mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 13:31:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(app-emulation/qemu): sync with upstream

Browse Source 
QEMU 2.2 or later required to run arm64 UEFI firmware.

Signed-off-by: Andrej Rosano <andrej@inversepath.com>
This commit is contained in:
Andrej Rosano 2015-08-06 21:15:48 +02:00
parent b1723c1aed
commit 95a9fc5f0c
30 changed files with 1692 additions and 1533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
sdk_container/src/third_party/portage-stable/app-emulation/qemu/ChangeLog vendored
View File

@ -1,6 +1,144 @@
# ChangeLog for app-emulation/qemu
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.321 2015/04/08 07:30:33 mgorny Exp $
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.348 2015/08/05 06:47:50 vapier Exp $
05 Aug 2015; Mike Frysinger <vapier@gentoo.org> qemu-9999.ebuild:
Allow disabling of all user & softmmu targets so that the ebuild only installs
the various helper tools #556712 by Matthew Thode.
05 Aug 2015; Mike Frysinger <vapier@gentoo.org> qemu-2.3.0-r5.ebuild,
qemu-9999.ebuild:
Move seabios bin clean up under the softmmu check since user tools do not
install blobs.
05 Aug 2015; Mike Frysinger <vapier@gentoo.org> qemu-9999.ebuild:
Unify target logic a bit.
04 Aug 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r5.ebuild:
Stable for x86, wrt bug #556630
04 Aug 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r5.ebuild:
Stable for amd64, wrt bug #556630
03 Aug 2015; Doug Goldstein <cardoe@gentoo.org> -qemu-2.2.1-r2.ebuild,
-qemu-2.3.0-r1.ebuild, -qemu-2.3.0-r2.ebuild, -qemu-2.3.0-r3.ebuild:
Remove older versions due to vulnerabilities.
*qemu-2.3.0-r5 (03 Aug 2015)
03 Aug 2015; Doug Goldstein <cardoe@gentoo.org>
+files/qemu-2.3.0-CVE-2015-5165-1.patch,
+files/qemu-2.3.0-CVE-2015-5165-2.patch,
+files/qemu-2.3.0-CVE-2015-5165-3.patch,
+files/qemu-2.3.0-CVE-2015-5165-4.patch,
+files/qemu-2.3.0-CVE-2015-5165-5.patch,
+files/qemu-2.3.0-CVE-2015-5165-6.patch,
+files/qemu-2.3.0-CVE-2015-5165-7.patch,
+files/qemu-2.3.0-CVE-2015-5166.patch, +qemu-2.3.0-r5.ebuild:
bump to fix CVE-2015-5165 and CVE-2015-5166. bug #556304
28 Jul 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r4.ebuild:
Stable for x86, wrt bug #556052
28 Jul 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r4.ebuild:
Stable for amd64, wrt bug #556052
*qemu-2.3.0-r4 (27 Jul 2015)
27 Jul 2015; Doug Goldstein <cardoe@gentoo.org>
+files/qemu-2.3.0-CVE-2015-3214.patch,
+files/qemu-2.3.0-CVE-2015-5154-1.patch,
+files/qemu-2.3.0-CVE-2015-5154-2.patch,
+files/qemu-2.3.0-CVE-2015-5154-3.patch, +qemu-2.3.0-r4.ebuild:
Fix for CVE-2015-3214, handle out-of-bounds memory access when reading from
the PIT Mode/Command register. Fix for CVE-2015-5154, handle ATAPI heap
overflow during I/O access.
*qemu-2.3.0-r3 (25 Jul 2015)
25 Jul 2015; Doug Goldstein <cardoe@gentoo.org>
+files/qemu-2.3.0-CVE-2015-5158.patch, +qemu-2.3.0-r3.ebuild:
Add fix from upstream for CVE-2015-5158 #555680 by Agostino Sarubbo.
25 Jul 2015; Doug Goldstein <cardoe@gentoo.org> qemu-9999.ebuild:
Upstream made VNC WebSockets unconditional. As of commit
8e9b0d24fb986d4241ae3b77752eca5dab4cb486 --{enable,disable}-vnc-wc
has been removed. Thanks to Daniel Scharrer <daniel@constexpr.org> for
noticing this. fixes bug #555834
20 Jul 2015; Mike Frysinger <vapier@gentoo.org> metadata.xml:
Use the herd tag only so people assign bugs correctly.
20 Jul 2015; Mike Frysinger <vapier@gentoo.org> metadata.xml,
qemu-9999.ebuild:
Drop quorum configure flag to match upstream which made it unconditional
#554274 by Guy.
06 Jul 2015; Mike Frysinger <vapier@gentoo.org> metadata.xml,
qemu-9999.ebuild:
Add USE=vte to control the dep explicitly and fix SLOT handling for diff gtk
versions #545158 by nzqr.
06 Jul 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r2.ebuild:
Stable for x86, wrt bug #551752
06 Jul 2015; Agostino Sarubbo <ago@gentoo.org> qemu-2.3.0-r2.ebuild:
Stable for amd64, wrt bug #551752
*qemu-2.3.0-r2 (12 Jun 2015)
12 Jun 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.3.0-CVE-2015-3209.patch, +qemu-2.3.0-r2.ebuild:
Add fix from upstream for CVE-2015-3209 #551752 by Agostino Sarubbo.
16 May 2015; Mike Frysinger <vapier@gentoo.org> qemu-9999.ebuild:
Require mesa[gles2] for USE=opengl to match upstream #549558 by Michal
Privoznik.
14 May 2015; Agostino Sarubbo <ago@gentoo.org>
-files/qemu-2.1.1-readlink-self.patch,
-files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild,
-qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild,
-qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild,
qemu-2.2.1-r2.ebuild:
Stable for amd64/x86 - remove old.
14 May 2015; Mike Frysinger <vapier@gentoo.org> qemu-9999.ebuild:
Drop kvm warning as it has been ~1 year now since the changes landed.
13 May 2015; Mike Frysinger <vapier@gentoo.org> metadata.xml,
qemu-9999.ebuild:
Add USE=sdl2 to prefer libsdl2 over libsdl #547306 by Nikoli.
13 May 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.3.0-CVE-2015-3456.patch, qemu-2.1.3-r1.ebuild,
qemu-2.2.1-r2.ebuild, qemu-2.3.0-r1.ebuild:
Move patch to $FILESDIR as it is small and matches what we do everywhere else.
*qemu-2.2.1-r2 (13 May 2015)
*qemu-2.3.0-r1 (13 May 2015)
*qemu-2.1.3-r1 (13 May 2015)
13 May 2015; Robin H. Johnson <robbat2@gentoo.org> +qemu-2.1.3-r1.ebuild,
+qemu-2.2.1-r2.ebuild, +qemu-2.3.0-r1.ebuild:
Security bugfix for CVE-2015-3456 / VENOM.
05 May 2015; Mike Frysinger <vapier@gentoo.org> -files/qemu-9999-cflags.patch,
-files/qemu-9999-virtfs-proxy-helper-accept.patch, -files/qemu-kvm-1.4:
Drop files no longer referenced by ebuilds.
*qemu-2.3.0 (28 Apr 2015)
28 Apr 2015; Mike Frysinger <vapier@gentoo.org> +qemu-2.3.0.ebuild,
qemu-9999.ebuild:
Version bump.
*qemu-2.2.1-r1 (12 Apr 2015)
12 Apr 2015; Mike Frysinger <vapier@gentoo.org>
+files/qemu-2.2.1-CVE-2015-1779-1.patch,
+files/qemu-2.2.1-CVE-2015-1779-2.patch, +qemu-2.2.1-r1.ebuild:
Add fixes from upstream for CVE-2015-1779 #544328 by Agostino Sarubbo.
08 Apr 2015; Michał Górny <mgorny@gentoo.org> qemu-2.1.2-r2.ebuild,
qemu-2.1.3.ebuild, qemu-2.2.0.ebuild, qemu-2.2.1.ebuild:

68
sdk_container/src/third_party/portage-stable/app-emulation/qemu/Manifest vendored
View File

