From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D5ABC138247 for ; Fri, 10 Oct 2014 18:20:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4FB79E0BD9; Fri, 10 Oct 2014 18:20:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8F05EE0BD2 for ; Fri, 10 Oct 2014 18:20:19 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 93FB3340458 for ; Fri, 10 Oct 2014 18:20:18 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4E5B977E2 for ; Fri, 10 Oct 2014 18:20:17 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1412965217.d69ceecaa2909f2a48f5144c514fd0d44a04eb79.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-dev:musl commit in: app-emulation/qemu/files/, app-emulation/qemu/ X-VCS-Repository: proj/hardened-dev X-VCS-Files: app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch app-emulation/qemu/files/qemu-2.0.0-sigset.patch app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch app-emulation/qemu/qemu-2.0.0-r99.ebuild app-emulation/qemu/qemu-2.1.0-r99.ebuild X-VCS-Directories: app-emulation/qemu/files/ app-emulation/qemu/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: d69ceecaa2909f2a48f5144c514fd0d44a04eb79 X-VCS-Branch: musl Date: Fri, 10 Oct 2014 18:20:17 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 57680a26-fd7c-41f4-ac67-43324805be09 X-Archives-Hash: f9983c89bcd4086e316c319e17dc53df commit: d69ceecaa2909f2a48f5144c514fd0d44a04eb79 Author: Felix Janda posteo de> AuthorDate: Fri Sep 19 21:49:30 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Fri Oct 10 18:20:17 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=d69ceeca app-emulation/qemu: bump to 2.1.0 --- .../qemu/files/qemu-2.0.0-CVE-2013-4541.patch | 40 ---- .../qemu/files/qemu-2.0.0-CVE-2014-0222.patch | 48 ----- .../qemu/files/qemu-2.0.0-CVE-2014-0223.patch | 57 ----- .../files/qemu-2.0.0-qcow-check-max-sizes.patch | 52 ----- app-emulation/qemu/files/qemu-2.0.0-sigset.patch | 63 ------ .../files/qemu-2.0.0-usb-post-load-checks.patch | 41 ---- .../qemu/files/qemu-2.1.0-CVE-2014-5388.patch | 36 ++++ ...qemu-2.0.0-r99.ebuild => qemu-2.1.0-r99.ebuild} | 231 +++++++++++---------- 8 files changed, 161 insertions(+), 407 deletions(-) diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch deleted file mode 100644 index c4e0d81..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:25 +0300 -Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load - -CVE-2013-4541 - -s->setup_len and s->setup_index are fed into usb_packet_copy as -size/offset into s->data_buf, it's possible for invalid state to exploit -this to load arbitrary data. - -setup_len and setup_index should be checked to make sure -they are not negative. - -Cc: Gerd Hoffmann -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Gerd Hoffmann -Signed-off-by: Juan Quintela ---- - hw/usb/bus.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/bus.c b/hw/usb/bus.c -index fe70429..e48b19f 100644 ---- a/hw/usb/bus.c -+++ b/hw/usb/bus.c -@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id) - } else { - dev->attached = 1; - } -- if (dev->setup_index >= sizeof(dev->data_buf) || -+ if (dev->setup_index < 0 || -+ dev->setup_len < 0 || -+ dev->setup_index >= sizeof(dev->data_buf) || - dev->setup_len >= sizeof(dev->data_buf)) { - return -EINVAL; - } --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch deleted file mode 100644 index 754ad48..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 42eb58179b3b215bb507da3262b682b8a2ec10b5 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 15 May 2014 16:10:11 +0200 -Subject: [PATCH] qcow1: Validate L2 table size (CVE-2014-0222) - -Too large L2 table sizes cause unbounded allocations. Images actually -created by qemu-img only have 512 byte or 4k L2 tables. - -To keep things consistent with cluster sizes, allow ranges between 512 -bytes and 64k (in fact, down to 1 entry = 8 bytes is technically -working, but L2 table sizes smaller than a cluster don't make a lot of -sense). - -This also means that the number of bytes on the virtual disk that are -described by the same L2 table is limited to at most 8k * 64k or 2^29, -preventively avoiding any integer overflows. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Benoit Canet ---- - block/qcow.c | 8 ++++++++ - tests/qemu-iotests/092 | 15 +++++++++++++++ - tests/qemu-iotests/092.out | 11 +++++++++++ - 3 files changed, 34 insertions(+) - -diff --git a/block/qcow.c b/block/qcow.c -index e60df23..e8038e5 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -139,6 +139,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - goto fail; - } - -+ /* l2_bits specifies number of entries; storing a uint64_t in each entry, -+ * so bytes = num_entries << 3. */ -+ if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) { -+ error_setg(errp, "L2 table size must be between 512 and 64k"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret = -EINVAL; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch deleted file mode 100644 index a5b20a4..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 46485de0cb357b57373e1ca895adedf1f3ed46ec Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 8 May 2014 13:08:20 +0200 -Subject: [PATCH] qcow1: Validate image size (CVE-2014-0223) - -A huge image size could cause s->l1_size to overflow. Make sure that -images never require a L1 table larger than what fits in s->l1_size. - -This cannot only cause unbounded allocations, but also the allocation of -a too small L1 table, resulting in out-of-bounds array accesses (both -reads and writes). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf ---- - block/qcow.c | 16 ++++++++++++++-- - tests/qemu-iotests/092 | 9 +++++++++ - tests/qemu-iotests/092.out | 7 +++++++ - 3 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/block/qcow.c b/block/qcow.c -index e8038e5..3566c05 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -61,7 +61,7 @@ typedef struct BDRVQcowState { - int cluster_sectors; - int l2_bits; - int l2_size; -- int l1_size; -+ unsigned int l1_size; - uint64_t cluster_offset_mask; - uint64_t l1_table_offset; - uint64_t *l1_table; -@@ -166,7 +166,19 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - - /* read the level 1 table */ - shift = s->cluster_bits + s->l2_bits; -- s->l1_size = (header.size + (1LL << shift) - 1) >> shift; -+ if (header.size > UINT64_MAX - (1LL << shift)) { -+ error_setg(errp, "Image too large"); -+ ret = -EINVAL; -+ goto fail; -+ } else { -+ uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift; -+ if (l1_size > INT_MAX / sizeof(uint64_t)) { -+ error_setg(errp, "Image too large"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ s->l1_size = l1_size; -+ } - - s->l1_table_offset = header.l1_table_offset; - s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t)); --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch b/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch deleted file mode 100644 index 54fdd79..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Wed, 7 May 2014 17:30:30 +0200 -Subject: [PATCH] qcow1: Check maximum cluster size - -Huge values for header.cluster_bits cause unbounded allocations (e.g. -for s->cluster_cache) and crash qemu this way. Less huge values may -survive those allocations, but can cause integer overflows later on. - -The only cluster sizes that qemu can create are 4k (for standalone -images) and 512 (for images with backing files), so we can limit it -to 64k. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Benoit Canet ---- - block/qcow.c | 10 ++++++-- - tests/qemu-iotests/092 | 63 ++++++++++++++++++++++++++++++++++++++++++++++ - tests/qemu-iotests/092.out | 13 ++++++++++ - tests/qemu-iotests/group | 1 + - 4 files changed, 85 insertions(+), 2 deletions(-) - create mode 100755 tests/qemu-iotests/092 - create mode 100644 tests/qemu-iotests/092.out - -diff --git a/block/qcow.c b/block/qcow.c -index 3684794..e60df23 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -128,11 +128,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - goto fail; - } - -- if (header.size <= 1 || header.cluster_bits < 9) { -- error_setg(errp, "invalid value in qcow header"); -+ if (header.size <= 1) { -+ error_setg(errp, "Image size is too small (must be at least 2 bytes)"); - ret = -EINVAL; - goto fail; - } -+ if (header.cluster_bits < 9 || header.cluster_bits > 16) { -+ error_setg(errp, "Cluster size must be between 512 and 64k"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret = -EINVAL; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-sigset.patch b/app-emulation/qemu/files/qemu-2.0.0-sigset.patch deleted file mode 100644 index e335b67..