From ae97b927201656c0711578a369b3c8bf2d62cc6f Mon Sep 17 00:00:00 2001 From: ace Date: Wed, 15 Nov 2017 00:06:12 +0300 Subject: [PATCH] ace-overlay: add qemu-2.9.0-r56 waiting for qemu-2.10 bug https://bugs.launchpad.net/qemu/+bug/1721788 get fixed --- app-emulation/qemu/Manifest | 28 + app-emulation/qemu/files/65-kvm.rules | 1 + app-emulation/qemu/files/65-kvm.rules-r1 | 2 + app-emulation/qemu/files/bridge.conf | 14 + .../files/qemu-2.10.0-CVE-2017-13711.patch | 80 ++ .../files/qemu-2.10.1-CVE-2017-15268.patch | 54 ++ .../files/qemu-2.10.1-CVE-2017-15289.patch | 58 ++ .../qemu/files/qemu-2.5.0-cflags.patch | 13 + .../qemu/files/qemu-2.5.0-sysmacros.patch | 15 + .../files/qemu-2.9.0-CVE-2017-10664.patch | 47 ++ .../files/qemu-2.9.0-CVE-2017-10806.patch | 50 ++ .../files/qemu-2.9.0-CVE-2017-11334.patch | 40 + .../files/qemu-2.9.0-CVE-2017-11434.patch | 29 + .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch | 174 ++++ .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch | 22 + .../qemu/files/qemu-2.9.0-CVE-2017-8309.patch | 22 + .../qemu/files/qemu-2.9.0-CVE-2017-8379.patch | 76 ++ .../qemu/files/qemu-2.9.0-CVE-2017-8380.patch | 34 + .../files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 +++ .../files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++ .../files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 ++ .../files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 +++++ app-emulation/qemu/files/qemu-binfmt.initd-r1 | 138 +++ .../qemu/files/qemu-binfmt.initd.head | 64 ++ .../qemu/files/qemu-binfmt.initd.tail | 14 + app-emulation/qemu/metadata.xml | 56 ++ app-emulation/qemu/qemu-2.9.0-r56.ebuild | 793 +++++++++++++++++ app-emulation/qemu/qemu-2.9.0-r57.ebuild | 796 ++++++++++++++++++ 28 files changed, 3133 insertions(+) create mode 100644 app-emulation/qemu/Manifest create mode 100644 app-emulation/qemu/files/65-kvm.rules create mode 100644 app-emulation/qemu/files/65-kvm.rules-r1 create mode 100644 app-emulation/qemu/files/bridge.conf create mode 100644 app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch create mode 100644 app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch create mode 100644 app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch create mode 100644 app-emulation/qemu/files/qemu-2.5.0-cflags.patch create mode 100644 app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch create mode 100644 app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch create mode 100644 app-emulation/qemu/files/qemu-binfmt.initd-r1 create mode 100644 app-emulation/qemu/files/qemu-binfmt.initd.head create mode 100644 app-emulation/qemu/files/qemu-binfmt.initd.tail create mode 100644 app-emulation/qemu/metadata.xml create mode 100644 app-emulation/qemu/qemu-2.9.0-r56.ebuild create mode 100644 app-emulation/qemu/qemu-2.9.0-r57.ebuild diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest new file mode 100644 index 0000000..cce43dc --- /dev/null +++ b/app-emulation/qemu/Manifest @@ -0,0 +1,28 @@ +AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920 +AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180 +AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35 +AUX qemu-2.10.0-CVE-2017-13711.patch 2252 SHA256 0a1b741318920020c2e69312b052ebf6933d7e1ce92e2a0d38de88b3cbee6768 SHA512 3a9145088274e247f86198475bab1e8c3c10705612b0c59ccdf623db5a21f5da73a948ce5362633eb0d817e979cd43a130fe31093c85604590c9bcd37a4912ee WHIRLPOOL e43f833cd3ef88880d9e78732f13087164e0d971df4fc1979ad509f5437bb54d52e34eb0fa05ed09b4b2248f653a65c52e43da65f6bc14ed0c362a74ee93720d +AUX qemu-2.10.1-CVE-2017-15268.patch 2016 SHA256 488ea3e0598e7329af9f0873261c7b82a6cc0c30b9bcdd1f8eb636fccc08a965 SHA512 b4c69b53c086c6b12273e43512045e71390ae3486621d41c8310603c1739bcf3a67a7b1f105da48dcff312a145411b90c2f9539dbe890c88b5270f01ddaebf5d WHIRLPOOL 8b74ea691a6134d1f4f7ebaeaf13c9d60497e4ca51767e9c4fccf4e55f9b3831306a88f7fe41b58d918b44a1d09065c795255334a0d111a88c3554ab49ce301c +AUX qemu-2.10.1-CVE-2017-15289.patch 1923 SHA256 31b32c9102ee0eb78164242c63ae6d1da92ac64a6d8c3c5841263cc739b50486 SHA512 0541fac994f5989fa74b4909249f216011073e87de60d4df49654c2068d718d2a84b13c2751864073c25f5dd5ce5b5d871f8d0f55e56629d80a8b67599606baa WHIRLPOOL 2d100a5b6771088ed302fb6b64fb5cdfc41c3a9d576907422026bd86486fe14bd51721822fe1285b3ae40720144afcccf30a834dea5954a3808d25c5ef2e2828 +AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154 +AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73 +AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072 +AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c +AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f +AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2 +AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451 +AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556 +AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1 +AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5 +AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37 +AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8 +AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d +AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374 +AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89 +AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695 +AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e +AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4 +DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 +EBUILD qemu-2.9.0-r56.ebuild 23730 SHA256 2912b01e8567360795fef73ff09bf40735bc47c4b1e85d22ea01432e434daea4 SHA512 fb876999c82f735cf7739ef3014848b9afe51608ae0b084f5cdc3de9c409295acd50b2f17a70516e50007f5fd1f8f4ffc824abdfea248e930897870ee2758c08 WHIRLPOOL d4e440a25c8a7159a3857bd20262d1e0d808ab2a67d8620bbcaa2130f3b6f4326ea943e6613075f921a54ee7d9ca2f22739eee4bdd5cf5fabe8904c5fec57ef3 +EBUILD qemu-2.9.0-r57.ebuild 23783 SHA256 57f7265327250df50acda43d3a2c22a399be0cfe76cbd10b93c10d54b967574b SHA512 7aea2a4805626d378da3c16d845f6750d7646bbdeef99236a254105ceece53b552b1d707f60a26f349eca96e275cd7d5ef7de68caa39325fedfe1fd0a710a434 WHIRLPOOL fe62c1168662c38661afefb5a41e62565ec50ba4f980b203cbcad5629300f54409e942cf41f85b8f8d2f1ecccae086e3266615460d0ac925e1b48a8c0c76d331 +MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb diff --git a/app-emulation/qemu/files/65-kvm.rules b/app-emulation/qemu/files/65-kvm.rules new file mode 100644 index 0000000..c2f7317 --- /dev/null +++ b/app-emulation/qemu/files/65-kvm.rules @@ -0,0 +1 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" diff --git a/app-emulation/qemu/files/65-kvm.rules-r1 b/app-emulation/qemu/files/65-kvm.rules-r1 new file mode 100644 index 0000000..ab3776a --- /dev/null +++ b/app-emulation/qemu/files/65-kvm.rules-r1 @@ -0,0 +1,2 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" +KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net" diff --git a/app-emulation/qemu/files/bridge.conf b/app-emulation/qemu/files/bridge.conf new file mode 100644 index 0000000..2bde37e --- /dev/null +++ b/app-emulation/qemu/files/bridge.conf @@ -0,0 +1,14 @@ +# This should have the following permissions: root:qemu 0640 + +# allow br0 +# Uncommenting the above would allow users in the 'qemu' group +# to add devices to 'br0' + +# allow virbr0 +# Uncommenting the above would allow users in the 'qemu' group +# to add devices to 'virbr0' + +# include /etc/qemu/bob.conf +# Uncommenting the above would allow users in the 'bob' group +# to have permissions defined in it, iff it has the following +# permissions: root:bob 0640 diff --git a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch new file mode 100644 index 0000000..9d02656 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch @@ -0,0 +1,80 @@ +From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault +Date: Fri, 25 Aug 2017 01:35:53 +0200 +Subject: [PATCH] slirp: fix clearing ifq_so from pending packets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The if_fastq and if_batchq contain not only packets, but queues of packets +for the same socket. When sofree frees a socket, it thus has to clear ifq_so +from all the packets from the queues, not only the first. + +Signed-off-by: Samuel Thibault +Reviewed-by: Philippe Mathieu-Daudé +Cc: qemu-stable@nongnu.org +Signed-off-by: Peter Maydell +--- + slirp/socket.c | 39 +++++++++++++++++++++++---------------- + 1 file changed, 23 insertions(+), 16 deletions(-) + +diff --git a/slirp/socket.c b/slirp/socket.c +index ecec0295a9..cb7b5b608d 100644 +--- a/slirp/socket.c ++++ b/slirp/socket.c +@@ -60,29 +60,36 @@ socreate(Slirp *slirp) + } + + /* ++ * Remove references to so from the given message queue. ++ */ ++static void ++soqfree(struct socket *so, struct quehead *qh) ++{ ++ struct mbuf *ifq; ++ ++ for (ifq = (struct mbuf *) qh->qh_link; ++ (struct quehead *) ifq != qh; ++ ifq = ifq->ifq_next) { ++ if (ifq->ifq_so == so) { ++ struct mbuf *ifm; ++ ifq->ifq_so = NULL; ++ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { ++ ifm->ifq_so = NULL; ++ } ++ } ++ } ++} ++ ++/* + * remque and free a socket, clobber cache + */ + void + sofree(struct socket *so) + { + Slirp *slirp = so->slirp; +- struct mbuf *ifm; + +- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; +- (struct quehead *) ifm != &slirp->if_fastq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } +- +- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; +- (struct quehead *) ifm != &slirp->if_batchq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } ++ soqfree(so, &slirp->if_fastq); ++ soqfree(so, &slirp->if_batchq); + + if (so->so_emu==EMU_RSH && so->extra) { + sofree(so->extra); +-- +2.13.5 + diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch new file mode 100644 index 0000000..7d08b32 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch @@ -0,0 +1,54 @@ +From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Mon, 9 Oct 2017 14:43:42 +0100 +Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource + +The websocket GSource is monitoring the size of the rawoutput +buffer to determine if the channel can accepts more writes. +The rawoutput buffer, however, is merely a temporary staging +buffer before data is copied into the encoutput buffer. Thus +its size will always be zero when the GSource runs. + +This flaw causes the encoutput buffer to grow without bound +if the other end of the underlying data channel doesn't +read data being sent. This can be seen with VNC if a client +is on a slow WAN link and the guest OS is sending many screen +updates. A malicious VNC client can act like it is on a slow +link by playing a video in the guest and then reading data +very slowly, causing QEMU host memory to expand arbitrarily. + +This issue is assigned CVE-2017-15268, publically reported in + + https://bugs.launchpad.net/qemu/+bug/1718964 + +Reviewed-by: Eric Blake +Signed-off-by: Daniel P. Berrange +--- + io/channel-websock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/io/channel-websock.c b/io/channel-websock.c +index d1d471f86e..04bcc059cd 100644 +--- a/io/channel-websock.c ++++ b/io/channel-websock.c +@@ -28,7 +28,7 @@ + #include + + +-/* Max amount to allow in rawinput/rawoutput buffers */ ++/* Max amount to allow in rawinput/encoutput buffers */ + #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192 + + #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24 +@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source) + if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) { + cond |= G_IO_IN; + } +- if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) { ++ if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) { + cond |= G_IO_OUT; + } + +-- +2.13.6 + diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch new file mode 100644 index 0000000..a4ad2d5 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch @@ -0,0 +1,58 @@ +From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 11 Oct 2017 10:43:14 +0200 +Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions + +Move dst calculation into the loop, so we apply the mask on each +interation and will not overflow vga memory. + +Cc: Prasad J Pandit +Reported-by: Niu Guoxiang +Signed-off-by: Gerd Hoffmann +Message-id: 20171011084314.21752-1-kraxel@redhat.com +--- + hw/display/cirrus_vga.