summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Maier <tamiko@gentoo.org>2017-02-12 22:50:18 -0600
committerMatthias Maier <tamiko@gentoo.org>2017-02-12 22:50:18 -0600
commit69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb (patch)
tree16c003590b006b24f363a314354d9c30d73a7648 /app-emulation/qemu
parentapp-emulation/qemu: drop old versions 2.7.0, 2.7.1 (diff)
downloadgentoo-69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb.tar.gz
gentoo-69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb.tar.bz2
gentoo-69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb.zip
app-emulation/qemu: fix various security issues, bug #608728 and others
This commit applies upstream patches to 2.8.0 for the following CVEs CVE-2016-10155 #606720 CVE-2017-2615 #608034 CVE-2017-5525 #606264 CVE-2017-5552 #606722 CVE-2017-5578 #607000 CVE-2017-5579 #607100 CVE-2017-5667 #607766 CVE-2017-5856 #608036 CVE-2017-5857 #608038 CVE-2017-5898 #608520 CVE-2017-5931 #608728 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'app-emulation/qemu')
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch46
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch48
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch52
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch55
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch41
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch35
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch40
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch37
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch64
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch38
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch35
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch46
-rw-r--r--app-emulation/qemu/qemu-2.8.0-r1.ebuild691
13 files changed, 1228 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
new file mode 100644
index 000000000000..c486295d06fd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
@@ -0,0 +1,46 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+ /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+
++static void i6300esb_exit(PCIDevice *dev)
++{
++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++ timer_del(d->timer);
++ timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+ .wdt_name = "i6300esb",
+ .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+ k->config_read = i6300esb_config_read;
+ k->config_write = i6300esb_config_write;
+ k->realize = i6300esb_realize;
++ k->exit = i6300esb_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+ k->class_id = PCI_CLASS_SYSTEM_OTHER;
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
new file mode 100644
index 000000000000..f0bba8016576
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
@@ -0,0 +1,48 @@
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+ address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409..16f27e8 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+ if (pitch < 0) {
+ int64_t min = addr
+- + ((int64_t)s->cirrus_blt_height-1) * pitch;
+- int32_t max = addr
+- + s->cirrus_blt_width;
+- if (min < 0 || max > s->vga.vram_size) {
++ + ((int64_t)s->cirrus_blt_height - 1) * pitch
++ - s->cirrus_blt_width;
++ if (min < -1 || addr >= s->vga.vram_size) {
+ return true;
+ }
+ } else {
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
new file mode 100644
index 000000000000..24411b4dca35
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
@@ -0,0 +1,52 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+ ac97_on_reset (&s->dev.qdev);
+ }
+
++static void ac97_exit(PCIDevice *dev)
++{
++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++ AUD_close_in(&s->card, s->voice_pi);
++ AUD_close_out(&s->card, s->voice_po);
++ AUD_close_in(&s->card, s->voice_mc);
++ AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+ pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+ PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+
+ k->realize = ac97_realize;
++ k->exit = ac97_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+ k->revision = 0x01;
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
new file mode 100644
index 000000000000..6bbac580c3cd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
@@ -0,0 +1,55 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+ es1370_reset (s);
+ }
+
++static void es1370_exit(PCIDevice *dev)
++{
++ ES1370State *s = ES1370(dev);
++ int i;
++
++ for (i = 0; i < 2; ++i) {
++ AUD_close_out(&s->card, s->dac_voice[i]);
++ }
++
++ AUD_close_in(&s->card, s->adc_voice);
++ AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+ pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+ PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+
+ k->realize = es1370_realize;
++ k->exit = es1370_exit;
+ k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+ k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+ k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
new file mode 100644
index 000000000000..9475f3fd2a29
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
@@ -0,0 +1,41 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+ return;
+ }
+
+- virgl_renderer_resource_attach_iov(att_rb.resource_id,
+- res_iovs, att_rb.nr_entries);
++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++ res_iovs, att_rb.nr_entries);
++
++ if (ret != 0)
++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
new file mode 100644
index 000000000000..f93d1e7f9e9d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
@@ -0,0 +1,35 @@
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258..ca88cf4 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+ return;
+ }
+
++ if (res->iov) {
++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++ return;
++ }
++
+ ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+ if (ret != 0) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
new file mode 100644
index 000000000000..e4572a8d5710
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
@@ -0,0 +1,40 @@
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8..67b18ed 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+ qemu_chr_fe_deinit(&s->chr);
++
++ timer_del(s->modem_status_poll);
++ timer_free(s->modem_status_poll);
++
++ timer_del(s->fifo_timeout_timer);
++ timer_free(s->fifo_timeout_timer);
++
++ fifo8_destroy(&s->recv_fifo);
++ fifo8_destroy(&s->xmit_fifo);
++
+ qemu_unregister_reset(serial_reset, s);
+ }
+
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
new file mode 100644
index 000000000000..93e9c9406c47
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
@@ -0,0 +1,37 @@
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf22..5bd5ab6 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+ boundary_count -= block_size - begin;
+ }
+ dma_memory_read(&address_space_memory, s->sdmasysad,
+- &s->fifo_buffer[begin], s->data_count);
++ &s->fifo_buffer[begin], s->data_count - begin);
+ s->sdmasysad += s->data_count - begin;
+ if (s->data_count == block_size) {
+ for (n = 0; n < block_size; n++) {
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
new file mode 100644
index 000000000000..2ebd49fa54da
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
@@ -0,0 +1,64 @@
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+ trace_megasas_dcmd_invalid_sge(cmd->index,
+ cmd->frame->header.sge_count);
+ cmd->iov_size = 0;
+- return -1;
++ return -EINVAL;
+ }
+ iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+ iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+ pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+ qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+ cmd->iov_size = iov_size;
+- return cmd->iov_size;
++ return 0;
+ }
+
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+- int opcode, len;
++ int opcode;
+ int retval = 0;
++ size_t len;
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+ opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+ trace_megasas_handle_dcmd(cmd->index, opcode);
+- len = megasas_map_dcmd(s, cmd);
+- if (len < 0) {
++ if (megasas_map_dcmd(s, cmd) < 0) {
+ return MFI_STAT_MEMORY_NOT_AVAILABLE;
+ }
+ while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+ cmdptr++;
+ }
++ len = cmd->iov_size;
+ if (cmdptr->opcode == -1) {
+ trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+ retval = megasas_dcmd_dummy(s, cmd);
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
new file mode 100644
index 000000000000..664a669ffaa5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
@@ -0,0 +1,38 @@
+When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
+backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
+we'll leak memory.
+
+This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
+"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
+
+Reported-by: 李强 <address@hidden>
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index f96a0c2..ecb09d1 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
+ struct virtio_gpu_ctrl_command *cmd)
+ {
+ struct virtio_gpu_resource_unref unref;
++ struct iovec *res_iovs = NULL;
++ int num_iovs = 0;
+
+ VIRTIO_GPU_FILL_CMD(unref);
+ trace_virtio_gpu_cmd_res_unref(unref.resource_id);
+
++ virgl_renderer_resource_detach_iov(unref.resource_id,
++ &res_iovs,
++ &num_iovs);
++ if (res_iovs != NULL && num_iovs != 0) {
++ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
++ }
+ virgl_renderer_resource_unref(unref.resource_id);
+ }
+
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
new file mode 100644
index 000000000000..9f94477a46bf
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
@@ -0,0 +1,35 @@
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b6..1325ea1 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+ DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+ recv->hdr.bSeq, len);
+ ccid_add_pending_answer(s, (CCID_Header *)recv);
+- if (s->card) {
++ if (s->card && len <= BULK_OUT_DATA_SIZE) {
+ ccid_card_apdu_from_guest(s->card, recv->abData, len);
+ } else {
+ DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+--
+2.10.2
+
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
new file mode 100644
index 000000000000..f24d557c96df
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
@@ -0,0 +1,46 @@
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e..c23e1ad 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+ uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+ uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+
+- size_t max_len, curr_size = 0;
++ uint64_t max_len, curr_size = 0;
+ size_t s;
+
+ /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+ return NULL;
+ }
+
+- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+ if (unlikely(max_len > vcrypto->conf.max_size)) {
+ virtio_error(vdev, "virtio-crypto too big length");
+ return NULL;
+--
+2.10.2
+
diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
new file mode 100644
index 000000000000..27420ae5fd6e
