public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2015-06-11 23:46 Anthony G. Basile
  0 siblings, 0 replies; 19+ messages in thread
From: Anthony G. Basile @ 2015-06-11 23:46 UTC (permalink / raw
  To: gentoo-commits

commit:     5314bb59863ad9eec55630c1c45b2b52a379e6b3
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 11 23:47:59 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 11 23:47:59 2015 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=5314bb59

app-emulation/qemu: clean out the older version and patches.

Package-Manager: portage-2.2.18
Manifest-Sign-Key: 0xF52D4BBA

 app-emulation/qemu/Manifest                        |  10 -
 app-emulation/qemu/files/qemu-1.5.3-openpty.patch  |  12 -
 app-emulation/qemu/files/qemu-1.7.0-ffsll.patch    |  19 -
 app-emulation/qemu/files/qemu-1.7.0-sigset_t.patch |  12 -
 .../qemu/files/qemu-2.1.0-CVE-2014-5388.patch      |  36 --
 .../qemu/files/qemu-2.1.1-readlink-self.patch      |  81 ---
 .../qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch  |  50 --
 app-emulation/qemu/files/qemu-9999-cflags.patch    |  13 -
 .../qemu-9999-virtfs-proxy-helper-accept.patch     |  30 --
 app-emulation/qemu/qemu-2.1.2-r99.ebuild           | 600 ---------------------
 10 files changed, 863 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index c77f5c3..2ecdb66 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,24 +1,14 @@
 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
-AUX qemu-1.5.3-openpty.patch 256 SHA256 885ff6391fc7a106b41f7d29ff103c083ecc34580ddd68918c0398bacff43aad SHA512 e5e1900d015880977fcad370b79d5030c782edf2a5794d082796714f95b431447e7d38558ffdfae5af5f7d5d5d6dc2ba3af27e0cee644a72b62651a4570009e4 WHIRLPOOL 894593cd57a96a619b53574e5e86ba72b62659e525cb615522e7ee9ff856454b7d0aee5f9c8cf08641efa5245aba3577808ec8858f4ea73f30483313eb315204
 AUX qemu-1.7.0-cflags.patch 300 SHA256 8f35e55c4bae93e82f9580eabe2d6a2d4660bd05343e1f4e6c33815deeede91e SHA512 54446cb555b623b2306f8a323713e4dfb1b8b7bbf3af3771d5b62e164e0672cc21cbe44f08ca8b58052523e8d629e16355a44ebb544a999a44d11ac3af671f1c WHIRLPOOL b903b4abefeeb09a2ab2d1ee224de5d3694f99f50aacfe33882fce0c1c87c23dae4d57b001d1c35cc96fffa93d43fac4a8ab30a3e45fe1f380580162c0332e78
-AUX qemu-1.7.0-ffsll.patch 560 SHA256 d211b937e4c50d50c680cf7e4450079a3b3924857849d7a99da4e3adac708aa8 SHA512 00594c276865ae9d3c1b748ebcf3e5d88b8a4b10e1700b215f22de5dbd6ba06bb9ad9b461bc93ba3b8794418d4197d3af45ef5eb46b9c1829afa9ca0b1eacf13 WHIRLPOOL 475307753a39fab1bf2e82602068f9992978cf74f9c3374369d1c0329592248b31830135d07d1386d8a66a7bf539a33551ac9de04478e5a2efe4d8385689e61d
-AUX qemu-1.7.0-sigset_t.patch 403 SHA256 081866f22ed90e9e4bfb91fed7b213d923d369dcfdec229fcc8120074d9ba18a SHA512 65106e0d6f3e0b8bd8623d54d9f8795d422dcae90f682025e0b71aa56e0668c24babbbebddebb0f88227e97447c50b840bcea234d264c58a438e04ea3cfa3095 WHIRLPOOL 32a6c3dc3a967dc0882914b5cf7e10cba3be7925ae0a8ed0e85690d5c12e055544240e44efaf9ab9ce3de6620f12127331d3dd46c6ea03a4bb4d56e17d68e9db
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
-AUX qemu-2.1.0-CVE-2014-5388.patch 1093 SHA256 df7c11ffb519f9a4c0db177359c5fe9772d5463fbd61d29905b8177e598d6887 SHA512 1f0c4b5b306f85a9a796b906cdd79106ea87a07217aee5b84ac45db0235440b55484591eeb4d0c05fbae6011879ac957304e82cb8a7b58ee77c550e32602367f WHIRLPOOL 33a09191ba765f72764ce5396e9a14c8f900efaf7e1707d535cadca38c46bf0dde0e99f6e8f0f37bd58ae512049edf78977976678088a1dc4d26f544e90cfc29
-AUX qemu-2.1.1-readlink-self.patch 2933 SHA256 3133ec1a0f0126d3362c9420602a1fdfc76fafacac8b41f5bd755e7542ee4188 SHA512 7ee06e119007e6dc08f254cbfdcc6de1c914181f60e69434190fe507a80b7d0f9e8682f0213d447481f39e145fcb0be2e118516238addb5c4326533fc0db143f WHIRLPOOL 54edcb4510546c69dedf78a2070f22e7ef2809b35a66dc2e5d356f2f1b22eea8baa5b17ed4a4d9860ee6b864fac92eb9d1bbb6daeb6e2d80e3cc702f32039996
-AUX qemu-2.1.2-vnc-sanitize-bits.patch 1279 SHA256 ef1e748fd9ffa0eb8ef412e6ea3cc96522e0ca91cf7201e6702d260ca50cbac5 SHA512 7e1a744928eb8edb76b18e58cf94da38ad1030f49ceb38f5e081d852573f8f314f998639c8e97fee27a53f51abe495b27406daa02b670a620ab2db165a47429e WHIRLPOOL bc024286739b56038bfebd6c2ad71addd9565a833f21a7a48cadbe7403c3e93c889cb2223d044448634cc93b6dc45a268299ea1b5b18c09b3477bb6e12fb0506
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
 AUX qemu-2.2.1-CVE-2015-1779-1.patch 8631 SHA256 17ea04bb0571f3a346eb25ce2d61fd7053515767adedfde567fd39205993c600 SHA512 191dde0754b9466d87cf99a578ac07f0902f373156f4d5ff98540b9099a6fa8e29ba4ca9d4a5a21ae5dbba2b80c36600ea0bd2c31fa0c8734926514015166ab8 WHIRLPOOL 2be2f490eb32857b2b218761df3580bc31eb5a89bf1b289a048e9fd489cdb024869399481345b5ecb09a45c4fbf1ee4639062ae1fdbee9781e66ca6cc8af4cac
 AUX qemu-2.2.1-CVE-2015-1779-2.patch 2318 SHA256 4c0966520bf09df25d99c883f94037e765406dd4097dd704e66361bb07f73679 SHA512 7a85bc8e00c60c6c36790d1169f0d84d2c75fe81c1700b4f764ddcb0d0587d4b6d228d80e65fead035e3ab99449aad2f559071edf9145ff7a755506f3ff05b0e WHIRLPOOL 078388c50367d41c810a02aa795b6ad0df381582bdd2725ae125243ee5921aa4057494f063a7de49da6b6f6343f37a3c83d96ef6d92c22e722972c8e4ea968dc
 AUX qemu-2.3.0-CVE-2015-3456.patch 2853 SHA256 efac61bf9c20d5d08ef47bc9d51be5c8bd519f1d970ba3c3506c5760bf807e7d SHA512 5fed59ae67a962d187418f4bd57cebe901f9bcba817694b5e2a57daf77c34a406ed7c1f278e12d813304e58c48a24493b4e001a9ee4045bab2608f1730715ac7 WHIRLPOOL 9ad5237aa1bbe46a8493e331bb9c2152c36f9c877582485e1cf811b09430bad97a9f3b6bc52face7e4287f9c9fe4f1891de154a62ba93ea454c3ed9d44e8f729
-AUX qemu-9999-cflags.patch 347 SHA256 fe3bcbe83e81225b2c722578a0a976fcb724419d5208bbd6d02fb543e80b7e12 SHA512 e1b8be744170d61a2155b23a8394db01f8af6dc70ec033e71b2ff46f72975704836d42b96d7904e5d462289c5f8f24317f2fb28698f18a77ab1de02829e585eb WHIRLPOOL 2d972c7e40292f424fd37a4c1af04d2be095c215211ec2e1d15d8457df553342ffc02a7d39985f817fbbf5342e422d30e439c35a925341cf9b852ca7ff15a308
-AUX qemu-9999-virtfs-proxy-helper-accept.patch 973 SHA256 91cc9e024aa09ea3dd23ec52c561047656acc89f0ad0d5ddccce354c1ac4d282 SHA512 031cb1c35b479b18032f56a07fa2fa6d392a7f0919acd3636bf122ab7f75dcfbb5fc0e26e18a8a31a9888409f81c2e08438a1af999232418d940167c5031a92b WHIRLPOOL ea4dc08230289a147fd55d0bd9e32896cd4491130084fc45b4043f41caf611f07d4587cc485e6d25ba3f6fbc66939ed8faf3c2017bf33ab10e1885277fa3f6ff
 AUX qemu-binfmt.initd-r1 7023 SHA256 3572c110c6f217754e638796400a5901910a2e61b8818c8569f8258b103ebcc6 SHA512 773af64fef164c00945acf5881e64a10141aa8fdc85491e57bf8dcc7c800a4f81879527998a0896a42f921edcbf5f741beb31ac2a82e45cba506c7b8461733c8 WHIRLPOOL 30382fe347248683e989c2b7fbd804ce26173b313746d80467029b2ad3594f414628f7537120b168a0e700c424d3525528eb632b07e16544c2fd07f418f3187c
 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
-DIST qemu-2.1.2.tar.bz2 23563255 SHA256 fd10f5e45cf5a736fa5a3e1c279ae9821534e700beb7d1aab88a07648a394885 SHA512 73ef758c82b23eec649c807bee8937d7fbf267278f7777adbdb22b738672543b826d211a4b523f38cee3e2b01f05ccf40a75756fc19c911362988d8e86d5cd58 WHIRLPOOL 5703d0aa8bb4366bb7aeb44fa4f3d1b54f188de42cd8c82e894584f627802b80a3dde1aa3b15fe8602a1891ec61ac66b3cd44ec031385cca88768f375c15b554
 DIST qemu-2.2.1.tar.bz2 24483500 SHA256 4617154c6ef744b83e10b744e392ad111dd351d435d6563ce24d8da75b1335a0 SHA512 970ead0c92fc04502c6d3a8dbfafa5797667b3d276a1a25ddbe991d20d8e17a588905ecbffa77fb3b9d12e481ac3776ca4c38fe89a5e4c96dc2fb045214bfa9f WHIRLPOOL 9226ce4a4f5c7247d6ab34eb8b45c9a91416ee5849dbe25b9d15cddbd6aba2b8da77280f6055d363a81ddec515d28bf501351cb7e21ecfb4bfe42cdb7e349788
-EBUILD qemu-2.1.2-r99.ebuild 18542 SHA256 3e1df3e683e3e0f98abef9d912cccb8292be1d5ac96de4982c16829f209f3451 SHA512 0338892629e480794ecc6201f6eda7259201f9add8f6e1c3f7487826455398d30dd0d78fc794b73bd73bd206b7ae2810f3d5ed74abbc435a9685c3429173fea1 WHIRLPOOL 4167e7c6d0810c93a926c84fd3fa4b46624881205ad2eae3f11e5a03bfb8231c3e265bd986bf24b8e1f7eaf41e6a2f3c8964d416e0ac95ab406383aa4d0c6e28
 EBUILD qemu-2.2.1-r99.ebuild 18744 SHA256 15c5267816cbc7798b2aa0c342bd0a0254550d2fdb1497f3237aa33b53c8c59f SHA512 c7c90792a79fbf226e41f8dd61d5f3b1046a1e9c130d3216a0c29d374a09ec5aa8575e2578b843f37fd04645e2804ae91298924d307aff25922d7461bf52fe78 WHIRLPOOL ef73221242451e8772598ee1b0e346f4aa94ec59c1daf58ca9ac35d49e431c687ca5d80155e4e5846a3f76d35330a1043f9ae9018c19e0e1fc828711298aebae
 MISC metadata.xml 3774 SHA256 45d220d5c3fedecb5c318e2ab1fa796391f5fd3db09e4ef218b3bc7cb3cb10e1 SHA512 90b16206b5398b4044132d930b417372e1d305a93b062c895bc3b46ae64a19aa96d2471b5838f960cca7c6c30ce58571f332731f02eaeee17e4204469c5d6330 WHIRLPOOL f5498b8cb14aeeacdfd1da30c26ceca282bba3042a6288496d624d91c3c26c1bed34c42374db04e06378c8efd78010d3bef76c41c1aa529ccf17cec513ed1fa8

diff --git a/app-emulation/qemu/files/qemu-1.5.3-openpty.patch b/app-emulation/qemu/files/qemu-1.5.3-openpty.patch
deleted file mode 100644
index 5c71c5b..0000000
--- a/app-emulation/qemu/files/qemu-1.5.3-openpty.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Patch taken from sabotage linux
---- qemu-1.7.0.org/util/qemu-openpty.c
-+++ qemu-1.7.0/util/qemu-openpty.c
-@@ -47,6 +47,8 @@
- #elif defined CONFIG_SOLARIS
- # include <termios.h>
- # include <stropts.h>
-+#else
-+# include <termios.h>
- #endif
- 
- #ifdef __sun__

diff --git a/app-emulation/qemu/files/qemu-1.7.0-ffsll.patch b/app-emulation/qemu/files/qemu-1.7.0-ffsll.patch
deleted file mode 100644
index 481bd72..0000000
--- a/app-emulation/qemu/files/qemu-1.7.0-ffsll.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-taken from sabotage linux
---- qemu-1.7.0.org/hw/virtio/vhost.c
-+++ qemu-1.7.0/hw/virtio/vhost.c
-@@ -22,6 +22,15 @@
- #include "exec/address-spaces.h"
- #include "hw/virtio/virtio-bus.h"
- 
-+#ifndef HAVE_FFSLL
-+static int ffsll(long long i) {
-+    unsigned long long x = i & -i;
-+    if (x <= 0xffffffff) return ffs (i);
-+    else return 32 + ffs (i >> 32);
-+}
-+#endif
-+
-+
- static void vhost_dev_sync_region(struct vhost_dev *dev,
-                                   MemoryRegionSection *section,
-                                   uint64_t mfirst, uint64_t mlast,

diff --git a/app-emulation/qemu/files/qemu-1.7.0-sigset_t.patch b/app-emulation/qemu/files/qemu-1.7.0-sigset_t.patch
deleted file mode 100644
index 1d5d173..0000000
--- a/app-emulation/qemu/files/qemu-1.7.0-sigset_t.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-taken from sabotage linux
---- qemu-1.7.0.org/linux-user/syscall.c
-+++ qemu-1.7.0/linux-user/syscall.c
-@@ -400,7 +400,7 @@
- #endif
- #define __NR_sys_ppoll __NR_ppoll
- _syscall5(int, sys_ppoll, struct pollfd *, fds, nfds_t, nfds,
--          struct timespec *, timeout, const __sigset_t *, sigmask,
-+          struct timespec *, timeout, const sigset_t *, sigmask,
-           size_t, sigsetsize)
- #endif
- 

diff --git a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
deleted file mode 100644
index 26a012b..0000000
--- a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://bugs.gentoo.org/520688
-
-From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001
-From: Gonglei <arei.gonglei@huawei.com>
-Date: Wed, 20 Aug 2014 13:52:30 +0800
-Subject: [PATCH] pcihp: fix possible array out of bounds
-
-Prevent out-of-bounds array access on
-acpi_pcihp_pci_status.
-
-Signed-off-by: Gonglei <arei.gonglei@huawei.com>
-Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
----
- hw/acpi/pcihp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
-index fae663a..34dedf1 100644
---- a/hw/acpi/pcihp.c
-+++ b/hw/acpi/pcihp.c
-@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
-     uint32_t val = 0;
-     int bsel = s->hotplug_select;
- 
--    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-+    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-         return 0;
-     }
- 
--- 
-2.0.0
-

diff --git a/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch b/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch
deleted file mode 100644
index 451a968..0000000
--- a/app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-fix already in upstream
-
-From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Fri, 8 Aug 2014 09:40:25 +0900
-Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink
-
-The current code always returns the length of the path when it should
-be returning the number of bytes it wrote to the output string.
-
-Further, readlink is not supposed to append a NUL byte, but the current
-snprintf logic will always do just that.
-
-Even further, if you pass in a length of 0, you're suppoesd to get back
-an error (EINVAL), but the current logic just returns 0.
-
-Further still, if there was an error reading the symlink, we should not
-go ahead and try to read the target buffer as it is garbage.
-
-Simple test for the first two issues:
-$ cat test.c
-int main() {
-    char buf[50];
-    size_t len;
-    for (len = 0; len < 10; ++len) {
-        memset(buf, '!', sizeof(buf));
-        ssize_t ret = readlink("/proc/self/exe", buf, len);
-        buf[20] = '\0';
-        printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret);
-    }
-    return 0;
-}
-
-Now compare the output of the native:
-$ gcc test.c -o /tmp/x
-$ /tmp/x
-$ strace /tmp/x
-
-With what qemu does:
-$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static
-$ qemu-arm /tmp/x
-$ qemu-arm -strace /tmp/x
-
-Signed-off-by: Mike Frysinger <vapier@chromium.org>
-Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
----
- linux-user/syscall.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index fccf9f0..7c108ab 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
-             if (!p || !p2) {
-                 ret = -TARGET_EFAULT;
-+            } else if (!arg3) {
-+                /* Short circuit this for the magic exe check. */
-+                ret = -TARGET_EINVAL;
-             } else if (is_proc_myself((const char *)p, "exe")) {
-                 char real[PATH_MAX], *temp;
-                 temp = realpath(exec_path, real);
--                ret = temp == NULL ? get_errno(-1) : strlen(real) ;
--                snprintf((char *)p2, arg3, "%s", real);
-+                /* Return value is # of bytes that we wrote to the buffer. */
-+                if (temp == NULL) {
-+                    ret = get_errno(-1);
-+                } else {
-+                    /* Don't worry about sign mismatch as earlier mapping
-+                     * logic would have thrown a bad address error. */
-+                    ret = MIN(strlen(real), arg3);
-+                    /* We cannot NUL terminate the string. */
-+                    memcpy(p2, real, ret);
-+                }
-             } else {
-                 ret = get_errno(readlink(path(p), p2, arg3));
-             }
--- 
-2.0.0
-

diff --git a/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch b/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch
deleted file mode 100644
index 34f136f..0000000
--- a/app-emulation/qemu/files/qemu-2.1.2-vnc-sanitize-bits.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/527088
-
-From e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Mon Sep 17 00:00:00 2001
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Mon, 27 Oct 2014 12:41:44 +0100
-Subject: [PATCH] vnc: sanitize bits_per_pixel from the client
-
-bits_per_pixel that are less than 8 could result in accessing
-non-initialized buffers later in the code due to the expectation
-that bytes_per_pixel value that is used to initialize these buffers is
-never zero.
-
-To fix this check that bits_per_pixel from the client is one of the
-values that the rfb protocol specification allows.
-
-This is CVE-2014-7815.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-
-[ kraxel: apply codestyle fix ]
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- ui/vnc.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index 0fe6eff..8bca597 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs,
-         return;
-     }
- 
-+    switch (bits_per_pixel) {
-+    case 8:
-+    case 16:
-+    case 32:
-+        break;
-+    default:
-+        vnc_client_error(vs);
-+        return;
-+    }
-+
-     vs->client_pf.rmax = red_max;
-     vs->client_pf.rbits = hweight_long(red_max);
-     vs->client_pf.rshift = red_shift;
--- 
-2.1.2
-

diff --git a/app-emulation/qemu/files/qemu-9999-cflags.patch b/app-emulation/qemu/files/qemu-9999-cflags.patch
deleted file mode 100644
index 08a6c9f..0000000
--- a/app-emulation/qemu/files/qemu-9999-cflags.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/configure b/configure
-index 82f6e71..7e19aaf 100755
---- a/configure
-+++ b/configure
-@@ -3131,8 +3131,6 @@ fi
- if test "$gcov" = "yes" ; then
-   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
-   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$debug" = "no" ; then
--  CFLAGS="-O2 -D_FORTIFY_SOURCE=2 $CFLAGS"
- fi
- 
- 

diff --git a/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch b/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch
deleted file mode 100644
index f8a5249..0000000
--- a/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001
-From: Tim Comer <comer0@gmail.com>
-Date: Sat, 19 Apr 2014 12:51:42 -0400
-Subject: [PATCH] virtfs-proxy-helper: fix call to accept
-
-The current code calls accept() without initializing the size parameter
-which means the accept call might write too much to the stack.
-
-URL: https://bugs.gentoo.org/486714
-Signed-off-by: Tim Comer <comer0@gmail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- fsdev/virtfs-proxy-helper.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
-index bfecb87..cd291d3 100644
---- a/fsdev/virtfs-proxy-helper.c
-+++ b/fsdev/virtfs-proxy-helper.c
-@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid)
-         return -1;
-     }
- 
-+    size = sizeof(qemu);
-     client = accept(sock, (struct sockaddr *)&qemu, &size);
-     if (client < 0) {
-         do_perror("accept");
--- 
-1.9.2
-

diff --git a/app-emulation/qemu/qemu-2.1.2-r99.ebuild b/app-emulation/qemu/qemu-2.1.2-r99.ebuild
deleted file mode 100644
index 4a1c813..0000000
--- a/app-emulation/qemu/qemu-2.1.2-r99.ebuild
+++ /dev/null
@@ -1,600 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.2-r1.ebuild,v 1.4 2014/11/08 18:09:33 ago Exp $
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_6,2_7} )
-PYTHON_REQ_USE="ncurses,readline"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo pax-utils
-
-BACKPORTS=
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-	KEYWORDS=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
-	${BACKPORTS:+
-		http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
-	KEYWORDS="amd64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
-gtk infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
-static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
-virtfs +vnc xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 sparc32plus"
-
-use_targets="
-	$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-	$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-"
-IUSE+=" ${use_targets}"
-
-# Require at least one softmmu or user target.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="|| ( ${use_targets} )
-	${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk )
-	virtfs? ( xattr )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	infiniband? ( sys-infiniband/librdmacm[static-libs(+)] )
-	jpeg? ( virtual/jpeg[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	png? ( media-libs/libpng[static-libs(+)] )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	tls? ( net-libs/gnutls[static-libs(+)] )
-	usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
-	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.7.5
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="!static-softmmu? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} )
-	!static-user? ( ${USER_LIB_DEPEND//\[static-libs(+)]} )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	accessibility? ( app-accessibility/brltty )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	gtk? (
-		x11-libs/gtk+:3
-		x11-libs/vte:2.90
-	)
-	iscsi? ( net-libs/libiscsi )
-	opengl? ( virtual/opengl )
-	pulseaudio? ( media-sound/pulseaudio )
-	python? ( ${PYTHON_DEPS} )
-	sdl? ( media-libs/libsdl[X] )
-	smartcard? ( dev-libs/nss !app-emulation/libcacard )
-	spice? ( >=app-emulation/spice-protocol-0.12.3 )
-	systemtap? ( dev-util/systemtap )
-	usbredir? ( >=sys-apps/usbredir-0.6 )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
-	static-user? ( ${USER_LIB_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'\n
-For Intel CPUs the module is called 'kvm-intel'\n
-Please review /etc/conf.d/modules for how to load these\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-src_prepare() {
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	# Cheap hack to disable gettext .mo generation.
-	use nls || rm -f po/*.po
-
-	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch
-	epatch "${FILESDIR}"/${PN}-2.1.2-vnc-sanitize-bits.patch #527088
-	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch #for musl
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch #for musl
-	[[ -n ${BACKPORTS} ]] && \
-		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
-			epatch
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir=$2
-	local static_flag="static-${buildtype}"
-
-	# audio options
-	local audio_opts="oss"
-	use alsa && audio_opts="alsa,${audio_opts}"
-	use sdl && audio_opts="sdl,${audio_opts}"
-	use pulseaudio && audio_opts="pa,${audio_opts}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl glx)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard smartcard-nss)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu tls quorum)
-		$(conf_softmmu tls vnc-tls)
-		$(conf_softmmu tls vnc-ws)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu uuid)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--target-list="${user_targets}"
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--target-list="${softmmu_targets}"
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=3.0 )
-		;;
-	esac
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	einfo "./configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_export_best
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	[[ -n ${softmmu_targets} ]] && \
-		einfo "Building the following softmmu targets: ${softmmu_targets}"
-
-	[[ -n ${user_targets} ]] && \
-		einfo "Building the following user targets: ${user_targets}"
-
-	if [[ -n ${softmmu_targets} ]]; then
-		mkdir "${S}/softmmu-build"
-		qemu_src_configure "softmmu" "${S}/softmmu-build"
-	fi
-
-	if [[ -n ${user_targets} ]]; then
-		mkdir "${S}/user-build"
-		qemu_src_configure "user" "${S}/user-build"
-	fi
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/kvm_stat"
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp/*.txt
-
-	# Remove SeaBIOS since we're using the SeaBIOS packaged one
-	rm "${ED}/usr/share/qemu/bios.bin"
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-	fi
-
-	# Remove vgabios since we're using the vgabios packaged one
-	if [[ -n ${softmmu_targets} ]]; then
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-		ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
-		ewarn "save states has been removed starting with the 1.6.2 release"
-		ewarn
-		ewarn "It is recommended that you migrate any VMs that may be running"
-		ewarn "on qemu-kvm to a host with a newer qemu and regenerate"
-		ewarn "any saved states with a newer qemu."
-		ewarn
-		ewarn "qemu-kvm was the primary qemu provider in Gentoo through 1.2.x"
-
-		if use x86 || use amd64; then
-			ewarn
-			ewarn "The /usr/bin/kvm and /usr/bin/qemu-kvm wrappers are no longer"
-			ewarn "installed.  In order to use kvm acceleration, pass the flag"
-			ewarn "-enable-kvm when running your system target."
-		fi
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-	if use virtfs && [ -n "${softmmu_targets}" ]; then
-		local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
-		fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version sys-firmware/seabios[binary]; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-10-01 19:38 Felix Janda
  0 siblings, 0 replies; 19+ messages in thread
From: Felix Janda @ 2016-10-01 19:38 UTC (permalink / raw
  To: gentoo-commits

commit:     8308b5d857fa865e06de75451acbe5c2bc359cf2
Author:     Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Fri Sep 30 00:07:37 2016 +0000
Commit:     Felix Janda <felix.janda <AT> posteo <DOT> de>
CommitDate: Sat Oct  1 19:35:26 2016 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=8308b5d8

app-emulation/qemu: bump to 2.7.0

 app-emulation/qemu/Manifest                        |  25 +--
 .../qemu/files/qemu-2.2.0-_sigev_un.patch          |   5 +-
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch      |  46 ------
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch     |  98 -----------
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch     | 135 ----------------
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch     | 155 ------------------
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch     | 179 ---------------------
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch      | 107 ------------
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch      |  16 --
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 ------
 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  |  82 ----------
 .../qemu/files/qemu-2.7.0-CVE-2016-6836.patch      |  27 ++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch      |  81 ++++++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch      |  62 +++++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch    |  28 ++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch    |  27 ++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7170.patch      |  40 +++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7421.patch      |  34 ++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch      |  38 +++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch      |  31 ++++
 .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch      |  26 +++
 ...qemu-2.5.1-r99.ebuild => qemu-2.7.0-r99.ebuild} |  46 +++---
 22 files changed, 433 insertions(+), 902 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 5d10f94..1eb09a6 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,20 +2,21 @@ AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd50070
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
-AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
-AUX qemu-2.5.0-CVE-2016-2198.patch 1540 SHA256 0d6d81a27ffac1af7c478a050aa690eb007cf9735a1a0c4b398eabeb990d5ab4 SHA512 b0b3131bb2b9b2d3f2a3f3286eeb92b527f0d3366e657cf8bcbabc6426b57893936c5a8ef66697ad1014b4525c09fa4d067195600f96ab2b005fd52b6e77d9a4 WHIRLPOOL f5c56b87f934c573fc71169fcded579b9917285fbfff59fd9288011775f482ead2ac09e1399f325e826305fab2f7bc2cd21d333711c526c1658a069a5ee93491
+AUX qemu-2.2.0-_sigev_un.patch 465 SHA256 4d5a1359a1bc25f1f8dcb7f021efc235b9c8f2535258ca65706c5fde15946ebe SHA512 af90b8dcd8b14716df6270436ae1d77c998a04547bf17f961b2d9a594d1abfb573ca25283a633de6bcd3a81a778b88a4c7950dbd39c23ee35191626da14eb802 WHIRLPOOL cf40379cd0c9f3a8f89823a6d9415666a99885711bdde44067d4a3a082a9b33efbe69279c0782b2e84b7586389e82845dd30668240f236266f61ba447abb8241
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
-AUX qemu-2.5.0-rng-stack-corrupt-0.patch 3125 SHA256 164b155db78a9291b9f8dea71a16b5779e1a9d382a8cb0f5ff380d1f2d811cef SHA512 7da544873dbefbbc7a2ed69bd7cca0053bfe71ef7f5c2faf12cb5dc6e07b8d9104e5bcf329b3355e886edc5805509623234c9fe8fb536544d6285b04ccc59919 WHIRLPOOL f076264ce4bae5be2f34e006e3e4dcc20042313cb6da4977b61529c3100e835952807738d53a86967f98abad68eba1c8dcbb6a04af162b048399e059b5eb9d6b
-AUX qemu-2.5.0-rng-stack-corrupt-1.patch 4110 SHA256 16966eb20072a5d16fec46e5959e32708342af9a7266fe4a90a0abaf68af3529 SHA512 530d6a5f9b6795013bbe197cf0a0d7eddfb06d18c0f8410bcf5bcc2d32c4b72c325b8b0ade2c517bd305fcbdab03124cc527d24d73ce767daf51de65d00920c8 WHIRLPOOL c0b653c67993c6c6ed282f0c86099c8c80a241f10e23ef3fd8e33c6d86fbb5553049550e83954cfc6d3576735c4ce28099f813917966c0a05c84bb46a6bee413
-AUX qemu-2.5.0-rng-stack-corrupt-2.patch 4601 SHA256 c2b4e1ee8ee4bb2f4d42012a847c1da83a9e2349238d37bba1a3b9c440957f7f SHA512 ba299d07c7382f39f177f8094594daf131727d3d28633b426064f7cc6bf75d19b1ae78db248fc70ddbdb43fd2a6b0c5ed7793e6f42aba2763cdb4c12d6816c54 WHIRLPOOL 62b6ab75c32574a4c53193d82c7f51efdaa4789154c2d2f9acee7ede240d2920d92e31dfead7edc17aa12f938919143ce049d2c9ef9733baccc27d382506437f
-AUX qemu-2.5.0-rng-stack-corrupt-3.patch 5519 SHA256 5a3c2ed59bc30f395aee5cd0b77cdb06d868386e5bbe1b392169f8d96ae9474a SHA512 f62713130d3b989b274476a4cc2eafb95dc41de4723fe475e454132817a159eb729bbbe5a29aee755715100095670107c5762271184252e9d0cd43c4b25bc5d1 WHIRLPOOL f8e4aa90b90b03dd6e4dd68734cb16ee5f59a9585697ef3c48e7e861968798cb3c66018ad5a788f99b99e9fddab2ae83d977ec4b1a8599596a5ce03286726e3e
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
-AUX qemu-2.5.1-CVE-2015-8558.patch 3237 SHA256 3320c5624a33076b36f39566a4c3bbe5f95adae44207512d791175bcfc3959ff SHA512 c6ea0ca7d0ea221e9704001d26dae143861463ec45c7a543f041520874dd6e3a2d4bdb6d1eca25097f265aa2a1600858c9908b59cdd640007ab057cf7b86083f WHIRLPOOL 0c3c683a79f68ab3073a3b5e6afe2b6184d66254bd8278e131d5aa199ff51d52e5b186521ff8799345b1f1977afc112550e1a7d4b684b2a3267e9caddd0f1576
-AUX qemu-2.5.1-CVE-2016-4020.patch 567 SHA256 6c8e933593cfbedc98de81bf01e394d1ca1d016109fcc81e91f6472d2092b1a0 SHA512 90ac43329cbbcc0451470e010a1a1bd32ef8891c1f2d7d7e54e870e740c77ea8dfdec30989d586aaea250de6ca294504bf7e88818bf35e3269cf528ea3e50ce5 WHIRLPOOL 7ea7c7af1f2a3f11bc5bfe7b708021bbcb03c00d354a733c0fad14193110559cd1561939bd5bb6597a84bc01e74a914ef9dc51f28c522473b424919edc17cdb3
-AUX qemu-2.5.1-stellaris_enet-overflow.patch 1569 SHA256 5d20aef8139068eeb63c167856c8f0004e8761227d9bb1fd67240c4b922f704a SHA512 92c015af82eb92bf5f6f4d6fd86b402636a61f0ac9572cc2f002d4c795ce133f7858a38336fd5f4a25c7157dea969d288bb73f00d9a8b3b8f517ba2aea6e4ba8 WHIRLPOOL 94c49f8f78864ac3da247b569d2afc2ee0d801482a00117a7898fb396440118ef3bc54e1b61023496184f37404c893a1ef7725ce6ca9a27ca596cdf38e747603
-AUX qemu-2.5.1-xfs-linux-headers.patch 2634 SHA256 ca1eb8d4593d794541f375cb1425861e145aa036d440b9d29c4cb7b5102d018b SHA512 88b8a6178893e3354d90ad1a7cfc370fc05ffd2e3ea7c9cc8aeda9e129ea93d45838b5816afb46c0594886fbb129e3665a738f4c195183b843caedc0302530c0 WHIRLPOOL 193f1b89710ecbbb5b645a59ac6f3b7bad8191cc3228bad0427cb80c54e1b55d11d25abe1f59173b9669452f57a52f830d074bb106bdc3c05b6659826a4d561d
+AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82
+AUX qemu-2.7.0-CVE-2016-7155.patch 2745 SHA256 addf638a53bfae8556e463e0b78a151eef0fdf171eb395a98dbdf0332ff74131 SHA512 96e9df733c5227899da7d2ecc346139df9830dd16fc16f1f14666f8be60205a43f434fd79e158c2000926656ffa137809f1cb3c57a04cb375011f816e92e2f4b WHIRLPOOL c04c0dda417a70e4acb289c6b296da93f3eb8e51f7cfad62351b7235512e04714fdc169a87f4cbf1ef82bfc6decc8ebb5b3958f23d001795c9ebcd08369185a3
+AUX qemu-2.7.0-CVE-2016-7156.patch 2314 SHA256 7fa0d7f1025a3435b692a6e7ed8fa3be38a918395a8253e8c27f416ff37e041d SHA512 db3009fdf6d85ffd24fd4a2a40b372b0e665274bba1ce01632aef0d583f2830b58f889166a34acd36409944ab3f7e264801bf89a78f55a586b5f43429a1c86dc WHIRLPOOL ce8101b7607612ed7b9c6fbe373f9b5dec07e0ea8af0b4be8e52b4add5dd0ba12c9e5eb7380d68e3d3867988e0cfc1bdd1e8357ce2b71ef19f51e316fac62161
+AUX qemu-2.7.0-CVE-2016-7157-1.patch 888 SHA256 7a1f6199b16c220df51002e1222763d1a7c7b3a08349f664e576a9facc553516 SHA512 5c104464dfa48804d94ccca9a9d881f9e22eba2c3d9a2cbf3a645c3a696e89ea3f4603ea28deba9a1cd800df9bc5ad4894606869eca3e1e9cf95414723846938 WHIRLPOOL af42ec7ca93c92c4df060b4efd61bcc3f7cb5582d00bfe174d81f2393ad3a7f06e27cc2b2186f664860c3ee98f76dd68cd7e6de7ff7e63b778f345c32a62b495
+AUX qemu-2.7.0-CVE-2016-7157-2.patch 812 SHA256 1db3b565b4762abbc1096286c9887400591af76bf422a105e457c6bdcb887b59 SHA512 8d2177adc638d384302ec89de65a0acd4f4069580c40d6c50cb78501f25f4d171f3b92a36464711337e07dbf208f9ad93eb2f86a7361dde52026c1764341e10d WHIRLPOOL e815e165bb23cd42aaba2310e3fa48bba33b0344069e6f54c4b26dddad746516053221969fad855d6c827d42371494c609123b002e1e2a96c366d11131b3243a
+AUX qemu-2.7.0-CVE-2016-7170.patch 1527 SHA256 37d600b5a4ba143f1d6b26acbcf23357fa41a5f852774f68b6b6736a6ecec024 SHA512 c84494ec4ee9607cef7b230a25d10de444a29fecba57566df5394d40b88596ef91fbd5edfb51a58c5ecff7fa7ef39b7d32ba7976dbd011fb1b29a2e46e4e0080 WHIRLPOOL ddd3d94da447556b24257c11068bef360da6cf35e22257869b09057f42ba027636e605db96d9a66253f423f5667814a1f8c551f8eece733fd997b03d6ac81e2b
+AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a51a0aa39f64b003a636f68dacef19db SHA512 51d07015e27e4dfbde2c3ffa37d91134374b49c136735845c34155238767483ede8bbc7232ea93b4e4cbcc28195cbe1986d44ac0dd96e914ec29df3a1da9dfcc WHIRLPOOL a4e27d329591b2a3b94a7abed81df1f87509f5a38beb490d7a4ca7c14df2a864f4126c26fc044bb4357467b0f9ed0ca5811d5e85812e318adcb3236c30bef7a1
+AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9
+AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd
+AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b
 AUX qemu-binfmt.initd-r1 6910 SHA256 2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512 09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e WHIRLPOOL 983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
 AUX qemu-kvm-1.4 68 SHA256 8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512 706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120 WHIRLPOOL ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
-DIST qemu-2.5.1.tar.bz2 25464539 SHA256 028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f WHIRLPOOL 32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf
-EBUILD qemu-2.5.1-r99.ebuild 21104 SHA256 92637c4d36984ff78616a2ca9a1952d453f035608357b2f212cddc4b98bed5de SHA512 0dd1b5d37448371604efb213894bfde17ab08d234affc675dc2474ba395e4b854071711304c30be4a405ed98d6cb2be7f107958487080cd8dbeb15fada2da9f8 WHIRLPOOL cc8ed2d2140b669da67d8a5f15b93651638848f77b853d11b7e235ba37b75d945076266798fff1ccf8d74ba16113cbead260b10e9c8aaed03c07fb5d9d1f1ce3
+DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
+EBUILD qemu-2.7.0-r99.ebuild 21332 SHA256 a6d13be36bb59bf53727dba5fe1dd5f397652531d339cf622acd15aef6cd482f SHA512 fd1ef102a4b7d4554a2b864d321419413b967f9f585031f74c600dc350db541588fa98a150329aa1134dbc761933484a2ce2e14979c096fe076cf92f7bdfedee WHIRLPOOL 50e36b66bfd83516ce4003681bcba2327da80c679aad3ab658007a87652c22f7e584eb4fb5d635b570096243abd361075c6c8e35197c2e9bbed34a4d7353537c
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
index 5827c2e..588291c 100644
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
+++ b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
@@ -1,6 +1,5 @@
-diff -ur a/qemu-2.2.0/linux-user/syscall.c b/qemu-2.2.0/linux-user/syscall.c
---- a/qemu-2.2.0/linux-user/syscall.c	2014-12-09 15:45:43.000000000 -0100
-+++ b/qemu-2.2.0/linux-user/syscall.c	2015-03-16 19:09:49.050386155 -0100
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
 @@ -5033,7 +5033,7 @@
      host_sevp->sigev_signo =
          target_to_host_signal(tswap32(target_sevp->sigev_signo));

