[gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

["Aric Belsito" <lluixhi@gmail.com>]

commit:     8ebff45190124dc7b8430fe4248ae40549aab9b9
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Feb 21 18:19:58 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Feb 21 18:19:58 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=8ebff451

app-emulation/qemu: version bump to 2.8.0-r3

drop 2.8.0 and 2.8.0-r2: no longer in tree.

 app-emulation/qemu/Manifest                        |  10 +-
 .../qemu/files/qemu-2.8.0-CVE-2017-2620.patch      |  56 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-2630.patch      |  22 +
 .../qemu/files/qemu-2.8.0-CVE-2017-5973.patch      |  87 +++
 .../qemu/files/qemu-2.8.0-CVE-2017-5987.patch      |  50 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-6058.patch      | 112 ++++
 app-emulation/qemu/qemu-2.8.0-r1.ebuild            |   2 +-
 .../{qemu-2.8.0-r2.ebuild => qemu-2.8.0-r3.ebuild} |   5 +
 app-emulation/qemu/qemu-2.8.0.ebuild               | 684 ---------------------
 9 files changed, 340 insertions(+), 688 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index db61483..45b7c89 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -11,6 +11,8 @@ AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d
 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
 AUX qemu-2.8.0-CVE-2017-2615.patch 1720 SHA256 33f3f81ff8e5dacfc4f33dd48bd7833843c209f6d2bd5b3102cc5694ad85a593 SHA512 32063428286a49a12daa481ba87f1b09be6504bf24c5759aacf88ef436312a890dfe44d08457d8b426f86ce7680700d32fb21a255a6db8eb512e612c16770d36 WHIRLPOOL 9f1eed6c6c3eeb1e8991d1aa82e12a004c223bdd635ec48e433ca93d054aa3dfb5986fe01e36df157ef20c685e07595eebdf5fe16ed7cf9034e1c9ddf8304dbb
+AUX qemu-2.8.0-CVE-2017-2620.patch 1879 SHA256 dc898ad08d83b5a904a68513784ec009d4e19373ec9170e58d0695cf733b1bbd SHA512 4c0cba0b7abf4923f8c4720ffe8aad98cf8a4cddfa9fdf1418a5895f107bd186599f4d8a87290e9459a425e4ac464663a6d500bf016f459cb81dbd7fbc8121cb WHIRLPOOL 8c2cb5c6a8cee9c1d44fe0e03b3f8f56de4f8a8515acdda4458610f543f2e2cf6bac2161b9a8128e3aaf0c65716d5a85a9caf7041fdc05ab7e222c87568a4d68
+AUX qemu-2.8.0-CVE-2017-2630.patch 681 SHA256 72c675456d02f188b1ccc680fb237900d32d315272d1b3b6c3caad08bc8130e2 SHA512 1dc5006455a06a83799094afab1ec4f2f3808174530f71d234d165275af3b11160bcf6c041c8e9e3138de7bd6ec4b7810b4532c496c018f0aa71716f2d437faa WHIRLPOOL 27c7835c00f5ad368921ae8c2251cc3eaef3f018242c42517f03102129368f85b99b144f4a3eb53e546352965e6a7f031f7545237e5334ee524059d461d29a8f
 AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
 AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
 AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
@@ -21,10 +23,12 @@ AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da93
 AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
 AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
 AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580e34b88c11716e62fad69931eb3d7ac6 SHA512 5b9a00f0964b153df7630655480b646e6615e831fd981642987d8691e9ddd265f64285d0e70c4f536bb370adb03a75548f7258bee8dbc2b7de15a3984fc8421b WHIRLPOOL c6d9440adf57ad1b560da03a455d9bdc3094c952f3c82a5e88fa6f2d0336ab767f0617b2916b68a5e3f5d30293749be40c12dfe93e8b7525fec9b8a453a65123
+AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
+AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
+AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.8.0-r1.ebuild 21622 SHA256 2f4029d16bcac486bbf4fd39ba15506084f6ef0f7e47910b3b6ab5d862041476 SHA512 3c77cdac3ee4417e7b0d1c4c0598372a1da889349148e2efca668a030df1f5e9a69ae6055f12234f7f4e21475b1d44f41170bfccb420fb5a5860172f945740e7 WHIRLPOOL 2e61f6fb672dbb8006ab51ff61754518592b1f5e32678c4789d9339d74d0acc182e45d4a54aaf2b36e52dfdf1a305c09e4c92a5c20c06cf52bd239ebac862e46
-EBUILD qemu-2.8.0-r2.ebuild 21674 SHA256 79e8b82d2901cf9d0e8c9c78c9a261e4a8d95407f81b02986a06fe454390b6b2 SHA512 5e9b760db15db8bfb7cfb14dd8c2957978f15fe143cdd3b80fdc0bae8f9a926c99fb9dfc824679fd340c094f84ff73def9985f17a1bdcaa6d7f826e896670401 WHIRLPOOL 07a84b97c865c11dfe7d763d4ca08afe02b6afcac28872c4bfffb3808d91bbb618d74963ded9d6ffe84bee077b2f0941ac5a93b4482838a1b38e7935ff59e567
-EBUILD qemu-2.8.0.ebuild 20856 SHA256 5cf0517d3327eac95727067f80702639132b87603029951ef2db8086f6fd34ae SHA512 10bcdad90a85786f0d2e4044be010e5d87f54fd0710c889205060e1404e5a24004e0095d7d3ee0f62735e3ab88d2af5986d371769125b13ffc5689edc5a95be8 WHIRLPOOL af455544650a9c0cb4bc2be588e3687dea90d14bbc3dad1aa76bcf65376317b85374151eee761239868b3ce8aaae089e4278b3897e5f013e4652c6801c66c9b6
+EBUILD qemu-2.8.0-r1.ebuild 21621 SHA256 bcf039d34f9bd43b288fd33c38233f115b6b8750989374bc656d6f950358c11a SHA512 d9e718720a4800995919d18b79c735fc7b46d569d4cb82bbe90ae3580eafa8e4e976ab4e34b72ff4a8823c6242cf767c876eecaa46af5d24a6a81918351c376c WHIRLPOOL 9c78a214862bb134df1183bc19cd8eb15cceb0ed7253bc584fc1ce5061e3c33a2c744f5e9175654f182621e410c2302a23a66f393e2e58c0717eff7e212548a8
+EBUILD qemu-2.8.0-r3.ebuild 21994 SHA256 8dd08d6fec72d5665c7e20e1af43d2cf3b40c58fcd37e8334f5bfa032d3e9e14 SHA512 511f271f23fbeb956b9fd67449479119111b50da36687bacee1a3ccf5dee91d4bcfc04349b05845f1c4e528cc7390243a98ba4c76d0b9c51b18e34febbd5e618 WHIRLPOOL c48f0cdb6ca1c13c7c41a949191fd82bb89154c352c8839776096eb9c1273136bbce62b0e2f852ab9f463fa7298804f03dba361bd7fd10dde96c969f53d8a53b
 MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
new file mode 100644
index 0000000..e2a9801
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
@@ -0,0 +1,56 @@
+From: Gerd Hoffmann <kraxel@redhat.com>
+Subject: [PATCH 3/3] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
+
+CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
+and blit width, at all.  Oops.  Fix it.
+
+Security impact: high.
+
+The missing blit destination check allows to write to host memory.
+Basically same as CVE-2014-8106 for the other blit variants.
+
+The missing blit width check allows to overflow cirrus_bltbuf,
+with the attractive target cirrus_srcptr (current cirrus_bltbuf write
+position) being located right after cirrus_bltbuf in CirrusVGAState.
+
+Due to cirrus emulation writing cirrus_bltbuf bytewise the attacker
+hasn't full control over cirrus_srcptr though, only one byte can be
+changed.  Once the first byte has been modified further writes land
+elsewhere.
+
+[ This is CVE-2017-2620 / XSA-209  - Ian Jackson ]
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/cirrus_vga.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 0e47cf8..a093dc8 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -899,6 +899,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
+ {
+     int w;
+ 
++    if (blit_is_unsafe(s)) {
++        return 0;
++    }
++
+     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
+     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
+     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
+@@ -924,6 +928,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
+ 	}
+         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
+     }
++
++    /* the blit_is_unsafe call above should catch this */
++    assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
++
+     s->cirrus_srcptr = s->cirrus_bltbuf;
+     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+     cirrus_update_memory_access(s);
+-- 
+1.8.3.1
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
new file mode 100644
index 0000000..034b322
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
@@ -0,0 +1,22 @@
+Comparison symbol is misused. It may lead to memory corruption.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
+---
+ nbd/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nbd/client.c b/nbd/client.c
+index 6caf6bda6d..351731bc63 100644
+--- a/nbd/client.c
++++ b/nbd/client.c
+@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
+     char small[1024];
+     char *buffer;
+ 
+-    buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
++    buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size));
+     while (size > 0) {
+         ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
+ 
+-- 
+2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
new file mode 100644
index 0000000..50ff3c9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
@@ -0,0 +1,87 @@
+Limits should be big enough that normal guest should not hit it.
+Add a tracepoint to log them, just in case.  Also, while being
+at it, log the existing link trb limit too.
+
+Reported-by: 李强 <address@hidden>
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/usb/hcd-xhci.c   | 15 ++++++++++++++-
+ hw/usb/trace-events |  1 +
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index fbf8a8b..28dd2f2 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -51,6 +51,8 @@
+ #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
+ 
+ #define TRB_LINK_LIMIT  4
++#define COMMAND_LIMIT   256
++#define TRANSFER_LIMIT  256
+ 
+ #define LEN_CAP         0x40
+ #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
+@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+             return type;
+         } else {
+             if (++link_cnt > TRB_LINK_LIMIT) {
++                trace_usb_xhci_enforced_limit("trb-link");
+                 return 0;
+             }
+             ring->dequeue = xhci_mask64(trb->parameter);
+@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
+     XHCIRing *ring;
+     USBEndpoint *ep = NULL;
+     uint64_t mfindex;
++    unsigned int count = 0;
+     int length;
+     int i;
+ 
+@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
+             epctx->retry = xfer;
+             break;
+         }
++        if (count++ > TRANSFER_LIMIT) {
++            trace_usb_xhci_enforced_limit("transfers");
++            break;
++        }
+     }
+     epctx->kick_active--;
+ 
+@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
+     TRBType type;
+     XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
+     dma_addr_t addr;
+-    unsigned int i, slotid = 0;
++    unsigned int i, slotid = 0, count = 0;
+ 
+     DPRINTF("xhci_process_commands()\n");
+     if (!xhci_running(xhci)) {
+@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
+         }
+         event.slotid = slotid;
+         xhci_event(xhci, &event, 0);
++
++        if (count++ > COMMAND_LIMIT) {
++            trace_usb_xhci_enforced_limit("commands");
++            return;
++        }
+     }
+ }
+ 
+diff --git a/hw/usb/trace-events b/hw/usb/trace-events
+index fdd1d29..0c323d4 100644
+--- a/hw/usb/trace-events
++++ b/hw/usb/trace-events
+@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
+ usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
+ usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
+ usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
++usb_xhci_enforced_limit(const char *item) "%s"
+ 
+ # hw/usb/desc.c
+ usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
+-- 
+1.8.3.1
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
new file mode 100644
index 0000000..bfde2e9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
@@ -0,0 +1,50 @@
+From: Prasad J Pandit <address@hidden>
+
+In the SDHCI protocol, the transfer mode register value
+is used during multi block transfer to check if block count
+register is enabled and should be updated. Transfer mode
+register could be set such that, block count register would
+not be updated, thus leading to an infinite loop. Add check
+to avoid it.
+
+Reported-by: Wjjzhang <address@hidden>
+Reported-by: Jiang Xin <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/sd/sdhci.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+Update: use qemu_log_mask(LOG_UNIMP, ...)
+  -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 5bd5ab6..a9c744b 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+     uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
+     uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+ 
++    if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
++        qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
++        return;
++    }
++
+     /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+      * possible stop at page boundary if initial address is not page aligned,
+      * allow them to work properly */
+@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
+     if (s->trnmod & SDHC_TRNS_DMA) {
+         switch (SDHC_DMA_TYPE(s->hostctl)) {
+         case SDHC_CTRL_SDMA:
+-            if ((s->trnmod & SDHC_TRNS_MULTI) &&
+-                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
+-                break;
+-            }
+-
+             if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
+                 sdhci_sdma_transfer_single_block(s);
+             } else {
+-- 
+2.9.3
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
new file mode 100644
index 0000000..666c18c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
@@ -0,0 +1,112 @@
+This patch fixed a problem that was introduced in commit eb700029.
+
+When net_rx_pkt_attach_iovec() calls eth_strip_vlan()
+this can result in pkt->ehdr_buf being overflowed, because
+ehdr_buf is only sizeof(struct eth_header) bytes large
+but eth_strip_vlan() can write
+sizeof(struct eth_header) + sizeof(struct vlan_header)
+bytes into it.
+
+Devices affected by this problem: vmxnet3.
+
+Reported-by: Peter Maydell <address@hidden>
+Signed-off-by: Dmitry Fleytman <address@hidden>
+---
+ hw/net/net_rx_pkt.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/hw/net/net_rx_pkt.c b/hw/net/net_rx_pkt.c
+index 1019b50..7c0beac 100644
+--- a/hw/net/net_rx_pkt.c
++++ b/hw/net/net_rx_pkt.c
+@@ -23,13 +23,13 @@
+ 
+ struct NetRxPkt {
+     struct virtio_net_hdr virt_hdr;
+-    uint8_t ehdr_buf[sizeof(struct eth_header)];
++    uint8_t ehdr_buf[sizeof(struct eth_header) + sizeof(struct vlan_header)];
+     struct iovec *vec;
+     uint16_t vec_len_total;
+     uint16_t vec_len;
+     uint32_t tot_len;
+     uint16_t tci;
+-    bool vlan_stripped;
++    size_t ehdr_buf_len;
+     bool has_virt_hdr;
+     eth_pkt_types_e packet_type;
+ 
+@@ -88,15 +88,13 @@ net_rx_pkt_pull_data(struct NetRxPkt *pkt,
+                         const struct iovec *iov, int iovcnt,
+                         size_t ploff)
+ {
+-    if (pkt->vlan_stripped) {
++    if (pkt->ehdr_buf_len) {
+         net_rx_pkt_iovec_realloc(pkt, iovcnt + 1);
+ 
+         pkt->vec[0].iov_base = pkt->ehdr_buf;
+-        pkt->vec[0].iov_len = sizeof(pkt->ehdr_buf);
+-
+-        pkt->tot_len =
+-            iov_size(iov, iovcnt) - ploff + sizeof(struct eth_header);
++        pkt->vec[0].iov_len = pkt->ehdr_buf_len;
+ 
++        pkt->tot_len = iov_size(iov, iovcnt) - ploff + pkt->ehdr_buf_len;
+         pkt->vec_len = iov_copy(pkt->vec + 1, pkt->vec_len_total - 1,
+                                 iov, iovcnt, ploff, pkt->tot_len);
+     } else {
+@@ -123,11 +121,12 @@ void net_rx_pkt_attach_iovec(struct NetRxPkt *pkt,
+     uint16_t tci = 0;
+     uint16_t ploff = iovoff;
+     assert(pkt);
+-    pkt->vlan_stripped = false;
+ 
+     if (strip_vlan) {
+-        pkt->vlan_stripped = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
+-                                            &ploff, &tci);
++        pkt->ehdr_buf_len = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
++                                           &ploff, &tci);
++    } else {
++        pkt->ehdr_buf_len = 0;
+     }
+ 
+     pkt->tci = tci;
+@@ -143,12 +142,13 @@ void net_rx_pkt_attach_iovec_ex(struct NetRxPkt *pkt,
+     uint16_t tci = 0;
+     uint16_t ploff = iovoff;
+     assert(pkt);
+-    pkt->vlan_stripped = false;
+ 
+     if (strip_vlan) {
+-        pkt->vlan_stripped = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
+-                                               pkt->ehdr_buf,
+-                                               &ploff, &tci);
++        pkt->ehdr_buf_len = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
++                                              pkt->ehdr_buf,
++                                              &ploff, &tci);
++    } else {
++        pkt->ehdr_buf_len = 0;
+     }
+ 
+     pkt->tci = tci;
+@@ -162,8 +162,8 @@ void net_rx_pkt_dump(struct NetRxPkt *pkt)
+     NetRxPkt *pkt = (NetRxPkt *)pkt;
+     assert(pkt);
+ 
+-    printf("RX PKT: tot_len: %d, vlan_stripped: %d, vlan_tag: %d\n",
+-              pkt->tot_len, pkt->vlan_stripped, pkt->tci);
++    printf("RX PKT: tot_len: %d, ehdr_buf_len: %lu, vlan_tag: %d\n",
++              pkt->tot_len, pkt->ehdr_buf_len, pkt->tci);
+ #endif
+ }
+ 
+@@ -426,7 +426,7 @@ bool net_rx_pkt_is_vlan_stripped(struct NetRxPkt *pkt)
+ {
+     assert(pkt);
+ 
+-    return pkt->vlan_stripped;
++    return pkt->ehdr_buf_len ? true : false;
+ }
+ 
+ bool net_rx_pkt_has_virt_hdr(struct NetRxPkt *pkt)
+-- 
+2.7.4

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
index 16dd327..220ad6f 100644
--- a/app-emulation/qemu/qemu-2.8.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"

diff --git a/app-emulation/qemu/qemu-2.8.0-r2.ebuild b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.8.0-r2.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r3.ebuild
index 28498f6..6feffe0 100644
--- a/app-emulation/qemu/qemu-2.8.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
@@ -346,6 +346,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2630.patch   #609396
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
@@ -356,6 +357,10 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY

diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
deleted file mode 100644
index 2922f9d..0000000
--- a/app-emulation/qemu/qemu-2.8.0.ebuild
+++ /dev/null
@@ -1,684 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			$(use_enable bzip2)
-		)
-		static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}