@ -4,40 +4,44 @@ Hash: SHA256
AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78
AUX qemu-2.1.1-readlink-self.patch 2933 SHA256 3133ec1a0f0126d3362c9420602a1fdfc76fafacac8b41f5bd755e7542ee4188 SHA512 7ee06e119007e6dc08f254cbfdcc6de1c914181f60e69434190fe507a80b7d0f9e8682f0213d447481f39e145fcb0be2e118516238addb5c4326533fc0db143f WHIRLPOOL 54edcb4510546c69dedf78a2070f22e7ef2809b35a66dc2e5d356f2f1b22eea8baa5b17ed4a4d9860ee6b864fac92eb9d1bbb6daeb6e2d80e3cc702f32039996
AUX qemu-2.1.2-vnc-sanitize-bits.patch 1279 SHA256 ef1e748fd9ffa0eb8ef412e6ea3cc96522e0ca91cf7201e6702d260ca50cbac5 SHA512 7e1a744928eb8edb76b18e58cf94da38ad1030f49ceb38f5e081d852573f8f314f998639c8e97fee27a53f51abe495b27406daa02b670a620ab2db165a47429e WHIRLPOOL bc024286739b56038bfebd6c2ad71addd9565a833f21a7a48cadbe7403c3e93c889cb2223d044448634cc93b6dc45a268299ea1b5b18c09b3477bb6e12fb0506
AUX qemu-9999-cflags.patch 347 SHA256 fe3bcbe83e81225b2c722578a0a976fcb724419d5208bbd6d02fb543e80b7e12 SHA512 e1b8be744170d61a2155b23a8394db01f8af6dc70ec033e71b2ff46f72975704836d42b96d7904e5d462289c5f8f24317f2fb28698f18a77ab1de02829e585eb WHIRLPOOL 2d972c7e40292f424fd37a4c1af04d2be095c215211ec2e1d15d8457df553342ffc02a7d39985f817fbbf5342e422d30e439c35a925341cf9b852ca7ff15a308
AUX qemu-9999-virtfs-proxy-helper-accept.patch 973 SHA256 91cc9e024aa09ea3dd23ec52c561047656acc89f0ad0d5ddccce354c1ac4d282 SHA512 031cb1c35b479b18032f56a07fa2fa6d392a7f0919acd3636bf122ab7f75dcfbb5fc0e26e18a8a31a9888409f81c2e08438a1af999232418d940167c5031a92b WHIRLPOOL ea4dc08230289a147fd55d0bd9e32896cd4491130084fc45b4043f41caf611f07d4587cc485e6d25ba3f6fbc66939ed8faf3c2017bf33ab10e1885277fa3f6ff
AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
AUX qemu-2.3.0-CVE-2015-3209.patch 1759 SHA256 0fd6be98beb1f63cd45924c1cdf2a64fc5dca2af5a977c6391aa656433a035e9 SHA512 9ddca8a536f14ecf9f5e15fc65438cce2e02adf92c54cb98f4529934515b0cc159bb41532013d6321590812181f9904d4d8bb761542dc776ff8a724a97bb6f0f WHIRLPOOL f365aab8ed12602c32db7e2c4203d58e4d07dd147d4e2356b92f4124b63fb5f17b0314fc6520c3b7a40786205b671c40ba3fbc4b7e16f8be5e9399bdd5532508
AUX qemu-2.3.0-CVE-2015-3214.patch 1411 SHA256 c0d3f6e17d8b68260486f478dea18fb7869fe4108551fd9093d89be57e2ec360 SHA512 97030b47df828a7377d20a30b29b80c580e3f9b8cfd6632c27637154b6877b27730780cd716ab96f058f1eccaa848c6808959ab8b4949d9cc7440d9e58c78fd5 WHIRLPOOL 7717aaf2e5a468c4b2ba34adee56394aea676d7a7d472fd37e3a6096ef74d2db696d3f5bc7c45cb2879ec4ec4fd2255555ea2ee348b5cd64a80b6c7af6ffdcd8
AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
AUX qemu-2.3.0-CVE-2015-5154-1.patch 2160 SHA256 3dd3758c0bd8f27a906f2234ecfe270596e48d5c056eab2390b1eab9b610a847 SHA512 63d70d9904922be7f709c0638214ab42ae167b4dd05c0ac35a6de6dbdf81013769ed8733a8f56ce1e108d0759cf485f2199d63b046b526c5a0cec19a41fe41a9 WHIRLPOOL 238d9030c0d0970d22479ca0e1432819785ba1d4961e4d47fcfb63cf9b8a8cff92878509210fd10f3a91d6108f85ed172829234316862016d07533b71da954d2
AUX qemu-2.3.0-CVE-2015-5154-2.patch 817 SHA256 4a3e812dec9bd43d2de2dd88f0adbb2473b785e6a1c3841d889dffad13a65f7a SHA512 0a903ad1e8fb1cac59f26e63d05820cb13cc020ba606a265c0482f1103a737ce0de9cc913ca324422cdda0ebf2b056e20b50951de999325b555031c014eaa597 WHIRLPOOL d697f46bf34e05f98db9e2e3ac05807afec59db5aa4063c76a0171efc4c84073301cec048f75398e210eec698be5d0363cb9c7c36a555cee9616acd21f09446b
AUX qemu-2.3.0-CVE-2015-5154-3.patch 2101 SHA256 17999d2e455db848b3e47d146f239104e2e58661f27fc549609bdf6ef77ad8a5 SHA512 0a12a2281b8f6ae787ff8d58437b68df877d02d0ff3d53491a0dbea8c2e656632242de5b2e56b2703f77bfd2b8987c7f312025e27fd8bbb14f159419322d9801 WHIRLPOOL b05f6828dd66b26fad3327c0e795b211f50733857dbf3ac909900321df2cd381fb536c6418510796bafcd38795c7b8ae0729aa51666eaccd0787029987b30e19
AUX qemu-2.3.0-CVE-2015-5158.patch 1302 SHA256 d53b76179ba33a51fbb1b7b2c35b003c63968d0400419c10fa33d353247eccd3 SHA512 8ef6f640ae77d9769fcff92b8c5a6a986ae35021556e594cf4848d1247cbf880e08f661c2734770fb946be8af17a542c3caae36b2b28e3ab58d70a829aa987c2 WHIRLPOOL 69987764ec3bd21bb316310938567a1e4e454a4195b4bede3f34487ee987777510e83cac24b455246d9cde84b16e0ac823dcb0f39e0a97c9a0db2315bc2c6f4d
AUX qemu-2.3.0-CVE-2015-5165-1.patch 2926 SHA256 12d0dc1a31449288ed5e562a1e9415c437b7a2799e8afa0b251e3957a0d8ab23 SHA512 1df1ff1044542c4a0b040cb7fe5bbe002ee95782277f50f2bea86fbb34d4c5404a6c1f467a4cc224020882fe8c2f113e6b44d762129bd79ae04e139494a90ddc WHIRLPOOL 9a145915030288ab597899d18e8054e6b0c5d9f25fa78ee3e7c99317d91d68ee155f9e16363c8d8f692a97e231394c778fb5fb6c527c9419d0b4b1f79ea7c725
AUX qemu-2.3.0-CVE-2015-5165-2.patch 18212 SHA256 c91a60b7d7e18ea95b31eca0ba940d53c14730fae1e50802375c9e5ab7d0f109 SHA512 eb332382898e0450bc6a6297e5977579a05f7b2ad304659aff37a7eed040b28013a982cdff2a1d669e968cea2aefef183081db1f6f9ae2baf64865ef2dbfa283 WHIRLPOOL c95181f31e8db78432c226a51bb4023da73430ce4de96960448573d3929bdce23b696ba9a6dabc8ccb8fe18e9c07ccf73d646ddccf26b3b0761813fcdef92564
AUX qemu-2.3.0-CVE-2015-5165-3.patch 1262 SHA256 99062a9cbf4b96de8f0aa8555291cf6e296a9dbdf22ad4e9285912ba02de9261 SHA512 664ce64538441b0eeb93d1b5642acf3a1bd8c9c8b4cb5578d49e8226b967c9bef816caee41a429365ff0c5f982991f25483fc14db6c0a27d14626febaf8f8bcd WHIRLPOOL 013a32f4a5acffe8c2d79db4c4bc51bb36b666d8cc651c00aecf0d256952844bc25e7c6af3e588d4f365e7ae239e6c8cf5288e68dc1a40794a9fa274cd302e6b
AUX qemu-2.3.0-CVE-2015-5165-4.patch 1888 SHA256 82d2214a0bd42b03b72b26170e4c80699d74bc691b6e223780a693ad2e9c267a SHA512 a7dba1a26f33c2a65ee84fd0d3e5606cd17f623bea0c33438247e1f8d6cd72217d02bd00c28a24f54506480b12092b7351551af5f9cdcf863157cddaa461b606 WHIRLPOOL e93418de51172b90fa6b81af459e8db6d330c64c83cf4061174ee6e220494ed80bb1ca9860d7b63f80385b9a9f1f2c530131676595526f86d31611db50ea8ac1
AUX qemu-2.3.0-CVE-2015-5165-5.patch 1070 SHA256 b728ae69e4a1d838bb1b4c5e6135e84fe8f6fc7e97fdc99915e7fc908edb4fd2 SHA512 7476649c099b363632b158b691f8ec2704590ec6e671f9bb013c7ffe50e593dc7c97278b6d09b5021605071a23b528875f024f5617a019954efac9c4055f6a83 WHIRLPOOL 760d4570045f34adcf1dba2937ece2a91b1e3da8c740cd947fdafbc03eee62c46ec4bb2c7bb993bb6cf7189d41bee3da49dd1773c579d9beea5f2b7e05da6f03
AUX qemu-2.3.0-CVE-2015-5165-6.patch 1225 SHA256 6fb23646e05ef9a4b010d2a2c0235b6ee58a293f39ed40b6b1611115c948a79a SHA512 a1a38fdbc3f3cebb557ae00c3764bb268019b2c9f15731bb829b3b73a87856c5d51d65cc3ff712b28601298afb2aa82e83789bab867c8fb2816f23d515af8be7 WHIRLPOOL 9a17bd514cf5286c69a7955081d267febc1485d1df78ee918d6c16f8750247b3759cd60ec405dd7859ca76e396c5fcc04deb159540181fcdfadad13c41bf807c
AUX qemu-2.3.0-CVE-2015-5165-7.patch 1129 SHA256 ebcadb69110ea4672795b52472222ed1ffe67a83e37c5b7d401530f43137c587 SHA512 d174df707dabbaf49fadda0db9b551abef0e4c2045287bfb78ded69c7b8e6a59333d7aa1459ac7a81c0f3f711ec225157d8dabcd63d6eed10bb5755cea608fbb WHIRLPOOL 58fc0a2974bd9c1d9d11de7f97fda8796b3af05338969eac4d685572e952cb0b0b752166572d3b81b40db862ad0a55e9bd83bc3c2344cf04ae8a12ba4e752f2a
AUX qemu-2.3.0-CVE-2015-5166.patch 1176 SHA256 dead84667dd4868d0688dc4e62a54a14883e6f0352cf3318b277aa37e27c9261 SHA512 977e6d84d6e016dd0ba99d00f19c28b9976fdb58fd856457e08a2f9204554946a76f1fa6bbaff68f344bdddd791e13942b4b984610fde0a80645bd859fcbb781 WHIRLPOOL f4f9751acbc6d8b29074b98ecd7ae45fb13952f150b64412b1f783df14f49996b1a5eb398c7a954a4024818cddad40e7ffb187c830d7e3b0afb01662d0e8569a
AUX qemu-binfmt.initd-r1 8078 SHA256 2560f1d12374a2dea74e18365ac3d759c2eab35eb9a77b989e1bb8346d9bc3f8 SHA512 82d8ebdb5a4c452f03281c28f074ea52acfb730f1c3ddf68de2ce496c7ca23fd379041948371b021355f00f9c260383fdecf47218ddf2764ab75d6ec8a7a2715 WHIRLPOOL a0f54e133fbda2fd050ef8168fee676a763bb94a890f8c1d99d44e37e4a29322d513d9f5ddad9247f44e3ee0ac779050a3b06cf909678fdfb9f46777701de492
AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
DIST qemu-2.1.2-20141214.tar.xz 5580 SHA256 bbf0e23f03f7ec5582ae522a194c5908a1ed85d42bf859100c99280af1ff21d2 SHA512 ca9bb37400d59cedeb1a659cb445758138c18ceb28ae2de2beee50b7aba39b1edf8d7317d777aa44def7c96437b5d4c19874b52e48d0272cb7de1c5dcc77f6d7 WHIRLPOOL 6ea13fe7cfaaa103d6d6e43445bba97358fcb6b434bccb5018e48176f9d4b90ce2100ffb17cd555fc4b9ee3fe98c281a6702d5a875d8a04674e177fbe90acffa
