From 95a9fc5f0c57b98375b7995fddfc78d54d638afc Mon Sep 17 00:00:00 2001 From: Andrej Rosano Date: Thu, 6 Aug 2015 21:15:48 +0200 Subject: [PATCH] bump(app-emulation/qemu): sync with upstream QEMU 2.2 or later required to run arm64 UEFI firmware. Signed-off-by: Andrej Rosano --- .../app-emulation/qemu/ChangeLog | 140 +++- .../app-emulation/qemu/Manifest | 68 +- .../qemu/files/qemu-2.1.1-readlink-self.patch | 81 --- .../files/qemu-2.1.2-vnc-sanitize-bits.patch | 50 -- .../files/qemu-2.2.1-CVE-2015-1779-1.patch | 241 +++++++ .../files/qemu-2.2.1-CVE-2015-1779-2.patch | 58 ++ .../qemu/files/qemu-2.3.0-CVE-2015-3209.patch | 51 ++ .../qemu/files/qemu-2.3.0-CVE-2015-3214.patch | 41 ++ .../qemu/files/qemu-2.3.0-CVE-2015-3456.patch | 86 +++ .../files/qemu-2.3.0-CVE-2015-5154-1.patch | 75 +++ .../files/qemu-2.3.0-CVE-2015-5154-2.patch | 26 + .../files/qemu-2.3.0-CVE-2015-5154-3.patch | 69 ++ .../qemu/files/qemu-2.3.0-CVE-2015-5158.patch | 40 ++ .../files/qemu-2.3.0-CVE-2015-5165-1.patch | 82 +++ .../files/qemu-2.3.0-CVE-2015-5165-2.patch | 373 +++++++++++ .../files/qemu-2.3.0-CVE-2015-5165-3.patch | 39 ++ .../files/qemu-2.3.0-CVE-2015-5165-4.patch | 53 ++ .../files/qemu-2.3.0-CVE-2015-5165-5.patch | 34 + .../files/qemu-2.3.0-CVE-2015-5165-6.patch | 35 + .../files/qemu-2.3.0-CVE-2015-5165-7.patch | 32 + .../qemu/files/qemu-2.3.0-CVE-2015-5166.patch | 36 ++ .../qemu/files/qemu-9999-cflags.patch | 13 - ...qemu-9999-virtfs-proxy-helper-accept.patch | 30 - .../app-emulation/qemu/files/qemu-kvm-1.4 | 3 - .../app-emulation/qemu/metadata.xml | 8 +- .../app-emulation/qemu/qemu-2.1.2-r2.ebuild | 603 ------------------ .../app-emulation/qemu/qemu-2.1.3.ebuild | 602 ----------------- ...qemu-2.2.0.ebuild => qemu-2.3.0-r4.ebuild} | 52 +- ...qemu-2.2.1.ebuild => qemu-2.3.0-r5.ebuild} | 76 ++- .../app-emulation/qemu/qemu-9999.ebuild | 128 ++-- 30 files changed, 1692 insertions(+), 1533 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-cflags.patch delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-kvm-1.4 delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.2-r2.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.3.ebuild rename sdk_container/src/third_party/portage-stable/app-emulation/qemu/{qemu-2.2.0.ebuild => qemu-2.3.0-r4.ebuild} (91%) rename sdk_container/src/third_party/portage-stable/app-emulation/qemu/{qemu-2.2.1.ebuild => qemu-2.3.0-r5.ebuild} (87%) diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog index b57805bced..39dc818666 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog @@ -1,6 +1,144 @@ # ChangeLog for app-emulation/qemu # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.321 2015/04/08 07:30:33 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.348 2015/08/05 06:47:50 vapier Exp $ + + 05 Aug 2015; Mike Frysinger qemu-9999.ebuild: + Allow disabling of all user & softmmu targets so that the ebuild only installs + the various helper tools #556712 by Matthew Thode. + + 05 Aug 2015; Mike Frysinger qemu-2.3.0-r5.ebuild, + qemu-9999.ebuild: + Move seabios bin clean up under the softmmu check since user tools do not + install blobs. + + 05 Aug 2015; Mike Frysinger qemu-9999.ebuild: + Unify target logic a bit. + + 04 Aug 2015; Agostino Sarubbo qemu-2.3.0-r5.ebuild: + Stable for x86, wrt bug #556630 + + 04 Aug 2015; Agostino Sarubbo qemu-2.3.0-r5.ebuild: + Stable for amd64, wrt bug #556630 + + 03 Aug 2015; Doug Goldstein -qemu-2.2.1-r2.ebuild, + -qemu-2.3.0-r1.ebuild, -qemu-2.3.0-r2.ebuild, -qemu-2.3.0-r3.ebuild: + Remove older versions due to vulnerabilities. + +*qemu-2.3.0-r5 (03 Aug 2015) + + 03 Aug 2015; Doug Goldstein + +files/qemu-2.3.0-CVE-2015-5165-1.patch, + +files/qemu-2.3.0-CVE-2015-5165-2.patch, + +files/qemu-2.3.0-CVE-2015-5165-3.patch, + +files/qemu-2.3.0-CVE-2015-5165-4.patch, + +files/qemu-2.3.0-CVE-2015-5165-5.patch, + +files/qemu-2.3.0-CVE-2015-5165-6.patch, + +files/qemu-2.3.0-CVE-2015-5165-7.patch, + +files/qemu-2.3.0-CVE-2015-5166.patch, +qemu-2.3.0-r5.ebuild: + bump to fix CVE-2015-5165 and CVE-2015-5166. bug #556304 + + 28 Jul 2015; Agostino Sarubbo qemu-2.3.0-r4.ebuild: + Stable for x86, wrt bug #556052 + + 28 Jul 2015; Agostino Sarubbo qemu-2.3.0-r4.ebuild: + Stable for amd64, wrt bug #556052 + +*qemu-2.3.0-r4 (27 Jul 2015) + + 27 Jul 2015; Doug Goldstein + +files/qemu-2.3.0-CVE-2015-3214.patch, + +files/qemu-2.3.0-CVE-2015-5154-1.patch, + +files/qemu-2.3.0-CVE-2015-5154-2.patch, + +files/qemu-2.3.0-CVE-2015-5154-3.patch, +qemu-2.3.0-r4.ebuild: + Fix for CVE-2015-3214, handle out-of-bounds memory access when reading from + the PIT Mode/Command register. Fix for CVE-2015-5154, handle ATAPI heap + overflow during I/O access. + +*qemu-2.3.0-r3 (25 Jul 2015) + + 25 Jul 2015; Doug Goldstein + +files/qemu-2.3.0-CVE-2015-5158.patch, +qemu-2.3.0-r3.ebuild: + Add fix from upstream for CVE-2015-5158 #555680 by Agostino Sarubbo. + + 25 Jul 2015; Doug Goldstein qemu-9999.ebuild: + Upstream made VNC WebSockets unconditional. As of commit + 8e9b0d24fb986d4241ae3b77752eca5dab4cb486 --{enable,disable}-vnc-wc + has been removed. Thanks to Daniel Scharrer for + noticing this. fixes bug #555834 + + 20 Jul 2015; Mike Frysinger metadata.xml: + Use the herd tag only so people assign bugs correctly. + + 20 Jul 2015; Mike Frysinger metadata.xml, + qemu-9999.ebuild: + Drop quorum configure flag to match upstream which made it unconditional + #554274 by Guy. + + 06 Jul 2015; Mike Frysinger metadata.xml, + qemu-9999.ebuild: + Add USE=vte to control the dep explicitly and fix SLOT handling for diff gtk + versions #545158 by nzqr. + + 06 Jul 2015; Agostino Sarubbo qemu-2.3.0-r2.ebuild: + Stable for x86, wrt bug #551752 + + 06 Jul 2015; Agostino Sarubbo qemu-2.3.0-r2.ebuild: + Stable for amd64, wrt bug #551752 + +*qemu-2.3.0-r2 (12 Jun 2015) + + 12 Jun 2015; Mike Frysinger + +files/qemu-2.3.0-CVE-2015-3209.patch, +qemu-2.3.0-r2.ebuild: + Add fix from upstream for CVE-2015-3209 #551752 by Agostino Sarubbo. + + 16 May 2015; Mike Frysinger qemu-9999.ebuild: + Require mesa[gles2] for USE=opengl to match upstream #549558 by Michal + Privoznik. + + 14 May 2015; Agostino Sarubbo + -files/qemu-2.1.1-readlink-self.patch, + -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild, + -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild, + -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild, + qemu-2.2.1-r2.ebuild: + Stable for amd64/x86 - remove old. + + 14 May 2015; Mike Frysinger qemu-9999.ebuild: + Drop kvm warning as it has been ~1 year now since the changes landed. + + 13 May 2015; Mike Frysinger metadata.xml, + qemu-9999.ebuild: + Add USE=sdl2 to prefer libsdl2 over libsdl #547306 by Nikoli. + + 13 May 2015; Mike Frysinger + +files/qemu-2.3.0-CVE-2015-3456.patch, qemu-2.1.3-r1.ebuild, + qemu-2.2.1-r2.ebuild, qemu-2.3.0-r1.ebuild: + Move patch to $FILESDIR as it is small and matches what we do everywhere else. + +*qemu-2.2.1-r2 (13 May 2015) +*qemu-2.3.0-r1 (13 May 2015) +*qemu-2.1.3-r1 (13 May 2015) + + 13 May 2015; Robin H. Johnson +qemu-2.1.3-r1.ebuild, + +qemu-2.2.1-r2.ebuild, +qemu-2.3.0-r1.ebuild: + Security bugfix for CVE-2015-3456 / VENOM. + + 05 May 2015; Mike Frysinger -files/qemu-9999-cflags.patch, + -files/qemu-9999-virtfs-proxy-helper-accept.patch, -files/qemu-kvm-1.4: + Drop files no longer referenced by ebuilds. + +*qemu-2.3.0 (28 Apr 2015) + + 28 Apr 2015; Mike Frysinger +qemu-2.3.0.ebuild, + qemu-9999.ebuild: + Version bump. + +*qemu-2.2.1-r1 (12 Apr 2015) + + 12 Apr 2015; Mike Frysinger + +files/qemu-2.2.1-CVE-2015-1779-1.patch, + +files/qemu-2.2.1-CVE-2015-1779-2.patch, +qemu-2.2.1-r1.ebuild: + Add fixes from upstream for CVE-2015-1779 #544328 by Agostino Sarubbo. 08 Apr 2015; Michał Górny qemu-2.1.2-r2.ebuild, qemu-2.1.3.ebuild, qemu-2.2.0.ebuild, qemu-2.2.1.ebuild: diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest index 87fee64ac9..e3bed1466d 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest @@ -4,40 +4,44 @@ Hash: SHA256 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35 AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78 -AUX qemu-2.1.1-readlink-self.patch 2933 SHA256 3133ec1a0f0126d3362c9420602a1fdfc76fafacac8b41f5bd755e7542ee4188 SHA512 7ee06e119007e6dc08f254cbfdcc6de1c914181f60e69434190fe507a80b7d0f9e8682f0213d447481f39e145fcb0be2e118516238addb5c4326533fc0db143f WHIRLPOOL 54edcb4510546c69dedf78a2070f22e7ef2809b35a66dc2e5d356f2f1b22eea8baa5b17ed4a4d9860ee6b864fac92eb9d1bbb6daeb6e2d80e3cc702f32039996 -AUX qemu-2.1.2-vnc-sanitize-bits.patch 1279 SHA256 ef1e748fd9ffa0eb8ef412e6ea3cc96522e0ca91cf7201e6702d260ca50cbac5 SHA512 7e1a744928eb8edb76b18e58cf94da38ad1030f49ceb38f5e081d852573f8f314f998639c8e97fee27a53f51abe495b27406daa02b670a620ab2db165a47429e WHIRLPOOL bc024286739b56038bfebd6c2ad71addd9565a833f21a7a48cadbe7403c3e93c889cb2223d044448634cc93b6dc45a268299ea1b5b18c09b3477bb6e12fb0506 -AUX qemu-9999-cflags.patch 347 SHA256 fe3bcbe83e81225b2c722578a0a976fcb724419d5208bbd6d02fb543e80b7e12 SHA512 e1b8be744170d61a2155b23a8394db01f8af6dc70ec033e71b2ff46f72975704836d42b96d7904e5d462289c5f8f24317f2fb28698f18a77ab1de02829e585eb WHIRLPOOL 2d972c7e40292f424fd37a4c1af04d2be095c215211ec2e1d15d8457df553342ffc02a7d39985f817fbbf5342e422d30e439c35a925341cf9b852ca7ff15a308 -AUX qemu-9999-virtfs-proxy-helper-accept.patch 973 SHA256 91cc9e024aa09ea3dd23ec52c561047656acc89f0ad0d5ddccce354c1ac4d282 SHA512 031cb1c35b479b18032f56a07fa2fa6d392a7f0919acd3636bf122ab7f75dcfbb5fc0e26e18a8a31a9888409f81c2e08438a1af999232418d940167c5031a92b WHIRLPOOL ea4dc08230289a147fd55d0bd9e32896cd4491130084fc45b4043f41caf611f07d4587cc485e6d25ba3f6fbc66939ed8faf3c2017bf33ab10e1885277fa3f6ff +AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac +AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc +AUX qemu-2.3.0-CVE-2015-3209.patch 1759 SHA256 0fd6be98beb1f63cd45924c1cdf2a64fc5dca2af5a977c6391aa656433a035e9 SHA512 9ddca8a536f14ecf9f5e15fc65438cce2e02adf92c54cb98f4529934515b0cc159bb41532013d6321590812181f9904d4d8bb761542dc776ff8a724a97bb6f0f WHIRLPOOL f365aab8ed12602c32db7e2c4203d58e4d07dd147d4e2356b92f4124b63fb5f17b0314fc6520c3b7a40786205b671c40ba3fbc4b7e16f8be5e9399bdd5532508 +AUX qemu-2.3.0-CVE-2015-3214.patch 1411 SHA256 c0d3f6e17d8b68260486f478dea18fb7869fe4108551fd9093d89be57e2ec360 SHA512 97030b47df828a7377d20a30b29b80c580e3f9b8cfd6632c27637154b6877b27730780cd716ab96f058f1eccaa848c6808959ab8b4949d9cc7440d9e58c78fd5 WHIRLPOOL 7717aaf2e5a468c4b2ba34adee56394aea676d7a7d472fd37e3a6096ef74d2db696d3f5bc7c45cb2879ec4ec4fd2255555ea2ee348b5cd64a80b6c7af6ffdcd8 +AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729 +AUX qemu-2.3.0-CVE-2015-5154-1.patch 2160 SHA256 3dd3758c0bd8f27a906f2234ecfe270596e48d5c056eab2390b1eab9b610a847 SHA512 63d70d9904922be7f709c0638214ab42ae167b4dd05c0ac35a6de6dbdf81013769ed8733a8f56ce1e108d0759cf485f2199d63b046b526c5a0cec19a41fe41a9 WHIRLPOOL 238d9030c0d0970d22479ca0e1432819785ba1d4961e4d47fcfb63cf9b8a8cff92878509210fd10f3a91d6108f85ed172829234316862016d07533b71da954d2 +AUX qemu-2.3.0-CVE-2015-5154-2.patch 817 SHA256 4a3e812dec9bd43d2de2dd88f0adbb2473b785e6a1c3841d889dffad13a65f7a SHA512 0a903ad1e8fb1cac59f26e63d05820cb13cc020ba606a265c0482f1103a737ce0de9cc913ca324422cdda0ebf2b056e20b50951de999325b555031c014eaa597 WHIRLPOOL d697f46bf34e05f98db9e2e3ac05807afec59db5aa4063c76a0171efc4c84073301cec048f75398e210eec698be5d0363cb9c7c36a555cee9616acd21f09446b +AUX qemu-2.3.0-CVE-2015-5154-3.patch 2101 SHA256 17999d2e455db848b3e47d146f239104e2e58661f27fc549609bdf6ef77ad8a5 SHA512 0a12a2281b8f6ae787ff8d58437b68df877d02d0ff3d53491a0dbea8c2e656632242de5b2e56b2703f77bfd2b8987c7f312025e27fd8bbb14f159419322d9801 WHIRLPOOL b05f6828dd66b26fad3327c0e795b211f50733857dbf3ac909900321df2cd381fb536c6418510796bafcd38795c7b8ae0729aa51666eaccd0787029987b30e19 +AUX qemu-2.3.0-CVE-2015-5158.patch 1302 SHA256 d53b76179ba33a51fbb1b7b2c35b003c63968d0400419c10fa33d353247eccd3 SHA512 8ef6f640ae77d9769fcff92b8c5a6a986ae35021556e594cf4848d1247cbf880e08f661c2734770fb946be8af17a542c3caae36b2b28e3ab58d70a829aa987c2 WHIRLPOOL 69987764ec3bd21bb316310938567a1e4e454a4195b4bede3f34487ee987777510e83cac24b455246d9cde84b16e0ac823dcb0f39e0a97c9a0db2315bc2c6f4d +AUX qemu-2.3.0-CVE-2015-5165-1.patch 2926 SHA256 12d0dc1a31449288ed5e562a1e9415c437b7a2799e8afa0b251e3957a0d8ab23 SHA512 1df1ff1044542c4a0b040cb7fe5bbe002ee95782277f50f2bea86fbb34d4c5404a6c1f467a4cc224020882fe8c2f113e6b44d762129bd79ae04e139494a90ddc WHIRLPOOL 9a145915030288ab597899d18e8054e6b0c5d9f25fa78ee3e7c99317d91d68ee155f9e16363c8d8f692a97e231394c778fb5fb6c527c9419d0b4b1f79ea7c725 +AUX qemu-2.3.0-CVE-2015-5165-2.patch 18212 SHA256 c91a60b7d7e18ea95b31eca0ba940d53c14730fae1e50802375c9e5ab7d0f109 SHA512 eb332382898e0450bc6a6297e5977579a05f7b2ad304659aff37a7eed040b28013a982cdff2a1d669e968cea2aefef183081db1f6f9ae2baf64865ef2dbfa283 WHIRLPOOL c95181f31e8db78432c226a51bb4023da73430ce4de96960448573d3929bdce23b696ba9a6dabc8ccb8fe18e9c07ccf73d646ddccf26b3b0761813fcdef92564 +AUX qemu-2.3.0-CVE-2015-5165-3.patch 1262 SHA256 99062a9cbf4b96de8f0aa8555291cf6e296a9dbdf22ad4e9285912ba02de9261 SHA512 664ce64538441b0eeb93d1b5642acf3a1bd8c9c8b4cb5578d49e8226b967c9bef816caee41a429365ff0c5f982991f25483fc14db6c0a27d14626febaf8f8bcd WHIRLPOOL 013a32f4a5acffe8c2d79db4c4bc51bb36b666d8cc651c00aecf0d256952844bc25e7c6af3e588d4f365e7ae239e6c8cf5288e68dc1a40794a9fa274cd302e6b +AUX qemu-2.3.0-CVE-2015-5165-4.patch 1888 SHA256 82d2214a0bd42b03b72b26170e4c80699d74bc691b6e223780a693ad2e9c267a SHA512 a7dba1a26f33c2a65ee84fd0d3e5606cd17f623bea0c33438247e1f8d6cd72217d02bd00c28a24f54506480b12092b7351551af5f9cdcf863157cddaa461b606 WHIRLPOOL e93418de51172b90fa6b81af459e8db6d330c64c83cf4061174ee6e220494ed80bb1ca9860d7b63f80385b9a9f1f2c530131676595526f86d31611db50ea8ac1 +AUX qemu-2.3.0-CVE-2015-5165-5.patch 1070 SHA256 b728ae69e4a1d838bb1b4c5e6135e84fe8f6fc7e97fdc99915e7fc908edb4fd2 SHA512 7476649c099b363632b158b691f8ec2704590ec6e671f9bb013c7ffe50e593dc7c97278b6d09b5021605071a23b528875f024f5617a019954efac9c4055f6a83 WHIRLPOOL 760d4570045f34adcf1dba2937ece2a91b1e3da8c740cd947fdafbc03eee62c46ec4bb2c7bb993bb6cf7189d41bee3da49dd1773c579d9beea5f2b7e05da6f03 +AUX qemu-2.3.0-CVE-2015-5165-6.patch 1225 SHA256 6fb23646e05ef9a4b010d2a2c0235b6ee58a293f39ed40b6b1611115c948a79a SHA512 a1a38fdbc3f3cebb557ae00c3764bb268019b2c9f15731bb829b3b73a87856c5d51d65cc3ff712b28601298afb2aa82e83789bab867c8fb2816f23d515af8be7 WHIRLPOOL 9a17bd514cf5286c69a7955081d267febc1485d1df78ee918d6c16f8750247b3759cd60ec405dd7859ca76e396c5fcc04deb159540181fcdfadad13c41bf807c +AUX qemu-2.3.0-CVE-2015-5165-7.patch 1129 SHA256 ebcadb69110ea4672795b52472222ed1ffe67a83e37c5b7d401530f43137c587 SHA512 d174df707dabbaf49fadda0db9b551abef0e4c2045287bfb78ded69c7b8e6a59333d7aa1459ac7a81c0f3f711ec225157d8dabcd63d6eed10bb5755cea608fbb WHIRLPOOL 58fc0a2974bd9c1d9d11de7f97fda8796b3af05338969eac4d685572e952cb0b0b752166572d3b81b40db862ad0a55e9bd83bc3c2344cf04ae8a12ba4e752f2a +AUX qemu-2.3.0-CVE-2015-5166.patch 1176 SHA256 dead84667dd4868d0688dc4e62a54a14883e6f0352cf3318b277aa37e27c9261 SHA512 977e6d84d6e016dd0ba99d00f19c28b9976fdb58fd856457e08a2f9204554946a76f1fa6bbaff68f344bdddd791e13942b4b984610fde0a80645bd859fcbb781 WHIRLPOOL f4f9751acbc6d8b29074b98ecd7ae45fb13952f150b64412b1f783df14f49996b1a5eb398c7a954a4024818cddad40e7ffb187c830d7e3b0afb01662d0e8569a AUX qemu-binfmt.initd-r1 8078 SHA256 2560f1d12374a2dea74e18365ac3d759c2eab35eb9a77b989e1bb8346d9bc3f8 SHA512 82d8ebdb5a4c452f03281c28f074ea52acfb730f1c3ddf68de2ce496c7ca23fd379041948371b021355f00f9c260383fdecf47218ddf2764ab75d6ec8a7a2715 WHIRLPOOL a0f54e133fbda2fd050ef8168fee676a763bb94a890f8c1d99d44e37e4a29322d513d9f5ddad9247f44e3ee0ac779050a3b06cf909678fdfb9f46777701de492 -AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067 -DIST qemu-2.1.2-20141214.tar.xz 5580 SHA256 bbf0e23f03f7ec5582ae522a194c5908a1ed85d42bf859100c99280af1ff21d2 SHA512 ca9bb37400d59cedeb1a659cb445758138c18ceb28ae2de2beee50b7aba39b1edf8d7317d777aa44def7c96437b5d4c19874b52e48d0272cb7de1c5dcc77f6d7 WHIRLPOOL 6ea13fe7cfaaa103d6d6e43445bba97358fcb6b434bccb5018e48176f9d4b90ce2100ffb17cd555fc4b9ee3fe98c281a6702d5a875d8a04674e177fbe90acffa -DIST qemu-2.1.2.tar.bz2 23563255 SHA256 fd10f5e45cf5a736fa5a3e1c279ae9821534e700beb7d1aab88a07648a394885 SHA512 73ef758c82b23eec649c807bee8937d7fbf267278f7777adbdb22b738672543b826d211a4b523f38cee3e2b01f05ccf40a75756fc19c911362988d8e86d5cd58 WHIRLPOOL 5703d0aa8bb4366bb7aeb44fa4f3d1b54f188de42cd8c82e894584f627802b80a3dde1aa3b15fe8602a1891ec61ac66b3cd44ec031385cca88768f375c15b554 -DIST qemu-2.1.3.tar.bz2 23570694 SHA256 9b68fd0e6f6c401939bd1c9c6ab7052d84962007bb02919623474e9269f60a40 SHA512 119d89d85a54a4225716f7d1b20dc624705c1893e782b6f75e8a31ec11d4ba0ed60b78dd59322c2acc7f132c2f167461cf354d6a5f18925cf594746375b7b8fa WHIRLPOOL 9535d18037d12f719a85b648f4b65ce762fc4832ccb1b6b9ad88042be49ceb3d4813bd68ec1c0a91c21629018d376de7ddc479b69e81051d0f8c0e6af7a148e6 -DIST qemu-2.2.0.tar.bz2 24316697 SHA256 b68c9b6c7c694f5489b5a6bffe993cd976ffbb78e7d178eb3bc016caf460039c SHA512 c1a42cc53a01175875411cad13defaab46f97740897b89f19fbf345106534f83fc707fae4a58d890f64eea475b940b934c7531a6ed04aa01f54cadb52b0b5909 WHIRLPOOL a9cb92406d4f2cfd6b7989c9876f7df4b305083241110e7b2bf16642cfd77531c48a48753745dfeb31b9aa7d71a2d4d3f8c5aba797918c9c60e920c79066ea2d -DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788 -EBUILD qemu-2.1.2-r2.ebuild 18526 SHA256 ce5e0c44d8ddc830e8703b32de979e70a9e3675ddcb1509febff684d9a805436 SHA512 5d74ec3a48eab6952ef96204f9bfb0ebf1dee7664848809f468689d6e97e9461182e345aa09082fccd33e9ddf90ecc7617d2dc9232180fcbd3436676eece35c2 WHIRLPOOL a38dd61c267cd19d28ccbb1004b136e4b92d50bf0b2f182e047b4d601aca006beedd47fc4c34b4ce7f526d1cfa7292f2713c18782a625f1917936057be8c5488 -EBUILD qemu-2.1.3.ebuild 18450 SHA256 e209f9cc11ac9a40d2e8e19a7a763fac5f2a5acd41cea19ff0092ecb2312ee00 SHA512 01990f68c31b5643aa70c3bc3e813cc9ae1bbec718d2056f8cb4e2826b910804fd58533e370a8ec9d554f48f79822707dbdfa69378c24c868962a35b180b4ea2 WHIRLPOOL 22206434005207e6788c254e378d2df704738177219667f947427c1384a08c6c81a52aca373ca666c3c4acc298a7822658c5ec4a24d03d0991b385091b0c8da4 -EBUILD qemu-2.2.0.ebuild 18321 SHA256 738a09c193c78a6cb49bfddd98294ca7b629594b0af4e927cb5d0a1a3d593570 SHA512 37ad4912b0ff335938afc94feb4f94413e7fb8bd9be4578de89dfbfc2d57f3524a2da68802a834cb9e5fd2fb07bed0ab9df3521a296f1c30830bbbb5e9e5a0e9 WHIRLPOOL adeb66e57b126d6a9448c2f9a0755a7b4a3f055190e5151c20111d7ca12a3231798628218290d62645440e0b7accfedb53e19f4af126d7a377ccec0c86b0032a -EBUILD qemu-2.2.1.ebuild 18336 SHA256 010e31805cae369a4fda875a9b6db9cf57ded71a594a3d62fc9a8dc28e35bdc1 SHA512 b068a1256a37864237c29f9e3e17d2a5f384bb58630ca968a307878f09d0022a95a5417dae9013cdfdc10ea13940c84fed42048a9d298c6180bab0545aa5cec4 WHIRLPOOL b448e8d41815c094519ca68315fd441d633e43dd038800a95d5c81a644532d698fb91fef977cb95016729213964cdd420e035ac317981ddbe1164d10cbf264ff -EBUILD qemu-9999.ebuild 18669 SHA256 85fa1cb7f088ea7e3bdabf458eb412a5adced548e19d803bec69afe14d516f79 SHA512 45114c09beb9299c3fc94ebd5c152d730c63070f1d1e85ad4e7a93affc360ddd44e0f4552dc75c606b15d3f36683f3bfefd1621364d352cfe943a5f1d8b938df WHIRLPOOL 500eed367785006a0f83ad80b0cc30c30e2ec5dd1902639d68c85fa8b0f10b345fa7b685c95f5d335542be5e4d1ad3b7dc58035329d47dc7a3cecd93aaa89b33 -MISC ChangeLog 52789 SHA256 5c9e6869db70db817ab7acce59d86bbe4528c65e5e1b69ffb7ad1d2fe6bf7372 SHA512 23097a6d0aa9ca4bdac72c0629e97d717b5608c305e20e895b8982923fa511e6b9a5c0a2193076ca4f7e0adcb354773bd2861d1b91879c60af49883613bb9074 WHIRLPOOL 3d9f0d779215600f5bb510bd7c466e046cc9b66c065f9a2242b2ae1d27a36833624abdfa279199464bf034ef9a00cfb0cda0244012b3b3db11ad26400bb7b79a -MISC metadata.xml 3648 SHA256 d6c0a87cd95bf7e2b66bb4c9bd21bdac780f502e8921aa0bfb93ba301c978562 SHA512 b3aed4e6c67bb23312402b4e6832485e31c1e6e4c38055190603da80b3680262d8f876d6e9af2f1efbfce6072125f3093edeb712f4ad73246c08b1f77a466649 WHIRLPOOL 8d45f196554880858262886575374c109f621f45120e6278ca9c5a4f70f191b909782589b6c65b7aef0294c655bb8fc43dc382197e69b5c68b874c949bd4c286 +DIST qemu-2.3.0.tar.bz2 24683085 SHA256 b6bab7f763d5be73e7cb5ee7d4c8365b7a8df2972c52fa5ded18893bd8281588 SHA512 7a40d213c5696b27784abd2a3119e49d42c38c923be431826c73a8f14c19074435d7f1a652686c53baf08e81f5a3005b2ddc92d67c32f6a2b19659ab627e9eaa WHIRLPOOL 9dad6e342027c3be512b4e0b40e810e0a6f1dc84a16847aa5aac74d97f7a347e60d42e770335a090f83e90a1614294f86552a84edc1faafc7093d3e32602f5de +EBUILD qemu-2.3.0-r4.ebuild 19056 SHA256 9bff0981aa03eb7489eabb6c2bb952f293ad6c5b002e0321b2b33638564afe11 SHA512 62516308746cc7402ad46e7fde02d53947f43fe28b60d6f41373e419f44987c25c17f7e27eb96f13586076f48d7408a049f57b60db46845c3ee72f6f9b07cdce WHIRLPOOL d5ca0a0395b9ab6e8e4b9646d7e91da9323c7b1707b2c8d950580a4e2190738de75edc77e4ec399cb9aaca94725755dc1477438f0f251face6155104dae763b2 +EBUILD qemu-2.3.0-r5.ebuild 19518 SHA256 bc0180d0df478992c7c4a26a51229f4c799bbb7e9112ec789bcfc297301f4c1f SHA512 1ce12120db2a4475280eb3125683e6db7069bc35e49380d76903a6e6a5f674b976fe575075b3fca3cada00dfc1147d0ed6510a23a16651b36a6410b28cd34581 WHIRLPOOL 29456ddc3375e8cc12e90d1912d2cbecd9deb21deac21622072690d6270dba164ec459a131c04d2339744ae3e2651214c66633e43dfe69c33a2ed9778082eef8 +EBUILD qemu-9999.ebuild 18435 SHA256 07cf15f4b41c74cfc6cf679354d000842c11d2c06f47c59d21f219eefa993b59 SHA512 ec44a044f7d3ee430a58ed502b2e1b10b2710d28663557daf1d6f9c2c9107e058ee4b9f771180a631e1de4d9bda901d53a008f69c081c6a34410a7680b07b7ed WHIRLPOOL 4c02608e81f7a39cfe5bb26bd2d4e14df40ce74aee15ce80484bb4575e23beeffdf9597068f57c88b0a8f364ba1846b4edd31f27cd7dc142179bd54db58b5f2f +MISC ChangeLog 58193 SHA256 60c1a4f4c85515520ab14da920bbbf4a6813491ce16b5357a0456ea588815a5c SHA512 ddfe8e75aabe59b731a4a8b31839d8c71fd516620306d2bc99d7641cc501652974e053104caafa7550c5ad33b6834295f6743a98b9419d292b8bf6f67918ccd3 WHIRLPOOL a6841f79c3ba1cbf76a8c7fde296a2912c46ddd251494dca3bf3bc13391c80595b6f80125c383823899942248008ede7065b0f5c8e43f9bc1d0464aa62cc187f +MISC metadata.xml 3708 SHA256 9f5c1b781f9924046cc0fa050a93e632935c58b67d6de4f3a872eb63341e86ee SHA512 cb2582c698b5913c70e07bd27c39e84e45c319f95faa3494c0ad5273c25127bae888da3cdcec3e73b8d3ae7b950f7f128a550977755e8f8fbec53d931ac89117 WHIRLPOOL d08403a3f8659bec79644a4042c3f71653152a7d1e078efd3959565e794c7f837e735f4e774dcdb4077eeadc3f493a1a5170d7973db72b14b31c77c1093e22de -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iQJ8BAEBCABmBQJVJNl4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w -ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC -MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZOOKsP/0M956ACTp9+HkERridVBhiy -VcYPef7Sdwr66kwMFiY+WylIte/PaiIZBggPod2wt4b5R1zIzBy4ah9SVOAznrv9 -+5pZFsqvIPCTx9X58R69nQw1wArpe4GJF0XbNAoVOHx7OAjVsI6IXSG1PHBdwNhV -/vQoBw0OrX3HYbzdIvNDnJY1erVZia4v/rLYb773URsROriNx9/ahkFYeUvPBpt0 -CCfgK/K2RqqtVrNdhUsb0r0koSfbNgvAS6HArh5dhUEESpuJo1y6Sq5o15hyzskV -BphE3C2HXkGMzhCaXhH1rnNfC1cvw/eoPamQlM2BV6YZlxJ7mbHHHGErGeHPu5Oj -bbPVFYgAt+JJKr9BFjvqLkCONvRf1RZzFC4YTNSexjdAVV0Wcq1mTjjwkPHg29+W -lbOHn+123Fa/ZhFsndco6gyfqJ08GnCHrPQLfCrozFSE6sdsTxyaw6VbE+Jh6deK -ZpgPhi81+9DPvEwZd6PhnkHrn3+fYb++h+a0Bvb6ifFhDIBgOXv4FR0lTxu1X6VQ -ozlHl4CKuCRi49s7TL/fxdwSvTaTr6sgvuTAc2KE/ow8GP31a+vSObc7Z3mApqPl -BuqH38QpxGNRV8HuzhAzxKyxA3zEecVT1IMqkNOAvPh6tGtX05tE+nV81klO0f8C -DzwTJgw20FocrPA0sRzN -=5+9t +iQIbBAEBCAAGBQJVwbGhAAoJEPGu1DbS6WIATpEP9iYP4aHvjiA/yuYhb4NpRHA1 +XH8fV/FTU2AkYydgTwdhhGPBcwTrI91wJSxPIhZPzalThKdFQgJ61/l/+CW6dyJz +C4wvPJ7Y/WqbtDKUlZCl4wFPO6gGvLnmVTY0memeHKJl2LqQqjknUXXjzpjaYpcF +4xtD0tQ/XaIFvAA0+u6nfIyvDbB2qE4dvbiATZ2OlfFjy3RPZpONLwRqLzTG33JJ +32/zqBRwmG2RliaXj72jX6ZbB0WENgSOX9T3oxVK4orfh30CsoXRBXTJwcImZ5zV +OIFWDBKSee3K6Ds80qUYSFdrny3j2mufj9pZqtqZ+ZQiVCQbNgZUjyXV89be3Tdj +nOTleaSayJZ7RAqCm+P6Jgfn2SgmGu2lwT8zlbgUpUXgVbAIIZG3UekFgwy6pr5L +lNuuDjDCb/ZtM8xygQbSkgN+AfoF2jDsweGkzSSQP2IkfkSm8Iy/eDJh2DoN7OIx +AtYasTgPE1HwDZq9iCh+ANHp81qeGUZifNKlVFIbVqmEq3eK+zd28SYtKPDL19Tq +oEItwCBhyDsiKdhvBbPi/oY64OyDIg+y3E2rNoYz43hdAsJanuQH9Ca3vmIYvWr3 +Axqo93/LIexe5F+XlOduQH0pm6H/SqhVQjd4A/Dx3pIuR7eDZTLx1r2dXjo1rEe8 +bNIMQfCXnXA3h16xHSg= +=Q9xW -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch deleted file mode 100644 index 451a968250..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch +++ /dev/null @@ -1,81 +0,0 @@ -fix already in upstream - -From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Fri, 8 Aug 2014 09:40:25 +0900 -Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink - -The current code always returns the length of the path when it should -be returning the number of bytes it wrote to the output string. - -Further, readlink is not supposed to append a NUL byte, but the current -snprintf logic will always do just that. - -Even further, if you pass in a length of 0, you're suppoesd to get back -an error (EINVAL), but the current logic just returns 0. - -Further still, if there was an error reading the symlink, we should not -go ahead and try to read the target buffer as it is garbage. - -Simple test for the first two issues: -$ cat test.c -int main() { - char buf[50]; - size_t len; - for (len = 0; len < 10; ++len) { - memset(buf, '!', sizeof(buf)); - ssize_t ret = readlink("/proc/self/exe", buf, len); - buf[20] = '\0'; - printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret); - } - return 0; -} - -Now compare the output of the native: -$ gcc test.c -o /tmp/x -$ /tmp/x -$ strace /tmp/x - -With what qemu does: -$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static -$ qemu-arm /tmp/x -$ qemu-arm -strace /tmp/x - -Signed-off-by: Mike Frysinger -Signed-off-by: Riku Voipio ---- - linux-user/syscall.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index fccf9f0..7c108ab 100644 ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, - p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0); - if (!p || !p2) { - ret = -TARGET_EFAULT; -+ } else if (!arg3) { -+ /* Short circuit this for the magic exe check. */ -+ ret = -TARGET_EINVAL; - } else if (is_proc_myself((const char *)p, "exe")) { - char real[PATH_MAX], *temp; - temp = realpath(exec_path, real); -- ret = temp == NULL ? get_errno(-1) : strlen(real) ; -- snprintf((char *)p2, arg3, "%s", real); -+ /* Return value is # of bytes that we wrote to the buffer. */ -+ if (temp == NULL) { -+ ret = get_errno(-1); -+ } else { -+ /* Don't worry about sign mismatch as earlier mapping -+ * logic would have thrown a bad address error. */ -+ ret = MIN(strlen(real), arg3); -+ /* We cannot NUL terminate the string. */ -+ memcpy(p2, real, ret); -+ } - } else { - ret = get_errno(readlink(path(p), p2, arg3)); - } --- -2.0.0 - diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch deleted file mode 100644 index 34f136f5a8..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch +++ /dev/null @@ -1,50 +0,0 @@ -https://bugs.gentoo.org/527088 - -From e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Mon Sep 17 00:00:00 2001 -From: Petr Matousek -Date: Mon, 27 Oct 2014 12:41:44 +0100 -Subject: [PATCH] vnc: sanitize bits_per_pixel from the client - -bits_per_pixel that are less than 8 could result in accessing -non-initialized buffers later in the code due to the expectation -that bytes_per_pixel value that is used to initialize these buffers is -never zero. - -To fix this check that bits_per_pixel from the client is one of the -values that the rfb protocol specification allows. - -This is CVE-2014-7815. - -Signed-off-by: Petr Matousek - -[ kraxel: apply codestyle fix ] - -Signed-off-by: Gerd Hoffmann ---- - ui/vnc.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/ui/vnc.c b/ui/vnc.c -index 0fe6eff..8bca597 100644 ---- a/ui/vnc.c -+++ b/ui/vnc.c -@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs, - return; - } - -+ switch (bits_per_pixel) { -+ case 8: -+ case 16: -+ case 32: -+ break; -+ default: -+ vnc_client_error(vs); -+ return; -+ } -+ - vs->client_pf.rmax = red_max; - vs->client_pf.rbits = hweight_long(red_max); - vs->client_pf.rshift = red_shift; --- -2.1.2 - diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch new file mode 100644 index 0000000000..35ef8fdebf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch @@ -0,0 +1,241 @@ +From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Mon, 23 Mar 2015 22:58:21 +0000 +Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames + +The logic for decoding websocket frames wants to fully +decode the frame header and payload, before allowing the +VNC server to see any of the payload data. There is no +size limit on websocket payloads, so this allows a +malicious network client to consume 2^64 bytes in memory +in QEMU. It can trigger this denial of service before +the VNC server even performs any authentication. + +The fix is to decode the header, and then incrementally +decode the payload data as it is needed. With this fix +the websocket decoder will allow at most 4k of data to +be buffered before decoding and processing payload. + +Signed-off-by: Daniel P. Berrange + +[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ] + + @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input, + - *payload_size = input->offset; + + *payload_size = *payload_remain; + +[ kraxel: fix 32bit build ] + + @@ -306,7 +306,7 @@ struct VncState + - uint64_t ws_payload_remain; + + size_t ws_payload_remain; + +Signed-off-by: Gerd Hoffmann +--- + ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++-------------------- + ui/vnc-ws.h | 9 ++++-- + ui/vnc.h | 2 ++ + 3 files changed, 80 insertions(+), 36 deletions(-) + +diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c +index 85dbb7e..0b7de4e 100644 +--- a/ui/vnc-ws.c ++++ b/ui/vnc-ws.c +@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs) + { + int ret, err; + uint8_t *payload; +- size_t payload_size, frame_size; ++ size_t payload_size, header_size; + VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer, + vs->ws_input.capacity, vs->ws_input.offset); + buffer_reserve(&vs->ws_input, 4096); +@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs) + } + vs->ws_input.offset += ret; + +- /* make sure that nothing is left in the ws_input buffer */ ++ ret = 0; ++ /* consume as much of ws_input buffer as possible */ + do { +- err = vncws_decode_frame(&vs->ws_input, &payload, +- &payload_size, &frame_size); +- if (err <= 0) { +- return err; ++ if (vs->ws_payload_remain == 0) { ++ err = vncws_decode_frame_header(&vs->ws_input, ++ &header_size, ++ &vs->ws_payload_remain, ++ &vs->ws_payload_mask); ++ if (err <= 0) { ++ return err; ++ } ++ ++ buffer_advance(&vs->ws_input, header_size); + } ++ if (vs->ws_payload_remain != 0) { ++ err = vncws_decode_frame_payload(&vs->ws_input, ++ &vs->ws_payload_remain, ++ &vs->ws_payload_mask, ++ &payload, ++ &payload_size); ++ if (err < 0) { ++ return err; ++ } ++ if (err == 0) { ++ return ret; ++ } ++ ret += err; + +- buffer_reserve(&vs->input, payload_size); +- buffer_append(&vs->input, payload, payload_size); ++ buffer_reserve(&vs->input, payload_size); ++ buffer_append(&vs->input, payload, payload_size); + +- buffer_advance(&vs->ws_input, frame_size); ++ buffer_advance(&vs->ws_input, payload_size); ++ } + } while (vs->ws_input.offset > 0); + + return ret; +@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload, + buffer_append(output, payload, payload_size); + } + +-int vncws_decode_frame(Buffer *input, uint8_t **payload, +- size_t *payload_size, size_t *frame_size) ++int vncws_decode_frame_header(Buffer *input, ++ size_t *header_size, ++ size_t *payload_remain, ++ WsMask *payload_mask) + { + unsigned