public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2015-11-23  0:41 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2015-11-23  0:41 UTC (permalink / raw
  To: gentoo-commits

commit:     48dc0173191a6bdea35ada3682f5426511ccd654
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 23 00:41:00 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Nov 23 00:41:00 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48dc0173

app-emulation/qemu: update cflags patch #565866

 app-emulation/qemu/files/qemu-2.5.0-cflags.patch | 13 +++++++++++++
 app-emulation/qemu/qemu-9999.ebuild              |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
new file mode 100644
index 0000000..173394f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
@@ -0,0 +1,13 @@
+--- a/configure
++++ b/configure
+@@ -4468,10 +4468,6 @@ fi
+ if test "$gcov" = "yes" ; then
+   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+-  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+-  CFLAGS="-O2 $CFLAGS"
+ fi
+ 
+ ##########################################

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 3123715..aa8b852 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -306,7 +306,7 @@ src_prepare() {
 	# Cheap hack to disable gettext .mo generation.
 	use nls || rm -f po/*.po
 
-	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
+	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2015-12-08  3:17 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2015-12-08  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     32c4e7044c0a00de9d1a10fc8db207c4fa34dbba
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  8 03:11:31 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Dec  8 03:11:31 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32c4e704

app-emulation/qemu: add upstream security fixes #566792 #567144

 .../qemu/files/qemu-2.4.1-CVE-2015-7504.patch      |  49 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-7512.patch      |  37 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-8345.patch      |  65 +++
 app-emulation/qemu/qemu-2.4.1-r1.ebuild            | 644 +++++++++++++++++++++
 4 files changed, 795 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch
new file mode 100644
index 0000000..e86e0c6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch
@@ -0,0 +1,49 @@
+From 837f21aacf5a714c23ddaadbbc5212f9b661e3f7 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 20 Nov 2015 11:50:31 +0530
+Subject: [PATCH] net: pcnet: add check to validate receive data
+ size(CVE-2015-7504)
+
+In loopback mode, pcnet_receive routine appends CRC code to the
+receive buffer. If the data size given is same as the buffer size,
+the appended CRC code overwrites 4 bytes after s->buffer. Added a
+check to avoid that.
+
+Reported by: Qinghao Tang <luodalongde@gmail.com>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/pcnet.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 0eb3cc4..309c40b 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -1084,7 +1084,7 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+                 uint32_t fcs = ~0;
+                 uint8_t *p = src;
+ 
+-                while (p != &src[size-4])
++                while (p != &src[size])
+                     CRC(fcs, *p++);
+                 crc_err = (*(uint32_t *)p != htonl(fcs));
+             }
+@@ -1233,8 +1233,10 @@ static void pcnet_transmit(PCNetState *s)
+         bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+ 
+         /* if multi-tmd packet outsizes s->buffer then skip it silently.
+-           Note: this is not what real hw does */
+-        if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
++         * Note: this is not what real hw does.
++         * Last four bytes of s->buffer are used to store CRC FCS code.
++         */
++        if (s->xmit_pos + bcnt > sizeof(s->buffer) - 4) {
+             s->xmit_pos = -1;
+             goto txdone;
+         }
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch
new file mode 100644
index 0000000..4fee9ef
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch
@@ -0,0 +1,37 @@
+From 8b98a2f07175d46c3f7217639bd5e03f2ec56343 Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Mon, 30 Nov 2015 15:00:06 +0800
+Subject: [PATCH] pcnet: fix rx buffer overflow(CVE-2015-7512)
+
+Backends could provide a packet whose length is greater than buffer
+size. Check for this and truncate the packet to avoid rx buffer
+overflow in this case.
+
+Cc: Prasad J Pandit <pjp@fedoraproject.org>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/pcnet.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 309c40b..1f4a3db 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -1064,6 +1064,12 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
+             int pktcount = 0;
+ 
+             if (!s->looptest) {
++                if (size > 4092) {
++#ifdef PCNET_DEBUG_RMD
++                    fprintf(stderr, "pcnet: truncates rx packet.\n");
++#endif
++                    size = 4092;
++                }
+                 memcpy(src, buf, size);
+                 /* no need to compute the CRC */
+                 src[size] = 0;
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch
new file mode 100644
index 0000000..f01d9ac
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch
@@ -0,0 +1,65 @@
+https://bugs.gentoo.org/566792
+
+From 00837731d254908a841d69298a4f9f077babaf24 Mon Sep 17 00:00:00 2001
+From: Stefan Weil <sw@weilnetz.de>
+Date: Fri, 20 Nov 2015 08:42:33 +0100
+Subject: [PATCH] eepro100: Prevent two endless loops
+
+http://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg04592.html
+shows an example how an endless loop in function action_command can
+be achieved.
+
+During my code review, I noticed a 2nd case which can result in an
+endless loop.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Stefan Weil <sw@weilnetz.de>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/eepro100.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
+index 60333b7..685a478 100644
+--- a/hw/net/eepro100.c
++++ b/hw/net/eepro100.c
+@@ -774,6 +774,11 @@ static void tx_command(EEPRO100State *s)
+ #if 0
+         uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
+ #endif
++        if (tx_buffer_size == 0) {
++            /* Prevent an endless loop. */
++            logout("loop in %s:%u\n", __FILE__, __LINE__);
++            break;
++        }
+         tbd_address += 8;
+         TRACE(RXTX, logout
+             ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
+@@ -855,6 +860,10 @@ static void set_multicast_list(EEPRO100State *s)
+ 
+ static void action_command(EEPRO100State *s)
+ {
++    /* The loop below won't stop if it gets special handcrafted data.
++       Therefore we limit the number of iterations. */
++    unsigned max_loop_count = 16;
++
+     for (;;) {
+         bool bit_el;
+         bool bit_s;
+@@ -870,6 +879,13 @@ static void action_command(EEPRO100State *s)
+ #if 0
+         bool bit_sf = ((s->tx.command & COMMAND_SF) != 0);
+ #endif
++
++        if (max_loop_count-- == 0) {
++            /* Prevent an endless loop. */
++            logout("loop in %s:%u\n", __FILE__, __LINE__);
++            break;
++        }
++
+         s->cu_offset = s->tx.link;
+         TRACE(OTHER,
+               logout("val=(cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/qemu-2.4.1-r1.ebuild b/app-emulation/qemu/qemu-2.4.1-r1.ebuild
new file mode 100644
index 0000000..6e3ff9a
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.4.1-r1.ebuild
@@ -0,0 +1,644 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo pax-utils
+
+BACKPORTS=
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
+	${BACKPORTS:+
+		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
+virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( dev-libs/nss !app-emulation/libcacard )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	tls? ( net-libs/gnutls[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'\n
+For Intel CPUs the module is called 'kvm-intel'\n
+Please review /etc/conf.d/modules for how to load these\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	# Cheap hack to disable gettext .mo generation.
+	use nls || rm -f po/*.po
+
+	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-{7504,7512}.patch #567144
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-8345.patch #566792
+	epatch "${FILESDIR}"/${PN}-2.4-mips-* #563162
+	[[ -n ${BACKPORTS} ]] && \
+		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+			epatch
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard smartcard-nss)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu tls vnc-tls)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/kvm_stat"
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp/*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+	if use virtfs && [ -n "${softmmu_targets}" ]; then
+		local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
+		fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2015-12-15  5:55 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2015-12-15  5:55 UTC (permalink / raw
  To: gentoo-commits

commit:     75d0202d68b81bc06d451b574670d8374751789f
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 15 05:43:01 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Dec 15 05:55:01 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75d0202d

app-emulation/qemu: add upstream fixes for #567828 #568214

 .../qemu/files/qemu-2.4.1-CVE-2015-7549.patch      |  62 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-8504.patch      |  46 ++
 app-emulation/qemu/qemu-2.4.1-r2.ebuild            | 642 +++++++++++++++++++++
 3 files changed, 750 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch
new file mode 100644
index 0000000..897fe34
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch
@@ -0,0 +1,62 @@
+https://bugs.gentoo.org/568214
+
+From 43b11a91dd861a946b231b89b7542856ade23d1b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Fri, 26 Jun 2015 14:25:29 +0200
+Subject: [PATCH] msix: implement pba write (but read-only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+qpci_msix_pending() writes on pba region, causing qemu to SEGV:
+
+  Program received signal SIGSEGV, Segmentation fault.
+  [Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
+  0x0000000000000000 in ?? ()
+  (gdb) bt
+  #0  0x0000000000000000 in  ()
+  #1  0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
+  #2  0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
+  #3  0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
+  #4  0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
+  #5  0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
+  #6  0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80
+  #7  0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
+  #8  0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
+  #9  0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581
+  #10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
+  #11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
+  #12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122
+
+(without this patch, this can be reproduced with the ivshmem qtest)
+
+Implement an empty mmio write to avoid the crash.
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/pci/msix.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/pci/msix.c b/hw/pci/msix.c
+index 2fdada4..64c93d8 100644
+--- a/hw/pci/msix.c
++++ b/hw/pci/msix.c
+@@ -200,8 +200,14 @@ static uint64_t msix_pba_mmio_read(void *opaque, hwaddr addr,
+     return pci_get_long(dev->msix_pba + addr);
+ }
+ 
++static void msix_pba_mmio_write(void *opaque, hwaddr addr,
++                                uint64_t val, unsigned size)
++{
++}
++
+ static const MemoryRegionOps msix_pba_mmio_ops = {
+     .read = msix_pba_mmio_read,
++    .write = msix_pba_mmio_write,
+     .endianness = DEVICE_LITTLE_ENDIAN,
+     .valid = {
+         .min_access_size = 4,
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch
new file mode 100644
index 0000000..7b0102a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch
@@ -0,0 +1,46 @@
+https://bugs.gentoo.org/567828
+
+From 4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 3 Dec 2015 18:54:17 +0530
+Subject: [PATCH] ui: vnc: avoid floating point exception
+
+While sending 'SetPixelFormat' messages to a VNC server,
+the client could set the 'red-max', 'green-max' and 'blue-max'
+values to be zero. This leads to a floating point exception in
+write_png_palette while doing frame buffer updates.
+
+Reported-by: Lian Yihan <lianyihan@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ ui/vnc.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ui/vnc.c b/ui/vnc.c
+index 7538405..cbe4d33 100644
+--- a/ui/vnc.c
++++ b/ui/vnc.c
+@@ -2198,15 +2198,15 @@ static void set_pixel_format(VncState *vs,
+         return;
+     }
+ 
+-    vs->client_pf.rmax = red_max;
++    vs->client_pf.rmax = red_max ? red_max : 0xFF;
+     vs->client_pf.rbits = hweight_long(red_max);
+     vs->client_pf.rshift = red_shift;
+     vs->client_pf.rmask = red_max << red_shift;
+-    vs->client_pf.gmax = green_max;
++    vs->client_pf.gmax = green_max ? green_max : 0xFF;
+     vs->client_pf.gbits = hweight_long(green_max);
+     vs->client_pf.gshift = green_shift;
+     vs->client_pf.gmask = green_max << green_shift;
+-    vs->client_pf.bmax = blue_max;
++    vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
+     vs->client_pf.bbits = hweight_long(blue_max);
+     vs->client_pf.bshift = blue_shift;
+     vs->client_pf.bmask = blue_max << blue_shift;
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/qemu-2.4.1-r2.ebuild b/app-emulation/qemu/qemu-2.4.1-r2.ebuild
new file mode 100644
index 0000000..3556dfe
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.4.1-r2.ebuild
@@ -0,0 +1,642 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo pax-utils
+
+BACKPORTS=
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
+	${BACKPORTS:+
+		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
+virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( dev-libs/nss !app-emulation/libcacard )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	tls? ( net-libs/gnutls[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'\n
+For Intel CPUs the module is called 'kvm-intel'\n
+Please review /etc/conf.d/modules for how to load these\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	# Cheap hack to disable gettext .mo generation.
+	use nls || rm -f po/*.po
+
+	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-{7504,7512}.patch #567144
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-8345.patch #566792
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-8504.patch #567828
+	epatch "${FILESDIR}"/${PN}-2.4.1-CVE-2015-7549.patch #568214
+	epatch "${FILESDIR}"/${PN}-2.4-mips-* #563162
+	[[ -n ${BACKPORTS} ]] && \
+		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+			epatch
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard smartcard-nss)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu tls vnc-tls)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/kvm_stat"
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/qmp/"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp/*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-03-23  5:25 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2016-03-23  5:25 UTC (permalink / raw
  To: gentoo-commits

commit:     346b8a658c0fb521e9a783699a678756765d8845
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 23 05:22:02 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Mar 23 05:22:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=346b8a65