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
deleted file mode 100644
index d179c33..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 29 Jan 2016 18:30:34 +0530
-Subject: [PATCH] usb: ehci: add capability mmio write function
-
-USB Ehci emulation supports host controller capability registers.
-But its mmio '.write' function was missing, which lead to a null
-pointer dereference issue. Add a do nothing 'ehci_caps_write'
-definition to avoid it; Do nothing because capability registers
-are Read Only(RO).
-
-Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 1b50601..0f95d0d 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
-     return s->caps[addr];
- }
- 
-+static void ehci_caps_write(void *ptr, hwaddr addr,
-+                             uint64_t val, unsigned size)
-+{
-+}
-+
- static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
-                                 unsigned size)
- {
-@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
- 
- static const MemoryRegionOps ehci_mmio_caps_ops = {
-     .read = ehci_caps_read,
-+    .write = ehci_caps_write,
-     .valid.min_access_size = 1,
-     .valid.max_access_size = 4,
-     .impl.min_access_size = 1,
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
deleted file mode 100644
index 684f6ad..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:15 +0100
-Subject: [PATCH] rng: remove the unused request cancellation code
-
-rng_backend_cancel_requests had no callers and none of the code
-deleted in this commit ever ran.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-2-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 12 ------------
- backends/rng.c       |  9 ---------
- include/sysemu/rng.h | 11 -----------
- 3 files changed, 32 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 2de5cd5..0b2976a 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -125,17 +125,6 @@ static void rng_egd_free_requests(RngEgd *s)
-     s->requests = NULL;
- }
- 
--static void rng_egd_cancel_requests(RngBackend *b)
--{
--    RngEgd *s = RNG_EGD(b);
--
--    /* We simply delete the list of pending requests.  If there is data in the 
--     * queue waiting to be read, this is okay, because there will always be
--     * more data than we requested originally
--     */
--    rng_egd_free_requests(s);
--}
--
- static void rng_egd_opened(RngBackend *b, Error **errp)
- {
-     RngEgd *s = RNG_EGD(b);
-@@ -213,7 +202,6 @@ static void rng_egd_class_init(ObjectClass *klass, void *data)
-     RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
- 
-     rbc->request_entropy = rng_egd_request_entropy;
--    rbc->cancel_requests = rng_egd_cancel_requests;
-     rbc->opened = rng_egd_opened;
- }
- 
-diff --git a/backends/rng.c b/backends/rng.c
-index b7820ef..2f2f3ee 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -26,15 +26,6 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
-     }
- }
- 
--void rng_backend_cancel_requests(RngBackend *s)
--{
--    RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
--
--    if (k->cancel_requests) {
--        k->cancel_requests(s);
--    }
--}
--
- static bool rng_backend_prop_get_opened(Object *obj, Error **errp)
- {
-     RngBackend *s = RNG_BACKEND(obj);
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 858be8c..87b3ebe 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -37,7 +37,6 @@ struct RngBackendClass
- 
-     void (*request_entropy)(RngBackend *s, size_t size,
-                             EntropyReceiveFunc *receive_entropy, void *opaque);
--    void (*cancel_requests)(RngBackend *s);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
-@@ -68,14 +67,4 @@ struct RngBackend
- void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  EntropyReceiveFunc *receive_entropy,
-                                  void *opaque);
--
--/**
-- * rng_backend_cancel_requests:
-- * @s: the backend to cancel all pending requests in
-- *
-- * Cancels all pending requests submitted by @rng_backend_request_entropy.  This
-- * should be used by a device during reset or in preparation for live migration
-- * to stop tracking any request.
-- */
--void rng_backend_cancel_requests(RngBackend *s);
- #endif
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
deleted file mode 100644
index 44ba8a7..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 74074e8a7c60592cf1cc6469dbc2550d24aeded3 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:16 +0100
-Subject: [PATCH] rng: move request queue from RngEgd to RngBackend
-
-The 'requests' field now lives in the RngBackend parent class.
-There are no functional changes in this commit.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-3-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 28 +++++++++-------------------
- include/sysemu/rng.h | 11 +++++++++++
- 2 files changed, 20 insertions(+), 19 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 0b2976a..b061362 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -25,19 +25,8 @@ typedef struct RngEgd
- 
-     CharDriverState *chr;
-     char *chr_name;
--
--    GSList *requests;
- } RngEgd;
- 
--typedef struct RngRequest
--{
--    EntropyReceiveFunc *receive_entropy;
--    uint8_t *data;
--    void *opaque;
--    size_t offset;
--    size_t size;
--} RngRequest;
--
- static void rng_egd_request_entropy(RngBackend *b, size_t size,
-                                     EntropyReceiveFunc *receive_entropy,
-                                     void *opaque)
-@@ -66,7 +55,7 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
-         size -= len;
-     }
- 
--    s->requests = g_slist_append(s->requests, req);
-+    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static void rng_egd_free_request(RngRequest *req)
-@@ -81,7 +70,7 @@ static int rng_egd_chr_can_read(void *opaque)
-     GSList *i;
-     int size = 0;
- 
--    for (i = s->requests; i; i = i->next) {
-+    for (i = s->parent.requests; i; i = i->next) {
-         RngRequest *req = i->data;
-         size += req->size - req->offset;
-     }
-@@ -94,8 +83,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-     RngEgd *s = RNG_EGD(opaque);
-     size_t buf_offset = 0;
- 
--    while (size > 0 && s->requests) {
--        RngRequest *req = s->requests->data;
-+    while (size > 0 && s->parent.requests) {
-+        RngRequest *req = s->parent.requests->data;
-         int len = MIN(size, req->size - req->offset);
- 
-         memcpy(req->data + req->offset, buf + buf_offset, len);
-@@ -104,7 +93,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-         size -= len;
- 
-         if (req->offset == req->size) {
--            s->requests = g_slist_remove_link(s->requests, s->requests);
-+            s->parent.requests = g_slist_remove_link(s->parent.requests,
-+                                                     s->parent.requests);
- 
-             req->receive_entropy(req->opaque, req->data, req->size);
- 
-@@ -117,12 +107,12 @@ static void rng_egd_free_requests(RngEgd *s)
- {
-     GSList *i;
- 
--    for (i = s->requests; i; i = i->next) {
-+    for (i = s->parent.requests; i; i = i->next) {
-         rng_egd_free_request(i->data);
-     }
- 
--    g_slist_free(s->requests);
--    s->requests = NULL;
-+    g_slist_free(s->parent.requests);
-+    s->parent.requests = NULL;
- }
- 
- static void rng_egd_opened(RngBackend *b, Error **errp)
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 87b3ebe..c744d82 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -24,6 +24,7 @@
- #define RNG_BACKEND_CLASS(klass) \
-     OBJECT_CLASS_CHECK(RngBackendClass, (klass), TYPE_RNG_BACKEND)
- 
-+typedef struct RngRequest RngRequest;
- typedef struct RngBackendClass RngBackendClass;
- typedef struct RngBackend RngBackend;
- 
-@@ -31,6 +32,15 @@ typedef void (EntropyReceiveFunc)(void *opaque,
-                                   const void *data,
-                                   size_t size);
- 
-+struct RngRequest
-+{
-+    EntropyReceiveFunc *receive_entropy;
-+    uint8_t *data;
-+    void *opaque;
-+    size_t offset;
-+    size_t size;
-+};
-+
- struct RngBackendClass
- {
-     ObjectClass parent_class;
-@@ -47,6 +57,7 @@ struct RngBackend
- 
-     /*< protected >*/
-     bool opened;
-+    GSList *requests;
- };
- 
- /**
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
deleted file mode 100644
index 1cffcc5..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:17 +0100
-Subject: [PATCH] rng: move request queue cleanup from RngEgd to RngBackend
-
-RngBackend is now in charge of cleaning up the linked list on
-instance finalization. It also exposes a function to finalize
-individual RngRequest instances, called by its child classes.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-4-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 25 +------------------------
- backends/rng.c       | 32 ++++++++++++++++++++++++++++++++
- include/sysemu/rng.h | 12 ++++++++++++
- 3 files changed, 45 insertions(+), 24 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index b061362..8f2bd16 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -58,12 +58,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
-     s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
--static void rng_egd_free_request(RngRequest *req)
--{
--    g_free(req->data);
--    g_free(req);
--}
--
- static int rng_egd_chr_can_read(void *opaque)
- {
-     RngEgd *s = RNG_EGD(opaque);
-@@ -93,28 +87,13 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-         size -= len;
- 
-         if (req->offset == req->size) {
--            s->parent.requests = g_slist_remove_link(s->parent.requests,
--                                                     s->parent.requests);
--
-             req->receive_entropy(req->opaque, req->data, req->size);
- 
--            rng_egd_free_request(req);
-+            rng_backend_finalize_request(&s->parent, req);
-         }
-     }
- }
- 
--static void rng_egd_free_requests(RngEgd *s)
--{
--    GSList *i;
--
--    for (i = s->parent.requests; i; i = i->next) {
--        rng_egd_free_request(i->data);
--    }
--
--    g_slist_free(s->parent.requests);
--    s->parent.requests = NULL;
--}
--
- static void rng_egd_opened(RngBackend *b, Error **errp)
- {
-     RngEgd *s = RNG_EGD(b);
-@@ -183,8 +162,6 @@ static void rng_egd_finalize(Object *obj)
-     }
- 
-     g_free(s->chr_name);
--
--    rng_egd_free_requests(s);
- }
- 
- static void rng_egd_class_init(ObjectClass *klass, void *data)
-diff --git a/backends/rng.c b/backends/rng.c
-index 2f2f3ee..014cb9d 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -64,6 +64,30 @@ static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp)
-     s->opened = true;
- }
- 
-+static void rng_backend_free_request(RngRequest *req)
-+{
-+    g_free(req->data);
-+    g_free(req);
-+}
-+
-+static void rng_backend_free_requests(RngBackend *s)
-+{
-+    GSList *i;
-+
-+    for (i = s->requests; i; i = i->next) {
-+        rng_backend_free_request(i->data);
-+    }
-+
-+    g_slist_free(s->requests);
-+    s->requests = NULL;
-+}
-+
-+void rng_backend_finalize_request(RngBackend *s, RngRequest *req)
-+{
-+    s->requests = g_slist_remove(s->requests, req);
-+    rng_backend_free_request(req);
-+}
-+
- static void rng_backend_init(Object *obj)
- {
-     object_property_add_bool(obj, "opened",
-@@ -72,6 +96,13 @@ static void rng_backend_init(Object *obj)
-                              NULL);
- }
- 
-+static void rng_backend_finalize(Object *obj)
-+{
-+    RngBackend *s = RNG_BACKEND(obj);
-+
-+    rng_backend_free_requests(s);
-+}
-+
- static void rng_backend_class_init(ObjectClass *oc, void *data)
- {
-     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
-@@ -84,6 +115,7 @@ static const TypeInfo rng_backend_info = {
-     .parent = TYPE_OBJECT,
-     .instance_size = sizeof(RngBackend),
-     .instance_init = rng_backend_init,
-+    .instance_finalize = rng_backend_finalize,
-     .class_size = sizeof(RngBackendClass),
-     .class_init = rng_backend_class_init,
-     .abstract = true,
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index c744d82..08a2eda 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -78,4 +79,15 @@ struct RngBackend
- void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  EntropyReceiveFunc *receive_entropy,
-                                  void *opaque);
-+
-+/**
-+ * rng_backend_free_request:
-+ * @s: the backend that created the request
-+ * @req: the request to finalize
-+ *
-+ * Used by child rng backend classes to finalize requests once they've been
-+ * processed. The request is removed from the list of active requests and
-+ * deleted.
-+ */
-+void rng_backend_finalize_request(RngBackend *s, RngRequest *req);
- #endif
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
deleted file mode 100644
index ca9340a..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:18 +0100
-Subject: [PATCH] rng: add request queue support to rng-random
-
-Requests are now created in the RngBackend parent class and the
-code path is shared by both rng-egd and rng-random.
-
-This commit fixes the rng-random implementation which processed
-only one request at a time and simply discarded all but the most
-recent one. In the guest this manifested as delayed completion
-of reads from virtio-rng, i.e. a read was completed only after
-another read was issued.
-
-By switching rng-random to use the same request queue as rng-egd,
-the unsafe stack-based allocation of the entropy buffer is
-eliminated and replaced with g_malloc.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c    | 16 ++--------------
- backends/rng-random.c | 43 +++++++++++++++++++------------------------
- backends/rng.c        | 13 ++++++++++++-
- include/sysemu/rng.h  |  3 +--
- 4 files changed, 34 insertions(+), 41 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 8f2bd16..30332ed 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -27,20 +27,10 @@ typedef struct RngEgd
-     char *chr_name;
- } RngEgd;
- 
--static void rng_egd_request_entropy(RngBackend *b, size_t size,
--                                    EntropyReceiveFunc *receive_entropy,
--                                    void *opaque)
-+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RngEgd *s = RNG_EGD(b);
--    RngRequest *req;
--
--    req = g_malloc(sizeof(*req));
--
--    req->offset = 0;
--    req->size = size;
--    req->receive_entropy = receive_entropy;
--    req->opaque = opaque;
--    req->data = g_malloc(req->size);
-+    size_t size = req->size;
- 
-     while (size > 0) {
-         uint8_t header[2];
-@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
- 
-         size -= len;
-     }
--
--    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static int rng_egd_chr_can_read(void *opaque)
-diff --git a/backends/rng-random.c b/backends/rng-random.c
-index 8cdad6a..a6cb385 100644
---- a/backends/rng-random.c
-+++ b/backends/rng-random.c
-@@ -22,10 +22,6 @@ struct RndRandom
- 
-     int fd;
-     char *filename;
--
--    EntropyReceiveFunc *receive_func;
--    void *opaque;
--    size_t size;
- };
- 
- /**
-@@ -38,36 +34,35 @@ struct RndRandom
- static void entropy_available(void *opaque)
- {
-     RndRandom *s = RNG_RANDOM(opaque);
--    uint8_t buffer[s->size];
--    ssize_t len;
- 
--    len = read(s->fd, buffer, s->size);
--    if (len < 0 && errno == EAGAIN) {
--        return;
--    }
--    g_assert(len != -1);
-+    while (s->parent.requests != NULL) {
-+        RngRequest *req = s->parent.requests->data;
-+        ssize_t len;
-+
-+        len = read(s->fd, req->data, req->size);
-+        if (len < 0 && errno == EAGAIN) {
-+            return;
-+        }
-+        g_assert(len != -1);
- 
--    s->receive_func(s->opaque, buffer, len);
--    s->receive_func = NULL;
-+        req->receive_entropy(req->opaque, req->data, len);
- 
-+        rng_backend_finalize_request(&s->parent, req);
-+    }
-+
-+    /* We've drained all requests, the fd handler can be reset. */
-     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
- }
- 
--static void rng_random_request_entropy(RngBackend *b, size_t size,
--                                        EntropyReceiveFunc *receive_entropy,
--                                        void *opaque)
-+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RndRandom *s = RNG_RANDOM(b);
- 
--    if (s->receive_func) {
--        s->receive_func(s->opaque, NULL, 0);
-+    if (s->parent.requests == NULL) {
-+        /* If there are no pending requests yet, we need to
-+         * install our fd handler. */
-+        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
-     }
--
--    s->receive_func = receive_entropy;
--    s->opaque = opaque;
--    s->size = size;
--
--    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
- }
- 
- static void rng_random_opened(RngBackend *b, Error **errp)
-diff --git a/backends/rng.c b/backends/rng.c
-index 014cb9d..277a41b 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  void *opaque)
- {
-     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
-+    RngRequest *req;
- 
-     if (k->request_entropy) {
--        k->request_entropy(s, size, receive_entropy, opaque);
-+        req = g_malloc(sizeof(*req));
-+
-+        req->offset = 0;
-+        req->size = size;
-+        req->receive_entropy = receive_entropy;
-+        req->opaque = opaque;
-+        req->data = g_malloc(req->size);
-+
-+        k->request_entropy(s, req);
-+
-+        s->requests = g_slist_append(s->requests, req);
-     }
- }
- 
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 08a2eda..4fffd68 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -45,8 +45,7 @@ struct RngBackendClass
- {
-     ObjectClass parent_class;
- 
--    void (*request_entropy)(RngBackend *s, size_t size,
--                            EntropyReceiveFunc *receive_entropy, void *opaque);
-+    void (*request_entropy)(RngBackend *s, RngRequest *req);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
deleted file mode 100644
index cf1a4c3..0000000
--- a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-https://bugs.gentoo.org/580426
-https://bugs.gentoo.org/568246
-
-From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 18 Apr 2016 09:20:54 +0200
-Subject: [PATCH] Revert "ehci: make idt processing more robust"
-
-This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
-
-Breaks FreeBSD.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index d5c0e1c..43a8f7a 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
- {
-     USBDevice *dev;
-     USBEndpoint *ep;
--    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
-+    uint32_t i, len, pid, dir, devaddr, endp;
-     uint32_t pg, off, ptr1, ptr2, max, mult;
- 
-     ehci->periodic_sched_active = PERIODIC_ACTIVE;
-@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
-                 ehci_raise_irq(ehci, USBSTS_INT);
-             }
-             itd->transact[i] &= ~ITD_XACT_ACTIVE;
--            xfers++;
-         }
-     }
--    return xfers ? 0 : -1;
-+    return 0;
- }
- 
- 
--- 
-2.7.4
-
-From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 18 Apr 2016 09:11:38 +0200
-Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
-DoS by the guest (create a circular iTD queue and let qemu ehci
-emulation run in circles forever).  Unfortunately this has two problems:
-First it misses the case of siTDs, and second it reportedly breaks
-FreeBSD.
-
-So lets go for a different approach: just count the number of iTDs and
-siTDs we have seen per frame and apply a limit.  That should really
-catch all cases now.
-
-Reported-by: 杜少博 <dushaobo@360.cn>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 159f58d..d5c0e1c 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
- static void ehci_advance_state(EHCIState *ehci, int async)
- {
-     EHCIQueue *q = NULL;
-+    int itd_count = 0;
-     int again;
- 
-     do {
-@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
- 
-         case EST_FETCHITD:
-             again = ehci_state_fetchitd(ehci, async);
-+            itd_count++;
-             break;
- 
-         case EST_FETCHSITD:
-             again = ehci_state_fetchsitd(ehci, async);
-+            itd_count++;
-             break;
- 
-         case EST_ADVANCEQUEUE:
-@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
-             break;
-         }
- 
--        if (again < 0) {
-+        if (again < 0 || itd_count > 16) {
-+            /* TODO: notify guest (raise HSE irq?) */
-             fprintf(stderr, "processing error - resetting ehci HC\n");
-             ehci_reset(ehci);
-             again = 0;
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
deleted file mode 100644
index e3115c1..0000000
--- a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
-https://bugs.gentoo.org/580040
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index c69f374..ff1e31a 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
-     CPUX86State *env = &cpu->env;
-     VAPICHandlers *handlers;
-     uint8_t opcode[2];
--    uint32_t imm32;
-+    uint32_t imm32 = 0;
-     target_ulong current_pc = 0;
-     target_ulong current_cs_base = 0;
-     int current_flags = 0;

diff --git a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
deleted file mode 100644
index ab7d3f3..0000000
--- a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 8 Apr 2016 11:33:48 +0530
-Subject: [PATCH] net: stellaris_enet: check packet length against receive
- buffer
-
-When receiving packets over Stellaris ethernet controller, it
-uses receive buffer of size 2048 bytes. In case the controller
-accepts large(MTU) packets, it could lead to memory corruption.
-Add check to avoid it.
-
-Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/net/stellaris_enet.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
-index 84cf60b..6880894 100644
---- a/hw/net/stellaris_enet.c
-+++ b/hw/net/stellaris_enet.c
-@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
-     n = s->next_packet + s->np;
-     if (n >= 31)
-         n -= 31;
--    s->np++;
- 
-+    if (size >= sizeof(s->rx[n].data) - 6) {
-+        /* If the packet won't fit into the
-+         * emulated 2K RAM, this is reported
-+         * as a FIFO overrun error.
-+         */
-+        s->ris |= SE_INT_FOV;
-+        stellaris_enet_update(s);
-+        return -1;
-+    }
-+
-+    s->np++;
-     s->rx[n].len = size + 6;
-     p = s->rx[n].data;
-     *(p++) = (size + 6);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
deleted file mode 100644
index 743171b..0000000
--- a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-https://bugs.gentoo.org/577810
-
-From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
-From: Jan Vesely <jano.vesely@gmail.com>
-Date: Fri, 29 Apr 2016 13:15:23 -0400
-Subject: [PATCH] configure: Check if struct fsxattr is available from linux
- header
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes build failure with --enable-xfsctl and
-new linux headers (>=4.5) and older xfsprogs(<4.5):
-In file included from /usr/include/xfs/xfs.h:38:0,
-                 from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
-/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
- struct fsxattr {
-        ^
-In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
-/usr/include/linux/fs.h:155:8: note: originally defined here
- struct fsxattr {
-
-This is really a bug in the system headers, but we can work around it
-by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
-the struct, so that xfs_fs.h doesn't try to define it as well.
-
-CC: qemu-trivial@nongnu.org
-CC: Markus Armbruster <armbru@redhat.com>
-CC: Peter Maydell <peter.maydell@linaro.org>
-CC: Stefan Weil <sw@weilnetz.de>
-Tested-by: Stefan Weil <sw@weilnetz.de>
-Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
-[PMM: adjusted commit message, comments]
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- configure | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/configure b/configure
-index ab54f3c..c37fc5f 100755
---- a/configure
-+++ b/configure
-@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
- fi
- 
- ##########################################
-+# check if struct fsxattr is available via linux/fs.h
-+
-+have_fsxattr=no
-+cat > $TMPC << EOF
-+#include <linux/fs.h>
-+struct fsxattr foo;
-+int main(void) {
-+  return 0;
-+}
-+EOF
-+if compile_prog "" "" ; then
-+    have_fsxattr=yes
-+fi
-+
-+##########################################
- # End of CC checks
- # After here, no more $cc or $ld runs
- 
-@@ -5160,6 +5175,14 @@ fi
- if test "$have_ifaddrs_h" = "yes" ; then
-     echo "HAVE_IFADDRS_H=y" >> $config_host_mak
- fi
-+
-+# Work around a system header bug with some kernel/XFS header
-+# versions where they both try to define 'struct fsxattr':
-+# xfs headers will not try to redefine structs from linux headers
-+# if this macro is set.
-+if test "$have_fsxattr" = "yes" ; then
-+    echo "HAVE_FSXATTR=y" >> $config_host_mak
-+fi
- if test "$vte" = "yes" ; then
-   echo "CONFIG_VTE=y" >> $config_host_mak
-   echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
--- 
-2.8.2
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
new file mode 100644
index 0000000..56f7435
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
@@ -0,0 +1,27 @@
+From: Li Qiang <address@hidden>
+
+In Vmxnet3 device emulator while processing transmit(tx) queue,
+when it reaches end of packet, it calls vmxnet3_complete_packet.
+In that local 'txcq_descr' object is not initialised, which could
+leak host memory bytes a guest.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/vmxnet3.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index 90f6943..92f6af9 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
+ 
+     VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+ 
++    memset(&txcq_descr, 0, sizeof(txcq_descr));
+     txcq_descr.txdIdx = tx_ridx;
+     txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
+ 
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
new file mode 100644
index 0000000..495faf2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
@@ -0,0 +1,81 @@
+From: Prasad J Pandit <address@hidden>
+
+Vmware Paravirtual SCSI emulation uses command descriptors to
+process SCSI commands. These descriptors come with their ring
+buffers. A guest could set the page count for these rings to
+an arbitrary value, leading to infinite loop or OOB access.
+Add check to avoid it.
+
+Reported-by: Tom Victor <address@hidden>
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/vmw_pvscsi.c | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+Update per review
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 5116f4a..4245c15 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
+     return log;
+ }
+ 
+-static int
++static void
+ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+ {
+     int i;
+@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+     uint32_t req_ring_size, cmp_ring_size;
+     m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
+ 
+-    if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
+-        || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
+-        return -1;
+-    }
+     req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+     cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+     txr_len_log2 = pvscsi_log2(req_ring_size - 1);
+@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+ 
+     /* Flush ring state page changes */
+     smp_wmb();
+-
+-    return 0;
+ }
+ 
+ static int
+@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
+ 
+     trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
+     for (i = 0; i < rc->cmpRingNumPages; i++) {
+-        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
++        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
+     }
+ }
+ 
+@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
+ 
+     trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
+ 
++    if (!rc->reqRingNumPages
++        || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
++        || !rc->cmpRingNumPages
++        || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
++        return PVSCSI_COMMAND_PROCESSING_FAILED;
++    }
++
+     pvscsi_dbg_dump_tx_rings_config(rc);
+-    if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
+-        return PVSCSI_COMMAND_PROCESSING_FAILED;
+-    }
++    pvscsi_ring_init_data(&s->rings, rc);
+ 
+     s->rings_info_valid = TRUE;
+     return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
new file mode 100644
index 0000000..9c21a67
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
@@ -0,0 +1,62 @@
+From: Prasad J Pandit <address@hidden>
+
+In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
+long time or go into an infinite loop due to two different bugs:
+
+1) the request descriptor data length is defined to be 64 bit. While
+building SG list from a request descriptor, it gets truncated to 32bit
+in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
+situation for large 'dataLen' values, when data_length is cast to uint32_t
+and chunk_size becomes always zero.  Fix this by removing the incorrect
+cast.
+
+2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
+element has a zero length.  Get out of the loop early when this happens,
+by introducing an upper limit on the number of SG list elements.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/vmw_pvscsi.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+Update as per:
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 4245c15..babac5a 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -40,6 +40,8 @@
+ #define PVSCSI_MAX_DEVS                   (64)
+ #define PVSCSI_MSIX_NUM_VECTORS           (1)
+ 
++#define PVSCSI_MAX_SG_ELEM                2048
++
+ #define PVSCSI_MAX_CMD_DATA_WORDS \
+     (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
+ 
+@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
+ static void
+ pvscsi_convert_sglist(PVSCSIRequest *r)
+ {
+-    int chunk_size;
++    uint32_t chunk_size, elmcnt = 0;
+     uint64_t data_length = r->req.dataLen;
+     PVSCSISGState sg = r->sg;
+-    while (data_length) {
+-        while (!sg.resid) {
++    while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
++        while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
+             pvscsi_get_next_sg_elem(&sg);
+             trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
+                                         r->sg.resid);
+         }
+-        assert(data_length > 0);
+-        chunk_size = MIN((unsigned) data_length, sg.resid);
++        chunk_size = MIN(data_length, sg.resid);
+         if (chunk_size) {
+             qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
+         }
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
new file mode 100644
index 0000000..480de30
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
@@ -0,0 +1,28 @@
+From: Prasad J Pandit <address@hidden>
+
+When LSI SAS1068 Host Bus emulator builds configuration page
+headers, the format string used in 'mptsas_config_manufacturing_1'
+was wrong. It could lead to an invalid memory access.
+
+Reported-by: Tom Victor <address@hidden>
+Fix-suggested-by: Paolo Bonzini <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/mptconfig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
+index 7071854..1ec895b 100644
+--- a/hw/scsi/mptconfig.c
++++ b/hw/scsi/mptconfig.c
+@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
+ {
+     /* VPD - all zeros */
+     return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
+-                              "s256");
++                              "*s256");
+ }
+ 
+ static
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
new file mode 100644
index 0000000..5e79608
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
@@ -0,0 +1,27 @@
+From: Prasad J Pandit <address@hidden>
+
+When LSI SAS1068 Host Bus emulator builds configuration page
+headers, mptsas_config_pack() asserts to check returned size
+value is within limit of 256 bytes. Fix that assert expression.
+
+Suggested-by: Paolo Bonzini <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/mptconfig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
+index 1ec895b..531947f 100644
+--- a/hw/scsi/mptconfig.c
++++ b/hw/scsi/mptconfig.c
+@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...)
+     va_end(ap);
+ 
+     if (data) {
+-        assert(ret < 256 && (ret % 4) == 0);
++        assert(ret / 4 < 256);
+         stb_p(*data + 1, ret / 4);
+     }
+     return ret;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
new file mode 100644
index 0000000..7eb5f76
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
@@ -0,0 +1,40 @@
+From: Prasad J Pandit <address@hidden>
+
+When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
+the computed BITMAP and PIXMAP size are checked against the
+'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
+Correct these checks to avoid OOB memory access.
+
+Reported-by: Qinghao Tang <address@hidden>
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/display/vmware_vga.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
+index e51a05e..6599cf0 100644
+--- a/hw/display/vmware_vga.c
++++ b/hw/display/vmware_vga.c
+@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
+             cursor.bpp = vmsvga_fifo_read(s);
+ 
+             args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
+-            if (cursor.width > 256 ||
+-                cursor.height > 256 ||
+-                cursor.bpp > 32 ||
+-                SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
+-                SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
++            if (cursor.width > 256
++                || cursor.height > 256
++                || cursor.bpp > 32
++                || SVGA_BITMAP_SIZE(x, y)
++                    > sizeof(cursor.mask) / sizeof(cursor.mask[0])
++                || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
++                    > sizeof(cursor.image) / sizeof(cursor.image[0])) {
+                     goto badcmd;
+             }
+ 
+-- 
+2.5.5
+

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
new file mode 100644
index 0000000..b9f3545
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
@@ -0,0 +1,34 @@
+From: Prasad J Pandit <address@hidden>
+
+Vmware Paravirtual SCSI emulator while processing IO requests
+could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
+always returned positive value. Limit IO loop to the ring size.
+
+Cc: address@hidden
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ hw/scsi/vmw_pvscsi.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index babac5a..a5ce7de 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -247,8 +247,11 @@ static hwaddr
+ pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr)
+ {
+     uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx);
++    uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING
++                            * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+ 
+-    if (ready_ptr != mgr->consumed_ptr) {
++    if (ready_ptr != mgr->consumed_ptr
++        && ready_ptr - mgr->consumed_ptr < ring_size) {
+         uint32_t next_ready_ptr =
+             mgr->consumed_ptr++ & mgr->txr_len_mask;
+         uint32_t next_ready_page =
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
new file mode 100644
index 0000000..6368e7f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
@@ -0,0 +1,38 @@
+From: Prasad J Pandit <address@hidden>
+
+virtio back end uses set of buffers to facilitate I/O operations.
+If its size is too large, 'cpu_physical_memory_map' could return
+a null address. This would result in a null dereference
+while un-mapping descriptors. Add check to avoid it.
+
+Reported-by: Qinghao Tang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/virtio/virtio.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 15ee3a7..0a4c5b6 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
+         }
+ 
+         iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
+-        iov[num_sg].iov_len = len;
+-        addr[num_sg] = pa;
++        if (iov[num_sg].iov_base) {
++            iov[num_sg].iov_len = len;
++            addr[num_sg] = pa;
+ 
++            pa += len;
++            num_sg++;
++        }
+         sz -= len;
+-        pa += len;
+-        num_sg++;
+     }
+     *p_num_sg = num_sg;
+ }
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
new file mode 100644
index 0000000..fdd871b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
@@ -0,0 +1,31 @@
+From: Li Qiang <address@hidden>
+
+When processing IO request in mptsas, it uses g_new to allocate
+a 'req' object. If an error occurs before 'req->sreq' is
+allocated, It could lead to an OOB write in mptsas_free_request
+function. Use g_new0 to avoid it.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Cc: address@hidden
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ hw/scsi/mptsas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
+index 0e0a22f..eaae1bb 100644
+--- a/hw/scsi/mptsas.c
++++ b/hw/scsi/mptsas.c
+@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
+         goto bad;
+     }
+ 
+-    req = g_new(MPTSASRequest, 1);
++    req = g_new0(MPTSASRequest, 1);
+     QTAILQ_INSERT_TAIL(&s->pending, req, next);
+     req->scsi_io = *scsi_io;
+     req->dev = s;
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
new file mode 100644
index 0000000..d5028bb
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
@@ -0,0 +1,26 @@
+From: Li Qiang <address@hidden>
+
+If the xhci uses msix, it doesn't free the corresponding
+memory, thus leading a memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/usb/hcd-xhci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 188f954..281a2a5 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
+     /* destroy msix memory region */
+     if (dev->msix_table && dev->msix_pba
+         && dev->msix_entry_used) {
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
++        msix_uninit(dev, &xhci->mem, &xhci->mem);
+     }
+ 
+     usb_bus_release(&xhci->bus);
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/qemu-2.5.1-r99.ebuild b/app-emulation/qemu/qemu-2.7.0-r99.ebuild
similarity index 94%
rename from app-emulation/qemu/qemu-2.5.1-r99.ebuild
rename to app-emulation/qemu/qemu-2.7.0-r99.ebuild
index 1d169e8..f8432d3 100644
--- a/app-emulation/qemu/qemu-2.5.1-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0-r99.ebuild
@@ -2,26 +2,22 @@
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 PYTHON_COMPAT=( python2_7 )
 PYTHON_REQ_USE="ncurses,readline"
 
-PLOCALES="de_DE fr_FR hu it tr zh_CN"
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
 
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo pax-utils l10n
-
-BACKPORTS=
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
 
 if [[ ${PV} = *9999* ]]; then
 	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
 	inherit git-2
 	SRC_URI=""
 else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
-	${BACKPORTS:+
-		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
 	KEYWORDS="amd64 ~ppc x86"
 fi
 
@@ -30,7 +26,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
-IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
 gnutls gtk gtk2 infiniband iscsi +jpeg \
 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
 +png pulseaudio python \
@@ -70,8 +66,13 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 #
 # Older versions of gnutls are supported, but it's simpler to just require
 # the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	dev-libs/libpcre[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
 	xattr? ( sys-apps/attr[static-libs(+)] )"
 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
@@ -108,7 +109,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 		virtual/opengl
 		media-libs/libepoxy[static-libs(+)]
 		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gles2]
+		media-libs/mesa[egl,gles2,gbm]
 	)
 	png? ( media-libs/libpng:0=[static-libs(+)] )
 	pulseaudio? ( media-sound/pulseaudio )
@@ -337,18 +338,18 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
 	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
 
-	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
-	[[ -n ${BACKPORTS} ]] && \
-		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
-			epatch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
-	epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
-	epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
-	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
-	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
+	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
+	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
+	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
+	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
+	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
+	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
@@ -412,6 +413,7 @@ qemu_src_configure() {
 	conf_opts+=(
 		$(conf_softmmu accessibility brlapi)
 		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
 		$(conf_softmmu bluetooth bluez)
 		$(conf_softmmu caps cap-ng)
 		$(conf_softmmu curl)
@@ -482,6 +484,7 @@ qemu_src_configure() {
 			--disable-linux-user
 			--disable-system
 			--disable-blobs
+			$(use_enable bzip2)
 		)
 		static_flag="static"
 		;;
@@ -571,7 +574,6 @@ src_test() {
 qemu_python_install() {
 	python_domodule "${S}/scripts/qmp/qmp.py"
 
-	python_doscript "${S}/scripts/kvm/kvm_stat"
 	python_doscript "${S}/scripts/kvm/vmxcap"
 	python_doscript "${S}/scripts/qmp/qmp-shell"
 	python_doscript "${S}/scripts/qmp/qemu-ga-client"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-01-03 22:34 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-01-03 22:34 UTC (permalink / raw
  To: gentoo-commits

commit:     2f2ad6f0e67b5a268f764bb03348f68367932c13
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Jan  3 22:33:36 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Jan  3 22:33:36 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=2f2ad6f0

app-emulation/qemu-2.8.0: Fix patches

The ifunc patch is no longer necessary as of 2.8.x
The F_SHLCK/F_EXLCK patch needed to be refreshed.

 app-emulation/qemu/Manifest                              |  3 ++-
 .../qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch      | 16 ++++++++++++++++
 app-emulation/qemu/qemu-2.8.0.ebuild                     |  3 +--
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 48d0014..7f02bb3 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -37,11 +37,12 @@ AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec
 AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
+AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
 DIST qemu-2.7.1.tar.bz2 26868403 SHA256 68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898 WHIRLPOOL ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 EBUILD qemu-2.7.0-r7.ebuild 22495 SHA256 a606d5b6805d24191245b4191c1f62a09096d8ee283c62629f038851b4c8e6c5 SHA512 c45e516c4c45b5a1eaec06d046cebf129f1422c2d5910699c0a367a4c8c7d49e323a6addc765e1ec57209df12270e196169e52a7618afef28019be06feff70ea WHIRLPOOL 94ae6ab13fc03450ce5b6b0e5840e488401116d6bf60ec411cc01f39f2d10931bd65572f25bdf958e9f94bb4f6582795018039b5b4c988fa3bd5dee928014c65
 EBUILD qemu-2.7.1.ebuild 22161 SHA256 a7d2ff5c706a35a1b2c5610866215a5db04674ce68fb01e3e076b68839dcafd8 SHA512 7d30615832f2fecf89b472c4ea56446335176a330a7d64693ed7cc9becd47a1f40064fca191467deb8603116b4f69307d7968971c9b3845356b8b8d4cf053472 WHIRLPOOL 23bda8ca28ff8620739c604289a0d81ec4d16c1908b8c02df7833f9c0d98f698922650636456ac0bcc285357836af23ffd28bf3b8c2653a690a86fa5ae662a61
-EBUILD qemu-2.8.0.ebuild 21005 SHA256 5009f688c9c65004640328ad98b007d2b0e33a95daa3cb8958f5968c8109e0b4 SHA512 9d2d86f6df898a19ef3b4a387b6b715b547d387b1995e38e2e4b849fcd184560f6fc543340aa5acd5080823b7ed8db605918bd7e9b860dd170c967d224fe347e WHIRLPOOL 625e49536d32ee8685ec14d8e629ebefb2753e6d43bf33e577aa0e7f30d9144ada724547a28859c75bdd88d178ab9b9b5ee847fb2853f9953cd8a4f74af924d2
+EBUILD qemu-2.8.0.ebuild 20949 SHA256 468944f9506df374711bdc5e87fcd2bcc2b823061b23ab8561642c41755e510a SHA512 d3f7cefab4fe282c72f30e1c2232eca7faac63c2b4d4172cc5b9f8ccb43ee2eb7a5602ba895c4ee5221f8cccfe62b89dc65cedb7e6932b696952be7f2052605b WHIRLPOOL 50c2b17b13715a0750bc48ff24fd71ddc13a5af1a7f2f2de5edde261f4d9c3a7ccc07c665385c444183743610f85bd6cc623e57e322e85e19f8ce3b874ca093e
 MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41

diff --git a/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch b/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch
new file mode 100644
index 0000000..ccfb582
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch
@@ -0,0 +1,16 @@
+diff -Naur qemu-2.8.0.orig/linux-user/syscall.c qemu-2.8.0/linux-user/syscall.c
+--- qemu-2.8.0.orig/linux-user/syscall.c	2016-12-20 12:16:48.000000000 -0800
++++ qemu-2.8.0/linux-user/syscall.c	2017-01-03 14:11:45.195429181 -0800
+@@ -117,6 +117,12 @@
+ #ifndef CLONE_IO
+ #define CLONE_IO                0x80000000      /* Clone io context */
+ #endif
++#ifndef F_SHLCK
++#define F_SHLCK 8
++#endif
++#ifndef F_EXLCK
++#define F_EXLCK 4
++#endif
+ 
+ /* We can't directly call the host clone syscall, because this will
+  * badly confuse libc (breaking mutexes, for example). So we must

diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
index 4fbc9fd..4020d7c 100644
--- a/app-emulation/qemu/qemu-2.8.0.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0.ebuild
@@ -332,10 +332,9 @@ src_prepare() {
 		Makefile Makefile.target || die
 
 	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
+	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
 	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
 
 	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-02-13  6:46 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-02-13  6:46 UTC (permalink / raw
  To: gentoo-commits

commit:     b610381e7567e3d26aa70587a1e173de4e1fa48f
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Feb 13 06:45:09 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Feb 13 06:45:09 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=b610381e

app-emulation/qemu: version bump to 2.8.0-r1

Drop 2.7.x (no longer in tree.)

 app-emulation/qemu/Manifest                        |  52 +-
 .../files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch     |  23 -
 .../qemu/files/qemu-2.7.0-CVE-2016-6836.patch      |  27 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch      |  81 ---
 .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch      |  62 --
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch    |  28 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch    |  27 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7170.patch      |  40 --
 .../qemu/files/qemu-2.7.0-CVE-2016-7421.patch      |  34 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch      |  38 --
 .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch      |  31 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch      |  26 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7907.patch      |  45 --
 .../qemu/files/qemu-2.7.0-CVE-2016-7908.patch      |  52 --
 .../qemu/files/qemu-2.7.0-CVE-2016-7909.patch      |  32 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch    |  25 -
 .../qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch    |  26 -
 .../qemu/files/qemu-2.7.0-CVE-2016-8576.patch      |  61 --
 .../qemu/files/qemu-2.7.0-CVE-2016-8577.patch      |  34 -
 .../qemu/files/qemu-2.7.0-CVE-2016-8578.patch      |  58 --
 .../qemu/files/qemu-2.7.0-CVE-2016-8668.patch      |  30 -
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch    |   3 +
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch    |  34 -
 .../qemu/files/qemu-2.7.0-CVE-2016-8909.patch      |  31 -
 .../qemu/files/qemu-2.7.0-CVE-2016-8910.patch      |  29 -
 .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch      |  21 -
 .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch      |  27 -
 .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch      |  92 ---
 .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch      |  25 -
 .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch      |  27 -
 .../qemu/files/qemu-2.7.0-configure-ifunc.patch    |  13 -
 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch     |  46 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch      |  48 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch    |  52 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch    |  55 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch      |  41 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch      |  35 +
 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch      |  40 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch      |  37 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch      |  64 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch      |  38 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch      |  35 +
 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch      |  46 ++
 app-emulation/qemu/metadata.xml                    |   1 -
 app-emulation/qemu/qemu-2.7.0-r7.ebuild            | 713 ---------------------
 .../{qemu-2.7.1.ebuild => qemu-2.8.0-r1.ebuild}    |  53 +-
 app-emulation/qemu/qemu-2.8.0.ebuild               |  10 +-
 47 files changed, 582 insertions(+), 1866 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 7f02bb3..0acf0b7 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,48 +1,28 @@
 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
-AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256 99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512 a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00 WHIRLPOOL d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
-AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256 a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512 cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b WHIRLPOOL df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82
-AUX qemu-2.7.0-CVE-2016-7155.patch 2745 SHA256 addf638a53bfae8556e463e0b78a151eef0fdf171eb395a98dbdf0332ff74131 SHA512 96e9df733c5227899da7d2ecc346139df9830dd16fc16f1f14666f8be60205a43f434fd79e158c2000926656ffa137809f1cb3c57a04cb375011f816e92e2f4b WHIRLPOOL c04c0dda417a70e4acb289c6b296da93f3eb8e51f7cfad62351b7235512e04714fdc169a87f4cbf1ef82bfc6decc8ebb5b3958f23d001795c9ebcd08369185a3
-AUX qemu-2.7.0-CVE-2016-7156.patch 2314 SHA256 7fa0d7f1025a3435b692a6e7ed8fa3be38a918395a8253e8c27f416ff37e041d SHA512 db3009fdf6d85ffd24fd4a2a40b372b0e665274bba1ce01632aef0d583f2830b58f889166a34acd36409944ab3f7e264801bf89a78f55a586b5f43429a1c86dc WHIRLPOOL ce8101b7607612ed7b9c6fbe373f9b5dec07e0ea8af0b4be8e52b4add5dd0ba12c9e5eb7380d68e3d3867988e0cfc1bdd1e8357ce2b71ef19f51e316fac62161
-AUX qemu-2.7.0-CVE-2016-7157-1.patch 888 SHA256 7a1f6199b16c220df51002e1222763d1a7c7b3a08349f664e576a9facc553516 SHA512 5c104464dfa48804d94ccca9a9d881f9e22eba2c3d9a2cbf3a645c3a696e89ea3f4603ea28deba9a1cd800df9bc5ad4894606869eca3e1e9cf95414723846938 WHIRLPOOL af42ec7ca93c92c4df060b4efd61bcc3f7cb5582d00bfe174d81f2393ad3a7f06e27cc2b2186f664860c3ee98f76dd68cd7e6de7ff7e63b778f345c32a62b495
-AUX qemu-2.7.0-CVE-2016-7157-2.patch 812 SHA256 1db3b565b4762abbc1096286c9887400591af76bf422a105e457c6bdcb887b59 SHA512 8d2177adc638d384302ec89de65a0acd4f4069580c40d6c50cb78501f25f4d171f3b92a36464711337e07dbf208f9ad93eb2f86a7361dde52026c1764341e10d WHIRLPOOL e815e165bb23cd42aaba2310e3fa48bba33b0344069e6f54c4b26dddad746516053221969fad855d6c827d42371494c609123b002e1e2a96c366d11131b3243a
-AUX qemu-2.7.0-CVE-2016-7170.patch 1527 SHA256 37d600b5a4ba143f1d6b26acbcf23357fa41a5f852774f68b6b6736a6ecec024 SHA512 c84494ec4ee9607cef7b230a25d10de444a29fecba57566df5394d40b88596ef91fbd5edfb51a58c5ecff7fa7ef39b7d32ba7976dbd011fb1b29a2e46e4e0080 WHIRLPOOL ddd3d94da447556b24257c11068bef360da6cf35e22257869b09057f42ba027636e605db96d9a66253f423f5667814a1f8c551f8eece733fd997b03d6ac81e2b
-AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256 f3996d9d4658fb32a04ce8ae3d3510e6a51a0aa39f64b003a636f68dacef19db SHA512 51d07015e27e4dfbde2c3ffa37d91134374b49c136735845c34155238767483ede8bbc7232ea93b4e4cbcc28195cbe1986d44ac0dd96e914ec29df3a1da9dfcc WHIRLPOOL a4e27d329591b2a3b94a7abed81df1f87509f5a38beb490d7a4ca7c14df2a864f4126c26fc044bb4357467b0f9ed0ca5811d5e85812e318adcb3236c30bef7a1
-AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256 7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512 6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef WHIRLPOOL 82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9
-AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256 2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512 e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f WHIRLPOOL 9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd
-AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256 5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512 d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48 WHIRLPOOL 13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b
-AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256 58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512 5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51 WHIRLPOOL 69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec
-AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256 3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512 441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd WHIRLPOOL 6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054
-AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256 8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512 e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca WHIRLPOOL b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414
-AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256 6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512 7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464 WHIRLPOOL 80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73
-AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256 c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512 4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce WHIRLPOOL c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105
-AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256 dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512 25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de WHIRLPOOL 25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e
-AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256 fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512 364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de WHIRLPOOL 561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e
-AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256 9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512 326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875 WHIRLPOOL 88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99
-AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256 26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512 de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899 WHIRLPOOL 3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2
-AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256 ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512 23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de WHIRLPOOL 412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff
-AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256 176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512 82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede WHIRLPOOL f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c
-AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256 989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512 23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af WHIRLPOOL 9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e
-AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256 919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512 1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e WHIRLPOOL 574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b
-AUX qemu-2.7.0-CVE-2016-9102.patch 739 SHA256 ae425fbbaf6dedcf6eabe3d1f0bd300be70550f7bd77290536617372eed96766 SHA512 dbf40c7f0a055d10fbb5d02b21e8c3f62dc9bb2718639eb3dec007ba610aa0a045c1a449a7b3aa02a21056807a25d6e523eb782d79b2a249df1258af1dadefad WHIRLPOOL 89ea3815b9d744a98ff49df65a514a20966c7ada508e33dbc73704d60c75c48f6f544bf658180a2b73ca612bcc62e2e146b0efdbbc51456ba81518c5b28c80dc
-AUX qemu-2.7.0-CVE-2016-9103.patch 1002 SHA256 009696b3403c0481223fac6bc93976fc85727eeb0716a9e19545e8ac4da95e8d SHA512 0f47c2d13cbda36a7796773150865001060e4b530d76ca6b0c46d1041108a57830939b0dc7cdc960ccc705bcd463dd57505d748edf36610d7de2af2560e62597 WHIRLPOOL 8d4cb500025f59075a1038cefe0c8ccd063282527b35873cdd9d29ba58cdaa3fc285d5191657ecdef2b056a017f89d8f66f4a544f201e5952426d6dd619b23ba
-AUX qemu-2.7.0-CVE-2016-9104.patch 2890 SHA256 7ba38b43519eb8f9c8c70daaa1705c01a331cbb98b4d4f8eeed31da207f3a13b SHA512 7f6d84f12e8372b72fe4db8e47064ecc7ea0698bb7c5dc0285316354461edb35e01ba76a6e16c1bf7e03d5f0070822f4bb61655e44af5536ee81970b4ff937e0 WHIRLPOOL 3f8e973cf28040422d25394b14f3b99894796b64408a3c15957d628d74076bc1e577ea2e2803e428d85b94607c74f81d23219d9487aa0085a80a2e89d78a5829
-AUX qemu-2.7.0-CVE-2016-9105.patch 610 SHA256 f4303796ece1e46f6e622e8cd0c9029daa0a6ed29ef630a0c64a5c595dbeb1b3 SHA512 1ab19ef861b6fe55017d02b7cbf24ad60776ed64e052d6e1b670c9aac7e312207718fcf601e9dba4bdd2c9104b9be25bcf0055b42e080b1f8abf9bc3f7db0b36 WHIRLPOOL 07fe76de2d2d68bcd091e90cc9578b17d5a8ad12ab316683d6e4badea443d08e08060a4e206f555c88b60b0a45f4ba49c9d11f42ee44b5b43200843c37329dad
-AUX qemu-2.7.0-CVE-2016-9106.patch 835 SHA256 594213b4200ae109dfbc6ec8e536d275d798c756a25e130a86972c514730f541 SHA512 6a3249f47fecdbe28eec496eb1284296d04d9e75efab21ab226d6ef2d5254bd85a44aa08879b1922682b65b5bce2e699ccaafa3a2b8b6f60ccbc84432bc599cd WHIRLPOOL b80c2787cbe71f416a7ea2aa39e800922b0a8a410eacb038d0163dfbb91f6a41cc2ae5afb010a7395ef17207e6b1acda34cddd9ff9d1ab035330ade6334e8b8c
-AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256 40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512 e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad WHIRLPOOL cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
+AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be
 AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
+AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
+AUX qemu-2.8.0-CVE-2017-2615.patch 1720 SHA256 33f3f81ff8e5dacfc4f33dd48bd7833843c209f6d2bd5b3102cc5694ad85a593 SHA512 32063428286a49a12daa481ba87f1b09be6504bf24c5759aacf88ef436312a890dfe44d08457d8b426f86ce7680700d32fb21a255a6db8eb512e612c16770d36 WHIRLPOOL 9f1eed6c6c3eeb1e8991d1aa82e12a004c223bdd635ec48e433ca93d054aa3dfb5986fe01e36df157ef20c685e07595eebdf5fe16ed7cf9034e1c9ddf8304dbb
+AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
+AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
+AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
+AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
+AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
+AUX qemu-2.8.0-CVE-2017-5667.patch 1497 SHA256 e05e21c45d8c05392215db0bff3e161c68d64b0b9e42add18307346b3a4d4bc3 SHA512 7c518736ac09d6c37fd359a8a503713f1b76d6041038f58e7648bb69251d6039c3449593eb14a5e0f2649d12856964a42d48e4ee0bb9dc664ada2852f9ea3cbd WHIRLPOOL 0e74b2671f148fa9f31674e6dd80634064fb8d24be474eaf9ea1efcb6cf427314da75187a32eed874ea4bde19e8dfc4562d5af06893ce3beeef7de8f902dd698
+AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
+AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
+AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
+AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580e34b88c11716e62fad69931eb3d7ac6 SHA512 5b9a00f0964b153df7630655480b646e6615e831fd981642987d8691e9ddd265f64285d0e70c4f536bb370adb03a75548f7258bee8dbc2b7de15a3984fc8421b WHIRLPOOL c6d9440adf57ad1b560da03a455d9bdc3094c952f3c82a5e88fa6f2d0336ab767f0617b2916b68a5e3f5d30293749be40c12dfe93e8b7525fec9b8a453a65123
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
-DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
-DIST qemu-2.7.1.tar.bz2 26868403 SHA256 68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898 WHIRLPOOL ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.7.0-r7.ebuild 22495 SHA256 a606d5b6805d24191245b4191c1f62a09096d8ee283c62629f038851b4c8e6c5 SHA512 c45e516c4c45b5a1eaec06d046cebf129f1422c2d5910699c0a367a4c8c7d49e323a6addc765e1ec57209df12270e196169e52a7618afef28019be06feff70ea WHIRLPOOL 94ae6ab13fc03450ce5b6b0e5840e488401116d6bf60ec411cc01f39f2d10931bd65572f25bdf958e9f94bb4f6582795018039b5b4c988fa3bd5dee928014c65
-EBUILD qemu-2.7.1.ebuild 22161 SHA256 a7d2ff5c706a35a1b2c5610866215a5db04674ce68fb01e3e076b68839dcafd8 SHA512 7d30615832f2fecf89b472c4ea56446335176a330a7d64693ed7cc9becd47a1f40064fca191467deb8603116b4f69307d7968971c9b3845356b8b8d4cf053472 WHIRLPOOL 23bda8ca28ff8620739c604289a0d81ec4d16c1908b8c02df7833f9c0d98f698922650636456ac0bcc285357836af23ffd28bf3b8c2653a690a86fa5ae662a61
-EBUILD qemu-2.8.0.ebuild 20949 SHA256 468944f9506df374711bdc5e87fcd2bcc2b823061b23ab8561642c41755e510a SHA512 d3f7cefab4fe282c72f30e1c2232eca7faac63c2b4d4172cc5b9f8ccb43ee2eb7a5602ba895c4ee5221f8cccfe62b89dc65cedb7e6932b696952be7f2052605b WHIRLPOOL 50c2b17b13715a0750bc48ff24fd71ddc13a5af1a7f2f2de5edde261f4d9c3a7ccc07c665385c444183743610f85bd6cc623e57e322e85e19f8ce3b874ca093e
-MISC metadata.xml 3925 SHA256 d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512 3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6 WHIRLPOOL bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41
+EBUILD qemu-2.8.0-r1.ebuild 21623 SHA256 6e5cf2427f830d730b93ef0526ceaf126af7513ed011d7ee3cf192ba7687e837 SHA512 03f49ad75e1fb4f43811624d7b8cd6b82a012b6a32f74f371421d246962cea88d2a498a664b659bbe1bda6cff9a9da43e550e7d4c71a55a5a2110a4b5b8c7462 WHIRLPOOL 06a247c8306de45b424266661797b4a64339daf4b8177c9eefb707bab06d497cb5410c59c9a89b0693cb14fd5ac293b537e81cf3da24b2be711d9db8fa3a0a9d
+EBUILD qemu-2.8.0.ebuild 20856 SHA256 5cf0517d3327eac95727067f80702639132b87603029951ef2db8086f6fd34ae SHA512 10bcdad90a85786f0d2e4044be010e5d87f54fd0710c889205060e1404e5a24004e0095d7d3ee0f62735e3ab88d2af5986d371769125b13ffc5689edc5a95be8 WHIRLPOOL af455544650a9c0cb4bc2be588e3687dea90d14bbc3dad1aa76bcf65376317b85374151eee761239868b3ce8aaae089e4278b3897e5f013e4652c6801c66c9b6
+MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1

