insertions(+)
987 -
988 -diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
989 -index e408083..f0feaf9 100644
990 ---- a/hw/net/ne2000.c
991 -+++ b/hw/net/ne2000.c
992 -@@ -155,6 +155,10 @@ static int ne2000_buffer_full(NE2000State *s)
993 - {
994 - int avail, index, boundary;
995 -
996 -+ if (s->stop <= s->start) {
997 -+ return 1;
998 -+ }
999 -+
1000 - index = s->curpag << 8;
1001 - boundary = s->boundary << 8;
1002 - if (index < boundary)
1003 ---
1004 -2.7.4
1005 -
1006 diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
1007 deleted file mode 100644
1008 index 2ddca3e..0000000
1009 --- a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
1010 +++ /dev/null
1011 @@ -1,52 +0,0 @@
1012 -From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
1013 -From: Prasad J Pandit <pjp@×××××××××××××.org>
1014 -Date: Wed, 20 Jan 2016 01:26:46 +0530
1015 -Subject: [PATCH] usb: check page select value while processing iTD
1016 -
1017 -While processing isochronous transfer descriptors(iTD), the page
1018 -select(PG) field value could lead to an OOB read access. Add
1019 -check to avoid it.
1020 -
1021 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
1022 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
1023 -Message-id: 1453233406-12165-1-git-send-email-ppandit@××××××.com
1024 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1025 ----
1026 - hw/usb/hcd-ehci.c | 10 ++++++----
1027 - 1 file changed, 6 insertions(+), 4 deletions(-)
1028 -
1029 -diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
1030 -index ab00268..93601d9 100644
1031 ---- a/hw/usb/hcd-ehci.c
1032 -+++ b/hw/usb/hcd-ehci.c
1033 -@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
1034 - if (itd->transact[i] & ITD_XACT_ACTIVE) {
1035 - pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1036 - off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1037 -- ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1038 -- ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
1039 - len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1040 -
1041 - if (len > max * mult) {
1042 - len = max * mult;
1043 - }
1044 --
1045 -- if (len > BUFF_SIZE) {
1046 -+ if (len > BUFF_SIZE || pg > 6) {
1047 - return -1;
1048 - }
1049 -
1050 -+ ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1051 - qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
1052 - if (off + len > 4096) {
1053 - /* transfer crosses page border */
1054 -+ if (pg == 6) {
1055 -+ return -1; /* avoid page pg + 1 */
1056 -+ }
1057 -+ ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
1058 - uint32_t len2 = off + len - 4096;
1059 - uint32_t len1 = len - len2;
1060 - qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1061 ---
1062 -2.7.4
1063 -
1064 diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
1065 deleted file mode 100644
1066 index da643fd..0000000
1067 --- a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
1068 +++ /dev/null
1069 @@ -1,59 +0,0 @@
1070 -From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
1071 -From: Prasad J Pandit <pjp@×××××××××××××.org>
1072 -Date: Wed, 17 Feb 2016 00:23:41 +0530
1073 -Subject: [PATCH] usb: check RNDIS buffer offsets & length
1074 -
1075 -When processing remote NDIS control message packets,
1076 -the USB Net device emulator uses a fixed length(4096) data buffer.
1077 -The incoming informationBufferOffset & Length combination could
1078 -overflow and cross that range. Check control message buffer
1079 -offsets and length to avoid it.
