From: "Matthias Maier" <tamiko@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/
Date: Mon, 5 Sep 2016 05:30:11 +0000 (UTC) [thread overview]
Message-ID: <1473053400.6ac7a9b9a00ee2c1afb780ffcafc8e66ce1b59d9.tamiko@gentoo> (raw)
commit: 6ac7a9b9a00ee2c1afb780ffcafc8e66ce1b59d9
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 5 05:00:00 2016 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Sep 5 05:30:00 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ac7a9b9
app-emulation/qemu: drop obsolete patches
Package-Manager: portage-2.2.28
.../qemu/files/qemu-2.5.0-9pfs-segfault.patch | 34 ------
.../qemu/files/qemu-2.5.0-CVE-2015-8567.patch | 95 ----------------
.../qemu/files/qemu-2.5.0-CVE-2015-8613.patch | 35 ------
.../qemu/files/qemu-2.5.0-CVE-2015-8619.patch | 121 ---------------------
.../qemu/files/qemu-2.5.0-CVE-2015-8701.patch | 49 ---------
.../qemu/files/qemu-2.5.0-CVE-2015-8743.patch | 50 ---------
.../qemu/files/qemu-2.5.0-CVE-2016-1568.patch | 41 -------
.../qemu/files/qemu-2.5.0-CVE-2016-1714.patch | 58 ----------
.../qemu/files/qemu-2.5.0-CVE-2016-1922.patch | 65 -----------
.../qemu/files/qemu-2.5.0-CVE-2016-1981.patch | 98 -----------------
.../qemu/files/qemu-2.5.0-CVE-2016-2197.patch | 43 --------
.../qemu/files/qemu-2.5.0-CVE-2016-2392.patch | 35 ------
.../qemu/files/qemu-2.5.0-ne2000-reg-check.patch | 37 -------
.../qemu/files/qemu-2.5.0-usb-ehci-oob.patch | 52 ---------
.../files/qemu-2.5.0-usb-ndis-int-overflow.patch | 59 ----------
.../qemu/files/qemu-2.6.0-crypto-static.patch | 60 ----------
.../qemu/files/qemu-2.6.0-glib-size_t.patch | 11 --
17 files changed, 943 deletions(-)
diff --git a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch b/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
deleted file mode 100644
index 0e27684..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 Mon Sep 17 00:00:00 2001
-From: Greg Kurz <gkurz@linux.vnet.ibm.com>
-Date: Wed, 23 Dec 2015 10:56:58 +0100
-Subject: [PATCH] virtio-9p: use accessor to get thread_pool
-
-The aio_context_new() function does not allocate a thread pool. This is
-deferred to the first call to the aio_get_thread_pool() accessor. It is
-hence forbidden to access the thread_pool field directly, as it may be
-NULL. The accessor *must* be used always.
-
-Fixes: ebac1202c95a4f1b76b6ef3f0f63926fa76e753e
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Tested-by: Michael Tokarev <mjt@tls.msk.ru>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
----
- hw/9pfs/virtio-9p-coth.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
-index fb6e8f8..ab9425c 100644
---- a/hw/9pfs/virtio-9p-coth.c
-+++ b/hw/9pfs/virtio-9p-coth.c
-@@ -36,6 +36,6 @@ static int coroutine_enter_func(void *arg)
- void co_run_in_worker_bh(void *opaque)
- {
- Coroutine *co = opaque;
-- thread_pool_submit_aio(qemu_get_aio_context()->thread_pool,
-+ thread_pool_submit_aio(aio_get_thread_pool(qemu_get_aio_context()),
- coroutine_enter_func, co, coroutine_enter_cb, co);
- }
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
deleted file mode 100644
index e196043..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-https://bugs.gentoo.org/567868
-
-From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Tue, 15 Dec 2015 12:27:54 +0530
-Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
-
-Vmxnet3 device emulator does not check if the device is active
-before activating it, also it did not free the transmit & receive
-buffers while deactivating the device, thus resulting in memory
-leakage on the host. This patch fixes both these issues to avoid
-host memory leakage.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/vmxnet3.c | 24 ++++++++++++++++--------
- 1 file changed, 16 insertions(+), 8 deletions(-)
-
-diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
-index a5dd79a..9c1adfc 100644
---- a/hw/net/vmxnet3.c
-+++ b/hw/net/vmxnet3.c
-@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
-
- static void vmxnet3_deactivate_device(VMXNET3State *s)
- {
-- VMW_CBPRN("Deactivating vmxnet3...");
-- s->device_active = false;
-+ if (s->device_active) {
-+ VMW_CBPRN("Deactivating vmxnet3...");
-+ vmxnet_tx_pkt_reset(s->tx_pkt);
-+ vmxnet_tx_pkt_uninit(s->tx_pkt);
-+ vmxnet_rx_pkt_uninit(s->rx_pkt);
-+ s->device_active = false;
-+ }
- }
-
- static void vmxnet3_reset(VMXNET3State *s)
-@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
-
- vmxnet3_deactivate_device(s);
- vmxnet3_reset_interrupt_states(s);
-- vmxnet_tx_pkt_reset(s->tx_pkt);
- s->drv_shmem = 0;
- s->tx_sop = true;
- s->skip_current_tx_pkt = false;
-@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
- return;
- }
-
-+ /* Verify if device is active */
-+ if (s->device_active) {
-+ VMW_CFPRN("Vmxnet3 device is active");
-+ return;
-+ }
-+
- vmxnet3_adjust_by_guest_type(s);
- vmxnet3_update_features(s);
- vmxnet3_update_pm_state(s);
-@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
- break;
-
- case VMXNET3_CMD_QUIESCE_DEV:
-- VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
-+ VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
- vmxnet3_deactivate_device(s);
- break;
-
-@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
- * shared address only after we get the high part
- */
- if (val == 0) {
-- s->device_active = false;
-+ vmxnet3_deactivate_device(s);
- }
- s->temp_shared_guest_driver_memory = val;
- s->drv_shmem = 0;
-@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
- static void vmxnet3_net_uninit(VMXNET3State *s)
- {
- g_free(s->mcast_list);
-- vmxnet_tx_pkt_reset(s->tx_pkt);
-- vmxnet_tx_pkt_uninit(s->tx_pkt);
-- vmxnet_rx_pkt_uninit(s->rx_pkt);
-+ vmxnet3_deactivate_device(s);
- qemu_del_nic(s->nic);
- }
-
---
-2.6.2
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
deleted file mode 100644
index 61a52ee..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Mon, 21 Dec 2015 15:13:13 +0530
-Subject: [PATCH] scsi: initialise info object with appropriate size
-
-While processing controller 'CTRL_GET_INFO' command, the routine
-'megasas_ctrl_get_info' overflows the '&info' object size. Use its
-appropriate size to null initialise it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: P J P <ppandit@redhat.com>
----
- hw/scsi/megasas.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index d7dc667..576f56c 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
- BusChild *kid;
- int num_pd_disks = 0;
-
-- memset(&info, 0x0, cmd->iov_size);
-+ memset(&info, 0x0, dcmd_size);
- if (cmd->iov_size < dcmd_size) {
- trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
- dcmd_size);
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
deleted file mode 100644
index be67336..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Wed, 13 Jan 2016 09:09:58 +0100
-Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
-
-When processing 'sendkey' command, hmp_sendkey routine null
-terminates the 'keyname_buf' array. This results in an OOB
-write issue, if 'keyname_len' was to fall outside of
-'keyname_buf' array.
