diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest index fb4bf04409..7644627f1c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest @@ -1 +1,2 @@ -DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 +DIST qemu-2.11.1-patches-r1.tar.xz 2064 SHA256 08b198d69a14fe852b86c00fbab24832223046407dd170be6d862571e8582536 SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a WHIRLPOOL 91da9ad3278ac130baacf57627a6a4535baef87b480a5321fd049815f2defd9c5ed0ce8bcef1d28e0c7075cc4ea7329decf57d22404915857b3aed319f59f92d +DIST qemu-2.11.1.tar.bz2 32819412 SHA256 d9df2213ceed32e91dab7bc9dd19c1af83f91ba72c7aeef7605dfaaf81732ccb SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354 WHIRLPOOL 2de03a00ab3fba1fe2ca8cd11a0948aede5db567a00a2213bf27517501de6fee04e8bd5443dd0af6aed554e20d8371cd4e69b142cb87e7a30abbf16e8aceab06 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch new file mode 100644 index 0000000000..1562bb3c64 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch @@ -0,0 +1,54 @@ +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau +Signed-off-by: Paolo Bonzini +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a98b..99ccc1725a 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1aba8..412e94a405 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include + +-- +2.11.0 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch deleted file mode 100644 index 346e7713f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 -From: Greg Kurz -Date: Fri, 5 May 2017 14:48:08 +0200 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) - -When using the mapped-file security mode, we shouldn't let the client mess -with the metadata. The current code already tries to hide the metadata dir -from the client by skipping it in local_readdir(). But the client can still -access or modify it through several other operations. This can be used to -escalate privileges in the guest. - -Affected backend operations are: -- local_mknod() -- local_mkdir() -- local_open2() -- local_symlink() -- local_link() -- local_unlinkat() -- local_renameat() -- local_rename() -- local_name_to_path() - -Other operations are safe because they are only passed a fid path, which -is computed internally in local_name_to_path(). - -This patch converts all the functions listed above to fail and return -EINVAL when being passed the name of the metadata dir. This may look -like a poor choice for errno, but there's no such thing as an illegal -path name on Linux and I could not think of anything better. - -This fixes CVE-2017-7493. - -Reported-by: Leo Gaspard -Signed-off-by: Greg Kurz -Reviewed-by: Eric Blake ---- - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index f3ebca4f7a..a2486566af 100644 ---- a/hw/9pfs/9p-local.c -+++ b/hw/9pfs/9p-local.c -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) - return telldir(fs->dir.stream); - } - -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) -+{ -+ return !strcmp(name, VIRTFS_META_DIR); -+} -+ - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) - { - struct dirent *entry; -@@ -465,8 +470,8 @@ again: - if (ctx->export_flags & V9FS_SM_MAPPED) { - entry->d_type = DT_UNKNOWN; - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { -- /* skp the meta data directory */ -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { -+ /* skip the meta data directory */ - goto again; - } - entry->d_type = DT_UNKNOWN; -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - /* - * Mark all the open to not follow symlinks - */ -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, - int ret = -1; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, odirpath); - if (odirfd == -1) { - goto out; -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, - const char *name, V9fsPath *target) - { -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - if (dir_path) { - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); - } else if (strcmp(name, "/")) { -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, - int ret; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ (local_is_mapped_file_metadata(ctx, old_name) || -+ local_is_mapped_file_metadata(ctx, new_name))) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, olddir->data); - if (odirfd == -1) { - return -1; -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, - int ret; - int dirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(ctx, dir->data); - if (dirfd == -1) { - return -1; --- -2.13.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch deleted file mode 100644 index 31fb69bf89..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch +++ /dev/null @@ -1,22 +0,0 @@ -CVE-2017-8112 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html ---- - hw/scsi/vmw_pvscsi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 7557546..4a106da 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) - uint32_t len_log2; - uint32_t ring_size; - -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { - return -1; - } - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch deleted file mode 100644 index 4f7f870210..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch +++ /dev/null @@ -1,22 +0,0 @@ -bug #616870 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html ---- - audio/audio.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index c8898d8422..beafed209b 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - sw = sw1; - } - QLIST_REMOVE (cap, entries); -+ g_free (cap->hw.mix_buf); -+ g_free (cap->buf); - g_free (cap); - } - return; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch deleted file mode 100644 index 0a34dae671..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch +++ /dev/null @@ -1,76 +0,0 @@ -bug #616872 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html ---- - ui/input.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ui/input.c b/ui/input.c -index ed88cda6d6..fb1f404095 100644 ---- a/ui/input.c -+++ b/ui/input.c -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = - QTAILQ_HEAD_INITIALIZER(kbd_queue); - static QEMUTimer *kbd_timer; - static uint32_t kbd_default_delay_ms = 10; -+static uint32_t queue_count; -+static uint32_t queue_limit = 1024; - - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, - QemuInputHandler *handler) -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) - break; - } - QTAILQ_REMOVE(queue, item, node); -+ queue_count--; - g_free(item); - } - } -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, - item->delay_ms = delay_ms; - item->timer = timer; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - - if (start_timer) { - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, - item->src = src; - item->evt = evt; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) - - item->type = QEMU_INPUT_QUEUE_SYNC; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) - qemu_input_event_send(src, evt); - qemu_input_event_sync(); - qapi_free_InputEvent(evt); -- } else { -+ } else if (queue_count < queue_limit) { - qemu_input_queue_event(&kbd_queue, src, evt); - qemu_input_queue_sync(&kbd_queue); - } -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, - &kbd_queue); - } -- qemu_input_queue_delay(&kbd_queue, kbd_timer, -- delay_ms ? delay_ms : kbd_default_delay_ms); -+ if (queue_count < queue_limit) { -+ qemu_input_queue_delay(&kbd_queue, kbd_timer, -+ delay_ms ? delay_ms : kbd_default_delay_ms); -+ } - } - - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch deleted file mode 100644 index 08911dd0bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch +++ /dev/null @@ -1,34 +0,0 @@ -bug #616874 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html ---- - hw/scsi/megasas.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 84b8caf..804122a 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, - case MFI_SEQ: - trace_megasas_mmio_writel("MFI_SEQ", val); - /* Magic sequence to start ADP reset */ -- if (adp_reset_seq[s->adp_reset] == val) { -- s->adp_reset++; -+ if (adp_reset_seq[s->adp_reset++] == val) { -+ if (s->adp_reset == 6) { -+ s->adp_reset = 0; -+ s->diag = MFI_DIAG_WRITE_ENABLE; -+ } - } else { - s->adp_reset = 0; - s->diag = 0; - } -- if (s->adp_reset == 6) { -- s->diag = MFI_DIAG_WRITE_ENABLE; -- } - break; - case MFI_DIAG: - trace_megasas_mmio_writel("MFI_DIAG", val); --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml index 3fe0408cc4..61c159a658 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml @@ -9,6 +9,7 @@ Adds support for braille displays using brltty Enables support for Linux's Async IO Enable alsa output for sound emulation + Enable disassembly support with dev-libs/capstone Support ISOs / -cdrom directives vis HTTP or HTTPS. Enables firmware device tree support Enables GlusterFS cluster fileystem via diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild index 3bcf97ea40..766846a3be 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" +FIRMWARE_ABI_VERSION="2.9.0-r52" + inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ user udev fcaps readme.gentoo-r1 pax-utils l10n @@ -18,6 +20,9 @@ if [[ ${PV} = *9999* ]]; then else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86 ~x86-fbsd" + + # Gentoo specific patchsets: + SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -27,7 +32,7 @@ LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png + kernel_FreeBSD lzo ncurses nfs nls numa opengl pin-upstream-blobs +png pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-user systemtap tci test usb usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen xfs" @@ -54,7 +59,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) sdl2? ( sdl ) - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy ) virtfs? ( xattr ) vte? ( gtk )" @@ -87,7 +92,7 @@ SOFTMMU_TOOLS_DEPEND=" bzip2? ( app-arch/bzip2[static-libs(+)] ) caps? ( sys-libs/libcap-ng[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) gnutls? ( dev-libs/nettle:=[static-libs(+)] @@ -111,7 +116,7 @@ SOFTMMU_TOOLS_DEPEND=" sys-libs/ncurses:0=[unicode] sys-libs/ncurses:0=[static-libs(+)] ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] ) numa? ( sys-process/numactl[static-libs(+)] ) opengl? ( virtual/opengl @@ -135,7 +140,7 @@ SOFTMMU_TOOLS_DEPEND=" ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) - snappy? ( app-arch/snappy[static-libs(+)] ) + snappy? ( app-arch/snappy:= ) spice? ( >=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-0.12.0[static-libs(+)] @@ -150,17 +155,26 @@ SOFTMMU_TOOLS_DEPEND=" xfs? ( sys-fs/xfsprogs[static-libs(+)] )" X86_FIRMWARE_DEPEND=" - >=sys-firmware/ipxe-1.0.0_p20130624 pin-upstream-blobs? ( - ~sys-firmware/seabios-1.10.1 + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] + ~sys-firmware/ipxe-1.0.0_p20160620 + ~sys-firmware/seabios-1.10.2[binary,seavgabios] ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a ) !pin-upstream-blobs? ( - sys-firmware/seabios + sys-firmware/edk2 + sys-firmware/ipxe + >=sys-firmware/seabios-1.10.2[seavgabios] sys-firmware/sgabios - sys-firmware/vgabios )" +PPC64_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ) + !pin-upstream-blobs? ( + >=sys-firmware/seabios-1.10.2[seavgabios] + ) +" CDEPEND=" !static? ( @@ -168,7 +182,9 @@ CDEPEND=" ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) +" DEPEND="${CDEPEND} dev-lang/perl =dev-lang/python-2* @@ -191,11 +207,8 @@ RDEPEND="${CDEPEND} PATCHES=( "${FILESDIR}"/${PN}-2.5.0-cflags.patch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 + "${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch + "${WORKDIR}"/patches # fix for vpc creation in qemu-img "${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch @@ -209,6 +222,7 @@ QA_PREBUILT=" usr/share/qemu/openbios-sparc32 usr/share/qemu/palcode-clipper usr/share/qemu/s390-ccw.img + usr/share/qemu/s390-netboot.img usr/share/qemu/u-boot.e500" QA_WX_LOAD="usr/bin/qemu-i386 @@ -278,7 +292,11 @@ pkg_pretend() { ERROR_VHOST_NET+=" support" if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + if grep -q AuthenticAMD /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_AMD" + elif grep -q GenuineIntel /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_INTEL" + fi fi use python && CONFIG_CHECK+=" ~DEBUG_FS" @@ -364,6 +382,9 @@ src_prepare() { # Run after we've applied all patches. handle_locales + + # Remove bundled copy of libfdt + rm -r dtc || die } ## @@ -483,7 +504,6 @@ qemu_src_configure() { --disable-linux-user --enable-system --disable-tools - --with-system-pixman ) local static_flag="static" ;; @@ -513,6 +533,9 @@ qemu_src_configure() { tc-enables-pie && conf_opts+=( --enable-pie ) fi + #bug #647570 + conf_opts+=( --disable-capstone ) + echo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -681,27 +704,31 @@ src_install() { cd "${S}" dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt newdoc pc-bios/README README.pc-bios - dodoc docs/qmp-*.txt if [[ -n ${softmmu_targets} ]]; then # Remove SeaBIOS since we're using the SeaBIOS packaged one rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin fi - # Remove vgabios since we're using the vgabios packaged one + # Remove vgabios since we're using the seavgabios packaged one rm "${ED}/usr/share/qemu/vgabios.bin" rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" rm "${ED}/usr/share/qemu/vgabios-qxl.bin" rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-virtio.bin" rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + # PPC64 loads vgabios-stdvga + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin fi # Remove sgabios since we're using the sgabios packaged one @@ -726,20 +753,50 @@ src_install() { readme.gentoo_create_doc } -pkg_postinst() { - DISABLE_AUTOFORMATTING=true - readme.gentoo_print_elog +firmware_abi_change() { + local pv + for pv in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then + return 0 + fi + done + return 1 +} +pkg_postinst() { if [[ -n ${softmmu_targets} ]] && use kernel_linux; then udev_reload fi fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + + DISABLE_AUTOFORMATTING=true + readme.gentoo_print_elog + + if use pin-upstream-blobs && firmware_abi_change; then + ewarn "This version of qemu pins new versions of firmware blobs:" + ewarn " $(best_version sys-firmware/edk2-ovmf)" + ewarn " $(best_version sys-firmware/ipxe)" + ewarn " $(best_version sys-firmware/seabios)" + ewarn " $(best_version sys-firmware/sgabios)" + ewarn "This might break resume of hibernated guests (started with a different" + ewarn "firmware version) and live migration to/from qemu versions with different" + ewarn "firmware. Please (cold) restart all running guests. For functional" + ewarn "guest migration ensure that all" + ewarn "hosts run at least" + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." + fi } pkg_info() { echo "Using:" echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/edk2-ovmf)" + if has_version 'sys-firmware/edk2-ovmf[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi echo " $(best_version sys-firmware/ipxe)" echo " $(best_version sys-firmware/seabios)" if has_version 'sys-firmware/seabios[binary]'; then @@ -747,5 +804,5 @@ pkg_info() { else echo " USE=''" fi - echo " $(best_version sys-firmware/vgabios)" + echo " $(best_version sys-firmware/sgabios)" }