diff --git a/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch b/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch
deleted file mode 100644
index fb5ad59..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Copied from Alpine Linux
-
-This patch was not upstreamed to qemu as those should probably be
-defined in musl libc.
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index c8989b6..00ed747 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -114,6 +114,13 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
- 
- #include "qemu.h"
- 
-+#ifndef F_SHLCK
-+#define F_SHLCK 8
-+#endif
-+#ifndef F_EXLCK
-+#define F_EXLCK 4
-+#endif
-+
- #define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
-     CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
- 

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
deleted file mode 100644
index 56f7435..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Li Qiang <address@hidden>
-
-In Vmxnet3 device emulator while processing transmit(tx) queue,
-when it reaches end of packet, it calls vmxnet3_complete_packet.
-In that local 'txcq_descr' object is not initialised, which could
-leak host memory bytes a guest.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/vmxnet3.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
-index 90f6943..92f6af9 100644
---- a/hw/net/vmxnet3.c
-+++ b/hw/net/vmxnet3.c
-@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
- 
-     VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
- 
-+    memset(&txcq_descr, 0, sizeof(txcq_descr));
-     txcq_descr.txdIdx = tx_ridx;
-     txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
- 
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
deleted file mode 100644
index 495faf2..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-Vmware Paravirtual SCSI emulation uses command descriptors to
-process SCSI commands. These descriptors come with their ring
-buffers. A guest could set the page count for these rings to
-an arbitrary value, leading to infinite loop or OOB access.
-Add check to avoid it.
-
-Reported-by: Tom Victor <address@hidden>
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/scsi/vmw_pvscsi.c | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-Update per review
-  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 5116f4a..4245c15 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
-     return log;
- }
- 
--static int
-+static void
- pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
- {
-     int i;
-@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
-     uint32_t req_ring_size, cmp_ring_size;
-     m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
- 
--    if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
--        || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
--        return -1;
--    }
-     req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
-     cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
-     txr_len_log2 = pvscsi_log2(req_ring_size - 1);
-@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
- 
-     /* Flush ring state page changes */
-     smp_wmb();
--
--    return 0;
- }
- 
- static int
-@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
- 
-     trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
-     for (i = 0; i < rc->cmpRingNumPages; i++) {
--        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
-+        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
-     }
- }
- 
-@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
- 
-     trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
- 
-+    if (!rc->reqRingNumPages
-+        || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
-+        || !rc->cmpRingNumPages
-+        || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
-+        return PVSCSI_COMMAND_PROCESSING_FAILED;
-+    }
-+
-     pvscsi_dbg_dump_tx_rings_config(rc);
--    if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
--        return PVSCSI_COMMAND_PROCESSING_FAILED;
--    }
-+    pvscsi_ring_init_data(&s->rings, rc);
- 
-     s->rings_info_valid = TRUE;
-     return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
deleted file mode 100644
index 9c21a67..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
-long time or go into an infinite loop due to two different bugs:
-
-1) the request descriptor data length is defined to be 64 bit. While
-building SG list from a request descriptor, it gets truncated to 32bit
-in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
-situation for large 'dataLen' values, when data_length is cast to uint32_t
-and chunk_size becomes always zero.  Fix this by removing the incorrect
-cast.
-
-2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
-element has a zero length.  Get out of the loop early when this happens,
-by introducing an upper limit on the number of SG list elements.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/scsi/vmw_pvscsi.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-Update as per:
-  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 4245c15..babac5a 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -40,6 +40,8 @@
- #define PVSCSI_MAX_DEVS                   (64)
- #define PVSCSI_MSIX_NUM_VECTORS           (1)
- 
-+#define PVSCSI_MAX_SG_ELEM                2048
-+
- #define PVSCSI_MAX_CMD_DATA_WORDS \
-     (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
- 
-@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
- static void
- pvscsi_convert_sglist(PVSCSIRequest *r)
- {
--    int chunk_size;
-+    uint32_t chunk_size, elmcnt = 0;
-     uint64_t data_length = r->req.dataLen;
-     PVSCSISGState sg = r->sg;
--    while (data_length) {
--        while (!sg.resid) {
-+    while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
-+        while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
-             pvscsi_get_next_sg_elem(&sg);
-             trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
-                                         r->sg.resid);
-         }
--        assert(data_length > 0);
--        chunk_size = MIN((unsigned) data_length, sg.resid);
-+        chunk_size = MIN(data_length, sg.resid);
-         if (chunk_size) {
-             qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
-         }
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
deleted file mode 100644
index 480de30..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-When LSI SAS1068 Host Bus emulator builds configuration page
-headers, the format string used in 'mptsas_config_manufacturing_1'
-was wrong. It could lead to an invalid memory access.
-
-Reported-by: Tom Victor <address@hidden>
-Fix-suggested-by: Paolo Bonzini <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/scsi/mptconfig.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
-index 7071854..1ec895b 100644
---- a/hw/scsi/mptconfig.c
-+++ b/hw/scsi/mptconfig.c
-@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
- {
-     /* VPD - all zeros */
-     return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
--                              "s256");
-+                              "*s256");
- }
- 
- static
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
deleted file mode 100644
index 5e79608..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-When LSI SAS1068 Host Bus emulator builds configuration page
-headers, mptsas_config_pack() asserts to check returned size
-value is within limit of 256 bytes. Fix that assert expression.
-
-Suggested-by: Paolo Bonzini <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/scsi/mptconfig.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
-index 1ec895b..531947f 100644
---- a/hw/scsi/mptconfig.c
-+++ b/hw/scsi/mptconfig.c
-@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...)
-     va_end(ap);
- 
-     if (data) {
--        assert(ret < 256 && (ret % 4) == 0);
-+        assert(ret / 4 < 256);
-         stb_p(*data + 1, ret / 4);
-     }
-     return ret;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
deleted file mode 100644
index 7eb5f76..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7170.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
-the computed BITMAP and PIXMAP size are checked against the
-'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
-Correct these checks to avoid OOB memory access.
-
-Reported-by: Qinghao Tang <address@hidden>
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/display/vmware_vga.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
-index e51a05e..6599cf0 100644
---- a/hw/display/vmware_vga.c
-+++ b/hw/display/vmware_vga.c
-@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
-             cursor.bpp = vmsvga_fifo_read(s);
- 
-             args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
--            if (cursor.width > 256 ||
--                cursor.height > 256 ||
--                cursor.bpp > 32 ||
--                SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
--                SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
-+            if (cursor.width > 256
-+                || cursor.height > 256
-+                || cursor.bpp > 32
-+                || SVGA_BITMAP_SIZE(x, y)
-+                    > sizeof(cursor.mask) / sizeof(cursor.mask[0])
-+                || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
-+                    > sizeof(cursor.image) / sizeof(cursor.image[0])) {
-                     goto badcmd;
-             }
- 
--- 
-2.5.5
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
deleted file mode 100644
index b9f3545..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7421.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-Vmware Paravirtual SCSI emulator while processing IO requests
-could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
-always returned positive value. Limit IO loop to the ring size.
-
-Cc: address@hidden
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Message-Id: <address@hidden>
-Signed-off-by: Paolo Bonzini <address@hidden>
----
- hw/scsi/vmw_pvscsi.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index babac5a..a5ce7de 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -247,8 +247,11 @@ static hwaddr
- pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr)
- {
-     uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx);
-+    uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING
-+                            * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
- 
--    if (ready_ptr != mgr->consumed_ptr) {
-+    if (ready_ptr != mgr->consumed_ptr
-+        && ready_ptr - mgr->consumed_ptr < ring_size) {
-         uint32_t next_ready_ptr =
-             mgr->consumed_ptr++ & mgr->txr_len_mask;
-         uint32_t next_ready_page =
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
deleted file mode 100644
index 6368e7f..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-virtio back end uses set of buffers to facilitate I/O operations.
-If its size is too large, 'cpu_physical_memory_map' could return
-a null address. This would result in a null dereference
-while un-mapping descriptors. Add check to avoid it.
-
-Reported-by: Qinghao Tang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/virtio/virtio.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index 15ee3a7..0a4c5b6 100644
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
-         }
- 
-         iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
--        iov[num_sg].iov_len = len;
--        addr[num_sg] = pa;
-+        if (iov[num_sg].iov_base) {
-+            iov[num_sg].iov_len = len;
-+            addr[num_sg] = pa;
- 
-+            pa += len;
-+            num_sg++;
-+        }
-         sz -= len;
--        pa += len;
--        num_sg++;
-     }
-     *p_num_sg = num_sg;
- }
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
deleted file mode 100644
index fdd871b..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Li Qiang <address@hidden>
-
-When processing IO request in mptsas, it uses g_new to allocate
-a 'req' object. If an error occurs before 'req->sreq' is
-allocated, It could lead to an OOB write in mptsas_free_request
-function. Use g_new0 to avoid it.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Message-Id: <address@hidden>
-Cc: address@hidden
-Signed-off-by: Paolo Bonzini <address@hidden>
----
- hw/scsi/mptsas.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
-index 0e0a22f..eaae1bb 100644
---- a/hw/scsi/mptsas.c
-+++ b/hw/scsi/mptsas.c
-@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
-         goto bad;
-     }
- 
--    req = g_new(MPTSASRequest, 1);
-+    req = g_new0(MPTSASRequest, 1);
-     QTAILQ_INSERT_TAIL(&s->pending, req, next);
-     req->scsi_io = *scsi_io;
-     req->dev = s;
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
deleted file mode 100644
index d5028bb..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Li Qiang <address@hidden>
-
-If the xhci uses msix, it doesn't free the corresponding
-memory, thus leading a memory leak. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/usb/hcd-xhci.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 188f954..281a2a5 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
-     /* destroy msix memory region */
-     if (dev->msix_table && dev->msix_pba
-         && dev->msix_entry_used) {
--        memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
--        memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
-+        msix_uninit(dev, &xhci->mem, &xhci->mem);
-     }
- 
-     usb_bus_release(&xhci->bus);
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
deleted file mode 100644
index 34b095a..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-i.MX Fast Ethernet Controller uses buffer descriptors to manage
-data flow to/fro receive & transmit queues. While transmitting
-packets, it could continue to read buffer descriptors if a buffer
-descriptor has length of zero and has crafted values in bd.flags.
-Set an upper limit to number of buffer descriptors.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/imx_fec.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-Update per
-  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html
-
-diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
-index 1c415ab..1d74827 100644
---- a/hw/net/imx_fec.c
-+++ b/hw/net/imx_fec.c
-@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
- #define PHY_INT_PARFAULT            (1 << 2)
- #define PHY_INT_AUTONEG_PAGE        (1 << 1)
- 
-+#define IMX_MAX_DESC                1024
-+
- static void imx_eth_update(IMXFECState *s);
- 
- /*
-@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
- 
- static void imx_fec_do_tx(IMXFECState *s)
- {
--    int frame_size = 0;
-+    int frame_size = 0, descnt = 0;
-     uint8_t frame[ENET_MAX_FRAME_SIZE];
-     uint8_t *ptr = frame;
-     uint32_t addr = s->tx_descriptor;
- 
--    while (1) {
-+    while (descnt++ < IMX_MAX_DESC) {
-         IMXFECBufDesc bd;
-         int len;
- 

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
deleted file mode 100644
index 16d072f..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 22 Sep 2016 16:02:37 +0530
-Subject: [PATCH] net: mcf: limit buffer descriptor count
-
-ColdFire Fast Ethernet Controller uses buffer descriptors to manage
-data flow to/fro receive & transmit queues. While transmitting
-packets, it could continue to read buffer descriptors if a buffer
-descriptor has length of zero and has crafted values in bd.flags.
-Set upper limit to number of buffer descriptors.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/mcf_fec.c |    5 +++--
- 1 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
-index 0ee8ad9..d31fea1 100644
---- a/hw/net/mcf_fec.c
-+++ b/hw/net/mcf_fec.c
-@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
- #define DPRINTF(fmt, ...) do {} while(0)
- #endif
- 
-+#define FEC_MAX_DESC 1024
- #define FEC_MAX_FRAME_SIZE 2032
- 
- typedef struct {
-@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
-     uint32_t addr;
-     mcf_fec_bd bd;
-     int frame_size;
--    int len;
-+    int len, descnt = 0;
-     uint8_t frame[FEC_MAX_FRAME_SIZE];
-     uint8_t *ptr;
- 
-@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
-     ptr = frame;
-     frame_size = 0;
-     addr = s->tx_descriptor;
--    while (1) {
-+    while (descnt++ < FEC_MAX_DESC) {
-         mcf_fec_read_bd(&bd, addr);
-         DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
-                 addr, bd.flags, bd.length, bd.data);
--- 
-1.7.0.4
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
deleted file mode 100644
index 8e6ecff..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-The AMD PC-Net II emulator has set of control and status(CSR)
-registers. Of these, CSR76 and CSR78 hold receive and transmit
-descriptor ring length respectively. This ring length could range
-from 1 to 65535. Setting ring length to zero leads to an infinite
-loop in pcnet_rdra_addr. Add check to avoid it.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/pcnet.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
-index 198a01f..3078de8 100644
---- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
-     case 47: /* POLLINT */
-     case 72:
-     case 74:
-+        break;
-     case 76: /* RCVRL */
-     case 78: /* XMTRL */
-+        val = (val > 0) ? val : 512;
-+        break;
-     case 112:
-        if (CSR_STOP(s) || CSR_SPND(s))
-            break;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
deleted file mode 100644
index 6fe77f3..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Li Qiang <address@hidden>
-
-In virtio gpu resource create dispatch, if the pixman format is zero
-it doesn't free the resource object allocated previously. Thus leading
-a host memory leak issue. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/display/virtio-gpu.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 7fe6ed8..5b6d17b 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
-         qemu_log_mask(LOG_GUEST_ERROR,
-                       "%s: host couldn't handle guest format %d\n",
-                       __func__, c2d.format);
-+        g_free(res);
-         cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
-         return;
-     }
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
deleted file mode 100644
index dce1b2b..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Li Qiang <address@hidden>
-
-While processing isochronous transfer descriptors(iTD), if the page
-select(PG) field value is out of bands it will return. In this
-situation the ehci's sg list doesn't be freed thus leading a memory
-leak issue. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/usb/hcd-ehci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index b093db7..f4ece9a 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
-             if (off + len > 4096) {
-                 /* transfer crosses page border */
-                 if (pg == 6) {
-+                    qemu_sglist_destroy(&ehci->isgl);
-                     return -1;  /* avoid page pg + 1 */
-                 }
-                 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
deleted file mode 100644
index 9617cd5..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <address@hidden>
-Date: Fri, 7 Oct 2016 10:15:29 +0200
-Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
-
-Signed-off-by: Gerd Hoffmann <address@hidden>
----
- hw/usb/hcd-xhci.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 726435c..ee4fa48 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -54,6 +54,8 @@
-  * to the specs when it gets them */
- #define ER_FULL_HACK
- 
-+#define TRB_LINK_LIMIT  4
-+
- #define LEN_CAP         0x40
- #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
- #define LEN_RUNTIME     ((MAXINTRS + 1) * 0x20)
-@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
-                                dma_addr_t *addr)
- {
-     PCIDevice *pci_dev = PCI_DEVICE(xhci);
-+    uint32_t link_cnt = 0;
- 
-     while (1) {
-         TRBType type;
-@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
-             ring->dequeue += TRB_SIZE;
-             return type;
-         } else {
-+            if (++link_cnt > TRB_LINK_LIMIT) {
-+                return 0;
-+            }
-             ring->dequeue = xhci_mask64(trb->parameter);
-             if (trb->control & TRB_LK_TC) {
-                 ring->ccs = !ring->ccs;
-@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
-     bool ccs = ring->ccs;
-     /* hack to bundle together the two/three TDs that make a setup transfer */
-     bool control_td_set = 0;
-+    uint32_t link_cnt = 0;
- 
-     while (1) {
-         TRBType type;
-@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
-         type = TRB_TYPE(trb);
- 
-         if (type == TR_LINK) {
-+            if (++link_cnt > TRB_LINK_LIMIT) {
-+                return -length;
-+            }
-             dequeue = xhci_mask64(trb.parameter);
-             if (trb.control & TRB_LK_TC) {
-                 ccs = !ccs;
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
deleted file mode 100644
index 8c29580..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Li Qiang <address@hidden>
-
-In 9pfs read dispatch function, it doesn't free two QEMUIOVector
-object thus causing potential memory leak. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/9pfs/9p.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 119ee58..543a791 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
-             if (len < 0) {
-                 /* IO error return the error */
-                 err = len;
--                goto out;
-+                goto out_free_iovec;
-             }
-         } while (count < max_count && len > 0);
-         err = pdu_marshal(pdu, offset, "d", count);
-         if (err < 0) {
--            goto out;
-+            goto out_free_iovec;
-         }
-         err += offset + count;
-+out_free_iovec:
-         qemu_iovec_destroy(&qiov);
-         qemu_iovec_destroy(&qiov_full);
-     } else if (fidp->fid_type == P9_FID_XATTR) {
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
deleted file mode 100644
index 74eee7e..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Mon, 17 Oct 2016 14:13:58 +0200
-Subject: [PATCH] 9pfs: allocate space for guest originated empty strings
-
-If a guest sends an empty string paramater to any 9P operation, the current
-code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
-
-This is unfortunate because it can cause NULL pointer dereference to happen
-at various locations in the 9pfs code. And we don't want to check str->data
-everywhere we pass it to strcmp() or any other function which expects a
-dereferenceable pointer.
-
-This patch enforces the allocation of genuine C empty strings instead, so
-callers don't have to bother.
-
-Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
-the returned string is empty. It now uses v9fs_string_size() since
-name.data cannot be NULL anymore.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-[groug, rewritten title and changelog,
- fix empty string check in v9fs_xattrwalk()]
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- fsdev/9p-iov-marshal.c | 2 +-
- hw/9pfs/9p.c           | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
-index 663cad5..1d16f8d 100644
---- a/fsdev/9p-iov-marshal.c
-+++ b/fsdev/9p-iov-marshal.c
-@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
-                 str->data = g_malloc(str->size + 1);
-                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
-                                      str->size);
--                if (copied > 0) {
-+                if (copied >= 0) {
-                     str->data[str->size] = 0;
-                 } else {
-                     v9fs_string_free(str);
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 119ee58..39a7e1d 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque)
-         goto out;
-     }
-     v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
--    if (name.data == NULL) {
-+    if (!v9fs_string_size(&name)) {
-         /*
-          * listxattr request. Get the size first
-          */
--- 
-2.7.3
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
deleted file mode 100644
index a27d3a6..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-Rocker network switch emulator has test registers to help debug
-DMA operations. While testing host DMA access, a buffer address
-is written to register 'TEST_DMA_ADDR' and its size is written to
-register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
-test, if DMA buffer size was greater than 'INT_MAX', it leads to
-an invalid buffer access. Limit the DMA buffer size to avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/rocker/rocker.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
-index 30f2ce4..e9d215a 100644
---- a/hw/net/rocker/rocker.c
-+++ b/hw/net/rocker/rocker.c
-@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
-         rocker_msix_irq(r, val);
-         break;
-     case ROCKER_TEST_DMA_SIZE:
--        r->test_dma_size = val;
-+        r->test_dma_size = val & 0xFFFF;
-         break;
-     case ROCKER_TEST_DMA_ADDR + 4:
-         r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
index 457f022..cea8efc 100644
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
@@ -1,3 +1,6 @@
+http://bugs.gentoo.org/597108
+https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
+
 From: Prasad J Pandit <address@hidden>
 
 The JAZZ RC4030 chipset emulator has a periodic timer and

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
deleted file mode 100644
index 23393b7..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-16550A UART device uses an oscillator to generate frequencies
-(baud base), which decide communication speed. This speed could
-be changed by dividing it by a divider. If the divider is
-greater than the baud base, speed is set to zero, leading to a
-divide by zero error. Add check to avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/char/serial.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-Update per
-  -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
-
-diff --git a/hw/char/serial.c b/hw/char/serial.c
-index 3442f47..eec72b7 100644
---- a/hw/char/serial.c
-+++ b/hw/char/serial.c
-@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
-     int speed, parity, data_bits, stop_bits, frame_size;
-     QEMUSerialSetParams ssp;
- 
--    if (s->divider == 0)
-+    if (s->divider == 0 || s->divider > s->baudbase) {
-         return;
-+    }
- 
-     /* Start bit. */
-     frame_size = 1;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
deleted file mode 100644
index ed6613f..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-Intel HDA emulator uses stream of buffers during DMA data
-transfers. Each entry has buffer length and buffer pointer
-position, which are used to derive bytes to 'copy'. If this
-length and buffer pointer were to be same, 'copy' could be
-set to zero(0), leading to an infinite loop. Add check to
-avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/audio/intel-hda.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
-index cd95340..537face 100644
---- a/hw/audio/intel-hda.c
-+++ b/hw/audio/intel-hda.c
-@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
-     }
- 
-     left = len;
--    while (left > 0) {
-+    s = st->bentries;
-+    while (left > 0 && s-- > 0) {
-         copy = left;
-         if (copy > st->bsize - st->lpib)
-             copy = st->bsize - st->lpib;
--- 
-2.7.4

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
deleted file mode 100644
index c93f796..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-RTL8139 ethernet controller in C+ mode supports multiple
-descriptor rings, each with maximum of 64 descriptors. While
-processing transmit descriptor ring in 'rtl8139_cplus_transmit',
-it does not limit the descriptor count and runs forever. Add
-check to avoid it.
-
-Reported-by: Andrew Henderson <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/rtl8139.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
-index 3345bc6..f05e59c 100644
---- a/hw/net/rtl8139.c
-+++ b/hw/net/rtl8139.c
-@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
- {
-     int txcount = 0;
- 
--    while (rtl8139_cplus_transmit_one(s))
-+    while (txcount < 64 && rtl8139_cplus_transmit_one(s))
-     {
-         ++txcount;
-     }
--- 
-2.7.4

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
deleted file mode 100644
index 963eca9..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From: Li Qiang <address@hidden>
-
-The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
-situation that this field has been allocated previously. Every time, it
-will be allocated directly. This leads a host memory leak issue. This
-patch fix this.
-
--- 
-1.8.3.1
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 75ba5f1..a4c7109 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
-     xattr_fidp->fs.xattr.flags = flags;
-     v9fs_string_init(&xattr_fidp->fs.xattr.name);
-     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
-+    g_free(xattr_fidp->fs.xattr.value);
-     xattr_fidp->fs.xattr.value = g_malloc(size);
-     err = offset;
-     put_fid(pdu, file_fidp);

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
deleted file mode 100644
index 7520863..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Author: Li Qiang <liqiang6-s@360.cn>
-Date:   Mon Oct 17 14:13:58 2016 +0200
-
-    9pfs: fix information leak in xattr read
-    
-    9pfs uses g_malloc() to allocate the xattr memory space, if the guest
-    reads this memory before writing to it, this will leak host heap memory
-    to the guest. This patch avoid this.
-    
-    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-    Reviewed-by: Greg Kurz <groug@kaod.org>
-    Signed-off-by: Greg Kurz <groug@kaod.org>
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 26aa7d5..bf23b01 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
-     xattr_fidp->fs.xattr.flags = flags;
-     v9fs_string_init(&xattr_fidp->fs.xattr.name);
-     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
-     g_free(xattr_fidp->fs.xattr.value);
--    xattr_fidp->fs.xattr.value = g_malloc(size);
-+    xattr_fidp->fs.xattr.value = g_malloc0(size);
-     err = offset;
-     put_fid(pdu, file_fidp);
- out_nofid:

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
deleted file mode 100644
index f1aec55..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Tue, 1 Nov 2016 12:00:40 +0100
-Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
-originated offset: they must ensure this offset does not go beyond
-the size of the extended attribute that was set in v9fs_xattrcreate().
-Unfortunately, the current code implement these checks with unsafe
-calculations on 32 and 64 bit values, which may allow a malicious
-guest to cause OOB access anyway.
-
-Fix this by comparing the offset and the xattr size, which are
-both uint64_t, before trying to compute the effective number of bytes
-to read or write.
-
-Suggested-by: Greg Kurz <groug@kaod.org>
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Greg Kurz <groug@kaod.org>
-Reviewed-By: Guido Günther <agx@sigxcpu.org>
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p.c | 32 ++++++++++++--------------------
- 1 file changed, 12 insertions(+), 20 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index ab18ef2..7705ead 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
- {
-     ssize_t err;
-     size_t offset = 7;
--    int read_count;
--    int64_t xattr_len;
-+    uint64_t read_count;
-     V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
-     VirtQueueElement *elem = v->elems[pdu->idx];
- 
--    xattr_len = fidp->fs.xattr.len;
--    read_count = xattr_len - off;
-+    if (fidp->fs.xattr.len < off) {
-+        read_count = 0;
-+    } else {
-+        read_count = fidp->fs.xattr.len - off;
-+    }
-     if (read_count > max_count) {
-         read_count = max_count;
--    } else if (read_count < 0) {
--        /*
--         * read beyond XATTR value
--         */
--        read_count = 0;
-     }
-     err = pdu_marshal(pdu, offset, "d", read_count);
-     if (err < 0) {
-@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
- {
-     int i, to_copy;
-     ssize_t err = 0;
--    int write_count;
--    int64_t xattr_len;
-+    uint64_t write_count;
-     size_t offset = 7;
- 
- 
--    xattr_len = fidp->fs.xattr.len;
--    write_count = xattr_len - off;
--    if (write_count > count) {
--        write_count = count;
--    } else if (write_count < 0) {
--        /*
--         * write beyond XATTR value len specified in
--         * xattrcreate
--         */
-+    if (fidp->fs.xattr.len < off) {
-         err = -ENOSPC;
-         goto out;
-     }
-+    write_count = fidp->fs.xattr.len - off;
-+    if (write_count > count) {
-+        write_count = count;
-+    }
-     err = pdu_marshal(pdu, offset, "d", write_count);
-     if (err < 0) {
-         return err;
--- 
-2.7.3
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
deleted file mode 100644
index cddff97..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Li Qiang <address@hidden>
-
-In v9fs_link dispatch function, it doesn't put the 'oldfidp'
-fid object, this will make the 'oldfidp->ref' never reach to 0,
-thus leading a memory leak issue. This patch fix this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/9pfs/9p.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 8b50bfb..29f8b7a 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque)
-     if (!err) {
-         err = offset;
-     }
-+    put_fid(pdu, oldfidp);
- out:
-     put_fid(pdu, dfidp);
- out_nofid:
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
deleted file mode 100644
index 137272d..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Author: Li Qiang <liqiang6-s@360.cn>
-Date:   Mon Oct 17 14:13:58 2016 +0200
-
-    9pfs: fix memory leak in v9fs_write
-    
-    If an error occurs when marshalling the transfer length to the guest, the
-    v9fs_write() function doesn't free an IO vector, thus leading to a memory
-    leak. This patch fixes the issue.
-    
-    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-    Reviewed-by: Greg Kurz <groug@kaod.org>
-    [groug, rephrased the changelog]
-    Signed-off-by: Greg Kurz <groug@kaod.org>
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index d43a552..e88cf25 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque)
-     offset = 7;
-     err = pdu_marshal(pdu, offset, "d", total);
-     if (err < 0) {
--        goto out;
-+        goto out_qiov;
-     }
-     err += offset;
-

diff --git a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
deleted file mode 100644
index d090323..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -Naur qemu-2.7.0.orig/configure qemu-2.7.0/configure
---- qemu-2.7.0.orig/configure	2016-09-05 18:30:41.722529882 -0700
-+++ qemu-2.7.0/configure	2016-09-05 18:32:22.473649654 -0700
-@@ -1805,7 +1805,8 @@
- EOF
-   if compile_object "" ; then
-       if has readelf; then
--          if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
-+          if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" &&
-+             ldd $TMPO >dev/null 2>&1; then
-               avx2_opt="yes"
-           fi
-       fi

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
new file mode 100644
index 0000000..c486295
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
@@ -0,0 +1,46 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++    timer_del(d->timer);
++    timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+     .wdt_name = "i6300esb",
+     .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+     k->config_read = i6300esb_config_read;
+     k->config_write = i6300esb_config_write;
+     k->realize = i6300esb_realize;
++    k->exit = i6300esb_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+     k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
new file mode 100644
index 0000000..f0bba80
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
@@ -0,0 +1,48 @@
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409..16f27e8 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
new file mode 100644
index 0000000..24411b4
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
@@ -0,0 +1,52 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+     ac97_on_reset (&s->dev.qdev);
+ }
+ 
++static void ac97_exit(PCIDevice *dev)
++{
++    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++    AUD_close_in(&s->card, s->voice_pi);
++    AUD_close_out(&s->card, s->voice_po);
++    AUD_close_in(&s->card, s->voice_mc);
++    AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = ac97_realize;
++    k->exit = ac97_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+     k->revision = 0x01;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
new file mode 100644
index 0000000..6bbac58
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
@@ -0,0 +1,55 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+     es1370_reset (s);
+ }
+ 
++static void es1370_exit(PCIDevice *dev)
++{
++    ES1370State *s = ES1370(dev);
++    int i;
++
++    for (i = 0; i < 2; ++i) {
++        AUD_close_out(&s->card, s->dac_voice[i]);
++    }
++
++    AUD_close_in(&s->card, s->adc_voice);
++    AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = es1370_realize;
++    k->exit = es1370_exit;
+     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
new file mode 100644
index 0000000..9475f3f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
@@ -0,0 +1,41 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
+-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
+-                                       res_iovs, att_rb.nr_entries);
++    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++                                             res_iovs, att_rb.nr_entries);
++
++    if (ret != 0)
++        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+ 
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
new file mode 100644
index 0000000..f93d1e7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
@@ -0,0 +1,35 @@
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258..ca88cf4 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
new file mode 100644
index 0000000..e4572a8
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
@@ -0,0 +1,40 @@
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8..67b18ed 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
new file mode 100644
index 0000000..93e9c94
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
@@ -0,0 +1,37 @@
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf22..5bd5ab6 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+                 boundary_count -= block_size - begin;
+             }
+             dma_memory_read(&address_space_memory, s->sdmasysad,
+-                            &s->fifo_buffer[begin], s->data_count);
++                            &s->fifo_buffer[begin], s->data_count - begin);
+             s->sdmasysad += s->data_count - begin;
+             if (s->data_count == block_size) {
+                 for (n = 0; n < block_size; n++) {
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
new file mode 100644
index 0000000..2ebd49f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
@@ -0,0 +1,64 @@
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
new file mode 100644
index 0000000..664a669
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
@@ -0,0 +1,38 @@
+When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
+backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
+we'll leak memory.
+
+This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
+"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
+
+Reported-by: 李强 <address@hidden>
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index f96a0c2..ecb09d1 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
+                                      struct virtio_gpu_ctrl_command *cmd)
+ {
+     struct virtio_gpu_resource_unref unref;
++    struct iovec *res_iovs = NULL;
++    int num_iovs = 0;
+ 
+     VIRTIO_GPU_FILL_CMD(unref);
+     trace_virtio_gpu_cmd_res_unref(unref.resource_id);
+ 
++    virgl_renderer_resource_detach_iov(unref.resource_id,
++                                       &res_iovs,
++                                       &num_iovs);
++    if (res_iovs != NULL && num_iovs != 0) {
++        virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
++    }
+     virgl_renderer_resource_unref(unref.resource_id);
+ }
+ 
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
new file mode 100644
index 0000000..9f94477
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
@@ -0,0 +1,35 @@
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b6..1325ea1 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+                 recv->hdr.bSeq, len);
+     ccid_add_pending_answer(s, (CCID_Header *)recv);
+-    if (s->card) {
++    if (s->card && len <= BULK_OUT_DATA_SIZE) {
+         ccid_card_apdu_from_guest(s->card, recv->abData, len);
+     } else {
+         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
new file mode 100644
index 0000000..f24d557
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
@@ -0,0 +1,46 @@
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e..c23e1ad 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+ 
+-    size_t max_len, curr_size = 0;
++    uint64_t max_len, curr_size = 0;
+     size_t s;
+ 
+     /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
+-    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+         return NULL;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index d036967..1866d8a 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -42,7 +42,6 @@
 		<flag name="png">Enable png image support for the VNC console server</flag>
 		<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
 		<flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
-		<flag name="uuid">Enable UUID support in the vdi block driver</flag>
 		<flag name="vde">Enable VDE-based networking</flag>
 		<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
 		<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>

diff --git a/app-emulation/qemu/qemu-2.7.0-r7.ebuild b/app-emulation/qemu/qemu-2.7.0-r7.ebuild
deleted file mode 100644
index e77efc8..0000000
--- a/app-emulation/qemu/qemu-2.7.0-r7.ebuild
+++ /dev/null
@@ -1,713 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gles2,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.8.2
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-
-	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
-	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
-	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
-	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
-	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
-	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
-	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
-	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
-	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
-	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
-	epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch   # bug 596048
-	epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch   # bug 596049
-	epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch   # bug 596048
-	epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
-	epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
-	epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch   # bug 596752
-	epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch   # bug 596776
-	epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch   # bug 596774
-	epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch   # bug 597110
-	epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
-	epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
-	epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch   # bug 598044
-	epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch   # bug 598046
-	epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch   # bug 598328
-	epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch   # bug 598328
-	epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch   # bug 598328
-	epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch   # bug 598328
-	epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch   # bug 598772
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu uuid)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			$(use_enable bzip2)
-		)
-		static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.7.1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
similarity index 92%
rename from app-emulation/qemu/qemu-2.7.1.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r1.ebuild
index 49087c8..006c657 100644
--- a/app-emulation/qemu/qemu-2.7.1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="5"
@@ -30,13 +30,13 @@ gnutls gtk gtk2 infiniband iscsi +jpeg \
 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
 +png pulseaudio python \
 rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+static-user systemtap tci test +threads usb usbredir vde +vhost-net \
 virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
 IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
 
 use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
@@ -107,7 +107,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 		virtual/opengl
 		media-libs/libepoxy[static-libs(+)]
 		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gles2,gbm]
+		media-libs/mesa[egl,gbm]
 	)
 	png? ( media-libs/libpng:0=[static-libs(+)] )
 	pulseaudio? ( media-sound/pulseaudio )
@@ -133,7 +133,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
 	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
 	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
 	vde? ( net-misc/vde[static-libs(+)] )
 	virgl? ( media-libs/virglrenderer[static-libs(+)] )
 	virtfs? ( sys-libs/libcap )
@@ -142,7 +141,7 @@ USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
 X86_FIRMWARE_DEPEND="
 	>=sys-firmware/ipxe-1.0.0_p20130624
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.8.2
+		~sys-firmware/seabios-1.10.1
 		~sys-firmware/sgabios-0.1_pre8
 		~sys-firmware/vgabios-0.7a
 	)
@@ -332,35 +331,28 @@ src_prepare() {
 		Makefile Makefile.target || die
 
 	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
+	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
 	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
 	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
 
 	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-6836.patch   #591242
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7156.patch   #593036
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7170.patch   #593284
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7422.patch   #593956
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7466.patch   #594520
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7907.patch   #596048
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7908.patch   #596049
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7909.patch   #596048
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-1.patch #596738
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-2.patch #596738
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8576.patch   #596752
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8577.patch   #596776
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8578.patch   #596774
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8668.patch   #597110
 	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-2.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8909.patch   #598044
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9102.patch   #598328
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9103.patch   #598328
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9104.patch   #598328
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9105.patch   #598328
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9106.patch   #598772
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch   #607766
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
@@ -453,7 +445,6 @@ qemu_src_configure() {
 		$(conf_softmmu ssh libssh2)
 		$(conf_softmmu usb libusb)
 		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu uuid)
 		$(conf_softmmu vde)
 		$(conf_softmmu vhost-net)
 		$(conf_softmmu virgl virglrenderer)

diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
index 4020d7c..2922f9d 100644
--- a/app-emulation/qemu/qemu-2.8.0.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="5"
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -30,7 +30,7 @@ gnutls gtk gtk2 infiniband iscsi +jpeg \
 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
 +png pulseaudio python \
 rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+static-user systemtap tci test +threads usb usbredir vde +vhost-net \
 virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
@@ -107,7 +107,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 		virtual/opengl
 		media-libs/libepoxy[static-libs(+)]
 		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gles2,gbm]
+		media-libs/mesa[egl,gbm]
 	)
 	png? ( media-libs/libpng:0=[static-libs(+)] )
 	pulseaudio? ( media-sound/pulseaudio )
@@ -133,7 +133,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
 	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
 	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
 	vde? ( net-misc/vde[static-libs(+)] )
 	virgl? ( media-libs/virglrenderer[static-libs(+)] )
 	virtfs? ( sys-libs/libcap )
@@ -434,7 +433,6 @@ qemu_src_configure() {
 		$(conf_softmmu ssh libssh2)
 		$(conf_softmmu usb libusb)
 		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu uuid)
 		$(conf_softmmu vde)
 		$(conf_softmmu vhost-net)
 		$(conf_softmmu virgl virglrenderer)


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-02-13 20:04 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-02-13 20:04 UTC (permalink / raw
  To: gentoo-commits

commit:     4986e583ef659690cfa69d7fdff56b5e5ad5c352
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Feb 13 20:04:11 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Feb 13 20:04:11 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=4986e583

app-emulation/qemu: version bump to 2.8.0-r2

 app-emulation/qemu/Manifest                                       | 4 +++-
 app-emulation/qemu/files/65-kvm.rules-r1                          | 2 ++
 app-emulation/qemu/qemu-2.8.0-r1.ebuild                           | 2 +-
 app-emulation/qemu/{qemu-2.8.0-r1.ebuild => qemu-2.8.0-r2.ebuild} | 7 +++++--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 0acf0b7..db61483 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,5 @@
 AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
+AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
 AUX qemu-2.2.0-_sigev_un.patch 636 SHA256 f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512 f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb WHIRLPOOL 9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
@@ -23,6 +24,7 @@ AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.8.0-r1.ebuild 21623 SHA256 6e5cf2427f830d730b93ef0526ceaf126af7513ed011d7ee3cf192ba7687e837 SHA512 03f49ad75e1fb4f43811624d7b8cd6b82a012b6a32f74f371421d246962cea88d2a498a664b659bbe1bda6cff9a9da43e550e7d4c71a55a5a2110a4b5b8c7462 WHIRLPOOL 06a247c8306de45b424266661797b4a64339daf4b8177c9eefb707bab06d497cb5410c59c9a89b0693cb14fd5ac293b537e81cf3da24b2be711d9db8fa3a0a9d
+EBUILD qemu-2.8.0-r1.ebuild 21622 SHA256 2f4029d16bcac486bbf4fd39ba15506084f6ef0f7e47910b3b6ab5d862041476 SHA512 3c77cdac3ee4417e7b0d1c4c0598372a1da889349148e2efca668a030df1f5e9a69ae6055f12234f7f4e21475b1d44f41170bfccb420fb5a5860172f945740e7 WHIRLPOOL 2e61f6fb672dbb8006ab51ff61754518592b1f5e32678c4789d9339d74d0acc182e45d4a54aaf2b36e52dfdf1a305c09e4c92a5c20c06cf52bd239ebac862e46
+EBUILD qemu-2.8.0-r2.ebuild 21674 SHA256 79e8b82d2901cf9d0e8c9c78c9a261e4a8d95407f81b02986a06fe454390b6b2 SHA512 5e9b760db15db8bfb7cfb14dd8c2957978f15fe143cdd3b80fdc0bae8f9a926c99fb9dfc824679fd340c094f84ff73def9985f17a1bdcaa6d7f826e896670401 WHIRLPOOL 07a84b97c865c11dfe7d763d4ca08afe02b6afcac28872c4bfffb3808d91bbb618d74963ded9d6ffe84bee077b2f0941ac5a93b4482838a1b38e7935ff59e567
 EBUILD qemu-2.8.0.ebuild 20856 SHA256 5cf0517d3327eac95727067f80702639132b87603029951ef2db8086f6fd34ae SHA512 10bcdad90a85786f0d2e4044be010e5d87f54fd0710c889205060e1404e5a24004e0095d7d3ee0f62735e3ab88d2af5986d371769125b13ffc5689edc5a95be8 WHIRLPOOL af455544650a9c0cb4bc2be588e3687dea90d14bbc3dad1aa76bcf65376317b85374151eee761239868b3ce8aaae089e4278b3897e5f013e4652c6801c66c9b6
 MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1

diff --git a/app-emulation/qemu/files/65-kvm.rules-r1 b/app-emulation/qemu/files/65-kvm.rules-r1
new file mode 100644
index 0000000..ab3776a
--- /dev/null
+++ b/app-emulation/qemu/files/65-kvm.rules-r1
@@ -0,0 +1,2 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
index 006c657..16dd327 100644
--- a/app-emulation/qemu/qemu-2.8.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r2.ebuild
similarity index 99%
copy from app-emulation/qemu/qemu-2.8.0-r1.ebuild
copy to app-emulation/qemu/qemu-2.8.0-r2.ebuild
index 006c657..28498f6 100644
--- a/app-emulation/qemu/qemu-2.8.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r2.ebuild
@@ -100,7 +100,10 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	iscsi? ( net-libs/libiscsi )
 	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
 	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
 	numa? ( sys-process/numactl[static-libs(+)] )
 	opengl? (
@@ -598,7 +601,7 @@ src_install() {
 		[[ -e check-report.html ]] && dohtml check-report.html
 
 		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
 		fi
 
 		if use python; then


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-02-21 18:20 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-02-21 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     8ebff45190124dc7b8430fe4248ae40549aab9b9
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Feb 21 18:19:58 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Feb 21 18:19:58 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=8ebff451

app-emulation/qemu: version bump to 2.8.0-r3

drop 2.8.0 and 2.8.0-r2: no longer in tree.

 app-emulation/qemu/Manifest                        |  10 +-
 .../qemu/files/qemu-2.8.0-CVE-2017-2620.patch      |  56 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-2630.patch      |  22 +
 .../qemu/files/qemu-2.8.0-CVE-2017-5973.patch      |  87 +++
 .../qemu/files/qemu-2.8.0-CVE-2017-5987.patch      |  50 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-6058.patch      | 112 ++++
 app-emulation/qemu/qemu-2.8.0-r1.ebuild            |   2 +-
 .../{qemu-2.8.0-r2.ebuild => qemu-2.8.0-r3.ebuild} |   5 +
 app-emulation/qemu/qemu-2.8.0.ebuild               | 684 ---------------------
 9 files changed, 340 insertions(+), 688 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index db61483..45b7c89 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -11,6 +11,8 @@ AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d
 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
 AUX qemu-2.8.0-CVE-2017-2615.patch 1720 SHA256 33f3f81ff8e5dacfc4f33dd48bd7833843c209f6d2bd5b3102cc5694ad85a593 SHA512 32063428286a49a12daa481ba87f1b09be6504bf24c5759aacf88ef436312a890dfe44d08457d8b426f86ce7680700d32fb21a255a6db8eb512e612c16770d36 WHIRLPOOL 9f1eed6c6c3eeb1e8991d1aa82e12a004c223bdd635ec48e433ca93d054aa3dfb5986fe01e36df157ef20c685e07595eebdf5fe16ed7cf9034e1c9ddf8304dbb
+AUX qemu-2.8.0-CVE-2017-2620.patch 1879 SHA256 dc898ad08d83b5a904a68513784ec009d4e19373ec9170e58d0695cf733b1bbd SHA512 4c0cba0b7abf4923f8c4720ffe8aad98cf8a4cddfa9fdf1418a5895f107bd186599f4d8a87290e9459a425e4ac464663a6d500bf016f459cb81dbd7fbc8121cb WHIRLPOOL 8c2cb5c6a8cee9c1d44fe0e03b3f8f56de4f8a8515acdda4458610f543f2e2cf6bac2161b9a8128e3aaf0c65716d5a85a9caf7041fdc05ab7e222c87568a4d68
+AUX qemu-2.8.0-CVE-2017-2630.patch 681 SHA256 72c675456d02f188b1ccc680fb237900d32d315272d1b3b6c3caad08bc8130e2 SHA512 1dc5006455a06a83799094afab1ec4f2f3808174530f71d234d165275af3b11160bcf6c041c8e9e3138de7bd6ec4b7810b4532c496c018f0aa71716f2d437faa WHIRLPOOL 27c7835c00f5ad368921ae8c2251cc3eaef3f018242c42517f03102129368f85b99b144f4a3eb53e546352965e6a7f031f7545237e5334ee524059d461d29a8f
 AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
 AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
 AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
@@ -21,10 +23,12 @@ AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da93
 AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
 AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
 AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580e34b88c11716e62fad69931eb3d7ac6 SHA512 5b9a00f0964b153df7630655480b646e6615e831fd981642987d8691e9ddd265f64285d0e70c4f536bb370adb03a75548f7258bee8dbc2b7de15a3984fc8421b WHIRLPOOL c6d9440adf57ad1b560da03a455d9bdc3094c952f3c82a5e88fa6f2d0336ab767f0617b2916b68a5e3f5d30293749be40c12dfe93e8b7525fec9b8a453a65123
+AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
+AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
+AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7966 SHA256 5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512 2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8 WHIRLPOOL a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
-EBUILD qemu-2.8.0-r1.ebuild 21622 SHA256 2f4029d16bcac486bbf4fd39ba15506084f6ef0f7e47910b3b6ab5d862041476 SHA512 3c77cdac3ee4417e7b0d1c4c0598372a1da889349148e2efca668a030df1f5e9a69ae6055f12234f7f4e21475b1d44f41170bfccb420fb5a5860172f945740e7 WHIRLPOOL 2e61f6fb672dbb8006ab51ff61754518592b1f5e32678c4789d9339d74d0acc182e45d4a54aaf2b36e52dfdf1a305c09e4c92a5c20c06cf52bd239ebac862e46
-EBUILD qemu-2.8.0-r2.ebuild 21674 SHA256 79e8b82d2901cf9d0e8c9c78c9a261e4a8d95407f81b02986a06fe454390b6b2 SHA512 5e9b760db15db8bfb7cfb14dd8c2957978f15fe143cdd3b80fdc0bae8f9a926c99fb9dfc824679fd340c094f84ff73def9985f17a1bdcaa6d7f826e896670401 WHIRLPOOL 07a84b97c865c11dfe7d763d4ca08afe02b6afcac28872c4bfffb3808d91bbb618d74963ded9d6ffe84bee077b2f0941ac5a93b4482838a1b38e7935ff59e567
-EBUILD qemu-2.8.0.ebuild 20856 SHA256 5cf0517d3327eac95727067f80702639132b87603029951ef2db8086f6fd34ae SHA512 10bcdad90a85786f0d2e4044be010e5d87f54fd0710c889205060e1404e5a24004e0095d7d3ee0f62735e3ab88d2af5986d371769125b13ffc5689edc5a95be8 WHIRLPOOL af455544650a9c0cb4bc2be588e3687dea90d14bbc3dad1aa76bcf65376317b85374151eee761239868b3ce8aaae089e4278b3897e5f013e4652c6801c66c9b6
+EBUILD qemu-2.8.0-r1.ebuild 21621 SHA256 bcf039d34f9bd43b288fd33c38233f115b6b8750989374bc656d6f950358c11a SHA512 d9e718720a4800995919d18b79c735fc7b46d569d4cb82bbe90ae3580eafa8e4e976ab4e34b72ff4a8823c6242cf767c876eecaa46af5d24a6a81918351c376c WHIRLPOOL 9c78a214862bb134df1183bc19cd8eb15cceb0ed7253bc584fc1ce5061e3c33a2c744f5e9175654f182621e410c2302a23a66f393e2e58c0717eff7e212548a8
+EBUILD qemu-2.8.0-r3.ebuild 21994 SHA256 8dd08d6fec72d5665c7e20e1af43d2cf3b40c58fcd37e8334f5bfa032d3e9e14 SHA512 511f271f23fbeb956b9fd67449479119111b50da36687bacee1a3ccf5dee91d4bcfc04349b05845f1c4e528cc7390243a98ba4c76d0b9c51b18e34febbd5e618 WHIRLPOOL c48f0cdb6ca1c13c7c41a949191fd82bb89154c352c8839776096eb9c1273136bbce62b0e2f852ab9f463fa7298804f03dba361bd7fd10dde96c969f53d8a53b
 MISC metadata.xml 3854 SHA256 326fc14b3867842cc40bc364d91e2ca60ca63651e4a17040254166fa09cec04a SHA512 2e3bbdf84b7b03aedc43621b47e02b8da242fda917dcdf4b2d7532210aaa79c6fbea52a6b8157cdf90cd1e4e282610c0254b96a7a14b285e910d61203acd6461 WHIRLPOOL 539ca48b54055e594e16b76341879540d4f302d502c39d1901ed4fd7cc80b186ba29845759d02c60bf4560b8b14ec4fa40869d341e432a025dc792fb38f8eae1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
new file mode 100644
index 0000000..e2a9801
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
@@ -0,0 +1,56 @@
+From: Gerd Hoffmann <kraxel@redhat.com>
+Subject: [PATCH 3/3] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
+
+CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
+and blit width, at all.  Oops.  Fix it.
+
+Security impact: high.
+
+The missing blit destination check allows to write to host memory.
+Basically same as CVE-2014-8106 for the other blit variants.
+
+The missing blit width check allows to overflow cirrus_bltbuf,
+with the attractive target cirrus_srcptr (current cirrus_bltbuf write
+position) being located right after cirrus_bltbuf in CirrusVGAState.
+
+Due to cirrus emulation writing cirrus_bltbuf bytewise the attacker
+hasn't full control over cirrus_srcptr though, only one byte can be
+changed.  Once the first byte has been modified further writes land
+elsewhere.
+
+[ This is CVE-2017-2620 / XSA-209  - Ian Jackson ]
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/cirrus_vga.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 0e47cf8..a093dc8 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -899,6 +899,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
+ {
+     int w;
+ 
++    if (blit_is_unsafe(s)) {
++        return 0;
++    }
++
+     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
+     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
+     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
+@@ -924,6 +928,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
+ 	}
+         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
+     }
++
++    /* the blit_is_unsafe call above should catch this */
++    assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
++
+     s->cirrus_srcptr = s->cirrus_bltbuf;
+     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
+     cirrus_update_memory_access(s);
+-- 
+1.8.3.1
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
new file mode 100644
index 0000000..034b322
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
@@ -0,0 +1,22 @@
+Comparison symbol is misused. It may lead to memory corruption.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
+---
+ nbd/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nbd/client.c b/nbd/client.c
+index 6caf6bda6d..351731bc63 100644
+--- a/nbd/client.c
++++ b/nbd/client.c
+@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
+     char small[1024];
+     char *buffer;
+ 
+-    buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
++    buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size));
+     while (size > 0) {
+         ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
+ 
+-- 
+2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
new file mode 100644
index 0000000..50ff3c9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
@@ -0,0 +1,87 @@
+Limits should be big enough that normal guest should not hit it.
+Add a tracepoint to log them, just in case.  Also, while being
+at it, log the existing link trb limit too.
+
+Reported-by: 李强 <address@hidden>
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/usb/hcd-xhci.c   | 15 ++++++++++++++-
+ hw/usb/trace-events |  1 +
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index fbf8a8b..28dd2f2 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -51,6 +51,8 @@
+ #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
+ 
+ #define TRB_LINK_LIMIT  4
++#define COMMAND_LIMIT   256
++#define TRANSFER_LIMIT  256
+ 
+ #define LEN_CAP         0x40
+ #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
+@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
+             return type;
+         } else {
+             if (++link_cnt > TRB_LINK_LIMIT) {
++                trace_usb_xhci_enforced_limit("trb-link");
+                 return 0;
+             }
+             ring->dequeue = xhci_mask64(trb->parameter);
+@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
+     XHCIRing *ring;
+     USBEndpoint *ep = NULL;
+     uint64_t mfindex;
++    unsigned int count = 0;
+     int length;
+     int i;
+ 
+@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
+             epctx->retry = xfer;
+             break;
+         }
++        if (count++ > TRANSFER_LIMIT) {
++            trace_usb_xhci_enforced_limit("transfers");
++            break;
++        }
+     }
+     epctx->kick_active--;
+ 
+@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
+     TRBType type;
+     XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
+     dma_addr_t addr;
+-    unsigned int i, slotid = 0;
++    unsigned int i, slotid = 0, count = 0;
+ 
+     DPRINTF("xhci_process_commands()\n");
+     if (!xhci_running(xhci)) {
+@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
+         }
+         event.slotid = slotid;
+         xhci_event(xhci, &event, 0);
++
++        if (count++ > COMMAND_LIMIT) {
++            trace_usb_xhci_enforced_limit("commands");
++            return;
++        }
+     }
+ }
+ 
+diff --git a/hw/usb/trace-events b/hw/usb/trace-events
+index fdd1d29..0c323d4 100644
+--- a/hw/usb/trace-events
++++ b/hw/usb/trace-events
+@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
+ usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
+ usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
+ usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
++usb_xhci_enforced_limit(const char *item) "%s"
+ 
+ # hw/usb/desc.c
+ usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
+-- 
+1.8.3.1
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
new file mode 100644
index 0000000..bfde2e9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
@@ -0,0 +1,50 @@
+From: Prasad J Pandit <address@hidden>
+
+In the SDHCI protocol, the transfer mode register value
+is used during multi block transfer to check if block count
+register is enabled and should be updated. Transfer mode
+register could be set such that, block count register would
+not be updated, thus leading to an infinite loop. Add check
+to avoid it.
+
+Reported-by: Wjjzhang <address@hidden>
+Reported-by: Jiang Xin <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/sd/sdhci.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+Update: use qemu_log_mask(LOG_UNIMP, ...)
+  -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 5bd5ab6..a9c744b 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+     uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
+     uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+ 
++    if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
++        qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
++        return;
++    }
++
+     /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+      * possible stop at page boundary if initial address is not page aligned,
+      * allow them to work properly */
+@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
+     if (s->trnmod & SDHC_TRNS_DMA) {
+         switch (SDHC_DMA_TYPE(s->hostctl)) {
+         case SDHC_CTRL_SDMA:
+-            if ((s->trnmod & SDHC_TRNS_MULTI) &&
+-                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
+-                break;
+-            }
+-
+             if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
+                 sdhci_sdma_transfer_single_block(s);
+             } else {
+-- 
+2.9.3
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
new file mode 100644
index 0000000..666c18c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
@@ -0,0 +1,112 @@
+This patch fixed a problem that was introduced in commit eb700029.
+
+When net_rx_pkt_attach_iovec() calls eth_strip_vlan()
+this can result in pkt->ehdr_buf being overflowed, because
+ehdr_buf is only sizeof(struct eth_header) bytes large
+but eth_strip_vlan() can write
+sizeof(struct eth_header) + sizeof(struct vlan_header)
+bytes into it.
+
+Devices affected by this problem: vmxnet3.
+
+Reported-by: Peter Maydell <address@hidden>
+Signed-off-by: Dmitry Fleytman <address@hidden>
+---
+ hw/net/net_rx_pkt.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/hw/net/net_rx_pkt.c b/hw/net/net_rx_pkt.c
+index 1019b50..7c0beac 100644
+--- a/hw/net/net_rx_pkt.c
++++ b/hw/net/net_rx_pkt.c
+@@ -23,13 +23,13 @@
+ 
+ struct NetRxPkt {
+     struct virtio_net_hdr virt_hdr;
+-    uint8_t ehdr_buf[sizeof(struct eth_header)];
++    uint8_t ehdr_buf[sizeof(struct eth_header) + sizeof(struct vlan_header)];
+     struct iovec *vec;
+     uint16_t vec_len_total;
+     uint16_t vec_len;
+     uint32_t tot_len;
+     uint16_t tci;
+-    bool vlan_stripped;
++    size_t ehdr_buf_len;
+     bool has_virt_hdr;
+     eth_pkt_types_e packet_type;
+ 
+@@ -88,15 +88,13 @@ net_rx_pkt_pull_data(struct NetRxPkt *pkt,
+                         const struct iovec *iov, int iovcnt,
+                         size_t ploff)
+ {
+-    if (pkt->vlan_stripped) {
++    if (pkt->ehdr_buf_len) {
+         net_rx_pkt_iovec_realloc(pkt, iovcnt + 1);
+ 
+         pkt->vec[0].iov_base = pkt->ehdr_buf;
+-        pkt->vec[0].iov_len = sizeof(pkt->ehdr_buf);
+-
+-        pkt->tot_len =
+-            iov_size(iov, iovcnt) - ploff + sizeof(struct eth_header);
++        pkt->vec[0].iov_len = pkt->ehdr_buf_len;
+ 
++        pkt->tot_len = iov_size(iov, iovcnt) - ploff + pkt->ehdr_buf_len;
+         pkt->vec_len = iov_copy(pkt->vec + 1, pkt->vec_len_total - 1,
+                                 iov, iovcnt, ploff, pkt->tot_len);
+     } else {
+@@ -123,11 +121,12 @@ void net_rx_pkt_attach_iovec(struct NetRxPkt *pkt,
+     uint16_t tci = 0;
+     uint16_t ploff = iovoff;
+     assert(pkt);
+-    pkt->vlan_stripped = false;
+ 
+     if (strip_vlan) {
+-        pkt->vlan_stripped = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
+-                                            &ploff, &tci);
++        pkt->ehdr_buf_len = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
++                                           &ploff, &tci);
++    } else {
++        pkt->ehdr_buf_len = 0;
+     }
+ 
+     pkt->tci = tci;
+@@ -143,12 +142,13 @@ void net_rx_pkt_attach_iovec_ex(struct NetRxPkt *pkt,
+     uint16_t tci = 0;
+     uint16_t ploff = iovoff;
+     assert(pkt);
+-    pkt->vlan_stripped = false;
+ 
+     if (strip_vlan) {
+-        pkt->vlan_stripped = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
+-                                               pkt->ehdr_buf,
+-                                               &ploff, &tci);
++        pkt->ehdr_buf_len = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
++                                              pkt->ehdr_buf,
++                                              &ploff, &tci);
++    } else {
++        pkt->ehdr_buf_len = 0;
+     }
+ 
+     pkt->tci = tci;
+@@ -162,8 +162,8 @@ void net_rx_pkt_dump(struct NetRxPkt *pkt)
+     NetRxPkt *pkt = (NetRxPkt *)pkt;
+     assert(pkt);
+ 
+-    printf("RX PKT: tot_len: %d, vlan_stripped: %d, vlan_tag: %d\n",
+-              pkt->tot_len, pkt->vlan_stripped, pkt->tci);
++    printf("RX PKT: tot_len: %d, ehdr_buf_len: %lu, vlan_tag: %d\n",
++              pkt->tot_len, pkt->ehdr_buf_len, pkt->tci);
+ #endif
+ }
+ 
+@@ -426,7 +426,7 @@ bool net_rx_pkt_is_vlan_stripped(struct NetRxPkt *pkt)
+ {
+     assert(pkt);
+ 
+-    return pkt->vlan_stripped;
++    return pkt->ehdr_buf_len ? true : false;
+ }
+ 
+ bool net_rx_pkt_has_virt_hdr(struct NetRxPkt *pkt)
+-- 
+2.7.4

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
index 16dd327..220ad6f 100644
--- a/app-emulation/qemu/qemu-2.8.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"

diff --git a/app-emulation/qemu/qemu-2.8.0-r2.ebuild b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.8.0-r2.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r3.ebuild
index 28498f6..6feffe0 100644
--- a/app-emulation/qemu/qemu-2.8.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r3.ebuild
@@ -346,6 +346,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2630.patch   #609396
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
@@ -356,6 +357,10 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
 	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY

diff --git a/app-emulation/qemu/qemu-2.8.0.ebuild b/app-emulation/qemu/qemu-2.8.0.ebuild
deleted file mode 100644
index 2922f9d..0000000
--- a/app-emulation/qemu/qemu-2.8.0.ebuild
+++ /dev/null
@@ -1,684 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	# Patching for musl
-	epatch "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	epatch "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
-	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			$(use_enable bzip2)
-		)
-		static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-03-27 16:18 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-03-27 16:18 UTC (permalink / raw
  To: gentoo-commits

commit:     c42fdfd7bcf6b7926612c3ba4c27db0a09a963ca
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Mar 27 16:18:24 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Mar 27 16:18:24 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=c42fdfd7

app-emulation/qemu: version bump to 2.8.0-r9

 app-emulation/qemu/Manifest                        |  4 +-
 .../qemu/files/qemu-2.8.0-CVE-2017-6505.patch      | 52 ++++++++++++++++++++++
 .../{qemu-2.8.0-r7.ebuild => qemu-2.8.0-r9.ebuild} | 11 ++++-
 3 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index b0fc844..3e953ef 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -25,11 +25,13 @@ AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580
 AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
 AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
 AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
+AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
+DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 EBUILD qemu-2.8.0-r3.ebuild 21992 SHA256 a2c7a92d214b05e2c6f58fb0d7263472d6a44259de99afc674df713303b432bb SHA512 80699e92ae269cb6ab33b3ec0be164111b68e25d498d8af3624f04bca799174937f1fd2cf49357e0598f6567873cdc8aac3310a1175e328207de8ca5b97856d1 WHIRLPOOL 2079c97d3aa8589c70288cbcca7e1d8591adb1b40a0846b6a683fc6c72f142892e65b6adfac750931e2e63aa33a9d99f31f9659bd5664e6145059f28ecfced1a
-EBUILD qemu-2.8.0-r7.ebuild 23243 SHA256 50297d1c34059239373a804aa2fc61926800a1f1a2ff9bfff486e35209a5d4c4 SHA512 8a16c952ebd7ce097cb061e9f68b528a61c0da0667b303faa276fe8f9c68e874a2f37f46a04cf6b9dae7ead5fd79716941f083f2af2af59aae7c112857da2a15 WHIRLPOOL 1050f6ae755095d731305b263b77cca66671071acde4952981dc40315f9d810c5f9590da31a6eb9a858e67193c092769d3efc8b28093d74691b017cc1429d31a
+EBUILD qemu-2.8.0-r9.ebuild 23468 SHA256 171081a422acc5ecb21cd0400cdb1ea5ad3112379e417aefe37893d1f8ef1575 SHA512 0c4dbb8a03eaf5232819b6482c853d400ffc1c863d5df360a3820a5fa418ea90e204fdf447e72acd5489d8e9294d703be85c58ecabd460f5690c51526c05bad6 WHIRLPOOL 5e8ee3b23f57a62e32f4671c7803880c551b826d0dad357bb587b6ccae4fbf74c2f90b83812c8db9e15b8531150e729bfb7d4b084c702757dc59e22d8b5ee141
 MISC metadata.xml 3890 SHA256 50fd5960fa2280175116b5ee5ff4a9625f02e38f560061a00b2640cde4846d69 SHA512 f19e826a9daba7f2676f0459f97e7bdc752652ccf8b9dd009fd569977015b0656fee21c74529e53b6bc51c2f19e746f417c3dc1e1472e3767cdefa0746b0876c WHIRLPOOL 03e0dafcdc13beffb0044ce5227b83aa272a21e9835fce9ad16d5bdf56ee1a4c3a1ae4b10d1cdaf405502532b84991b150de262f12fa72497052c2377046845f

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
new file mode 100644
index 0000000..a15aa96
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
@@ -0,0 +1,52 @@
+From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Tue, 7 Feb 2017 02:23:33 -0800
+Subject: [PATCH] usb: ohci: limit the number of link eds
+
+The guest may builds an infinite loop with link eds. This patch
+limit the number of linked ed to avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ohci.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
+index 2cba3e3..21c93e0 100644
+--- a/hw/usb/hcd-ohci.c
++++ b/hw/usb/hcd-ohci.c
+@@ -42,6 +42,8 @@
+ 
+ #define OHCI_MAX_PORTS 15
+ 
++#define ED_LINK_LIMIT 4
++
+ static int64_t usb_frame_time;
+ static int64_t usb_bit_time;
+ 
+@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
+     uint32_t next_ed;
+     uint32_t cur;
+     int active;
+-
++    uint32_t link_cnt = 0;
+     active = 0;
+ 
+     if (head == 0)
+@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
+ 
+         next_ed = ed.next & OHCI_DPTR_MASK;
+ 
++        if (++link_cnt > ED_LINK_LIMIT) {
++            ohci_die(ohci);
++            return 0;
++        }
++
+         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
+             uint32_t addr;
+             /* Cancel pending packets for ED that have been paused.  */
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.0-r7.ebuild b/app-emulation/qemu/qemu-2.8.0-r9.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.8.0-r7.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r9.ebuild
index d9d2ca3..8ba8079 100644
--- a/app-emulation/qemu/qemu-2.8.0-r7.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r9.ebuild
@@ -20,6 +20,10 @@ else
 	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
+# bug #606088
+SRC_URI+="
+	https://dev.gentoo.org/~tamiko/distfiles/${P}-CVE-2016-9602-patches.tar.xz"
+
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
 HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
@@ -77,7 +81,10 @@ TARGETS_DEPEND="
 	>=dev-libs/glib-2.0[static-libs(+)]
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
 	aio? ( dev-libs/libaio[static-libs(+)] )
 	alsa? ( >=media-libs/alsa-lib-1.0.13 )
 	bluetooth? ( net-wireless/bluez )
@@ -212,6 +219,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
+	"${S}-CVE-2016-9602-patches"
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-04-25 16:36 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-04-25 16:36 UTC (permalink / raw
  To: gentoo-commits

commit:     9cfda0474418190f9b569496d12a73e0e190c097
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Tue Apr 25 16:35:46 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Tue Apr 25 16:35:46 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=9cfda047

app-emulation/qemu: version bump to 2.9.0

 app-emulation/qemu/Manifest                        |  6 +-
 .../qemu/files/qemu-2.8.1-CVE-2017-7471.patch      | 64 ++++++++++++++++++++++
 .../qemu/files/qemu-2.8.1-CVE-2017-8086.patch      | 28 ++++++++++
 .../{qemu-2.8.1-r1.ebuild => qemu-2.8.1-r2.ebuild} |  6 +-
 .../{qemu-2.8.1-r1.ebuild => qemu-2.9.0.ebuild}    | 30 ++--------
 5 files changed, 106 insertions(+), 28 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 1b3ada7..412e105 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -28,11 +28,15 @@ AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d148
 AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
 AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
+AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
+AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
 DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
+DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
 EBUILD qemu-2.8.0-r10.ebuild 23278 SHA256 c94a06a16fb45995d37e0bfa62dc742601c169156d30b97456d923856693efd1 SHA512 ebd5ea426efc57bb2eb78489049f212e11eb4ab70d23418ad7c04c3161a749ec638edcdd39355107762915c4f13079a3dc1555c58f3d696cd286a9fd6bd25491 WHIRLPOOL 94c220281705e2d6414a7d52b8f93373ae193f0095c88fd76d9e0b10f7a11266e3350d3b354651f87c094a3cf63e12b9374beefb839a1a9f0d17f92732786a01
-EBUILD qemu-2.8.1-r1.ebuild 22805 SHA256 067a0713f27ed9aa1a44465dc1d1ec7664f2f539cbe6f8b8572423f97b6b5529 SHA512 ddd47ad7f5ee26eb0e60217bcb821bd67d7f6e99700b99a77b3633b76ff68686514d0186c0bc271bcba3343f9afbc70be4543f644ce434bc40c961033b4ad8c5 WHIRLPOOL 458dd42f06f89db818da2eb4817fcaad7b1ed4d25dff863ab6e05523025d61a95fbf6a63fe7ca213334d80178a3705918f0ff4d9318d8fcd11c329edbbd6ab3c
+EBUILD qemu-2.8.1-r2.ebuild 22910 SHA256 69bab6142f0850f44a29f22529f6f9e9bf2423b1fb983df57087f4ca60d35cd0 SHA512 91176de504a48641caa2417bee138ef319917474565243d719322cbc47310c10fc6098029e634a82904badfd7c1a11b1976fc839ef999508531a7c5755fab2d8 WHIRLPOOL 14470c66e8d40ba5e3a92993fcf2c75bb73cb434d511ebee20d649ed367bb3d50f1d5294cb19ba3e19dc0d419f02e06957242648dff958bb6a2fa1746b45e977
+EBUILD qemu-2.9.0.ebuild 21726 SHA256 aafaa57f957ec9b7bb413da091c62fcb09f0573913baae15c53e2e9b15bfc9c9 SHA512 d67884745e6be21a2cdb8611ef818ae5c42aa847721d9b0ba49e8cdfc0d58cfda660ac7befdcef63d80ecd27b9963f7c21aebdb271d1b7271ac63ee46219900b WHIRLPOOL b59ff23f60bd3f82ce48c003718e2d8b35e7d0ffb03670eb3d6bc7833ca00e70117ba3312d7a369cbd169cb1e8fa987c0e91f7948ea25ca6f43be05d48521e0d
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
new file mode 100644
index 0000000..c5366f5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
@@ -0,0 +1,64 @@
+From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Mon, 17 Apr 2017 10:53:23 +0200
+Subject: [PATCH] 9pfs: local: set the path of the export root to "."
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The local backend was recently converted to using "at*()" syscalls in order
+to ensure all accesses happen below the shared directory. This requires that
+we only pass relative paths, otherwise the dirfd argument to the "at*()"
+syscalls is ignored and the path is treated as an absolute path in the host.
+This is actually the case for paths in all fids, with the notable exception
+of the root fid, whose path is "/". This causes the following backend ops to
+act on the "/" directory of the host instead of the virtfs shared directory
+when the export root is involved:
+- lstat
+- chmod
+- chown
+- utimensat
+
+ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
+host for example. This could cause security issues with a privileged QEMU.
+
+All "*at()" syscalls are being passed an open file descriptor. In the case
+of the export root, this file descriptor points to the path in the host that
+was passed to -fsdev.
+
+The fix is thus as simple as changing the path of the export root fid to be
+"." instead of "/".
+
+This is CVE-2017-7471.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Léo Gaspard <leo@gaspard.io>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/9pfs/9p-local.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index 45e9a1f..f3ebca4 100644
+--- a/hw/9pfs/9p-local.c
++++ b/hw/9pfs/9p-local.c
+@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
+ {
+     if (dir_path) {
+         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+-    } else {
++    } else if (strcmp(name, "/")) {
+         v9fs_path_sprintf(target, "%s", name);
++    } else {
++        /* We want the path of the export root to be relative, otherwise
++         * "*at()" syscalls would treat it as "/" in the host.
++         */
++        v9fs_path_sprintf(target, "%s", ".");
+     }
+     return 0;
+ }
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
new file mode 100644
index 0000000..eac72f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
@@ -0,0 +1,28 @@
+From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Fri, 7 Apr 2017 03:48:52 -0700
+Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
+
+Free 'orig_value' in error path.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p-xattr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
+index eec160b..d05c1a1 100644
+--- a/hw/9pfs/9p-xattr.c
++++ b/hw/9pfs/9p-xattr.c
+@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
+     g_free(name);
+     close_preserve_errno(dirfd);
+     if (xattr_len < 0) {
++        g_free(orig_value);
+         return -1;
+     }
+ 
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.1-r1.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
similarity index 99%
copy from app-emulation/qemu/qemu-2.8.1-r1.ebuild
copy to app-emulation/qemu/qemu-2.8.1-r2.ebuild
index d4f9c15..fa8727b 100644
--- a/app-emulation/qemu/qemu-2.8.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
@@ -29,8 +29,8 @@ IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
 	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
 	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
 	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test +threads usb usbredir
-	vde +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
 	mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
@@ -213,6 +213,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
+	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch   #616484
+	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch   #616460
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"

diff --git a/app-emulation/qemu/qemu-2.8.1-r1.ebuild b/app-emulation/qemu/qemu-2.9.0.ebuild
similarity index 94%
rename from app-emulation/qemu/qemu-2.8.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.9.0.ebuild
index d4f9c15..3da97fe 100644
--- a/app-emulation/qemu/qemu-2.8.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0.ebuild
@@ -29,16 +29,16 @@ IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
 	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
 	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
 	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test +threads usb usbredir
-	vde +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
 	sparc64 x86_64"
 IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
 	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
 IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
 
 use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
 use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@@ -196,23 +196,6 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -235,7 +218,7 @@ QA_WX_LOAD="usr/bin/qemu-i386
 	usr/bin/qemu-microblazeel
 	usr/bin/qemu-mips
 	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
+	usr/bin/qemu-or1k
 	usr/bin/qemu-ppc
 	usr/bin/qemu-ppc64
 	usr/bin/qemu-ppc64abi32
@@ -692,9 +675,6 @@ src_install() {
 	insinto "/etc/qemu"
 	doins "${FILESDIR}/bridge.conf"
 
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
 	cd "${S}"
 	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-04-30  2:11 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-04-30  2:11 UTC (permalink / raw
  To: gentoo-commits

commit:     d1cef7e3eff520366210692355b9a47ba3909ebe
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sun Apr 30 02:11:12 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sun Apr 30 02:11:12 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=d1cef7e3

app-emulation/qemeu: version bump to 2.9.0-r1

 app-emulation/qemu/Manifest                        |  8 ++-
 .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch      | 22 +++++++
 .../qemu/files/qemu-2.9.0-bug616870.patch          | 22 +++++++
 .../qemu/files/qemu-2.9.0-bug616872.patch          | 76 ++++++++++++++++++++++
 .../qemu/files/qemu-2.9.0-bug616874.patch          | 34 ++++++++++
 app-emulation/qemu/qemu-2.8.1-r2.ebuild            |  2 +-
 .../{qemu-2.9.0.ebuild => qemu-2.9.0-r1.ebuild}    |  4 ++
 7 files changed, 165 insertions(+), 3 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 412e105..e305941 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -30,6 +30,10 @@ AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b32
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
 AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
 AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
+AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
+AUX qemu-2.9.0-bug616870.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
+AUX qemu-2.9.0-bug616872.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
+AUX qemu-2.9.0-bug616874.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
 DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
@@ -37,6 +41,6 @@ DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29b
 DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
 EBUILD qemu-2.8.0-r10.ebuild 23278 SHA256 c94a06a16fb45995d37e0bfa62dc742601c169156d30b97456d923856693efd1 SHA512 ebd5ea426efc57bb2eb78489049f212e11eb4ab70d23418ad7c04c3161a749ec638edcdd39355107762915c4f13079a3dc1555c58f3d696cd286a9fd6bd25491 WHIRLPOOL 94c220281705e2d6414a7d52b8f93373ae193f0095c88fd76d9e0b10f7a11266e3350d3b354651f87c094a3cf63e12b9374beefb839a1a9f0d17f92732786a01
-EBUILD qemu-2.8.1-r2.ebuild 22910 SHA256 69bab6142f0850f44a29f22529f6f9e9bf2423b1fb983df57087f4ca60d35cd0 SHA512 91176de504a48641caa2417bee138ef319917474565243d719322cbc47310c10fc6098029e634a82904badfd7c1a11b1976fc839ef999508531a7c5755fab2d8 WHIRLPOOL 14470c66e8d40ba5e3a92993fcf2c75bb73cb434d511ebee20d649ed367bb3d50f1d5294cb19ba3e19dc0d419f02e06957242648dff958bb6a2fa1746b45e977
-EBUILD qemu-2.9.0.ebuild 21726 SHA256 aafaa57f957ec9b7bb413da091c62fcb09f0573913baae15c53e2e9b15bfc9c9 SHA512 d67884745e6be21a2cdb8611ef818ae5c42aa847721d9b0ba49e8cdfc0d58cfda660ac7befdcef63d80ecd27b9963f7c21aebdb271d1b7271ac63ee46219900b WHIRLPOOL b59ff23f60bd3f82ce48c003718e2d8b35e7d0ffb03670eb3d6bc7833ca00e70117ba3312d7a369cbd169cb1e8fa987c0e91f7948ea25ca6f43be05d48521e0d
+EBUILD qemu-2.8.1-r2.ebuild 22909 SHA256 3f2ed4696ccc6136bfb5fc003cb462a327eb29a155b11de3a9879b00e360938f SHA512 8f988bed528668188e2b113fc217130916a3f4837daf55ece21d3af7b7fa9d2230456d09d54c34c84cd69a628680196e0e7187a1bf427730e91e7f0aba7f6762 WHIRLPOOL a9b49900e1cfd02d9826d04289453d54411c051dfddeeb36b18dd00e5db4c7b289b2f8e2e0eee2455cda2df421c15c752063e231bcd3ae4fc911e4b9d0099756
+EBUILD qemu-2.9.0-r1.ebuild 21902 SHA256 30d866abeafb142a1aa2993b7461cbd35925034ab59dcd9f42a5a2dbda41824a SHA512 9b6675586947a2ceff1910bbde1017398ff5a835c50d3c1379166674457f554193d6212ac7ed801e14749e1a7e52f2c280d389385da4ef30b678b8341100e516 WHIRLPOOL e0a2d46e2f6ab03f9b384030e945ae991146b41045b3fc260e4871141162f58f80b3d810d2f47333aeeeadfbf6f626984f866c22f9012a002b8359e0d6497998
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
new file mode 100644
index 0000000..31fb69b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
@@ -0,0 +1,22 @@
+CVE-2017-8112
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
+---
+ hw/scsi/vmw_pvscsi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 7557546..4a106da 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
+     uint32_t len_log2;
+     uint32_t ring_size;
+ 
+-    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
++    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+         return -1;
+     }
+     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+-- 
+2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch b/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch
new file mode 100644
index 0000000..4f7f870
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch
@@ -0,0 +1,22 @@
+bug #616870
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
+---
+ audio/audio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/audio/audio.c b/audio/audio.c
+index c8898d8422..beafed209b 100644
+--- a/audio/audio.c
++++ b/audio/audio.c
+@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
+                     sw = sw1;
+                 }
+                 QLIST_REMOVE (cap, entries);
++                g_free (cap->hw.mix_buf);
++                g_free (cap->buf);
+                 g_free (cap);
+             }
+             return;
+-- 
+2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch b/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch
new file mode 100644
index 0000000..0a34dae
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch
@@ -0,0 +1,76 @@
+bug #616872
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
+---
+ ui/input.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ui/input.c b/ui/input.c
+index ed88cda6d6..fb1f404095 100644
+--- a/ui/input.c
++++ b/ui/input.c
+@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
+     QTAILQ_HEAD_INITIALIZER(kbd_queue);
+ static QEMUTimer *kbd_timer;
+ static uint32_t kbd_default_delay_ms = 10;
++static uint32_t queue_count;
++static uint32_t queue_limit = 1024;
+ 
+ QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
+                                                    QemuInputHandler *handler)
+@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
+             break;
+         }
+         QTAILQ_REMOVE(queue, item, node);
++        queue_count--;
+         g_free(item);
+     }
+ }
+@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
+     item->delay_ms = delay_ms;
+     item->timer = timer;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ 
+     if (start_timer) {
+         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
+@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
+     item->src = src;
+     item->evt = evt;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ }
+ 
+ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
+@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
+ 
+     item->type = QEMU_INPUT_QUEUE_SYNC;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ }
+ 
+ void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
+@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
+         qemu_input_event_send(src, evt);
+         qemu_input_event_sync();
+         qapi_free_InputEvent(evt);
+-    } else {
++    } else if (queue_count < queue_limit) {
+         qemu_input_queue_event(&kbd_queue, src, evt);
+         qemu_input_queue_sync(&kbd_queue);
+     }
+@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
+         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
+                                  &kbd_queue);
+     }
+-    qemu_input_queue_delay(&kbd_queue, kbd_timer,
+-                           delay_ms ? delay_ms : kbd_default_delay_ms);
++    if (queue_count < queue_limit) {
++        qemu_input_queue_delay(&kbd_queue, kbd_timer,
++                               delay_ms ? delay_ms : kbd_default_delay_ms);
++    }
+ }
+ 
+ InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
+-- 
+2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch b/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch
new file mode 100644
index 0000000..08911dd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch
@@ -0,0 +1,34 @@
+bug #616874
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
+---
+ hw/scsi/megasas.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 84b8caf..804122a 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
+     case MFI_SEQ:
+         trace_megasas_mmio_writel("MFI_SEQ", val);
+         /* Magic sequence to start ADP reset */
+-        if (adp_reset_seq[s->adp_reset] == val) {
+-            s->adp_reset++;
++        if (adp_reset_seq[s->adp_reset++] == val) {
++            if (s->adp_reset == 6) {
++                s->adp_reset = 0;
++                s->diag = MFI_DIAG_WRITE_ENABLE;
++            }
+         } else {
+             s->adp_reset = 0;
+             s->diag = 0;
+         }
+-        if (s->adp_reset == 6) {
+-            s->diag = MFI_DIAG_WRITE_ENABLE;
+-        }
+         break;
+     case MFI_DIAG:
+         trace_megasas_mmio_writel("MFI_DIAG", val);
+-- 
+2.9.3

diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
index fa8727b..682ed1c 100644
--- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"

diff --git a/app-emulation/qemu/qemu-2.9.0.ebuild b/app-emulation/qemu/qemu-2.9.0-r1.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.9.0.ebuild
rename to app-emulation/qemu/qemu-2.9.0-r1.ebuild
index 3da97fe..1851ea8 100644
--- a/app-emulation/qemu/qemu-2.9.0.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r1.ebuild
@@ -196,6 +196,10 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch
+	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch
+	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-05-06 21:26 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-05-06 21:26 UTC (permalink / raw
  To: gentoo-commits

commit:     65b200c42b344d8aba791abea0f568b448fadee1
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sat May  6 21:26:01 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sat May  6 21:26:01 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=65b200c4

app-emulation/qemu: version bump to 2.9.0-r53

 app-emulation/qemu/Manifest                        |  14 +--
 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch      |  48 ---------
 .../qemu/files/qemu-2.8.0-CVE-2017-2620.patch      |  56 ----------
 .../qemu/files/qemu-2.8.0-CVE-2017-2630.patch      |  22 ----
 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch      |  37 -------
 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch      |  46 --------
 .../qemu/files/qemu-2.8.0-CVE-2017-6058.patch      | 112 --------------------
 app-emulation/qemu/qemu-2.8.1-r2.ebuild            |   2 +-
 app-emulation/qemu/qemu-2.9.0-r1.ebuild            |   1 +
 ...qemu-2.8.0-r10.ebuild => qemu-2.9.0-r53.ebuild} | 117 +++++++++++----------
 10 files changed, 69 insertions(+), 386 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index e305941..2de0792 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -9,22 +9,16 @@ AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a
 AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
 AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
 AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
-AUX qemu-2.8.0-CVE-2017-2615.patch 1720 SHA256 33f3f81ff8e5dacfc4f33dd48bd7833843c209f6d2bd5b3102cc5694ad85a593 SHA512 32063428286a49a12daa481ba87f1b09be6504bf24c5759aacf88ef436312a890dfe44d08457d8b426f86ce7680700d32fb21a255a6db8eb512e612c16770d36 WHIRLPOOL 9f1eed6c6c3eeb1e8991d1aa82e12a004c223bdd635ec48e433ca93d054aa3dfb5986fe01e36df157ef20c685e07595eebdf5fe16ed7cf9034e1c9ddf8304dbb
-AUX qemu-2.8.0-CVE-2017-2620.patch 1879 SHA256 dc898ad08d83b5a904a68513784ec009d4e19373ec9170e58d0695cf733b1bbd SHA512 4c0cba0b7abf4923f8c4720ffe8aad98cf8a4cddfa9fdf1418a5895f107bd186599f4d8a87290e9459a425e4ac464663a6d500bf016f459cb81dbd7fbc8121cb WHIRLPOOL 8c2cb5c6a8cee9c1d44fe0e03b3f8f56de4f8a8515acdda4458610f543f2e2cf6bac2161b9a8128e3aaf0c65716d5a85a9caf7041fdc05ab7e222c87568a4d68
-AUX qemu-2.8.0-CVE-2017-2630.patch 681 SHA256 72c675456d02f188b1ccc680fb237900d32d315272d1b3b6c3caad08bc8130e2 SHA512 1dc5006455a06a83799094afab1ec4f2f3808174530f71d234d165275af3b11160bcf6c041c8e9e3138de7bd6ec4b7810b4532c496c018f0aa71716f2d437faa WHIRLPOOL 27c7835c00f5ad368921ae8c2251cc3eaef3f018242c42517f03102129368f85b99b144f4a3eb53e546352965e6a7f031f7545237e5334ee524059d461d29a8f
 AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
 AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
 AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
 AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
 AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
-AUX qemu-2.8.0-CVE-2017-5667.patch 1497 SHA256 e05e21c45d8c05392215db0bff3e161c68d64b0b9e42add18307346b3a4d4bc3 SHA512 7c518736ac09d6c37fd359a8a503713f1b76d6041038f58e7648bb69251d6039c3449593eb14a5e0f2649d12856964a42d48e4ee0bb9dc664ada2852f9ea3cbd WHIRLPOOL 0e74b2671f148fa9f31674e6dd80634064fb8d24be474eaf9ea1efcb6cf427314da75187a32eed874ea4bde19e8dfc4562d5af06893ce3beeef7de8f902dd698
 AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
 AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
 AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
-AUX qemu-2.8.0-CVE-2017-5931.patch 1696 SHA256 cdb1ea1306bf00042f13637eef78d3580e34b88c11716e62fad69931eb3d7ac6 SHA512 5b9a00f0964b153df7630655480b646e6615e831fd981642987d8691e9ddd265f64285d0e70c4f536bb370adb03a75548f7258bee8dbc2b7de15a3984fc8421b WHIRLPOOL c6d9440adf57ad1b560da03a455d9bdc3094c952f3c82a5e88fa6f2d0336ab767f0617b2916b68a5e3f5d30293749be40c12dfe93e8b7525fec9b8a453a65123
 AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
 AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
-AUX qemu-2.8.0-CVE-2017-6058.patch 3797 SHA256 06c01fcd53dab66af55df164f1616d14847b2a0fd46abe7445b7e3e7b7ee77cf SHA512 1425e7df38cd44903fe78e7728d7eb3df2d8486895f38a87c4e0c63aa5cc4a2b19032d486fcb5676201242039364a1f3d34b256606b5f8ae74028432e6d50286 WHIRLPOOL 9a48c2f00ac146c29163422c10ca62e3065a36752b865b6b9e3408edf019f3585579ac074b5325777e6a405a11d0ce09da33eb6499012377f0c9ef8c52bf2840
 AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
 AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
@@ -36,11 +30,9 @@ AUX qemu-2.9.0-bug616872.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccb
 AUX qemu-2.9.0-bug616874.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
-DIST qemu-2.8.0-CVE-2016-9602-patches.tar.xz 16264 SHA256 18ac829c6003a3f997db4030a46b422028c58fead158f0c5ffe36ad65acb84e0 SHA512 a56694d1600e4fd1ffd6bbe031a0db226fc5c88306797cc4e42d1dc6127b83d1791cb4e026988b3aad82eab84382e41077ae71e532d1d3489e179730185c0964 WHIRLPOOL 22057b001c478b2b0d97ad70393c973aefc6277d89bb5a1ae03c3c39b5182ddfbe541964761f512ed5735dc442e1f40d0a955ad5b270758e21ce815be86b24bd
-DIST qemu-2.8.0.tar.bz2 28368517 SHA256 dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 SHA512 50f2988d822388ba9fd1bf5dbe68359033ed7432d7f0f9790299f32f63faa6dc72979256b5632ba572d47ee3e74ed40e3e8e331dc6303ec1599f1b4367cb78c2 WHIRLPOOL 0ce4e0539657eb832e4039819e7360c792b6aa41c718f0e0d762f4933217f0d370af94b1d6d9776853575b4a6811d8c85db069bf09d21bd15399ac8b50440ff5
 DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
-EBUILD qemu-2.8.0-r10.ebuild 23278 SHA256 c94a06a16fb45995d37e0bfa62dc742601c169156d30b97456d923856693efd1 SHA512 ebd5ea426efc57bb2eb78489049f212e11eb4ab70d23418ad7c04c3161a749ec638edcdd39355107762915c4f13079a3dc1555c58f3d696cd286a9fd6bd25491 WHIRLPOOL 94c220281705e2d6414a7d52b8f93373ae193f0095c88fd76d9e0b10f7a11266e3350d3b354651f87c094a3cf63e12b9374beefb839a1a9f0d17f92732786a01
-EBUILD qemu-2.8.1-r2.ebuild 22909 SHA256 3f2ed4696ccc6136bfb5fc003cb462a327eb29a155b11de3a9879b00e360938f SHA512 8f988bed528668188e2b113fc217130916a3f4837daf55ece21d3af7b7fa9d2230456d09d54c34c84cd69a628680196e0e7187a1bf427730e91e7f0aba7f6762 WHIRLPOOL a9b49900e1cfd02d9826d04289453d54411c051dfddeeb36b18dd00e5db4c7b289b2f8e2e0eee2455cda2df421c15c752063e231bcd3ae4fc911e4b9d0099756
-EBUILD qemu-2.9.0-r1.ebuild 21902 SHA256 30d866abeafb142a1aa2993b7461cbd35925034ab59dcd9f42a5a2dbda41824a SHA512 9b6675586947a2ceff1910bbde1017398ff5a835c50d3c1379166674457f554193d6212ac7ed801e14749e1a7e52f2c280d389385da4ef30b678b8341100e516 WHIRLPOOL e0a2d46e2f6ab03f9b384030e945ae991146b41045b3fc260e4871141162f58f80b3d810d2f47333aeeeadfbf6f626984f866c22f9012a002b8359e0d6497998
+EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f
+EBUILD qemu-2.9.0-r1.ebuild 21942 SHA256 2c2274d26f203a2a064c35ccabfa8aab374e9c8748d8724ed1534e7c677236db SHA512 91fae1f84c8fb998caa4bb589cd193329e06dd7f833809f0e3986ebe12a265615598ba3182acea59e3e39253ef5d4b6ed4b87912b7d5835f7a458fccea54070b WHIRLPOOL 32543f228bf261b0abda8052e838cbdebef53b511d7006a150168299cc4f75dc9643d9bc344582413a767228bb6c8c863bce95d358d7901f9d60f470f2d19d2d
+EBUILD qemu-2.9.0-r53.ebuild 23331 SHA256 3c1fdefe7cdc3bb7baf28782da40dc05239b2bacdf39825d084f563070aa5185 SHA512 923c1628bfef5f645972e90ee855a0ce1060217d8b76ffd51f8bbfd3bbf042ad273b781f9a5c8fc64f7a74410bd8bf2ef1fd975d3348a8d55230008be93afcff WHIRLPOOL 1053b25130a2f0d1da4e46c38886defdebaefbc0fb95743abbcfc82b337075c20a7c9fd494909de86ea25d179c65b2766f221cef418c2a06e127db942aa3ac1d
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
deleted file mode 100644
index f0bba80..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 1 Feb 2017 09:35:01 +0100
-Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
-
-When doing bitblt copy in backward mode, we should minus the
-blt width first just like the adding in the forward mode. This
-can avoid the oob access of the front of vga's vram.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-
-{ kraxel: with backward blits (negative pitch) addr is the topmost
-          address, so check it as-is against vram size ]
-
-Cc: qemu-stable@nongnu.org
-Cc: P J P <ppandit@redhat.com>
-Cc: Laszlo Ersek <lersek@redhat.com>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
----
- hw/display/cirrus_vga.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index 7db6409..16f27e8 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
- {
-     if (pitch < 0) {
-         int64_t min = addr
--            + ((int64_t)s->cirrus_blt_height-1) * pitch;
--        int32_t max = addr
--            + s->cirrus_blt_width;
--        if (min < 0 || max > s->vga.vram_size) {
-+            + ((int64_t)s->cirrus_blt_height - 1) * pitch
-+            - s->cirrus_blt_width;
-+        if (min < -1 || addr >= s->vga.vram_size) {
-             return true;
-         }
-     } else {
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
deleted file mode 100644
index e2a9801..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2620.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Gerd Hoffmann <kraxel@redhat.com>
-Subject: [PATCH 3/3] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
-
-CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
-and blit width, at all.  Oops.  Fix it.
-
-Security impact: high.
-
-The missing blit destination check allows to write to host memory.
-Basically same as CVE-2014-8106 for the other blit variants.
-
-The missing blit width check allows to overflow cirrus_bltbuf,
-with the attractive target cirrus_srcptr (current cirrus_bltbuf write
-position) being located right after cirrus_bltbuf in CirrusVGAState.
-
-Due to cirrus emulation writing cirrus_bltbuf bytewise the attacker
-hasn't full control over cirrus_srcptr though, only one byte can be
-changed.  Once the first byte has been modified further writes land
-elsewhere.
-
-[ This is CVE-2017-2620 / XSA-209  - Ian Jackson ]
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/cirrus_vga.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index 0e47cf8..a093dc8 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -899,6 +899,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
- {
-     int w;
- 
-+    if (blit_is_unsafe(s)) {
-+        return 0;
-+    }
-+
-     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
-     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
-     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
-@@ -924,6 +928,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
- 	}
-         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
-     }
-+
-+    /* the blit_is_unsafe call above should catch this */
-+    assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
-+
-     s->cirrus_srcptr = s->cirrus_bltbuf;
-     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
-     cirrus_update_memory_access(s);
--- 
-1.8.3.1
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
deleted file mode 100644
index 034b322..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2630.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Comparison symbol is misused. It may lead to memory corruption.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
----
- nbd/client.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/nbd/client.c b/nbd/client.c
-index 6caf6bda6d..351731bc63 100644
---- a/nbd/client.c
-+++ b/nbd/client.c
-@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
-     char small[1024];
-     char *buffer;
- 
--    buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
-+    buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size));
-     while (size > 0) {
-         ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
- 
--- 
-2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
deleted file mode 100644
index 93e9c94..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Tue, 7 Feb 2017 18:29:59 +0000
-Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
-
-While doing multi block SDMA transfer in routine
-'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
-index 'begin' and data length 's->data_count' could end up to be same.
-This could lead to an OOB access issue. Correct transfer data length
-to avoid it.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Jiang Xin <jiangxin1@huawei.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20170130064736.9236-1-ppandit@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/sd/sdhci.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
-index 01fbf22..5bd5ab6 100644
---- a/hw/sd/sdhci.c
-+++ b/hw/sd/sdhci.c
-@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
-                 boundary_count -= block_size - begin;
-             }
-             dma_memory_read(&address_space_memory, s->sdmasysad,
--                            &s->fifo_buffer[begin], s->data_count);
-+                            &s->fifo_buffer[begin], s->data_count - begin);
-             s->sdmasysad += s->data_count - begin;
-             if (s->data_count == block_size) {
-                 for (n = 0; n < block_size; n++) {
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
deleted file mode 100644
index f24d557..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
-From: Gonglei <arei.gonglei@huawei.com>
-Date: Tue, 3 Jan 2017 14:50:03 +0800
-Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
-
-Because the 'size_t' type is 4 bytes in 32-bit platform, which
-is the same with 'int'. It's easy to make 'max_len' to zero when
-integer overflow and then cause heap overflow if 'max_len' is zero.
-
-Using uint_64 instead of size_t to avoid the integer overflow.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Gonglei <arei.gonglei@huawei.com>
-Tested-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
----
- hw/virtio/virtio-crypto.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
-index 2f2467e..c23e1ad 100644
---- a/hw/virtio/virtio-crypto.c
-+++ b/hw/virtio/virtio-crypto.c
-@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
-     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
-     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
- 
--    size_t max_len, curr_size = 0;
-+    uint64_t max_len, curr_size = 0;
-     size_t s;
- 
-     /* Plain cipher */
-@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
-         return NULL;
-     }
- 
--    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
-+    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
-     if (unlikely(max_len > vcrypto->conf.max_size)) {
-         virtio_error(vdev, "virtio-crypto too big length");
-         return NULL;
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
deleted file mode 100644
index 666c18c..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6058.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-This patch fixed a problem that was introduced in commit eb700029.
-
-When net_rx_pkt_attach_iovec() calls eth_strip_vlan()
-this can result in pkt->ehdr_buf being overflowed, because
-ehdr_buf is only sizeof(struct eth_header) bytes large
-but eth_strip_vlan() can write
-sizeof(struct eth_header) + sizeof(struct vlan_header)
-bytes into it.
-
-Devices affected by this problem: vmxnet3.
-
-Reported-by: Peter Maydell <address@hidden>
-Signed-off-by: Dmitry Fleytman <address@hidden>
----
- hw/net/net_rx_pkt.c | 34 +++++++++++++++++-----------------
- 1 file changed, 17 insertions(+), 17 deletions(-)
-
-diff --git a/hw/net/net_rx_pkt.c b/hw/net/net_rx_pkt.c
-index 1019b50..7c0beac 100644
---- a/hw/net/net_rx_pkt.c
-+++ b/hw/net/net_rx_pkt.c
-@@ -23,13 +23,13 @@
- 
- struct NetRxPkt {
-     struct virtio_net_hdr virt_hdr;
--    uint8_t ehdr_buf[sizeof(struct eth_header)];
-+    uint8_t ehdr_buf[sizeof(struct eth_header) + sizeof(struct vlan_header)];
-     struct iovec *vec;
-     uint16_t vec_len_total;
-     uint16_t vec_len;
-     uint32_t tot_len;
-     uint16_t tci;
--    bool vlan_stripped;
-+    size_t ehdr_buf_len;
-     bool has_virt_hdr;
-     eth_pkt_types_e packet_type;
- 
-@@ -88,15 +88,13 @@ net_rx_pkt_pull_data(struct NetRxPkt *pkt,
-                         const struct iovec *iov, int iovcnt,
-                         size_t ploff)
- {
--    if (pkt->vlan_stripped) {
-+    if (pkt->ehdr_buf_len) {
-         net_rx_pkt_iovec_realloc(pkt, iovcnt + 1);
- 
-         pkt->vec[0].iov_base = pkt->ehdr_buf;
--        pkt->vec[0].iov_len = sizeof(pkt->ehdr_buf);
--
--        pkt->tot_len =
--            iov_size(iov, iovcnt) - ploff + sizeof(struct eth_header);
-+        pkt->vec[0].iov_len = pkt->ehdr_buf_len;
- 
-+        pkt->tot_len = iov_size(iov, iovcnt) - ploff + pkt->ehdr_buf_len;
-         pkt->vec_len = iov_copy(pkt->vec + 1, pkt->vec_len_total - 1,
-                                 iov, iovcnt, ploff, pkt->tot_len);
-     } else {
-@@ -123,11 +121,12 @@ void net_rx_pkt_attach_iovec(struct NetRxPkt *pkt,
-     uint16_t tci = 0;
-     uint16_t ploff = iovoff;
-     assert(pkt);
--    pkt->vlan_stripped = false;
- 
-     if (strip_vlan) {
--        pkt->vlan_stripped = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
--                                            &ploff, &tci);
-+        pkt->ehdr_buf_len = eth_strip_vlan(iov, iovcnt, iovoff, pkt->ehdr_buf,
-+                                           &ploff, &tci);
-+    } else {
-+        pkt->ehdr_buf_len = 0;
-     }
- 
-     pkt->tci = tci;
-@@ -143,12 +142,13 @@ void net_rx_pkt_attach_iovec_ex(struct NetRxPkt *pkt,
-     uint16_t tci = 0;
-     uint16_t ploff = iovoff;
-     assert(pkt);
--    pkt->vlan_stripped = false;
- 
-     if (strip_vlan) {
--        pkt->vlan_stripped = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
--                                               pkt->ehdr_buf,
--                                               &ploff, &tci);
-+        pkt->ehdr_buf_len = eth_strip_vlan_ex(iov, iovcnt, iovoff, vet,
-+                                              pkt->ehdr_buf,
-+                                              &ploff, &tci);
-+    } else {
-+        pkt->ehdr_buf_len = 0;
-     }
- 
-     pkt->tci = tci;
-@@ -162,8 +162,8 @@ void net_rx_pkt_dump(struct NetRxPkt *pkt)
-     NetRxPkt *pkt = (NetRxPkt *)pkt;
-     assert(pkt);
- 
--    printf("RX PKT: tot_len: %d, vlan_stripped: %d, vlan_tag: %d\n",
--              pkt->tot_len, pkt->vlan_stripped, pkt->tci);
-+    printf("RX PKT: tot_len: %d, ehdr_buf_len: %lu, vlan_tag: %d\n",
-+              pkt->tot_len, pkt->ehdr_buf_len, pkt->tci);
- #endif
- }
- 
-@@ -426,7 +426,7 @@ bool net_rx_pkt_is_vlan_stripped(struct NetRxPkt *pkt)
- {
-     assert(pkt);
- 
--    return pkt->vlan_stripped;
-+    return pkt->ehdr_buf_len ? true : false;
- }
- 
- bool net_rx_pkt_has_virt_hdr(struct NetRxPkt *pkt)
--- 
-2.7.4

diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
index 682ed1c..ff24476 100644
--- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"

diff --git a/app-emulation/qemu/qemu-2.9.0-r1.ebuild b/app-emulation/qemu/qemu-2.9.0-r1.ebuild
index 1851ea8..5cd5be6 100644
--- a/app-emulation/qemu/qemu-2.9.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r1.ebuild
@@ -50,6 +50,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 	gtk2? ( gtk )
 	qemu_softmmu_targets_arm? ( fdt )
 	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
 	qemu_softmmu_targets_ppc? ( fdt )
 	qemu_softmmu_targets_ppc64? ( fdt )
 	sdl2? ( sdl )

diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.9.0-r53.ebuild
similarity index 89%
rename from app-emulation/qemu/qemu-2.8.0-r10.ebuild
rename to app-emulation/qemu/qemu-2.9.0-r53.ebuild
index 7a4fa23..0958df4 100644
--- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r53.ebuild
@@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline"
 
 PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
 
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
 	user udev fcaps readme.gentoo-r1 pax-utils l10n
 
@@ -17,13 +19,9 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
-# bug #606088
-SRC_URI+="
-	https://dev.gentoo.org/~tamiko/distfiles/${P}-CVE-2016-9602-patches.tar.xz"
-
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
 HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
@@ -33,16 +31,16 @@ IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
 	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
 	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
 	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test +threads usb usbredir
-	vde +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
 	sparc64 x86_64"
 IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
 	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
 IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
 
 use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
 use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
@@ -54,6 +52,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 	gtk2? ( gtk )
 	qemu_softmmu_targets_arm? ( fdt )
 	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
 	qemu_softmmu_targets_ppc? ( fdt )
 	qemu_softmmu_targets_ppc64? ( fdt )
 	sdl2? ( sdl )
@@ -71,7 +70,6 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 # when available rather than always using the extranl library.
 ALL_DEPEND="
 	>=dev-libs/glib-2.0[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
 	python? ( ${PYTHON_DEPS} )
 	systemtap? ( dev-util/systemtap )
@@ -80,6 +78,7 @@ ALL_DEPEND="
 # Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
 # softmmu targets (qemu-system-*).
 SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	accessibility? (
 		app-accessibility/brltty[api]
 		app-accessibility/brltty[static-libs(+)]
@@ -153,16 +152,17 @@ SOFTMMU_TOOLS_DEPEND="
 	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
 
 X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
+		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+		~sys-firmware/ipxe-1.0.0_p20160620
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
 		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
 	)
 	!pin-upstream-blobs? (
-		sys-firmware/seabios
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
 		sys-firmware/sgabios
-		sys-firmware/vgabios
 	)"
 
 CDEPEND="
@@ -200,30 +200,10 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2630.patch   #609396
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch   #607766
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
-	"${S}-CVE-2016-9602-patches"
+	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch
+	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch
+	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -246,7 +226,7 @@ QA_WX_LOAD="usr/bin/qemu-i386
 	usr/bin/qemu-microblazeel
 	usr/bin/qemu-mips
 	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
+	usr/bin/qemu-or1k
 	usr/bin/qemu-ppc
 	usr/bin/qemu-ppc64
 	usr/bin/qemu-ppc64abi32
@@ -703,9 +683,6 @@ src_install() {
 	insinto "/etc/qemu"
 	doins "${FILESDIR}/bridge.conf"
 
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
 	cd "${S}"
 	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios
@@ -714,22 +691,26 @@ src_install() {
 	if [[ -n ${softmmu_targets} ]]; then
 		# Remove SeaBIOS since we're using the SeaBIOS packaged one
 		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
 		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
 			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
 		fi
 
-		# Remove vgabios since we're using the vgabios packaged one
+		# Remove vgabios since we're using the seavgabios packaged one
 		rm "${ED}/usr/share/qemu/vgabios.bin"
 		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
 		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
 		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
 		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
 		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
 		fi
 
 		# Remove sgabios since we're using the sgabios packaged one
@@ -754,20 +735,50 @@ src_install() {
 	readme.gentoo_create_doc
 }
 
-pkg_postinst() {
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+			return 0
+		fi
+	done
+	return 1
+}
 
+pkg_postinst() {
 	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
 		udev_reload
 	fi
 
 	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
 }
 
 pkg_info() {
 	echo "Using:"
 	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
 	echo "  $(best_version sys-firmware/ipxe)"
 	echo "  $(best_version sys-firmware/seabios)"
 	if has_version 'sys-firmware/seabios[binary]'; then
@@ -775,5 +786,5 @@ pkg_info() {
 	else
 		echo "    USE=''"
 	fi
-	echo "  $(best_version sys-firmware/vgabios)"
+	echo "  $(best_version sys-firmware/sgabios)"
 }


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-07-26 19:11 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-07-26 19:11 UTC (permalink / raw
  To: gentoo-commits

commit:     733898218545d7f941e865f69a628b9792ca25ff
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Wed Jul 26 19:10:10 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Wed Jul 26 19:11:09 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=73389821

app-emulation/qemu: version bump to 2.9.0-r56

Remove qemu-2.8.1-r2

 app-emulation/qemu/Manifest                        |  34 +-
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch    |  32 -
 .../qemu/files/qemu-2.8.0-CVE-2016-10028.patch     |  40 --
 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch     |  46 --
 .../qemu/files/qemu-2.8.0-CVE-2016-9908.patch      |  35 -
 .../qemu/files/qemu-2.8.0-CVE-2016-9912.patch      |  38 -
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch    |  52 --
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch    |  55 --
 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch      |  41 --
 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch      |  35 -
 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch      |  40 --
 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch      |  64 --
 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch      |  38 -
 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch      |  35 -
 .../qemu/files/qemu-2.8.0-CVE-2017-5973.patch      |  87 ---
 .../qemu/files/qemu-2.8.0-CVE-2017-5987.patch      |  50 --
 .../qemu/files/qemu-2.8.0-CVE-2017-6505.patch      |  52 --
 .../qemu/files/qemu-2.8.0-CVE-2017-7377.patch      |  49 --
 .../qemu/files/qemu-2.8.1-CVE-2017-7471.patch      |  64 --
 .../qemu/files/qemu-2.8.1-CVE-2017-8086.patch      |  28 -
 .../qemu/files/qemu-2.9.0-CVE-2017-10664.patch     |  47 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-10806.patch     |  50 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch     |  40 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch     |  29 +
 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch      | 601 ++++++++++++++++
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch    | 122 ++++
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch    | 114 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch    |  80 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch    | 197 ++++++
 app-emulation/qemu/qemu-2.8.1-r2.ebuild            | 770 ---------------------
 app-emulation/qemu/qemu-2.9.0-r2.ebuild            |   4 +-
 ...qemu-2.9.0-r54.ebuild => qemu-2.9.0-r56.ebuild} |  23 +-
 32 files changed, 1309 insertions(+), 1683 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index c719930..5fe223b 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -4,36 +4,24 @@ AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SH
 AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
-AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be
-AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
-AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
-AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
-AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
-AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
-AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
-AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
-AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
-AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
-AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
-AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
-AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
-AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
-AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
-AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
-AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
 AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
-AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
-AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
+AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072
+AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
+AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
+AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
 AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
+AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc
 AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
 AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
 AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
 AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
+AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8
+AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d
+AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374
+AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
-DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
-EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f
-EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 f722fa40663602c90dc07139580a3bcc5bcae60ce1a3808f2f38adc2d13211b1 SHA512 51822cc9753b27e6fed97bdd1e4845cbcfb0c8a4a9f55256820127994a1b3beda96765b83a8c578637a968b261f1bf6ef4c1d6ae09491e9f5f9d94af5cdb5ce4 WHIRLPOOL 20f5b6786e60eae4260df3bcdfb9f94d128abc03f9458cf3e42ddf5bb1b0749ea26bc18ba58c47c4d131cb5ab02898f7097dd85c3d9d19ac6bc49062d9d8a57b
-EBUILD qemu-2.9.0-r54.ebuild 23455 SHA256 cf27b44542770cf10be0bd69481e13ccdef4d512d4d02f2388eaf441b1b2b9b8 SHA512 e1344e489cb298807c992f257954e28c0c2d24a517bdd907bc60ebf2380cebc26861161e2a5deba8c95da5af700de198951696061ea916ea9c6f1037264e89dc WHIRLPOOL 3b764803988879ef45a1b28f016d0ac732d8aa18c1fab92e52e18677fea7d3777967281c075dcdc3daa7da083c66c423d7d30ffe2d876811a776bcc5e2de63da
+EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa
+EBUILD qemu-2.9.0-r56.ebuild 24010 SHA256 4185ac27c271ca09d383907cf914c020ba5f9614d5c3901d12e82d4069e0090f SHA512 fab143169a3c25fcf7b2532ec10c651c8b1c1875ea8cb0daa4ae29e153c9609ebc75184df1584944eadb541db76e931ff121866dcde58f3e25e29ad9eadc0a24 WHIRLPOOL 44d3f1fc2f01e61287508580beeacc9c1e1c709b6d19347f69a33ea3202ad7e8dd035d3df948dec11b3a62564a23a41a5c5a1e6faa1e2bde5f31d0ec9c02eb9b
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
deleted file mode 100644
index cea8efc..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-http://bugs.gentoo.org/597108
-https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
-
-From: Prasad J Pandit <address@hidden>
-
-The JAZZ RC4030 chipset emulator has a periodic timer and
-associated interval reload register. The reload value is used
-as divider when computing timer's next tick value. If reload
-value is large, it could lead to divide by zero error. Limit
-the interval reload value to avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/dma/rc4030.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
-index 2f2576f..c1b4997 100644
---- a/hw/dma/rc4030.c
-+++ b/hw/dma/rc4030.c
-@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
-         break;
-     /* Interval timer reload */
-     case 0x0228:
--        s->itr = val;
-+        s->itr = val & 0x01FF;
-         qemu_irq_lower(s->timer_irq);
-         set_next_tick(s);
-         break;
--- 
-2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
deleted file mode 100644
index 466c819..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
-https://bugs.gentoo.org/603444
-
-From:	P J P
-Subject:	[Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
-Date:	Wed, 14 Dec 2016 12:31:56 +0530
-From: Prasad J Pandit <address@hidden>
-
-Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
-command, retrieves the maximum capabilities size to fill in the
-response object. It continues to fill in capabilities even if
-retrieved 'max_size' is zero(0), thus resulting in OOB access.
-Add check to avoid it.
-
-Reported-by: Zhenhao Hong <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index 758d33a..6ceeba3 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
- 
-     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
-                                &max_size);
-+    if (!max_size) {
-+        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
-+        return;
-+    }
-+
-     resp = g_malloc0(sizeof(*resp) + max_size);
--
-     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
-     virgl_renderer_fill_caps(gc.capset_id,
-                              gc.capset_version,
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
deleted file mode 100644
index c486295..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Mon, 28 Nov 2016 17:49:04 -0800
-Subject: [PATCH] watchdog: 6300esb: add exit function
-
-When the Intel 6300ESB watchdog is hot unplug. The timer allocated
-in realize isn't freed thus leaking memory leak. This patch avoid
-this through adding the exit function.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/watchdog/wdt_i6300esb.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
-index a83d951..49b3cd1 100644
---- a/hw/watchdog/wdt_i6300esb.c
-+++ b/hw/watchdog/wdt_i6300esb.c
-@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
-     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
- }
- 
-+static void i6300esb_exit(PCIDevice *dev)
-+{
-+    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
-+
-+    timer_del(d->timer);
-+    timer_free(d->timer);
-+}
-+
- static WatchdogTimerModel model = {
-     .wdt_name = "i6300esb",
-     .wdt_description = "Intel 6300ESB",
-@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
-     k->config_read = i6300esb_config_read;
-     k->config_write = i6300esb_config_write;
-     k->realize = i6300esb_realize;
-+    k->exit = i6300esb_exit;
-     k->vendor_id = PCI_VENDOR_ID_INTEL;
-     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
-     k->class_id = PCI_CLASS_SYSTEM_OTHER;
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
deleted file mode 100644
index 841de65..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
-https://bugs.gentoo.org/601826
-
-From:	Li Qiang
-Subject:	[Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch
-Date:	Tue, 1 Nov 2016 05:37:57 -0700
-From: Li Qiang <address@hidden>
-
-In virgl_cmd_get_capset function, it uses g_malloc to allocate
-a response struct to the guest. As the 'resp'struct hasn't been full
-initialized it will lead the 'resp->padding' field to the guest.
-Use g_malloc0 to avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index 23f39de..d98b140 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
- 
-     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
-                                &max_size);
--    resp = g_malloc(sizeof(*resp) + max_size);
-+    resp = g_malloc0(sizeof(*resp) + max_size);
- 
-     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
-     virgl_renderer_fill_caps(gc.capset_id,
--- 
-1.8.3.1
-
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
deleted file mode 100644
index 55963f7..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
-https://bugs.gentoo.org/602630
-
-From:	Li Qiang
-Subject:	[Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
-Date:	Mon, 28 Nov 2016 21:29:25 -0500
-If the guest destroy the resource before detach banking, the 'iov'
-and 'addrs' field in resource is not freed thus leading memory
-leak issue. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/display/virtio-gpu.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 60bce94..98dadf2 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -28,6 +28,8 @@
- static struct virtio_gpu_simple_resource*
- virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
- 
-+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
-+
- #ifdef CONFIG_VIRGL
- #include <virglrenderer.h>
- #define VIRGL(_g, _virgl, _simple, ...)                     \
-@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
-                                         struct virtio_gpu_simple_resource *res)
- {
-     pixman_image_unref(res->image);
-+    virtio_gpu_cleanup_mapping(res);
-     QTAILQ_REMOVE(&g->reslist, res, next);
-     g_free(res);
- }
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
deleted file mode 100644
index 24411b4..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:30:21 -0800
-Subject: [PATCH] audio: ac97: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently the ac97 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/ac97.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
-index cbd959e..c306575 100644
---- a/hw/audio/ac97.c
-+++ b/hw/audio/ac97.c
-@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
-     ac97_on_reset (&s->dev.qdev);
- }
- 
-+static void ac97_exit(PCIDevice *dev)
-+{
-+    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
-+
-+    AUD_close_in(&s->card, s->voice_pi);
-+    AUD_close_out(&s->card, s->voice_po);
-+    AUD_close_in(&s->card, s->voice_mc);
-+    AUD_remove_card(&s->card);
-+}
-+
- static int ac97_init (PCIBus *bus)
- {
-     pci_create_simple (bus, -1, "AC97");
-@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
-     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
- 
-     k->realize = ac97_realize;
-+    k->exit = ac97_exit;
-     k->vendor_id = PCI_VENDOR_ID_INTEL;
-     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
-     k->revision = 0x01;
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
deleted file mode 100644
index 6bbac58..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:32:22 -0800
-Subject: [PATCH] audio: es1370: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently the es1370 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/es1370.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
-index 8449b5f..883ec69 100644
---- a/hw/audio/es1370.c
-+++ b/hw/audio/es1370.c
-@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
-     es1370_reset (s);
- }
- 
-+static void es1370_exit(PCIDevice *dev)
-+{
-+    ES1370State *s = ES1370(dev);
-+    int i;
-+
-+    for (i = 0; i < 2; ++i) {
-+        AUD_close_out(&s->card, s->dac_voice[i]);
-+    }
-+
-+    AUD_close_in(&s->card, s->adc_voice);
-+    AUD_remove_card(&s->card);
-+}
-+
- static int es1370_init (PCIBus *bus)
- {
-     pci_create_simple (bus, -1, TYPE_ES1370);
-@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
-     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
- 
-     k->realize = es1370_realize;
-+    k->exit = es1370_exit;
-     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
-     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
-     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
deleted file mode 100644
index 9475f3f..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 03:11:26 -0500
-Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the virgl_renderer_resource_attach_iov function fails the
-'res_iovs' will be leaked. Add check of the return value to
-free the 'res_iovs' when failing.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu-3d.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index e29f099..b13ced3 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
-         return;
-     }
- 
--    virgl_renderer_resource_attach_iov(att_rb.resource_id,
--                                       res_iovs, att_rb.nr_entries);
-+    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
-+                                             res_iovs, att_rb.nr_entries);
-+
-+    if (ret != 0)
-+        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
- }
- 
- static void virgl_resource_detach_backing(VirtIOGPU *g,
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
deleted file mode 100644
index f93d1e7..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 04:28:41 -0500
-Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
-
-In the resource attach backing function, everytime it will
-allocate 'res->iov' thus can leading a memory leak. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 6a26258..ca88cf4 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
-         return;
-     }
- 
-+    if (res->iov) {
-+        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
-+        return;
-+    }
-+
-     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
-     if (ret != 0) {
-         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
deleted file mode 100644
index e4572a8..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 4 Jan 2017 00:43:16 -0800
-Subject: [PATCH] serial: fix memory leak in serial exit
-
-The serial_exit_core function doesn't free some resources.
-This can lead memory leak when hotplug and unplug. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/char/serial.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/char/serial.c b/hw/char/serial.c
-index ffbacd8..67b18ed 100644
---- a/hw/char/serial.c
-+++ b/hw/char/serial.c
-@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
- void serial_exit_core(SerialState *s)
- {
-     qemu_chr_fe_deinit(&s->chr);
-+
-+    timer_del(s->modem_status_poll);
-+    timer_free(s->modem_status_poll);
-+
-+    timer_del(s->fifo_timeout_timer);
-+    timer_free(s->fifo_timeout_timer);
-+
-+    fifo8_destroy(&s->recv_fifo);
-+    fifo8_destroy(&s->xmit_fifo);
-+
-     qemu_unregister_reset(serial_reset, s);
- }
- 
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
deleted file mode 100644
index 2ebd49f..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 2 Jan 2017 11:03:33 +0100
-Subject: [PATCH] megasas: fix guest-triggered memory leak
-
-If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
-will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
-Avoid this by returning only the status from map_dcmd, and loading
-cmd->iov_size in the caller.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 67fc1e7..6233865 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
-         trace_megasas_dcmd_invalid_sge(cmd->index,
-                                        cmd->frame->header.sge_count);
-         cmd->iov_size = 0;
--        return -1;
-+        return -EINVAL;
-     }
-     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
-     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
-     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
-     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
-     cmd->iov_size = iov_size;
--    return cmd->iov_size;
-+    return 0;
- }
- 
- static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
-@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
- 
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- {
--    int opcode, len;
-+    int opcode;
-     int retval = 0;
-+    size_t len;
-     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
- 
-     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
-     trace_megasas_handle_dcmd(cmd->index, opcode);
--    len = megasas_map_dcmd(s, cmd);
--    if (len < 0) {
-+    if (megasas_map_dcmd(s, cmd) < 0) {
-         return MFI_STAT_MEMORY_NOT_AVAILABLE;
-     }
-     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
-         cmdptr++;
-     }
-+    len = cmd->iov_size;
-     if (cmdptr->opcode == -1) {
-         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
-         retval = megasas_dcmd_dummy(s, cmd);
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
deleted file mode 100644
index 664a669..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
-backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
-we'll leak memory.
-
-This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
-"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
-
-Reported-by: 李强 <address@hidden>
-Signed-off-by: Gerd Hoffmann <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index f96a0c2..ecb09d1 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
-                                      struct virtio_gpu_ctrl_command *cmd)
- {
-     struct virtio_gpu_resource_unref unref;
-+    struct iovec *res_iovs = NULL;
-+    int num_iovs = 0;
- 
-     VIRTIO_GPU_FILL_CMD(unref);
-     trace_virtio_gpu_cmd_res_unref(unref.resource_id);
- 
-+    virgl_renderer_resource_detach_iov(unref.resource_id,
-+                                       &res_iovs,
-+                                       &num_iovs);
-+    if (res_iovs != NULL && num_iovs != 0) {
-+        virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
-+    }
-     virgl_renderer_resource_unref(unref.resource_id);
- }
- 
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
deleted file mode 100644
index 9f94477..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 3 Feb 2017 00:52:28 +0530
-Subject: [PATCH] usb: ccid: check ccid apdu length
-
-CCID device emulator uses Application Protocol Data Units(APDU)
-to exchange command and responses to and from the host.
-The length in these units couldn't be greater than 65536. Add
-check to ensure the same. It'd also avoid potential integer
-overflow in emulated_apdu_from_guest.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170202192228.10847-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-smartcard-reader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
-index 89e11b6..1325ea1 100644
---- a/hw/usb/dev-smartcard-reader.c
-+++ b/hw/usb/dev-smartcard-reader.c
-@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
-     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
-                 recv->hdr.bSeq, len);
-     ccid_add_pending_answer(s, (CCID_Header *)recv);
--    if (s->card) {
-+    if (s->card && len <= BULK_OUT_DATA_SIZE) {
-         ccid_card_apdu_from_guest(s->card, recv->abData, len);
-     } else {
-         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
deleted file mode 100644
index 50ff3c9..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-Limits should be big enough that normal guest should not hit it.
-Add a tracepoint to log them, just in case.  Also, while being
-at it, log the existing link trb limit too.
-
-Reported-by: 李强 <address@hidden>
-Signed-off-by: Gerd Hoffmann <address@hidden>
----
- hw/usb/hcd-xhci.c   | 15 ++++++++++++++-
- hw/usb/trace-events |  1 +
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index fbf8a8b..28dd2f2 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -51,6 +51,8 @@
- #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
- 
- #define TRB_LINK_LIMIT  4
-+#define COMMAND_LIMIT   256
-+#define TRANSFER_LIMIT  256
- 
- #define LEN_CAP         0x40
- #define LEN_OPER        (0x400 + 0x10 * MAXPORTS)
-@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
-             return type;
-         } else {
-             if (++link_cnt > TRB_LINK_LIMIT) {
-+                trace_usb_xhci_enforced_limit("trb-link");
-                 return 0;
-             }
-             ring->dequeue = xhci_mask64(trb->parameter);
-@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
-     XHCIRing *ring;
-     USBEndpoint *ep = NULL;
-     uint64_t mfindex;
-+    unsigned int count = 0;
-     int length;
-     int i;
- 
-@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
-             epctx->retry = xfer;
-             break;
-         }
-+        if (count++ > TRANSFER_LIMIT) {
-+            trace_usb_xhci_enforced_limit("transfers");
-+            break;
-+        }
-     }
-     epctx->kick_active--;
- 
-@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
-     TRBType type;
-     XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
-     dma_addr_t addr;
--    unsigned int i, slotid = 0;
-+    unsigned int i, slotid = 0, count = 0;
- 
-     DPRINTF("xhci_process_commands()\n");
-     if (!xhci_running(xhci)) {
-@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
-         }
-         event.slotid = slotid;
-         xhci_event(xhci, &event, 0);
-+
-+        if (count++ > COMMAND_LIMIT) {
-+            trace_usb_xhci_enforced_limit("commands");
-+            return;
-+        }
-     }
- }
- 
-diff --git a/hw/usb/trace-events b/hw/usb/trace-events
-index fdd1d29..0c323d4 100644
---- a/hw/usb/trace-events
-+++ b/hw/usb/trace-events
-@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
- usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
- usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
- usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
-+usb_xhci_enforced_limit(const char *item) "%s"
- 
- # hw/usb/desc.c
- usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
--- 
-1.8.3.1
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
deleted file mode 100644
index bfde2e9..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-In the SDHCI protocol, the transfer mode register value
-is used during multi block transfer to check if block count
-register is enabled and should be updated. Transfer mode
-register could be set such that, block count register would
-not be updated, thus leading to an infinite loop. Add check
-to avoid it.
-
-Reported-by: Wjjzhang <address@hidden>
-Reported-by: Jiang Xin <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/sd/sdhci.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-Update: use qemu_log_mask(LOG_UNIMP, ...)
-  -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
-
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
-index 5bd5ab6..a9c744b 100644
---- a/hw/sd/sdhci.c
-+++ b/hw/sd/sdhci.c
-@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
-     uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
-     uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
- 
-+    if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
-+        qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
-+        return;
-+    }
-+
-     /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
-      * possible stop at page boundary if initial address is not page aligned,
-      * allow them to work properly */
-@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
-     if (s->trnmod & SDHC_TRNS_DMA) {
-         switch (SDHC_DMA_TYPE(s->hostctl)) {
-         case SDHC_CTRL_SDMA:
--            if ((s->trnmod & SDHC_TRNS_MULTI) &&
--                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
--                break;
--            }
--
-             if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
-                 sdhci_sdma_transfer_single_block(s);
-             } else {
--- 
-2.9.3
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
deleted file mode 100644
index a15aa96..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Tue, 7 Feb 2017 02:23:33 -0800
-Subject: [PATCH] usb: ohci: limit the number of link eds
-
-The guest may builds an infinite loop with link eds. This patch
-limit the number of linked ed to avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ohci.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
-index 2cba3e3..21c93e0 100644
---- a/hw/usb/hcd-ohci.c
-+++ b/hw/usb/hcd-ohci.c
-@@ -42,6 +42,8 @@
- 
- #define OHCI_MAX_PORTS 15
- 
-+#define ED_LINK_LIMIT 4
-+
- static int64_t usb_frame_time;
- static int64_t usb_bit_time;
- 
-@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
-     uint32_t next_ed;
-     uint32_t cur;
-     int active;
--
-+    uint32_t link_cnt = 0;
-     active = 0;
- 
-     if (head == 0)
-@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
- 
-         next_ed = ed.next & OHCI_DPTR_MASK;
- 
-+        if (++link_cnt > ED_LINK_LIMIT) {
-+            ohci_die(ohci);
-+            return 0;
-+        }
-+
-         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
-             uint32_t addr;
-             /* Cancel pending packets for ED that have been paused.  */
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
deleted file mode 100644
index f2d317c..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Mon, 27 Mar 2017 21:13:19 +0200
-Subject: [PATCH] 9pfs: fix file descriptor leak
-
-The v9fs_create() and v9fs_lcreate() functions are used to create a file
-on the backend and to associate it to a fid. The fid shouldn't be already
-in-use, otherwise both functions may silently leak a file descriptor or
-allocated memory. The current code doesn't check that.
-
-This patch ensures that the fid isn't already associated to anything
-before using it.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-(reworded the changelog, Greg Kurz)
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index b8c0b99..48babce 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
-         err = -ENOENT;
-         goto out_nofid;
-     }
-+    if (fidp->fid_type != P9_FID_NONE) {
-+        err = -EINVAL;
-+        goto out;
-+    }
- 
-     flags = get_dotl_openflags(pdu->s, flags);
-     err = v9fs_co_open2(pdu, fidp, &name, gid,
-@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
-         err = -EINVAL;
-         goto out_nofid;
-     }
-+    if (fidp->fid_type != P9_FID_NONE) {
-+        err = -EINVAL;
-+        goto out;
-+    }
-     if (perm & P9_STAT_MODE_DIR) {
-         err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
-                             fidp->uid, -1, &stbuf);
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
deleted file mode 100644
index c5366f5..0000000
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Mon, 17 Apr 2017 10:53:23 +0200
-Subject: [PATCH] 9pfs: local: set the path of the export root to "."
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The local backend was recently converted to using "at*()" syscalls in order
-to ensure all accesses happen below the shared directory. This requires that
-we only pass relative paths, otherwise the dirfd argument to the "at*()"
-syscalls is ignored and the path is treated as an absolute path in the host.
-This is actually the case for paths in all fids, with the notable exception
-of the root fid, whose path is "/". This causes the following backend ops to
-act on the "/" directory of the host instead of the virtfs shared directory
-when the export root is involved:
-- lstat
-- chmod
-- chown
-- utimensat
-
-ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
-host for example. This could cause security issues with a privileged QEMU.
-
-All "*at()" syscalls are being passed an open file descriptor. In the case
-of the export root, this file descriptor points to the path in the host that
-was passed to -fsdev.
-
-The fix is thus as simple as changing the path of the export root fid to be
-"." instead of "/".
-
-This is CVE-2017-7471.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Léo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/9pfs/9p-local.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index 45e9a1f..f3ebca4 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
- {
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
--    } else {
-+    } else if (strcmp(name, "/")) {
-         v9fs_path_sprintf(target, "%s", name);
-+    } else {
-+        /* We want the path of the export root to be relative, otherwise
-+         * "*at()" syscalls would treat it as "/" in the host.
-+         */
-+        v9fs_path_sprintf(target, "%s", ".");
-     }
-     return 0;
- }
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
deleted file mode 100644
index eac72f3..0000000
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Fri, 7 Apr 2017 03:48:52 -0700
-Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
-
-Free 'orig_value' in error path.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p-xattr.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
-index eec160b..d05c1a1 100644
---- a/hw/9pfs/9p-xattr.c
-+++ b/hw/9pfs/9p-xattr.c
-@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
-     g_free(name);
-     close_preserve_errno(dirfd);
-     if (xattr_len < 0) {
-+        g_free(orig_value);
-         return -1;
-     }
- 
--- 
-2.10.2
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
new file mode 100644
index 0000000..7db0692
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
@@ -0,0 +1,47 @@
+From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
+From: Max Reitz <mreitz@redhat.com>
+Date: Sun, 11 Jun 2017 14:37:14 +0200
+Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
+
+qemu proper has done so for 13 years
+(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
+done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
+Ignoring this signal is especially important in qemu-nbd because
+otherwise a client can easily take down the qemu-nbd server by dropping
+the connection when the server wants to send something, for example:
+
+$ qemu-nbd -x foo -f raw -t null-co:// &
+[1] 12726
+$ qemu-io -c quit nbd://localhost/bar
+can't open device nbd://localhost/bar: No export with name 'bar' available
+[1]  + 12726 broken pipe  qemu-nbd -x foo -f raw -t null-co://
+
+In this case, the client sends an NBD_OPT_ABORT and closes the
+connection (because it is not required to wait for a reply), but the
+server replies with an NBD_REP_ACK (because it is required to reply).
+
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ qemu-nbd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 9464a0461c..4dd3fd4732 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+     sa_sigterm.sa_handler = termsig_handler;
+     sigaction(SIGTERM, &sa_sigterm, NULL);
+ 
++#ifdef CONFIG_POSIX
++    signal(SIGPIPE, SIG_IGN);
++#endif
++
+     module_call_init(MODULE_INIT_TRACE);
+     qcrypto_init(&error_fatal);
+ 
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
new file mode 100644
index 0000000..0074f5f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
@@ -0,0 +1,50 @@
+From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 May 2017 13:01:28 +0200
+Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Don't reinvent a broken wheel, just use the hexdump function we have.
+
+Impact: low, broken code doesn't run unless you have debug logging
+enabled.
+
+Reported-by: 李强 <liqiang6-s@360.cn>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20170509110128.27261-1-kraxel@redhat.com
+---
+ hw/usb/redirect.c | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index b001a27f05..ad5ef783a6 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+     const uint8_t *data, int len)
+ {
+-    int i, j, n;
+-
+     if (dev->debug < usbredirparser_debug_data) {
+         return;
+     }
+-
+-    for (i = 0; i < len; i += j) {
+-        char buf[128];
+-
+-        n = sprintf(buf, "%s", desc);
+-        for (j = 0; j < 8 && i + j < len; j++) {
+-            n += sprintf(buf + n, " %02X", data[i + j]);
+-        }
+-        error_report("%s", buf);
+-    }
++    qemu_hexdump((char *)data, stderr, desc, len);
+ }
+ 
+ /*
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
new file mode 100644
index 0000000..bfe4c7d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
@@ -0,0 +1,40 @@
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest 
+From: Prasad J Pandit <address@hidden>
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff8..ad103ce 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
new file mode 100644
index 0000000..5d32067
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
@@ -0,0 +1,29 @@
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
+From: Prasad J Pandit <address@hidden>
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c..5dd1a41 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
+-- 
+2.9.4