1080 -
1081 -Reported-by: Qinghao Tang <luodalongde@×××××.com>
1082 -Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
1083 -Message-id: 1455648821-17340-3-git-send-email-ppandit@××××××.com
1084 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1085 ----
1086 - hw/usb/dev-network.c | 9 ++++++---
1087 - 1 file changed, 6 insertions(+), 3 deletions(-)
1088 -
1089 -diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
1090 -index 5dc4538..c6abd38 100644
1091 ---- a/hw/usb/dev-network.c
1092 -+++ b/hw/usb/dev-network.c
1093 -@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
1094 -
1095 - bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
1096 - buflen = le32_to_cpu(buf->InformationBufferLength);
1097 -- if (bufoffs + buflen > length)
1098 -+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
1099 - return USB_RET_STALL;
1100 -+ }
1101 -
1102 - infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
1103 - bufoffs + (uint8_t *) buf, buflen, infobuf,
1104 -@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
1105 -
1106 - bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
1107 - buflen = le32_to_cpu(buf->InformationBufferLength);
1108 -- if (bufoffs + buflen > length)
1109 -+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
1110 - return USB_RET_STALL;
1111 -+ }
1112 -
1113 - ret = ndis_set(s, le32_to_cpu(buf->OID),
1114 - bufoffs + (uint8_t *) buf, buflen);
1115 -@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
1116 - if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
1117 - uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
1118 - uint32_t size = le32_to_cpu(msg->DataLength);
1119 -- if (offs + size <= len)
1120 -+ if (offs < len && size < len && offs + size <= len) {
1121 - qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
1122 -+ }
1123 - }
1124 - s->out_ptr -= len;
1125 - memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
1126 ---
1127 -2.7.4
1128 -
1129 diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
1130 new file mode 100644
1131 index 0000000..cf1a4c3
1132 --- /dev/null
1133 +++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
1134 @@ -0,0 +1,107 @@
1135 +https://bugs.gentoo.org/580426
1136 +https://bugs.gentoo.org/568246
1137 +
1138 +From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
1139 +From: Gerd Hoffmann <kraxel@××××××.com>
1140 +Date: Mon, 18 Apr 2016 09:20:54 +0200
1141 +Subject: [PATCH] Revert "ehci: make idt processing more robust"
1142 +
1143 +This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
1144 +
1145 +Breaks FreeBSD.
1146 +
1147 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1148 +---
1149 + hw/usb/hcd-ehci.c | 5 ++---
1150 + 1 file changed, 2 insertions(+), 3 deletions(-)
1151 +
1152 +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
1153 +index d5c0e1c..43a8f7a 100644
1154 +--- a/hw/usb/hcd-ehci.c
1155 ++++ b/hw/usb/hcd-ehci.c
1156 +@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
1157 + {
1158 + USBDevice *dev;
1159 + USBEndpoint *ep;
1160 +- uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
1161 ++ uint32_t i, len, pid, dir, devaddr, endp;
1162 + uint32_t pg, off, ptr1, ptr2, max, mult;
1163 +
1164 + ehci->periodic_sched_active = PERIODIC_ACTIVE;
1165 +@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
1166 + ehci_raise_irq(ehci, USBSTS_INT);
1167 + }
1168 + itd->transact[i] &= ~ITD_XACT_ACTIVE;
1169 +- xfers++;
1170 + }
1171 + }
1172 +- return xfers ? 0 : -1;
1173 ++ return 0;
1174 + }
1175 +
1176 +
1177 +--
1178 +2.7.4
1179 +
1180 +From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
1181 +From: Gerd Hoffmann <kraxel@××××××.com>
1182 +Date: Mon, 18 Apr 2016 09:11:38 +0200
1183 +Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
1184 +MIME-Version: 1.0
1185 +Content-Type: text/plain; charset=UTF-8
1186 +Content-Transfer-Encoding: 8bit
1187 +
1188 +Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
1189 +DoS by the guest (create a circular iTD queue and let qemu ehci
1190 +emulation run in circles forever). Unfortunately this has two problems:
1191 +First it misses the case of siTDs, and second it reportedly breaks
1192 +FreeBSD.
1193 +
1194 +So lets go for a different approach: just count the number of iTDs and
1195 +siTDs we have seen per frame and apply a limit. That should really
1196 +catch all cases now.
1197 +
1198 +Reported-by: 杜少博 <dushaobo@×××.cn>
1199 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
1200 +---
1201 + hw/usb/hcd-ehci.c | 6 +++++-
1202 + 1 file changed, 5 insertions(+), 1 deletion(-)
1203 +
1204 +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
1205 +index 159f58d..d5c0e1c 100644
1206 +--- a/hw/usb/hcd-ehci.c
1207 ++++ b/hw/usb/hcd-ehci.c
1208 +@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
1209 + static void ehci_advance_state(EHCIState *ehci, int async)
1210 + {
1211 + EHCIQueue *q = NULL;
1212 ++ int itd_count = 0;
1213 + int again;
1214 +
1215 + do {
1216 +@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
1217 +
1218 + case EST_FETCHITD:
1219 + again = ehci_state_fetchitd(ehci, async);
1220 ++ itd_count++;
1221 + break;
1222 +
1223 + case EST_FETCHSITD:
1224 + again = ehci_state_fetchsitd(ehci, async);
1225 ++ itd_count++;
1226 + break;
1227 +
1228 + case EST_ADVANCEQUEUE:
1229 +@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
1230 + break;
1231 + }
1232 +
1233 +- if (again < 0) {
1234 ++ if (again < 0 || itd_count > 16) {
1235 ++ /* TODO: notify guest (raise HSE irq?) */
1236 + fprintf(stderr, "processing error - resetting ehci HC\n");
1237 + ehci_reset(ehci);
1238 + again = 0;
1239 +--
1240 +2.7.4
1241 +
1242 diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
1243 new file mode 100644
1244 index 0000000..e3115c1
1245 --- /dev/null
1246 +++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
1247 @@ -0,0 +1,16 @@
1248 +https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
1249 +https://bugs.gentoo.org/580040
1250 +
1251 +diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
1252 +index c69f374..ff1e31a 100644
1253 +--- a/hw/i386/kvmvapic.c
1254 ++++ b/hw/i386/kvmvapic.c
1255 +@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
1256 + CPUX86State *env = &cpu->env;
1257 + VAPICHandlers *handlers;
1258 + uint8_t opcode[2];
1259 +- uint32_t imm32;
1260 ++ uint32_t imm32 = 0;
1261 + target_ulong current_pc = 0;
1262 + target_ulong current_cs_base = 0;
1263 + int current_flags = 0;
1264 diff --git a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
1265 new file mode 100644
1266 index 0000000..ab7d3f3
1267 --- /dev/null
1268 +++ b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
1269 @@ -0,0 +1,47 @@
1270 +From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
1271 +From: Prasad J Pandit <pjp@×××××××××××××.org>
1272 +Date: Fri, 8 Apr 2016 11:33:48 +0530
1273 +Subject: [PATCH] net: stellaris_enet: check packet length against receive
1274 + buffer
1275 +
1276 +When receiving packets over Stellaris ethernet controller, it
1277 +uses receive buffer of size 2048 bytes. In case the controller
1278 +accepts large(MTU) packets, it could lead to memory corruption.
1279 +Add check to avoid it.
1280 +
1281 +Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@×××××.com>
1282 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
1283 +Message-id: 1460095428-22698-1-git-send-email-ppandit@××××××.com
1284 +Reviewed-by: Peter Maydell <peter.maydell@××××××.org>
1285 +Signed-off-by: Peter Maydell <peter.maydell@××××××.org>
1286 +---
1287 + hw/net/stellaris_enet.c | 12 +++++++++++-
1288 + 1 file changed, 11 insertions(+), 1 deletion(-)
1289 +
1290 +diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
1291 +index 84cf60b..6880894 100644
1292 +--- a/hw/net/stellaris_enet.c
1293 ++++ b/hw/net/stellaris_enet.c
1294 +@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
1295 + n = s->next_packet + s->np;
1296 + if (n >= 31)
1297 + n -= 31;
1298 +- s->np++;
1299 +
1300 ++ if (size >= sizeof(s->rx[n].data) - 6) {
1301 ++ /* If the packet won't fit into the
1302 ++ * emulated 2K RAM, this is reported
1303 ++ * as a FIFO overrun error.
1304 ++ */
1305 ++ s->ris |= SE_INT_FOV;
1306 ++ stellaris_enet_update(s);
1307 ++ return -1;
1308 ++ }
1309 ++
1310 ++ s->np++;
1311 + s->rx[n].len = size + 6;
1312 + p = s->rx[n].data;
1313 + *(p++) = (size + 6);
1314 +--
1315 +2.7.4
1316 +
1317 diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
1318 new file mode 100644
1319 index 0000000..743171b
1320 --- /dev/null
1321 +++ b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
1322 @@ -0,0 +1,82 @@
1323 +https://bugs.gentoo.org/577810
1324 +
1325 +From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
1326 +From: Jan Vesely <jano.vesely@×××××.com>
1327 +Date: Fri, 29 Apr 2016 13:15:23 -0400
1328 +Subject: [PATCH] configure: Check if struct fsxattr is available from linux
1329 + header
1330 +MIME-Version: 1.0
1331 +Content-Type: text/plain; charset=UTF-8
1332 +Content-Transfer-Encoding: 8bit
1333 +
1334 +Fixes build failure with --enable-xfsctl and
1335 +new linux headers (>=4.5) and older xfsprogs(<4.5):
1336 +In file included from /usr/include/xfs/xfs.h:38:0,
1337 + from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
1338 +/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
1339 + struct fsxattr {
1340 + ^
1341 +In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
1342 +/usr/include/linux/fs.h:155:8: note: originally defined here
1343 + struct fsxattr {
1344 +
1345 +This is really a bug in the system headers, but we can work around it
1346 +by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
1347 +the struct, so that xfs_fs.h doesn't try to define it as well.