char opcode = 0, fin = 0, has_mask = 0; +- size_t header_size = 0; +- uint32_t *payload32; ++ size_t payload_len; + WsHeader *header = (WsHeader *)input->buffer; +- WsMask mask; +- int i; + + if (input->offset < WS_HEAD_MIN_LEN + 4) { + /* header not complete */ +@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload, + fin = (header->b0 & 0x80) >> 7; + opcode = header->b0 & 0x0f; + has_mask = (header->b1 & 0x80) >> 7; +- *payload_size = header->b1 & 0x7f; ++ payload_len = header->b1 & 0x7f; + + if (opcode == WS_OPCODE_CLOSE) { + /* disconnect */ +@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload, + return -2; + } + +- if (*payload_size < 126) { +- header_size = 6; +- mask = header->u.m; +- } else if (*payload_size == 126 && input->offset >= 8) { +- *payload_size = be16_to_cpu(header->u.s16.l16); +- header_size = 8; +- mask = header->u.s16.m16; +- } else if (*payload_size == 127 && input->offset >= 14) { +- *payload_size = be64_to_cpu(header->u.s64.l64); +- header_size = 14; +- mask = header->u.s64.m64; ++ if (payload_len < 126) { ++ *payload_remain = payload_len; ++ *header_size = 6; ++ *payload_mask = header->u.m; ++ } else if (payload_len == 126 && input->offset >= 8) { ++ *payload_remain = be16_to_cpu(header->u.s16.l16); ++ *header_size = 8; ++ *payload_mask = header->u.s16.m16; ++ } else if (payload_len == 127 && input->offset >= 14) { ++ *payload_remain = be64_to_cpu(header->u.s64.l64); ++ *header_size = 14; ++ *payload_mask = header->u.s64.m64; + } else { + /* header not complete */ + return 0; + } + +- *frame_size = header_size + *payload_size; ++ return 1; ++} ++ ++int vncws_decode_frame_payload(Buffer *input, ++ size_t *payload_remain, WsMask *payload_mask, ++ uint8_t **payload, size_t *payload_size) ++{ ++ size_t i; ++ uint32_t *payload32; + +- if (input->offset < *frame_size) { +- /* frame not complete */ ++ *payload = input->buffer; ++ /* If we aren't at the end of the payload, then drop ++ * off the last bytes, so we're always multiple of 4 ++ * for purpose of unmasking, except at end of payload ++ */ ++ if (input->offset < *payload_remain) { ++ *payload_size = input->offset - (input->offset % 4); ++ } else { ++ *payload_size = *payload_remain; ++ } ++ if (*payload_size == 0) { + return 0; + } +- +- *payload = input->buffer + header_size; ++ *payload_remain -= *payload_size; + + /* unmask frame */ + /* process 1 frame (32 bit op) */ + payload32 = (uint32_t *)(*payload); + for (i = 0; i < *payload_size / 4; i++) { +- payload32[i] ^= mask.u; ++ payload32[i] ^= payload_mask->u; + } + /* process the remaining bytes (if any) */ + for (i *= 4; i < *payload_size; i++) { +- (*payload)[i] ^= mask.c[i % 4]; ++ (*payload)[i] ^= payload_mask->c[i % 4]; + } + + return 1; +diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h +index ef229b7..14d4230 100644 +--- a/ui/vnc-ws.h ++++ b/ui/vnc-ws.h +@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs); + void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size); + void vncws_encode_frame(Buffer *output, const void *payload, + const size_t payload_size); +-int vncws_decode_frame(Buffer *input, uint8_t **payload, +- size_t *payload_size, size_t *frame_size); ++int vncws_decode_frame_header(Buffer *input, ++ size_t *header_size, ++ size_t *payload_remain, ++ WsMask *payload_mask); ++int vncws_decode_frame_payload(Buffer *input, ++ size_t *payload_remain, WsMask *payload_mask, ++ uint8_t **payload, size_t *payload_size); + + #endif /* __QEMU_UI_VNC_WS_H */ +diff --git a/ui/vnc.h b/ui/vnc.h +index e19ac39..3f7c6a9 100644 +--- a/ui/vnc.h ++++ b/ui/vnc.h +@@ -306,6 +306,8 @@ struct VncState + #ifdef CONFIG_VNC_WS + Buffer ws_input; + Buffer ws_output; ++ size_t ws_payload_remain; ++ WsMask ws_payload_mask; + #endif + /* current output mode information */ + VncWritePixels *write_pixels; +-- +2.3.5 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch new file mode 100644 index 0000000000..c7a8c8b3ec --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch @@ -0,0 +1,58 @@ +From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Mon, 23 Mar 2015 22:58:22 +0000 +Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets + clients + +The VNC server websockets decoder will read and buffer data from +websockets clients until it sees the end of the HTTP headers, +as indicated by \r\n\r\n. In theory this allows a malicious to +trick QEMU into consuming an arbitrary amount of RAM. In practice, +because QEMU runs g_strstr_len() across the buffered header data, +it will spend increasingly long burning CPU time searching for +the substring match and less & less time reading data. So while +this does cause arbitrary memory growth, the bigger problem is +that QEMU will be burning 100% of available CPU time. + +A novnc websockets client typically sends headers of around +512 bytes in length. As such it is reasonable to place a 4096 +byte limit on the amount of data buffered while searching for +the end of HTTP headers. + +Signed-off-by: Daniel P. Berrange +Signed-off-by: Gerd Hoffmann +--- + ui/vnc-ws.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c +index 0b7de4e..62eb97f 100644 +--- a/ui/vnc-ws.c ++++ b/ui/vnc-ws.c +@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque) + VncState *vs = opaque; + uint8_t *handshake_end; + long ret; +- buffer_reserve(&vs->ws_input, 4096); +- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096); ++ /* Typical HTTP headers from novnc are 512 bytes, so limiting ++ * total header size to 4096 is easily enough. */ ++ size_t want = 4096 - vs->ws_input.offset; ++ buffer_reserve(&vs->ws_input, want); ++ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want); + + if (!ret) { + if (vs->csock == -1) { +@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque) + vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset); + buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer + + strlen(WS_HANDSHAKE_END)); ++ } else if (vs->ws_input.offset >= 4096) { ++ VNC_DEBUG("End of headers not found in first 4096 bytes\n"); ++ vnc_client_error(vs); + } + } + +-- +2.3.5 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch new file mode 100644 index 0000000000..885db3b52e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch @@ -0,0 +1,51 @@ +https://bugs.gentoo.org/551752 + +From 9f7c594c006289ad41169b854d70f5da6e400a2a Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Sun, 24 May 2015 10:53:44 +0200 +Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx + +4096 is the maximum length per TMD and it is also currently the size of +the relay buffer pcnet driver uses for sending the packet data to QEMU +for further processing. With packet spanning multiple TMDs it can +happen that the overall packet size will be bigger than sizeof(buffer), +which results in memory corruption. + +Fix this by only allowing to queue maximum sizeof(buffer) bytes. + +This is CVE-2015-3209. + +[Fixed 3-space indentation to QEMU's 4-space coding standard. +--Stefan] + +Signed-off-by: Petr Matousek +Reported-by: Matt Tait +Reviewed-by: Peter Maydell +Reviewed-by: Stefan Hajnoczi +Signed-off-by: Stefan Hajnoczi +--- + hw/net/pcnet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index bdfd38f..68b9981 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s) + } + + bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT); ++ ++ /* if multi-tmd packet outsizes s->buffer then skip it silently. ++ Note: this is not what real hw does */ ++ if (s->xmit_pos + bcnt > sizeof(s->buffer)) { ++ s->xmit_pos = -1; ++ goto txdone; ++ } ++ + s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr), + s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s)); + s->xmit_pos += bcnt; +-- +2.2.0.rc0.207.ga3a616c + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch new file mode 100644 index 0000000000..7fee8fdcac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch @@ -0,0 +1,41 @@ +From: Petr Matousek +Date: Wed, 17 Jun 2015 10:46:11 +0000 (+0200) +Subject: i8254: fix out-of-bounds memory access in pit_ioport_read() +X-Git-Tag: v2.4.0-rc0~43^2~9 +X-Git-Url: http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=d4862a87e31a51de9eb260f25c9e99a75efe3235;hp=9dacf32d2cbd66cbcce7944ebdfd6b2df20e33b8 + +i8254: fix out-of-bounds memory access in pit_ioport_read() + +Due converting PIO to the new memory read/write api we no longer provide +separate I/O region lenghts for read and write operations. As a result, +reading from PIT Mode/Command register will end with accessing +pit->channels with invalid index. + +Fix this by ignoring read from the Mode/Command register. + +This is CVE-2015-3214. + +Reported-by: Matt Tait +Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052 +Cc: qemu-stable@nongnu.org +Signed-off-by: Petr Matousek +Signed-off-by: Paolo Bonzini +--- + +diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c +index 3450c98..9b65a33 100644 +--- a/hw/timer/i8254.c ++++ b/hw/timer/i8254.c +@@ -196,6 +196,12 @@ static uint64_t pit_ioport_read(void *opaque, hwaddr addr, + PITChannelState *s; + + addr &= 3; ++ ++ if (addr == 3) { ++ /* Mode/Command register is write only, read is ignored */ ++ return 0; ++ } ++ + s = &pit->channels[addr]; + if (s->status_latched) { + s->status_latched = 0; diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch new file mode 100644 index 0000000000..87697d08ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch @@ -0,0 +1,86 @@ +https://bugs.gentoo.org/549404 + +From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001 +From: Petr Matousek +Date: Wed, 6 May 2015 09:48:59 +0200 +Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer + +During processing of certain commands such as FD_CMD_READ_ID and +FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could +get out of bounds leading to memory corruption with values coming +from the guest. + +Fix this by making sure that the index is always bounded by the +allocated memory. + +This is CVE-2015-3456. + +Signed-off-by: Petr Matousek +Reviewed-by: John Snow +Signed-off-by: John Snow +--- + hw/block/fdc.c | 17 +++++++++++------ + 1 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index f72a392..d8a8edd 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + { + FDrive *cur_drv; + uint32_t retval = 0; +- int pos; ++ uint32_t pos; + + cur_drv = get_cur_drv(fdctrl); + fdctrl->dsr &= ~FD_DSR_PWRDOWN; +@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) + return 0; + } + pos = fdctrl->data_pos; ++ pos %= FD_SECTOR_LEN; + if (fdctrl->msr & FD_MSR_NONDMA) { +- pos %= FD_SECTOR_LEN; + if (pos == 0) { + if (fdctrl->data_pos != 0) + if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { +@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction) + static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction) + { + FDrive *cur_drv = get_cur_drv(fdctrl); ++ uint32_t pos; + +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { ++ pos = fdctrl->data_pos - 1; ++ pos %= FD_SECTOR_LEN; ++ if (fdctrl->fifo[pos] & 0x80) { + /* Command parameters done */ +- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { ++ if (fdctrl->fifo[pos] & 0x40) { + fdctrl->fifo[0] = fdctrl->fifo[1]; + fdctrl->fifo[2] = 0; + fdctrl->fifo[3] = 0; +@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256]; + static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + { + FDrive *cur_drv; +- int pos; ++ uint32_t pos; + + /* Reset mode */ + if (!(fdctrl->dor & FD_DOR_nRESET)) { +@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) + } + + FLOPPY_DPRINTF("%s: %02x\n", __func__, value); +- fdctrl->fifo[fdctrl->data_pos++] = value; ++ pos = fdctrl->data_pos++; ++ pos %= FD_SECTOR_LEN; ++ fdctrl->fifo[pos] = value; + if (fdctrl->data_pos == fdctrl->data_len) { + /* We now have all parameters + * and will be able to treat the command +-- +1.7.0.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch new file mode 100644 index 0000000000..759e403c5e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch @@ -0,0 +1,75 @@ +From d2ff85854512574e7209f295e87b0835d5b032c6 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Sun, 26 Jul 2015 23:42:53 -0400 +Subject: [PATCH] ide: Check array bounds before writing to io_buffer + (CVE-2015-5154) + +If the end_transfer_func of a command is called because enough data has +been read or written for the current PIO transfer, and it fails to +correctly call the command completion functions, the DRQ bit in the +status register and s->end_transfer_func may remain set. This allows the +guest to access further bytes in s->io_buffer beyond s->data_end, and +eventually overflowing the io_buffer. + +One case where this currently happens is emulation of the ATAPI command +START STOP UNIT. + +This patch fixes the problem by adding explicit array bounds checks +before accessing the buffer instead of relying on end_transfer_func to +function correctly. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Reviewed-by: John Snow +--- + hw/ide/core.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 122e955..44fcc23 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -2021,6 +2021,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) + } + + p = s->data_ptr; ++ if (p + 2 > s->data_end) { ++ return; ++ } ++ + *(uint16_t *)p = le16_to_cpu(val); + p += 2; + s->data_ptr = p; +@@ -2042,6 +2046,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr) + } + + p = s->data_ptr; ++ if (p + 2 > s->data_end) { ++ return 0; ++ } ++ + ret = cpu_to_le16(*(uint16_t *)p); + p += 2; + s->data_ptr = p; +@@ -2063,6 +2071,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) + } + + p = s->data_ptr; ++ if (p + 4 > s->data_end) { ++ return; ++ } ++ + *(uint32_t *)p = le32_to_cpu(val); + p += 4; + s->data_ptr = p; +@@ -2084,6 +2096,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr) + } + + p = s->data_ptr; ++ if (p + 4 > s->data_end) { ++ return 0; ++ } ++ + ret = cpu_to_le32(*(uint32_t *)p); + p += 4; + s->data_ptr = p; diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch new file mode 100644 index 0000000000..6d7902a534 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch @@ -0,0 +1,26 @@ +From 03441c3a4a42beb25460dd11592539030337d0f8 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Sun, 26 Jul 2015 23:42:53 -0400 +Subject: [PATCH] ide/atapi: Fix START STOP UNIT command completion + +The command must be completed on all code paths. START STOP UNIT with +pwrcnd set should succeed without doing anything. + +Signed-off-by: Kevin Wolf +Reviewed-by: John Snow +--- + hw/ide/atapi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c +index 950e311..79dd167 100644 +--- a/hw/ide/atapi.c ++++ b/hw/ide/atapi.c +@@ -983,6 +983,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf) + + if (pwrcnd) { + /* eject/load only happens for power condition == 0 */ ++ ide_atapi_cmd_ok(s); + return; + } + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch new file mode 100644 index 0000000000..f6f346f197 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch @@ -0,0 +1,69 @@ +From cb72cba83021fa42719e73a5249c12096a4d1cfc Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Sun, 26 Jul 2015 23:42:53 -0400 +Subject: [PATCH] ide: Clear DRQ after handling all expected accesses + +This is additional hardening against an end_transfer_func that fails to +clear the DRQ status bit. The bit must be unset as soon as the PIO +transfer has completed, so it's better to do this in a central place +instead of duplicating the code in all commands (and forgetting it in +some). + +Signed-off-by: Kevin Wolf +Reviewed-by: John Snow +--- + hw/ide/core.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 44fcc23..50449ca 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -2028,8 +2028,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val) + *(uint16_t *)p = le16_to_cpu(val); + p += 2; + s->data_ptr = p; +- if (p >= s->data_end) ++ if (p >= s->data_end) { ++ s->status &= ~DRQ_STAT; + s->end_transfer_func(s); ++ } + } + + uint32_t ide_data_readw(void *opaque, uint32_t addr) +@@ -2053,8 +2055,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr) + ret = cpu_to_le16(*(uint16_t *)p); + p += 2; + s->data_ptr = p; +- if (p >= s->data_end) ++ if (p >= s->data_end) { ++ s->status &= ~DRQ_STAT; + s->end_transfer_func(s); ++ } + return ret; + } + +@@ -2078,8 +2082,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val) + *(uint32_t *)p = le32_to_cpu(val); + p += 4; + s->data_ptr = p; +- if (p >= s->data_end) ++ if (p >= s->data_end) { ++ s->status &= ~DRQ_STAT; + s->end_transfer_func(s); ++ } + } + + uint32_t ide_data_readl(void *opaque, uint32_t addr) +@@ -2103,8 +2109,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr) + ret = cpu_to_le32(*(uint32_t *)p); + p += 4; + s->data_ptr = p; +- if (p >= s->data_end) ++ if (p >= s->data_end) { ++ s->status &= ~DRQ_STAT; + s->end_transfer_func(s); ++ } + return ret; + } + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch new file mode 100644 index 0000000000..9badc9b928 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch @@ -0,0 +1,40 @@ +commit c170aad8b057223b1139d72e5ce7acceafab4fa9 +Author: Paolo Bonzini +Date: Tue Jul 21 08:59:39 2015 +0200 + + scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158) + + This is a guest-triggerable buffer overflow present in QEMU 2.2.0 + and newer. scsi_cdb_length returns -1 as an error value, but the + caller does not check it. + + Luckily, the massive overflow means that QEMU will just SIGSEGV, + making the impact much smaller. + + Reported-by: Zhu Donghai (朱东海) + Fixes: 1894df02811f6b79ea3ffbf1084599d96f316173 + Reviewed-by: Fam Zheng + Cc: qemu-stable@nongnu.org + Signed-off-by: Paolo Bonzini + +diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c +index f50b2f0..f0ae462 100644 +--- a/hw/scsi/scsi-bus.c ++++ b/hw/scsi/scsi-bus.c +@@ -1239,10 +1239,15 @@ int scsi_cdb_length(uint8_t *buf) { + int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf) + { + int rc; ++ int len; + + cmd->lba = -1; +- cmd->len = scsi_cdb_length(buf); ++ len = scsi_cdb_length(buf); ++ if (len < 0) { ++ return -1; ++ } + ++ cmd->len = len; + switch (dev->type) { + case TYPE_TAPE: + rc = scsi_req_stream_xfer(cmd, dev, buf); diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch new file mode 100644 index 0000000000..043d189357 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch @@ -0,0 +1,82 @@ +From 5e0c290415b9d57077a86e70c8e6a058868334d3 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:16:58 +0100 +Subject: [PATCH 1/7] rtl8139: avoid nested ifs in IP header parsing + +Transmit offload needs to parse packet headers. If header fields have +unexpected values the offload processing is skipped. + +The code currently uses nested ifs because there is relatively little +input validation. The next patches will add missing input validation +and a goto label is more appropriate to avoid deep if statement nesting. + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 41 ++++++++++++++++++++++------------------- + 1 file changed, 22 insertions(+), 19 deletions(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 5f0197c..91ba33b 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2174,28 +2174,30 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + size_t eth_payload_len = 0; + + int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12)); +- if (proto == ETH_P_IP) ++ if (proto != ETH_P_IP) + { +- DPRINTF("+++ C+ mode has IP packet\n"); +- +- /* not aligned */ +- eth_payload_data = saved_buffer + ETH_HLEN; +- eth_payload_len = saved_size - ETH_HLEN; +- +- ip = (ip_header*)eth_payload_data; +- +- if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) { +- DPRINTF("+++ C+ mode packet has bad IP version %d " +- "expected %d\n", IP_HEADER_VERSION(ip), +- IP_HEADER_VERSION_4); +- ip = NULL; +- } else { +- hlen = IP_HEADER_LENGTH(ip); +- ip_protocol = ip->ip_p; +- ip_data_len = be16_to_cpu(ip->ip_len) - hlen; +- } ++ goto skip_offload; + } + ++ DPRINTF("+++ C+ mode has IP packet\n"); ++ ++ /* not aligned */ ++ eth_payload_data = saved_buffer + ETH_HLEN; ++ eth_payload_len = saved_size - ETH_HLEN; ++ ++ ip = (ip_header*)eth_payload_data; ++ ++ if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) { ++ DPRINTF("+++ C+ mode packet has bad IP version %d " ++ "expected %d\n", IP_HEADER_VERSION(ip), ++ IP_HEADER_VERSION_4); ++ goto skip_offload; ++ } ++ ++ hlen = IP_HEADER_LENGTH(ip); ++ ip_protocol = ip->ip_p; ++ ip_data_len = be16_to_cpu(ip->ip_len) - hlen; ++ + if (ip) + { + if (txdw0 & CP_TX_IPCS) +@@ -2391,6 +2393,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + } + } + ++skip_offload: + /* update tally counter */ + ++s->tally_counters.TxOk; + +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch new file mode 100644 index 0000000000..7a76a8a40d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch @@ -0,0 +1,373 @@ +From 2d7d80e8dc160904fa7276cc05da26c062a50066 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:16:59 +0100 +Subject: [PATCH 2/7] rtl8139: drop tautologous if (ip) {...} statement + +The previous patch stopped using the ip pointer as an indicator that the +IP header is present. When we reach the if (ip) {...} statement we know +ip is always non-NULL. + +Remove the if statement to reduce nesting. + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 305 +++++++++++++++++++++++++++---------------------------- + 1 file changed, 151 insertions(+), 154 deletions(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 91ba33b..2f12d42 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2198,198 +2198,195 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + ip_protocol = ip->ip_p; + ip_data_len = be16_to_cpu(ip->ip_len) - hlen; + +- if (ip) ++ if (txdw0 & CP_TX_IPCS) + { +- if (txdw0 & CP_TX_IPCS) +- { +- DPRINTF("+++ C+ mode need IP checksum\n"); ++ DPRINTF("+++ C+ mode need IP checksum\n"); + +- if (hleneth_payload_len) {/* min header length */ +- /* bad packet header len */ +- /* or packet too short */ +- } +- else +- { +- ip->ip_sum = 0; +- ip->ip_sum = ip_checksum(ip, hlen); +- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n", +- hlen, ip->ip_sum); +- } ++ if (hleneth_payload_len) {/* min header length */ ++ /* bad packet header len */ ++ /* or packet too short */ + } +- +- if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP) ++ else + { +- int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK; ++ ip->ip_sum = 0; ++ ip->ip_sum = ip_checksum(ip, hlen); ++ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n", ++ hlen, ip->ip_sum); ++ } ++ } + +- DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d " +- "frame data %d specified MSS=%d\n", ETH_MTU, +- ip_data_len, saved_size - ETH_HLEN, large_send_mss); ++ if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP) ++ { ++ int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK; + +- int tcp_send_offset = 0; +- int send_count = 0; ++ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d " ++ "frame data %d specified MSS=%d\n", ETH_MTU, ++ ip_data_len, saved_size - ETH_HLEN, large_send_mss); + +- /* maximum IP header length is 60 bytes */ +- uint8_t saved_ip_header[60]; ++ int tcp_send_offset = 0; ++ int send_count = 0; + +- /* save IP header template; data area is used in tcp checksum calculation */ +- memcpy(saved_ip_header, eth_payload_data, hlen); ++ /* maximum IP header length is 60 bytes */ ++ uint8_t saved_ip_header[60]; + +- /* a placeholder for checksum calculation routine in tcp case */ +- uint8_t *data_to_checksum = eth_payload_data + hlen - 12; +- // size_t data_to_checksum_len = eth_payload_len - hlen + 12; ++ /* save IP header template; data area is used in tcp checksum calculation */ ++ memcpy(saved_ip_header, eth_payload_data, hlen); + +- /* pointer to TCP header */ +- tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen); ++ /* a placeholder for checksum calculation routine in tcp case */ ++ uint8_t *data_to_checksum = eth_payload_data + hlen - 12; ++ // size_t data_to_checksum_len = eth_payload_len - hlen + 12; + +- int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr); ++ /* pointer to TCP header */ ++ tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen); + +- /* ETH_MTU = ip header len + tcp header len + payload */ +- int tcp_data_len = ip_data_len - tcp_hlen; +- int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen; ++ int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr); + +- DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP " +- "data len %d TCP chunk size %d\n", ip_data_len, +- tcp_hlen, tcp_data_len, tcp_chunk_size); ++ /* ETH_MTU = ip header len + tcp header len + payload */ ++ int tcp_data_len = ip_data_len - tcp_hlen; ++ int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen; + +- /* note the cycle below overwrites IP header data, +- but restores it from saved_ip_header before sending packet */ ++ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP " ++ "data len %d TCP chunk size %d\n", ip_data_len, ++ tcp_hlen, tcp_data_len, tcp_chunk_size); + +- int is_last_frame = 0; ++ /* note the cycle below overwrites IP header data, ++ but restores it from saved_ip_header before sending packet */ + +- for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size) +- { +- uint16_t chunk_size = tcp_chunk_size; +- +- /* check if this is the last frame */ +- if (tcp_send_offset + tcp_chunk_size >= tcp_data_len) +- { +- is_last_frame = 1; +- chunk_size = tcp_data_len - tcp_send_offset; +- } +- +- DPRINTF("+++ C+ mode TSO TCP seqno %08x\n", +- be32_to_cpu(p_tcp_hdr->th_seq)); +- +- /* add 4 TCP pseudoheader fields */ +- /* copy IP source and destination fields */ +- memcpy(data_to_checksum, saved_ip_header + 12, 8); +- +- DPRINTF("+++ C+ mode TSO calculating TCP checksum for " +- "packet with %d bytes data\n", tcp_hlen + +- chunk_size); +- +- if (tcp_send_offset) +- { +- memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size); +- } +- +- /* keep PUSH and FIN flags only for the last frame */ +- if (!is_last_frame) +- { +- TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN); +- } +- +- /* recalculate TCP checksum */ +- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum; +- p_tcpip_hdr->zeros = 0; +- p_tcpip_hdr->ip_proto = IP_PROTO_TCP; +- p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size); +- +- p_tcp_hdr->th_sum = 0; +- +- int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12); +- DPRINTF("+++ C+ mode TSO TCP checksum %04x\n", +- tcp_checksum); +- +- p_tcp_hdr->th_sum = tcp_checksum; +- +- /* restore IP header */ +- memcpy(eth_payload_data, saved_ip_header, hlen); +- +- /* set IP data length and recalculate IP checksum */ +- ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size); +- +- /* increment IP id for subsequent frames */ +- ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id)); +- +- ip->ip_sum = 0; +- ip->ip_sum = ip_checksum(eth_payload_data, hlen); +- DPRINTF("+++ C+ mode TSO IP header len=%d " +- "checksum=%04x\n", hlen, ip->ip_sum); +- +- int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size; +- DPRINTF("+++ C+ mode TSO transferring packet size " +- "%d\n", tso_send_size); +- rtl8139_transfer_frame(s, saved_buffer, tso_send_size, +- 0, (uint8_t *) dot1q_buffer); +- +- /* add transferred count to TCP sequence number */ +- p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq)); +- ++send_count; +- } ++ int is_last_frame = 0; + +- /* Stop sending this frame */ +- saved_size = 0; +- } +- else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS)) ++ for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size) + { +- DPRINTF("+++ C+ mode need TCP or UDP checksum\n"); ++ uint16_t chunk_size = tcp_chunk_size; + +- /* maximum IP header length is 60 bytes */ +- uint8_t saved_ip_header[60]; +- memcpy(saved_ip_header, eth_payload_data, hlen); ++ /* check if this is the last frame */ ++ if (tcp_send_offset + tcp_chunk_size >= tcp_data_len) ++ { ++ is_last_frame = 1; ++ chunk_size = tcp_data_len - tcp_send_offset; ++ } + +- uint8_t *data_to_checksum = eth_payload_data + hlen - 12; +- // size_t data_to_checksum_len = eth_payload_len - hlen + 12; ++ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n", ++ be32_to_cpu(p_tcp_hdr->th_seq)); + + /* add 4 TCP pseudoheader fields */ + /* copy IP source and destination fields */ + memcpy(data_to_checksum, saved_ip_header + 12, 8); + +- if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP) ++ DPRINTF("+++ C+ mode TSO calculating TCP checksum for " ++ "packet with %d bytes data\n", tcp_hlen + ++ chunk_size); ++ ++ if (tcp_send_offset) + { +- DPRINTF("+++ C+ mode calculating TCP checksum for " +- "packet with %d bytes data\n", ip_data_len); ++ memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size); ++ } + +- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum; +- p_tcpip_hdr->zeros = 0; +- p_tcpip_hdr->ip_proto = IP_PROTO_TCP; +- p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len); ++ /* keep PUSH and FIN flags only for the last frame */ ++ if (!is_last_frame) ++ { ++ TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN); ++ } + +- tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12); ++ /* recalculate TCP checksum */ ++ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum; ++ p_tcpip_hdr->zeros = 0; ++ p_tcpip_hdr->ip_proto = IP_PROTO_TCP; ++ p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size); + +- p_tcp_hdr->th_sum = 0; ++ p_tcp_hdr->th_sum = 0; + +- int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12); +- DPRINTF("+++ C+ mode TCP checksum %04x\n", +- tcp_checksum); ++ int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12); ++ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n", ++ tcp_checksum); + +- p_tcp_hdr->th_sum = tcp_checksum; +- } +- else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP) +- { +- DPRINTF("+++ C+ mode calculating UDP checksum for " +- "packet with %d bytes data\n", ip_data_len); ++ p_tcp_hdr->th_sum = tcp_checksum; + +- ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum; +- p_udpip_hdr->zeros = 0; +- p_udpip_hdr->ip_proto = IP_PROTO_UDP; +- p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len); ++ /* restore IP header */ ++ memcpy(eth_payload_data, saved_ip_header, hlen); + +- udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12); ++ /* set IP data length and recalculate IP checksum */ ++ ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size); + +- p_udp_hdr->uh_sum = 0; ++ /* increment IP id for subsequent frames */ ++ ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id)); + +- int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12); +- DPRINTF("+++ C+ mode UDP checksum %04x\n", +- udp_checksum); ++ ip->ip_sum = 0; ++ ip->ip_sum = ip_checksum(eth_payload_data, hlen); ++ DPRINTF("+++ C+ mode TSO IP header len=%d " ++ "checksum=%04x\n", hlen, ip->ip_sum); + +- p_udp_hdr->uh_sum = udp_checksum; +- } ++ int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size; ++ DPRINTF("+++ C+ mode TSO transferring packet size " ++ "%d\n", tso_send_size); ++ rtl8139_transfer_frame(s, saved_buffer, tso_send_size, ++ 0, (uint8_t *) dot1q_buffer); + +- /* restore IP header */ +- memcpy(eth_payload_data, saved_ip_header, hlen); ++ /* add transferred count to TCP sequence number */ ++ p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq)); ++ ++send_count; + } ++ ++ /* Stop sending this frame */ ++ saved_size = 0; ++ } ++ else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS)) ++ { ++ DPRINTF("+++ C+ mode need TCP or UDP checksum\n"); ++ ++ /* maximum IP header length is 60 bytes */ ++ uint8_t saved_ip_header[60]; ++ memcpy(saved_ip_header, eth_payload_data, hlen); ++ ++ uint8_t *data_to_checksum = eth_payload_data + hlen - 12; ++ // size_t data_to_checksum_len = eth_payload_len - hlen + 12; ++ ++ /* add 4 TCP pseudoheader fields */ ++ /* copy IP source and destination fields */ ++ memcpy(data_to_checksum, saved_ip_header + 12, 8); ++ ++ if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP) ++ { ++ DPRINTF("+++ C+ mode calculating TCP checksum for " ++ "packet with %d bytes data\n", ip_data_len); ++ ++ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum; ++ p_tcpip_hdr->zeros = 0; ++ p_tcpip_hdr->ip_proto = IP_PROTO_TCP; ++ p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len); ++ ++ tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12); ++ ++ p_tcp_hdr->th_sum = 0; ++ ++ int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12); ++ DPRINTF("+++ C+ mode TCP checksum %04x\n", ++ tcp_checksum); ++ ++ p_tcp_hdr->th_sum = tcp_checksum; ++ } ++ else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP) ++ { ++ DPRINTF("+++ C+ mode calculating UDP checksum for " ++ "packet with %d bytes data\n", ip_data_len); ++ ++ ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum; ++ p_udpip_hdr->zeros = 0; ++ p_udpip_hdr->ip_proto = IP_PROTO_UDP; ++ p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len); ++ ++ udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12); ++ ++ p_udp_hdr->uh_sum = 0; ++ ++ int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12); ++ DPRINTF("+++ C+ mode UDP checksum %04x\n", ++ udp_checksum); ++ ++ p_udp_hdr->uh_sum = udp_checksum; ++ } ++ ++ /* restore IP header */ ++ memcpy(eth_payload_data, saved_ip_header, hlen); + } + } + +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch new file mode 100644 index 0000000000..5676f46532 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch @@ -0,0 +1,39 @@ +From 043d28507ef7c5fdc34866f5e3b27a72bd0cd072 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:17:00 +0100 +Subject: [PATCH 3/7] rtl8139: skip offload on short Ethernet/IP header + +Transmit offload features access Ethernet and IP headers the packet. If +the packet is too short we must not attempt to access header fields: + + int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12)); + ... + eth_payload_data = saved_buffer + ETH_HLEN; + ... + ip = (ip_header*)eth_payload_data; + if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) { + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 2f12d42..d377b6b 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2164,6 +2164,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + { + DPRINTF("+++ C+ mode offloaded task checksum\n"); + ++ /* Large enough for Ethernet and IP headers? */ ++ if (saved_size < ETH_HLEN + sizeof(ip_header)) { ++ goto skip_offload; ++ } ++ + /* ip packet header */ + ip_header *ip = NULL; + int hlen = 0; +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch new file mode 100644 index 0000000000..495d8d616b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch @@ -0,0 +1,53 @@ +From 5a75d242fe019d05b46ef9bc330a6892525c84a7 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:17:01 +0100 +Subject: [PATCH 4/7] rtl8139: check IP Header Length field + +The IP Header Length field was only checked in the IP checksum case, but +is used in other cases too. + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index d377b6b..cd5ac05 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2200,6 +2200,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + } + + hlen = IP_HEADER_LENGTH(ip); ++ if (hlen < sizeof(ip_header) || hlen > eth_payload_len) { ++ goto skip_offload; ++ } ++ + ip_protocol = ip->ip_p; + ip_data_len = be16_to_cpu(ip->ip_len) - hlen; + +@@ -2207,17 +2211,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + { + DPRINTF("+++ C+ mode need IP checksum\n"); + +- if (hleneth_payload_len) {/* min header length */ +- /* bad packet header len */ +- /* or packet too short */ +- } +- else +- { +- ip->ip_sum = 0; +- ip->ip_sum = ip_checksum(ip, hlen); +- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n", +- hlen, ip->ip_sum); +- } ++ ip->ip_sum = 0; ++ ip->ip_sum = ip_checksum(ip, hlen); ++ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n", ++ hlen, ip->ip_sum); + } + + if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP) +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch new file mode 100644 index 0000000000..e633ea6b2e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch @@ -0,0 +1,34 @@ +From 6c79ea275d72bc1fd88bdcf1e7d231b2c9c865de Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:17:02 +0100 +Subject: [PATCH 5/7] rtl8139: check IP Total Length field + +The IP Total Length field includes the IP header and data. Make sure it +is valid and does not exceed the Ethernet payload size. + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index cd5ac05..ed2b23b 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2205,7 +2205,12 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + } + + ip_protocol = ip->ip_p; +- ip_data_len = be16_to_cpu(ip->ip_len) - hlen; ++ ++ ip_data_len = be16_to_cpu(ip->ip_len); ++ if (ip_data_len < hlen || ip_data_len > eth_payload_len) { ++ goto skip_offload; ++ } ++ ip_data_len -= hlen; + + if (txdw0 & CP_TX_IPCS) + { +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch new file mode 100644 index 0000000000..dd716a6d6d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch @@ -0,0 +1,35 @@ +From 30aa7be430e7c982e9163f3bcc745d3aa57b6aa4 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:17:03 +0100 +Subject: [PATCH 6/7] rtl8139: skip offload on short TCP header + +TCP Large Segment Offload accesses the TCP header in the packet. If the +packet is too short we must not attempt to access header fields: + + tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen); + int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr); + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index ed2b23b..c8f0df9 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2224,6 +2224,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + + if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP) + { ++ /* Large enough for the TCP header? */ ++ if (ip_data_len < sizeof(tcp_header)) { ++ goto skip_offload; ++ } ++ + int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK; + + DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d " +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch new file mode 100644 index 0000000000..4c0ad79935 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch @@ -0,0 +1,32 @@ +From 9a084807bf6ca7c16d997a236d304111894a6539 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Wed, 15 Jul 2015 18:17:04 +0100 +Subject: [PATCH 7/7] rtl8139: check TCP Data Offset field + +The TCP Data Offset field contains the length of the header. Make sure +it is valid and does not exceed the IP data length. + +Signed-off-by: Stefan Hajnoczi +--- + hw/net/rtl8139.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index c8f0df9..2df4a51 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2253,6 +2253,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s) + + int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr); + ++ /* Invalid TCP data offset? */ ++ if (tcp_hlen < sizeof(tcp_header) || tcp_hlen > ip_data_len) { ++ goto skip_offload; ++ } ++ + /* ETH_MTU = ip header len + tcp header len + payload */ + int tcp_data_len = ip_data_len - tcp_hlen; + int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen; +-- +2.1.4 + diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch new file mode 100644 index 0000000000..fc41d7b6a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch @@ -0,0 +1,36 @@ +From: Stefano Stabellini + +Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug) + +pci_piix3_xen_ide_unplug should completely unhook the unplugged +IDEDevice from the corresponding BlockBackend, otherwise the next call +to release_drive will try to detach the drive again. + +Suggested-by: Kevin Wolf +Signed-off-by: Stefano Stabellini + +diff --git a/hw/ide/piix.c b/hw/ide/piix.c +index adb6649..5a26c86 100644 +--- a/hw/ide/piix.c ++++ b/hw/ide/piix.c +@@ -169,6 +169,7 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev) + PCIIDEState *pci_ide; + DriveInfo *di; + int i; ++ IDEDevice *idedev; + + pci_ide = PCI_IDE(dev); + +@@ -181,6 +182,12 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev) + blk_detach_dev(blk, ds); + } + pci_ide->bus[di->bus].ifs[di->unit].blk = NULL; ++ if (!(i % 2)) { ++ idedev = pci_ide->bus[di->bus].master; ++ } else { ++ idedev = pci_ide->bus[di->bus].slave; ++ } ++ idedev->conf.blk = NULL; + blk_unref(blk); + } + } diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-cflags.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-cflags.patch deleted file mode 100644 index 08a6c9fa7c..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-cflags.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure b/configure -index 82f6e71..7e19aaf 100755 ---- a/configure -+++ b/configure -@@ -3131,8 +3131,6 @@ fi - if test "$gcov" = "yes" ; then - CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" - LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" --elif test "$debug" = "no" ; then -- CFLAGS="-O2 -D_FORTIFY_SOURCE=2 $CFLAGS" - fi - - diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch deleted file mode 100644 index f8a5249fab..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001 -From: Tim Comer -Date: Sat, 19 Apr 2014 12:51:42 -0400 -Subject: [PATCH] virtfs-proxy-helper: fix call to accept - -The current code calls accept() without initializing the size parameter -which means the accept call might write too much to the stack. - -URL: https://bugs.gentoo.org/486714 -Signed-off-by: Tim Comer -Signed-off-by: Mike Frysinger ---- - fsdev/virtfs-proxy-helper.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c -index bfecb87..cd291d3 100644 ---- a/fsdev/virtfs-proxy-helper.c -+++ b/fsdev/virtfs-proxy-helper.c -@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid) - return -1; - } - -+ size = sizeof(qemu); - client = accept(sock, (struct sockaddr *)&qemu, &size); - if (client < 0) { - do_perror("accept"); --- -1.9.2 - diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-kvm-1.4 b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-kvm-1.4 deleted file mode 100644 index 08da00b880..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-kvm-1.4 +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@" diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml index c2843962a2..c287e3d0b5 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml @@ -2,10 +2,6 @@ qemu - - cardoe@gentoo.org - Doug Goldstein - Adds support for braille displays using brltty Enables support for Linux's Async IO @@ -27,6 +23,7 @@ Enable pulseaudio output for sound emulation Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD Enable the SDL-based console + Use libsdl2 instead of libsdl Enable Spice protocol support via app-emulation/spice Enable SSH based block device support via net-libs/libssh2 Builds the Software MMU (system) targets as static binaries @@ -37,7 +34,7 @@ Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time. Enable TLS support for the VNC console server. For 1.4 and newer this also enables WebSocket support. - For 2.0 and newer this also enables disk quorum support. + For 2.0 through 2.3 also enables disk quorum support. Enable jpeg image support for the VNC console server Enable png image support for the VNC console server Enable USB passthrough via dev-libs/libusb @@ -46,6 +43,7 @@ Enable VDE-based networking Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup + Enable terminal support (x11-libs/vte) in the GTK+ interface Add support for getting and setting POSIX extended attributes, through sys-apps/attr. Requisite for the virtfs backend. diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.2-r2.ebuild b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.2-r2.ebuild deleted file mode 100644 index 361c298f1c..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.2-r2.ebuild +++ /dev/null @@ -1,603 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.2-r2.ebuild,v 1.5 2015/04/08 07:30:33 mgorny Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="ncurses,readline" - -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo pax-utils - -BACKPORTS="20141214" - -if [[ ${PV} = *9999* ]]; then - EGIT_REPO_URI="git://git.qemu.org/qemu.git" - inherit git-2 - SRC_URI="" - KEYWORDS="" -else - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 - ${BACKPORTS:+ - http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz - http://dev.gentoo.org/~tamiko/distfiles/${P}-${BACKPORTS}.tar.xz}" - KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd" -fi - -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" - -LICENSE="GPL-2 LGPL-2 BSD-2" -SLOT="0" -IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ -gtk infiniband iscsi +jpeg \ -kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs -+png pulseaudio python \ -rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ -static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ -virtfs +vnc xattr xen xfs" - -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips -mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 -x86_64" -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb" -IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus" - -use_targets=" - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -" -IUSE+=" ${use_targets}" - -# Require at least one softmmu or user target. -# Block USE flag configurations known to not work. -REQUIRED_USE="|| ( ${use_targets} ) - ${PYTHON_REQUIRED_USE} - qemu_softmmu_targets_arm? ( fdt ) - qemu_softmmu_targets_microblaze? ( fdt ) - qemu_softmmu_targets_ppc? ( fdt ) - qemu_softmmu_targets_ppc64? ( fdt ) - static? ( static-softmmu static-user ) - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk ) - virtfs? ( xattr )" - -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. -# -# The attr lib isn't always linked in (although the USE flag is always -# respected). This is because qemu supports using the C library's API -# when available rather than always using the extranl library. -COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)] - xattr? ( sys-apps/attr[static-libs(+)] )" -SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} - >=x11-libs/pixman-0.28.0[static-libs(+)] - aio? ( dev-libs/libaio[static-libs(+)] ) - caps? ( sys-libs/libcap-ng[static-libs(+)] ) - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - infiniband? ( sys-infiniband/librdmacm[static-libs(+)] ) - jpeg? ( virtual/jpeg[static-libs(+)] ) - lzo? ( dev-libs/lzo:2[static-libs(+)] ) - ncurses? ( sys-libs/ncurses[static-libs(+)] ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) - numa? ( sys-process/numactl[static-libs(+)] ) - png? ( media-libs/libpng[static-libs(+)] ) - rbd? ( sys-cluster/ceph[static-libs(+)] ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) - sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) - snappy? ( app-arch/snappy[static-libs(+)] ) - spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) - tls? ( net-libs/gnutls[static-libs(+)] ) - usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] ) - uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) - vde? ( net-misc/vde[static-libs(+)] ) - xfs? ( sys-fs/xfsprogs[static-libs(+)] )" -USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" -X86_FIRMWARE_DEPEND=" - >=sys-firmware/ipxe-1.0.0_p20130624 - pin-upstream-blobs? ( - ~sys-firmware/seabios-1.7.5 - ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a - ) - !pin-upstream-blobs? ( - sys-firmware/seabios - sys-firmware/sgabios - sys-firmware/vgabios - )" -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) - accessibility? ( app-accessibility/brltty ) - alsa? ( >=media-libs/alsa-lib-1.0.13 ) - bluetooth? ( net-wireless/bluez ) - gtk? ( - x11-libs/gtk+:3 - x11-libs/vte:2.90 - ) - iscsi? ( net-libs/libiscsi ) - opengl? ( virtual/opengl ) - pulseaudio? ( media-sound/pulseaudio ) - python? ( ${PYTHON_DEPS} ) - sdl? ( media-libs/libsdl[X] ) - smartcard? ( dev-libs/nss !app-emulation/libcacard ) - spice? ( >=app-emulation/spice-protocol-0.12.3 ) - systemtap? ( dev-util/systemtap ) - usbredir? ( >=sys-apps/usbredir-0.6 ) - virtfs? ( sys-libs/libcap ) - xen? ( app-emulation/xen-tools )" -DEPEND="${CDEPEND} - dev-lang/perl - =dev-lang/python-2* - sys-apps/texinfo - virtual/pkgconfig - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) - gtk? ( nls? ( sys-devel/gettext ) ) - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) - static-user? ( ${USER_LIB_DEPEND} ) - test? ( - dev-libs/glib[utils] - sys-devel/bc - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-qemu ) -" - -STRIP_MASK="/usr/share/qemu/palcode-clipper" - -QA_PREBUILT=" - usr/share/qemu/openbios-ppc - usr/share/qemu/openbios-sparc64 - usr/share/qemu/openbios-sparc32 - usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img - usr/share/qemu/u-boot.e500 -" - -QA_WX_LOAD="usr/bin/qemu-i386 - usr/bin/qemu-x86_64 - usr/bin/qemu-alpha - usr/bin/qemu-arm - usr/bin/qemu-cris - usr/bin/qemu-m68k - usr/bin/qemu-microblaze - usr/bin/qemu-microblazeel - usr/bin/qemu-mips - usr/bin/qemu-mipsel - usr/bin/qemu-or32 - usr/bin/qemu-ppc - usr/bin/qemu-ppc64 - usr/bin/qemu-ppc64abi32 - usr/bin/qemu-sh4 - usr/bin/qemu-sh4eb - usr/bin/qemu-sparc - usr/bin/qemu-sparc64 - usr/bin/qemu-armeb - usr/bin/qemu-sparc32plus - usr/bin/qemu-s390x - usr/bin/qemu-unicore32" - -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure -you have the kernel module loaded before running kvm. The easiest way to -ensure that the kernel module is loaded is to load it on boot.\n -For AMD CPUs the module is called 'kvm-amd'\n -For Intel CPUs the module is called 'kvm-intel'\n -Please review /etc/conf.d/modules for how to load these\n\n -Make sure your user is in the 'kvm' group\n -Just run 'gpasswd -a kvm', then have re-login." - -qemu_support_kvm() { - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ - use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \ - use qemu_softmmu_targets_s390x; then - return 0 - fi - - return 1 -} - -pkg_pretend() { - if use kernel_linux && kernel_is lt 2 6 25; then - eerror "This version of KVM requres a host kernel of 2.6.25 or higher." - elif use kernel_linux; then - if ! linux_config_exists; then - eerror "Unable to check your kernel for KVM support" - else - CONFIG_CHECK="~KVM ~TUN ~BRIDGE" - ERROR_KVM="You must enable KVM in your kernel to continue" - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" - ERROR_KVM_AMD+=" your kernel configuration." - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." - ERROR_TUN="You will need the Universal TUN/TAP driver compiled" - ERROR_TUN+=" into your kernel or loaded as a module to use the" - ERROR_TUN+=" virtual network device if using -net tap." - ERROR_BRIDGE="You will also need support for 802.1d" - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" - ERROR_VHOST_NET+=" support" - - if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" - fi - - use python && CONFIG_CHECK+=" ~DEBUG_FS" - ERROR_DEBUG_FS="debugFS support required for kvm_stat" - - # Now do the actual checks setup above - check_extra_config - fi - fi - - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" - eerror "instances are still pointing to it. Please update your" - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" - eerror "and the right system binary (e.g. qemu-system-x86_64)." - die "update your virt configs to not use qemu-kvm" - fi -} - -pkg_setup() { - enewgroup kvm 78 -} - -src_prepare() { - # Alter target makefiles to accept CFLAGS set via flag-o - sed -i -r \ - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ - Makefile Makefile.target || die - - # Cheap hack to disable gettext .mo generation. - use nls || rm -f po/*.po - - epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch - epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088 - [[ -n ${BACKPORTS} ]] && \ - EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}/patches" epatch - - # Fix ld and objcopy being called directly - tc-export AR LD OBJCOPY - - # Verbose builds - MAKEOPTS+=" V=1" - - epatch_user -} - -## -# configures qemu based on the build directory and the build type -# we are using. -# -qemu_src_configure() { - debug-print-function ${FUNCNAME} "$@" - - local buildtype=$1 - local builddir=$2 - local static_flag="static-${buildtype}" - - # audio options - local audio_opts="oss" - use alsa && audio_opts="alsa,${audio_opts}" - use sdl && audio_opts="sdl,${audio_opts}" - use pulseaudio && audio_opts="pa,${audio_opts}" - - local conf_opts=( - --prefix=/usr - --sysconfdir=/etc - --libdir=/usr/$(get_libdir) - --docdir=/usr/share/doc/${PF}/html - --disable-bsd-user - --disable-guest-agent - --disable-strip - --disable-werror - --python="${PYTHON}" - --cc="$(tc-getCC)" - --cxx="$(tc-getCXX)" - --host-cc="$(tc-getBUILD_CC)" - $(use_enable debug debug-info) - $(use_enable debug debug-tcg) - --enable-docs - $(use_enable tci tcg-interpreter) - $(use_enable xattr attr) - ) - - # Disable options not used by user targets as the default configure - # options will autoprobe and try to link in a bunch of unused junk. - conf_softmmu() { - if [[ ${buildtype} == "user" ]] ; then - echo "--disable-${2:-$1}" - else - use_enable "$@" - fi - } - conf_opts+=( - $(conf_softmmu accessibility brlapi) - $(conf_softmmu aio linux-aio) - $(conf_softmmu bluetooth bluez) - $(conf_softmmu caps cap-ng) - $(conf_softmmu curl) - $(conf_softmmu fdt) - $(conf_softmmu glusterfs) - $(conf_softmmu gtk) - $(conf_softmmu infiniband rdma) - $(conf_softmmu iscsi libiscsi) - $(conf_softmmu jpeg vnc-jpeg) - $(conf_softmmu kernel_linux kvm) - $(conf_softmmu lzo) - $(conf_softmmu ncurses curses) - $(conf_softmmu nfs libnfs) - $(conf_softmmu numa) - $(conf_softmmu opengl glx) - $(conf_softmmu png vnc-png) - $(conf_softmmu rbd) - $(conf_softmmu sasl vnc-sasl) - $(conf_softmmu sdl) - $(conf_softmmu seccomp) - $(conf_softmmu smartcard smartcard-nss) - $(conf_softmmu snappy) - $(conf_softmmu spice) - $(conf_softmmu ssh libssh2) - $(conf_softmmu tls quorum) - $(conf_softmmu tls vnc-tls) - $(conf_softmmu tls vnc-ws) - $(conf_softmmu usb libusb) - $(conf_softmmu usbredir usb-redir) - $(conf_softmmu uuid) - $(conf_softmmu vde) - $(conf_softmmu vhost-net) - $(conf_softmmu virtfs) - $(conf_softmmu vnc) - $(conf_softmmu xen) - $(conf_softmmu xen xen-pci-passthrough) - $(conf_softmmu xfs xfsctl) - ) - - case ${buildtype} in - user) - conf_opts+=( - --enable-linux-user - --disable-system - --target-list="${user_targets}" - --disable-blobs - --disable-tools - ) - ;; - softmmu) - conf_opts+=( - --disable-linux-user - --enable-system - --target-list="${softmmu_targets}" - --with-system-pixman - --audio-drv-list="${audio_opts}" - ) - use gtk && conf_opts+=( --with-gtkabi=3.0 ) - ;; - esac - - # Add support for SystemTAP - use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) - - # We always want to attempt to build with PIE support as it results - # in a more secure binary. But it doesn't work with static or if - # the current GCC doesn't have PIE support. - if use ${static_flag}; then - conf_opts+=( --static --disable-pie ) - else - gcc-specs-pie && conf_opts+=( --enable-pie ) - fi - - einfo "./configure ${conf_opts[*]}" - cd "${builddir}" - ../configure "${conf_opts[@]}" || die "configure failed" - - # FreeBSD's kernel does not support QEMU assigning/grabbing - # host USB devices yet - use kernel_FreeBSD && \ - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak -} - -src_configure() { - local target - - python_export_best - - softmmu_targets= softmmu_bins=() - user_targets= user_bins=() - - for target in ${IUSE_SOFTMMU_TARGETS} ; do - if use "qemu_softmmu_targets_${target}"; then - softmmu_targets+=",${target}-softmmu" - softmmu_bins+=( "qemu-system-${target}" ) - fi - done - - for target in ${IUSE_USER_TARGETS} ; do - if use "qemu_user_targets_${target}"; then - user_targets+=",${target}-linux-user" - user_bins+=( "qemu-${target}" ) - fi - done - - [[ -n ${softmmu_targets} ]] && \ - einfo "Building the following softmmu targets: ${softmmu_targets}" - - [[ -n ${user_targets} ]] && \ - einfo "Building the following user targets: ${user_targets}" - - if [[ -n ${softmmu_targets} ]]; then - mkdir "${S}/softmmu-build" - qemu_src_configure "softmmu" "${S}/softmmu-build" - fi - - if [[ -n ${user_targets} ]]; then - mkdir "${S}/user-build" - qemu_src_configure "user" "${S}/user-build" - fi -} - -src_compile() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - default - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - default - fi -} - -src_test() { - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - pax-mark m */qemu-system-* #515550 - emake -j1 check - emake -j1 check-report.html - fi -} - -qemu_python_install() { - python_domodule "${S}/scripts/qmp/qmp.py" - - python_doscript "${S}/scripts/kvm/kvm_stat" - python_doscript "${S}/scripts/kvm/vmxcap" - python_doscript "${S}/scripts/qmp/qmp-shell" - python_doscript "${S}/scripts/qmp/qemu-ga-client" -} - -src_install() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - emake DESTDIR="${ED}" install - - # Install binfmt handler init script for user targets - newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - emake DESTDIR="${ED}" install - - # This might not exist if the test failed. #512010 - [[ -e check-report.html ]] && dohtml check-report.html - - if use kernel_linux; then - udev_dorules "${FILESDIR}"/65-kvm.rules - fi - - if use python; then - python_foreach_impl qemu_python_install - fi - fi - - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 - pushd "${ED}"/usr/bin >/dev/null - pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" - popd >/dev/null - - # Install config file example for qemu-bridge-helper - insinto "/etc/qemu" - doins "${FILESDIR}/bridge.conf" - - # Remove the docdir placed qmp-commands.txt - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" - - cd "${S}" - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt - newdoc pc-bios/README README.pc-bios - dodoc docs/qmp/*.txt - - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - fi - - # Remove vgabios since we're using the vgabios packaged one - if [[ -n ${softmmu_targets} ]]; then - rm "${ED}/usr/share/qemu/vgabios.bin" - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi - - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi - - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom - fi - fi - - qemu_support_kvm && readme.gentoo_create_doc -} - -pkg_postinst() { - if qemu_support_kvm; then - readme.gentoo_print_elog - ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" - ewarn "save states has been removed starting with the 1.6.2 release" - ewarn - ewarn "It is recommended that you migrate any VMs that may be running" - ewarn "on qemu-kvm to a host with a newer qemu and regenerate" - ewarn "any saved states with a newer qemu." - ewarn - ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x" - - if use x86 || use amd64; then - ewarn - ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer" - ewarn "installed. In order to use kvm acceleration, pass the flag" - ewarn "-enable-kvm when running your system target." - fi - fi - - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then - udev_reload - fi - - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - if use virtfs && [ -n "${softmmu_targets}" ]; then - local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid" - fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper - fi -} - -pkg_info() { - echo "Using:" - echo " $(best_version app-emulation/spice-protocol)" - echo " $(best_version sys-firmware/ipxe)" - echo " $(best_version sys-firmware/seabios)" - if has_version sys-firmware/seabios[binary]; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/vgabios)" -} diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.3.ebuild b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.3.ebuild deleted file mode 100644 index 1ef40ebcd6..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.3.ebuild +++ /dev/null @@ -1,602 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.3.ebuild,v 1.3 2015/04/08 07:30:33 mgorny Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="ncurses,readline" - -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo pax-utils - -BACKPORTS="" - -if [[ ${PV} = *9999* ]]; then - EGIT_REPO_URI="git://git.qemu.org/qemu.git" - inherit git-2 - SRC_URI="" - KEYWORDS="" -else - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 - ${BACKPORTS:+ - http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" - KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" -fi - -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" - -LICENSE="GPL-2 LGPL-2 BSD-2" -SLOT="0" -IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ -gtk infiniband iscsi +jpeg \ -kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs -+png pulseaudio python \ -rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ -static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ -virtfs +vnc xattr xen xfs" - -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips -mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 -x86_64" -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb" -IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus" - -use_targets=" - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -" -IUSE+=" ${use_targets}" - -# Require at least one softmmu or user target. -# Block USE flag configurations known to not work. -REQUIRED_USE="|| ( ${use_targets} ) - ${PYTHON_REQUIRED_USE} - qemu_softmmu_targets_arm? ( fdt ) - qemu_softmmu_targets_microblaze? ( fdt ) - qemu_softmmu_targets_ppc? ( fdt ) - qemu_softmmu_targets_ppc64? ( fdt ) - static? ( static-softmmu static-user ) - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk ) - virtfs? ( xattr )" - -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. -# -# The attr lib isn't always linked in (although the USE flag is always -# respected). This is because qemu supports using the C library's API -# when available rather than always using the extranl library. -COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)] - xattr? ( sys-apps/attr[static-libs(+)] )" -SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} - >=x11-libs/pixman-0.28.0[static-libs(+)] - aio? ( dev-libs/libaio[static-libs(+)] ) - caps? ( sys-libs/libcap-ng[static-libs(+)] ) - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - infiniband? ( sys-infiniband/librdmacm[static-libs(+)] ) - jpeg? ( virtual/jpeg[static-libs(+)] ) - lzo? ( dev-libs/lzo:2[static-libs(+)] ) - ncurses? ( sys-libs/ncurses[static-libs(+)] ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) - numa? ( sys-process/numactl[static-libs(+)] ) - png? ( media-libs/libpng[static-libs(+)] ) - rbd? ( sys-cluster/ceph[static-libs(+)] ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) - sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) - snappy? ( app-arch/snappy[static-libs(+)] ) - spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) - tls? ( net-libs/gnutls[static-libs(+)] ) - usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] ) - uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) - vde? ( net-misc/vde[static-libs(+)] ) - xfs? ( sys-fs/xfsprogs[static-libs(+)] )" -USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" -X86_FIRMWARE_DEPEND=" - >=sys-firmware/ipxe-1.0.0_p20130624 - pin-upstream-blobs? ( - ~sys-firmware/seabios-1.7.5 - ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a - ) - !pin-upstream-blobs? ( - sys-firmware/seabios - sys-firmware/sgabios - sys-firmware/vgabios - )" -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) - accessibility? ( app-accessibility/brltty ) - alsa? ( >=media-libs/alsa-lib-1.0.13 ) - bluetooth? ( net-wireless/bluez ) - gtk? ( - x11-libs/gtk+:3 - x11-libs/vte:2.90 - ) - iscsi? ( net-libs/libiscsi ) - opengl? ( virtual/opengl ) - pulseaudio? ( media-sound/pulseaudio ) - python? ( ${PYTHON_DEPS} ) - sdl? ( media-libs/libsdl[X] ) - smartcard? ( dev-libs/nss !app-emulation/libcacard ) - spice? ( >=app-emulation/spice-protocol-0.12.3 ) - systemtap? ( dev-util/systemtap ) - usbredir? ( >=sys-apps/usbredir-0.6 ) - virtfs? ( sys-libs/libcap ) - xen? ( app-emulation/xen-tools )" -DEPEND="${CDEPEND} - dev-lang/perl - =dev-lang/python-2* - sys-apps/texinfo - virtual/pkgconfig - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) - gtk? ( nls? ( sys-devel/gettext ) ) - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) - static-user? ( ${USER_LIB_DEPEND} ) - test? ( - dev-libs/glib[utils] - sys-devel/bc - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-qemu ) -" - -STRIP_MASK="/usr/share/qemu/palcode-clipper" - -QA_PREBUILT=" - usr/share/qemu/openbios-ppc - usr/share/qemu/openbios-sparc64 - usr/share/qemu/openbios-sparc32 - usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img - usr/share/qemu/u-boot.e500 -" - -QA_WX_LOAD="usr/bin/qemu-i386 - usr/bin/qemu-x86_64 - usr/bin/qemu-alpha - usr/bin/qemu-arm - usr/bin/qemu-cris - usr/bin/qemu-m68k - usr/bin/qemu-microblaze - usr/bin/qemu-microblazeel - usr/bin/qemu-mips - usr/bin/qemu-mipsel - usr/bin/qemu-or32 - usr/bin/qemu-ppc - usr/bin/qemu-ppc64 - usr/bin/qemu-ppc64abi32 - usr/bin/qemu-sh4 - usr/bin/qemu-sh4eb - usr/bin/qemu-sparc - usr/bin/qemu-sparc64 - usr/bin/qemu-armeb - usr/bin/qemu-sparc32plus - usr/bin/qemu-s390x - usr/bin/qemu-unicore32" - -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure -you have the kernel module loaded before running kvm. The easiest way to -ensure that the kernel module is loaded is to load it on boot.\n -For AMD CPUs the module is called 'kvm-amd'\n -For Intel CPUs the module is called 'kvm-intel'\n -Please review /etc/conf.d/modules for how to load these\n\n -Make sure your user is in the 'kvm' group\n -Just run 'gpasswd -a kvm', then have re-login." - -qemu_support_kvm() { - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ - use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \ - use qemu_softmmu_targets_s390x; then - return 0 - fi - - return 1 -} - -pkg_pretend() { - if use kernel_linux && kernel_is lt 2 6 25; then - eerror "This version of KVM requres a host kernel of 2.6.25 or higher." - elif use kernel_linux; then - if ! linux_config_exists; then - eerror "Unable to check your kernel for KVM support" - else - CONFIG_CHECK="~KVM ~TUN ~BRIDGE" - ERROR_KVM="You must enable KVM in your kernel to continue" - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" - ERROR_KVM_AMD+=" your kernel configuration." - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." - ERROR_TUN="You will need the Universal TUN/TAP driver compiled" - ERROR_TUN+=" into your kernel or loaded as a module to use the" - ERROR_TUN+=" virtual network device if using -net tap." - ERROR_BRIDGE="You will also need support for 802.1d" - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" - ERROR_VHOST_NET+=" support" - - if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" - fi - - use python && CONFIG_CHECK+=" ~DEBUG_FS" - ERROR_DEBUG_FS="debugFS support required for kvm_stat" - - # Now do the actual checks setup above - check_extra_config - fi - fi - - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" - eerror "instances are still pointing to it. Please update your" - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" - eerror "and the right system binary (e.g. qemu-system-x86_64)." - die "update your virt configs to not use qemu-kvm" - fi -} - -pkg_setup() { - enewgroup kvm 78 -} - -src_prepare() { - # Alter target makefiles to accept CFLAGS set via flag-o - sed -i -r \ - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ - Makefile Makefile.target || die - - # Cheap hack to disable gettext .mo generation. - use nls || rm -f po/*.po - - epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch - epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088 - [[ -n ${BACKPORTS} ]] && \ - EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}/patches" epatch - - # Fix ld and objcopy being called directly - tc-export AR LD OBJCOPY - - # Verbose builds - MAKEOPTS+=" V=1" - - epatch_user -} - -## -# configures qemu based on the build directory and the build type -# we are using. -# -qemu_src_configure() { - debug-print-function ${FUNCNAME} "$@" - - local buildtype=$1 - local builddir=$2 - local static_flag="static-${buildtype}" - - # audio options - local audio_opts="oss" - use alsa && audio_opts="alsa,${audio_opts}" - use sdl && audio_opts="sdl,${audio_opts}" - use pulseaudio && audio_opts="pa,${audio_opts}" - - local conf_opts=( - --prefix=/usr - --sysconfdir=/etc - --libdir=/usr/$(get_libdir) - --docdir=/usr/share/doc/${PF}/html - --disable-bsd-user - --disable-guest-agent - --disable-strip - --disable-werror - --python="${PYTHON}" - --cc="$(tc-getCC)" - --cxx="$(tc-getCXX)" - --host-cc="$(tc-getBUILD_CC)" - $(use_enable debug debug-info) - $(use_enable debug debug-tcg) - --enable-docs - $(use_enable tci tcg-interpreter) - $(use_enable xattr attr) - ) - - # Disable options not used by user targets as the default configure - # options will autoprobe and try to link in a bunch of unused junk. - conf_softmmu() { - if [[ ${buildtype} == "user" ]] ; then - echo "--disable-${2:-$1}" - else - use_enable "$@" - fi - } - conf_opts+=( - $(conf_softmmu accessibility brlapi) - $(conf_softmmu aio linux-aio) - $(conf_softmmu bluetooth bluez) - $(conf_softmmu caps cap-ng) - $(conf_softmmu curl) - $(conf_softmmu fdt) - $(conf_softmmu glusterfs) - $(conf_softmmu gtk) - $(conf_softmmu infiniband rdma) - $(conf_softmmu iscsi libiscsi) - $(conf_softmmu jpeg vnc-jpeg) - $(conf_softmmu kernel_linux kvm) - $(conf_softmmu lzo) - $(conf_softmmu ncurses curses) - $(conf_softmmu nfs libnfs) - $(conf_softmmu numa) - $(conf_softmmu opengl glx) - $(conf_softmmu png vnc-png) - $(conf_softmmu rbd) - $(conf_softmmu sasl vnc-sasl) - $(conf_softmmu sdl) - $(conf_softmmu seccomp) - $(conf_softmmu smartcard smartcard-nss) - $(conf_softmmu snappy) - $(conf_softmmu spice) - $(conf_softmmu ssh libssh2) - $(conf_softmmu tls quorum) - $(conf_softmmu tls vnc-tls) - $(conf_softmmu tls vnc-ws) - $(conf_softmmu usb libusb) - $(conf_softmmu usbredir usb-redir) - $(conf_softmmu uuid) - $(conf_softmmu vde) - $(conf_softmmu vhost-net) - $(conf_softmmu virtfs) - $(conf_softmmu vnc) - $(conf_softmmu xen) - $(conf_softmmu xen xen-pci-passthrough) - $(conf_softmmu xfs xfsctl) - ) - - case ${buildtype} in - user) - conf_opts+=( - --enable-linux-user - --disable-system - --target-list="${user_targets}" - --disable-blobs - --disable-tools - ) - ;; - softmmu) - conf_opts+=( - --disable-linux-user - --enable-system - --target-list="${softmmu_targets}" - --with-system-pixman - --audio-drv-list="${audio_opts}" - ) - use gtk && conf_opts+=( --with-gtkabi=3.0 ) - ;; - esac - - # Add support for SystemTAP - use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) - - # We always want to attempt to build with PIE support as it results - # in a more secure binary. But it doesn't work with static or if - # the current GCC doesn't have PIE support. - if use ${static_flag}; then - conf_opts+=( --static --disable-pie ) - else - gcc-specs-pie && conf_opts+=( --enable-pie ) - fi - - einfo "./configure ${conf_opts[*]}" - cd "${builddir}" - ../configure "${conf_opts[@]}" || die "configure failed" - - # FreeBSD's kernel does not support QEMU assigning/grabbing - # host USB devices yet - use kernel_FreeBSD && \ - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak -} - -src_configure() { - local target - - python_export_best - - softmmu_targets= softmmu_bins=() - user_targets= user_bins=() - - for target in ${IUSE_SOFTMMU_TARGETS} ; do - if use "qemu_softmmu_targets_${target}"; then - softmmu_targets+=",${target}-softmmu" - softmmu_bins+=( "qemu-system-${target}" ) - fi - done - - for target in ${IUSE_USER_TARGETS} ; do - if use "qemu_user_targets_${target}"; then - user_targets+=",${target}-linux-user" - user_bins+=( "qemu-${target}" ) - fi - done - - [[ -n ${softmmu_targets} ]] && \ - einfo "Building the following softmmu targets: ${softmmu_targets}" - - [[ -n ${user_targets} ]] && \ - einfo "Building the following user targets: ${user_targets}" - - if [[ -n ${softmmu_targets} ]]; then - mkdir "${S}/softmmu-build" - qemu_src_configure "softmmu" "${S}/softmmu-build" - fi - - if [[ -n ${user_targets} ]]; then - mkdir "${S}/user-build" - qemu_src_configure "user" "${S}/user-build" - fi -} - -src_compile() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - default - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - default - fi -} - -src_test() { - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - pax-mark m */qemu-system-* #515550 - emake -j1 check - emake -j1 check-report.html - fi -} - -qemu_python_install() { - python_domodule "${S}/scripts/qmp/qmp.py" - - python_doscript "${S}/scripts/kvm/kvm_stat" - python_doscript "${S}/scripts/kvm/vmxcap" - python_doscript "${S}/scripts/qmp/qmp-shell" - python_doscript "${S}/scripts/qmp/qemu-ga-client" -} - -src_install() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - emake DESTDIR="${ED}" install - - # Install binfmt handler init script for user targets - newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - emake DESTDIR="${ED}" install - - # This might not exist if the test failed. #512010 - [[ -e check-report.html ]] && dohtml check-report.html - - if use kernel_linux; then - udev_dorules "${FILESDIR}"/65-kvm.rules - fi - - if use python; then - python_foreach_impl qemu_python_install - fi - fi - - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 - pushd "${ED}"/usr/bin >/dev/null - pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" - popd >/dev/null - - # Install config file example for qemu-bridge-helper - insinto "/etc/qemu" - doins "${FILESDIR}/bridge.conf" - - # Remove the docdir placed qmp-commands.txt - mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/" - - cd "${S}" - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt - newdoc pc-bios/README README.pc-bios - dodoc docs/qmp/*.txt - - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - fi - - # Remove vgabios since we're using the vgabios packaged one - if [[ -n ${softmmu_targets} ]]; then - rm "${ED}/usr/share/qemu/vgabios.bin" - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi - - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi - - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom - fi - fi - - qemu_support_kvm && readme.gentoo_create_doc -} - -pkg_postinst() { - if qemu_support_kvm; then - readme.gentoo_print_elog - ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" - ewarn "save states has been removed starting with the 1.6.2 release" - ewarn - ewarn "It is recommended that you migrate any VMs that may be running" - ewarn "on qemu-kvm to a host with a newer qemu and regenerate" - ewarn "any saved states with a newer qemu." - ewarn - ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x" - - if use x86 || use amd64; then - ewarn - ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer" - ewarn "installed. In order to use kvm acceleration, pass the flag" - ewarn "-enable-kvm when running your system target." - fi - fi - - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then - udev_reload - fi - - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - if use virtfs && [ -n "${softmmu_targets}" ]; then - local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid" - fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper - fi -} - -pkg_info() { - echo "Using:" - echo " $(best_version app-emulation/spice-protocol)" - echo " $(best_version sys-firmware/ipxe)" - echo " $(best_version sys-firmware/seabios)" - if has_version sys-firmware/seabios[binary]; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/vgabios)" -} diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.0.ebuild b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r4.ebuild similarity index 91% rename from sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.0.ebuild rename to sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r4.ebuild index b071ebeba4..9746fb025b 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.0.