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index b4d579857a..bc32bf1e39 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s, + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { ++ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask); + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; + } else if (mode == 5) { + *dst = s->cirrus_shadow_gr0; + } + val <<= 1; +- dst++; + } + memory_region_set_dirty(&s->vga.vram, offset, 8); + } +@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { ++ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1); + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; + *(dst + 1) = s->vga.gr[0x11]; +@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, + *(dst + 1) = s->vga.gr[0x10]; + } + val <<= 1; +- dst += 2; + } + memory_region_set_dirty(&s->vga.vram, offset, 16); + } +-- +2.13.6 + diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch new file mode 100644 index 0000000..173394f --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch @@ -0,0 +1,13 @@ +--- a/configure ++++ b/configure +@@ -4468,10 +4468,6 @@ fi + if test "$gcov" = "yes" ; then + CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" + LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" +-elif test "$fortify_source" = "yes" ; then +- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" +-elif test "$debug" = "no"; then +- CFLAGS="-O2 $CFLAGS" + fi + + ########################################## diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch new file mode 100644 index 0000000..f2e766d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch @@ -0,0 +1,15 @@ +Linux C libs are moving away from implicit header pollution with sys/types.h + +--- a/include/qemu/osdep.h ++++ b/include/qemu/osdep.h +@@ -78,6 +78,10 @@ extern int daemon(int, int); + #include + #include + ++#ifdef __linux__ ++#include ++#endif ++ + #ifdef __OpenBSD__ + #include + #endif diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch new file mode 100644 index 0000000..7db0692 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch @@ -0,0 +1,47 @@ +From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001 +From: Max Reitz +Date: Sun, 11 Jun 2017 14:37:14 +0200 +Subject: [PATCH] qemu-nbd: Ignore SIGPIPE + +qemu proper has done so for 13 years +(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have +done so for four years (526eda14a68d5b3596be715505289b541288ef2a). +Ignoring this signal is especially important in qemu-nbd because +otherwise a client can easily take down the qemu-nbd server by dropping +the connection when the server wants to send something, for example: + +$ qemu-nbd -x foo -f raw -t null-co:// & +[1] 12726 +$ qemu-io -c quit nbd://localhost/bar +can't open device nbd://localhost/bar: No export with name 'bar' available +[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// + +In this case, the client sends an NBD_OPT_ABORT and closes the +connection (because it is not required to wait for a reply), but the +server replies with an NBD_REP_ACK (because it is required to reply). + +Signed-off-by: Max Reitz +Message-Id: <20170611123714.31292-1-mreitz@redhat.com> +Signed-off-by: Paolo Bonzini +--- + qemu-nbd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/qemu-nbd.c b/qemu-nbd.c +index 9464a0461c..4dd3fd4732 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -581,6 +581,10 @@ int main(int argc, char **argv) + sa_sigterm.sa_handler = termsig_handler; + sigaction(SIGTERM, &sa_sigterm, NULL); + ++#ifdef CONFIG_POSIX ++ signal(SIGPIPE, SIG_IGN); ++#endif ++ + module_call_init(MODULE_INIT_TRACE); + qcrypto_init(&error_fatal); + +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch new file mode 100644 index 0000000..0074f5f --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch @@ -0,0 +1,50 @@ +From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 9 May 2017 13:01:28 +0200 +Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Don't reinvent a broken wheel, just use the hexdump function we have. + +Impact: low, broken code doesn't run unless you have debug logging +enabled. + +Reported-by: 李强 +Signed-off-by: Gerd Hoffmann +Message-id: 20170509110128.27261-1-kraxel@redhat.com +--- + hw/usb/redirect.c | 13 +------------ + 1 file changed, 1 insertion(+), 12 deletions(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index b001a27f05..ad5ef783a6 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) + static void usbredir_log_data(USBRedirDevice *dev, const char *desc, + const uint8_t *data, int len) + { +- int i, j, n; +- + if (dev->debug < usbredirparser_debug_data) { + return; + } +- +- for (i = 0; i < len; i += j) { +- char buf[128]; +- +- n = sprintf(buf, "%s", desc); +- for (j = 0; j < 8 && i + j < len; j++) { +- n += sprintf(buf + n, " %02X", data[i + j]); +- } +- error_report("%s", buf); +- } ++ qemu_hexdump((char *)data, stderr, desc, len); + } + + /* +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch new file mode 100644 index 0000000..bfe4c7d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch @@ -0,0 +1,40 @@ +[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest +From: Prasad J Pandit + +When accessing guest's ram block during DMA operation, use +'qemu_ram_ptr_length' to get ram block pointer. It ensures +that DMA operation of given length is possible; And avoids +any OOB memory access situations. + +Reported-by: Alex +Signed-off-by: Prasad J Pandit +Message-Id: +Signed-off-by: Paolo Bonzini +--- + exec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/exec.c b/exec.c +index a083ff8..ad103ce 100644 +--- a/exec.c ++++ b/exec.c +@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(ptr, buf, l); + invalidate_and_set_dirty(mr, addr1, l); + } +@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(buf, ptr, l); + } + +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch new file mode 100644 index 0000000..5d32067 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch @@ -0,0 +1,29 @@ +[Qemu-devel] [PATCH] slirp: check len against dhcp options array end +From: Prasad J Pandit + +While parsing dhcp options string in 'dhcp_decode', if an options' +length 'len' appeared towards the end of 'bp_vend' array, ensuing +read could lead to an OOB memory access issue. Add check to avoid it. + +Reported-by: Reno Robert +Signed-off-by: Prasad J Pandit +--- + slirp/bootp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/slirp/bootp.c b/slirp/bootp.c +index 5a4646c..5dd1a41 100644 +--- a/slirp/bootp.c ++++ b/slirp/bootp.c +@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, + if (p >= p_end) + break; + len = *p++; ++ if (p + len > p_end) { ++ break; ++ } + DPRINTF("dhcp: tag=%d len=%d\n", tag, len); + + switch(tag) { +-- +2.9.4 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch new file mode 100644 index 0000000..346e771 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch @@ -0,0 +1,174 @@ +From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 +From: Greg Kurz +Date: Fri, 5 May 2017 14:48:08 +0200 +Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) + +When using the mapped-file security mode, we shouldn't let the client mess +with the metadata. The current code already tries to hide the metadata dir +from the client by skipping it in local_readdir(). But the client can still +access or modify it through several other operations. This can be used to +escalate privileges in the guest. + +Affected backend operations are: +- local_mknod() +- local_mkdir() +- local_open2() +- local_symlink() +- local_link() +- local_unlinkat() +- local_renameat() +- local_rename() +- local_name_to_path() + +Other operations are safe because they are only passed a fid path, which +is computed internally in local_name_to_path(). + +This patch converts all the functions listed above to fail and return +EINVAL when being passed the name of the metadata dir. This may look +like a poor choice for errno, but there's no such thing as an illegal +path name on Linux and I could not think of anything better. + +This fixes CVE-2017-7493. + +Reported-by: Leo Gaspard +Signed-off-by: Greg Kurz +Reviewed-by: Eric Blake +--- + hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 56 insertions(+), 2 deletions(-) + +diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c +index f3ebca4f7a..a2486566af 100644 +--- a/hw/9pfs/9p-local.c ++++ b/hw/9pfs/9p-local.c +@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) + return telldir(fs->dir.stream); + } + ++static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) ++{ ++ return !strcmp(name, VIRTFS_META_DIR); ++} ++ + static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) + { + struct dirent *entry; +@@ -465,8 +470,8 @@ again: + if (ctx->export_flags & V9FS_SM_MAPPED) { + entry->d_type = DT_UNKNOWN; + } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { +- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { +- /* skp the meta data directory */ ++ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { ++ /* skip the meta data directory */ + goto again; + } + entry->d_type = DT_UNKNOWN; +@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, + int err = -1; + int dirfd; + ++ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(fs_ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); + if (dirfd == -1) { + return -1; +@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, + int err = -1; + int dirfd; + ++ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(fs_ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); + if (dirfd == -1) { + return -1; +@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, + int err = -1; + int dirfd; + ++ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(fs_ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + /* + * Mark all the open to not follow symlinks + */ +@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, + int err = -1; + int dirfd; + ++ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(fs_ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); + if (dirfd == -1) { + return -1; +@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, + int ret = -1; + int odirfd, ndirfd; + ++ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + odirfd = local_opendir_nofollow(ctx, odirpath); + if (odirfd == -1) { + goto out; +@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, + static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, + const char *name, V9fsPath *target) + { ++ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + if (dir_path) { + v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); + } else if (strcmp(name, "/")) { +@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, + int ret; + int odirfd, ndirfd; + ++ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ (local_is_mapped_file_metadata(ctx, old_name) || ++ local_is_mapped_file_metadata(ctx, new_name))) { ++ errno = EINVAL; ++ return -1; ++ } ++ + odirfd = local_opendir_nofollow(ctx, olddir->data); + if (odirfd == -1) { + return -1; +@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, + int ret; + int dirfd; + ++ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && ++ local_is_mapped_file_metadata(ctx, name)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + dirfd = local_opendir_nofollow(ctx, dir->data); + if (dirfd == -1) { + return -1; +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch new file mode 100644 index 0000000..31fb69b --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch @@ -0,0 +1,22 @@ +CVE-2017-8112 + +https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html +--- + hw/scsi/vmw_pvscsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c +index 7557546..4a106da 100644 +--- a/hw/scsi/vmw_pvscsi.c ++++ b/hw/scsi/vmw_pvscsi.c +@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) + uint32_t len_log2; + uint32_t ring_size; + +- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { ++ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { + return -1; + } + ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; +-- +2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch new file mode 100644 index 0000000..4f7f870 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch @@ -0,0 +1,22 @@ +bug #616870 + +https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html +--- + audio/audio.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/audio/audio.c b/audio/audio.c +index c8898d8422..beafed209b 100644 +--- a/audio/audio.c ++++ b/audio/audio.c +@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) + sw = sw1; + } + QLIST_REMOVE (cap, entries); ++ g_free (cap->hw.mix_buf); ++ g_free (cap->buf); + g_free (cap); + } + return; +-- +2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch new file mode 100644 index 0000000..0a34dae --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch @@ -0,0 +1,76 @@ +bug #616872 + +https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html +--- + ui/input.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/ui/input.c b/ui/input.c +index ed88cda6d6..fb1f404095 100644 +--- a/ui/input.c ++++ b/ui/input.c +@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = + QTAILQ_HEAD_INITIALIZER(kbd_queue); + static QEMUTimer *kbd_timer; + static uint32_t kbd_default_delay_ms = 10; ++static uint32_t queue_count; ++static uint32_t queue_limit = 1024; + + QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, + QemuInputHandler *handler) +@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) + break; + } + QTAILQ_REMOVE(queue, item, node); ++ queue_count--; + g_free(item); + } + } +@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, + item->delay_ms = delay_ms; + item->timer = timer; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + + if (start_timer) { + timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, + item->src = src; + item->evt = evt; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + } + + static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) +@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) + + item->type = QEMU_INPUT_QUEUE_SYNC; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + } + + void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) +@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) + qemu_input_event_send(src, evt); + qemu_input_event_sync(); + qapi_free_InputEvent(evt); +- } else { ++ } else if (queue_count < queue_limit) { + qemu_input_queue_event(&kbd_queue, src, evt); + qemu_input_queue_sync(&kbd_queue); + } +@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) + kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, + &kbd_queue); + } +- qemu_input_queue_delay(&kbd_queue, kbd_timer, +- delay_ms ? delay_ms : kbd_default_delay_ms); ++ if (queue_count < queue_limit) { ++ qemu_input_queue_delay(&kbd_queue, kbd_timer, ++ delay_ms ? delay_ms : kbd_default_delay_ms); ++ } + } + + InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) +-- +2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch new file mode 100644 index 0000000..08911dd --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch @@ -0,0 +1,34 @@ +bug #616874 + +https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html +--- + hw/scsi/megasas.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 84b8caf..804122a 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, + case MFI_SEQ: + trace_megasas_mmio_writel("MFI_SEQ", val); + /* Magic sequence to start ADP reset */ +- if (adp_reset_seq[s->adp_reset] == val) { +- s->adp_reset++; ++ if (adp_reset_seq[s->adp_reset++] == val) { ++ if (s->adp_reset == 6) { ++ s->adp_reset = 0; ++ s->diag = MFI_DIAG_WRITE_ENABLE; ++ } + } else { + s->adp_reset = 0; + s->diag = 0; + } +- if (s->adp_reset == 6) { +- s->diag = MFI_DIAG_WRITE_ENABLE; +- } + break; + case MFI_DIAG: + trace_megasas_mmio_writel("MFI_DIAG", val); +-- +2.9.3 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch new file mode 100644 index 0000000..01c81d1 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch @@ -0,0 +1,122 @@ +From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 1 Jun 2017 17:26:14 +0200 +Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd + +This ensures that the request is unref'ed properly, and avoids a +segmentation fault in the new qtest testcase that is added. +This is CVE-2017-9503. + +Reported-by: Zhangyanyu +Signed-off-by: Paolo Bonzini +--- + hw/scsi/megasas.c | 31 ++++++++++++++++--------------- + 2 files changed, 51 insertions(+), 15 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 135662df31..734fdaef90 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s) + static void megasas_abort_command(MegasasCmd *cmd) + { + /* Never abort internal commands. */ ++ if (cmd->dcmd_opcode != -1) { ++ return; ++ } + if (cmd->req != NULL) { + scsi_req_cancel(cmd->req); + } +@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, + uint64_t pd_size; + uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); + uint8_t cmdbuf[6]; +- SCSIRequest *req; + size_t len, resid; + + if (!cmd->iov_buf) { +@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, + info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */ + info->vpd_page83[0] = 0x7f; + megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data)); +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); +- if (!req) { ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); ++ if (!cmd->req) { + trace_megasas_dcmd_req_alloc_failed(cmd->index, + "PD get info std inquiry"); + g_free(cmd->iov_buf); +@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun, + } + trace_megasas_dcmd_internal_submit(cmd->index, + "PD get info std inquiry", lun); +- len = scsi_req_enqueue(req); ++ len = scsi_req_enqueue(cmd->req); + if (len > 0) { + cmd->iov_size = len; +- scsi_req_continue(req); ++ scsi_req_continue(cmd->req); + } + return MFI_STAT_INVALID_STATUS; + } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) { + megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83)); +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); +- if (!req) { ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd); ++ if (!cmd->req) { + trace_megasas_dcmd_req_alloc_failed(cmd->index, + "PD get info vpd inquiry"); + return MFI_STAT_FLASH_ALLOC_FAIL; + } + trace_megasas_dcmd_internal_submit(cmd->index, + "PD get info vpd inquiry", lun); +- len = scsi_req_enqueue(req); ++ len = scsi_req_enqueue(cmd->req); + if (len > 0) { + cmd->iov_size = len; +- scsi_req_continue(req); ++ scsi_req_continue(cmd->req); + } + return MFI_STAT_INVALID_STATUS; + } +@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, + struct mfi_ld_info *info = cmd->iov_buf; + size_t dcmd_size = sizeof(struct mfi_ld_info); + uint8_t cdb[6]; +- SCSIRequest *req; + ssize_t len, resid; + uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF); + uint64_t ld_size; +@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, + cmd->iov_buf = g_malloc0(dcmd_size); + info = cmd->iov_buf; + megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83)); +- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); +- if (!req) { ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd); ++ if (!cmd->req) { + trace_megasas_dcmd_req_alloc_failed(cmd->index, + "LD get info vpd inquiry"); + g_free(cmd->iov_buf); +@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, + } + trace_megasas_dcmd_internal_submit(cmd->index, + "LD get info vpd inquiry", lun); +- len = scsi_req_enqueue(req); ++ len = scsi_req_enqueue(cmd->req); + if (len > 0) { + cmd->iov_size = len; +- scsi_req_continue(req); ++ scsi_req_continue(cmd->req); + } + return MFI_STAT_INVALID_STATUS; + } +@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status, + return; + } + +- if (cmd->req == NULL) { ++ if (cmd->dcmd_opcode != -1) { + /* + * Internal command complete + */ diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch new file mode 100644 index 0000000..74725a9 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch @@ -0,0 +1,114 @@ +From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 1 Jun 2017 17:18:23 +0200 +Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame + +Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd + +Signed-off-by: Paolo Bonzini +--- + hw/scsi/megasas.c | 25 +++++++++++-------------- + 1 file changed, 11 insertions(+), 14 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index c353118882..a3f75c1650 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -63,6 +63,7 @@ typedef struct MegasasCmd { + + hwaddr pa; + hwaddr pa_size; ++ uint32_t dcmd_opcode; + union mfi_frame *frame; + SCSIRequest *req; + QEMUSGList qsg; +@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s, + cmd->context &= (uint64_t)0xFFFFFFFF; + } + cmd->count = count; ++ cmd->dcmd_opcode = -1; + s->busy++; + + if (s->consumer_pa) { +@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode; + int retval = 0; + size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); +- trace_megasas_handle_dcmd(cmd->index, opcode); ++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode); ++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode); + if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } +- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { ++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) { + cmdptr++; + } + len = cmd->iov_size; + if (cmdptr->opcode == -1) { +- trace_megasas_dcmd_unhandled(cmd->index, opcode, len); ++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len); + retval = megasas_dcmd_dummy(s, cmd); + } else { + trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len); +@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + static int megasas_finish_internal_dcmd(MegasasCmd *cmd, + SCSIRequest *req) + { +- int opcode; + int retval = MFI_STAT_OK; + int lun = req->lun; + +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); +- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun); +- switch (opcode) { ++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun); ++ switch (cmd->dcmd_opcode) { + case MFI_DCMD_PD_GET_INFO: + retval = megasas_pd_get_info_submit(req->dev, lun, cmd); + break; +@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd, + retval = megasas_ld_get_info_submit(req->dev, lun, cmd); + break; + default: +- trace_megasas_dcmd_internal_invalid(cmd->index, opcode); ++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode); + retval = MFI_STAT_INVALID_DCMD; + break; + } +@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) + { + MegasasCmd *cmd = req->hba_private; + uint8_t *buf; +- uint32_t opcode; + + trace_megasas_io_complete(cmd->index, len); + +@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) + } + + buf = scsi_req_get_buf(req); +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode); +- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { ++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) { + struct mfi_pd_info *info = cmd->iov_buf; + + if (info->inquiry_data[0] == 0x7f) { +@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len) + memcpy(info->vpd_page83, buf, len); + } + scsi_req_continue(req); +- } else if (opcode == MFI_DCMD_LD_GET_INFO) { ++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) { + struct mfi_ld_info *info = cmd->iov_buf; + + if (cmd->iov_buf) { +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch new file mode 100644 index 0000000..9d77193 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch @@ -0,0 +1,80 @@ +From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Fri, 26 May 2017 22:04:21 -0500 +Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation + +If a non-NBD client connects to qemu-nbd, we would end up with +a SIGSEGV in nbd_client_put() because we were trying to +unregister the client's association to the export, even though +we skipped inserting the client into that list. Easy trigger +in two terminals: + +$ qemu-nbd -p 30001 --format=raw file +$ nmap 127.0.0.1 -p 30001 + +nmap claims that it thinks it connected to a pago-services1 +server (which probably means nmap could be updated to learn the +NBD protocol and give a more accurate diagnosis of the open +port - but that's not our problem), then terminates immediately, +so our call to nbd_negotiate() fails. The fix is to reorder +nbd_co_client_start() to ensure that all initialization occurs +before we ever try talking to a client in nbd_negotiate(), so +that the teardown sequence on negotiation failure doesn't fault +while dereferencing a half-initialized object. + +While debugging this, I also noticed that nbd_update_server_watch() +called by nbd_client_closed() was still adding a channel to accept +the next client, even when the state was no longer RUNNING. That +is fixed by making nbd_can_accept() pay attention to the current +state. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 + +Signed-off-by: Eric Blake +Message-Id: <20170527030421.28366-1-eblake@redhat.com> +Signed-off-by: Paolo Bonzini +--- + nbd/server.c | 8 +++----- + qemu-nbd.c | 2 +- + 2 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/nbd/server.c b/nbd/server.c +index ee59e5d234..49b55f6ede 100644 +--- a/nbd/server.c ++++ b/nbd/server.c +@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque) + + if (exp) { + nbd_export_get(exp); ++ QTAILQ_INSERT_TAIL(&exp->clients, client, next); + } ++ qemu_co_mutex_init(&client->send_lock); ++ + if (nbd_negotiate(data)) { + client_close(client); + goto out; + } +- qemu_co_mutex_init(&client->send_lock); +- +- if (exp) { +- QTAILQ_INSERT_TAIL(&exp->clients, client, next); +- } + + nbd_client_receive_next_request(client); + +diff --git a/qemu-nbd.c b/qemu-nbd.c +index f60842fd86..651f85ecc1 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -325,7 +325,7 @@ out: + + static int nbd_can_accept(void) + { +- return nb_fds < shared; ++ return state == RUNNING && nb_fds < shared; + } + + static void nbd_export_closed(NBDExport *exp) +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch new file mode 100644 index 0000000..e6934b3 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch @@ -0,0 +1,197 @@ +From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Thu, 8 Jun 2017 17:26:17 -0500 +Subject: [PATCH] nbd: Fix regression on resiliency to port scan + +Back in qemu 2.5, qemu-nbd was immune to port probes (a transient +server would not quit, regardless of how many probe connections +came and went, until a connection actually negotiated). But we +broke that in commit ee7d7aa when removing the return value to +nbd_client_new(), although that patch also introduced a bug causing +an assertion failure on a client that fails negotiation. We then +made it worse during refactoring in commit 1a6245a (a segfault +before we could even assert); the (masked) assertion was cleaned +up in d3780c2 (still in 2.6), and just recently we finally fixed +the segfault ("nbd: Fully intialize client in case of failed +negotiation"). But that still means that ever since we added +TLS support to qemu-nbd, we have been vulnerable to an ill-timed +port-scan being able to cause a denial of service by taking down +qemu-nbd before a real client has a chance to connect. + +Since negotiation is now handled asynchronously via coroutines, +we no longer have a synchronous point of return by re-adding a +return value to nbd_client_new(). So this patch instead wires +things up to pass the negotiation status through the close_fn +callback function. + +Simple test across two terminals: +$ qemu-nbd -f raw -p 30001 file +$ nmap 127.0.0.1 -p 30001 && \ + qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 + +Note that this patch does not change what constitutes successful +negotiation (thus, a client must enter transmission phase before +that client can be considered as a reason to terminate the server +when the connection ends). Perhaps we may want to tweak things +in a later patch to also treat a client that uses NBD_OPT_ABORT +as being a 'successful' negotiation (the client correctly talked +the NBD protocol, and informed us it was not going to use our +export after all), but that's a discussion for another day. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 + +Signed-off-by: Eric Blake +Message-Id: <20170608222617.20376-1-eblake@redhat.com> +Signed-off-by: Paolo Bonzini +--- + blockdev-nbd.c | 6 +++++- + include/block/nbd.h | 2 +- + nbd/server.c | 24 +++++++++++++++--------- + qemu-nbd.c | 4 ++-- + 4 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/blockdev-nbd.c b/blockdev-nbd.c +index dd0860f4a6..28f551a7b0 100644 +--- a/blockdev-nbd.c ++++ b/blockdev-nbd.c +@@ -27,6 +27,10 @@ typedef struct NBDServerData { + + static NBDServerData *nbd_server; + ++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) ++{ ++ nbd_client_put(client); ++} + + static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, + gpointer opaque) +@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, + qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); + nbd_client_new(NULL, cioc, + nbd_server->tlscreds, NULL, +- nbd_client_put); ++ nbd_blockdev_client_closed); + object_unref(OBJECT(cioc)); + return TRUE; + } +diff --git a/include/block/nbd.h b/include/block/nbd.h +index 416257abca..8fa5ce51f3 100644 +--- a/include/block/nbd.h ++++ b/include/block/nbd.h +@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp, + QIOChannelSocket *sioc, + QCryptoTLSCreds *tlscreds, + const char *tlsaclname, +- void (*close)(NBDClient *)); ++ void (*close_fn)(NBDClient *, bool)); + void nbd_client_get(NBDClient *client); + void nbd_client_put(NBDClient *client); + +diff --git a/nbd/server.c b/nbd/server.c +index 49b55f6ede..f2b1aa47ce 100644 +--- a/nbd/server.c ++++ b/nbd/server.c +@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); + + struct NBDClient { + int refcount; +- void (*close)(NBDClient *client); ++ void (*close_fn)(NBDClient *client, bool negotiated); + + bool no_zeroes; + NBDExport *exp; +@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client) + } + } + +-static void client_close(NBDClient *client) ++static void client_close(NBDClient *client, bool negotiated) + { + if (client->closing) { + return; +@@ -793,8 +793,8 @@ static void client_close(NBDClient *client) + NULL); + + /* Also tell the client, so that they release their reference. */ +- if (client->close) { +- client->close(client); ++ if (client->close_fn) { ++ client->close_fn(client, negotiated); + } + } + +@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp) + + nbd_export_get(exp); + QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { +- client_close(client); ++ client_close(client, true); + } + nbd_export_set_name(exp, NULL); + nbd_export_set_description(exp, NULL); +@@ -1337,7 +1337,7 @@ done: + + out: + nbd_request_put(req); +- client_close(client); ++ client_close(client, true); + nbd_client_put(client); + } + +@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) + qemu_co_mutex_init(&client->send_lock); + + if (nbd_negotiate(data)) { +- client_close(client); ++ client_close(client, false); + goto out; + } + +@@ -1373,11 +1373,17 @@ out: + g_free(data); + } + ++/* ++ * Create a new client listener on the given export @exp, using the ++ * given channel @sioc. Begin servicing it in a coroutine. When the ++ * connection closes, call @close_fn with an indication of whether the ++ * client completed negotiation. ++ */ + void nbd_client_new(NBDExport *exp, + QIOChannelSocket *sioc, + QCryptoTLSCreds *tlscreds, + const char *tlsaclname, +- void (*close_fn)(NBDClient *)) ++ void (*close_fn)(NBDClient *, bool)) + { + NBDClient *client; + NBDClientNewData *data = g_new(NBDClientNewData, 1); +@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp, + object_ref(OBJECT(client->sioc)); + client->ioc = QIO_CHANNEL(sioc); + object_ref(OBJECT(client->ioc)); +- client->close = close_fn; ++ client->close_fn = close_fn; + + data->client = client; + data->co = qemu_coroutine_create(nbd_co_client_start, data); +diff --git a/qemu-nbd.c b/qemu-nbd.c +index 651f85ecc1..9464a0461c 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp) + + static void nbd_update_server_watch(void); + +-static void nbd_client_closed(NBDClient *client) ++static void nbd_client_closed(NBDClient *client, bool negotiated) + { + nb_fds--; +- if (nb_fds == 0 && !persistent && state == RUNNING) { ++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) { + state = TERMINATE; + } + nbd_update_server_watch(); +-- +2.13.0 + diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1 new file mode 100644 index 0000000..fe62a2a --- /dev/null +++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1 @@ -0,0 +1,138 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel + +# Defaulting to OC should be safe because it comes down to: +# - do we trust the interp itself to not be malicious? yes; we built it. +# - do we trust the programs we're running? ish; same permission as native +# binaries apply. so if user can do bad stuff natively, cross isn't worse. +: ${QEMU_BINFMT_FLAGS:=OC} + +depend() { + after procfs +} + +start() { + ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})" + + if [ ! -d /proc/sys/fs/binfmt_misc ] ; then + modprobe -q binfmt_misc + fi + + if [ ! -d /proc/sys/fs/binfmt_misc ] ; then + eend $? "You need support for 'misc binaries' in your kernel!" || return + fi + + if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then + mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1 + eend $? || return + fi + + # probe cpu type + cpu=`uname -m` + case "$cpu" in + i386|i486|i586|i686|i86pc|BePC|x86_64) + cpu="i386" + ;; + m68k) + cpu="m68k" + ;; + mips*) + cpu="mips" + ;; + "Power Macintosh"|ppc|ppc64) + cpu="ppc" + ;; + armv[4-9]*) + cpu="arm" + ;; + sparc*) + cpu="sparc" + ;; + esac + + # register the interpreter for each cpu except for the native one + if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then + echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then + echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then + echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then + echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then + echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then + echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then + echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then + #echo 'Please check cpu value and header information for m68k!' + echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then + # FIXME: We could use the other endianness on a MIPS host. + echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then + echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then + echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then + echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then + echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then + echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then + echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then + echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then + echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + eend $? +} + +stop() { + ebegin "Unregistering qemu-user binaries" + local arches + + arches="${arches} i386 i486" + arches="${arches} alpha" + arches="${arches} arm armeb" + arches="${arches} aarch64" + arches="${arches} sparc" + arches="${arches} ppc" + arches="${arches} m68k" + arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el" + arches="${arches} sh4 sh4eb" + arches="${arches} s390x" + + for a in ${arches}; do + if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then + echo '-1' > /proc/sys/fs/binfmt_misc/$a + fi + done + + eend $? +} + +# vim: ts=4 : diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.head b/app-emulation/qemu/files/qemu-binfmt.initd.head new file mode 100644 index 0000000..858d5d7 --- /dev/null +++ b/app-emulation/qemu/files/qemu-binfmt.initd.head @@ -0,0 +1,64 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Enable automatic non-native program execution by the kernel. + +# Defaulting to OC should be safe because it comes down to: +# - do we trust the interp itself to not be malicious? yes; we built it. +# - do we trust the programs we're running? ish; same permission as native +# binaries apply. so if user can do bad stuff natively, cross isn't worse. +: ${QEMU_BINFMT_FLAGS:=OC} + +depend() { + after procfs +} + +start() { + ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})" + + if [ ! -d /proc/sys/fs/binfmt_misc ] ; then + modprobe -q binfmt_misc + fi + + if [ ! -d /proc/sys/fs/binfmt_misc ] ; then + eend 1 "You need support for 'misc binaries' in your kernel!" + return + fi + + if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then + mount -t binfmt_misc -o nodev,noexec,nosuid \ + binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1 + eend $? || return + fi + + # Probe the native cpu type so we don't try registering them. + local cpu="$(uname -m)" + case "${cpu}" in + armv[4-9]*) + cpu="arm" + ;; + i386|i486|i586|i686|i86pc|BePC|x86_64) + cpu="i386" + ;; + m68k) + cpu="m68k" + ;; + mips*) + cpu="mips" + ;; + "Power Macintosh"|ppc|ppc64) + cpu="ppc" + ;; + s390*) + cpu="s390" + ;; + sh*) + cpu="sh" + ;; + sparc*) + cpu="sparc" + ;; + esac + + # Register the interpreter for each cpu except for the native one. diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.tail b/app-emulation/qemu/files/qemu-binfmt.initd.tail new file mode 100644 index 0000000..7679481 --- /dev/null +++ b/app-emulation/qemu/files/qemu-binfmt.initd.tail @@ -0,0 +1,14 @@ + eend 0 +} + +stop() { + # We unregister everything in the "qemu-xxx" namespace. + ebegin "Unregistering qemu-user binaries" + local f + for f in /proc/sys/fs/binfmt_misc/qemu-* ; do + if [ -f "${f}" ] ; then + echo '-1' > "${f}" + fi + done + eend 0 +} diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml new file mode 100644 index 0000000..3fe0408 --- /dev/null +++ b/app-emulation/qemu/metadata.xml @@ -0,0 +1,56 @@ + + + + + qemu@gentoo.org + Gentoo QEMU Project + + + Adds support for braille displays using brltty + Enables support for Linux's Async IO + Enable alsa output for sound emulation + Support ISOs / -cdrom directives vis HTTP or HTTPS. + Enables firmware device tree support + Enables GlusterFS cluster fileystem via + sys-cluster/glusterfs + Enable TLS support for the VNC console server. + For 1.4 and newer this also enables WebSocket support. + For 2.0 through 2.3 also enables disk quorum support. + Use gtk-2 instead of gtk-3 + Enable direct iSCSI support via + net-libs/libiscsi instead of indirectly via the Linux + block layer that sys-block/open-iscsi does. + Enable the ncurses-based console + Enable NFS support + Enable NUMA support + Pin the versions of BIOS firmware to the version included in the upstream release. + This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances. + When the blobs are different, random corruption/bugs/crashes/etc... may be observed. + Enable pulseaudio output for sound emulation + Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD + Enable the SDL-based console + Use libsdl2 instead of libsdl + Enable Spice protocol support via app-emulation/spice + Enable SSH based block device support via net-libs/libssh2 + Build the User targets as static binaries + Build the User and Software MMU (system) targets as well as tools as static binaries + Enable support for snappy compression + Enable SystemTAP/DTrace tracing + Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time. + Enable jpeg image support for the VNC console server + Enable png image support for the VNC console server + Enable USB passthrough via dev-libs/libusb + Use sys-apps/usbredir to redirect USB devices to another machine over TCP + Enable VDE-based networking + Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet + Enable experimental Virgil 3d (virtual software GPU) + Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup + Enable terminal support (x11-libs/vte) in the GTK+ interface + Add support for getting and setting POSIX extended attributes, through + sys-apps/attr. Requisite for the virtfs backend. + + Enables support for Xen backends + Support xfsctl() notification and syncing for XFS backed + virtual disks. + + diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild new file mode 100644 index 0000000..f9ba26c --- /dev/null +++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild @@ -0,0 +1,793 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="ncurses,readline" + +PLOCALES="bg de_DE fr_FR hu it tr zh_CN" + +FIRMWARE_ABI_VERSION="2.9.0-r52" + +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ + user udev fcaps readme.gentoo-r1 pax-utils l10n + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="git://git.qemu.org/qemu.git" + inherit git-r3 + SRC_URI="" +else + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" +fi + +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" + +LICENSE="GPL-2 LGPL-2 BSD-2" +SLOT="0" +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt + glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux + kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png + pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy + spice ssh static static-user systemtap tci test usb usbredir vde + +vhost-net virgl virtfs +vnc vte xattr xen xfs" + +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel + mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc + sparc64 x86_64" +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} + lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" +IUSE_USER_TARGETS="${COMMON_TARGETS} + armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" + +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" + +# Allow no targets to be built so that people can get a tools-only build. +# Block USE flag configurations known to not work. +REQUIRED_USE="${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) + qemu_softmmu_targets_arm? ( fdt ) + qemu_softmmu_targets_microblaze? ( fdt ) + qemu_softmmu_targets_mips64el? ( fdt ) + qemu_softmmu_targets_ppc? ( fdt ) + qemu_softmmu_targets_ppc64? ( fdt ) + sdl2? ( sdl ) + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) + virtfs? ( xattr ) + vte? ( gtk )" + +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) +# and user/softmmu targets (qemu-*, qemu-system-*). +# +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. +ALL_DEPEND=" + >=dev-libs/glib-2.0[static-libs(+)] + sys-libs/zlib[static-libs(+)] + python? ( ${PYTHON_DEPS} ) + systemtap? ( dev-util/systemtap ) + xattr? ( sys-apps/attr[static-libs(+)] )" + +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) +# softmmu targets (qemu-system-*). +SOFTMMU_TOOLS_DEPEND=" + >=x11-libs/pixman-0.28.0[static-libs(+)] + accessibility? ( + app-accessibility/brltty[api] + app-accessibility/brltty[static-libs(+)] + ) + aio? ( dev-libs/libaio[static-libs(+)] ) + alsa? ( >=media-libs/alsa-lib-1.0.13 ) + bluetooth? ( net-wireless/bluez ) + bzip2? ( app-arch/bzip2[static-libs(+)] ) + caps? ( sys-libs/libcap-ng[static-libs(+)] ) + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) + gnutls? ( + dev-libs/nettle:=[static-libs(+)] + >=net-libs/gnutls-3.0:=[static-libs(+)] + ) + gtk? ( + gtk2? ( + x11-libs/gtk+:2 + vte? ( x11-libs/vte:0 ) + ) + !gtk2? ( + x11-libs/gtk+:3 + vte? ( x11-libs/vte:2.91 ) + ) + ) + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) + iscsi? ( net-libs/libiscsi ) + jpeg? ( virtual/jpeg:0=[static-libs(+)] ) + lzo? ( dev-libs/lzo:2[static-libs(+)] ) + ncurses? ( + sys-libs/ncurses:0=[unicode] + sys-libs/ncurses:0=[static-libs(+)] + ) + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + numa? ( sys-process/numactl[static-libs(+)] ) + opengl? ( + virtual/opengl + media-libs/libepoxy[static-libs(+)] + media-libs/mesa[static-libs(+)] + media-libs/mesa[egl,gbm] + ) + png? ( media-libs/libpng:0=[static-libs(+)] ) + pulseaudio? ( media-sound/pulseaudio ) + rbd? ( sys-cluster/ceph[static-libs(+)] ) + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) + sdl? ( + !sdl2? ( + media-libs/libsdl[X] + >=media-libs/libsdl-1.2.11[static-libs(+)] + ) + sdl2? ( + media-libs/libsdl2[X] + media-libs/libsdl2[static-libs(+)] + ) + ) + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) + snappy? ( app-arch/snappy:=[static-libs(+)] ) + spice? ( + >=app-emulation/spice-protocol-0.12.3 + >=app-emulation/spice-0.12.0[static-libs(+)] + ) + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) + usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) + vde? ( net-misc/vde[static-libs(+)] ) + virgl? ( media-libs/virglrenderer[static-libs(+)] ) + virtfs? ( sys-libs/libcap ) + xen? ( app-emulation/xen-tools:= ) + xfs? ( sys-fs/xfsprogs[static-libs(+)] )" + +X86_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] + ~sys-firmware/ipxe-1.0.0_p20160620 + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ~sys-firmware/sgabios-0.1_pre8 + ) + !pin-upstream-blobs? ( + sys-firmware/edk2-ovmf + sys-firmware/ipxe + >=sys-firmware/seabios-1.10.2[seavgabios] + sys-firmware/sgabios + )" + +CDEPEND=" + !static? ( + ${ALL_DEPEND//\[static-libs(+)]} + ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} + ) + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" +DEPEND="${CDEPEND} + dev-lang/perl + =dev-lang/python-2* + sys-apps/texinfo + virtual/pkgconfig + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) + static? ( + ${ALL_DEPEND} + ${SOFTMMU_TOOLS_DEPEND} + ) + static-user? ( ${ALL_DEPEND} ) + test? ( + dev-libs/glib[utils] + sys-devel/bc + )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-qemu )" + +PATCHES=( + "${FILESDIR}"/${PN}-2.5.0-cflags.patch + "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088 +) + +STRIP_MASK="/usr/share/qemu/palcode-clipper" + +QA_PREBUILT=" + usr/share/qemu/openbios-ppc + usr/share/qemu/openbios-sparc64 + usr/share/qemu/openbios-sparc32 + usr/share/qemu/palcode-clipper + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500" + +QA_WX_LOAD="usr/bin/qemu-i386 + usr/bin/qemu-x86_64 + usr/bin/qemu-alpha + usr/bin/qemu-arm + usr/bin/qemu-cris + usr/bin/qemu-m68k + usr/bin/qemu-microblaze + usr/bin/qemu-microblazeel + usr/bin/qemu-mips + usr/bin/qemu-mipsel + usr/bin/qemu-or1k + usr/bin/qemu-ppc + usr/bin/qemu-ppc64 + usr/bin/qemu-ppc64abi32 + usr/bin/qemu-sh4 + usr/bin/qemu-sh4eb + usr/bin/qemu-sparc + usr/bin/qemu-sparc64 + usr/bin/qemu-armeb + usr/bin/qemu-sparc32plus + usr/bin/qemu-s390x + usr/bin/qemu-unicore32" + +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the +kernel module loaded before running kvm. The easiest way to ensure that the +kernel module is loaded is to load it on boot. + For AMD CPUs the module is called 'kvm-amd'. + For Intel CPUs the module is called 'kvm-intel'. +Please review /etc/conf.d/modules for how to load these. + +Make sure your user is in the 'kvm' group. Just run + $ gpasswd -a kvm +then have re-login. + +For brand new installs, the default permissions on /dev/kvm might not let +you access it. You can tell udev to reset ownership/perms: + $ udevadm trigger -c add /dev/kvm + +If you want to register binfmt handlers for qemu user targets: +For openrc: + # rc-update add qemu-binfmt +For systemd: + # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" + +pkg_pretend() { + if use kernel_linux && kernel_is lt 2 6 25; then + eerror "This version of KVM requres a host kernel of 2.6.25 or higher." + elif use kernel_linux; then + if ! linux_config_exists; then + eerror "Unable to check your kernel for KVM support" + else + CONFIG_CHECK="~KVM ~TUN ~BRIDGE" + ERROR_KVM="You must enable KVM in your kernel to continue" + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" + ERROR_KVM_AMD+=" your kernel configuration." + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." + ERROR_TUN="You will need the Universal TUN/TAP driver compiled" + ERROR_TUN+=" into your kernel or loaded as a module to use the" + ERROR_TUN+=" virtual network device if using -net tap." + ERROR_BRIDGE="You will also need support for 802.1d" + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" + ERROR_VHOST_NET+=" support" + + if use amd64 || use x86 || use amd64-linux || use x86-linux; then + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + fi + + use python && CONFIG_CHECK+=" ~DEBUG_FS" + ERROR_DEBUG_FS="debugFS support required for kvm_stat" + + # Now do the actual checks setup above + check_extra_config + fi + fi + + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" + eerror "instances are still pointing to it. Please update your" + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" + eerror "and the right system binary (e.g. qemu-system-x86_64)." + die "update your virt configs to not use qemu-kvm" + fi +} + +pkg_setup() { + enewgroup kvm 78 +} + +# Sanity check to make sure target lists are kept up-to-date. +check_targets() { + local var=$1 mak=$2 + local detected sorted + + pushd "${S}"/default-configs >/dev/null || die + + # Force C locale until glibc is updated. #564936 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "${var}: ${sorted}" + eerror "$(printf '%-*s' ${#var} configure): ${detected}" + die "sync ${var} to the list of targets" + fi + + popd >/dev/null +} + +handle_locales() { + # Make sure locale list is kept up-to-date. + local detected sorted + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "PLOCALES: ${sorted}" + eerror " po/*.po: ${detected}" + die "sync PLOCALES" + fi + + # Deal with selective install of locales. + if use nls ; then + # Delete locales the user does not want. #577814 + rm_loc() { rm po/$1.po || die; } + l10n_for_each_disabled_locale_do rm_loc + else + # Cheap hack to disable gettext .mo generation. + rm -f po/*.po + fi +} + +src_prepare() { + check_targets IUSE_SOFTMMU_TARGETS softmmu + check_targets IUSE_USER_TARGETS linux-user + + # Alter target makefiles to accept CFLAGS set via flag-o + sed -i -r \ + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ + Makefile Makefile.target || die + + default + + # Fix ld and objcopy being called directly + tc-export AR LD OBJCOPY + + # Verbose builds + MAKEOPTS+=" V=1" + + # Run after we've applied all patches. + handle_locales +} + +## +# configures qemu based on the build directory and the build type +# we are using. +# +qemu_src_configure() { + debug-print-function ${FUNCNAME} "$@" + + local buildtype=$1 + local builddir="${S}/${buildtype}-build" + + mkdir "${builddir}" + + local conf_opts=( + --prefix=/usr + --sysconfdir=/etc + --libdir=/usr/$(get_libdir) + --docdir=/usr/share/doc/${PF}/html + --disable-bsd-user + --disable-guest-agent + --disable-strip + --disable-werror + # We support gnutls/nettle for crypto operations. It is possible + # to use gcrypt when gnutls/nettle are disabled (but not when they + # are enabled), but it's not really worth the hassle. Disable it + # all the time to avoid automatically detecting it. #568856 + --disable-gcrypt + --python="${PYTHON}" + --cc="$(tc-getCC)" + --cxx="$(tc-getCXX)" + --host-cc="$(tc-getBUILD_CC)" + $(use_enable debug debug-info) + $(use_enable debug debug-tcg) + --enable-docs + $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) + ) + + # Disable options not used by user targets. This simplifies building + # static user targets (USE=static-user) considerably. + conf_notuser() { + if [[ ${buildtype} == "user" ]] ; then + echo "--disable-${2:-$1}" + else + use_enable "$@" + fi + } + conf_opts+=( + $(conf_notuser accessibility brlapi) + $(conf_notuser aio linux-aio) + $(conf_notuser bzip2) + $(conf_notuser bluetooth bluez) + $(conf_notuser caps cap-ng) + $(conf_notuser curl) + $(conf_notuser fdt) + $(conf_notuser glusterfs) + $(conf_notuser gnutls) + $(conf_notuser gnutls nettle) + $(conf_notuser gtk) + $(conf_notuser infiniband rdma) + $(conf_notuser iscsi libiscsi) + $(conf_notuser jpeg vnc-jpeg) + $(conf_notuser kernel_linux kvm) + $(conf_notuser lzo) + $(conf_notuser ncurses curses) + $(conf_notuser nfs libnfs) + $(conf_notuser numa) + $(conf_notuser opengl) + $(conf_notuser png vnc-png) + $(conf_notuser rbd) + $(conf_notuser sasl vnc-sasl) + $(conf_notuser sdl) + $(conf_notuser seccomp) + $(conf_notuser smartcard) + $(conf_notuser snappy) + $(conf_notuser spice) + $(conf_notuser ssh libssh2) + $(conf_notuser usb libusb) + $(conf_notuser usbredir usb-redir) + $(conf_notuser vde) + $(conf_notuser vhost-net) + $(conf_notuser virgl virglrenderer) + $(conf_notuser virtfs) + $(conf_notuser vnc) + $(conf_notuser vte) + $(conf_notuser xen) + $(conf_notuser xen xen-pci-passthrough) + $(conf_notuser xfs xfsctl) + ) + + if [[ ! ${buildtype} == "user" ]] ; then + # audio options + local audio_opts="oss" + use alsa && audio_opts="alsa,${audio_opts}" + use sdl && audio_opts="sdl,${audio_opts}" + use pulseaudio && audio_opts="pa,${audio_opts}" + conf_opts+=( + --audio-drv-list="${audio_opts}" + ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) + fi + + case ${buildtype} in + user) + conf_opts+=( + --enable-linux-user + --disable-system + --disable-blobs + --disable-tools + ) + local static_flag="static-user" + ;; + softmmu) + conf_opts+=( + --disable-linux-user + --enable-system + --disable-tools + --with-system-pixman + ) + local static_flag="static" + ;; + tools) + conf_opts+=( + --disable-linux-user + --disable-system + --disable-blobs + --enable-tools + ) + local static_flag="static" + ;; + esac + + local targets="${buildtype}_targets" + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) + + # Add support for SystemTAP + use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) + + # We always want to attempt to build with PIE support as it results + # in a more secure binary. But it doesn't work with static or if + # the current GCC doesn't have PIE support. + if use ${static_flag}; then + conf_opts+=( --static --disable-pie ) + else + tc-enables-pie && conf_opts+=( --enable-pie ) + fi + + echo "../configure ${conf_opts[*]}" + cd "${builddir}" + ../configure "${conf_opts[@]}" || die "configure failed" + + # FreeBSD's kernel does not support QEMU assigning/grabbing + # host USB devices yet + use kernel_FreeBSD && \ + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak +} + +src_configure() { + local target + + python_setup + + softmmu_targets= softmmu_bins=() + user_targets= user_bins=() + + for target in ${IUSE_SOFTMMU_TARGETS} ; do + if use "qemu_softmmu_targets_${target}"; then + softmmu_targets+=",${target}-softmmu" + softmmu_bins+=( "qemu-system-${target}" ) + fi + done + + for target in ${IUSE_USER_TARGETS} ; do + if use "qemu_user_targets_${target}"; then + user_targets+=",${target}-linux-user" + user_bins+=( "qemu-${target}" ) + fi + done + + softmmu_targets=${softmmu_targets#,} + user_targets=${user_targets#,} + + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" + [[ -n ${user_targets} ]] && qemu_src_configure "user" + qemu_src_configure "tools" +} + +src_compile() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + default + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + default + fi + + cd "${S}/tools-build" + default +} + +src_test() { + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 + emake -j1 check + emake -j1 check-report.html + fi +} + +qemu_python_install() { + python_domodule "${S}/scripts/qmp/qmp.py" + + python_doscript "${S}/scripts/kvm/vmxcap" + python_doscript "${S}/scripts/qmp/qmp-shell" + python_doscript "${S}/scripts/qmp/qemu-ga-client" +} + +# Generate binfmt support files. +# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) +# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) +generate_initd() { + local out="${T}/qemu-binfmt" + local out_systemd="${T}/qemu.conf" + local d="${T}/binfmt.d" + + einfo "Generating qemu binfmt scripts and configuration files" + + # Generate the debian fragments first. + mkdir -p "${d}" + "${S}"/scripts/qemu-binfmt-conf.sh \ + --debian \ + --exportdir "${d}" \ + --qemu-path "${EPREFIX}/usr/bin" \ + || die + # Then turn the fragments into a shell script we can source. + sed -E -i \ + -e 's:^([^ ]+) (.*)$:\1="\2":' \ + "${d}"/* || die + + # Generate the init.d script by assembling the fragments from above. + local f qcpu package interpreter magic mask + cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die + for f in "${d}"/qemu-* ; do + source "${f}" + + # Normalize the cpu logic like we do in the init.d for the native cpu. + qcpu=${package#qemu-} + case ${qcpu} in + arm*) qcpu="arm";; + mips*) qcpu="mips";; + ppc*) qcpu="ppc";; + s390*) qcpu="s390";; + sh*) qcpu="sh";; + sparc*) qcpu="sparc";; + esac + + cat <>"${out}" + if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then + echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register + fi +EOF + + echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" + + done + cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die +} + +src_install() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + emake DESTDIR="${ED}" install + + # Install binfmt handler init script for user targets. + generate_initd + doinitd "${T}/qemu-binfmt" + + # Install binfmt/qemu.conf. + insinto "/usr/share/qemu/binfmt.d" + doins "${T}/qemu.conf" + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + emake DESTDIR="${ED}" install + + # This might not exist if the test failed. #512010 + [[ -e check-report.html ]] && dohtml check-report.html + + if use kernel_linux; then + udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules + fi + + if use python; then + python_foreach_impl qemu_python_install + fi + fi + + cd "${S}/tools-build" + emake DESTDIR="${ED}" install + + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 + pushd "${ED}"/usr/bin >/dev/null + pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 + popd >/dev/null + + # Install config file example for qemu-bridge-helper + insinto "/etc/qemu" + doins "${FILESDIR}/bridge.conf" + + cd "${S}" + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt + newdoc pc-bios/README README.pc-bios + dodoc docs/qmp-*.txt + + if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin + fi + + # Remove vgabios since we're using the seavgabios packaged one + rm "${ED}/usr/share/qemu/vgabios.bin" + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-virtio.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi + + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi + + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi + fi + + DISABLE_AUTOFORMATTING=true + readme.gentoo_create_doc +} + +firmware_abi_change() { + local pv + for pv in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then + return 0 + fi + done + return 1 +} + +pkg_postinst() { + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then + udev_reload + fi + + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + + DISABLE_AUTOFORMATTING=true + readme.gentoo_print_elog + + if use pin-upstream-blobs && firmware_abi_change; then + ewarn "This version of qemu pins new versions of firmware blobs:" + ewarn " $(best_version sys-firmware/edk2-ovmf)" + ewarn " $(best_version sys-firmware/ipxe)" + ewarn " $(best_version sys-firmware/seabios)" + ewarn " $(best_version sys-firmware/sgabios)" + ewarn "This might break resume of hibernated guests (started with a different" + ewarn "firmware version) and live migration to/from qemu versions with different" + ewarn "firmware. Please (cold) restart all running guests. For functional" + ewarn "guest migration ensure that all" + ewarn "hosts run at least" + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." + fi +} + +pkg_info() { + echo "Using:" + echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/edk2-ovmf)" + if has_version 'sys-firmware/edk2-ovmf[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/ipxe)" + echo " $(best_version sys-firmware/seabios)" + if has_version 'sys-firmware/seabios[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/sgabios)" +} diff --git a/app-emulation/qemu/qemu-2.9.0-r57.ebuild b/app-emulation/qemu/qemu-2.9.0-r57.ebuild new file mode 100644 index 0000000..a63311c --- /dev/null +++ b/app-emulation/qemu/qemu-2.9.0-r57.ebuild @@ -0,0 +1,796 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="ncurses,readline" + +PLOCALES="bg de_DE fr_FR hu it tr zh_CN" + +FIRMWARE_ABI_VERSION="2.9.0-r52" + +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ + user udev fcaps readme.gentoo-r1 pax-utils l10n + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="git://git.qemu.org/qemu.git" + inherit git-r3 + SRC_URI="" +else + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" +fi + +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" + +LICENSE="GPL-2 LGPL-2 BSD-2" +SLOT="0" +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt + glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux + kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png + pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy + spice ssh static static-user systemtap tci test usb usbredir vde + +vhost-net virgl virtfs +vnc vte xattr xen xfs" + +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel + mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc + sparc64 x86_64" +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} + lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" +IUSE_USER_TARGETS="${COMMON_TARGETS} + armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" + +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" + +# Allow no targets to be built so that people can get a tools-only build. +# Block USE flag configurations known to not work. +REQUIRED_USE="${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) + qemu_softmmu_targets_arm? ( fdt ) + qemu_softmmu_targets_microblaze? ( fdt ) + qemu_softmmu_targets_mips64el? ( fdt ) + qemu_softmmu_targets_ppc? ( fdt ) + qemu_softmmu_targets_ppc64? ( fdt ) + sdl2? ( sdl ) + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) + virtfs? ( xattr ) + vte? ( gtk )" + +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) +# and user/softmmu targets (qemu-*, qemu-system-*). +# +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. +ALL_DEPEND=" + >=dev-libs/glib-2.0[static-libs(+)] + sys-libs/zlib[static-libs(+)] + python? ( ${PYTHON_DEPS} ) + systemtap? ( dev-util/systemtap ) + xattr? ( sys-apps/attr[static-libs(+)] )" + +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) +# softmmu targets (qemu-system-*). +SOFTMMU_TOOLS_DEPEND=" + >=x11-libs/pixman-0.28.0[static-libs(+)] + accessibility? ( + app-accessibility/brltty[api] + app-accessibility/brltty[static-libs(+)] + ) + aio? ( dev-libs/libaio[static-libs(+)] ) + alsa? ( >=media-libs/alsa-lib-1.0.13 ) + bluetooth? ( net-wireless/bluez ) + bzip2? ( app-arch/bzip2[static-libs(+)] ) + caps? ( sys-libs/libcap-ng[static-libs(+)] ) + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) + gnutls? ( + dev-libs/nettle:=[static-libs(+)] + >=net-libs/gnutls-3.0:=[static-libs(+)] + ) + gtk? ( + gtk2? ( + x11-libs/gtk+:2 + vte? ( x11-libs/vte:0 ) + ) + !gtk2? ( + x11-libs/gtk+:3 + vte? ( x11-libs/vte:2.91 ) + ) + ) + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) + iscsi? ( net-libs/libiscsi ) + jpeg? ( virtual/jpeg:0=[static-libs(+)] ) + lzo? ( dev-libs/lzo:2[static-libs(+)] ) + ncurses? ( + sys-libs/ncurses:0=[unicode] + sys-libs/ncurses:0=[static-libs(+)] + ) + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + numa? ( sys-process/numactl[static-libs(+)] ) + opengl? ( + virtual/opengl + media-libs/libepoxy[static-libs(+)] + media-libs/mesa[static-libs(+)] + media-libs/mesa[egl,gbm] + ) + png? ( media-libs/libpng:0=[static-libs(+)] ) + pulseaudio? ( media-sound/pulseaudio ) + rbd? ( sys-cluster/ceph[static-libs(+)] ) + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) + sdl? ( + !sdl2? ( + media-libs/libsdl[X] + >=media-libs/libsdl-1.2.11[static-libs(+)] + ) + sdl2? ( + media-libs/libsdl2[X] + media-libs/libsdl2[static-libs(+)] + ) + ) + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) + snappy? ( app-arch/snappy:=[static-libs(+)] ) + spice? ( + >=app-emulation/spice-protocol-0.12.3 + >=app-emulation/spice-0.12.0[static-libs(+)] + ) + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) + usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) + vde? ( net-misc/vde[static-libs(+)] ) + virgl? ( media-libs/virglrenderer[static-libs(+)] ) + virtfs? ( sys-libs/libcap ) + xen? ( app-emulation/xen-tools:= ) + xfs? ( sys-fs/xfsprogs[static-libs(+)] )" + +X86_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] + ~sys-firmware/ipxe-1.0.0_p20160620 + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ~sys-firmware/sgabios-0.1_pre8 + ) + !pin-upstream-blobs? ( + sys-firmware/edk2-ovmf + sys-firmware/ipxe + >=sys-firmware/seabios-1.10.2[seavgabios] + sys-firmware/sgabios + )" + +CDEPEND=" + !static? ( + ${ALL_DEPEND//\[static-libs(+)]} + ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} + ) + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" +DEPEND="${CDEPEND} + dev-lang/perl + =dev-lang/python-2* + sys-apps/texinfo + virtual/pkgconfig + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) + static? ( + ${ALL_DEPEND} + ${SOFTMMU_TOOLS_DEPEND} + ) + static-user? ( ${ALL_DEPEND} ) + test? ( + dev-libs/glib[utils] + sys-devel/bc + )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-qemu )" + +PATCHES=( + "${FILESDIR}"/${PN}-2.5.0-cflags.patch + "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088 +) + +STRIP_MASK="/usr/share/qemu/palcode-clipper" + +QA_PREBUILT=" + usr/share/qemu/openbios-ppc + usr/share/qemu/openbios-sparc64 + usr/share/qemu/openbios-sparc32 + usr/share/qemu/palcode-clipper + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500" + +QA_WX_LOAD="usr/bin/qemu-i386 + usr/bin/qemu-x86_64 + usr/bin/qemu-alpha + usr/bin/qemu-arm + usr/bin/qemu-cris + usr/bin/qemu-m68k + usr/bin/qemu-microblaze + usr/bin/qemu-microblazeel + usr/bin/qemu-mips + usr/bin/qemu-mipsel + usr/bin/qemu-or1k + usr/bin/qemu-ppc + usr/bin/qemu-ppc64 + usr/bin/qemu-ppc64abi32 + usr/bin/qemu-sh4 + usr/bin/qemu-sh4eb + usr/bin/qemu-sparc + usr/bin/qemu-sparc64 + usr/bin/qemu-armeb + usr/bin/qemu-sparc32plus + usr/bin/qemu-s390x + usr/bin/qemu-unicore32" + +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the +kernel module loaded before running kvm. The easiest way to ensure that the +kernel module is loaded is to load it on boot. + For AMD CPUs the module is called 'kvm-amd'. + For Intel CPUs the module is called 'kvm-intel'. +Please review /etc/conf.d/modules for how to load these. + +Make sure your user is in the 'kvm' group. Just run + $ gpasswd -a kvm +then have re-login. + +For brand new installs, the default permissions on /dev/kvm might not let +you access it. You can tell udev to reset ownership/perms: + $ udevadm trigger -c add /dev/kvm + +If you want to register binfmt handlers for qemu user targets: +For openrc: + # rc-update add qemu-binfmt +For systemd: + # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf" + +pkg_pretend() { + if use kernel_linux && kernel_is lt 2 6 25; then + eerror "This version of KVM requres a host kernel of 2.6.25 or higher." + elif use kernel_linux; then + if ! linux_config_exists; then + eerror "Unable to check your kernel for KVM support" + else + CONFIG_CHECK="~KVM ~TUN ~BRIDGE" + ERROR_KVM="You must enable KVM in your kernel to continue" + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" + ERROR_KVM_AMD+=" your kernel configuration." + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." + ERROR_TUN="You will need the Universal TUN/TAP driver compiled" + ERROR_TUN+=" into your kernel or loaded as a module to use the" + ERROR_TUN+=" virtual network device if using -net tap." + ERROR_BRIDGE="You will also need support for 802.1d" + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" + ERROR_VHOST_NET+=" support" + + if use amd64 || use x86 || use amd64-linux || use x86-linux; then + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + fi + + use python && CONFIG_CHECK+=" ~DEBUG_FS" + ERROR_DEBUG_FS="debugFS support required for kvm_stat" + + # Now do the actual checks setup above + check_extra_config + fi + fi + + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" + eerror "instances are still pointing to it. Please update your" + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" + eerror "and the right system binary (e.g. qemu-system-x86_64)." + die "update your virt configs to not use qemu-kvm" + fi +} + +pkg_setup() { + enewgroup kvm 78 +} + +# Sanity check to make sure target lists are kept up-to-date. +check_targets() { + local var=$1 mak=$2 + local detected sorted + + pushd "${S}"/default-configs >/dev/null || die + + # Force C locale until glibc is updated. #564936 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "${var}: ${sorted}" + eerror "$(printf '%-*s' ${#var} configure): ${detected}" + die "sync ${var} to the list of targets" + fi + + popd >/dev/null +} + +handle_locales() { + # Make sure locale list is kept up-to-date. + local detected sorted + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "PLOCALES: ${sorted}" + eerror " po/*.po: ${detected}" + die "sync PLOCALES" + fi + + # Deal with selective install of locales. + if use nls ; then + # Delete locales the user does not want. #577814 + rm_loc() { rm po/$1.po || die; } + l10n_for_each_disabled_locale_do rm_loc + else + # Cheap hack to disable gettext .mo generation. + rm -f po/*.po + fi +} + +src_prepare() { + check_targets IUSE_SOFTMMU_TARGETS softmmu + check_targets IUSE_USER_TARGETS linux-user + + # Alter target makefiles to accept CFLAGS set via flag-o + sed -i -r \ + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ + Makefile Makefile.target || die + + default + + # Fix ld and objcopy being called directly + tc-export AR LD OBJCOPY + + # Verbose builds + MAKEOPTS+=" V=1" + + # Run after we've applied all patches. + handle_locales + + #remove bundled copy of libfdt + rm -r dtc || die +} + +## +# configures qemu based on the build directory and the build type +# we are using. +# +qemu_src_configure() { + debug-print-function ${FUNCNAME} "$@" + + local buildtype=$1 + local builddir="${S}/${buildtype}-build" + + mkdir "${builddir}" + + local conf_opts=( + --prefix=/usr + --sysconfdir=/etc + --libdir=/usr/$(get_libdir) + --docdir=/usr/share/doc/${PF}/html + --disable-bsd-user + --disable-guest-agent + --disable-strip + --disable-werror + # We support gnutls/nettle for crypto operations. It is possible + # to use gcrypt when gnutls/nettle are disabled (but not when they + # are enabled), but it's not really worth the hassle. Disable it + # all the time to avoid automatically detecting it. #568856 + --disable-gcrypt + --python="${PYTHON}" + --cc="$(tc-getCC)" + --cxx="$(tc-getCXX)" + --host-cc="$(tc-getBUILD_CC)" + $(use_enable debug debug-info) + $(use_enable debug debug-tcg) + --enable-docs + $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) + ) + + # Disable options not used by user targets. This simplifies building + # static user targets (USE=static-user) considerably. + conf_notuser() { + if [[ ${buildtype} == "user" ]] ; then + echo "--disable-${2:-$1}" + else + use_enable "$@" + fi + } + conf_opts+=( + $(conf_notuser accessibility brlapi) + $(conf_notuser aio linux-aio) + $(conf_notuser bzip2) + $(conf_notuser bluetooth bluez) + $(conf_notuser caps cap-ng) + $(conf_notuser curl) + $(conf_notuser fdt) + $(conf_notuser glusterfs) + $(conf_notuser gnutls) + $(conf_notuser gnutls nettle) + $(conf_notuser gtk) + $(conf_notuser infiniband rdma) + $(conf_notuser iscsi libiscsi) + $(conf_notuser jpeg vnc-jpeg) + $(conf_notuser kernel_linux kvm) + $(conf_notuser lzo) + $(conf_notuser ncurses curses) + $(conf_notuser nfs libnfs) + $(conf_notuser numa) + $(conf_notuser opengl) + $(conf_notuser png vnc-png) + $(conf_notuser rbd) + $(conf_notuser sasl vnc-sasl) + $(conf_notuser sdl) + $(conf_notuser seccomp) + $(conf_notuser smartcard) + $(conf_notuser snappy) + $(conf_notuser spice) + $(conf_notuser ssh libssh2) + $(conf_notuser usb libusb) + $(conf_notuser usbredir usb-redir) + $(conf_notuser vde) + $(conf_notuser vhost-net) + $(conf_notuser virgl virglrenderer) + $(conf_notuser virtfs) + $(conf_notuser vnc) + $(conf_notuser vte) + $(conf_notuser xen) + $(conf_notuser xen xen-pci-passthrough) + $(conf_notuser xfs xfsctl) + ) + + if [[ ! ${buildtype} == "user" ]] ; then + # audio options + local audio_opts="oss" + use alsa && audio_opts="alsa,${audio_opts}" + use sdl && audio_opts="sdl,${audio_opts}" + use pulseaudio && audio_opts="pa,${audio_opts}" + conf_opts+=( + --audio-drv-list="${audio_opts}" + ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) + fi + + case ${buildtype} in + user) + conf_opts+=( + --enable-linux-user + --disable-system + --disable-blobs + --disable-tools + ) + local static_flag="static-user" + ;; + softmmu) + conf_opts+=( + --disable-linux-user + --enable-system + --disable-tools + --with-system-pixman + ) + local static_flag="static" + ;; + tools) + conf_opts+=( + --disable-linux-user + --disable-system + --disable-blobs + --enable-tools + ) + local static_flag="static" + ;; + esac + + local targets="${buildtype}_targets" + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) + + # Add support for SystemTAP + use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) + + # We always want to attempt to build with PIE support as it results + # in a more secure binary. But it doesn't work with static or if + # the current GCC doesn't have PIE support. + if use ${static_flag}; then + conf_opts+=( --static --disable-pie ) + else + tc-enables-pie && conf_opts+=( --enable-pie ) + fi + + echo "../configure ${conf_opts[*]}" + cd "${builddir}" + ../configure "${conf_opts[@]}" || die "configure failed" + + # FreeBSD's kernel does not support QEMU assigning/grabbing + # host USB devices yet + use kernel_FreeBSD && \ + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak +} + +src_configure() { + local target + + python_setup + + softmmu_targets= softmmu_bins=() + user_targets= user_bins=() + + for target in ${IUSE_SOFTMMU_TARGETS} ; do + if use "qemu_softmmu_targets_${target}"; then + softmmu_targets+=",${target}-softmmu" + softmmu_bins+=( "qemu-system-${target}" ) + fi + done + + for target in ${IUSE_USER_TARGETS} ; do + if use "qemu_user_targets_${target}"; then + user_targets+=",${target}-linux-user" + user_bins+=( "qemu-${target}" ) + fi + done + + softmmu_targets=${softmmu_targets#,} + user_targets=${user_targets#,} + + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" + [[ -n ${user_targets} ]] && qemu_src_configure "user" + qemu_src_configure "tools" +} + +src_compile() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + default + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + default + fi + + cd "${S}/tools-build" + default +} + +src_test() { + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 + emake -j1 check + emake -j1 check-report.html + fi +} + +qemu_python_install() { + python_domodule "${S}/scripts/qmp/qmp.py" + + python_doscript "${S}/scripts/kvm/vmxcap" + python_doscript "${S}/scripts/qmp/qmp-shell" + python_doscript "${S}/scripts/qmp/qemu-ga-client" +} + +# Generate binfmt support files. +# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc) +# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt) +generate_initd() { + local out="${T}/qemu-binfmt" + local out_systemd="${T}/qemu.conf" + local d="${T}/binfmt.d" + + einfo "Generating qemu binfmt scripts and configuration files" + + # Generate the debian fragments first. + mkdir -p "${d}" + "${S}"/scripts/qemu-binfmt-conf.sh \ + --debian \ + --exportdir "${d}" \ + --qemu-path "${EPREFIX}/usr/bin" \ + || die + # Then turn the fragments into a shell script we can source. + sed -E -i \ + -e 's:^([^ ]+) (.*)$:\1="\2":' \ + "${d}"/* || die + + # Generate the init.d script by assembling the fragments from above. + local f qcpu package interpreter magic mask + cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die + for f in "${d}"/qemu-* ; do + source "${f}" + + # Normalize the cpu logic like we do in the init.d for the native cpu. + qcpu=${package#qemu-} + case ${qcpu} in + arm*) qcpu="arm";; + mips*) qcpu="mips";; + ppc*) qcpu="ppc";; + s390*) qcpu="s390";; + sh*) qcpu="sh";; + sparc*) qcpu="sparc";; + esac + + cat <>"${out}" + if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then + echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register + fi +EOF + + echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}" + + done + cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die +} + +src_install() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + emake DESTDIR="${ED}" install + + # Install binfmt handler init script for user targets. + generate_initd + doinitd "${T}/qemu-binfmt" + + # Install binfmt/qemu.conf. + insinto "/usr/share/qemu/binfmt.d" + doins "${T}/qemu.conf" + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + emake DESTDIR="${ED}" install + + # This might not exist if the test failed. #512010 + [[ -e check-report.html ]] && dohtml check-report.html + + if use kernel_linux; then + udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules + fi + + if use python; then + python_foreach_impl qemu_python_install + fi + fi + + cd "${S}/tools-build" + emake DESTDIR="${ED}" install + + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 + pushd "${ED}"/usr/bin >/dev/null + pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594 + popd >/dev/null + + # Install config file example for qemu-bridge-helper + insinto "/etc/qemu" + doins "${FILESDIR}/bridge.conf" + + cd "${S}" + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt + newdoc pc-bios/README README.pc-bios + dodoc docs/qmp-*.txt + + if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin + fi + + # Remove vgabios since we're using the seavgabios packaged one + rm "${ED}/usr/share/qemu/vgabios.bin" + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-virtio.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi + + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi + + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi + fi + + DISABLE_AUTOFORMATTING=true + readme.gentoo_create_doc +} + +firmware_abi_change() { + local pv + for pv in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then + return 0 + fi + done + return 1 +} + +pkg_postinst() { + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then + udev_reload + fi + + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + + DISABLE_AUTOFORMATTING=true + readme.gentoo_print_elog + + if use pin-upstream-blobs && firmware_abi_change; then + ewarn "This version of qemu pins new versions of firmware blobs:" + ewarn " $(best_version sys-firmware/edk2-ovmf)" + ewarn " $(best_version sys-firmware/ipxe)" + ewarn " $(best_version sys-firmware/seabios)" + ewarn " $(best_version sys-firmware/sgabios)" + ewarn "This might break resume of hibernated guests (started with a different" + ewarn "firmware version) and live migration to/from qemu versions with different" + ewarn "firmware. Please (cold) restart all running guests. For functional" + ewarn "guest migration ensure that all" + ewarn "hosts run at least" + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." + fi +} + +pkg_info() { + echo "Using:" + echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/edk2-ovmf)" + if has_version 'sys-firmware/edk2-ovmf[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/ipxe)" + echo " $(best_version sys-firmware/seabios)" + if has_version 'sys-firmware/seabios[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/sgabios)" +}