mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-07 18:31:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2606 from dm0-/glsa

Browse Source 
Fix current GLSAs
This commit is contained in:
David Michael 2017-06-16 15:52:04 -07:00 committed by GitHub
commit fed03aca88
61 changed files with 552 additions and 1526 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest vendored
View File

@ -1,2 +1 @@
DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1

1
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/65-kvm.rules vendored
View File

@ -1 +0,0 @@
KERNEL=="kvm", GROUP="kvm", MODE="0660"

32
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch vendored
View File

@ -1,32 +0,0 @@
http://bugs.gentoo.org/597108
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
From: Prasad J Pandit <address@hidden>
The JAZZ RC4030 chipset emulator has a periodic timer and
associated interval reload register. The reload value is used
as divider when computing timer's next tick value. If reload
value is large, it could lead to divide by zero error. Limit
the interval reload value to avoid it.
Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/dma/rc4030.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index 2f2576f..c1b4997 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
break;
/* Interval timer reload */
case 0x0228:
- s->itr = val;
+ s->itr = val & 0x01FF;
qemu_irq_lower(s->timer_irq);
set_next_tick(s);
break;
--
2.5.5

40
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch vendored
View File

@ -1,40 +0,0 @@
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
https://bugs.gentoo.org/603444
From: P J P
Subject: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
Date: Wed, 14 Dec 2016 12:31:56 +0530
From: Prasad J Pandit <address@hidden>
Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
command, retrieves the maximum capabilities size to fill in the
response object. It continues to fill in capabilities even if
retrieved 'max_size' is zero(0), thus resulting in OOB access.
Add check to avoid it.
Reported-by: Zhenhao Hong <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/display/virtio-gpu-3d.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..6ceeba3 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
&max_size);
+ if (!max_size) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ return;
+ }
+
resp = g_malloc0(sizeof(*resp) + max_size);
-
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
virgl_renderer_fill_caps(gc.capset_id,
gc.capset_version,
--
2.9.3

46
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch vendored
View File

@ -1,46 +0,0 @@
From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 28 Nov 2016 17:49:04 -0800
Subject: [PATCH] watchdog: 6300esb: add exit function
When the Intel 6300ESB watchdog is hot unplug. The timer allocated
in realize isn't freed thus leaking memory leak. This patch avoid
this through adding the exit function.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/watchdog/wdt_i6300esb.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
index a83d951..49b3cd1 100644
--- a/hw/watchdog/wdt_i6300esb.c
+++ b/hw/watchdog/wdt_i6300esb.c
@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
/* qemu_register_coalesced_mmio (addr, 0x10); ? */
}
+static void i6300esb_exit(PCIDevice *dev)
+{
+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
+
+ timer_del(d->timer);
+ timer_free(d->timer);
+}
+
static WatchdogTimerModel model = {
.wdt_name = "i6300esb",
.wdt_description = "Intel 6300ESB",
@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
k->config_read = i6300esb_config_read;
k->config_write = i6300esb_config_write;
k->realize = i6300esb_realize;
+ k->exit = i6300esb_exit;
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
k->class_id = PCI_CLASS_SYSTEM_OTHER;
--
2.10.2

35
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch vendored
View File

@ -1,35 +0,0 @@
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
https://bugs.gentoo.org/601826
From: Li Qiang
Subject: [Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch
Date: Tue, 1 Nov 2016 05:37:57 -0700
From: Li Qiang <address@hidden>
In virgl_cmd_get_capset function, it uses g_malloc to allocate
a response struct to the guest. As the 'resp'struct hasn't been full
initialized it will lead the 'resp->padding' field to the guest.
Use g_malloc0 to avoid this.
Signed-off-by: Li Qiang <address@hidden>
---
hw/display/virtio-gpu-3d.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 23f39de..d98b140 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
&max_size);
- resp = g_malloc(sizeof(*resp) + max_size);
+ resp = g_malloc0(sizeof(*resp) + max_size);
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
virgl_renderer_fill_caps(gc.capset_id,
--
1.8.3.1

38
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch vendored
View File

@ -1,38 +0,0 @@
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
https://bugs.gentoo.org/602630
From: Li Qiang
Subject: [Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
Date: Mon, 28 Nov 2016 21:29:25 -0500
If the guest destroy the resource before detach banking, the 'iov'
and 'addrs' field in resource is not freed thus leading memory
leak issue. This patch avoid this.
Signed-off-by: Li Qiang <address@hidden>
---
hw/display/virtio-gpu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 60bce94..98dadf2 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -28,6 +28,8 @@
static struct virtio_gpu_simple_resource*
virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
+
#ifdef CONFIG_VIRGL
#include <virglrenderer.h>
#define VIRGL(_g, _virgl, _simple, ...) \
@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
struct virtio_gpu_simple_resource *res)
{
pixman_image_unref(res->image);
+ virtio_gpu_cleanup_mapping(res);
QTAILQ_REMOVE(&g->reslist, res, next);
g_free(res);
}
--
1.8.3.1

48
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch vendored
View File

@ -1,48 +0,0 @@
From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Wed, 1 Feb 2017 09:35:01 +0100
Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
{ kraxel: with backward blits (negative pitch) addr is the topmost
address, so check it as-is against vram size ]
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
hw/display/cirrus_vga.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 7db6409..16f27e8 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
{
if (pitch < 0) {
int64_t min = addr
- + ((int64_t)s->cirrus_blt_height-1) * pitch;
- int32_t max = addr
- + s->cirrus_blt_width;
- if (min < 0 || max > s->vga.vram_size) {
+ + ((int64_t)s->cirrus_blt_height - 1) * pitch
+ - s->cirrus_blt_width;
+ if (min < -1 || addr >= s->vga.vram_size) {
return true;
}
} else {
--
2.10.2

56
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch vendored
View File

@ -1,56 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 3/3] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all. Oops. Fix it.
Security impact: high.
The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.
The missing blit width check allows to overflow cirrus_bltbuf,
with the attractive target cirrus_srcptr (current cirrus_bltbuf write
position) being located right after cirrus_bltbuf in CirrusVGAState.
Due to cirrus emulation writing cirrus_bltbuf bytewise the attacker
hasn't full control over cirrus_srcptr though, only one byte can be
changed. Once the first byte has been modified further writes land
elsewhere.
[ This is CVE-2017-2620 / XSA-209 - Ian Jackson ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 0e47cf8..a093dc8 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -899,6 +899,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
{
int w;
+ if (blit_is_unsafe(s)) {
+ return 0;
+ }
+
s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
s->cirrus_srcptr = &s->cirrus_bltbuf[0];
s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
@@ -924,6 +928,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
}
s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
}
+
+ /* the blit_is_unsafe call above should catch this */
+ assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
+
s->cirrus_srcptr = s->cirrus_bltbuf;
s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
cirrus_update_memory_access(s);
--
1.8.3.1

22
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch vendored
View File

@ -1,22 +0,0 @@
Comparison symbol is misused. It may lead to memory corruption.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
---
nbd/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nbd/client.c b/nbd/client.c
index 6caf6bda6d..351731bc63 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
char small[1024];
char *buffer;
- buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
+ buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size));
while (size > 0) {
ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
--
2.11.0

52
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch vendored
View File

@ -1,52 +0,0 @@
From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Wed, 14 Dec 2016 18:30:21 -0800
Subject: [PATCH] audio: ac97: add exit function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently the ac97 device emulation doesn't have a exit function,
hot unplug this device will leak some memory. Add a exit function to
avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/audio/ac97.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
index cbd959e..c306575 100644
--- a/hw/audio/ac97.c
+++ b/hw/audio/ac97.c
@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
ac97_on_reset (&s->dev.qdev);
}
+static void ac97_exit(PCIDevice *dev)
+{
+ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
+
+ AUD_close_in(&s->card, s->voice_pi);
+ AUD_close_out(&s->card, s->voice_po);
+ AUD_close_in(&s->card, s->voice_mc);
+ AUD_remove_card(&s->card);
+}
+
static int ac97_init (PCIBus *bus)
{
pci_create_simple (bus, -1, "AC97");
@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
k->realize = ac97_realize;
+ k->exit = ac97_exit;
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
k->revision = 0x01;
--
2.10.2

55
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch vendored
View File

@ -1,55 +0,0 @@
From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Wed, 14 Dec 2016 18:32:22 -0800
Subject: [PATCH] audio: es1370: add exit function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently the es1370 device emulation doesn't have a exit function,
hot unplug this device will leak some memory. Add a exit function to
avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/audio/es1370.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
index 8449b5f..883ec69 100644
--- a/hw/audio/es1370.c
+++ b/hw/audio/es1370.c
@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
es1370_reset (s);
}
+static void es1370_exit(PCIDevice *dev)
+{
+ ES1370State *s = ES1370(dev);
+ int i;
+
+ for (i = 0; i < 2; ++i) {
+ AUD_close_out(&s->card, s->dac_voice[i]);
+ }
+
+ AUD_close_in(&s->card, s->adc_voice);
+ AUD_remove_card(&s->card);
+}
+
static int es1370_init (PCIBus *bus)
{
pci_create_simple (bus, -1, TYPE_ES1370);
@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
k->realize = es1370_realize;
+ k->exit = es1370_exit;
k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
--
2.10.2

41
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch vendored
View File

@ -1,41 +0,0 @@
From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Thu, 29 Dec 2016 03:11:26 -0500
Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the virgl_renderer_resource_attach_iov function fails the
'res_iovs' will be leaked. Add check of the return value to
free the 'res_iovs' when failing.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/virtio-gpu-3d.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index e29f099..b13ced3 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
return;
}
- virgl_renderer_resource_attach_iov(att_rb.resource_id,
- res_iovs, att_rb.nr_entries);
+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
+ res_iovs, att_rb.nr_entries);
+
+ if (ret != 0)
+ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
}
static void virgl_resource_detach_backing(VirtIOGPU *g,
--
2.10.2