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-sigset.patch +++ /dev/null @@ -1,63 +0,0 @@ -commit 34d6086236baeb59f4b46e2380f2b271acd6f6cf -Author: Natanael Copa -Date: Tue Apr 29 13:11:20 2014 +0200 - - linux-user: avoid using glibc internals in _syscall5 and in definition of target_sigevent struct - - Use the public sigset_t instead of the glibc specific internal - __sigset_t in _syscall. - - Calculate the sigevent pad size is calculated in similar way as kernel - does it instead of using glibc internal field _pad. - - This is needed for building with musl libc. - - Signed-off-by: Natanael Copa - Signed-off-by: Riku Voipio - Reviewed-by: Peter Maydell - -diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 15de6f8..af0bb35 100644 ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -411,7 +411,7 @@ static int sys_inotify_init1(int flags) - #endif - #define __NR_sys_ppoll __NR_ppoll - _syscall5(int, sys_ppoll, struct pollfd *, fds, nfds_t, nfds, -- struct timespec *, timeout, const __sigset_t *, sigmask, -+ struct timespec *, timeout, const sigset_t *, sigmask, - size_t, sigsetsize) - #endif - -diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index fdf9a47..69c3982 100644 ---- a/linux-user/syscall_defs.h -+++ b/linux-user/syscall_defs.h -@@ -2552,12 +2552,26 @@ struct target_timer_t { - abi_ulong ptr; - }; - -+#define TARGET_SIGEV_MAX_SIZE 64 -+ -+/* This is architecture-specific but most architectures use the default */ -+#ifdef TARGET_MIPS -+#define TARGET_SIGEV_PREAMBLE_SIZE (sizeof(int32_t) * 2 + sizeof(abi_long)) -+#else -+#define TARGET_SIGEV_PREAMBLE_SIZE (sizeof(int32_t) * 2 \ -+ + sizeof(target_sigval_t)) -+#endif -+ -+#define TARGET_SIGEV_PAD_SIZE ((TARGET_SIGEV_MAX_SIZE \ -+ - TARGET_SIGEV_PREAMBLE_SIZE) \ -+ / sizeof(int32_t)) -+ - struct target_sigevent { - target_sigval_t sigev_value; - int32_t sigev_signo; - int32_t sigev_notify; - union { -- int32_t _pad[ARRAY_SIZE(((struct sigevent *)0)->_sigev_un._pad)]; -+ int32_t _pad[TARGET_SIGEV_PAD_SIZE]; - int32_t _tid; - - struct { diff --git a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch b/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch deleted file mode 100644 index 4e85c59..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch +++ /dev/null @@ -1,41 +0,0 @@ -https://bugs.gentoo.org/510208 - -From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Tue, 13 May 2014 12:33:16 +0300 -Subject: [PATCH] usb: fix up post load checks - -Correct post load checks: -1. dev->setup_len == sizeof(dev->data_buf) - seems fine, no need to fail migration -2. When state is DATA, passing index > len - will cause memcpy with negative length, - resulting in heap overflow - -First of the issues was reported by dgilbert. - -Reported-by: "Dr. David Alan Gilbert" -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela ---- - hw/usb/bus.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/usb/bus.c b/hw/usb/bus.c -index 699aa10..927a47b 100644 ---- a/hw/usb/bus.c -+++ b/hw/usb/bus.c -@@ -51,8 +51,8 @@ static int usb_device_post_load(void *opaque, int version_id) - } - if (dev->setup_index < 0 || - dev->setup_len < 0 || -- dev->setup_index >= sizeof(dev->data_buf) || -- dev->setup_len >= sizeof(dev->data_buf)) { -+ dev->setup_index > dev->setup_len || -+ dev->setup_len > sizeof(dev->data_buf)) { - return -EINVAL; - } - return 0; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch new file mode 100644 index 0000000..26a012b --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch @@ -0,0 +1,36 @@ +https://bugs.gentoo.org/520688 + +From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001 +From: Gonglei +Date: Wed, 20 Aug 2014 13:52:30 +0800 +Subject: [PATCH] pcihp: fix possible array out of bounds + +Prevent out-of-bounds array access on +acpi_pcihp_pci_status. + +Signed-off-by: Gonglei +Reviewed-by: Peter Crosthwaite +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Cc: qemu-stable@nongnu.org +Reviewed-by: Marcel Apfelbaum +--- + hw/acpi/pcihp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c +index fae663a..34dedf1 100644 +--- a/hw/acpi/pcihp.c ++++ b/hw/acpi/pcihp.c +@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size) + uint32_t val = 0; + int bsel = s->hotplug_select; + +- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) { ++ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) { + return 0; + } + +-- +2.0.0 + diff --git a/app-emulation/qemu/qemu-2.0.0-r99.ebuild b/app-emulation/qemu/qemu-2.1.0-r99.ebuild similarity index 74% rename from app-emulation/qemu/qemu-2.0.0-r99.ebuild rename to app-emulation/qemu/qemu-2.1.0-r99.ebuild index efbdd23..d885d11 100644 --- a/app-emulation/qemu/qemu-2.0.0-r99.ebuild +++ b/app-emulation/qemu/qemu-2.1.0-r99.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.0.0-r1.ebuild,v 1.5 2014/06/06 01:42:41 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0-r1.ebuild,v 1.6 2014/09/13 17:07:04 ago Exp $ EAPI=5 @@ -30,9 +30,10 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ -gtk iscsi +jpeg \ -kernel_linux kernel_FreeBSD ncurses opengl +png pulseaudio python \ -rbd sasl +seccomp sdl selinux smartcard spice ssh static static-softmmu \ +gtk infiniband iscsi +jpeg \ +kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs ++png pulseaudio python \ +rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ virtfs +vnc xattr xen xfs" @@ -61,8 +62,13 @@ REQUIRED_USE="|| ( ${use_targets} ) virtfs? ( xattr )" # Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] - sys-libs/zlib[static-libs(+)]" + sys-libs/zlib[static-libs(+)] + xattr? ( sys-apps/attr[static-libs(+)] )" SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} >=x11-libs/pixman-0.28.0[static-libs(+)] aio? ( dev-libs/libaio[static-libs(+)] ) @@ -70,36 +76,42 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) + infiniband? ( sys-infiniband/librdmacm[static-libs(+)] ) jpeg? ( virtual/jpeg[static-libs(+)] ) + lzo? ( dev-libs/lzo:2[static-libs(+)] ) ncurses? ( sys-libs/ncurses[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + numa? ( sys-process/numactl[static-libs(+)] ) png? ( media-libs/libpng[static-libs(+)] ) rbd? ( sys-cluster/ceph[static-libs(+)] ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + snappy? ( app-arch/snappy[static-libs(+)] ) spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) tls? ( net-libs/gnutls[static-libs(+)] ) usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] ) uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] ) - xattr? ( sys-apps/attr[static-libs(+)] ) xfs? ( sys-fs/xfsprogs[static-libs(+)] )" USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" -RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) - !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) - qemu_softmmu_targets_i386? ( - >=sys-firmware/ipxe-1.0.0_p20130624 - ~sys-firmware/seabios-1.7.4 - ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a - ) - qemu_softmmu_targets_x86_64? ( - >=sys-firmware/ipxe-1.0.0_p20130624 - ~sys-firmware/seabios-1.7.4 +X86_FIRMWARE_DEPEND=" + >=sys-firmware/ipxe-1.0.0_p20130624 + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.7.5 ~sys-firmware/sgabios-0.1_pre8 ~sys-firmware/vgabios-0.7a ) + !pin-upstream-blobs? ( + sys-firmware/seabios + sys-firmware/sgabios + sys-firmware/vgabios + )" +RDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) + !static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) accessibility? ( app-accessibility/brltty ) alsa? ( >=media-libs/alsa-lib-1.0.13 ) bluetooth? ( net-wireless/bluez ) @@ -125,6 +137,7 @@ DEPEND="${RDEPEND} sys-apps/texinfo virtual/pkgconfig kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) static-user? ( ${USER_LIB_DEPEND} ) test? ( @@ -139,7 +152,9 @@ QA_PREBUILT=" usr/share/qemu/openbios-sparc64 usr/share/qemu/openbios-sparc32 usr/share/qemu/palcode-clipper - usr/share/qemu/s390-ccw.img" + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500 +" QA_WX_LOAD="usr/bin/qemu-i386 usr/bin/qemu-x86_64 @@ -236,17 +251,13 @@ src_prepare() { -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ Makefile Makefile.target || die + # Cheap hack to disable gettext .mo generation. + use nls || rm -f po/*.po + epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/qemu-9999-virtfs-proxy-helper-accept.patch #486714 - epatch "${FILESDIR}"/${P}-CVE-2013-4541.patch #510208 - epatch "${FILESDIR}"/${P}-usb-post-load-checks.patch #510208 - epatch "${FILESDIR}"/${P}-qcow-check-max-sizes.patch #510234 - epatch "${FILESDIR}"/${P}-CVE-2014-0222.patch #510234 - epatch "${FILESDIR}"/${P}-CVE-2014-0223.patch #510234 - epatch "${FILESDIR}"/${PN}-1.5.3-openpty.patch #musl - epatch "${FILESDIR}"/${P}-sigset.patch #musl - epatch "${FILESDIR}"/${P}-F_SHLCK-and-F_EXLCK.patch #musl - epatch "${FILESDIR}"/${P}-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #musl + epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688 + epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch #for musl + epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch @@ -294,6 +305,58 @@ qemu_src_configure() { $(use_enable debug debug-tcg) --enable-docs $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) + ) + + # Disable options not used by user targets as the default configure + # options will autoprobe and try to link in a bunch of unused junk. + conf_softmmu() { + if [[ ${buildtype} == "user" ]] ; then + echo "--disable-${2:-$1}" + else + use_enable "$@" + fi + } + conf_opts+=( + $(conf_softmmu accessibility brlapi) + $(conf_softmmu aio linux-aio) + $(conf_softmmu bluetooth bluez) + $(conf_softmmu caps cap-ng) + $(conf_softmmu curl) + $(conf_softmmu fdt) + $(conf_softmmu glusterfs) + $(conf_softmmu gtk) + $(conf_softmmu infiniband rdma) + $(conf_softmmu iscsi libiscsi) + $(conf_softmmu jpeg vnc-jpeg) + $(conf_softmmu kernel_linux kvm) + $(conf_softmmu lzo) + $(conf_softmmu ncurses curses) + $(conf_softmmu nfs libnfs) + $(conf_softmmu numa) + $(conf_softmmu opengl glx) + $(conf_softmmu png vnc-png) + $(conf_softmmu rbd) + $(conf_softmmu sasl vnc-sasl) + $(conf_softmmu sdl) + $(conf_softmmu seccomp) + $(conf_softmmu smartcard smartcard-nss) + $(conf_softmmu snappy) + $(conf_softmmu spice) + $(conf_softmmu ssh libssh2) + $(conf_softmmu tls quorum) + $(conf_softmmu tls vnc-tls) + $(conf_softmmu tls vnc-ws) + $(conf_softmmu usb libusb) + $(conf_softmmu usbredir usb-redir) + $(conf_softmmu uuid) + $(conf_softmmu vde) + $(conf_softmmu vhost-net) + $(conf_softmmu virtfs) + $(conf_softmmu vnc) + $(conf_softmmu xen) + $(conf_softmmu xen xen-pci-passthrough) + $(conf_softmmu xfs xfsctl) ) case ${buildtype} in @@ -303,60 +366,15 @@ qemu_src_configure() { --disable-system --target-list="${user_targets}" --disable-blobs - --disable-bluez - --disable-curses - --disable-kvm - --disable-libiscsi - --disable-glusterfs - --disable-seccomp - --disable-sdl - --disable-smartcard-nss --disable-tools - --disable-vde - --disable-libssh2 - --disable-libusb ) ;; softmmu) conf_opts+=( --disable-linux-user --enable-system - --with-system-pixman --target-list="${softmmu_targets}" - $(use_enable bluetooth bluez) - $(use_enable gtk) - $(use_enable sdl) - $(use_enable aio linux-aio) - $(use_enable accessibility brlapi) - $(use_enable caps cap-ng) - $(use_enable curl) - $(use_enable fdt) - $(use_enable glusterfs) - $(use_enable iscsi libiscsi) - $(use_enable jpeg vnc-jpeg) - $(use_enable kernel_linux kvm) - $(use_enable ncurses curses) - $(use_enable opengl glx) - $(use_enable png vnc-png) - $(use_enable rbd) - $(use_enable sasl vnc-sasl) - $(use_enable seccomp) - $(use_enable smartcard smartcard-nss) - $(use_enable spice) - $(use_enable ssh libssh2) - $(use_enable tls vnc-tls) - $(use_enable tls vnc-ws) - $(use_enable usb libusb) - $(use_enable usbredir usb-redir) - $(use_enable uuid) - $(use_enable vde) - $(use_enable vhost-net) - $(use_enable virtfs) - $(use_enable vnc) - $(use_enable xattr attr) - $(use_enable xen) - $(use_enable xen xen-pci-passthrough) - $(use_enable xfs xfsctl) + --with-system-pixman --audio-drv-list="${audio_opts}" ) use gtk && conf_opts+=( --with-gtkabi=3.0 ) @@ -439,6 +457,7 @@ src_compile() { src_test() { if [[ -n ${softmmu_targets} ]]; then cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 emake -j1 check emake -j1 check-report.html fi @@ -502,42 +521,42 @@ src_install() { fi # Remove vgabios since we're using the vgabios packaged one - rm "${ED}/usr/share/qemu/vgabios.bin" - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi + if [[ -n ${softmmu_targets} ]]; then + rm "${ED}/usr/share/qemu/vgabios.bin" + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin + dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi fi qemu_support_kvm && readme.gentoo_create_doc } pkg_postinst() { - local virtfs_caps= - if qemu_support_kvm; then readme.gentoo_print_elog ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" @@ -557,11 +576,11 @@ pkg_postinst() { fi fi - virtfs_caps+="cap_chown,cap_dac_override,cap_fowner,cap_fsetid," - virtfs_caps+="cap_setgid,cap_mknod,cap_setuid" - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - use virtfs && fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper + if use virtfs && [ -n "${softmmu_targets}" ]; then + local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid" + fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper + fi } pkg_info() {