public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-07-27 17:59 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-07-27 17:59 UTC (permalink / raw
  To: gentoo-commits

commit:     9212f510625a88c624d5d8d9456842091ee93305
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu Jul 27 17:59:01 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu Jul 27 17:59:01 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=9212f510

app-emulation/qemu: restore patch

deleted the wrong one..

 app-emulation/qemu/Manifest                        |   2 +-
 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch      | 174 ++++++
 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch      | 601 ---------------------
 3 files changed, 175 insertions(+), 602 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index e4a3f79..e3f4bd2 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -9,7 +9,7 @@ AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155d
 AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
 AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
 AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
-AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc
+AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
 AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
 AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
 AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
new file mode 100644
index 0000000..346e771
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
@@ -0,0 +1,174 @@
+From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Fri, 5 May 2017 14:48:08 +0200
+Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
+
+When using the mapped-file security mode, we shouldn't let the client mess
+with the metadata. The current code already tries to hide the metadata dir
+from the client by skipping it in local_readdir(). But the client can still
+access or modify it through several other operations. This can be used to
+escalate privileges in the guest.
+
+Affected backend operations are:
+- local_mknod()
+- local_mkdir()
+- local_open2()
+- local_symlink()
+- local_link()
+- local_unlinkat()
+- local_renameat()
+- local_rename()
+- local_name_to_path()
+
+Other operations are safe because they are only passed a fid path, which
+is computed internally in local_name_to_path().
+
+This patch converts all the functions listed above to fail and return
+EINVAL when being passed the name of the metadata dir. This may look
+like a poor choice for errno, but there's no such thing as an illegal
+path name on Linux and I could not think of anything better.
+
+This fixes CVE-2017-7493.
+
+Reported-by: Leo Gaspard <leo@gaspard.io>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+---
+ hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 56 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index f3ebca4f7a..a2486566af 100644
+--- a/hw/9pfs/9p-local.c
++++ b/hw/9pfs/9p-local.c
+@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
+     return telldir(fs->dir.stream);
+ }
+ 
++static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
++{
++    return !strcmp(name, VIRTFS_META_DIR);
++}
++
+ static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
+ {
+     struct dirent *entry;
+@@ -465,8 +470,8 @@ again:
+     if (ctx->export_flags & V9FS_SM_MAPPED) {
+         entry->d_type = DT_UNKNOWN;
+     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
+-        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
+-            /* skp the meta data directory */
++        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
++            /* skip the meta data directory */
+             goto again;
+         }
+         entry->d_type = DT_UNKNOWN;
+@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     /*
+      * Mark all the open to not follow symlinks
+      */
+@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
+     int ret = -1;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, odirpath);
+     if (odirfd == -1) {
+         goto out;
+@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
+ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
+                               const char *name, V9fsPath *target)
+ {
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     if (dir_path) {
+         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+     } else if (strcmp(name, "/")) {
+@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
+     int ret;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        (local_is_mapped_file_metadata(ctx, old_name) ||
++         local_is_mapped_file_metadata(ctx, new_name))) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, olddir->data);
+     if (odirfd == -1) {
+         return -1;
+@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
+     int ret;
+     int dirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(ctx, dir->data);
+     if (dirfd == -1) {
+         return -1;
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
deleted file mode 100644
index 3af1697..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
+++ /dev/null
@@ -1,601 +0,0 @@
-From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Date: Fri, 2 Jun 2017 18:01:41 +0300
-Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
-
-Functions nbd_negotiate_{read,write,drop_sync} were introduced in
-1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
-qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
-qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
-setting any handlers. But starting from ff82911cd nbd_rwv (was
-nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
-watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
-let's just use nbd_{read,write,drop} functions.
-
-Functions nbd_{read,write,drop} has errp parameter, which is unused in
-this patch. This will be fixed later.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/server.c | 107 ++++++++++++-----------------------------------------------
- 1 file changed, 22 insertions(+), 85 deletions(-)
-
-diff --git a/nbd/client.c b/nbd/client.c
-index a58fb02..6b74a62 100644
---- a/nbd/client.c
-+++ b/nbd/client.c
-@@ -86,9 +86,9 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
- 
- */
- 
--/* Discard length bytes from channel.  Return -errno on failure, or
-- * the amount of bytes consumed. */
--static ssize_t drop_sync(QIOChannel *ioc, size_t size)
-+/* Discard length bytes from channel.  Return -errno on failure and 0 on
-+ * success*/
-+static int drop_sync(QIOChannel *ioc, size_t size)
- {
-     ssize_t ret = 0;
-     char small[1024];
-@@ -96,14 +96,13 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
- 
-     buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
-     while (size > 0) {
--        ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
-+        ssize_t count = MIN(65536, size);
-+        ret = read_sync(ioc, buffer, MIN(65536, size));
- 
--        if (count <= 0) {
-+        if (ret < 0) {
-             goto cleanup;
-         }
--        assert(count <= size);
-         size -= count;
--        ret += count;
-     }
- 
-  cleanup:
-@@ -136,12 +135,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt,
-     stl_be_p(&req.option, opt);
-     stl_be_p(&req.length, len);
- 
--    if (write_sync(ioc, &req, sizeof(req)) != sizeof(req)) {
-+    if (write_sync(ioc, &req, sizeof(req)) < 0) {
-         error_setg(errp, "Failed to send option request header");
-         return -1;
-     }
- 
--    if (len && write_sync(ioc, (char *) data, len) != len) {
-+    if (len && write_sync(ioc, (char *) data, len) < 0) {
-         error_setg(errp, "Failed to send option request data");
-         return -1;
-     }
-@@ -170,7 +169,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
-                                     nbd_opt_reply *reply, Error **errp)
- {
-     QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
--    if (read_sync(ioc, reply, sizeof(*reply)) != sizeof(*reply)) {
-+    if (read_sync(ioc, reply, sizeof(*reply)) < 0) {
-         error_setg(errp, "failed to read option reply");
-         nbd_send_opt_abort(ioc);
-         return -1;
-@@ -219,7 +218,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
-             goto cleanup;
-         }
-         msg = g_malloc(reply->length + 1);
--        if (read_sync(ioc, msg, reply->length) != reply->length) {
-+        if (read_sync(ioc, msg, reply->length) < 0) {
-             error_setg(errp, "failed to read option error message");
-             goto cleanup;
-         }
-@@ -321,7 +320,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
-         nbd_send_opt_abort(ioc);
-         return -1;
-     }
--    if (read_sync(ioc, &namelen, sizeof(namelen)) != sizeof(namelen)) {
-+    if (read_sync(ioc, &namelen, sizeof(namelen)) < 0) {
-         error_setg(errp, "failed to read option name length");
-         nbd_send_opt_abort(ioc);
-         return -1;
-@@ -334,7 +333,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
-         return -1;
-     }
-     if (namelen != strlen(want)) {
--        if (drop_sync(ioc, len) != len) {
-+        if (drop_sync(ioc, len) < 0) {
-             error_setg(errp, "failed to skip export name with wrong length");
-             nbd_send_opt_abort(ioc);
-             return -1;
-@@ -343,14 +342,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
-     }
- 
-     assert(namelen < sizeof(name));
--    if (read_sync(ioc, name, namelen) != namelen) {
-+    if (read_sync(ioc, name, namelen) < 0) {
-         error_setg(errp, "failed to read export name");
-         nbd_send_opt_abort(ioc);
-         return -1;
-     }
-     name[namelen] = '\0';
-     len -= namelen;
--    if (drop_sync(ioc, len) != len) {
-+    if (drop_sync(ioc, len) < 0) {
-         error_setg(errp, "failed to read export description");
-         nbd_send_opt_abort(ioc);
-         return -1;
-@@ -477,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-         goto fail;
-     }
- 
--    if (read_sync(ioc, buf, 8) != 8) {
-+    if (read_sync(ioc, buf, 8) < 0) {
-         error_setg(errp, "Failed to read data");
-         goto fail;
-     }
-@@ -503,7 +502,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-         goto fail;
-     }
- 
--    if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
-+    if (read_sync(ioc, &magic, sizeof(magic)) < 0) {
-         error_setg(errp, "Failed to read magic");
-         goto fail;
-     }
-@@ -515,8 +514,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-         uint16_t globalflags;
-         bool fixedNewStyle = false;
- 
--        if (read_sync(ioc, &globalflags, sizeof(globalflags)) !=
--            sizeof(globalflags)) {
-+        if (read_sync(ioc, &globalflags, sizeof(globalflags)) < 0) {
-             error_setg(errp, "Failed to read server flags");
-             goto fail;
-         }
-@@ -534,8 +532,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-         }
-         /* client requested flags */
-         clientflags = cpu_to_be32(clientflags);
--        if (write_sync(ioc, &clientflags, sizeof(clientflags)) !=
--            sizeof(clientflags)) {
-+        if (write_sync(ioc, &clientflags, sizeof(clientflags)) < 0) {
-             error_setg(errp, "Failed to send clientflags field");
-             goto fail;
-         }
-@@ -573,13 +570,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-         }
- 
-         /* Read the response */
--        if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
-+        if (read_sync(ioc, &s, sizeof(s)) < 0) {
-             error_setg(errp, "Failed to read export length");
-             goto fail;
-         }
-         *size = be64_to_cpu(s);
- 
--        if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) {
-+        if (read_sync(ioc, flags, sizeof(*flags)) < 0) {
-             error_setg(errp, "Failed to read export flags");
-             goto fail;
-         }
-@@ -596,14 +593,14 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-             goto fail;
-         }
- 
--        if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
-+        if (read_sync(ioc, &s, sizeof(s)) < 0) {
-             error_setg(errp, "Failed to read export length");
-             goto fail;
-         }
-         *size = be64_to_cpu(s);
-         TRACE("Size is %" PRIu64, *size);
- 
--        if (read_sync(ioc, &oldflags, sizeof(oldflags)) != sizeof(oldflags)) {
-+        if (read_sync(ioc, &oldflags, sizeof(oldflags)) < 0) {
-             error_setg(errp, "Failed to read export flags");
-             goto fail;
-         }
-@@ -619,7 +616,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
-     }
- 
-     TRACE("Size is %" PRIu64 ", export flags %" PRIx16, *size, *flags);
--    if (zeroes && drop_sync(ioc, 124) != 124) {
-+    if (zeroes && drop_sync(ioc, 124) < 0) {
-         error_setg(errp, "Failed to read reserved block");
-         goto fail;
-     }
-@@ -744,7 +741,6 @@ int nbd_disconnect(int fd)
- ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
- {
-     uint8_t buf[NBD_REQUEST_SIZE];
--    ssize_t ret;
- 
-     TRACE("Sending request to server: "
-           "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64
-@@ -759,16 +755,7 @@ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
-     stq_be_p(buf + 16, request->from);
-     stl_be_p(buf + 24, request->len);
- 
--    ret = write_sync(ioc, buf, sizeof(buf));
--    if (ret < 0) {
--        return ret;
--    }
--
--    if (ret != sizeof(buf)) {
--        LOG("writing to socket failed");
--        return -EINVAL;
--    }
--    return 0;
-+    return write_sync(ioc, buf, sizeof(buf));
- }
- 
- ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
-@@ -777,7 +764,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
-     uint32_t magic;
-     ssize_t ret;
- 
--    ret = read_sync(ioc, buf, sizeof(buf));
-+    ret = read_sync_eof(ioc, buf, sizeof(buf));
-     if (ret <= 0) {
-         return ret;
-     }
-diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
-index f43d990..e6bbc7c 100644
---- a/nbd/nbd-internal.h
-+++ b/nbd/nbd-internal.h
-@@ -94,7 +94,13 @@
- #define NBD_ENOSPC     28
- #define NBD_ESHUTDOWN  108
- 
--static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
-+/* read_sync_eof
-+ * Tries to read @size bytes from @ioc. Returns number of bytes actually read.
-+ * May return a value >= 0 and < size only on EOF, i.e. when iteratively called
-+ * qio_channel_readv() returns 0. So, there are no needs to call read_sync_eof
-+ * iteratively.
-+ */
-+static inline ssize_t read_sync_eof(QIOChannel *ioc, void *buffer, size_t size)
- {
-     struct iovec iov = { .iov_base = buffer, .iov_len = size };
-     /* Sockets are kept in blocking mode in the negotiation phase.  After
-@@ -105,12 +111,32 @@ static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
-     return nbd_wr_syncv(ioc, &iov, 1, size, true);
- }
- 
--static inline ssize_t write_sync(QIOChannel *ioc, const void *buffer,
--                                 size_t size)
-+/* read_sync
-+ * Reads @size bytes from @ioc. Returns 0 on success.
-+ */
-+static inline int read_sync(QIOChannel *ioc, void *buffer, size_t size)
-+{
-+    ssize_t ret = read_sync_eof(ioc, buffer, size);
-+
-+    if (ret >= 0 && ret != size) {
-+        ret = -EINVAL;
-+    }
-+
-+    return ret < 0 ? ret : 0;
-+}
-+
-+/* write_sync
-+ * Writes @size bytes to @ioc. Returns 0 on success.
-+ */
-+static inline int write_sync(QIOChannel *ioc, const void *buffer, size_t size)
- {
-     struct iovec iov = { .iov_base = (void *) buffer, .iov_len = size };
- 
--    return nbd_wr_syncv(ioc, &iov, 1, size, false);
-+    ssize_t ret = nbd_wr_syncv(ioc, &iov, 1, size, false);
-+
-+    assert(ret < 0 || ret == size);
-+
-+    return ret < 0 ? ret : 0;
- }
- 
- struct NBDTLSHandshakeData {
-diff --git a/nbd/server.c b/nbd/server.c
-index 924a1fe..a1f106b 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -104,69 +104,6 @@ struct NBDClient {
- 
- static void nbd_client_receive_next_request(NBDClient *client);
- 
--static gboolean nbd_negotiate_continue(QIOChannel *ioc,
--                                       GIOCondition condition,
--                                       void *opaque)
--{
--    qemu_coroutine_enter(opaque);
--    return TRUE;
--}
--
--static ssize_t nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
--{
--    ssize_t ret;
--    guint watch;
--
--    assert(qemu_in_coroutine());
--    /* Negotiation are always in main loop. */
--    watch = qio_channel_add_watch(ioc,
--                                  G_IO_IN,
--                                  nbd_negotiate_continue,
--                                  qemu_coroutine_self(),
--                                  NULL);
--    ret = read_sync(ioc, buffer, size);
--    g_source_remove(watch);
--    return ret;
--
--}
--
--static ssize_t nbd_negotiate_write(QIOChannel *ioc, const void *buffer,
--                                   size_t size)
--{
--    ssize_t ret;
--    guint watch;
--
--    assert(qemu_in_coroutine());
--    /* Negotiation are always in main loop. */
--    watch = qio_channel_add_watch(ioc,
--                                  G_IO_OUT,
--                                  nbd_negotiate_continue,
--                                  qemu_coroutine_self(),
--                                  NULL);
--    ret = write_sync(ioc, buffer, size);
--    g_source_remove(watch);
--    return ret;
--}
--
--static ssize_t nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
--{
--    ssize_t ret, dropped = size;
--    uint8_t *buffer = g_malloc(MIN(65536, size));
--
--    while (size > 0) {
--        ret = nbd_negotiate_read(ioc, buffer, MIN(65536, size));
--        if (ret < 0) {
--            g_free(buffer);
--            return ret;
--        }
--
--        assert(ret <= size);
--        size -= ret;
--    }
--
--    g_free(buffer);
--    return dropped;
--}
- 
- /* Basic flow for negotiation
- 
-@@ -206,22 +143,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
-           type, opt, len);
- 
-     magic = cpu_to_be64(NBD_REP_MAGIC);
--    if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
-+    if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
-         LOG("write failed (rep magic)");
-         return -EINVAL;
-     }
-     opt = cpu_to_be32(opt);
--    if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) != sizeof(opt)) {
-+    if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
-         LOG("write failed (rep opt)");
-         return -EINVAL;
-     }
-     type = cpu_to_be32(type);
--    if (nbd_negotiate_write(ioc, &type, sizeof(type)) != sizeof(type)) {
-+    if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
-         LOG("write failed (rep type)");
-         return -EINVAL;
-     }
-     len = cpu_to_be32(len);
--    if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
-+    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
-         LOG("write failed (rep data length)");
-         return -EINVAL;
-     }
-@@ -256,7 +193,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
-     if (ret < 0) {
-         goto out;
-     }
--    if (nbd_negotiate_write(ioc, msg, len) != len) {
-+    if (nbd_write(ioc, msg, len, NULL) < 0) {
-         LOG("write failed (error message)");
-         ret = -EIO;
-     } else {
-@@ -287,15 +224,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
-     }
- 
-     len = cpu_to_be32(name_len);
--    if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
-+    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
-         LOG("write failed (name length)");
-         return -EINVAL;
-     }
--    if (nbd_negotiate_write(ioc, name, name_len) != name_len) {
-+    if (nbd_write(ioc, name, name_len, NULL) < 0) {
-         LOG("write failed (name buffer)");
-         return -EINVAL;
-     }
--    if (nbd_negotiate_write(ioc, desc, desc_len) != desc_len) {
-+    if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
-         LOG("write failed (description buffer)");
-         return -EINVAL;
-     }
-@@ -309,7 +246,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
-     NBDExport *exp;
- 
-     if (length) {
--        if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
-+        if (nbd_drop(client->ioc, length, NULL) < 0) {
-             return -EIO;
-         }
-         return nbd_negotiate_send_rep_err(client->ioc,
-@@ -340,7 +277,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
-         LOG("Bad length received");
-         goto fail;
-     }
--    if (nbd_negotiate_read(client->ioc, name, length) != length) {
-+    if (nbd_read(client->ioc, name, length, NULL) < 0) {
-         LOG("read failed");
-         goto fail;
-     }
-@@ -373,7 +310,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
-     TRACE("Setting up TLS");
-     ioc = client->ioc;
-     if (length) {
--        if (nbd_negotiate_drop_sync(ioc, length) != length) {
-+        if (nbd_drop(ioc, length, NULL) < 0) {
-             return NULL;
-         }
-         nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
-@@ -437,8 +374,7 @@ static int nbd_negotiate_options(NBDClient *client)
-         ...           Rest of request
-     */
- 
--    if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) !=
--        sizeof(flags)) {
-+    if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
-         LOG("read failed");
-         return -EIO;
-     }
-@@ -464,8 +400,7 @@ static int nbd_negotiate_options(NBDClient *client)
-         uint32_t clientflags, length;
-         uint64_t magic;
- 
--        if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) !=
--            sizeof(magic)) {
-+        if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
-             LOG("read failed");
-             return -EINVAL;
-         }
-@@ -475,15 +410,15 @@ static int nbd_negotiate_options(NBDClient *client)
-             return -EINVAL;
-         }
- 
--        if (nbd_negotiate_read(client->ioc, &clientflags,
--                               sizeof(clientflags)) != sizeof(clientflags)) {
-+        if (nbd_read(client->ioc, &clientflags,
-+                      sizeof(clientflags), NULL) < 0)
-+        {
-             LOG("read failed");
-             return -EINVAL;
-         }
-         clientflags = be32_to_cpu(clientflags);
- 
--        if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) !=
--            sizeof(length)) {
-+        if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
-             LOG("read failed");
-             return -EINVAL;
-         }
-@@ -513,7 +448,7 @@ static int nbd_negotiate_options(NBDClient *client)
-                 return -EINVAL;
- 
-             default:
--                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
-+                if (nbd_drop(client->ioc, length, NULL) < 0) {
-                     return -EIO;
-                 }
-                 ret = nbd_negotiate_send_rep_err(client->ioc,
-@@ -551,7 +486,7 @@ static int nbd_negotiate_options(NBDClient *client)
-                 return nbd_negotiate_handle_export_name(client, length);
- 
-             case NBD_OPT_STARTTLS:
--                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
-+                if (nbd_drop(client->ioc, length, NULL) < 0) {
-                     return -EIO;
-                 }
-                 if (client->tlscreds) {
-@@ -570,7 +505,7 @@ static int nbd_negotiate_options(NBDClient *client)
-                 }
-                 break;
-             default:
--                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
-+                if (nbd_drop(client->ioc, length, NULL) < 0) {
-                     return -EIO;
-                 }
-                 ret = nbd_negotiate_send_rep_err(client->ioc,
-@@ -659,12 +594,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
-             TRACE("TLS cannot be enabled with oldstyle protocol");
-             goto fail;
-         }
--        if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) != sizeof(buf)) {
-+        if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
-             LOG("write failed");
-             goto fail;
-         }
-     } else {
--        if (nbd_negotiate_write(client->ioc, buf, 18) != 18) {
-+        if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
-             LOG("write failed");
-             goto fail;
-         }
-@@ -679,7 +614,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
-         stq_be_p(buf + 18, client->exp->size);
-         stw_be_p(buf + 26, client->exp->nbdflags | myflags);
-         len = client->no_zeroes ? 10 : sizeof(buf) - 18;
--        if (nbd_negotiate_write(client->ioc, buf + 18, len) != len) {
-+        if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
-             LOG("write failed");
-             goto fail;
-         }
-@@ -702,11 +637,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
-         return ret;
-     }
- 
--    if (ret != sizeof(buf)) {
--        LOG("read failed");
--        return -EINVAL;
--    }
--
-     /* Request
-        [ 0 ..  3]   magic   (NBD_REQUEST_MAGIC)
-        [ 4 ..  5]   flags   (NBD_CMD_FLAG_FUA, ...)
-@@ -737,7 +667,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
- static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
- {
-     uint8_t buf[NBD_REPLY_SIZE];
--    ssize_t ret;
- 
-     reply->error = system_errno_to_nbd_errno(reply->error);
- 
-@@ -754,16 +683,7 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
-     stl_be_p(buf + 4, reply->error);
-     stq_be_p(buf + 8, reply->handle);
- 
--    ret = write_sync(ioc, buf, sizeof(buf));
--    if (ret < 0) {
--        return ret;
--    }
--
--    if (ret != sizeof(buf)) {
--        LOG("writing to socket failed");
--        return -EINVAL;
--    }
--    return 0;
-+    return write_sync(ioc, buf, sizeof(buf));
- }
- 
- #define MAX_NBD_REQUESTS 16
-@@ -1067,7 +987,7 @@ static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply,
-         rc = nbd_send_reply(client->ioc, reply);
-         if (rc >= 0) {
-             ret = write_sync(client->ioc, req->data, len);
--            if (ret != len) {
-+            if (ret < 0) {
-                 rc = -EIO;
-             }
-         }
-@@ -1141,7 +1061,7 @@ static ssize_t nbd_co_receive_request(NBDRequestData *req,
-     if (request->type == NBD_CMD_WRITE) {
-         TRACE("Reading %" PRIu32 " byte(s)", request->len);
- 
--        if (read_sync(client->ioc, req->data, request->len) != request->len) {
-+        if (read_sync(client->ioc, req->data, request->len) < 0) {
-             LOG("reading from socket failed");
-             rc = -EIO;
-             goto out;


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2018-02-17 23:51 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2018-02-17 23:51 UTC (permalink / raw
  To: gentoo-commits

commit:     25f63befd303b4029bdd4fbc96bef1cab8b7355c
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sat Feb 17 23:48:14 2018 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sat Feb 17 23:49:01 2018 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=25f63bef

app-emulation/qemu: version bump to 2.11.1

 app-emulation/qemu/Manifest                        |  3 +-
 .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch    | 54 --------------------
 .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch    | 58 ----------------------
 app-emulation/qemu/qemu-2.11.0.ebuild              |  4 +-
 .../{qemu-2.10.1-r1.ebuild => qemu-2.11.1.ebuild}  | 12 +++--
 5 files changed, 12 insertions(+), 119 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 9f60936..218a778 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,3 +1,4 @@
-DIST qemu-2.10.1.tar.bz2 30821108 BLAKE2B bb096139f6b387a3cf3933dd3aeb97777479022b1b34ed0212b51d7061f9a19b3e83a4e9a13c6cf81c14718731ddf8646226a5b0d99ebbc9abb387d7eec94238 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f
 DIST qemu-2.11.0-patches-r0.tar.xz 16140 BLAKE2B 2e23908075195a7c28df574525a159e171277a2da6d7c0656a341a2db6a622237106d2dd8de5c9d61b5fb62fa5a163e9657406a2996cebc05baa53d42c5f5d15 SHA512 f7d92c2232398565b8cde294d38dc281c13503fb5967cc7871a2233b7fa354799619445e9ec89c285ef051f62ecef0bd38a135b0093bf5528c0b28c6e580c839
 DIST qemu-2.11.0.tar.bz2 32816398 BLAKE2B 2014a8246f3cba9069186629d9ec8c221672fcfd3e8cd28a7e57f467add81f7bd84363183ef5cc5d18af91bde9186a4da49c0133c8ead83eae4626b9fc364e99 SHA512 3681700833573c0aa6283af950bfa298970056f1b44489088d8863840a7694512138321f86961ef43b256abf15eddd2612fb9cdbe3d9a358542d4e7037cc2004
+DIST qemu-2.11.1-patches-r0.tar.xz 1640 BLAKE2B 8402a0bd086307413c3f088b7b2523adda5f370e3ce8e9ec39db905a5df495842cc2168b93b57e8516e98703ee1620e7cad77740529959a09a1d4224988829bc SHA512 2906f9497e61799da8efca0dac4a19addd3bf59770c742e3ed1600143b69397bbc4eecb2c1f64aef0e103447966d47ced1ec6908f78a793b8d06f99a0aa6dc4a
+DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9 SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
deleted file mode 100644
index 7d08b32..0000000
--- a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 9 Oct 2017 14:43:42 +0100
-Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
-
-The websocket GSource is monitoring the size of the rawoutput
-buffer to determine if the channel can accepts more writes.
-The rawoutput buffer, however, is merely a temporary staging
-buffer before data is copied into the encoutput buffer. Thus
-its size will always be zero when the GSource runs.
-
-This flaw causes the encoutput buffer to grow without bound
-if the other end of the underlying data channel doesn't
-read data being sent. This can be seen with VNC if a client
-is on a slow WAN link and the guest OS is sending many screen
-updates. A malicious VNC client can act like it is on a slow
-link by playing a video in the guest and then reading data
-very slowly, causing QEMU host memory to expand arbitrarily.
-
-This issue is assigned CVE-2017-15268, publically reported in
-
-  https://bugs.launchpad.net/qemu/+bug/1718964
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- io/channel-websock.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/io/channel-websock.c b/io/channel-websock.c
-index d1d471f86e..04bcc059cd 100644
---- a/io/channel-websock.c
-+++ b/io/channel-websock.c
-@@ -28,7 +28,7 @@
- #include <time.h>
- 
- 
--/* Max amount to allow in rawinput/rawoutput buffers */
-+/* Max amount to allow in rawinput/encoutput buffers */
- #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
- 
- #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
-@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
-     if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
-         cond |= G_IO_IN;
-     }
--    if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
-+    if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
-         cond |= G_IO_OUT;
-     }
- 
--- 
-2.13.6
-

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
deleted file mode 100644
index a4ad2d5..0000000
--- a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 11 Oct 2017 10:43:14 +0200
-Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
-
-Move dst calculation into the loop, so we apply the mask on each
-interation and will not overflow vga memory.
-
-Cc: Prasad J Pandit <pjp@fedoraproject.org>
-Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20171011084314.21752-1-kraxel@redhat.com
----
- hw/display/cirrus_vga.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index b4d579857a..bc32bf1e39 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
-+        dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
- 	if (val & 0x80) {
- 	    *dst = s->cirrus_shadow_gr1;
- 	} else if (mode == 5) {
- 	    *dst = s->cirrus_shadow_gr0;
- 	}
- 	val <<= 1;
--	dst++;
-     }
-     memory_region_set_dirty(&s->vga.vram, offset, 8);
- }
-@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
-+        dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
- 	if (val & 0x80) {
- 	    *dst = s->cirrus_shadow_gr1;
- 	    *(dst + 1) = s->vga.gr[0x11];
-@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
- 	    *(dst + 1) = s->vga.gr[0x10];
- 	}
- 	val <<= 1;
--	dst += 2;
-     }
-     memory_region_set_dirty(&s->vga.vram, offset, 16);
- }
--- 
-2.13.6
-

diff --git a/app-emulation/qemu/qemu-2.11.0.ebuild b/app-emulation/qemu/qemu-2.11.0.ebuild
index ee9e6f0..c7f4a5b 100644
--- a/app-emulation/qemu/qemu-2.11.0.ebuild
+++ b/app-emulation/qemu/qemu-2.11.0.ebuild
@@ -25,7 +25,6 @@ else
 	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r0.tar.xz"
 fi
 
-
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
 HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
@@ -537,6 +536,9 @@ qemu_src_configure() {
 		tc-enables-pie && conf_opts+=( --enable-pie )
 	fi
 
+	#bug #647570
+	conf_opts+=( --disable-capstone )
+
 	echo "../configure ${conf_opts[*]}"
 	cd "${builddir}"
 	../configure "${conf_opts[@]}" || die "configure failed"

diff --git a/app-emulation/qemu/qemu-2.10.1-r1.ebuild b/app-emulation/qemu/qemu-2.11.1.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.10.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.11.1.ebuild
index 8b433f6..e52a11f 100644
--- a/app-emulation/qemu/qemu-2.10.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -20,6 +20,9 @@ if [[ ${PV} = *9999* ]]; then
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
 	KEYWORDS="amd64 ~ppc ~ppc64 x86"
+
+	# Gentoo specific patchsets:
+	SRC_URI+=" https://dev.gentoo.org/~chutzpah/distfiles/${P}-patches-r0.tar.xz"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -113,7 +116,7 @@ SOFTMMU_TOOLS_DEPEND="
 		sys-libs/ncurses:0=[unicode]
 		sys-libs/ncurses:0=[static-libs(+)]
 	)
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
 	numa? ( sys-process/numactl[static-libs(+)] )
 	opengl? (
 		virtual/opengl
@@ -210,8 +213,8 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15268.patch
-	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15289.patch
+	"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
+	"${WORKDIR}"/patches
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -504,7 +507,6 @@ qemu_src_configure() {
 			--disable-linux-user
 			--enable-system
 			--disable-tools
-			--with-system-pixman
 		)
 		local static_flag="static"
 		;;