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
new file mode 100644
index 0000000..3af1697
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
@@ -0,0 +1,601 @@
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Date: Fri, 2 Jun 2017 18:01:41 +0300
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
+
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
+setting any handlers. But starting from ff82911cd nbd_rwv (was
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
+let's just use nbd_{read,write,drop} functions.
+
+Functions nbd_{read,write,drop} has errp parameter, which is unused in
+this patch. This will be fixed later.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 107 ++++++++++++-----------------------------------------------
+ 1 file changed, 22 insertions(+), 85 deletions(-)
+
+diff --git a/nbd/client.c b/nbd/client.c
+index a58fb02..6b74a62 100644
+--- a/nbd/client.c
++++ b/nbd/client.c
+@@ -86,9 +86,9 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+ 
+ */
+ 
+-/* Discard length bytes from channel.  Return -errno on failure, or
+- * the amount of bytes consumed. */
+-static ssize_t drop_sync(QIOChannel *ioc, size_t size)
++/* Discard length bytes from channel.  Return -errno on failure and 0 on
++ * success*/
++static int drop_sync(QIOChannel *ioc, size_t size)
+ {
+     ssize_t ret = 0;
+     char small[1024];
+@@ -96,14 +96,13 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
+ 
+     buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
+     while (size > 0) {
+-        ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
++        ssize_t count = MIN(65536, size);
++        ret = read_sync(ioc, buffer, MIN(65536, size));
+ 
+-        if (count <= 0) {
++        if (ret < 0) {
+             goto cleanup;
+         }
+-        assert(count <= size);
+         size -= count;
+-        ret += count;
+     }
+ 
+  cleanup:
+@@ -136,12 +135,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt,
+     stl_be_p(&req.option, opt);
+     stl_be_p(&req.length, len);
+ 
+-    if (write_sync(ioc, &req, sizeof(req)) != sizeof(req)) {
++    if (write_sync(ioc, &req, sizeof(req)) < 0) {
+         error_setg(errp, "Failed to send option request header");
+         return -1;
+     }
+ 
+-    if (len && write_sync(ioc, (char *) data, len) != len) {
++    if (len && write_sync(ioc, (char *) data, len) < 0) {
+         error_setg(errp, "Failed to send option request data");
+         return -1;
+     }
+@@ -170,7 +169,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
+                                     nbd_opt_reply *reply, Error **errp)
+ {
+     QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
+-    if (read_sync(ioc, reply, sizeof(*reply)) != sizeof(*reply)) {
++    if (read_sync(ioc, reply, sizeof(*reply)) < 0) {
+         error_setg(errp, "failed to read option reply");
+         nbd_send_opt_abort(ioc);
+         return -1;
+@@ -219,7 +218,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
+             goto cleanup;
+         }
+         msg = g_malloc(reply->length + 1);
+-        if (read_sync(ioc, msg, reply->length) != reply->length) {
++        if (read_sync(ioc, msg, reply->length) < 0) {
+             error_setg(errp, "failed to read option error message");
+             goto cleanup;
+         }
+@@ -321,7 +320,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+         nbd_send_opt_abort(ioc);
+         return -1;
+     }
+-    if (read_sync(ioc, &namelen, sizeof(namelen)) != sizeof(namelen)) {
++    if (read_sync(ioc, &namelen, sizeof(namelen)) < 0) {
+         error_setg(errp, "failed to read option name length");
+         nbd_send_opt_abort(ioc);
+         return -1;
+@@ -334,7 +333,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+         return -1;
+     }
+     if (namelen != strlen(want)) {
+-        if (drop_sync(ioc, len) != len) {
++        if (drop_sync(ioc, len) < 0) {
+             error_setg(errp, "failed to skip export name with wrong length");
+             nbd_send_opt_abort(ioc);
+             return -1;
+@@ -343,14 +342,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+     }
+ 
+     assert(namelen < sizeof(name));
+-    if (read_sync(ioc, name, namelen) != namelen) {
++    if (read_sync(ioc, name, namelen) < 0) {
+         error_setg(errp, "failed to read export name");
+         nbd_send_opt_abort(ioc);
+         return -1;
+     }
+     name[namelen] = '\0';
+     len -= namelen;
+-    if (drop_sync(ioc, len) != len) {
++    if (drop_sync(ioc, len) < 0) {
+         error_setg(errp, "failed to read export description");
+         nbd_send_opt_abort(ioc);
+         return -1;
+@@ -477,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+         goto fail;
+     }
+ 
+-    if (read_sync(ioc, buf, 8) != 8) {
++    if (read_sync(ioc, buf, 8) < 0) {
+         error_setg(errp, "Failed to read data");
+         goto fail;
+     }
+@@ -503,7 +502,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+         goto fail;
+     }
+ 
+-    if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
++    if (read_sync(ioc, &magic, sizeof(magic)) < 0) {
+         error_setg(errp, "Failed to read magic");
+         goto fail;
+     }
+@@ -515,8 +514,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+         uint16_t globalflags;
+         bool fixedNewStyle = false;
+ 
+-        if (read_sync(ioc, &globalflags, sizeof(globalflags)) !=
+-            sizeof(globalflags)) {
++        if (read_sync(ioc, &globalflags, sizeof(globalflags)) < 0) {
+             error_setg(errp, "Failed to read server flags");
+             goto fail;
+         }
+@@ -534,8 +532,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+         }
+         /* client requested flags */
+         clientflags = cpu_to_be32(clientflags);
+-        if (write_sync(ioc, &clientflags, sizeof(clientflags)) !=
+-            sizeof(clientflags)) {
++        if (write_sync(ioc, &clientflags, sizeof(clientflags)) < 0) {
+             error_setg(errp, "Failed to send clientflags field");
+             goto fail;
+         }
+@@ -573,13 +570,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+         }
+ 
+         /* Read the response */
+-        if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
++        if (read_sync(ioc, &s, sizeof(s)) < 0) {
+             error_setg(errp, "Failed to read export length");
+             goto fail;
+         }
+         *size = be64_to_cpu(s);
+ 
+-        if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) {
++        if (read_sync(ioc, flags, sizeof(*flags)) < 0) {
+             error_setg(errp, "Failed to read export flags");
+             goto fail;
+         }
+@@ -596,14 +593,14 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+             goto fail;
+         }
+ 
+-        if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
++        if (read_sync(ioc, &s, sizeof(s)) < 0) {
+             error_setg(errp, "Failed to read export length");
+             goto fail;
+         }
+         *size = be64_to_cpu(s);
+         TRACE("Size is %" PRIu64, *size);
+ 
+-        if (read_sync(ioc, &oldflags, sizeof(oldflags)) != sizeof(oldflags)) {
++        if (read_sync(ioc, &oldflags, sizeof(oldflags)) < 0) {
+             error_setg(errp, "Failed to read export flags");
+             goto fail;
+         }
+@@ -619,7 +616,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+     }
+ 
+     TRACE("Size is %" PRIu64 ", export flags %" PRIx16, *size, *flags);
+-    if (zeroes && drop_sync(ioc, 124) != 124) {
++    if (zeroes && drop_sync(ioc, 124) < 0) {
+         error_setg(errp, "Failed to read reserved block");
+         goto fail;
+     }
+@@ -744,7 +741,6 @@ int nbd_disconnect(int fd)
+ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
+ {
+     uint8_t buf[NBD_REQUEST_SIZE];
+-    ssize_t ret;
+ 
+     TRACE("Sending request to server: "
+           "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64
+@@ -759,16 +755,7 @@ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
+     stq_be_p(buf + 16, request->from);
+     stl_be_p(buf + 24, request->len);
+ 
+-    ret = write_sync(ioc, buf, sizeof(buf));
+-    if (ret < 0) {
+-        return ret;
+-    }
+-
+-    if (ret != sizeof(buf)) {
+-        LOG("writing to socket failed");
+-        return -EINVAL;
+-    }
+-    return 0;
++    return write_sync(ioc, buf, sizeof(buf));
+ }
+ 
+ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
+@@ -777,7 +764,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
+     uint32_t magic;
+     ssize_t ret;
+ 
+-    ret = read_sync(ioc, buf, sizeof(buf));
++    ret = read_sync_eof(ioc, buf, sizeof(buf));
+     if (ret <= 0) {
+         return ret;
+     }
+diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
+index f43d990..e6bbc7c 100644
+--- a/nbd/nbd-internal.h
++++ b/nbd/nbd-internal.h
+@@ -94,7 +94,13 @@
+ #define NBD_ENOSPC     28
+ #define NBD_ESHUTDOWN  108
+ 
+-static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
++/* read_sync_eof
++ * Tries to read @size bytes from @ioc. Returns number of bytes actually read.
++ * May return a value >= 0 and < size only on EOF, i.e. when iteratively called
++ * qio_channel_readv() returns 0. So, there are no needs to call read_sync_eof
++ * iteratively.
++ */
++static inline ssize_t read_sync_eof(QIOChannel *ioc, void *buffer, size_t size)
+ {
+     struct iovec iov = { .iov_base = buffer, .iov_len = size };
+     /* Sockets are kept in blocking mode in the negotiation phase.  After
+@@ -105,12 +111,32 @@ static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
+     return nbd_wr_syncv(ioc, &iov, 1, size, true);
+ }
+ 
+-static inline ssize_t write_sync(QIOChannel *ioc, const void *buffer,
+-                                 size_t size)
++/* read_sync
++ * Reads @size bytes from @ioc. Returns 0 on success.
++ */
++static inline int read_sync(QIOChannel *ioc, void *buffer, size_t size)
++{
++    ssize_t ret = read_sync_eof(ioc, buffer, size);
++
++    if (ret >= 0 && ret != size) {
++        ret = -EINVAL;
++    }
++
++    return ret < 0 ? ret : 0;
++}
++
++/* write_sync
++ * Writes @size bytes to @ioc. Returns 0 on success.
++ */
++static inline int write_sync(QIOChannel *ioc, const void *buffer, size_t size)
+ {
+     struct iovec iov = { .iov_base = (void *) buffer, .iov_len = size };
+ 
+-    return nbd_wr_syncv(ioc, &iov, 1, size, false);
++    ssize_t ret = nbd_wr_syncv(ioc, &iov, 1, size, false);
++
++    assert(ret < 0 || ret == size);
++
++    return ret < 0 ? ret : 0;
+ }
+ 
+ struct NBDTLSHandshakeData {
+diff --git a/nbd/server.c b/nbd/server.c
+index 924a1fe..a1f106b 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -104,69 +104,6 @@ struct NBDClient {
+ 
+ static void nbd_client_receive_next_request(NBDClient *client);
+ 
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
+-                                       GIOCondition condition,
+-                                       void *opaque)
+-{
+-    qemu_coroutine_enter(opaque);
+-    return TRUE;
+-}
+-
+-static ssize_t nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
+-{
+-    ssize_t ret;
+-    guint watch;
+-
+-    assert(qemu_in_coroutine());
+-    /* Negotiation are always in main loop. */
+-    watch = qio_channel_add_watch(ioc,
+-                                  G_IO_IN,
+-                                  nbd_negotiate_continue,
+-                                  qemu_coroutine_self(),
+-                                  NULL);
+-    ret = read_sync(ioc, buffer, size);
+-    g_source_remove(watch);
+-    return ret;
+-
+-}
+-
+-static ssize_t nbd_negotiate_write(QIOChannel *ioc, const void *buffer,
+-                                   size_t size)
+-{
+-    ssize_t ret;
+-    guint watch;
+-
+-    assert(qemu_in_coroutine());
+-    /* Negotiation are always in main loop. */
+-    watch = qio_channel_add_watch(ioc,
+-                                  G_IO_OUT,
+-                                  nbd_negotiate_continue,
+-                                  qemu_coroutine_self(),
+-                                  NULL);
+-    ret = write_sync(ioc, buffer, size);
+-    g_source_remove(watch);
+-    return ret;
+-}
+-
+-static ssize_t nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
+-{
+-    ssize_t ret, dropped = size;
+-    uint8_t *buffer = g_malloc(MIN(65536, size));
+-
+-    while (size > 0) {
+-        ret = nbd_negotiate_read(ioc, buffer, MIN(65536, size));
+-        if (ret < 0) {
+-            g_free(buffer);
+-            return ret;
+-        }
+-
+-        assert(ret <= size);
+-        size -= ret;
+-    }
+-
+-    g_free(buffer);
+-    return dropped;
+-}
+ 
+ /* Basic flow for negotiation
+ 
+@@ -206,22 +143,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
+           type, opt, len);
+ 
+     magic = cpu_to_be64(NBD_REP_MAGIC);
+-    if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
++    if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
+         LOG("write failed (rep magic)");
+         return -EINVAL;
+     }
+     opt = cpu_to_be32(opt);
+-    if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) != sizeof(opt)) {
++    if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
+         LOG("write failed (rep opt)");
+         return -EINVAL;
+     }
+     type = cpu_to_be32(type);
+-    if (nbd_negotiate_write(ioc, &type, sizeof(type)) != sizeof(type)) {
++    if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
+         LOG("write failed (rep type)");
+         return -EINVAL;
+     }
+     len = cpu_to_be32(len);
+-    if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
++    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+         LOG("write failed (rep data length)");
+         return -EINVAL;
+     }
+@@ -256,7 +193,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
+     if (ret < 0) {
+         goto out;
+     }
+-    if (nbd_negotiate_write(ioc, msg, len) != len) {
++    if (nbd_write(ioc, msg, len, NULL) < 0) {
+         LOG("write failed (error message)");
+         ret = -EIO;
+     } else {
+@@ -287,15 +224,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
+     }
+ 
+     len = cpu_to_be32(name_len);
+-    if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
++    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+         LOG("write failed (name length)");
+         return -EINVAL;
+     }
+-    if (nbd_negotiate_write(ioc, name, name_len) != name_len) {
++    if (nbd_write(ioc, name, name_len, NULL) < 0) {
+         LOG("write failed (name buffer)");
+         return -EINVAL;
+     }
+-    if (nbd_negotiate_write(ioc, desc, desc_len) != desc_len) {
++    if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
+         LOG("write failed (description buffer)");
+         return -EINVAL;
+     }
+@@ -309,7 +246,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
+     NBDExport *exp;
+ 
+     if (length) {
+-        if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++        if (nbd_drop(client->ioc, length, NULL) < 0) {
+             return -EIO;
+         }
+         return nbd_negotiate_send_rep_err(client->ioc,
+@@ -340,7 +277,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
+         LOG("Bad length received");
+         goto fail;
+     }
+-    if (nbd_negotiate_read(client->ioc, name, length) != length) {
++    if (nbd_read(client->ioc, name, length, NULL) < 0) {
+         LOG("read failed");
+         goto fail;
+     }
+@@ -373,7 +310,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+     TRACE("Setting up TLS");
+     ioc = client->ioc;
+     if (length) {
+-        if (nbd_negotiate_drop_sync(ioc, length) != length) {
++        if (nbd_drop(ioc, length, NULL) < 0) {
+             return NULL;
+         }
+         nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
+@@ -437,8 +374,7 @@ static int nbd_negotiate_options(NBDClient *client)
+         ...           Rest of request
+     */
+ 
+-    if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) !=
+-        sizeof(flags)) {
++    if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
+         LOG("read failed");
+         return -EIO;
+     }
+@@ -464,8 +400,7 @@ static int nbd_negotiate_options(NBDClient *client)
+         uint32_t clientflags, length;
+         uint64_t magic;
+ 
+-        if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) !=
+-            sizeof(magic)) {
++        if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
+             LOG("read failed");
+             return -EINVAL;
+         }
+@@ -475,15 +410,15 @@ static int nbd_negotiate_options(NBDClient *client)
+             return -EINVAL;
+         }
+ 
+-        if (nbd_negotiate_read(client->ioc, &clientflags,
+-                               sizeof(clientflags)) != sizeof(clientflags)) {
++        if (nbd_read(client->ioc, &clientflags,
++                      sizeof(clientflags), NULL) < 0)
++        {
+             LOG("read failed");
+             return -EINVAL;
+         }
+         clientflags = be32_to_cpu(clientflags);
+ 
+-        if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) !=
+-            sizeof(length)) {
++        if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
+             LOG("read failed");
+             return -EINVAL;
+         }
+@@ -513,7 +448,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 return -EINVAL;
+ 
+             default:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -551,7 +486,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 return nbd_negotiate_handle_export_name(client, length);
+ 
+             case NBD_OPT_STARTTLS:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 if (client->tlscreds) {
+@@ -570,7 +505,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 }
+                 break;
+             default:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -659,12 +594,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+             TRACE("TLS cannot be enabled with oldstyle protocol");
+             goto fail;
+         }
+-        if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) != sizeof(buf)) {
++        if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+     } else {
+-        if (nbd_negotiate_write(client->ioc, buf, 18) != 18) {
++        if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+@@ -679,7 +614,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+         stq_be_p(buf + 18, client->exp->size);
+         stw_be_p(buf + 26, client->exp->nbdflags | myflags);
+         len = client->no_zeroes ? 10 : sizeof(buf) - 18;
+-        if (nbd_negotiate_write(client->ioc, buf + 18, len) != len) {
++        if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+@@ -702,11 +637,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
+         return ret;
+     }
+ 
+-    if (ret != sizeof(buf)) {
+-        LOG("read failed");
+-        return -EINVAL;
+-    }
+-
+     /* Request
+        [ 0 ..  3]   magic   (NBD_REQUEST_MAGIC)
+        [ 4 ..  5]   flags   (NBD_CMD_FLAG_FUA, ...)
+@@ -737,7 +667,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
+ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
+ {
+     uint8_t buf[NBD_REPLY_SIZE];
+-    ssize_t ret;
+ 
+     reply->error = system_errno_to_nbd_errno(reply->error);
+ 
+@@ -754,16 +683,7 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
+     stl_be_p(buf + 4, reply->error);
+     stq_be_p(buf + 8, reply->handle);
+ 
+-    ret = write_sync(ioc, buf, sizeof(buf));
+-    if (ret < 0) {
+-        return ret;
+-    }
+-
+-    if (ret != sizeof(buf)) {
+-        LOG("writing to socket failed");
+-        return -EINVAL;
+-    }
+-    return 0;
++    return write_sync(ioc, buf, sizeof(buf));
+ }
+ 
+ #define MAX_NBD_REQUESTS 16
+@@ -1067,7 +987,7 @@ static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply,
+         rc = nbd_send_reply(client->ioc, reply);
+         if (rc >= 0) {
+             ret = write_sync(client->ioc, req->data, len);
+-            if (ret != len) {
++            if (ret < 0) {
+                 rc = -EIO;
+             }
+         }
+@@ -1141,7 +1061,7 @@ static ssize_t nbd_co_receive_request(NBDRequestData *req,
+     if (request->type == NBD_CMD_WRITE) {
+         TRACE("Reading %" PRIu32 " byte(s)", request->len);
+ 
+-        if (read_sync(client->ioc, req->data, request->len) != request->len) {
++        if (read_sync(client->ioc, req->data, request->len) < 0) {
+             LOG("reading from socket failed");
+             rc = -EIO;
+             goto out;

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
new file mode 100644
index 0000000..01c81d1
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
@@ -0,0 +1,122 @@
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:26:14 +0200
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
+
+This ensures that the request is unref'ed properly, and avoids a
+segmentation fault in the new qtest testcase that is added.
+This is CVE-2017-9503.
+
+Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c    | 31 ++++++++++++++++---------------
+ 2 files changed, 51 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 135662df31..734fdaef90 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
+ static void megasas_abort_command(MegasasCmd *cmd)
+ {
+     /* Never abort internal commands.  */
++    if (cmd->dcmd_opcode != -1) {
++        return;
++    }
+     if (cmd->req != NULL) {
+         scsi_req_cancel(cmd->req);
+     }
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+     uint64_t pd_size;
+     uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+     uint8_t cmdbuf[6];
+-    SCSIRequest *req;
+     size_t len, resid;
+ 
+     if (!cmd->iov_buf) {
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+         info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
+         info->vpd_page83[0] = 0x7f;
+         megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
+-        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "PD get info std inquiry");
+             g_free(cmd->iov_buf);
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "PD get info std inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
+         megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
+-        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "PD get info vpd inquiry");
+             return MFI_STAT_FLASH_ALLOC_FAIL;
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "PD get info vpd inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     }
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+     struct mfi_ld_info *info = cmd->iov_buf;
+     size_t dcmd_size = sizeof(struct mfi_ld_info);
+     uint8_t cdb[6];
+-    SCSIRequest *req;
+     ssize_t len, resid;
+     uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+     uint64_t ld_size;
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+         cmd->iov_buf = g_malloc0(dcmd_size);
+         info = cmd->iov_buf;
+         megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
+-        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "LD get info vpd inquiry");
+             g_free(cmd->iov_buf);
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "LD get info vpd inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     }
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
+         return;
+     }
+ 
+-    if (cmd->req == NULL) {
++    if (cmd->dcmd_opcode != -1) {
+         /*
+          * Internal command complete
+          */

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
new file mode 100644
index 0000000..74725a9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
@@ -0,0 +1,114 @@
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:18:23 +0200
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
+
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 25 +++++++++++--------------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index c353118882..a3f75c1650 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
+ 
+     hwaddr pa;
+     hwaddr pa_size;
++    uint32_t dcmd_opcode;
+     union mfi_frame *frame;
+     SCSIRequest *req;
+     QEMUSGList qsg;
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
+         cmd->context &= (uint64_t)0xFFFFFFFF;
+     }
+     cmd->count = count;
++    cmd->dcmd_opcode = -1;
+     s->busy++;
+ 
+     if (s->consumer_pa) {
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode;
+     int retval = 0;
+     size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    trace_megasas_handle_dcmd(cmd->index, opcode);
++    cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
++    trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
+     if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+-    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
++    while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
+         cmdptr++;
+     }
+     len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+-        trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
++        trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+     } else {
+         trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+                                         SCSIRequest *req)
+ {
+-    int opcode;
+     int retval = MFI_STAT_OK;
+     int lun = req->lun;
+ 
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
+-    switch (opcode) {
++    trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
++    switch (cmd->dcmd_opcode) {
+     case MFI_DCMD_PD_GET_INFO:
+         retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+         break;
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+         retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+         break;
+     default:
+-        trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
++        trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
+         retval = MFI_STAT_INVALID_DCMD;
+         break;
+     }
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ {
+     MegasasCmd *cmd = req->hba_private;
+     uint8_t *buf;
+-    uint32_t opcode;
+ 
+     trace_megasas_io_complete(cmd->index, len);
+ 
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+     }
+ 
+     buf = scsi_req_get_buf(req);
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
++    if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+         struct mfi_pd_info *info = cmd->iov_buf;
+ 
+         if (info->inquiry_data[0] == 0x7f) {
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+             memcpy(info->vpd_page83, buf, len);
+         }
+         scsi_req_continue(req);
+-    } else if (opcode == MFI_DCMD_LD_GET_INFO) {
++    } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
+         struct mfi_ld_info *info = cmd->iov_buf;
+ 
+         if (cmd->iov_buf) {
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
new file mode 100644
index 0000000..9d77193
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
@@ -0,0 +1,80 @@
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 26 May 2017 22:04:21 -0500
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
+
+If a non-NBD client connects to qemu-nbd, we would end up with
+a SIGSEGV in nbd_client_put() because we were trying to
+unregister the client's association to the export, even though
+we skipped inserting the client into that list.  Easy trigger
+in two terminals:
+
+$ qemu-nbd -p 30001 --format=raw file
+$ nmap 127.0.0.1 -p 30001
+
+nmap claims that it thinks it connected to a pago-services1
+server (which probably means nmap could be updated to learn the
+NBD protocol and give a more accurate diagnosis of the open
+port - but that's not our problem), then terminates immediately,
+so our call to nbd_negotiate() fails.  The fix is to reorder
+nbd_co_client_start() to ensure that all initialization occurs
+before we ever try talking to a client in nbd_negotiate(), so
+that the teardown sequence on negotiation failure doesn't fault
+while dereferencing a half-initialized object.
+
+While debugging this, I also noticed that nbd_update_server_watch()
+called by nbd_client_closed() was still adding a channel to accept
+the next client, even when the state was no longer RUNNING.  That
+is fixed by making nbd_can_accept() pay attention to the current
+state.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170527030421.28366-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 8 +++-----
+ qemu-nbd.c   | 2 +-
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index ee59e5d234..49b55f6ede 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+ 
+     if (exp) {
+         nbd_export_get(exp);
++        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+     }
++    qemu_co_mutex_init(&client->send_lock);
++
+     if (nbd_negotiate(data)) {
+         client_close(client);
+         goto out;
+     }
+-    qemu_co_mutex_init(&client->send_lock);
+-
+-    if (exp) {
+-        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+-    }
+ 
+     nbd_client_receive_next_request(client);
+ 
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index f60842fd86..651f85ecc1 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -325,7 +325,7 @@ out:
+ 
+ static int nbd_can_accept(void)
+ {
+-    return nb_fds < shared;
++    return state == RUNNING && nb_fds < shared;
+ }
+ 
+ static void nbd_export_closed(NBDExport *exp)
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
new file mode 100644
index 0000000..e6934b3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
@@ -0,0 +1,197 @@
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 8 Jun 2017 17:26:17 -0500
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan
+
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
+server would not quit, regardless of how many probe connections
+came and went, until a connection actually negotiated).  But we
+broke that in commit ee7d7aa when removing the return value to
+nbd_client_new(), although that patch also introduced a bug causing
+an assertion failure on a client that fails negotiation.  We then
+made it worse during refactoring in commit 1a6245a (a segfault
+before we could even assert); the (masked) assertion was cleaned
+up in d3780c2 (still in 2.6), and just recently we finally fixed
+the segfault ("nbd: Fully intialize client in case of failed
+negotiation").  But that still means that ever since we added
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed
+port-scan being able to cause a denial of service by taking down
+qemu-nbd before a real client has a chance to connect.
+
+Since negotiation is now handled asynchronously via coroutines,
+we no longer have a synchronous point of return by re-adding a
+return value to nbd_client_new().  So this patch instead wires
+things up to pass the negotiation status through the close_fn
+callback function.
+
+Simple test across two terminals:
+$ qemu-nbd -f raw -p 30001 file
+$ nmap 127.0.0.1 -p 30001 && \
+  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
+
+Note that this patch does not change what constitutes successful
+negotiation (thus, a client must enter transmission phase before
+that client can be considered as a reason to terminate the server
+when the connection ends).  Perhaps we may want to tweak things
+in a later patch to also treat a client that uses NBD_OPT_ABORT
+as being a 'successful' negotiation (the client correctly talked
+the NBD protocol, and informed us it was not going to use our
+export after all), but that's a discussion for another day.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170608222617.20376-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ blockdev-nbd.c      |  6 +++++-
+ include/block/nbd.h |  2 +-
+ nbd/server.c        | 24 +++++++++++++++---------
+ qemu-nbd.c          |  4 ++--
+ 4 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index dd0860f4a6..28f551a7b0 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -27,6 +27,10 @@ typedef struct NBDServerData {
+ 
+ static NBDServerData *nbd_server;
+ 
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
++{
++    nbd_client_put(client);
++}
+ 
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+                            gpointer opaque)
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
+     nbd_client_new(NULL, cioc,
+                    nbd_server->tlscreds, NULL,
+-                   nbd_client_put);
++                   nbd_blockdev_client_closed);
+     object_unref(OBJECT(cioc));
+     return TRUE;
+ }
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index 416257abca..8fa5ce51f3 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
+                     QIOChannelSocket *sioc,
+                     QCryptoTLSCreds *tlscreds,
+                     const char *tlsaclname,
+-                    void (*close)(NBDClient *));
++                    void (*close_fn)(NBDClient *, bool));
+ void nbd_client_get(NBDClient *client);
+ void nbd_client_put(NBDClient *client);
+ 
+diff --git a/nbd/server.c b/nbd/server.c
+index 49b55f6ede..f2b1aa47ce 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+ 
+ struct NBDClient {
+     int refcount;
+-    void (*close)(NBDClient *client);
++    void (*close_fn)(NBDClient *client, bool negotiated);
+ 
+     bool no_zeroes;
+     NBDExport *exp;
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
+     }
+ }
+ 
+-static void client_close(NBDClient *client)
++static void client_close(NBDClient *client, bool negotiated)
+ {
+     if (client->closing) {
+         return;
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
+                          NULL);
+ 
+     /* Also tell the client, so that they release their reference.  */
+-    if (client->close) {
+-        client->close(client);
++    if (client->close_fn) {
++        client->close_fn(client, negotiated);
+     }
+ }
+ 
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
+ 
+     nbd_export_get(exp);
+     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
+-        client_close(client);
++        client_close(client, true);
+     }
+     nbd_export_set_name(exp, NULL);
+     nbd_export_set_description(exp, NULL);
+@@ -1337,7 +1337,7 @@ done:
+ 
+ out:
+     nbd_request_put(req);
+-    client_close(client);
++    client_close(client, true);
+     nbd_client_put(client);
+ }
+ 
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+     qemu_co_mutex_init(&client->send_lock);
+ 
+     if (nbd_negotiate(data)) {
+-        client_close(client);
++        client_close(client, false);
+         goto out;
+     }
+ 
+@@ -1373,11 +1373,17 @@ out:
+     g_free(data);
+ }
+ 
++/*
++ * Create a new client listener on the given export @exp, using the
++ * given channel @sioc.  Begin servicing it in a coroutine.  When the
++ * connection closes, call @close_fn with an indication of whether the
++ * client completed negotiation.
++ */
+ void nbd_client_new(NBDExport *exp,
+                     QIOChannelSocket *sioc,
+                     QCryptoTLSCreds *tlscreds,
+                     const char *tlsaclname,
+-                    void (*close_fn)(NBDClient *))
++                    void (*close_fn)(NBDClient *, bool))
+ {
+     NBDClient *client;
+     NBDClientNewData *data = g_new(NBDClientNewData, 1);
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
+     object_ref(OBJECT(client->sioc));
+     client->ioc = QIO_CHANNEL(sioc);
+     object_ref(OBJECT(client->ioc));
+-    client->close = close_fn;
++    client->close_fn = close_fn;
+ 
+     data->client = client;
+     data->co = qemu_coroutine_create(nbd_co_client_start, data);
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 651f85ecc1..9464a0461c 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
+ 
+ static void nbd_update_server_watch(void);
+ 
+-static void nbd_client_closed(NBDClient *client)
++static void nbd_client_closed(NBDClient *client, bool negotiated)
+ {
+     nb_fds--;
+-    if (nb_fds == 0 && !persistent && state == RUNNING) {
++    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
+         state = TERMINATE;
+     }
+     nbd_update_server_watch();
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
deleted file mode 100644
index ff24476..0000000
--- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild
+++ /dev/null
@@ -1,770 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
-	sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch   #609334
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
-	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
-	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch   #616484
-	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch   #616460
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-			--with-system-pixman
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
index 3efa65c..397b86c 100644
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -513,7 +513,7 @@ qemu_src_configure() {
 	if use ${static_flag}; then
 		conf_opts+=( --static --disable-pie )
 	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
+		tc-enables-pie && conf_opts+=( --enable-pie )
 	fi
 
 	echo "../configure ${conf_opts[*]}"

diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
similarity index 96%
rename from app-emulation/qemu/qemu-2.9.0-r54.ebuild
rename to app-emulation/qemu/qemu-2.9.0-r56.ebuild
index c36797b..ad2e5f7 100644
--- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
@@ -137,7 +137,7 @@ SOFTMMU_TOOLS_DEPEND="
 	)
 	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
 	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
+	snappy? ( app-arch/snappy:=[static-libs(+)] )
 	spice? (
 		>=app-emulation/spice-protocol-0.12.3
 		>=app-emulation/spice-0.12.0[static-libs(+)]
@@ -200,11 +200,20 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch    # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch    # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch    # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch    # bug 616636
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch    # bug 618808
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch   # bug 625614
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch   # bug 621292
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch  # bug 621292
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch  # bug 621184
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch   # bug 623016
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch   # bug 624088
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7539.patch  # bug 625850
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -516,7 +525,7 @@ qemu_src_configure() {
 	if use ${static_flag}; then
 		conf_opts+=( --static --disable-pie )
 	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
+		tc-enables-pie && conf_opts+=( --enable-pie )
 	fi
 
 	echo "../configure ${conf_opts[*]}"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-09-02 20:16 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-09-02 20:16 UTC (permalink / raw
  To: gentoo-commits

commit:     9242836366e3326f7c40fa24e424a133625fab43
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sat Sep  2 20:15:33 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sat Sep  2 20:15:33 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=92428363

app-emulation/qemu: version bump to 2.10.0

drop 2.9.0-r2

 app-emulation/qemu/Manifest                        |  6 +-
 .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch    | 80 ++++++++++++++++++++++
 .../{qemu-2.9.0-r2.ebuild => qemu-2.10.0.ebuild}   | 78 ++++++++++++++-------
 app-emulation/qemu/qemu-2.9.0-r56.ebuild           |  2 +-
 4 files changed, 140 insertions(+), 26 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index e3f4bd2..39a9970 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,6 +1,7 @@
 AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
 AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
 AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512 ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea WHIRLPOOL 06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
+AUX qemu-2.10.0-CVE-2017-13711.patch 2252 SHA256 0a1b741318920020c2e69312b052ebf6933d7e1ce92e2a0d38de88b3cbee6768 SHA512 3a9145088274e247f86198475bab1e8c3c10705612b0c59ccdf623db5a21f5da73a948ce5362633eb0d817e979cd43a130fe31093c85604590c9bcd37a4912ee WHIRLPOOL e43f833cd3ef88880d9e78732f13087164e0d971df4fc1979ad509f5437bb54d52e34eb0fa05ed09b4b2248f653a65c52e43da65f6bc14ed0c362a74ee93720d
 AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f
 AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
 AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
@@ -20,7 +21,8 @@ AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb
 AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
 AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
 AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
+DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
 DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
-EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa
-EBUILD qemu-2.9.0-r56.ebuild 23949 SHA256 29ec70d1fb1a0bc116b712cb5bad5cdc8039d03bfc10af26d5cb0f15dbac3230 SHA512 6d7c57c85acd8627105e88fdda2ed07ed5a2724b01b31e8fe601eeed74d78197e8e3ae50079688a8c8dd7f771017f45968eff4d1e8e976fae4ce5c7dfec891e0 WHIRLPOOL 7958cc33f46924d50f2790a25a66ec4a3e93326e7b0c1f4625e13bf85060102fa4f4989bcd4814517e1c5b7390df8c3b31b0f045970da7a93cf558cc5411ac5f
+EBUILD qemu-2.10.0.ebuild 23200 SHA256 b6ea9761833b289161b9c85a284d7bcdea5f0e0916886ecd78598771e719244d SHA512 82401fb80d0d692b04c3e37abdb9ccedd9379d71f0812c5afbab57c71f6962f62942296fdb2d0a9bff2474f22b246f15452f4c9793cba10135d5f4f06179d763 WHIRLPOOL df317a5a191e6e127e7cac7ac1efe1fc02d36fd5ea5759010d7dbbc655468c4082906d5f73431498182cf01331fc30abcf1ffd6502770fe0e5b7e9ee0f32ecb3
+EBUILD qemu-2.9.0-r56.ebuild 23947 SHA256 4d5b7dd4c19e0324b14c8890581e9b6b5175feab19240de34d1916709336df2e SHA512 037c64bd8d2dd29ed24ea26368bce4046680d34a3cf106a395e821cb3f46061dfefcf9afea68e40e86dff243948b5e6f99d10340d0e1f0224861119beed03e6c WHIRLPOOL 6315aa22ddd841d861806f58593e13364829ef38bf5db1c0169f855d6a52368b6d5eba57af35ca72f4f98153f8cb2bff54f43124710457f70cfcb61b837d8429
 MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb

diff --git a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
new file mode 100644
index 0000000..9d02656
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
@@ -0,0 +1,80 @@
+From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Fri, 25 Aug 2017 01:35:53 +0200
+Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The if_fastq and if_batchq contain not only packets, but queues of packets
+for the same socket. When sofree frees a socket, it thus has to clear ifq_so
+from all the packets from the queues, not only the first.
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ slirp/socket.c | 39 +++++++++++++++++++++++----------------
+ 1 file changed, 23 insertions(+), 16 deletions(-)
+
+diff --git a/slirp/socket.c b/slirp/socket.c
+index ecec0295a9..cb7b5b608d 100644
+--- a/slirp/socket.c
++++ b/slirp/socket.c
+@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
+ }
+ 
+ /*
++ * Remove references to so from the given message queue.
++ */
++static void
++soqfree(struct socket *so, struct quehead *qh)
++{
++    struct mbuf *ifq;
++
++    for (ifq = (struct mbuf *) qh->qh_link;
++             (struct quehead *) ifq != qh;
++             ifq = ifq->ifq_next) {
++        if (ifq->ifq_so == so) {
++            struct mbuf *ifm;
++            ifq->ifq_so = NULL;
++            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
++                ifm->ifq_so = NULL;
++            }
++        }
++    }
++}
++
++/*
+  * remque and free a socket, clobber cache
+  */
+ void
+ sofree(struct socket *so)
+ {
+   Slirp *slirp = so->slirp;
+-  struct mbuf *ifm;
+ 
+-  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_fastq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
+-
+-  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_batchq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
++  soqfree(so, &slirp->if_fastq);
++  soqfree(so, &slirp->if_batchq);
+ 
+   if (so->so_emu==EMU_RSH && so->extra) {
+ 	sofree(so->extra);
+-- 
+2.13.5
+

diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.10.0.ebuild
similarity index 90%
rename from app-emulation/qemu/qemu-2.9.0-r2.ebuild
rename to app-emulation/qemu/qemu-2.10.0.ebuild
index 397b86c..fe5cfb4 100644
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.10.0.ebuild
@@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline"
 
 PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
 
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
 	user udev fcaps readme.gentoo-r1 pax-utils l10n
 
@@ -17,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -135,7 +137,7 @@ SOFTMMU_TOOLS_DEPEND="
 	)
 	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
 	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
+	snappy? ( app-arch/snappy:=[static-libs(+)] )
 	spice? (
 		>=app-emulation/spice-protocol-0.12.3
 		>=app-emulation/spice-0.12.0[static-libs(+)]
@@ -150,16 +152,17 @@ SOFTMMU_TOOLS_DEPEND="
 	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
 
 X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.1
+		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+		~sys-firmware/ipxe-1.0.0_p20160620
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
 		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
 	)
 	!pin-upstream-blobs? (
-		sys-firmware/seabios
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
 		sys-firmware/sgabios
-		sys-firmware/vgabios
 	)"
 
 CDEPEND="
@@ -197,11 +200,7 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
+	"${FILESDIR}"/${PN}-2.10.0-CVE-2017-13711.patch   # bug 629350
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -684,27 +683,30 @@ src_install() {
 	cd "${S}"
 	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
 
 	if [[ -n ${softmmu_targets} ]]; then
 		# Remove SeaBIOS since we're using the SeaBIOS packaged one
 		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
 		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
 			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
 		fi
 
-		# Remove vgabios since we're using the vgabios packaged one
+		# Remove vgabios since we're using the seavgabios packaged one
 		rm "${ED}/usr/share/qemu/vgabios.bin"
 		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
 		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
 		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
 		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
 		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
 		fi
 
 		# Remove sgabios since we're using the sgabios packaged one
@@ -729,20 +731,50 @@ src_install() {
 	readme.gentoo_create_doc
 }
 
-pkg_postinst() {
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+			return 0
+		fi
+	done
+	return 1
+}
 
+pkg_postinst() {
 	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
 		udev_reload
 	fi
 
 	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
 }
 
 pkg_info() {
 	echo "Using:"
 	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
 	echo "  $(best_version sys-firmware/ipxe)"
 	echo "  $(best_version sys-firmware/seabios)"
 	if has_version 'sys-firmware/seabios[binary]'; then
@@ -750,5 +782,5 @@ pkg_info() {
 	else
 		echo "    USE=''"
 	fi
-	echo "  $(best_version sys-firmware/vgabios)"
+	echo "  $(best_version sys-firmware/sgabios)"
 }

diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
index 9ccb645..256a811 100644
--- a/app-emulation/qemu/qemu-2.9.0-r56.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-11-13 21:18 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-11-13 21:18 UTC (permalink / raw
  To: gentoo-commits

commit:     3c163a962cd7f22f3c86a503904df8d813722418
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Nov 13 21:17:14 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Nov 13 21:17:14 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=3c163a96

app-emulation/qemu: version bump to 2.10.1

remove old versions.

 app-emulation/qemu/Manifest                        |   2 +-
 .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch    |  54 ++
 .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch    |  58 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-10664.patch     |  47 --
 .../qemu/files/qemu-2.9.0-CVE-2017-10806.patch     |  50 --
 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch     |  40 -
 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch     |  29 -
 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch      | 174 -----
 .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch      |  22 -
 .../qemu/files/qemu-2.9.0-CVE-2017-8309.patch      |  22 -
 .../qemu/files/qemu-2.9.0-CVE-2017-8379.patch      |  76 --
 .../qemu/files/qemu-2.9.0-CVE-2017-8380.patch      |  34 -
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch    | 122 ----
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch    | 114 ---
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch    |  80 --
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch    | 197 -----
 .../{qemu-2.10.0-r1.ebuild => qemu-2.10.1.ebuild}  |  20 +-
 app-emulation/qemu/qemu-2.9.0-r56.ebuild           | 799 --------------------
 app-emulation/qemu/qemu-2.9.0-r57.ebuild           | 802 ---------------------
 19 files changed, 129 insertions(+), 2613 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 0c8db49..95c955c 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,2 +1,2 @@
 DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
-DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
+DIST qemu-2.10.1.tar.bz2 30821108 SHA256 8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f WHIRLPOOL 79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
new file mode 100644
index 0000000..7d08b32
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
@@ -0,0 +1,54 @@
+From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 9 Oct 2017 14:43:42 +0100
+Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
+
+The websocket GSource is monitoring the size of the rawoutput
+buffer to determine if the channel can accepts more writes.
+The rawoutput buffer, however, is merely a temporary staging
+buffer before data is copied into the encoutput buffer. Thus
+its size will always be zero when the GSource runs.
+
+This flaw causes the encoutput buffer to grow without bound
+if the other end of the underlying data channel doesn't
+read data being sent. This can be seen with VNC if a client
+is on a slow WAN link and the guest OS is sending many screen
+updates. A malicious VNC client can act like it is on a slow
+link by playing a video in the guest and then reading data
+very slowly, causing QEMU host memory to expand arbitrarily.
+
+This issue is assigned CVE-2017-15268, publically reported in
+
+  https://bugs.launchpad.net/qemu/+bug/1718964
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ io/channel-websock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index d1d471f86e..04bcc059cd 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -28,7 +28,7 @@
+ #include <time.h>
+ 
+ 
+-/* Max amount to allow in rawinput/rawoutput buffers */
++/* Max amount to allow in rawinput/encoutput buffers */
+ #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
+ 
+ #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
+@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
+     if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
+         cond |= G_IO_IN;
+     }
+-    if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
++    if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
+         cond |= G_IO_OUT;
+     }
+ 
+-- 
+2.13.6
+

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
new file mode 100644
index 0000000..a4ad2d5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
@@ -0,0 +1,58 @@
+From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Wed, 11 Oct 2017 10:43:14 +0200
+Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
+
+Move dst calculation into the loop, so we apply the mask on each
+interation and will not overflow vga memory.
+
+Cc: Prasad J Pandit <pjp@fedoraproject.org>
+Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20171011084314.21752-1-kraxel@redhat.com
+---
+ hw/display/cirrus_vga.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index b4d579857a..bc32bf1e39 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
+     unsigned val = mem_value;
+     uint8_t *dst;
+ 
+-    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+     for (x = 0; x < 8; x++) {
++        dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
+ 	if (val & 0x80) {
+ 	    *dst = s->cirrus_shadow_gr1;
+ 	} else if (mode == 5) {
+ 	    *dst = s->cirrus_shadow_gr0;
+ 	}
+ 	val <<= 1;
+-	dst++;
+     }
+     memory_region_set_dirty(&s->vga.vram, offset, 8);
+ }
+@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
+     unsigned val = mem_value;
+     uint8_t *dst;
+ 
+-    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+     for (x = 0; x < 8; x++) {
++        dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
+ 	if (val & 0x80) {
+ 	    *dst = s->cirrus_shadow_gr1;
+ 	    *(dst + 1) = s->vga.gr[0x11];
+@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
+ 	    *(dst + 1) = s->vga.gr[0x10];
+ 	}
+ 	val <<= 1;
+-	dst += 2;
+     }
+     memory_region_set_dirty(&s->vga.vram, offset, 16);
+ }
+-- 
+2.13.6
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
deleted file mode 100644
index 7db0692..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
-From: Max Reitz <mreitz@redhat.com>
-Date: Sun, 11 Jun 2017 14:37:14 +0200
-Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
-
-qemu proper has done so for 13 years
-(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
-done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
-Ignoring this signal is especially important in qemu-nbd because
-otherwise a client can easily take down the qemu-nbd server by dropping
-the connection when the server wants to send something, for example:
-
-$ qemu-nbd -x foo -f raw -t null-co:// &
-[1] 12726
-$ qemu-io -c quit nbd://localhost/bar
-can't open device nbd://localhost/bar: No export with name 'bar' available
-[1]  + 12726 broken pipe  qemu-nbd -x foo -f raw -t null-co://
-
-In this case, the client sends an NBD_OPT_ABORT and closes the
-connection (because it is not required to wait for a reply), but the
-server replies with an NBD_REP_ACK (because it is required to reply).
-
-Signed-off-by: Max Reitz <mreitz@redhat.com>
-Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- qemu-nbd.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 9464a0461c..4dd3fd4732 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -581,6 +581,10 @@ int main(int argc, char **argv)
-     sa_sigterm.sa_handler = termsig_handler;
-     sigaction(SIGTERM, &sa_sigterm, NULL);
- 
-+#ifdef CONFIG_POSIX
-+    signal(SIGPIPE, SIG_IGN);
-+#endif
-+
-     module_call_init(MODULE_INIT_TRACE);
-     qcrypto_init(&error_fatal);
- 
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
deleted file mode 100644
index 0074f5f..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 May 2017 13:01:28 +0200
-Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Don't reinvent a broken wheel, just use the hexdump function we have.
-
-Impact: low, broken code doesn't run unless you have debug logging
-enabled.
-
-Reported-by: 李强 <liqiang6-s@360.cn>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20170509110128.27261-1-kraxel@redhat.com
----
- hw/usb/redirect.c | 13 +------------
- 1 file changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
-index b001a27f05..ad5ef783a6 100644
---- a/hw/usb/redirect.c
-+++ b/hw/usb/redirect.c
-@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
- static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
-     const uint8_t *data, int len)
- {
--    int i, j, n;
--
-     if (dev->debug < usbredirparser_debug_data) {
-         return;
-     }
--
--    for (i = 0; i < len; i += j) {
--        char buf[128];
--
--        n = sprintf(buf, "%s", desc);
--        for (j = 0; j < 8 && i + j < len; j++) {
--            n += sprintf(buf + n, " %02X", data[i + j]);
--        }
--        error_report("%s", buf);
--    }
-+    qemu_hexdump((char *)data, stderr, desc, len);
- }
- 
- /*
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
deleted file mode 100644
index bfe4c7d..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest 
-From: Prasad J Pandit <address@hidden>
-
-When accessing guest's ram block during DMA operation, use
-'qemu_ram_ptr_length' to get ram block pointer. It ensures
-that DMA operation of given length is possible; And avoids
-any OOB memory access situations.
-
-Reported-by: Alex <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Message-Id: <address@hidden>
-Signed-off-by: Paolo Bonzini <address@hidden>
----
- exec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/exec.c b/exec.c
-index a083ff8..ad103ce 100644
---- a/exec.c
-+++ b/exec.c
-@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(ptr, buf, l);
-             invalidate_and_set_dirty(mr, addr1, l);
-         }
-@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(buf, ptr, l);
-         }
- 
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
deleted file mode 100644
index 5d32067..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
-From: Prasad J Pandit <address@hidden>
-
-While parsing dhcp options string in 'dhcp_decode', if an options'
-length 'len' appeared towards the end of 'bp_vend' array, ensuing
-read could lead to an OOB memory access issue. Add check to avoid it.
-
-Reported-by: Reno Robert <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- slirp/bootp.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/slirp/bootp.c b/slirp/bootp.c
-index 5a4646c..5dd1a41 100644
---- a/slirp/bootp.c
-+++ b/slirp/bootp.c
-@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
-             if (p >= p_end)
-                 break;
-             len = *p++;
-+            if (p + len > p_end) {
-+                break;
-+            }
-             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
- 
-             switch(tag) {
--- 
-2.9.4

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
deleted file mode 100644
index 346e771..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Fri, 5 May 2017 14:48:08 +0200
-Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
-
-When using the mapped-file security mode, we shouldn't let the client mess
-with the metadata. The current code already tries to hide the metadata dir
-from the client by skipping it in local_readdir(). But the client can still
-access or modify it through several other operations. This can be used to
-escalate privileges in the guest.
-
-Affected backend operations are:
-- local_mknod()
-- local_mkdir()
-- local_open2()
-- local_symlink()
-- local_link()
-- local_unlinkat()
-- local_renameat()
-- local_rename()
-- local_name_to_path()
-
-Other operations are safe because they are only passed a fid path, which
-is computed internally in local_name_to_path().
-
-This patch converts all the functions listed above to fail and return
-EINVAL when being passed the name of the metadata dir. This may look
-like a poor choice for errno, but there's no such thing as an illegal
-path name on Linux and I could not think of anything better.
-
-This fixes CVE-2017-7493.
-
-Reported-by: Leo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
----
- hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index f3ebca4f7a..a2486566af 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
-     return telldir(fs->dir.stream);
- }
- 
-+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
-+{
-+    return !strcmp(name, VIRTFS_META_DIR);
-+}
-+
- static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
- {
-     struct dirent *entry;
-@@ -465,8 +470,8 @@ again:
-     if (ctx->export_flags & V9FS_SM_MAPPED) {
-         entry->d_type = DT_UNKNOWN;
-     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
--        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
--            /* skp the meta data directory */
-+        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
-+            /* skip the meta data directory */
-             goto again;
-         }
-         entry->d_type = DT_UNKNOWN;
-@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     /*
-      * Mark all the open to not follow symlinks
-      */
-@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
-     int ret = -1;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, odirpath);
-     if (odirfd == -1) {
-         goto out;
-@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
- static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
-                               const char *name, V9fsPath *target)
- {
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-     } else if (strcmp(name, "/")) {
-@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
-     int ret;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        (local_is_mapped_file_metadata(ctx, old_name) ||
-+         local_is_mapped_file_metadata(ctx, new_name))) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, olddir->data);
-     if (odirfd == -1) {
-         return -1;
-@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
-     int ret;
-     int dirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(ctx, dir->data);
-     if (dirfd == -1) {
-         return -1;
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
deleted file mode 100644
index 31fb69b..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-CVE-2017-8112
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
----
- hw/scsi/vmw_pvscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 7557546..4a106da 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
-     uint32_t len_log2;
-     uint32_t ring_size;
- 
--    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-+    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-         return -1;
-     }
-     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
deleted file mode 100644
index 4f7f870..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-bug #616870
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
----
- audio/audio.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/audio/audio.c b/audio/audio.c
-index c8898d8422..beafed209b 100644
---- a/audio/audio.c
-+++ b/audio/audio.c
-@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
-                     sw = sw1;
-                 }
-                 QLIST_REMOVE (cap, entries);
-+                g_free (cap->hw.mix_buf);
-+                g_free (cap->buf);
-                 g_free (cap);
-             }
-             return;
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
deleted file mode 100644
index 0a34dae..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-bug #616872
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
----
- ui/input.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/ui/input.c b/ui/input.c
-index ed88cda6d6..fb1f404095 100644
---- a/ui/input.c
-+++ b/ui/input.c
-@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
-     QTAILQ_HEAD_INITIALIZER(kbd_queue);
- static QEMUTimer *kbd_timer;
- static uint32_t kbd_default_delay_ms = 10;
-+static uint32_t queue_count;
-+static uint32_t queue_limit = 1024;
- 
- QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
-                                                    QemuInputHandler *handler)
-@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
-             break;
-         }
-         QTAILQ_REMOVE(queue, item, node);
-+        queue_count--;
-         g_free(item);
-     }
- }
-@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
-     item->delay_ms = delay_ms;
-     item->timer = timer;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- 
-     if (start_timer) {
-         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
-@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
-     item->src = src;
-     item->evt = evt;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
-@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
- 
-     item->type = QEMU_INPUT_QUEUE_SYNC;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
-@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
-         qemu_input_event_send(src, evt);
-         qemu_input_event_sync();
-         qapi_free_InputEvent(evt);
--    } else {
-+    } else if (queue_count < queue_limit) {
-         qemu_input_queue_event(&kbd_queue, src, evt);
-         qemu_input_queue_sync(&kbd_queue);
-     }
-@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
-         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
-                                  &kbd_queue);
-     }
--    qemu_input_queue_delay(&kbd_queue, kbd_timer,
--                           delay_ms ? delay_ms : kbd_default_delay_ms);
-+    if (queue_count < queue_limit) {
-+        qemu_input_queue_delay(&kbd_queue, kbd_timer,
-+                               delay_ms ? delay_ms : kbd_default_delay_ms);
-+    }
- }
- 
- InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
deleted file mode 100644
index 08911dd..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-bug #616874
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
----
- hw/scsi/megasas.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 84b8caf..804122a 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
-     case MFI_SEQ:
-         trace_megasas_mmio_writel("MFI_SEQ", val);
-         /* Magic sequence to start ADP reset */
--        if (adp_reset_seq[s->adp_reset] == val) {
--            s->adp_reset++;
-+        if (adp_reset_seq[s->adp_reset++] == val) {
-+            if (s->adp_reset == 6) {
-+                s->adp_reset = 0;
-+                s->diag = MFI_DIAG_WRITE_ENABLE;
-+            }
-         } else {
-             s->adp_reset = 0;
-             s->diag = 0;
-         }
--        if (s->adp_reset == 6) {
--            s->diag = MFI_DIAG_WRITE_ENABLE;
--        }
-         break;
-     case MFI_DIAG:
-         trace_megasas_mmio_writel("MFI_DIAG", val);
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
deleted file mode 100644
index 01c81d1..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 1 Jun 2017 17:26:14 +0200
-Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
-
-This ensures that the request is unref'ed properly, and avoids a
-segmentation fault in the new qtest testcase that is added.
-This is CVE-2017-9503.
-
-Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c    | 31 ++++++++++++++++---------------
- 2 files changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 135662df31..734fdaef90 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
- static void megasas_abort_command(MegasasCmd *cmd)
- {
-     /* Never abort internal commands.  */
-+    if (cmd->dcmd_opcode != -1) {
-+        return;
-+    }
-     if (cmd->req != NULL) {
-         scsi_req_cancel(cmd->req);
-     }
-@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-     uint64_t pd_size;
-     uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
-     uint8_t cmdbuf[6];
--    SCSIRequest *req;
-     size_t len, resid;
- 
-     if (!cmd->iov_buf) {
-@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-         info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
-         info->vpd_page83[0] = 0x7f;
-         megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
--        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "PD get info std inquiry");
-             g_free(cmd->iov_buf);
-@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "PD get info std inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
-         megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
--        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "PD get info vpd inquiry");
-             return MFI_STAT_FLASH_ALLOC_FAIL;
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "PD get info vpd inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     }
-@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-     struct mfi_ld_info *info = cmd->iov_buf;
-     size_t dcmd_size = sizeof(struct mfi_ld_info);
-     uint8_t cdb[6];
--    SCSIRequest *req;
-     ssize_t len, resid;
-     uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
-     uint64_t ld_size;
-@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-         cmd->iov_buf = g_malloc0(dcmd_size);
-         info = cmd->iov_buf;
-         megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
--        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "LD get info vpd inquiry");
-             g_free(cmd->iov_buf);
-@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "LD get info vpd inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     }
-@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
-         return;
-     }
- 
--    if (cmd->req == NULL) {
-+    if (cmd->dcmd_opcode != -1) {
-         /*
-          * Internal command complete
-          */

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
deleted file mode 100644
index 74725a9..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 1 Jun 2017 17:18:23 +0200
-Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
-
-Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 25 +++++++++++--------------
- 1 file changed, 11 insertions(+), 14 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index c353118882..a3f75c1650 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
- 
-     hwaddr pa;
-     hwaddr pa_size;
-+    uint32_t dcmd_opcode;
-     union mfi_frame *frame;
-     SCSIRequest *req;
-     QEMUSGList qsg;
-@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
-         cmd->context &= (uint64_t)0xFFFFFFFF;
-     }
-     cmd->count = count;
-+    cmd->dcmd_opcode = -1;
-     s->busy++;
- 
-     if (s->consumer_pa) {
-@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
- 
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- {
--    int opcode;
-     int retval = 0;
-     size_t len;
-     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
- 
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    trace_megasas_handle_dcmd(cmd->index, opcode);
-+    cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
-+    trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
-     if (megasas_map_dcmd(s, cmd) < 0) {
-         return MFI_STAT_MEMORY_NOT_AVAILABLE;
-     }
--    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
-+    while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
-         cmdptr++;
-     }
-     len = cmd->iov_size;
-     if (cmdptr->opcode == -1) {
--        trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
-+        trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
-         retval = megasas_dcmd_dummy(s, cmd);
-     } else {
-         trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
-@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
-                                         SCSIRequest *req)
- {
--    int opcode;
-     int retval = MFI_STAT_OK;
-     int lun = req->lun;
- 
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
--    switch (opcode) {
-+    trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
-+    switch (cmd->dcmd_opcode) {
-     case MFI_DCMD_PD_GET_INFO:
-         retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
-         break;
-@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
-         retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
-         break;
-     default:
--        trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
-+        trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
-         retval = MFI_STAT_INVALID_DCMD;
-         break;
-     }
-@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
- {
-     MegasasCmd *cmd = req->hba_private;
-     uint8_t *buf;
--    uint32_t opcode;
- 
-     trace_megasas_io_complete(cmd->index, len);
- 
-@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
-     }
- 
-     buf = scsi_req_get_buf(req);
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
-+    if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
-         struct mfi_pd_info *info = cmd->iov_buf;
- 
-         if (info->inquiry_data[0] == 0x7f) {
-@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
-             memcpy(info->vpd_page83, buf, len);
-         }
-         scsi_req_continue(req);
--    } else if (opcode == MFI_DCMD_LD_GET_INFO) {
-+    } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
-         struct mfi_ld_info *info = cmd->iov_buf;
- 
-         if (cmd->iov_buf) {
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
deleted file mode 100644
index 9d77193..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Fri, 26 May 2017 22:04:21 -0500
-Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
-
-If a non-NBD client connects to qemu-nbd, we would end up with
-a SIGSEGV in nbd_client_put() because we were trying to
-unregister the client's association to the export, even though
-we skipped inserting the client into that list.  Easy trigger
-in two terminals:
-
-$ qemu-nbd -p 30001 --format=raw file
-$ nmap 127.0.0.1 -p 30001
-
-nmap claims that it thinks it connected to a pago-services1
-server (which probably means nmap could be updated to learn the
-NBD protocol and give a more accurate diagnosis of the open
-port - but that's not our problem), then terminates immediately,
-so our call to nbd_negotiate() fails.  The fix is to reorder
-nbd_co_client_start() to ensure that all initialization occurs
-before we ever try talking to a client in nbd_negotiate(), so
-that the teardown sequence on negotiation failure doesn't fault
-while dereferencing a half-initialized object.
-
-While debugging this, I also noticed that nbd_update_server_watch()
-called by nbd_client_closed() was still adding a channel to accept
-the next client, even when the state was no longer RUNNING.  That
-is fixed by making nbd_can_accept() pay attention to the current
-state.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170527030421.28366-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/server.c | 8 +++-----
- qemu-nbd.c   | 2 +-
- 2 files changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index ee59e5d234..49b55f6ede 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- 
-     if (exp) {
-         nbd_export_get(exp);
-+        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
-     }
-+    qemu_co_mutex_init(&client->send_lock);
-+
-     if (nbd_negotiate(data)) {
-         client_close(client);
-         goto out;
-     }
--    qemu_co_mutex_init(&client->send_lock);
--
--    if (exp) {
--        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
--    }
- 
-     nbd_client_receive_next_request(client);
- 
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index f60842fd86..651f85ecc1 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -325,7 +325,7 @@ out:
- 
- static int nbd_can_accept(void)
- {
--    return nb_fds < shared;
-+    return state == RUNNING && nb_fds < shared;
- }
- 
- static void nbd_export_closed(NBDExport *exp)
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
deleted file mode 100644
index e6934b3..0000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Jun 2017 17:26:17 -0500
-Subject: [PATCH] nbd: Fix regression on resiliency to port scan
-
-Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
-server would not quit, regardless of how many probe connections
-came and went, until a connection actually negotiated).  But we
-broke that in commit ee7d7aa when removing the return value to
-nbd_client_new(), although that patch also introduced a bug causing
-an assertion failure on a client that fails negotiation.  We then
-made it worse during refactoring in commit 1a6245a (a segfault
-before we could even assert); the (masked) assertion was cleaned
-up in d3780c2 (still in 2.6), and just recently we finally fixed
-the segfault ("nbd: Fully intialize client in case of failed
-negotiation").  But that still means that ever since we added
-TLS support to qemu-nbd, we have been vulnerable to an ill-timed
-port-scan being able to cause a denial of service by taking down
-qemu-nbd before a real client has a chance to connect.
-
-Since negotiation is now handled asynchronously via coroutines,
-we no longer have a synchronous point of return by re-adding a
-return value to nbd_client_new().  So this patch instead wires
-things up to pass the negotiation status through the close_fn
-callback function.
-
-Simple test across two terminals:
-$ qemu-nbd -f raw -p 30001 file
-$ nmap 127.0.0.1 -p 30001 && \
-  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
-
-Note that this patch does not change what constitutes successful
-negotiation (thus, a client must enter transmission phase before
-that client can be considered as a reason to terminate the server
-when the connection ends).  Perhaps we may want to tweak things
-in a later patch to also treat a client that uses NBD_OPT_ABORT
-as being a 'successful' negotiation (the client correctly talked
-the NBD protocol, and informed us it was not going to use our
-export after all), but that's a discussion for another day.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170608222617.20376-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- blockdev-nbd.c      |  6 +++++-
- include/block/nbd.h |  2 +-
- nbd/server.c        | 24 +++++++++++++++---------
- qemu-nbd.c          |  4 ++--
- 4 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index dd0860f4a6..28f551a7b0 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -27,6 +27,10 @@ typedef struct NBDServerData {
- 
- static NBDServerData *nbd_server;
- 
-+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
-+{
-+    nbd_client_put(client);
-+}
- 
- static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-                            gpointer opaque)
-@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-     nbd_client_new(NULL, cioc,
-                    nbd_server->tlscreds, NULL,
--                   nbd_client_put);
-+                   nbd_blockdev_client_closed);
-     object_unref(OBJECT(cioc));
-     return TRUE;
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 416257abca..8fa5ce51f3 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close)(NBDClient *));
-+                    void (*close_fn)(NBDClient *, bool));
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
- 
-diff --git a/nbd/server.c b/nbd/server.c
-index 49b55f6ede..f2b1aa47ce 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
- 
- struct NBDClient {
-     int refcount;
--    void (*close)(NBDClient *client);
-+    void (*close_fn)(NBDClient *client, bool negotiated);
- 
-     bool no_zeroes;
-     NBDExport *exp;
-@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
-     }
- }
- 
--static void client_close(NBDClient *client)
-+static void client_close(NBDClient *client, bool negotiated)
- {
-     if (client->closing) {
-         return;
-@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
-                          NULL);
- 
-     /* Also tell the client, so that they release their reference.  */
--    if (client->close) {
--        client->close(client);
-+    if (client->close_fn) {
-+        client->close_fn(client, negotiated);
-     }
- }
- 
-@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
- 
-     nbd_export_get(exp);
-     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
--        client_close(client);
-+        client_close(client, true);
-     }
-     nbd_export_set_name(exp, NULL);
-     nbd_export_set_description(exp, NULL);
-@@ -1337,7 +1337,7 @@ done:
- 
- out:
-     nbd_request_put(req);
--    client_close(client);
-+    client_close(client, true);
-     nbd_client_put(client);
- }
- 
-@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-     qemu_co_mutex_init(&client->send_lock);
- 
-     if (nbd_negotiate(data)) {
--        client_close(client);
-+        client_close(client, false);
-         goto out;
-     }
- 
-@@ -1373,11 +1373,17 @@ out:
-     g_free(data);
- }
- 
-+/*
-+ * Create a new client listener on the given export @exp, using the
-+ * given channel @sioc.  Begin servicing it in a coroutine.  When the
-+ * connection closes, call @close_fn with an indication of whether the
-+ * client completed negotiation.
-+ */
- void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close_fn)(NBDClient *))
-+                    void (*close_fn)(NBDClient *, bool))
- {
-     NBDClient *client;
-     NBDClientNewData *data = g_new(NBDClientNewData, 1);
-@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
-     object_ref(OBJECT(client->sioc));
-     client->ioc = QIO_CHANNEL(sioc);
-     object_ref(OBJECT(client->ioc));
--    client->close = close_fn;
-+    client->close_fn = close_fn;
- 
-     data->client = client;
-     data->co = qemu_coroutine_create(nbd_co_client_start, data);
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 651f85ecc1..9464a0461c 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
- 
- static void nbd_update_server_watch(void);
- 
--static void nbd_client_closed(NBDClient *client)
-+static void nbd_client_closed(NBDClient *client, bool negotiated)
- {
-     nb_fds--;
--    if (nb_fds == 0 && !persistent && state == RUNNING) {
-+    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
-         state = TERMINATE;
-     }
-     nbd_update_server_watch();
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/qemu-2.10.0-r1.ebuild b/app-emulation/qemu/qemu-2.10.1.ebuild
similarity index 97%
rename from app-emulation/qemu/qemu-2.10.0-r1.ebuild
rename to app-emulation/qemu/qemu-2.10.1.ebuild
index e7343e3..b448f20 100644
--- a/app-emulation/qemu/qemu-2.10.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.10.1.ebuild
@@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -164,6 +164,14 @@ X86_FIRMWARE_DEPEND="
 		>=sys-firmware/seabios-1.10.2[seavgabios]
 		sys-firmware/sgabios
 	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
 
 CDEPEND="
 	!static? (
@@ -171,7 +179,9 @@ CDEPEND="
 		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
 	)
 	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
 DEPEND="${CDEPEND}
 	dev-lang/perl
 	=dev-lang/python-2*
@@ -200,7 +210,8 @@ PATCHES=(
 	# gentoo patches
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.10.0-CVE-2017-13711.patch   # bug 629350
+	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15268.patch
+	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15289.patch
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -704,7 +715,8 @@ src_install() {
 		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
 		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
 		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
 			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
 			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
 			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin

diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
deleted file mode 100644
index 256a811..0000000
--- a/app-emulation/qemu/qemu-2.9.0-r56.ebuild
+++ /dev/null
@@ -1,799 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.9.0-r52"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
-	sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:=[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
-		~sys-firmware/ipxe-1.0.0_p20160620
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch    # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch    # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch    # bug 616874
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch    # bug 616636
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch    # bug 618808
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch   # bug 625614
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch   # bug 621292
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch  # bug 621292
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch  # bug 621184
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch   # bug 623016
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch   # bug 624088
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-			--with-system-pixman
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.9.0-r57.ebuild b/app-emulation/qemu/qemu-2.9.0-r57.ebuild
deleted file mode 100644
index ffe6437..0000000
--- a/app-emulation/qemu/qemu-2.9.0-r57.ebuild
+++ /dev/null
@@ -1,802 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.9.0-r52"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
-	sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:=[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
-		~sys-firmware/ipxe-1.0.0_p20160620
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch    # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch    # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch    # bug 616874
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch    # bug 616636
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch    # bug 618808
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch   # bug 625614
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch   # bug 621292
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch  # bug 621292
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch  # bug 621184
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch   # bug 623016
-	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch   # bug 624088
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-
-	#remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-			--with-system-pixman
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-12-21 23:25 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2017-12-21 23:25 UTC (permalink / raw
  To: gentoo-commits

commit:     63e6f9c259d3323d9ca9a54846afd8d400827dff
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu Dec 21 23:15:33 2017 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu Dec 21 23:15:33 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=63e6f9c2

app-emulation/qemu: version bump to 2.10.1-r1

 app-emulation/qemu/Manifest                        |   3 +-
 .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch    |  80 ---
 app-emulation/qemu/qemu-2.10.0.ebuild              | 787 ---------------------
 .../{qemu-2.10.1.ebuild => qemu-2.10.1-r1.ebuild}  |   6 +-
 4 files changed, 6 insertions(+), 870 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 95c955c..2aded65 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,2 +1 @@
-DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
-DIST qemu-2.10.1.tar.bz2 30821108 SHA256 8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f WHIRLPOOL 79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b
+DIST qemu-2.10.1.tar.bz2 30821108 BLAKE2B bb096139f6b387a3cf3933dd3aeb97777479022b1b34ed0212b51d7061f9a19b3e83a4e9a13c6cf81c14718731ddf8646226a5b0d99ebbc9abb387d7eec94238 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f

diff --git a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
deleted file mode 100644
index 9d02656..0000000
--- a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
-From: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Date: Fri, 25 Aug 2017 01:35:53 +0200
-Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The if_fastq and if_batchq contain not only packets, but queues of packets
-for the same socket. When sofree frees a socket, it thus has to clear ifq_so
-from all the packets from the queues, not only the first.
-
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- slirp/socket.c | 39 +++++++++++++++++++++++----------------
- 1 file changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/slirp/socket.c b/slirp/socket.c
-index ecec0295a9..cb7b5b608d 100644
---- a/slirp/socket.c
-+++ b/slirp/socket.c
-@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
- }
- 
- /*
-+ * Remove references to so from the given message queue.
-+ */
-+static void
-+soqfree(struct socket *so, struct quehead *qh)
-+{
-+    struct mbuf *ifq;
-+
-+    for (ifq = (struct mbuf *) qh->qh_link;
-+             (struct quehead *) ifq != qh;
-+             ifq = ifq->ifq_next) {
-+        if (ifq->ifq_so == so) {
-+            struct mbuf *ifm;
-+            ifq->ifq_so = NULL;
-+            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
-+                ifm->ifq_so = NULL;
-+            }
-+        }
-+    }
-+}
-+
-+/*
-  * remque and free a socket, clobber cache
-  */
- void
- sofree(struct socket *so)
- {
-   Slirp *slirp = so->slirp;
--  struct mbuf *ifm;
- 
--  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
--       (struct quehead *) ifm != &slirp->if_fastq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
--
--  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
--       (struct quehead *) ifm != &slirp->if_batchq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
-+  soqfree(so, &slirp->if_fastq);
-+  soqfree(so, &slirp->if_batchq);
- 
-   if (so->so_emu==EMU_RSH && so->extra) {
- 	sofree(so->extra);
--- 
-2.13.5
-

diff --git a/app-emulation/qemu/qemu-2.10.0.ebuild b/app-emulation/qemu/qemu-2.10.0.ebuild
deleted file mode 100644
index 9c32a85..0000000
--- a/app-emulation/qemu/qemu-2.10.0.ebuild
+++ /dev/null
@@ -1,787 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.9.0-r52"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
-	sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:=[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
-		~sys-firmware/ipxe-1.0.0_p20160620
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.10.0-CVE-2017-13711.patch   # bug 629350
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-			--with-system-pixman
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.10.1.ebuild b/app-emulation/qemu/qemu-2.10.1-r1.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.10.1.ebuild
rename to app-emulation/qemu/qemu-2.10.1-r1.ebuild
index b448f20..51da9cb 100644
--- a/app-emulation/qemu/qemu-2.10.1.ebuild
+++ b/app-emulation/qemu/qemu-2.10.1-r1.ebuild
@@ -292,7 +292,11 @@ pkg_pretend() {
 			ERROR_VHOST_NET+=" support"
 
 			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
 			fi
 
 			use python && CONFIG_CHECK+=" ~DEBUG_FS"


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2018-03-18 21:47 Aric Belsito
  0 siblings, 0 replies; 19+ messages in thread
From: Aric Belsito @ 2018-03-18 21:47 UTC (permalink / raw
  To: gentoo-commits

commit:     63fe9bcb752c2b2e47636cd940b18e94bfb9e602
Author:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Sun Mar 18 21:45:22 2018 +0000
Commit:     Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Sun Mar 18 21:45:22 2018 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=63fe9bcb

app-emulation/qemu: version bump to 2.11.1-r1/r51

 app-emulation/qemu/Manifest                        |  2 +-
 .../files/qemu-2.11.1-capstone_include_path.patch  | 11 +++++++++++
 .../{qemu-2.11.1.ebuild => qemu-2.11.1-r1.ebuild}  |  5 ++++-
 .../{qemu-2.11.1.ebuild => qemu-2.11.1-r51.ebuild} | 22 ++++++++++++----------
 4 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 218a778..64c94d4 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,4 @@
 DIST qemu-2.11.0-patches-r0.tar.xz 16140 BLAKE2B 2e23908075195a7c28df574525a159e171277a2da6d7c0656a341a2db6a622237106d2dd8de5c9d61b5fb62fa5a163e9657406a2996cebc05baa53d42c5f5d15 SHA512 f7d92c2232398565b8cde294d38dc281c13503fb5967cc7871a2233b7fa354799619445e9ec89c285ef051f62ecef0bd38a135b0093bf5528c0b28c6e580c839
 DIST qemu-2.11.0.tar.bz2 32816398 BLAKE2B 2014a8246f3cba9069186629d9ec8c221672fcfd3e8cd28a7e57f467add81f7bd84363183ef5cc5d18af91bde9186a4da49c0133c8ead83eae4626b9fc364e99 SHA512 3681700833573c0aa6283af950bfa298970056f1b44489088d8863840a7694512138321f86961ef43b256abf15eddd2612fb9cdbe3d9a358542d4e7037cc2004
-DIST qemu-2.11.1-patches-r0.tar.xz 1640 BLAKE2B 8402a0bd086307413c3f088b7b2523adda5f370e3ce8e9ec39db905a5df495842cc2168b93b57e8516e98703ee1620e7cad77740529959a09a1d4224988829bc SHA512 2906f9497e61799da8efca0dac4a19addd3bf59770c742e3ed1600143b69397bbc4eecb2c1f64aef0e103447966d47ced1ec6908f78a793b8d06f99a0aa6dc4a
+DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 533c916b01c014bcfa6c733b76aa6da1f12cdf5f0d4ae33136453705a8aca9fdfeef998747cfdc72d19e08fa40ea97e2fd4c21412c030af314605059282f49ef SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a
 DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9 SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
new file mode 100644
index 0000000..d79570e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
@@ -0,0 +1,11 @@
+--- qemu-2.11.1/include/disas/capstone.h	2018-02-14 22:53:22.000000000 +0100
++++ qemu-2.11.1/include/disas/capstone.h	2018-02-17 20:12:12.754703951 +0100
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include <capstone.h>
++#include <capstone/capstone.h>
+ 
+ #else
+ 

diff --git a/app-emulation/qemu/qemu-2.11.1.ebuild b/app-emulation/qemu/qemu-2.11.1-r1.ebuild
similarity index 99%
copy from app-emulation/qemu/qemu-2.11.1.ebuild
copy to app-emulation/qemu/qemu-2.11.1-r1.ebuild
index 3fae9ad..c35661e 100644
--- a/app-emulation/qemu/qemu-2.11.1.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r1.ebuild
@@ -22,7 +22,7 @@ else
 	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
 
 	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~chutzpah/distfiles/${P}-patches-r0.tar.xz"
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -536,6 +536,9 @@ qemu_src_configure() {
 		tc-enables-pie && conf_opts+=( --enable-pie )
 	fi
 
+	#bug #647570
+	conf_opts+=( --disable-capstone )
+
 	echo "../configure ${conf_opts[*]}"
 	cd "${builddir}"
 	../configure "${conf_opts[@]}" || die "configure failed"

diff --git a/app-emulation/qemu/qemu-2.11.1.ebuild b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
similarity index 97%
rename from app-emulation/qemu/qemu-2.11.1.ebuild
rename to app-emulation/qemu/qemu-2.11.1-r51.ebuild
index 3fae9ad..f7a879a 100644
--- a/app-emulation/qemu/qemu-2.11.1.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
@@ -8,7 +8,7 @@ PYTHON_REQ_USE="ncurses,readline"
 
 PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
 
-FIRMWARE_ABI_VERSION="2.9.0-r52"
+FIRMWARE_ABI_VERSION="2.11.1-r50"
 
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
 	user udev fcaps readme.gentoo-r1 pax-utils l10n
@@ -22,7 +22,7 @@ else
 	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
 
 	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~chutzpah/distfiles/${P}-patches-r0.tar.xz"
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -30,8 +30,8 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+IUSE="accessibility +aio alsa bluetooth bzip2 capstone +caps +curl debug
+	+fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
 	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
 	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
 	spice ssh static static-user systemtap tci test usb usbredir vde
@@ -70,7 +70,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 #
 # The attr lib isn't always linked in (although the USE flag is always
 # respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
+# when available rather than always using the external library.
 ALL_DEPEND="
 	>=dev-libs/glib-2.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
@@ -156,10 +156,10 @@ SOFTMMU_TOOLS_DEPEND="
 
 X86_FIRMWARE_DEPEND="
 	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
-		~sys-firmware/ipxe-1.0.0_p20160620
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/edk2-ovmf-2017_p20180211[binary]
+		~sys-firmware/ipxe-1.0.0_p20180211[binary]
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
 	)
 	!pin-upstream-blobs? (
 		sys-firmware/edk2-ovmf
@@ -169,7 +169,7 @@ X86_FIRMWARE_DEPEND="
 	)"
 PPC64_FIRMWARE_DEPEND="
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
 	)
 	!pin-upstream-blobs? (
 		>=sys-firmware/seabios-1.10.2[seavgabios]
@@ -214,6 +214,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${WORKDIR}"/patches
 )
 
@@ -441,6 +442,7 @@ qemu_src_configure() {
 		$(conf_notuser aio linux-aio)
 		$(conf_notuser bzip2)
 		$(conf_notuser bluetooth bluez)
+		$(conf_notuser capstone)
 		$(conf_notuser caps cap-ng)
 		$(conf_notuser curl)
 		$(conf_notuser fdt)