35
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch vendored
View File

@ -1,35 +0,0 @@
From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Thu, 29 Dec 2016 04:28:41 -0500
Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
In the resource attach backing function, everytime it will
allocate 'res->iov' thus can leading a memory leak. This
patch avoid this.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/virtio-gpu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 6a26258..ca88cf4 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
return;
}
+ if (res->iov) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+ return;
+ }
+
ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
if (ret != 0) {
cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
--
2.10.2

40
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch vendored
View File

@ -1,40 +0,0 @@
From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Wed, 4 Jan 2017 00:43:16 -0800
Subject: [PATCH] serial: fix memory leak in serial exit
The serial_exit_core function doesn't free some resources.
This can lead memory leak when hotplug and unplug. This
patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/char/serial.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index ffbacd8..67b18ed 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
void serial_exit_core(SerialState *s)
{
qemu_chr_fe_deinit(&s->chr);
+
+ timer_del(s->modem_status_poll);
+ timer_free(s->modem_status_poll);
+
+ timer_del(s->fifo_timeout_timer);
+ timer_free(s->fifo_timeout_timer);
+
+ fifo8_destroy(&s->recv_fifo);
+ fifo8_destroy(&s->xmit_fifo);
+
qemu_unregister_reset(serial_reset, s);
}
--
2.10.2

37
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch vendored
View File

@ -1,37 +0,0 @@
From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 7 Feb 2017 18:29:59 +0000
Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
While doing multi block SDMA transfer in routine
'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
index 'begin' and data length 's->data_count' could end up to be same.
This could lead to an OOB access issue. Correct transfer data length
to avoid it.
Cc: qemu-stable@nongnu.org
Reported-by: Jiang Xin <jiangxin1@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20170130064736.9236-1-ppandit@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/sd/sdhci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 01fbf22..5bd5ab6 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
boundary_count -= block_size - begin;
}
dma_memory_read(&address_space_memory, s->sdmasysad,
- &s->fifo_buffer[begin], s->data_count);
+ &s->fifo_buffer[begin], s->data_count - begin);
s->sdmasysad += s->data_count - begin;
if (s->data_count == block_size) {
for (n = 0; n < block_size; n++) {
--
2.10.2

64
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch vendored
View File

@ -1,64 +0,0 @@
From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 2 Jan 2017 11:03:33 +0100
Subject: [PATCH] megasas: fix guest-triggered memory leak
If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
Avoid this by returning only the status from map_dcmd, and loading
cmd->iov_size in the caller.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/megasas.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 67fc1e7..6233865 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
trace_megasas_dcmd_invalid_sge(cmd->index,
cmd->frame->header.sge_count);
cmd->iov_size = 0;
- return -1;
+ return -EINVAL;
}
iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
cmd->iov_size = iov_size;
- return cmd->iov_size;
+ return 0;
}
static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
{
- int opcode, len;
+ int opcode;
int retval = 0;
+ size_t len;
const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
trace_megasas_handle_dcmd(cmd->index, opcode);
- len = megasas_map_dcmd(s, cmd);
- if (len < 0) {
+ if (megasas_map_dcmd(s, cmd) < 0) {
return MFI_STAT_MEMORY_NOT_AVAILABLE;
}
while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
cmdptr++;
}
+ len = cmd->iov_size;
if (cmdptr->opcode == -1) {
trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
retval = megasas_dcmd_dummy(s, cmd);
--
2.10.2

38
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch vendored
View File

@ -1,38 +0,0 @@
When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
we'll leak memory.
This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/display/virtio-gpu-3d.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index f96a0c2..ecb09d1 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
struct virtio_gpu_ctrl_command *cmd)
{
struct virtio_gpu_resource_unref unref;
+ struct iovec *res_iovs = NULL;
+ int num_iovs = 0;
VIRTIO_GPU_FILL_CMD(unref);
trace_virtio_gpu_cmd_res_unref(unref.resource_id);
+ virgl_renderer_resource_detach_iov(unref.resource_id,
+ &res_iovs,
+ &num_iovs);
+ if (res_iovs != NULL && num_iovs != 0) {
+ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
+ }
virgl_renderer_resource_unref(unref.resource_id);
}
--
1.8.3.1

35
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch vendored
View File

@ -1,35 +0,0 @@
From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 3 Feb 2017 00:52:28 +0530
Subject: [PATCH] usb: ccid: check ccid apdu length
CCID device emulator uses Application Protocol Data Units(APDU)
to exchange command and responses to and from the host.
The length in these units couldn't be greater than 65536. Add
check to ensure the same. It'd also avoid potential integer
overflow in emulated_apdu_from_guest.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170202192228.10847-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/dev-smartcard-reader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index 89e11b6..1325ea1 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
recv->hdr.bSeq, len);
ccid_add_pending_answer(s, (CCID_Header *)recv);
- if (s->card) {
+ if (s->card && len <= BULK_OUT_DATA_SIZE) {
ccid_card_apdu_from_guest(s->card, recv->abData, len);
} else {
DPRINTF(s, D_WARN, "warning: discarded apdu\n");
--
2.10.2

46
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch vendored
View File

@ -1,46 +0,0 @@
From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
From: Gonglei <arei.gonglei@huawei.com>
Date: Tue, 3 Jan 2017 14:50:03 +0800
Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.
Using uint_64 instead of size_t to avoid the integer overflow.
Cc: qemu-stable@nongnu.org
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/virtio/virtio-crypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 2f2467e..c23e1ad 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
uint32_t hash_start_src_offset = 0, len_to_hash = 0;
uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
- size_t max_len, curr_size = 0;
+ uint64_t max_len, curr_size = 0;
size_t s;
/* Plain cipher */
@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
return NULL;
}
- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
+ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
if (unlikely(max_len > vcrypto->conf.max_size)) {
virtio_error(vdev, "virtio-crypto too big length");
return NULL;
--
2.10.2

87
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch vendored
View File

@ -1,87 +0,0 @@
Limits should be big enough that normal guest should not hit it.
Add a tracepoint to log them, just in case. Also, while being
at it, log the existing link trb limit too.
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/usb/hcd-xhci.c | 15 ++++++++++++++-
hw/usb/trace-events | 1 +
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index fbf8a8b..28dd2f2 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -51,6 +51,8 @@
#define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
#define TRB_LINK_LIMIT 4
+#define COMMAND_LIMIT 256
+#define TRANSFER_LIMIT 256
#define LEN_CAP 0x40
#define LEN_OPER (0x400 + 0x10 * MAXPORTS)
@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
return type;
} else {
if (++link_cnt > TRB_LINK_LIMIT) {
+ trace_usb_xhci_enforced_limit("trb-link");
return 0;
}
ring->dequeue = xhci_mask64(trb->parameter);
@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
XHCIRing *ring;
USBEndpoint *ep = NULL;
uint64_t mfindex;
+ unsigned int count = 0;
int length;
int i;
@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
epctx->retry = xfer;
break;
}
+ if (count++ > TRANSFER_LIMIT) {
+ trace_usb_xhci_enforced_limit("transfers");
+ break;
+ }
}
epctx->kick_active--;
@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
TRBType type;
XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
dma_addr_t addr;
- unsigned int i, slotid = 0;
+ unsigned int i, slotid = 0, count = 0;
DPRINTF("xhci_process_commands()\n");
if (!xhci_running(xhci)) {
@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
}
event.slotid = slotid;
xhci_event(xhci, &event, 0);
+
+ if (count++ > COMMAND_LIMIT) {
+ trace_usb_xhci_enforced_limit("commands");
+ return;
+ }
}
}
diff --git a/hw/usb/trace-events b/hw/usb/trace-events
index fdd1d29..0c323d4 100644
--- a/hw/usb/trace-events
+++ b/hw/usb/trace-events
@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
+usb_xhci_enforced_limit(const char *item) "%s"
# hw/usb/desc.c
usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
--
1.8.3.1

50
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch vendored
View File

@ -1,50 +0,0 @@
From: Prasad J Pandit <address@hidden>
In the SDHCI protocol, the transfer mode register value
is used during multi block transfer to check if block count
register is enabled and should be updated. Transfer mode
register could be set such that, block count register would
not be updated, thus leading to an infinite loop. Add check
to avoid it.
Reported-by: Wjjzhang <address@hidden>
Reported-by: Jiang Xin <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/sd/sdhci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Update: use qemu_log_mask(LOG_UNIMP, ...)
-> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 5bd5ab6..a9c744b 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+ if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
+ qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
+ return;
+ }
+
/* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
* possible stop at page boundary if initial address is not page aligned,
* allow them to work properly */
@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
if (s->trnmod & SDHC_TRNS_DMA) {
switch (SDHC_DMA_TYPE(s->hostctl)) {
case SDHC_CTRL_SDMA:
- if ((s->trnmod & SDHC_TRNS_MULTI) &&
- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
- break;
- }
-
if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
sdhci_sdma_transfer_single_block(s);
} else {
--
2.9.3

112
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch vendored
View File

@ -1,112 +0,0 @@
This patch fixed a problem that was introduced in commit eb700029.
When net_rx_pkt_attach_iovec() calls eth_strip_vlan()
this can result in pkt->ehdr_buf being overflowed, because
ehdr_buf is only sizeof(struct eth_header) bytes large
but eth_strip_vlan() can write
sizeof(struct eth_header) + sizeof(struct vlan_header)
bytes into it.
Devices affected by this problem: vmxnet3.
Reported-by: Peter Maydell <address@hidden>
Signed-off-by: Dmitry Fleytman <address@hidden>
---
hw/net/net_rx_pkt.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/hw/net/net_rx_pkt.c b/hw/net/net_rx_pkt.c
index 1019b50..7c0beac 100644
--- a/hw/net/net_rx_pkt.c
+++ b/hw/net/net_rx_pkt.c
@@ -23,13 +23,13 @@
struct NetRxPkt {
struct virtio_net_hdr virt_hdr;
- uint8_t ehdr_buf[sizeof(struct eth_header)];
+ uint8_t ehdr_buf[sizeof(struct eth_header) + sizeof(struct vlan_header)];
struct iovec *vec;
uint16_t vec_len_total;
uint16_t vec_len;
uint32_t tot_len;
uint16_t tci;
- bool vlan_stripped;
+ size_t ehdr_buf_len;
bool has_virt_hdr;
eth_pkt_types_e packet_type;
@@ -88,15 +88,13 @@ net_rx_pkt_pull_data(struct NetRxPkt *pkt,
const struct iovec *iov, int iovcnt,
size_t ploff)
{
- if (pkt->vlan_stripped) {
+ if (pkt->ehdr_buf_len) {
net_rx_pkt_iovec_realloc(pkt, iovcnt + 1);
pkt->vec[0].iov_base = pkt->ehdr_buf;
- pkt->vec[0].iov_len = sizeof(pkt->ehdr_buf);
-
- pkt->tot_len =
- iov_size(iov, iovcnt) - ploff + sizeof(struct eth_header);
+ pkt->vec[0].iov_len = pkt->ehdr_buf_len;
+ pkt->tot_len = iov_size(iov, iovcnt) - ploff + pkt->ehdr_buf_len;
pkt->vec_len = iov_copy(pkt->vec + 1, pkt->vec_len_total - 1,
iov, iovcnt, ploff, pkt->tot_len);
} else {
@@ -123,11 +121,12 @@ void net_rx_pkt_attach_iovec(struct NetRxPkt *pkt,
uint16_t tci = 0;
uint16_t ploff = iovoff;
assert(pkt);
- pkt->vlan_stripped = false;
if (strip_vlan) {
- pkt->vlan_stripped = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
- &ploff, &tci);
+ pkt->ehdr_buf_len = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
+ &ploff, &tci);
+ } else {
+ pkt->ehdr_buf_len = 0;
}
pkt->tci = tci;
@@ -143,12 +142,13 @@ void net_rx_pkt_attach_iovec_ex(struct NetRxPkt *pkt,
uint16_t tci = 0;
uint16_t ploff = iovoff;
assert(pkt);
- pkt->vlan_stripped = false;
if (strip_vlan) {
- pkt->vlan_stripped = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
- pkt->ehdr_buf,
- &ploff, &tci);
+ pkt->ehdr_buf_len = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
+ pkt->ehdr_buf,
+ &ploff, &tci);
+ } else {
+ pkt->ehdr_buf_len = 0;
}
pkt->tci = tci;
@@ -162,8 +162,8 @@ void net_rx_pkt_dump(struct NetRxPkt *pkt)
NetRxPkt *pkt = (NetRxPkt *)pkt;
assert(pkt);
- printf("RX PKT: tot_len: %d, vlan_stripped: %d, vlan_tag: %d\n",
- pkt->tot_len, pkt->vlan_stripped, pkt->tci);
+ printf("RX PKT: tot_len: %d, ehdr_buf_len: %lu, vlan_tag: %d\n",
+ pkt->tot_len, pkt->ehdr_buf_len, pkt->tci);
#endif
}
@@ -426,7 +426,7 @@ bool net_rx_pkt_is_vlan_stripped(struct NetRxPkt *pkt)
{
assert(pkt);
- return pkt->vlan_stripped;
+ return pkt->ehdr_buf_len ? true : false;
}
bool net_rx_pkt_has_virt_hdr(struct NetRxPkt *pkt)
--
2.7.4

52
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch vendored
View File

@ -1,52 +0,0 @@
From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 7 Feb 2017 02:23:33 -0800
Subject: [PATCH] usb: ohci: limit the number of link eds
The guest may builds an infinite loop with link eds. This patch
limit the number of linked ed to avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ohci.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index 2cba3e3..21c93e0 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -42,6 +42,8 @@
#define OHCI_MAX_PORTS 15
+#define ED_LINK_LIMIT 4
+
static int64_t usb_frame_time;
static int64_t usb_bit_time;
@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
uint32_t next_ed;
uint32_t cur;
int active;
-
+ uint32_t link_cnt = 0;
active = 0;
if (head == 0)
@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
next_ed = ed.next & OHCI_DPTR_MASK;
+ if (++link_cnt > ED_LINK_LIMIT) {
+ ohci_die(ohci);
+ return 0;
+ }
+
if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
uint32_t addr;
/* Cancel pending packets for ED that have been paused. */
--
2.10.2

174
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch vendored Normal file
View File

@ -0,0 +1,174 @@
From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
From: Greg Kurz <groug@kaod.org>
Date: Fri, 5 May 2017 14:48:08 +0200
Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
When using the mapped-file security mode, we shouldn't let the client mess
with the metadata. The current code already tries to hide the metadata dir
from the client by skipping it in local_readdir(). But the client can still
access or modify it through several other operations. This can be used to
escalate privileges in the guest.
Affected backend operations are:
- local_mknod()
- local_mkdir()
- local_open2()
- local_symlink()
- local_link()
- local_unlinkat()
- local_renameat()
- local_rename()
- local_name_to_path()
Other operations are safe because they are only passed a fid path, which
is computed internally in local_name_to_path().
This patch converts all the functions listed above to fail and return
EINVAL when being passed the name of the metadata dir. This may look
like a poor choice for errno, but there's no such thing as an illegal
path name on Linux and I could not think of anything better.
This fixes CVE-2017-7493.
Reported-by: Leo Gaspard <leo@gaspard.io>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 56 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index f3ebca4f7a..a2486566af 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
return telldir(fs->dir.stream);
}
+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
+{
+ return !strcmp(name, VIRTFS_META_DIR);
+}
+
static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
{
struct dirent *entry;
@@ -465,8 +470,8 @@ again:
if (ctx->export_flags & V9FS_SM_MAPPED) {
entry->d_type = DT_UNKNOWN;
} else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
- /* skp the meta data directory */
+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
+ /* skip the meta data directory */
goto again;
}
entry->d_type = DT_UNKNOWN;
@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
/*
* Mark all the open to not follow symlinks
*/
@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
int ret = -1;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, odirpath);
if (odirfd == -1) {
goto out;
@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
const char *name, V9fsPath *target)
{
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (dir_path) {
v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
} else if (strcmp(name, "/")) {
@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
int ret;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ (local_is_mapped_file_metadata(ctx, old_name) ||
+ local_is_mapped_file_metadata(ctx, new_name))) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, olddir->data);
if (odirfd == -1) {
return -1;
@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
int ret;
int dirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(ctx, dir->data);
if (dirfd == -1) {
return -1;
--
2.13.0

22
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch vendored Normal file
View File

@ -0,0 +1,22 @@
CVE-2017-8112
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
---
hw/scsi/vmw_pvscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 7557546..4a106da 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
uint32_t len_log2;
uint32_t ring_size;
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
return -1;
}
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--
2.9.3

22
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch vendored Normal file
View File

@ -0,0 +1,22 @@
bug #616870
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
---
audio/audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
sw = sw1;
}
QLIST_REMOVE (cap, entries);
+ g_free (cap->hw.mix_buf);
+ g_free (cap->buf);
g_free (cap);
}
return;
--
2.9.3

76
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch vendored Normal file
View File

@ -0,0 +1,76 @@
bug #616872
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
---
ui/input.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ui/input.c b/ui/input.c
index ed88cda6d6..fb1f404095 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
QTAILQ_HEAD_INITIALIZER(kbd_queue);
static QEMUTimer *kbd_timer;
static uint32_t kbd_default_delay_ms = 10;
+static uint32_t queue_count;
+static uint32_t queue_limit = 1024;
QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
QemuInputHandler *handler)
@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
break;
}
QTAILQ_REMOVE(queue, item, node);
+ queue_count--;
g_free(item);
}
}
@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
item->delay_ms = delay_ms;
item->timer = timer;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
if (start_timer) {
timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
item->src = src;
item->evt = evt;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
item->type = QEMU_INPUT_QUEUE_SYNC;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
qemu_input_event_send(src, evt);
qemu_input_event_sync();
qapi_free_InputEvent(evt);
- } else {
+ } else if (queue_count < queue_limit) {
qemu_input_queue_event(&kbd_queue, src, evt);
qemu_input_queue_sync(&kbd_queue);
}
@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
&kbd_queue);
}
- qemu_input_queue_delay(&kbd_queue, kbd_timer,
- delay_ms ? delay_ms : kbd_default_delay_ms);
+ if (queue_count < queue_limit) {
+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
+ delay_ms ? delay_ms : kbd_default_delay_ms);
+ }
}
InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--
2.9.3

34
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch vendored Normal file
View File

@ -0,0 +1,34 @@
bug #616874
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
---
hw/scsi/megasas.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf..804122a 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
- if (adp_reset_seq[s->adp_reset] == val) {
- s->adp_reset++;
+ if (adp_reset_seq[s->adp_reset++] == val) {
+ if (s->adp_reset == 6) {
+ s->adp_reset = 0;
+ s->diag = MFI_DIAG_WRITE_ENABLE;
+ }
} else {
s->adp_reset = 0;
s->diag = 0;
}
- if (s->adp_reset == 6) {
- s->diag = MFI_DIAG_WRITE_ENABLE;
- }
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);
--
2.9.3

138
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-binfmt.initd-r1 vendored
View File

@ -1,138 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
# Defaulting to OC should be safe because it comes down to:
# - do we trust the interp itself to not be malicious? yes; we built it.
# - do we trust the programs we're running? ish; same permission as native
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
: ${QEMU_BINFMT_FLAGS:=OC}
depend() {
after procfs
}
start() {
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
modprobe -q binfmt_misc
fi
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
eend $? "You need support for 'misc binaries' in your kernel!" || return
fi
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
eend $? || return
fi
# probe cpu type
cpu=`uname -m`
case "$cpu" in
i386|i486|i586|i686|i86pc|BePC|x86_64)
cpu="i386"
;;
m68k)
cpu="m68k"
;;
mips*)
cpu="mips"
;;
"Power Macintosh"|ppc|ppc64)
cpu="ppc"
;;
armv[4-9]*)
cpu="arm"
;;
sparc*)
cpu="sparc"
;;
esac
# register the interpreter for each cpu except for the native one
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
#echo 'Please check cpu value and header information for m68k!'
echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
# FIXME: We could use the other endianness on a MIPS host.
echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
eend $?
}
stop() {
ebegin "Unregistering qemu-user binaries"
local arches
arches="${arches} i386 i486"
arches="${arches} alpha"
arches="${arches} arm armeb"
arches="${arches} aarch64"
arches="${arches} sparc"
arches="${arches} ppc"
arches="${arches} m68k"
arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el"
arches="${arches} sh4 sh4eb"
arches="${arches} s390x"
for a in ${arches}; do
if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then
echo '-1' > /proc/sys/fs/binfmt_misc/$a
fi
done
eend $?
}
# vim: ts=4 :

85
sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.8.0-r9.ebuild → sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild vendored
View File

@ -20,10 +20,6 @@ else
KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
# bug #606088
SRC_URI+="
https://dev.gentoo.org/~tamiko/distfiles/${P}-CVE-2016-9602-patches.tar.xz"
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
@ -33,16 +29,16 @@ IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
spice ssh static static-user systemtap tci test +threads usb usbredir
vde +vhost-net virgl virtfs +vnc vte xattr xen xfs"
spice ssh static static-user systemtap tci test usb usbredir vde
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
sparc64 x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS}
armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@ -54,6 +50,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_mips64el? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
@ -69,18 +66,17 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
#
# To configure and compile qemu user targets or tools alone the following
# dependencies are not strictly necessary:
# alsa? ( >=media-libs/alsa-lib-1.0.13 )
# fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
# pulseaudio? ( media-sound/pulseaudio )
# seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
# but these are so few it is not worth the effort to separate this list.
TARGETS_DEPEND="
ALL_DEPEND="
>=dev-libs/glib-2.0[static-libs(+)]
>=x11-libs/pixman-0.28.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap )
xattr? ( sys-apps/attr[static-libs(+)] )"
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
# softmmu targets (qemu-system-*).
SOFTMMU_TOOLS_DEPEND="
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? (
app-accessibility/brltty[api]
app-accessibility/brltty[static-libs(+)]
@ -125,7 +121,6 @@ TARGETS_DEPEND="
)
png? ( media-libs/libpng:0=[static-libs(+)] )
pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? (
@ -146,13 +141,11 @@ TARGETS_DEPEND="
>=app-emulation/spice-0.12.0[static-libs(+)]
)
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
systemtap? ( dev-util/systemtap )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap )
xattr? ( sys-apps/attr[static-libs(+)] )
xen? ( app-emulation/xen-tools:= )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
@ -170,7 +163,10 @@ X86_FIRMWARE_DEPEND="
)"
CDEPEND="
!static? ( ${TARGETS_DEPEND//\[static-libs(+)]} )
!static? (
${ALL_DEPEND//\[static-libs(+)]}
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
)
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
DEPEND="${CDEPEND}
@ -180,8 +176,11 @@ DEPEND="${CDEPEND}
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static? ( ${TARGETS_DEPEND} )
static-user? ( ${TARGETS_DEPEND} )
static? (
${ALL_DEPEND}
${SOFTMMU_TOOLS_DEPEND}
)
static-user? ( ${ALL_DEPEND} )
test? (
dev-libs/glib[utils]
sys-devel/bc
@ -192,29 +191,11 @@ RDEPEND="${CDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch #608034
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2630.patch #609396
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch #607766
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch #608728
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch #609638
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch #609206
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
"${S}-CVE-2016-9602-patches"
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
# fix for vpc creation in qemu-img
"${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch
@ -240,7 +221,7 @@ QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or32
usr/bin/qemu-or1k
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
@ -529,7 +510,7 @@ qemu_src_configure() {
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
gcc-specs-pie && conf_opts+=( --enable-pie )
tc-enables-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"
@ -697,9 +678,6 @@ src_install() {
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
@ -750,7 +728,6 @@ src_install() {
pkg_postinst() {
DISABLE_AUTOFORMATTING=true
FORCE_PRINT_ELOG=1 # remove for next version bump
readme.gentoo_print_elog
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then

0
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/etcd-wrapper-3.1.6-r2 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/etcd-wrapper-3.1.8 vendored
View File

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/flannel-wrapper-0.7.1-r1 vendored
View File

@ -3,9 +3,9 @@ DEPEND=virtual/pkgconfig
DESCRIPTION=flannel (System Application Container)
EAPI=6
HOMEPAGE=https://github.com/coreos/flannel
KEYWORDS=amd64
KEYWORDS=amd64 arm64
LICENSE=Apache-2.0
RDEPEND=!app-admin/flannel >=app-emulation/rkt-1.9.1[rkt_stage1_fly]
SLOT=0
_eclasses_=multilib 0236be304ee52e7f179ed2f337075515 systemd ec2e9154031d942186c75c0aabb41900 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=93fb3143e1c75f03c34141c1593f52cb
_md5_=57e014e99d444d5a7afc7336511db223

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-admin/kubelet-wrapper-0.0.2-r1 vendored
View File

@ -2,8 +2,8 @@ DEFINED_PHASES=install
DESCRIPTION=Kubernetes Container Manager
EAPI=6
HOMEPAGE=http://kubernetes.io/
KEYWORDS=amd64
KEYWORDS=amd64 arm64
LICENSE=Apache-2.0
RDEPEND=>=app-emulation/rkt-1.9.1[rkt_stage1_fly]
SLOT=0
_md5_=0cc2a2b909d4890ffaf33f981e502d79
_md5_=3a757cf456f609324a3a9888a78264ae

14
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-emulation/qemu-2.8.0-r9 vendored
View File

File diff suppressed because one or more lines are too long

14
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-emulation/qemu-2.9.0-r2 vendored Normal file
View File

File diff suppressed because one or more lines are too long

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-0.0.1 vendored
View File

@ -5,6 +5,6 @@ HOMEPAGE=http://coreos.com
IUSE=selinux
KEYWORDS=amd64 arm arm64 x86
LICENSE=GPL-2
RDEPEND=>=sys-apps/baselayout-3.0.0 sys-apps/dbus[selinux?] sys-apps/systemd[selinux?] selinux? ( sec-policy/selinux-virt ) amd64? ( app-admin/adcli app-admin/kubelet-wrapper app-crypt/go-tspi app-emulation/xenserver-pv-version app-emulation/xenstore sys-auth/realmd sys-auth/sssd app-admin/flannel-wrapper ) app-admin/etcd-wrapper app-admin/fleet app-admin/locksmith app-admin/mayday app-admin/sdnotify-proxy app-admin/sudo app-admin/toolbox app-arch/gzip app-arch/tar app-arch/torcx app-arch/unzip app-arch/zip app-crypt/gnupg app-crypt/tpmpolicy app-editors/vim app-emulation/docker app-emulation/rkt app-emulation/actool app-misc/ca-certificates app-misc/jq app-shells/bash coreos-base/coreos-cloudinit coreos-base/coreos-init coreos-base/coreos-metadata coreos-base/update_engine dev-db/etcd:2 dev-util/strace dev-vcs/git net-analyzer/nmap net-dns/bind-tools net-firewall/ebtables net-firewall/ipset net-firewall/iptables net-fs/nfs-utils net-misc/bridge-utils net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rsync net-misc/wget net-misc/whois sys-apps/coreutils sys-apps/dbus sys-apps/ethtool sys-apps/findutils sys-apps/gawk sys-apps/grep sys-apps/iproute2 sys-apps/kexec-tools sys-apps/less sys-apps/lshw sys-apps/net-tools sys-apps/nvme-cli sys-apps/pciutils sys-apps/rng-tools sys-apps/sed sys-apps/seismograph sys-apps/shadow sys-apps/usbutils sys-apps/util-linux sys-apps/which sys-block/open-iscsi sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/multipath-tools sys-fs/quota sys-fs/xfsprogs sys-kernel/coreos-firmware sys-kernel/coreos-kernel sys-libs/glibc sys-libs/nss-usrfiles sys-libs/timezone-data sys-process/lsof sys-process/procps
RDEPEND=>=sys-apps/baselayout-3.0.0 sys-apps/dbus[selinux?] sys-apps/systemd[selinux?] selinux? ( sec-policy/selinux-virt ) amd64? ( app-admin/adcli app-crypt/go-tspi app-emulation/xenserver-pv-version app-emulation/xenstore sys-auth/realmd sys-auth/sssd ) app-admin/etcd-wrapper app-admin/flannel-wrapper app-admin/fleet app-admin/kubelet-wrapper app-admin/locksmith app-admin/mayday app-admin/sdnotify-proxy app-admin/sudo app-admin/toolbox app-arch/gzip app-arch/tar app-arch/torcx app-arch/unzip app-arch/zip app-crypt/gnupg app-crypt/tpmpolicy app-editors/vim app-emulation/docker app-emulation/rkt app-emulation/actool app-misc/ca-certificates app-misc/jq app-shells/bash coreos-base/coreos-cloudinit coreos-base/coreos-init coreos-base/coreos-metadata coreos-base/update_engine dev-db/etcd:2 dev-util/strace dev-vcs/git net-analyzer/nmap net-dns/bind-tools net-firewall/ebtables net-firewall/ipset net-firewall/iptables net-fs/nfs-utils net-misc/bridge-utils net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rsync net-misc/wget net-misc/whois sys-apps/coreutils sys-apps/dbus sys-apps/ethtool sys-apps/findutils sys-apps/gawk sys-apps/grep sys-apps/iproute2 sys-apps/kexec-tools sys-apps/less sys-apps/lshw sys-apps/net-tools sys-apps/nvme-cli sys-apps/pciutils sys-apps/rng-tools sys-apps/sed sys-apps/seismograph sys-apps/shadow sys-apps/usbutils sys-apps/util-linux sys-apps/which sys-block/open-iscsi sys-fs/btrfs-progs sys-fs/dosfstools sys-fs/e2fsprogs sys-fs/mdadm sys-fs/multipath-tools sys-fs/quota sys-fs/xfsprogs sys-kernel/coreos-firmware sys-kernel/coreos-kernel sys-libs/glibc sys-libs/nss-usrfiles sys-libs/timezone-data sys-process/lsof sys-process/procps
SLOT=0
_md5_=1ea1be0d2cc2339167a72009c92c181e
_md5_=6a15f6f8ca3eddba99bd700498f9ff03

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-0.0.1-r281 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/coreos-base/coreos-0.0.1-r283 vendored
View File

@ -5,6 +5,6 @@ HOMEPAGE=http://coreos.com
IUSE=selinux
KEYWORDS=amd64 arm arm64 x86
LICENSE=GPL-2
RDEPEND=>=sys-apps/baselayout-3.0.0 sys-apps/dbus[selinux?] sys-apps/systemd[selinux?] selinux? ( sec-policy/selinux-virt ) amd64? ( app-admin/adcli app-admin/kubelet-wrapper app-crypt/go-tspi app-emulation/xenserver-pv-version app-emulation/xenstore sys-auth/realmd sys-auth/sssd app-admin/flannel-wrapper ) app-admin/etcd-wrapper app-admin/fleet app-admin/locksmith app-admin/mayday app-admin/sdnotify-proxy app-admin/sudo app-admin/toolbox app-arch/gzip app-arch/tar app-arch/torcx app-arch/unzip app-arch/zip app-crypt/gnupg app-crypt/tpmpolicy app-editors/vim app-emulation/docker app-emulation/rkt app-emulation/actool app-misc/ca-certificates app-misc/jq app-shells/bash coreos-base/coreos-cloudinit coreos-base/coreos-init coreos-base/coreos-metadata coreos-base/update_engine dev-db/etcd:2 dev-util/strace dev-vcs/git net-analyzer/nmap net-dns/bind-tools net-firewall/ebtables net-firewall/ipset net-firewall/iptables net-fs/nfs-utils net-misc/bridge-utils net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rsync net-misc/wget net-misc/whois sys-apps/coreutils sys-apps/dbus sys-apps/ethtool sys-apps/findutils sys-apps/gawk sys-apps/grep sys-apps/iproute2 sys-apps/kexec-tools sys-apps/less sys-apps/lshw sys-apps/net-tools sys-apps/nvme-cli sys-apps/pciutils sys-apps/rng-tools sys-apps/sed sys-apps/seismograph sys-apps/shadow sys-apps/usbutils sys-apps/util-linux sys-apps/which sys-block/open-iscsi sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/multipath-tools sys-fs/quota sys-fs/xfsprogs sys-kernel/coreos-firmware sys-kernel/coreos-kernel sys-libs/glibc sys-libs/nss-usrfiles sys-libs/timezone-data sys-process/lsof sys-process/procps
RDEPEND=>=sys-apps/baselayout-3.0.0 sys-apps/dbus[selinux?] sys-apps/systemd[selinux?] selinux? ( sec-policy/selinux-virt ) amd64? ( app-admin/adcli app-crypt/go-tspi app-emulation/xenserver-pv-version app-emulation/xenstore sys-auth/realmd sys-auth/sssd ) app-admin/etcd-wrapper app-admin/flannel-wrapper app-admin/fleet app-admin/kubelet-wrapper app-admin/locksmith app-admin/mayday app-admin/sdnotify-proxy app-admin/sudo app-admin/toolbox app-arch/gzip app-arch/tar app-arch/torcx app-arch/unzip app-arch/zip app-crypt/gnupg app-crypt/tpmpolicy app-editors/vim app-emulation/docker app-emulation/rkt app-emulation/actool app-misc/ca-certificates app-misc/jq app-shells/bash coreos-base/coreos-cloudinit coreos-base/coreos-init coreos-base/coreos-metadata coreos-base/update_engine dev-db/etcd:2 dev-util/strace dev-vcs/git net-analyzer/nmap net-dns/bind-tools net-firewall/ebtables net-firewall/ipset net-firewall/iptables net-fs/nfs-utils net-misc/bridge-utils net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rsync net-misc/wget net-misc/whois sys-apps/coreutils sys-apps/dbus sys-apps/ethtool sys-apps/findutils sys-apps/gawk sys-apps/grep sys-apps/iproute2 sys-apps/kexec-tools sys-apps/less sys-apps/lshw sys-apps/net-tools sys-apps/nvme-cli sys-apps/pciutils sys-apps/rng-tools sys-apps/sed sys-apps/seismograph sys-apps/shadow sys-apps/usbutils sys-apps/util-linux sys-apps/which sys-block/open-iscsi sys-fs/btrfs-progs sys-fs/dosfstools sys-fs/e2fsprogs sys-fs/mdadm sys-fs/multipath-tools sys-fs/quota sys-fs/xfsprogs sys-kernel/coreos-firmware sys-kernel/coreos-kernel sys-libs/glibc sys-libs/nss-usrfiles sys-libs/timezone-data sys-process/lsof sys-process/procps
SLOT=0
_md5_=1ea1be0d2cc2339167a72009c92c181e
_md5_=6a15f6f8ca3eddba99bd700498f9ff03

14
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/dbus-1.10.12 vendored
View File

@ -1,14 +0,0 @@
DEFINED_PHASES=compile configure install postinst prepare setup test
DEPEND=>=dev-libs/expat-2 selinux? ( sys-libs/libselinux ) systemd? ( sys-apps/systemd:0= ) X? ( x11-libs/libX11 x11-libs/libXt ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) app-text/xmlto app-text/docbook-xml-dtd:4.4 virtual/pkgconfig doc? ( app-doc/doxygen ) test? ( >=dev-libs/glib-2.36:2 || ( >=dev-lang/python-2.7.5-r2:2.7 ) ) >=app-portage/elt-patches-20170317 !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig test? ( !prefix? ( x11-base/xorg-server[xvfb] ) x11-apps/xhost )
DESCRIPTION=A message bus system, a simple way for applications to talk to each other
EAPI=6
HOMEPAGE=https://dbus.freedesktop.org/
IUSE=debug doc selinux static-libs systemd test user-session X test abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
KEYWORDS=alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris
LICENSE=|| ( AFL-2.1 GPL-2 )
RDEPEND=>=dev-libs/expat-2 selinux? ( sys-libs/libselinux ) systemd? ( sys-apps/systemd:0= ) X? ( x11-libs/libX11 x11-libs/libXt ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
RESTRICT=test
SLOT=0
SRC_URI=https://dbus.freedesktop.org/releases/dbus/dbus-1.10.12.tar.gz
_eclasses_=autotools 7027963e8e8cc12c91117bdb9225dc26 epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b libtool e32ea84bf82cf8987965b574672dba93 linux-info ca370deef9d44125d829f2eb6ebc83e0 ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 72647e255187a1fadc81097b3657e5c3 multilib 0236be304ee52e7f179ed2f337075515 multilib-build eed53a6313267c9fbcd35fc384bd0087 multilib-minimal 9139c3a57e077cb8e0d0f73ceb080b89 python-any-r1 be89e882151ba4b847089b860d79729c python-utils-r1 c11fc374357e6ad9ddfe2e9f931e4d29 readme.gentoo-r1 6f03e110529650f57fc7d1fb908b8986 systemd ec2e9154031d942186c75c0aabb41900 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee user e4b567c44272a719fabf53f0f885d3f7 versionator c80ccf29e90adea7c5cae94b42eb76d0 virtualx 171580f737f5aaf18fcb456548588066
_md5_=3be955fa316e2834a53620047b9684e8

15
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/dbus-1.10.18 vendored Normal file
View File

@ -0,0 +1,15 @@
DEFINED_PHASES=compile configure install postinst prepare setup test
DEPEND=>=dev-libs/expat-2 selinux? ( sys-libs/libselinux ) elogind? ( sys-auth/elogind ) systemd? ( sys-apps/systemd:0= ) X? ( x11-libs/libX11 x11-libs/libXt ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) app-text/xmlto app-text/docbook-xml-dtd:4.4 virtual/pkgconfig doc? ( app-doc/doxygen ) test? ( >=dev-libs/glib-2.36:2 || ( >=dev-lang/python-2.7.5-r2:2.7 ) ) >=app-portage/elt-patches-20170317 !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig test? ( !prefix? ( x11-base/xorg-server[xvfb] ) x11-apps/xhost )
DESCRIPTION=A message bus system, a simple way for applications to talk to each other
EAPI=6
HOMEPAGE=https://dbus.freedesktop.org/
IUSE=debug doc elogind selinux static-libs systemd test user-session X test abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
KEYWORDS=alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris
LICENSE=|| ( AFL-2.1 GPL-2 )
RDEPEND=>=dev-libs/expat-2 selinux? ( sys-libs/libselinux ) elogind? ( sys-auth/elogind ) systemd? ( sys-apps/systemd:0= ) X? ( x11-libs/libX11 x11-libs/libXt ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
REQUIRED_USE=?? ( elogind systemd )
RESTRICT=test
SLOT=0
SRC_URI=https://dbus.freedesktop.org/releases/dbus/dbus-1.10.18.tar.gz
_eclasses_=autotools 7027963e8e8cc12c91117bdb9225dc26 epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b libtool e32ea84bf82cf8987965b574672dba93 linux-info ca370deef9d44125d829f2eb6ebc83e0 ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 72647e255187a1fadc81097b3657e5c3 multilib 0236be304ee52e7f179ed2f337075515 multilib-build eed53a6313267c9fbcd35fc384bd0087 multilib-minimal 9139c3a57e077cb8e0d0f73ceb080b89 python-any-r1 be89e882151ba4b847089b860d79729c python-utils-r1 c11fc374357e6ad9ddfe2e9f931e4d29 readme.gentoo-r1 6f03e110529650f57fc7d1fb908b8986 systemd ec2e9154031d942186c75c0aabb41900 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee user e4b567c44272a719fabf53f0f885d3f7 versionator c80ccf29e90adea7c5cae94b42eb76d0 virtualx 171580f737f5aaf18fcb456548588066
_md5_=d4bb980317490d7bee5f325bfb162312

13
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/shadow-4.4-r2 vendored
View File

@ -1,13 +0,0 @@
DEFINED_PHASES=configure install prepare
DEPEND=acl? ( sys-apps/acl ) audit? ( sys-process/audit ) cracklib? ( >=sys-libs/cracklib-2.7-r3 ) pam? ( virtual/pam ) skey? ( sys-auth/skey ) selinux? ( >=sys-libs/libselinux-1.28 sys-libs/libsemanage ) nls? ( virtual/libintl ) xattr? ( sys-apps/attr ) app-arch/xz-utils nls? ( sys-devel/gettext ) >=app-portage/elt-patches-20170317 virtual/pkgconfig
DESCRIPTION=Utilities to deal with user accounts
EAPI=5
HOMEPAGE=https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/
IUSE=acl audit cracklib nls pam selinux skey xattr
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86
LICENSE=BSD GPL-2
RDEPEND=acl? ( sys-apps/acl ) audit? ( sys-process/audit ) cracklib? ( >=sys-libs/cracklib-2.7-r3 ) pam? ( virtual/pam ) skey? ( sys-auth/skey ) selinux? ( >=sys-libs/libselinux-1.28 sys-libs/libsemanage ) nls? ( virtual/libintl ) xattr? ( sys-apps/attr ) pam? ( >=sys-auth/pambase-20150213 )
SLOT=0
SRC_URI=https://github.com/shadow-maint/shadow/releases/download/4.4/shadow-4.4.tar.gz
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b libtool e32ea84bf82cf8987965b574672dba93 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 pam 3e788d86170dfcd5b06824d898315e18 systemd ec2e9154031d942186c75c0aabb41900 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=20a0bbbc68cb802230f530dac77f8f20

13
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-apps/shadow-4.5 vendored Normal file
View File

@ -0,0 +1,13 @@
DEFINED_PHASES=configure install preinst prepare
DEPEND=acl? ( sys-apps/acl:0= ) audit? ( >=sys-process/audit-2.6:0= ) cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) pam? ( virtual/pam:0= ) skey? ( sys-auth/skey:0= ) selinux? ( >=sys-libs/libselinux-1.28:0= sys-libs/libsemanage:0= ) nls? ( virtual/libintl ) xattr? ( sys-apps/attr:0= ) app-arch/xz-utils nls? ( sys-devel/gettext ) >=app-portage/elt-patches-20170317 virtual/pkgconfig
DESCRIPTION=Utilities to deal with user accounts
EAPI=5
HOMEPAGE=https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/
IUSE=acl audit cracklib nls pam selinux skey xattr linguas_cs linguas_da linguas_de linguas_es linguas_fi linguas_fr linguas_hu linguas_id linguas_it linguas_ja linguas_ko linguas_pl linguas_pt_BR linguas_ru linguas_sv linguas_tr linguas_zh_CN linguas_zh_TW
KEYWORDS=~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86
LICENSE=BSD GPL-2
RDEPEND=acl? ( sys-apps/acl:0= ) audit? ( >=sys-process/audit-2.6:0= ) cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) pam? ( virtual/pam:0= ) skey? ( sys-auth/skey:0= ) selinux? ( >=sys-libs/libselinux-1.28:0= sys-libs/libsemanage:0= ) nls? ( virtual/libintl ) xattr? ( sys-apps/attr:0= ) pam? ( >=sys-auth/pambase-20150213 )
SLOT=0
SRC_URI=https://github.com/shadow-maint/shadow/releases/download/4.5/shadow-4.5.tar.gz
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b libtool e32ea84bf82cf8987965b574672dba93 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 pam 3e788d86170dfcd5b06824d898315e18 systemd ec2e9154031d942186c75c0aabb41900 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=3d6dd32a45959af66379a7d47c6974d5

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/bootengine-0.0.15 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/bootengine-0.0.16 vendored
View File

@ -5,6 +5,6 @@ EAPI=5
IUSE=cros_workon_tree_* profiling cros-debug
KEYWORDS=amd64 arm arm64 x86
LICENSE=BSD
SLOT=0/0.0.15
SLOT=0/0.0.16
_eclasses_=cros-au f9ae34f03ddcc4a8450e4f603ffef8f8 cros-debug deb4c0b1259db4d092692c4c46fe072b cros-workon 4ad6e6491a1010ad7c875302b3be18ba epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b git-r3 cbafa3261c37c7e3af44bb16a34ea390 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=56523c3d2265adcde481a0d818b36658
_md5_=b787554889c284e938b23a131ff999b2

2
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/bootengine-9999 vendored
View File

@ -7,4 +7,4 @@ KEYWORDS=~amd64 ~arm ~arm64 ~x86
LICENSE=BSD
SLOT=0/9999
_eclasses_=cros-au f9ae34f03ddcc4a8450e4f603ffef8f8 cros-debug deb4c0b1259db4d092692c4c46fe072b cros-workon 4ad6e6491a1010ad7c875302b3be18ba epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea flag-o-matic 61cad4fb5d800b29d484b27cb033f59b git-r3 cbafa3261c37c7e3af44bb16a34ea390 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee
_md5_=56523c3d2265adcde481a0d818b36658
_md5_=b787554889c284e938b23a131ff999b2

8
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.11.2 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-kernel-4.11.3 vendored
View File

@ -1,12 +1,12 @@
DEFINED_PHASES=compile configure install prepare pretend setup unpack
DEPEND==sys-kernel/coreos-modules-4.11.2 app-arch/gzip app-shells/bash sys-apps/coreutils sys-apps/findutils sys-apps/grep sys-apps/ignition:= sys-apps/less sys-apps/sed sys-apps/shadow sys-apps/systemd sys-apps/seismograph sys-apps/util-linux sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs >=sys-kernel/coreos-firmware-20160331-r1:= >=sys-kernel/bootengine-0.0.4:= sys-kernel/dracut virtual/udev =sys-kernel/coreos-sources-4.11.2
DEPEND==sys-kernel/coreos-modules-4.11.3 app-arch/gzip app-shells/bash sys-apps/coreutils sys-apps/findutils sys-apps/grep sys-apps/ignition:= sys-apps/less sys-apps/sed sys-apps/shadow sys-apps/systemd[cryptsetup] sys-apps/seismograph sys-apps/util-linux sys-fs/btrfs-progs sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs >=sys-kernel/coreos-firmware-20160331-r1:= >=sys-kernel/bootengine-0.0.4:= sys-kernel/dracut virtual/udev =sys-kernel/coreos-sources-4.11.3
DESCRIPTION=CoreOS Linux kernel
EAPI=5
HOMEPAGE=http://www.kernel.org
KEYWORDS=amd64 arm64
LICENSE=GPL-2 freedist
RDEPEND==sys-kernel/coreos-modules-4.11.2
RDEPEND==sys-kernel/coreos-modules-4.11.3
RESTRICT=binchecks strip
SLOT=0/4.11.2
SLOT=0/4.11.3
_eclasses_=coreos-kernel a7d8c01479b7bbc753349eaebba79268 epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea linux-info ca370deef9d44125d829f2eb6ebc83e0 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee versionator c80ccf29e90adea7c5cae94b42eb76d0
_md5_=b531fd02cfd892c89a08def456fd29dd
_md5_=97a87eab60d056190b8aa25e2601d2e2

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.11.2 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-modules-4.11.3 vendored
View File

@ -1,5 +1,5 @@
DEFINED_PHASES=compile configure install postinst prepare pretend setup unpack
DEPEND==sys-kernel/coreos-sources-4.11.2
DEPEND==sys-kernel/coreos-sources-4.11.3
DESCRIPTION=CoreOS Linux kernel modules
EAPI=5
HOMEPAGE=http://www.kernel.org
@ -8,6 +8,6 @@ KEYWORDS=amd64 arm64
LICENSE=GPL-2 freedist
RDEPEND=!<sys-kernel/coreos-kernel-4.6.3-r1
RESTRICT=binchecks strip
SLOT=0/4.11.2
SLOT=0/4.11.3
_eclasses_=coreos-kernel a7d8c01479b7bbc753349eaebba79268 epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea linux-info ca370deef9d44125d829f2eb6ebc83e0 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 portability 2b88d3ecc35035a3b8ab628b49cafb0e savedconfig e6948c872ff47e15a10e5ad1be15c18e toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee versionator c80ccf29e90adea7c5cae94b42eb76d0
_md5_=504109d46fa628d1af16a2067836873f

4
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-sources-4.11.2 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/sys-kernel/coreos-sources-4.11.3 vendored
View File

@ -8,7 +8,7 @@ KEYWORDS=amd64 arm64
LICENSE=GPL-2 freedist
RDEPEND=!build? ( >=sys-libs/ncurses-5.2 sys-devel/make dev-lang/perl sys-devel/bc )
RESTRICT=binchecks strip
SLOT=4.11.2
SRC_URI=mirror://kernel/linux/kernel/v4.x/patch-4.11.2.xz mirror://kernel/linux/kernel/v4.x/linux-4.11.tar.xz
SLOT=4.11.3
SRC_URI=mirror://kernel/linux/kernel/v4.x/patch-4.11.3.xz mirror://kernel/linux/kernel/v4.x/linux-4.11.tar.xz
_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 9c113d6a64826c40154cad7be15d95ea kernel-2 7cc211cb9f869927ca267873f54d8fd5 ltprune 2770eed66a9b8ef944714cd0e968182e multilib 0236be304ee52e7f179ed2f337075515 python-any-r1 be89e882151ba4b847089b860d79729c python-utils-r1 c11fc374357e6ad9ddfe2e9f931e4d29 toolchain-funcs 6eb35f81556258a4bc9182ad3dfd58ee versionator c80ccf29e90adea7c5cae94b42eb76d0
_md5_=0ddd24ae375858f7982c46c4594e9973

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords vendored
View File

@ -23,6 +23,7 @@
=media-libs/libpng-1.6.27 ~arm64
=net-analyzer/nmap-7.12 ~arm64
=net-analyzer/tcpdump-4.9.0 ~arm64
=net-dialup/minicom-2.7.1 ~arm64
=net-firewall/ebtables-2.0.10.4-r1 ~arm64
=net-firewall/ipset-6.29 ~arm64
=net-libs/libmicrohttpd-0.9.50 **

2
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest vendored
View File

@ -1 +1 @@
DIST dbus-1.10.12.tar.gz 1984805 SHA256 210a79430b276eafc6406c71705e9140d25b9956d18068df98a70156dc0e475d SHA512 6616c7b2926a6fb6158d0a0a24d1b887173ca215a2f3185b95cc5f08df64fed1977e16c86c6ae530960453b6c585ae24ea4c9976e7537a45f9c6366c43baa52d WHIRLPOOL 9bd9ed70c4d9890dad09b2bcd07ee40ef472f1436cefe3bc89aaddbb183532939d6ce19da721a673a39f2e6b07e634b179190cec00e1a48fa2d9be6c830cc696
DIST dbus-1.10.18.tar.gz 1986589 SHA256 6049ddd5f3f3e2618f615f1faeda0a115104423a7996b7aa73e2f36e38cc514a SHA512 726f97d0a2016f4f0625ba332e93e2d33bb16857cd35cb6c79da0f44fff297df948c3df62c31ffbec34713a7b85b3ff5b65f31517fe3511ddbd3bf18bd4748ed WHIRLPOOL ee164e1f6de80595fbfbcbad65d78dab4b91b5ec4e1ce88e1c4015f1c1b531f09796d54db163b2c2eceb3b92261f8a57852d2e0b29f71d9c65f9b91684433d9e

14
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.10.12.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.10.18.ebuild vendored
View File

@ -1,6 +1,5 @@
# Copyright 1999-2016 Gentoo Foundation
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=6
PYTHON_COMPAT=( python2_7 )
@ -13,16 +12,19 @@ SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz"
LICENSE="|| ( AFL-2.1 GPL-2 )"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
IUSE="debug doc selinux static-libs systemd test user-session X"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
IUSE="debug doc elogind selinux static-libs systemd test user-session X"
RESTRICT="test"
REQUIRED_USE="?? ( elogind systemd )"
CDEPEND="
>=dev-libs/expat-2
selinux? (
sys-libs/libselinux
)
elogind? ( sys-auth/elogind )
systemd? ( sys-apps/systemd:0= )
X? (
x11-libs/libX11
@ -72,6 +74,8 @@ src_prepare() {
-e '/"dispatch"/d' \
bus/test-main.c || die
eapply "${FILESDIR}/${PN}-enable-elogind.patch"
eapply_user
# required for asneeded patch but also for bug 263909, cross-compile so
@ -107,6 +111,7 @@ multilib_src_configure() {
--disable-apparmor
$(use_enable kernel_linux inotify)
$(use_enable kernel_FreeBSD kqueue)
$(use_enable elogind)
$(use_enable systemd)
$(use_enable user-session)
--disable-embedded-tests
@ -140,6 +145,7 @@ multilib_src_configure() {
myconf+=(
--disable-selinux
--disable-libaudit
--disable-elogind
--disable-systemd
--without-x

73
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-enable-elogind.patch vendored Normal file
View File

@ -0,0 +1,73 @@
--- a/dbus/dbus-userdb-util.c 2015-09-30 16:48:40.000000000 +0200
+++ b/dbus/dbus-userdb-util.c 2016-11-03 11:09:42.550520587 +0100
@@ -32,6 +32,9 @@
#if HAVE_SYSTEMD
#include <systemd/sd-login.h>
#endif
+#if HAVE_ELOGIND
+#include <elogind/sd-login.h>
+#endif
/**
* @addtogroup DBusInternalsUtils
@@ -54,7 +57,7 @@
const DBusUserInfo *info;
dbus_bool_t result = FALSE;
-#ifdef HAVE_SYSTEMD
+#if defined(HAVE_SYSTEMD) || defined(HAVE_ELOGIND)
/* check if we have logind */
if (access ("/run/systemd/seats/", F_OK) >= 0)
{
--- a/configure.ac 2016-11-03 11:13:58.286528265 +0100
+++ b/configure.ac 2016-11-03 11:22:11.210543063 +0100
@@ -185,6 +185,7 @@
AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto)
AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[enable console owner file]),enable_console_owner_file=$enableval,enable_console_owner_file=auto)
AC_ARG_ENABLE(launchd, AS_HELP_STRING([--enable-launchd],[build with launchd auto-launch support]),enable_launchd=$enableval,enable_launchd=auto)
+AC_ARG_ENABLE(elogind, AS_HELP_STRING([--enable-elogind],[build with elogind user seat support]),enable_elogind=$enableval,enable_elogind=auto)
AC_ARG_ENABLE(systemd, AS_HELP_STRING([--enable-systemd],[build with systemd at_console support]),enable_systemd=$enableval,enable_systemd=auto)
AC_ARG_WITH(init-scripts, AS_HELP_STRING([--with-init-scripts=[redhat]],[Style of init scripts to install]))
@@ -1184,6 +1185,24 @@
AM_CONDITIONAL(HAVE_CONSOLE_OWNER_FILE, test x$have_console_owner_file = xyes)
+dnl elogind detection
+if test x$enable_elogind = xno ; then
+ have_elogind=no;
+else
+ PKG_CHECK_MODULES([ELOGIND],
+ [libelogind >= 209],
+ [have_elogind=yes],
+ [have_elogind=no])
+fi
+
+if test x$have_elogind = xyes; then
+ AC_DEFINE(HAVE_ELOGIND,1,[Have elogind])
+fi
+
+if test x$enable_elogind = xyes -a x$have_elogind != xyes ; then
+ AC_MSG_ERROR([Explicitly requested elogind support, but libelogind not found])
+fi
+
dnl systemd detection
if test x$enable_systemd = xno ; then
have_systemd=no;
@@ -1290,7 +1309,7 @@
fi
#### Set up final flags
-LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs $SYSTEMD_LIBS"
+LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs $SYSTEMD_LIBS $ELOGIND_LIBS"
AC_SUBST([LIBDBUS_LIBS])
### X11 detection
@@ -1949,6 +1968,7 @@
Building AppArmor support: ${have_apparmor}
Building inotify support: ${have_inotify}
Building kqueue support: ${have_kqueue}
+ Building elogind support: ${have_elogind}
Building systemd support: ${have_systemd}
Building X11 code: ${have_x11}
Building Doxygen docs: ${enable_doxygen_docs}

1
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus.initd-r1 vendored
View File

@ -1,7 +1,6 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License, v2 or later
# $Id$
extra_started_commands="reload"

1
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml vendored
View File

@ -5,6 +5,7 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking.</flag>
<flag name="systemd">Build with <pkg>sys-apps/systemd</pkg> at_console support</flag>
<flag name="user-session">Enable user-session semantics for session bus under systemd</flag>
</use>

2
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/Manifest vendored
View File

@ -1 +1 @@
DIST shadow-4.4.tar.gz 3706812 SHA256 2398fe436e548786c17ec387b4c41f5339f72ec9ee2f3f7a6e0cc2cb240bb482 SHA512 c1e0f65a4fbd0f9d8de38e488b4a374cac5c476180e233269fc666988d9201c0dcc694605c5e54d54f81039c2e30c95b14c12f10adef749a45cc31f0b4b5d5a6 WHIRLPOOL a22fc0f90ec0623cbbcef253378a16ad605cf71345074880e3fd12fb5914058d3e721f378730c9684497cc597595b7defc7e710206268ae320a090c8c35fd41e
DIST shadow-4.5.tar.gz 3804933 SHA256 ed2d53bd0e80cf32261e82b8d93684334e8809266dba1ec7a42bfa747605989e SHA512 02d6482a1159689e404dd49a68b4e2db85e9ffdcdfbacc8efcbd9043f14a1ec3fc4d749700df915d375df67d589219b6b0f57a6cfd9fb5b197012888a608913b WHIRLPOOL 73552aff621cf34ef977095a05d9b679b7b6ffa78979d69eeb43089564aca5cc1d841dc9cbb6f0fba4c4f712f0e89f6cc683b733ea1041e4633b5d9fe58b5499

24
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/login_defs_pam.sed vendored
View File

@ -1,24 +0,0 @@
/^FAILLOG_ENAB/b comment
/^LASTLOG_ENAB/b comment
/^MAIL_CHECK_ENAB/b comment
/^OBSCURE_CHECKS_ENAB/b comment
/^PORTTIME_CHECKS_ENAB/b comment
/^QUOTAS_ENAB/b comment
/^MOTD_FILE/b comment
/^FTMP_FILE/b comment
/^NOLOGINS_FILE/b comment
/^ENV_HZ/b comment
/^PASS_MIN_LEN/b comment
/^SU_WHEEL_ONLY/b comment
/^CRACKLIB_DICTPATH/b comment
/^PASS_CHANGE_TRIES/b comment
/^PASS_ALWAYS_WARN/b comment
/^CHFN_AUTH/b comment
/^ENVIRON_FILE/b comment
b exit
: comment
s:^:#:
: exit

39
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-fix-root-defaults.patch vendored
View File

@ -1,39 +0,0 @@
From c6b0664f529673e83c24243edd985803b9791631 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Wed, 8 Feb 2017 15:48:36 -0800
Subject: [PATCH] useradd: Read defaults after changing root directories
This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.
---
src/useradd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 1797229..d973ca3 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2047,8 +2047,8 @@ int main (int argc, char **argv)
#endif /* ACCT_TOOLS_SETUID */
#ifdef ENABLE_SUBIDS
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ uid_t uid_min;
+ uid_t uid_max;
#endif
/*
@@ -2085,6 +2085,8 @@ int main (int argc, char **argv)
process_flags (argc, argv);
#ifdef ENABLE_SUBIDS
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
is_sub_uid = sub_uid_file_present () && !rflg &&
(!user_id || (user_id <= uid_max && user_id >= uid_min));
is_sub_gid = sub_gid_file_present () && !rflg &&
--
2.7.4

37
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-load_defaults.patch vendored
View File

@ -1,37 +0,0 @@
From 507f96cdeb54079fb636c7ce21e371f7a16a520e Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 25 Aug 2016 11:20:34 +0200
Subject: [PATCH] Fix regression in useradd not loading defaults properly.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The get_defaults() has to be called before processing the flags.
Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
---
src/useradd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index fefa234..6c43e7e 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2027,6 +2027,8 @@ int main (int argc, char **argv)
is_shadow_grp = sgr_file_present ();
#endif
+ get_defaults ();
+
process_flags (argc, argv);
#ifdef ENABLE_SUBIDS
@@ -2036,8 +2038,6 @@ int main (int argc, char **argv)
(!user_id || (user_id <= uid_max && user_id >= uid_min));
#endif /* ENABLE_SUBIDS */
- get_defaults ();
-
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
{

42
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-prototypes.patch vendored
View File

@ -1,42 +0,0 @@
https://github.com/shadow-maint/shadow/pull/53
From 32c0b283ef5d68b63e4ec05fb22ed0db938fea67 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 5 Dec 2016 17:15:29 -0500
Subject: [PATCH] include getdef.h for getdef_bool prototype
Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
---
lib/sgroupio.c | 1 +
lib/shadowio.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index f2685779a12b..5423626a01da 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -40,6 +40,7 @@
#include "prototypes.h"
#include "defines.h"
#include "commonio.h"
+#include "getdef.h"
#include "sgroupio.h"
/*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
diff --git a/lib/shadowio.c b/lib/shadowio.c
index 6e44ab24d69c..5fa3d312bbf9 100644
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -40,6 +40,7 @@
#include <shadow.h>
#include <stdio.h>
#include "commonio.h"
+#include "getdef.h"
#include "shadowio.h"
#ifdef WITH_TCB
#include <tcb.h>
--
2.11.0.rc2

29
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch vendored
View File

@ -1,29 +0,0 @@
fix from upstream
From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Sun, 18 Sep 2016 21:31:18 -0500
Subject: [PATCH] su.c: fix missing length argument to snprintf
---
src/su.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/su.c b/src/su.c
index 0c50a9456afd..93ffd2fbe2b4 100644
--- a/src/su.c
+++ b/src/su.c
@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
stderr);
(void) kill (-pid_child, caught);
- snprintf (kill_msg, _(" ...killed.\n"));
- snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
+ snprintf (kill_msg, 256, _(" ...killed.\n"));
+ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
(void) signal (SIGALRM, kill_child);
(void) alarm (2);
--
2.11.0.rc2

23
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/metadata.xml vendored
View File

@ -1,12 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>base-system</herd>
<herd>pam</herd> <!-- only for USE=pam -->
<use>
<flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
</upstream>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="project">
<email>pam-bugs@gentoo.org</email>
<name>Pluggable Authentication Method maintenance</name>
</maintainer>
<!-- only for USE=pam -->
<upstream>
<remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
<remote-id type="github">shadow-maint/shadow</remote-id>
</upstream>
</pkgmetadata>

53
sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.4-r2.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.5.ebuild vendored
View File

@ -1,6 +1,5 @@
# Copyright 1999-2016 Gentoo Foundation
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="5"
@ -12,20 +11,23 @@ SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="acl audit cracklib nls pam selinux skey xattr"
# Taken from the man/Makefile.am file.
LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
RDEPEND="acl? ( sys-apps/acl )
audit? ( sys-process/audit )
cracklib? ( >=sys-libs/cracklib-2.7-r3 )
pam? ( virtual/pam )
skey? ( sys-auth/skey )
RDEPEND="acl? ( sys-apps/acl:0= )
audit? ( >=sys-process/audit-2.6:0= )
cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
pam? ( virtual/pam:0= )
skey? ( sys-auth/skey:0= )
selinux? (
>=sys-libs/libselinux-1.28
sys-libs/libsemanage
>=sys-libs/libselinux-1.28:0=
sys-libs/libsemanage:0=
)
nls? ( virtual/libintl )
xattr? ( sys-apps/attr )"
xattr? ( sys-apps/attr:0= )"
DEPEND="${RDEPEND}
app-arch/xz-utils
nls? ( sys-devel/gettext )"
@ -34,20 +36,16 @@ RDEPEND="${RDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
"${FILESDIR}"/${P}-su-snprintf.patch
"${FILESDIR}"/${P}-prototypes.patch
"${FILESDIR}"/${P}-load_defaults.patch
"${FILESDIR}"/${P}-fix-root-defaults.patch
)
src_prepare() {
epatch "${PATCHES[@]}"
epatch_user
#eautoreconf
elibtoolize
}
src_configure() {
tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
econf \
--without-group-name-max-length \
--without-tcb \
@ -63,6 +61,14 @@ src_configure() {
$(use_with elibc_glibc nscd) \
$(use_with xattr attr)
has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
if use nls ; then
local l langs="po" # These are the pot files.
for l in ${LANGS[*]} ; do
use linguas_${l} && langs+=" ${l}"
done
sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
fi
}
set_login_opt() {
@ -75,10 +81,10 @@ set_login_opt() {
else
sed -i -r \
-e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
"${ED}"/usr/share/shadow/login.defs || die
"${ED}"/usr/share/shadow/login.defs
fi
local res=$(grep "^${comment}${opt}\>" "${ED}"/usr/share/shadow/login.defs)
einfo ${res:-Unable to find ${opt} in /usr/share/shadow/login.defs}
einfo "${res:-Unable to find ${opt} in /usr/share/shadow/login.defs}"
}
src_install() {
@ -103,12 +109,9 @@ src_install() {
# Using a securetty with devfs device names added
# (compat names kept for non-devfs compatibility)
insopts -m0600 ; doins "${FILESDIR}"/securetty
dosym ../usr/share/shadow/securetty /etc/securetty
if ! use pam ; then
insopts -m0600
doins etc/login.access etc/limits
dosym ../usr/share/shadow/login.access /etc/login.access
dosym ../usr/share/shadow/limits /etc/limits
fi
# Output arch-specific cruft
local devs
@ -126,11 +129,9 @@ src_install() {
# needed for 'useradd -D'
insopts -m0600
doins "${FILESDIR}"/default/useradd
dosym ../../usr/share/shadow/useradd /etc/default/useradd
insopts -m0644
newins etc/login.defs login.defs
dosym ../usr/share/shadow/login.defs /etc/login.defs
set_login_opt CREATE_HOME yes
if ! use pam ; then
@ -198,8 +199,14 @@ src_install() {
'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
-delete
cd "${S}"
dodoc ChangeLog NEWS TODO
newdoc README README.download
cd doc
dodoc HOWTO README* WISHLIST *.txt
}
pkg_preinst() {
rm -f "${EROOT}"/etc/pam.d/system-auth.new \
"${EROOT}/etc/login.defs.new"
}