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.0.ebuild,v 1.6 2015/04/08 07:30:33 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.3.0-r4.ebuild,v 1.3 2015/07/28 15:04:54 ago Exp $ EAPI=5 @@ -16,7 +16,6 @@ if [[ ${PV} = *9999* ]]; then EGIT_REPO_URI="git://git.qemu.org/qemu.git" inherit git-2 SRC_URI="" - KEYWORDS="" else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 ${BACKPORTS:+ @@ -30,7 +29,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ -gtk infiniband iscsi +jpeg \ +gtk gtk2 infiniband iscsi +jpeg \ kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png pulseaudio python \ rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ @@ -43,22 +42,21 @@ x86_64" IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb" IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus" -use_targets=" - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -" -IUSE+=" ${use_targets}" +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" # Require at least one softmmu or user target. # Block USE flag configurations known to not work. -REQUIRED_USE="|| ( ${use_targets} ) +REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} ) ${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) qemu_softmmu_targets_arm? ( fdt ) qemu_softmmu_targets_microblaze? ( fdt ) qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) static? ( static-softmmu static-user ) - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk ) + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) virtfs? ( xattr )" # Yep, you need both libcap and libcap-ng since virtfs only uses libcap. @@ -76,13 +74,13 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - infiniband? ( sys-infiniband/librdmacm[static-libs(+)] ) - jpeg? ( virtual/jpeg[static-libs(+)] ) + infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] ) + jpeg? ( virtual/jpeg:=[static-libs(+)] ) lzo? ( dev-libs/lzo:2[static-libs(+)] ) ncurses? ( sys-libs/ncurses[static-libs(+)] ) nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) numa? ( sys-process/numactl[static-libs(+)] ) - png? ( media-libs/libpng[static-libs(+)] ) + png? ( media-libs/libpng:0=[static-libs(+)] ) rbd? ( sys-cluster/ceph[static-libs(+)] ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) @@ -108,15 +106,17 @@ X86_FIRMWARE_DEPEND=" sys-firmware/sgabios sys-firmware/vgabios )" -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) +CDEPEND=" + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) accessibility? ( app-accessibility/brltty ) alsa? ( >=media-libs/alsa-lib-1.0.13 ) bluetooth? ( net-wireless/bluez ) gtk? ( - x11-libs/gtk+:3 + gtk2? ( x11-libs/gtk+:2 ) + !gtk2? ( x11-libs/gtk+:3 ) x11-libs/vte:2.90 ) iscsi? ( net-libs/libiscsi ) @@ -137,8 +137,8 @@ DEPEND="${CDEPEND} virtual/pkgconfig kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) gtk? ( nls? ( sys-devel/gettext ) ) - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) - static-user? ( ${USER_LIB_DEPEND} ) + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) test? ( dev-libs/glib[utils] sys-devel/bc @@ -257,7 +257,13 @@ src_prepare() { use nls || rm -f po/*.po epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - + epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404 + epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752 + epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680 + epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532` [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch @@ -334,7 +340,7 @@ qemu_src_configure() { $(conf_softmmu ncurses curses) $(conf_softmmu nfs libnfs) $(conf_softmmu numa) - $(conf_softmmu opengl glx) + $(conf_softmmu opengl) $(conf_softmmu png vnc-png) $(conf_softmmu rbd) $(conf_softmmu sasl vnc-sasl) @@ -377,7 +383,7 @@ qemu_src_configure() { --with-system-pixman --audio-drv-list="${audio_opts}" ) - use gtk && conf_opts+=( --with-gtkabi=3.0 ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) ;; esac @@ -393,7 +399,7 @@ qemu_src_configure() { gcc-specs-pie && conf_opts+=( --enable-pie ) fi - einfo "./configure ${conf_opts[*]}" + einfo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -406,7 +412,7 @@ qemu_src_configure() { src_configure() { local target - python_export_best + python_setup softmmu_targets= softmmu_bins=() user_targets= user_bins=() diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.1.ebuild b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r5.ebuild similarity index 87% rename from sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.1.ebuild rename to sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r5.ebuild index 59db3cec6c..143c594d2d 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1.ebuild,v 1.2 2015/04/08 07:30:33 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.3.0-r5.ebuild,v 1.4 2015/08/05 06:43:00 vapier Exp $ EAPI=5 @@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then EGIT_REPO_URI="git://git.qemu.org/qemu.git" inherit git-2 SRC_URI="" - KEYWORDS="" else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 ${BACKPORTS:+ http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" - KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" + KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -30,7 +29,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ -gtk infiniband iscsi +jpeg \ +gtk gtk2 infiniband iscsi +jpeg \ kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png pulseaudio python \ rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ @@ -43,22 +42,21 @@ x86_64" IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb" IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus" -use_targets=" - $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) - $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -" -IUSE+=" ${use_targets}" +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" # Require at least one softmmu or user target. # Block USE flag configurations known to not work. -REQUIRED_USE="|| ( ${use_targets} ) +REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} ) ${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) qemu_softmmu_targets_arm? ( fdt ) qemu_softmmu_targets_microblaze? ( fdt ) qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) static? ( static-softmmu static-user ) - static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk ) + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) virtfs? ( xattr )" # Yep, you need both libcap and libcap-ng since virtfs only uses libcap. @@ -76,13 +74,13 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - infiniband? ( sys-infiniband/librdmacm[static-libs(+)] ) - jpeg? ( virtual/jpeg[static-libs(+)] ) + infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] ) + jpeg? ( virtual/jpeg:=[static-libs(+)] ) lzo? ( dev-libs/lzo:2[static-libs(+)] ) ncurses? ( sys-libs/ncurses[static-libs(+)] ) nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) numa? ( sys-process/numactl[static-libs(+)] ) - png? ( media-libs/libpng[static-libs(+)] ) + png? ( media-libs/libpng:0=[static-libs(+)] ) rbd? ( sys-cluster/ceph[static-libs(+)] ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) @@ -108,15 +106,17 @@ X86_FIRMWARE_DEPEND=" sys-firmware/sgabios sys-firmware/vgabios )" -CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) +CDEPEND=" + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) accessibility? ( app-accessibility/brltty ) alsa? ( >=media-libs/alsa-lib-1.0.13 ) bluetooth? ( net-wireless/bluez ) gtk? ( - x11-libs/gtk+:3 + gtk2? ( x11-libs/gtk+:2 ) + !gtk2? ( x11-libs/gtk+:3 ) x11-libs/vte:2.90 ) iscsi? ( net-libs/libiscsi ) @@ -137,8 +137,8 @@ DEPEND="${CDEPEND} virtual/pkgconfig kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) gtk? ( nls? ( sys-devel/gettext ) ) - static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) - static-user? ( ${USER_LIB_DEPEND} ) + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) test? ( dev-libs/glib[utils] sys-devel/bc @@ -245,7 +245,6 @@ pkg_pretend() { pkg_setup() { enewgroup kvm 78 - python_setup } src_prepare() { @@ -258,6 +257,21 @@ src_prepare() { use nls || rm -f po/*.po epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch + epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404 + epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752 + epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680 + epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532 + epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-1.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-2.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-3.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-4.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-5.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-6.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5165-7.patch #556304 + epatch "${FILESDIR}"/${P}-CVE-2015-5166.patch #556304 [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch @@ -334,7 +348,7 @@ qemu_src_configure() { $(conf_softmmu ncurses curses) $(conf_softmmu nfs libnfs) $(conf_softmmu numa) - $(conf_softmmu opengl glx) + $(conf_softmmu opengl) $(conf_softmmu png vnc-png) $(conf_softmmu rbd) $(conf_softmmu sasl vnc-sasl) @@ -377,7 +391,7 @@ qemu_src_configure() { --with-system-pixman --audio-drv-list="${audio_opts}" ) - use gtk && conf_opts+=( --with-gtkabi=3.0 ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) ;; esac @@ -393,7 +407,7 @@ qemu_src_configure() { gcc-specs-pie && conf_opts+=( --enable-pie ) fi - einfo "./configure ${conf_opts[*]}" + einfo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -406,7 +420,7 @@ qemu_src_configure() { src_configure() { local target - python_export_best + python_setup softmmu_targets= softmmu_bins=() user_targets= user_bins=() @@ -514,14 +528,14 @@ src_install() { newdoc pc-bios/README README.pc-bios dodoc docs/qmp/*.txt - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - fi - - # Remove vgabios since we're using the vgabios packaged one if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + fi + + # Remove vgabios since we're using the vgabios packaged one rm "${ED}/usr/share/qemu/vgabios.bin" rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" rm "${ED}/usr/share/qemu/vgabios-qxl.bin" diff --git a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild index 732e39a095..ef7c93f616 100644 --- a/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.96 2015/04/04 19:59:28 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.106 2015/08/05 06:47:50 vapier Exp $ EAPI=5 @@ -16,7 +16,6 @@ if [[ ${PV} = *9999* ]]; then EGIT_REPO_URI="git://git.qemu.org/qemu.git" inherit git-2 SRC_URI="" - KEYWORDS="" else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2 ${BACKPORTS:+ @@ -33,9 +32,9 @@ IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ gtk gtk2 infiniband iscsi +jpeg \ kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png pulseaudio python \ -rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ -virtfs +vnc xattr xen xfs" +virtfs +vnc vte xattr xen xfs" COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 @@ -47,18 +46,19 @@ use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) IUSE+=" ${use_softmmu_targets} ${use_user_targets}" -# Require at least one softmmu or user target. +# Allow no targets to be built so that people can get a tools-only build. # Block USE flag configurations known to not work. -REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} ) - ${PYTHON_REQUIRED_USE} +REQUIRED_USE="${PYTHON_REQUIRED_USE} gtk2? ( gtk ) qemu_softmmu_targets_arm? ( fdt ) qemu_softmmu_targets_microblaze? ( fdt ) qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) + sdl2? ( sdl ) static? ( static-softmmu static-user ) static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) - virtfs? ( xattr )" + virtfs? ( xattr ) + vte? ( gtk )" # Yep, you need both libcap and libcap-ng since virtfs only uses libcap. # @@ -84,7 +84,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} png? ( media-libs/libpng:0=[static-libs(+)] ) rbd? ( sys-cluster/ceph[static-libs(+)] ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) - sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) + sdl? ( + !sdl2? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) + sdl2? ( media-libs/libsdl2[static-libs(+)] ) + ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) snappy? ( app-arch/snappy[static-libs(+)] ) spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) @@ -116,15 +119,26 @@ CDEPEND=" alsa? ( >=media-libs/alsa-lib-1.0.13 ) bluetooth? ( net-wireless/bluez ) gtk? ( - gtk2? ( x11-libs/gtk+:2 ) - !gtk2? ( x11-libs/gtk+:3 ) - x11-libs/vte:2.90 + gtk2? ( + x11-libs/gtk+:2 + vte? ( x11-libs/vte:0 ) + ) + !gtk2? ( + x11-libs/gtk+:3 + vte? ( x11-libs/vte:2.90 ) + ) ) iscsi? ( net-libs/libiscsi ) - opengl? ( virtual/opengl ) + opengl? ( + virtual/opengl + media-libs/mesa[gles2] + ) pulseaudio? ( media-sound/pulseaudio ) python? ( ${PYTHON_DEPS} ) - sdl? ( media-libs/libsdl[X] ) + sdl? ( + !sdl2? ( media-libs/libsdl[X] ) + sdl2? ( media-libs/libsdl2[X] ) + ) smartcard? ( dev-libs/nss !app-emulation/libcacard ) spice? ( >=app-emulation/spice-protocol-0.12.3 ) systemtap? ( dev-util/systemtap ) @@ -246,7 +260,6 @@ pkg_pretend() { pkg_setup() { enewgroup kvm 78 - python_setup } src_prepare() { @@ -280,9 +293,11 @@ qemu_src_configure() { debug-print-function ${FUNCNAME} "$@" local buildtype=$1 - local builddir=$2 + local builddir="${S}/${buildtype}-build" local static_flag="static-${buildtype}" + mkdir "${builddir}" + # audio options local audio_opts="oss" use alsa && audio_opts="alsa,${audio_opts}" @@ -345,9 +360,7 @@ qemu_src_configure() { $(conf_softmmu snappy) $(conf_softmmu spice) $(conf_softmmu ssh libssh2) - $(conf_softmmu tls quorum) $(conf_softmmu tls vnc-tls) - $(conf_softmmu tls vnc-ws) $(conf_softmmu usb libusb) $(conf_softmmu usbredir usb-redir) $(conf_softmmu uuid) @@ -355,6 +368,7 @@ qemu_src_configure() { $(conf_softmmu vhost-net) $(conf_softmmu virtfs) $(conf_softmmu vnc) + $(conf_softmmu vte) $(conf_softmmu xen) $(conf_softmmu xen xen-pci-passthrough) $(conf_softmmu xfs xfsctl) @@ -365,7 +379,6 @@ qemu_src_configure() { conf_opts+=( --enable-linux-user --disable-system - --target-list="${user_targets}" --disable-blobs --disable-tools ) @@ -374,14 +387,25 @@ qemu_src_configure() { conf_opts+=( --disable-linux-user --enable-system - --target-list="${softmmu_targets}" --with-system-pixman --audio-drv-list="${audio_opts}" ) use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) + ;; + tools) + conf_opts+=( + --disable-linux-user + --disable-system + --disable-blobs + ) + static_flag="static" ;; esac + local targets="${buildtype}_targets" + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) + # Add support for SystemTAP use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) @@ -394,7 +418,7 @@ qemu_src_configure() { gcc-specs-pie && conf_opts+=( --enable-pie ) fi - einfo "../configure ${conf_opts[*]}" + echo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -407,7 +431,7 @@ qemu_src_configure() { src_configure() { local target - python_export_best + python_setup softmmu_targets= softmmu_bins=() user_targets= user_bins=() @@ -426,21 +450,12 @@ src_configure() { fi done - [[ -n ${softmmu_targets} ]] && \ - einfo "Building the following softmmu targets: ${softmmu_targets}" + softmmu_targets=${softmmu_targets#,} + user_targets=${user_targets#,} - [[ -n ${user_targets} ]] && \ - einfo "Building the following user targets: ${user_targets}" - - if [[ -n ${softmmu_targets} ]]; then - mkdir "${S}/softmmu-build" - qemu_src_configure "softmmu" "${S}/softmmu-build" - fi - - if [[ -n ${user_targets} ]]; then - mkdir "${S}/user-build" - qemu_src_configure "user" "${S}/user-build" - fi + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" + [[ -n ${user_targets} ]] && qemu_src_configure "user" + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools" } src_compile() { @@ -453,6 +468,11 @@ src_compile() { cd "${S}/softmmu-build" default fi + + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + default + fi } src_test() { @@ -498,6 +518,11 @@ src_install() { fi fi + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + emake DESTDIR="${ED}" install + fi + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 pushd "${ED}"/usr/bin >/dev/null pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" @@ -515,14 +540,14 @@ src_install() { newdoc pc-bios/README README.pc-bios dodoc docs/qmp/*.txt - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - fi - - # Remove vgabios since we're using the vgabios packaged one if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + fi + + # Remove vgabios since we're using the vgabios packaged one rm "${ED}/usr/share/qemu/vgabios.bin" rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" rm "${ED}/usr/share/qemu/vgabios-qxl.bin" @@ -560,21 +585,6 @@ src_install() { pkg_postinst() { if qemu_support_kvm; then readme.gentoo_print_elog - ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" - ewarn "save states has been removed starting with the 1.6.2 release" - ewarn - ewarn "It is recommended that you migrate any VMs that may be running" - ewarn "on qemu-kvm to a host with a newer qemu and regenerate" - ewarn "any saved states with a newer qemu." - ewarn - ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x" - - if use x86 || use amd64; then - ewarn - ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer" - ewarn "installed. In order to use kvm acceleration, pass the flag" - ewarn "-enable-kvm when running your system target." - fi fi if [[ -n ${softmmu_targets} ]] && use kernel_linux; then @@ -593,7 +603,7 @@ pkg_info() { echo " $(best_version app-emulation/spice-protocol)" echo " $(best_version sys-firmware/ipxe)" echo " $(best_version sys-firmware/seabios)" - if has_version sys-firmware/seabios[binary]; then + if has_version 'sys-firmware/seabios[binary]'; then echo " USE=binary" else echo " USE=''"