1348 +
1349 +CC: qemu-trivial@××××××.org
1350 +CC: Markus Armbruster <armbru@××××××.com>
1351 +CC: Peter Maydell <peter.maydell@××××××.org>
1352 +CC: Stefan Weil <sw@××××××××.de>
1353 +Tested-by: Stefan Weil <sw@××××××××.de>
1354 +Signed-off-by: Jan Vesely <jano.vesely@×××××.com>
1355 +[PMM: adjusted commit message, comments]
1356 +Signed-off-by: Peter Maydell <peter.maydell@××××××.org>
1357 +---
1358 + configure | 23 +++++++++++++++++++++++
1359 + 1 file changed, 23 insertions(+)
1360 +
1361 +diff --git a/configure b/configure
1362 +index ab54f3c..c37fc5f 100755
1363 +--- a/configure
1364 ++++ b/configure
1365 +@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
1366 + fi
1367 +
1368 + ##########################################
1369 ++# check if struct fsxattr is available via linux/fs.h
1370 ++
1371 ++have_fsxattr=no
1372 ++cat > $TMPC << EOF
1373 ++#include <linux/fs.h>
1374 ++struct fsxattr foo;
1375 ++int main(void) {
1376 ++ return 0;
1377 ++}
1378 ++EOF
1379 ++if compile_prog "" "" ; then
1380 ++ have_fsxattr=yes
1381 ++fi
1382 ++
1383 ++##########################################
1384 + # End of CC checks
1385 + # After here, no more $cc or $ld runs
1386 +
1387 +@@ -5160,6 +5175,14 @@ fi
1388 + if test "$have_ifaddrs_h" = "yes" ; then
1389 + echo "HAVE_IFADDRS_H=y" >> $config_host_mak
1390 + fi
1391 ++
1392 ++# Work around a system header bug with some kernel/XFS header
1393 ++# versions where they both try to define 'struct fsxattr':
1394 ++# xfs headers will not try to redefine structs from linux headers
1395 ++# if this macro is set.
1396 ++if test "$have_fsxattr" = "yes" ; then
1397 ++ echo "HAVE_FSXATTR=y" >> $config_host_mak
1398 ++fi
1399 + if test "$vte" = "yes" ; then
1400 + echo "CONFIG_VTE=y" >> $config_host_mak
1401 + echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
1402 +--
1403 +2.8.2
1404 +
1405 diff --git a/app-emulation/qemu/qemu-2.5.0-r999.ebuild b/app-emulation/qemu/qemu-2.5.1-r99.ebuild
1406 similarity index 94%
1407 rename from app-emulation/qemu/qemu-2.5.0-r999.ebuild
1408 rename to app-emulation/qemu/qemu-2.5.1-r99.ebuild
1409 index 876141b..1d169e8 100644
1410 --- a/app-emulation/qemu/qemu-2.5.0-r999.ebuild
1411 +++ b/app-emulation/qemu/qemu-2.5.1-r99.ebuild
1412 @@ -84,8 +84,8 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
1413 fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
1414 glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
1415 gnutls? (
1416 - dev-libs/nettle[static-libs(+)]
1417 - >=net-libs/gnutls-3.0[static-libs(+)]
1418 + dev-libs/nettle:=[static-libs(+)]
1419 + >=net-libs/gnutls-3.0:=[static-libs(+)]
1420 )
1421 gtk? (
1422 gtk2? (
1423 @@ -342,25 +342,13 @@ src_prepare() {
1424 EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
1425 epatch
1426
1427 - epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
1428 - epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
1429 - epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
1430 - epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
1431 - epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
1432 - epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
1433 - epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
1434 - epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
1435 - epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
1436 - epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
1437 - epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
1438 - epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
1439 - epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
1440 - epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
1441 - epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
1442 - epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
1443 - epatch "${FILESDIR}"/${P}-sysmacros.patch
1444 - epatch "${FILESDIR}"/${P}-ne2000-reg-check.patch #573816
1445 - epatch "${FILESDIR}"/${P}-9pfs-segfault.patch #578142
1446 + epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
1447 + epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
1448 + epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
1449 + epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
1450 + epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
1451 + epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
1452 + epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
1453
1454 # Fix ld and objcopy being called directly
1455 tc-export AR LD OBJCOPY
1456 --
1457 2.7.3