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2018-02-11 21:29 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2018-02-11 21:29 UTC (permalink / raw
  To: gentoo-commits

commit:     ff3a03d8d704d41f10506b22fdd000c336a4eaeb
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sun Feb 11 21:24:49 2018 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sun Feb 11 21:24:49 2018 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=ff3a03d8

app-emulation/qemu: version bump to 2.11.0

 app-emulation/qemu/Manifest                        |   2 +
 .../qemu/files/qemu-2.11.0-glibc-2.27.patch        |  54 ++
 app-emulation/qemu/qemu-2.11.0.ebuild              | 809 +++++++++++++++++++++
 3 files changed, 865 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 2aded65..9f60936 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,3 @@
 DIST qemu-2.10.1.tar.bz2 30821108 BLAKE2B bb096139f6b387a3cf3933dd3aeb97777479022b1b34ed0212b51d7061f9a19b3e83a4e9a13c6cf81c14718731ddf8646226a5b0d99ebbc9abb387d7eec94238 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f
+DIST qemu-2.11.0-patches-r0.tar.xz 16140 BLAKE2B 2e23908075195a7c28df574525a159e171277a2da6d7c0656a341a2db6a622237106d2dd8de5c9d61b5fb62fa5a163e9657406a2996cebc05baa53d42c5f5d15 SHA512 f7d92c2232398565b8cde294d38dc281c13503fb5967cc7871a2233b7fa354799619445e9ec89c285ef051f62ecef0bd38a135b0093bf5528c0b28c6e580c839
+DIST qemu-2.11.0.tar.bz2 32816398 BLAKE2B 2014a8246f3cba9069186629d9ec8c221672fcfd3e8cd28a7e57f467add81f7bd84363183ef5cc5d18af91bde9186a4da49c0133c8ead83eae4626b9fc364e99 SHA512 3681700833573c0aa6283af950bfa298970056f1b44489088d8863840a7694512138321f86961ef43b256abf15eddd2612fb9cdbe3d9a358542d4e7037cc2004

diff --git a/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch b/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch
new file mode 100644
index 0000000..1562bb3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch
@@ -0,0 +1,54 @@
+From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 28 Nov 2017 11:51:27 +0100
+Subject: [PATCH] memfd: fix configure test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Recent glibc added memfd_create in sys/mman.h.  This conflicts with
+the definition in util/memfd.c:
+
+    /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
+
+Fix the configure test, and remove the sys/memfd.h inclusion since the
+file actually does not exist---it is a typo in the memfd_create(2) man
+page.
+
+Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ configure    | 2 +-
+ util/memfd.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index 9c8aa5a98b..99ccc1725a 100755
+--- a/configure
++++ b/configure
+@@ -3923,7 +3923,7 @@ fi
+ # check if memfd is supported
+ memfd=no
+ cat > $TMPC << EOF
+-#include <sys/memfd.h>
++#include <sys/mman.h>
+ 
+ int main(void)
+ {
+diff --git a/util/memfd.c b/util/memfd.c
+index 4571d1aba8..412e94a405 100644
+--- a/util/memfd.c
++++ b/util/memfd.c
+@@ -31,9 +31,7 @@
+ 
+ #include "qemu/memfd.h"
+ 
+-#ifdef CONFIG_MEMFD
+-#include <sys/memfd.h>
+-#elif defined CONFIG_LINUX
++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
+ #include <sys/syscall.h>
+ #include <asm/unistd.h>
+ 
+-- 
+2.11.0

diff --git a/app-emulation/qemu/qemu-2.11.0.ebuild b/app-emulation/qemu/qemu-2.11.0.ebuild
new file mode 100644
index 0000000..ee9e6f0
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.11.0.ebuild
@@ -0,0 +1,809 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="amd64 ~ppc ~ppc64 x86"
+
+	# Gentoo specific patchsets:
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r0.tar.xz"
+fi
+
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
+	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
+	sparc64 x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:=[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+		~sys-firmware/ipxe-1.0.0_p20160620
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	# musl patches
+	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
+	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
+	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+
+	# gentoo patches
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
+	"${WORKDIR}"/patches
+)
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	default
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser bluetooth bluez)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-07-27 17:57 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-07-27 17:57 UTC (permalink / raw
  To: gentoo-commits

commit:     e5ca277abf3b2bbdb296b36229892ae8f332b4c0
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu Jul 27 17:56:38 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu Jul 27 17:56:38 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=e5ca277a

app-emulation/qemu: sync with tree

 app-emulation/qemu/Manifest                        |   3 +-
 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch      | 174 ---------------------
 app-emulation/qemu/qemu-2.9.0-r56.ebuild           |   1 -
 3 files changed, 1 insertion(+), 177 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 5fe223b..e4a3f79 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -9,7 +9,6 @@ AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155d
 AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
 AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
 AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
-AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
 AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc
 AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
 AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
@@ -23,5 +22,5 @@ AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5c
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
 EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa
-EBUILD qemu-2.9.0-r56.ebuild 24010 SHA256 4185ac27c271ca09d383907cf914c020ba5f9614d5c3901d12e82d4069e0090f SHA512 fab143169a3c25fcf7b2532ec10c651c8b1c1875ea8cb0daa4ae29e153c9609ebc75184df1584944eadb541db76e931ff121866dcde58f3e25e29ad9eadc0a24 WHIRLPOOL 44d3f1fc2f01e61287508580beeacc9c1e1c709b6d19347f69a33ea3202ad7e8dd035d3df948dec11b3a62564a23a41a5c5a1e6faa1e2bde5f31d0ec9c02eb9b
+EBUILD qemu-2.9.0-r56.ebuild 23949 SHA256 29ec70d1fb1a0bc116b712cb5bad5cdc8039d03bfc10af26d5cb0f15dbac3230 SHA512 6d7c57c85acd8627105e88fdda2ed07ed5a2724b01b31e8fe601eeed74d78197e8e3ae50079688a8c8dd7f771017f45968eff4d1e8e976fae4ce5c7dfec891e0 WHIRLPOOL 7958cc33f46924d50f2790a25a66ec4a3e93326e7b0c1f4625e13bf85060102fa4f4989bcd4814517e1c5b7390df8c3b31b0f045970da7a93cf558cc5411ac5f
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
deleted file mode 100644
index 346e771..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Fri, 5 May 2017 14:48:08 +0200
-Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
-
-When using the mapped-file security mode, we shouldn't let the client mess
-with the metadata. The current code already tries to hide the metadata dir
-from the client by skipping it in local_readdir(). But the client can still
-access or modify it through several other operations. This can be used to
-escalate privileges in the guest.
-
-Affected backend operations are:
-- local_mknod()
-- local_mkdir()
-- local_open2()
-- local_symlink()
-- local_link()
-- local_unlinkat()
-- local_renameat()
-- local_rename()
-- local_name_to_path()
-
-Other operations are safe because they are only passed a fid path, which
-is computed internally in local_name_to_path().
-
-This patch converts all the functions listed above to fail and return
-EINVAL when being passed the name of the metadata dir. This may look
-like a poor choice for errno, but there's no such thing as an illegal
-path name on Linux and I could not think of anything better.
-
-This fixes CVE-2017-7493.
-
-Reported-by: Leo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
----
- hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index f3ebca4f7a..a2486566af 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
-     return telldir(fs->dir.stream);
- }
- 
-+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
-+{
-+    return !strcmp(name, VIRTFS_META_DIR);
-+}
-+
- static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
- {
-     struct dirent *entry;
-@@ -465,8 +470,8 @@ again:
-     if (ctx->export_flags & V9FS_SM_MAPPED) {
-         entry->d_type = DT_UNKNOWN;
-     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
--        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
--            /* skp the meta data directory */
-+        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
-+            /* skip the meta data directory */
-             goto again;
-         }
-         entry->d_type = DT_UNKNOWN;
-@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     /*
-      * Mark all the open to not follow symlinks
-      */
-@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
-     int ret = -1;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, odirpath);
-     if (odirfd == -1) {
-         goto out;
-@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
- static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
-                               const char *name, V9fsPath *target)
- {
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-     } else if (strcmp(name, "/")) {
-@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
-     int ret;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        (local_is_mapped_file_metadata(ctx, old_name) ||
-+         local_is_mapped_file_metadata(ctx, new_name))) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, olddir->data);
-     if (odirfd == -1) {
-         return -1;
-@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
-     int ret;
-     int dirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(ctx, dir->data);
-     if (dirfd == -1) {
-         return -1;
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
index ad2e5f7..9ccb645 100644
--- a/app-emulation/qemu/qemu-2.9.0-r56.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
@@ -213,7 +213,6 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch   # bug 623016
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch   # bug 624088
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7539.patch  # bug 625850
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-05-18 16:20 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-05-18 16:20 UTC (permalink / raw
  To: gentoo-commits

commit:     7fcaa7d7966b637d0ad53581450705a1e777b842
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu May 18 16:19:27 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu May 18 16:19:27 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=7fcaa7d7

app-emulation/qemu: version bump to 2.9.0-r2/r54

 app-emulation/qemu/Manifest                        |  11 +-
 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch      | 174 +++++++++++++++++++++
 ...616870.patch => qemu-2.9.0-CVE-2017-8309.patch} |   0
 ...616872.patch => qemu-2.9.0-CVE-2017-8379.patch} |   0
 ...616874.patch => qemu-2.9.0-CVE-2017-8380.patch} |   0
 .../{qemu-2.9.0-r1.ebuild => qemu-2.9.0-r2.ebuild} |  11 +-
 ...qemu-2.9.0-r53.ebuild => qemu-2.9.0-r54.ebuild} |   9 +-
 7 files changed, 191 insertions(+), 14 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 2de0792..c719930 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -24,15 +24,16 @@ AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b32
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
 AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
+AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
 AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
-AUX qemu-2.9.0-bug616870.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
-AUX qemu-2.9.0-bug616872.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
-AUX qemu-2.9.0-bug616874.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
+AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
+AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
+AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
 EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f
-EBUILD qemu-2.9.0-r1.ebuild 21942 SHA256 2c2274d26f203a2a064c35ccabfa8aab374e9c8748d8724ed1534e7c677236db SHA512 91fae1f84c8fb998caa4bb589cd193329e06dd7f833809f0e3986ebe12a265615598ba3182acea59e3e39253ef5d4b6ed4b87912b7d5835f7a458fccea54070b WHIRLPOOL 32543f228bf261b0abda8052e838cbdebef53b511d7006a150168299cc4f75dc9643d9bc344582413a767228bb6c8c863bce95d358d7901f9d60f470f2d19d2d
-EBUILD qemu-2.9.0-r53.ebuild 23331 SHA256 3c1fdefe7cdc3bb7baf28782da40dc05239b2bacdf39825d084f563070aa5185 SHA512 923c1628bfef5f645972e90ee855a0ce1060217d8b76ffd51f8bbfd3bbf042ad273b781f9a5c8fc64f7a74410bd8bf2ef1fd975d3348a8d55230008be93afcff WHIRLPOOL 1053b25130a2f0d1da4e46c38886defdebaefbc0fb95743abbcfc82b337075c20a7c9fd494909de86ea25d179c65b2766f221cef418c2a06e127db942aa3ac1d
+EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 f722fa40663602c90dc07139580a3bcc5bcae60ce1a3808f2f38adc2d13211b1 SHA512 51822cc9753b27e6fed97bdd1e4845cbcfb0c8a4a9f55256820127994a1b3beda96765b83a8c578637a968b261f1bf6ef4c1d6ae09491e9f5f9d94af5cdb5ce4 WHIRLPOOL 20f5b6786e60eae4260df3bcdfb9f94d128abc03f9458cf3e42ddf5bb1b0749ea26bc18ba58c47c4d131cb5ab02898f7097dd85c3d9d19ac6bc49062d9d8a57b
+EBUILD qemu-2.9.0-r54.ebuild 23455 SHA256 cf27b44542770cf10be0bd69481e13ccdef4d512d4d02f2388eaf441b1b2b9b8 SHA512 e1344e489cb298807c992f257954e28c0c2d24a517bdd907bc60ebf2380cebc26861161e2a5deba8c95da5af700de198951696061ea916ea9c6f1037264e89dc WHIRLPOOL 3b764803988879ef45a1b28f016d0ac732d8aa18c1fab92e52e18677fea7d3777967281c075dcdc3daa7da083c66c423d7d30ffe2d876811a776bcc5e2de63da
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
new file mode 100644
index 0000000..346e771
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
@@ -0,0 +1,174 @@
+From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Fri, 5 May 2017 14:48:08 +0200
+Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
+
+When using the mapped-file security mode, we shouldn't let the client mess
+with the metadata. The current code already tries to hide the metadata dir
+from the client by skipping it in local_readdir(). But the client can still
+access or modify it through several other operations. This can be used to
+escalate privileges in the guest.
+
+Affected backend operations are:
+- local_mknod()
+- local_mkdir()
+- local_open2()
+- local_symlink()
+- local_link()
+- local_unlinkat()
+- local_renameat()
+- local_rename()
+- local_name_to_path()
+
+Other operations are safe because they are only passed a fid path, which
+is computed internally in local_name_to_path().
+
+This patch converts all the functions listed above to fail and return
+EINVAL when being passed the name of the metadata dir. This may look
+like a poor choice for errno, but there's no such thing as an illegal
+path name on Linux and I could not think of anything better.
+
+This fixes CVE-2017-7493.
+
+Reported-by: Leo Gaspard <leo@gaspard.io>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+---
+ hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 56 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index f3ebca4f7a..a2486566af 100644
+--- a/hw/9pfs/9p-local.c
++++ b/hw/9pfs/9p-local.c
+@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
+     return telldir(fs->dir.stream);
+ }
+ 
++static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
++{
++    return !strcmp(name, VIRTFS_META_DIR);
++}
++
+ static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
+ {
+     struct dirent *entry;
+@@ -465,8 +470,8 @@ again:
+     if (ctx->export_flags & V9FS_SM_MAPPED) {
+         entry->d_type = DT_UNKNOWN;
+     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
+-        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
+-            /* skp the meta data directory */
++        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
++            /* skip the meta data directory */
+             goto again;
+         }
+         entry->d_type = DT_UNKNOWN;
+@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     /*
+      * Mark all the open to not follow symlinks
+      */
+@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
+     int ret = -1;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, odirpath);
+     if (odirfd == -1) {
+         goto out;
+@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
+ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
+                               const char *name, V9fsPath *target)
+ {
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     if (dir_path) {
+         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+     } else if (strcmp(name, "/")) {
+@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
+     int ret;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        (local_is_mapped_file_metadata(ctx, old_name) ||
++         local_is_mapped_file_metadata(ctx, new_name))) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, olddir->data);
+     if (odirfd == -1) {
+         return -1;
+@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
+     int ret;
+     int dirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(ctx, dir->data);
+     if (dirfd == -1) {
+         return -1;
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616870.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616872.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616874.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch

diff --git a/app-emulation/qemu/qemu-2.9.0-r1.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.9.0-r1.ebuild
rename to app-emulation/qemu/qemu-2.9.0-r2.ebuild
index 5cd5be6..3efa65c 100644
--- a/app-emulation/qemu/qemu-2.9.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -197,10 +197,11 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"

diff --git a/app-emulation/qemu/qemu-2.9.0-r53.ebuild b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.9.0-r53.ebuild
rename to app-emulation/qemu/qemu-2.9.0-r54.ebuild
index 0958df4..c36797b 100644
--- a/app-emulation/qemu/qemu-2.9.0-r53.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
@@ -200,10 +200,11 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-04-12 15:41 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-04-12 15:41 UTC (permalink / raw
  To: gentoo-commits

commit:     ddd9689812e829d241100f0e110cac8ef0cf464e
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Wed Apr 12 15:40:32 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Wed Apr 12 15:40:54 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=ddd96898

app-emulation/qemu: version bump to 2.8.1

remove 2.8.0-r3

 app-emulation/qemu/Manifest                        |   9 +-
 .../qemu/files/qemu-2.8.0-CVE-2017-7377.patch      |  49 +++
 app-emulation/qemu/files/qemu-binfmt.initd-r1      | 138 --------
 app-emulation/qemu/metadata.xml                    |   1 -
 app-emulation/qemu/qemu-2.8.0-r9.ebuild            |   3 +-
 .../{qemu-2.8.0-r3.ebuild => qemu-2.8.1.ebuild}    | 390 ++++++++++++---------
 6 files changed, 282 insertions(+), 308 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 3e953ef..394f74d 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -26,12 +26,13 @@ AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112
 AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
 AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
 AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
+AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
-AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.8.0-r3.ebuild 21992 SHA256 a2c7a92d214b05e2c6f58fb0d7263472d6a44259de99afc674df713303b432bb SHA512 80699e92ae269cb6ab33b3ec0be164111b68e25d498d8af3624f04bca799174937f1fd2cf49357e0598f6567873cdc8aac3310a1175e328207de8ca5b97856d1 WHIRLPOOL 2079c97d3aa8589c70288cbcca7e1d8591adb1b40a0846b6a683fc6c72f142892e65b6adfac750931e2e63aa33a9d99f31f9659bd5664e6145059f28ecfced1a
-EBUILD qemu-2.8.0-r9.ebuild 23468 SHA256 171081a422acc5ecb21cd0400cdb1ea5ad3112379e417aefe37893d1f8ef1575 SHA512 0c4dbb8a03eaf5232819b6482c853d400ffc1c863d5df360a3820a5fa418ea90e204fdf447e72acd5489d8e9294d703be85c58ecabd460f5690c51526c05bad6 WHIRLPOOL 5e8ee3b23f57a62e32f4671c7803880c551b826d0dad357bb587b6ccae4fbf74c2f90b83812c8db9e15b8531150e729bfb7d4b084c702757dc59e22d8b5ee141
-MISC metadata.xml 3890 SHA256 50fd5960fa2280175116b5ee5ff4a9625f02e38f560061a00b2640cde4846d69 SHA512 f19e826a9daba7f2676f0459f97e7bdc752652ccf8b9dd009fd569977015b0656fee21c74529e53b6bc51c2f19e746f417c3dc1e1472e3767cdefa0746b0876c WHIRLPOOL 03e0dafcdc13beffb0044ce5227b83aa272a21e9835fce9ad16d5bdf56ee1a4c3a1ae4b10d1cdaf405502532b84991b150de262f12fa72497052c2377046845f
+DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
+EBUILD qemu-2.8.0-r9.ebuild 23415 SHA256 332494856afccbb1f1347731f97fc9293ededcea348e2227e9c05a0a68cdcea2 SHA512 499730d9913480fd8dd696a2201a7ac8542d046e516756bb58c001be83db043b1b88f7cf34d4c98188b37bc52569034803c1d225a97b2fc02a45eb466486e6fd WHIRLPOOL 9b561abcd59ec05024b3370ff45c05c7d0fcf617bce7a29aece0f9bada3a077ab4700ffeb777ddac9d1c1eda9a80dfe24f36d60110bc34026cb1380e1454ae25
+EBUILD qemu-2.8.1.ebuild 22805 SHA256 fd50a516ec50da69dc8c4dc2ea83c0a3391fcd6087d62650f37183d46c70d933 SHA512 cf05a4725142584b213a1fc03106fc4faa5eeeda5d8e5e1ef020095a2f3b289842537a731a959f628bfd5e36c03786a8404288058514e8057cc1db779b97f6eb WHIRLPOOL ba86ba5234aae044690657585f2f384b0724061e37c74a4b55df50c0c0bce5615abbb1e6566d2e1cb56b51e4e49fc1495c78cae3f25a4741b8dd7eb493d22a8a
+MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
new file mode 100644
index 0000000..f2d317c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
@@ -0,0 +1,49 @@
+From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Mon, 27 Mar 2017 21:13:19 +0200
+Subject: [PATCH] 9pfs: fix file descriptor leak
+
+The v9fs_create() and v9fs_lcreate() functions are used to create a file
+on the backend and to associate it to a fid. The fid shouldn't be already
+in-use, otherwise both functions may silently leak a file descriptor or
+allocated memory. The current code doesn't check that.
+
+This patch ensures that the fid isn't already associated to anything
+before using it.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+(reworded the changelog, Greg Kurz)
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index b8c0b99..48babce 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
+         err = -ENOENT;
+         goto out_nofid;
+     }
++    if (fidp->fid_type != P9_FID_NONE) {
++        err = -EINVAL;
++        goto out;
++    }
+ 
+     flags = get_dotl_openflags(pdu->s, flags);
+     err = v9fs_co_open2(pdu, fidp, &name, gid,
+@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
+         err = -EINVAL;
+         goto out_nofid;
+     }
++    if (fidp->fid_type != P9_FID_NONE) {
++        err = -EINVAL;
++        goto out;
++    }
+     if (perm & P9_STAT_MODE_DIR) {
+         err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
+                             fidp->uid, -1, &stbuf);
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1
deleted file mode 100644
index fe62a2a..0000000
--- a/app-emulation/qemu/files/qemu-binfmt.initd-r1
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
-
-# Defaulting to OC should be safe because it comes down to:
-#  - do we trust the interp itself to not be malicious?  yes; we built it.
-#  - do we trust the programs we're running?  ish; same permission as native
-#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
-: ${QEMU_BINFMT_FLAGS:=OC}
-
-depend() {
-    after procfs
-}
-
-start() {
-   ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
-
-   if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
-      modprobe -q binfmt_misc
-   fi
-
-   if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
-       eend $? "You need support for 'misc binaries' in your kernel!" || return
-   fi
-
-   if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
-      mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
-      eend $? || return
-   fi
-
-   # probe cpu type
-   cpu=`uname -m`
-   case "$cpu" in
-      i386|i486|i586|i686|i86pc|BePC|x86_64)
-         cpu="i386"
-         ;;
-      m68k)
-         cpu="m68k"
-         ;;
-      mips*)
-         cpu="mips"
-      ;;
-      "Power Macintosh"|ppc|ppc64)
-         cpu="ppc"
-      ;;
-      armv[4-9]*)
-         cpu="arm"
-      ;;
-      sparc*)
-         cpu="sparc"
-      ;;
-   esac
-
-   # register the interpreter for each cpu except for the native one
-   if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
-      echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-      echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
-      echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
-      echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
-      echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
-      echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
-      echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
-      echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
-      #echo   'Please check cpu value and header information for m68k!'
-      echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
-      # FIXME: We could use the other endianness on a MIPS host.
-      echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
-      echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
-      echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
-      echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
-      echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
-      echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
-      echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
-      echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
-      echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
-   fi
-   eend $?
-}
-
-stop() {
-   ebegin "Unregistering qemu-user binaries"
-   local arches
-
-   arches="${arches} i386 i486"
-   arches="${arches} alpha"
-   arches="${arches} arm armeb"
-   arches="${arches} aarch64"
-   arches="${arches} sparc"
-   arches="${arches} ppc"
-   arches="${arches} m68k"
-   arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el"
-   arches="${arches} sh4 sh4eb"
-   arches="${arches} s390x"
-
-   for a in ${arches}; do
-      if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then
-         echo '-1' > /proc/sys/fs/binfmt_misc/$a
-      fi
-   done
-
-   eend $?
-}
-
-# vim: ts=4 :

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index 9a8a1a3..3fe0408 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -32,7 +32,6 @@
 		<flag name="sdl2">Use libsdl2 instead of libsdl</flag>
 		<flag name="spice">Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
 		<flag name="ssh">Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
-		<flag name="static-softmmu">Build the Software MMU (system) targets as static binaries</flag>
 		<flag name="static-user">Build the User targets as static binaries</flag>
 		<flag name="static">Build the User and Software MMU (system) targets as well as tools as static binaries</flag>
 		<flag name="snappy">Enable support for snappy compression</flag>

diff --git a/app-emulation/qemu/qemu-2.8.0-r9.ebuild b/app-emulation/qemu/qemu-2.8.0-r9.ebuild
index 8ba8079..97305f1 100644
--- a/app-emulation/qemu/qemu-2.8.0-r9.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r9.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 # bug #606088
@@ -753,7 +753,6 @@ src_install() {
 
 pkg_postinst() {
 	DISABLE_AUTOFORMATTING=true
-	FORCE_PRINT_ELOG=1 # remove for next version bump
 	readme.gentoo_print_elog
 
 	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then

diff --git a/app-emulation/qemu/qemu-2.8.0-r3.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild
similarity index 69%
rename from app-emulation/qemu/qemu-2.8.0-r3.ebuild
rename to app-emulation/qemu/qemu-2.8.1.ebuild
index 3a161b9..30f278e 100644
--- a/app-emulation/qemu/qemu-2.8.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="5"
+EAPI="6"
 
 PYTHON_COMPAT=( python2_7 )
 PYTHON_REQ_USE="ncurses,readline"
@@ -13,11 +13,11 @@ inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
 
 if [[ ${PV} = *9999* ]]; then
 	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
+	inherit git-r3
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -25,19 +25,20 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
+	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
+	spice ssh static static-user systemtap tci test +threads usb usbredir
+	vde +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
+	sparc64 x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
 
 use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
 use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@@ -52,32 +53,37 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 	qemu_softmmu_targets_ppc? ( fdt )
 	qemu_softmmu_targets_ppc64? ( fdt )
 	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
 	virtfs? ( xattr )
 	vte? ( gtk )"
 
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
 # Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
 #
 # The attr lib isn't always linked in (although the USE flag is always
 # respected).  This is because qemu supports using the C library's API
 # when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
 	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
 	aio? ( dev-libs/libaio[static-libs(+)] )
 	alsa? ( >=media-libs/alsa-lib-1.0.13 )
 	bluetooth? ( net-wireless/bluez )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
 	caps? ( sys-libs/libcap-ng[static-libs(+)] )
 	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
 	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
@@ -139,8 +145,9 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	vde? ( net-misc/vde[static-libs(+)] )
 	virgl? ( media-libs/virglrenderer[static-libs(+)] )
 	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
 	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+
 X86_FIRMWARE_DEPEND="
 	>=sys-firmware/ipxe-1.0.0_p20130624
 	pin-upstream-blobs? (
@@ -153,14 +160,14 @@ X86_FIRMWARE_DEPEND="
 		sys-firmware/sgabios
 		sys-firmware/vgabios
 	)"
+
 CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
 	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
 DEPEND="${CDEPEND}
 	dev-lang/perl
 	=dev-lang/python-2*
@@ -168,15 +175,45 @@ DEPEND="${CDEPEND}
 	virtual/pkgconfig
 	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
 	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )
 	test? (
 		dev-libs/glib[utils]
 		sys-devel/bc
 	)"
 RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	# musl patches
+	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
+	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
+	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+
+	# gentoo patches
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
+)
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
 
@@ -186,8 +223,7 @@ QA_PREBUILT="
 	usr/share/qemu/openbios-sparc32
 	usr/share/qemu/palcode-clipper
 	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
+	usr/share/qemu/u-boot.e500"
 
 QA_WX_LOAD="usr/bin/qemu-i386
 	usr/bin/qemu-x86_64
@@ -212,27 +248,26 @@ QA_WX_LOAD="usr/bin/qemu-i386
 	usr/bin/qemu-s390x
 	usr/bin/qemu-unicore32"
 
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
 
-	return 1
-}
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
 
 pkg_pretend() {
 	if use kernel_linux && kernel_is lt 2 6 25; then
@@ -333,34 +368,7 @@ src_prepare() {
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
-	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2630.patch   #609396
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch   #607766
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
+	default
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
@@ -368,8 +376,6 @@ src_prepare() {
 	# Verbose builds
 	MAKEOPTS+=" V=1"
 
-	epatch_user
-
 	# Run after we've applied all patches.
 	handle_locales
 }
@@ -383,7 +389,6 @@ qemu_src_configure() {
 
 	local buildtype=$1
 	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
 
 	mkdir "${builddir}"
 
@@ -412,9 +417,9 @@ qemu_src_configure() {
 		$(use_enable xattr attr)
 	)
 
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
 		if [[ ${buildtype} == "user" ]] ; then
 			echo "--disable-${2:-$1}"
 		else
@@ -422,48 +427,61 @@ qemu_src_configure() {
 		fi
 	}
 	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser bluetooth bluez)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
 	)
 
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+	fi
+
 	case ${buildtype} in
 	user)
 		conf_opts+=(
@@ -472,31 +490,25 @@ qemu_src_configure() {
 			--disable-blobs
 			--disable-tools
 		)
+		local static_flag="static-user"
 		;;
 	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
 		conf_opts+=(
 			--disable-linux-user
 			--enable-system
+			--disable-tools
 			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
 		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		local static_flag="static"
 		;;
 	tools)
 		conf_opts+=(
 			--disable-linux-user
 			--disable-system
 			--disable-blobs
-			$(use_enable bzip2)
+			--enable-tools
 		)
-		static_flag="static"
+		local static_flag="static"
 		;;
 	esac
 
@@ -552,7 +564,7 @@ src_configure() {
 
 	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
 	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+	qemu_src_configure "tools"
 }
 
 src_compile() {
@@ -566,10 +578,8 @@ src_compile() {
 		default
 	fi
 
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
+	cd "${S}/tools-build"
+	default
 }
 
 src_test() {
@@ -589,13 +599,69 @@ qemu_python_install() {
 	python_doscript "${S}/scripts/qmp/qemu-ga-client"
 }
 
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
 src_install() {
 	if [[ -n ${user_targets} ]]; then
 		cd "${S}/user-build"
 		emake DESTDIR="${ED}" install
 
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
 	fi
 
 	if [[ -n ${softmmu_targets} ]]; then
@@ -614,14 +680,12 @@ src_install() {
 		fi
 	fi
 
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
 
 	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
 	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
 	popd >/dev/null
 
 	# Install config file example for qemu-bridge-helper
@@ -675,13 +739,13 @@ src_install() {
 		fi
 	fi
 
-	qemu_support_kvm && readme.gentoo_create_doc
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
 }
 
 pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
 
 	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
 		udev_reload


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-03-24 17:39 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-03-24 17:39 UTC (permalink / raw
  To: gentoo-commits

commit:     cbdc5b302cc8e44628de2157701c10d479d16cf7
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Fri Mar 24 17:38:47 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Fri Mar 24 17:38:47 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=cbdc5b30

app-emulation/qemu: add qemu-binfmt.initd* files

Close #36

 app-emulation/qemu/Manifest                     |  4 +-
 app-emulation/qemu/files/qemu-binfmt.initd-r1   |  1 -
 app-emulation/qemu/files/qemu-binfmt.initd.head | 64 +++++++++++++++++++++++++
 app-emulation/qemu/files/qemu-binfmt.initd.tail | 14 ++++++
 4 files changed, 81 insertions(+), 2 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 2df64a8..b0fc844 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -26,7 +26,9 @@ AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112
 AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
 AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
-AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
+AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695
+AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
+AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 EBUILD qemu-2.8.0-r3.ebuild 21992 SHA256 a2c7a92d214b05e2c6f58fb0d7263472d6a44259de99afc674df713303b432bb SHA512 80699e92ae269cb6ab33b3ec0be164111b68e25d498d8af3624f04bca799174937f1fd2cf49357e0598f6567873cdc8aac3310a1175e328207de8ca5b97856d1 WHIRLPOOL 2079c97d3aa8589c70288cbcca7e1d8591adb1b40a0846b6a683fc6c72f142892e65b6adfac750931e2e63aa33a9d99f31f9659bd5664e6145059f28ecfced1a
 EBUILD qemu-2.8.0-r7.ebuild 23243 SHA256 50297d1c34059239373a804aa2fc61926800a1f1a2ff9bfff486e35209a5d4c4 SHA512 8a16c952ebd7ce097cb061e9f68b528a61c0da0667b303faa276fe8f9c68e874a2f37f46a04cf6b9dae7ead5fd79716941f083f2af2af59aae7c112857da2a15 WHIRLPOOL 1050f6ae755095d731305b263b77cca66671071acde4952981dc40315f9d810c5f9590da31a6eb9a858e67193c092769d3efc8b28093d74691b017cc1429d31a

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1
index 18adb65..fe62a2a 100644
--- a/app-emulation/qemu/files/qemu-binfmt.initd-r1
+++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1
@@ -1,7 +1,6 @@
 #!/sbin/openrc-run
 # Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
 # enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
 

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.head b/app-emulation/qemu/files/qemu-binfmt.initd.head
new file mode 100644
index 0000000..858d5d7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-binfmt.initd.head
@@ -0,0 +1,64 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Enable automatic non-native program execution by the kernel.
+
+# Defaulting to OC should be safe because it comes down to:
+#  - do we trust the interp itself to not be malicious?  yes; we built it.
+#  - do we trust the programs we're running?  ish; same permission as native
+#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
+: ${QEMU_BINFMT_FLAGS:=OC}
+
+depend() {
+	after procfs
+}
+
+start() {
+	ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
+
+	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
+		modprobe -q binfmt_misc
+	fi
+
+	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
+		eend 1 "You need support for 'misc binaries' in your kernel!"
+		return
+	fi
+
+	if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
+		mount -t binfmt_misc -o nodev,noexec,nosuid \
+			binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
+		eend $? || return
+	fi
+
+	# Probe the native cpu type so we don't try registering them.
+	local cpu="$(uname -m)"
+	case "${cpu}" in
+	armv[4-9]*)
+		cpu="arm"
+		;;
+	i386|i486|i586|i686|i86pc|BePC|x86_64)
+		cpu="i386"
+		;;
+	m68k)
+		cpu="m68k"
+		;;
+	mips*)
+		cpu="mips"
+		;;
+	"Power Macintosh"|ppc|ppc64)
+		cpu="ppc"
+		;;
+	s390*)
+		cpu="s390"
+		;;
+	sh*)
+		cpu="sh"
+		;;
+	sparc*)
+		cpu="sparc"
+		;;
+	esac
+
+	# Register the interpreter for each cpu except for the native one.

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.tail b/app-emulation/qemu/files/qemu-binfmt.initd.tail
new file mode 100644
index 0000000..7679481
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-binfmt.initd.tail
@@ -0,0 +1,14 @@
+	eend 0
+}
+
+stop() {
+	# We unregister everything in the "qemu-xxx" namespace.
+	ebegin "Unregistering qemu-user binaries"
+	local f
+	for f in /proc/sys/fs/binfmt_misc/qemu-* ; do
+		if [ -f "${f}" ] ; then
+			echo '-1' > "${f}"
+		fi
+	done
+	eend 0
+}


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-02-28 18:20 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-02-28 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     5b6e771ea51c3ebf272c09406bced4ac1a5b1dce
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Feb 28 18:19:55 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Feb 28 18:19:55 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=5b6e771e

app-emulation/qemu: fix patch

 app-emulation/qemu/Manifest                         | 2 +-
 app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index da4c713..c32d60a 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,7 +1,7 @@
 AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
-AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
+AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
 AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be

diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
index 5827c2e..adccdcc 100644
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
+++ b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
@@ -1,6 +1,6 @@
-diff -ur a/qemu-2.2.0/linux-user/syscall.c b/qemu-2.2.0/linux-user/syscall.c
---- a/qemu-2.2.0/linux-user/syscall.c	2014-12-09 15:45:43.000000000 -0100
-+++ b/qemu-2.2.0/linux-user/syscall.c	2015-03-16 19:09:49.050386155 -0100
+diff -ur qemu-2.2.0.orig/linux-user/syscall.c qemu-2.2.0/linux-user/syscall.c
+--- qemu-2.2.0.orig/linux-user/syscall.c	2014-12-09 15:45:43.000000000 -0100
++++ qemu-2.2.0/linux-user/syscall.c	2015-03-16 19:09:49.050386155 -0100
 @@ -5033,7 +5033,7 @@
      host_sevp->sigev_signo =
          target_to_host_signal(tswap32(target_sevp->sigev_signo));


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-02-23  1:27 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-02-23  1:27 UTC (permalink / raw
  To: gentoo-commits

commit:     332a34fc99ac22bbb3990faa0943b48ba8a342a2
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu Feb 23 01:26:33 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu Feb 23 01:26:33 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=332a34fc

app-emulation/qemu: drop 2.8.0-r1

no longer in tree.

 app-emulation/qemu/Manifest             |   4 +-
 app-emulation/qemu/files/65-kvm.rules   |   1 -
 app-emulation/qemu/qemu-2.8.0-r1.ebuild | 696 --------------------------------
 app-emulation/qemu/qemu-2.8.0-r3.ebuild |   2 +-
 4 files changed, 2 insertions(+), 701 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 45b7c89..12eb8f5 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,3 @@
-AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
 AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
@@ -29,6 +28,5 @@ AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d148
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.8.0-r1.ebuild 21621 SHA256 bcf039d34f9bd43b288fd33c38233f115b6b8750989374bc656d6f950358c11a SHA512 d9e718720a4800995919d18b79c735fc7b46d569d4cb82bbe90ae3580eafa8e4e976ab4e34b72ff4a8823c6242cf767c876eecaa46af5d24a6a81918351c376c WHIRLPOOL 9c78a214862bb134df1183bc19cd8eb15cceb0ed7253bc584fc1ce5061e3c33a2c744f5e9175654f182621e410c2302a23a66f393e2e58c0717eff7e212548a8
-EBUILD qemu-2.8.0-r3.ebuild 21994 SHA256 8dd08d6fec72d5665c7e20e1af43d2cf3b40c58fcd37e8334f5bfa032d3e9e14 SHA512 511f271f23fbeb956b9fd67449479119111b50da36687bacee1a3ccf5dee91d4bcfc04349b05845f1c4e528cc7390243a98ba4c76d0b9c51b18e34febbd5e618 WHIRLPOOL c48f0cdb6ca1c13c7c41a949191fd82bb89154c352c8839776096eb9c1273136bbce62b0e2f852ab9f463fa7298804f03dba361bd7fd10dde96c969f53d8a53b
+EBUILD qemu-2.8.0-r3.ebuild 21992 SHA256 a2c7a92d214b05e2c6f58fb0d7263472d6a44259de99afc674df713303b432bb SHA512 80699e92ae269cb6ab33b3ec0be164111b68e25d498d8af3624f04bca799174937f1fd2cf49357e0598f6567873cdc8aac3310a1175e328207de8ca5b97856d1 WHIRLPOOL 2079c97d3aa8589c70288cbcca7e1d8591adb1b40a0846b6a683fc6c72f142892e65b6adfac750931e2e63aa33a9d99f31f9659bd5664e6145059f28ecfced1a
 MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1

diff --git a/app-emulation/qemu/files/65-kvm.rules b/app-emulation/qemu/files/65-kvm.rules
deleted file mode 100644
index c2f7317..0000000
--- a/app-emulation/qemu/files/65-kvm.rules
+++ /dev/null
@@ -1 +0,0 @@
-KERNEL=="kvm", GROUP="kvm", MODE="0660"

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
deleted file mode 100644
index 220ad6f..0000000
--- a/app-emulation/qemu/qemu-2.8.0-r1.ebuild
+++ /dev/null
@@ -1,696 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch   #607766
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			$(use_enable bzip2)
-		)
-		static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.8.0-r3.ebuild b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
index 6feffe0..3a161b9 100644
--- a/app-emulation/qemu/qemu-2.8.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2017-01-03  3:44 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2017-01-03  3:44 UTC (permalink / raw
  To: gentoo-commits

commit:     5d204bf38b9c1dac6456fe652227edce091b9948
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Jan  3 03:43:46 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Jan  3 03:43:46 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=5d204bf3

app-emulation/qemu: Version bump to 2.8.0

 app-emulation/qemu/Manifest                        |   5 +
 .../qemu/files/qemu-2.8.0-CVE-2016-10028.patch     |  40 ++
 .../qemu/files/qemu-2.8.0-CVE-2016-9908.patch      |  35 ++
 .../qemu/files/qemu-2.8.0-CVE-2016-9912.patch      |  38 ++
 app-emulation/qemu/qemu-2.8.0.ebuild               | 687 +++++++++++++++++++++
 5 files changed, 805 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index f1a94d8..48d0014 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -34,9 +34,14 @@ AUX qemu-2.7.0-CVE-2016-9104.patch 2890 SHA256 7ba38b43519eb8f9c8c70daaa1705c01a
 AUX qemu-2.7.0-CVE-2016-9105.patch 610 SHA256 f4303796ece1e46f6e622e8cd0c9029daa0a6ed29ef630a0c64a5c595dbeb1b3 SHA512 1ab19ef861b6fe55017d02b7cbf24ad60776ed64e052d6e1b670c9aac7e312207718fcf601e9dba4bdd2c9104b9be25bcf0055b42e080b1f8abf9bc3f7db0b36 WHIRLPOOL 07fe76de2d2d68bcd091e90cc9578b17d5a8ad12ab316683d6e4badea443d08e08060a4e206f555c88b60b0a45f4ba49c9d11f42ee44b5b43200843c37329dad
 AUX qemu-2.7.0-CVE-2016-9106.patch 835 SHA256 594213b4200ae109dfbc6ec8e536d275d798c756a25e130a86972c514730f541 SHA512 6a3249f47fecdbe28eec496eb1284296d04d9e75efab21ab226d6ef2d5254bd85a44aa08879b1922682b65b5bce2e699ccaafa3a2b8b6f60ccbc84432bc599cd WHIRLPOOL b80c2787cbe71f416a7ea2aa39e800922b0a8a410eacb038d0163dfbb91f6a41cc2ae5afb010a7395ef17207e6b1acda34cddd9ff9d1ab035330ade6334e8b8c
 AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
+AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
+AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
+AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
 DIST qemu-2.7.1.tar.bz2 26868403 SHA256 68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898 WHIRLPOOL ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa
+DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 EBUILD qemu-2.7.0-r7.ebuild 22495 SHA256 a606d5b6805d24191245b4191c1f62a09096d8ee283c62629f038851b4c8e6c5 SHA512 c45e516c4c45b5a1eaec06d046cebf129f1422c2d5910699c0a367a4c8c7d49e323a6addc765e1ec57209df12270e196169e52a7618afef28019be06feff70ea WHIRLPOOL 94ae6ab13fc03450ce5b6b0e5840e488401116d6bf60ec411cc01f39f2d10931bd65572f25bdf958e9f94bb4f6582795018039b5b4c988fa3bd5dee928014c65
 EBUILD qemu-2.7.1.ebuild 22161 SHA256 a7d2ff5c706a35a1b2c5610866215a5db04674ce68fb01e3e076b68839dcafd8 SHA512 7d30615832f2fecf89b472c4ea56446335176a330a7d64693ed7cc9becd47a1f40064fca191467deb8603116b4f69307d7968971c9b3845356b8b8d4cf053472 WHIRLPOOL 23bda8ca28ff8620739c604289a0d81ec4d16c1908b8c02df7833f9c0d98f698922650636456ac0bcc285357836af23ffd28bf3b8c2653a690a86fa5ae662a61
+EBUILD qemu-2.8.0.ebuild 21005 SHA256 5009f688c9c65004640328ad98b007d2b0e33a95daa3cb8958f5968c8109e0b4 SHA512 9d2d86f6df898a19ef3b4a387b6b715b547d387b1995e38e2e4b849fcd184560f6fc543340aa5acd5080823b7ed8db605918bd7e9b860dd170c967d224fe347e WHIRLPOOL 625e49536d32ee8685ec14d8e629ebefb2753e6d43bf33e577aa0e7f30d9144ada724547a28859c75bdd88d178ab9b9b5ee847fb2853f9953cd8a4f74af924d2
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
new file mode 100644
index 0000000..466c819
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
@@ -0,0 +1,40 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
+https://bugs.gentoo.org/603444
+
+From:	P J P
+Subject:	[Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
+Date:	Wed, 14 Dec 2016 12:31:56 +0530
+From: Prasad J Pandit <address@hidden>
+
+Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
+command, retrieves the maximum capabilities size to fill in the
+response object. It continues to fill in capabilities even if
+retrieved 'max_size' is zero(0), thus resulting in OOB access.
+Add check to avoid it.
+
+Reported-by: Zhenhao Hong <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index 758d33a..6ceeba3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
+ 
+     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
+                                &max_size);
++    if (!max_size) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
++        return;
++    }
++
+     resp = g_malloc0(sizeof(*resp) + max_size);
+-
+     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
+     virgl_renderer_fill_caps(gc.capset_id,
+                              gc.capset_version,
+-- 
+2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
new file mode 100644
index 0000000..841de65
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
@@ -0,0 +1,35 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
+https://bugs.gentoo.org/601826
+
+From:	Li Qiang
+Subject:	[Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch
+Date:	Tue, 1 Nov 2016 05:37:57 -0700
+From: Li Qiang <address@hidden>
+
+In virgl_cmd_get_capset function, it uses g_malloc to allocate
+a response struct to the guest. As the 'resp'struct hasn't been full
+initialized it will lead the 'resp->padding' field to the guest.
+Use g_malloc0 to avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index 23f39de..d98b140 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
+ 
+     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
+                                &max_size);
+-    resp = g_malloc(sizeof(*resp) + max_size);
++    resp = g_malloc0(sizeof(*resp) + max_size);
+ 
+     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
+     virgl_renderer_fill_caps(gc.capset_id,
+-- 
+1.8.3.1
+
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
new file mode 100644
index 0000000..55963f7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
@@ -0,0 +1,38 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
+https://bugs.gentoo.org/602630
+
+From:	Li Qiang
+Subject:	[Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
+Date:	Mon, 28 Nov 2016 21:29:25 -0500
+If the guest destroy the resource before detach banking, the 'iov'
+and 'addrs' field in resource is not freed thus leading memory
+leak issue. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/display/virtio-gpu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 60bce94..98dadf2 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -28,6 +28,8 @@
+ static struct virtio_gpu_simple_resource*
+ virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
+ 
++static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
++
+ #ifdef CONFIG_VIRGL
+ #include <virglrenderer.h>
+ #define VIRGL(_g, _virgl, _simple, ...)                     \
+@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
+                                         struct virtio_gpu_simple_resource *res)
+ {
+     pixman_image_unref(res->image);
++    virtio_gpu_cleanup_mapping(res);
+     QTAILQ_REMOVE(&g->reslist, res, next);
+     g_free(res);
+ }
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
new file mode 100644
index 0000000..4fbc9fd
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.8.0.ebuild
@@ -0,0 +1,687 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.10.1
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	# Patching for musl
+	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
+	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
+	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2016-11-12 22:53 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2016-11-12 22:53 UTC (permalink / raw
  To: gentoo-commits

commit:     2bc66dea9272f65bccac4291fc8ba6d4c04c7e52
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sat Nov 12 22:52:42 2016 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sat Nov 12 22:52:42 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=2bc66dea

app-emulation/qemu: Bump to 2.7.0-r7

More CVE patches.

 app-emulation/qemu/Manifest                        |   6 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch      |  21 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch      |  27 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch      |  92 +++
 .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch      |  25 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch      |  27 +
 app-emulation/qemu/qemu-2.7.0-r7.ebuild            | 714 +++++++++++++++++++++
 7 files changed, 912 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 3b5e653..9e5c8db 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -28,8 +28,14 @@ AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31
 AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c
 AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e
 AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b
+AUX qemu-2.7.0-CVE-2016-9102.patch 739 SHA256 ae425fbbaf6dedcf6eabe3d1f0bd300be70550f7bd77290536617372eed96766 SHA512 dbf40c7f0a055d10fbb5d02b21e8c3f62dc9bb2718639eb3dec007ba610aa0a045c1a449a7b3aa02a21056807a25d6e523eb782d79b2a249df1258af1dadefad WHIRLPOOL 89ea3815b9d744a98ff49df65a514a20966c7ada508e33dbc73704d60c75c48f6f544bf658180a2b73ca612bcc62e2e146b0efdbbc51456ba81518c5b28c80dc
+AUX qemu-2.7.0-CVE-2016-9103.patch 1002 SHA256 009696b3403c0481223fac6bc93976fc85727eeb0716a9e19545e8ac4da95e8d SHA512 0f47c2d13cbda36a7796773150865001060e4b530d76ca6b0c46d1041108a57830939b0dc7cdc960ccc705bcd463dd57505d748edf36610d7de2af2560e62597 WHIRLPOOL 8d4cb500025f59075a1038cefe0c8ccd063282527b35873cdd9d29ba58cdaa3fc285d5191657ecdef2b056a017f89d8f66f4a544f201e5952426d6dd619b23ba
+AUX qemu-2.7.0-CVE-2016-9104.patch 2890 SHA256 7ba38b43519eb8f9c8c70daaa1705c01a331cbb98b4d4f8eeed31da207f3a13b SHA512 7f6d84f12e8372b72fe4db8e47064ecc7ea0698bb7c5dc0285316354461edb35e01ba76a6e16c1bf7e03d5f0070822f4bb61655e44af5536ee81970b4ff937e0 WHIRLPOOL 3f8e973cf28040422d25394b14f3b99894796b64408a3c15957d628d74076bc1e577ea2e2803e428d85b94607c74f81d23219d9487aa0085a80a2e89d78a5829
+AUX qemu-2.7.0-CVE-2016-9105.patch 610 SHA256 f4303796ece1e46f6e622e8cd0c9029daa0a6ed29ef630a0c64a5c595dbeb1b3 SHA512 1ab19ef861b6fe55017d02b7cbf24ad60776ed64e052d6e1b670c9aac7e312207718fcf601e9dba4bdd2c9104b9be25bcf0055b42e080b1f8abf9bc3f7db0b36 WHIRLPOOL 07fe76de2d2d68bcd091e90cc9578b17d5a8ad12ab316683d6e4badea443d08e08060a4e206f555c88b60b0a45f4ba49c9d11f42ee44b5b43200843c37329dad
+AUX qemu-2.7.0-CVE-2016-9106.patch 835 SHA256 594213b4200ae109dfbc6ec8e536d275d798c756a25e130a86972c514730f541 SHA512 6a3249f47fecdbe28eec496eb1284296d04d9e75efab21ab226d6ef2d5254bd85a44aa08879b1922682b65b5bce2e699ccaafa3a2b8b6f60ccbc84432bc599cd WHIRLPOOL b80c2787cbe71f416a7ea2aa39e800922b0a8a410eacb038d0163dfbb91f6a41cc2ae5afb010a7395ef17207e6b1acda34cddd9ff9d1ab035330ade6334e8b8c
 AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
 EBUILD qemu-2.7.0-r5.ebuild 22219 SHA256 3241db5ffacb81638a3b9dcd01676d59bc5abe87ef374baa44685231d7cb6de2 SHA512 2dbbf9f2a1eab0b9d52dd3609f5bac95f511a5f243c3def7d6b074bda97ef1383c2afc3290261f81a7af25ea7021eed4826da73a244bcad2e9677c7909c38618 WHIRLPOOL 591b38c5bba7b5566dfc2fce30f398153aec9b0986baf8bb82e83b5f68ce20dc4b0fb000e511355dca058ac8c7355b3add2c00e0db9573e6f507ad65ce451d86
+EBUILD qemu-2.7.0-r7.ebuild 22531 SHA256 ac2251d5bbf850bee8a544a4dd7c05f3c59d95004d8f2ce06e772b494df7b1ec SHA512 2dae9e789691d6be338f9cff9b3b0abbc04cdadf16c9d8553b9736c8908fbe9756a9de78740250ad96e1c304ec5e141d12a08d2fb625b3a818e45f5df6127cef WHIRLPOOL bf230a4ac6a1c182f0fc0d58a0041c214657807f6340e306b9d63f4a27356813f63f9df7802468f01abda7e776fc3025dff5742d805582ada4517f6b3e1d9728
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
new file mode 100644
index 0000000..963eca9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
@@ -0,0 +1,21 @@
+From: Li Qiang <address@hidden>
+
+The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
+situation that this field has been allocated previously. Every time, it
+will be allocated directly. This leads a host memory leak issue. This
+patch fix this.
+
+-- 
+1.8.3.1
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 75ba5f1..a4c7109 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
+     xattr_fidp->fs.xattr.flags = flags;
+     v9fs_string_init(&xattr_fidp->fs.xattr.name);
+     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
++    g_free(xattr_fidp->fs.xattr.value);
+     xattr_fidp->fs.xattr.value = g_malloc(size);
+     err = offset;
+     put_fid(pdu, file_fidp);

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
new file mode 100644
index 0000000..7520863
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
@@ -0,0 +1,27 @@
+Author: Li Qiang <liqiang6-s@360.cn>
+Date:   Mon Oct 17 14:13:58 2016 +0200
+
+    9pfs: fix information leak in xattr read
+    
+    9pfs uses g_malloc() to allocate the xattr memory space, if the guest
+    reads this memory before writing to it, this will leak host heap memory
+    to the guest. This patch avoid this.
+    
+    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+    Reviewed-by: Greg Kurz <groug@kaod.org>
+    Signed-off-by: Greg Kurz <groug@kaod.org>
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 26aa7d5..bf23b01 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
+     xattr_fidp->fs.xattr.flags = flags;
+     v9fs_string_init(&xattr_fidp->fs.xattr.name);
+     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
+     g_free(xattr_fidp->fs.xattr.value);
+-    xattr_fidp->fs.xattr.value = g_malloc(size);
++    xattr_fidp->fs.xattr.value = g_malloc0(size);
+     err = offset;
+     put_fid(pdu, file_fidp);
+ out_nofid:

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
new file mode 100644
index 0000000..f1aec55
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
@@ -0,0 +1,92 @@
+From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Tue, 1 Nov 2016 12:00:40 +0100
+Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
+originated offset: they must ensure this offset does not go beyond
+the size of the extended attribute that was set in v9fs_xattrcreate().
+Unfortunately, the current code implement these checks with unsafe
+calculations on 32 and 64 bit values, which may allow a malicious
+guest to cause OOB access anyway.
+
+Fix this by comparing the offset and the xattr size, which are
+both uint64_t, before trying to compute the effective number of bytes
+to read or write.
+
+Suggested-by: Greg Kurz <groug@kaod.org>
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Reviewed-By: Guido Günther <agx@sigxcpu.org>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p.c | 32 ++++++++++++--------------------
+ 1 file changed, 12 insertions(+), 20 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index ab18ef2..7705ead 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
+ {
+     ssize_t err;
+     size_t offset = 7;
+-    int read_count;
+-    int64_t xattr_len;
++    uint64_t read_count;
+     V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
+     VirtQueueElement *elem = v->elems[pdu->idx];
+ 
+-    xattr_len = fidp->fs.xattr.len;
+-    read_count = xattr_len - off;
++    if (fidp->fs.xattr.len < off) {
++        read_count = 0;
++    } else {
++        read_count = fidp->fs.xattr.len - off;
++    }
+     if (read_count > max_count) {
+         read_count = max_count;
+-    } else if (read_count < 0) {
+-        /*
+-         * read beyond XATTR value
+-         */
+-        read_count = 0;
+     }
+     err = pdu_marshal(pdu, offset, "d", read_count);
+     if (err < 0) {
+@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
+ {
+     int i, to_copy;
+     ssize_t err = 0;
+-    int write_count;
+-    int64_t xattr_len;
++    uint64_t write_count;
+     size_t offset = 7;
+ 
+ 
+-    xattr_len = fidp->fs.xattr.len;
+-    write_count = xattr_len - off;
+-    if (write_count > count) {
+-        write_count = count;
+-    } else if (write_count < 0) {
+-        /*
+-         * write beyond XATTR value len specified in
+-         * xattrcreate
+-         */
++    if (fidp->fs.xattr.len < off) {
+         err = -ENOSPC;
+         goto out;
+     }
++    write_count = fidp->fs.xattr.len - off;
++    if (write_count > count) {
++        write_count = count;
++    }
+     err = pdu_marshal(pdu, offset, "d", write_count);
+     if (err < 0) {
+         return err;
+-- 
+2.7.3
+

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
new file mode 100644
index 0000000..cddff97
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
@@ -0,0 +1,25 @@
+From: Li Qiang <address@hidden>
+
+In v9fs_link dispatch function, it doesn't put the 'oldfidp'
+fid object, this will make the 'oldfidp->ref' never reach to 0,
+thus leading a memory leak issue. This patch fix this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/9pfs/9p.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 8b50bfb..29f8b7a 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque)
+     if (!err) {
+         err = offset;
+     }
++    put_fid(pdu, oldfidp);
+ out:
+     put_fid(pdu, dfidp);
+ out_nofid:
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
new file mode 100644
index 0000000..137272d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
@@ -0,0 +1,27 @@
+Author: Li Qiang <liqiang6-s@360.cn>
+Date:   Mon Oct 17 14:13:58 2016 +0200
+
+    9pfs: fix memory leak in v9fs_write
+    
+    If an error occurs when marshalling the transfer length to the guest, the
+    v9fs_write() function doesn't free an IO vector, thus leading to a memory
+    leak. This patch fixes the issue.
+    
+    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+    Reviewed-by: Greg Kurz <groug@kaod.org>
+    [groug, rephrased the changelog]
+    Signed-off-by: Greg Kurz <groug@kaod.org>
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index d43a552..e88cf25 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque)
+     offset = 7;
+     err = pdu_marshal(pdu, offset, "d", total);
+     if (err < 0) {
+-        goto out;
++        goto out_qiov;
+     }
+     err += offset;
+

diff --git a/app-emulation/qemu/qemu-2.7.0-r7.ebuild b/app-emulation/qemu/qemu-2.7.0-r7.ebuild
new file mode 100644
index 0000000..9da583d
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.0-r7.ebuild
@@ -0,0 +1,714 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	dev-libs/libpcre[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	# Patching for musl
+	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
+	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
+	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
+	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
+	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
+	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
+	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
+	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
+	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
+	epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch   # bug 596049
+	epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch   # bug 596752
+	epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch   # bug 596776
+	epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch   # bug 596774
+	epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch   # bug 597110
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch   # bug 598044
+	epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch   # bug 598046
+	epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch   # bug 598772
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2016-10-31 23:26 Aric Belsito
  0 siblings, 0 replies; 15+ messages in thread
From: Aric Belsito @ 2016-10-31 23:26 UTC (permalink / raw
  To: gentoo-commits

commit:     8aedcac7a5fbef4e8d4ae23184be1c125a4ca289
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Oct 31 23:24:48 2016 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Oct 31 23:24:48 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=8aedcac7

app-emulation/qemu: Sync with upstream

Drop the r99 name.

Add patch from ::musl-extras that disables an ifunc hack causing a segmentation
fault on startup when the avx test passes in configure.

 app-emulation/qemu/Manifest                        | 21 ++++++--
 .../qemu/files/qemu-2.2.0-_sigev_un.patch          |  5 +-
 .../qemu/files/qemu-2.7.0-CVE-2016-7907.patch      | 45 ++++++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7908.patch      | 52 ++++++++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7909.patch      | 32 ++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch    | 25 +++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch    | 26 +++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8576.patch      | 61 ++++++++++++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8577.patch      | 34 ++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8578.patch      | 58 ++++++++++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8668.patch      | 30 +++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch    | 29 ++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch    | 34 ++++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8909.patch      | 31 +++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-8910.patch      | 29 ++++++++++
 .../qemu/files/qemu-2.7.0-configure-ifunc.patch    | 13 +++++
 app-emulation/qemu/files/qemu-binfmt.initd-r1      | 54 +++++++++++--------
 app-emulation/qemu/files/qemu-kvm-1.4              |  3 --
 ...{qemu-2.7.0-r99.ebuild => qemu-2.7.0-r5.ebuild} | 19 ++++++-
 19 files changed, 568 insertions(+), 33 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 1eb09a6..3b5e653 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,7 +2,7 @@ AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd50070
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
-AUX qemu-2.2.0-_sigev_un.patch 465 SHA256 4d5a1359a1bc25f1f8dcb7f021efc235b9c8f2535258ca65706c5fde15946ebe SHA512 af90b8dcd8b14716df6270436ae1d77c998a04547bf17f961b2d9a594d1abfb573ca25283a633de6bcd3a81a778b88a4c7950dbd39c23ee35191626da14eb802 WHIRLPOOL cf40379cd0c9f3a8f89823a6d9415666a99885711bdde44067d4a3a082a9b33efbe69279c0782b2e84b7586389e82845dd30668240f236266f61ba447abb8241
+AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
 AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82
@@ -15,8 +15,21 @@ AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a
 AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9
 AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd
 AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b
-AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
-AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
+AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256 58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512 5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51 WHIRLPOOL 69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec
+AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256 3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512 441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd WHIRLPOOL 6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054
+AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256 8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512 e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca WHIRLPOOL b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414
+AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256 6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512 7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464 WHIRLPOOL 80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73
+AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256 c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512 4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce WHIRLPOOL c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105
+AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256 dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512 25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de WHIRLPOOL 25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e
+AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256 fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512 364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de WHIRLPOOL 561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e
+AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256 9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512 326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875 WHIRLPOOL 88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99
+AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256 26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512 de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899 WHIRLPOOL 3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2
+AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512 23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de WHIRLPOOL 412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff
+AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c
+AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e
+AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b
+AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
+AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
-EBUILD qemu-2.7.0-r99.ebuild 21332 SHA256 a6d13be36bb59bf53727dba5fe1dd5f397652531d339cf622acd15aef6cd482f SHA512 fd1ef102a4b7d4554a2b864d321419413b967f9f585031f74c600dc350db541588fa98a150329aa1134dbc761933484a2ce2e14979c096fe076cf92f7bdfedee WHIRLPOOL 50e36b66bfd83516ce4003681bcba2327da80c679aad3ab658007a87652c22f7e584eb4fb5d635b570096243abd361075c6c8e35197c2e9bbed34a4d7353537c
+EBUILD qemu-2.7.0-r5.ebuild 22219 SHA256 3241db5ffacb81638a3b9dcd01676d59bc5abe87ef374baa44685231d7cb6de2 SHA512 2dbbf9f2a1eab0b9d52dd3609f5bac95f511a5f243c3def7d6b074bda97ef1383c2afc3290261f81a7af25ea7021eed4826da73a244bcad2e9677c7909c38618 WHIRLPOOL 591b38c5bba7b5566dfc2fce30f398153aec9b0986baf8bb82e83b5f68ce20dc4b0fb000e511355dca058ac8c7355b3add2c00e0db9573e6f507ad65ce451d86
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
index 588291c..5827c2e 100644
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
+++ b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
@@ -1,5 +1,6 @@
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
+diff -ur a/qemu-2.2.0/linux-user/syscall.c b/qemu-2.2.0/linux-user/syscall.c
+--- a/qemu-2.2.0/linux-user/syscall.c	2014-12-09 15:45:43.000000000 -0100
++++ b/qemu-2.2.0/linux-user/syscall.c	2015-03-16 19:09:49.050386155 -0100
 @@ -5033,7 +5033,7 @@
      host_sevp->sigev_signo =
          target_to_host_signal(tswap32(target_sevp->sigev_signo));