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -0,0 +1,691 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+ user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+ EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+ inherit git-2
+ SRC_URI=""
+else
+ SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+ KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ gtk2? ( gtk )
+ qemu_softmmu_targets_arm? ( fdt )
+ qemu_softmmu_targets_microblaze? ( fdt )
+ qemu_softmmu_targets_ppc? ( fdt )
+ qemu_softmmu_targets_ppc64? ( fdt )
+ sdl2? ( sdl )
+ static? ( static-softmmu static-user )
+ static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+ virtfs? ( xattr )
+ vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected). This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions. This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var. e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+ sys-libs/zlib[static-libs(+)]
+ bzip2? ( app-arch/bzip2[static-libs(+)] )
+ xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+ >=x11-libs/pixman-0.28.0[static-libs(+)]
+ accessibility? ( app-accessibility/brltty[static-libs(+)] )
+ aio? ( dev-libs/libaio[static-libs(+)] )
+ alsa? ( >=media-libs/alsa-lib-1.0.13 )
+ bluetooth? ( net-wireless/bluez )
+ caps? ( sys-libs/libcap-ng[static-libs(+)] )
+ curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+ fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+ glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+ gnutls? (
+ dev-libs/nettle:=[static-libs(+)]
+ >=net-libs/gnutls-3.0:=[static-libs(+)]
+ )
+ gtk? (
+ gtk2? (
+ x11-libs/gtk+:2
+ vte? ( x11-libs/vte:0 )
+ )
+ !gtk2? (
+ x11-libs/gtk+:3
+ vte? ( x11-libs/vte:2.91 )
+ )
+ )
+ infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+ iscsi? ( net-libs/libiscsi )
+ jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+ lzo? ( dev-libs/lzo:2[static-libs(+)] )
+ ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+ nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+ numa? ( sys-process/numactl[static-libs(+)] )
+ opengl? (
+ virtual/opengl
+ media-libs/libepoxy[static-libs(+)]
+ media-libs/mesa[static-libs(+)]
+ media-libs/mesa[egl,gbm]
+ )
+ png? ( media-libs/libpng:0=[static-libs(+)] )
+ pulseaudio? ( media-sound/pulseaudio )
+ rbd? ( sys-cluster/ceph[static-libs(+)] )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+ sdl? (
+ !sdl2? (
+ media-libs/libsdl[X]
+ >=media-libs/libsdl-1.2.11[static-libs(+)]
+ )
+ sdl2? (
+ media-libs/libsdl2[X]
+ media-libs/libsdl2[static-libs(+)]
+ )
+ )
+ seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+ smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+ snappy? ( app-arch/snappy[static-libs(+)] )
+ spice? (
+ >=app-emulation/spice-protocol-0.12.3
+ >=app-emulation/spice-0.12.0[static-libs(+)]
+ )
+ ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+ usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+ usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+ vde? ( net-misc/vde[static-libs(+)] )
+ virgl? ( media-libs/virglrenderer[static-libs(+)] )
+ virtfs? ( sys-libs/libcap )
+ xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+ >=sys-firmware/ipxe-1.0.0_p20130624
+ pin-upstream-blobs? (
+ ~sys-firmware/seabios-1.10.1
+ ~sys-firmware/sgabios-0.1_pre8
+ ~sys-firmware/vgabios-0.7a
+ )
+ !pin-upstream-blobs? (
+ sys-firmware/seabios
+ sys-firmware/sgabios
+ sys-firmware/vgabios
+ )"
+CDEPEND="
+ !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+ !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+ qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+ qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+ python? ( ${PYTHON_DEPS} )
+ systemtap? ( dev-util/systemtap )
+ xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+ dev-lang/perl
+ =dev-lang/python-2*
+ sys-apps/texinfo
+ virtual/pkgconfig
+ kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+ gtk? ( nls? ( sys-devel/gettext ) )
+ static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+ static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+ test? (
+ dev-libs/glib[utils]
+ sys-devel/bc
+ )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+ usr/share/qemu/openbios-ppc
+ usr/share/qemu/openbios-sparc64
+ usr/share/qemu/openbios-sparc32
+ usr/share/qemu/palcode-clipper
+ usr/share/qemu/s390-ccw.img
+ usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+ usr/bin/qemu-x86_64
+ usr/bin/qemu-alpha
+ usr/bin/qemu-arm
+ usr/bin/qemu-cris
+ usr/bin/qemu-m68k
+ usr/bin/qemu-microblaze
+ usr/bin/qemu-microblazeel
+ usr/bin/qemu-mips
+ usr/bin/qemu-mipsel
+ usr/bin/qemu-or32
+ usr/bin/qemu-ppc
+ usr/bin/qemu-ppc64
+ usr/bin/qemu-ppc64abi32
+ usr/bin/qemu-sh4
+ usr/bin/qemu-sh4eb
+ usr/bin/qemu-sparc
+ usr/bin/qemu-sparc64
+ usr/bin/qemu-armeb
+ usr/bin/qemu-sparc32plus
+ usr/bin/qemu-s390x
+ usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it. You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+ use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+ use qemu_softmmu_targets_s390x; then
+ return 0
+ fi
+
+ return 1
+}
+
+pkg_pretend() {
+ if use kernel_linux && kernel_is lt 2 6 25; then
+ eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+ elif use kernel_linux; then
+ if ! linux_config_exists; then
+ eerror "Unable to check your kernel for KVM support"
+ else
+ CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+ ERROR_KVM="You must enable KVM in your kernel to continue"
+ ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+ ERROR_KVM_AMD+=" your kernel configuration."
+ ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+ ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+ ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+ ERROR_TUN+=" into your kernel or loaded as a module to use the"
+ ERROR_TUN+=" virtual network device if using -net tap."
+ ERROR_BRIDGE="You will also need support for 802.1d"
+ ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+ use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+ ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+ ERROR_VHOST_NET+=" support"
+
+ if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+ CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+ fi
+
+ use python && CONFIG_CHECK+=" ~DEBUG_FS"
+ ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+ # Now do the actual checks setup above
+ check_extra_config
+ fi
+ fi
+
+ if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+ eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+ eerror "instances are still pointing to it. Please update your"
+ eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+ eerror "and the right system binary (e.g. qemu-system-x86_64)."
+ die "update your virt configs to not use qemu-kvm"
+ fi
+}
+
+pkg_setup() {
+ enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+ local var=$1 mak=$2
+ local detected sorted
+
+ pushd "${S}"/default-configs >/dev/null || die
+
+ # Force C locale until glibc is updated. #564936
+ detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+ sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+ if [[ ${sorted} != "${detected}" ]] ; then
+ eerror "The ebuild needs to be kept in sync."
+ eerror "${var}: ${sorted}"
+ eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+ die "sync ${var} to the list of targets"
+ fi
+
+ popd >/dev/null
+}
+
+handle_locales() {
+ # Make sure locale list is kept up-to-date.
+ local detected sorted
+ detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+ sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+ if [[ ${sorted} != "${detected}" ]] ; then
+ eerror "The ebuild needs to be kept in sync."
+ eerror "PLOCALES: ${sorted}"
+ eerror " po/*.po: ${detected}"
+ die "sync PLOCALES"
+ fi
+
+ # Deal with selective install of locales.
+ if use nls ; then
+ # Delete locales the user does not want. #577814
+ rm_loc() { rm po/$1.po || die; }
+ l10n_for_each_disabled_locale_do rm_loc
+ else
+ # Cheap hack to disable gettext .mo generation.
+ rm -f po/*.po
+ fi
+}
+
+src_prepare() {
+ check_targets IUSE_SOFTMMU_TARGETS softmmu
+ check_targets IUSE_USER_TARGETS linux-user
+
+ # Alter target makefiles to accept CFLAGS set via flag-o
+ sed -i -r \
+ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+ Makefile Makefile.target || die
+
+ epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+ epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+ epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch #608034
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch #607766
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
+ epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch #608728
+
+ # Fix ld and objcopy being called directly
+ tc-export AR LD OBJCOPY
+
+ # Verbose builds
+ MAKEOPTS+=" V=1"
+
+ epatch_user
+
+ # Run after we've applied all patches.
+ handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+ debug-print-function ${FUNCNAME} "$@"
+
+ local buildtype=$1
+ local builddir="${S}/${buildtype}-build"
+ local static_flag="static-${buildtype}"
+
+ mkdir "${builddir}"
+
+ local conf_opts=(
+ --prefix=/usr
+ --sysconfdir=/etc
+ --libdir=/usr/$(get_libdir)
+ --docdir=/usr/share/doc/${PF}/html
+ --disable-bsd-user
+ --disable-guest-agent
+ --disable-strip
+ --disable-werror
+ # We support gnutls/nettle for crypto operations. It is possible
+ # to use gcrypt when gnutls/nettle are disabled (but not when they
+ # are enabled), but it's not really worth the hassle. Disable it
+ # all the time to avoid automatically detecting it. #568856
+ --disable-gcrypt
+ --python="${PYTHON}"
+ --cc="$(tc-getCC)"
+ --cxx="$(tc-getCXX)"
+ --host-cc="$(tc-getBUILD_CC)"
+ $(use_enable debug debug-info)
+ $(use_enable debug debug-tcg)
+ --enable-docs
+ $(use_enable tci tcg-interpreter)
+ $(use_enable xattr attr)
+ )
+
+ # Disable options not used by user targets as the default configure
+ # options will autoprobe and try to link in a bunch of unused junk.
+ conf_softmmu() {
+ if [[ ${buildtype} == "user" ]] ; then
+ echo "--disable-${2:-$1}"
+ else
+ use_enable "$@"
+ fi
+ }
+ conf_opts+=(
+ $(conf_softmmu accessibility brlapi)
+ $(conf_softmmu aio linux-aio)
+ $(conf_softmmu bzip2)
+ $(conf_softmmu bluetooth bluez)
+ $(conf_softmmu caps cap-ng)
+ $(conf_softmmu curl)
+ $(conf_softmmu fdt)
+ $(conf_softmmu glusterfs)
+ $(conf_softmmu gnutls)
+ $(conf_softmmu gnutls nettle)
+ $(conf_softmmu gtk)
+ $(conf_softmmu infiniband rdma)
+ $(conf_softmmu iscsi libiscsi)
+ $(conf_softmmu jpeg vnc-jpeg)
+ $(conf_softmmu kernel_linux kvm)
+ $(conf_softmmu lzo)
+ $(conf_softmmu ncurses curses)
+ $(conf_softmmu nfs libnfs)
+ $(conf_softmmu numa)
+ $(conf_softmmu opengl)
+ $(conf_softmmu png vnc-png)
+ $(conf_softmmu rbd)
+ $(conf_softmmu sasl vnc-sasl)
+ $(conf_softmmu sdl)
+ $(conf_softmmu seccomp)
+ $(conf_softmmu smartcard)
+ $(conf_softmmu snappy)
+ $(conf_softmmu spice)
+ $(conf_softmmu ssh libssh2)
+ $(conf_softmmu usb libusb)
+ $(conf_softmmu usbredir usb-redir)
+ $(conf_softmmu vde)
+ $(conf_softmmu vhost-net)
+ $(conf_softmmu virgl virglrenderer)
+ $(conf_softmmu virtfs)
+ $(conf_softmmu vnc)
+ $(conf_softmmu vte)
+ $(conf_softmmu xen)
+ $(conf_softmmu xen xen-pci-passthrough)
+ $(conf_softmmu xfs xfsctl)
+ )
+
+ case ${buildtype} in
+ user)
+ conf_opts+=(
+ --enable-linux-user
+ --disable-system
+ --disable-blobs
+ --disable-tools
+ )
+ ;;
+ softmmu)
+ # audio options
+ local audio_opts="oss"
+ use alsa && audio_opts="alsa,${audio_opts}"
+ use sdl && audio_opts="sdl,${audio_opts}"
+ use pulseaudio && audio_opts="pa,${audio_opts}"
+
+ conf_opts+=(
+ --disable-linux-user
+ --enable-system
+ --with-system-pixman
+ --audio-drv-list="${audio_opts}"
+ )
+ use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+ use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+ ;;
+ tools)
+ conf_opts+=(
+ --disable-linux-user
+ --disable-system
+ --disable-blobs
+ $(use_enable bzip2)
+ )
+ static_flag="static"
+ ;;
+ esac
+
+ local targets="${buildtype}_targets"
+ [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+ # Add support for SystemTAP
+ use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+ # We always want to attempt to build with PIE support as it results
+ # in a more secure binary. But it doesn't work with static or if
+ # the current GCC doesn't have PIE support.
+ if use ${static_flag}; then
+ conf_opts+=( --static --disable-pie )
+ else
+ gcc-specs-pie && conf_opts+=( --enable-pie )
+ fi
+
+ echo "../configure ${conf_opts[*]}"
+ cd "${builddir}"
+ ../configure "${conf_opts[@]}" || die "configure failed"
+
+ # FreeBSD's kernel does not support QEMU assigning/grabbing
+ # host USB devices yet
+ use kernel_FreeBSD && \
+ sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+ local target
+
+ python_setup
+
+ softmmu_targets= softmmu_bins=()
+ user_targets= user_bins=()
+
+ for target in ${IUSE_SOFTMMU_TARGETS} ; do
+ if use "qemu_softmmu_targets_${target}"; then
+ softmmu_targets+=",${target}-softmmu"
+ softmmu_bins+=( "qemu-system-${target}" )
+ fi
+ done
+
+ for target in ${IUSE_USER_TARGETS} ; do
+ if use "qemu_user_targets_${target}"; then
+ user_targets+=",${target}-linux-user"
+ user_bins+=( "qemu-${target}" )
+ fi
+ done
+
+ softmmu_targets=${softmmu_targets#,}
+ user_targets=${user_targets#,}
+
+ [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+ [[ -n ${user_targets} ]] && qemu_src_configure "user"
+ [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+ if [[ -n ${user_targets} ]]; then
+ cd "${S}/user-build"
+ default
+ fi
+
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ default
+ fi
+
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then
+ cd "${S}/tools-build"
+ default
+ fi
+}
+
+src_test() {
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ pax-mark m */qemu-system-* #515550
+ emake -j1 check
+ emake -j1 check-report.html
+ fi
+}
+
+qemu_python_install() {
+ python_domodule "${S}/scripts/qmp/qmp.py"
+
+ python_doscript "${S}/scripts/kvm/vmxcap"
+ python_doscript "${S}/scripts/qmp/qmp-shell"
+ python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+ if [[ -n ${user_targets} ]]; then
+ cd "${S}/user-build"
+ emake DESTDIR="${ED}" install
+
+ # Install binfmt handler init script for user targets
+ newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+ fi
+
+ if [[ -n ${softmmu_targets} ]]; then
+ cd "${S}/softmmu-build"
+ emake DESTDIR="${ED}" install
+
+ # This might not exist if the test failed. #512010
+ [[ -e check-report.html ]] && dohtml check-report.html
+
+ if use kernel_linux; then
+ udev_dorules "${FILESDIR}"/65-kvm.rules
+ fi
+
+ if use python; then
+ python_foreach_impl qemu_python_install
+ fi
+ fi
+
+ if [[ -z ${softmmu_targets}${user_targets} ]]; then
+ cd "${S}/tools-build"
+ emake DESTDIR="${ED}" install
+ fi
+
+ # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+ pushd "${ED}"/usr/bin >/dev/null
+ pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+ popd >/dev/null
+
+ # Install config file example for qemu-bridge-helper
+ insinto "/etc/qemu"
+ doins "${FILESDIR}/bridge.conf"
+
+ # Remove the docdir placed qmp-commands.txt
+ mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+ cd "${S}"
+ dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+ newdoc pc-bios/README README.pc-bios
+ dodoc docs/qmp-*.txt
+
+ if [[ -n ${softmmu_targets} ]]; then
+ # Remove SeaBIOS since we're using the SeaBIOS packaged one
+ rm "${ED}/usr/share/qemu/bios.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+ fi
+
+ # Remove vgabios since we're using the vgabios packaged one
+ rm "${ED}/usr/share/qemu/vgabios.bin"
+ rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+ rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+ rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+ rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+ dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+ dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+ dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+ dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+ fi
+
+ # Remove sgabios since we're using the sgabios packaged one
+ rm "${ED}/usr/share/qemu/sgabios.bin"
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+ fi
+
+ # Remove iPXE since we're using the iPXE packaged one
+ rm "${ED}"/usr/share/qemu/pxe-*.rom
+ if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+ dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+ dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+ dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+ dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+ dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+ dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+ fi
+ fi
+
+ qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ if qemu_support_kvm; then
+ readme.gentoo_print_elog
+ fi
+
+ if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+ udev_reload
+ fi
+
+ fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+ echo "Using:"
+ echo " $(best_version app-emulation/spice-protocol)"
+ echo " $(best_version sys-firmware/ipxe)"
+ echo " $(best_version sys-firmware/seabios)"
+ if has_version 'sys-firmware/seabios[binary]'; then
+ echo " USE=binary"
+ else
+ echo " USE=''"
+ fi
+ echo " $(best_version sys-firmware/vgabios)"
+}