DIST qemu-2.1.2.tar.bz2 23563255 SHA256 fd10f5e45cf5a736fa5a3e1c279ae9821534e700beb7d1aab88a07648a394885 SHA512 73ef758c82b23eec649c807bee8937d7fbf267278f7777adbdb22b738672543b826d211a4b523f38cee3e2b01f05ccf40a75756fc19c911362988d8e86d5cd58 WHIRLPOOL 5703d0aa8bb4366bb7aeb44fa4f3d1b54f188de42cd8c82e894584f627802b80a3dde1aa3b15fe8602a1891ec61ac66b3cd44ec031385cca88768f375c15b554
DIST qemu-2.1.3.tar.bz2 23570694 SHA256 9b68fd0e6f6c401939bd1c9c6ab7052d84962007bb02919623474e9269f60a40 SHA512 119d89d85a54a4225716f7d1b20dc624705c1893e782b6f75e8a31ec11d4ba0ed60b78dd59322c2acc7f132c2f167461cf354d6a5f18925cf594746375b7b8fa WHIRLPOOL 9535d18037d12f719a85b648f4b65ce762fc4832ccb1b6b9ad88042be49ceb3d4813bd68ec1c0a91c21629018d376de7ddc479b69e81051d0f8c0e6af7a148e6
DIST qemu-2.2.0.tar.bz2 24316697 SHA256 b68c9b6c7c694f5489b5a6bffe993cd976ffbb78e7d178eb3bc016caf460039c SHA512 c1a42cc53a01175875411cad13defaab46f97740897b89f19fbf345106534f83fc707fae4a58d890f64eea475b940b934c7531a6ed04aa01f54cadb52b0b5909 WHIRLPOOL a9cb92406d4f2cfd6b7989c9876f7df4b305083241110e7b2bf16642cfd77531c48a48753745dfeb31b9aa7d71a2d4d3f8c5aba797918c9c60e920c79066ea2d
DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
EBUILD qemu-2.1.2-r2.ebuild 18526 SHA256 ce5e0c44d8ddc830e8703b32de979e70a9e3675ddcb1509febff684d9a805436 SHA512 5d74ec3a48eab6952ef96204f9bfb0ebf1dee7664848809f468689d6e97e9461182e345aa09082fccd33e9ddf90ecc7617d2dc9232180fcbd3436676eece35c2 WHIRLPOOL a38dd61c267cd19d28ccbb1004b136e4b92d50bf0b2f182e047b4d601aca006beedd47fc4c34b4ce7f526d1cfa7292f2713c18782a625f1917936057be8c5488
EBUILD qemu-2.1.3.ebuild 18450 SHA256 e209f9cc11ac9a40d2e8e19a7a763fac5f2a5acd41cea19ff0092ecb2312ee00 SHA512 01990f68c31b5643aa70c3bc3e813cc9ae1bbec718d2056f8cb4e2826b910804fd58533e370a8ec9d554f48f79822707dbdfa69378c24c868962a35b180b4ea2 WHIRLPOOL 22206434005207e6788c254e378d2df704738177219667f947427c1384a08c6c81a52aca373ca666c3c4acc298a7822658c5ec4a24d03d0991b385091b0c8da4
EBUILD qemu-2.2.0.ebuild 18321 SHA256 738a09c193c78a6cb49bfddd98294ca7b629594b0af4e927cb5d0a1a3d593570 SHA512 37ad4912b0ff335938afc94feb4f94413e7fb8bd9be4578de89dfbfc2d57f3524a2da68802a834cb9e5fd2fb07bed0ab9df3521a296f1c30830bbbb5e9e5a0e9 WHIRLPOOL adeb66e57b126d6a9448c2f9a0755a7b4a3f055190e5151c20111d7ca12a3231798628218290d62645440e0b7accfedb53e19f4af126d7a377ccec0c86b0032a
EBUILD qemu-2.2.1.ebuild 18336 SHA256 010e31805cae369a4fda875a9b6db9cf57ded71a594a3d62fc9a8dc28e35bdc1 SHA512 b068a1256a37864237c29f9e3e17d2a5f384bb58630ca968a307878f09d0022a95a5417dae9013cdfdc10ea13940c84fed42048a9d298c6180bab0545aa5cec4 WHIRLPOOL b448e8d41815c094519ca68315fd441d633e43dd038800a95d5c81a644532d698fb91fef977cb95016729213964cdd420e035ac317981ddbe1164d10cbf264ff
EBUILD qemu-9999.ebuild 18669 SHA256 85fa1cb7f088ea7e3bdabf458eb412a5adced548e19d803bec69afe14d516f79 SHA512 45114c09beb9299c3fc94ebd5c152d730c63070f1d1e85ad4e7a93affc360ddd44e0f4552dc75c606b15d3f36683f3bfefd1621364d352cfe943a5f1d8b938df WHIRLPOOL 500eed367785006a0f83ad80b0cc30c30e2ec5dd1902639d68c85fa8b0f10b345fa7b685c95f5d335542be5e4d1ad3b7dc58035329d47dc7a3cecd93aaa89b33
MISC ChangeLog 52789 SHA256 5c9e6869db70db817ab7acce59d86bbe4528c65e5e1b69ffb7ad1d2fe6bf7372 SHA512 23097a6d0aa9ca4bdac72c0629e97d717b5608c305e20e895b8982923fa511e6b9a5c0a2193076ca4f7e0adcb354773bd2861d1b91879c60af49883613bb9074 WHIRLPOOL 3d9f0d779215600f5bb510bd7c466e046cc9b66c065f9a2242b2ae1d27a36833624abdfa279199464bf034ef9a00cfb0cda0244012b3b3db11ad26400bb7b79a
MISC metadata.xml 3648 SHA256 d6c0a87cd95bf7e2b66bb4c9bd21bdac780f502e8921aa0bfb93ba301c978562 SHA512 b3aed4e6c67bb23312402b4e6832485e31c1e6e4c38055190603da80b3680262d8f876d6e9af2f1efbfce6072125f3093edeb712f4ad73246c08b1f77a466649 WHIRLPOOL 8d45f196554880858262886575374c109f621f45120e6278ca9c5a4f70f191b909782589b6c65b7aef0294c655bb8fc43dc382197e69b5c68b874c949bd4c286
DIST qemu-2.3.0.tar.bz2 24683085 SHA256 b6bab7f763d5be73e7cb5ee7d4c8365b7a8df2972c52fa5ded18893bd8281588 SHA512 7a40d213c5696b27784abd2a3119e49d42c38c923be431826c73a8f14c19074435d7f1a652686c53baf08e81f5a3005b2ddc92d67c32f6a2b19659ab627e9eaa WHIRLPOOL 9dad6e342027c3be512b4e0b40e810e0a6f1dc84a16847aa5aac74d97f7a347e60d42e770335a090f83e90a1614294f86552a84edc1faafc7093d3e32602f5de
EBUILD qemu-2.3.0-r4.ebuild 19056 SHA256 9bff0981aa03eb7489eabb6c2bb952f293ad6c5b002e0321b2b33638564afe11 SHA512 62516308746cc7402ad46e7fde02d53947f43fe28b60d6f41373e419f44987c25c17f7e27eb96f13586076f48d7408a049f57b60db46845c3ee72f6f9b07cdce WHIRLPOOL d5ca0a0395b9ab6e8e4b9646d7e91da9323c7b1707b2c8d950580a4e2190738de75edc77e4ec399cb9aaca94725755dc1477438f0f251face6155104dae763b2
EBUILD qemu-2.3.0-r5.ebuild 19518 SHA256 bc0180d0df478992c7c4a26a51229f4c799bbb7e9112ec789bcfc297301f4c1f SHA512 1ce12120db2a4475280eb3125683e6db7069bc35e49380d76903a6e6a5f674b976fe575075b3fca3cada00dfc1147d0ed6510a23a16651b36a6410b28cd34581 WHIRLPOOL 29456ddc3375e8cc12e90d1912d2cbecd9deb21deac21622072690d6270dba164ec459a131c04d2339744ae3e2651214c66633e43dfe69c33a2ed9778082eef8
EBUILD qemu-9999.ebuild 18435 SHA256 07cf15f4b41c74cfc6cf679354d000842c11d2c06f47c59d21f219eefa993b59 SHA512 ec44a044f7d3ee430a58ed502b2e1b10b2710d28663557daf1d6f9c2c9107e058ee4b9f771180a631e1de4d9bda901d53a008f69c081c6a34410a7680b07b7ed WHIRLPOOL 4c02608e81f7a39cfe5bb26bd2d4e14df40ce74aee15ce80484bb4575e23beeffdf9597068f57c88b0a8f364ba1846b4edd31f27cd7dc142179bd54db58b5f2f
MISC ChangeLog 58193 SHA256 60c1a4f4c85515520ab14da920bbbf4a6813491ce16b5357a0456ea588815a5c SHA512 ddfe8e75aabe59b731a4a8b31839d8c71fd516620306d2bc99d7641cc501652974e053104caafa7550c5ad33b6834295f6743a98b9419d292b8bf6f67918ccd3 WHIRLPOOL a6841f79c3ba1cbf76a8c7fde296a2912c46ddd251494dca3bf3bc13391c80595b6f80125c383823899942248008ede7065b0f5c8e43f9bc1d0464aa62cc187f
MISC metadata.xml 3708 SHA256 9f5c1b781f9924046cc0fa050a93e632935c58b67d6de4f3a872eb63341e86ee SHA512 cb2582c698b5913c70e07bd27c39e84e45c319f95faa3494c0ad5273c25127bae888da3cdcec3e73b8d3ae7b950f7f128a550977755e8f8fbec53d931ac89117 WHIRLPOOL d08403a3f8659bec79644a4042c3f71653152a7d1e078efd3959565e794c7f837e735f4e774dcdb4077eeadc3f493a1a5170d7973db72b14b31c77c1093e22de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCABmBQJVJNl4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC
MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZOOKsP/0M956ACTp9+HkERridVBhiy
VcYPef7Sdwr66kwMFiY+WylIte/PaiIZBggPod2wt4b5R1zIzBy4ah9SVOAznrv9
+5pZFsqvIPCTx9X58R69nQw1wArpe4GJF0XbNAoVOHx7OAjVsI6IXSG1PHBdwNhV
/vQoBw0OrX3HYbzdIvNDnJY1erVZia4v/rLYb773URsROriNx9/ahkFYeUvPBpt0
CCfgK/K2RqqtVrNdhUsb0r0koSfbNgvAS6HArh5dhUEESpuJo1y6Sq5o15hyzskV
BphE3C2HXkGMzhCaXhH1rnNfC1cvw/eoPamQlM2BV6YZlxJ7mbHHHGErGeHPu5Oj
bbPVFYgAt+JJKr9BFjvqLkCONvRf1RZzFC4YTNSexjdAVV0Wcq1mTjjwkPHg29+W
lbOHn+123Fa/ZhFsndco6gyfqJ08GnCHrPQLfCrozFSE6sdsTxyaw6VbE+Jh6deK
ZpgPhi81+9DPvEwZd6PhnkHrn3+fYb++h+a0Bvb6ifFhDIBgOXv4FR0lTxu1X6VQ
ozlHl4CKuCRi49s7TL/fxdwSvTaTr6sgvuTAc2KE/ow8GP31a+vSObc7Z3mApqPl
BuqH38QpxGNRV8HuzhAzxKyxA3zEecVT1IMqkNOAvPh6tGtX05tE+nV81klO0f8C
DzwTJgw20FocrPA0sRzN
=5+9t
iQIbBAEBCAAGBQJVwbGhAAoJEPGu1DbS6WIATpEP9iYP4aHvjiA/yuYhb4NpRHA1
XH8fV/FTU2AkYydgTwdhhGPBcwTrI91wJSxPIhZPzalThKdFQgJ61/l/+CW6dyJz
C4wvPJ7Y/WqbtDKUlZCl4wFPO6gGvLnmVTY0memeHKJl2LqQqjknUXXjzpjaYpcF
4xtD0tQ/XaIFvAA0+u6nfIyvDbB2qE4dvbiATZ2OlfFjy3RPZpONLwRqLzTG33JJ
32/zqBRwmG2RliaXj72jX6ZbB0WENgSOX9T3oxVK4orfh30CsoXRBXTJwcImZ5zV
OIFWDBKSee3K6Ds80qUYSFdrny3j2mufj9pZqtqZ+ZQiVCQbNgZUjyXV89be3Tdj
nOTleaSayJZ7RAqCm+P6Jgfn2SgmGu2lwT8zlbgUpUXgVbAIIZG3UekFgwy6pr5L
lNuuDjDCb/ZtM8xygQbSkgN+AfoF2jDsweGkzSSQP2IkfkSm8Iy/eDJh2DoN7OIx
AtYasTgPE1HwDZq9iCh+ANHp81qeGUZifNKlVFIbVqmEq3eK+zd28SYtKPDL19Tq
oEItwCBhyDsiKdhvBbPi/oY64OyDIg+y3E2rNoYz43hdAsJanuQH9Ca3vmIYvWr3
Axqo93/LIexe5F+XlOduQH0pm6H/SqhVQjd4A/Dx3pIuR7eDZTLx1r2dXjo1rEe8
bNIMQfCXnXA3h16xHSg=
=Q9xW
-----END PGP SIGNATURE-----

81
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch vendored
View File

@ -1,81 +0,0 @@
fix already in upstream
From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Fri, 8 Aug 2014 09:40:25 +0900
Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink
The current code always returns the length of the path when it should
be returning the number of bytes it wrote to the output string.
Further, readlink is not supposed to append a NUL byte, but the current
snprintf logic will always do just that.
Even further, if you pass in a length of 0, you're suppoesd to get back
an error (EINVAL), but the current logic just returns 0.
Further still, if there was an error reading the symlink, we should not
go ahead and try to read the target buffer as it is garbage.
Simple test for the first two issues:
$ cat test.c
int main() {
char buf[50];
size_t len;
for (len = 0; len < 10; ++len) {
memset(buf, '!', sizeof(buf));
ssize_t ret = readlink("/proc/self/exe", buf, len);
buf[20] = '\0';
printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret);
}
return 0;
}
Now compare the output of the native:
$ gcc test.c -o /tmp/x
$ /tmp/x
$ strace /tmp/x
With what qemu does:
$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static
$ qemu-arm /tmp/x
$ qemu-arm -strace /tmp/x
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
linux-user/syscall.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index fccf9f0..7c108ab 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
if (!p || !p2) {
ret = -TARGET_EFAULT;
+ } else if (!arg3) {
+ /* Short circuit this for the magic exe check. */
+ ret = -TARGET_EINVAL;
} else if (is_proc_myself((const char *)p, "exe")) {
char real[PATH_MAX], *temp;
temp = realpath(exec_path, real);
- ret = temp == NULL ? get_errno(-1) : strlen(real) ;
- snprintf((char *)p2, arg3, "%s", real);
+ /* Return value is # of bytes that we wrote to the buffer. */
+ if (temp == NULL) {
+ ret = get_errno(-1);
+ } else {
+ /* Don't worry about sign mismatch as earlier mapping
+ * logic would have thrown a bad address error. */
+ ret = MIN(strlen(real), arg3);
+ /* We cannot NUL terminate the string. */
+ memcpy(p2, real, ret);
+ }
} else {
ret = get_errno(readlink(path(p), p2, arg3));
}
--
2.0.0

50
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch vendored
View File

@ -1,50 +0,0 @@
https://bugs.gentoo.org/527088
From e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Mon Sep 17 00:00:00 2001
From: Petr Matousek <pmatouse@redhat.com>
Date: Mon, 27 Oct 2014 12:41:44 +0100
Subject: [PATCH] vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
This is CVE-2014-7815.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ui/vnc.c b/ui/vnc.c
index 0fe6eff..8bca597 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs,
return;
}
+ switch (bits_per_pixel) {
+ case 8:
+ case 16:
+ case 32:
+ break;
+ default:
+ vnc_client_error(vs);
+ return;
+ }
+
vs->client_pf.rmax = red_max;
vs->client_pf.rbits = hweight_long(red_max);
vs->client_pf.rshift = red_shift;
--
2.1.2

241
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch vendored Normal file
View File

@ -0,0 +1,241 @@
From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Mar 2015 22:58:21 +0000
Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.
The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
@@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
- *payload_size = input->offset;
+ *payload_size = *payload_remain;
[ kraxel: fix 32bit build ]
@@ -306,7 +306,7 @@ struct VncState
- uint64_t ws_payload_remain;
+ size_t ws_payload_remain;
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
ui/vnc-ws.h | 9 ++++--
ui/vnc.h | 2 ++
3 files changed, 80 insertions(+), 36 deletions(-)
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 85dbb7e..0b7de4e 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
{
int ret, err;
uint8_t *payload;
- size_t payload_size, frame_size;
+ size_t payload_size, header_size;
VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
vs->ws_input.capacity, vs->ws_input.offset);
buffer_reserve(&vs->ws_input, 4096);
@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
}
vs->ws_input.offset += ret;
- /* make sure that nothing is left in the ws_input buffer */
+ ret = 0;
+ /* consume as much of ws_input buffer as possible */
do {
- err = vncws_decode_frame(&vs->ws_input, &payload,
- &payload_size, &frame_size);
- if (err <= 0) {
- return err;
+ if (vs->ws_payload_remain == 0) {
+ err = vncws_decode_frame_header(&vs->ws_input,
+ &header_size,
+ &vs->ws_payload_remain,
+ &vs->ws_payload_mask);
+ if (err <= 0) {
+ return err;
+ }
+
+ buffer_advance(&vs->ws_input, header_size);
}
+ if (vs->ws_payload_remain != 0) {
+ err = vncws_decode_frame_payload(&vs->ws_input,
+ &vs->ws_payload_remain,
+ &vs->ws_payload_mask,
+ &payload,
+ &payload_size);
+ if (err < 0) {
+ return err;
+ }
+ if (err == 0) {
+ return ret;
+ }
+ ret += err;
- buffer_reserve(&vs->input, payload_size);
- buffer_append(&vs->input, payload, payload_size);
+ buffer_reserve(&vs->input, payload_size);
+ buffer_append(&vs->input, payload, payload_size);
- buffer_advance(&vs->ws_input, frame_size);
+ buffer_advance(&vs->ws_input, payload_size);
+ }
} while (vs->ws_input.offset > 0);
return ret;
@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
buffer_append(output, payload, payload_size);
}
-int vncws_decode_frame(Buffer *input, uint8_t **payload,
- size_t *payload_size, size_t *frame_size)
+int vncws_decode_frame_header(Buffer *input,
+ size_t *header_size,
+ size_t *payload_remain,
+ WsMask *payload_mask)
{
unsigned char opcode = 0, fin = 0, has_mask = 0;
- size_t header_size = 0;
- uint32_t *payload32;
+ size_t payload_len;
WsHeader *header = (WsHeader *)input->buffer;
- WsMask mask;
- int i;
if (input->offset < WS_HEAD_MIN_LEN + 4) {
/* header not complete */
@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
fin = (header->b0 & 0x80) >> 7;
opcode = header->b0 & 0x0f;
has_mask = (header->b1 & 0x80) >> 7;
- *payload_size = header->b1 & 0x7f;
+ payload_len = header->b1 & 0x7f;
if (opcode == WS_OPCODE_CLOSE) {
/* disconnect */
@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
return -2;
}
- if (*payload_size < 126) {
- header_size = 6;
- mask = header->u.m;
- } else if (*payload_size == 126 && input->offset >= 8) {
- *payload_size = be16_to_cpu(header->u.s16.l16);
- header_size = 8;
- mask = header->u.s16.m16;
- } else if (*payload_size == 127 && input->offset >= 14) {
- *payload_size = be64_to_cpu(header->u.s64.l64);
- header_size = 14;
- mask = header->u.s64.m64;
+ if (payload_len < 126) {
+ *payload_remain = payload_len;
+ *header_size = 6;
+ *payload_mask = header->u.m;
+ } else if (payload_len == 126 && input->offset >= 8) {
+ *payload_remain = be16_to_cpu(header->u.s16.l16);
+ *header_size = 8;
+ *payload_mask = header->u.s16.m16;
+ } else if (payload_len == 127 && input->offset >= 14) {
+ *payload_remain = be64_to_cpu(header->u.s64.l64);
+ *header_size = 14;
+ *payload_mask = header->u.s64.m64;
} else {
/* header not complete */
return 0;
}
- *frame_size = header_size + *payload_size;
+ return 1;
+}
+
+int vncws_decode_frame_payload(Buffer *input,
+ size_t *payload_remain, WsMask *payload_mask,
+ uint8_t **payload, size_t *payload_size)
+{
+ size_t i;
+ uint32_t *payload32;
- if (input->offset < *frame_size) {
- /* frame not complete */
+ *payload = input->buffer;
+ /* If we aren't at the end of the payload, then drop
+ * off the last bytes, so we're always multiple of 4
+ * for purpose of unmasking, except at end of payload
+ */
+ if (input->offset < *payload_remain) {
+ *payload_size = input->offset - (input->offset % 4);
+ } else {
+ *payload_size = *payload_remain;
+ }
+ if (*payload_size == 0) {
return 0;
}
-
- *payload = input->buffer + header_size;
+ *payload_remain -= *payload_size;
/* unmask frame */
/* process 1 frame (32 bit op) */
payload32 = (uint32_t *)(*payload);
for (i = 0; i < *payload_size / 4; i++) {
- payload32[i] ^= mask.u;
+ payload32[i] ^= payload_mask->u;
}
/* process the remaining bytes (if any) */
for (i *= 4; i < *payload_size; i++) {
- (*payload)[i] ^= mask.c[i % 4];
+ (*payload)[i] ^= payload_mask->c[i % 4];
}
return 1;
diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
index ef229b7..14d4230 100644
--- a/ui/vnc-ws.h
+++ b/ui/vnc-ws.h
@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
void vncws_encode_frame(Buffer *output, const void *payload,
const size_t payload_size);
-int vncws_decode_frame(Buffer *input, uint8_t **payload,
- size_t *payload_size, size_t *frame_size);
+int vncws_decode_frame_header(Buffer *input,
+ size_t *header_size,
+ size_t *payload_remain,
+ WsMask *payload_mask);
+int vncws_decode_frame_payload(Buffer *input,
+ size_t *payload_remain, WsMask *payload_mask,
+ uint8_t **payload, size_t *payload_size);
#endif /* __QEMU_UI_VNC_WS_H */
diff --git a/ui/vnc.h b/ui/vnc.h
index e19ac39..3f7c6a9 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -306,6 +306,8 @@ struct VncState
#ifdef CONFIG_VNC_WS
Buffer ws_input;
Buffer ws_output;
+ size_t ws_payload_remain;
+ WsMask ws_payload_mask;
#endif
/* current output mode information */
VncWritePixels *write_pixels;
--
2.3.5

58
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch vendored Normal file
View File

@ -0,0 +1,58 @@
From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Mar 2015 22:58:22 +0000
Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.
A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/vnc-ws.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 0b7de4e..62eb97f 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
VncState *vs = opaque;
uint8_t *handshake_end;
long ret;
- buffer_reserve(&vs->ws_input, 4096);
- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
+ /* Typical HTTP headers from novnc are 512 bytes, so limiting
+ * total header size to 4096 is easily enough. */
+ size_t want = 4096 - vs->ws_input.offset;
+ buffer_reserve(&vs->ws_input, want);
+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
if (!ret) {
if (vs->csock == -1) {
@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
strlen(WS_HANDSHAKE_END));
+ } else if (vs->ws_input.offset >= 4096) {
+ VNC_DEBUG("End of headers not found in first 4096 bytes\n");
+ vnc_client_error(vs);
}
}
--
2.3.5

51
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3209.patch vendored Normal file
View File

@ -0,0 +1,51 @@
https://bugs.gentoo.org/551752
From 9f7c594c006289ad41169b854d70f5da6e400a2a Mon Sep 17 00:00:00 2001
From: Petr Matousek <pmatouse@redhat.com>
Date: Sun, 24 May 2015 10:53:44 +0200
Subject: [PATCH] pcnet: force the buffer access to be in bounds during tx
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.
Fix this by only allowing to queue maximum sizeof(buffer) bytes.
This is CVE-2015-3209.
[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Matt Tait <matttait@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/pcnet.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index bdfd38f..68b9981 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1241,6 +1241,14 @@ static void pcnet_transmit(PCNetState *s)
}
bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+ Note: this is not what real hw does */
+ if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+
s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
s->xmit_pos += bcnt;
--
2.2.0.rc0.207.ga3a616c

41
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3214.patch vendored Normal file
View File

@ -0,0 +1,41 @@
From: Petr Matousek <pmatouse@redhat.com>
Date: Wed, 17 Jun 2015 10:46:11 +0000 (+0200)
Subject: i8254: fix out-of-bounds memory access in pit_ioport_read()
X-Git-Tag: v2.4.0-rc0~43^2~9
X-Git-Url: http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=d4862a87e31a51de9eb260f25c9e99a75efe3235;hp=9dacf32d2cbd66cbcce7944ebdfd6b2df20e33b8
i8254: fix out-of-bounds memory access in pit_ioport_read()
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.
Fix this by ignoring read from the Mode/Command register.
This is CVE-2015-3214.
Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c
index 3450c98..9b65a33 100644
--- a/hw/timer/i8254.c
+++ b/hw/timer/i8254.c
@@ -196,6 +196,12 @@ static uint64_t pit_ioport_read(void *opaque, hwaddr addr,
PITChannelState *s;
addr &= 3;
+
+ if (addr == 3) {
+ /* Mode/Command register is write only, read is ignored */
+ return 0;
+ }
+
s = &pit->channels[addr];
if (s->status_latched) {
s->status_latched = 0;

86
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch vendored Normal file
View File

@ -0,0 +1,86 @@
https://bugs.gentoo.org/549404
From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
From: Petr Matousek <pmatouse@redhat.com>
Date: Wed, 6 May 2015 09:48:59 +0200
Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.
Fix this by making sure that the index is always bounded by the
allocated memory.
This is CVE-2015-3456.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
---
hw/block/fdc.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index f72a392..d8a8edd 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
{
FDrive *cur_drv;
uint32_t retval = 0;
- int pos;
+ uint32_t pos;
cur_drv = get_cur_drv(fdctrl);
fdctrl->dsr &= ~FD_DSR_PWRDOWN;
@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
return 0;
}
pos = fdctrl->data_pos;
+ pos %= FD_SECTOR_LEN;
if (fdctrl->msr & FD_MSR_NONDMA) {
- pos %= FD_SECTOR_LEN;
if (pos == 0) {
if (fdctrl->data_pos != 0)
if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
{
FDrive *cur_drv = get_cur_drv(fdctrl);
+ uint32_t pos;
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
+ pos = fdctrl->data_pos - 1;
+ pos %= FD_SECTOR_LEN;
+ if (fdctrl->fifo[pos] & 0x80) {
/* Command parameters done */
- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
+ if (fdctrl->fifo[pos] & 0x40) {
fdctrl->fifo[0] = fdctrl->fifo[1];
fdctrl->fifo[2] = 0;
fdctrl->fifo[3] = 0;
@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
{
FDrive *cur_drv;
- int pos;
+ uint32_t pos;
/* Reset mode */
if (!(fdctrl->dor & FD_DOR_nRESET)) {
@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
}
FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
- fdctrl->fifo[fdctrl->data_pos++] = value;
+ pos = fdctrl->data_pos++;
+ pos %= FD_SECTOR_LEN;
+ fdctrl->fifo[pos] = value;
if (fdctrl->data_pos == fdctrl->data_len) {
/* We now have all parameters
* and will be able to treat the command
--
1.7.0.4

75
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-1.patch vendored Normal file
View File

@ -0,0 +1,75 @@
From d2ff85854512574e7209f295e87b0835d5b032c6 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide: Check array bounds before writing to io_buffer
(CVE-2015-5154)
If the end_transfer_func of a command is called because enough data has
been read or written for the current PIO transfer, and it fails to
correctly call the command completion functions, the DRQ bit in the
status register and s->end_transfer_func may remain set. This allows the
guest to access further bytes in s->io_buffer beyond s->data_end, and
eventually overflowing the io_buffer.
One case where this currently happens is emulation of the ATAPI command
START STOP UNIT.
This patch fixes the problem by adding explicit array bounds checks
before accessing the buffer instead of relying on end_transfer_func to
function correctly.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/core.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 122e955..44fcc23 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2021,6 +2021,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return;
+ }
+
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
@@ -2042,6 +2046,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 2 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
@@ -2063,6 +2071,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return;
+ }
+
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
@@ -2084,6 +2096,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
}
p = s->data_ptr;
+ if (p + 4 > s->data_end) {
+ return 0;
+ }
+
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;

26
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-2.patch vendored Normal file
View File

@ -0,0 +1,26 @@
From 03441c3a4a42beb25460dd11592539030337d0f8 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide/atapi: Fix START STOP UNIT command completion
The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/atapi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 950e311..79dd167 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -983,6 +983,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
if (pwrcnd) {
/* eject/load only happens for power condition == 0 */
+ ide_atapi_cmd_ok(s);
return;
}

69
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5154-3.patch vendored Normal file
View File

@ -0,0 +1,69 @@
From cb72cba83021fa42719e73a5249c12096a4d1cfc Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Sun, 26 Jul 2015 23:42:53 -0400
Subject: [PATCH] ide: Clear DRQ after handling all expected accesses
This is additional hardening against an end_transfer_func that fails to
clear the DRQ status bit. The bit must be unset as soon as the PIO
transfer has completed, so it's better to do this in a central place
instead of duplicating the code in all commands (and forgetting it in
some).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
---
hw/ide/core.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 44fcc23..50449ca 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2028,8 +2028,10 @@ void ide_data_writew(void *opaque, uint32_t addr, uint32_t val)
*(uint16_t *)p = le16_to_cpu(val);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readw(void *opaque, uint32_t addr)
@@ -2053,8 +2055,10 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr)
ret = cpu_to_le16(*(uint16_t *)p);
p += 2;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}
@@ -2078,8 +2082,10 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t val)
*(uint32_t *)p = le32_to_cpu(val);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
}
uint32_t ide_data_readl(void *opaque, uint32_t addr)
@@ -2103,8 +2109,10 @@ uint32_t ide_data_readl(void *opaque, uint32_t addr)
ret = cpu_to_le32(*(uint32_t *)p);
p += 4;
s->data_ptr = p;
- if (p >= s->data_end)
+ if (p >= s->data_end) {
+ s->status &= ~DRQ_STAT;
s->end_transfer_func(s);
+ }
return ret;
}

40
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5158.patch vendored Normal file
View File

@ -0,0 +1,40 @@
commit c170aad8b057223b1139d72e5ce7acceafab4fa9
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue Jul 21 08:59:39 2015 +0200
scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
This is a guest-triggerable buffer overflow present in QEMU 2.2.0
and newer. scsi_cdb_length returns -1 as an error value, but the
caller does not check it.
Luckily, the massive overflow means that QEMU will just SIGSEGV,
making the impact much smaller.
Reported-by: Zhu Donghai (朱东海) <donghai.zdh@alibaba-inc.com>
Fixes: 1894df02811f6b79ea3ffbf1084599d96f316173
Reviewed-by: Fam Zheng <famz@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index f50b2f0..f0ae462 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -1239,10 +1239,15 @@ int scsi_cdb_length(uint8_t *buf) {
int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf)
{
int rc;
+ int len;
cmd->lba = -1;
- cmd->len = scsi_cdb_length(buf);
+ len = scsi_cdb_length(buf);
+ if (len < 0) {
+ return -1;
+ }
+ cmd->len = len;
switch (dev->type) {
case TYPE_TAPE:
rc = scsi_req_stream_xfer(cmd, dev, buf);

82
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-1.patch vendored Normal file
View File

@ -0,0 +1,82 @@
From 5e0c290415b9d57077a86e70c8e6a058868334d3 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:16:58 +0100
Subject: [PATCH 1/7] rtl8139: avoid nested ifs in IP header parsing
Transmit offload needs to parse packet headers. If header fields have
unexpected values the offload processing is skipped.
The code currently uses nested ifs because there is relatively little
input validation. The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 41 ++++++++++++++++++++++-------------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 5f0197c..91ba33b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2174,28 +2174,30 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
size_t eth_payload_len = 0;
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
- if (proto == ETH_P_IP)
+ if (proto != ETH_P_IP)
{
- DPRINTF("+++ C+ mode has IP packet\n");
-
- /* not aligned */
- eth_payload_data = saved_buffer + ETH_HLEN;
- eth_payload_len = saved_size - ETH_HLEN;
-
- ip = (ip_header*)eth_payload_data;
-
- if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
- DPRINTF("+++ C+ mode packet has bad IP version %d "
- "expected %d\n", IP_HEADER_VERSION(ip),
- IP_HEADER_VERSION_4);
- ip = NULL;
- } else {
- hlen = IP_HEADER_LENGTH(ip);
- ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- }
+ goto skip_offload;
}
+ DPRINTF("+++ C+ mode has IP packet\n");
+
+ /* not aligned */
+ eth_payload_data = saved_buffer + ETH_HLEN;
+ eth_payload_len = saved_size - ETH_HLEN;
+
+ ip = (ip_header*)eth_payload_data;
+
+ if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+ DPRINTF("+++ C+ mode packet has bad IP version %d "
+ "expected %d\n", IP_HEADER_VERSION(ip),
+ IP_HEADER_VERSION_4);
+ goto skip_offload;
+ }
+
+ hlen = IP_HEADER_LENGTH(ip);
+ ip_protocol = ip->ip_p;
+ ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
if (ip)
{
if (txdw0 & CP_TX_IPCS)
@@ -2391,6 +2393,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
}
+skip_offload:
/* update tally counter */
++s->tally_counters.TxOk;
--
2.1.4

373
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-2.patch vendored Normal file
View File

@ -0,0 +1,373 @@
From 2d7d80e8dc160904fa7276cc05da26c062a50066 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:16:59 +0100
Subject: [PATCH 2/7] rtl8139: drop tautologous if (ip) {...} statement
The previous patch stopped using the ip pointer as an indicator that the
IP header is present. When we reach the if (ip) {...} statement we know
ip is always non-NULL.
Remove the if statement to reduce nesting.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 305 +++++++++++++++++++++++++++----------------------------
1 file changed, 151 insertions(+), 154 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 91ba33b..2f12d42 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2198,198 +2198,195 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
ip_protocol = ip->ip_p;
ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
- if (ip)
+ if (txdw0 & CP_TX_IPCS)
{
- if (txdw0 & CP_TX_IPCS)
- {
- DPRINTF("+++ C+ mode need IP checksum\n");
+ DPRINTF("+++ C+ mode need IP checksum\n");
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
+ if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
+ /* bad packet header len */
+ /* or packet too short */
}
-
- if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ else
{
- int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
+ }
+ }
- DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
- "frame data %d specified MSS=%d\n", ETH_MTU,
- ip_data_len, saved_size - ETH_HLEN, large_send_mss);
+ if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
+ {
+ int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
- int tcp_send_offset = 0;
- int send_count = 0;
+ DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
+ "frame data %d specified MSS=%d\n", ETH_MTU,
+ ip_data_len, saved_size - ETH_HLEN, large_send_mss);
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
+ int tcp_send_offset = 0;
+ int send_count = 0;
- /* save IP header template; data area is used in tcp checksum calculation */
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
- /* a placeholder for checksum calculation routine in tcp case */
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ /* save IP header template; data area is used in tcp checksum calculation */
+ memcpy(saved_ip_header, eth_payload_data, hlen);
- /* pointer to TCP header */
- tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
+ /* a placeholder for checksum calculation routine in tcp case */
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
- int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ /* pointer to TCP header */
+ tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
- /* ETH_MTU = ip header len + tcp header len + payload */
- int tcp_data_len = ip_data_len - tcp_hlen;
- int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
+ int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
- DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
- "data len %d TCP chunk size %d\n", ip_data_len,
- tcp_hlen, tcp_data_len, tcp_chunk_size);
+ /* ETH_MTU = ip header len + tcp header len + payload */
+ int tcp_data_len = ip_data_len - tcp_hlen;
+ int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
- /* note the cycle below overwrites IP header data,
- but restores it from saved_ip_header before sending packet */
+ DPRINTF("+++ C+ mode TSO IP data len %d TCP hlen %d TCP "
+ "data len %d TCP chunk size %d\n", ip_data_len,
+ tcp_hlen, tcp_data_len, tcp_chunk_size);
- int is_last_frame = 0;
+ /* note the cycle below overwrites IP header data,
+ but restores it from saved_ip_header before sending packet */
- for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
- {
- uint16_t chunk_size = tcp_chunk_size;
-
- /* check if this is the last frame */
- if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
- {
- is_last_frame = 1;
- chunk_size = tcp_data_len - tcp_send_offset;
- }
-
- DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
- be32_to_cpu(p_tcp_hdr->th_seq));
-
- /* add 4 TCP pseudoheader fields */
- /* copy IP source and destination fields */
- memcpy(data_to_checksum, saved_ip_header + 12, 8);
-
- DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
- "packet with %d bytes data\n", tcp_hlen +
- chunk_size);
-
- if (tcp_send_offset)
- {
- memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
- }
-
- /* keep PUSH and FIN flags only for the last frame */
- if (!is_last_frame)
- {
- TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
- }
-
- /* recalculate TCP checksum */
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
-
- p_tcp_hdr->th_sum = 0;
-
- int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
- DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
- tcp_checksum);
-
- p_tcp_hdr->th_sum = tcp_checksum;
-
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
-
- /* set IP data length and recalculate IP checksum */
- ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
-
- /* increment IP id for subsequent frames */
- ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
-
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(eth_payload_data, hlen);
- DPRINTF("+++ C+ mode TSO IP header len=%d "
- "checksum=%04x\n", hlen, ip->ip_sum);
-
- int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
- DPRINTF("+++ C+ mode TSO transferring packet size "
- "%d\n", tso_send_size);
- rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
- 0, (uint8_t *) dot1q_buffer);
-
- /* add transferred count to TCP sequence number */
- p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
- ++send_count;
- }
+ int is_last_frame = 0;
- /* Stop sending this frame */
- saved_size = 0;
- }
- else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ for (tcp_send_offset = 0; tcp_send_offset < tcp_data_len; tcp_send_offset += tcp_chunk_size)
{
- DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+ uint16_t chunk_size = tcp_chunk_size;
- /* maximum IP header length is 60 bytes */
- uint8_t saved_ip_header[60];
- memcpy(saved_ip_header, eth_payload_data, hlen);
+ /* check if this is the last frame */
+ if (tcp_send_offset + tcp_chunk_size >= tcp_data_len)
+ {
+ is_last_frame = 1;
+ chunk_size = tcp_data_len - tcp_send_offset;
+ }
- uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
- // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+ DPRINTF("+++ C+ mode TSO TCP seqno %08x\n",
+ be32_to_cpu(p_tcp_hdr->th_seq));
/* add 4 TCP pseudoheader fields */
/* copy IP source and destination fields */
memcpy(data_to_checksum, saved_ip_header + 12, 8);
- if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ DPRINTF("+++ C+ mode TSO calculating TCP checksum for "
+ "packet with %d bytes data\n", tcp_hlen +
+ chunk_size);
+
+ if (tcp_send_offset)
{
- DPRINTF("+++ C+ mode calculating TCP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ memcpy((uint8_t*)p_tcp_hdr + tcp_hlen, (uint8_t*)p_tcp_hdr + tcp_hlen + tcp_send_offset, chunk_size);
+ }
- ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_tcpip_hdr->zeros = 0;
- p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
- p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ /* keep PUSH and FIN flags only for the last frame */
+ if (!is_last_frame)
+ {
+ TCP_HEADER_CLEAR_FLAGS(p_tcp_hdr, TCP_FLAG_PUSH|TCP_FLAG_FIN);
+ }
- tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+ /* recalculate TCP checksum */
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(tcp_hlen + chunk_size);
- p_tcp_hdr->th_sum = 0;
+ p_tcp_hdr->th_sum = 0;
- int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode TCP checksum %04x\n",
- tcp_checksum);
+ int tcp_checksum = ip_checksum(data_to_checksum, tcp_hlen + chunk_size + 12);
+ DPRINTF("+++ C+ mode TSO TCP checksum %04x\n",
+ tcp_checksum);
- p_tcp_hdr->th_sum = tcp_checksum;
- }
- else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
- {
- DPRINTF("+++ C+ mode calculating UDP checksum for "
- "packet with %d bytes data\n", ip_data_len);
+ p_tcp_hdr->th_sum = tcp_checksum;
- ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
- p_udpip_hdr->zeros = 0;
- p_udpip_hdr->ip_proto = IP_PROTO_UDP;
- p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
- udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+ /* set IP data length and recalculate IP checksum */
+ ip->ip_len = cpu_to_be16(hlen + tcp_hlen + chunk_size);
- p_udp_hdr->uh_sum = 0;
+ /* increment IP id for subsequent frames */
+ ip->ip_id = cpu_to_be16(tcp_send_offset/tcp_chunk_size + be16_to_cpu(ip->ip_id));
- int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
- DPRINTF("+++ C+ mode UDP checksum %04x\n",
- udp_checksum);
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(eth_payload_data, hlen);
+ DPRINTF("+++ C+ mode TSO IP header len=%d "
+ "checksum=%04x\n", hlen, ip->ip_sum);
- p_udp_hdr->uh_sum = udp_checksum;
- }
+ int tso_send_size = ETH_HLEN + hlen + tcp_hlen + chunk_size;
+ DPRINTF("+++ C+ mode TSO transferring packet size "
+ "%d\n", tso_send_size);
+ rtl8139_transfer_frame(s, saved_buffer, tso_send_size,
+ 0, (uint8_t *) dot1q_buffer);
- /* restore IP header */
- memcpy(eth_payload_data, saved_ip_header, hlen);
+ /* add transferred count to TCP sequence number */
+ p_tcp_hdr->th_seq = cpu_to_be32(chunk_size + be32_to_cpu(p_tcp_hdr->th_seq));
+ ++send_count;
}
+
+ /* Stop sending this frame */
+ saved_size = 0;
+ }
+ else if (txdw0 & (CP_TX_TCPCS|CP_TX_UDPCS))
+ {
+ DPRINTF("+++ C+ mode need TCP or UDP checksum\n");
+
+ /* maximum IP header length is 60 bytes */
+ uint8_t saved_ip_header[60];
+ memcpy(saved_ip_header, eth_payload_data, hlen);
+
+ uint8_t *data_to_checksum = eth_payload_data + hlen - 12;
+ // size_t data_to_checksum_len = eth_payload_len - hlen + 12;
+
+ /* add 4 TCP pseudoheader fields */
+ /* copy IP source and destination fields */
+ memcpy(data_to_checksum, saved_ip_header + 12, 8);
+
+ if ((txdw0 & CP_TX_TCPCS) && ip_protocol == IP_PROTO_TCP)
+ {
+ DPRINTF("+++ C+ mode calculating TCP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_tcpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_tcpip_hdr->zeros = 0;
+ p_tcpip_hdr->ip_proto = IP_PROTO_TCP;
+ p_tcpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ tcp_header* p_tcp_hdr = (tcp_header *) (data_to_checksum+12);
+
+ p_tcp_hdr->th_sum = 0;
+
+ int tcp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode TCP checksum %04x\n",
+ tcp_checksum);
+
+ p_tcp_hdr->th_sum = tcp_checksum;
+ }
+ else if ((txdw0 & CP_TX_UDPCS) && ip_protocol == IP_PROTO_UDP)
+ {
+ DPRINTF("+++ C+ mode calculating UDP checksum for "
+ "packet with %d bytes data\n", ip_data_len);
+
+ ip_pseudo_header *p_udpip_hdr = (ip_pseudo_header *)data_to_checksum;
+ p_udpip_hdr->zeros = 0;
+ p_udpip_hdr->ip_proto = IP_PROTO_UDP;
+ p_udpip_hdr->ip_payload = cpu_to_be16(ip_data_len);
+
+ udp_header *p_udp_hdr = (udp_header *) (data_to_checksum+12);
+
+ p_udp_hdr->uh_sum = 0;
+
+ int udp_checksum = ip_checksum(data_to_checksum, ip_data_len + 12);
+ DPRINTF("+++ C+ mode UDP checksum %04x\n",
+ udp_checksum);
+
+ p_udp_hdr->uh_sum = udp_checksum;
+ }
+
+ /* restore IP header */
+ memcpy(eth_payload_data, saved_ip_header, hlen);
}
}
--
2.1.4

39
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-3.patch vendored Normal file
View File

@ -0,0 +1,39 @@
From 043d28507ef7c5fdc34866f5e3b27a72bd0cd072 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:00 +0100
Subject: [PATCH 3/7] rtl8139: skip offload on short Ethernet/IP header
Transmit offload features access Ethernet and IP headers the packet. If
the packet is too short we must not attempt to access header fields:
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
...
eth_payload_data = saved_buffer + ETH_HLEN;
...
ip = (ip_header*)eth_payload_data;
if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 2f12d42..d377b6b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2164,6 +2164,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
DPRINTF("+++ C+ mode offloaded task checksum\n");
+ /* Large enough for Ethernet and IP headers? */
+ if (saved_size < ETH_HLEN + sizeof(ip_header)) {
+ goto skip_offload;
+ }
+
/* ip packet header */
ip_header *ip = NULL;
int hlen = 0;
--
2.1.4

53
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-4.patch vendored Normal file
View File

@ -0,0 +1,53 @@
From 5a75d242fe019d05b46ef9bc330a6892525c84a7 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:01 +0100
Subject: [PATCH 4/7] rtl8139: check IP Header Length field
The IP Header Length field was only checked in the IP checksum case, but
is used in other cases too.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index d377b6b..cd5ac05 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2200,6 +2200,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
hlen = IP_HEADER_LENGTH(ip);
+ if (hlen < sizeof(ip_header) || hlen > eth_payload_len) {
+ goto skip_offload;
+ }
+
ip_protocol = ip->ip_p;
ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
@@ -2207,17 +2211,10 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
{
DPRINTF("+++ C+ mode need IP checksum\n");
- if (hlen<sizeof(ip_header) || hlen>eth_payload_len) {/* min header length */
- /* bad packet header len */
- /* or packet too short */
- }
- else
- {
- ip->ip_sum = 0;
- ip->ip_sum = ip_checksum(ip, hlen);
- DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
- hlen, ip->ip_sum);
- }
+ ip->ip_sum = 0;
+ ip->ip_sum = ip_checksum(ip, hlen);
+ DPRINTF("+++ C+ mode IP header len=%d checksum=%04x\n",
+ hlen, ip->ip_sum);
}
if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
--
2.1.4

34
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-5.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From 6c79ea275d72bc1fd88bdcf1e7d231b2c9c865de Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:02 +0100
Subject: [PATCH 5/7] rtl8139: check IP Total Length field
The IP Total Length field includes the IP header and data. Make sure it
is valid and does not exceed the Ethernet payload size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index cd5ac05..ed2b23b 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2205,7 +2205,12 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
}
ip_protocol = ip->ip_p;
- ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
+ ip_data_len = be16_to_cpu(ip->ip_len);
+ if (ip_data_len < hlen || ip_data_len > eth_payload_len) {
+ goto skip_offload;
+ }
+ ip_data_len -= hlen;
if (txdw0 & CP_TX_IPCS)
{
--
2.1.4

35
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-6.patch vendored Normal file
View File

@ -0,0 +1,35 @@
From 30aa7be430e7c982e9163f3bcc745d3aa57b6aa4 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:03 +0100
Subject: [PATCH 6/7] rtl8139: skip offload on short TCP header
TCP Large Segment Offload accesses the TCP header in the packet. If the
packet is too short we must not attempt to access header fields:
tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index ed2b23b..c8f0df9 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2224,6 +2224,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
if ((txdw0 & CP_TX_LGSEN) && ip_protocol == IP_PROTO_TCP)
{
+ /* Large enough for the TCP header? */
+ if (ip_data_len < sizeof(tcp_header)) {
+ goto skip_offload;
+ }
+
int large_send_mss = (txdw0 >> 16) & CP_TC_LGSEN_MSS_MASK;
DPRINTF("+++ C+ mode offloaded task TSO MTU=%d IP data %d "
--
2.1.4

32
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5165-7.patch vendored Normal file
View File

@ -0,0 +1,32 @@
From 9a084807bf6ca7c16d997a236d304111894a6539 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:04 +0100
Subject: [PATCH 7/7] rtl8139: check TCP Data Offset field
The TCP Data Offset field contains the length of the header. Make sure
it is valid and does not exceed the IP data length.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index c8f0df9..2df4a51 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2253,6 +2253,11 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ /* Invalid TCP data offset? */
+ if (tcp_hlen < sizeof(tcp_header) || tcp_hlen > ip_data_len) {
+ goto skip_offload;
+ }
+
/* ETH_MTU = ip header len + tcp header len + payload */
int tcp_data_len = ip_data_len - tcp_hlen;
int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
--
2.1.4

36
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-5166.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index adb6649..5a26c86 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -169,6 +169,7 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
PCIIDEState *pci_ide;
DriveInfo *di;
int i;
+ IDEDevice *idedev;
pci_ide = PCI_IDE(dev);
@@ -181,6 +182,12 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
blk_detach_dev(blk, ds);
}
pci_ide->bus[di->bus].ifs[di->unit].blk = NULL;
+ if (!(i % 2)) {
+ idedev = pci_ide->bus[di->bus].master;
+ } else {
+ idedev = pci_ide->bus[di->bus].slave;
+ }
+ idedev->conf.blk = NULL;
blk_unref(blk);
}
}

13
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-cflags.patch vendored
View File

@ -1,13 +0,0 @@
diff --git a/configure b/configure
index 82f6e71..7e19aaf 100755
--- a/configure
+++ b/configure
@@ -3131,8 +3131,6 @@ fi
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
-elif test "$debug" = "no" ; then
- CFLAGS="-O2 -D_FORTIFY_SOURCE=2 $CFLAGS"
fi

30
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch vendored
View File

@ -1,30 +0,0 @@
From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001
From: Tim Comer <comer0@gmail.com>
Date: Sat, 19 Apr 2014 12:51:42 -0400
Subject: [PATCH] virtfs-proxy-helper: fix call to accept
The current code calls accept() without initializing the size parameter
which means the accept call might write too much to the stack.
URL: https://bugs.gentoo.org/486714
Signed-off-by: Tim Comer <comer0@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
fsdev/virtfs-proxy-helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index bfecb87..cd291d3 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid)
return -1;
}
+ size = sizeof(qemu);
client = accept(sock, (struct sockaddr *)&qemu, &size);
if (client < 0) {
do_perror("accept");
--
1.9.2

3
sdk_container/src/third_party/portage-stable/app-emulation/qemu/files/qemu-kvm-1.4 vendored
View File

@ -1,3 +0,0 @@
#!/bin/sh
exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@"

8
sdk_container/src/third_party/portage-stable/app-emulation/qemu/metadata.xml vendored
View File

@ -2,10 +2,6 @@
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>qemu</herd>
<maintainer>
<email>cardoe@gentoo.org</email>
<name>Doug Goldstein</name>
</maintainer>
<use>
<flag name='accessibility'>Adds support for braille displays using brltty</flag>
<flag name='aio'>Enables support for Linux's Async IO</flag>
@ -27,6 +23,7 @@
<flag name='pulseaudio'>Enable pulseaudio output for sound emulation</flag>
<flag name='rbd'>Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD</flag>
<flag name='sdl'>Enable the SDL-based console</flag>
<flag name='sdl2'>Use libsdl2 instead of libsdl</flag>
<flag name='spice'>Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
<flag name='ssh'>Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
<flag name='static-softmmu'>Builds the Software MMU (system) targets as static binaries</flag>
@ -37,7 +34,7 @@
<flag name='tci'>Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
<flag name='tls'>Enable TLS support for the VNC console server.
For 1.4 and newer this also enables WebSocket support.
For 2.0 and newer this also enables disk quorum support.</flag>
For 2.0 through 2.3 also enables disk quorum support.</flag>
<flag name='jpeg'>Enable jpeg image support for the VNC console server</flag>
<flag name='png'>Enable png image support for the VNC console server</flag>
<flag name='usb'>Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
@ -46,6 +43,7 @@
<flag name='vde'>Enable VDE-based networking</flag>
<flag name='vhost-net'>Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
<flag name='virtfs'>Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
<flag name='vte'>Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
<flag name='xattr'>Add support for getting and setting POSIX extended attributes, through
<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.
</flag>

603
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.2-r2.ebuild vendored
View File

@ -1,603 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.2-r2.ebuild,v 1.5 2015/04/08 07:30:33 mgorny Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS="20141214"
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz
http://dev.gentoo.org/~tamiko/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_targets="
$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
"
IUSE+=" ${use_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_targets} )
${PYTHON_REQUIRED_USE}
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
jpeg? ( virtual/jpeg[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
x11-libs/gtk+:3
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6 )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
static-user? ( ${USER_LIB_DEPEND} )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
src_prepare() {
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch
epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}/patches" epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local static_flag="static-${buildtype}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl glx)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=3.0 )
;;
esac
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "./configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_export_best
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
if [[ -n ${softmmu_targets} ]]; then
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

602
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.1.3.ebuild vendored
View File

@ -1,602 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.3.ebuild,v 1.3 2015/04/08 07:30:33 mgorny Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo pax-utils
BACKPORTS=""
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_targets="
$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
"
IUSE+=" ${use_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_targets} )
${PYTHON_REQUIRED_USE}
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
jpeg? ( virtual/jpeg[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
!pin-upstream-blobs? (
sys-firmware/seabios
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
x11-libs/gtk+:3
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6 )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
static-user? ( ${USER_LIB_DEPEND} )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )
"
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500
"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
you have the kernel module loaded before running kvm. The easiest way to
ensure that the kernel module is loaded is to load it on boot.\n
For AMD CPUs the module is called 'kvm-amd'\n
For Intel CPUs the module is called 'kvm-intel'\n
Please review /etc/conf.d/modules for how to load these\n\n
Make sure your user is in the 'kvm' group\n
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
qemu_support_kvm() {
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
use qemu_softmmu_targets_s390x; then
return 0
fi
return 1
}
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
src_prepare() {
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch
epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}/patches" epatch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
epatch_user
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local static_flag="static-${buildtype}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets as the default configure
# options will autoprobe and try to link in a bunch of unused junk.
conf_softmmu() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_softmmu accessibility brlapi)
$(conf_softmmu aio linux-aio)
$(conf_softmmu bluetooth bluez)
$(conf_softmmu caps cap-ng)
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
$(conf_softmmu jpeg vnc-jpeg)
$(conf_softmmu kernel_linux kvm)
$(conf_softmmu lzo)
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl glx)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
$(conf_softmmu smartcard smartcard-nss)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=3.0 )
;;
esac
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "./configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_export_best
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/kvm_stat"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_dorules "${FILESDIR}"/65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
if [[ -n ${softmmu_targets} ]]; then
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
if use virtfs && [ -n "${softmmu_targets}" ]; then
local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/vgabios)"
}

52
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.0.ebuild → sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r4.ebuild vendored
View File

@ -1,6 +1,6 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.0.ebuild,v 1.6 2015/04/08 07:30:33 mgorny Exp $
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.3.0-r4.ebuild,v 1.3 2015/07/28 15:04:54 ago Exp $
EAPI=5
@ -16,7 +16,6 @@ if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
@ -30,7 +29,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk infiniband iscsi +jpeg \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
@ -43,22 +42,21 @@ x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_targets="
$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
"
IUSE+=" ${use_targets}"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_targets} )
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
@ -76,13 +74,13 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
jpeg? ( virtual/jpeg[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng[static-libs(+)] )
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
@ -108,15 +106,17 @@ X86_FIRMWARE_DEPEND="
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
x11-libs/gtk+:3
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
@ -137,8 +137,8 @@ DEPEND="${CDEPEND}
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
static-user? ( ${USER_LIB_DEPEND} )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
@ -257,7 +257,13 @@ src_prepare() {
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404
epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752
epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680
epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052
epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532`
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
@ -334,7 +340,7 @@ qemu_src_configure() {
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl glx)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
@ -377,7 +383,7 @@ qemu_src_configure() {
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=3.0 )
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
;;
esac
@ -393,7 +399,7 @@ qemu_src_configure() {
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "./configure ${conf_opts[*]}"
einfo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
@ -406,7 +412,7 @@ qemu_src_configure() {
src_configure() {
local target
python_export_best
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()

76
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.2.1.ebuild → sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-2.3.0-r5.ebuild vendored
View File

@ -1,6 +1,6 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1.ebuild,v 1.2 2015/04/08 07:30:33 mgorny Exp $
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.3.0-r5.ebuild,v 1.4 2015/08/05 06:43:00 vapier Exp $
EAPI=5
@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@ -30,7 +29,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk infiniband iscsi +jpeg \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
@ -43,22 +42,21 @@ x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
use_targets="
$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
"
IUSE+=" ${use_targets}"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_targets} )
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
@ -76,13 +74,13 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
jpeg? ( virtual/jpeg[static-libs(+)] )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng[static-libs(+)] )
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
@ -108,15 +106,17 @@ X86_FIRMWARE_DEPEND="
sys-firmware/sgabios
sys-firmware/vgabios
)"
CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
CDEPEND="
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
x11-libs/gtk+:3
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
)
iscsi? ( net-libs/libiscsi )
@ -137,8 +137,8 @@ DEPEND="${CDEPEND}
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
static-user? ( ${USER_LIB_DEPEND} )
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
@ -245,7 +245,6 @@ pkg_pretend() {
pkg_setup() {
enewgroup kvm 78
python_setup
}
src_prepare() {
@ -258,6 +257,21 @@ src_prepare() {
use nls || rm -f po/*.po
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
epatch "${FILESDIR}"/${P}-CVE-2015-3456.patch #549404
epatch "${FILESDIR}"/${P}-CVE-2015-3209.patch #551752
epatch "${FILESDIR}"/${P}-CVE-2015-5158.patch #555680
epatch "${FILESDIR}"/${P}-CVE-2015-3214.patch #556052
epatch "${FILESDIR}"/${P}-CVE-2015-5154-1.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-2.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5154-3.patch #556050 / #555532
epatch "${FILESDIR}"/${P}-CVE-2015-5165-1.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-2.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-3.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-4.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-5.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-6.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5165-7.patch #556304
epatch "${FILESDIR}"/${P}-CVE-2015-5166.patch #556304
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
@ -334,7 +348,7 @@ qemu_src_configure() {
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
$(conf_softmmu opengl glx)
$(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
@ -377,7 +391,7 @@ qemu_src_configure() {
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=3.0 )
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
;;
esac
@ -393,7 +407,7 @@ qemu_src_configure() {
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "./configure ${conf_opts[*]}"
einfo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
@ -406,7 +420,7 @@ qemu_src_configure() {
src_configure() {
local target
python_export_best
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
@ -514,14 +528,14 @@ src_install() {
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"

128
sdk_container/src/third_party/portage-stable/app-emulation/qemu/qemu-9999.ebuild vendored
View File

@ -1,6 +1,6 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.96 2015/04/04 19:59:28 vapier Exp $
# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.106 2015/08/05 06:47:50 vapier Exp $
EAPI=5
@ -16,7 +16,6 @@ if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
@ -33,9 +32,9 @@ IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
@ -47,18 +46,19 @@ use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Require at least one softmmu or user target.
# Allow no targets to be built so that people can get a tools-only build.
# Block USE flag configurations known to not work.
REQUIRED_USE="|| ( ${use_softmmu_targets} ${use_user_targets} )
${PYTHON_REQUIRED_USE}
REQUIRED_USE="${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
static? ( static-softmmu static-user )
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
virtfs? ( xattr )"
virtfs? ( xattr )
vte? ( gtk )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
@ -84,7 +84,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
png? ( media-libs/libpng:0=[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
sdl? (
!sdl2? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
sdl2? ( media-libs/libsdl2[static-libs(+)] )
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
@ -116,15 +119,26 @@ CDEPEND="
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
gtk? (
gtk2? ( x11-libs/gtk+:2 )
!gtk2? ( x11-libs/gtk+:3 )
x11-libs/vte:2.90
gtk2? (
x11-libs/gtk+:2
vte? ( x11-libs/vte:0 )
)
!gtk2? (
x11-libs/gtk+:3
vte? ( x11-libs/vte:2.90 )
)
)
iscsi? ( net-libs/libiscsi )
opengl? ( virtual/opengl )
opengl? (
virtual/opengl
media-libs/mesa[gles2]
)
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
sdl? ( media-libs/libsdl[X] )
sdl? (
!sdl2? ( media-libs/libsdl[X] )
sdl2? ( media-libs/libsdl2[X] )
)
smartcard? ( dev-libs/nss !app-emulation/libcacard )
spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
@ -246,7 +260,6 @@ pkg_pretend() {
pkg_setup() {
enewgroup kvm 78
python_setup
}
src_prepare() {
@ -280,9 +293,11 @@ qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir=$2
local builddir="${S}/${buildtype}-build"
local static_flag="static-${buildtype}"
mkdir "${builddir}"
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
@ -345,9 +360,7 @@ qemu_src_configure() {
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
$(conf_softmmu tls quorum)
$(conf_softmmu tls vnc-tls)
$(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
@ -355,6 +368,7 @@ qemu_src_configure() {
$(conf_softmmu vhost-net)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
$(conf_softmmu vte)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
@ -365,7 +379,6 @@ qemu_src_configure() {
conf_opts+=(
--enable-linux-user
--disable-system
--target-list="${user_targets}"
--disable-blobs
--disable-tools
)
@ -374,14 +387,25 @@ qemu_src_configure() {
conf_opts+=(
--disable-linux-user
--enable-system
--target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
;;
tools)
conf_opts+=(
--disable-linux-user
--disable-system
--disable-blobs
)
static_flag="static"
;;
esac
local targets="${buildtype}_targets"
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
@ -394,7 +418,7 @@ qemu_src_configure() {
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
einfo "../configure ${conf_opts[*]}"
echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
@ -407,7 +431,7 @@ qemu_src_configure() {
src_configure() {
local target
python_export_best
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
@ -426,21 +450,12 @@ src_configure() {
fi
done
[[ -n ${softmmu_targets} ]] && \
einfo "Building the following softmmu targets: ${softmmu_targets}"
softmmu_targets=${softmmu_targets#,}
user_targets=${user_targets#,}
[[ -n ${user_targets} ]] && \
einfo "Building the following user targets: ${user_targets}"
if [[ -n ${softmmu_targets} ]]; then
mkdir "${S}/softmmu-build"
qemu_src_configure "softmmu" "${S}/softmmu-build"
fi
if [[ -n ${user_targets} ]]; then
mkdir "${S}/user-build"
qemu_src_configure "user" "${S}/user-build"
fi
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
[[ -n ${user_targets} ]] && qemu_src_configure "user"
[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
}
src_compile() {
@ -453,6 +468,11 @@ src_compile() {
cd "${S}/softmmu-build"
default
fi
if [[ -z ${softmmu_targets}${user_targets} ]]; then
cd "${S}/tools-build"
default
fi
}
src_test() {
@ -498,6 +518,11 @@ src_install() {
fi
fi
if [[ -z ${softmmu_targets}${user_targets} ]]; then
cd "${S}/tools-build"
emake DESTDIR="${ED}" install
fi
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
@ -515,14 +540,14 @@ src_install() {
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp/*.txt
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
fi
# Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
@ -560,21 +585,6 @@ src_install() {
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
ewarn "save states has been removed starting with the 1.6.2 release"
ewarn
ewarn "It is recommended that you migrate any VMs that may be running"
ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
ewarn "any saved states with a newer qemu."
ewarn
ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
if use x86 || use amd64; then
ewarn
ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
ewarn "installed. In order to use kvm acceleration, pass the flag"
ewarn "-enable-kvm when running your system target."
fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
@ -593,7 +603,7 @@ pkg_info() {
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version sys-firmware/seabios[binary]; then
if has_version 'sys-firmware/seabios[binary]'; then
echo " USE=binary"
else
echo " USE=''"