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-03-27  1:43 Anthony G. Basile
  0 siblings, 0 replies; 19+ messages in thread
From: Anthony G. Basile @ 2019-03-27  1:43 UTC (permalink / raw
  To: gentoo-commits

commit:     f1f15dcbe3f28a5e54fd5e5f0b705dc9d127b2a6
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 27 01:42:51 2019 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Mar 27 01:42:51 2019 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=f1f15dcb

app-emulation/qemu: very out of date, drop

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   4 -
 app-emulation/qemu/files/65-kvm.rules-r1           |   2 -
 app-emulation/qemu/files/bridge.conf               |  14 -
 ...signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch |  37 -
 .../qemu/files/qemu-2.11.0-glibc-2.27.patch        |  54 --
 .../files/qemu-2.11.1-capstone_include_path.patch  |  11 -
 .../qemu/files/qemu-2.2.0-_sigev_un.patch          |  12 -
 app-emulation/qemu/files/qemu-2.5.0-cflags.patch   |  13 -
 .../qemu/files/qemu-2.5.0-sysmacros.patch          |  15 -
 .../files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch     |  16 -
 app-emulation/qemu/files/qemu-binfmt.initd.head    |  64 --
 app-emulation/qemu/files/qemu-binfmt.initd.tail    |  14 -
 app-emulation/qemu/metadata.xml                    |  61 --
 app-emulation/qemu/qemu-2.11.1-r2.ebuild           | 811 --------------------
 app-emulation/qemu/qemu-2.12.0-r3.ebuild           | 823 ---------------------
 15 files changed, 1951 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
deleted file mode 100644
index c93f84b..0000000
--- a/app-emulation/qemu/Manifest
+++ /dev/null
@@ -1,4 +0,0 @@
-DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 533c916b01c014bcfa6c733b76aa6da1f12cdf5f0d4ae33136453705a8aca9fdfeef998747cfdc72d19e08fa40ea97e2fd4c21412c030af314605059282f49ef SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a
-DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9 SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354
-DIST qemu-2.12.0-patches-r4.tar.xz 5376 BLAKE2B 7abc107b7971798c039cb99546dced0807a1904064e8397d93ba35b7b2ea22bdccf0c4f5ff8233ea7932534bd7320b506eff1ff7bb969d67d2752a7d8f81fbea SHA512 71c03ef3d6f9021d775201330ed08ace0bc34c7c3c4632a30486d54872fa457f8256e055034bbe2efcd98d718a7d714f00710961b3819568678444db6b457d92
-DIST qemu-2.12.0.tar.bz2 41196232 BLAKE2B f258e570558249ea647c3571908f90b8bacdcef9a1814009b98571cf0e96406194d44aa041fd0a97c9b673f39a9eaae8d873824745509778a6784cd85f8398b0 SHA512 91d829f44c431e4c1cd335f3efea5afff9da62d832b0296a92417463ea0826d09ce226c2ea8ac167fe7b99b6bb976c7cb1357aaf17735ee57af6602161e46346

diff --git a/app-emulation/qemu/files/65-kvm.rules-r1 b/app-emulation/qemu/files/65-kvm.rules-r1
deleted file mode 100644
index ab3776a..0000000
--- a/app-emulation/qemu/files/65-kvm.rules-r1
+++ /dev/null
@@ -1,2 +0,0 @@
-KERNEL=="kvm", GROUP="kvm", MODE="0660"
-KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"

diff --git a/app-emulation/qemu/files/bridge.conf b/app-emulation/qemu/files/bridge.conf
deleted file mode 100644
index 2bde37e..0000000
--- a/app-emulation/qemu/files/bridge.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# This should have the following permissions: root:qemu 0640
-
-# allow br0
-# Uncommenting the above would allow users in the 'qemu' group
-# to add devices to 'br0'
-
-# allow virbr0
-# Uncommenting the above would allow users in the 'qemu' group
-# to add devices to 'virbr0'
-
-# include /etc/qemu/bob.conf
-# Uncommenting the above would allow users in the 'bob' group
-# to have permissions defined in it, iff it has the following
-# permissions: root:bob 0640

diff --git a/app-emulation/qemu/files/qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch b/app-emulation/qemu/files/qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
deleted file mode 100644
index 7ea1dba..0000000
--- a/app-emulation/qemu/files/qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 3e231fa7a2dc66e2ef06ac44f4f719b08fc0c67e Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Tue, 29 Apr 2014 15:51:31 +0200
-Subject: [PATCH 6/6] linux-user/signal.c: define __SIGRTMIN/MAX for non-GNU
- platforms
-
-The __SIGRTMIN and __SIGRTMAX are glibc internals and are not available
-on all platforms, so we define those if they are missing.
-
-This is needed for musl libc.
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
----
- linux-user/signal.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/linux-user/signal.c b/linux-user/signal.c
-index 7d6246f..6019dbb 100644
---- a/linux-user/signal.c
-+++ b/linux-user/signal.c
-@@ -32,6 +32,13 @@
- 
- //#define DEBUG_SIGNAL
- 
-+#ifndef __SIGRTMIN
-+#define __SIGRTMIN 32
-+#endif
-+#ifndef __SIGRTMAX
-+#define __SIGRTMAX (NSIG-1)
-+#endif
-+
- static struct target_sigaltstack target_sigaltstack_used = {
-     .ss_sp = 0,
-     .ss_size = 0,
--- 
-1.9.2
-

diff --git a/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch b/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch
deleted file mode 100644
index 1562bb3..0000000
--- a/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 28 Nov 2017 11:51:27 +0100
-Subject: [PATCH] memfd: fix configure test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Recent glibc added memfd_create in sys/mman.h.  This conflicts with
-the definition in util/memfd.c:
-
-    /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
-
-Fix the configure test, and remove the sys/memfd.h inclusion since the
-file actually does not exist---it is a typo in the memfd_create(2) man
-page.
-
-Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- configure    | 2 +-
- util/memfd.c | 4 +---
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/configure b/configure
-index 9c8aa5a98b..99ccc1725a 100755
---- a/configure
-+++ b/configure
-@@ -3923,7 +3923,7 @@ fi
- # check if memfd is supported
- memfd=no
- cat > $TMPC << EOF
--#include <sys/memfd.h>
-+#include <sys/mman.h>
- 
- int main(void)
- {
-diff --git a/util/memfd.c b/util/memfd.c
-index 4571d1aba8..412e94a405 100644
---- a/util/memfd.c
-+++ b/util/memfd.c
-@@ -31,9 +31,7 @@
- 
- #include "qemu/memfd.h"
- 
--#ifdef CONFIG_MEMFD
--#include <sys/memfd.h>
--#elif defined CONFIG_LINUX
-+#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
- #include <sys/syscall.h>
- #include <asm/unistd.h>
- 
--- 
-2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
deleted file mode 100644
index d79570e..0000000
--- a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- qemu-2.11.1/include/disas/capstone.h	2018-02-14 22:53:22.000000000 +0100
-+++ qemu-2.11.1/include/disas/capstone.h	2018-02-17 20:12:12.754703951 +0100
-@@ -3,7 +3,7 @@
- 
- #ifdef CONFIG_CAPSTONE
- 
--#include <capstone.h>
-+#include <capstone/capstone.h>
- 
- #else
- 

diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
deleted file mode 100644
index adccdcc..0000000
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur qemu-2.2.0.orig/linux-user/syscall.c qemu-2.2.0/linux-user/syscall.c
---- qemu-2.2.0.orig/linux-user/syscall.c	2014-12-09 15:45:43.000000000 -0100
-+++ qemu-2.2.0/linux-user/syscall.c	2015-03-16 19:09:49.050386155 -0100
-@@ -5033,7 +5033,7 @@
-     host_sevp->sigev_signo =
-         target_to_host_signal(tswap32(target_sevp->sigev_signo));
-     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
--    host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
-+    ((int*)(&host_sevp->sigev_notify))[1] = tswap32(target_sevp->_sigev_un._tid);
- 
-     unlock_user_struct(target_sevp, target_addr, 1);
-     return 0;

diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
deleted file mode 100644
index 173394f..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -4468,10 +4468,6 @@ fi
- if test "$gcov" = "yes" ; then
-   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
-   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$fortify_source" = "yes" ; then
--  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
--elif test "$debug" = "no"; then
--  CFLAGS="-O2 $CFLAGS"
- fi
- 
- ##########################################

diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
deleted file mode 100644
index f2e766d..0000000
--- a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Linux C libs are moving away from implicit header pollution with sys/types.h
-
---- a/include/qemu/osdep.h
-+++ b/include/qemu/osdep.h
-@@ -78,6 +78,10 @@ extern int daemon(int, int);
- #include <assert.h>
- #include <signal.h>
- 
-+#ifdef __linux__
-+#include <sys/sysmacros.h>
-+#endif
-+
- #ifdef __OpenBSD__
- #include <sys/signal.h>
- #endif

diff --git a/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch b/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch
deleted file mode 100644
index ccfb582..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -Naur qemu-2.8.0.orig/linux-user/syscall.c qemu-2.8.0/linux-user/syscall.c
---- qemu-2.8.0.orig/linux-user/syscall.c	2016-12-20 12:16:48.000000000 -0800
-+++ qemu-2.8.0/linux-user/syscall.c	2017-01-03 14:11:45.195429181 -0800
-@@ -117,6 +117,12 @@
- #ifndef CLONE_IO
- #define CLONE_IO                0x80000000      /* Clone io context */
- #endif
-+#ifndef F_SHLCK
-+#define F_SHLCK 8
-+#endif
-+#ifndef F_EXLCK
-+#define F_EXLCK 4
-+#endif
- 
- /* We can't directly call the host clone syscall, because this will
-  * badly confuse libc (breaking mutexes, for example). So we must

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.head b/app-emulation/qemu/files/qemu-binfmt.initd.head
deleted file mode 100644
index 858d5d7..0000000
--- a/app-emulation/qemu/files/qemu-binfmt.initd.head
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Enable automatic non-native program execution by the kernel.
-
-# Defaulting to OC should be safe because it comes down to:
-#  - do we trust the interp itself to not be malicious?  yes; we built it.
-#  - do we trust the programs we're running?  ish; same permission as native
-#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
-: ${QEMU_BINFMT_FLAGS:=OC}
-
-depend() {
-	after procfs
-}
-
-start() {
-	ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
-
-	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
-		modprobe -q binfmt_misc
-	fi
-
-	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
-		eend 1 "You need support for 'misc binaries' in your kernel!"
-		return
-	fi
-
-	if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
-		mount -t binfmt_misc -o nodev,noexec,nosuid \
-			binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
-		eend $? || return
-	fi
-
-	# Probe the native cpu type so we don't try registering them.
-	local cpu="$(uname -m)"
-	case "${cpu}" in
-	armv[4-9]*)
-		cpu="arm"
-		;;
-	i386|i486|i586|i686|i86pc|BePC|x86_64)
-		cpu="i386"
-		;;
-	m68k)
-		cpu="m68k"
-		;;
-	mips*)
-		cpu="mips"
-		;;
-	"Power Macintosh"|ppc|ppc64)
-		cpu="ppc"
-		;;
-	s390*)
-		cpu="s390"
-		;;
-	sh*)
-		cpu="sh"
-		;;
-	sparc*)
-		cpu="sparc"
-		;;
-	esac
-
-	# Register the interpreter for each cpu except for the native one.

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.tail b/app-emulation/qemu/files/qemu-binfmt.initd.tail
deleted file mode 100644
index 7679481..0000000
--- a/app-emulation/qemu/files/qemu-binfmt.initd.tail
+++ /dev/null
@@ -1,14 +0,0 @@
-	eend 0
-}
-
-stop() {
-	# We unregister everything in the "qemu-xxx" namespace.
-	ebegin "Unregistering qemu-user binaries"
-	local f
-	for f in /proc/sys/fs/binfmt_misc/qemu-* ; do
-		if [ -f "${f}" ] ; then
-			echo '-1' > "${f}"
-		fi
-	done
-	eend 0
-}

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
deleted file mode 100644
index 680e203..0000000
--- a/app-emulation/qemu/metadata.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<maintainer type="person">
-		<email>tamiko@gentoo.org</email>
-		<name>Matthias Maier</name>
-	</maintainer>
-	<maintainer type="project">
-		<email>virtualization@gentoo.org</email>
-		<name>Gentoo Virtualization Project</name>
-	</maintainer>
-	<use>
-		<flag name="accessibility">Adds support for braille displays using brltty</flag>
-		<flag name="aio">Enables support for Linux's Async IO</flag>
-		<flag name="alsa">Enable alsa output for sound emulation</flag>
-		<flag name="capstone">Enable disassembly support with <pkg>dev-libs/capstone</pkg></flag>
-		<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
-		<flag name="fdt">Enables firmware device tree support</flag>
-		<flag name="glusterfs">Enables GlusterFS cluster fileystem via
-			<pkg>sys-cluster/glusterfs</pkg></flag>
-		<flag name="gnutls">Enable TLS support for the VNC console server.
-		For 1.4 and newer this also enables WebSocket support.
-		For 2.0 through 2.3 also enables disk quorum support.</flag>
-		<flag name="gtk2">Use gtk-2 instead of gtk-3</flag>
-		<flag name="iscsi">Enable direct iSCSI support via
-		<pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux
-		block layer that <pkg>sys-block/open-iscsi</pkg> does.</flag>
-		<flag name="ncurses">Enable the ncurses-based console</flag>
-		<flag name="nfs">Enable NFS support</flag>
-		<flag name="numa">Enable NUMA support</flag>
-		<flag name="pin-upstream-blobs">Pin the versions of BIOS firmware to the version included in the upstream release.
-		This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances.
-		When the blobs are different, random corruption/bugs/crashes/etc... may be observed.</flag>
-		<flag name="pulseaudio">Enable pulseaudio output for sound emulation</flag>
-		<flag name="rbd">Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD</flag>
-		<flag name="sdl">Enable the SDL-based console</flag>
-		<flag name="sdl2">Use libsdl2 instead of libsdl</flag>
-		<flag name="spice">Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
-		<flag name="ssh">Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
-		<flag name="static-user">Build the User targets as static binaries</flag>
-		<flag name="static">Build the User and Software MMU (system) targets as well as tools as static binaries</flag>
-		<flag name="snappy">Enable support for snappy compression</flag>
-		<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
-		<flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
-		<flag name="jpeg">Enable jpeg image support for the VNC console server</flag>
-		<flag name="png">Enable png image support for the VNC console server</flag>
-		<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
-		<flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
-		<flag name="vde">Enable VDE-based networking</flag>
-		<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
-		<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
-		<flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
-		<flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
-		<flag name="xattr">Add support for getting and setting POSIX extended attributes, through
-		<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.
-	</flag>
-		<flag name="xen">Enables support for Xen backends</flag>
-		<flag name="xfs">Support xfsctl() notification and syncing for XFS backed
-		virtual disks.</flag>
-	</use>
-</pkgmetadata>

diff --git a/app-emulation/qemu/qemu-2.11.1-r2.ebuild b/app-emulation/qemu/qemu-2.11.1-r2.ebuild
deleted file mode 100644
index ac42356..0000000
--- a/app-emulation/qemu/qemu-2.11.1-r2.ebuild
+++ /dev/null
@@ -1,811 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.9.0-r52"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="amd64 ~ppc ~ppc64 x86"
-
-	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
-	sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
-		~sys-firmware/ipxe-1.0.0_p20160620
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC64_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.10.2[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-	)
-"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
-	"${WORKDIR}"/patches
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	#bug #647570
-	conf_opts+=( --disable-capstone )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}

diff --git a/app-emulation/qemu/qemu-2.12.0-r3.ebuild b/app-emulation/qemu/qemu-2.12.0-r3.ebuild
deleted file mode 100644
index 661a04e..0000000
--- a/app-emulation/qemu/qemu-2.12.0-r3.ebuild
+++ /dev/null
@@ -1,823 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.11.1-r50"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
-
-	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r4.tar.xz"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 capstone +caps +curl debug
-	+fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
-	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie ppcemb tricore unicore32"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
-	tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	x11-libs/libxkbcommon[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.91 )
-		)
-	)
-	infiniband? (
-		sys-fabric/libibumad:=[static-libs(+)]
-		sys-fabric/libibverbs:=[static-libs(+)]
-		sys-fabric/librdmacm:=[static-libs(+)]
-	)
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_p20180211[binary]
-		~sys-firmware/ipxe-1.0.0_p20180211[binary]
-		~sys-firmware/seabios-1.11.0[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8[binary]
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC64_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.11.0[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-	)
-"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	# musl patches
-	"${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
-	"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-	"${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
-	# gentoo patches
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${WORKDIR}"/patches
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser bluetooth bluez)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-04-08 18:16 Anthony G. Basile
  0 siblings, 0 replies; 19+ messages in thread
From: Anthony G. Basile @ 2020-04-08 18:16 UTC (permalink / raw
  To: gentoo-commits

commit:     f6cf3da864780099ce075e45136fa1300d721978
Author:     g3ngr33n <gengreen <AT> tutanota <DOT> com>
AuthorDate: Wed Apr  8 10:48:03 2020 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Apr  8 18:15:58 2020 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=f6cf3da8

app-emulation/qemu: Fix virtfs on musl

- qemu-4.2.0-r2 fail to build (missing header)
- Add files/qemu-4.2.0-r2-musl.patch
- Ebuild from main portage
(Only 1 line was add "${FILESDIR}"/${PN}-4.2.0-r2-musl.patch)

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   2 +
 app-emulation/qemu/files/65-kvm.rules-r1           |   2 +
 app-emulation/qemu/files/bridge.conf               |  14 +
 .../files/qemu-2.11.1-capstone_include_path.patch  |  11 +
 app-emulation/qemu/files/qemu-2.5.0-cflags.patch   |  13 +
 .../qemu/files/qemu-2.5.0-sysmacros.patch          |  15 +
 .../qemu/files/qemu-4.0.0-mkdir_systemtap.patch    |  12 +
 .../files/qemu-4.0.0-sanitize-interp_info.patch    |  32 +
 .../qemu/files/qemu-4.0.0-xkbcommon.patch          |  38 +
 app-emulation/qemu/files/qemu-4.2.0-cflags.patch   |  16 +
 app-emulation/qemu/files/qemu-4.2.0-r2-musl.patch  |  19 +
 app-emulation/qemu/files/qemu-binfmt.initd.head    |  64 ++
 app-emulation/qemu/files/qemu-binfmt.initd.tail    |  14 +
 app-emulation/qemu/metadata.xml                    |  67 ++
 app-emulation/qemu/qemu-4.2.0-r2.ebuild            | 835 +++++++++++++++++++++
 15 files changed, 1154 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
new file mode 100644
index 0000000..911250c
--- /dev/null
+++ b/app-emulation/qemu/Manifest
@@ -0,0 +1,2 @@
+DIST qemu-4.2.0-patches-r1.tar.xz 14552 BLAKE2B e8832ce5b7ccda02dcd63fa60a458322a36ba754c8bc682839de4ee33cf21a83cde434bdc062916d3c83e81026b68ebf2fbe099dc6c54c191875f830d95c63ae SHA512 7495e4c9ca80fd25a1bc8244b384f88f3bc6d7190e2840b1614e3bc6fd51938e42792c6a4dbdb2d400a45532e558814462647f35d5ab21e175bec84868a4161d
+DIST qemu-4.2.0.tar.xz 62222068 BLAKE2B 27c9fbcd5093af425764674817ab9299224bd03f37b5983786f6f437fff1fab3b7da247c55c4ca8b8c42726b9867005944a2f7f04f2d0d94d753961615f901ef SHA512 2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56

diff --git a/app-emulation/qemu/files/65-kvm.rules-r1 b/app-emulation/qemu/files/65-kvm.rules-r1
new file mode 100644
index 0000000..ab3776a
--- /dev/null
+++ b/app-emulation/qemu/files/65-kvm.rules-r1
@@ -0,0 +1,2 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"

diff --git a/app-emulation/qemu/files/bridge.conf b/app-emulation/qemu/files/bridge.conf
new file mode 100644
index 0000000..2bde37e
--- /dev/null
+++ b/app-emulation/qemu/files/bridge.conf
@@ -0,0 +1,14 @@
+# This should have the following permissions: root:qemu 0640
+
+# allow br0
+# Uncommenting the above would allow users in the 'qemu' group
+# to add devices to 'br0'
+
+# allow virbr0
+# Uncommenting the above would allow users in the 'qemu' group
+# to add devices to 'virbr0'
+
+# include /etc/qemu/bob.conf
+# Uncommenting the above would allow users in the 'bob' group
+# to have permissions defined in it, iff it has the following
+# permissions: root:bob 0640

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
new file mode 100644
index 0000000..d79570e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
@@ -0,0 +1,11 @@
+--- qemu-2.11.1/include/disas/capstone.h	2018-02-14 22:53:22.000000000 +0100
++++ qemu-2.11.1/include/disas/capstone.h	2018-02-17 20:12:12.754703951 +0100
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include <capstone.h>
++#include <capstone/capstone.h>
+ 
+ #else
+ 

diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
new file mode 100644
index 0000000..173394f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
@@ -0,0 +1,13 @@
+--- a/configure
++++ b/configure
+@@ -4468,10 +4468,6 @@ fi
+ if test "$gcov" = "yes" ; then
+   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+-  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+-  CFLAGS="-O2 $CFLAGS"
+ fi
+ 
+ ##########################################

diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
new file mode 100644
index 0000000..f2e766d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
@@ -0,0 +1,15 @@
+Linux C libs are moving away from implicit header pollution with sys/types.h
+
+--- a/include/qemu/osdep.h
++++ b/include/qemu/osdep.h
+@@ -78,6 +78,10 @@ extern int daemon(int, int);
+ #include <assert.h>
+ #include <signal.h>
+ 
++#ifdef __linux__
++#include <sys/sysmacros.h>
++#endif
++
+ #ifdef __OpenBSD__
+ #include <sys/signal.h>
+ #endif

diff --git a/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch b/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch
new file mode 100644
index 0000000..95ccdd7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch
@@ -0,0 +1,12 @@
+diff --git a/Makefile b/Makefile
+index 04a0d450..e0013a59 100644
+--- a/Makefile
++++ b/Makefile
+@@ -803,6 +802,7 @@
+ 	$(call install-prog,$(HELPERS-y),$(DESTDIR)$(libexecdir))
+ endif
+ ifdef CONFIG_TRACE_SYSTEMTAP
++	mkdir -p $(DESTDIR)$(bindir)
+ 	$(INSTALL_PROG) "scripts/qemu-trace-stap" $(DESTDIR)$(bindir)
+ endif
+ ifneq ($(BLOBS),)

diff --git a/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch b/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch
new file mode 100644
index 0000000..58ff0c7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch
@@ -0,0 +1,32 @@
+linux-user: Sanitize interp_info and, for mips
+
+Sanitize interp_info structure in load_elf_binary() and, for mips only,
+init its field fp_abi. This fixes appearances of "Unexpected FPU mode"
+message in some MIPS use cases.
+
+Signed-off-by: Daniel Santos <address@hidden>
+Signed-off-by: Aleksandar Markovic <address@hidden>
+---
+ linux-user/elfload.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/linux-user/elfload.c b/linux-user/elfload.c
+index c1a2602..7f09d57 100644
+--- a/linux-user/elfload.c
++++ b/linux-user/elfload.c
+@@ -2698,6 +2698,11 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
+     char *elf_interpreter = NULL;
+     char *scratch;
+ 
++    memset(&interp_info, 0, sizeof(interp_info));
++#ifdef TARGET_MIPS
++    interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN;
++#endif
++
+     info->start_mmap = (abi_ulong)ELF_START_MMAP;
+ 
+     load_elf_image(bprm->filename, bprm->fd, info,
+-- 
+2.7.4
+
+

diff --git a/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch b/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch
new file mode 100644
index 0000000..3d9a516
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch
@@ -0,0 +1,38 @@
+From cef396dc0b11a09ede85b275ed1ceee71b60a4b3 Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <chewi@gentoo.org>
+Date: Sat, 14 Sep 2019 15:47:20 +0100
+Subject: [PATCH] configure: Add xkbcommon configure options
+
+This dependency is currently "automagic", which is bad for distributions.
+
+Signed-off-by: James Le Cuirot <chewi@gentoo.org>
+---
+ configure | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/configure b/configure
+index 30aad233d1..30544f52e6 100755
+--- a/configure
++++ b/configure
+@@ -1521,6 +1521,10 @@ for opt do
+   ;;
+   --disable-libpmem) libpmem=no
+   ;;
++  --enable-xkbcommon) xkbcommon=yes
++  ;;
++  --disable-xkbcommon) xkbcommon=no
++  ;;
+   *)
+       echo "ERROR: unknown option $opt"
+       echo "Try '$0 --help' for more information"
+@@ -1804,6 +1808,7 @@ disabled with --disable-FEATURE, default is enabled if available:
+   capstone        capstone disassembler support
+   debug-mutex     mutex debugging support
+   libpmem         libpmem support
++  xkbcommon       xkbcommon support
+ 
+ NOTE: The object files are built at the place where configure is launched
+ EOF
+-- 
+2.23.0
+

diff --git a/app-emulation/qemu/files/qemu-4.2.0-cflags.patch b/app-emulation/qemu/files/qemu-4.2.0-cflags.patch
new file mode 100644
index 0000000..1019265
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-cflags.patch
@@ -0,0 +1,16 @@
+diff --git i/configure w/configure
+index a72a5def57..546d757603 100755
+--- i/configure
++++ w/configure
+@@ -6093,10 +6093,6 @@ write_c_skeleton
+ if test "$gcov" = "yes" ; then
+   QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS"
+   QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+-  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+-  CFLAGS="-O2 $CFLAGS"
+ fi
+ 
+ if test "$have_asan" = "yes"; then
+

diff --git a/app-emulation/qemu/files/qemu-4.2.0-r2-musl.patch b/app-emulation/qemu/files/qemu-4.2.0-r2-musl.patch
new file mode 100644
index 0000000..70332da
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-r2-musl.patch
@@ -0,0 +1,19 @@
+Build of qemu 4.2.0-r2 with virtfs on musl fail :
+
+qemu-4.2.0-r2/work/qemu-4.2.0/hw/9pfs/9p.c:3821:16: error: ‘XATTR_SIZE_MAX’ undeclared (first use in this function)
+3821 |     if (size > XATTR_SIZE_MAX)
+
+Fix : Add limits.h header 
+
+---
+
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -13,6 +13,7 @@
+ 
+ #include "qemu/osdep.h"
+ #include <glib/gprintf.h>
++#include <linux/limits.h>
+ #include "hw/virtio/virtio.h"
+ #include "qapi/error.h"
+ #include "qemu/error-report.h"

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.head b/app-emulation/qemu/files/qemu-binfmt.initd.head
new file mode 100644
index 0000000..0dcacef
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-binfmt.initd.head
@@ -0,0 +1,64 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Enable automatic non-native program execution by the kernel.
+
+# Defaulting to OC should be safe because it comes down to:
+#  - do we trust the interp itself to not be malicious?  yes; we built it.
+#  - do we trust the programs we're running?  ish; same permission as native
+#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
+: ${QEMU_BINFMT_FLAGS:=OC}
+
+depend() {
+	after procfs
+}
+
+start() {
+	ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
+
+	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
+		modprobe -q binfmt_misc
+	fi
+
+	if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
+		eend 1 "You need support for 'misc binaries' in your kernel!"
+		return
+	fi
+
+	if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
+		mount -t binfmt_misc -o nodev,noexec,nosuid \
+			binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
+		eend $? || return
+	fi
+
+	# Probe the native cpu type so we don't try registering them.
+	local cpu="$(uname -m)"
+	case "${cpu}" in
+	armv[4-9]*)
+		cpu="arm"
+		;;
+	i386|i486|i586|i686|i86pc|BePC|x86_64)
+		cpu="i386"
+		;;
+	m68k)
+		cpu="m68k"
+		;;
+	mips*)
+		cpu="mips"
+		;;
+	"Power Macintosh"|ppc|ppc64)
+		cpu="ppc"
+		;;
+	s390*)
+		cpu="s390"
+		;;
+	sh*)
+		cpu="sh"
+		;;
+	sparc*)
+		cpu="sparc"
+		;;
+	esac
+
+	# Register the interpreter for each cpu except for the native one.

diff --git a/app-emulation/qemu/files/qemu-binfmt.initd.tail b/app-emulation/qemu/files/qemu-binfmt.initd.tail
new file mode 100644
index 0000000..7679481
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-binfmt.initd.tail
@@ -0,0 +1,14 @@
+	eend 0
+}
+
+stop() {
+	# We unregister everything in the "qemu-xxx" namespace.
+	ebegin "Unregistering qemu-user binaries"
+	local f
+	for f in /proc/sys/fs/binfmt_misc/qemu-* ; do
+		if [ -f "${f}" ] ; then
+			echo '-1' > "${f}"
+		fi
+	done
+	eend 0
+}

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
new file mode 100644
index 0000000..07244b5
--- /dev/null
+++ b/app-emulation/qemu/metadata.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>tamiko@gentoo.org</email>
+		<name>Matthias Maier</name>
+	</maintainer>
+	<maintainer type="person">
+		<email>slyfox@gentoo.org</email>
+		<name>Sergei Trofimovich</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>virtualization@gentoo.org</email>
+		<name>Gentoo Virtualization Project</name>
+	</maintainer>
+	<use>
+		<flag name="accessibility">Adds support for braille displays using brltty</flag>
+		<flag name="aio">Enables support for Linux's Async IO</flag>
+		<flag name="alsa">Enable alsa output for sound emulation</flag>
+		<flag name="capstone">Enable disassembly support with <pkg>dev-libs/capstone</pkg></flag>
+		<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
+		<flag name="fdt">Enables firmware device tree support</flag>
+		<flag name="glusterfs">Enables GlusterFS cluster fileystem via
+			<pkg>sys-cluster/glusterfs</pkg></flag>
+		<flag name="gnutls">Enable TLS support for the VNC console server.
+		For 1.4 and newer this also enables WebSocket support.
+		For 2.0 through 2.3 also enables disk quorum support.</flag>
+		<flag name="iscsi">Enable direct iSCSI support via
+		<pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux
+		block layer that <pkg>sys-block/open-iscsi</pkg> does.</flag>
+		<flag name="ncurses">Enable the ncurses-based console</flag>
+		<flag name="nfs">Enable NFS support</flag>
+		<flag name="numa">Enable NUMA support</flag>
+		<flag name="pin-upstream-blobs">Pin the versions of BIOS firmware to the version included in the upstream release.
+		This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances.
+		When the blobs are different, random corruption/bugs/crashes/etc... may be observed.</flag>
+		<flag name="plugins">Enable qemu plugin API via shared library loading.</flag>
+		<flag name="pulseaudio">Enable pulseaudio output for sound emulation</flag>
+		<flag name="rbd">Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD</flag>
+		<flag name="sdl">Enable the SDL-based console</flag>
+		<flag name="sdl-image">SDL Image support for icons</flag>
+		<flag name="spice">Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
+		<flag name="ssh">Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
+		<flag name="static-user">Build the User targets as static binaries</flag>
+		<flag name="static">Build the User and Software MMU (system) targets as well as tools as static binaries</flag>
+		<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
+		<flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
+		<flag name="jemalloc">Enable jemalloc allocator support</flag>
+		<flag name="jpeg">Enable jpeg image support for the VNC console server</flag>
+		<flag name="png">Enable png image support for the VNC console server</flag>
+		<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
+		<flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
+		<flag name="vde">Enable VDE-based networking</flag>
+		<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
+		<flag name="vhost-user-fs">Enable shared file system access using the FUSE protocol carried over virtio.</flag>
+		<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
+		<flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
+		<flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
+		<flag name="xattr">Add support for getting and setting POSIX extended attributes, through
+		<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.
+	</flag>
+		<flag name="xen">Enables support for Xen backends</flag>
+		<flag name="xfs">Support xfsctl() notification and syncing for XFS backed
+		virtual disks.</flag>
+		<flag name="xkb">Depend on x11-libs/libxkbcommon to build qemu-keymap tool for converting xkb keymaps</flag>
+	</use>
+</pkgmetadata>

diff --git a/app-emulation/qemu/qemu-4.2.0-r2.ebuild b/app-emulation/qemu/qemu-4.2.0-r2.ebuild
new file mode 100644
index 0000000..0d58795
--- /dev/null
+++ b/app-emulation/qemu/qemu-4.2.0-r2.ebuild
@@ -0,0 +1,835 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="4.0.0-r50"
+
+inherit eutils linux-info toolchain-funcs multilib python-r1 \
+	udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
+	EGIT_SUBMODULES=(
+		slirp
+		tests/fp/berkeley-{test,soft}float-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="https://download.qemu.org/${P}.tar.xz
+		https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
+	+fdt glusterfs gnutls gtk infiniband iscsi jemalloc +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +oss +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	smartcard snappy spice ssh static static-user systemtap tci test usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	xfs +xkb"
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+	tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	static? ( static-user !alsa !gtk !opengl !pulseaudio !plugins !rbd !snappy )
+	static-user? ( !plugins )
+	virtfs? ( xattr )
+	vte? ( gtk )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? (
+		sys-fabric/libibumad:=[static-libs(+)]
+		sys-fabric/libibverbs:=[static-libs(+)]
+		sys-fabric/librdmacm:=[static-libs(+)]
+	)
+	iscsi? ( net-libs/libiscsi )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[X]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-201905[binary]
+		~sys-firmware/ipxe-1.0.0_p20190728[binary]
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-4.0.0-sanitize-interp_info.patch
+	"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+	"${WORKDIR}"/patches
+	"${FILESDIR}"/${PN}-4.2.0-r2-musl.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR LD NM OBJCOPY PKG_CONFIG
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--with-confsuffix=/qemu
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable doc docs)
+		$(use_enable plugins)
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		--disable-bluez
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jemalloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser vhost-user-fs)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+		$(conf_notuser xkb xkbcommon)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			$(usev alsa)
+			$(usev oss)
+			$(usev sdl)
+			$(usex pulseaudio pa "")
+		)
+		conf_opts+=(
+			--audio-drv-list=$(printf "%s," "${audio_opts[@]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+}


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-05-17 13:24 Jory Pratt
  0 siblings, 0 replies; 19+ messages in thread
From: Jory Pratt @ 2021-05-17 13:24 UTC (permalink / raw
  To: gentoo-commits

commit:     2ee29c244773dae16ed79fe702fc737c5b1c6458
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Mon May 17 13:24:22 2021 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Mon May 17 13:24:22 2021 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=2ee29c24

app-emulation/qemu: sync with ::gentoo

Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 .../qemu/files/qemu-5.2.0-dce-locks.patch          |  18 +
 app-emulation/qemu/qemu-5.2.0-r2.ebuild            | 878 ---------------------
 ...{qemu-5.2.0-r3.ebuild => qemu-5.2.0-r50.ebuild} |  21 +-
 3 files changed, 30 insertions(+), 887 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
new file mode 100644
index 0000000..679a9f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
@@ -0,0 +1,18 @@
+Fix CFLAGS=-Og build break. -Og fails because gcc does not enable dead
+code elimination (but does set __OPTIMIZE__ define).
+
+The fix avoids DCE reliance downstream entirely.
+
+Reported-by: Luke-Jr
+Bug: https://bugs.gentoo.org/782364
+--- a/include/qemu/lockable.h
++++ b/include/qemu/lockable.h
+@@ -28,7 +28,7 @@ struct QemuLockable {
+  * to QEMU_MAKE_LOCKABLE.  For optimized builds, we can rely on dead-code elimination
+  * from the compiler, and give the errors already at link time.
+  */
+-#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__)
++#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__) && defined(VALIDATE_LOCKS_VIA_DCE)
+ void unknown_lock_type(void *);
+ #else
+ static inline void unknown_lock_type(void *unused)

diff --git a/app-emulation/qemu/qemu-5.2.0-r2.ebuild b/app-emulation/qemu/qemu-5.2.0-r2.ebuild
deleted file mode 100644
index 549e0c7..0000000
--- a/app-emulation/qemu/qemu-5.2.0-r2.ebuild
+++ /dev/null
@@ -1,878 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="4.0.0-r50"
-
-inherit eutils linux-info toolchain-funcs multilib python-r1 \
-	udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
-	+fdt glusterfs gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg kernel_linux
-	kernel_FreeBSD lzo multipath
-	ncurses nfs nls numa opengl +oss +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs zstd"
-
-COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
-	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	avr lm32 moxie rx tricore unicore32"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
-	tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	static? ( static-user !alsa !gtk !jack !opengl !pulseaudio !plugins !rbd !snappy )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virtfs? ( caps xattr )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? (
-		sys-fabric/libibumad:=[static-libs(+)]
-		sys-fabric/libibverbs:=[static-libs(+)]
-		sys-fabric/librdmacm:=[static-libs(+)]
-	)
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-201905[binary]
-		~sys-firmware/ipxe-1.0.0_p20190728[binary,qemu]
-		~sys-firmware/seabios-1.12.0[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8[binary]
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.12.0[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? ( dev-python/sphinx )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-5.2.0-strings.patch
-	"${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
-	"${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-
-	# conditionally apply patches for musl support
-	if use elibc_musl ; then
-		eapply "${FILESDIR}"/musl-patches/0001-linux-user-fix-build-with-musl-on-aarch64.patch
-		eapply "${FILESDIR}"/musl-patches/0001-linux-user-fix-build-with-musl-on-ppc64le.patch
-		eapply "${FILESDIR}"/musl-patches/0001-virtio-host-input-use-safe-64-bit-time-accessors-for.patch
-		eapply "${FILESDIR}"/musl-patches/0002-virtio-user-input-use-safe-64-bit-time-accessors-for.patch
-		eapply "${FILESDIR}"/musl-patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
-		eapply "${FILESDIR}"/musl-patches/MAP_SYNC-fix.patch
-		eapply "${FILESDIR}"/musl-patches/fix-segevent-and-sigval_t.patch
-		eapply "${FILESDIR}"/musl-patches/fix-sendmsg.patch
-		eapply "${FILESDIR}"/musl-patches/fix-sockios-header.patch
-		eapply "${FILESDIR}"/musl-patches/guest-agent-shutdown.patch
-		eapply "${FILESDIR}"/musl-patches/ignore-signals-33-and-64-to-allow-golang-emulation.patch
-		eapply "${FILESDIR}"/musl-patches/mips-softfloat.patch
-		eapply "${FILESDIR}"/musl-patches/musl-F_SHLCK-and-F_EXLCK.patch
-		eapply "${FILESDIR}"/musl-patches/xattr_size_max.patch
-	fi
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable doc docs)
-		$(use_enable nls gettext)
-		$(use_enable plugins)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_notuser jemalloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(printf "%s," "${audio_opts[@]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}

diff --git a/app-emulation/qemu/qemu-5.2.0-r3.ebuild b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-5.2.0-r3.ebuild
rename to app-emulation/qemu/qemu-5.2.0-r50.ebuild
index 8234a3c..8984faa 100644
--- a/app-emulation/qemu/qemu-5.2.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
@@ -6,7 +6,7 @@ EAPI="7"
 PYTHON_COMPAT=( python3_{7,8,9} )
 PYTHON_REQ_USE="ncurses,readline"
 
-FIRMWARE_ABI_VERSION="4.0.0-r50"
+FIRMWARE_ABI_VERSION="5.2.0-r50"
 
 inherit eutils linux-info toolchain-funcs multilib python-r1
 inherit udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
@@ -24,7 +24,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="amd64 arm64 ~ppc ~ppc64 ~x86"
+	KEYWORDS="amd64 arm64 ~ppc ppc64 x86"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -170,25 +170,27 @@ SOFTMMU_TOOLS_DEPEND="
 	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
 "
 
+SEABIOS_VERSION="1.14.0"
+
 X86_FIRMWARE_DEPEND="
 	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-201905[binary]
-		~sys-firmware/ipxe-1.0.0_p20190728[binary,qemu]
-		~sys-firmware/seabios-1.12.0[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8[binary]
+		~sys-firmware/edk2-ovmf-202008[binary]
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre10[binary]
 	)
 	!pin-upstream-blobs? (
 		sys-firmware/edk2-ovmf
 		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-1.10.2[seavgabios]
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
 		sys-firmware/sgabios
 	)"
 PPC_FIRMWARE_DEPEND="
 	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
 	)
 	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-1.10.2[seavgabios]
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
 	)
 "
 
@@ -232,6 +234,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-strings.patch
 	"${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
 	"${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
+	"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 19+ messages in thread

* [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-07-18 15:47 Jory Pratt
  0 siblings, 0 replies; 19+ messages in thread
From: Jory Pratt @ 2021-07-18 15:47 UTC (permalink / raw
  To: gentoo-commits

commit:     14d1508edf3d4d65da93394799888b628b0766dc
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 18 15:47:49 2021 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Jul 18 15:47:49 2021 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=14d1508e

app-emulation/qemu: sync with ::gentoo

Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 app-emulation/qemu/files/qemu-6.0.0-make.patch             | 14 ++++++++++++++
 app-emulation/qemu/metadata.xml                            |  5 +++--
 .../qemu/{qemu-6.0.0.ebuild => qemu-6.0.0-r2.ebuild}       | 14 +++++++++-----
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-6.0.0-make.patch b/app-emulation/qemu/files/qemu-6.0.0-make.patch
new file mode 100644
index 0000000..2dac1ca
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.0.0-make.patch
@@ -0,0 +1,14 @@
+Allow MAKE='make V=1' and similar.
+
+https://bugs.gentoo.org/795678
+--- a/configure
++++ b/configure
+@@ -1953,7 +1953,7 @@ if test -z "$python"
+ then
+     error_exit "Python not found. Use --python=/path/to/python"
+ fi
+-if ! has "$make"
++if ! has $make
+ then
+     error_exit "GNU make ($make) not found"
+ fi

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index ec3f45a..4245f6d 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -6,8 +6,8 @@
 		<name>Matthias Maier</name>
 	</maintainer>
 	<maintainer type="person">
-		<email>slyfox@gentoo.org</email>
-		<name>Sergei Trofimovich</name>
+		<email>zlogene@gentoo.org</email>
+		<name>Mikle Kolyada</name>
 	</maintainer>
 	<maintainer type="project">
 		<email>virtualization@gentoo.org</email>
@@ -20,6 +20,7 @@
 		<flag name="capstone">Enable disassembly support with <pkg>dev-libs/capstone</pkg></flag>
 		<flag name="curl">Support ISOs / -cdrom directives via HTTP or HTTPS.</flag>
 		<flag name="fdt">Enables firmware device tree support</flag>
+		<flag name="fuse">Enables FUSE block device export</flag>
 		<flag name="glusterfs">Enables GlusterFS cluster fileystem via
 			<pkg>sys-cluster/glusterfs</pkg></flag>
 		<flag name="gnutls">Enable TLS support for the VNC console server.

diff --git a/app-emulation/qemu/qemu-6.0.0.ebuild b/app-emulation/qemu/qemu-6.0.0-r2.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-6.0.0.ebuild
rename to app-emulation/qemu/qemu-6.0.0-r2.ebuild
index 5c2c7c2..0583c6b 100644
--- a/app-emulation/qemu/qemu-6.0.0.ebuild
+++ b/app-emulation/qemu/qemu-6.0.0-r2.ebuild
@@ -9,7 +9,7 @@ PYTHON_REQ_USE="ncurses,readline"
 FIRMWARE_ABI_VERSION="5.2.0-r50"
 
 inherit eutils linux-info toolchain-funcs multilib python-r1
-inherit udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
+inherit udev fcaps readme.gentoo-r1 pax-utils xdg-utils
 
 if [[ ${PV} = *9999* ]]; then
 	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
@@ -23,7 +23,7 @@ if [[ ${PV} = *9999* ]]; then
 	SRC_URI=""
 else
 	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="amd64 arm64 ~ppc ppc64 ~x86"
+	KEYWORDS="amd64 arm64 ~ppc ppc64 x86"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -33,7 +33,7 @@ LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
 
 IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug +doc
-	+fdt glusterfs gnutls gtk infiniband iscsi io-uring
+	+fdt fuse glusterfs gnutls gtk infiniband iscsi io-uring
 	jack jemalloc +jpeg kernel_linux
 	kernel_FreeBSD lzo multipath
 	ncurses nfs nls numa opengl +oss +pin-upstream-blobs
@@ -108,6 +108,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 	qemu_softmmu_targets_ppc? ( fdt )
 	qemu_softmmu_targets_riscv32? ( fdt )
 	qemu_softmmu_targets_riscv64? ( fdt )
+	sdl-image? ( sdl )
 	static? ( static-user !alsa !gtk !jack !opengl !pulseaudio !plugins !rbd !snappy )
 	static-user? ( !plugins )
 	vhost-user-fs? ( caps seccomp )
@@ -149,6 +150,7 @@ SOFTMMU_TOOLS_DEPEND="
 	caps? ( sys-libs/libcap-ng[static-libs(+)] )
 	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
 	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
 	gnutls? (
 		dev-libs/nettle:=[static-libs(+)]
@@ -171,8 +173,8 @@ SOFTMMU_TOOLS_DEPEND="
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	multipath? ( sys-fs/multipath-tools )
 	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
 	)
 	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
 	numa? ( sys-process/numactl[static-libs(+)] )
@@ -274,6 +276,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
+	"${FILESDIR}"/${PN}-6.0.0-make.patch
 )
 
 QA_PREBUILT="
@@ -521,6 +524,7 @@ qemu_src_configure() {
 		$(conf_notuser caps cap-ng)
 		$(conf_notuser curl)
 		$(conf_notuser fdt)
+		$(conf_notuser fuse)
 		$(conf_notuser glusterfs)
 		$(conf_notuser gnutls)
 		$(conf_notuser gnutls nettle)


^ permalink raw reply related	[flat|nested] 19+ messages in thread

end of thread, other threads:[~2021-07-18 15:48 UTC | newest]

Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-02 20:16 [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/ Aric Belsito
  -- strict thread matches above, loose matches on Subject: below --
2021-07-18 15:47 Jory Pratt
2021-05-17 13:24 Jory Pratt
2020-04-08 18:16 Anthony G. Basile
2019-03-27  1:43 Anthony G. Basile
2018-03-18 21:47 Aric Belsito
2017-12-21 23:25 Aric Belsito
2017-11-13 21:18 Aric Belsito
2017-07-26 19:11 Aric Belsito
2017-05-06 21:26 Aric Belsito
2017-04-30  2:11 Aric Belsito
2017-04-25 16:36 Aric Belsito
2017-03-27 16:18 Aric Belsito
2017-02-21 18:20 Aric Belsito
2017-02-13 20:04 Aric Belsito
2017-02-13  6:46 Aric Belsito
2017-01-03 22:34 Aric Belsito
2016-10-01 19:38 Felix Janda
2015-06-11 23:46 Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox