ace/ace-overlay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ace-overlay: add qemu-2.9.0-r56 waiting for qemu-2.10 bug https://bugs.launchpad.net/qemu/+bug/1721788 get fixed

Browse Source
This commit is contained in:
ace 2017-11-15 00:06:12 +03:00
parent e2a4aa92ab
commit ae97b92720
28 changed files with 3133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
app-emulation/qemu/Manifest Normal file
View File

@ -0,0 +1,28 @@
AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
AUX qemu-2.10.0-CVE-2017-13711.patch 2252 SHA256 0a1b741318920020c2e69312b052ebf6933d7e1ce92e2a0d38de88b3cbee6768 SHA512 3a9145088274e247f86198475bab1e8c3c10705612b0c59ccdf623db5a21f5da73a948ce5362633eb0d817e979cd43a130fe31093c85604590c9bcd37a4912ee WHIRLPOOL e43f833cd3ef88880d9e78732f13087164e0d971df4fc1979ad509f5437bb54d52e34eb0fa05ed09b4b2248f653a65c52e43da65f6bc14ed0c362a74ee93720d
AUX qemu-2.10.1-CVE-2017-15268.patch 2016 SHA256 488ea3e0598e7329af9f0873261c7b82a6cc0c30b9bcdd1f8eb636fccc08a965 SHA512 b4c69b53c086c6b12273e43512045e71390ae3486621d41c8310603c1739bcf3a67a7b1f105da48dcff312a145411b90c2f9539dbe890c88b5270f01ddaebf5d WHIRLPOOL 8b74ea691a6134d1f4f7ebaeaf13c9d60497e4ca51767e9c4fccf4e55f9b3831306a88f7fe41b58d918b44a1d09065c795255334a0d111a88c3554ab49ce301c
AUX qemu-2.10.1-CVE-2017-15289.patch 1923 SHA256 31b32c9102ee0eb78164242c63ae6d1da92ac64a6d8c3c5841263cc739b50486 SHA512 0541fac994f5989fa74b4909249f216011073e87de60d4df49654c2068d718d2a84b13c2751864073c25f5dd5ce5b5d871f8d0f55e56629d80a8b67599606baa WHIRLPOOL 2d100a5b6771088ed302fb6b64fb5cdfc41c3a9d576907422026bd86486fe14bd51721822fe1285b3ae40720144afcccf30a834dea5954a3808d25c5ef2e2828
AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072
AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8
AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d
AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374
AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695
AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
EBUILD qemu-2.9.0-r56.ebuild 23730 SHA256 2912b01e8567360795fef73ff09bf40735bc47c4b1e85d22ea01432e434daea4 SHA512 fb876999c82f735cf7739ef3014848b9afe51608ae0b084f5cdc3de9c409295acd50b2f17a70516e50007f5fd1f8f4ffc824abdfea248e930897870ee2758c08 WHIRLPOOL d4e440a25c8a7159a3857bd20262d1e0d808ab2a67d8620bbcaa2130f3b6f4326ea943e6613075f921a54ee7d9ca2f22739eee4bdd5cf5fabe8904c5fec57ef3
EBUILD qemu-2.9.0-r57.ebuild 23783 SHA256 57f7265327250df50acda43d3a2c22a399be0cfe76cbd10b93c10d54b967574b SHA512 7aea2a4805626d378da3c16d845f6750d7646bbdeef99236a254105ceece53b552b1d707f60a26f349eca96e275cd7d5ef7de68caa39325fedfe1fd0a710a434 WHIRLPOOL fe62c1168662c38661afefb5a41e62565ec50ba4f980b203cbcad5629300f54409e942cf41f85b8f8d2f1ecccae086e3266615460d0ac925e1b48a8c0c76d331
MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

1
app-emulation/qemu/files/65-kvm.rules Normal file
View File

@ -0,0 +1 @@
KERNEL=="kvm", GROUP="kvm", MODE="0660"

2
app-emulation/qemu/files/65-kvm.rules-r1 Normal file
View File

@ -0,0 +1,2 @@
KERNEL=="kvm", GROUP="kvm", MODE="0660"
KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"

14
app-emulation/qemu/files/bridge.conf Normal file
View File

@ -0,0 +1,14 @@
# This should have the following permissions: root:qemu 0640
# allow br0
# Uncommenting the above would allow users in the 'qemu' group
# to add devices to 'br0'
# allow virbr0
# Uncommenting the above would allow users in the 'qemu' group
# to add devices to 'virbr0'
# include /etc/qemu/bob.conf
# Uncommenting the above would allow users in the 'bob' group
# to have permissions defined in it, iff it has the following
# permissions: root:bob 0640

80
app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch Normal file
View File

@ -0,0 +1,80 @@
From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Fri, 25 Aug 2017 01:35:53 +0200
Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The if_fastq and if_batchq contain not only packets, but queues of packets
for the same socket. When sofree frees a socket, it thus has to clear ifq_so
from all the packets from the queues, not only the first.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
slirp/socket.c | 39 +++++++++++++++++++++++----------------
1 file changed, 23 insertions(+), 16 deletions(-)
diff --git a/slirp/socket.c b/slirp/socket.c
index ecec0295a9..cb7b5b608d 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
}
/*
+ * Remove references to so from the given message queue.
+ */
+static void
+soqfree(struct socket *so, struct quehead *qh)
+{
+ struct mbuf *ifq;
+
+ for (ifq = (struct mbuf *) qh->qh_link;
+ (struct quehead *) ifq != qh;
+ ifq = ifq->ifq_next) {
+ if (ifq->ifq_so == so) {
+ struct mbuf *ifm;
+ ifq->ifq_so = NULL;
+ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
+ ifm->ifq_so = NULL;
+ }
+ }
+ }
+}
+
+/*
* remque and free a socket, clobber cache
*/
void
sofree(struct socket *so)
{
Slirp *slirp = so->slirp;
- struct mbuf *ifm;
- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
- (struct quehead *) ifm != &slirp->if_fastq;
- ifm = ifm->ifq_next) {
- if (ifm->ifq_so == so) {
- ifm->ifq_so = NULL;
- }
- }
-
- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
- (struct quehead *) ifm != &slirp->if_batchq;
- ifm = ifm->ifq_next) {
- if (ifm->ifq_so == so) {
- ifm->ifq_so = NULL;
- }
- }
+ soqfree(so, &slirp->if_fastq);
+ soqfree(so, &slirp->if_batchq);
if (so->so_emu==EMU_RSH && so->extra) {
sofree(so->extra);
--
2.13.5

54
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch Normal file
View File

@ -0,0 +1,54 @@
From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 9 Oct 2017 14:43:42 +0100
Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
The websocket GSource is monitoring the size of the rawoutput
buffer to determine if the channel can accepts more writes.
The rawoutput buffer, however, is merely a temporary staging
buffer before data is copied into the encoutput buffer. Thus
its size will always be zero when the GSource runs.
This flaw causes the encoutput buffer to grow without bound
if the other end of the underlying data channel doesn't
read data being sent. This can be seen with VNC if a client
is on a slow WAN link and the guest OS is sending many screen
updates. A malicious VNC client can act like it is on a slow
link by playing a video in the guest and then reading data
very slowly, causing QEMU host memory to expand arbitrarily.
This issue is assigned CVE-2017-15268, publically reported in
https://bugs.launchpad.net/qemu/+bug/1718964
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
io/channel-websock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index d1d471f86e..04bcc059cd 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -28,7 +28,7 @@
#include <time.h>
-/* Max amount to allow in rawinput/rawoutput buffers */
+/* Max amount to allow in rawinput/encoutput buffers */
#define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
#define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
cond |= G_IO_IN;
}
- if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
+ if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
cond |= G_IO_OUT;
}
--
2.13.6

58
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch Normal file
View File

@ -0,0 +1,58 @@
From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 11 Oct 2017 10:43:14 +0200
Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
Move dst calculation into the loop, so we apply the mask on each
interation and will not overflow vga memory.
Cc: Prasad J Pandit <pjp@fedoraproject.org>
Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20171011084314.21752-1-kraxel@redhat.com
---
hw/display/cirrus_vga.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index b4d579857a..bc32bf1e39 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
unsigned val = mem_value;
uint8_t *dst;
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
for (x = 0; x < 8; x++) {
+ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
if (val & 0x80) {
*dst = s->cirrus_shadow_gr1;
} else if (mode == 5) {
*dst = s->cirrus_shadow_gr0;
}
val <<= 1;
- dst++;
}
memory_region_set_dirty(&s->vga.vram, offset, 8);
}
@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
unsigned val = mem_value;
uint8_t *dst;
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
for (x = 0; x < 8; x++) {
+ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
if (val & 0x80) {
*dst = s->cirrus_shadow_gr1;
*(dst + 1) = s->vga.gr[0x11];
@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
*(dst + 1) = s->vga.gr[0x10];
}
val <<= 1;
- dst += 2;
}
memory_region_set_dirty(&s->vga.vram, offset, 16);
}
--
2.13.6

13
app-emulation/qemu/files/qemu-2.5.0-cflags.patch Normal file
View File

@ -0,0 +1,13 @@
--- a/configure
+++ b/configure
@@ -4468,10 +4468,6 @@ fi
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
-elif test "$fortify_source" = "yes" ; then
- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
-elif test "$debug" = "no"; then
- CFLAGS="-O2 $CFLAGS"
fi
##########################################

15
app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch Normal file
View File

@ -0,0 +1,15 @@
Linux C libs are moving away from implicit header pollution with sys/types.h
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -78,6 +78,10 @@ extern int daemon(int, int);
#include <assert.h>
#include <signal.h>
+#ifdef __linux__
+#include <sys/sysmacros.h>
+#endif
+
#ifdef __OpenBSD__
#include <sys/signal.h>
#endif

47
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch Normal file
View File

@ -0,0 +1,47 @@
From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Sun, 11 Jun 2017 14:37:14 +0200
Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
qemu proper has done so for 13 years
(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
Ignoring this signal is especially important in qemu-nbd because
otherwise a client can easily take down the qemu-nbd server by dropping
the connection when the server wants to send something, for example:
$ qemu-nbd -x foo -f raw -t null-co:// &
[1] 12726
$ qemu-io -c quit nbd://localhost/bar
can't open device nbd://localhost/bar: No export with name 'bar' available
[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co://
In this case, the client sends an NBD_OPT_ABORT and closes the
connection (because it is not required to wait for a reply), but the
server replies with an NBD_REP_ACK (because it is required to reply).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
qemu-nbd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 9464a0461c..4dd3fd4732 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -581,6 +581,10 @@ int main(int argc, char **argv)
sa_sigterm.sa_handler = termsig_handler;
sigaction(SIGTERM, &sa_sigterm, NULL);
+#ifdef CONFIG_POSIX
+ signal(SIGPIPE, SIG_IGN);
+#endif
+
module_call_init(MODULE_INIT_TRACE);
qcrypto_init(&error_fatal);
--
2.13.0

50
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch Normal file
View File

@ -0,0 +1,50 @@
From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 9 May 2017 13:01:28 +0200
Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Don't reinvent a broken wheel, just use the hexdump function we have.
Impact: low, broken code doesn't run unless you have debug logging
enabled.
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170509110128.27261-1-kraxel@redhat.com
---
hw/usb/redirect.c | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index b001a27f05..ad5ef783a6 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
const uint8_t *data, int len)
{
- int i, j, n;
-
if (dev->debug < usbredirparser_debug_data) {
return;
}
-
- for (i = 0; i < len; i += j) {
- char buf[128];
-
- n = sprintf(buf, "%s", desc);
- for (j = 0; j < 8 && i + j < len; j++) {
- n += sprintf(buf + n, " %02X", data[i + j]);
- }
- error_report("%s", buf);
- }
+ qemu_hexdump((char *)data, stderr, desc, len);
}
/*
--
2.13.0

40
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch Normal file
View File

@ -0,0 +1,40 @@
[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
From: Prasad J Pandit <address@hidden>
When accessing guest's ram block during DMA operation, use
'qemu_ram_ptr_length' to get ram block pointer. It ensures
that DMA operation of given length is possible; And avoids
any OOB memory access situations.
Reported-by: Alex <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
exec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/exec.c b/exec.c
index a083ff8..ad103ce 100644
--- a/exec.c
+++ b/exec.c
@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
}
} else {
/* RAM case */
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
memcpy(ptr, buf, l);
invalidate_and_set_dirty(mr, addr1, l);
}
@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
}
} else {
/* RAM case */
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
memcpy(buf, ptr, l);
}
--
1.8.3.1

29
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch Normal file
View File

@ -0,0 +1,29 @@
[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
From: Prasad J Pandit <address@hidden>
While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.
Reported-by: Reno Robert <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
slirp/bootp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/slirp/bootp.c b/slirp/bootp.c
index 5a4646c..5dd1a41 100644
--- a/slirp/bootp.c
+++ b/slirp/bootp.c
@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
if (p >= p_end)
break;
len = *p++;
+ if (p + len > p_end) {
+ break;
+ }
DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
switch(tag) {
--
2.9.4

174
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch Normal file
View File

@ -0,0 +1,174 @@
From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
From: Greg Kurz <groug@kaod.org>
Date: Fri, 5 May 2017 14:48:08 +0200
Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
When using the mapped-file security mode, we shouldn't let the client mess
with the metadata. The current code already tries to hide the metadata dir
from the client by skipping it in local_readdir(). But the client can still
access or modify it through several other operations. This can be used to
escalate privileges in the guest.
Affected backend operations are:
- local_mknod()
- local_mkdir()
- local_open2()
- local_symlink()
- local_link()
- local_unlinkat()
- local_renameat()
- local_rename()
- local_name_to_path()
Other operations are safe because they are only passed a fid path, which
is computed internally in local_name_to_path().
This patch converts all the functions listed above to fail and return
EINVAL when being passed the name of the metadata dir. This may look
like a poor choice for errno, but there's no such thing as an illegal
path name on Linux and I could not think of anything better.
This fixes CVE-2017-7493.
Reported-by: Leo Gaspard <leo@gaspard.io>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 56 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index f3ebca4f7a..a2486566af 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
return telldir(fs->dir.stream);
}
+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
+{
+ return !strcmp(name, VIRTFS_META_DIR);
+}
+
static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
{
struct dirent *entry;
@@ -465,8 +470,8 @@ again:
if (ctx->export_flags & V9FS_SM_MAPPED) {
entry->d_type = DT_UNKNOWN;
} else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
- /* skp the meta data directory */
+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
+ /* skip the meta data directory */
goto again;
}
entry->d_type = DT_UNKNOWN;
@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
/*
* Mark all the open to not follow symlinks
*/
@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
int err = -1;
int dirfd;
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(fs_ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
if (dirfd == -1) {
return -1;
@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
int ret = -1;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, odirpath);
if (odirfd == -1) {
goto out;
@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
const char *name, V9fsPath *target)
{
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (dir_path) {
v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
} else if (strcmp(name, "/")) {
@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
int ret;
int odirfd, ndirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ (local_is_mapped_file_metadata(ctx, old_name) ||
+ local_is_mapped_file_metadata(ctx, new_name))) {
+ errno = EINVAL;
+ return -1;
+ }
+
odirfd = local_opendir_nofollow(ctx, olddir->data);
if (odirfd == -1) {
return -1;
@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
int ret;
int dirfd;
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
+ local_is_mapped_file_metadata(ctx, name)) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirfd = local_opendir_nofollow(ctx, dir->data);
if (dirfd == -1) {
return -1;
--
2.13.0

22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch Normal file
View File

@ -0,0 +1,22 @@
CVE-2017-8112
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
---
hw/scsi/vmw_pvscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 7557546..4a106da 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
uint32_t len_log2;
uint32_t ring_size;
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
return -1;
}
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--
2.9.3

22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch Normal file
View File

@ -0,0 +1,22 @@
bug #616870
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
---
audio/audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
sw = sw1;
}
QLIST_REMOVE (cap, entries);
+ g_free (cap->hw.mix_buf);
+ g_free (cap->buf);
g_free (cap);
}
return;
--
2.9.3

76
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch Normal file
View File

@ -0,0 +1,76 @@
bug #616872
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
---
ui/input.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ui/input.c b/ui/input.c
index ed88cda6d6..fb1f404095 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
QTAILQ_HEAD_INITIALIZER(kbd_queue);
static QEMUTimer *kbd_timer;
static uint32_t kbd_default_delay_ms = 10;
+static uint32_t queue_count;
+static uint32_t queue_limit = 1024;
QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
QemuInputHandler *handler)
@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
break;
}
QTAILQ_REMOVE(queue, item, node);
+ queue_count--;
g_free(item);
}
}
@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
item->delay_ms = delay_ms;
item->timer = timer;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
if (start_timer) {
timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
item->src = src;
item->evt = evt;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
item->type = QEMU_INPUT_QUEUE_SYNC;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
qemu_input_event_send(src, evt);
qemu_input_event_sync();
qapi_free_InputEvent(evt);
- } else {
+ } else if (queue_count < queue_limit) {
qemu_input_queue_event(&kbd_queue, src, evt);
qemu_input_queue_sync(&kbd_queue);
}
@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
&kbd_queue);
}
- qemu_input_queue_delay(&kbd_queue, kbd_timer,
- delay_ms ? delay_ms : kbd_default_delay_ms);
+ if (queue_count < queue_limit) {
+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
+ delay_ms ? delay_ms : kbd_default_delay_ms);
+ }
}
InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--
2.9.3

34
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch Normal file
View File

@ -0,0 +1,34 @@
bug #616874
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
---
hw/scsi/megasas.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf..804122a 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
- if (adp_reset_seq[s->adp_reset] == val) {
- s->adp_reset++;
+ if (adp_reset_seq[s->adp_reset++] == val) {
+ if (s->adp_reset == 6) {
+ s->adp_reset = 0;
+ s->diag = MFI_DIAG_WRITE_ENABLE;
+ }
} else {
s->adp_reset = 0;
s->diag = 0;
}
- if (s->adp_reset == 6) {
- s->diag = MFI_DIAG_WRITE_ENABLE;
- }
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);
--
2.9.3

122
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch Normal file
View File

@ -0,0 +1,122 @@
From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 1 Jun 2017 17:26:14 +0200
Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
This ensures that the request is unref'ed properly, and avoids a
segmentation fault in the new qtest testcase that is added.
This is CVE-2017-9503.
Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/megasas.c | 31 ++++++++++++++++---------------
2 files changed, 51 insertions(+), 15 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 135662df31..734fdaef90 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
static void megasas_abort_command(MegasasCmd *cmd)
{
/* Never abort internal commands. */
+ if (cmd->dcmd_opcode != -1) {
+ return;
+ }
if (cmd->req != NULL) {
scsi_req_cancel(cmd->req);
}
@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
uint64_t pd_size;
uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
uint8_t cmdbuf[6];
- SCSIRequest *req;
size_t len, resid;
if (!cmd->iov_buf) {
@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
info->vpd_page83[0] = 0x7f;
megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
- if (!req) {
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+ if (!cmd->req) {
trace_megasas_dcmd_req_alloc_failed(cmd->index,
"PD get info std inquiry");
g_free(cmd->iov_buf);
@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
}
trace_megasas_dcmd_internal_submit(cmd->index,
"PD get info std inquiry", lun);
- len = scsi_req_enqueue(req);
+ len = scsi_req_enqueue(cmd->req);
if (len > 0) {
cmd->iov_size = len;
- scsi_req_continue(req);
+ scsi_req_continue(cmd->req);
}
return MFI_STAT_INVALID_STATUS;
} else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
- if (!req) {
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+ if (!cmd->req) {
trace_megasas_dcmd_req_alloc_failed(cmd->index,
"PD get info vpd inquiry");
return MFI_STAT_FLASH_ALLOC_FAIL;
}
trace_megasas_dcmd_internal_submit(cmd->index,
"PD get info vpd inquiry", lun);
- len = scsi_req_enqueue(req);
+ len = scsi_req_enqueue(cmd->req);
if (len > 0) {
cmd->iov_size = len;
- scsi_req_continue(req);
+ scsi_req_continue(cmd->req);
}
return MFI_STAT_INVALID_STATUS;
}
@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
struct mfi_ld_info *info = cmd->iov_buf;
size_t dcmd_size = sizeof(struct mfi_ld_info);
uint8_t cdb[6];
- SCSIRequest *req;
ssize_t len, resid;
uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
uint64_t ld_size;
@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
cmd->iov_buf = g_malloc0(dcmd_size);
info = cmd->iov_buf;
megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
- if (!req) {
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+ if (!cmd->req) {
trace_megasas_dcmd_req_alloc_failed(cmd->index,
"LD get info vpd inquiry");
g_free(cmd->iov_buf);
@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
}
trace_megasas_dcmd_internal_submit(cmd->index,
"LD get info vpd inquiry", lun);
- len = scsi_req_enqueue(req);
+ len = scsi_req_enqueue(cmd->req);
if (len > 0) {
cmd->iov_size = len;
- scsi_req_continue(req);
+ scsi_req_continue(cmd->req);
}
return MFI_STAT_INVALID_STATUS;
}
@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
return;
}
- if (cmd->req == NULL) {
+ if (cmd->dcmd_opcode != -1) {
/*
* Internal command complete
*/

114
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch Normal file
View File

@ -0,0 +1,114 @@
From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 1 Jun 2017 17:18:23 +0200
Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/megasas.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index c353118882..a3f75c1650 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
hwaddr pa;
hwaddr pa_size;
+ uint32_t dcmd_opcode;
union mfi_frame *frame;
SCSIRequest *req;
QEMUSGList qsg;
@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
cmd->context &= (uint64_t)0xFFFFFFFF;
}
cmd->count = count;
+ cmd->dcmd_opcode = -1;
s->busy++;
if (s->consumer_pa) {
@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
{
- int opcode;
int retval = 0;
size_t len;
const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- trace_megasas_handle_dcmd(cmd->index, opcode);
+ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
if (megasas_map_dcmd(s, cmd) < 0) {
return MFI_STAT_MEMORY_NOT_AVAILABLE;
}
- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
cmdptr++;
}
len = cmd->iov_size;
if (cmdptr->opcode == -1) {
- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
retval = megasas_dcmd_dummy(s, cmd);
} else {
trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
SCSIRequest *req)
{
- int opcode;
int retval = MFI_STAT_OK;
int lun = req->lun;
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
- switch (opcode) {
+ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
+ switch (cmd->dcmd_opcode) {
case MFI_DCMD_PD_GET_INFO:
retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
break;
@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
break;
default:
- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
+ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
retval = MFI_STAT_INVALID_DCMD;
break;
}
@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
{
MegasasCmd *cmd = req->hba_private;
uint8_t *buf;
- uint32_t opcode;
trace_megasas_io_complete(cmd->index, len);
@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
}
buf = scsi_req_get_buf(req);
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
struct mfi_pd_info *info = cmd->iov_buf;
if (info->inquiry_data[0] == 0x7f) {
@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
memcpy(info->vpd_page83, buf, len);
}
scsi_req_continue(req);
- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
+ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
struct mfi_ld_info *info = cmd->iov_buf;
if (cmd->iov_buf) {
--
2.13.0

80
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch Normal file
View File

@ -0,0 +1,80 @@
From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 26 May 2017 22:04:21 -0500
Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
If a non-NBD client connects to qemu-nbd, we would end up with
a SIGSEGV in nbd_client_put() because we were trying to
unregister the client's association to the export, even though
we skipped inserting the client into that list. Easy trigger
in two terminals:
$ qemu-nbd -p 30001 --format=raw file
$ nmap 127.0.0.1 -p 30001
nmap claims that it thinks it connected to a pago-services1
server (which probably means nmap could be updated to learn the
NBD protocol and give a more accurate diagnosis of the open
port - but that's not our problem), then terminates immediately,
so our call to nbd_negotiate() fails. The fix is to reorder
nbd_co_client_start() to ensure that all initialization occurs
before we ever try talking to a client in nbd_negotiate(), so
that the teardown sequence on negotiation failure doesn't fault
while dereferencing a half-initialized object.
While debugging this, I also noticed that nbd_update_server_watch()
called by nbd_client_closed() was still adding a channel to accept
the next client, even when the state was no longer RUNNING. That
is fixed by making nbd_can_accept() pay attention to the current
state.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170527030421.28366-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
nbd/server.c | 8 +++-----
qemu-nbd.c | 2 +-
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index ee59e5d234..49b55f6ede 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
if (exp) {
nbd_export_get(exp);
+ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
}
+ qemu_co_mutex_init(&client->send_lock);
+
if (nbd_negotiate(data)) {
client_close(client);
goto out;
}
- qemu_co_mutex_init(&client->send_lock);
-
- if (exp) {
- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
- }
nbd_client_receive_next_request(client);
diff --git a/qemu-nbd.c b/qemu-nbd.c
index f60842fd86..651f85ecc1 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -325,7 +325,7 @@ out:
static int nbd_can_accept(void)
{
- return nb_fds < shared;
+ return state == RUNNING && nb_fds < shared;
}
static void nbd_export_closed(NBDExport *exp)
--
2.13.0

197
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch Normal file
View File

@ -0,0 +1,197 @@
From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 8 Jun 2017 17:26:17 -0500
Subject: [PATCH] nbd: Fix regression on resiliency to port scan
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
server would not quit, regardless of how many probe connections
came and went, until a connection actually negotiated). But we
broke that in commit ee7d7aa when removing the return value to
nbd_client_new(), although that patch also introduced a bug causing
an assertion failure on a client that fails negotiation. We then
made it worse during refactoring in commit 1a6245a (a segfault
before we could even assert); the (masked) assertion was cleaned
up in d3780c2 (still in 2.6), and just recently we finally fixed
the segfault ("nbd: Fully intialize client in case of failed
negotiation"). But that still means that ever since we added
TLS support to qemu-nbd, we have been vulnerable to an ill-timed
port-scan being able to cause a denial of service by taking down
qemu-nbd before a real client has a chance to connect.
Since negotiation is now handled asynchronously via coroutines,
we no longer have a synchronous point of return by re-adding a
return value to nbd_client_new(). So this patch instead wires
things up to pass the negotiation status through the close_fn
callback function.
Simple test across two terminals:
$ qemu-nbd -f raw -p 30001 file
$ nmap 127.0.0.1 -p 30001 && \
qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
Note that this patch does not change what constitutes successful
negotiation (thus, a client must enter transmission phase before
that client can be considered as a reason to terminate the server
when the connection ends). Perhaps we may want to tweak things
in a later patch to also treat a client that uses NBD_OPT_ABORT
as being a 'successful' negotiation (the client correctly talked
the NBD protocol, and informed us it was not going to use our
export after all), but that's a discussion for another day.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
blockdev-nbd.c | 6 +++++-
include/block/nbd.h | 2 +-
nbd/server.c | 24 +++++++++++++++---------
qemu-nbd.c | 4 ++--
4 files changed, 23 insertions(+), 13 deletions(-)
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index dd0860f4a6..28f551a7b0 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -27,6 +27,10 @@ typedef struct NBDServerData {
static NBDServerData *nbd_server;
+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
+{
+ nbd_client_put(client);
+}
static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
gpointer opaque)
@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
nbd_client_new(NULL, cioc,
nbd_server->tlscreds, NULL,
- nbd_client_put);
+ nbd_blockdev_client_closed);
object_unref(OBJECT(cioc));
return TRUE;
}
diff --git a/include/block/nbd.h b/include/block/nbd.h
index 416257abca..8fa5ce51f3 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
QIOChannelSocket *sioc,
QCryptoTLSCreds *tlscreds,
const char *tlsaclname,
- void (*close)(NBDClient *));
+ void (*close_fn)(NBDClient *, bool));
void nbd_client_get(NBDClient *client);
void nbd_client_put(NBDClient *client);
diff --git a/nbd/server.c b/nbd/server.c
index 49b55f6ede..f2b1aa47ce 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
struct NBDClient {
int refcount;
- void (*close)(NBDClient *client);
+ void (*close_fn)(NBDClient *client, bool negotiated);
bool no_zeroes;
NBDExport *exp;
@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
}
}
-static void client_close(NBDClient *client)
+static void client_close(NBDClient *client, bool negotiated)
{
if (client->closing) {
return;
@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
NULL);
/* Also tell the client, so that they release their reference. */
- if (client->close) {
- client->close(client);
+ if (client->close_fn) {
+ client->close_fn(client, negotiated);
}
}
@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
nbd_export_get(exp);
QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
- client_close(client);
+ client_close(client, true);
}
nbd_export_set_name(exp, NULL);
nbd_export_set_description(exp, NULL);
@@ -1337,7 +1337,7 @@ done:
out:
nbd_request_put(req);
- client_close(client);
+ client_close(client, true);
nbd_client_put(client);
}
@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
qemu_co_mutex_init(&client->send_lock);
if (nbd_negotiate(data)) {
- client_close(client);
+ client_close(client, false);
goto out;
}
@@ -1373,11 +1373,17 @@ out:
g_free(data);
}
+/*
+ * Create a new client listener on the given export @exp, using the
+ * given channel @sioc. Begin servicing it in a coroutine. When the
+ * connection closes, call @close_fn with an indication of whether the
+ * client completed negotiation.
+ */
void nbd_client_new(NBDExport *exp,
QIOChannelSocket *sioc,
QCryptoTLSCreds *tlscreds,
const char *tlsaclname,
- void (*close_fn)(NBDClient *))
+ void (*close_fn)(NBDClient *, bool))
{
NBDClient *client;
NBDClientNewData *data = g_new(NBDClientNewData, 1);
@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
object_ref(OBJECT(client->sioc));
client->ioc = QIO_CHANNEL(sioc);
object_ref(OBJECT(client->ioc));
- client->close = close_fn;
+ client->close_fn = close_fn;
data->client = client;
data->co = qemu_coroutine_create(nbd_co_client_start, data);
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 651f85ecc1..9464a0461c 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
static void nbd_update_server_watch(void);
-static void nbd_client_closed(NBDClient *client)
+static void nbd_client_closed(NBDClient *client, bool negotiated)
{
nb_fds--;
- if (nb_fds == 0 && !persistent && state == RUNNING) {
+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
state = TERMINATE;
}
nbd_update_server_watch();
--
2.13.0

138
app-emulation/qemu/files/qemu-binfmt.initd-r1 Normal file
View File

@ -0,0 +1,138 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
# Defaulting to OC should be safe because it comes down to:
# - do we trust the interp itself to not be malicious? yes; we built it.
# - do we trust the programs we're running? ish; same permission as native
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
: ${QEMU_BINFMT_FLAGS:=OC}
depend() {
after procfs
}
start() {
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
modprobe -q binfmt_misc
fi
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
eend $? "You need support for 'misc binaries' in your kernel!" || return
fi
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
eend $? || return
fi
# probe cpu type
cpu=`uname -m`
case "$cpu" in
i386|i486|i586|i686|i86pc|BePC|x86_64)
cpu="i386"
;;
m68k)
cpu="m68k"
;;
mips*)
cpu="mips"
;;
"Power Macintosh"|ppc|ppc64)
cpu="ppc"
;;
armv[4-9]*)
cpu="arm"
;;
sparc*)
cpu="sparc"
;;
esac
# register the interpreter for each cpu except for the native one
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
#echo 'Please check cpu value and header information for m68k!'
echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
# FIXME: We could use the other endianness on a MIPS host.
echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
fi
eend $?
}
stop() {
ebegin "Unregistering qemu-user binaries"
local arches
arches="${arches} i386 i486"
arches="${arches} alpha"
arches="${arches} arm armeb"
arches="${arches} aarch64"
arches="${arches} sparc"
arches="${arches} ppc"
arches="${arches} m68k"
arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el"
arches="${arches} sh4 sh4eb"
arches="${arches} s390x"
for a in ${arches}; do
if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then
echo '-1' > /proc/sys/fs/binfmt_misc/$a
fi
done
eend $?
}
# vim: ts=4 :

64
app-emulation/qemu/files/qemu-binfmt.initd.head Normal file
View File

@ -0,0 +1,64 @@
#!/sbin/openrc-run
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# Enable automatic non-native program execution by the kernel.
# Defaulting to OC should be safe because it comes down to:
# - do we trust the interp itself to not be malicious? yes; we built it.
# - do we trust the programs we're running? ish; same permission as native
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
: ${QEMU_BINFMT_FLAGS:=OC}
depend() {
after procfs
}
start() {
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
modprobe -q binfmt_misc
fi
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
eend 1 "You need support for 'misc binaries' in your kernel!"
return
fi
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
mount -t binfmt_misc -o nodev,noexec,nosuid \
binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
eend $? || return
fi
# Probe the native cpu type so we don't try registering them.
local cpu="$(uname -m)"
case "${cpu}" in
armv[4-9]*)
cpu="arm"
;;
i386|i486|i586|i686|i86pc|BePC|x86_64)
cpu="i386"
;;
m68k)
cpu="m68k"
;;
mips*)
cpu="mips"
;;
"Power Macintosh"|ppc|ppc64)
cpu="ppc"
;;
s390*)
cpu="s390"
;;
sh*)
cpu="sh"
;;
sparc*)
cpu="sparc"
;;
esac
# Register the interpreter for each cpu except for the native one.

14
app-emulation/qemu/files/qemu-binfmt.initd.tail Normal file
View File

@ -0,0 +1,14 @@
eend 0
}
stop() {
# We unregister everything in the "qemu-xxx" namespace.
ebegin "Unregistering qemu-user binaries"
local f
for f in /proc/sys/fs/binfmt_misc/qemu-* ; do
if [ -f "${f}" ] ; then
echo '-1' > "${f}"
fi
done
eend 0
}

56
app-emulation/qemu/metadata.xml Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>qemu@gentoo.org</email>
<name>Gentoo QEMU Project</name>
</maintainer>
<use>
<flag name="accessibility">Adds support for braille displays using brltty</flag>
<flag name="aio">Enables support for Linux's Async IO</flag>
<flag name="alsa">Enable alsa output for sound emulation</flag>
<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
<flag name="fdt">Enables firmware device tree support</flag>
<flag name="glusterfs">Enables GlusterFS cluster fileystem via
<pkg>sys-cluster/glusterfs</pkg></flag>
<flag name="gnutls">Enable TLS support for the VNC console server.
For 1.4 and newer this also enables WebSocket support.
For 2.0 through 2.3 also enables disk quorum support.</flag>
<flag name="gtk2">Use gtk-2 instead of gtk-3</flag>
<flag name="iscsi">Enable direct iSCSI support via
<pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux
block layer that <pkg>sys-block/open-iscsi</pkg> does.</flag>
<flag name="ncurses">Enable the ncurses-based console</flag>
<flag name="nfs">Enable NFS support</flag>
<flag name="numa">Enable NUMA support</flag>
<flag name="pin-upstream-blobs">Pin the versions of BIOS firmware to the version included in the upstream release.
This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances.
When the blobs are different, random corruption/bugs/crashes/etc... may be observed.</flag>
<flag name="pulseaudio">Enable pulseaudio output for sound emulation</flag>
<flag name="rbd">Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD</flag>
<flag name="sdl">Enable the SDL-based console</flag>
<flag name="sdl2">Use libsdl2 instead of libsdl</flag>
<flag name="spice">Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
<flag name="ssh">Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
<flag name="static-user">Build the User targets as static binaries</flag>
<flag name="static">Build the User and Software MMU (system) targets as well as tools as static binaries</flag>
<flag name="snappy">Enable support for snappy compression</flag>
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
<flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
<flag name="jpeg">Enable jpeg image support for the VNC console server</flag>
<flag name="png">Enable png image support for the VNC console server</flag>
<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
<flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
<flag name="vde">Enable VDE-based networking</flag>
<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
<flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
<flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
<flag name="xattr">Add support for getting and setting POSIX extended attributes, through
<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.
</flag>
<flag name="xen">Enables support for Xen backends</flag>
<flag name="xfs">Support xfsctl() notification and syncing for XFS backed
virtual disks.</flag>
</use>
</pkgmetadata>

793
app-emulation/qemu/qemu-2.9.0-r56.ebuild Normal file
View File

@ -0,0 +1,793 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
FIRMWARE_ABI_VERSION="2.9.0-r52"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo-r1 pax-utils l10n
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-r3
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
spice ssh static static-user systemtap tci test usb usbredir vde
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
sparc64 x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS}
armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Allow no targets to be built so that people can get a tools-only build.
# Block USE flag configurations known to not work.
REQUIRED_USE="${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_mips64el? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
virtfs? ( xattr )
vte? ( gtk )"
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
# and user/softmmu targets (qemu-*, qemu-system-*).
#
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
ALL_DEPEND="
>=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap )
xattr? ( sys-apps/attr[static-libs(+)] )"
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
# softmmu targets (qemu-system-*).
SOFTMMU_TOOLS_DEPEND="
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? (
app-accessibility/brltty[api]
app-accessibility/brltty[static-libs(+)]
)
aio? ( dev-libs/libaio[static-libs(+)] )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
bzip2? ( app-arch/bzip2[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle:=[static-libs(+)]
>=net-libs/gnutls-3.0:=[static-libs(+)]
)
gtk? (
gtk2? (
x11-libs/gtk+:2
vte? ( x11-libs/vte:0 )
)
!gtk2? (
x11-libs/gtk+:3
vte? ( x11-libs/vte:2.91 )
)
)
infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
iscsi? ( net-libs/libiscsi )
jpeg? ( virtual/jpeg:0=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? (
sys-libs/ncurses:0=[unicode]
sys-libs/ncurses:0=[static-libs(+)]
)
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
opengl? (
virtual/opengl
media-libs/libepoxy[static-libs(+)]
media-libs/mesa[static-libs(+)]
media-libs/mesa[egl,gbm]
)
png? ( media-libs/libpng:0=[static-libs(+)] )
pulseaudio? ( media-sound/pulseaudio )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? (
!sdl2? (
media-libs/libsdl[X]
>=media-libs/libsdl-1.2.11[static-libs(+)]
)
sdl2? (
media-libs/libsdl2[X]
media-libs/libsdl2[static-libs(+)]
)
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy:=[static-libs(+)] )
spice? (
>=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)]
)
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools:= )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
X86_FIRMWARE_DEPEND="
pin-upstream-blobs? (
~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
~sys-firmware/ipxe-1.0.0_p20160620
~sys-firmware/seabios-1.10.2[binary,seavgabios]
~sys-firmware/sgabios-0.1_pre8
)
!pin-upstream-blobs? (
sys-firmware/edk2-ovmf
sys-firmware/ipxe
>=sys-firmware/seabios-1.10.2[seavgabios]
sys-firmware/sgabios
)"
CDEPEND="
!static? (
${ALL_DEPEND//\[static-libs(+)]}
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
)
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static? (
${ALL_DEPEND}
${SOFTMMU_TOOLS_DEPEND}
)
static-user? ( ${ALL_DEPEND} )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )"
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
)
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or1k
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
kernel module loaded before running kvm. The easiest way to ensure that the
kernel module is loaded is to load it on boot.
For AMD CPUs the module is called 'kvm-amd'.
For Intel CPUs the module is called 'kvm-intel'.
Please review /etc/conf.d/modules for how to load these.
Make sure your user is in the 'kvm' group. Just run
$ gpasswd -a <USER> kvm
then have <USER> re-login.
For brand new installs, the default permissions on /dev/kvm might not let
you access it. You can tell udev to reset ownership/perms:
$ udevadm trigger -c add /dev/kvm
If you want to register binfmt handlers for qemu user targets:
For openrc:
# rc-update add qemu-binfmt
For systemd:
# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
# Sanity check to make sure target lists are kept up-to-date.
check_targets() {
local var=$1 mak=$2
local detected sorted
pushd "${S}"/default-configs >/dev/null || die
# Force C locale until glibc is updated. #564936
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "${var}: ${sorted}"
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
die "sync ${var} to the list of targets"
fi
popd >/dev/null
}
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
default
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
# Run after we've applied all patches.
handle_locales
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir="${S}/${buildtype}-build"
mkdir "${builddir}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets. This simplifies building
# static user targets (USE=static-user) considerably.
conf_notuser() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_notuser accessibility brlapi)
$(conf_notuser aio linux-aio)
$(conf_notuser bzip2)
$(conf_notuser bluetooth bluez)
$(conf_notuser caps cap-ng)
$(conf_notuser curl)
$(conf_notuser fdt)
$(conf_notuser glusterfs)
$(conf_notuser gnutls)
$(conf_notuser gnutls nettle)
$(conf_notuser gtk)
$(conf_notuser infiniband rdma)
$(conf_notuser iscsi libiscsi)
$(conf_notuser jpeg vnc-jpeg)
$(conf_notuser kernel_linux kvm)
$(conf_notuser lzo)
$(conf_notuser ncurses curses)
$(conf_notuser nfs libnfs)
$(conf_notuser numa)
$(conf_notuser opengl)
$(conf_notuser png vnc-png)
$(conf_notuser rbd)
$(conf_notuser sasl vnc-sasl)
$(conf_notuser sdl)
$(conf_notuser seccomp)
$(conf_notuser smartcard)
$(conf_notuser snappy)
$(conf_notuser spice)
$(conf_notuser ssh libssh2)
$(conf_notuser usb libusb)
$(conf_notuser usbredir usb-redir)
$(conf_notuser vde)
$(conf_notuser vhost-net)
$(conf_notuser virgl virglrenderer)
$(conf_notuser virtfs)
$(conf_notuser vnc)
$(conf_notuser vte)
$(conf_notuser xen)
$(conf_notuser xen xen-pci-passthrough)
$(conf_notuser xfs xfsctl)
)
if [[ ! ${buildtype} == "user" ]] ; then
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
conf_opts+=(
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
fi
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--disable-blobs
--disable-tools
)
local static_flag="static-user"
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--disable-tools
--with-system-pixman
)
local static_flag="static"
;;
tools)
conf_opts+=(
--disable-linux-user
--disable-system
--disable-blobs
--enable-tools
)
local static_flag="static"
;;
esac
local targets="${buildtype}_targets"
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
tc-enables-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
softmmu_targets=${softmmu_targets#,}
user_targets=${user_targets#,}
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
[[ -n ${user_targets} ]] && qemu_src_configure "user"
qemu_src_configure "tools"
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
cd "${S}/tools-build"
default
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
# Generate binfmt support files.
# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
generate_initd() {
local out="${T}/qemu-binfmt"
local out_systemd="${T}/qemu.conf"
local d="${T}/binfmt.d"
einfo "Generating qemu binfmt scripts and configuration files"
# Generate the debian fragments first.
mkdir -p "${d}"
"${S}"/scripts/qemu-binfmt-conf.sh \
--debian \
--exportdir "${d}" \
--qemu-path "${EPREFIX}/usr/bin" \
|| die
# Then turn the fragments into a shell script we can source.
sed -E -i \
-e 's:^([^ ]+) (.*)$:\1="\2":' \
"${d}"/* || die
# Generate the init.d script by assembling the fragments from above.
local f qcpu package interpreter magic mask
cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
for f in "${d}"/qemu-* ; do
source "${f}"
# Normalize the cpu logic like we do in the init.d for the native cpu.
qcpu=${package#qemu-}
case ${qcpu} in
arm*) qcpu="arm";;
mips*) qcpu="mips";;
ppc*) qcpu="ppc";;
s390*) qcpu="s390";;
sh*) qcpu="sh";;
sparc*) qcpu="sparc";;
esac
cat <<EOF >>"${out}"
if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
fi
EOF
echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
done
cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets.
generate_initd
doinitd "${T}/qemu-binfmt"
# Install binfmt/qemu.conf.
insinto "/usr/share/qemu/binfmt.d"
doins "${T}/qemu.conf"
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
cd "${S}/tools-build"
emake DESTDIR="${ED}" install
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
rm "${ED}/usr/share/qemu/bios-256k.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
fi
# Remove vgabios since we're using the seavgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
DISABLE_AUTOFORMATTING=true
readme.gentoo_create_doc
}
firmware_abi_change() {
local pv
for pv in ${REPLACING_VERSIONS}; do
if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
return 0
fi
done
return 1
}
pkg_postinst() {
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
DISABLE_AUTOFORMATTING=true
readme.gentoo_print_elog
if use pin-upstream-blobs && firmware_abi_change; then
ewarn "This version of qemu pins new versions of firmware blobs:"
ewarn " $(best_version sys-firmware/edk2-ovmf)"
ewarn " $(best_version sys-firmware/ipxe)"
ewarn " $(best_version sys-firmware/seabios)"
ewarn " $(best_version sys-firmware/sgabios)"
ewarn "This might break resume of hibernated guests (started with a different"
ewarn "firmware version) and live migration to/from qemu versions with different"
ewarn "firmware. Please (cold) restart all running guests. For functional"
ewarn "guest migration ensure that all"
ewarn "hosts run at least"
ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/edk2-ovmf)"
if has_version 'sys-firmware/edk2-ovmf[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version 'sys-firmware/seabios[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/sgabios)"
}

796
app-emulation/qemu/qemu-2.9.0-r57.ebuild Normal file
View File

@ -0,0 +1,796 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
FIRMWARE_ABI_VERSION="2.9.0-r52"
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
user udev fcaps readme.gentoo-r1 pax-utils l10n
if [[ ${PV} = *9999* ]]; then
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
inherit git-r3
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
LICENSE="GPL-2 LGPL-2 BSD-2"
SLOT="0"
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
spice ssh static static-user systemtap tci test usb usbredir vde
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
sparc64 x86_64"
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
IUSE_USER_TARGETS="${COMMON_TARGETS}
armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
# Allow no targets to be built so that people can get a tools-only build.
# Block USE flag configurations known to not work.
REQUIRED_USE="${PYTHON_REQUIRED_USE}
gtk2? ( gtk )
qemu_softmmu_targets_arm? ( fdt )
qemu_softmmu_targets_microblaze? ( fdt )
qemu_softmmu_targets_mips64el? ( fdt )
qemu_softmmu_targets_ppc? ( fdt )
qemu_softmmu_targets_ppc64? ( fdt )
sdl2? ( sdl )
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
virtfs? ( xattr )
vte? ( gtk )"
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
# and user/softmmu targets (qemu-*, qemu-system-*).
#
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
#
# The attr lib isn't always linked in (although the USE flag is always
# respected). This is because qemu supports using the C library's API
# when available rather than always using the extranl library.
ALL_DEPEND="
>=dev-libs/glib-2.0[static-libs(+)]
sys-libs/zlib[static-libs(+)]
python? ( ${PYTHON_DEPS} )
systemtap? ( dev-util/systemtap )
xattr? ( sys-apps/attr[static-libs(+)] )"
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
# softmmu targets (qemu-system-*).
SOFTMMU_TOOLS_DEPEND="
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? (
app-accessibility/brltty[api]
app-accessibility/brltty[static-libs(+)]
)
aio? ( dev-libs/libaio[static-libs(+)] )
alsa? ( >=media-libs/alsa-lib-1.0.13 )
bluetooth? ( net-wireless/bluez )
bzip2? ( app-arch/bzip2[static-libs(+)] )
caps? ( sys-libs/libcap-ng[static-libs(+)] )
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
gnutls? (
dev-libs/nettle:=[static-libs(+)]
>=net-libs/gnutls-3.0:=[static-libs(+)]
)
gtk? (
gtk2? (
x11-libs/gtk+:2
vte? ( x11-libs/vte:0 )
)
!gtk2? (
x11-libs/gtk+:3
vte? ( x11-libs/vte:2.91 )
)
)
infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
iscsi? ( net-libs/libiscsi )
jpeg? ( virtual/jpeg:0=[static-libs(+)] )
lzo? ( dev-libs/lzo:2[static-libs(+)] )
ncurses? (
sys-libs/ncurses:0=[unicode]
sys-libs/ncurses:0=[static-libs(+)]
)
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
numa? ( sys-process/numactl[static-libs(+)] )
opengl? (
virtual/opengl
media-libs/libepoxy[static-libs(+)]
media-libs/mesa[static-libs(+)]
media-libs/mesa[egl,gbm]
)
png? ( media-libs/libpng:0=[static-libs(+)] )
pulseaudio? ( media-sound/pulseaudio )
rbd? ( sys-cluster/ceph[static-libs(+)] )
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
sdl? (
!sdl2? (
media-libs/libsdl[X]
>=media-libs/libsdl-1.2.11[static-libs(+)]
)
sdl2? (
media-libs/libsdl2[X]
media-libs/libsdl2[static-libs(+)]
)
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
snappy? ( app-arch/snappy:=[static-libs(+)] )
spice? (
>=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)]
)
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
vde? ( net-misc/vde[static-libs(+)] )
virgl? ( media-libs/virglrenderer[static-libs(+)] )
virtfs? ( sys-libs/libcap )
xen? ( app-emulation/xen-tools:= )
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
X86_FIRMWARE_DEPEND="
pin-upstream-blobs? (
~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
~sys-firmware/ipxe-1.0.0_p20160620
~sys-firmware/seabios-1.10.2[binary,seavgabios]
~sys-firmware/sgabios-0.1_pre8
)
!pin-upstream-blobs? (
sys-firmware/edk2-ovmf
sys-firmware/ipxe
>=sys-firmware/seabios-1.10.2[seavgabios]
sys-firmware/sgabios
)"
CDEPEND="
!static? (
${ALL_DEPEND//\[static-libs(+)]}
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
)
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
DEPEND="${CDEPEND}
dev-lang/perl
=dev-lang/python-2*
sys-apps/texinfo
virtual/pkgconfig
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
gtk? ( nls? ( sys-devel/gettext ) )
static? (
${ALL_DEPEND}
${SOFTMMU_TOOLS_DEPEND}
)
static-user? ( ${ALL_DEPEND} )
test? (
dev-libs/glib[utils]
sys-devel/bc
)"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-qemu )"
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
)
STRIP_MASK="/usr/share/qemu/palcode-clipper"
QA_PREBUILT="
usr/share/qemu/openbios-ppc
usr/share/qemu/openbios-sparc64
usr/share/qemu/openbios-sparc32
usr/share/qemu/palcode-clipper
usr/share/qemu/s390-ccw.img
usr/share/qemu/u-boot.e500"
QA_WX_LOAD="usr/bin/qemu-i386
usr/bin/qemu-x86_64
usr/bin/qemu-alpha
usr/bin/qemu-arm
usr/bin/qemu-cris
usr/bin/qemu-m68k
usr/bin/qemu-microblaze
usr/bin/qemu-microblazeel
usr/bin/qemu-mips
usr/bin/qemu-mipsel
usr/bin/qemu-or1k
usr/bin/qemu-ppc
usr/bin/qemu-ppc64
usr/bin/qemu-ppc64abi32
usr/bin/qemu-sh4
usr/bin/qemu-sh4eb
usr/bin/qemu-sparc
usr/bin/qemu-sparc64
usr/bin/qemu-armeb
usr/bin/qemu-sparc32plus
usr/bin/qemu-s390x
usr/bin/qemu-unicore32"
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
kernel module loaded before running kvm. The easiest way to ensure that the
kernel module is loaded is to load it on boot.
For AMD CPUs the module is called 'kvm-amd'.
For Intel CPUs the module is called 'kvm-intel'.
Please review /etc/conf.d/modules for how to load these.
Make sure your user is in the 'kvm' group. Just run
$ gpasswd -a <USER> kvm
then have <USER> re-login.
For brand new installs, the default permissions on /dev/kvm might not let
you access it. You can tell udev to reset ownership/perms:
$ udevadm trigger -c add /dev/kvm
If you want to register binfmt handlers for qemu user targets:
For openrc:
# rc-update add qemu-binfmt
For systemd:
# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
pkg_pretend() {
if use kernel_linux && kernel_is lt 2 6 25; then
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
elif use kernel_linux; then
if ! linux_config_exists; then
eerror "Unable to check your kernel for KVM support"
else
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
ERROR_KVM="You must enable KVM in your kernel to continue"
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
ERROR_KVM_AMD+=" your kernel configuration."
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
ERROR_TUN+=" into your kernel or loaded as a module to use the"
ERROR_TUN+=" virtual network device if using -net tap."
ERROR_BRIDGE="You will also need support for 802.1d"
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
ERROR_VHOST_NET+=" support"
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
fi
use python && CONFIG_CHECK+=" ~DEBUG_FS"
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
# Now do the actual checks setup above
check_extra_config
fi
fi
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
eerror "instances are still pointing to it. Please update your"
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
eerror "and the right system binary (e.g. qemu-system-x86_64)."
die "update your virt configs to not use qemu-kvm"
fi
}
pkg_setup() {
enewgroup kvm 78
}
# Sanity check to make sure target lists are kept up-to-date.
check_targets() {
local var=$1 mak=$2
local detected sorted
pushd "${S}"/default-configs >/dev/null || die
# Force C locale until glibc is updated. #564936
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "${var}: ${sorted}"
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
die "sync ${var} to the list of targets"
fi
popd >/dev/null
}
handle_locales() {
# Make sure locale list is kept up-to-date.
local detected sorted
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
if [[ ${sorted} != "${detected}" ]] ; then
eerror "The ebuild needs to be kept in sync."
eerror "PLOCALES: ${sorted}"
eerror " po/*.po: ${detected}"
die "sync PLOCALES"
fi
# Deal with selective install of locales.
if use nls ; then
# Delete locales the user does not want. #577814
rm_loc() { rm po/$1.po || die; }
l10n_for_each_disabled_locale_do rm_loc
else
# Cheap hack to disable gettext .mo generation.
rm -f po/*.po
fi
}
src_prepare() {
check_targets IUSE_SOFTMMU_TARGETS softmmu
check_targets IUSE_USER_TARGETS linux-user
# Alter target makefiles to accept CFLAGS set via flag-o
sed -i -r \
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
default
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
# Verbose builds
MAKEOPTS+=" V=1"
# Run after we've applied all patches.
handle_locales
#remove bundled copy of libfdt
rm -r dtc || die
}
##
# configures qemu based on the build directory and the build type
# we are using.
#
qemu_src_configure() {
debug-print-function ${FUNCNAME} "$@"
local buildtype=$1
local builddir="${S}/${buildtype}-build"
mkdir "${builddir}"
local conf_opts=(
--prefix=/usr
--sysconfdir=/etc
--libdir=/usr/$(get_libdir)
--docdir=/usr/share/doc/${PF}/html
--disable-bsd-user
--disable-guest-agent
--disable-strip
--disable-werror
# We support gnutls/nettle for crypto operations. It is possible
# to use gcrypt when gnutls/nettle are disabled (but not when they
# are enabled), but it's not really worth the hassle. Disable it
# all the time to avoid automatically detecting it. #568856
--disable-gcrypt
--python="${PYTHON}"
--cc="$(tc-getCC)"
--cxx="$(tc-getCXX)"
--host-cc="$(tc-getBUILD_CC)"
$(use_enable debug debug-info)
$(use_enable debug debug-tcg)
--enable-docs
$(use_enable tci tcg-interpreter)
$(use_enable xattr attr)
)
# Disable options not used by user targets. This simplifies building
# static user targets (USE=static-user) considerably.
conf_notuser() {
if [[ ${buildtype} == "user" ]] ; then
echo "--disable-${2:-$1}"
else
use_enable "$@"
fi
}
conf_opts+=(
$(conf_notuser accessibility brlapi)
$(conf_notuser aio linux-aio)
$(conf_notuser bzip2)
$(conf_notuser bluetooth bluez)
$(conf_notuser caps cap-ng)
$(conf_notuser curl)
$(conf_notuser fdt)
$(conf_notuser glusterfs)
$(conf_notuser gnutls)
$(conf_notuser gnutls nettle)
$(conf_notuser gtk)
$(conf_notuser infiniband rdma)
$(conf_notuser iscsi libiscsi)
$(conf_notuser jpeg vnc-jpeg)
$(conf_notuser kernel_linux kvm)
$(conf_notuser lzo)
$(conf_notuser ncurses curses)
$(conf_notuser nfs libnfs)
$(conf_notuser numa)
$(conf_notuser opengl)
$(conf_notuser png vnc-png)
$(conf_notuser rbd)
$(conf_notuser sasl vnc-sasl)
$(conf_notuser sdl)
$(conf_notuser seccomp)
$(conf_notuser smartcard)
$(conf_notuser snappy)
$(conf_notuser spice)
$(conf_notuser ssh libssh2)
$(conf_notuser usb libusb)
$(conf_notuser usbredir usb-redir)
$(conf_notuser vde)
$(conf_notuser vhost-net)
$(conf_notuser virgl virglrenderer)
$(conf_notuser virtfs)
$(conf_notuser vnc)
$(conf_notuser vte)
$(conf_notuser xen)
$(conf_notuser xen xen-pci-passthrough)
$(conf_notuser xfs xfsctl)
)
if [[ ! ${buildtype} == "user" ]] ; then
# audio options
local audio_opts="oss"
use alsa && audio_opts="alsa,${audio_opts}"
use sdl && audio_opts="sdl,${audio_opts}"
use pulseaudio && audio_opts="pa,${audio_opts}"
conf_opts+=(
--audio-drv-list="${audio_opts}"
)
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
fi
case ${buildtype} in
user)
conf_opts+=(
--enable-linux-user
--disable-system
--disable-blobs
--disable-tools
)
local static_flag="static-user"
;;
softmmu)
conf_opts+=(
--disable-linux-user
--enable-system
--disable-tools
--with-system-pixman
)
local static_flag="static"
;;
tools)
conf_opts+=(
--disable-linux-user
--disable-system
--disable-blobs
--enable-tools
)
local static_flag="static"
;;
esac
local targets="${buildtype}_targets"
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
# Add support for SystemTAP
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
# We always want to attempt to build with PIE support as it results
# in a more secure binary. But it doesn't work with static or if
# the current GCC doesn't have PIE support.
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
tc-enables-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"
cd "${builddir}"
../configure "${conf_opts[@]}" || die "configure failed"
# FreeBSD's kernel does not support QEMU assigning/grabbing
# host USB devices yet
use kernel_FreeBSD && \
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
}
src_configure() {
local target
python_setup
softmmu_targets= softmmu_bins=()
user_targets= user_bins=()
for target in ${IUSE_SOFTMMU_TARGETS} ; do
if use "qemu_softmmu_targets_${target}"; then
softmmu_targets+=",${target}-softmmu"
softmmu_bins+=( "qemu-system-${target}" )
fi
done
for target in ${IUSE_USER_TARGETS} ; do
if use "qemu_user_targets_${target}"; then
user_targets+=",${target}-linux-user"
user_bins+=( "qemu-${target}" )
fi
done
softmmu_targets=${softmmu_targets#,}
user_targets=${user_targets#,}
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
[[ -n ${user_targets} ]] && qemu_src_configure "user"
qemu_src_configure "tools"
}
src_compile() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
default
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
default
fi
cd "${S}/tools-build"
default
}
src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
emake -j1 check
emake -j1 check-report.html
fi
}
qemu_python_install() {
python_domodule "${S}/scripts/qmp/qmp.py"
python_doscript "${S}/scripts/kvm/vmxcap"
python_doscript "${S}/scripts/qmp/qmp-shell"
python_doscript "${S}/scripts/qmp/qemu-ga-client"
}
# Generate binfmt support files.
# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
generate_initd() {
local out="${T}/qemu-binfmt"
local out_systemd="${T}/qemu.conf"
local d="${T}/binfmt.d"
einfo "Generating qemu binfmt scripts and configuration files"
# Generate the debian fragments first.
mkdir -p "${d}"
"${S}"/scripts/qemu-binfmt-conf.sh \
--debian \
--exportdir "${d}" \
--qemu-path "${EPREFIX}/usr/bin" \
|| die
# Then turn the fragments into a shell script we can source.
sed -E -i \
-e 's:^([^ ]+) (.*)$:\1="\2":' \
"${d}"/* || die
# Generate the init.d script by assembling the fragments from above.
local f qcpu package interpreter magic mask
cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
for f in "${d}"/qemu-* ; do
source "${f}"
# Normalize the cpu logic like we do in the init.d for the native cpu.
qcpu=${package#qemu-}
case ${qcpu} in
arm*) qcpu="arm";;
mips*) qcpu="mips";;
ppc*) qcpu="ppc";;
s390*) qcpu="s390";;
sh*) qcpu="sh";;
sparc*) qcpu="sparc";;
esac
cat <<EOF >>"${out}"
if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
fi
EOF
echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
done
cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
}
src_install() {
if [[ -n ${user_targets} ]]; then
cd "${S}/user-build"
emake DESTDIR="${ED}" install
# Install binfmt handler init script for user targets.
generate_initd
doinitd "${T}/qemu-binfmt"
# Install binfmt/qemu.conf.
insinto "/usr/share/qemu/binfmt.d"
doins "${T}/qemu.conf"
fi
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
emake DESTDIR="${ED}" install
# This might not exist if the test failed. #512010
[[ -e check-report.html ]] && dohtml check-report.html
if use kernel_linux; then
udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
fi
if use python; then
python_foreach_impl qemu_python_install
fi
fi
cd "${S}/tools-build"
emake DESTDIR="${ED}" install
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
pushd "${ED}"/usr/bin >/dev/null
pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
popd >/dev/null
# Install config file example for qemu-bridge-helper
insinto "/etc/qemu"
doins "${FILESDIR}/bridge.conf"
cd "${S}"
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
newdoc pc-bios/README README.pc-bios
dodoc docs/qmp-*.txt
if [[ -n ${softmmu_targets} ]]; then
# Remove SeaBIOS since we're using the SeaBIOS packaged one
rm "${ED}/usr/share/qemu/bios.bin"
rm "${ED}/usr/share/qemu/bios-256k.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
fi
# Remove vgabios since we're using the seavgabios packaged one
rm "${ED}/usr/share/qemu/vgabios.bin"
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
fi
# Remove sgabios since we're using the sgabios packaged one
rm "${ED}/usr/share/qemu/sgabios.bin"
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
fi
# Remove iPXE since we're using the iPXE packaged one
rm "${ED}"/usr/share/qemu/pxe-*.rom
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
fi
fi
DISABLE_AUTOFORMATTING=true
readme.gentoo_create_doc
}
firmware_abi_change() {
local pv
for pv in ${REPLACING_VERSIONS}; do
if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
return 0
fi
done
return 1
}
pkg_postinst() {
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
udev_reload
fi
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
DISABLE_AUTOFORMATTING=true
readme.gentoo_print_elog
if use pin-upstream-blobs && firmware_abi_change; then
ewarn "This version of qemu pins new versions of firmware blobs:"
ewarn " $(best_version sys-firmware/edk2-ovmf)"
ewarn " $(best_version sys-firmware/ipxe)"
ewarn " $(best_version sys-firmware/seabios)"
ewarn " $(best_version sys-firmware/sgabios)"
ewarn "This might break resume of hibernated guests (started with a different"
ewarn "firmware version) and live migration to/from qemu versions with different"
ewarn "firmware. Please (cold) restart all running guests. For functional"
ewarn "guest migration ensure that all"
ewarn "hosts run at least"
ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
fi
}
pkg_info() {
echo "Using:"
echo " $(best_version app-emulation/spice-protocol)"
echo " $(best_version sys-firmware/edk2-ovmf)"
if has_version 'sys-firmware/edk2-ovmf[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/ipxe)"
echo " $(best_version sys-firmware/seabios)"
if has_version 'sys-firmware/seabios[binary]'; then
echo " USE=binary"
else
echo " USE=''"
fi
echo " $(best_version sys-firmware/sgabios)"
}