diff options
| author |   Aric Belsito <lluixhi@gmail.com> | 2017-11-13 13:17:14 -0800 |
|---|---|---|
| committer | Aric Belsito <lluixhi@gmail.com> | 2017-11-13 13:17:14 -0800 |
| commit | 3c163a962cd7f22f3c86a503904df8d813722418 (patch) | |
| tree | 25b6d335ea1a65b2191257bf281cec8721dfbcc0 /app-emulation | |
| parent | net-libs/libmbim: fix canonicalize_file_name -> realpath (diff) | |
| download | musl-3c163a962cd7f22f3c86a503904df8d813722418.tar.gz musl-3c163a962cd7f22f3c86a503904df8d813722418.tar.bz2 musl-3c163a962cd7f22f3c86a503904df8d813722418.zip | |
app-emulation/qemu: version bump to 2.10.1
remove old versions.
Diffstat (limited to 'app-emulation')
19 files changed, 129 insertions, 2613 deletions
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest index 0c8db490..95c955ce 100644 --- a/app-emulation/qemu/Manifest +++ b/app-emulation/qemu/Manifest @@ -1,2 +1,2 @@ DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39 -DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 +DIST qemu-2.10.1.tar.bz2 30821108 SHA256 8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f WHIRLPOOL 79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch new file mode 100644 index 00000000..7d08b32b --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch @@ -0,0 +1,54 @@ +From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" <berrange@redhat.com> +Date: Mon, 9 Oct 2017 14:43:42 +0100 +Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource + +The websocket GSource is monitoring the size of the rawoutput +buffer to determine if the channel can accepts more writes. +The rawoutput buffer, however, is merely a temporary staging +buffer before data is copied into the encoutput buffer. Thus +its size will always be zero when the GSource runs. + +This flaw causes the encoutput buffer to grow without bound +if the other end of the underlying data channel doesn't +read data being sent. This can be seen with VNC if a client +is on a slow WAN link and the guest OS is sending many screen +updates. A malicious VNC client can act like it is on a slow +link by playing a video in the guest and then reading data +very slowly, causing QEMU host memory to expand arbitrarily. + +This issue is assigned CVE-2017-15268, publically reported in + + https://bugs.launchpad.net/qemu/+bug/1718964 + +Reviewed-by: Eric Blake <eblake@redhat.com> +Signed-off-by: Daniel P. Berrange <berrange@redhat.com> +--- + io/channel-websock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/io/channel-websock.c b/io/channel-websock.c +index d1d471f86e..04bcc059cd 100644 +--- a/io/channel-websock.c ++++ b/io/channel-websock.c +@@ -28,7 +28,7 @@ + #include <time.h> + + +-/* Max amount to allow in rawinput/rawoutput buffers */ ++/* Max amount to allow in rawinput/encoutput buffers */ + #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192 + + #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24 +@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source) + if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) { + cond |= G_IO_IN; + } +- if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) { ++ if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) { + cond |= G_IO_OUT; + } + +-- +2.13.6 + diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch new file mode 100644 index 00000000..a4ad2d5e --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch @@ -0,0 +1,58 @@ +From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Wed, 11 Oct 2017 10:43:14 +0200 +Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions + +Move dst calculation into the loop, so we apply the mask on each +interation and will not overflow vga memory. + +Cc: Prasad J Pandit <pjp@fedoraproject.org> +Reported-by: Niu Guoxiang <niuguoxiang@huawei.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 20171011084314.21752-1-kraxel@redhat.com +--- + hw/display/cirrus_vga.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index b4d579857a..bc32bf1e39 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s, + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { ++ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask); + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; + } else if (mode == 5) { + *dst = s->cirrus_shadow_gr0; + } + val <<= 1; +- dst++; + } + memory_region_set_dirty(&s->vga.vram, offset, 8); + } +@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { ++ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1); + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; + *(dst + 1) = s->vga.gr[0x11]; +@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, + *(dst + 1) = s->vga.gr[0x10]; + } + val <<= 1; +- dst += 2; + } + memory_region_set_dirty(&s->vga.vram, offset, 16); + } +-- +2.13.6 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch deleted file mode 100644 index 7db06929..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001 -From: Max Reitz <mreitz@redhat.com> -Date: Sun, 11 Jun 2017 14:37:14 +0200 -Subject: [PATCH] qemu-nbd: Ignore SIGPIPE - -qemu proper has done so for 13 years -(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have -done so for four years (526eda14a68d5b3596be715505289b541288ef2a). -Ignoring this signal is especially important in qemu-nbd because -otherwise a client can easily take down the qemu-nbd server by dropping -the connection when the server wants to send something, for example: - -$ qemu-nbd -x foo -f raw -t null-co:// & -[1] 12726 -$ qemu-io -c quit nbd://localhost/bar -can't open device nbd://localhost/bar: No export with name 'bar' available -[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// - -In this case, the client sends an NBD_OPT_ABORT and closes the -connection (because it is not required to wait for a reply), but the -server replies with an NBD_REP_ACK (because it is required to reply). - -Signed-off-by: Max Reitz <mreitz@redhat.com> -Message-Id: <20170611123714.31292-1-mreitz@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - qemu-nbd.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 9464a0461c..4dd3fd4732 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -581,6 +581,10 @@ int main(int argc, char **argv) - sa_sigterm.sa_handler = termsig_handler; - sigaction(SIGTERM, &sa_sigterm, NULL); - -+#ifdef CONFIG_POSIX -+ signal(SIGPIPE, SIG_IGN); -+#endif -+ - module_call_init(MODULE_INIT_TRACE); - qcrypto_init(&error_fatal); - --- -2.13.0 - diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch deleted file mode 100644 index 0074f5f8..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch +++ /dev/null @@ -1,50 +0,0 @@ -From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Tue, 9 May 2017 13:01:28 +0200 -Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Don't reinvent a broken wheel, just use the hexdump function we have. - -Impact: low, broken code doesn't run unless you have debug logging -enabled. - -Reported-by: 李强 <liqiang6-s@360.cn> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Message-id: 20170509110128.27261-1-kraxel@redhat.com ---- - hw/usb/redirect.c | 13 +------------ - 1 file changed, 1 insertion(+), 12 deletions(-) - -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c -index b001a27f05..ad5ef783a6 100644 ---- a/hw/usb/redirect.c -+++ b/hw/usb/redirect.c -@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) - static void usbredir_log_data(USBRedirDevice *dev, const char *desc, - const uint8_t *data, int len) - { -- int i, j, n; -- - if (dev->debug < usbredirparser_debug_data) { - return; - } -- -- for (i = 0; i < len; i += j) { -- char buf[128]; -- -- n = sprintf(buf, "%s", desc); -- for (j = 0; j < 8 && i + j < len; j++) { -- n += sprintf(buf + n, " %02X", data[i + j]); -- } -- error_report("%s", buf); -- } -+ qemu_hexdump((char *)data, stderr, desc, len); - } - - /* --- -2.13.0 - diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch deleted file mode 100644 index bfe4c7d8..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch +++ /dev/null @@ -1,40 +0,0 @@ -[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest -From: Prasad J Pandit <address@hidden> - -When accessing guest's ram block during DMA operation, use -'qemu_ram_ptr_length' to get ram block pointer. It ensures -that DMA operation of given length is possible; And avoids -any OOB memory access situations. - -Reported-by: Alex <address@hidden> -Signed-off-by: Prasad J Pandit <address@hidden> -Message-Id: <address@hidden> -Signed-off-by: Paolo Bonzini <address@hidden> ---- - exec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/exec.c b/exec.c -index a083ff8..ad103ce 100644 ---- a/exec.c -+++ b/exec.c -@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, - } - } else { - /* RAM case */ -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); - memcpy(ptr, buf, l); - invalidate_and_set_dirty(mr, addr1, l); - } -@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, - } - } else { - /* RAM case */ -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); - memcpy(buf, ptr, l); - } - --- -1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch deleted file mode 100644 index 5d32067c..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch +++ /dev/null @@ -1,29 +0,0 @@ -[Qemu-devel] [PATCH] slirp: check len against dhcp options array end -From: Prasad J Pandit <address@hidden> - -While parsing dhcp options string in 'dhcp_decode', if an options' -length 'len' appeared towards the end of 'bp_vend' array, ensuing -read could lead to an OOB memory access issue. Add check to avoid it. - -Reported-by: Reno Robert <address@hidden> -Signed-off-by: Prasad J Pandit <address@hidden> ---- - slirp/bootp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/slirp/bootp.c b/slirp/bootp.c -index 5a4646c..5dd1a41 100644 ---- a/slirp/bootp.c -+++ b/slirp/bootp.c -@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, - if (p >= p_end) - break; - len = *p++; -+ if (p + len > p_end) { -+ break; -+ } - DPRINTF("dhcp: tag=%d len=%d\n", tag, len); - - switch(tag) { --- -2.9.4 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch deleted file mode 100644 index 346e7713..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 -From: Greg Kurz <groug@kaod.org> -Date: Fri, 5 May 2017 14:48:08 +0200 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) - -When using the mapped-file security mode, we shouldn't let the client mess -with the metadata. The current code already tries to hide the metadata dir -from the client by skipping it in local_readdir(). But the client can still -access or modify it through several other operations. This can be used to -escalate privileges in the guest. - -Affected backend operations are: -- local_mknod() -- local_mkdir() -- local_open2() -- local_symlink() -- local_link() -- local_unlinkat() -- local_renameat() -- local_rename() -- local_name_to_path() - -Other operations are safe because they are only passed a fid path, which -is computed internally in local_name_to_path(). - -This patch converts all the functions listed above to fail and return -EINVAL when being passed the name of the metadata dir. This may look -like a poor choice for errno, but there's no such thing as an illegal -path name on Linux and I could not think of anything better. - -This fixes CVE-2017-7493. - -Reported-by: Leo Gaspard <leo@gaspard.io> -Signed-off-by: Greg Kurz <groug@kaod.org> -Reviewed-by: Eric Blake <eblake@redhat.com> ---- - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index f3ebca4f7a..a2486566af 100644 ---- a/hw/9pfs/9p-local.c -+++ b/hw/9pfs/9p-local.c -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) - return telldir(fs->dir.stream); - } - -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) -+{ -+ return !strcmp(name, VIRTFS_META_DIR); -+} -+ - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) - { - struct dirent *entry; -@@ -465,8 +470,8 @@ again: - if (ctx->export_flags & V9FS_SM_MAPPED) { - entry->d_type = DT_UNKNOWN; - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { -- /* skp the meta data directory */ -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { -+ /* skip the meta data directory */ - goto again; - } - entry->d_type = DT_UNKNOWN; -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - /* - * Mark all the open to not follow symlinks - */ -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, - int ret = -1; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, odirpath); - if (odirfd == -1) { - goto out; -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, - const char *name, V9fsPath *target) - { -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - if (dir_path) { - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); - } else if (strcmp(name, "/")) { -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, - int ret; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ (local_is_mapped_file_metadata(ctx, old_name) || -+ local_is_mapped_file_metadata(ctx, new_name))) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, olddir->data); - if (odirfd == -1) { - return -1; -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, - int ret; - int dirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(ctx, dir->data); - if (dirfd == -1) { - return -1; --- -2.13.0 - diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch deleted file mode 100644 index 31fb69bf..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch +++ /dev/null @@ -1,22 +0,0 @@ -CVE-2017-8112 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html ---- - hw/scsi/vmw_pvscsi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 7557546..4a106da 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) - uint32_t len_log2; - uint32_t ring_size; - -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { - return -1; - } - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; --- -2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch deleted file mode 100644 index 4f7f8702..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch +++ /dev/null @@ -1,22 +0,0 @@ -bug #616870 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html ---- - audio/audio.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index c8898d8422..beafed209b 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - sw = sw1; - } - QLIST_REMOVE (cap, entries); -+ g_free (cap->hw.mix_buf); -+ g_free (cap->buf); - g_free (cap); - } - return; --- -2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch deleted file mode 100644 index 0a34dae6..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch +++ /dev/null @@ -1,76 +0,0 @@ -bug #616872 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html ---- - ui/input.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ui/input.c b/ui/input.c -index ed88cda6d6..fb1f404095 100644 ---- a/ui/input.c -+++ b/ui/input.c -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = - QTAILQ_HEAD_INITIALIZER(kbd_queue); - static QEMUTimer *kbd_timer; - static uint32_t kbd_default_delay_ms = 10; -+static uint32_t queue_count; -+static uint32_t queue_limit = 1024; - - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, - QemuInputHandler *handler) -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) - break; - } - QTAILQ_REMOVE(queue, item, node); -+ queue_count--; - g_free(item); - } - } -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, - item->delay_ms = delay_ms; - item->timer = timer; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - - if (start_timer) { - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, - item->src = src; - item->evt = evt; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) - - item->type = QEMU_INPUT_QUEUE_SYNC; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) - qemu_input_event_send(src, evt); - qemu_input_event_sync(); - qapi_free_InputEvent(evt); -- } else { -+ } else if (queue_count < queue_limit) { - qemu_input_queue_event(&kbd_queue, src, evt); - qemu_input_queue_sync(&kbd_queue); - } -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, - &kbd_queue); - } -- qemu_input_queue_delay(&kbd_queue, kbd_timer, -- delay_ms ? delay_ms : kbd_default_delay_ms); -+ if (queue_count < queue_limit) { -+ qemu_input_queue_delay(&kbd_queue, kbd_timer, -+ delay_ms ? delay_ms : kbd_default_delay_ms); -+ } - } - - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) --- -2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch deleted file mode 100644 index 08911dd0..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch +++ /dev/null @@ -1,34 +0,0 @@ -bug #616874 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html ---- - hw/scsi/megasas.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 84b8caf..804122a 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, - case MFI_SEQ: - trace_megasas_mmio_writel("MFI_SEQ", val); - /* Magic sequence to start ADP reset */ -- if (adp_reset_seq[s->adp_reset] == val) { -- s->adp_reset++; -+ if (adp_reset_seq[s->adp_reset++] == val) { -+ if (s->adp_reset == 6) { -+ s->adp_reset = 0; -+ s->diag = MFI_DIAG_WRITE_ENABLE; -+ } - } else { - s->adp_reset = 0; - s->diag = 0; - } -- if (s->adp_reset == 6) { -- s->diag = MFI_DIAG_WRITE_ENABLE; -- } - break; - case MFI_DIAG: - trace_megasas_mmio_writel("MFI_DIAG", val); --- -2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch deleted file mode 100644 index 01c81d10..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Thu, 1 Jun 2017 17:26:14 +0200 -Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd - -This ensures that the request is unref'ed properly, and avoids a -segmentation fault in the new qtest testcase that is added. -This is CVE-2017-9503. - -Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - hw/scsi/megasas.c | 31 ++++++++++++++++--------------- - 2 files changed, 51 insertions(+), 15 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 135662df31..734fdaef90 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s) - static void megasas_abort_command(MegasasCmd *cmd) - { - /* Never abort internal commands. */ -+ if (cmd->dcmd_opcode != -1) { -+ return; -+ } - if (cmd->req != NULL) { - scsi_req_cancel(cmd->req); - } -@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, - uint64_t pd_size; - uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); - uint8_t cmdbuf[6]; -- SCSIRequest *req; - size_t len, resid; - - if (!cmd->iov_buf) { -@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, - info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */ - info->vpd_page83[0] = 0x7f; - megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data)); -- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); -- if (!req) { -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); -+ if (!cmd->req) { - trace_megasas_dcmd_req_alloc_failed(cmd->index, - "PD get info std inquiry"); - g_free(cmd->iov_buf); -@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, - } - trace_megasas_dcmd_internal_submit(cmd->index, - "PD get info std inquiry", lun); -- len = scsi_req_enqueue(req); -+ len = scsi_req_enqueue(cmd->req); - if (len > 0) { - cmd->iov_size = len; -- scsi_req_continue(req); -+ scsi_req_continue(cmd->req); - } - return MFI_STAT_INVALID_STATUS; - } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) { - megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83)); -- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); -- if (!req) { -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); -+ if (!cmd->req) { - trace_megasas_dcmd_req_alloc_failed(cmd->index, - "PD get info vpd inquiry"); - return MFI_STAT_FLASH_ALLOC_FAIL; - } - trace_megasas_dcmd_internal_submit(cmd->index, - "PD get info vpd inquiry", lun); -- len = scsi_req_enqueue(req); -+ len = scsi_req_enqueue(cmd->req); - if (len > 0) { - cmd->iov_size = len; -- scsi_req_continue(req); -+ scsi_req_continue(cmd->req); - } - return MFI_STAT_INVALID_STATUS; - } -@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, - struct mfi_ld_info *info = cmd->iov_buf; - size_t dcmd_size = sizeof(struct mfi_ld_info); - uint8_t cdb[6]; -- SCSIRequest *req; - ssize_t len, resid; - uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); - uint64_t ld_size; -@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, - cmd->iov_buf = g_malloc0(dcmd_size); - info = cmd->iov_buf; - megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83)); -- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); -- if (!req) { -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); -+ if (!cmd->req) { - trace_megasas_dcmd_req_alloc_failed(cmd->index, - "LD get info vpd inquiry"); - g_free(cmd->iov_buf); -@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, - } - trace_megasas_dcmd_internal_submit(cmd->index, - "LD get info vpd inquiry", lun); -- len = scsi_req_enqueue(req); -+ len = scsi_req_enqueue(cmd->req); - if (len > 0) { - cmd->iov_size = len; -- scsi_req_continue(req); -+ scsi_req_continue(cmd->req); - } - return MFI_STAT_INVALID_STATUS; - } -@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status, - return; - } - -- if (cmd->req == NULL) { -+ if (cmd->dcmd_opcode != -1) { - /* - * Internal command complete - */ diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch deleted file mode 100644 index 74725a92..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Thu, 1 Jun 2017 17:18:23 +0200 -Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame - -Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd - -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - hw/scsi/megasas.c | 25 +++++++++++-------------- - 1 file changed, 11 insertions(+), 14 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index c353118882..a3f75c1650 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -63,6 +63,7 @@ typedef struct MegasasCmd { - - hwaddr pa; - hwaddr pa_size; -+ uint32_t dcmd_opcode; - union mfi_frame *frame; - SCSIRequest *req; - QEMUSGList qsg; -@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s, - cmd->context &= (uint64_t)0xFFFFFFFF; - } - cmd->count = count; -+ cmd->dcmd_opcode = -1; - s->busy++; - - if (s->consumer_pa) { -@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t { - - static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) - { -- int opcode; - int retval = 0; - size_t len; - const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; - -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); -- trace_megasas_handle_dcmd(cmd->index, opcode); -+ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode); -+ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode); - if (megasas_map_dcmd(s, cmd) < 0) { - return MFI_STAT_MEMORY_NOT_AVAILABLE; - } -- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { -+ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) { - cmdptr++; - } - len = cmd->iov_size; - if (cmdptr->opcode == -1) { -- trace_megasas_dcmd_unhandled(cmd->index, opcode, len); -+ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len); - retval = megasas_dcmd_dummy(s, cmd); - } else { - trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len); -@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) - static int megasas_finish_internal_dcmd(MegasasCmd *cmd, - SCSIRequest *req) - { -- int opcode; - int retval = MFI_STAT_OK; - int lun = req->lun; - -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); -- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun); -- switch (opcode) { -+ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun); -+ switch (cmd->dcmd_opcode) { - case MFI_DCMD_PD_GET_INFO: - retval = megasas_pd_get_info_submit(req->dev, lun, cmd); - break; -@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, - retval = megasas_ld_get_info_submit(req->dev, lun, cmd); - break; - default: -- trace_megasas_dcmd_internal_invalid(cmd->index, opcode); -+ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode); - retval = MFI_STAT_INVALID_DCMD; - break; - } -@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) - { - MegasasCmd *cmd = req->hba_private; - uint8_t *buf; -- uint32_t opcode; - - trace_megasas_io_complete(cmd->index, len); - -@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) - } - - buf = scsi_req_get_buf(req); -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); -- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { -+ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { - struct mfi_pd_info *info = cmd->iov_buf; - - if (info->inquiry_data[0] == 0x7f) { -@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) - memcpy(info->vpd_page83, buf, len); - } - scsi_req_continue(req); -- } else if (opcode == MFI_DCMD_LD_GET_INFO) { -+ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) { - struct mfi_ld_info *info = cmd->iov_buf; - - if (cmd->iov_buf) { --- -2.13.0 - diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch deleted file mode 100644 index 9d77193b..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch +++ /dev/null @@ -1,80 +0,0 @@ -From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001 -From: Eric Blake <eblake@redhat.com> -Date: Fri, 26 May 2017 22:04:21 -0500 -Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation - -If a non-NBD client connects to qemu-nbd, we would end up with -a SIGSEGV in nbd_client_put() because we were trying to -unregister the client's association to the export, even though -we skipped inserting the client into that list. Easy trigger -in two terminals: - -$ qemu-nbd -p 30001 --format=raw file -$ nmap 127.0.0.1 -p 30001 - -nmap claims that it thinks it connected to a pago-services1 -server (which probably means nmap could be updated to learn the -NBD protocol and give a more accurate diagnosis of the open -port - but that's not our problem), then terminates immediately, -so our call to nbd_negotiate() fails. The fix is to reorder -nbd_co_client_start() to ensure that all initialization occurs -before we ever try talking to a client in nbd_negotiate(), so -that the teardown sequence on negotiation failure doesn't fault -while dereferencing a half-initialized object. - -While debugging this, I also noticed that nbd_update_server_watch() -called by nbd_client_closed() was still adding a channel to accept -the next client, even when the state was no longer RUNNING. That -is fixed by making nbd_can_accept() pay attention to the current -state. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 - -Signed-off-by: Eric Blake <eblake@redhat.com> -Message-Id: <20170527030421.28366-1-eblake@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - nbd/server.c | 8 +++----- - qemu-nbd.c | 2 +- - 2 files changed, 4 insertions(+), 6 deletions(-) - -diff --git a/nbd/server.c b/nbd/server.c -index ee59e5d234..49b55f6ede 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - - if (exp) { - nbd_export_get(exp); -+ QTAILQ_INSERT_TAIL(&exp->clients, client, next); - } -+ qemu_co_mutex_init(&client->send_lock); -+ - if (nbd_negotiate(data)) { - client_close(client); - goto out; - } -- qemu_co_mutex_init(&client->send_lock); -- -- if (exp) { -- QTAILQ_INSERT_TAIL(&exp->clients, client, next); -- } - - nbd_client_receive_next_request(client); - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index f60842fd86..651f85ecc1 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -325,7 +325,7 @@ out: - - static int nbd_can_accept(void) - { -- return nb_fds < shared; -+ return state == RUNNING && nb_fds < shared; - } - - static void nbd_export_closed(NBDExport *exp) --- -2.13.0 - diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch deleted file mode 100644 index e6934b37..00000000 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001 -From: Eric Blake <eblake@redhat.com> -Date: Thu, 8 Jun 2017 17:26:17 -0500 -Subject: [PATCH] nbd: Fix regression on resiliency to port scan - -Back in qemu 2.5, qemu-nbd was immune to port probes (a transient -server would not quit, regardless of how many probe connections -came and went, until a connection actually negotiated). But we -broke that in commit ee7d7aa when removing the return value to -nbd_client_new(), although that patch also introduced a bug causing -an assertion failure on a client that fails negotiation. We then -made it worse during refactoring in commit 1a6245a (a segfault -before we could even assert); the (masked) assertion was cleaned -up in d3780c2 (still in 2.6), and just recently we finally fixed -the segfault ("nbd: Fully intialize client in case of failed -negotiation"). But that still means that ever since we added -TLS support to qemu-nbd, we have been vulnerable to an ill-timed -port-scan being able to cause a denial of service by taking down -qemu-nbd before a real client has a chance to connect. - -Since negotiation is now handled asynchronously via coroutines, -we no longer have a synchronous point of return by re-adding a -return value to nbd_client_new(). So this patch instead wires -things up to pass the negotiation status through the close_fn -callback function. - -Simple test across two terminals: -$ qemu-nbd -f raw -p 30001 file -$ nmap 127.0.0.1 -p 30001 && \ - qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 - -Note that this patch does not change what constitutes successful -negotiation (thus, a client must enter transmission phase before -that client can be considered as a reason to terminate the server -when the connection ends). Perhaps we may want to tweak things -in a later patch to also treat a client that uses NBD_OPT_ABORT -as being a 'successful' negotiation (the client correctly talked -the NBD protocol, and informed us it was not going to use our -export after all), but that's a discussion for another day. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 - -Signed-off-by: Eric Blake <eblake@redhat.com> -Message-Id: <20170608222617.20376-1-eblake@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - blockdev-nbd.c | 6 +++++- - include/block/nbd.h | 2 +- - nbd/server.c | 24 +++++++++++++++--------- - qemu-nbd.c | 4 ++-- - 4 files changed, 23 insertions(+), 13 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index dd0860f4a6..28f551a7b0 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -27,6 +27,10 @@ typedef struct NBDServerData { - - static NBDServerData *nbd_server; - -+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) -+{ -+ nbd_client_put(client); -+} - - static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, - gpointer opaque) -@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); - nbd_client_new(NULL, cioc, - nbd_server->tlscreds, NULL, -- nbd_client_put); -+ nbd_blockdev_client_closed); - object_unref(OBJECT(cioc)); - return TRUE; - } -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 416257abca..8fa5ce51f3 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp, - QIOChannelSocket *sioc, - QCryptoTLSCreds *tlscreds, - const char *tlsaclname, -- void (*close)(NBDClient *)); -+ void (*close_fn)(NBDClient *, bool)); - void nbd_client_get(NBDClient *client); - void nbd_client_put(NBDClient *client); - -diff --git a/nbd/server.c b/nbd/server.c -index 49b55f6ede..f2b1aa47ce 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); - - struct NBDClient { - int refcount; -- void (*close)(NBDClient *client); -+ void (*close_fn)(NBDClient *client, bool negotiated); - - bool no_zeroes; - NBDExport *exp; -@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client) - } - } - --static void client_close(NBDClient *client) -+static void client_close(NBDClient *client, bool negotiated) - { - if (client->closing) { - return; -@@ -793,8 +793,8 @@ static void client_close(NBDClient *client) - NULL); - - /* Also tell the client, so that they release their reference. */ -- if (client->close) { -- client->close(client); -+ if (client->close_fn) { -+ client->close_fn(client, negotiated); - } - } - -@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp) - - nbd_export_get(exp); - QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { -- client_close(client); -+ client_close(client, true); - } - nbd_export_set_name(exp, NULL); - nbd_export_set_description(exp, NULL); -@@ -1337,7 +1337,7 @@ done: - - out: - nbd_request_put(req); -- client_close(client); -+ client_close(client, true); - nbd_client_put(client); - } - -@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - qemu_co_mutex_init(&client->send_lock); - - if (nbd_negotiate(data)) { -- client_close(client); -+ client_close(client, false); - goto out; - } - -@@ -1373,11 +1373,17 @@ out: - g_free(data); - } - -+/* -+ * Create a new client listener on the given export @exp, using the -+ * given channel @sioc. Begin servicing it in a coroutine. When the -+ * connection closes, call @close_fn with an indication of whether the -+ * client completed negotiation. -+ */ - void nbd_client_new(NBDExport *exp, - QIOChannelSocket *sioc, - QCryptoTLSCreds *tlscreds, - const char *tlsaclname, -- void (*close_fn)(NBDClient *)) -+ void (*close_fn)(NBDClient *, bool)) - { - NBDClient *client; - NBDClientNewData *data = g_new(NBDClientNewData, 1); -@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp, - object_ref(OBJECT(client->sioc)); - client->ioc = QIO_CHANNEL(sioc); - object_ref(OBJECT(client->ioc)); -- client->close = close_fn; -+ client->close_fn = close_fn; - - data->client = client; - data->co = qemu_coroutine_create(nbd_co_client_start, data); -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 651f85ecc1..9464a0461c 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp) - - static void nbd_update_server_watch(void); - --static void nbd_client_closed(NBDClient *client) -+static void nbd_client_closed(NBDClient *client, bool negotiated) - { - nb_fds--; -- if (nb_fds == 0 && !persistent && state == RUNNING) { -+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) { - state = TERMINATE; - } - nbd_update_server_watch(); --- -2.13.0 - diff --git a/app-emulation/qemu/qemu-2.10.0-r1.ebuild b/app-emulation/qemu/qemu-2.10.1.ebuild index e7343e34..b448f20d 100644 --- a/app-emulation/qemu/qemu-2.10.0-r1.ebuild +++ b/app-emulation/qemu/qemu-2.10.1.ebuild @@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then SRC_URI="" else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" - KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -164,6 +164,14 @@ X86_FIRMWARE_DEPEND=" >=sys-firmware/seabios-1.10.2[seavgabios] sys-firmware/sgabios )" +PPC64_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ) + !pin-upstream-blobs? ( + >=sys-firmware/seabios-1.10.2[seavgabios] + ) +" CDEPEND=" !static? ( @@ -171,7 +179,9 @@ CDEPEND=" ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) +" DEPEND="${CDEPEND} dev-lang/perl =dev-lang/python-2* @@ -200,7 +210,8 @@ PATCHES=( # gentoo patches "${FILESDIR}"/${PN}-2.5.0-cflags.patch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.10.0-CVE-2017-13711.patch # bug 629350 + "${FILESDIR}"/${PN}-2.10.1-CVE-2017-15268.patch + "${FILESDIR}"/${PN}-2.10.1-CVE-2017-15289.patch ) STRIP_MASK="/usr/share/qemu/palcode-clipper" @@ -704,7 +715,8 @@ src_install() { rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" rm "${ED}/usr/share/qemu/vgabios-virtio.bin" rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + # PPC64 loads vgabios-stdvga + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild deleted file mode 100644 index 256a811b..00000000 --- a/app-emulation/qemu/qemu-2.9.0-r56.ebuild +++ /dev/null @@ -1,799 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="ncurses,readline" - -PLOCALES="bg de_DE fr_FR hu it tr zh_CN" - -FIRMWARE_ABI_VERSION="2.9.0-r52" - -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo-r1 pax-utils l10n - -if [[ ${PV} = *9999* ]]; then - EGIT_REPO_URI="git://git.qemu.org/qemu.git" - inherit git-r3 - SRC_URI="" -else - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" -fi - -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" - -LICENSE="GPL-2 LGPL-2 BSD-2" -SLOT="0" -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt - glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png - pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy - spice ssh static static-user systemtap tci test usb usbredir vde - +vhost-net virgl virtfs +vnc vte xattr xen xfs" - -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel - mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc - sparc64 x86_64" -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} - lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" -IUSE_USER_TARGETS="${COMMON_TARGETS} - armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" - -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -IUSE+=" ${use_softmmu_targets} ${use_user_targets}" - -# Allow no targets to be built so that people can get a tools-only build. -# Block USE flag configurations known to not work. -REQUIRED_USE="${PYTHON_REQUIRED_USE} - gtk2? ( gtk ) - qemu_softmmu_targets_arm? ( fdt ) - qemu_softmmu_targets_microblaze? ( fdt ) - qemu_softmmu_targets_mips64el? ( fdt ) - qemu_softmmu_targets_ppc? ( fdt ) - qemu_softmmu_targets_ppc64? ( fdt ) - sdl2? ( sdl ) - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) - virtfs? ( xattr ) - vte? ( gtk )" - -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) -# and user/softmmu targets (qemu-*, qemu-system-*). -# -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. -# -# The attr lib isn't always linked in (although the USE flag is always -# respected). This is because qemu supports using the C library's API -# when available rather than always using the extranl library. -ALL_DEPEND=" - >=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)] - python? ( ${PYTHON_DEPS} ) - systemtap? ( dev-util/systemtap ) - xattr? ( sys-apps/attr[static-libs(+)] )" - -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) -# softmmu targets (qemu-system-*). -SOFTMMU_TOOLS_DEPEND=" - >=x11-libs/pixman-0.28.0[static-libs(+)] - accessibility? ( - app-accessibility/brltty[api] - app-accessibility/brltty[static-libs(+)] - ) - aio? ( dev-libs/libaio[static-libs(+)] ) - alsa? ( >=media-libs/alsa-lib-1.0.13 ) - bluetooth? ( net-wireless/bluez ) - bzip2? ( app-arch/bzip2[static-libs(+)] ) - caps? ( sys-libs/libcap-ng[static-libs(+)] ) - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - gnutls? ( - dev-libs/nettle:=[static-libs(+)] - >=net-libs/gnutls-3.0:=[static-libs(+)] - ) - gtk? ( - gtk2? ( - x11-libs/gtk+:2 - vte? ( x11-libs/vte:0 ) - ) - !gtk2? ( - x11-libs/gtk+:3 - vte? ( x11-libs/vte:2.91 ) - ) - ) - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) - iscsi? ( net-libs/libiscsi ) - jpeg? ( virtual/jpeg:0=[static-libs(+)] ) - lzo? ( dev-libs/lzo:2[static-libs(+)] ) - ncurses? ( - sys-libs/ncurses:0=[unicode] - sys-libs/ncurses:0=[static-libs(+)] - ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) - numa? ( sys-process/numactl[static-libs(+)] ) - opengl? ( - virtual/opengl - media-libs/libepoxy[static-libs(+)] - media-libs/mesa[static-libs(+)] - media-libs/mesa[egl,gbm] - ) - png? ( media-libs/libpng:0=[static-libs(+)] ) - pulseaudio? ( media-sound/pulseaudio ) - rbd? ( sys-cluster/ceph[static-libs(+)] ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) - sdl? ( - !sdl2? ( - media-libs/libsdl[X] - >=media-libs/libsdl-1.2.11[static-libs(+)] - ) - sdl2? ( - media-libs/libsdl2[X] - media-libs/libsdl2[static-libs(+)] - ) - ) - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) - snappy? ( app-arch/snappy:=[static-libs(+)] ) - spice? ( - >=app-emulation/spice-protocol-0.12.3 - >=app-emulation/spice-0.12.0[static-libs(+)] - ) - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) - usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) - vde? ( net-misc/vde[static-libs(+)] ) - virgl? ( media-libs/virglrenderer[static-libs(+)] ) - virtfs? ( sys-libs/libcap ) - xen? ( app-emulation/xen-tools:= ) - xfs? ( sys-fs/xfsprogs[static-libs(+)] )" - -X86_FIRMWARE_DEPEND=" - pin-upstream-blobs? ( - ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] - ~sys-firmware/ipxe-1.0.0_p20160620 - ~sys-firmware/seabios-1.10.2[binary,seavgabios] - ~sys-firmware/sgabios-0.1_pre8 - ) - !pin-upstream-blobs? ( - sys-firmware/edk2-ovmf - sys-firmware/ipxe - >=sys-firmware/seabios-1.10.2[seavgabios] - sys-firmware/sgabios - )" - -CDEPEND=" - !static? ( - ${ALL_DEPEND//\[static-libs(+)]} - ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} - ) - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" -DEPEND="${CDEPEND} - dev-lang/perl - =dev-lang/python-2* - sys-apps/texinfo - virtual/pkgconfig - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) - gtk? ( nls? ( sys-devel/gettext ) ) - static? ( - ${ALL_DEPEND} - ${SOFTMMU_TOOLS_DEPEND} - ) - static-user? ( ${ALL_DEPEND} ) - test? ( - dev-libs/glib[utils] - sys-devel/bc - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-qemu )" - -PATCHES=( - # musl patches - "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch - "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch - "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch - - # gentoo patches - "${FILESDIR}"/${PN}-2.5.0-cflags.patch - "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088 -) - -STRIP_MASK="/usr/share/qemu/palcode-clipper" - -QA_PREBUILT=" - usr/share/qemu/openbios-ppc - usr/share/qemu/openbios-sparc64 - usr/share/qemu/openbios-sparc32 - usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img - usr/share/qemu/u-boot.e500" - -QA_WX_LOAD="usr/bin/qemu-i386 - usr/bin/qemu-x86_64 - usr/bin/qemu-alpha - usr/bin/qemu-arm - usr/bin/qemu-cris - usr/bin/qemu-m68k - usr/bin/qemu-microblaze - usr/bin/qemu-microblazeel - usr/bin/qemu-mips - usr/bin/qemu-mipsel - usr/bin/qemu-or1k - usr/bin/qemu-ppc - usr/bin/qemu-ppc64 - usr/bin/qemu-ppc64abi32 - usr/bin/qemu-sh4 - usr/bin/qemu-sh4eb - usr/bin/qemu-sparc - usr/bin/qemu-sparc64 - usr/bin/qemu-armeb - usr/bin/qemu-sparc32plus - usr/bin/qemu-s390x - usr/bin/qemu-unicore32" - -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the -kernel module loaded before running kvm. The easiest way to ensure that the -kernel module is loaded is to load it on boot. - For AMD CPUs the module is called 'kvm-amd'. - For Intel CPUs the module is called 'kvm-intel'. -Please review /etc/conf.d/modules for how to load these. - -Make sure your user is in the 'kvm' group. Just run - $ gpasswd -a <USER> kvm -then have <USER> re-login. - -For brand new installs, the default permissions on /dev/kvm might not let -you access it. You can tell udev to reset ownership/perms: - $ udevadm trigger -c add /dev/kvm - -If you want to register binfmt handlers for qemu user targets: -For openrc: - # rc-update add qemu-binfmt -For systemd: - # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" - -pkg_pretend() { - if use kernel_linux && kernel_is lt 2 6 25; then - eerror "This version of KVM requres a host kernel of 2.6.25 or higher." - elif use kernel_linux; then - if ! linux_config_exists; then - eerror "Unable to check your kernel for KVM support" - else - CONFIG_CHECK="~KVM ~TUN ~BRIDGE" - ERROR_KVM="You must enable KVM in your kernel to continue" - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" - ERROR_KVM_AMD+=" your kernel configuration." - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." - ERROR_TUN="You will need the Universal TUN/TAP driver compiled" - ERROR_TUN+=" into your kernel or loaded as a module to use the" - ERROR_TUN+=" virtual network device if using -net tap." - ERROR_BRIDGE="You will also need support for 802.1d" - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" - ERROR_VHOST_NET+=" support" - - if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" - fi - - use python && CONFIG_CHECK+=" ~DEBUG_FS" - ERROR_DEBUG_FS="debugFS support required for kvm_stat" - - # Now do the actual checks setup above - check_extra_config - fi - fi - - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" - eerror "instances are still pointing to it. Please update your" - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" - eerror "and the right system binary (e.g. qemu-system-x86_64)." - die "update your virt configs to not use qemu-kvm" - fi -} - -pkg_setup() { - enewgroup kvm 78 -} - -# Sanity check to make sure target lists are kept up-to-date. -check_targets() { - local var=$1 mak=$2 - local detected sorted - - pushd "${S}"/default-configs >/dev/null || die - - # Force C locale until glibc is updated. #564936 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) - if [[ ${sorted} != "${detected}" ]] ; then - eerror "The ebuild needs to be kept in sync." - eerror "${var}: ${sorted}" - eerror "$(printf '%-*s' ${#var} configure): ${detected}" - die "sync ${var} to the list of targets" - fi - - popd >/dev/null -} - -handle_locales() { - # Make sure locale list is kept up-to-date. - local detected sorted - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) - if [[ ${sorted} != "${detected}" ]] ; then - eerror "The ebuild needs to be kept in sync." - eerror "PLOCALES: ${sorted}" - eerror " po/*.po: ${detected}" - die "sync PLOCALES" - fi - - # Deal with selective install of locales. - if use nls ; then - # Delete locales the user does not want. #577814 - rm_loc() { rm po/$1.po || die; } - l10n_for_each_disabled_locale_do rm_loc - else - # Cheap hack to disable gettext .mo generation. - rm -f po/*.po - fi -} - -src_prepare() { - check_targets IUSE_SOFTMMU_TARGETS softmmu - check_targets IUSE_USER_TARGETS linux-user - - # Alter target makefiles to accept CFLAGS set via flag-o - sed -i -r \ - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ - Makefile Makefile.target || die - - default - - # Fix ld and objcopy being called directly - tc-export AR LD OBJCOPY - - # Verbose builds - MAKEOPTS+=" V=1" - - # Run after we've applied all patches. - handle_locales -} - -## -# configures qemu based on the build directory and the build type -# we are using. -# -qemu_src_configure() { - debug-print-function ${FUNCNAME} "$@" - - local buildtype=$1 - local builddir="${S}/${buildtype}-build" - - mkdir "${builddir}" - - local conf_opts=( - --prefix=/usr - --sysconfdir=/etc - --libdir=/usr/$(get_libdir) - --docdir=/usr/share/doc/${PF}/html - --disable-bsd-user - --disable-guest-agent - --disable-strip - --disable-werror - # We support gnutls/nettle for crypto operations. It is possible - # to use gcrypt when gnutls/nettle are disabled (but not when they - # are enabled), but it's not really worth the hassle. Disable it - # all the time to avoid automatically detecting it. #568856 - --disable-gcrypt - --python="${PYTHON}" - --cc="$(tc-getCC)" - --cxx="$(tc-getCXX)" - --host-cc="$(tc-getBUILD_CC)" - $(use_enable debug debug-info) - $(use_enable debug debug-tcg) - --enable-docs - $(use_enable tci tcg-interpreter) - $(use_enable xattr attr) - ) - - # Disable options not used by user targets. This simplifies building - # static user targets (USE=static-user) considerably. - conf_notuser() { - if [[ ${buildtype} == "user" ]] ; then - echo "--disable-${2:-$1}" - else - use_enable "$@" - fi - } - conf_opts+=( - $(conf_notuser accessibility brlapi) - $(conf_notuser aio linux-aio) - $(conf_notuser bzip2) - $(conf_notuser bluetooth bluez) - $(conf_notuser caps cap-ng) - $(conf_notuser curl) - $(conf_notuser fdt) - $(conf_notuser glusterfs) - $(conf_notuser gnutls) - $(conf_notuser gnutls nettle) - $(conf_notuser gtk) - $(conf_notuser infiniband rdma) - $(conf_notuser iscsi libiscsi) - $(conf_notuser jpeg vnc-jpeg) - $(conf_notuser kernel_linux kvm) - $(conf_notuser lzo) - $(conf_notuser ncurses curses) - $(conf_notuser nfs libnfs) - $(conf_notuser numa) - $(conf_notuser opengl) - $(conf_notuser png vnc-png) - $(conf_notuser rbd) - $(conf_notuser sasl vnc-sasl) - $(conf_notuser sdl) - $(conf_notuser seccomp) - $(conf_notuser smartcard) - $(conf_notuser snappy) - $(conf_notuser spice) - $(conf_notuser ssh libssh2) - $(conf_notuser usb libusb) - $(conf_notuser usbredir usb-redir) - $(conf_notuser vde) - $(conf_notuser vhost-net) - $(conf_notuser virgl virglrenderer) - $(conf_notuser virtfs) - $(conf_notuser vnc) - $(conf_notuser vte) - $(conf_notuser xen) - $(conf_notuser xen xen-pci-passthrough) - $(conf_notuser xfs xfsctl) - ) - - if [[ ! ${buildtype} == "user" ]] ; then - # audio options - local audio_opts="oss" - use alsa && audio_opts="alsa,${audio_opts}" - use sdl && audio_opts="sdl,${audio_opts}" - use pulseaudio && audio_opts="pa,${audio_opts}" - conf_opts+=( - --audio-drv-list="${audio_opts}" - ) - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) - fi - - case ${buildtype} in - user) - conf_opts+=( - --enable-linux-user - --disable-system - --disable-blobs - --disable-tools - ) - local static_flag="static-user" - ;; - softmmu) - conf_opts+=( - --disable-linux-user - --enable-system - --disable-tools - --with-system-pixman - ) - local static_flag="static" - ;; - tools) - conf_opts+=( - --disable-linux-user - --disable-system - --disable-blobs - --enable-tools - ) - local static_flag="static" - ;; - esac - - local targets="${buildtype}_targets" - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) - - # Add support for SystemTAP - use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) - - # We always want to attempt to build with PIE support as it results - # in a more secure binary. But it doesn't work with static or if - # the current GCC doesn't have PIE support. - if use ${static_flag}; then - conf_opts+=( --static --disable-pie ) - else - tc-enables-pie && conf_opts+=( --enable-pie ) - fi - - echo "../configure ${conf_opts[*]}" - cd "${builddir}" - ../configure "${conf_opts[@]}" || die "configure failed" - - # FreeBSD's kernel does not support QEMU assigning/grabbing - # host USB devices yet - use kernel_FreeBSD && \ - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak -} - -src_configure() { - local target - - python_setup - - softmmu_targets= softmmu_bins=() - user_targets= user_bins=() - - for target in ${IUSE_SOFTMMU_TARGETS} ; do - if use "qemu_softmmu_targets_${target}"; then - softmmu_targets+=",${target}-softmmu" - softmmu_bins+=( "qemu-system-${target}" ) - fi - done - - for target in ${IUSE_USER_TARGETS} ; do - if use "qemu_user_targets_${target}"; then - user_targets+=",${target}-linux-user" - user_bins+=( "qemu-${target}" ) - fi - done - - softmmu_targets=${softmmu_targets#,} - user_targets=${user_targets#,} - - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" - [[ -n ${user_targets} ]] && qemu_src_configure "user" - qemu_src_configure "tools" -} - -src_compile() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - default - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - default - fi - - cd "${S}/tools-build" - default -} - -src_test() { - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - pax-mark m */qemu-system-* #515550 - emake -j1 check - emake -j1 check-report.html - fi -} - -qemu_python_install() { - python_domodule "${S}/scripts/qmp/qmp.py" - - python_doscript "${S}/scripts/kvm/vmxcap" - python_doscript "${S}/scripts/qmp/qmp-shell" - python_doscript "${S}/scripts/qmp/qemu-ga-client" -} - -# Generate binfmt support files. -# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) -# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) -generate_initd() { - local out="${T}/qemu-binfmt" - local out_systemd="${T}/qemu.conf" - local d="${T}/binfmt.d" - - einfo "Generating qemu binfmt scripts and configuration files" - - # Generate the debian fragments first. - mkdir -p "${d}" - "${S}"/scripts/qemu-binfmt-conf.sh \ - --debian \ - --exportdir "${d}" \ - --qemu-path "${EPREFIX}/usr/bin" \ - || die - # Then turn the fragments into a shell script we can source. - sed -E -i \ - -e 's:^([^ ]+) (.*)$:\1="\2":' \ - "${d}"/* || die - - # Generate the init.d script by assembling the fragments from above. - local f qcpu package interpreter magic mask - cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die - for f in "${d}"/qemu-* ; do - source "${f}" - - # Normalize the cpu logic like we do in the init.d for the native cpu. - qcpu=${package#qemu-} - case ${qcpu} in - arm*) qcpu="arm";; - mips*) qcpu="mips";; - ppc*) qcpu="ppc";; - s390*) qcpu="s390";; - sh*) qcpu="sh";; - sparc*) qcpu="sparc";; - esac - - cat <<EOF >>"${out}" - if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then - echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register - fi -EOF - - echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" - - done - cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die -} - -src_install() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - emake DESTDIR="${ED}" install - - # Install binfmt handler init script for user targets. - generate_initd - doinitd "${T}/qemu-binfmt" - - # Install binfmt/qemu.conf. - insinto "/usr/share/qemu/binfmt.d" - doins "${T}/qemu.conf" - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - emake DESTDIR="${ED}" install - - # This might not exist if the test failed. #512010 - [[ -e check-report.html ]] && dohtml check-report.html - - if use kernel_linux; then - udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules - fi - - if use python; then - python_foreach_impl qemu_python_install - fi - fi - - cd "${S}/tools-build" - emake DESTDIR="${ED}" install - - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 - pushd "${ED}"/usr/bin >/dev/null - pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 - popd >/dev/null - - # Install config file example for qemu-bridge-helper - insinto "/etc/qemu" - doins "${FILESDIR}/bridge.conf" - - cd "${S}" - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt - newdoc pc-bios/README README.pc-bios - dodoc docs/qmp-*.txt - - if [[ -n ${softmmu_targets} ]]; then - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - rm "${ED}/usr/share/qemu/bios-256k.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin - fi - - # Remove vgabios since we're using the seavgabios packaged one - rm "${ED}/usr/share/qemu/vgabios.bin" - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-virtio.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin - dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin - dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi - - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi - - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom - fi - fi - - DISABLE_AUTOFORMATTING=true - readme.gentoo_create_doc -} - -firmware_abi_change() { - local pv - for pv in ${REPLACING_VERSIONS}; do - if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then - return 0 - fi - done - return 1 -} - -pkg_postinst() { - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then - udev_reload - fi - - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - - DISABLE_AUTOFORMATTING=true - readme.gentoo_print_elog - - if use pin-upstream-blobs && firmware_abi_change; then - ewarn "This version of qemu pins new versions of firmware blobs:" - ewarn " $(best_version sys-firmware/edk2-ovmf)" - ewarn " $(best_version sys-firmware/ipxe)" - ewarn " $(best_version sys-firmware/seabios)" - ewarn " $(best_version sys-firmware/sgabios)" - ewarn "This might break resume of hibernated guests (started with a different" - ewarn "firmware version) and live migration to/from qemu versions with different" - ewarn "firmware. Please (cold) restart all running guests. For functional" - ewarn "guest migration ensure that all" - ewarn "hosts run at least" - ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." - fi -} - -pkg_info() { - echo "Using:" - echo " $(best_version app-emulation/spice-protocol)" - echo " $(best_version sys-firmware/edk2-ovmf)" - if has_version 'sys-firmware/edk2-ovmf[binary]'; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/ipxe)" - echo " $(best_version sys-firmware/seabios)" - if has_version 'sys-firmware/seabios[binary]'; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/sgabios)" -} diff --git a/app-emulation/qemu/qemu-2.9.0-r57.ebuild b/app-emulation/qemu/qemu-2.9.0-r57.ebuild deleted file mode 100644 index ffe6437c..00000000 --- a/app-emulation/qemu/qemu-2.9.0-r57.ebuild +++ /dev/null @@ -1,802 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="ncurses,readline" - -PLOCALES="bg de_DE fr_FR hu it tr zh_CN" - -FIRMWARE_ABI_VERSION="2.9.0-r52" - -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo-r1 pax-utils l10n - -if [[ ${PV} = *9999* ]]; then - EGIT_REPO_URI="git://git.qemu.org/qemu.git" - inherit git-r3 - SRC_URI="" -else - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" - KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" -fi - -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" - -LICENSE="GPL-2 LGPL-2 BSD-2" -SLOT="0" -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt - glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png - pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy - spice ssh static static-user systemtap tci test usb usbredir vde - +vhost-net virgl virtfs +vnc vte xattr xen xfs" - -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel - mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc - sparc64 x86_64" -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} - lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" -IUSE_USER_TARGETS="${COMMON_TARGETS} - armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" - -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) -IUSE+=" ${use_softmmu_targets} ${use_user_targets}" - -# Allow no targets to be built so that people can get a tools-only build. -# Block USE flag configurations known to not work. -REQUIRED_USE="${PYTHON_REQUIRED_USE} - gtk2? ( gtk ) - qemu_softmmu_targets_arm? ( fdt ) - qemu_softmmu_targets_microblaze? ( fdt ) - qemu_softmmu_targets_mips64el? ( fdt ) - qemu_softmmu_targets_ppc? ( fdt ) - qemu_softmmu_targets_ppc64? ( fdt ) - sdl2? ( sdl ) - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) - virtfs? ( xattr ) - vte? ( gtk )" - -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) -# and user/softmmu targets (qemu-*, qemu-system-*). -# -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. -# -# The attr lib isn't always linked in (although the USE flag is always -# respected). This is because qemu supports using the C library's API -# when available rather than always using the extranl library. -ALL_DEPEND=" - >=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)] - python? ( ${PYTHON_DEPS} ) - systemtap? ( dev-util/systemtap ) - xattr? ( sys-apps/attr[static-libs(+)] )" - -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) -# softmmu targets (qemu-system-*). -SOFTMMU_TOOLS_DEPEND=" - >=x11-libs/pixman-0.28.0[static-libs(+)] - accessibility? ( - app-accessibility/brltty[api] - app-accessibility/brltty[static-libs(+)] - ) - aio? ( dev-libs/libaio[static-libs(+)] ) - alsa? ( >=media-libs/alsa-lib-1.0.13 ) - bluetooth? ( net-wireless/bluez ) - bzip2? ( app-arch/bzip2[static-libs(+)] ) - caps? ( sys-libs/libcap-ng[static-libs(+)] ) - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) - gnutls? ( - dev-libs/nettle:=[static-libs(+)] - >=net-libs/gnutls-3.0:=[static-libs(+)] - ) - gtk? ( - gtk2? ( - x11-libs/gtk+:2 - vte? ( x11-libs/vte:0 ) - ) - !gtk2? ( - x11-libs/gtk+:3 - vte? ( x11-libs/vte:2.91 ) - ) - ) - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) - iscsi? ( net-libs/libiscsi ) - jpeg? ( virtual/jpeg:0=[static-libs(+)] ) - lzo? ( dev-libs/lzo:2[static-libs(+)] ) - ncurses? ( - sys-libs/ncurses:0=[unicode] - sys-libs/ncurses:0=[static-libs(+)] - ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) - numa? ( sys-process/numactl[static-libs(+)] ) - opengl? ( - virtual/opengl - media-libs/libepoxy[static-libs(+)] - media-libs/mesa[static-libs(+)] - media-libs/mesa[egl,gbm] - ) - png? ( media-libs/libpng:0=[static-libs(+)] ) - pulseaudio? ( media-sound/pulseaudio ) - rbd? ( sys-cluster/ceph[static-libs(+)] ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) - sdl? ( - !sdl2? ( - media-libs/libsdl[X] - >=media-libs/libsdl-1.2.11[static-libs(+)] - ) - sdl2? ( - media-libs/libsdl2[X] - media-libs/libsdl2[static-libs(+)] - ) - ) - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) - snappy? ( app-arch/snappy:=[static-libs(+)] ) - spice? ( - >=app-emulation/spice-protocol-0.12.3 - >=app-emulation/spice-0.12.0[static-libs(+)] - ) - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) - usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) - vde? ( net-misc/vde[static-libs(+)] ) - virgl? ( media-libs/virglrenderer[static-libs(+)] ) - virtfs? ( sys-libs/libcap ) - xen? ( app-emulation/xen-tools:= ) - xfs? ( sys-fs/xfsprogs[static-libs(+)] )" - -X86_FIRMWARE_DEPEND=" - pin-upstream-blobs? ( - ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] - ~sys-firmware/ipxe-1.0.0_p20160620 - ~sys-firmware/seabios-1.10.2[binary,seavgabios] - ~sys-firmware/sgabios-0.1_pre8 - ) - !pin-upstream-blobs? ( - sys-firmware/edk2-ovmf - sys-firmware/ipxe - >=sys-firmware/seabios-1.10.2[seavgabios] - sys-firmware/sgabios - )" - -CDEPEND=" - !static? ( - ${ALL_DEPEND//\[static-libs(+)]} - ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} - ) - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" -DEPEND="${CDEPEND} - dev-lang/perl - =dev-lang/python-2* - sys-apps/texinfo - virtual/pkgconfig - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) - gtk? ( nls? ( sys-devel/gettext ) ) - static? ( - ${ALL_DEPEND} - ${SOFTMMU_TOOLS_DEPEND} - ) - static-user? ( ${ALL_DEPEND} ) - test? ( - dev-libs/glib[utils] - sys-devel/bc - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-qemu )" - -PATCHES=( - # musl patches - "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch - "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch - "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch - - # gentoo patches - "${FILESDIR}"/${PN}-2.5.0-cflags.patch - "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088 -) - -STRIP_MASK="/usr/share/qemu/palcode-clipper" - -QA_PREBUILT=" - usr/share/qemu/openbios-ppc - usr/share/qemu/openbios-sparc64 - usr/share/qemu/openbios-sparc32 - usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img - usr/share/qemu/u-boot.e500" - -QA_WX_LOAD="usr/bin/qemu-i386 - usr/bin/qemu-x86_64 - usr/bin/qemu-alpha - usr/bin/qemu-arm - usr/bin/qemu-cris - usr/bin/qemu-m68k - usr/bin/qemu-microblaze - usr/bin/qemu-microblazeel - usr/bin/qemu-mips - usr/bin/qemu-mipsel - usr/bin/qemu-or1k - usr/bin/qemu-ppc - usr/bin/qemu-ppc64 - usr/bin/qemu-ppc64abi32 - usr/bin/qemu-sh4 - usr/bin/qemu-sh4eb - usr/bin/qemu-sparc - usr/bin/qemu-sparc64 - usr/bin/qemu-armeb - usr/bin/qemu-sparc32plus - usr/bin/qemu-s390x - usr/bin/qemu-unicore32" - -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the -kernel module loaded before running kvm. The easiest way to ensure that the -kernel module is loaded is to load it on boot. - For AMD CPUs the module is called 'kvm-amd'. - For Intel CPUs the module is called 'kvm-intel'. -Please review /etc/conf.d/modules for how to load these. - -Make sure your user is in the 'kvm' group. Just run - $ gpasswd -a <USER> kvm -then have <USER> re-login. - -For brand new installs, the default permissions on /dev/kvm might not let -you access it. You can tell udev to reset ownership/perms: - $ udevadm trigger -c add /dev/kvm - -If you want to register binfmt handlers for qemu user targets: -For openrc: - # rc-update add qemu-binfmt -For systemd: - # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" - -pkg_pretend() { - if use kernel_linux && kernel_is lt 2 6 25; then - eerror "This version of KVM requres a host kernel of 2.6.25 or higher." - elif use kernel_linux; then - if ! linux_config_exists; then - eerror "Unable to check your kernel for KVM support" - else - CONFIG_CHECK="~KVM ~TUN ~BRIDGE" - ERROR_KVM="You must enable KVM in your kernel to continue" - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" - ERROR_KVM_AMD+=" your kernel configuration." - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." - ERROR_TUN="You will need the Universal TUN/TAP driver compiled" - ERROR_TUN+=" into your kernel or loaded as a module to use the" - ERROR_TUN+=" virtual network device if using -net tap." - ERROR_BRIDGE="You will also need support for 802.1d" - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" - ERROR_VHOST_NET+=" support" - - if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" - fi - - use python && CONFIG_CHECK+=" ~DEBUG_FS" - ERROR_DEBUG_FS="debugFS support required for kvm_stat" - - # Now do the actual checks setup above - check_extra_config - fi - fi - - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" - eerror "instances are still pointing to it. Please update your" - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" - eerror "and the right system binary (e.g. qemu-system-x86_64)." - die "update your virt configs to not use qemu-kvm" - fi -} - -pkg_setup() { - enewgroup kvm 78 -} - -# Sanity check to make sure target lists are kept up-to-date. -check_targets() { - local var=$1 mak=$2 - local detected sorted - - pushd "${S}"/default-configs >/dev/null || die - - # Force C locale until glibc is updated. #564936 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) - if [[ ${sorted} != "${detected}" ]] ; then - eerror "The ebuild needs to be kept in sync." - eerror "${var}: ${sorted}" - eerror "$(printf '%-*s' ${#var} configure): ${detected}" - die "sync ${var} to the list of targets" - fi - - popd >/dev/null -} - -handle_locales() { - # Make sure locale list is kept up-to-date. - local detected sorted - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) - if [[ ${sorted} != "${detected}" ]] ; then - eerror "The ebuild needs to be kept in sync." - eerror "PLOCALES: ${sorted}" - eerror " po/*.po: ${detected}" - die "sync PLOCALES" - fi - - # Deal with selective install of locales. - if use nls ; then - # Delete locales the user does not want. #577814 - rm_loc() { rm po/$1.po || die; } - l10n_for_each_disabled_locale_do rm_loc - else - # Cheap hack to disable gettext .mo generation. - rm -f po/*.po - fi -} - -src_prepare() { - check_targets IUSE_SOFTMMU_TARGETS softmmu - check_targets IUSE_USER_TARGETS linux-user - - # Alter target makefiles to accept CFLAGS set via flag-o - sed -i -r \ - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ - Makefile Makefile.target || die - - default - - # Fix ld and objcopy being called directly - tc-export AR LD OBJCOPY - - # Verbose builds - MAKEOPTS+=" V=1" - - # Run after we've applied all patches. - handle_locales - - #remove bundled copy of libfdt - rm -r dtc || die -} - -## -# configures qemu based on the build directory and the build type -# we are using. -# -qemu_src_configure() { - debug-print-function ${FUNCNAME} "$@" - - local buildtype=$1 - local builddir="${S}/${buildtype}-build" - - mkdir "${builddir}" - - local conf_opts=( - --prefix=/usr - --sysconfdir=/etc - --libdir=/usr/$(get_libdir) - --docdir=/usr/share/doc/${PF}/html - --disable-bsd-user - --disable-guest-agent - --disable-strip - --disable-werror - # We support gnutls/nettle for crypto operations. It is possible - # to use gcrypt when gnutls/nettle are disabled (but not when they - # are enabled), but it's not really worth the hassle. Disable it - # all the time to avoid automatically detecting it. #568856 - --disable-gcrypt - --python="${PYTHON}" - --cc="$(tc-getCC)" - --cxx="$(tc-getCXX)" - --host-cc="$(tc-getBUILD_CC)" - $(use_enable debug debug-info) - $(use_enable debug debug-tcg) - --enable-docs - $(use_enable tci tcg-interpreter) - $(use_enable xattr attr) - ) - - # Disable options not used by user targets. This simplifies building - # static user targets (USE=static-user) considerably. - conf_notuser() { - if [[ ${buildtype} == "user" ]] ; then - echo "--disable-${2:-$1}" - else - use_enable "$@" - fi - } - conf_opts+=( - $(conf_notuser accessibility brlapi) - $(conf_notuser aio linux-aio) - $(conf_notuser bzip2) - $(conf_notuser bluetooth bluez) - $(conf_notuser caps cap-ng) - $(conf_notuser curl) - $(conf_notuser fdt) - $(conf_notuser glusterfs) - $(conf_notuser gnutls) - $(conf_notuser gnutls nettle) - $(conf_notuser gtk) - $(conf_notuser infiniband rdma) - $(conf_notuser iscsi libiscsi) - $(conf_notuser jpeg vnc-jpeg) - $(conf_notuser kernel_linux kvm) - $(conf_notuser lzo) - $(conf_notuser ncurses curses) - $(conf_notuser nfs libnfs) - $(conf_notuser numa) - $(conf_notuser opengl) - $(conf_notuser png vnc-png) - $(conf_notuser rbd) - $(conf_notuser sasl vnc-sasl) - $(conf_notuser sdl) - $(conf_notuser seccomp) - $(conf_notuser smartcard) - $(conf_notuser snappy) - $(conf_notuser spice) - $(conf_notuser ssh libssh2) - $(conf_notuser usb libusb) - $(conf_notuser usbredir usb-redir) - $(conf_notuser vde) - $(conf_notuser vhost-net) - $(conf_notuser virgl virglrenderer) - $(conf_notuser virtfs) - $(conf_notuser vnc) - $(conf_notuser vte) - $(conf_notuser xen) - $(conf_notuser xen xen-pci-passthrough) - $(conf_notuser xfs xfsctl) - ) - - if [[ ! ${buildtype} == "user" ]] ; then - # audio options - local audio_opts="oss" - use alsa && audio_opts="alsa,${audio_opts}" - use sdl && audio_opts="sdl,${audio_opts}" - use pulseaudio && audio_opts="pa,${audio_opts}" - conf_opts+=( - --audio-drv-list="${audio_opts}" - ) - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) - fi - - case ${buildtype} in - user) - conf_opts+=( - --enable-linux-user - --disable-system - --disable-blobs - --disable-tools - ) - local static_flag="static-user" - ;; - softmmu) - conf_opts+=( - --disable-linux-user - --enable-system - --disable-tools - --with-system-pixman - ) - local static_flag="static" - ;; - tools) - conf_opts+=( - --disable-linux-user - --disable-system - --disable-blobs - --enable-tools - ) - local static_flag="static" - ;; - esac - - local targets="${buildtype}_targets" - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) - - # Add support for SystemTAP - use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) - - # We always want to attempt to build with PIE support as it results - # in a more secure binary. But it doesn't work with static or if - # the current GCC doesn't have PIE support. - if use ${static_flag}; then - conf_opts+=( --static --disable-pie ) - else - tc-enables-pie && conf_opts+=( --enable-pie ) - fi - - echo "../configure ${conf_opts[*]}" - cd "${builddir}" - ../configure "${conf_opts[@]}" || die "configure failed" - - # FreeBSD's kernel does not support QEMU assigning/grabbing - # host USB devices yet - use kernel_FreeBSD && \ - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak -} - -src_configure() { - local target - - python_setup - - softmmu_targets= softmmu_bins=() - user_targets= user_bins=() - - for target in ${IUSE_SOFTMMU_TARGETS} ; do - if use "qemu_softmmu_targets_${target}"; then - softmmu_targets+=",${target}-softmmu" - softmmu_bins+=( "qemu-system-${target}" ) - fi - done - - for target in ${IUSE_USER_TARGETS} ; do - if use "qemu_user_targets_${target}"; then - user_targets+=",${target}-linux-user" - user_bins+=( "qemu-${target}" ) - fi - done - - softmmu_targets=${softmmu_targets#,} - user_targets=${user_targets#,} - - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" - [[ -n ${user_targets} ]] && qemu_src_configure "user" - qemu_src_configure "tools" -} - -src_compile() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - default - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - default - fi - - cd "${S}/tools-build" - default -} - -src_test() { - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - pax-mark m */qemu-system-* #515550 - emake -j1 check - emake -j1 check-report.html - fi -} - -qemu_python_install() { - python_domodule "${S}/scripts/qmp/qmp.py" - - python_doscript "${S}/scripts/kvm/vmxcap" - python_doscript "${S}/scripts/qmp/qmp-shell" - python_doscript "${S}/scripts/qmp/qemu-ga-client" -} - -# Generate binfmt support files. -# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) -# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) -generate_initd() { - local out="${T}/qemu-binfmt" - local out_systemd="${T}/qemu.conf" - local d="${T}/binfmt.d" - - einfo "Generating qemu binfmt scripts and configuration files" - - # Generate the debian fragments first. - mkdir -p "${d}" - "${S}"/scripts/qemu-binfmt-conf.sh \ - --debian \ - --exportdir "${d}" \ - --qemu-path "${EPREFIX}/usr/bin" \ - || die - # Then turn the fragments into a shell script we can source. - sed -E -i \ - -e 's:^([^ ]+) (.*)$:\1="\2":' \ - "${d}"/* || die - - # Generate the init.d script by assembling the fragments from above. - local f qcpu package interpreter magic mask - cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die - for f in "${d}"/qemu-* ; do - source "${f}" - - # Normalize the cpu logic like we do in the init.d for the native cpu. - qcpu=${package#qemu-} - case ${qcpu} in - arm*) qcpu="arm";; - mips*) qcpu="mips";; - ppc*) qcpu="ppc";; - s390*) qcpu="s390";; - sh*) qcpu="sh";; - sparc*) qcpu="sparc";; - esac - - cat <<EOF >>"${out}" - if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then - echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register - fi -EOF - - echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" - - done - cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die -} - -src_install() { - if [[ -n ${user_targets} ]]; then - cd "${S}/user-build" - emake DESTDIR="${ED}" install - - # Install binfmt handler init script for user targets. - generate_initd - doinitd "${T}/qemu-binfmt" - - # Install binfmt/qemu.conf. - insinto "/usr/share/qemu/binfmt.d" - doins "${T}/qemu.conf" - fi - - if [[ -n ${softmmu_targets} ]]; then - cd "${S}/softmmu-build" - emake DESTDIR="${ED}" install - - # This might not exist if the test failed. #512010 - [[ -e check-report.html ]] && dohtml check-report.html - - if use kernel_linux; then - udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules - fi - - if use python; then - python_foreach_impl qemu_python_install - fi - fi - - cd "${S}/tools-build" - emake DESTDIR="${ED}" install - - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 - pushd "${ED}"/usr/bin >/dev/null - pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 - popd >/dev/null - - # Install config file example for qemu-bridge-helper - insinto "/etc/qemu" - doins "${FILESDIR}/bridge.conf" - - cd "${S}" - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt - newdoc pc-bios/README README.pc-bios - dodoc docs/qmp-*.txt - - if [[ -n ${softmmu_targets} ]]; then - # Remove SeaBIOS since we're using the SeaBIOS packaged one - rm "${ED}/usr/share/qemu/bios.bin" - rm "${ED}/usr/share/qemu/bios-256k.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin - fi - - # Remove vgabios since we're using the seavgabios packaged one - rm "${ED}/usr/share/qemu/vgabios.bin" - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-virtio.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin - dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin - dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi - - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi - - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom - fi - fi - - DISABLE_AUTOFORMATTING=true - readme.gentoo_create_doc -} - -firmware_abi_change() { - local pv - for pv in ${REPLACING_VERSIONS}; do - if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then - return 0 - fi - done - return 1 -} - -pkg_postinst() { - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then - udev_reload - fi - - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - - DISABLE_AUTOFORMATTING=true - readme.gentoo_print_elog - - if use pin-upstream-blobs && firmware_abi_change; then - ewarn "This version of qemu pins new versions of firmware blobs:" - ewarn " $(best_version sys-firmware/edk2-ovmf)" - ewarn " $(best_version sys-firmware/ipxe)" - ewarn " $(best_version sys-firmware/seabios)" - ewarn " $(best_version sys-firmware/sgabios)" - ewarn "This might break resume of hibernated guests (started with a different" - ewarn "firmware version) and live migration to/from qemu versions with different" - ewarn "firmware. Please (cold) restart all running guests. For functional" - ewarn "guest migration ensure that all" - ewarn "hosts run at least" - ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." - fi -} - -pkg_info() { - echo "Using:" - echo " $(best_version app-emulation/spice-protocol)" - echo " $(best_version sys-firmware/edk2-ovmf)" - if has_version 'sys-firmware/edk2-ovmf[binary]'; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/ipxe)" - echo " $(best_version sys-firmware/seabios)" - if has_version 'sys-firmware/seabios[binary]'; then - echo " USE=binary" - else - echo " USE=''" - fi - echo " $(best_version sys-firmware/sgabios)" -} |