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
new file mode 100644
index 0000000..34b095a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
@@ -0,0 +1,45 @@
+From: Prasad J Pandit <address@hidden>
+
+i.MX Fast Ethernet Controller uses buffer descriptors to manage
+data flow to/fro receive & transmit queues. While transmitting
+packets, it could continue to read buffer descriptors if a buffer
+descriptor has length of zero and has crafted values in bd.flags.
+Set an upper limit to number of buffer descriptors.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/imx_fec.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+Update per
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html
+
+diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
+index 1c415ab..1d74827 100644
+--- a/hw/net/imx_fec.c
++++ b/hw/net/imx_fec.c
+@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
+ #define PHY_INT_PARFAULT            (1 << 2)
+ #define PHY_INT_AUTONEG_PAGE        (1 << 1)
+ 
++#define IMX_MAX_DESC                1024
++
+ static void imx_eth_update(IMXFECState *s);
+ 
+ /*
+@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
+ 
+ static void imx_fec_do_tx(IMXFECState *s)
+ {
+-    int frame_size = 0;
++    int frame_size = 0, descnt = 0;
+     uint8_t frame[ENET_MAX_FRAME_SIZE];
+     uint8_t *ptr = frame;
+     uint32_t addr = s->tx_descriptor;
+ 
+-    while (1) {
++    while (descnt++ < IMX_MAX_DESC) {
+         IMXFECBufDesc bd;
+         int len;
+ 

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
new file mode 100644
index 0000000..16d072f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
@@ -0,0 +1,52 @@
+From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 22 Sep 2016 16:02:37 +0530
+Subject: [PATCH] net: mcf: limit buffer descriptor count
+
+ColdFire Fast Ethernet Controller uses buffer descriptors to manage
+data flow to/fro receive & transmit queues. While transmitting
+packets, it could continue to read buffer descriptors if a buffer
+descriptor has length of zero and has crafted values in bd.flags.
+Set upper limit to number of buffer descriptors.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/mcf_fec.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
+index 0ee8ad9..d31fea1 100644
+--- a/hw/net/mcf_fec.c
++++ b/hw/net/mcf_fec.c
+@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
+ #define DPRINTF(fmt, ...) do {} while(0)
+ #endif
+ 
++#define FEC_MAX_DESC 1024
+ #define FEC_MAX_FRAME_SIZE 2032
+ 
+ typedef struct {
+@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
+     uint32_t addr;
+     mcf_fec_bd bd;
+     int frame_size;
+-    int len;
++    int len, descnt = 0;
+     uint8_t frame[FEC_MAX_FRAME_SIZE];
+     uint8_t *ptr;
+ 
+@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
+     ptr = frame;
+     frame_size = 0;
+     addr = s->tx_descriptor;
+-    while (1) {
++    while (descnt++ < FEC_MAX_DESC) {
+         mcf_fec_read_bd(&bd, addr);
+         DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
+                 addr, bd.flags, bd.length, bd.data);
+-- 
+1.7.0.4
+

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
new file mode 100644
index 0000000..8e6ecff
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
@@ -0,0 +1,32 @@
+From: Prasad J Pandit <address@hidden>
+
+The AMD PC-Net II emulator has set of control and status(CSR)
+registers. Of these, CSR76 and CSR78 hold receive and transmit
+descriptor ring length respectively. This ring length could range
+from 1 to 65535. Setting ring length to zero leads to an infinite
+loop in pcnet_rdra_addr. Add check to avoid it.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/pcnet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 198a01f..3078de8 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
+     case 47: /* POLLINT */
+     case 72:
+     case 74:
++        break;
+     case 76: /* RCVRL */
+     case 78: /* XMTRL */
++        val = (val > 0) ? val : 512;
++        break;
+     case 112:
+        if (CSR_STOP(s) || CSR_SPND(s))
+            break;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
new file mode 100644
index 0000000..6fe77f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
@@ -0,0 +1,25 @@
+From: Li Qiang <address@hidden>
+
+In virtio gpu resource create dispatch, if the pixman format is zero
+it doesn't free the resource object allocated previously. Thus leading
+a host memory leak issue. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/display/virtio-gpu.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 7fe6ed8..5b6d17b 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
+         qemu_log_mask(LOG_GUEST_ERROR,
+                       "%s: host couldn't handle guest format %d\n",
+                       __func__, c2d.format);
++        g_free(res);
+         cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+         return;
+     }
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
new file mode 100644
index 0000000..dce1b2b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
@@ -0,0 +1,26 @@
+From: Li Qiang <address@hidden>
+
+While processing isochronous transfer descriptors(iTD), if the page
+select(PG) field value is out of bands it will return. In this
+situation the ehci's sg list doesn't be freed thus leading a memory
+leak issue. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/usb/hcd-ehci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index b093db7..f4ece9a 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
+             if (off + len > 4096) {
+                 /* transfer crosses page border */
+                 if (pg == 6) {
++                    qemu_sglist_destroy(&ehci->isgl);
+                     return -1;  /* avoid page pg + 1 */
+                 }
+                 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
new file mode 100644
index 0000000..9617cd5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
@@ -0,0 +1,61 @@
+From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <address@hidden>
+Date: Fri, 7 Oct 2016 10:15:29 +0200
+Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
+
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/usb/hcd-xhci.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 726435c..ee4fa48 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -54,6 +54,8 @@
+  * to the specs when it gets them */
+ #define ER_FULL_HACK
+ 
++#define TRB_LINK_LIMIT  4
++
+ #define LEN_CAP         0x40
+ #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
+ #define LEN_RUNTIME     ((MAXINTRS + 1) * 0x20)
+@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+                                dma_addr_t *addr)
+ {
+     PCIDevice *pci_dev = PCI_DEVICE(xhci);
++    uint32_t link_cnt = 0;
+ 
+     while (1) {
+         TRBType type;
+@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+             ring->dequeue += TRB_SIZE;
+             return type;
+         } else {
++            if (++link_cnt > TRB_LINK_LIMIT) {
++                return 0;
++            }
+             ring->dequeue = xhci_mask64(trb->parameter);
+             if (trb->control & TRB_LK_TC) {
+                 ring->ccs = !ring->ccs;
+@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+     bool ccs = ring->ccs;
+     /* hack to bundle together the two/three TDs that make a setup transfer */
+     bool control_td_set = 0;
++    uint32_t link_cnt = 0;
+ 
+     while (1) {
+         TRBType type;
+@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+         type = TRB_TYPE(trb);
+ 
+         if (type == TR_LINK) {
++            if (++link_cnt > TRB_LINK_LIMIT) {
++                return -length;
++            }
+             dequeue = xhci_mask64(trb.parameter);
+             if (trb.control & TRB_LK_TC) {
+                 ccs = !ccs;
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
new file mode 100644
index 0000000..8c29580
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
@@ -0,0 +1,34 @@
+From: Li Qiang <address@hidden>
+
+In 9pfs read dispatch function, it doesn't free two QEMUIOVector
+object thus causing potential memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/9pfs/9p.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..543a791 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
+             if (len < 0) {
+                 /* IO error return the error */
+                 err = len;
+-                goto out;
++                goto out_free_iovec;
+             }
+         } while (count < max_count && len > 0);
+         err = pdu_marshal(pdu, offset, "d", count);
+         if (err < 0) {
+-            goto out;
++            goto out_free_iovec;
+         }
+         err += offset + count;
++out_free_iovec:
+         qemu_iovec_destroy(&qiov);
+         qemu_iovec_destroy(&qiov_full);
+     } else if (fidp->fid_type == P9_FID_XATTR) {
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
new file mode 100644
index 0000000..74eee7e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
@@ -0,0 +1,58 @@
+From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 17 Oct 2016 14:13:58 +0200
+Subject: [PATCH] 9pfs: allocate space for guest originated empty strings
+
+If a guest sends an empty string paramater to any 9P operation, the current
+code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
+
+This is unfortunate because it can cause NULL pointer dereference to happen
+at various locations in the 9pfs code. And we don't want to check str->data
+everywhere we pass it to strcmp() or any other function which expects a
+dereferenceable pointer.
+
+This patch enforces the allocation of genuine C empty strings instead, so
+callers don't have to bother.
+
+Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
+the returned string is empty. It now uses v9fs_string_size() since
+name.data cannot be NULL anymore.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+[groug, rewritten title and changelog,
+ fix empty string check in v9fs_xattrwalk()]
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ fsdev/9p-iov-marshal.c | 2 +-
+ hw/9pfs/9p.c           | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
+index 663cad5..1d16f8d 100644
+--- a/fsdev/9p-iov-marshal.c
++++ b/fsdev/9p-iov-marshal.c
+@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
+                 str->data = g_malloc(str->size + 1);
+                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
+                                      str->size);
+-                if (copied > 0) {
++                if (copied >= 0) {
+                     str->data[str->size] = 0;
+                 } else {
+                     v9fs_string_free(str);
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..39a7e1d 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque)
+         goto out;
+     }
+     v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
+-    if (name.data == NULL) {
++    if (!v9fs_string_size(&name)) {
+         /*
+          * listxattr request. Get the size first
+          */
+-- 
+2.7.3
+

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
new file mode 100644
index 0000000..a27d3a6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
@@ -0,0 +1,30 @@
+From: Prasad J Pandit <address@hidden>
+
+Rocker network switch emulator has test registers to help debug
+DMA operations. While testing host DMA access, a buffer address
+is written to register 'TEST_DMA_ADDR' and its size is written to
+register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
+test, if DMA buffer size was greater than 'INT_MAX', it leads to
+an invalid buffer access. Limit the DMA buffer size to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/rocker/rocker.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
+index 30f2ce4..e9d215a 100644
+--- a/hw/net/rocker/rocker.c
++++ b/hw/net/rocker/rocker.c
+@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
+         rocker_msix_irq(r, val);
+         break;
+     case ROCKER_TEST_DMA_SIZE:
+-        r->test_dma_size = val;
++        r->test_dma_size = val & 0xFFFF;
+         break;
+     case ROCKER_TEST_DMA_ADDR + 4:
+         r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
new file mode 100644
index 0000000..457f022
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
@@ -0,0 +1,29 @@
+From: Prasad J Pandit <address@hidden>
+
+The JAZZ RC4030 chipset emulator has a periodic timer and
+associated interval reload register. The reload value is used
+as divider when computing timer's next tick value. If reload
+value is large, it could lead to divide by zero error. Limit
+the interval reload value to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/dma/rc4030.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
+index 2f2576f..c1b4997 100644
+--- a/hw/dma/rc4030.c
++++ b/hw/dma/rc4030.c
+@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
+         break;
+     /* Interval timer reload */
+     case 0x0228:
+-        s->itr = val;
++        s->itr = val & 0x01FF;
+         qemu_irq_lower(s->timer_irq);
+         set_next_tick(s);
+         break;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
new file mode 100644
index 0000000..23393b7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
@@ -0,0 +1,34 @@
+From: Prasad J Pandit <address@hidden>
+
+16550A UART device uses an oscillator to generate frequencies
+(baud base), which decide communication speed. This speed could
+be changed by dividing it by a divider. If the divider is
+greater than the baud base, speed is set to zero, leading to a
+divide by zero error. Add check to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/char/serial.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Update per
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index 3442f47..eec72b7 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
+     int speed, parity, data_bits, stop_bits, frame_size;
+     QEMUSerialSetParams ssp;
+ 
+-    if (s->divider == 0)
++    if (s->divider == 0 || s->divider > s->baudbase) {
+         return;
++    }
+ 
+     /* Start bit. */
+     frame_size = 1;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
new file mode 100644
index 0000000..ed6613f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
@@ -0,0 +1,31 @@
+From: Prasad J Pandit <address@hidden>
+
+Intel HDA emulator uses stream of buffers during DMA data
+transfers. Each entry has buffer length and buffer pointer
+position, which are used to derive bytes to 'copy'. If this
+length and buffer pointer were to be same, 'copy' could be
+set to zero(0), leading to an infinite loop. Add check to
+avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/audio/intel-hda.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
+index cd95340..537face 100644
+--- a/hw/audio/intel-hda.c
++++ b/hw/audio/intel-hda.c
+@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
+     }
+ 
+     left = len;
+-    while (left > 0) {
++    s = st->bentries;
++    while (left > 0 && s-- > 0) {
+         copy = left;
+         if (copy > st->bsize - st->lpib)
+             copy = st->bsize - st->lpib;
+-- 
+2.7.4

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
new file mode 100644
index 0000000..c93f796
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
@@ -0,0 +1,29 @@
+From: Prasad J Pandit <address@hidden>
+
+RTL8139 ethernet controller in C+ mode supports multiple
+descriptor rings, each with maximum of 64 descriptors. While
+processing transmit descriptor ring in 'rtl8139_cplus_transmit',
+it does not limit the descriptor count and runs forever. Add
+check to avoid it.
+
+Reported-by: Andrew Henderson <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/rtl8139.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 3345bc6..f05e59c 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
+ {
+     int txcount = 0;
+ 
+-    while (rtl8139_cplus_transmit_one(s))
++    while (txcount < 64 && rtl8139_cplus_transmit_one(s))
+     {
+         ++txcount;
+     }
+-- 
+2.7.4

diff --git a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
new file mode 100644
index 0000000..d090323
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
@@ -0,0 +1,13 @@
+diff -Naur qemu-2.7.0.orig/configure qemu-2.7.0/configure
+--- qemu-2.7.0.orig/configure	2016-09-05 18:30:41.722529882 -0700
++++ qemu-2.7.0/configure	2016-09-05 18:32:22.473649654 -0700
+@@ -1805,7 +1805,8 @@
+ EOF
+   if compile_object "" ; then
+       if has readelf; then
+-          if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
++          if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" &&
++             ldd $TMPO >dev/null 2>&1; then
+               avx2_opt="yes"
+           fi
+       fi

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1
index 84e909f..18adb65 100644
--- a/app-emulation/qemu/files/qemu-binfmt.initd-r1
+++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1
@@ -1,16 +1,22 @@
-#!/sbin/runscript
-# Copyright 1999-2013 Gentoo Foundation
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
 # enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
 
+# Defaulting to OC should be safe because it comes down to:
+#  - do we trust the interp itself to not be malicious?  yes; we built it.
+#  - do we trust the programs we're running?  ish; same permission as native
+#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
+: ${QEMU_BINFMT_FLAGS:=OC}
+
 depend() {
     after procfs
 }
 
 start() {
-   ebegin "Registering qemu-user binaries"
+   ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
 
    if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
       modprobe -q binfmt_misc
@@ -50,55 +56,58 @@ start() {
 
    # register the interpreter for each cpu except for the native one
    if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
-      echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register
-      echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register
+      echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
+      echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
-      echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:P' > /proc/sys/fs/binfmt_misc/register
+      echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
-      echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
-      echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
+   fi
+   if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
+      echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
-      echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
-      echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
-      echo   'Please check cpu value and header information for m68k!'
-      echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:P' > /proc/sys/fs/binfmt_misc/register
+      #echo   'Please check cpu value and header information for m68k!'
+      echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
       # FIXME: We could use the other endianness on a MIPS host.
-      echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
-      echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
-      echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
-      echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
-      echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
-      echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
-      echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:P' > /proc/sys/fs/binfmt_misc/register
+      echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
-      echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:P' > /proc/sys/fs/binfmt_misc/register
+      echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
-   if [ $cpu != "s390x" -a -x "/usr/local/bin/qemu-s390x" ] ; then
-      echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:P' > /proc/sys/fs/binfmt_misc/register
+   if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
+      echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    eend $?
 }
@@ -110,6 +119,7 @@ stop() {
    arches="${arches} i386 i486"
    arches="${arches} alpha"
    arches="${arches} arm armeb"
+   arches="${arches} aarch64"
    arches="${arches} sparc"
    arches="${arches} ppc"
    arches="${arches} m68k"

diff --git a/app-emulation/qemu/files/qemu-kvm-1.4 b/app-emulation/qemu/files/qemu-kvm-1.4
deleted file mode 100644
index 08da00b..0000000
--- a/app-emulation/qemu/files/qemu-kvm-1.4
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@"

diff --git a/app-emulation/qemu/qemu-2.7.0-r99.ebuild b/app-emulation/qemu/qemu-2.7.0-r5.ebuild
similarity index 95%
rename from app-emulation/qemu/qemu-2.7.0-r99.ebuild
rename to app-emulation/qemu/qemu-2.7.0-r5.ebuild
index f8432d3..5872941 100644
--- a/app-emulation/qemu/qemu-2.7.0-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0-r5.ebuild
@@ -18,7 +18,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~ppc x86"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -337,9 +337,11 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
 	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
 
 	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+
 	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
 	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
 	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
@@ -348,8 +350,21 @@ src_prepare() {
 	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
 	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
 	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
-	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
 	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
+	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
+	epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch   # bug 596049
+	epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch   # bug 596752
+	epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch   # bug 596776
+	epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch   # bug 596774
+	epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch   # bug 597110
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch   # bug 598044
+	epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch   # bug 598046
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2016-07-31 20:26 Anthony G. Basile
  0 siblings, 0 replies; 15+ messages in thread
From: Anthony G. Basile @ 2016-07-31 20:26 UTC (permalink / raw
  To: gentoo-commits

commit:     a2b78563ef3f58c09a756de24bdf2483a3850d9d
Author:     Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Sun Jul 31 18:46:01 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 20:26:51 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=a2b78563

app-emulation/qemu: bump to 2.5.1

 app-emulation/qemu/Manifest                        |  25 +----
 app-emulation/qemu/files/qemu-1.7.0-cflags.patch   |  11 --
 .../qemu/files/qemu-2.5.0-9pfs-segfault.patch      |  34 ------
 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch      |  50 ---------
 .../qemu/files/qemu-2.5.0-CVE-2015-8567.patch      |  95 ----------------
 .../qemu/files/qemu-2.5.0-CVE-2015-8613.patch      |  35 ------
 .../qemu/files/qemu-2.5.0-CVE-2015-8619.patch      | 121 ---------------------
 .../qemu/files/qemu-2.5.0-CVE-2015-8701.patch      |  49 ---------
 .../qemu/files/qemu-2.5.0-CVE-2015-8743.patch      |  50 ---------
 .../qemu/files/qemu-2.5.0-CVE-2016-1568.patch      |  41 -------
 .../qemu/files/qemu-2.5.0-CVE-2016-1714.patch      |  58 ----------
 .../qemu/files/qemu-2.5.0-CVE-2016-1922.patch      |  65 -----------
 .../qemu/files/qemu-2.5.0-CVE-2016-1981.patch      |  98 -----------------
 .../qemu/files/qemu-2.5.0-CVE-2016-2197.patch      |  43 --------
 .../qemu/files/qemu-2.5.0-CVE-2016-2392.patch      |  35 ------
 .../qemu/files/qemu-2.5.0-ne2000-reg-check.patch   |  37 -------
 .../qemu/files/qemu-2.5.0-usb-ehci-oob.patch       |  52 ---------
 .../files/qemu-2.5.0-usb-ndis-int-overflow.patch   |  59 ----------
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch      | 107 ++++++++++++++++++
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch      |  16 +++
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 ++++++++
 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  |  82 ++++++++++++++
 ...emu-2.5.0-r999.ebuild => qemu-2.5.1-r99.ebuild} |  30 ++---
 23 files changed, 267 insertions(+), 973 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 4e4858a..5d10f94 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,34 +1,21 @@
 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
-AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
-AUX qemu-2.5.0-9pfs-segfault.patch 1294 SHA256 707835ed8af1aa7e8fc9f0e06c6afa8e77fe7858b20ad4c2df2a1aec0627332d SHA512 2af7498939ba653c36808a7bccafe4a3d8c3d1cfa7199c5788f67fb001925dff17e4faba5e13c6b1517ca887209452f4ba7ed71f6b4464d55b5e942350406f90 WHIRLPOOL 591ba85bd9e5ab0665ed5835878886ec0d774a500ed966dd1b37e5478a4799a38d319a6bb88d214f202a83282db6a0434641b30c8b70ceef6bd2fb1e38f8faef
-AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
-AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
-AUX qemu-2.5.0-CVE-2015-8613.patch 1264 SHA256 c8df9bb4c0100ef6c8ae09acd73878e46b3ad4a9e04b9cfe30445922bc33299c SHA512 ea2bf909ec29bab0b2131bf9d3e8fc04f176393258c4ce578d3ac8d76f09a25b96f8a3b2aa450b47c0ba9bc9637e5b93e7cc53542362b48930de18ceebb07698 WHIRLPOOL f0d415b1df9f05cb0431801054535f8939d46e7dda6eaa5ce990eef82ddc458003eb9ae5dc06e3269ddb5ed8f8c903c1f3d058d41e63ea9a5192b6149283feb2
-AUX qemu-2.5.0-CVE-2015-8619.patch 4220 SHA256 325bb3df340a1f5115a345a145bed94e9b2d5721cf8cce1217138e8d5a8a0c1a SHA512 317e882da18332fe667c10c55b8f026d347d93c61f668e8ddb916f1b0f5e39a9e3104c14ab2306ce761024a02a78af3a4808627ad9f18c0d43d748fd30c21505 WHIRLPOOL feddd255cf3844cd270ca2662f6140cc7104f8328e51acb01dc2f6f1b4646061569f5faa629264ebeaa5a2b18e595c4a90b69a588aa05f1acf70d9570067c6c0
-AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
-AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
-AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
-AUX qemu-2.5.0-CVE-2016-1714.patch 2168 SHA256 2a366b01f5c05a87324ca765cea90bc93eda819d264932ac4588e6303e0b7dee SHA512 25f5f67dbcb2175bac1b5d6d11bf6b27019526c0ee43ed8580a0de10bf82ac62e5a71ded4d18c0e561d8d3832da630c92f9f118277da349367f55b4939029216 WHIRLPOOL 600d0c90779aaf7c1840e106359c909d486c7cce483edc0e5ddc627a127c907f5dd9cbd5b8ce561e2675f6bfe8cd0502efa96557601ce26eda2311b1072ab48b
-AUX qemu-2.5.0-CVE-2016-1922.patch 2114 SHA256 a10d23d5ff3d021aa0962c79a397b69518cec6cd570ebea771f03513d4b7eb1a SHA512 af895fd14e876f808203279176c5f5c28d95d0137385c6d0e56e27f9ad70b76552b8ce75a3be368ceed94fbc62999e8d6c5e6dbcd35e99d59c57787afe6ac57d WHIRLPOOL 199ec0c9bc766968778e5733e1ca0773999a3cccfa779d8fdf68c2ed866a1427048b0db9730eb2a1521be5e174ea6388b69053c85d0d25144e73df25ec7829a9
-AUX qemu-2.5.0-CVE-2016-1981.patch 4160 SHA256 ad440f4964670e68846a3469e0cb0eca3ecf11cfc5c2e32b09581b64eef43ab7 SHA512 f133a311da42cc831116251550359949e0f23f1163a7b0e638fc5f43edf1dea17a5e5843a06142c3086ef367d94898b074eebf8c371ea83b7a3981cfd20c4e27 WHIRLPOOL ba6e563917773d4488f51c11864a6ce1a4331ba6fc7925f47768282ea75f1a26c51792063c946579d49b28e3ed7a854a191732c1ba7ec40628395e971cf67782
-AUX qemu-2.5.0-CVE-2016-2197.patch 1358 SHA256 caa5eb42b21a3fc656982fdc4e511c8350eeb0511857d9b8f371e4e926c2ac80 SHA512 ee6467ef00c5db1e6c5f6331ec411afd139e7e8c5d5e23e3ee33b3161f0e79028ddecfa661bf4bfb5bac0cfa91385f69d66b57c5337384817f0756b7575aa099 WHIRLPOOL 67bab11771159560fd080d157477aa227aa351bb8101671c0e778a38a15d607a2346ade7b10310914f93d5a1faeb993003590e7bf75cd5c9d06db0c687085b51
 AUX qemu-2.5.0-CVE-2016-2198.patch 1540 SHA256 0d6d81a27ffac1af7c478a050aa690eb007cf9735a1a0c4b398eabeb990d5ab4 SHA512 b0b3131bb2b9b2d3f2a3f3286eeb92b527f0d3366e657cf8bcbabc6426b57893936c5a8ef66697ad1014b4525c09fa4d067195600f96ab2b005fd52b6e77d9a4 WHIRLPOOL f5c56b87f934c573fc71169fcded579b9917285fbfff59fd9288011775f482ead2ac09e1399f325e826305fab2f7bc2cd21d333711c526c1658a069a5ee93491
-AUX qemu-2.5.0-CVE-2016-2392.patch 1265 SHA256 a81d906bcf18fb5cf76fa5fa686c848a33f43054bff03a7a2e0e391a34884be8 SHA512 cac6503176f1e37fa6e9bab1daa4bbec6fb6fb3be4ec2e30427356969f3310b8bb898356f9e7f786e75c3ba07b9bc7afb9f0ac7a99adc12847de49b55c0d7960 WHIRLPOOL 65456ade1b773ebfe629ab0fb0045613b4d2f0f5c2d9ec20409170cba5011de46800bf1dd42a78334fe5166a2c8201e6505f3db904474cd4c28d1e88df0f9daf
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
-AUX qemu-2.5.0-ne2000-reg-check.patch 1141 SHA256 b64fd5bfbd9c7b37b9003271e9902db4ea28b71095a51e161c7698e2f690183b SHA512 7f94ef8cb023224750abc5c2c7d515ccc6ce7f8b655a1454673ecc291193551b9ae00c248c609368a0cf143888ba2c3a5a929a4f9477e5efd27f92c45abc8722 WHIRLPOOL 43fec025a08e0aa0c14ab5ac11cd9aa49b03e52e3fcaacb6785ecd25aa531edfd04a5f8913330e27acf046f8cad2c57887e1a353779ee73ab8bb2dad65c446a7
 AUX qemu-2.5.0-rng-stack-corrupt-0.patch 3125 SHA256 164b155db78a9291b9f8dea71a16b5779e1a9d382a8cb0f5ff380d1f2d811cef SHA512 7da544873dbefbbc7a2ed69bd7cca0053bfe71ef7f5c2faf12cb5dc6e07b8d9104e5bcf329b3355e886edc5805509623234c9fe8fb536544d6285b04ccc59919 WHIRLPOOL f076264ce4bae5be2f34e006e3e4dcc20042313cb6da4977b61529c3100e835952807738d53a86967f98abad68eba1c8dcbb6a04af162b048399e059b5eb9d6b
 AUX qemu-2.5.0-rng-stack-corrupt-1.patch 4110 SHA256 16966eb20072a5d16fec46e5959e32708342af9a7266fe4a90a0abaf68af3529 SHA512 530d6a5f9b6795013bbe197cf0a0d7eddfb06d18c0f8410bcf5bcc2d32c4b72c325b8b0ade2c517bd305fcbdab03124cc527d24d73ce767daf51de65d00920c8 WHIRLPOOL c0b653c67993c6c6ed282f0c86099c8c80a241f10e23ef3fd8e33c6d86fbb5553049550e83954cfc6d3576735c4ce28099f813917966c0a05c84bb46a6bee413
 AUX qemu-2.5.0-rng-stack-corrupt-2.patch 4601 SHA256 c2b4e1ee8ee4bb2f4d42012a847c1da83a9e2349238d37bba1a3b9c440957f7f SHA512 ba299d07c7382f39f177f8094594daf131727d3d28633b426064f7cc6bf75d19b1ae78db248fc70ddbdb43fd2a6b0c5ed7793e6f42aba2763cdb4c12d6816c54 WHIRLPOOL 62b6ab75c32574a4c53193d82c7f51efdaa4789154c2d2f9acee7ede240d2920d92e31dfead7edc17aa12f938919143ce049d2c9ef9733baccc27d382506437f
 AUX qemu-2.5.0-rng-stack-corrupt-3.patch 5519 SHA256 5a3c2ed59bc30f395aee5cd0b77cdb06d868386e5bbe1b392169f8d96ae9474a SHA512 f62713130d3b989b274476a4cc2eafb95dc41de4723fe475e454132817a159eb729bbbe5a29aee755715100095670107c5762271184252e9d0cd43c4b25bc5d1 WHIRLPOOL f8e4aa90b90b03dd6e4dd68734cb16ee5f59a9585697ef3c48e7e861968798cb3c66018ad5a788f99b99e9fddab2ae83d977ec4b1a8599596a5ce03286726e3e
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
-AUX qemu-2.5.0-usb-ehci-oob.patch 2014 SHA256 e0593f8a645dfca3115ea56d1b74d701f07c60d80eadf0bf68133e7539de345a SHA512 c02e0881bb85ffbf7d401b4ee5801692262cddaef9245dfcbf323f0f4d310394e1fbbf639f7a3d2d39ae428c09513adcb9be7fdcf49b7accf133d911dc0b702c WHIRLPOOL 992b2c6d3464a53174054f0d2dc6ec70eeb1e17128ee65c7986d9f5ec80e037bca9bd5bfb65c66bb9bf85f0b56a1a6d008ab4dbe35602d7deea9489add2e7c4b
-AUX qemu-2.5.0-usb-ndis-int-overflow.patch 2404 SHA256 caa4ff5ab038e88b2b09f04f2a9528fc47d42d35fbd35bbd7907afd292ef66db SHA512 f87de0a9f161f14814fafc883bd557f8f007a53729dc3c36145dd19ea9c52eabb81f6ada4e4a7122a461c9bed6f524ea0b92f9182b77a4c7cf9c8ecfc217f8e0 WHIRLPOOL 6022a3e0b125beb85efa2b6c1edf5a94dce27bd299d247078d418cf6515c8fc0ca1d8032034ef427c3d4681cc3536900099391b623152b2609cab2f4f963d046
+AUX qemu-2.5.1-CVE-2015-8558.patch 3237 SHA256 3320c5624a33076b36f39566a4c3bbe5f95adae44207512d791175bcfc3959ff SHA512 c6ea0ca7d0ea221e9704001d26dae143861463ec45c7a543f041520874dd6e3a2d4bdb6d1eca25097f265aa2a1600858c9908b59cdd640007ab057cf7b86083f WHIRLPOOL 0c3c683a79f68ab3073a3b5e6afe2b6184d66254bd8278e131d5aa199ff51d52e5b186521ff8799345b1f1977afc112550e1a7d4b684b2a3267e9caddd0f1576
+AUX qemu-2.5.1-CVE-2016-4020.patch 567 SHA256 6c8e933593cfbedc98de81bf01e394d1ca1d016109fcc81e91f6472d2092b1a0 SHA512 90ac43329cbbcc0451470e010a1a1bd32ef8891c1f2d7d7e54e870e740c77ea8dfdec30989d586aaea250de6ca294504bf7e88818bf35e3269cf528ea3e50ce5 WHIRLPOOL 7ea7c7af1f2a3f11bc5bfe7b708021bbcb03c00d354a733c0fad14193110559cd1561939bd5bb6597a84bc01e74a914ef9dc51f28c522473b424919edc17cdb3
+AUX qemu-2.5.1-stellaris_enet-overflow.patch 1569 SHA256 5d20aef8139068eeb63c167856c8f0004e8761227d9bb1fd67240c4b922f704a SHA512 92c015af82eb92bf5f6f4d6fd86b402636a61f0ac9572cc2f002d4c795ce133f7858a38336fd5f4a25c7157dea969d288bb73f00d9a8b3b8f517ba2aea6e4ba8 WHIRLPOOL 94c49f8f78864ac3da247b569d2afc2ee0d801482a00117a7898fb396440118ef3bc54e1b61023496184f37404c893a1ef7725ce6ca9a27ca596cdf38e747603
+AUX qemu-2.5.1-xfs-linux-headers.patch 2634 SHA256 ca1eb8d4593d794541f375cb1425861e145aa036d440b9d29c4cb7b5102d018b SHA512 88b8a6178893e3354d90ad1a7cfc370fc05ffd2e3ea7c9cc8aeda9e129ea93d45838b5816afb46c0594886fbb129e3665a738f4c195183b843caedc0302530c0 WHIRLPOOL 193f1b89710ecbbb5b645a59ac6f3b7bad8191cc3228bad0427cb80c54e1b55d11d25abe1f59173b9669452f57a52f830d074bb106bdc3c05b6659826a4d561d
 AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
-DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
-EBUILD qemu-2.5.0-r999.ebuild 21699 SHA256 8ca42bbf30baa2271e0a1a7be920a06dba32f7c0b6c0ea50d3dd93d949d6522f SHA512 182ccb339259864276e7540b630dfb46e98058df978ffe7ad1a13df541f70f949a62ece46699cc2ba4c3311a24ccd609933733226bb660cc28c37a4f9608c755 WHIRLPOOL 462aa47e61ad570fc9d874145bbca1ab5b804b590f97a34c62f2640b774f380d105c7d2a61790c1c229b8613f8aa74e2d78f8e01dcdce336e202ce64b4172e2b
+DIST qemu-2.5.1.tar.bz2 25464539 SHA256 028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f WHIRLPOOL 32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf
+EBUILD qemu-2.5.1-r99.ebuild 21104 SHA256 92637c4d36984ff78616a2ca9a1952d453f035608357b2f212cddc4b98bed5de SHA512 0dd1b5d37448371604efb213894bfde17ab08d234affc675dc2474ba395e4b854071711304c30be4a405ed98d6cb2be7f107958487080cd8dbeb15fada2da9f8 WHIRLPOOL cc8ed2d2140b669da67d8a5f15b93651638848f77b853d11b7e235ba37b75d945076266798fff1ccf8d74ba16113cbead260b10e9c8aaed03c07fb5d9d1f1ce3
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-1.7.0-cflags.patch b/app-emulation/qemu/files/qemu-1.7.0-cflags.patch
deleted file mode 100644
index cd003f6..0000000
--- a/app-emulation/qemu/files/qemu-1.7.0-cflags.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -3131,8 +3131,6 @@ fi
- if test "$gcov" = "yes" ; then
-   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
-   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$debug" = "no" ; then
--  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
- fi
- 
- 

diff --git a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch b/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
deleted file mode 100644
index 0e27684..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 Mon Sep 17 00:00:00 2001
-From: Greg Kurz <gkurz@linux.vnet.ibm.com>
-Date: Wed, 23 Dec 2015 10:56:58 +0100
-Subject: [PATCH] virtio-9p: use accessor to get thread_pool
-
-The aio_context_new() function does not allocate a thread pool. This is
-deferred to the first call to the aio_get_thread_pool() accessor. It is
-hence forbidden to access the thread_pool field directly, as it may be
-NULL. The accessor *must* be used always.
-
-Fixes: ebac1202c95a4f1b76b6ef3f0f63926fa76e753e
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Tested-by: Michael Tokarev <mjt@tls.msk.ru>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
----
- hw/9pfs/virtio-9p-coth.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
-index fb6e8f8..ab9425c 100644
---- a/hw/9pfs/virtio-9p-coth.c
-+++ b/hw/9pfs/virtio-9p-coth.c
-@@ -36,6 +36,6 @@ static int coroutine_enter_func(void *arg)
- void co_run_in_worker_bh(void *opaque)
- {
-     Coroutine *co = opaque;
--    thread_pool_submit_aio(qemu_get_aio_context()->thread_pool,
-+    thread_pool_submit_aio(aio_get_thread_pool(qemu_get_aio_context()),
-                            coroutine_enter_func, co, coroutine_enter_cb, co);
- }
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
deleted file mode 100644
index fbc6a0a..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/568246
-
-From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 14 Dec 2015 09:21:23 +0100
-Subject: [PATCH] ehci: make idt processing more robust
-
-Make ehci_process_itd return an error in case we didn't do any actual
-iso transfer because we've found no active transaction.  That'll avoid
-ehci happily run in circles forever if the guest builds a loop out of
-idts.
-
-This is CVE-2015-8558.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Tested-by: P J P <ppandit@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 4e2161b..d07f228 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
- {
-     USBDevice *dev;
-     USBEndpoint *ep;
--    uint32_t i, len, pid, dir, devaddr, endp;
-+    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
-     uint32_t pg, off, ptr1, ptr2, max, mult;
- 
-     ehci->periodic_sched_active = PERIODIC_ACTIVE;
-@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
-                 ehci_raise_irq(ehci, USBSTS_INT);
-             }
-             itd->transact[i] &= ~ITD_XACT_ACTIVE;
-+            xfers++;
-         }
-     }
--    return 0;
-+    return xfers ? 0 : -1;
- }
- 
- 
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
deleted file mode 100644
index e196043..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-https://bugs.gentoo.org/567868
-
-From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Tue, 15 Dec 2015 12:27:54 +0530
-Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
-
-Vmxnet3 device emulator does not check if the device is active
-before activating it, also it did not free the transmit & receive
-buffers while deactivating the device, thus resulting in memory
-leakage on the host. This patch fixes both these issues to avoid
-host memory leakage.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/vmxnet3.c | 24 ++++++++++++++++--------
- 1 file changed, 16 insertions(+), 8 deletions(-)
-
-diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
-index a5dd79a..9c1adfc 100644
---- a/hw/net/vmxnet3.c
-+++ b/hw/net/vmxnet3.c
-@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
- 
- static void vmxnet3_deactivate_device(VMXNET3State *s)
- {
--    VMW_CBPRN("Deactivating vmxnet3...");
--    s->device_active = false;
-+    if (s->device_active) {
-+        VMW_CBPRN("Deactivating vmxnet3...");
-+        vmxnet_tx_pkt_reset(s->tx_pkt);
-+        vmxnet_tx_pkt_uninit(s->tx_pkt);
-+        vmxnet_rx_pkt_uninit(s->rx_pkt);
-+        s->device_active = false;
-+    }
- }
- 
- static void vmxnet3_reset(VMXNET3State *s)
-@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
- 
-     vmxnet3_deactivate_device(s);
-     vmxnet3_reset_interrupt_states(s);
--    vmxnet_tx_pkt_reset(s->tx_pkt);
-     s->drv_shmem = 0;
-     s->tx_sop = true;
-     s->skip_current_tx_pkt = false;
-@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
-         return;
-     }
- 
-+    /* Verify if device is active */
-+    if (s->device_active) {
-+        VMW_CFPRN("Vmxnet3 device is active");
-+        return;
-+    }
-+
-     vmxnet3_adjust_by_guest_type(s);
-     vmxnet3_update_features(s);
-     vmxnet3_update_pm_state(s);
-@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
-         break;
- 
-     case VMXNET3_CMD_QUIESCE_DEV:
--        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
-+        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
-         vmxnet3_deactivate_device(s);
-         break;
- 
-@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
-          * shared address only after we get the high part
-          */
-         if (val == 0) {
--            s->device_active = false;
-+            vmxnet3_deactivate_device(s);
-         }
-         s->temp_shared_guest_driver_memory = val;
-         s->drv_shmem = 0;
-@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
- static void vmxnet3_net_uninit(VMXNET3State *s)
- {
-     g_free(s->mcast_list);
--    vmxnet_tx_pkt_reset(s->tx_pkt);
--    vmxnet_tx_pkt_uninit(s->tx_pkt);
--    vmxnet_rx_pkt_uninit(s->rx_pkt);
-+    vmxnet3_deactivate_device(s);
-     qemu_del_nic(s->nic);
- }
- 
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
deleted file mode 100644
index 61a52ee..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Mon, 21 Dec 2015 15:13:13 +0530
-Subject: [PATCH] scsi: initialise info object with appropriate size
-
-While processing controller 'CTRL_GET_INFO' command, the routine
-'megasas_ctrl_get_info' overflows the '&info' object size. Use its
-appropriate size to null initialise it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: P J P <ppandit@redhat.com>
----
- hw/scsi/megasas.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index d7dc667..576f56c 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
-     BusChild *kid;
-     int num_pd_disks = 0;
- 
--    memset(&info, 0x0, cmd->iov_size);
-+    memset(&info, 0x0, dcmd_size);
-     if (cmd->iov_size < dcmd_size) {
-         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
-                                             dcmd_size);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
deleted file mode 100644
index be67336..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Wed, 13 Jan 2016 09:09:58 +0100
-Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
-
-When processing 'sendkey' command, hmp_sendkey routine null
-terminates the 'keyname_buf' array. This results in an OOB
-write issue, if 'keyname_len' was to fall outside of
-'keyname_buf' array.
-
-Since the keyname's length is known the keyname_buf can be
-removed altogether by adding a length parameter to
-index_from_key() and using it for the error output as well.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Message-Id: <20160113080958.GA18934@olga>
-[Comparison with "<" dumbed down, test for junk after strtoul()
-tweaked]
-Signed-off-by: Markus Armbruster <armbru@redhat.com>
----
- hmp.c                | 18 ++++++++----------
- include/ui/console.h |  2 +-
- ui/input-legacy.c    |  5 +++--
- 3 files changed, 12 insertions(+), 13 deletions(-)
-
-diff --git a/hmp.c b/hmp.c
-index 54f2620..9c571f5 100644
---- a/hmp.c
-+++ b/hmp.c
-@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
-     int has_hold_time = qdict_haskey(qdict, "hold-time");
-     int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
-     Error *err = NULL;
--    char keyname_buf[16];
-     char *separator;
-     int keyname_len;
- 
-     while (1) {
-         separator = strchr(keys, '-');
-         keyname_len = separator ? separator - keys : strlen(keys);
--        pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
- 
-         /* Be compatible with old interface, convert user inputted "<" */
--        if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
--            pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
-+        if (keys[0] == '<' && keyname_len == 1) {
-+            keys = "less";
-             keyname_len = 4;
-         }
--        keyname_buf[keyname_len] = 0;
- 
-         keylist = g_malloc0(sizeof(*keylist));
-         keylist->value = g_malloc0(sizeof(*keylist->value));
-@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
-         }
-         tmp = keylist;
- 
--        if (strstart(keyname_buf, "0x", NULL)) {
-+        if (strstart(keys, "0x", NULL)) {
-             char *endp;
--            int value = strtoul(keyname_buf, &endp, 0);
--            if (*endp != '\0') {
-+            int value = strtoul(keys, &endp, 0);
-+            assert(endp <= keys + keyname_len);
-+            if (endp != keys + keyname_len) {
-                 goto err_out;
-             }
-             keylist->value->type = KEY_VALUE_KIND_NUMBER;
-             keylist->value->u.number = value;
-         } else {
--            int idx = index_from_key(keyname_buf);
-+            int idx = index_from_key(keys, keyname_len);
-             if (idx == Q_KEY_CODE_MAX) {
-                 goto err_out;
-             }
-@@ -1789,7 +1787,7 @@ out:
-     return;
- 
- err_out:
--    monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
-+    monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
-     goto out;
- }
- 
-diff --git a/include/ui/console.h b/include/ui/console.h
-index adac36d..116bc2b 100644
---- a/include/ui/console.h
-+++ b/include/ui/console.h
-@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
- void curses_display_init(DisplayState *ds, int full_screen);
- 
- /* input.c */
--int index_from_key(const char *key);
-+int index_from_key(const char *key, size_t key_length);
- 
- /* gtk.c */
- void early_gtk_display_init(int opengl);
-diff --git a/ui/input-legacy.c b/ui/input-legacy.c
-index 35dfc27..3454055 100644
---- a/ui/input-legacy.c
-+++ b/ui/input-legacy.c
-@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
- static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
-     QTAILQ_HEAD_INITIALIZER(led_handlers);
- 
--int index_from_key(const char *key)
-+int index_from_key(const char *key, size_t key_length)
- {
-     int i;
- 
-     for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
--        if (!strcmp(key, QKeyCode_lookup[i])) {
-+        if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
-+            !QKeyCode_lookup[i][key_length]) {
-             break;
-         }
-     }
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
deleted file mode 100644
index 0dab1c3..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-https://bugs.gentoo.org/570110
-
-From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 28 Dec 2015 16:24:08 +0530
-Subject: [PATCH] net: rocker: fix an incorrect array bounds check
-
-While processing transmit(tx) descriptors in 'tx_consume' routine
-the switch emulator suffers from an off-by-one error, if a
-descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
-fragments. Fix an incorrect bounds check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/rocker/rocker.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
-index c57f1a6..2e77e50 100644
---- a/hw/net/rocker/rocker.c
-+++ b/hw/net/rocker/rocker.c
-@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
-         frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
-         frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
- 
-+        if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
-+            goto err_too_many_frags;
-+        }
-         iov[iovcnt].iov_len = frag_len;
-         iov[iovcnt].iov_base = g_malloc(frag_len);
-         if (!iov[iovcnt].iov_base) {
-@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
-             err = -ROCKER_ENXIO;
-             goto err_bad_io;
-         }
--
--        if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
--            goto err_too_many_frags;
--        }
-+        iovcnt++;
-     }
- 
-     if (iovcnt) {
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
deleted file mode 100644
index b2bca56..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/570988
-
-From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 31 Dec 2015 17:05:27 +0530
-Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
-
-While doing ioport r/w operations, ne2000 device emulation suffers
-from OOB r/w errors. Update respective array bounds check to avoid
-OOB access.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/ne2000.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 010f9ef..a3dffff 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
-                                      uint32_t val)
- {
-     addr &= ~1; /* XXX: check exact behaviour if not even */
--    if (addr < 32 ||
--        (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
-+    if (addr < 32
-+        || (addr >= NE2000_PMEM_START
-+            && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
-         stl_le_p(s->mem + addr, val);
-     }
- }
-@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
- static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
- {
-     addr &= ~1; /* XXX: check exact behaviour if not even */
--    if (addr < 32 ||
--        (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
-+    if (addr < 32
-+        || (addr >= NE2000_PMEM_START
-+            && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
-         return ldl_le_p(s->mem + addr);
-     } else {
-         return 0xffffffff;
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
deleted file mode 100644
index 4ce9a35..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-https://bugs.gentoo.org/571566
-
-From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 11 Jan 2016 14:10:42 -0500
-Subject: [PATCH] ide: ahci: reset ncq object to unused on error
-
-When processing NCQ commands, AHCI device emulation prepares a
-NCQ transfer object; To which an aio control block(aiocb) object
-is assigned in 'execute_ncq_command'. In case, when the NCQ
-command is invalid, the 'aiocb' object is not assigned, and NCQ
-transfer object is left as 'used'. This leads to a use after
-free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
-Reset NCQ transfer object to 'unused' to avoid it.
-
-[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
-Signed-off-by: John Snow <jsnow@redhat.com>
----
- hw/ide/ahci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index dd1912e..17f1cbd 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
-     ide_state->error = ABRT_ERR;
-     ide_state->status = READY_STAT | ERR_STAT;
-     ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
-+    ncq_tfs->used = 0;
- }
- 
- static void ncq_finish(NCQTransferState *ncq_tfs)
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
deleted file mode 100644
index 917fa2f..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
-From: "Gabriel L. Somlo" <somlo@cmu.edu>
-Date: Thu, 5 Nov 2015 09:32:50 -0500
-Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When calculating a pointer to the currently selected fw_cfg item, the
-following is used:
-
-  FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-
-When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
-a non-existent element in s->entries[arch][...], which is undefined.
-
-This patch ensures the resulting entry pointer is set to NULL whenever
-s->cur_entry is FW_CFG_INVALID.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
-Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
-Cc: Marc Marí <markmb@redhat.com>
-Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/nvram/fw_cfg.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
-index c2d3a0a..046fa74 100644
---- a/hw/nvram/fw_cfg.c
-+++ b/hw/nvram/fw_cfg.c
-@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
- static uint8_t fw_cfg_read(FWCfgState *s)
- {
-     int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
--    FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-+    FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
-+                    &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-     uint8_t ret;
- 
-     if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
-@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
-     }
- 
-     arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
--    e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-+    e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
-+        &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
- 
-     if (dma.control & FW_CFG_DMA_CTL_READ) {
-         read = 1;
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
deleted file mode 100644
index 23c2341..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Fri, 18 Dec 2015 11:35:07 +0530
-Subject: [PATCH] i386: avoid null pointer dereference
-
-    Hello,
-
-A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
-occurs while doing I/O port write operations via hmp interface. In that,
-'current_cpu' remains null as it is not called from cpu_exec loop, which
-results in the said issue.
-
-Below is a proposed (tested)patch to fix this issue; Does it look okay?
-
-===
-From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 18 Dec 2015 11:16:07 +0530
-Subject: [PATCH] i386: avoid null pointer dereference
-
-When I/O port write operation is called from hmp interface,
-'current_cpu' remains null, as it is not called from cpu_exec()
-loop. This leads to a null pointer dereference in vapic_write
-routine. Add check to avoid it.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: P J P <ppandit@redhat.com>
----
- hw/i386/kvmvapic.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index c6d34b2..f0922da 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
- static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
-                         unsigned int size)
- {
--    CPUState *cs = current_cpu;
--    X86CPU *cpu = X86_CPU(cs);
--    CPUX86State *env = &cpu->env;
--    hwaddr rom_paddr;
-     VAPICROMState *s = opaque;
-+    X86CPU *cpu;
-+    CPUX86State *env;
-+    hwaddr rom_paddr;
- 
--    cpu_synchronize_state(cs);
-+    if (!current_cpu) {
-+        return;
-+    }
-+
-+    cpu_synchronize_state(current_cpu);
-+    cpu = X86_CPU(current_cpu);
-+    env = &cpu->env;
- 
-     /*
-      * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
deleted file mode 100644
index 2922193..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 19 Jan 2016 14:17:20 +0100
-Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
- start
-
-The start_xmit() and e1000_receive_iov() functions implement DMA transfers
-iterating over a set of descriptors that the guest's e1000 driver
-prepares:
-
-- the TDLEN and RDLEN registers store the total size of the descriptor
-  area,
-
-- while the TDH and RDH registers store the offset (in whole tx / rx
-  descriptors) into the area where the transfer is supposed to start.
-
-Each time a descriptor is processed, the TDH and RDH register is bumped
-(as appropriate for the transfer direction).
-
-QEMU already contains logic to deal with bogus transfers submitted by the
-guest:
-
-- Normally, the transmit case wants to increase TDH from its initial value
-  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
-  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
-  that QEMU currently has here is a check against reaching the original
-  TDH value again -- a complete wraparound, which should never happen.
-
-- In the receive case RDH is increased from its initial value until
-  "total_size" bytes have been received; preferably in a single step, or
-  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
-  RX descriptors are skipped without receiving data, while RDH is
-  incremented just the same. QEMU tries to prevent an infinite loop
-  (processing only null RX descriptors) by detecting whether RDH assumes
-  its original value during the loop. (Again, wrapping from RDLEN to 0 is
-  normal.)
-
-What both directions miss is that the guest could program TDLEN and RDLEN
-so low, and the initial TDH and RDH so high, that these registers will
-immediately be truncated to zero, and then never reassume their initial
-values in the loop -- a full wraparound will never occur.
-
-The condition that expresses this is:
-
-  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
-
-i.e., TDH or RDH start out after the last whole rx or tx descriptor that
-fits into the TDLEN or RDLEN sized area.
-
-This condition could be checked before we enter the loops, but
-pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
-bogus DMA addresses, so we just extend the existing failsafes with the
-above condition.
-
-This is CVE-2016-1981.
-
-Cc: "Michael S. Tsirkin" <mst@redhat.com>
-Cc: Petr Matousek <pmatouse@redhat.com>
-Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Cc: Prasad Pandit <ppandit@redhat.com>
-Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
-Cc: Jason Wang <jasowang@redhat.com>
-Cc: qemu-stable@nongnu.org
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Jason Wang <jasowang@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/e1000.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/e1000.c b/hw/net/e1000.c
-index 4eda7a3..0387fa0 100644
---- a/hw/net/e1000.c
-+++ b/hw/net/e1000.c
-@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
-          * bogus values to TDT/TDLEN.
-          * there's nothing too intelligent we could do about this.
-          */
--        if (s->mac_reg[TDH] == tdh_start) {
-+        if (s->mac_reg[TDH] == tdh_start ||
-+            tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
-             DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
-                    tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
-             break;
-@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
-         if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
-             s->mac_reg[RDH] = 0;
-         /* see comment in start_xmit; same here */
--        if (s->mac_reg[RDH] == rdh_start) {
-+        if (s->mac_reg[RDH] == rdh_start ||
-+            rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
-             DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
-                    rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
-             set_ics(s, 0, E1000_ICS_RXO);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
deleted file mode 100644
index 0ab7b02..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
-From: John Snow <jsnow@redhat.com>
-Date: Wed, 10 Feb 2016 13:29:40 -0500
-Subject: [PATCH] ahci: Do not unmap NULL addresses
-
-Definitely don't try to unmap a garbage address.
-
-Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
-Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com
----
- hw/ide/ahci.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index 7e87b18..3a95dad 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
- 
- static void ahci_unmap_fis_address(AHCIDevice *ad)
- {
-+    if (ad->res_fis == NULL) {
-+        DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
-+        return;
-+    }
-     dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
-                      DMA_DIRECTION_FROM_DEVICE, 256);
-     ad->res_fis = NULL;
-@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
- 
- static void ahci_unmap_clb_address(AHCIDevice *ad)
- {
-+    if (ad->lst == NULL) {
-+        DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
-+        return;
-+    }
-     dma_memory_unmap(ad->hba->as, ad->lst, 1024,
-                      DMA_DIRECTION_FROM_DEVICE, 1024);
-     ad->lst = NULL;
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
deleted file mode 100644
index e7aa5ca..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 11 Feb 2016 16:31:20 +0530
-Subject: [PATCH] usb: check USB configuration descriptor object
-
-When processing remote NDIS control message packets, the USB Net
-device emulator checks to see if the USB configuration descriptor
-object is of RNDIS type(2). But it does not check if it is null,
-which leads to a null dereference error. Add check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-network.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
-index 985a629..5dc4538 100644
---- a/hw/usb/dev-network.c
-+++ b/hw/usb/dev-network.c
-@@ -654,7 +654,8 @@ typedef struct USBNetState {
- 
- static int is_rndis(USBNetState *s)
- {
--    return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
-+    return s->dev.config ?
-+            s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
- }
- 
- static int ndis_query(USBNetState *s, uint32_t oid,
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch b/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
deleted file mode 100644
index 2874b75..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 415ab35a441eca767d033a2702223e785b9d5190 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 24 Feb 2016 11:41:33 +0530
-Subject: [PATCH] net: ne2000: check ring buffer control registers
-
-Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
-bytes to process network packets. Registers PSTART & PSTOP
-define ring buffer size & location. Setting these registers
-to invalid values could lead to infinite loop or OOB r/w
-access issues. Add check to avoid it.
-
-Reported-by: Yang Hongke <yanghongke@huawei.com>
-Tested-by: Yang Hongke <yanghongke@huawei.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/ne2000.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index e408083..f0feaf9 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -155,6 +155,10 @@ static int ne2000_buffer_full(NE2000State *s)
- {
-     int avail, index, boundary;
- 
-+    if (s->stop <= s->start) {
-+        return 1;
-+    }
-+
-     index = s->curpag << 8;
-     boundary = s->boundary << 8;
-     if (index < boundary)
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
deleted file mode 100644
index 2ddca3e..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 20 Jan 2016 01:26:46 +0530
-Subject: [PATCH] usb: check page select value while processing iTD
-
-While processing isochronous transfer descriptors(iTD), the page
-select(PG) field value could lead to an OOB read access. Add
-check to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index ab00268..93601d9 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
-         if (itd->transact[i] & ITD_XACT_ACTIVE) {
-             pg   = get_field(itd->transact[i], ITD_XACT_PGSEL);
-             off  = itd->transact[i] & ITD_XACT_OFFSET_MASK;
--            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
--            ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
-             len  = get_field(itd->transact[i], ITD_XACT_LENGTH);
- 
-             if (len > max * mult) {
-                 len = max * mult;
-             }
--
--            if (len > BUFF_SIZE) {
-+            if (len > BUFF_SIZE || pg > 6) {
-                 return -1;
-             }
- 
-+            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
-             qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
-             if (off + len > 4096) {
-                 /* transfer crosses page border */
-+                if (pg == 6) {
-+                    return -1;  /* avoid page pg + 1 */
-+                }
-+                ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
-                 uint32_t len2 = off + len - 4096;
-                 uint32_t len1 = len - len2;
-                 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
deleted file mode 100644
index da643fd..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 17 Feb 2016 00:23:41 +0530
-Subject: [PATCH] usb: check RNDIS buffer offsets & length
-
-When processing remote NDIS control message packets,
-the USB Net device emulator uses a fixed length(4096) data buffer.
-The incoming informationBufferOffset & Length combination could
-overflow and cross that range. Check control message buffer
-offsets and length to avoid it.
-
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-network.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
-index 5dc4538..c6abd38 100644
---- a/hw/usb/dev-network.c
-+++ b/hw/usb/dev-network.c
-@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
- 
-     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
-     buflen = le32_to_cpu(buf->InformationBufferLength);
--    if (bufoffs + buflen > length)
-+    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
-         return USB_RET_STALL;
-+    }
- 
-     infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
-                             bufoffs + (uint8_t *) buf, buflen, infobuf,
-@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
- 
-     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
-     buflen = le32_to_cpu(buf->InformationBufferLength);
--    if (bufoffs + buflen > length)
-+    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
-         return USB_RET_STALL;
-+    }
- 
-     ret = ndis_set(s, le32_to_cpu(buf->OID),
-                     bufoffs + (uint8_t *) buf, buflen);
-@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
-     if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
-         uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
-         uint32_t size = le32_to_cpu(msg->DataLength);
--        if (offs + size <= len)
-+        if (offs < len && size < len && offs + size <= len) {
-             qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
-+        }
-     }
-     s->out_ptr -= len;
-     memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
new file mode 100644
index 0000000..cf1a4c3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
@@ -0,0 +1,107 @@
+https://bugs.gentoo.org/580426
+https://bugs.gentoo.org/568246
+
+From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 18 Apr 2016 09:20:54 +0200
+Subject: [PATCH] Revert "ehci: make idt processing more robust"
+
+This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
+
+Breaks FreeBSD.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index d5c0e1c..43a8f7a 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ {
+     USBDevice *dev;
+     USBEndpoint *ep;
+-    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
++    uint32_t i, len, pid, dir, devaddr, endp;
+     uint32_t pg, off, ptr1, ptr2, max, mult;
+ 
+     ehci->periodic_sched_active = PERIODIC_ACTIVE;
+@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
+                 ehci_raise_irq(ehci, USBSTS_INT);
+             }
+             itd->transact[i] &= ~ITD_XACT_ACTIVE;
+-            xfers++;
+         }
+     }
+-    return xfers ? 0 : -1;
++    return 0;
+ }
+ 
+ 
+-- 
+2.7.4
+
+From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 18 Apr 2016 09:11:38 +0200
+Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
+DoS by the guest (create a circular iTD queue and let qemu ehci
+emulation run in circles forever).  Unfortunately this has two problems:
+First it misses the case of siTDs, and second it reportedly breaks
+FreeBSD.
+
+So lets go for a different approach: just count the number of iTDs and
+siTDs we have seen per frame and apply a limit.  That should really
+catch all cases now.
+
+Reported-by: 杜少博 <dushaobo@360.cn>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 159f58d..d5c0e1c 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
+ static void ehci_advance_state(EHCIState *ehci, int async)
+ {
+     EHCIQueue *q = NULL;
++    int itd_count = 0;
+     int again;
+ 
+     do {
+@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
+ 
+         case EST_FETCHITD:
+             again = ehci_state_fetchitd(ehci, async);
++            itd_count++;
+             break;
+ 
+         case EST_FETCHSITD:
+             again = ehci_state_fetchsitd(ehci, async);
++            itd_count++;
+             break;
+ 
+         case EST_ADVANCEQUEUE:
+@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
+             break;
+         }
+ 
+-        if (again < 0) {
++        if (again < 0 || itd_count > 16) {
++            /* TODO: notify guest (raise HSE irq?) */
+             fprintf(stderr, "processing error - resetting ehci HC\n");
+             ehci_reset(ehci);
+             again = 0;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
new file mode 100644
index 0000000..e3115c1
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
@@ -0,0 +1,16 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
+https://bugs.gentoo.org/580040
+
+diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
+index c69f374..ff1e31a 100644
+--- a/hw/i386/kvmvapic.c
++++ b/hw/i386/kvmvapic.c
+@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
+     CPUX86State *env = &cpu->env;
+     VAPICHandlers *handlers;
+     uint8_t opcode[2];
+-    uint32_t imm32;
++    uint32_t imm32 = 0;
+     target_ulong current_pc = 0;
+     target_ulong current_cs_base = 0;
+     int current_flags = 0;

diff --git a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
new file mode 100644
index 0000000..ab7d3f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
@@ -0,0 +1,47 @@
+From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 8 Apr 2016 11:33:48 +0530
+Subject: [PATCH] net: stellaris_enet: check packet length against receive
+ buffer
+
+When receiving packets over Stellaris ethernet controller, it
+uses receive buffer of size 2048 bytes. In case the controller
+accepts large(MTU) packets, it could lead to memory corruption.
+Add check to avoid it.
+
+Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/net/stellaris_enet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
+index 84cf60b..6880894 100644
+--- a/hw/net/stellaris_enet.c
++++ b/hw/net/stellaris_enet.c
+@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
+     n = s->next_packet + s->np;
+     if (n >= 31)
+         n -= 31;
+-    s->np++;
+ 
++    if (size >= sizeof(s->rx[n].data) - 6) {
++        /* If the packet won't fit into the
++         * emulated 2K RAM, this is reported
++         * as a FIFO overrun error.
++         */
++        s->ris |= SE_INT_FOV;
++        stellaris_enet_update(s);
++        return -1;
++    }
++
++    s->np++;
+     s->rx[n].len = size + 6;
+     p = s->rx[n].data;
+     *(p++) = (size + 6);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
new file mode 100644
index 0000000..743171b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
@@ -0,0 +1,82 @@
+https://bugs.gentoo.org/577810
+
+From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
+From: Jan Vesely <jano.vesely@gmail.com>
+Date: Fri, 29 Apr 2016 13:15:23 -0400
+Subject: [PATCH] configure: Check if struct fsxattr is available from linux
+ header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes build failure with --enable-xfsctl and
+new linux headers (>=4.5) and older xfsprogs(<4.5):
+In file included from /usr/include/xfs/xfs.h:38:0,
+                 from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
+/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
+ struct fsxattr {
+        ^
+In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
+/usr/include/linux/fs.h:155:8: note: originally defined here
+ struct fsxattr {
+
+This is really a bug in the system headers, but we can work around it
+by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
+the struct, so that xfs_fs.h doesn't try to define it as well.
+
+CC: qemu-trivial@nongnu.org
+CC: Markus Armbruster <armbru@redhat.com>
+CC: Peter Maydell <peter.maydell@linaro.org>
+CC: Stefan Weil <sw@weilnetz.de>
+Tested-by: Stefan Weil <sw@weilnetz.de>
+Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
+[PMM: adjusted commit message, comments]
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ configure | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/configure b/configure
+index ab54f3c..c37fc5f 100755
+--- a/configure
++++ b/configure
+@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
+ fi
+ 
+ ##########################################
++# check if struct fsxattr is available via linux/fs.h
++
++have_fsxattr=no
++cat > $TMPC << EOF
++#include <linux/fs.h>
++struct fsxattr foo;
++int main(void) {
++  return 0;
++}
++EOF
++if compile_prog "" "" ; then
++    have_fsxattr=yes
++fi
++
++##########################################
+ # End of CC checks
+ # After here, no more $cc or $ld runs
+ 
+@@ -5160,6 +5175,14 @@ fi
+ if test "$have_ifaddrs_h" = "yes" ; then
+     echo "HAVE_IFADDRS_H=y" >> $config_host_mak
+ fi
++
++# Work around a system header bug with some kernel/XFS header
++# versions where they both try to define 'struct fsxattr':
++# xfs headers will not try to redefine structs from linux headers
++# if this macro is set.
++if test "$have_fsxattr" = "yes" ; then
++    echo "HAVE_FSXATTR=y" >> $config_host_mak
++fi
+ if test "$vte" = "yes" ; then
+   echo "CONFIG_VTE=y" >> $config_host_mak
+   echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
+-- 
+2.8.2
+

diff --git a/app-emulation/qemu/qemu-2.5.0-r999.ebuild b/app-emulation/qemu/qemu-2.5.1-r99.ebuild
similarity index 94%
rename from app-emulation/qemu/qemu-2.5.0-r999.ebuild
rename to app-emulation/qemu/qemu-2.5.1-r99.ebuild
index 876141b..1d169e8 100644
--- a/app-emulation/qemu/qemu-2.5.0-r999.ebuild
+++ b/app-emulation/qemu/qemu-2.5.1-r99.ebuild
@@ -84,8 +84,8 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
 	gnutls? (
-		dev-libs/nettle[static-libs(+)]
-		>=net-libs/gnutls-3.0[static-libs(+)]
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
 	)
 	gtk? (
 		gtk2? (
@@ -342,25 +342,13 @@ src_prepare() {
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch
 
-	epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
-	epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
-	epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
-	epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
-	epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
-	epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
-	epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
-	epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
-	epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
-	epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
-	epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
-	epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
-	epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
-	epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
-	epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
-	epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
-	epatch "${FILESDIR}"/${P}-sysmacros.patch
-	epatch "${FILESDIR}"/${P}-ne2000-reg-check.patch #573816
-	epatch "${FILESDIR}"/${P}-9pfs-segfault.patch #578142
+	epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
+	epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
+	epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
+	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
+	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2016-07-15  6:27 Anthony G. Basile
  0 siblings, 0 replies; 15+ messages in thread
From: Anthony G. Basile @ 2016-07-15  6:27 UTC (permalink / raw
  To: gentoo-commits

commit:     283a88cbb8cda315a05a039a3d56705660d250ba
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 15 06:31:07 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 15 06:31:07 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=283a88cb

app-emulation/qemu: update based on 2.5.0-r3

Package-Manager: portage-2.2.28
RepoMan-Options: --force

 app-emulation/qemu/Manifest                        |  19 ++-
 .../qemu/files/qemu-2.5.0-9pfs-segfault.patch      |  34 ++++
 .../qemu/files/qemu-2.5.0-CVE-2015-8613.patch      |  35 ++++
 .../qemu/files/qemu-2.5.0-CVE-2015-8619.patch      | 121 ++++++++++++++
 .../qemu/files/qemu-2.5.0-CVE-2016-1714.patch      |  58 +++++++
 .../qemu/files/qemu-2.5.0-CVE-2016-1922.patch      |  65 ++++++++
 .../qemu/files/qemu-2.5.0-CVE-2016-1981.patch      |  98 +++++++++++
 .../qemu/files/qemu-2.5.0-CVE-2016-2197.patch      |  43 +++++
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch      |  46 ++++++
 .../qemu/files/qemu-2.5.0-CVE-2016-2392.patch      |  35 ++++
 .../qemu/files/qemu-2.5.0-ne2000-reg-check.patch   |  37 +++++
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch     |  98 +++++++++++
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch     | 135 ++++++++++++++++
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch     | 155 ++++++++++++++++++
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch     | 179 +++++++++++++++++++++
 .../qemu/files/qemu-2.5.0-sysmacros.patch          |  15 ++
 .../qemu/files/qemu-2.5.0-usb-ehci-oob.patch       |  52 ++++++
 .../files/qemu-2.5.0-usb-ndis-int-overflow.patch   |  59 +++++++
 ...emu-2.5.0-r99.ebuild => qemu-2.5.0-r999.ebuild} |  62 +++++--
 19 files changed, 1335 insertions(+), 11 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 3d07bf4..4e4858a 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -4,14 +4,31 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
+AUX qemu-2.5.0-9pfs-segfault.patch 1294 SHA256 707835ed8af1aa7e8fc9f0e06c6afa8e77fe7858b20ad4c2df2a1aec0627332d SHA512 2af7498939ba653c36808a7bccafe4a3d8c3d1cfa7199c5788f67fb001925dff17e4faba5e13c6b1517ca887209452f4ba7ed71f6b4464d55b5e942350406f90 WHIRLPOOL 591ba85bd9e5ab0665ed5835878886ec0d774a500ed966dd1b37e5478a4799a38d319a6bb88d214f202a83282db6a0434641b30c8b70ceef6bd2fb1e38f8faef
 AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
 AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
+AUX qemu-2.5.0-CVE-2015-8613.patch 1264 SHA256 c8df9bb4c0100ef6c8ae09acd73878e46b3ad4a9e04b9cfe30445922bc33299c SHA512 ea2bf909ec29bab0b2131bf9d3e8fc04f176393258c4ce578d3ac8d76f09a25b96f8a3b2aa450b47c0ba9bc9637e5b93e7cc53542362b48930de18ceebb07698 WHIRLPOOL f0d415b1df9f05cb0431801054535f8939d46e7dda6eaa5ce990eef82ddc458003eb9ae5dc06e3269ddb5ed8f8c903c1f3d058d41e63ea9a5192b6149283feb2
+AUX qemu-2.5.0-CVE-2015-8619.patch 4220 SHA256 325bb3df340a1f5115a345a145bed94e9b2d5721cf8cce1217138e8d5a8a0c1a SHA512 317e882da18332fe667c10c55b8f026d347d93c61f668e8ddb916f1b0f5e39a9e3104c14ab2306ce761024a02a78af3a4808627ad9f18c0d43d748fd30c21505 WHIRLPOOL feddd255cf3844cd270ca2662f6140cc7104f8328e51acb01dc2f6f1b4646061569f5faa629264ebeaa5a2b18e595c4a90b69a588aa05f1acf70d9570067c6c0
 AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
 AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
 AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
+AUX qemu-2.5.0-CVE-2016-1714.patch 2168 SHA256 2a366b01f5c05a87324ca765cea90bc93eda819d264932ac4588e6303e0b7dee SHA512 25f5f67dbcb2175bac1b5d6d11bf6b27019526c0ee43ed8580a0de10bf82ac62e5a71ded4d18c0e561d8d3832da630c92f9f118277da349367f55b4939029216 WHIRLPOOL 600d0c90779aaf7c1840e106359c909d486c7cce483edc0e5ddc627a127c907f5dd9cbd5b8ce561e2675f6bfe8cd0502efa96557601ce26eda2311b1072ab48b
+AUX qemu-2.5.0-CVE-2016-1922.patch 2114 SHA256 a10d23d5ff3d021aa0962c79a397b69518cec6cd570ebea771f03513d4b7eb1a SHA512 af895fd14e876f808203279176c5f5c28d95d0137385c6d0e56e27f9ad70b76552b8ce75a3be368ceed94fbc62999e8d6c5e6dbcd35e99d59c57787afe6ac57d WHIRLPOOL 199ec0c9bc766968778e5733e1ca0773999a3cccfa779d8fdf68c2ed866a1427048b0db9730eb2a1521be5e174ea6388b69053c85d0d25144e73df25ec7829a9
+AUX qemu-2.5.0-CVE-2016-1981.patch 4160 SHA256 ad440f4964670e68846a3469e0cb0eca3ecf11cfc5c2e32b09581b64eef43ab7 SHA512 f133a311da42cc831116251550359949e0f23f1163a7b0e638fc5f43edf1dea17a5e5843a06142c3086ef367d94898b074eebf8c371ea83b7a3981cfd20c4e27 WHIRLPOOL ba6e563917773d4488f51c11864a6ce1a4331ba6fc7925f47768282ea75f1a26c51792063c946579d49b28e3ed7a854a191732c1ba7ec40628395e971cf67782
+AUX qemu-2.5.0-CVE-2016-2197.patch 1358 SHA256 caa5eb42b21a3fc656982fdc4e511c8350eeb0511857d9b8f371e4e926c2ac80 SHA512 ee6467ef00c5db1e6c5f6331ec411afd139e7e8c5d5e23e3ee33b3161f0e79028ddecfa661bf4bfb5bac0cfa91385f69d66b57c5337384817f0756b7575aa099 WHIRLPOOL 67bab11771159560fd080d157477aa227aa351bb8101671c0e778a38a15d607a2346ade7b10310914f93d5a1faeb993003590e7bf75cd5c9d06db0c687085b51
+AUX qemu-2.5.0-CVE-2016-2198.patch 1540 SHA256 0d6d81a27ffac1af7c478a050aa690eb007cf9735a1a0c4b398eabeb990d5ab4 SHA512 b0b3131bb2b9b2d3f2a3f3286eeb92b527f0d3366e657cf8bcbabc6426b57893936c5a8ef66697ad1014b4525c09fa4d067195600f96ab2b005fd52b6e77d9a4 WHIRLPOOL f5c56b87f934c573fc71169fcded579b9917285fbfff59fd9288011775f482ead2ac09e1399f325e826305fab2f7bc2cd21d333711c526c1658a069a5ee93491
+AUX qemu-2.5.0-CVE-2016-2392.patch 1265 SHA256 a81d906bcf18fb5cf76fa5fa686c848a33f43054bff03a7a2e0e391a34884be8 SHA512 cac6503176f1e37fa6e9bab1daa4bbec6fb6fb3be4ec2e30427356969f3310b8bb898356f9e7f786e75c3ba07b9bc7afb9f0ac7a99adc12847de49b55c0d7960 WHIRLPOOL 65456ade1b773ebfe629ab0fb0045613b4d2f0f5c2d9ec20409170cba5011de46800bf1dd42a78334fe5166a2c8201e6505f3db904474cd4c28d1e88df0f9daf
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
+AUX qemu-2.5.0-ne2000-reg-check.patch 1141 SHA256 b64fd5bfbd9c7b37b9003271e9902db4ea28b71095a51e161c7698e2f690183b SHA512 7f94ef8cb023224750abc5c2c7d515ccc6ce7f8b655a1454673ecc291193551b9ae00c248c609368a0cf143888ba2c3a5a929a4f9477e5efd27f92c45abc8722 WHIRLPOOL 43fec025a08e0aa0c14ab5ac11cd9aa49b03e52e3fcaacb6785ecd25aa531edfd04a5f8913330e27acf046f8cad2c57887e1a353779ee73ab8bb2dad65c446a7
+AUX qemu-2.5.0-rng-stack-corrupt-0.patch 3125 SHA256 164b155db78a9291b9f8dea71a16b5779e1a9d382a8cb0f5ff380d1f2d811cef SHA512 7da544873dbefbbc7a2ed69bd7cca0053bfe71ef7f5c2faf12cb5dc6e07b8d9104e5bcf329b3355e886edc5805509623234c9fe8fb536544d6285b04ccc59919 WHIRLPOOL f076264ce4bae5be2f34e006e3e4dcc20042313cb6da4977b61529c3100e835952807738d53a86967f98abad68eba1c8dcbb6a04af162b048399e059b5eb9d6b
+AUX qemu-2.5.0-rng-stack-corrupt-1.patch 4110 SHA256 16966eb20072a5d16fec46e5959e32708342af9a7266fe4a90a0abaf68af3529 SHA512 530d6a5f9b6795013bbe197cf0a0d7eddfb06d18c0f8410bcf5bcc2d32c4b72c325b8b0ade2c517bd305fcbdab03124cc527d24d73ce767daf51de65d00920c8 WHIRLPOOL c0b653c67993c6c6ed282f0c86099c8c80a241f10e23ef3fd8e33c6d86fbb5553049550e83954cfc6d3576735c4ce28099f813917966c0a05c84bb46a6bee413
+AUX qemu-2.5.0-rng-stack-corrupt-2.patch 4601 SHA256 c2b4e1ee8ee4bb2f4d42012a847c1da83a9e2349238d37bba1a3b9c440957f7f SHA512 ba299d07c7382f39f177f8094594daf131727d3d28633b426064f7cc6bf75d19b1ae78db248fc70ddbdb43fd2a6b0c5ed7793e6f42aba2763cdb4c12d6816c54 WHIRLPOOL 62b6ab75c32574a4c53193d82c7f51efdaa4789154c2d2f9acee7ede240d2920d92e31dfead7edc17aa12f938919143ce049d2c9ef9733baccc27d382506437f
+AUX qemu-2.5.0-rng-stack-corrupt-3.patch 5519 SHA256 5a3c2ed59bc30f395aee5cd0b77cdb06d868386e5bbe1b392169f8d96ae9474a SHA512 f62713130d3b989b274476a4cc2eafb95dc41de4723fe475e454132817a159eb729bbbe5a29aee755715100095670107c5762271184252e9d0cd43c4b25bc5d1 WHIRLPOOL f8e4aa90b90b03dd6e4dd68734cb16ee5f59a9585697ef3c48e7e861968798cb3c66018ad5a788f99b99e9fddab2ae83d977ec4b1a8599596a5ce03286726e3e
+AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
+AUX qemu-2.5.0-usb-ehci-oob.patch 2014 SHA256 e0593f8a645dfca3115ea56d1b74d701f07c60d80eadf0bf68133e7539de345a SHA512 c02e0881bb85ffbf7d401b4ee5801692262cddaef9245dfcbf323f0f4d310394e1fbbf639f7a3d2d39ae428c09513adcb9be7fdcf49b7accf133d911dc0b702c WHIRLPOOL 992b2c6d3464a53174054f0d2dc6ec70eeb1e17128ee65c7986d9f5ec80e037bca9bd5bfb65c66bb9bf85f0b56a1a6d008ab4dbe35602d7deea9489add2e7c4b
+AUX qemu-2.5.0-usb-ndis-int-overflow.patch 2404 SHA256 caa4ff5ab038e88b2b09f04f2a9528fc47d42d35fbd35bbd7907afd292ef66db SHA512 f87de0a9f161f14814fafc883bd557f8f007a53729dc3c36145dd19ea9c52eabb81f6ada4e4a7122a461c9bed6f524ea0b92f9182b77a4c7cf9c8ecfc217f8e0 WHIRLPOOL 6022a3e0b125beb85efa2b6c1edf5a94dce27bd299d247078d418cf6515c8fc0ca1d8032034ef427c3d4681cc3536900099391b623152b2609cab2f4f963d046
 AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
 DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
-EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 a8c89e0649ac5d54414b0ba7a4c86e2673fd3ec2e0d03cf23a559ad48a34fa4d SHA512 ccdc156b51f7e790eb0b4922c6a466658525c76e55818c9fa77cc56d542d6fe0607a9eb868c39b226376396282455d582e04921f6289a0cf35a9091aae239f86 WHIRLPOOL 0a9f4f35b22bdc85567f5f60729ba9e973db5b34cfcae571db66ab395010e27084c9fd58d1a65d237444099e893d829721f4984d8c6d47c4c55fea8eba7b7884
+EBUILD qemu-2.5.0-r999.ebuild 21699 SHA256 8ca42bbf30baa2271e0a1a7be920a06dba32f7c0b6c0ea50d3dd93d949d6522f SHA512 182ccb339259864276e7540b630dfb46e98058df978ffe7ad1a13df541f70f949a62ece46699cc2ba4c3311a24ccd609933733226bb660cc28c37a4f9608c755 WHIRLPOOL 462aa47e61ad570fc9d874145bbca1ab5b804b590f97a34c62f2640b774f380d105c7d2a61790c1c229b8613f8aa74e2d78f8e01dcdce336e202ce64b4172e2b
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch b/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
new file mode 100644
index 0000000..0e27684
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-9pfs-segfault.patch
@@ -0,0 +1,34 @@
+From 4b3a4f2d458ca5a7c6c16ac36a8d9ac22cc253d6 Mon Sep 17 00:00:00 2001
+From: Greg Kurz <gkurz@linux.vnet.ibm.com>
+Date: Wed, 23 Dec 2015 10:56:58 +0100
+Subject: [PATCH] virtio-9p: use accessor to get thread_pool
+
+The aio_context_new() function does not allocate a thread pool. This is
+deferred to the first call to the aio_get_thread_pool() accessor. It is
+hence forbidden to access the thread_pool field directly, as it may be
+NULL. The accessor *must* be used always.
+
+Fixes: ebac1202c95a4f1b76b6ef3f0f63926fa76e753e
+Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
+Tested-by: Michael Tokarev <mjt@tls.msk.ru>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
+---
+ hw/9pfs/virtio-9p-coth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/9pfs/virtio-9p-coth.c b/hw/9pfs/virtio-9p-coth.c
+index fb6e8f8..ab9425c 100644
+--- a/hw/9pfs/virtio-9p-coth.c
++++ b/hw/9pfs/virtio-9p-coth.c
+@@ -36,6 +36,6 @@ static int coroutine_enter_func(void *arg)
+ void co_run_in_worker_bh(void *opaque)
+ {
+     Coroutine *co = opaque;
+-    thread_pool_submit_aio(qemu_get_aio_context()->thread_pool,
++    thread_pool_submit_aio(aio_get_thread_pool(qemu_get_aio_context()),
+                            coroutine_enter_func, co, coroutine_enter_cb, co);
+ }
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
new file mode 100644
index 0000000..61a52ee
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
@@ -0,0 +1,35 @@
+From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Mon, 21 Dec 2015 15:13:13 +0530
+Subject: [PATCH] scsi: initialise info object with appropriate size
+
+While processing controller 'CTRL_GET_INFO' command, the routine
+'megasas_ctrl_get_info' overflows the '&info' object size. Use its
+appropriate size to null initialise it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: P J P <ppandit@redhat.com>
+---
+ hw/scsi/megasas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index d7dc667..576f56c 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
+     BusChild *kid;
+     int num_pd_disks = 0;
+ 
+-    memset(&info, 0x0, cmd->iov_size);
++    memset(&info, 0x0, dcmd_size);
+     if (cmd->iov_size < dcmd_size) {
+         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+                                             dcmd_size);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
new file mode 100644
index 0000000..be67336
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
@@ -0,0 +1,121 @@
+From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Wed, 13 Jan 2016 09:09:58 +0100
+Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
+
+When processing 'sendkey' command, hmp_sendkey routine null
+terminates the 'keyname_buf' array. This results in an OOB
+write issue, if 'keyname_len' was to fall outside of
+'keyname_buf' array.
+
+Since the keyname's length is known the keyname_buf can be
+removed altogether by adding a length parameter to
+index_from_key() and using it for the error output as well.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Message-Id: <20160113080958.GA18934@olga>
+[Comparison with "<" dumbed down, test for junk after strtoul()
+tweaked]
+Signed-off-by: Markus Armbruster <armbru@redhat.com>
+---
+ hmp.c                | 18 ++++++++----------
+ include/ui/console.h |  2 +-
+ ui/input-legacy.c    |  5 +++--
+ 3 files changed, 12 insertions(+), 13 deletions(-)
+
+diff --git a/hmp.c b/hmp.c
+index 54f2620..9c571f5 100644
+--- a/hmp.c
++++ b/hmp.c
+@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
+     int has_hold_time = qdict_haskey(qdict, "hold-time");
+     int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
+     Error *err = NULL;
+-    char keyname_buf[16];
+     char *separator;
+     int keyname_len;
+ 
+     while (1) {
+         separator = strchr(keys, '-');
+         keyname_len = separator ? separator - keys : strlen(keys);
+-        pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
+ 
+         /* Be compatible with old interface, convert user inputted "<" */
+-        if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
+-            pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
++        if (keys[0] == '<' && keyname_len == 1) {
++            keys = "less";
+             keyname_len = 4;
+         }
+-        keyname_buf[keyname_len] = 0;
+ 
+         keylist = g_malloc0(sizeof(*keylist));
+         keylist->value = g_malloc0(sizeof(*keylist->value));
+@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
+         }
+         tmp = keylist;
+ 
+-        if (strstart(keyname_buf, "0x", NULL)) {
++        if (strstart(keys, "0x", NULL)) {
+             char *endp;
+-            int value = strtoul(keyname_buf, &endp, 0);
+-            if (*endp != '\0') {
++            int value = strtoul(keys, &endp, 0);
++            assert(endp <= keys + keyname_len);
++            if (endp != keys + keyname_len) {
+                 goto err_out;
+             }
+             keylist->value->type = KEY_VALUE_KIND_NUMBER;
+             keylist->value->u.number = value;
+         } else {
+-            int idx = index_from_key(keyname_buf);
++            int idx = index_from_key(keys, keyname_len);
+             if (idx == Q_KEY_CODE_MAX) {
+                 goto err_out;
+             }
+@@ -1789,7 +1787,7 @@ out:
+     return;
+ 
+ err_out:
+-    monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
++    monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
+     goto out;
+ }
+ 
+diff --git a/include/ui/console.h b/include/ui/console.h
+index adac36d..116bc2b 100644
+--- a/include/ui/console.h
++++ b/include/ui/console.h
+@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
+ void curses_display_init(DisplayState *ds, int full_screen);
+ 
+ /* input.c */
+-int index_from_key(const char *key);
++int index_from_key(const char *key, size_t key_length);
+ 
+ /* gtk.c */
+ void early_gtk_display_init(int opengl);
+diff --git a/ui/input-legacy.c b/ui/input-legacy.c
+index 35dfc27..3454055 100644
+--- a/ui/input-legacy.c
++++ b/ui/input-legacy.c
+@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
+ static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
+     QTAILQ_HEAD_INITIALIZER(led_handlers);
+ 
+-int index_from_key(const char *key)
++int index_from_key(const char *key, size_t key_length)
+ {
+     int i;
+ 
+     for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
+-        if (!strcmp(key, QKeyCode_lookup[i])) {
++        if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
++            !QKeyCode_lookup[i][key_length]) {
+             break;
+         }
+     }
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
new file mode 100644
index 0000000..917fa2f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
@@ -0,0 +1,58 @@
+From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
+From: "Gabriel L. Somlo" <somlo@cmu.edu>
+Date: Thu, 5 Nov 2015 09:32:50 -0500
+Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When calculating a pointer to the currently selected fw_cfg item, the
+following is used:
+
+  FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+
+When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
+a non-existent element in s->entries[arch][...], which is undefined.
+
+This patch ensures the resulting entry pointer is set to NULL whenever
+s->cur_entry is FW_CFG_INVALID.
+
+Reported-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
+Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
+Cc: Marc Marí <markmb@redhat.com>
+Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/nvram/fw_cfg.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
+index c2d3a0a..046fa74 100644
+--- a/hw/nvram/fw_cfg.c
++++ b/hw/nvram/fw_cfg.c
+@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
+ static uint8_t fw_cfg_read(FWCfgState *s)
+ {
+     int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+-    FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
++    FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
++                    &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+     uint8_t ret;
+ 
+     if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
+@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
+     }
+ 
+     arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+-    e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
++    e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
++        &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+ 
+     if (dma.control & FW_CFG_DMA_CTL_READ) {
+         read = 1;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
new file mode 100644
index 0000000..23c2341
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
@@ -0,0 +1,65 @@
+From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Fri, 18 Dec 2015 11:35:07 +0530
+Subject: [PATCH] i386: avoid null pointer dereference
+
+    Hello,
+
+A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
+occurs while doing I/O port write operations via hmp interface. In that,
+'current_cpu' remains null as it is not called from cpu_exec loop, which
+results in the said issue.
+
+Below is a proposed (tested)patch to fix this issue; Does it look okay?
+
+===
+From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 18 Dec 2015 11:16:07 +0530
+Subject: [PATCH] i386: avoid null pointer dereference
+
+When I/O port write operation is called from hmp interface,
+'current_cpu' remains null, as it is not called from cpu_exec()
+loop. This leads to a null pointer dereference in vapic_write
+routine. Add check to avoid it.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: P J P <ppandit@redhat.com>
+---
+ hw/i386/kvmvapic.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
+index c6d34b2..f0922da 100644
+--- a/hw/i386/kvmvapic.c
++++ b/hw/i386/kvmvapic.c
+@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
+ static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
+                         unsigned int size)
+ {
+-    CPUState *cs = current_cpu;
+-    X86CPU *cpu = X86_CPU(cs);
+-    CPUX86State *env = &cpu->env;
+-    hwaddr rom_paddr;
+     VAPICROMState *s = opaque;
++    X86CPU *cpu;
++    CPUX86State *env;
++    hwaddr rom_paddr;
+ 
+-    cpu_synchronize_state(cs);
++    if (!current_cpu) {
++        return;
++    }
++
++    cpu_synchronize_state(current_cpu);
++    cpu = X86_CPU(current_cpu);
++    env = &cpu->env;
+ 
+     /*
+      * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
new file mode 100644
index 0000000..2922193
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
@@ -0,0 +1,98 @@
+From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 19 Jan 2016 14:17:20 +0100
+Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
+ start
+
+The start_xmit() and e1000_receive_iov() functions implement DMA transfers
+iterating over a set of descriptors that the guest's e1000 driver
+prepares:
+
+- the TDLEN and RDLEN registers store the total size of the descriptor
+  area,
+
+- while the TDH and RDH registers store the offset (in whole tx / rx
+  descriptors) into the area where the transfer is supposed to start.
+
+Each time a descriptor is processed, the TDH and RDH register is bumped
+(as appropriate for the transfer direction).
+
+QEMU already contains logic to deal with bogus transfers submitted by the
+guest:
+
+- Normally, the transmit case wants to increase TDH from its initial value
+  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
+  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
+  that QEMU currently has here is a check against reaching the original
+  TDH value again -- a complete wraparound, which should never happen.
+
+- In the receive case RDH is increased from its initial value until
+  "total_size" bytes have been received; preferably in a single step, or
+  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
+  RX descriptors are skipped without receiving data, while RDH is
+  incremented just the same. QEMU tries to prevent an infinite loop
+  (processing only null RX descriptors) by detecting whether RDH assumes
+  its original value during the loop. (Again, wrapping from RDLEN to 0 is
+  normal.)
+
+What both directions miss is that the guest could program TDLEN and RDLEN
+so low, and the initial TDH and RDH so high, that these registers will
+immediately be truncated to zero, and then never reassume their initial
+values in the loop -- a full wraparound will never occur.
+
+The condition that expresses this is:
+
+  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
+
+i.e., TDH or RDH start out after the last whole rx or tx descriptor that
+fits into the TDLEN or RDLEN sized area.
+
+This condition could be checked before we enter the loops, but
+pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
+bogus DMA addresses, so we just extend the existing failsafes with the
+above condition.
+
+This is CVE-2016-1981.
+
+Cc: "Michael S. Tsirkin" <mst@redhat.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Cc: Prasad Pandit <ppandit@redhat.com>
+Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
+Cc: Jason Wang <jasowang@redhat.com>
+Cc: qemu-stable@nongnu.org
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/e1000.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index 4eda7a3..0387fa0 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
+          * bogus values to TDT/TDLEN.
+          * there's nothing too intelligent we could do about this.
+          */
+-        if (s->mac_reg[TDH] == tdh_start) {
++        if (s->mac_reg[TDH] == tdh_start ||
++            tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
+             DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
+                    tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
+             break;
+@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
+         if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
+             s->mac_reg[RDH] = 0;
+         /* see comment in start_xmit; same here */
+-        if (s->mac_reg[RDH] == rdh_start) {
++        if (s->mac_reg[RDH] == rdh_start ||
++            rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
+             DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
+                    rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
+             set_ics(s, 0, E1000_ICS_RXO);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
new file mode 100644
index 0000000..0ab7b02
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
@@ -0,0 +1,43 @@
+From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
+From: John Snow <jsnow@redhat.com>
+Date: Wed, 10 Feb 2016 13:29:40 -0500
+Subject: [PATCH] ahci: Do not unmap NULL addresses
+
+Definitely don't try to unmap a garbage address.
+
+Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
+Signed-off-by: John Snow <jsnow@redhat.com>
+Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com
+---
+ hw/ide/ahci.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
+index 7e87b18..3a95dad 100644
+--- a/hw/ide/ahci.c
++++ b/hw/ide/ahci.c
+@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
+ 
+ static void ahci_unmap_fis_address(AHCIDevice *ad)
+ {
++    if (ad->res_fis == NULL) {
++        DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
++        return;
++    }
+     dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
+                      DMA_DIRECTION_FROM_DEVICE, 256);
+     ad->res_fis = NULL;
+@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
+ 
+ static void ahci_unmap_clb_address(AHCIDevice *ad)
+ {
++    if (ad->lst == NULL) {
++        DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
++        return;
++    }
+     dma_memory_unmap(ad->hba->as, ad->lst, 1024,
+                      DMA_DIRECTION_FROM_DEVICE, 1024);
+     ad->lst = NULL;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
new file mode 100644
index 0000000..d179c33
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
@@ -0,0 +1,46 @@
+From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 29 Jan 2016 18:30:34 +0530
+Subject: [PATCH] usb: ehci: add capability mmio write function
+
+USB Ehci emulation supports host controller capability registers.
+But its mmio '.write' function was missing, which lead to a null
+pointer dereference issue. Add a do nothing 'ehci_caps_write'
+definition to avoid it; Do nothing because capability registers
+are Read Only(RO).
+
+Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 1b50601..0f95d0d 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
+     return s->caps[addr];
+ }
+ 
++static void ehci_caps_write(void *ptr, hwaddr addr,
++                             uint64_t val, unsigned size)
++{
++}
++
+ static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
+                                 unsigned size)
+ {
+@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
+ 
+ static const MemoryRegionOps ehci_mmio_caps_ops = {
+     .read = ehci_caps_read,
++    .write = ehci_caps_write,
+     .valid.min_access_size = 1,
+     .valid.max_access_size = 4,
+     .impl.min_access_size = 1,
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
new file mode 100644
index 0000000..e7aa5ca
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
@@ -0,0 +1,35 @@
+From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 11 Feb 2016 16:31:20 +0530
+Subject: [PATCH] usb: check USB configuration descriptor object
+
+When processing remote NDIS control message packets, the USB Net
+device emulator checks to see if the USB configuration descriptor
+object is of RNDIS type(2). But it does not check if it is null,
+which leads to a null dereference error. Add check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-network.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
+index 985a629..5dc4538 100644
+--- a/hw/usb/dev-network.c
++++ b/hw/usb/dev-network.c
+@@ -654,7 +654,8 @@ typedef struct USBNetState {
+ 
+ static int is_rndis(USBNetState *s)
+ {
+-    return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
++    return s->dev.config ?
++            s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
+ }
+ 
+ static int ndis_query(USBNetState *s, uint32_t oid,
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch b/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
new file mode 100644
index 0000000..2874b75
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-ne2000-reg-check.patch
@@ -0,0 +1,37 @@
+From 415ab35a441eca767d033a2702223e785b9d5190 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 24 Feb 2016 11:41:33 +0530
+Subject: [PATCH] net: ne2000: check ring buffer control registers
+
+Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
+bytes to process network packets. Registers PSTART & PSTOP
+define ring buffer size & location. Setting these registers
+to invalid values could lead to infinite loop or OOB r/w
+access issues. Add check to avoid it.
+
+Reported-by: Yang Hongke <yanghongke@huawei.com>
+Tested-by: Yang Hongke <yanghongke@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/ne2000.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
+index e408083..f0feaf9 100644
+--- a/hw/net/ne2000.c
++++ b/hw/net/ne2000.c
+@@ -155,6 +155,10 @@ static int ne2000_buffer_full(NE2000State *s)
+ {
+     int avail, index, boundary;
+ 
++    if (s->stop <= s->start) {
++        return 1;
++    }
++
+     index = s->curpag << 8;
+     boundary = s->boundary << 8;
+     if (index < boundary)
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
new file mode 100644
index 0000000..684f6ad
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
@@ -0,0 +1,98 @@
+From 3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:15 +0100
+Subject: [PATCH] rng: remove the unused request cancellation code
+
+rng_backend_cancel_requests had no callers and none of the code
+deleted in this commit ever ran.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-2-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 12 ------------
+ backends/rng.c       |  9 ---------
+ include/sysemu/rng.h | 11 -----------
+ 3 files changed, 32 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 2de5cd5..0b2976a 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -125,17 +125,6 @@ static void rng_egd_free_requests(RngEgd *s)
+     s->requests = NULL;
+ }
+ 
+-static void rng_egd_cancel_requests(RngBackend *b)
+-{
+-    RngEgd *s = RNG_EGD(b);
+-
+-    /* We simply delete the list of pending requests.  If there is data in the 
+-     * queue waiting to be read, this is okay, because there will always be
+-     * more data than we requested originally
+-     */
+-    rng_egd_free_requests(s);
+-}
+-
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+ {
+     RngEgd *s = RNG_EGD(b);
+@@ -213,7 +202,6 @@ static void rng_egd_class_init(ObjectClass *klass, void *data)
+     RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
+ 
+     rbc->request_entropy = rng_egd_request_entropy;
+-    rbc->cancel_requests = rng_egd_cancel_requests;
+     rbc->opened = rng_egd_opened;
+ }
+ 
+diff --git a/backends/rng.c b/backends/rng.c
+index b7820ef..2f2f3ee 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -26,15 +26,6 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
+     }
+ }
+ 
+-void rng_backend_cancel_requests(RngBackend *s)
+-{
+-    RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
+-
+-    if (k->cancel_requests) {
+-        k->cancel_requests(s);
+-    }
+-}
+-
+ static bool rng_backend_prop_get_opened(Object *obj, Error **errp)
+ {
+     RngBackend *s = RNG_BACKEND(obj);
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 858be8c..87b3ebe 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -37,7 +37,6 @@ struct RngBackendClass
+ 
+     void (*request_entropy)(RngBackend *s, size_t size,
+                             EntropyReceiveFunc *receive_entropy, void *opaque);
+-    void (*cancel_requests)(RngBackend *s);
+ 
+     void (*opened)(RngBackend *s, Error **errp);
+ };
+@@ -68,14 +67,4 @@ struct RngBackend
+ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  EntropyReceiveFunc *receive_entropy,
+                                  void *opaque);
+-
+-/**
+- * rng_backend_cancel_requests:
+- * @s: the backend to cancel all pending requests in
+- *
+- * Cancels all pending requests submitted by @rng_backend_request_entropy.  This
+- * should be used by a device during reset or in preparation for live migration
+- * to stop tracking any request.
+- */
+-void rng_backend_cancel_requests(RngBackend *s);
+ #endif
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
new file mode 100644
index 0000000..44ba8a7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
@@ -0,0 +1,135 @@
+From 74074e8a7c60592cf1cc6469dbc2550d24aeded3 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:16 +0100
+Subject: [PATCH] rng: move request queue from RngEgd to RngBackend
+
+The 'requests' field now lives in the RngBackend parent class.
+There are no functional changes in this commit.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-3-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 28 +++++++++-------------------
+ include/sysemu/rng.h | 11 +++++++++++
+ 2 files changed, 20 insertions(+), 19 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 0b2976a..b061362 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -25,19 +25,8 @@ typedef struct RngEgd
+ 
+     CharDriverState *chr;
+     char *chr_name;
+-
+-    GSList *requests;
+ } RngEgd;
+ 
+-typedef struct RngRequest
+-{
+-    EntropyReceiveFunc *receive_entropy;
+-    uint8_t *data;
+-    void *opaque;
+-    size_t offset;
+-    size_t size;
+-} RngRequest;
+-
+ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+                                     EntropyReceiveFunc *receive_entropy,
+                                     void *opaque)
+@@ -66,7 +55,7 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+         size -= len;
+     }
+ 
+-    s->requests = g_slist_append(s->requests, req);
++    s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+ static void rng_egd_free_request(RngRequest *req)
+@@ -81,7 +70,7 @@ static int rng_egd_chr_can_read(void *opaque)
+     GSList *i;
+     int size = 0;
+ 
+-    for (i = s->requests; i; i = i->next) {
++    for (i = s->parent.requests; i; i = i->next) {
+         RngRequest *req = i->data;
+         size += req->size - req->offset;
+     }
+@@ -94,8 +83,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+     RngEgd *s = RNG_EGD(opaque);
+     size_t buf_offset = 0;
+ 
+-    while (size > 0 && s->requests) {
+-        RngRequest *req = s->requests->data;
++    while (size > 0 && s->parent.requests) {
++        RngRequest *req = s->parent.requests->data;
+         int len = MIN(size, req->size - req->offset);
+ 
+         memcpy(req->data + req->offset, buf + buf_offset, len);
+@@ -104,7 +93,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+         size -= len;
+ 
+         if (req->offset == req->size) {
+-            s->requests = g_slist_remove_link(s->requests, s->requests);
++            s->parent.requests = g_slist_remove_link(s->parent.requests,
++                                                     s->parent.requests);
+ 
+             req->receive_entropy(req->opaque, req->data, req->size);
+ 
+@@ -117,12 +107,12 @@ static void rng_egd_free_requests(RngEgd *s)
+ {
+     GSList *i;
+ 
+-    for (i = s->requests; i; i = i->next) {
++    for (i = s->parent.requests; i; i = i->next) {
+         rng_egd_free_request(i->data);
+     }
+ 
+-    g_slist_free(s->requests);
+-    s->requests = NULL;
++    g_slist_free(s->parent.requests);
++    s->parent.requests = NULL;
+ }
+ 
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 87b3ebe..c744d82 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -24,6 +24,7 @@
+ #define RNG_BACKEND_CLASS(klass) \
+     OBJECT_CLASS_CHECK(RngBackendClass, (klass), TYPE_RNG_BACKEND)
+ 
++typedef struct RngRequest RngRequest;
+ typedef struct RngBackendClass RngBackendClass;
+ typedef struct RngBackend RngBackend;
+ 
+@@ -31,6 +32,15 @@ typedef void (EntropyReceiveFunc)(void *opaque,
+                                   const void *data,
+                                   size_t size);
+ 
++struct RngRequest
++{
++    EntropyReceiveFunc *receive_entropy;
++    uint8_t *data;
++    void *opaque;
++    size_t offset;
++    size_t size;
++};
++
+ struct RngBackendClass
+ {
+     ObjectClass parent_class;
+@@ -47,6 +57,7 @@ struct RngBackend
+ 
+     /*< protected >*/
+     bool opened;
++    GSList *requests;
+ };
+ 
+ /**
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
new file mode 100644
index 0000000..1cffcc5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
@@ -0,0 +1,155 @@
+From 9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:17 +0100
+Subject: [PATCH] rng: move request queue cleanup from RngEgd to RngBackend
+
+RngBackend is now in charge of cleaning up the linked list on
+instance finalization. It also exposes a function to finalize
+individual RngRequest instances, called by its child classes.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-4-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 25 +------------------------
+ backends/rng.c       | 32 ++++++++++++++++++++++++++++++++
+ include/sysemu/rng.h | 12 ++++++++++++
+ 3 files changed, 45 insertions(+), 24 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index b061362..8f2bd16 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -58,12 +58,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+     s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+-static void rng_egd_free_request(RngRequest *req)
+-{
+-    g_free(req->data);
+-    g_free(req);
+-}
+-
+ static int rng_egd_chr_can_read(void *opaque)
+ {
+     RngEgd *s = RNG_EGD(opaque);
+@@ -93,28 +87,13 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+         size -= len;
+ 
+         if (req->offset == req->size) {
+-            s->parent.requests = g_slist_remove_link(s->parent.requests,
+-                                                     s->parent.requests);
+-
+             req->receive_entropy(req->opaque, req->data, req->size);
+ 
+-            rng_egd_free_request(req);
++            rng_backend_finalize_request(&s->parent, req);
+         }
+     }
+ }
+ 
+-static void rng_egd_free_requests(RngEgd *s)
+-{
+-    GSList *i;
+-
+-    for (i = s->parent.requests; i; i = i->next) {
+-        rng_egd_free_request(i->data);
+-    }
+-
+-    g_slist_free(s->parent.requests);
+-    s->parent.requests = NULL;
+-}
+-
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+ {
+     RngEgd *s = RNG_EGD(b);
+@@ -183,8 +162,6 @@ static void rng_egd_finalize(Object *obj)
+     }
+ 
+     g_free(s->chr_name);
+-
+-    rng_egd_free_requests(s);
+ }
+ 
+ static void rng_egd_class_init(ObjectClass *klass, void *data)
+diff --git a/backends/rng.c b/backends/rng.c
+index 2f2f3ee..014cb9d 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -64,6 +64,30 @@ static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp)
+     s->opened = true;
+ }
+ 
++static void rng_backend_free_request(RngRequest *req)
++{
++    g_free(req->data);
++    g_free(req);
++}
++
++static void rng_backend_free_requests(RngBackend *s)
++{
++    GSList *i;
++
++    for (i = s->requests; i; i = i->next) {
++        rng_backend_free_request(i->data);
++    }
++
++    g_slist_free(s->requests);
++    s->requests = NULL;
++}
++
++void rng_backend_finalize_request(RngBackend *s, RngRequest *req)
++{
++    s->requests = g_slist_remove(s->requests, req);
++    rng_backend_free_request(req);
++}
++
+ static void rng_backend_init(Object *obj)
+ {
+     object_property_add_bool(obj, "opened",
+@@ -72,6 +96,13 @@ static void rng_backend_init(Object *obj)
+                              NULL);
+ }
+ 
++static void rng_backend_finalize(Object *obj)
++{
++    RngBackend *s = RNG_BACKEND(obj);
++
++    rng_backend_free_requests(s);
++}
++
+ static void rng_backend_class_init(ObjectClass *oc, void *data)
+ {
+     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+@@ -84,6 +115,7 @@ static const TypeInfo rng_backend_info = {
+     .parent = TYPE_OBJECT,
+     .instance_size = sizeof(RngBackend),
+     .instance_init = rng_backend_init,
++    .instance_finalize = rng_backend_finalize,
+     .class_size = sizeof(RngBackendClass),
+     .class_init = rng_backend_class_init,
+     .abstract = true,
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index c744d82..08a2eda 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -78,4 +79,15 @@ struct RngBackend
+ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  EntropyReceiveFunc *receive_entropy,
+                                  void *opaque);
++
++/**
++ * rng_backend_free_request:
++ * @s: the backend that created the request
++ * @req: the request to finalize
++ *
++ * Used by child rng backend classes to finalize requests once they've been
++ * processed. The request is removed from the list of active requests and
++ * deleted.
++ */
++void rng_backend_finalize_request(RngBackend *s, RngRequest *req);
+ #endif
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
new file mode 100644
index 0000000..ca9340a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
@@ -0,0 +1,179 @@
+From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:18 +0100
+Subject: [PATCH] rng: add request queue support to rng-random
+
+Requests are now created in the RngBackend parent class and the
+code path is shared by both rng-egd and rng-random.
+
+This commit fixes the rng-random implementation which processed
+only one request at a time and simply discarded all but the most
+recent one. In the guest this manifested as delayed completion
+of reads from virtio-rng, i.e. a read was completed only after
+another read was issued.
+
+By switching rng-random to use the same request queue as rng-egd,
+the unsafe stack-based allocation of the entropy buffer is
+eliminated and replaced with g_malloc.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c    | 16 ++--------------
+ backends/rng-random.c | 43 +++++++++++++++++++------------------------
+ backends/rng.c        | 13 ++++++++++++-
+ include/sysemu/rng.h  |  3 +--
+ 4 files changed, 34 insertions(+), 41 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 8f2bd16..30332ed 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -27,20 +27,10 @@ typedef struct RngEgd
+     char *chr_name;
+ } RngEgd;
+ 
+-static void rng_egd_request_entropy(RngBackend *b, size_t size,
+-                                    EntropyReceiveFunc *receive_entropy,
+-                                    void *opaque)
++static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
+ {
+     RngEgd *s = RNG_EGD(b);
+-    RngRequest *req;
+-
+-    req = g_malloc(sizeof(*req));
+-
+-    req->offset = 0;
+-    req->size = size;
+-    req->receive_entropy = receive_entropy;
+-    req->opaque = opaque;
+-    req->data = g_malloc(req->size);
++    size_t size = req->size;
+ 
+     while (size > 0) {
+         uint8_t header[2];
+@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+ 
+         size -= len;
+     }
+-
+-    s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+ static int rng_egd_chr_can_read(void *opaque)
+diff --git a/backends/rng-random.c b/backends/rng-random.c
+index 8cdad6a..a6cb385 100644
+--- a/backends/rng-random.c
++++ b/backends/rng-random.c
+@@ -22,10 +22,6 @@ struct RndRandom
+ 
+     int fd;
+     char *filename;
+-
+-    EntropyReceiveFunc *receive_func;
+-    void *opaque;
+-    size_t size;
+ };
+ 
+ /**
+@@ -38,36 +34,35 @@ struct RndRandom
+ static void entropy_available(void *opaque)
+ {
+     RndRandom *s = RNG_RANDOM(opaque);
+-    uint8_t buffer[s->size];
+-    ssize_t len;
+ 
+-    len = read(s->fd, buffer, s->size);
+-    if (len < 0 && errno == EAGAIN) {
+-        return;
+-    }
+-    g_assert(len != -1);
++    while (s->parent.requests != NULL) {
++        RngRequest *req = s->parent.requests->data;
++        ssize_t len;
++
++        len = read(s->fd, req->data, req->size);
++        if (len < 0 && errno == EAGAIN) {
++            return;
++        }
++        g_assert(len != -1);
+ 
+-    s->receive_func(s->opaque, buffer, len);
+-    s->receive_func = NULL;
++        req->receive_entropy(req->opaque, req->data, len);
+ 
++        rng_backend_finalize_request(&s->parent, req);
++    }
++
++    /* We've drained all requests, the fd handler can be reset. */
+     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
+ }
+ 
+-static void rng_random_request_entropy(RngBackend *b, size_t size,
+-                                        EntropyReceiveFunc *receive_entropy,
+-                                        void *opaque)
++static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
+ {
+     RndRandom *s = RNG_RANDOM(b);
+ 
+-    if (s->receive_func) {
+-        s->receive_func(s->opaque, NULL, 0);
++    if (s->parent.requests == NULL) {
++        /* If there are no pending requests yet, we need to
++         * install our fd handler. */
++        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+     }
+-
+-    s->receive_func = receive_entropy;
+-    s->opaque = opaque;
+-    s->size = size;
+-
+-    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+ }
+ 
+ static void rng_random_opened(RngBackend *b, Error **errp)
+diff --git a/backends/rng.c b/backends/rng.c
+index 014cb9d..277a41b 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  void *opaque)
+ {
+     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
++    RngRequest *req;
+ 
+     if (k->request_entropy) {
+-        k->request_entropy(s, size, receive_entropy, opaque);
++        req = g_malloc(sizeof(*req));
++
++        req->offset = 0;
++        req->size = size;
++        req->receive_entropy = receive_entropy;
++        req->opaque = opaque;
++        req->data = g_malloc(req->size);
++
++        k->request_entropy(s, req);
++
++        s->requests = g_slist_append(s->requests, req);
+     }
+ }
+ 
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 08a2eda..4fffd68 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -45,8 +45,7 @@ struct RngBackendClass
+ {
+     ObjectClass parent_class;
+ 
+-    void (*request_entropy)(RngBackend *s, size_t size,
+-                            EntropyReceiveFunc *receive_entropy, void *opaque);
++    void (*request_entropy)(RngBackend *s, RngRequest *req);
+ 
+     void (*opened)(RngBackend *s, Error **errp);
+ };
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
new file mode 100644
index 0000000..f2e766d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
@@ -0,0 +1,15 @@
+Linux C libs are moving away from implicit header pollution with sys/types.h
+
+--- a/include/qemu/osdep.h
++++ b/include/qemu/osdep.h
+@@ -78,6 +78,10 @@ extern int daemon(int, int);
+ #include <assert.h>
+ #include <signal.h>
+ 
++#ifdef __linux__
++#include <sys/sysmacros.h>
++#endif
++
+ #ifdef __OpenBSD__
+ #include <sys/signal.h>
+ #endif

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
new file mode 100644
index 0000000..2ddca3e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
@@ -0,0 +1,52 @@
+From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 20 Jan 2016 01:26:46 +0530
+Subject: [PATCH] usb: check page select value while processing iTD
+
+While processing isochronous transfer descriptors(iTD), the page
+select(PG) field value could lead to an OOB read access. Add
+check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index ab00268..93601d9 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
+         if (itd->transact[i] & ITD_XACT_ACTIVE) {
+             pg   = get_field(itd->transact[i], ITD_XACT_PGSEL);
+             off  = itd->transact[i] & ITD_XACT_OFFSET_MASK;
+-            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
+-            ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
+             len  = get_field(itd->transact[i], ITD_XACT_LENGTH);
+ 
+             if (len > max * mult) {
+                 len = max * mult;
+             }
+-
+-            if (len > BUFF_SIZE) {
++            if (len > BUFF_SIZE || pg > 6) {
+                 return -1;
+             }
+ 
++            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
+             qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
+             if (off + len > 4096) {
+                 /* transfer crosses page border */
++                if (pg == 6) {
++                    return -1;  /* avoid page pg + 1 */
++                }
++                ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
+                 uint32_t len2 = off + len - 4096;
+                 uint32_t len1 = len - len2;
+                 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
new file mode 100644
index 0000000..da643fd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
@@ -0,0 +1,59 @@
+From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 17 Feb 2016 00:23:41 +0530
+Subject: [PATCH] usb: check RNDIS buffer offsets & length
+
+When processing remote NDIS control message packets,
+the USB Net device emulator uses a fixed length(4096) data buffer.
+The incoming informationBufferOffset & Length combination could
+overflow and cross that range. Check control message buffer
+offsets and length to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-network.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
+index 5dc4538..c6abd38 100644
+--- a/hw/usb/dev-network.c
++++ b/hw/usb/dev-network.c
+@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
+ 
+     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
+     buflen = le32_to_cpu(buf->InformationBufferLength);
+-    if (bufoffs + buflen > length)
++    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
+         return USB_RET_STALL;
++    }
+ 
+     infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
+                             bufoffs + (uint8_t *) buf, buflen, infobuf,
+@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
+ 
+     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
+     buflen = le32_to_cpu(buf->InformationBufferLength);
+-    if (bufoffs + buflen > length)
++    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
+         return USB_RET_STALL;
++    }
+ 
+     ret = ndis_set(s, le32_to_cpu(buf->OID),
+                     bufoffs + (uint8_t *) buf, buflen);
+@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
+     if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
+         uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
+         uint32_t size = le32_to_cpu(msg->DataLength);
+-        if (offs + size <= len)
++        if (offs < len && size < len && offs + size <= len) {
+             qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
++        }
+     }
+     s->out_ptr -= len;
+     memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/qemu-2.5.0-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r999.ebuild
similarity index 90%
rename from app-emulation/qemu/qemu-2.5.0-r99.ebuild
rename to app-emulation/qemu/qemu-2.5.0-r999.ebuild
index c2bbcc1..876141b 100644
--- a/app-emulation/qemu/qemu-2.5.0-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.5.0-r999.ebuild
@@ -7,8 +7,10 @@ EAPI=5
 PYTHON_COMPAT=( python2_7 )
 PYTHON_REQ_USE="ncurses,readline"
 
+PLOCALES="de_DE fr_FR hu it tr zh_CN"
+
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo pax-utils
+	user udev fcaps readme.gentoo pax-utils l10n
 
 BACKPORTS=
 
@@ -95,9 +97,9 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 			vte? ( x11-libs/vte:2.90 )
 		)
 	)
-	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
 	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
 	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
@@ -212,11 +214,14 @@ QA_WX_LOAD="usr/bin/qemu-i386
 DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
 you have the kernel module loaded before running kvm. The easiest way to
 ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'\n
-For Intel CPUs the module is called 'kvm-intel'\n
-Please review /etc/conf.d/modules for how to load these\n\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
 Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
 
 qemu_support_kvm() {
 	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
@@ -295,6 +300,29 @@ check_targets() {
 	popd >/dev/null
 }
 
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
 src_prepare() {
 	check_targets IUSE_SOFTMMU_TARGETS softmmu
 	check_targets IUSE_USER_TARGETS linux-user
@@ -304,9 +332,6 @@ src_prepare() {
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
-	# Cheap hack to disable gettext .mo generation.
-	use nls || rm -f po/*.po
-
 	# Patching for musl
 	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
@@ -322,6 +347,20 @@ src_prepare() {
 	epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
 	epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
 	epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
+	epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
+	epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
+	epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
+	epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
+	epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
+	epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
+	epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
+	epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
+	epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
+	epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
+	epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
+	epatch "${FILESDIR}"/${P}-sysmacros.patch
+	epatch "${FILESDIR}"/${P}-ne2000-reg-check.patch #573816
+	epatch "${FILESDIR}"/${P}-9pfs-segfault.patch #578142
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
@@ -330,6 +369,9 @@ src_prepare() {
 	MAKEOPTS+=" V=1"
 
 	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
 }
 
 ##


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/
@ 2016-01-30 17:19 Anthony G. Basile
  0 siblings, 0 replies; 15+ messages in thread
From: Anthony G. Basile @ 2016-01-30 17:19 UTC (permalink / raw
  To: gentoo-commits

commit:     db375501bb3b42701ab7b00e15a76ec00779332b
Author:     Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Sat Jan 30 15:58:50 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:28:05 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=db375501

app-emulation/qemu: bump to 2.5.0

 app-emulation/qemu/Manifest                        |  13 +-
 .../qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch    | 241 ------------------
 .../qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch    |  58 -----
 .../qemu/files/qemu-2.3.0-CVE-2015-3456.patch      |  86 -------
 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch      |  50 ++++
 .../qemu/files/qemu-2.5.0-CVE-2015-8567.patch      |  95 +++++++
 .../qemu/files/qemu-2.5.0-CVE-2015-8701.patch      |  49 ++++
 .../qemu/files/qemu-2.5.0-CVE-2015-8743.patch      |  50 ++++
 .../qemu/files/qemu-2.5.0-CVE-2016-1568.patch      |  41 +++
 app-emulation/qemu/files/qemu-2.5.0-cflags.patch   |  13 +
 ...qemu-2.2.1-r99.ebuild => qemu-2.5.0-r99.ebuild} | 274 ++++++++++++---------
 11 files changed, 469 insertions(+), 501 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 2ecdb66..9fdb00d 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -4,11 +4,14 @@ AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd053
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
-AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
-AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
-AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
+AUX qemu-2.5.0-CVE-2015-8558.patch 1459 SHA256 d769e6eb6dc0bdb0b982ef5fe7d73cc6bad47233102f53d11c6ed6c9051602d8 SHA512 42961191890c500675610d5d33e6ff468b07428c6b428ac01bb5c0e3ea88ff611a3532f848d54317458475fef221a06e41761ef14ea61d1b741db73450c4f90d WHIRLPOOL 475679dc1a24bc75012995a9a2122847454701b65ff0b7f8192865b45de49ce08572f129a7cfdeb36521252ed2f80c95e9dddbd64cb8e39fdc5beacc25934798
+AUX qemu-2.5.0-CVE-2015-8567.patch 3108 SHA256 88b72df4e02407c3b9ca4835c38988b97fcd5aa9c68da6fa47207fe675d4e661 SHA512 2f0243ec9764d72fe5e7a005a8db40d3d5c4c2edae5c3451087ee3f5c841c96a3112875cf88a19061fa2ce0d04715d247e6eb1eb83e1e5b57ec0b9eb324b8ce6 WHIRLPOOL b432ff3e105da5c0bd20dd1d7da0374f4005b2ac5a9a8c824e96730aeafa89bb8fc125f8b2857fdaf72024082ddbc0c7a28c3e3ffb9114c3d370db1b638c4731
+AUX qemu-2.5.0-CVE-2015-8701.patch 1671 SHA256 f39e0c6301cffa1b14c3ef0ab72fce0e2acd42170759ef7954234d31602aeb99 SHA512 d39edf84e2d17e6080bbc4a270732cd73b41fa39d948ee7bc4456e1024c5a69ddfb5e848af3272615f5aa36a3b6410a12f5a73e00ccfa58e0d60d7289d034aa9 WHIRLPOOL 352148c367837ba2d6eb5eb39e00c128f0cff3faef159754a41318857bc11a6616be184c24df4767ec2c8c14910ad74fc3be48273f6312b1687910fbcaf7bec3
+AUX qemu-2.5.0-CVE-2015-8743.patch 1777 SHA256 22aac571c1aa6f6a283d200a7703fdfea0a5bcaf227a003a2cbf5741bbb8df85 SHA512 65d8632fd43959983ca02f9ab116ec78ea043e6d867e6d743014885c2a423bb3b87c2e56caa37e7f29e971a44f5ea695cb4ce1c3a9c1fc2d734b25ca0b2f4054 WHIRLPOOL 9128c812cfbfe3d4629cd6c7c2c6f50c9ef2fe2d5b62b24486559279296987f593f852f913eb67fbe956d650d50612fa7a658a60b3d80cf4fa9256e332d77330
+AUX qemu-2.5.0-CVE-2016-1568.patch 1476 SHA256 ba2a25142977eea531159d81ef8938e8519c92800aa1958e71da9e2780c8256a SHA512 643ef742e6cd1dbc8f420b38f684bc8639e4bd58ab38c254654d4b1a72b129202fecdddddfd308b48ed7813da193edff68d737080d5035c82daf9676ee17df22 WHIRLPOOL af9376400540f20d77ea06cb6a12ce415b72bb22cdde3365bba8b02deb8985aedfee303646e13e1d1263a2dcd17bf1518637183a81c66c2db7b438aa88ef7d95
+AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c
 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
-DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
-EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae
+DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
+EBUILD qemu-2.5.0-r99.ebuild 20028 SHA256 aeca48b0f3004f6d41077db6a763ef43c900cecf59d0f9d3ec6eb028846f0560 SHA512 31101660cd608272b6d6b24081ca095f3eb2fb2a33a2174fe62bf86fe006db6deb56590ae8a784fc69e3dd4f19c7a96035d38506f8a3d07e27397d710cf9e85c WHIRLPOOL 457f88c5e474183df7ae41a8d6c0ad49e76a6fdd69c59591c62f750c426e3998628f0770303536102d87509cfc2578813799e4052e09fb688460fa7bf424a2c4
 MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8

diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
deleted file mode 100644
index 35ef8fd..0000000
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-1.patch
+++ /dev/null
@@ -1,241 +0,0 @@
-From a2bebfd6e09d285aa793cae3fb0fc3a39a9fee6e Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 23 Mar 2015 22:58:21 +0000
-Subject: [PATCH] CVE-2015-1779: incrementally decode websocket frames
-
-The logic for decoding websocket frames wants to fully
-decode the frame header and payload, before allowing the
-VNC server to see any of the payload data. There is no
-size limit on websocket payloads, so this allows a
-malicious network client to consume 2^64 bytes in memory
-in QEMU. It can trigger this denial of service before
-the VNC server even performs any authentication.
-
-The fix is to decode the header, and then incrementally
-decode the payload data as it is needed. With this fix
-the websocket decoder will allow at most 4k of data to
-be buffered before decoding and processing payload.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-
-[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
-
-  @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
-  -        *payload_size = input->offset;
-  +        *payload_size = *payload_remain;
-
-[ kraxel: fix 32bit build ]
-
-  @@ -306,7 +306,7 @@ struct VncState
-  -    uint64_t ws_payload_remain;
-  +    size_t ws_payload_remain;
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/vnc-ws.c | 105 ++++++++++++++++++++++++++++++++++++++++--------------------
- ui/vnc-ws.h |   9 ++++--
- ui/vnc.h    |   2 ++
- 3 files changed, 80 insertions(+), 36 deletions(-)
-
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
-index 85dbb7e..0b7de4e 100644
---- a/ui/vnc-ws.c
-+++ b/ui/vnc-ws.c
-@@ -107,7 +107,7 @@ long vnc_client_read_ws(VncState *vs)
- {
-     int ret, err;
-     uint8_t *payload;
--    size_t payload_size, frame_size;
-+    size_t payload_size, header_size;
-     VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
-             vs->ws_input.capacity, vs->ws_input.offset);
-     buffer_reserve(&vs->ws_input, 4096);
-@@ -117,18 +117,39 @@ long vnc_client_read_ws(VncState *vs)
-     }
-     vs->ws_input.offset += ret;
- 
--    /* make sure that nothing is left in the ws_input buffer */
-+    ret = 0;
-+    /* consume as much of ws_input buffer as possible */
-     do {
--        err = vncws_decode_frame(&vs->ws_input, &payload,
--                              &payload_size, &frame_size);
--        if (err <= 0) {
--            return err;
-+        if (vs->ws_payload_remain == 0) {
-+            err = vncws_decode_frame_header(&vs->ws_input,
-+                                            &header_size,
-+                                            &vs->ws_payload_remain,
-+                                            &vs->ws_payload_mask);
-+            if (err <= 0) {
-+                return err;
-+            }
-+
-+            buffer_advance(&vs->ws_input, header_size);
-         }
-+        if (vs->ws_payload_remain != 0) {
-+            err = vncws_decode_frame_payload(&vs->ws_input,
-+                                             &vs->ws_payload_remain,
-+                                             &vs->ws_payload_mask,
-+                                             &payload,
-+                                             &payload_size);
-+            if (err < 0) {
-+                return err;
-+            }
-+            if (err == 0) {
-+                return ret;
-+            }
-+            ret += err;
- 
--        buffer_reserve(&vs->input, payload_size);
--        buffer_append(&vs->input, payload, payload_size);
-+            buffer_reserve(&vs->input, payload_size);
-+            buffer_append(&vs->input, payload, payload_size);
- 
--        buffer_advance(&vs->ws_input, frame_size);
-+            buffer_advance(&vs->ws_input, payload_size);
-+        }
-     } while (vs->ws_input.offset > 0);
- 
-     return ret;
-@@ -265,15 +286,14 @@ void vncws_encode_frame(Buffer *output, const void *payload,
-     buffer_append(output, payload, payload_size);
- }
- 
--int vncws_decode_frame(Buffer *input, uint8_t **payload,
--                           size_t *payload_size, size_t *frame_size)
-+int vncws_decode_frame_header(Buffer *input,
-+                              size_t *header_size,
-+                              size_t *payload_remain,
-+                              WsMask *payload_mask)
- {
-     unsigned char opcode = 0, fin = 0, has_mask = 0;
--    size_t header_size = 0;
--    uint32_t *payload32;
-+    size_t payload_len;
-     WsHeader *header = (WsHeader *)input->buffer;
--    WsMask mask;
--    int i;
- 
-     if (input->offset < WS_HEAD_MIN_LEN + 4) {
-         /* header not complete */
-@@ -283,7 +303,7 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
-     fin = (header->b0 & 0x80) >> 7;
-     opcode = header->b0 & 0x0f;
-     has_mask = (header->b1 & 0x80) >> 7;
--    *payload_size = header->b1 & 0x7f;
-+    payload_len = header->b1 & 0x7f;
- 
-     if (opcode == WS_OPCODE_CLOSE) {
-         /* disconnect */
-@@ -300,40 +320,57 @@ int vncws_decode_frame(Buffer *input, uint8_t **payload,
-         return -2;
-     }
- 
--    if (*payload_size < 126) {
--        header_size = 6;
--        mask = header->u.m;
--    } else if (*payload_size == 126 && input->offset >= 8) {
--        *payload_size = be16_to_cpu(header->u.s16.l16);
--        header_size = 8;
--        mask = header->u.s16.m16;
--    } else if (*payload_size == 127 && input->offset >= 14) {
--        *payload_size = be64_to_cpu(header->u.s64.l64);
--        header_size = 14;
--        mask = header->u.s64.m64;
-+    if (payload_len < 126) {
-+        *payload_remain = payload_len;
-+        *header_size = 6;
-+        *payload_mask = header->u.m;
-+    } else if (payload_len == 126 && input->offset >= 8) {
-+        *payload_remain = be16_to_cpu(header->u.s16.l16);
-+        *header_size = 8;
-+        *payload_mask = header->u.s16.m16;
-+    } else if (payload_len == 127 && input->offset >= 14) {
-+        *payload_remain = be64_to_cpu(header->u.s64.l64);
-+        *header_size = 14;
-+        *payload_mask = header->u.s64.m64;
-     } else {
-         /* header not complete */
-         return 0;
-     }
- 
--    *frame_size = header_size + *payload_size;
-+    return 1;
-+}
-+
-+int vncws_decode_frame_payload(Buffer *input,
-+                               size_t *payload_remain, WsMask *payload_mask,
-+                               uint8_t **payload, size_t *payload_size)
-+{
-+    size_t i;
-+    uint32_t *payload32;
- 
--    if (input->offset < *frame_size) {
--        /* frame not complete */
-+    *payload = input->buffer;
-+    /* If we aren't at the end of the payload, then drop
-+     * off the last bytes, so we're always multiple of 4
-+     * for purpose of unmasking, except at end of payload
-+     */
-+    if (input->offset < *payload_remain) {
-+        *payload_size = input->offset - (input->offset % 4);
-+    } else {
-+        *payload_size = *payload_remain;
-+    }
-+    if (*payload_size == 0) {
-         return 0;
-     }
--
--    *payload = input->buffer + header_size;
-+    *payload_remain -= *payload_size;
- 
-     /* unmask frame */
-     /* process 1 frame (32 bit op) */
-     payload32 = (uint32_t *)(*payload);
-     for (i = 0; i < *payload_size / 4; i++) {
--        payload32[i] ^= mask.u;
-+        payload32[i] ^= payload_mask->u;
-     }
-     /* process the remaining bytes (if any) */
-     for (i *= 4; i < *payload_size; i++) {
--        (*payload)[i] ^= mask.c[i % 4];
-+        (*payload)[i] ^= payload_mask->c[i % 4];
-     }
- 
-     return 1;
-diff --git a/ui/vnc-ws.h b/ui/vnc-ws.h
-index ef229b7..14d4230 100644
---- a/ui/vnc-ws.h
-+++ b/ui/vnc-ws.h
-@@ -83,7 +83,12 @@ long vnc_client_read_ws(VncState *vs);
- void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size);
- void vncws_encode_frame(Buffer *output, const void *payload,
-             const size_t payload_size);
--int vncws_decode_frame(Buffer *input, uint8_t **payload,
--                               size_t *payload_size, size_t *frame_size);
-+int vncws_decode_frame_header(Buffer *input,
-+                              size_t *header_size,
-+                              size_t *payload_remain,
-+                              WsMask *payload_mask);
-+int vncws_decode_frame_payload(Buffer *input,
-+                               size_t *payload_remain, WsMask *payload_mask,
-+                               uint8_t **payload, size_t *payload_size);
- 
- #endif /* __QEMU_UI_VNC_WS_H */
-diff --git a/ui/vnc.h b/ui/vnc.h
-index e19ac39..3f7c6a9 100644
---- a/ui/vnc.h
-+++ b/ui/vnc.h
-@@ -306,6 +306,8 @@ struct VncState
- #ifdef CONFIG_VNC_WS
-     Buffer ws_input;
-     Buffer ws_output;
-+    size_t ws_payload_remain;
-+    WsMask ws_payload_mask;
- #endif
-     /* current output mode information */
-     VncWritePixels *write_pixels;
--- 
-2.3.5
-

diff --git a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch b/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
deleted file mode 100644
index c7a8c8b..0000000
--- a/app-emulation/qemu/files/qemu-2.2.1-CVE-2015-1779-2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Mon, 23 Mar 2015 22:58:22 +0000
-Subject: [PATCH] CVE-2015-1779: limit size of HTTP headers from websockets
- clients
-
-The VNC server websockets decoder will read and buffer data from
-websockets clients until it sees the end of the HTTP headers,
-as indicated by \r\n\r\n. In theory this allows a malicious to
-trick QEMU into consuming an arbitrary amount of RAM. In practice,
-because QEMU runs g_strstr_len() across the buffered header data,
-it will spend increasingly long burning CPU time searching for
-the substring match and less & less time reading data. So while
-this does cause arbitrary memory growth, the bigger problem is
-that QEMU will be burning 100% of available CPU time.
-
-A novnc websockets client typically sends headers of around
-512 bytes in length. As such it is reasonable to place a 4096
-byte limit on the amount of data buffered while searching for
-the end of HTTP headers.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/vnc-ws.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
-index 0b7de4e..62eb97f 100644
---- a/ui/vnc-ws.c
-+++ b/ui/vnc-ws.c
-@@ -81,8 +81,11 @@ void vncws_handshake_read(void *opaque)
-     VncState *vs = opaque;
-     uint8_t *handshake_end;
-     long ret;
--    buffer_reserve(&vs->ws_input, 4096);
--    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
-+    /* Typical HTTP headers from novnc are 512 bytes, so limiting
-+     * total header size to 4096 is easily enough. */
-+    size_t want = 4096 - vs->ws_input.offset;
-+    buffer_reserve(&vs->ws_input, want);
-+    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
- 
-     if (!ret) {
-         if (vs->csock == -1) {
-@@ -99,6 +102,9 @@ void vncws_handshake_read(void *opaque)
-         vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
-         buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
-                 strlen(WS_HANDSHAKE_END));
-+    } else if (vs->ws_input.offset >= 4096) {
-+        VNC_DEBUG("End of headers not found in first 4096 bytes\n");
-+        vnc_client_error(vs);
-     }
- }
- 
--- 
-2.3.5
-

diff --git a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch b/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
deleted file mode 100644
index 87697d0..0000000
--- a/app-emulation/qemu/files/qemu-2.3.0-CVE-2015-3456.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-https://bugs.gentoo.org/549404
-
-From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Wed, 6 May 2015 09:48:59 +0200
-Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer
-
-During processing of certain commands such as FD_CMD_READ_ID and
-FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
-get out of bounds leading to memory corruption with values coming
-from the guest.
-
-Fix this by making sure that the index is always bounded by the
-allocated memory.
-
-This is CVE-2015-3456.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
----
- hw/block/fdc.c |   17 +++++++++++------
- 1 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c
-index f72a392..d8a8edd 100644
---- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- {
-     FDrive *cur_drv;
-     uint32_t retval = 0;
--    int pos;
-+    uint32_t pos;
- 
-     cur_drv = get_cur_drv(fdctrl);
-     fdctrl->dsr &= ~FD_DSR_PWRDOWN;
-@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
-         return 0;
-     }
-     pos = fdctrl->data_pos;
-+    pos %= FD_SECTOR_LEN;
-     if (fdctrl->msr & FD_MSR_NONDMA) {
--        pos %= FD_SECTOR_LEN;
-         if (pos == 0) {
-             if (fdctrl->data_pos != 0)
-                 if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
-@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
- {
-     FDrive *cur_drv = get_cur_drv(fdctrl);
-+    uint32_t pos;
- 
--    if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
-+    pos = fdctrl->data_pos - 1;
-+    pos %= FD_SECTOR_LEN;
-+    if (fdctrl->fifo[pos] & 0x80) {
-         /* Command parameters done */
--        if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
-+        if (fdctrl->fifo[pos] & 0x40) {
-             fdctrl->fifo[0] = fdctrl->fifo[1];
-             fdctrl->fifo[2] = 0;
-             fdctrl->fifo[3] = 0;
-@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256];
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- {
-     FDrive *cur_drv;
--    int pos;
-+    uint32_t pos;
- 
-     /* Reset mode */
-     if (!(fdctrl->dor & FD_DOR_nRESET)) {
-@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
-     }
- 
-     FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
--    fdctrl->fifo[fdctrl->data_pos++] = value;
-+    pos = fdctrl->data_pos++;
-+    pos %= FD_SECTOR_LEN;
-+    fdctrl->fifo[pos] = value;
-     if (fdctrl->data_pos == fdctrl->data_len) {
-         /* We now have all parameters
-          * and will be able to treat the command
--- 
-1.7.0.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
new file mode 100644
index 0000000..fbc6a0a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
@@ -0,0 +1,50 @@
+https://bugs.gentoo.org/568246
+
+From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 14 Dec 2015 09:21:23 +0100
+Subject: [PATCH] ehci: make idt processing more robust
+
+Make ehci_process_itd return an error in case we didn't do any actual
+iso transfer because we've found no active transaction.  That'll avoid
+ehci happily run in circles forever if the guest builds a loop out of
+idts.
+
+This is CVE-2015-8558.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Tested-by: P J P <ppandit@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 4e2161b..d07f228 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ {
+     USBDevice *dev;
+     USBEndpoint *ep;
+-    uint32_t i, len, pid, dir, devaddr, endp;
++    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
+     uint32_t pg, off, ptr1, ptr2, max, mult;
+ 
+     ehci->periodic_sched_active = PERIODIC_ACTIVE;
+@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
+                 ehci_raise_irq(ehci, USBSTS_INT);
+             }
+             itd->transact[i] &= ~ITD_XACT_ACTIVE;
++            xfers++;
+         }
+     }
+-    return 0;
++    return xfers ? 0 : -1;
+ }
+ 
+ 
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
new file mode 100644
index 0000000..e196043
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8567.patch
@@ -0,0 +1,95 @@
+https://bugs.gentoo.org/567868
+
+From aa4a3dce1c88ed51b616806b8214b7c8428b7470 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Tue, 15 Dec 2015 12:27:54 +0530
+Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
+
+Vmxnet3 device emulator does not check if the device is active
+before activating it, also it did not free the transmit & receive
+buffers while deactivating the device, thus resulting in memory
+leakage on the host. This patch fixes both these issues to avoid
+host memory leakage.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/vmxnet3.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index a5dd79a..9c1adfc 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
+ 
+ static void vmxnet3_deactivate_device(VMXNET3State *s)
+ {
+-    VMW_CBPRN("Deactivating vmxnet3...");
+-    s->device_active = false;
++    if (s->device_active) {
++        VMW_CBPRN("Deactivating vmxnet3...");
++        vmxnet_tx_pkt_reset(s->tx_pkt);
++        vmxnet_tx_pkt_uninit(s->tx_pkt);
++        vmxnet_rx_pkt_uninit(s->rx_pkt);
++        s->device_active = false;
++    }
+ }
+ 
+ static void vmxnet3_reset(VMXNET3State *s)
+@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
+ 
+     vmxnet3_deactivate_device(s);
+     vmxnet3_reset_interrupt_states(s);
+-    vmxnet_tx_pkt_reset(s->tx_pkt);
+     s->drv_shmem = 0;
+     s->tx_sop = true;
+     s->skip_current_tx_pkt = false;
+@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
+         return;
+     }
+ 
++    /* Verify if device is active */
++    if (s->device_active) {
++        VMW_CFPRN("Vmxnet3 device is active");
++        return;
++    }
++
+     vmxnet3_adjust_by_guest_type(s);
+     vmxnet3_update_features(s);
+     vmxnet3_update_pm_state(s);
+@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
+         break;
+ 
+     case VMXNET3_CMD_QUIESCE_DEV:
+-        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
++        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
+         vmxnet3_deactivate_device(s);
+         break;
+ 
+@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
+          * shared address only after we get the high part
+          */
+         if (val == 0) {
+-            s->device_active = false;
++            vmxnet3_deactivate_device(s);
+         }
+         s->temp_shared_guest_driver_memory = val;
+         s->drv_shmem = 0;
+@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
+ static void vmxnet3_net_uninit(VMXNET3State *s)
+ {
+     g_free(s->mcast_list);
+-    vmxnet_tx_pkt_reset(s->tx_pkt);
+-    vmxnet_tx_pkt_uninit(s->tx_pkt);
+-    vmxnet_rx_pkt_uninit(s->rx_pkt);
++    vmxnet3_deactivate_device(s);
+     qemu_del_nic(s->nic);
+ }
+ 
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
new file mode 100644
index 0000000..0dab1c3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8701.patch
@@ -0,0 +1,49 @@
+https://bugs.gentoo.org/570110
+
+From 007cd223de527b5f41278f2d886c1a4beb3e67aa Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 28 Dec 2015 16:24:08 +0530
+Subject: [PATCH] net: rocker: fix an incorrect array bounds check
+
+While processing transmit(tx) descriptors in 'tx_consume' routine
+the switch emulator suffers from an off-by-one error, if a
+descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
+fragments. Fix an incorrect bounds check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/rocker/rocker.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
+index c57f1a6..2e77e50 100644
+--- a/hw/net/rocker/rocker.c
++++ b/hw/net/rocker/rocker.c
+@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
+         frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
+         frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
+ 
++        if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
++            goto err_too_many_frags;
++        }
+         iov[iovcnt].iov_len = frag_len;
+         iov[iovcnt].iov_base = g_malloc(frag_len);
+         if (!iov[iovcnt].iov_base) {
+@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
+             err = -ROCKER_ENXIO;
+             goto err_bad_io;
+         }
+-
+-        if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
+-            goto err_too_many_frags;
+-        }
++        iovcnt++;
+     }
+ 
+     if (iovcnt) {
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
new file mode 100644
index 0000000..b2bca56
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8743.patch
@@ -0,0 +1,50 @@
+https://bugs.gentoo.org/570988
+
+From aa7f9966dfdff500bbbf1956d9e115b1fa8987a6 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 31 Dec 2015 17:05:27 +0530
+Subject: [PATCH] net: ne2000: fix bounds check in ioport operations
+
+While doing ioport r/w operations, ne2000 device emulation suffers
+from OOB r/w errors. Update respective array bounds check to avoid
+OOB access.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/ne2000.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
+index 010f9ef..a3dffff 100644
+--- a/hw/net/ne2000.c
++++ b/hw/net/ne2000.c
+@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
+                                      uint32_t val)
+ {
+     addr &= ~1; /* XXX: check exact behaviour if not even */
+-    if (addr < 32 ||
+-        (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
++    if (addr < 32
++        || (addr >= NE2000_PMEM_START
++            && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
+         stl_le_p(s->mem + addr, val);
+     }
+ }
+@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
+ static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
+ {
+     addr &= ~1; /* XXX: check exact behaviour if not even */
+-    if (addr < 32 ||
+-        (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
++    if (addr < 32
++        || (addr >= NE2000_PMEM_START
++            && addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
+         return ldl_le_p(s->mem + addr);
+     } else {
+         return 0xffffffff;
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
new file mode 100644
index 0000000..4ce9a35
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1568.patch
@@ -0,0 +1,41 @@
+https://bugs.gentoo.org/571566
+
+From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 11 Jan 2016 14:10:42 -0500
+Subject: [PATCH] ide: ahci: reset ncq object to unused on error
+
+When processing NCQ commands, AHCI device emulation prepares a
+NCQ transfer object; To which an aio control block(aiocb) object
+is assigned in 'execute_ncq_command'. In case, when the NCQ
+command is invalid, the 'aiocb' object is not assigned, and NCQ
+transfer object is left as 'used'. This leads to a use after
+free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
+Reset NCQ transfer object to 'unused' to avoid it.
+
+[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: John Snow <jsnow@redhat.com>
+Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com
+Signed-off-by: John Snow <jsnow@redhat.com>
+---
+ hw/ide/ahci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
+index dd1912e..17f1cbd 100644
+--- a/hw/ide/ahci.c
++++ b/hw/ide/ahci.c
+@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
+     ide_state->error = ABRT_ERR;
+     ide_state->status = READY_STAT | ERR_STAT;
+     ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
++    ncq_tfs->used = 0;
+ }
+ 
+ static void ncq_finish(NCQTransferState *ncq_tfs)
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
new file mode 100644
index 0000000..173394f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
@@ -0,0 +1,13 @@
+--- a/configure
++++ b/configure
+@@ -4468,10 +4468,6 @@ fi
+ if test "$gcov" = "yes" ; then
+   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+-  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+-  CFLAGS="-O2 $CFLAGS"
+ fi
+ 
+ ##########################################

diff --git a/app-emulation/qemu/qemu-2.2.1-r99.ebuild b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
similarity index 73%
rename from app-emulation/qemu/qemu-2.2.1-r99.ebuild
rename to app-emulation/qemu/qemu-2.5.0-r99.ebuild
index 5b8baf1..2fe26b3 100644
--- a/app-emulation/qemu/qemu-2.2.1-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.5.0-r99.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.2.1-r2.ebuild,v 1.3 2015/05/14 07:09:58 ago Exp $
+# $Id$
 
 EAPI=5
 
@@ -16,12 +16,11 @@ if [[ ${PV} = *9999* ]]; then
 	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
 	inherit git-2
 	SRC_URI=""
-	KEYWORDS=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
 	${BACKPORTS:+
-		http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
-	KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
+		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	KEYWORDS="amd64 ~ppc x86"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -30,76 +29,119 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
 IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
-gtk infiniband iscsi +jpeg \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
 +png pulseaudio python \
-rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
-static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
-virtfs +vnc xattr xen xfs"
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
 
-use_targets="
-	$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-	$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-"
-IUSE+=" ${use_targets}"
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
 
-# Require at least one softmmu or user target.
+# Allow no targets to be built so that people can get a tools-only build.
 # Block USE flag configurations known to not work.
-REQUIRED_USE="|| ( ${use_targets} )
-	${PYTHON_REQUIRED_USE}
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
 	qemu_softmmu_targets_arm? ( fdt )
 	qemu_softmmu_targets_microblaze? ( fdt )
 	qemu_softmmu_targets_ppc? ( fdt )
 	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
 	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
-	virtfs? ( xattr )"
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
 
 # Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
 #
 # The attr lib isn't always linked in (although the USE flag is always
 # respected).  This is because qemu supports using the C library's API
 # when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
 	xattr? ( sys-apps/attr[static-libs(+)] )"
 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
 	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
 	caps? ( sys-libs/libcap-ng[static-libs(+)] )
 	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
 	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle[static-libs(+)]
+		>=net-libs/gnutls-3.0[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
 	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
 	jpeg? ( virtual/jpeg:=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
 	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
 	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
 	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
 	rbd? ( sys-cluster/ceph[static-libs(+)] )
 	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
 	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
 	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
 	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	tls? ( net-libs/gnutls[static-libs(+)] )
-	usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
 	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
 	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
 	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
 USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
 X86_FIRMWARE_DEPEND="
 	>=sys-firmware/ipxe-1.0.0_p20130624
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.7.5
+		~sys-firmware/seabios-1.8.2
 		~sys-firmware/sgabios-0.1_pre8
 		~sys-firmware/vgabios-0.7a
 	)
@@ -108,28 +150,14 @@ X86_FIRMWARE_DEPEND="
 		sys-firmware/sgabios
 		sys-firmware/vgabios
 	)"
-CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
-	!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
 	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
 	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	accessibility? ( app-accessibility/brltty )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	gtk? (
-		x11-libs/gtk+:3
-		x11-libs/vte:2.90
-	)
-	iscsi? ( net-libs/libiscsi )
-	opengl? ( virtual/opengl )
-	pulseaudio? ( media-sound/pulseaudio )
 	python? ( ${PYTHON_DEPS} )
-	sdl? ( media-libs/libsdl[X] )
-	smartcard? ( dev-libs/nss !app-emulation/libcacard )
-	spice? ( >=app-emulation/spice-protocol-0.12.3 )
 	systemtap? ( dev-util/systemtap )
-	usbredir? ( >=sys-apps/usbredir-0.6 )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools )"
+	xen? ( app-emulation/xen-tools:= )"
 DEPEND="${CDEPEND}
 	dev-lang/perl
 	=dev-lang/python-2*
@@ -137,8 +165,8 @@ DEPEND="${CDEPEND}
 	virtual/pkgconfig
 	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
 	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
-	static-user? ( ${USER_LIB_DEPEND} )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
 	test? (
 		dev-libs/glib[utils]
 		sys-devel/bc
@@ -245,10 +273,32 @@ pkg_pretend() {
 
 pkg_setup() {
 	enewgroup kvm 78
-	python_setup
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
 }
 
 src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
 	# Alter target makefiles to accept CFLAGS set via flag-o
 	sed -i -r \
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
@@ -257,20 +307,22 @@ src_prepare() {
 	# Cheap hack to disable gettext .mo generation.
 	use nls || rm -f po/*.po
 
-	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
-	epatch "${FILESDIR}"/${P}-CVE-2015-1779-1.patch #544328
-	epatch "${FILESDIR}"/${P}-CVE-2015-1779-2.patch #544328
-	epatch "${FILESDIR}"/${PN}-2.3.0-CVE-2015-3456.patch #549404
-
 	# Patching for musl
 	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
 	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
 
+	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch
 
+	epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
+	epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
+	epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
+	epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
+	epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
+
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
 
@@ -288,14 +340,10 @@ qemu_src_configure() {
 	debug-print-function ${FUNCNAME} "$@"
 
 	local buildtype=$1
-	local builddir=$2
+	local builddir="${S}/${buildtype}-build"
 	local static_flag="static-${buildtype}"
 
-	# audio options
-	local audio_opts="oss"
-	use alsa && audio_opts="alsa,${audio_opts}"
-	use sdl && audio_opts="sdl,${audio_opts}"
-	use pulseaudio && audio_opts="pa,${audio_opts}"
+	mkdir "${builddir}"
 
 	local conf_opts=(
 		--prefix=/usr
@@ -306,6 +354,11 @@ qemu_src_configure() {
 		--disable-guest-agent
 		--disable-strip
 		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
 		--python="${PYTHON}"
 		--cc="$(tc-getCC)"
 		--cxx="$(tc-getCXX)"
@@ -334,6 +387,8 @@ qemu_src_configure() {
 		$(conf_softmmu curl)
 		$(conf_softmmu fdt)
 		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
 		$(conf_softmmu gtk)
 		$(conf_softmmu infiniband rdma)
 		$(conf_softmmu iscsi libiscsi)
@@ -343,26 +398,25 @@ qemu_src_configure() {
 		$(conf_softmmu ncurses curses)
 		$(conf_softmmu nfs libnfs)
 		$(conf_softmmu numa)
-		$(conf_softmmu opengl glx)
+		$(conf_softmmu opengl)
 		$(conf_softmmu png vnc-png)
 		$(conf_softmmu rbd)
 		$(conf_softmmu sasl vnc-sasl)
 		$(conf_softmmu sdl)
 		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard smartcard-nss)
+		$(conf_softmmu smartcard)
 		$(conf_softmmu snappy)
 		$(conf_softmmu spice)
 		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu tls quorum)
-		$(conf_softmmu tls vnc-tls)
-		$(conf_softmmu tls vnc-ws)
 		$(conf_softmmu usb libusb)
 		$(conf_softmmu usbredir usb-redir)
 		$(conf_softmmu uuid)
 		$(conf_softmmu vde)
 		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
 		$(conf_softmmu virtfs)
 		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
 		$(conf_softmmu xen)
 		$(conf_softmmu xen xen-pci-passthrough)
 		$(conf_softmmu xfs xfsctl)
@@ -373,23 +427,39 @@ qemu_src_configure() {
 		conf_opts+=(
 			--enable-linux-user
 			--disable-system
-			--target-list="${user_targets}"
 			--disable-blobs
 			--disable-tools
 		)
 		;;
 	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
 		conf_opts+=(
 			--disable-linux-user
 			--enable-system
-			--target-list="${softmmu_targets}"
 			--with-system-pixman
 			--audio-drv-list="${audio_opts}"
 		)
-		use gtk && conf_opts+=( --with-gtkabi=3.0 )
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+		)
+		static_flag="static"
 		;;
 	esac
 
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
 	# Add support for SystemTAP
 	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
 
@@ -402,7 +472,7 @@ qemu_src_configure() {
 		gcc-specs-pie && conf_opts+=( --enable-pie )
 	fi
 
-	einfo "../configure ${conf_opts[*]}"
+	echo "../configure ${conf_opts[*]}"
 	cd "${builddir}"
 	../configure "${conf_opts[@]}" || die "configure failed"
 
@@ -415,7 +485,7 @@ qemu_src_configure() {
 src_configure() {
 	local target
 
-	python_export_best
+	python_setup
 
 	softmmu_targets= softmmu_bins=()
 	user_targets= user_bins=()
@@ -434,21 +504,12 @@ src_configure() {
 		fi
 	done
 
-	[[ -n ${softmmu_targets} ]] && \
-		einfo "Building the following softmmu targets: ${softmmu_targets}"
-
-	[[ -n ${user_targets} ]] && \
-		einfo "Building the following user targets: ${user_targets}"
-
-	if [[ -n ${softmmu_targets} ]]; then
-		mkdir "${S}/softmmu-build"
-		qemu_src_configure "softmmu" "${S}/softmmu-build"
-	fi
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
 
-	if [[ -n ${user_targets} ]]; then
-		mkdir "${S}/user-build"
-		qemu_src_configure "user" "${S}/user-build"
-	fi
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
 }
 
 src_compile() {
@@ -461,6 +522,11 @@ src_compile() {
 		cd "${S}/softmmu-build"
 		default
 	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
 }
 
 src_test() {
@@ -506,6 +572,11 @@ src_install() {
 		fi
 	fi
 
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
 	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
 	pushd "${ED}"/usr/bin >/dev/null
 	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
@@ -516,21 +587,21 @@ src_install() {
 	doins "${FILESDIR}/bridge.conf"
 
 	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
 
 	cd "${S}"
 	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp/*.txt
+	dodoc docs/qmp-*.txt
 
-	# Remove SeaBIOS since we're using the SeaBIOS packaged one
-	rm "${ED}/usr/share/qemu/bios.bin"
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-	fi
-
-	# Remove vgabios since we're using the vgabios packaged one
 	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
 		rm "${ED}/usr/share/qemu/vgabios.bin"
 		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
 		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
@@ -568,21 +639,6 @@ src_install() {
 pkg_postinst() {
 	if qemu_support_kvm; then
 		readme.gentoo_print_elog
-		ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
-		ewarn "save states has been removed starting with the 1.6.2 release"
-		ewarn
-		ewarn "It is recommended that you migrate any VMs that may be running"
-		ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
-		ewarn "any saved states with a newer qemu."
-		ewarn
-		ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
-
-		if use x86 || use amd64; then
-			ewarn
-			ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
-			ewarn "installed.  In order to use kvm acceleration, pass the flag"
-			ewarn "-enable-kvm when running your system target."
-		fi
 	fi
 
 	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
@@ -590,10 +646,6 @@ pkg_postinst() {
 	fi
 
 	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-	if use virtfs && [ -n "${softmmu_targets}" ]; then
-		local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
-		fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
-	fi
 }
 
 pkg_info() {
@@ -601,7 +653,7 @@ pkg_info() {
 	echo "  $(best_version app-emulation/spice-protocol)"
 	echo "  $(best_version sys-firmware/ipxe)"
 	echo "  $(best_version sys-firmware/seabios)"
-	if has_version sys-firmware/seabios[binary]; then
+	if has_version 'sys-firmware/seabios[binary]'; then
 		echo "    USE=binary"
 	else
 		echo "    USE=''"


^ permalink raw reply related	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2018-02-17 23:51 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-27 17:59 [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/, app-emulation/qemu/files/ Aric Belsito
  -- strict thread matches above, loose matches on Subject: below --
2018-02-17 23:51 Aric Belsito
2018-02-11 21:29 Aric Belsito
2017-07-27 17:57 Aric Belsito
2017-05-18 16:20 Aric Belsito
2017-04-12 15:41 Aric Belsito
2017-03-24 17:39 Aric Belsito
2017-02-28 18:20 Aric Belsito
2017-02-23  1:27 Aric Belsito
2017-01-03  3:44 Aric Belsito
2016-11-12 22:53 Aric Belsito
2016-10-31 23:26 Aric Belsito
2016-07-31 20:26 Anthony G. Basile
2016-07-15  6:27 Anthony G. Basile
2016-01-30 17:19 Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox