commit: d69ceecaa2909f2a48f5144c514fd0d44a04eb79
Author: Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Fri Sep 19 21:49:30 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Oct 10 18:20:17 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=d69ceeca
app-emulation/qemu: bump to 2.1.0
---
.../qemu/files/qemu-2.0.0-CVE-2013-4541.patch | 40 ----
.../qemu/files/qemu-2.0.0-CVE-2014-0222.patch | 48 -----
.../qemu/files/qemu-2.0.0-CVE-2014-0223.patch | 57 -----
.../files/qemu-2.0.0-qcow-check-max-sizes.patch | 52 -----
app-emulation/qemu/files/qemu-2.0.0-sigset.patch | 63 ------
.../files/qemu-2.0.0-usb-post-load-checks.patch | 41 ----
.../qemu/files/qemu-2.1.0-CVE-2014-5388.patch | 36 ++++
...qemu-2.0.0-r99.ebuild => qemu-2.1.0-r99.ebuild} | 231 +++++++++++----------
8 files changed, 161 insertions(+), 407 deletions(-)
diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch
b/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch
deleted file mode 100644
index c4e0d81..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <m...@redhat.com>
-Date: Thu, 3 Apr 2014 19:52:25 +0300
-Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load
-
-CVE-2013-4541
-
-s->setup_len and s->setup_index are fed into usb_packet_copy as
-size/offset into s->data_buf, it's possible for invalid state to exploit
-this to load arbitrary data.
-
-setup_len and setup_index should be checked to make sure
-they are not negative.
-
-Cc: Gerd Hoffmann <kra...@redhat.com>
-Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
-Reviewed-by: Gerd Hoffmann <kra...@redhat.com>
-Signed-off-by: Juan Quintela <quint...@redhat.com>
----
- hw/usb/bus.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/bus.c b/hw/usb/bus.c
-index fe70429..e48b19f 100644
---- a/hw/usb/bus.c
-+++ b/hw/usb/bus.c
-@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id)
- } else {
- dev->attached = 1;
- }
-- if (dev->setup_index >= sizeof(dev->data_buf) ||
-+ if (dev->setup_index < 0 ||
-+ dev->setup_len < 0 ||
-+ dev->setup_index >= sizeof(dev->data_buf) ||
- dev->setup_len >= sizeof(dev->data_buf)) {
- return -EINVAL;
- }
---
-1.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch
b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch
deleted file mode 100644
index 754ad48..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 42eb58179b3b215bb507da3262b682b8a2ec10b5 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kw...@redhat.com>
-Date: Thu, 15 May 2014 16:10:11 +0200
-Subject: [PATCH] qcow1: Validate L2 table size (CVE-2014-0222)
-
-Too large L2 table sizes cause unbounded allocations. Images actually
-created by qemu-img only have 512 byte or 4k L2 tables.
-
-To keep things consistent with cluster sizes, allow ranges between 512
-bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
-working, but L2 table sizes smaller than a cluster don't make a lot of
-sense).
-
-This also means that the number of bytes on the virtual disk that are
-described by the same L2 table is limited to at most 8k * 64k or 2^29,
-preventively avoiding any integer overflows.
-
-Cc: qemu-sta...@nongnu.org
-Signed-off-by: Kevin Wolf <kw...@redhat.com>
-Reviewed-by: Benoit Canet <ben...@irqsave.net>
----
- block/qcow.c | 8 ++++++++
- tests/qemu-iotests/092 | 15 +++++++++++++++
- tests/qemu-iotests/092.out | 11 +++++++++++
- 3 files changed, 34 insertions(+)
-
-diff --git a/block/qcow.c b/block/qcow.c
-index e60df23..e8038e5 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -139,6 +139,14 @@ static int qcow_open(BlockDriverState *bs, QDict
*options, int flags,
- goto fail;
- }
-
-+ /* l2_bits specifies number of entries; storing a uint64_t in each entry,
-+ * so bytes = num_entries << 3. */
-+ if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) {
-+ error_setg(errp, "L2 table size must be between 512 and 64k");
-+ ret = -EINVAL;
-+ goto fail;
-+ }
-+
- if (header.crypt_method > QCOW_CRYPT_AES) {
- error_setg(errp, "invalid encryption method in qcow header");
- ret = -EINVAL;
---
-1.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch
b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch
deleted file mode 100644
index a5b20a4..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 46485de0cb357b57373e1ca895adedf1f3ed46ec Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kw...@redhat.com>
-Date: Thu, 8 May 2014 13:08:20 +0200
-Subject: [PATCH] qcow1: Validate image size (CVE-2014-0223)
-
-A huge image size could cause s->l1_size to overflow. Make sure that
-images never require a L1 table larger than what fits in s->l1_size.
-
-This cannot only cause unbounded allocations, but also the allocation of
-a too small L1 table, resulting in out-of-bounds array accesses (both
-reads and writes).
-
-Cc: qemu-sta...@nongnu.org
-Signed-off-by: Kevin Wolf <kw...@redhat.com>
----
- block/qcow.c | 16 ++++++++++++++--
- tests/qemu-iotests/092 | 9 +++++++++
- tests/qemu-iotests/092.out | 7 +++++++
- 3 files changed, 30 insertions(+), 2 deletions(-)
-
-diff --git a/block/qcow.c b/block/qcow.c
-index e8038e5..3566c05 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -61,7 +61,7 @@ typedef struct BDRVQcowState {
- int cluster_sectors;
- int l2_bits;
- int l2_size;
-- int l1_size;
-+ unsigned int l1_size;
- uint64_t cluster_offset_mask;
- uint64_t l1_table_offset;
- uint64_t *l1_table;
-@@ -166,7 +166,19 @@ static int qcow_open(BlockDriverState *bs, QDict
*options, int flags,
-
- /* read the level 1 table */
- shift = s->cluster_bits + s->l2_bits;
-- s->l1_size = (header.size + (1LL << shift) - 1) >> shift;
-+ if (header.size > UINT64_MAX - (1LL << shift)) {
-+ error_setg(errp, "Image too large");
-+ ret = -EINVAL;
-+ goto fail;
-+ } else {
-+ uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift;
-+ if (l1_size > INT_MAX / sizeof(uint64_t)) {
-+ error_setg(errp, "Image too large");
-+ ret = -EINVAL;
-+ goto fail;
-+ }
-+ s->l1_size = l1_size;
-+ }
-
- s->l1_table_offset = header.l1_table_offset;
- s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t));
---
-1.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch
b/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch
deleted file mode 100644
index 54fdd79..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kw...@redhat.com>
-Date: Wed, 7 May 2014 17:30:30 +0200
-Subject: [PATCH] qcow1: Check maximum cluster size
-
-Huge values for header.cluster_bits cause unbounded allocations (e.g.
-for s->cluster_cache) and crash qemu this way. Less huge values may
-survive those allocations, but can cause integer overflows later on.
-
-The only cluster sizes that qemu can create are 4k (for standalone
-images) and 512 (for images with backing files), so we can limit it
-to 64k.
-
-Cc: qemu-sta...@nongnu.org
-Signed-off-by: Kevin Wolf <kw...@redhat.com>
-Reviewed-by: Benoit Canet <ben...@irqsave.net>
----
- block/qcow.c | 10 ++++++--
- tests/qemu-iotests/092 | 63 ++++++++++++++++++++++++++++++++++++++++++++++
- tests/qemu-iotests/092.out | 13 ++++++++++
- tests/qemu-iotests/group | 1 +
- 4 files changed, 85 insertions(+), 2 deletions(-)
- create mode 100755 tests/qemu-iotests/092
- create mode 100644 tests/qemu-iotests/092.out
-
-diff --git a/block/qcow.c b/block/qcow.c
-index 3684794..e60df23 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -128,11 +128,17 @@ static int qcow_open(BlockDriverState *bs, QDict
*options, int flags,
- goto fail;
- }
-
-- if (header.size <= 1 || header.cluster_bits < 9) {
-- error_setg(errp, "invalid value in qcow header");
-+ if (header.size <= 1) {
-+ error_setg(errp, "Image size is too small (must be at least 2
bytes)");
- ret = -EINVAL;
- goto fail;
- }
-+ if (header.cluster_bits < 9 || header.cluster_bits > 16) {
-+ error_setg(errp, "Cluster size must be between 512 and 64k");
-+ ret = -EINVAL;
-+ goto fail;
-+ }
-+
- if (header.crypt_method > QCOW_CRYPT_AES) {
- error_setg(errp, "invalid encryption method in qcow header");
- ret = -EINVAL;
---
-1.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.0.0-sigset.patch
b/app-emulation/qemu/files/qemu-2.0.0-sigset.patch
deleted file mode 100644
index e335b67..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-sigset.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-commit 34d6086236baeb59f4b46e2380f2b271acd6f6cf
-Author: Natanael Copa <nc...@alpinelinux.org>
-Date: Tue Apr 29 13:11:20 2014 +0200
-
- linux-user: avoid using glibc internals in _syscall5 and in definition of
target_sigevent struct
-
- Use the public sigset_t instead of the glibc specific internal
- __sigset_t in _syscall.
-
- Calculate the sigevent pad size is calculated in similar way as kernel
- does it instead of using glibc internal field _pad.
-
- This is needed for building with musl libc.
-
- Signed-off-by: Natanael Copa <nc...@alpinelinux.org>
- Signed-off-by: Riku Voipio <riku.voi...@linaro.org>
- Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 15de6f8..af0bb35 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -411,7 +411,7 @@ static int sys_inotify_init1(int flags)
- #endif
- #define __NR_sys_ppoll __NR_ppoll
- _syscall5(int, sys_ppoll, struct pollfd *, fds, nfds_t, nfds,
-- struct timespec *, timeout, const __sigset_t *, sigmask,
-+ struct timespec *, timeout, const sigset_t *, sigmask,
- size_t, sigsetsize)
- #endif
-
-diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
-index fdf9a47..69c3982 100644
---- a/linux-user/syscall_defs.h
-+++ b/linux-user/syscall_defs.h
-@@ -2552,12 +2552,26 @@ struct target_timer_t {
- abi_ulong ptr;
- };
-
-+#define TARGET_SIGEV_MAX_SIZE 64
-+
-+/* This is architecture-specific but most architectures use the default */
-+#ifdef TARGET_MIPS
-+#define TARGET_SIGEV_PREAMBLE_SIZE (sizeof(int32_t) * 2 + sizeof(abi_long))
-+#else
-+#define TARGET_SIGEV_PREAMBLE_SIZE (sizeof(int32_t) * 2 \
-+ + sizeof(target_sigval_t))
-+#endif
-+
-+#define TARGET_SIGEV_PAD_SIZE ((TARGET_SIGEV_MAX_SIZE \
-+ - TARGET_SIGEV_PREAMBLE_SIZE) \
-+ / sizeof(int32_t))
-+
- struct target_sigevent {
- target_sigval_t sigev_value;
- int32_t sigev_signo;
- int32_t sigev_notify;
- union {
-- int32_t _pad[ARRAY_SIZE(((struct sigevent *)0)->_sigev_un._pad)];
-+ int32_t _pad[TARGET_SIGEV_PAD_SIZE];
- int32_t _tid;
-
- struct {
diff --git a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch
b/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch
deleted file mode 100644
index 4e85c59..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-https://bugs.gentoo.org/510208
-
-From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <m...@redhat.com>
-Date: Tue, 13 May 2014 12:33:16 +0300
-Subject: [PATCH] usb: fix up post load checks
-
-Correct post load checks:
-1. dev->setup_len == sizeof(dev->data_buf)
- seems fine, no need to fail migration
-2. When state is DATA, passing index > len
- will cause memcpy with negative length,
- resulting in heap overflow
-
-First of the issues was reported by dgilbert.
-
-Reported-by: "Dr. David Alan Gilbert" <dgilb...@redhat.com>
-Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
-Signed-off-by: Juan Quintela <quint...@redhat.com>
----
- hw/usb/bus.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/bus.c b/hw/usb/bus.c
-index 699aa10..927a47b 100644
---- a/hw/usb/bus.c
-+++ b/hw/usb/bus.c
-@@ -51,8 +51,8 @@ static int usb_device_post_load(void *opaque, int version_id)
- }
- if (dev->setup_index < 0 ||
- dev->setup_len < 0 ||
-- dev->setup_index >= sizeof(dev->data_buf) ||
-- dev->setup_len >= sizeof(dev->data_buf)) {
-+ dev->setup_index > dev->setup_len ||
-+ dev->setup_len > sizeof(dev->data_buf)) {
- return -EINVAL;
- }
- return 0;
---
-1.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
new file mode 100644
index 0000000..26a012b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
@@ -0,0 +1,36 @@
+https://bugs.gentoo.org/520688
+
+From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gong...@huawei.com>
+Date: Wed, 20 Aug 2014 13:52:30 +0800
+Subject: [PATCH] pcihp: fix possible array out of bounds
+
+Prevent out-of-bounds array access on
+acpi_pcihp_pci_status.
+
+Signed-off-by: Gonglei <arei.gong...@huawei.com>
+Reviewed-by: Peter Crosthwaite <peter.crosthwa...@xilinx.com>
+Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
+Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
+Cc: qemu-sta...@nongnu.org
+Reviewed-by: Marcel Apfelbaum <mar...@redhat.com>
+---
+ hw/acpi/pcihp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
+index fae663a..34dedf1 100644
+--- a/hw/acpi/pcihp.c
++++ b/hw/acpi/pcihp.c
+@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
+ uint32_t val = 0;
+ int bsel = s->hotplug_select;
+
+- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
++ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+ return 0;
+ }
+
+--
+2.0.0
+
diff --git a/app-emulation/qemu/qemu-2.0.0-r99.ebuild
b/app-emulation/qemu/qemu-2.1.0-r99.ebuild
similarity index 74%
rename from app-emulation/qemu/qemu-2.0.0-r99.ebuild
rename to app-emulation/qemu/qemu-2.1.0-r99.ebuild
index efbdd23..d885d11 100644
--- a/app-emulation/qemu/qemu-2.0.0-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.1.0-r99.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.0.0-r1.ebuild,v
1.5 2014/06/06 01:42:41 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0-r1.ebuild,v
1.6 2014/09/13 17:07:04 ago Exp $
EAPI=5
@@ -30,9 +30,10 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org";
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
-gtk iscsi +jpeg \
-kernel_linux kernel_FreeBSD ncurses opengl +png pulseaudio python \
-rbd sasl +seccomp sdl selinux smartcard spice ssh static static-softmmu \
+gtk infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu
\
static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
virtfs +vnc xattr xen xfs"
@@ -61,8 +62,13 @@ REQUIRED_USE="|| ( ${use_targets} )
virtfs? ( xattr )"
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected). This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
- sys-libs/zlib[static-libs(+)]"
+ sys-libs/zlib[static-libs(+)]
+ xattr? ( sys-apps/attr[static-libs(+)] )"
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
>=x11-libs/pixman-0.28.0[static-libs(+)]
aio? ( dev-libs/libaio[static-libs(+)] )
@@ -70,36 +76,42 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+ infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
jpeg? ( virtual/jpeg[static-libs(+)] )
+ lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? ( sys-libs/ncurses[static-libs(+)] )
+ nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+ numa? ( sys-process/numactl[static-libs(+)] )
png? ( media-libs/libpng[static-libs(+)] )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+ snappy? ( app-arch/snappy[static-libs(+)] )
spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
tls? ( net-libs/gnutls[static-libs(+)] )
usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
- xattr? ( sys-apps/attr[static-libs(+)] )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
- !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
- qemu_softmmu_targets_i386? (
- >=sys-firmware/ipxe-1.0.0_p20130624
- ~sys-firmware/seabios-1.7.4
- ~sys-firmware/sgabios-0.1_pre8
- ~sys-firmware/vgabios-0.7a
- )
- qemu_softmmu_targets_x86_64? (
- >=sys-firmware/ipxe-1.0.0_p20130624
- ~sys-firmware/seabios-1.7.4
+X86_FIRMWARE_DEPEND="
+ >=sys-firmware/ipxe-1.0.0_p20130624
+ pin-upstream-blobs? (
+ ~sys-firmware/seabios-1.7.5
~sys-firmware/sgabios-0.1_pre8
~sys-firmware/vgabios-0.7a
)
+ !pin-upstream-blobs? (
+ sys-firmware/seabios
+ sys-firmware/sgabios
+ sys-firmware/vgabios
+ )"
+RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
+ !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
accessibility? ( app-accessibility/brltty )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
@@ -125,6 +137,7 @@ DEPEND="${RDEPEND}
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+ gtk? ( nls? ( sys-devel/gettext ) )
static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
static-user? ( ${USER_LIB_DEPEND} )
test? (
@@ -139,7 +152,9 @@ QA_PREBUILT="
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
- usr/share/qemu/s390-ccw.img"
+ usr/share/qemu/s390-ccw.img
+ usr/share/qemu/u-boot.e500
+"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
@@ -236,17 +251,13 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
+ # Cheap hack to disable gettext .mo generation.
+ use nls || rm -f po/*.po
+
epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
- epatch "${FILESDIR}"/qemu-9999-virtfs-proxy-helper-accept.patch #486714
- epatch "${FILESDIR}"/${P}-CVE-2013-4541.patch #510208
- epatch "${FILESDIR}"/${P}-usb-post-load-checks.patch #510208
- epatch "${FILESDIR}"/${P}-qcow-check-max-sizes.patch #510234
- epatch "${FILESDIR}"/${P}-CVE-2014-0222.patch #510234
- epatch "${FILESDIR}"/${P}-CVE-2014-0223.patch #510234
- epatch "${FILESDIR}"/${PN}-1.5.3-openpty.patch #musl
- epatch "${FILESDIR}"/${P}-sigset.patch #musl
- epatch "${FILESDIR}"/${P}-F_SHLCK-and-F_EXLCK.patch #musl
- epatch
"${FILESDIR}"/${P}-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
#musl
+ epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688
+ epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch #for musl
+ epatch
"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
#for musl
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch"
EPATCH_SOURCE="${S}/patches" \
epatch
@@ -294,6 +305,58 @@ qemu_src_configure() {
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
+ $(use_enable xattr attr)
+ )
+
+ # Disable options not used by user targets as the default configure
+ # options will autoprobe and try to link in a bunch of unused junk.
+ conf_softmmu() {
+ if [[ ${buildtype} == "user" ]] ; then
+ echo "--disable-${2:-$1}"
+ else
+ use_enable "$@"
+ fi
+ }
+ conf_opts+=(
+ $(conf_softmmu accessibility brlapi)
+ $(conf_softmmu aio linux-aio)
+ $(conf_softmmu bluetooth bluez)
+ $(conf_softmmu caps cap-ng)
+ $(conf_softmmu curl)
+ $(conf_softmmu fdt)
+ $(conf_softmmu glusterfs)
+ $(conf_softmmu gtk)
+ $(conf_softmmu infiniband rdma)
+ $(conf_softmmu iscsi libiscsi)
+ $(conf_softmmu jpeg vnc-jpeg)
+ $(conf_softmmu kernel_linux kvm)
+ $(conf_softmmu lzo)
+ $(conf_softmmu ncurses curses)
+ $(conf_softmmu nfs libnfs)
+ $(conf_softmmu numa)
+ $(conf_softmmu opengl glx)
+ $(conf_softmmu png vnc-png)
+ $(conf_softmmu rbd)
+ $(conf_softmmu sasl vnc-sasl)
+ $(conf_softmmu sdl)
+ $(conf_softmmu seccomp)
+ $(conf_softmmu smartcard smartcard-nss)
+ $(conf_softmmu snappy)
+ $(conf_softmmu spice)
+ $(conf_softmmu ssh libssh2)
+ $(conf_softmmu tls quorum)
+ $(conf_softmmu tls vnc-tls)
+ $(conf_softmmu tls vnc-ws)
+ $(conf_softmmu usb libusb)
+ $(conf_softmmu usbredir usb-redir)
+ $(conf_softmmu uuid)
+ $(conf_softmmu vde)
+ $(conf_softmmu vhost-net)
+ $(conf_softmmu virtfs)
+ $(conf_softmmu vnc)
+ $(conf_softmmu xen)
+ $(conf_softmmu xen xen-pci-passthrough)
+ $(conf_softmmu xfs xfsctl)
)
case ${buildtype} in
@@ -303,60 +366,15 @@ qemu_src_configure() {
--disable-system
--target-list="${user_targets}"
--disable-blobs
- --disable-bluez
- --disable-curses
- --disable-kvm
- --disable-libiscsi
- --disable-glusterfs
- --disable-seccomp
- --disable-sdl
- --disable-smartcard-nss
--disable-tools
- --disable-vde
- --disable-libssh2
- --disable-libusb
)
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
- --with-system-pixman
--target-list="${softmmu_targets}"
- $(use_enable bluetooth bluez)
- $(use_enable gtk)
- $(use_enable sdl)
- $(use_enable aio linux-aio)
- $(use_enable accessibility brlapi)
- $(use_enable caps cap-ng)
- $(use_enable curl)
- $(use_enable fdt)
- $(use_enable glusterfs)
- $(use_enable iscsi libiscsi)
- $(use_enable jpeg vnc-jpeg)
- $(use_enable kernel_linux kvm)
- $(use_enable ncurses curses)
- $(use_enable opengl glx)
- $(use_enable png vnc-png)
- $(use_enable rbd)
- $(use_enable sasl vnc-sasl)
- $(use_enable seccomp)
- $(use_enable smartcard smartcard-nss)
- $(use_enable spice)
- $(use_enable ssh libssh2)
- $(use_enable tls vnc-tls)
- $(use_enable tls vnc-ws)
- $(use_enable usb libusb)
- $(use_enable usbredir usb-redir)
- $(use_enable uuid)
- $(use_enable vde)
- $(use_enable vhost-net)
- $(use_enable virtfs)
- $(use_enable vnc)
- $(use_enable xattr attr)
- $(use_enable xen)
- $(use_enable xen xen-pci-passthrough)
- $(use_enable xfs xfsctl)
+ --with-system-pixman
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=3.0 )
@@ -439,6 +457,7 @@ src_compile() {
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
+ pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
@@ -502,42 +521,42 @@ src_install() {
fi
# Remove vgabios since we're using the vgabios packaged one
- rm "${ED}/usr/share/qemu/vgabios.bin"
- rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
- rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
- rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
- rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386;
then
- dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
- dosym ../vgabios/vgabios-cirrus.bin
/usr/share/qemu/vgabios-cirrus.bin
- dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
- dosym ../vgabios/vgabios-stdvga.bin
/usr/share/qemu/vgabios-stdvga.bin
- dosym ../vgabios/vgabios-vmware.bin
/usr/share/qemu/vgabios-vmware.bin
- fi
+ if [[ -n ${softmmu_targets} ]]; then
+ rm "${ED}/usr/share/qemu/vgabios.bin"
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+ if use qemu_softmmu_targets_x86_64 || use
qemu_softmmu_targets_i386; then
+ dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+ dosym ../vgabios/vgabios-cirrus.bin
/usr/share/qemu/vgabios-cirrus.bin
+ dosym ../vgabios/vgabios-qxl.bin
/usr/share/qemu/vgabios-qxl.bin
+ dosym ../vgabios/vgabios-stdvga.bin
/usr/share/qemu/vgabios-stdvga.bin
+ dosym ../vgabios/vgabios-vmware.bin
/usr/share/qemu/vgabios-vmware.bin
+ fi
- # Remove sgabios since we're using the sgabios packaged one
- rm "${ED}/usr/share/qemu/sgabios.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386;
then
- dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
- fi
+ # Remove sgabios since we're using the sgabios packaged one
+ rm "${ED}/usr/share/qemu/sgabios.bin"
+ if use qemu_softmmu_targets_x86_64 || use
qemu_softmmu_targets_i386; then
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+ fi
- # Remove iPXE since we're using the iPXE packaged one
- rm "${ED}"/usr/share/qemu/pxe-*.rom
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386;
then
- dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
- dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
- dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
- dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
- dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
- dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+ # Remove iPXE since we're using the iPXE packaged one
+ rm "${ED}"/usr/share/qemu/pxe-*.rom
+ if use qemu_softmmu_targets_x86_64 || use
qemu_softmmu_targets_i386; then
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+ dosym ../ipxe/80861209.rom
/usr/share/qemu/pxe-eepro100.rom
+ dosym ../ipxe/10500940.rom
/usr/share/qemu/pxe-ne2k_pci.rom
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+ dosym ../ipxe/10ec8139.rom
/usr/share/qemu/pxe-rtl8139.rom
+ dosym ../ipxe/1af41000.rom
/usr/share/qemu/pxe-virtio.rom
+ fi
fi
qemu_support_kvm && readme.gentoo_create_doc
}
pkg_postinst() {
- local virtfs_caps=
-
if qemu_support_kvm; then
readme.gentoo_print_elog
ewarn "Migration from qemu-kvm instances and loading qemu-kvm
created"
@@ -557,11 +576,11 @@ pkg_postinst() {
fi
fi
- virtfs_caps+="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,"
- virtfs_caps+="cap_setgid,cap_mknod,cap_setuid"
-
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
- use virtfs && fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
+ if use virtfs && [ -n "${softmmu_targets}" ]; then
+ local
virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
+ fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
+ fi
}
pkg_info() {