-
-Since the keyname's length is known the keyname_buf can be
-removed altogether by adding a length parameter to
-index_from_key() and using it for the error output as well.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Message-Id: <20160113080958.GA18934@olga>
-[Comparison with "<" dumbed down, test for junk after strtoul()
-tweaked]
-Signed-off-by: Markus Armbruster <armbru@redhat.com>
----
- hmp.c | 18 ++++++++----------
- include/ui/console.h | 2 +-
- ui/input-legacy.c | 5 +++--
- 3 files changed, 12 insertions(+), 13 deletions(-)
-
-diff --git a/hmp.c b/hmp.c
-index 54f2620..9c571f5 100644
---- a/hmp.c
-+++ b/hmp.c
-@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
- int has_hold_time = qdict_haskey(qdict, "hold-time");
- int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
- Error *err = NULL;
-- char keyname_buf[16];
- char *separator;
- int keyname_len;
-
- while (1) {
- separator = strchr(keys, '-');
- keyname_len = separator ? separator - keys : strlen(keys);
-- pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
-
- /* Be compatible with old interface, convert user inputted "<" */
-- if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
-- pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
-+ if (keys[0] == '<' && keyname_len == 1) {
-+ keys = "less";
- keyname_len = 4;
- }
-- keyname_buf[keyname_len] = 0;
-
- keylist = g_malloc0(sizeof(*keylist));
- keylist->value = g_malloc0(sizeof(*keylist->value));
-@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
- }
- tmp = keylist;
-
-- if (strstart(keyname_buf, "0x", NULL)) {
-+ if (strstart(keys, "0x", NULL)) {
- char *endp;
-- int value = strtoul(keyname_buf, &endp, 0);
-- if (*endp != '\0') {
-+ int value = strtoul(keys, &endp, 0);
-+ assert(endp <= keys + keyname_len);
-+ if (endp != keys + keyname_len) {
- goto err_out;
- }
- keylist->value->type = KEY_VALUE_KIND_NUMBER;
- keylist->value->u.number = value;
- } else {
-- int idx = index_from_key(keyname_buf);
-+ int idx = index_from_key(keys, keyname_len);
- if (idx == Q_KEY_CODE_MAX) {
- goto err_out;
- }
-@@ -1789,7 +1787,7 @@ out:
- return;
-
- err_out:
-- monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
-+ monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
- goto out;
- }
-
-diff --git a/include/ui/console.h b/include/ui/console.h
-index adac36d..116bc2b 100644
---- a/include/ui/console.h
-+++ b/include/ui/console.h
-@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
- void curses_display_init(DisplayState *ds, int full_screen);
-
- /* input.c */
--int index_from_key(const char *key);
-+int index_from_key(const char *key, size_t key_length);
-
- /* gtk.c */
- void early_gtk_display_init(int opengl);
-diff --git a/ui/input-legacy.c b/ui/input-legacy.c
-index 35dfc27..3454055 100644
---- a/ui/input-legacy.c
-+++ b/ui/input-legacy.c
-@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
- static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
- QTAILQ_HEAD_INITIALIZER(led_handlers);
-
--int index_from_key(const char *key)
-+int index_from_key(const char *key, size_t key_length)
- {
- int i;
-
- for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
-- if (!strcmp(key, QKeyCode_lookup[i])) {
-+ if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
-+ !QKeyCode_lookup[i][key_length]) {
- break;
- }
- }
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
deleted file mode 100644
index 0dab1c3..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-https://bugs.gentoo.org/570110
-
-From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 28 Dec 2015 16:24:08 +0530
-Subject: [PATCH] net: rocker: fix an incorrect array bounds check
-
-While processing transmit(tx) descriptors in 'tx_consume' routine
-the switch emulator suffers from an off-by-one error, if a
-descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
-fragments. Fix an incorrect bounds check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/rocker/rocker.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
-index c57f1a6..2e77e50 100644
---- a/hw/net/rocker/rocker.c
-+++ b/hw/net/rocker/rocker.c
-@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
- frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
- frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
-
-+ if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
-+ goto err_too_many_frags;
-+ }
- iov[iovcnt].iov_len = frag_len;
- iov[iovcnt].iov_base = g_malloc(frag_len);
- if (!iov[iovcnt].iov_base) {
-@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
- err = -ROCKER_ENXIO;
- goto err_bad_io;
- }
--
-- if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
-- goto err_too_many_frags;
-- }
-+ iovcnt++;
- }
-
- if (iovcnt) {
---
-2.6.2
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
deleted file mode 100644
index b2bca56..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/570988
-
-From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 31 Dec 2015 17:05:27 +0530
-Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
-
-While doing ioport r/w operations, ne2000 device emulation suffers
-from OOB r/w errors. Update respective array bounds check to avoid
-OOB access.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/ne2000.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 010f9ef..a3dffff 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
- uint32_t val)
- {
- addr &= ~1; /* XXX: check exact behaviour if not even */
-- if (addr < 32 ||
-- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
-+ if (addr < 32
-+ || (addr >= NE2000_PMEM_START
-+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
- stl_le_p(s->mem + addr, val);
- }
- }
-@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
- static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
- {
- addr &= ~1; /* XXX: check exact behaviour if not even */
-- if (addr < 32 ||
-- (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
-+ if (addr < 32
-+ || (addr >= NE2000_PMEM_START
-+ && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
- return ldl_le_p(s->mem + addr);
- } else {
- return 0xffffffff;
---
-2.6.2
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
deleted file mode 100644
index 4ce9a35..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-https://bugs.gentoo.org/571566
-
-From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 11 Jan 2016 14:10:42 -0500
-Subject: [PATCH] ide: ahci: reset ncq object to unused on error
-
-When processing NCQ commands, AHCI device emulation prepares a
-NCQ transfer object; To which an aio control block(aiocb) object
-is assigned in 'execute_ncq_command'. In case, when the NCQ
-command is invalid, the 'aiocb' object is not assigned, and NCQ
-transfer object is left as 'used'. This leads to a use after
-free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
-Reset NCQ transfer object to 'unused' to avoid it.
-
-[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
-Signed-off-by: John Snow <jsnow@redhat.com>
----
- hw/ide/ahci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index dd1912e..17f1cbd 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
- ide_state->error = ABRT_ERR;
- ide_state->status = READY_STAT | ERR_STAT;
- ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
-+ ncq_tfs->used = 0;
- }
-
- static void ncq_finish(NCQTransferState *ncq_tfs)
---
-2.6.2
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
deleted file mode 100644
index 917fa2f..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
-From: "Gabriel L. Somlo" <somlo@cmu.edu>
-Date: Thu, 5 Nov 2015 09:32:50 -0500
-Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When calculating a pointer to the currently selected fw_cfg item, the
-following is used:
-
- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-
-When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
-a non-existent element in s->entries[arch][...], which is undefined.
-
-This patch ensures the resulting entry pointer is set to NULL whenever
-s->cur_entry is FW_CFG_INVALID.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
-Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
-Cc: Marc Marí <markmb@redhat.com>
-Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/nvram/fw_cfg.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
-index c2d3a0a..046fa74 100644
---- a/hw/nvram/fw_cfg.c
-+++ b/hw/nvram/fw_cfg.c
-@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
- static uint8_t fw_cfg_read(FWCfgState *s)
- {
- int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
-- FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-+ FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
-+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
- uint8_t ret;
-
- if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
-@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
- }
-
- arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
-- e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-+ e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
-+ &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-
- if (dma.control & FW_CFG_DMA_CTL_READ) {
- read = 1;
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
deleted file mode 100644
index 23c2341..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Fri, 18 Dec 2015 11:35:07 +0530
-Subject: [PATCH] i386: avoid null pointer dereference
-
- Hello,
-
-A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
-occurs while doing I/O port write operations via hmp interface. In that,
-'current_cpu' remains null as it is not called from cpu_exec loop, which
-results in the said issue.
-
-Below is a proposed (tested)patch to fix this issue; Does it look okay?
-
-===
-From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 18 Dec 2015 11:16:07 +0530
-Subject: [PATCH] i386: avoid null pointer dereference
-
-When I/O port write operation is called from hmp interface,
-'current_cpu' remains null, as it is not called from cpu_exec()
-loop. This leads to a null pointer dereference in vapic_write
-routine. Add check to avoid it.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: P J P <ppandit@redhat.com>
----
- hw/i386/kvmvapic.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index c6d34b2..f0922da 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
- static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
- unsigned int size)
- {
-- CPUState *cs = current_cpu;
-- X86CPU *cpu = X86_CPU(cs);
-- CPUX86State *env = &cpu->env;
-- hwaddr rom_paddr;
- VAPICROMState *s = opaque;
-+ X86CPU *cpu;
-+ CPUX86State *env;
-+ hwaddr rom_paddr;
-
-- cpu_synchronize_state(cs);
-+ if (!current_cpu) {
-+ return;
-+ }
-+
-+ cpu_synchronize_state(current_cpu);
-+ cpu = X86_CPU(current_cpu);
-+ env = &cpu->env;
-
- /*
- * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
deleted file mode 100644
index 2922193..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 19 Jan 2016 14:17:20 +0100
-Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
- start
-
-The start_xmit() and e1000_receive_iov() functions implement DMA transfers
-iterating over a set of descriptors that the guest's e1000 driver
-prepares:
-
-- the TDLEN and RDLEN registers store the total size of the descriptor
- area,
-
-- while the TDH and RDH registers store the offset (in whole tx / rx
- descriptors) into the area where the transfer is supposed to start.
-
-Each time a descriptor is processed, the TDH and RDH register is bumped
-(as appropriate for the transfer direction).
-
-QEMU already contains logic to deal with bogus transfers submitted by the
-guest:
-
-- Normally, the transmit case wants to increase TDH from its initial value
- to TDT. (TDT is allowed to be numerically smaller than the initial TDH
- value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
- that QEMU currently has here is a check against reaching the original
- TDH value again -- a complete wraparound, which should never happen.
-
-- In the receive case RDH is increased from its initial value until
- "total_size" bytes have been received; preferably in a single step, or
- in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
- RX descriptors are skipped without receiving data, while RDH is
- incremented just the same. QEMU tries to prevent an infinite loop
- (processing only null RX descriptors) by detecting whether RDH assumes
- its original value during the loop. (Again, wrapping from RDLEN to 0 is
- normal.)
-
-What both directions miss is that the guest could program TDLEN and RDLEN
-so low, and the initial TDH and RDH so high, that these registers will
-immediately be truncated to zero, and then never reassume their initial
-values in the loop -- a full wraparound will never occur.
-
-The condition that expresses this is:
-
- xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
-
-i.e., TDH or RDH start out after the last whole rx or tx descriptor that
-fits into the TDLEN or RDLEN sized area.
-
-This condition could be checked before we enter the loops, but
-pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
-bogus DMA addresses, so we just extend the existing failsafes with the
-above condition.
-
-This is CVE-2016-1981.
-
-Cc: "Michael S. Tsirkin" <mst@redhat.com>
-Cc: Petr Matousek <pmatouse@redhat.com>
-Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Cc: Prasad Pandit <ppandit@redhat.com>
-Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
-Cc: Jason Wang <jasowang@redhat.com>
-Cc: qemu-stable@nongnu.org
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Jason Wang <jasowang@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/e1000.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/e1000.c b/hw/net/e1000.c
-index 4eda7a3..0387fa0 100644
---- a/hw/net/e1000.c
-+++ b/hw/net/e1000.c
-@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
- * bogus values to TDT/TDLEN.
- * there's nothing too intelligent we could do about this.
- */
-- if (s->mac_reg[TDH] == tdh_start) {
-+ if (s->mac_reg[TDH] == tdh_start ||
-+ tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
- DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
- tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
- break;
-@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
- if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
- s->mac_reg[RDH] = 0;
- /* see comment in start_xmit; same here */
-- if (s->mac_reg[RDH] == rdh_start) {
-+ if (s->mac_reg[RDH] == rdh_start ||
-+ rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
- DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
- rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
- set_ics(s, 0, E1000_ICS_RXO);
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
deleted file mode 100644
index 0ab7b02..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
-From: John Snow <jsnow@redhat.com>
-Date: Wed, 10 Feb 2016 13:29:40 -0500
-Subject: [PATCH] ahci: Do not unmap NULL addresses
-
-Definitely don't try to unmap a garbage address.
-
-Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
-Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com
----
- hw/ide/ahci.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index 7e87b18..3a95dad 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
-
- static void ahci_unmap_fis_address(AHCIDevice *ad)
- {
-+ if (ad->res_fis == NULL) {
-+ DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
-+ return;
-+ }
- dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
- DMA_DIRECTION_FROM_DEVICE, 256);
- ad->res_fis = NULL;
-@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
-
- static void ahci_unmap_clb_address(AHCIDevice *ad)
- {
-+ if (ad->lst == NULL) {
-+ DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
-+ return;
-+ }
- dma_memory_unmap(ad->hba->as, ad->lst, 1024,
- DMA_DIRECTION_FROM_DEVICE, 1024);
- ad->lst = NULL;
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
deleted file mode 100644
index e7aa5ca..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 11 Feb 2016 16:31:20 +0530
-Subject: [PATCH] usb: check USB configuration descriptor object
-
-When processing remote NDIS control message packets, the USB Net
-device emulator checks to see if the USB configuration descriptor
-object is of RNDIS type(2). But it does not check if it is null,
-which leads to a null dereference error. Add check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-network.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
-index 985a629..5dc4538 100644
---- a/hw/usb/dev-network.c
-+++ b/hw/usb/dev-network.c
-@@ -654,7 +654,8 @@ typedef struct USBNetState {
-
- static int is_rndis(USBNetState *s)
- {
-- return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
-+ return s->dev.config ?
-+ s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
- }
-
- static int ndis_query(USBNetState *s, uint32_t oid,
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch b/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
deleted file mode 100644
index 2874b75..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 415ab35a441eca767d033a2702223e785b9d5190 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 24 Feb 2016 11:41:33 +0530
-Subject: [PATCH] net: ne2000: check ring buffer control registers
-
-Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
-bytes to process network packets. Registers PSTART & PSTOP
-define ring buffer size & location. Setting these registers
-to invalid values could lead to infinite loop or OOB r/w
-access issues. Add check to avoid it.
-
-Reported-by: Yang Hongke <yanghongke@huawei.com>
-Tested-by: Yang Hongke <yanghongke@huawei.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/ne2000.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index e408083..f0feaf9 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -155,6 +155,10 @@ static int ne2000_buffer_full(NE2000State *s)
- {
- int avail, index, boundary;
-
-+ if (s->stop <= s->start) {
-+ return 1;
-+ }
-+
- index = s->curpag << 8;
- boundary = s->boundary << 8;
- if (index < boundary)
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
deleted file mode 100644
index 2ddca3e..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 20 Jan 2016 01:26:46 +0530
-Subject: [PATCH] usb: check page select value while processing iTD
-
-While processing isochronous transfer descriptors(iTD), the page
-select(PG) field value could lead to an OOB read access. Add
-check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index ab00268..93601d9 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
- if (itd->transact[i] & ITD_XACT_ACTIVE) {
- pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
- off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
-- ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
-- ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
- len = get_field(itd->transact[i], ITD_XACT_LENGTH);
-
- if (len > max * mult) {
- len = max * mult;
- }
--
-- if (len > BUFF_SIZE) {
-+ if (len > BUFF_SIZE || pg > 6) {
- return -1;
- }
-
-+ ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
- qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
- if (off + len > 4096) {
- /* transfer crosses page border */
-+ if (pg == 6) {
-+ return -1; /* avoid page pg + 1 */
-+ }
-+ ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
- uint32_t len2 = off + len - 4096;
- uint32_t len1 = len - len2;
- qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
deleted file mode 100644
index da643fd..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 17 Feb 2016 00:23:41 +0530
-Subject: [PATCH] usb: check RNDIS buffer offsets & length
-
-When processing remote NDIS control message packets,
-the USB Net device emulator uses a fixed length(4096) data buffer.
-The incoming informationBufferOffset & Length combination could
-overflow and cross that range. Check control message buffer
-offsets and length to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-network.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
-index 5dc4538..c6abd38 100644
---- a/hw/usb/dev-network.c
-+++ b/hw/usb/dev-network.c
-@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
-
- bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
- buflen = le32_to_cpu(buf->InformationBufferLength);
-- if (bufoffs + buflen > length)
-+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
- return USB_RET_STALL;
-+ }
-
- infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
- bufoffs + (uint8_t *) buf, buflen, infobuf,
-@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
-
- bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
- buflen = le32_to_cpu(buf->InformationBufferLength);
-- if (bufoffs + buflen > length)
-+ if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
- return USB_RET_STALL;
-+ }
-
- ret = ndis_set(s, le32_to_cpu(buf->OID),
- bufoffs + (uint8_t *) buf, buflen);
-@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
- if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
- uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
- uint32_t size = le32_to_cpu(msg->DataLength);
-- if (offs + size <= len)
-+ if (offs < len && size < len && offs + size <= len) {
- qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
-+ }
- }
- s->out_ptr -= len;
- memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
---
-2.7.4
-
diff --git a/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch b/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
deleted file mode 100644
index 4856373..00000000
--- a/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01611.html
-
-From 6a2909cf98e892783b2502df6f7f4de46d13e42b Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Mon, 6 Jun 2016 17:58:26 -0400
-Subject: [PATCH] crypto: aes: always rename internal symbols
-
-OpenSSL's libcrypto always defines AES symbols with the same names as
-qemu's local aes code. This is problematic when enabling at least curl
-as that frequently also uses libcrypto. It might not be noticed when
-running, but if you try to statically link, everything falls down.
-
-An example snippet:
- LINK qemu-nbd
-.../libcrypto.a(aes-x86_64.o): In function 'AES_encrypt':
-(.text+0x460): multiple definition of 'AES_encrypt'
-crypto/aes.o:aes.c:(.text+0x670): first defined here
-.../libcrypto.a(aes-x86_64.o): In function 'AES_decrypt':
-(.text+0x9f0): multiple definition of 'AES_decrypt'
-crypto/aes.o:aes.c:(.text+0xb30): first defined here
-.../libcrypto.a(aes-x86_64.o): In function 'AES_cbc_encrypt':
-(.text+0xf90): multiple definition of 'AES_cbc_encrypt'
-crypto/aes.o:aes.c:(.text+0xff0): first defined here
-collect2: error: ld returned 1 exit status
-.../qemu-2.6.0/rules.mak:105: recipe for target 'qemu-nbd' failed
-make: *** [qemu-nbd] Error 1
-
-The aes.h header has redefines already for FreeBSD, but go ahead and
-enable that for everyone since there's no real good reason to not use
-a namespace all the time.
-
-Signed-off-by: Mike Frysinger <vapier@chromium.org>
----
- include/crypto/aes.h | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/include/crypto/aes.h b/include/crypto/aes.h
-index a006da2224a9..12fb321b89de 100644
---- a/include/crypto/aes.h
-+++ b/include/crypto/aes.h
-@@ -10,14 +10,13 @@ struct aes_key_st {
- };
- typedef struct aes_key_st AES_KEY;
-
--/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */
--#ifdef __FreeBSD__
-+/* FreeBSD/OpenSSL have their own AES functions with the same names in -lcrypto
-+ * (which might be pulled in via curl), so redefine to avoid conflicts. */
- #define AES_set_encrypt_key QEMU_AES_set_encrypt_key
- #define AES_set_decrypt_key QEMU_AES_set_decrypt_key
- #define AES_encrypt QEMU_AES_encrypt
- #define AES_decrypt QEMU_AES_decrypt
- #define AES_cbc_encrypt QEMU_AES_cbc_encrypt
--#endif
-
- int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key);
---
-2.8.2
-
diff --git a/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch b/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
deleted file mode 100644
index 5fd678c..00000000
--- a/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure 2016-08-07 15:50:20.386687733 +0200
-+++ b/configure 2016-08-07 15:53:55.489691690 +0200
-@@ -2967,7 +2967,7 @@
- }
- EOF
-
--if ! compile_prog "-Werror $CFLAGS" "$LIBS" ; then
-+if ! compile_prog "$CFLAGS" "$LIBS" ; then
- error_exit "sizeof(size_t) doesn't match GLIB_SIZEOF_SIZE_T."\
- "You probably need to set PKG_CONFIG_LIBDIR"\
- "to point to the right pkg-config files for your"\
next reply other threads:[~2016-09-05 5:30 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-05 5:30 Matthias Maier [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-08-20 8:01 [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/ Joonas Niilola
2023-11-20 20:20 Ulrich Müller
2023-10-22 16:33 Joonas Niilola
2023-02-22 11:32 Sam James
2022-01-12 8:38 Matthias Maier
2022-01-10 21:02 John Helmert III
2022-01-06 19:08 John Helmert III
2021-06-16 20:59 Sergei Trofimovich
2021-03-14 18:53 Conrad Kostecki
2020-09-21 21:48 Conrad Kostecki
2020-07-06 18:40 Sergei Trofimovich
2020-04-18 21:31 Sergei Trofimovich
2019-05-20 16:27 Matthias Maier
2018-03-30 2:54 Aaron Bauman
2018-03-27 15:44 Matthias Maier
2017-12-06 12:42 Michael Palimaka
2017-11-12 20:22 Matthias Maier
2017-07-26 19:37 Matthias Maier
2017-07-26 17:15 Matthias Maier
2016-08-15 20:36 Luca Barbato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1473053400.6ac7a9b9a00ee2c1afb780ffcafc8e66ce1b59d9.tamiko@gentoo \
--to=tamiko@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox