aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Janda <felix.janda@posteo.de>2016-01-30 16:58:50 +0100
committerAnthony G. Basile <blueness@gentoo.org>2016-01-30 12:28:05 -0500
commitdb375501bb3b42701ab7b00e15a76ec00779332b (patch)
tree30b6f35dc72b81649c0c9b8a7150f0c8ac0ab34a
parentdev-libs/boehm-gc: Make it pass its testsuite (diff)
downloadmusl-db375501bb3b42701ab7b00e15a76ec00779332b.tar.gz
musl-db375501bb3b42701ab7b00e15a76ec00779332b.tar.bz2
musl-db375501bb3b42701ab7b00e15a76ec00779332b.zip
app-emulation/qemu: bump to 2.5.0
-rw-r--r--app-emulation/qemu/Manifest13
-rw-r--r--app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch241
-rw-r--r--app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch58
-rw-r--r--app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch86
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch50
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch95
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch49
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch50
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch41
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-cflags.patch13
-rw-r--r--app-emulation/qemu/qemu-2.5.0-r99.ebuild (renamed from app-emulation/qemu/qemu-2.2.1-r99.ebuild)274
11 files changed, 469 insertions, 501 deletions
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 2ecdb661..9fdb00d1 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -4,11 +4,14 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053
AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
-AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
-AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
-AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
+AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
+AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
+AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
+AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
+AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
+AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c
AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
-DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
-EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae
+DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
+EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 aeca48b0f3004f6d41077db6a763ef43c900cecf59d0f9d3ec6eb028846f0560 SHA512 31101660cd608272b6d6b24081ca095f3eb2fb2a33a2174fe62bf86fe006db6deb56590ae8a784fc69e3dd4f19c7a96035d38506f8a3d07e27397d710cf9e85c WHIRLPOOL 457f88c5e474183df7ae41a8d6c0ad49e76a6fdd69c59591c62f750c426e3998628f0770303536102d87509cfc2578813799e4052e09fb688460fa7bf424a2c4
MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8
diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
deleted file mode 100644
index 35ef8fde..00000000
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
+++ /dev/null
@@ -1,241 +0,0 @@
-From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 23 Mar 2015 22:58:21 +0000
-Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
-
-The logic for decoding websocket frames wants to fully
-decode the frame header and payload, before allowing the
-VNC server to see any of the payload data. There is no
-size limit on websocket payloads, so this allows a
-malicious network client to consume 2^64 bytes in memory
-in QEMU. It can trigger this denial of service before
-the VNC server even performs any authentication.
-
-The fix is to decode the header, and then incrementally
-decode the payload data as it is needed. With this fix
-the websocket decoder will allow at most 4k of data to
-be buffered before decoding and processing payload.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-
-[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
-
- @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
- - *payload_size = input->offset;
- + *payload_size = *payload_remain;
-
-[ kraxel: fix 32bit build ]
-
- @@ -306,7 +306,7 @@ struct VncState
- - uint64_t ws_payload_remain;
- + size_t ws_payload_remain;
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
- ui/vnc-ws.h | 9 ++++--
- ui/vnc.h | 2 ++
- 3 files changed, 80 insertions(+), 36 deletions(-)
-
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
-index 85dbb7e..0b7de4e 100644
---- a/ui/vnc-ws.c
-+++ b/ui/vnc-ws.c
-@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
- {
- int ret, err;
- uint8_t *payload;
-- size_t payload_size, frame_size;
-+ size_t payload_size, header_size;
- VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
- vs->ws_input.capacity, vs->ws_input.offset);
- buffer_reserve(&vs->ws_input, 4096);
-@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
- }
- vs->ws_input.offset += ret;
-
-- /* make sure that nothing is left in the ws_input buffer */
-+ ret = 0;
-+ /* consume as much of ws_input buffer as possible */
- do {
-- err = vncws_decode_frame(&vs->ws_input, &payload,
-- &payload_size, &frame_size);
-- if (err <= 0) {
-- return err;
-+ if (vs->ws_payload_remain == 0) {
-+ err = vncws_decode_frame_header(&vs->ws_input,
-+ &header_size,
-+ &vs->ws_payload_remain,
-+ &vs->ws_payload_mask);
-+ if (err <= 0) {
-+ return err;
-+ }
-+
-+ buffer_advance(&vs->ws_input, header_size);
- }
-+ if (vs->ws_payload_remain != 0) {
-+ err = vncws_decode_frame_payload(&vs->ws_input,
-+ &vs->ws_payload_remain,
-+ &vs->ws_payload_mask,
-+ &payload,
-+ &payload_size);
-+ if (err < 0) {
-+ return err;
-+ }
-+ if (err == 0) {
-+ return ret;
-+ }
-+ ret += err;
-
-- buffer_reserve(&vs->input, payload_size);
-- buffer_append(&vs->input, payload, payload_size);
-+ buffer_reserve(&vs->input, payload_size);
-+ buffer_append(&vs->input, payload, payload_size);
-
-- buffer_advance(&vs->ws_input, frame_size);
-+ buffer_advance(&vs->ws_input, payload_size);
-+ }
- } while (vs->ws_input.offset > 0);
-
- return ret;
-@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
- buffer_append(output, payload, payload_size);
- }
-
--int vncws_decode_frame(Buffer *input, uint8_t **payload,
-- size_t *payload_size, size_t *frame_size)
-+int vncws_decode_frame_header(Buffer *input,
-+ size_t *header_size,
-+ size_t *payload_remain,
-+ WsMask *payload_mask)
- {
- unsigned char opcode = 0, fin = 0, has_mask = 0;
-- size_t header_size = 0;
-- uint32_t *payload32;
-+ size_t payload_len;
- WsHeader *header = (WsHeader *)input->buffer;
-- WsMask mask;
-- int i;
-
- if (input->offset < WS_HEAD_MIN_LEN + 4) {
- /* header not complete */
-@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
- fin = (header->b0 & 0x80) >> 7;
- opcode = header->b0 & 0x0f;
- has_mask = (header->b1 & 0x80) >> 7;
-- *payload_size = header->b1 & 0x7f;
-+ payload_len = header->b1 & 0x7f;
-
- if (opcode == WS_OPCODE_CLOSE) {
- /* disconnect */
-@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
- return -2;
- }
-
-- if (*payload_size < 126) {
-- header_size = 6;
-- mask = header->u.m;
-- } else if (*payload_size == 126 && input->offset >= 8) {
-- *payload_size = be16_to_cpu(header->u.s16.l16);
-- header_size = 8;
-- mask = header->u.s16.m16;
-- } else if (*payload_size == 127 && input->offset >= 14) {
-- *payload_size = be64_to_cpu(header->u.s64.l64);
-- header_size = 14;
-- mask = header->u.s64.m64;
-+ if (payload_len < 126) {
-+ *payload_remain = payload_len;
-+ *header_size = 6;
-+ *payload_mask = header->u.m;
-+ } else if (payload_len == 126 && input->offset >= 8) {
-+ *payload_remain = be16_to_cpu(header->u.s16.l16);
-+ *header_size = 8;
-+ *payload_mask = header->u.s16.m16;
-+ } else if (payload_len == 127 && input->offset >= 14) {
-+ *payload_remain = be64_to_cpu(header->u.s64.l64);
-+ *header_size = 14;
-+ *payload_mask = header->u.s64.m64;
- } else {
- /* header not complete */
- return 0;
- }
-
-- *frame_size = header_size + *payload_size;
-+ return 1;
-+}
-+
-+int vncws_decode_frame_payload(Buffer *input,
-+ size_t *payload_remain, WsMask *payload_mask,
-+ uint8_t **payload, size_t *payload_size)
-+{
-+ size_t i;
-+ uint32_t *payload32;
-
-- if (input->offset < *frame_size) {
-- /* frame not complete */
-+ *payload = input->buffer;
-+ /* If we aren't at the end of the payload, then drop
-+ * off the last bytes, so we're always multiple of 4
-+ * for purpose of unmasking, except at end of payload
-+ */
-+ if (input->offset < *payload_remain) {
-+ *payload_size = input->offset - (input->offset % 4);
-+ } else {
-+ *payload_size = *payload_remain;
-+ }
-+ if (*payload_size == 0) {
- return 0;
- }
--
-- *payload = input->buffer + header_size;
-+ *payload_remain -= *payload_size;
-
- /* unmask frame */
- /* process 1 frame (32 bit op) */
- payload32 = (uint32_t *)(*payload);
- for (i = 0; i < *payload_size / 4; i++) {
-- payload32[i] ^= mask.u;
-+ payload32[i] ^= payload_mask->u;
- }
- /* process the remaining bytes (if any) */
- for (i *= 4; i < *payload_size; i++) {
-- (*payload)[i] ^= mask.c[i % 4];
-+ (*payload)[i] ^= payload_mask->c[i % 4];
- }
-
- return 1;
-diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
-index ef229b7..14d4230 100644
---- a/ui/vnc-ws.h
-+++ b/ui/vnc-ws.h
-@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
- void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
- void vncws_encode_frame(Buffer *output, const void *payload,
- const size_t payload_size);
--int vncws_decode_frame(Buffer *input, uint8_t **payload,
-- size_t *payload_size, size_t *frame_size);
-+int vncws_decode_frame_header(Buffer *input,
-+ size_t *header_size,
-+ size_t *payload_remain,
-+ WsMask *payload_mask);
-+int vncws_decode_frame_payload(Buffer *input,
-+ size_t *payload_remain, WsMask *payload_mask,
-+ uint8_t **payload, size_t *payload_size);
-
- #endif /* __QEMU_UI_VNC_WS_H */
-diff --git a/ui/vnc.h b/ui/vnc.h
-index e19ac39..3f7c6a9 100644
---- a/ui/vnc.h
-+++ b/ui/vnc.h
-@@ -306,6 +306,8 @@ struct VncState
- #ifdef CONFIG_VNC_WS
- Buffer ws_input;
- Buffer ws_output;
-+ size_t ws_payload_remain;
-+ WsMask ws_payload_mask;
- #endif
- /* current output mode information */
- VncWritePixels *write_pixels;
---
-2.3.5
-
diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
deleted file mode 100644
index c7a8c8b3..00000000
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 23 Mar 2015 22:58:22 +0000
-Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
- clients
-
-The VNC server websockets decoder will read and buffer data from
-websockets clients until it sees the end of the HTTP headers,
-as indicated by \r\n\r\n. In theory this allows a malicious to
-trick QEMU into consuming an arbitrary amount of RAM. In practice,
-because QEMU runs g_strstr_len() across the buffered header data,
-it will spend increasingly long burning CPU time searching for
-the substring match and less & less time reading data. So while
-this does cause arbitrary memory growth, the bigger problem is
-that QEMU will be burning 100% of available CPU time.
-
-A novnc websockets client typically sends headers of around
-512 bytes in length. As such it is reasonable to place a 4096
-byte limit on the amount of data buffered while searching for
-the end of HTTP headers.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/vnc-ws.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
-index 0b7de4e..62eb97f 100644
---- a/ui/vnc-ws.c
-+++ b/ui/vnc-ws.c
-@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
- VncState *vs = opaque;
- uint8_t *handshake_end;
- long ret;
-- buffer_reserve(&vs->ws_input, 4096);
-- ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
-+ /* Typical HTTP headers from novnc are 512 bytes, so limiting
-+ * total header size to 4096 is easily enough. */
-+ size_t want = 4096 - vs->ws_input.offset;
-+ buffer_reserve(&vs->ws_input, want);
-+ ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
-
- if (!ret) {
- if (vs->csock == -1) {
-@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
- vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
- buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
- strlen(WS_HANDSHAKE_END));
-+ } else if (vs->ws_input.offset >= 4096) {
-+ VNC_DEBUG("End of headers not found in first 4096 bytes\n");
-+ vnc_client_error(vs);
- }
- }
-
---
-2.3.5
-
diff --git a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
deleted file mode 100644
index 87697d08..00000000
--- a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-https://bugs.gentoo.org/549404
-
-From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Wed, 6 May 2015 09:48:59 +0200
-Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
-
-During processing of certain commands such as FD_CMD_READ_ID and
-FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
-get out of bounds leading to memory corruption with values coming
-from the guest.
-
-Fix this by making sure that the index is always bounded by the
-allocated memory.
-
-This is CVE-2015-3456.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
----
- hw/block/fdc.c | 17 +++++++++++------
- 1 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c
-index f72a392..d8a8edd 100644
---- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- {
- FDrive *cur_drv;
- uint32_t retval = 0;
-- int pos;
-+ uint32_t pos;
-
- cur_drv = get_cur_drv(fdctrl);
- fdctrl->dsr &= ~FD_DSR_PWRDOWN;
-@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- return 0;
- }
- pos = fdctrl->data_pos;
-+ pos %= FD_SECTOR_LEN;
- if (fdctrl->msr & FD_MSR_NONDMA) {
-- pos %= FD_SECTOR_LEN;
- if (pos == 0) {
- if (fdctrl->data_pos != 0)
- if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
-@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
- {
- FDrive *cur_drv = get_cur_drv(fdctrl);
-+ uint32_t pos;
-
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
-+ pos = fdctrl->data_pos - 1;
-+ pos %= FD_SECTOR_LEN;
-+ if (fdctrl->fifo[pos] & 0x80) {
- /* Command parameters done */
-- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
-+ if (fdctrl->fifo[pos] & 0x40) {
- fdctrl->fifo[0] = fdctrl->fifo[1];
- fdctrl->fifo[2] = 0;
- fdctrl->fifo[3] = 0;
-@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- {
- FDrive *cur_drv;
-- int pos;
-+ uint32_t pos;
-
- /* Reset mode */
- if (!(fdctrl->dor & FD_DOR_nRESET)) {
-@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- }
-
- FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
-- fdctrl->fifo[fdctrl->data_pos++] = value;
-+ pos = fdctrl->data_pos++;
-+ pos %= FD_SECTOR_LEN;
-+ fdctrl->fifo[pos] = value;
- if (fdctrl->data_pos == fdctrl->data_len) {
- /* We now have all parameters
- * and will be able to treat the command
---
-1.7.0.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
new file mode 100644
index 00000000..fbc6a0ad
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
@@ -0,0 +1,50 @@
+https://bugs.gentoo.org/568246
+
+From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 14 Dec 2015 09:21:23 +0100
+Subject: [PATCH] ehci: make idt processing more robust
+
+Make ehci_process_itd return an error in case we didn't do any actual
+iso transfer because we've found no active transaction. That'll avoid
+ehci happily run in circles forever if the guest builds a loop out of
+idts.
+
+This is CVE-2015-8558.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Tested-by: P J P <ppandit@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 4e2161b..d07f228 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ {
+ USBDevice *dev;
+ USBEndpoint *ep;
+- uint32_t i, len, pid, dir, devaddr, endp;
++ uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
+ uint32_t pg, off, ptr1, ptr2, max, mult;
+
+ ehci->periodic_sched_active = PERIODIC_ACTIVE;
+@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
+ ehci_raise_irq(ehci, USBSTS_INT);
+ }
+ itd->transact[i] &= ~ITD_XACT_ACTIVE;
++ xfers++;
+ }
+ }
+- return 0;
++ return xfers ? 0 : -1;
+ }
+
+
+--
+2.6.2
+
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
new file mode 100644
index 00000000..e1960436
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
@@ -0,0 +1,95 @@
+https://bugs.gentoo.org/567868
+
+From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Tue, 15 Dec 2015 12:27:54 +0530
+Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
+
+Vmxnet3 device emulator does not check if the device is active
+before activating it, also it did not free the transmit & receive
+buffers while deactivating the device, thus resulting in memory
+leakage on the host. This patch fixes both these issues to avoid
+host memory leakage.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/vmxnet3.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index a5dd79a..9c1adfc 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
+
+ static void vmxnet3_deactivate_device(VMXNET3State *s)
+ {
+- VMW_CBPRN("Deactivating vmxnet3...");
+- s->device_active = false;
++ if (s->device_active) {
++ VMW_CBPRN("Deactivating vmxnet3...");
++ vmxnet_tx_pkt_reset(s->tx_pkt);
++ vmxnet_tx_pkt_uninit(s->tx_pkt);
++ vmxnet_rx_pkt_uninit(s->rx_pkt);
++ s->device_active = false;
++ }
+ }
+
+ static void vmxnet3_reset(VMXNET3State *s)
+@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
+
+ vmxnet3_deactivate_device(s);
+ vmxnet3_reset_interrupt_states(s);
+- vmxnet_tx_pkt_reset(s->tx_pkt);
+ s->drv_shmem = 0;
+ s->tx_sop = true;
+ s->skip_current_tx_pkt = false;
+@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
+ return;
+ }
+
++ /* Verify if device is active */
++ if (s->device_active) {
++ VMW_CFPRN("Vmxnet3 device is active");
++ return;
++ }
++
+ vmxnet3_adjust_by_guest_type(s);
+ vmxnet3_update_features(s);
+ vmxnet3_update_pm_state(s);
+@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
+ break;
+
+ case VMXNET3_CMD_QUIESCE_DEV:
+- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
++ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
+ vmxnet3_deactivate_device(s);
+ break;
+
+@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
+ * shared address only after we get the high part
+ */
+ if (val == 0) {
+- s->device_active = false;
++ vmxnet3_deactivate_device(s);
+ }
+ s->temp_shared_guest_driver_memory = val;
+ s->drv_shmem = 0;
+@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
+ static void vmxnet3_net_uninit(VMXNET3State *s)
+ {
+ g_free(s->mcast_list);
+- vmxnet_tx_pkt_reset(s->tx_pkt);
+- vmxnet_tx_pkt_uninit(s->tx_pkt);
+- vmxnet_rx_pkt_uninit(s->rx_pkt);
++ vmxnet3_deactivate_device(s);
+ qemu_del_nic(s->nic);
+ }
+
+--
+2.6.2
+
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
new file mode 100644
index 00000000..0dab1c3e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
@@ -0,0 +1,49 @@
+https://bugs.gentoo.org/570110
+
+From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 28 Dec 2015 16:24:08 +0530
+Subject: [PATCH] net: rocker: fix an incorrect array bounds check
+
+While processing transmit(tx) descriptors in 'tx_consume' routine
+the switch emulator suffers from an off-by-one error, if a
+descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
+fragments. Fix an incorrect bounds check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/rocker/rocker.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
+index c57f1a6..2e77e50 100644
+--- a/hw/net/rocker/rocker.c
++++ b/hw/net/rocker/rocker.c
+@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
+ frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
+ frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
+
++ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
++ goto err_too_many_frags;
++ }
+ iov[iovcnt].iov_len = frag_len;
+ iov[iovcnt].iov_base = g_malloc(frag_len);
+ if (!iov[iovcnt].iov_base) {
+@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
+ err = -ROCKER_ENXIO;
+ goto err_bad_io;
+ }
+-
+- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
+- goto err_too_many_frags;
+- }
++ iovcnt++;
+ }
+
+ if (iovcnt) {
+--
+2.6.2
+
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
new file mode 100644
index 00000000..b2bca569
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
@@ -0,0 +1,50 @@
+https://bugs.gentoo.org/570988
+
+From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 31 Dec 2015 17:05:27 +0530
+Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
+
+While doing ioport r/w operations, ne2000 device emulation suffers
+from OOB r/w errors. Update respective array bounds check to avoid
+OOB access.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/ne2000.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
+index 010f9ef..a3dffff 100644
+--- a/hw/net/ne2000.c
++++ b/hw/net/ne2000.c
+@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
+ uint32_t val)
+ {
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+- if (addr < 32 ||
+- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
++ if (addr < 32
++ || (addr >= NE2000_PMEM_START
++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
+ stl_le_p(s->mem + addr, val);
+ }
+ }
+@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
+ static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
+ {
+ addr &= ~1; /* XXX: check exact behaviour if not even */
+- if (addr < 32 ||
+- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
++ if (addr < 32
++ || (addr >= NE2000_PMEM_START
++ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
+ return ldl_le_p(s->mem + addr);
+ } else {
+ return 0xffffffff;
+--
+2.6.2
+
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
new file mode 100644
index 00000000..4ce9a35c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
@@ -0,0 +1,41 @@
+https://bugs.gentoo.org/571566
+
+From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 11 Jan 2016 14:10:42 -0500
+Subject: [PATCH] ide: ahci: reset ncq object to unused on error
+
+When processing NCQ commands, AHCI device emulation prepares a
+NCQ transfer object; To which an aio control block(aiocb) object
+is assigned in 'execute_ncq_command'. In case, when the NCQ
+command is invalid, the 'aiocb' object is not assigned, and NCQ
+transfer object is left as 'used'. This leads to a use after
+free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
+Reset NCQ transfer object to 'unused' to avoid it.
+
+[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: John Snow <jsnow@redhat.com>
+Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
+Signed-off-by: John Snow <jsnow@redhat.com>
+---
+ hw/ide/ahci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
+index dd1912e..17f1cbd 100644
+--- a/hw/ide/ahci.c
++++ b/hw/ide/ahci.c
+@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
+ ide_state->error = ABRT_ERR;
+ ide_state->status = READY_STAT | ERR_STAT;
+ ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
++ ncq_tfs->used = 0;
+ }
+
+ static void ncq_finish(NCQTransferState *ncq_tfs)
+--
+2.6.2
+
diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
new file mode 100644
index 00000000..173394fd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
@@ -0,0 +1,13 @@
+--- a/configure
++++ b/configure
+@@ -4468,10 +4468,6 @@ fi
+ if test "$gcov" = "yes" ; then
+ CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+ LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+- CFLAGS="-O2 $CFLAGS"
+ fi
+
+ ##########################################
diff --git a/app-emulation/qemu/qemu-2.2.1-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
index 5b8baf15..2fe26b37 100644
--- a/app-emulation/qemu/qemu-2.2.1-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1-r2.ebuild,v 1.3 2015/05/14 07:09:58 ago Exp $
+# $Id$
EAPI=5
@@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-2
SRC_URI=""
- KEYWORDS=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
${BACKPORTS:+
- http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
- KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
+ https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+ KEYWORDS="amd64 ~ppc x86"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -30,76 +29,119 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
-gtk infiniband iscsi +jpeg \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
+png pulseaudio python \
-rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
-static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
-virtfs +vnc xattr xen xfs"
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-use_targets="
- $(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
- $(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-"
-IUSE+=" ${use_targets}"
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-# Require at least one softmmu or user target.
+# Allow no targets to be built so that people can get a tools-only build.
# Block USE flag configurations known to not work.
-REQUIRED_USE="|| ( ${use_targets} )
- ${PYTHON_REQUIRED_USE}
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
+ sdl2? ( sdl )
static? ( static-softmmu static-user )
- static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
- virtfs? ( xattr )"
+ static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+ virtfs? ( xattr )
+ vte? ( gtk )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions. This is also why we require nettle.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
+ accessibility? ( app-accessibility/brltty[static-libs(+)] )
aio? ( dev-libs/libaio[static-libs(+)] )
+ alsa? ( >=media-libs/alsa-lib-1.0.13 )
+ bluetooth? ( net-wireless/bluez )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+ gnutls? (
+ dev-libs/nettle[static-libs(+)]
+ >=net-libs/gnutls-3.0[static-libs(+)]
+ )
+ gtk? (
+ gtk2? (
+ x11-libs/gtk+:2
+ vte? ( x11-libs/vte:0 )
+ )
+ !gtk2? (
+ x11-libs/gtk+:3
+ vte? ( x11-libs/vte:2.90 )
+ )
+ )
infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+ iscsi? ( net-libs/libiscsi )
jpeg? ( virtual/jpeg:=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
- ncurses? ( sys-libs/ncurses[static-libs(+)] )
+ ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
+ opengl? (
+ virtual/opengl
+ media-libs/libepoxy[static-libs(+)]
+ media-libs/mesa[static-libs(+)]
+ media-libs/mesa[egl,gles2]
+ )
png? ( media-libs/libpng:0=[static-libs(+)] )
+ pulseaudio? ( media-sound/pulseaudio )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
- sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
+ sdl? (
+ !sdl2? (
+ media-libs/libsdl[X]
+ >=media-libs/libsdl-1.2.11[static-libs(+)]
+ )
+ sdl2? (
+ media-libs/libsdl2[X]
+ media-libs/libsdl2[static-libs(+)]
+ )
+ )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy[static-libs(+)] )
- spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
+ spice? (
+ >=app-emulation/spice-protocol-0.12.3
+ >=app-emulation/spice-0.12.0[static-libs(+)]
+ )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
- tls? ( net-libs/gnutls[static-libs(+)] )
- usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
+ virgl? ( media-libs/virglrenderer[static-libs(+)] )
+ virtfs? ( sys-libs/libcap )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
X86_FIRMWARE_DEPEND="
>=sys-firmware/ipxe-1.0.0_p20130624
pin-upstream-blobs? (
- ~sys-firmware/seabios-1.7.5
+ ~sys-firmware/seabios-1.8.2
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
@@ -108,28 +150,14 @@ X86_FIRMWARE_DEPEND="
sys-firmware/sgabios
sys-firmware/vgabios
)"
-CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
- !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
+CDEPEND="
+ !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+ !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
- accessibility? ( app-accessibility/brltty )
- alsa? ( >=media-libs/alsa-lib-1.0.13 )
- bluetooth? ( net-wireless/bluez )
- gtk? (
- x11-libs/gtk+:3
- x11-libs/vte:2.90
- )
- iscsi? ( net-libs/libiscsi )
- opengl? ( virtual/opengl )
- pulseaudio? ( media-sound/pulseaudio )
python? ( ${PYTHON_DEPS} )
- sdl? ( media-libs/libsdl[X] )
- smartcard? ( dev-libs/nss !app-emulation/libcacard )
- spice? ( >=app-emulation/spice-protocol-0.12.3 )
systemtap? ( dev-util/systemtap )
- usbredir? ( >=sys-apps/usbredir-0.6 )
- virtfs? ( sys-libs/libcap )
- xen? ( app-emulation/xen-tools )"
+ xen? ( app-emulation/xen-tools:= )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
@@ -137,8 +165,8 @@ DEPEND="${CDEPEND}
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
- static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
- static-user? ( ${USER_LIB_DEPEND} )
+ static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+ static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
test? (
dev-libs/glib[utils]
sys-devel/bc
@@ -245,10 +273,32 @@ pkg_pretend() {
pkg_setup() {
enewgroup kvm 78
- python_setup
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+ local var=$1 mak=$2
+ local detected sorted
+
+ pushd "${S}"/default-configs >/dev/null || die
+
+ # Force C locale until glibc is updated. #564936
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+ if [[ ${sorted} != "${detected}" ]] ; then
+ eerror "The ebuild needs to be kept in sync."
+ eerror "${var}: ${sorted}"
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+ die "sync ${var} to the list of targets"
+ fi
+
+ popd >/dev/null
}
src_prepare() {
+ check_targets IUSE_SOFTMMU_TARGETS softmmu
+ check_targets IUSE_USER_TARGETS linux-user
+
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
@@ -257,20 +307,22 @@ src_prepare() {
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
- epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
- epatch "${FILESDIR}"/${P}-CVE-2015-1779-1.patch #544328
- epatch "${FILESDIR}"/${P}-CVE-2015-1779-2.patch #544328
- epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3456.patch #549404
-
# Patching for musl
epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+ epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
epatch
+ epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
+ epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
+ epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
+ epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
+ epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
+
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
@@ -288,14 +340,10 @@ qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
- local builddir=$2
+ local builddir="${S}/${buildtype}-build"
local static_flag="static-${buildtype}"
- # audio options
- local audio_opts="oss"
- use alsa && audio_opts="alsa,${audio_opts}"
- use sdl && audio_opts="sdl,${audio_opts}"
- use pulseaudio && audio_opts="pa,${audio_opts}"
+ mkdir "${builddir}"
local conf_opts=(
--prefix=/usr
@@ -306,6 +354,11 @@ qemu_src_configure() {
--disable-guest-agent
--disable-strip
--disable-werror
+ # We support gnutls/nettle for crypto operations. It is possible
+ # to use gcrypt when gnutls/nettle are disabled (but not when they
+ # are enabled), but it's not really worth the hassle. Disable it
+ # all the time to avoid automatically detecting it. #568856
+ --disable-gcrypt
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
@@ -334,6 +387,8 @@ qemu_src_configure() {
$(conf_softmmu curl)
$(conf_softmmu fdt)
$(conf_softmmu glusterfs)
+ $(conf_softmmu gnutls)
+ $(conf_softmmu gnutls nettle)
$(conf_softmmu gtk)
$(conf_softmmu infiniband rdma)
$(conf_softmmu iscsi libiscsi)
@@ -343,26 +398,25 @@ qemu_src_configure() {
$(conf_softmmu ncurses curses)
$(conf_softmmu nfs libnfs)
$(conf_softmmu numa)
- $(conf_softmmu opengl glx)
+ $(conf_softmmu opengl)
$(conf_softmmu png vnc-png)
$(conf_softmmu rbd)
$(conf_softmmu sasl vnc-sasl)
$(conf_softmmu sdl)
$(conf_softmmu seccomp)
- $(conf_softmmu smartcard smartcard-nss)
+ $(conf_softmmu smartcard)
$(conf_softmmu snappy)
$(conf_softmmu spice)
$(conf_softmmu ssh libssh2)
- $(conf_softmmu tls quorum)
- $(conf_softmmu tls vnc-tls)
- $(conf_softmmu tls vnc-ws)
$(conf_softmmu usb libusb)
$(conf_softmmu usbredir usb-redir)
$(conf_softmmu uuid)
$(conf_softmmu vde)
$(conf_softmmu vhost-net)
+ $(conf_softmmu virgl virglrenderer)
$(conf_softmmu virtfs)
$(conf_softmmu vnc)
+ $(conf_softmmu vte)
$(conf_softmmu xen)
$(conf_softmmu xen xen-pci-passthrough)
$(conf_softmmu xfs xfsctl)
@@ -373,23 +427,39 @@ qemu_src_configure() {
conf_opts+=(
--enable-linux-user
--disable-system
- --target-list="${user_targets}"
--disable-blobs
--disable-tools
)
;;
softmmu)
+ # audio options
+ local audio_opts="oss"
+ use alsa && audio_opts="alsa,${audio_opts}"
+ use sdl && audio_opts="sdl,${audio_opts}"
+ use pulseaudio && audio_opts="pa,${audio_opts}"
+
conf_opts+=(
--disable-linux-user
--enable-system
- --target-list="${softmmu_targets}"
--with-system-pixman
--audio-drv-list="${audio_opts}"
)
- use gtk && conf_opts+=( --with-gtkabi=3.0 )
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+ ;;
+ tools)
+ conf_opts+=(
+ --disable-linux-user
+ --disable-system
+ --disable-blobs
+ )
+ static_flag="static"
;;
esac
+ local targets="${buildtype}_targets"
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
@@ -402,7 +472,7 @@ qemu_src_configure() {
gcc-specs-pie && conf_opts+=( --enable-pie )
fi
- einfo "../configure ${conf_opts[*]}"
+ echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
@@ -415,7 +485,7 @@ qemu_src_configure() {
src_configure() {
local target
- python_export_best
+ python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
@@ -434,21 +504,12 @@ src_configure() {
fi
done
- [[ -n ${softmmu_targets} ]] && \
- einfo "Building the following softmmu targets: ${softmmu_targets}"
-
- [[ -n ${user_targets} ]] && \
- einfo "Building the following user targets: ${user_targets}"
-
- if [[ -n ${softmmu_targets} ]]; then
- mkdir "${S}/softmmu-build"
- qemu_src_configure "softmmu" "${S}/softmmu-build"
- fi
+ softmmu_targets=${softmmu_targets#,}
+ user_targets=${user_targets#,}
- if [[ -n ${user_targets} ]]; then
- mkdir "${S}/user-build"
- qemu_src_configure "user" "${S}/user-build"
- fi
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+ [[ -n ${user_targets} ]] && qemu_src_configure "user"
+ [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
}
src_compile() {
@@ -461,6 +522,11 @@ src_compile() {
cd "${S}/softmmu-build"
default
fi
+
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then
+ cd "${S}/tools-build"
+ default
+ fi
}
src_test() {
@@ -506,6 +572,11 @@ src_install() {
fi
fi
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then
+ cd "${S}/tools-build"
+ emake DESTDIR="${ED}" install
+ fi
+
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
@@ -516,21 +587,21 @@ src_install() {
doins "${FILESDIR}/bridge.conf"
# Remove the docdir placed qmp-commands.txt
- mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
+ mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
- dodoc docs/qmp/*.txt
+ dodoc docs/qmp-*.txt
- # Remove SeaBIOS since we're using the SeaBIOS packaged one
- rm "${ED}/usr/share/qemu/bios.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
- dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
- fi
-
- # Remove vgabios since we're using the vgabios packaged one
if [[ -n ${softmmu_targets} ]]; then
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one
+ rm "${ED}/usr/share/qemu/bios.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+ fi
+
+ # Remove vgabios since we're using the vgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
@@ -568,21 +639,6 @@ src_install() {
pkg_postinst() {
if qemu_support_kvm; then
readme.gentoo_print_elog
- ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
- ewarn "save states has been removed starting with the 1.6.2 release"
- ewarn
- ewarn "It is recommended that you migrate any VMs that may be running"
- ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
- ewarn "any saved states with a newer qemu."
- ewarn
- ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
-
- if use x86 || use amd64; then
- ewarn
- ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
- ewarn "installed. In order to use kvm acceleration, pass the flag"
- ewarn "-enable-kvm when running your system target."
- fi
fi
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
@@ -590,10 +646,6 @@ pkg_postinst() {
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
- if use virtfs && [ -n "${softmmu_targets}" ]; then
- local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
- fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
- fi
}
pkg_info() {
@@ -601,7 +653,7 @@ pkg_info() {
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
- if has_version sys-firmware/seabios[binary]; then
+ if has_version 'sys-firmware/seabios[binary]'; then
echo " USE=binary"
else
echo " USE=''"