app-emulation/qemu: backport various upstream fixes

 .../qemu/files/qemu-2.5.0-CVE-2015-8613.patch      |  35 ++
 .../qemu/files/qemu-2.5.0-CVE-2015-8619.patch      | 121 ++++
 .../qemu/files/qemu-2.5.0-CVE-2016-1714.patch      |  58 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-1922.patch      |  65 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-1981.patch      |  98 +++
 .../qemu/files/qemu-2.5.0-CVE-2016-2197.patch      |  43 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch      |  46 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-2392.patch      |  35 ++
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch     |  98 +++
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch     | 135 +++++
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch     | 155 +++++
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch     | 179 ++++++
 .../qemu/files/qemu-2.5.0-sysmacros.patch          |  15 +
 .../qemu/files/qemu-2.5.0-usb-ehci-oob.patch       |  52 ++
 .../files/qemu-2.5.0-usb-ndis-int-overflow.patch   |  59 ++
 app-emulation/qemu/qemu-2.5.0-r2.ebuild            | 669 +++++++++++++++++++++
 16 files changed, 1863 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
new file mode 100644
index 0000000..61a52ee
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
@@ -0,0 +1,35 @@
+From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Mon, 21 Dec 2015 15:13:13 +0530
+Subject: [PATCH] scsi: initialise info object with appropriate size
+
+While processing controller 'CTRL_GET_INFO' command, the routine
+'megasas_ctrl_get_info' overflows the '&info' object size. Use its
+appropriate size to null initialise it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: P J P <ppandit@redhat.com>
+---
+ hw/scsi/megasas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index d7dc667..576f56c 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
+     BusChild *kid;
+     int num_pd_disks = 0;
+ 
+-    memset(&info, 0x0, cmd->iov_size);
++    memset(&info, 0x0, dcmd_size);
+     if (cmd->iov_size < dcmd_size) {
+         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+                                             dcmd_size);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
new file mode 100644
index 0000000..be67336
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
@@ -0,0 +1,121 @@
+From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Wed, 13 Jan 2016 09:09:58 +0100
+Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
+
+When processing 'sendkey' command, hmp_sendkey routine null
+terminates the 'keyname_buf' array. This results in an OOB
+write issue, if 'keyname_len' was to fall outside of
+'keyname_buf' array.
+
+Since the keyname's length is known the keyname_buf can be
+removed altogether by adding a length parameter to
+index_from_key() and using it for the error output as well.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Message-Id: <20160113080958.GA18934@olga>
+[Comparison with "<" dumbed down, test for junk after strtoul()
+tweaked]
+Signed-off-by: Markus Armbruster <armbru@redhat.com>
+---
+ hmp.c                | 18 ++++++++----------
+ include/ui/console.h |  2 +-
+ ui/input-legacy.c    |  5 +++--
+ 3 files changed, 12 insertions(+), 13 deletions(-)
+
+diff --git a/hmp.c b/hmp.c
+index 54f2620..9c571f5 100644
+--- a/hmp.c
++++ b/hmp.c
+@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
+     int has_hold_time = qdict_haskey(qdict, "hold-time");
+     int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
+     Error *err = NULL;
+-    char keyname_buf[16];
+     char *separator;
+     int keyname_len;
+ 
+     while (1) {
+         separator = strchr(keys, '-');
+         keyname_len = separator ? separator - keys : strlen(keys);
+-        pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
+ 
+         /* Be compatible with old interface, convert user inputted "<" */
+-        if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
+-            pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
++        if (keys[0] == '<' && keyname_len == 1) {
++            keys = "less";
+             keyname_len = 4;
+         }
+-        keyname_buf[keyname_len] = 0;
+ 
+         keylist = g_malloc0(sizeof(*keylist));
+         keylist->value = g_malloc0(sizeof(*keylist->value));
+@@ -1758,16 +1755,17 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
+         }
+         tmp = keylist;
+ 
+-        if (strstart(keyname_buf, "0x", NULL)) {
++        if (strstart(keys, "0x", NULL)) {
+             char *endp;
+-            int value = strtoul(keyname_buf, &endp, 0);
+-            if (*endp != '\0') {
++            int value = strtoul(keys, &endp, 0);
++            assert(endp <= keys + keyname_len);
++            if (endp != keys + keyname_len) {
+                 goto err_out;
+             }
+             keylist->value->type = KEY_VALUE_KIND_NUMBER;
+             keylist->value->u.number = value;
+         } else {
+-            int idx = index_from_key(keyname_buf);
++            int idx = index_from_key(keys, keyname_len);
+             if (idx == Q_KEY_CODE_MAX) {
+                 goto err_out;
+             }
+@@ -1789,7 +1787,7 @@ out:
+     return;
+ 
+ err_out:
+-    monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
++    monitor_printf(mon, "invalid parameter: %.*s\n", keyname_len, keys);
+     goto out;
+ }
+ 
+diff --git a/include/ui/console.h b/include/ui/console.h
+index adac36d..116bc2b 100644
+--- a/include/ui/console.h
++++ b/include/ui/console.h
+@@ -448,7 +448,7 @@ static inline int vnc_display_pw_expire(const char *id, time_t expires)
+ void curses_display_init(DisplayState *ds, int full_screen);
+ 
+ /* input.c */
+-int index_from_key(const char *key);
++int index_from_key(const char *key, size_t key_length);
+ 
+ /* gtk.c */
+ void early_gtk_display_init(int opengl);
+diff --git a/ui/input-legacy.c b/ui/input-legacy.c
+index 35dfc27..3454055 100644
+--- a/ui/input-legacy.c
++++ b/ui/input-legacy.c
+@@ -57,12 +57,13 @@ struct QEMUPutLEDEntry {
+ static QTAILQ_HEAD(, QEMUPutLEDEntry) led_handlers =
+     QTAILQ_HEAD_INITIALIZER(led_handlers);
+ 
+-int index_from_key(const char *key)
++int index_from_key(const char *key, size_t key_length)
+ {
+     int i;
+ 
+     for (i = 0; QKeyCode_lookup[i] != NULL; i++) {
+-        if (!strcmp(key, QKeyCode_lookup[i])) {
++        if (!strncmp(key, QKeyCode_lookup[i], key_length) &&
++            !QKeyCode_lookup[i][key_length]) {
+             break;
+         }
+     }
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
new file mode 100644
index 0000000..917fa2f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1714.patch
@@ -0,0 +1,58 @@
+From 66f8fd9dda312191b78d2a2ba2848bcee76127a2 Mon Sep 17 00:00:00 2001
+From: "Gabriel L. Somlo" <somlo@cmu.edu>
+Date: Thu, 5 Nov 2015 09:32:50 -0500
+Subject: [PATCH] fw_cfg: avoid calculating invalid current entry pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When calculating a pointer to the currently selected fw_cfg item, the
+following is used:
+
+  FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+
+When s->cur_entry is FW_CFG_INVALID, we are calculating the address of
+a non-existent element in s->entries[arch][...], which is undefined.
+
+This patch ensures the resulting entry pointer is set to NULL whenever
+s->cur_entry is FW_CFG_INVALID.
+
+Reported-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
+Message-id: 1446733972-1602-5-git-send-email-somlo@cmu.edu
+Cc: Marc Marí <markmb@redhat.com>
+Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/nvram/fw_cfg.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
+index c2d3a0a..046fa74 100644
+--- a/hw/nvram/fw_cfg.c
++++ b/hw/nvram/fw_cfg.c
+@@ -277,7 +277,8 @@ static int fw_cfg_select(FWCfgState *s, uint16_t key)
+ static uint8_t fw_cfg_read(FWCfgState *s)
+ {
+     int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+-    FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
++    FWCfgEntry *e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
++                    &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+     uint8_t ret;
+ 
+     if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
+@@ -342,7 +343,8 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
+     }
+ 
+     arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
+-    e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
++    e = (s->cur_entry == FW_CFG_INVALID) ? NULL :
++        &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
+ 
+     if (dma.control & FW_CFG_DMA_CTL_READ) {
+         read = 1;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
new file mode 100644
index 0000000..23c2341
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1922.patch
@@ -0,0 +1,65 @@
+From 4c1396cb576c9b14425558b73de1584c7a9735d7 Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Fri, 18 Dec 2015 11:35:07 +0530
+Subject: [PATCH] i386: avoid null pointer dereference
+
+    Hello,
+
+A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
+occurs while doing I/O port write operations via hmp interface. In that,
+'current_cpu' remains null as it is not called from cpu_exec loop, which
+results in the said issue.
+
+Below is a proposed (tested)patch to fix this issue; Does it look okay?
+
+===
+From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 18 Dec 2015 11:16:07 +0530
+Subject: [PATCH] i386: avoid null pointer dereference
+
+When I/O port write operation is called from hmp interface,
+'current_cpu' remains null, as it is not called from cpu_exec()
+loop. This leads to a null pointer dereference in vapic_write
+routine. Add check to avoid it.
+
+Reported-by: Ling Liu <liuling-it@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: P J P <ppandit@redhat.com>
+---
+ hw/i386/kvmvapic.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
+index c6d34b2..f0922da 100644
+--- a/hw/i386/kvmvapic.c
++++ b/hw/i386/kvmvapic.c
+@@ -634,13 +634,18 @@ static int vapic_prepare(VAPICROMState *s)
+ static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
+                         unsigned int size)
+ {
+-    CPUState *cs = current_cpu;
+-    X86CPU *cpu = X86_CPU(cs);
+-    CPUX86State *env = &cpu->env;
+-    hwaddr rom_paddr;
+     VAPICROMState *s = opaque;
++    X86CPU *cpu;
++    CPUX86State *env;
++    hwaddr rom_paddr;
+ 
+-    cpu_synchronize_state(cs);
++    if (!current_cpu) {
++        return;
++    }
++
++    cpu_synchronize_state(current_cpu);
++    cpu = X86_CPU(current_cpu);
++    env = &cpu->env;
+ 
+     /*
+      * The VAPIC supports two PIO-based hypercalls, both via port 0x7E.
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
new file mode 100644
index 0000000..2922193
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-1981.patch
@@ -0,0 +1,98 @@
+From dd793a74882477ca38d49e191110c17dfee51dcc Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 19 Jan 2016 14:17:20 +0100
+Subject: [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer
+ start
+
+The start_xmit() and e1000_receive_iov() functions implement DMA transfers
+iterating over a set of descriptors that the guest's e1000 driver
+prepares:
+
+- the TDLEN and RDLEN registers store the total size of the descriptor
+  area,
+
+- while the TDH and RDH registers store the offset (in whole tx / rx
+  descriptors) into the area where the transfer is supposed to start.
+
+Each time a descriptor is processed, the TDH and RDH register is bumped
+(as appropriate for the transfer direction).
+
+QEMU already contains logic to deal with bogus transfers submitted by the
+guest:
+
+- Normally, the transmit case wants to increase TDH from its initial value
+  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
+  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
+  that QEMU currently has here is a check against reaching the original
+  TDH value again -- a complete wraparound, which should never happen.
+
+- In the receive case RDH is increased from its initial value until
+  "total_size" bytes have been received; preferably in a single step, or
+  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
+  RX descriptors are skipped without receiving data, while RDH is
+  incremented just the same. QEMU tries to prevent an infinite loop
+  (processing only null RX descriptors) by detecting whether RDH assumes
+  its original value during the loop. (Again, wrapping from RDLEN to 0 is
+  normal.)
+
+What both directions miss is that the guest could program TDLEN and RDLEN
+so low, and the initial TDH and RDH so high, that these registers will
+immediately be truncated to zero, and then never reassume their initial
+values in the loop -- a full wraparound will never occur.
+
+The condition that expresses this is:
+
+  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)
+
+i.e., TDH or RDH start out after the last whole rx or tx descriptor that
+fits into the TDLEN or RDLEN sized area.
+
+This condition could be checked before we enter the loops, but
+pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
+bogus DMA addresses, so we just extend the existing failsafes with the
+above condition.
+
+This is CVE-2016-1981.
+
+Cc: "Michael S. Tsirkin" <mst@redhat.com>
+Cc: Petr Matousek <pmatouse@redhat.com>
+Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Cc: Prasad Pandit <ppandit@redhat.com>
+Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
+Cc: Jason Wang <jasowang@redhat.com>
+Cc: qemu-stable@nongnu.org
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/net/e1000.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/e1000.c b/hw/net/e1000.c
+index 4eda7a3..0387fa0 100644
+--- a/hw/net/e1000.c
++++ b/hw/net/e1000.c
+@@ -909,7 +909,8 @@ start_xmit(E1000State *s)
+          * bogus values to TDT/TDLEN.
+          * there's nothing too intelligent we could do about this.
+          */
+-        if (s->mac_reg[TDH] == tdh_start) {
++        if (s->mac_reg[TDH] == tdh_start ||
++            tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
+             DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
+                    tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
+             break;
+@@ -1166,7 +1167,8 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
+         if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
+             s->mac_reg[RDH] = 0;
+         /* see comment in start_xmit; same here */
+-        if (s->mac_reg[RDH] == rdh_start) {
++        if (s->mac_reg[RDH] == rdh_start ||
++            rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
+             DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
+                    rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
+             set_ics(s, 0, E1000_ICS_RXO);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
new file mode 100644
index 0000000..0ab7b02
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2197.patch
@@ -0,0 +1,43 @@
+From 99b4cb71069f109b79b27bc629fc0cf0886dbc4b Mon Sep 17 00:00:00 2001
+From: John Snow <jsnow@redhat.com>
+Date: Wed, 10 Feb 2016 13:29:40 -0500
+Subject: [PATCH] ahci: Do not unmap NULL addresses
+
+Definitely don't try to unmap a garbage address.
+
+Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com>
+Signed-off-by: John Snow <jsnow@redhat.com>
+Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com
+---
+ hw/ide/ahci.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
+index 7e87b18..3a95dad 100644
+--- a/hw/ide/ahci.c
++++ b/hw/ide/ahci.c
+@@ -662,6 +662,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad)
+ 
+ static void ahci_unmap_fis_address(AHCIDevice *ad)
+ {
++    if (ad->res_fis == NULL) {
++        DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n");
++        return;
++    }
+     dma_memory_unmap(ad->hba->as, ad->res_fis, 256,
+                      DMA_DIRECTION_FROM_DEVICE, 256);
+     ad->res_fis = NULL;
+@@ -678,6 +682,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad)
+ 
+ static void ahci_unmap_clb_address(AHCIDevice *ad)
+ {
++    if (ad->lst == NULL) {
++        DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n");
++        return;
++    }
+     dma_memory_unmap(ad->hba->as, ad->lst, 1024,
+                      DMA_DIRECTION_FROM_DEVICE, 1024);
+     ad->lst = NULL;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
new file mode 100644
index 0000000..d179c33
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
@@ -0,0 +1,46 @@
+From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 29 Jan 2016 18:30:34 +0530
+Subject: [PATCH] usb: ehci: add capability mmio write function
+
+USB Ehci emulation supports host controller capability registers.
+But its mmio '.write' function was missing, which lead to a null
+pointer dereference issue. Add a do nothing 'ehci_caps_write'
+definition to avoid it; Do nothing because capability registers
+are Read Only(RO).
+
+Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 1b50601..0f95d0d 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
+     return s->caps[addr];
+ }
+ 
++static void ehci_caps_write(void *ptr, hwaddr addr,
++                             uint64_t val, unsigned size)
++{
++}
++
+ static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
+                                 unsigned size)
+ {
+@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
+ 
+ static const MemoryRegionOps ehci_mmio_caps_ops = {
+     .read = ehci_caps_read,
++    .write = ehci_caps_write,
+     .valid.min_access_size = 1,
+     .valid.max_access_size = 4,
+     .impl.min_access_size = 1,
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
new file mode 100644
index 0000000..e7aa5ca
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2392.patch
@@ -0,0 +1,35 @@
+From 80eecda8e5d09c442c24307f340840a5b70ea3b9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 11 Feb 2016 16:31:20 +0530
+Subject: [PATCH] usb: check USB configuration descriptor object
+
+When processing remote NDIS control message packets, the USB Net
+device emulator checks to see if the USB configuration descriptor
+object is of RNDIS type(2). But it does not check if it is null,
+which leads to a null dereference error. Add check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1455188480-14688-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-network.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
+index 985a629..5dc4538 100644
+--- a/hw/usb/dev-network.c
++++ b/hw/usb/dev-network.c
+@@ -654,7 +654,8 @@ typedef struct USBNetState {
+ 
+ static int is_rndis(USBNetState *s)
+ {
+-    return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
++    return s->dev.config ?
++            s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
+ }
+ 
+ static int ndis_query(USBNetState *s, uint32_t oid,
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
new file mode 100644
index 0000000..684f6ad
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
@@ -0,0 +1,98 @@
+From 3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:15 +0100
+Subject: [PATCH] rng: remove the unused request cancellation code
+
+rng_backend_cancel_requests had no callers and none of the code
+deleted in this commit ever ran.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-2-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 12 ------------
+ backends/rng.c       |  9 ---------
+ include/sysemu/rng.h | 11 -----------
+ 3 files changed, 32 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 2de5cd5..0b2976a 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -125,17 +125,6 @@ static void rng_egd_free_requests(RngEgd *s)
+     s->requests = NULL;
+ }
+ 
+-static void rng_egd_cancel_requests(RngBackend *b)
+-{
+-    RngEgd *s = RNG_EGD(b);
+-
+-    /* We simply delete the list of pending requests.  If there is data in the 
+-     * queue waiting to be read, this is okay, because there will always be
+-     * more data than we requested originally
+-     */
+-    rng_egd_free_requests(s);
+-}
+-
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+ {
+     RngEgd *s = RNG_EGD(b);
+@@ -213,7 +202,6 @@ static void rng_egd_class_init(ObjectClass *klass, void *data)
+     RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
+ 
+     rbc->request_entropy = rng_egd_request_entropy;
+-    rbc->cancel_requests = rng_egd_cancel_requests;
+     rbc->opened = rng_egd_opened;
+ }
+ 
+diff --git a/backends/rng.c b/backends/rng.c
+index b7820ef..2f2f3ee 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -26,15 +26,6 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
+     }
+ }
+ 
+-void rng_backend_cancel_requests(RngBackend *s)
+-{
+-    RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
+-
+-    if (k->cancel_requests) {
+-        k->cancel_requests(s);
+-    }
+-}
+-
+ static bool rng_backend_prop_get_opened(Object *obj, Error **errp)
+ {
+     RngBackend *s = RNG_BACKEND(obj);
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 858be8c..87b3ebe 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -37,7 +37,6 @@ struct RngBackendClass
+ 
+     void (*request_entropy)(RngBackend *s, size_t size,
+                             EntropyReceiveFunc *receive_entropy, void *opaque);
+-    void (*cancel_requests)(RngBackend *s);
+ 
+     void (*opened)(RngBackend *s, Error **errp);
+ };
+@@ -68,14 +67,4 @@ struct RngBackend
+ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  EntropyReceiveFunc *receive_entropy,
+                                  void *opaque);
+-
+-/**
+- * rng_backend_cancel_requests:
+- * @s: the backend to cancel all pending requests in
+- *
+- * Cancels all pending requests submitted by @rng_backend_request_entropy.  This
+- * should be used by a device during reset or in preparation for live migration
+- * to stop tracking any request.
+- */
+-void rng_backend_cancel_requests(RngBackend *s);
+ #endif
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
new file mode 100644
index 0000000..44ba8a7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
@@ -0,0 +1,135 @@
+From 74074e8a7c60592cf1cc6469dbc2550d24aeded3 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:16 +0100
+Subject: [PATCH] rng: move request queue from RngEgd to RngBackend
+
+The 'requests' field now lives in the RngBackend parent class.
+There are no functional changes in this commit.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-3-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 28 +++++++++-------------------
+ include/sysemu/rng.h | 11 +++++++++++
+ 2 files changed, 20 insertions(+), 19 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 0b2976a..b061362 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -25,19 +25,8 @@ typedef struct RngEgd
+ 
+     CharDriverState *chr;
+     char *chr_name;
+-
+-    GSList *requests;
+ } RngEgd;
+ 
+-typedef struct RngRequest
+-{
+-    EntropyReceiveFunc *receive_entropy;
+-    uint8_t *data;
+-    void *opaque;
+-    size_t offset;
+-    size_t size;
+-} RngRequest;
+-
+ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+                                     EntropyReceiveFunc *receive_entropy,
+                                     void *opaque)
+@@ -66,7 +55,7 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+         size -= len;
+     }
+ 
+-    s->requests = g_slist_append(s->requests, req);
++    s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+ static void rng_egd_free_request(RngRequest *req)
+@@ -81,7 +70,7 @@ static int rng_egd_chr_can_read(void *opaque)
+     GSList *i;
+     int size = 0;
+ 
+-    for (i = s->requests; i; i = i->next) {
++    for (i = s->parent.requests; i; i = i->next) {
+         RngRequest *req = i->data;
+         size += req->size - req->offset;
+     }
+@@ -94,8 +83,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+     RngEgd *s = RNG_EGD(opaque);
+     size_t buf_offset = 0;
+ 
+-    while (size > 0 && s->requests) {
+-        RngRequest *req = s->requests->data;
++    while (size > 0 && s->parent.requests) {
++        RngRequest *req = s->parent.requests->data;
+         int len = MIN(size, req->size - req->offset);
+ 
+         memcpy(req->data + req->offset, buf + buf_offset, len);
+@@ -104,7 +93,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+         size -= len;
+ 
+         if (req->offset == req->size) {
+-            s->requests = g_slist_remove_link(s->requests, s->requests);
++            s->parent.requests = g_slist_remove_link(s->parent.requests,
++                                                     s->parent.requests);
+ 
+             req->receive_entropy(req->opaque, req->data, req->size);
+ 
+@@ -117,12 +107,12 @@ static void rng_egd_free_requests(RngEgd *s)
+ {
+     GSList *i;
+ 
+-    for (i = s->requests; i; i = i->next) {
++    for (i = s->parent.requests; i; i = i->next) {
+         rng_egd_free_request(i->data);
+     }
+ 
+-    g_slist_free(s->requests);
+-    s->requests = NULL;
++    g_slist_free(s->parent.requests);
++    s->parent.requests = NULL;
+ }
+ 
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 87b3ebe..c744d82 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -24,6 +24,7 @@
+ #define RNG_BACKEND_CLASS(klass) \
+     OBJECT_CLASS_CHECK(RngBackendClass, (klass), TYPE_RNG_BACKEND)
+ 
++typedef struct RngRequest RngRequest;
+ typedef struct RngBackendClass RngBackendClass;
+ typedef struct RngBackend RngBackend;
+ 
+@@ -31,6 +32,15 @@ typedef void (EntropyReceiveFunc)(void *opaque,
+                                   const void *data,
+                                   size_t size);
+ 
++struct RngRequest
++{
++    EntropyReceiveFunc *receive_entropy;
++    uint8_t *data;
++    void *opaque;
++    size_t offset;
++    size_t size;
++};
++
+ struct RngBackendClass
+ {
+     ObjectClass parent_class;
+@@ -47,6 +57,7 @@ struct RngBackend
+ 
+     /*< protected >*/
+     bool opened;
++    GSList *requests;
+ };
+ 
+ /**
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
new file mode 100644
index 0000000..1cffcc5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
@@ -0,0 +1,155 @@
+From 9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:17 +0100
+Subject: [PATCH] rng: move request queue cleanup from RngEgd to RngBackend
+
+RngBackend is now in charge of cleaning up the linked list on
+instance finalization. It also exposes a function to finalize
+individual RngRequest instances, called by its child classes.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-4-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c   | 25 +------------------------
+ backends/rng.c       | 32 ++++++++++++++++++++++++++++++++
+ include/sysemu/rng.h | 12 ++++++++++++
+ 3 files changed, 45 insertions(+), 24 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index b061362..8f2bd16 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -58,12 +58,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+     s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+-static void rng_egd_free_request(RngRequest *req)
+-{
+-    g_free(req->data);
+-    g_free(req);
+-}
+-
+ static int rng_egd_chr_can_read(void *opaque)
+ {
+     RngEgd *s = RNG_EGD(opaque);
+@@ -93,28 +87,13 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
+         size -= len;
+ 
+         if (req->offset == req->size) {
+-            s->parent.requests = g_slist_remove_link(s->parent.requests,
+-                                                     s->parent.requests);
+-
+             req->receive_entropy(req->opaque, req->data, req->size);
+ 
+-            rng_egd_free_request(req);
++            rng_backend_finalize_request(&s->parent, req);
+         }
+     }
+ }
+ 
+-static void rng_egd_free_requests(RngEgd *s)
+-{
+-    GSList *i;
+-
+-    for (i = s->parent.requests; i; i = i->next) {
+-        rng_egd_free_request(i->data);
+-    }
+-
+-    g_slist_free(s->parent.requests);
+-    s->parent.requests = NULL;
+-}
+-
+ static void rng_egd_opened(RngBackend *b, Error **errp)
+ {
+     RngEgd *s = RNG_EGD(b);
+@@ -183,8 +162,6 @@ static void rng_egd_finalize(Object *obj)
+     }
+ 
+     g_free(s->chr_name);
+-
+-    rng_egd_free_requests(s);
+ }
+ 
+ static void rng_egd_class_init(ObjectClass *klass, void *data)
+diff --git a/backends/rng.c b/backends/rng.c
+index 2f2f3ee..014cb9d 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -64,6 +64,30 @@ static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp)
+     s->opened = true;
+ }
+ 
++static void rng_backend_free_request(RngRequest *req)
++{
++    g_free(req->data);
++    g_free(req);
++}
++
++static void rng_backend_free_requests(RngBackend *s)
++{
++    GSList *i;
++
++    for (i = s->requests; i; i = i->next) {
++        rng_backend_free_request(i->data);
++    }
++
++    g_slist_free(s->requests);
++    s->requests = NULL;
++}
++
++void rng_backend_finalize_request(RngBackend *s, RngRequest *req)
++{
++    s->requests = g_slist_remove(s->requests, req);
++    rng_backend_free_request(req);
++}
++
+ static void rng_backend_init(Object *obj)
+ {
+     object_property_add_bool(obj, "opened",
+@@ -72,6 +96,13 @@ static void rng_backend_init(Object *obj)
+                              NULL);
+ }
+ 
++static void rng_backend_finalize(Object *obj)
++{
++    RngBackend *s = RNG_BACKEND(obj);
++
++    rng_backend_free_requests(s);
++}
++
+ static void rng_backend_class_init(ObjectClass *oc, void *data)
+ {
+     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+@@ -84,6 +115,7 @@ static const TypeInfo rng_backend_info = {
+     .parent = TYPE_OBJECT,
+     .instance_size = sizeof(RngBackend),
+     .instance_init = rng_backend_init,
++    .instance_finalize = rng_backend_finalize,
+     .class_size = sizeof(RngBackendClass),
+     .class_init = rng_backend_class_init,
+     .abstract = true,
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index c744d82..08a2eda 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -78,4 +79,15 @@ struct RngBackend
+ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  EntropyReceiveFunc *receive_entropy,
+                                  void *opaque);
++
++/**
++ * rng_backend_free_request:
++ * @s: the backend that created the request
++ * @req: the request to finalize
++ *
++ * Used by child rng backend classes to finalize requests once they've been
++ * processed. The request is removed from the list of active requests and
++ * deleted.
++ */
++void rng_backend_finalize_request(RngBackend *s, RngRequest *req);
+ #endif
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
new file mode 100644
index 0000000..ca9340a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
@@ -0,0 +1,179 @@
+From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:18 +0100
+Subject: [PATCH] rng: add request queue support to rng-random
+
+Requests are now created in the RngBackend parent class and the
+code path is shared by both rng-egd and rng-random.
+
+This commit fixes the rng-random implementation which processed
+only one request at a time and simply discarded all but the most
+recent one. In the guest this manifested as delayed completion
+of reads from virtio-rng, i.e. a read was completed only after
+another read was issued.
+
+By switching rng-random to use the same request queue as rng-egd,
+the unsafe stack-based allocation of the entropy buffer is
+eliminated and replaced with g_malloc.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c    | 16 ++--------------
+ backends/rng-random.c | 43 +++++++++++++++++++------------------------
+ backends/rng.c        | 13 ++++++++++++-
+ include/sysemu/rng.h  |  3 +--
+ 4 files changed, 34 insertions(+), 41 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 8f2bd16..30332ed 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -27,20 +27,10 @@ typedef struct RngEgd
+     char *chr_name;
+ } RngEgd;
+ 
+-static void rng_egd_request_entropy(RngBackend *b, size_t size,
+-                                    EntropyReceiveFunc *receive_entropy,
+-                                    void *opaque)
++static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
+ {
+     RngEgd *s = RNG_EGD(b);
+-    RngRequest *req;
+-
+-    req = g_malloc(sizeof(*req));
+-
+-    req->offset = 0;
+-    req->size = size;
+-    req->receive_entropy = receive_entropy;
+-    req->opaque = opaque;
+-    req->data = g_malloc(req->size);
++    size_t size = req->size;
+ 
+     while (size > 0) {
+         uint8_t header[2];
+@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+ 
+         size -= len;
+     }
+-
+-    s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+ 
+ static int rng_egd_chr_can_read(void *opaque)
+diff --git a/backends/rng-random.c b/backends/rng-random.c
+index 8cdad6a..a6cb385 100644
+--- a/backends/rng-random.c
++++ b/backends/rng-random.c
+@@ -22,10 +22,6 @@ struct RndRandom
+ 
+     int fd;
+     char *filename;
+-
+-    EntropyReceiveFunc *receive_func;
+-    void *opaque;
+-    size_t size;
+ };
+ 
+ /**
+@@ -38,36 +34,35 @@ struct RndRandom
+ static void entropy_available(void *opaque)
+ {
+     RndRandom *s = RNG_RANDOM(opaque);
+-    uint8_t buffer[s->size];
+-    ssize_t len;
+ 
+-    len = read(s->fd, buffer, s->size);
+-    if (len < 0 && errno == EAGAIN) {
+-        return;
+-    }
+-    g_assert(len != -1);
++    while (s->parent.requests != NULL) {
++        RngRequest *req = s->parent.requests->data;
++        ssize_t len;
++
++        len = read(s->fd, req->data, req->size);
++        if (len < 0 && errno == EAGAIN) {
++            return;
++        }
++        g_assert(len != -1);
+ 
+-    s->receive_func(s->opaque, buffer, len);
+-    s->receive_func = NULL;
++        req->receive_entropy(req->opaque, req->data, len);
+ 
++        rng_backend_finalize_request(&s->parent, req);
++    }
++
++    /* We've drained all requests, the fd handler can be reset. */
+     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
+ }
+ 
+-static void rng_random_request_entropy(RngBackend *b, size_t size,
+-                                        EntropyReceiveFunc *receive_entropy,
+-                                        void *opaque)
++static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
+ {
+     RndRandom *s = RNG_RANDOM(b);
+ 
+-    if (s->receive_func) {
+-        s->receive_func(s->opaque, NULL, 0);
++    if (s->parent.requests == NULL) {
++        /* If there are no pending requests yet, we need to
++         * install our fd handler. */
++        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+     }
+-
+-    s->receive_func = receive_entropy;
+-    s->opaque = opaque;
+-    s->size = size;
+-
+-    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+ }
+ 
+ static void rng_random_opened(RngBackend *b, Error **errp)
+diff --git a/backends/rng.c b/backends/rng.c
+index 014cb9d..277a41b 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
+                                  void *opaque)
+ {
+     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
++    RngRequest *req;
+ 
+     if (k->request_entropy) {
+-        k->request_entropy(s, size, receive_entropy, opaque);
++        req = g_malloc(sizeof(*req));
++
++        req->offset = 0;
++        req->size = size;
++        req->receive_entropy = receive_entropy;
++        req->opaque = opaque;
++        req->data = g_malloc(req->size);
++
++        k->request_entropy(s, req);
++
++        s->requests = g_slist_append(s->requests, req);
+     }
+ }
+ 
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 08a2eda..4fffd68 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -45,8 +45,7 @@ struct RngBackendClass
+ {
+     ObjectClass parent_class;
+ 
+-    void (*request_entropy)(RngBackend *s, size_t size,
+-                            EntropyReceiveFunc *receive_entropy, void *opaque);
++    void (*request_entropy)(RngBackend *s, RngRequest *req);
+ 
+     void (*opened)(RngBackend *s, Error **errp);
+ };
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
new file mode 100644
index 0000000..f2e766d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
@@ -0,0 +1,15 @@
+Linux C libs are moving away from implicit header pollution with sys/types.h
+
+--- a/include/qemu/osdep.h
++++ b/include/qemu/osdep.h
+@@ -78,6 +78,10 @@ extern int daemon(int, int);
+ #include <assert.h>
+ #include <signal.h>
+ 
++#ifdef __linux__
++#include <sys/sysmacros.h>
++#endif
++
+ #ifdef __OpenBSD__
+ #include <sys/signal.h>
+ #endif

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
new file mode 100644
index 0000000..2ddca3e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-usb-ehci-oob.patch
@@ -0,0 +1,52 @@
+From 49d925ce50383a286278143c05511d30ec41a36e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 20 Jan 2016 01:26:46 +0530
+Subject: [PATCH] usb: check page select value while processing iTD
+
+While processing isochronous transfer descriptors(iTD), the page
+select(PG) field value could lead to an OOB read access. Add
+check to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1453233406-12165-1-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index ab00268..93601d9 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1405,21 +1405,23 @@ static int ehci_process_itd(EHCIState *ehci,
+         if (itd->transact[i] & ITD_XACT_ACTIVE) {
+             pg   = get_field(itd->transact[i], ITD_XACT_PGSEL);
+             off  = itd->transact[i] & ITD_XACT_OFFSET_MASK;
+-            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
+-            ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
+             len  = get_field(itd->transact[i], ITD_XACT_LENGTH);
+ 
+             if (len > max * mult) {
+                 len = max * mult;
+             }
+-
+-            if (len > BUFF_SIZE) {
++            if (len > BUFF_SIZE || pg > 6) {
+                 return -1;
+             }
+ 
++            ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
+             qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
+             if (off + len > 4096) {
+                 /* transfer crosses page border */
++                if (pg == 6) {
++                    return -1;  /* avoid page pg + 1 */
++                }
++                ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
+                 uint32_t len2 = off + len - 4096;
+                 uint32_t len1 = len - len2;
+                 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
new file mode 100644
index 0000000..da643fd
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-usb-ndis-int-overflow.patch
@@ -0,0 +1,59 @@
+From fe3c546c5ff2a6210f9a4d8561cc64051ca8603e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 17 Feb 2016 00:23:41 +0530
+Subject: [PATCH] usb: check RNDIS buffer offsets & length
+
+When processing remote NDIS control message packets,
+the USB Net device emulator uses a fixed length(4096) data buffer.
+The incoming informationBufferOffset & Length combination could
+overflow and cross that range. Check control message buffer
+offsets and length to avoid it.
+
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-network.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
+index 5dc4538..c6abd38 100644
+--- a/hw/usb/dev-network.c
++++ b/hw/usb/dev-network.c
+@@ -916,8 +916,9 @@ static int rndis_query_response(USBNetState *s,
+ 
+     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
+     buflen = le32_to_cpu(buf->InformationBufferLength);
+-    if (bufoffs + buflen > length)
++    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
+         return USB_RET_STALL;
++    }
+ 
+     infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
+                             bufoffs + (uint8_t *) buf, buflen, infobuf,
+@@ -962,8 +963,9 @@ static int rndis_set_response(USBNetState *s,
+ 
+     bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
+     buflen = le32_to_cpu(buf->InformationBufferLength);
+-    if (bufoffs + buflen > length)
++    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) {
+         return USB_RET_STALL;
++    }
+ 
+     ret = ndis_set(s, le32_to_cpu(buf->OID),
+                     bufoffs + (uint8_t *) buf, buflen);
+@@ -1213,8 +1215,9 @@ static void usb_net_handle_dataout(USBNetState *s, USBPacket *p)
+     if (le32_to_cpu(msg->MessageType) == RNDIS_PACKET_MSG) {
+         uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
+         uint32_t size = le32_to_cpu(msg->DataLength);
+-        if (offs + size <= len)
++        if (offs < len && size < len && offs + size <= len) {
+             qemu_send_packet(qemu_get_queue(s->nic), s->out_buf + offs, size);
++        }
+     }
+     s->out_ptr -= len;
+     memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/qemu-2.5.0-r2.ebuild b/app-emulation/qemu/qemu-2.5.0-r2.ebuild
new file mode 100644
index 0000000..7c4c9d1
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.5.0-r2.ebuild
@@ -0,0 +1,669 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo pax-utils
+
+BACKPORTS=
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
+	${BACKPORTS:+
+		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle[static-libs(+)]
+		>=net-libs/gnutls-3.0[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'\n
+For Intel CPUs the module is called 'kvm-intel'\n
+Please review /etc/conf.d/modules for how to load these\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login."
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	# Cheap hack to disable gettext .mo generation.
+	use nls || rm -f po/*.po
+
+	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+	[[ -n ${BACKPORTS} ]] && \
+		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+			epatch
+
+	epatch "${FILESDIR}"/${P}-CVE-2015-8567.patch #567868
+	epatch "${FILESDIR}"/${P}-CVE-2015-8558.patch #568246
+	epatch "${FILESDIR}"/${P}-CVE-2015-8701.patch #570110
+	epatch "${FILESDIR}"/${P}-CVE-2015-8743.patch #570988
+	epatch "${FILESDIR}"/${P}-CVE-2016-1568.patch #571566
+	epatch "${FILESDIR}"/${P}-CVE-2015-8613.patch #569118
+	epatch "${FILESDIR}"/${P}-CVE-2015-8619.patch #569300
+	epatch "${FILESDIR}"/${P}-CVE-2016-1714.patch #571560
+	epatch "${FILESDIR}"/${P}-CVE-2016-1922.patch #572082
+	epatch "${FILESDIR}"/${P}-CVE-2016-1981.patch #572412
+	epatch "${FILESDIR}"/${P}-usb-ehci-oob.patch #572454
+	epatch "${FILESDIR}"/${P}-CVE-2016-2197.patch #573280
+	epatch "${FILESDIR}"/${P}-CVE-2016-2198.patch #573314
+	epatch "${FILESDIR}"/${P}-CVE-2016-2392.patch #574902
+	epatch "${FILESDIR}"/${P}-usb-ndis-int-overflow.patch #575492
+	epatch "${FILESDIR}"/${P}-rng-stack-corrupt-{0,1,2,3}.patch #576420
+	epatch "${FILESDIR}"/${P}-sysmacros.patch
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/kvm_stat"
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-04-23 20:30 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2016-04-23 20:30 UTC (permalink / raw
  To: gentoo-commits

commit:     78f6468a75114af92b5f86ef97d7614b08ffdeb4
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 23 20:23:02 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Apr 23 20:29:50 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f6468a

app-misc/qemu: version bump & bug fixes #579614 #580040 #580426

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch      | 107 ++++
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch      |  16 +
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 ++
 app-emulation/qemu/qemu-2.5.1.ebuild               | 686 +++++++++++++++++++++
 5 files changed, 857 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 70a4faa..2e2539b 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.5.0.tar.bz2 25464996 SHA256 3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3 WHIRLPOOL 8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
+DIST qemu-2.5.1.tar.bz2 25464539 SHA256 028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f WHIRLPOOL 32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
new file mode 100644
index 0000000..cf1a4c3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
@@ -0,0 +1,107 @@
+https://bugs.gentoo.org/580426
+https://bugs.gentoo.org/568246
+
+From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 18 Apr 2016 09:20:54 +0200
+Subject: [PATCH] Revert "ehci: make idt processing more robust"
+
+This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
+
+Breaks FreeBSD.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index d5c0e1c..43a8f7a 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ {
+     USBDevice *dev;
+     USBEndpoint *ep;
+-    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
++    uint32_t i, len, pid, dir, devaddr, endp;
+     uint32_t pg, off, ptr1, ptr2, max, mult;
+ 
+     ehci->periodic_sched_active = PERIODIC_ACTIVE;
+@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
+                 ehci_raise_irq(ehci, USBSTS_INT);
+             }
+             itd->transact[i] &= ~ITD_XACT_ACTIVE;
+-            xfers++;
+         }
+     }
+-    return xfers ? 0 : -1;
++    return 0;
+ }
+ 
+ 
+-- 
+2.7.4
+
+From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 18 Apr 2016 09:11:38 +0200
+Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
+DoS by the guest (create a circular iTD queue and let qemu ehci
+emulation run in circles forever).  Unfortunately this has two problems:
+First it misses the case of siTDs, and second it reportedly breaks
+FreeBSD.
+
+So lets go for a different approach: just count the number of iTDs and
+siTDs we have seen per frame and apply a limit.  That should really
+catch all cases now.
+
+Reported-by: 杜少博 <dushaobo@360.cn>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ehci.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 159f58d..d5c0e1c 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
+ static void ehci_advance_state(EHCIState *ehci, int async)
+ {
+     EHCIQueue *q = NULL;
++    int itd_count = 0;
+     int again;
+ 
+     do {
+@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
+ 
+         case EST_FETCHITD:
+             again = ehci_state_fetchitd(ehci, async);
++            itd_count++;
+             break;
+ 
+         case EST_FETCHSITD:
+             again = ehci_state_fetchsitd(ehci, async);
++            itd_count++;
+             break;
+ 
+         case EST_ADVANCEQUEUE:
+@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
+             break;
+         }
+ 
+-        if (again < 0) {
++        if (again < 0 || itd_count > 16) {
++            /* TODO: notify guest (raise HSE irq?) */
+             fprintf(stderr, "processing error - resetting ehci HC\n");
+             ehci_reset(ehci);
+             again = 0;
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
new file mode 100644
index 0000000..e3115c1
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
@@ -0,0 +1,16 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
+https://bugs.gentoo.org/580040
+
+diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
+index c69f374..ff1e31a 100644
+--- a/hw/i386/kvmvapic.c
++++ b/hw/i386/kvmvapic.c
+@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
+     CPUX86State *env = &cpu->env;
+     VAPICHandlers *handlers;
+     uint8_t opcode[2];
+-    uint32_t imm32;
++    uint32_t imm32 = 0;
+     target_ulong current_pc = 0;
+     target_ulong current_cs_base = 0;
+     int current_flags = 0;

diff --git a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
new file mode 100644
index 0000000..ab7d3f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
@@ -0,0 +1,47 @@
+From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 8 Apr 2016 11:33:48 +0530
+Subject: [PATCH] net: stellaris_enet: check packet length against receive
+ buffer
+
+When receiving packets over Stellaris ethernet controller, it
+uses receive buffer of size 2048 bytes. In case the controller
+accepts large(MTU) packets, it could lead to memory corruption.
+Add check to avoid it.
+
+Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/net/stellaris_enet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
+index 84cf60b..6880894 100644
+--- a/hw/net/stellaris_enet.c
++++ b/hw/net/stellaris_enet.c
+@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
+     n = s->next_packet + s->np;
+     if (n >= 31)
+         n -= 31;
+-    s->np++;
+ 
++    if (size >= sizeof(s->rx[n].data) - 6) {
++        /* If the packet won't fit into the
++         * emulated 2K RAM, this is reported
++         * as a FIFO overrun error.
++         */
++        s->ris |= SE_INT_FOV;
++        stellaris_enet_update(s);
++        return -1;
++    }
++
++    s->np++;
+     s->rx[n].len = size + 6;
+     p = s->rx[n].data;
+     *(p++) = (size + 6);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/qemu-2.5.1.ebuild b/app-emulation/qemu/qemu-2.5.1.ebuild
new file mode 100644
index 0000000..97d745f
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.5.1.ebuild
@@ -0,0 +1,686 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo pax-utils l10n
+
+BACKPORTS=
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
+	${BACKPORTS:+
+		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle[static-libs(+)]
+		>=net-libs/gnutls-3.0[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+	[[ -n ${BACKPORTS} ]] && \
+		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+			epatch
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
+	epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
+	epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
+	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
+	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/kvm_stat"
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-05-17  4:41 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2016-05-17  4:41 UTC (permalink / raw
  To: gentoo-commits

commit:     6b13602fdf3ffadf7a32cf41f29580a686bd0802
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue May 17 04:40:51 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue May 17 04:41:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b13602f

app-emulation/qemu: workaround breakage in xfs/linux headers #577810

Add upstream patch to workaround some combinations of xfsprogs & linux
headers so we don't have to worry about stable breakage anymore.  This
fix is already in upstream & unstable versions.

 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  | 82 ++++++++++++++++++++++
 app-emulation/qemu/qemu-2.5.1.ebuild               |  1 +
 2 files changed, 83 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
new file mode 100644
index 0000000..743171b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
@@ -0,0 +1,82 @@
+https://bugs.gentoo.org/577810
+
+From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
+From: Jan Vesely <jano.vesely@gmail.com>
+Date: Fri, 29 Apr 2016 13:15:23 -0400
+Subject: [PATCH] configure: Check if struct fsxattr is available from linux
+ header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes build failure with --enable-xfsctl and
+new linux headers (>=4.5) and older xfsprogs(<4.5):
+In file included from /usr/include/xfs/xfs.h:38:0,
+                 from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
+/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
+ struct fsxattr {
+        ^
+In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
+/usr/include/linux/fs.h:155:8: note: originally defined here
+ struct fsxattr {
+
+This is really a bug in the system headers, but we can work around it
+by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
+the struct, so that xfs_fs.h doesn't try to define it as well.
+
+CC: qemu-trivial@nongnu.org
+CC: Markus Armbruster <armbru@redhat.com>
+CC: Peter Maydell <peter.maydell@linaro.org>
+CC: Stefan Weil <sw@weilnetz.de>
+Tested-by: Stefan Weil <sw@weilnetz.de>
+Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
+[PMM: adjusted commit message, comments]
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ configure | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/configure b/configure
+index ab54f3c..c37fc5f 100755
+--- a/configure
++++ b/configure
+@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
+ fi
+ 
+ ##########################################
++# check if struct fsxattr is available via linux/fs.h
++
++have_fsxattr=no
++cat > $TMPC << EOF
++#include <linux/fs.h>
++struct fsxattr foo;
++int main(void) {
++  return 0;
++}
++EOF
++if compile_prog "" "" ; then
++    have_fsxattr=yes
++fi
++
++##########################################
+ # End of CC checks
+ # After here, no more $cc or $ld runs
+ 
+@@ -5160,6 +5175,14 @@ fi
+ if test "$have_ifaddrs_h" = "yes" ; then
+     echo "HAVE_IFADDRS_H=y" >> $config_host_mak
+ fi
++
++# Work around a system header bug with some kernel/XFS header
++# versions where they both try to define 'struct fsxattr':
++# xfs headers will not try to redefine structs from linux headers
++# if this macro is set.
++if test "$have_fsxattr" = "yes" ; then
++    echo "HAVE_FSXATTR=y" >> $config_host_mak
++fi
+ if test "$vte" = "yes" ; then
+   echo "CONFIG_VTE=y" >> $config_host_mak
+   echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
+-- 
+2.8.2
+

diff --git a/app-emulation/qemu/qemu-2.5.1.ebuild b/app-emulation/qemu/qemu-2.5.1.ebuild
index 27d1c30..ae5fa97 100644
--- a/app-emulation/qemu/qemu-2.5.1.ebuild
+++ b/app-emulation/qemu/qemu-2.5.1.ebuild
@@ -343,6 +343,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
 	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-06-07  3:02 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2016-06-07  3:02 UTC (permalink / raw
  To: gentoo-commits

commit:     cb48eca5e347d3b916edb77078f1d2bd39716d66
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 02:58:50 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 02:59:12 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb48eca5

app-emulation/qemu: fix static linking errors w/curl[ssl,curl_ssl_openssl]

 .../qemu/files/qemu-2.6.0-crypto-static.patch      | 60 ++++++++++++++++++++++
 app-emulation/qemu/qemu-2.6.0.ebuild               |  3 +-
 app-emulation/qemu/qemu-9999.ebuild                |  4 +-
 3 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch b/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
new file mode 100644
index 0000000..4856373
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
@@ -0,0 +1,60 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01611.html
+
+From 6a2909cf98e892783b2502df6f7f4de46d13e42b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Mon, 6 Jun 2016 17:58:26 -0400
+Subject: [PATCH] crypto: aes: always rename internal symbols
+
+OpenSSL's libcrypto always defines AES symbols with the same names as
+qemu's local aes code.  This is problematic when enabling at least curl
+as that frequently also uses libcrypto.  It might not be noticed when
+running, but if you try to statically link, everything falls down.
+
+An example snippet:
+  LINK  qemu-nbd
+.../libcrypto.a(aes-x86_64.o): In function 'AES_encrypt':
+(.text+0x460): multiple definition of 'AES_encrypt'
+crypto/aes.o:aes.c:(.text+0x670): first defined here
+.../libcrypto.a(aes-x86_64.o): In function 'AES_decrypt':
+(.text+0x9f0): multiple definition of 'AES_decrypt'
+crypto/aes.o:aes.c:(.text+0xb30): first defined here
+.../libcrypto.a(aes-x86_64.o): In function 'AES_cbc_encrypt':
+(.text+0xf90): multiple definition of 'AES_cbc_encrypt'
+crypto/aes.o:aes.c:(.text+0xff0): first defined here
+collect2: error: ld returned 1 exit status
+.../qemu-2.6.0/rules.mak:105: recipe for target 'qemu-nbd' failed
+make: *** [qemu-nbd] Error 1
+
+The aes.h header has redefines already for FreeBSD, but go ahead and
+enable that for everyone since there's no real good reason to not use
+a namespace all the time.
+
+Signed-off-by: Mike Frysinger <vapier@chromium.org>
+---
+ include/crypto/aes.h | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/include/crypto/aes.h b/include/crypto/aes.h
+index a006da2224a9..12fb321b89de 100644
+--- a/include/crypto/aes.h
++++ b/include/crypto/aes.h
+@@ -10,14 +10,13 @@ struct aes_key_st {
+ };
+ typedef struct aes_key_st AES_KEY;
+ 
+-/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */
+-#ifdef __FreeBSD__
++/* FreeBSD/OpenSSL have their own AES functions with the same names in -lcrypto
++ * (which might be pulled in via curl), so redefine to avoid conflicts. */
+ #define AES_set_encrypt_key QEMU_AES_set_encrypt_key
+ #define AES_set_decrypt_key QEMU_AES_set_decrypt_key
+ #define AES_encrypt QEMU_AES_encrypt
+ #define AES_decrypt QEMU_AES_decrypt
+ #define AES_cbc_encrypt QEMU_AES_cbc_encrypt
+-#endif
+ 
+ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ 	AES_KEY *key);
+-- 
+2.8.2
+

diff --git a/app-emulation/qemu/qemu-2.6.0.ebuild b/app-emulation/qemu/qemu-2.6.0.ebuild
index 81504ad..95a953e 100644
--- a/app-emulation/qemu/qemu-2.6.0.ebuild
+++ b/app-emulation/qemu/qemu-2.6.0.ebuild
@@ -327,8 +327,9 @@ src_prepare() {
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
-	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 8f136c3..95a953e 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -327,7 +327,9 @@ src_prepare() {
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
-	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
 
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-08-07 14:04 Luca Barbato
  0 siblings, 0 replies; 56+ messages in thread
From: Luca Barbato @ 2016-08-07 14:04 UTC (permalink / raw
  To: gentoo-commits

commit:     ccc9ac6f494435c750ec71d67d09d41739e54c35
Author:     Luca Barbato <lu_zero <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  7 14:01:31 2016 +0000
Commit:     Luca Barbato <lu_zero <AT> gentoo <DOT> org>
CommitDate: Sun Aug  7 14:01:31 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccc9ac6f

app-emulation/qemu: Drop a -Werror when it could cause a false positive

The check code could trigger recent compiler warnings.

Package-Manager: portage-2.2.26

 app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch | 11 +++++++++++
 app-emulation/qemu/qemu-2.6.0.ebuild                  |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch b/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
new file mode 100644
index 0000000..5fd678c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
@@ -0,0 +1,11 @@
+--- a/configure	2016-08-07 15:50:20.386687733 +0200
++++ b/configure	2016-08-07 15:53:55.489691690 +0200
+@@ -2967,7 +2967,7 @@
+ }
+ EOF
+
+-if ! compile_prog "-Werror $CFLAGS" "$LIBS" ; then
++if ! compile_prog "$CFLAGS" "$LIBS" ; then
+     error_exit "sizeof(size_t) doesn't match GLIB_SIZEOF_SIZE_T."\
+                "You probably need to set PKG_CONFIG_LIBDIR"\
+ 	       "to point to the right pkg-config files for your"\

diff --git a/app-emulation/qemu/qemu-2.6.0.ebuild b/app-emulation/qemu/qemu-2.6.0.ebuild
index 8f9ff83..e45a5d1 100644
--- a/app-emulation/qemu/qemu-2.6.0.ebuild
+++ b/app-emulation/qemu/qemu-2.6.0.ebuild
@@ -334,7 +334,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
-
+	epatch "${FILESDIR}"/${PN}-2.6.0-glib-size_t.patch
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-09-05  5:30 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2016-09-05  5:30 UTC (permalink / raw
  To: gentoo-commits

commit:     ceb67390ecbe843f184b5bde6428cb9e2f3dcd81
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  5 05:18:46 2016 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Sep  5 05:30:00 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceb67390

app-emulation/qemu: apply patch for CVE-2016-6836, bug #591242

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.7.0-CVE-2016-6836.patch      | 27 ++++++++++++++++++++++
 app-emulation/qemu/qemu-2.7.0.ebuild               |  1 +
 2 files changed, 28 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
new file mode 100644
index 00000000..56f7435
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
@@ -0,0 +1,27 @@
+From: Li Qiang <address@hidden>
+
+In Vmxnet3 device emulator while processing transmit(tx) queue,
+when it reaches end of packet, it calls vmxnet3_complete_packet.
+In that local 'txcq_descr' object is not initialised, which could
+leak host memory bytes a guest.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/vmxnet3.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index 90f6943..92f6af9 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
+ 
+     VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+ 
++    memset(&txcq_descr, 0, sizeof(txcq_descr));
+     txcq_descr.txdIdx = tx_ridx;
+     txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
+ 
+-- 
+2.5.5

diff --git a/app-emulation/qemu/qemu-2.7.0.ebuild b/app-emulation/qemu/qemu-2.7.0.ebuild
index 6f65fc9..a3aefc2 100644
--- a/app-emulation/qemu/qemu-2.7.0.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0.ebuild
@@ -333,6 +333,7 @@ src_prepare() {
 
 	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-09-05 16:45 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2016-09-05 16:45 UTC (permalink / raw
  To: gentoo-commits

commit:     fd20fa64ab7026533a5e4c554697cc4bcab9e7ef
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  5 16:42:22 2016 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Sep  5 16:45:42 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd20fa64

app-emulation/qemu: drop vulnerable 2.5.1, bug #592430, and 19 others

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch      |  50 --
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch      |  46 --
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch     |  98 ---
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch     | 135 ----
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch     | 155 -----
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch     | 179 ------
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch      | 107 ----
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch      |  16 -
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 --
 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  |  82 ---
 app-emulation/qemu/qemu-2.5.1.ebuild               | 693 ---------------------
 11 files changed, 1608 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
deleted file mode 100644
index fbc6a0a..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/568246
-
-From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 14 Dec 2015 09:21:23 +0100
-Subject: [PATCH] ehci: make idt processing more robust
-
-Make ehci_process_itd return an error in case we didn't do any actual
-iso transfer because we've found no active transaction.  That'll avoid
-ehci happily run in circles forever if the guest builds a loop out of
-idts.
-
-This is CVE-2015-8558.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Qinghao Tang <luodalongde@gmail.com>
-Tested-by: P J P <ppandit@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 4e2161b..d07f228 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
- {
-     USBDevice *dev;
-     USBEndpoint *ep;
--    uint32_t i, len, pid, dir, devaddr, endp;
-+    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
-     uint32_t pg, off, ptr1, ptr2, max, mult;
- 
-     ehci->periodic_sched_active = PERIODIC_ACTIVE;
-@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
-                 ehci_raise_irq(ehci, USBSTS_INT);
-             }
-             itd->transact[i] &= ~ITD_XACT_ACTIVE;
-+            xfers++;
-         }
-     }
--    return 0;
-+    return xfers ? 0 : -1;
- }
- 
- 
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
deleted file mode 100644
index d179c33..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 29 Jan 2016 18:30:34 +0530
-Subject: [PATCH] usb: ehci: add capability mmio write function
-
-USB Ehci emulation supports host controller capability registers.
-But its mmio '.write' function was missing, which lead to a null
-pointer dereference issue. Add a do nothing 'ehci_caps_write'
-definition to avoid it; Do nothing because capability registers
-are Read Only(RO).
-
-Reported-by: Zuozhi Fzz <zuozhi.fzz@alibaba-inc.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1454072434-16045-1-git-send-email-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 1b50601..0f95d0d 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
-     return s->caps[addr];
- }
- 
-+static void ehci_caps_write(void *ptr, hwaddr addr,
-+                             uint64_t val, unsigned size)
-+{
-+}
-+
- static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
-                                 unsigned size)
- {
-@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
- 
- static const MemoryRegionOps ehci_mmio_caps_ops = {
-     .read = ehci_caps_read,
-+    .write = ehci_caps_write,
-     .valid.min_access_size = 1,
-     .valid.max_access_size = 4,
-     .impl.min_access_size = 1,
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
deleted file mode 100644
index 684f6ad..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 3c52ddcdc548e7fbe65112d8a7bdc9cd105b4750 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:15 +0100
-Subject: [PATCH] rng: remove the unused request cancellation code
-
-rng_backend_cancel_requests had no callers and none of the code
-deleted in this commit ever ran.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-2-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 12 ------------
- backends/rng.c       |  9 ---------
- include/sysemu/rng.h | 11 -----------
- 3 files changed, 32 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 2de5cd5..0b2976a 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -125,17 +125,6 @@ static void rng_egd_free_requests(RngEgd *s)
-     s->requests = NULL;
- }
- 
--static void rng_egd_cancel_requests(RngBackend *b)
--{
--    RngEgd *s = RNG_EGD(b);
--
--    /* We simply delete the list of pending requests.  If there is data in the 
--     * queue waiting to be read, this is okay, because there will always be
--     * more data than we requested originally
--     */
--    rng_egd_free_requests(s);
--}
--
- static void rng_egd_opened(RngBackend *b, Error **errp)
- {
-     RngEgd *s = RNG_EGD(b);
-@@ -213,7 +202,6 @@ static void rng_egd_class_init(ObjectClass *klass, void *data)
-     RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
- 
-     rbc->request_entropy = rng_egd_request_entropy;
--    rbc->cancel_requests = rng_egd_cancel_requests;
-     rbc->opened = rng_egd_opened;
- }
- 
-diff --git a/backends/rng.c b/backends/rng.c
-index b7820ef..2f2f3ee 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -26,15 +26,6 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
-     }
- }
- 
--void rng_backend_cancel_requests(RngBackend *s)
--{
--    RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
--
--    if (k->cancel_requests) {
--        k->cancel_requests(s);
--    }
--}
--
- static bool rng_backend_prop_get_opened(Object *obj, Error **errp)
- {
-     RngBackend *s = RNG_BACKEND(obj);
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 858be8c..87b3ebe 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -37,7 +37,6 @@ struct RngBackendClass
- 
-     void (*request_entropy)(RngBackend *s, size_t size,
-                             EntropyReceiveFunc *receive_entropy, void *opaque);
--    void (*cancel_requests)(RngBackend *s);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
-@@ -68,14 +67,4 @@ struct RngBackend
- void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  EntropyReceiveFunc *receive_entropy,
-                                  void *opaque);
--
--/**
-- * rng_backend_cancel_requests:
-- * @s: the backend to cancel all pending requests in
-- *
-- * Cancels all pending requests submitted by @rng_backend_request_entropy.  This
-- * should be used by a device during reset or in preparation for live migration
-- * to stop tracking any request.
-- */
--void rng_backend_cancel_requests(RngBackend *s);
- #endif
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
deleted file mode 100644
index 44ba8a7..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-1.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 74074e8a7c60592cf1cc6469dbc2550d24aeded3 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:16 +0100
-Subject: [PATCH] rng: move request queue from RngEgd to RngBackend
-
-The 'requests' field now lives in the RngBackend parent class.
-There are no functional changes in this commit.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-3-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 28 +++++++++-------------------
- include/sysemu/rng.h | 11 +++++++++++
- 2 files changed, 20 insertions(+), 19 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 0b2976a..b061362 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -25,19 +25,8 @@ typedef struct RngEgd
- 
-     CharDriverState *chr;
-     char *chr_name;
--
--    GSList *requests;
- } RngEgd;
- 
--typedef struct RngRequest
--{
--    EntropyReceiveFunc *receive_entropy;
--    uint8_t *data;
--    void *opaque;
--    size_t offset;
--    size_t size;
--} RngRequest;
--
- static void rng_egd_request_entropy(RngBackend *b, size_t size,
-                                     EntropyReceiveFunc *receive_entropy,
-                                     void *opaque)
-@@ -66,7 +55,7 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
-         size -= len;
-     }
- 
--    s->requests = g_slist_append(s->requests, req);
-+    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static void rng_egd_free_request(RngRequest *req)
-@@ -81,7 +70,7 @@ static int rng_egd_chr_can_read(void *opaque)
-     GSList *i;
-     int size = 0;
- 
--    for (i = s->requests; i; i = i->next) {
-+    for (i = s->parent.requests; i; i = i->next) {
-         RngRequest *req = i->data;
-         size += req->size - req->offset;
-     }
-@@ -94,8 +83,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-     RngEgd *s = RNG_EGD(opaque);
-     size_t buf_offset = 0;
- 
--    while (size > 0 && s->requests) {
--        RngRequest *req = s->requests->data;
-+    while (size > 0 && s->parent.requests) {
-+        RngRequest *req = s->parent.requests->data;
-         int len = MIN(size, req->size - req->offset);
- 
-         memcpy(req->data + req->offset, buf + buf_offset, len);
-@@ -104,7 +93,8 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-         size -= len;
- 
-         if (req->offset == req->size) {
--            s->requests = g_slist_remove_link(s->requests, s->requests);
-+            s->parent.requests = g_slist_remove_link(s->parent.requests,
-+                                                     s->parent.requests);
- 
-             req->receive_entropy(req->opaque, req->data, req->size);
- 
-@@ -117,12 +107,12 @@ static void rng_egd_free_requests(RngEgd *s)
- {
-     GSList *i;
- 
--    for (i = s->requests; i; i = i->next) {
-+    for (i = s->parent.requests; i; i = i->next) {
-         rng_egd_free_request(i->data);
-     }
- 
--    g_slist_free(s->requests);
--    s->requests = NULL;
-+    g_slist_free(s->parent.requests);
-+    s->parent.requests = NULL;
- }
- 
- static void rng_egd_opened(RngBackend *b, Error **errp)
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 87b3ebe..c744d82 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -24,6 +24,7 @@
- #define RNG_BACKEND_CLASS(klass) \
-     OBJECT_CLASS_CHECK(RngBackendClass, (klass), TYPE_RNG_BACKEND)
- 
-+typedef struct RngRequest RngRequest;
- typedef struct RngBackendClass RngBackendClass;
- typedef struct RngBackend RngBackend;
- 
-@@ -31,6 +32,15 @@ typedef void (EntropyReceiveFunc)(void *opaque,
-                                   const void *data,
-                                   size_t size);
- 
-+struct RngRequest
-+{
-+    EntropyReceiveFunc *receive_entropy;
-+    uint8_t *data;
-+    void *opaque;
-+    size_t offset;
-+    size_t size;
-+};
-+
- struct RngBackendClass
- {
-     ObjectClass parent_class;
-@@ -47,6 +57,7 @@ struct RngBackend
- 
-     /*< protected >*/
-     bool opened;
-+    GSList *requests;
- };
- 
- /**
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
deleted file mode 100644
index 1cffcc5..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-2.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 9f14b0add1dcdbfa2ee61051d068211fb0a1fcc9 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:17 +0100
-Subject: [PATCH] rng: move request queue cleanup from RngEgd to RngBackend
-
-RngBackend is now in charge of cleaning up the linked list on
-instance finalization. It also exposes a function to finalize
-individual RngRequest instances, called by its child classes.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-4-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c   | 25 +------------------------
- backends/rng.c       | 32 ++++++++++++++++++++++++++++++++
- include/sysemu/rng.h | 12 ++++++++++++
- 3 files changed, 45 insertions(+), 24 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index b061362..8f2bd16 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -58,12 +58,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
-     s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
--static void rng_egd_free_request(RngRequest *req)
--{
--    g_free(req->data);
--    g_free(req);
--}
--
- static int rng_egd_chr_can_read(void *opaque)
- {
-     RngEgd *s = RNG_EGD(opaque);
-@@ -93,28 +87,13 @@ static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
-         size -= len;
- 
-         if (req->offset == req->size) {
--            s->parent.requests = g_slist_remove_link(s->parent.requests,
--                                                     s->parent.requests);
--
-             req->receive_entropy(req->opaque, req->data, req->size);
- 
--            rng_egd_free_request(req);
-+            rng_backend_finalize_request(&s->parent, req);
-         }
-     }
- }
- 
--static void rng_egd_free_requests(RngEgd *s)
--{
--    GSList *i;
--
--    for (i = s->parent.requests; i; i = i->next) {
--        rng_egd_free_request(i->data);
--    }
--
--    g_slist_free(s->parent.requests);
--    s->parent.requests = NULL;
--}
--
- static void rng_egd_opened(RngBackend *b, Error **errp)
- {
-     RngEgd *s = RNG_EGD(b);
-@@ -183,8 +162,6 @@ static void rng_egd_finalize(Object *obj)
-     }
- 
-     g_free(s->chr_name);
--
--    rng_egd_free_requests(s);
- }
- 
- static void rng_egd_class_init(ObjectClass *klass, void *data)
-diff --git a/backends/rng.c b/backends/rng.c
-index 2f2f3ee..014cb9d 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -64,6 +64,30 @@ static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp)
-     s->opened = true;
- }
- 
-+static void rng_backend_free_request(RngRequest *req)
-+{
-+    g_free(req->data);
-+    g_free(req);
-+}
-+
-+static void rng_backend_free_requests(RngBackend *s)
-+{
-+    GSList *i;
-+
-+    for (i = s->requests; i; i = i->next) {
-+        rng_backend_free_request(i->data);
-+    }
-+
-+    g_slist_free(s->requests);
-+    s->requests = NULL;
-+}
-+
-+void rng_backend_finalize_request(RngBackend *s, RngRequest *req)
-+{
-+    s->requests = g_slist_remove(s->requests, req);
-+    rng_backend_free_request(req);
-+}
-+
- static void rng_backend_init(Object *obj)
- {
-     object_property_add_bool(obj, "opened",
-@@ -72,6 +96,13 @@ static void rng_backend_init(Object *obj)
-                              NULL);
- }
- 
-+static void rng_backend_finalize(Object *obj)
-+{
-+    RngBackend *s = RNG_BACKEND(obj);
-+
-+    rng_backend_free_requests(s);
-+}
-+
- static void rng_backend_class_init(ObjectClass *oc, void *data)
- {
-     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
-@@ -84,6 +115,7 @@ static const TypeInfo rng_backend_info = {
-     .parent = TYPE_OBJECT,
-     .instance_size = sizeof(RngBackend),
-     .instance_init = rng_backend_init,
-+    .instance_finalize = rng_backend_finalize,
-     .class_size = sizeof(RngBackendClass),
-     .class_init = rng_backend_class_init,
-     .abstract = true,
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index c744d82..08a2eda 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -78,4 +79,15 @@ struct RngBackend
- void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  EntropyReceiveFunc *receive_entropy,
-                                  void *opaque);
-+
-+/**
-+ * rng_backend_free_request:
-+ * @s: the backend that created the request
-+ * @req: the request to finalize
-+ *
-+ * Used by child rng backend classes to finalize requests once they've been
-+ * processed. The request is removed from the list of active requests and
-+ * deleted.
-+ */
-+void rng_backend_finalize_request(RngBackend *s, RngRequest *req);
- #endif
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
deleted file mode 100644
index ca9340a..00000000
--- a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:18 +0100
-Subject: [PATCH] rng: add request queue support to rng-random
-
-Requests are now created in the RngBackend parent class and the
-code path is shared by both rng-egd and rng-random.
-
-This commit fixes the rng-random implementation which processed
-only one request at a time and simply discarded all but the most
-recent one. In the guest this manifested as delayed completion
-of reads from virtio-rng, i.e. a read was completed only after
-another read was issued.
-
-By switching rng-random to use the same request queue as rng-egd,
-the unsafe stack-based allocation of the entropy buffer is
-eliminated and replaced with g_malloc.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
----
- backends/rng-egd.c    | 16 ++--------------
- backends/rng-random.c | 43 +++++++++++++++++++------------------------
- backends/rng.c        | 13 ++++++++++++-
- include/sysemu/rng.h  |  3 +--
- 4 files changed, 34 insertions(+), 41 deletions(-)
-
-diff --git a/backends/rng-egd.c b/backends/rng-egd.c
-index 8f2bd16..30332ed 100644
---- a/backends/rng-egd.c
-+++ b/backends/rng-egd.c
-@@ -27,20 +27,10 @@ typedef struct RngEgd
-     char *chr_name;
- } RngEgd;
- 
--static void rng_egd_request_entropy(RngBackend *b, size_t size,
--                                    EntropyReceiveFunc *receive_entropy,
--                                    void *opaque)
-+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RngEgd *s = RNG_EGD(b);
--    RngRequest *req;
--
--    req = g_malloc(sizeof(*req));
--
--    req->offset = 0;
--    req->size = size;
--    req->receive_entropy = receive_entropy;
--    req->opaque = opaque;
--    req->data = g_malloc(req->size);
-+    size_t size = req->size;
- 
-     while (size > 0) {
-         uint8_t header[2];
-@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
- 
-         size -= len;
-     }
--
--    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static int rng_egd_chr_can_read(void *opaque)
-diff --git a/backends/rng-random.c b/backends/rng-random.c
-index 8cdad6a..a6cb385 100644
---- a/backends/rng-random.c
-+++ b/backends/rng-random.c
-@@ -22,10 +22,6 @@ struct RndRandom
- 
-     int fd;
-     char *filename;
--
--    EntropyReceiveFunc *receive_func;
--    void *opaque;
--    size_t size;
- };
- 
- /**
-@@ -38,36 +34,35 @@ struct RndRandom
- static void entropy_available(void *opaque)
- {
-     RndRandom *s = RNG_RANDOM(opaque);
--    uint8_t buffer[s->size];
--    ssize_t len;
- 
--    len = read(s->fd, buffer, s->size);
--    if (len < 0 && errno == EAGAIN) {
--        return;
--    }
--    g_assert(len != -1);
-+    while (s->parent.requests != NULL) {
-+        RngRequest *req = s->parent.requests->data;
-+        ssize_t len;
-+
-+        len = read(s->fd, req->data, req->size);
-+        if (len < 0 && errno == EAGAIN) {
-+            return;
-+        }
-+        g_assert(len != -1);
- 
--    s->receive_func(s->opaque, buffer, len);
--    s->receive_func = NULL;
-+        req->receive_entropy(req->opaque, req->data, len);
- 
-+        rng_backend_finalize_request(&s->parent, req);
-+    }
-+
-+    /* We've drained all requests, the fd handler can be reset. */
-     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
- }
- 
--static void rng_random_request_entropy(RngBackend *b, size_t size,
--                                        EntropyReceiveFunc *receive_entropy,
--                                        void *opaque)
-+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RndRandom *s = RNG_RANDOM(b);
- 
--    if (s->receive_func) {
--        s->receive_func(s->opaque, NULL, 0);
-+    if (s->parent.requests == NULL) {
-+        /* If there are no pending requests yet, we need to
-+         * install our fd handler. */
-+        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
-     }
--
--    s->receive_func = receive_entropy;
--    s->opaque = opaque;
--    s->size = size;
--
--    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
- }
- 
- static void rng_random_opened(RngBackend *b, Error **errp)
-diff --git a/backends/rng.c b/backends/rng.c
-index 014cb9d..277a41b 100644
---- a/backends/rng.c
-+++ b/backends/rng.c
-@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
-                                  void *opaque)
- {
-     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
-+    RngRequest *req;
- 
-     if (k->request_entropy) {
--        k->request_entropy(s, size, receive_entropy, opaque);
-+        req = g_malloc(sizeof(*req));
-+
-+        req->offset = 0;
-+        req->size = size;
-+        req->receive_entropy = receive_entropy;
-+        req->opaque = opaque;
-+        req->data = g_malloc(req->size);
-+
-+        k->request_entropy(s, req);
-+
-+        s->requests = g_slist_append(s->requests, req);
-     }
- }
- 
-diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
-index 08a2eda..4fffd68 100644
---- a/include/sysemu/rng.h
-+++ b/include/sysemu/rng.h
-@@ -45,8 +45,7 @@ struct RngBackendClass
- {
-     ObjectClass parent_class;
- 
--    void (*request_entropy)(RngBackend *s, size_t size,
--                            EntropyReceiveFunc *receive_entropy, void *opaque);
-+    void (*request_entropy)(RngBackend *s, RngRequest *req);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
deleted file mode 100644
index cf1a4c3..00000000
--- a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-https://bugs.gentoo.org/580426
-https://bugs.gentoo.org/568246
-
-From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 18 Apr 2016 09:20:54 +0200
-Subject: [PATCH] Revert "ehci: make idt processing more robust"
-
-This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
-
-Breaks FreeBSD.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index d5c0e1c..43a8f7a 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
- {
-     USBDevice *dev;
-     USBEndpoint *ep;
--    uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
-+    uint32_t i, len, pid, dir, devaddr, endp;
-     uint32_t pg, off, ptr1, ptr2, max, mult;
- 
-     ehci->periodic_sched_active = PERIODIC_ACTIVE;
-@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
-                 ehci_raise_irq(ehci, USBSTS_INT);
-             }
-             itd->transact[i] &= ~ITD_XACT_ACTIVE;
--            xfers++;
-         }
-     }
--    return xfers ? 0 : -1;
-+    return 0;
- }
- 
- 
--- 
-2.7.4
-
-From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 18 Apr 2016 09:11:38 +0200
-Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
-DoS by the guest (create a circular iTD queue and let qemu ehci
-emulation run in circles forever).  Unfortunately this has two problems:
-First it misses the case of siTDs, and second it reportedly breaks
-FreeBSD.
-
-So lets go for a different approach: just count the number of iTDs and
-siTDs we have seen per frame and apply a limit.  That should really
-catch all cases now.
-
-Reported-by: 杜少博 <dushaobo@360.cn>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ehci.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 159f58d..d5c0e1c 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
- static void ehci_advance_state(EHCIState *ehci, int async)
- {
-     EHCIQueue *q = NULL;
-+    int itd_count = 0;
-     int again;
- 
-     do {
-@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int async)
- 
-         case EST_FETCHITD:
-             again = ehci_state_fetchitd(ehci, async);
-+            itd_count++;
-             break;
- 
-         case EST_FETCHSITD:
-             again = ehci_state_fetchsitd(ehci, async);
-+            itd_count++;
-             break;
- 
-         case EST_ADVANCEQUEUE:
-@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int async)
-             break;
-         }
- 
--        if (again < 0) {
-+        if (again < 0 || itd_count > 16) {
-+            /* TODO: notify guest (raise HSE irq?) */
-             fprintf(stderr, "processing error - resetting ehci HC\n");
-             ehci_reset(ehci);
-             again = 0;
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch b/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
deleted file mode 100644
index e3115c1..00000000
--- a/app-emulation/qemu/files/qemu-2.5.1-CVE-2016-4020.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
-https://bugs.gentoo.org/580040
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index c69f374..ff1e31a 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
-     CPUX86State *env = &cpu->env;
-     VAPICHandlers *handlers;
-     uint8_t opcode[2];
--    uint32_t imm32;
-+    uint32_t imm32 = 0;
-     target_ulong current_pc = 0;
-     target_ulong current_cs_base = 0;
-     int current_flags = 0;

diff --git a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch b/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
deleted file mode 100644
index ab7d3f3..00000000
--- a/app-emulation/qemu/files/qemu-2.5.1-stellaris_enet-overflow.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3a15cc0e1ee7168db0782133d2607a6bfa422d66 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 8 Apr 2016 11:33:48 +0530
-Subject: [PATCH] net: stellaris_enet: check packet length against receive
- buffer
-
-When receiving packets over Stellaris ethernet controller, it
-uses receive buffer of size 2048 bytes. In case the controller
-accepts large(MTU) packets, it could lead to memory corruption.
-Add check to avoid it.
-
-Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/net/stellaris_enet.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
-index 84cf60b..6880894 100644
---- a/hw/net/stellaris_enet.c
-+++ b/hw/net/stellaris_enet.c
-@@ -236,8 +236,18 @@ static ssize_t stellaris_enet_receive(NetClientState *nc, const uint8_t *buf, si
-     n = s->next_packet + s->np;
-     if (n >= 31)
-         n -= 31;
--    s->np++;
- 
-+    if (size >= sizeof(s->rx[n].data) - 6) {
-+        /* If the packet won't fit into the
-+         * emulated 2K RAM, this is reported
-+         * as a FIFO overrun error.
-+         */
-+        s->ris |= SE_INT_FOV;
-+        stellaris_enet_update(s);
-+        return -1;
-+    }
-+
-+    s->np++;
-     s->rx[n].len = size + 6;
-     p = s->rx[n].data;
-     *(p++) = (size + 6);
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
deleted file mode 100644
index 743171b..00000000
--- a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-https://bugs.gentoo.org/577810
-
-From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
-From: Jan Vesely <jano.vesely@gmail.com>
-Date: Fri, 29 Apr 2016 13:15:23 -0400
-Subject: [PATCH] configure: Check if struct fsxattr is available from linux
- header
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes build failure with --enable-xfsctl and
-new linux headers (>=4.5) and older xfsprogs(<4.5):
-In file included from /usr/include/xfs/xfs.h:38:0,
-                 from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
-/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
- struct fsxattr {
-        ^
-In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
-/usr/include/linux/fs.h:155:8: note: originally defined here
- struct fsxattr {
-
-This is really a bug in the system headers, but we can work around it
-by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
-the struct, so that xfs_fs.h doesn't try to define it as well.
-
-CC: qemu-trivial@nongnu.org
-CC: Markus Armbruster <armbru@redhat.com>
-CC: Peter Maydell <peter.maydell@linaro.org>
-CC: Stefan Weil <sw@weilnetz.de>
-Tested-by: Stefan Weil <sw@weilnetz.de>
-Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
-[PMM: adjusted commit message, comments]
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- configure | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/configure b/configure
-index ab54f3c..c37fc5f 100755
---- a/configure
-+++ b/configure
-@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
- fi
- 
- ##########################################
-+# check if struct fsxattr is available via linux/fs.h
-+
-+have_fsxattr=no
-+cat > $TMPC << EOF
-+#include <linux/fs.h>
-+struct fsxattr foo;
-+int main(void) {
-+  return 0;
-+}
-+EOF
-+if compile_prog "" "" ; then
-+    have_fsxattr=yes
-+fi
-+
-+##########################################
- # End of CC checks
- # After here, no more $cc or $ld runs
- 
-@@ -5160,6 +5175,14 @@ fi
- if test "$have_ifaddrs_h" = "yes" ; then
-     echo "HAVE_IFADDRS_H=y" >> $config_host_mak
- fi
-+
-+# Work around a system header bug with some kernel/XFS header
-+# versions where they both try to define 'struct fsxattr':
-+# xfs headers will not try to redefine structs from linux headers
-+# if this macro is set.
-+if test "$have_fsxattr" = "yes" ; then
-+    echo "HAVE_FSXATTR=y" >> $config_host_mak
-+fi
- if test "$vte" = "yes" ; then
-   echo "CONFIG_VTE=y" >> $config_host_mak
-   echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
--- 
-2.8.2
-

diff --git a/app-emulation/qemu/qemu-2.5.1.ebuild b/app-emulation/qemu/qemu-2.5.1.ebuild
deleted file mode 100644
index 6148c72..00000000
--- a/app-emulation/qemu/qemu-2.5.1.ebuild
+++ /dev/null
@@ -1,693 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo pax-utils l10n
-
-BACKPORTS=
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-2
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2
-	${BACKPORTS:+
-		https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
-gnutls gtk gtk2 infiniband iscsi +jpeg \
-kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
-+png pulseaudio python \
-rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
-static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
-virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
-mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
-x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	gtk2? ( gtk )
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	sdl2? ( sdl )
-	static? ( static-softmmu static-user )
-	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-#
-# Older versions of gnutls are supported, but it's simpler to just require
-# the latest versions.  This is also why we require nettle.
-#
-# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
-# system binaries and tools, not user binaries.
-COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? ( app-accessibility/brltty[static-libs(+)] )
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		gtk2? (
-			x11-libs/gtk+:2
-			vte? ( x11-libs/vte:0 )
-		)
-		!gtk2? (
-			x11-libs/gtk+:3
-			vte? ( x11-libs/vte:2.90 )
-		)
-	)
-	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
-	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gles2]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		!sdl2? (
-			media-libs/libsdl[X]
-			>=media-libs/libsdl-1.2.11[static-libs(+)]
-		)
-		sdl2? (
-			media-libs/libsdl2[X]
-			media-libs/libsdl2[static-libs(+)]
-		)
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy[static-libs(+)] )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
-X86_FIRMWARE_DEPEND="
-	>=sys-firmware/ipxe-1.0.0_p20130624
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.8.2
-		~sys-firmware/sgabios-0.1_pre8
-		~sys-firmware/vgabios-0.7a
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/seabios
-		sys-firmware/sgabios
-		sys-firmware/vgabios
-	)"
-CDEPEND="
-	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
-	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xen? ( app-emulation/xen-tools:= )"
-DEPEND="${CDEPEND}
-	dev-lang/perl
-	=dev-lang/python-2*
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
-	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )
-"
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or32
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
-you have the kernel module loaded before running kvm. The easiest way to
-ensure that the kernel module is loaded is to load it on boot.\n
-For AMD CPUs the module is called 'kvm-amd'.\n
-For Intel CPUs the module is called 'kvm-intel'.\n
-Please review /etc/conf.d/modules for how to load these.\n\n
-Make sure your user is in the 'kvm' group\n
-Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
-For brand new installs, the default permissions on /dev/kvm might not let you
-access it.  You can tell udev to reset ownership/perms:\n
-udevadm trigger -c add /dev/kvm"
-
-qemu_support_kvm() {
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
-		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
-		use qemu_softmmu_targets_s390x; then
-		return 0
-	fi
-
-	return 1
-}
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
-	[[ -n ${BACKPORTS} ]] && \
-		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
-			epatch
-
-	epatch "${FILESDIR}"/${PN}-2.5.0-CVE-2016-2198.patch #573314
-	epatch "${FILESDIR}"/${PN}-2.5.0-rng-stack-corrupt-{0,1,2,3}.patch #576420
-	epatch "${FILESDIR}"/${PN}-2.5.1-stellaris_enet-overflow.patch #579614
-	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
-	epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
-	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	epatch_user
-
-	# Run after we've applied all patches.
-	handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-	local static_flag="static-${buildtype}"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets as the default configure
-	# options will autoprobe and try to link in a bunch of unused junk.
-	conf_softmmu() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		$(conf_softmmu accessibility brlapi)
-		$(conf_softmmu aio linux-aio)
-		$(conf_softmmu bzip2)
-		$(conf_softmmu bluetooth bluez)
-		$(conf_softmmu caps cap-ng)
-		$(conf_softmmu curl)
-		$(conf_softmmu fdt)
-		$(conf_softmmu glusterfs)
-		$(conf_softmmu gnutls)
-		$(conf_softmmu gnutls nettle)
-		$(conf_softmmu gtk)
-		$(conf_softmmu infiniband rdma)
-		$(conf_softmmu iscsi libiscsi)
-		$(conf_softmmu jpeg vnc-jpeg)
-		$(conf_softmmu kernel_linux kvm)
-		$(conf_softmmu lzo)
-		$(conf_softmmu ncurses curses)
-		$(conf_softmmu nfs libnfs)
-		$(conf_softmmu numa)
-		$(conf_softmmu opengl)
-		$(conf_softmmu png vnc-png)
-		$(conf_softmmu rbd)
-		$(conf_softmmu sasl vnc-sasl)
-		$(conf_softmmu sdl)
-		$(conf_softmmu seccomp)
-		$(conf_softmmu smartcard)
-		$(conf_softmmu snappy)
-		$(conf_softmmu spice)
-		$(conf_softmmu ssh libssh2)
-		$(conf_softmmu usb libusb)
-		$(conf_softmmu usbredir usb-redir)
-		$(conf_softmmu uuid)
-		$(conf_softmmu vde)
-		$(conf_softmmu vhost-net)
-		$(conf_softmmu virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_softmmu vnc)
-		$(conf_softmmu vte)
-		$(conf_softmmu xen)
-		$(conf_softmmu xen xen-pci-passthrough)
-		$(conf_softmmu xfs xfsctl)
-	)
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		;;
-	softmmu)
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--with-system-pixman
-			--audio-drv-list="${audio_opts}"
-		)
-		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
-		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			$(use_enable bzip2)
-		)
-		static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		gcc-specs-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		default
-	fi
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/kvm_stat"
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets
-		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dohtml check-report.html
-
-		if use kernel_linux; then
-			udev_dorules "${FILESDIR}"/65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	if [[ -z ${softmmu_targets}${user_targets} ]]; then
-		cd "${S}/tools-build"
-		emake DESTDIR="${ED}" install
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	# Remove the docdir placed qmp-commands.txt
-	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-	dodoc docs/qmp-*.txt
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		fi
-
-		# Remove vgabios since we're using the vgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
-			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	qemu_support_kvm && readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	if qemu_support_kvm; then
-		readme.gentoo_print_elog
-	fi
-
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/vgabios)"
-}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-09-09  5:23 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2016-09-09  5:23 UTC (permalink / raw
  To: gentoo-commits

commit:     b28fcd11405545eb2e4973f96823337531eebb08
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  9 05:10:05 2016 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri Sep  9 05:10:38 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b28fcd11

app-emulation/qemu: fix static-user dep, security patches, bug #593038

This commit resolves

  bug #591202
  bug #593024
  bug #593034 CVE-2016-7155
  bug #593036 CVE-2016-7156
  bug #593038 CVE-2016-7157

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch      |  81 +++
 .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch      |  62 ++
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch    |  28 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch    |  27 +
 app-emulation/qemu/qemu-2.7.0-r1.ebuild            | 684 +++++++++++++++++++++
 5 files changed, 882 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
new file mode 100644
index 00000000..495faf2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
@@ -0,0 +1,81 @@
+From: Prasad J Pandit <address@hidden>
+
+Vmware Paravirtual SCSI emulation uses command descriptors to
+process SCSI commands. These descriptors come with their ring
+buffers. A guest could set the page count for these rings to
+an arbitrary value, leading to infinite loop or OOB access.
+Add check to avoid it.
+
+Reported-by: Tom Victor <address@hidden>
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/vmw_pvscsi.c | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+Update per review
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 5116f4a..4245c15 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
+     return log;
+ }
+ 
+-static int
++static void
+ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+ {
+     int i;
+@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+     uint32_t req_ring_size, cmp_ring_size;
+     m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
+ 
+-    if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
+-        || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
+-        return -1;
+-    }
+     req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+     cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+     txr_len_log2 = pvscsi_log2(req_ring_size - 1);
+@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+ 
+     /* Flush ring state page changes */
+     smp_wmb();
+-
+-    return 0;
+ }
+ 
+ static int
+@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
+ 
+     trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
+     for (i = 0; i < rc->cmpRingNumPages; i++) {
+-        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
++        trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
+     }
+ }
+ 
+@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
+ 
+     trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
+ 
++    if (!rc->reqRingNumPages
++        || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
++        || !rc->cmpRingNumPages
++        || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
++        return PVSCSI_COMMAND_PROCESSING_FAILED;
++    }
++
+     pvscsi_dbg_dump_tx_rings_config(rc);
+-    if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
+-        return PVSCSI_COMMAND_PROCESSING_FAILED;
+-    }
++    pvscsi_ring_init_data(&s->rings, rc);
+ 
+     s->rings_info_valid = TRUE;
+     return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
new file mode 100644
index 00000000..9c21a67
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
@@ -0,0 +1,62 @@
+From: Prasad J Pandit <address@hidden>
+
+In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
+long time or go into an infinite loop due to two different bugs:
+
+1) the request descriptor data length is defined to be 64 bit. While
+building SG list from a request descriptor, it gets truncated to 32bit
+in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
+situation for large 'dataLen' values, when data_length is cast to uint32_t
+and chunk_size becomes always zero.  Fix this by removing the incorrect
+cast.
+
+2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
+element has a zero length.  Get out of the loop early when this happens,
+by introducing an upper limit on the number of SG list elements.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/vmw_pvscsi.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+Update as per:
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 4245c15..babac5a 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -40,6 +40,8 @@
+ #define PVSCSI_MAX_DEVS                   (64)
+ #define PVSCSI_MSIX_NUM_VECTORS           (1)
+ 
++#define PVSCSI_MAX_SG_ELEM                2048
++
+ #define PVSCSI_MAX_CMD_DATA_WORDS \
+     (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
+ 
+@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
+ static void
+ pvscsi_convert_sglist(PVSCSIRequest *r)
+ {
+-    int chunk_size;
++    uint32_t chunk_size, elmcnt = 0;
+     uint64_t data_length = r->req.dataLen;
+     PVSCSISGState sg = r->sg;
+-    while (data_length) {
+-        while (!sg.resid) {
++    while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
++        while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
+             pvscsi_get_next_sg_elem(&sg);
+             trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
+                                         r->sg.resid);
+         }
+-        assert(data_length > 0);
+-        chunk_size = MIN((unsigned) data_length, sg.resid);
++        chunk_size = MIN(data_length, sg.resid);
+         if (chunk_size) {
+             qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
+         }
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
new file mode 100644
index 00000000..480de30
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch
@@ -0,0 +1,28 @@
+From: Prasad J Pandit <address@hidden>
+
+When LSI SAS1068 Host Bus emulator builds configuration page
+headers, the format string used in 'mptsas_config_manufacturing_1'
+was wrong. It could lead to an invalid memory access.
+
+Reported-by: Tom Victor <address@hidden>
+Fix-suggested-by: Paolo Bonzini <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/mptconfig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
+index 7071854..1ec895b 100644
+--- a/hw/scsi/mptconfig.c
++++ b/hw/scsi/mptconfig.c
+@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
+ {
+     /* VPD - all zeros */
+     return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
+-                              "s256");
++                              "*s256");
+ }
+ 
+ static
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
new file mode 100644
index 00000000..5e79608
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch
@@ -0,0 +1,27 @@
+From: Prasad J Pandit <address@hidden>
+
+When LSI SAS1068 Host Bus emulator builds configuration page
+headers, mptsas_config_pack() asserts to check returned size
+value is within limit of 256 bytes. Fix that assert expression.
+
+Suggested-by: Paolo Bonzini <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/scsi/mptconfig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
+index 1ec895b..531947f 100644
+--- a/hw/scsi/mptconfig.c
++++ b/hw/scsi/mptconfig.c
+@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...)
+     va_end(ap);
+ 
+     if (data) {
+-        assert(ret < 256 && (ret % 4) == 0);
++        assert(ret / 4 < 256);
+         stb_p(*data + 1, ret / 4);
+     }
+     return ret;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/qemu-2.7.0-r1.ebuild b/app-emulation/qemu/qemu-2.7.0-r1.ebuild
new file mode 100644
index 00000000..c75b7b6
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.0-r1.ebuild
@@ -0,0 +1,684 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	dev-libs/libpcre[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
+	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
+	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-09-27  2:17 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2016-09-27  2:17 UTC (permalink / raw
  To: gentoo-commits

commit:     153ded7835ad0fbd8ec8a7552f90c973d1c2dd28
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 02:01:29 2016 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 02:01:29 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=153ded78

app-emulation/qemu: security fixes, bug #594520, bug #594368

  CVE-2016-7466.patch # bug 594520
  CVE-2016-7423.patch # bug 594368

Package-Manager: portage-2.3.0

 .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch      |  31 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch      |  26 +
 app-emulation/qemu/qemu-2.7.0-r4.ebuild            | 689 +++++++++++++++++++++
 3 files changed, 746 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
new file mode 100644
index 00000000..fdd871b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
@@ -0,0 +1,31 @@
+From: Li Qiang <address@hidden>
+
+When processing IO request in mptsas, it uses g_new to allocate
+a 'req' object. If an error occurs before 'req->sreq' is
+allocated, It could lead to an OOB write in mptsas_free_request
+function. Use g_new0 to avoid it.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Cc: address@hidden
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ hw/scsi/mptsas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
+index 0e0a22f..eaae1bb 100644
+--- a/hw/scsi/mptsas.c
++++ b/hw/scsi/mptsas.c
+@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
+         goto bad;
+     }
+ 
+-    req = g_new(MPTSASRequest, 1);
++    req = g_new0(MPTSASRequest, 1);
+     QTAILQ_INSERT_TAIL(&s->pending, req, next);
+     req->scsi_io = *scsi_io;
+     req->dev = s;
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
new file mode 100644
index 00000000..d5028bb
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
@@ -0,0 +1,26 @@
+From: Li Qiang <address@hidden>
+
+If the xhci uses msix, it doesn't free the corresponding
+memory, thus leading a memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/usb/hcd-xhci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 188f954..281a2a5 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
+     /* destroy msix memory region */
+     if (dev->msix_table && dev->msix_pba
+         && dev->msix_entry_used) {
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
++        msix_uninit(dev, &xhci->mem, &xhci->mem);
+     }
+ 
+     usb_bus_release(&xhci->bus);
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/qemu-2.7.0-r4.ebuild b/app-emulation/qemu/qemu-2.7.0-r4.ebuild
new file mode 100644
index 00000000..66a65ec
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.0-r4.ebuild
@@ -0,0 +1,689 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	dev-libs/libpcre[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
+	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
+	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
+	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
+	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
+	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
+	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-11-12 17:29 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2016-11-12 17:29 UTC (permalink / raw
  To: gentoo-commits

commit:     cad0a6324b5d4a5954893dfd29b5b97ee7a361d3
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 12 17:26:09 2016 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 17:28:38 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cad0a632

app-emulation/qemu: security fixes, bug #598772

    CVE-2016-9102, bug #598328
    CVE-2016-9103, bug #598328
    CVE-2016-9104, bug #598328
    CVE-2016-9105, bug #598328
    CVE-2016-9106, bug #598772

Package-Manager: portage-2.3.0

 .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch      |  21 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch      |  27 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch      |  92 +++
 .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch      |  25 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch      |  27 +
 app-emulation/qemu/qemu-2.7.0-r6.ebuild            | 708 +++++++++++++++++++++
 6 files changed, 900 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
new file mode 100644
index 00000000..963eca9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
@@ -0,0 +1,21 @@
+From: Li Qiang <address@hidden>
+
+The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
+situation that this field has been allocated previously. Every time, it
+will be allocated directly. This leads a host memory leak issue. This
+patch fix this.
+
+-- 
+1.8.3.1
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 75ba5f1..a4c7109 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
+     xattr_fidp->fs.xattr.flags = flags;
+     v9fs_string_init(&xattr_fidp->fs.xattr.name);
+     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
++    g_free(xattr_fidp->fs.xattr.value);
+     xattr_fidp->fs.xattr.value = g_malloc(size);
+     err = offset;
+     put_fid(pdu, file_fidp);

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
new file mode 100644
index 00000000..7520863
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
@@ -0,0 +1,27 @@
+Author: Li Qiang <liqiang6-s@360.cn>
+Date:   Mon Oct 17 14:13:58 2016 +0200
+
+    9pfs: fix information leak in xattr read
+    
+    9pfs uses g_malloc() to allocate the xattr memory space, if the guest
+    reads this memory before writing to it, this will leak host heap memory
+    to the guest. This patch avoid this.
+    
+    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+    Reviewed-by: Greg Kurz <groug@kaod.org>
+    Signed-off-by: Greg Kurz <groug@kaod.org>
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 26aa7d5..bf23b01 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
+     xattr_fidp->fs.xattr.flags = flags;
+     v9fs_string_init(&xattr_fidp->fs.xattr.name);
+     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
+     g_free(xattr_fidp->fs.xattr.value);
+-    xattr_fidp->fs.xattr.value = g_malloc(size);
++    xattr_fidp->fs.xattr.value = g_malloc0(size);
+     err = offset;
+     put_fid(pdu, file_fidp);
+ out_nofid:

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
new file mode 100644
index 00000000..f1aec55
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
@@ -0,0 +1,92 @@
+From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Tue, 1 Nov 2016 12:00:40 +0100
+Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
+originated offset: they must ensure this offset does not go beyond
+the size of the extended attribute that was set in v9fs_xattrcreate().
+Unfortunately, the current code implement these checks with unsafe
+calculations on 32 and 64 bit values, which may allow a malicious
+guest to cause OOB access anyway.
+
+Fix this by comparing the offset and the xattr size, which are
+both uint64_t, before trying to compute the effective number of bytes
+to read or write.
+
+Suggested-by: Greg Kurz <groug@kaod.org>
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Reviewed-By: Guido Günther <agx@sigxcpu.org>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p.c | 32 ++++++++++++--------------------
+ 1 file changed, 12 insertions(+), 20 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index ab18ef2..7705ead 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
+ {
+     ssize_t err;
+     size_t offset = 7;
+-    int read_count;
+-    int64_t xattr_len;
++    uint64_t read_count;
+     V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
+     VirtQueueElement *elem = v->elems[pdu->idx];
+ 
+-    xattr_len = fidp->fs.xattr.len;
+-    read_count = xattr_len - off;
++    if (fidp->fs.xattr.len < off) {
++        read_count = 0;
++    } else {
++        read_count = fidp->fs.xattr.len - off;
++    }
+     if (read_count > max_count) {
+         read_count = max_count;
+-    } else if (read_count < 0) {
+-        /*
+-         * read beyond XATTR value
+-         */
+-        read_count = 0;
+     }
+     err = pdu_marshal(pdu, offset, "d", read_count);
+     if (err < 0) {
+@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
+ {
+     int i, to_copy;
+     ssize_t err = 0;
+-    int write_count;
+-    int64_t xattr_len;
++    uint64_t write_count;
+     size_t offset = 7;
+ 
+ 
+-    xattr_len = fidp->fs.xattr.len;
+-    write_count = xattr_len - off;
+-    if (write_count > count) {
+-        write_count = count;
+-    } else if (write_count < 0) {
+-        /*
+-         * write beyond XATTR value len specified in
+-         * xattrcreate
+-         */
++    if (fidp->fs.xattr.len < off) {
+         err = -ENOSPC;
+         goto out;
+     }
++    write_count = fidp->fs.xattr.len - off;
++    if (write_count > count) {
++        write_count = count;
++    }
+     err = pdu_marshal(pdu, offset, "d", write_count);
+     if (err < 0) {
+         return err;
+-- 
+2.7.3
+

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
new file mode 100644
index 00000000..cddff97
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9105.patch
@@ -0,0 +1,25 @@
+From: Li Qiang <address@hidden>
+
+In v9fs_link dispatch function, it doesn't put the 'oldfidp'
+fid object, this will make the 'oldfidp->ref' never reach to 0,
+thus leading a memory leak issue. This patch fix this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/9pfs/9p.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 8b50bfb..29f8b7a 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque)
+     if (!err) {
+         err = offset;
+     }
++    put_fid(pdu, oldfidp);
+ out:
+     put_fid(pdu, dfidp);
+ out_nofid:
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
new file mode 100644
index 00000000..137272d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9106.patch
@@ -0,0 +1,27 @@
+Author: Li Qiang <liqiang6-s@360.cn>
+Date:   Mon Oct 17 14:13:58 2016 +0200
+
+    9pfs: fix memory leak in v9fs_write
+    
+    If an error occurs when marshalling the transfer length to the guest, the
+    v9fs_write() function doesn't free an IO vector, thus leading to a memory
+    leak. This patch fixes the issue.
+    
+    Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+    Reviewed-by: Greg Kurz <groug@kaod.org>
+    [groug, rephrased the changelog]
+    Signed-off-by: Greg Kurz <groug@kaod.org>
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index d43a552..e88cf25 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque)
+     offset = 7;
+     err = pdu_marshal(pdu, offset, "d", total);
+     if (err < 0) {
+-        goto out;
++        goto out_qiov;
+     }
+     err += offset;
+

diff --git a/app-emulation/qemu/qemu-2.7.0-r6.ebuild b/app-emulation/qemu/qemu-2.7.0-r6.ebuild
new file mode 100644
index 00000000..40265bd
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.0-r6.ebuild
@@ -0,0 +1,708 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	dev-libs/libpcre[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.90 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch   # bug 591242
+	epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch   # bug 593034
+	epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch   # bug 593036
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
+	epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch   # bug 593284
+	epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch   # bug 593950
+	epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch   # bug 593956
+	epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch   # bug 594368
+	epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch   # bug 594520
+	epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch   # bug 596049
+	epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch   # bug 596048
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
+	epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch   # bug 596752
+	epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch   # bug 596776
+	epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch   # bug 596774
+	epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch   # bug 597110
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
+	epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch   # bug 598044
+	epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch   # bug 598046
+	epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch   # bug 598328
+	epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch   # bug 598772
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2016-12-29 18:47 Mike Frysinger
  0 siblings, 0 replies; 56+ messages in thread
From: Mike Frysinger @ 2016-12-29 18:47 UTC (permalink / raw
  To: gentoo-commits

commit:     cccbca44a3b25022fd715ea6112adffbb7293483
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 29 18:19:47 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Dec 29 18:47:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cccbca44

app-emulation/qemu: version bump to 2.7.1

Update the 7422 patch to match the version upstream merged.
Update the 8669-1 patch to include upstream references since it is
still not merged/fixed.

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch      |  47 +-
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch    |   3 +
 app-emulation/qemu/qemu-2.7.1.ebuild               | 699 +++++++++++++++++++++
 4 files changed, 726 insertions(+), 24 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 5e3e9b5..5d40bbd 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
+DIST qemu-2.7.1.tar.bz2 26868403 SHA256 68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898 WHIRLPOOL ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
index 6368e7f..cc60581 100644
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
@@ -1,38 +1,37 @@
-From: Prasad J Pandit <address@hidden>
+From 973e7170dddefb491a48df5cba33b2ae151013a0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 19 Sep 2016 23:55:45 +0530
+Subject: [PATCH] virtio: add check for descriptor's mapped address
 
 virtio back end uses set of buffers to facilitate I/O operations.
 If its size is too large, 'cpu_physical_memory_map' could return
-a null address. This would result in a null dereference
-while un-mapping descriptors. Add check to avoid it.
+a null address. This would result in a null dereference while
+un-mapping descriptors. Add check to avoid it.
 
-Reported-by: Qinghao Tang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
+Reported-by: Qinghao Tang <luodalongde@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 ---
- hw/virtio/virtio.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
+ hw/virtio/virtio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
 
 diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index 15ee3a7..0a4c5b6 100644
+index fcf3358d6c0d..bb656b1ccff0 100644
 --- a/hw/virtio/virtio.c
 +++ b/hw/virtio/virtio.c
-@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
+@@ -495,6 +495,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
          }
  
          iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
--        iov[num_sg].iov_len = len;
--        addr[num_sg] = pa;
-+        if (iov[num_sg].iov_base) {
-+            iov[num_sg].iov_len = len;
-+            addr[num_sg] = pa;
- 
-+            pa += len;
-+            num_sg++;
++        if (!iov[num_sg].iov_base) {
++            error_report("virtio: bogus descriptor or out of resources");
++            exit(1);
 +        }
-         sz -= len;
--        pa += len;
--        num_sg++;
-     }
-     *p_num_sg = num_sg;
- }
++
+         iov[num_sg].iov_len = len;
+         addr[num_sg] = pa;
+ 
 -- 
-2.5.5
+2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
index 457f022..cea8efc 100644
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
@@ -1,3 +1,6 @@
+http://bugs.gentoo.org/597108
+https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
+
 From: Prasad J Pandit <address@hidden>
 
 The JAZZ RC4030 chipset emulator has a periodic timer and

diff --git a/app-emulation/qemu/qemu-2.7.1.ebuild b/app-emulation/qemu/qemu-2.7.1.ebuild
new file mode 100644
index 00000000..12eea6f
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.1.ebuild
@@ -0,0 +1,699 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gles2,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.8.2
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-6836.patch   #591242
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7156.patch   #593036
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7170.patch   #593284
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7422.patch   #593956
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7466.patch   #594520
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7907.patch   #596048
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7908.patch   #596049
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7909.patch   #596048
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-1.patch #596738
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-7994-2.patch #596738
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8576.patch   #596752
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8577.patch   #596776
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8578.patch   #596774
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8668.patch   #597110
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-2.patch #597108
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8909.patch   #598044
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9102.patch   #598328
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9103.patch   #598328
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9104.patch   #598328
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9105.patch   #598328
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-9106.patch   #598772
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu uuid)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-02-13  4:58 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-02-13  4:58 UTC (permalink / raw
  To: gentoo-commits

commit:     69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 13 04:50:18 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Feb 13 04:50:18 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69f166f7

app-emulation/qemu: fix various security issues, bug #608728 and others

This commit applies upstream patches to 2.8.0 for the following CVEs

  CVE-2016-10155 #606720
  CVE-2017-2615  #608034
  CVE-2017-5525  #606264
  CVE-2017-5552  #606722
  CVE-2017-5578  #607000
  CVE-2017-5579  #607100
  CVE-2017-5667  #607766
  CVE-2017-5856  #608036
  CVE-2017-5857  #608038
  CVE-2017-5898  #608520
  CVE-2017-5931  #608728

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch     |  46 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch      |  48 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch    |  52 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch    |  55 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch      |  41 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch      |  35 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch      |  40 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch      |  37 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch      |  64 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch      |  38 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch      |  35 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch      |  46 ++
 app-emulation/qemu/qemu-2.8.0-r1.ebuild            | 691 +++++++++++++++++++++
 13 files changed, 1228 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
new file mode 100644
index 0000000000..c486295d06
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
@@ -0,0 +1,46 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++    timer_del(d->timer);
++    timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+     .wdt_name = "i6300esb",
+     .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+     k->config_read = i6300esb_config_read;
+     k->config_write = i6300esb_config_write;
+     k->realize = i6300esb_realize;
++    k->exit = i6300esb_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+     k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
new file mode 100644
index 0000000000..f0bba80165
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
@@ -0,0 +1,48 @@
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409..16f27e8 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
new file mode 100644
index 0000000000..24411b4dca
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
@@ -0,0 +1,52 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+     ac97_on_reset (&s->dev.qdev);
+ }
+ 
++static void ac97_exit(PCIDevice *dev)
++{
++    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++    AUD_close_in(&s->card, s->voice_pi);
++    AUD_close_out(&s->card, s->voice_po);
++    AUD_close_in(&s->card, s->voice_mc);
++    AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = ac97_realize;
++    k->exit = ac97_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+     k->revision = 0x01;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
new file mode 100644
index 0000000000..6bbac580c3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
@@ -0,0 +1,55 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+     es1370_reset (s);
+ }
+ 
++static void es1370_exit(PCIDevice *dev)
++{
++    ES1370State *s = ES1370(dev);
++    int i;
++
++    for (i = 0; i < 2; ++i) {
++        AUD_close_out(&s->card, s->dac_voice[i]);
++    }
++
++    AUD_close_in(&s->card, s->adc_voice);
++    AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = es1370_realize;
++    k->exit = es1370_exit;
+     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
new file mode 100644
index 0000000000..9475f3fd2a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
@@ -0,0 +1,41 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
+-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
+-                                       res_iovs, att_rb.nr_entries);
++    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++                                             res_iovs, att_rb.nr_entries);
++
++    if (ret != 0)
++        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+ 
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
new file mode 100644
index 0000000000..f93d1e7f9e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
@@ -0,0 +1,35 @@
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258..ca88cf4 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
new file mode 100644
index 0000000000..e4572a8d57
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
@@ -0,0 +1,40 @@
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8..67b18ed 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
new file mode 100644
index 0000000000..93e9c9406c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
@@ -0,0 +1,37 @@
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf22..5bd5ab6 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+                 boundary_count -= block_size - begin;
+             }
+             dma_memory_read(&address_space_memory, s->sdmasysad,
+-                            &s->fifo_buffer[begin], s->data_count);
++                            &s->fifo_buffer[begin], s->data_count - begin);
+             s->sdmasysad += s->data_count - begin;
+             if (s->data_count == block_size) {
+                 for (n = 0; n < block_size; n++) {
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
new file mode 100644
index 0000000000..2ebd49fa54
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
@@ -0,0 +1,64 @@
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
new file mode 100644
index 0000000000..664a669ffa
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
@@ -0,0 +1,38 @@
+When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
+backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
+we'll leak memory.
+
+This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
+"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
+
+Reported-by: 李强 <address@hidden>
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/display/virtio-gpu-3d.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index f96a0c2..ecb09d1 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
+                                      struct virtio_gpu_ctrl_command *cmd)
+ {
+     struct virtio_gpu_resource_unref unref;
++    struct iovec *res_iovs = NULL;
++    int num_iovs = 0;
+ 
+     VIRTIO_GPU_FILL_CMD(unref);
+     trace_virtio_gpu_cmd_res_unref(unref.resource_id);
+ 
++    virgl_renderer_resource_detach_iov(unref.resource_id,
++                                       &res_iovs,
++                                       &num_iovs);
++    if (res_iovs != NULL && num_iovs != 0) {
++        virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
++    }
+     virgl_renderer_resource_unref(unref.resource_id);
+ }
+ 
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
new file mode 100644
index 0000000000..9f94477a46
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
@@ -0,0 +1,35 @@
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b6..1325ea1 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+                 recv->hdr.bSeq, len);
+     ccid_add_pending_answer(s, (CCID_Header *)recv);
+-    if (s->card) {
++    if (s->card && len <= BULK_OUT_DATA_SIZE) {
+         ccid_card_apdu_from_guest(s->card, recv->abData, len);
+     } else {
+         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
new file mode 100644
index 0000000000..f24d557c96
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
@@ -0,0 +1,46 @@
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e..c23e1ad 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+ 
+-    size_t max_len, curr_size = 0;
++    uint64_t max_len, curr_size = 0;
+     size_t s;
+ 
+     /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
+-    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+         return NULL;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
new file mode 100644
index 0000000000..27420ae5fd
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
@@ -0,0 +1,691 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-2
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
+static-user systemtap tci test +threads usb usbredir vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-softmmu static-user )
+	static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+#
+# Older versions of gnutls are supported, but it's simpler to just require
+# the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
+COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? ( app-accessibility/brltty[static-libs(+)] )
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
+X86_FIRMWARE_DEPEND="
+	>=sys-firmware/ipxe-1.0.0_p20130624
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.10.1
+		~sys-firmware/sgabios-0.1_pre8
+		~sys-firmware/vgabios-0.7a
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/seabios
+		sys-firmware/sgabios
+		sys-firmware/vgabios
+	)"
+CDEPEND="
+	!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
+	!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xen? ( app-emulation/xen-tools:= )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
+	static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )
+"
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or32
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
+you have the kernel module loaded before running kvm. The easiest way to
+ensure that the kernel module is loaded is to load it on boot.\n
+For AMD CPUs the module is called 'kvm-amd'.\n
+For Intel CPUs the module is called 'kvm-intel'.\n
+Please review /etc/conf.d/modules for how to load these.\n\n
+Make sure your user is in the 'kvm' group\n
+Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
+For brand new installs, the default permissions on /dev/kvm might not let you
+access it.  You can tell udev to reset ownership/perms:\n
+udevadm trigger -c add /dev/kvm"
+
+qemu_support_kvm() {
+	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
+		use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
+		use qemu_softmmu_targets_s390x; then
+		return 0
+	fi
+
+	return 1
+}
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch   #601826
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch   #602630
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch  #603444
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch  #606720
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch   #608034
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch   #606722
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch   #607000
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch   #607100
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch   #607766
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch   #608036
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch   #608038
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch   #608520
+	epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch   #608728
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	epatch_user
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+	local static_flag="static-${buildtype}"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets as the default configure
+	# options will autoprobe and try to link in a bunch of unused junk.
+	conf_softmmu() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_softmmu accessibility brlapi)
+		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
+		$(conf_softmmu bluetooth bluez)
+		$(conf_softmmu caps cap-ng)
+		$(conf_softmmu curl)
+		$(conf_softmmu fdt)
+		$(conf_softmmu glusterfs)
+		$(conf_softmmu gnutls)
+		$(conf_softmmu gnutls nettle)
+		$(conf_softmmu gtk)
+		$(conf_softmmu infiniband rdma)
+		$(conf_softmmu iscsi libiscsi)
+		$(conf_softmmu jpeg vnc-jpeg)
+		$(conf_softmmu kernel_linux kvm)
+		$(conf_softmmu lzo)
+		$(conf_softmmu ncurses curses)
+		$(conf_softmmu nfs libnfs)
+		$(conf_softmmu numa)
+		$(conf_softmmu opengl)
+		$(conf_softmmu png vnc-png)
+		$(conf_softmmu rbd)
+		$(conf_softmmu sasl vnc-sasl)
+		$(conf_softmmu sdl)
+		$(conf_softmmu seccomp)
+		$(conf_softmmu smartcard)
+		$(conf_softmmu snappy)
+		$(conf_softmmu spice)
+		$(conf_softmmu ssh libssh2)
+		$(conf_softmmu usb libusb)
+		$(conf_softmmu usbredir usb-redir)
+		$(conf_softmmu vde)
+		$(conf_softmmu vhost-net)
+		$(conf_softmmu virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_softmmu vnc)
+		$(conf_softmmu vte)
+		$(conf_softmmu xen)
+		$(conf_softmmu xen xen-pci-passthrough)
+		$(conf_softmmu xfs xfsctl)
+	)
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		;;
+	softmmu)
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--with-system-pixman
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			$(use_enable bzip2)
+		)
+		static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		gcc-specs-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		default
+	fi
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets
+		newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_dorules "${FILESDIR}"/65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	if [[ -z ${softmmu_targets}${user_targets} ]]; then
+		cd "${S}/tools-build"
+		emake DESTDIR="${ED}" install
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	# Remove the docdir placed qmp-commands.txt
+	mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+		fi
+
+		# Remove vgabios since we're using the vgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
+			dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	qemu_support_kvm && readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	if qemu_support_kvm; then
+		readme.gentoo_print_elog
+	fi
+
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/vgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-03-27  4:03 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-03-27  4:03 UTC (permalink / raw
  To: gentoo-commits

commit:     b054426687f5eccea1873b53afed11100ca1eb8d
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 27 03:18:22 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Mar 27 03:40:37 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0544266

app-emulation/qemu: security patches, bug #612220

  CVE-2017-6505, bug #612220

Package-Manager: Portage-2.3.3, Repoman-2.3.2

 .../qemu/files/qemu-2.8.0-CVE-2017-6505.patch      | 52 ++++++++++++++++++++++
 .../{qemu-2.8.0-r7.ebuild => qemu-2.8.0-r8.ebuild} |  1 +
 2 files changed, 53 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
new file mode 100644
index 00000000000..a15aa96bd56
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
@@ -0,0 +1,52 @@
+From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Tue, 7 Feb 2017 02:23:33 -0800
+Subject: [PATCH] usb: ohci: limit the number of link eds
+
+The guest may builds an infinite loop with link eds. This patch
+limit the number of linked ed to avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/hcd-ohci.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
+index 2cba3e3..21c93e0 100644
+--- a/hw/usb/hcd-ohci.c
++++ b/hw/usb/hcd-ohci.c
+@@ -42,6 +42,8 @@
+ 
+ #define OHCI_MAX_PORTS 15
+ 
++#define ED_LINK_LIMIT 4
++
+ static int64_t usb_frame_time;
+ static int64_t usb_bit_time;
+ 
+@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
+     uint32_t next_ed;
+     uint32_t cur;
+     int active;
+-
++    uint32_t link_cnt = 0;
+     active = 0;
+ 
+     if (head == 0)
+@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
+ 
+         next_ed = ed.next & OHCI_DPTR_MASK;
+ 
++        if (++link_cnt > ED_LINK_LIMIT) {
++            ohci_die(ohci);
++            return 0;
++        }
++
+         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
+             uint32_t addr;
+             /* Cancel pending packets for ED that have been paused.  */
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.0-r7.ebuild b/app-emulation/qemu/qemu-2.8.0-r8.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.8.0-r7.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r8.ebuild
index 2088438d8e5..8df1a91630a 100644
--- a/app-emulation/qemu/qemu-2.8.0-r7.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r8.ebuild
@@ -206,6 +206,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
+	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-04-25 13:51 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-04-25 13:51 UTC (permalink / raw
  To: gentoo-commits

commit:     51d94aaeff0e35fa68711f5623c5e6f68be2fac8
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 25 13:32:43 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Apr 25 13:51:31 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51d94aae

app-emulation/qemu: security fixes

CVE-2017-7471, bug #616484

CVE-2017-7718, bug #616482
  already applied on stable-2.8 as 3328c14e63f08fb07e8c6dec779c9d365e9e9864

CVE-2017-7980, bug #616462
  already applied on stable-2.8 as a290442234fa214fcb7f45fc91d802bcb8d05c4b
                                   031700e4527b9e05798f7040dccdf638da27aee2

CVE-2017-8086, bug #616460

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 .../qemu/files/qemu-2.8.1-CVE-2017-7471.patch      | 64 ++++++++++++++++++++++
 .../qemu/files/qemu-2.8.1-CVE-2017-8086.patch      | 28 ++++++++++
 .../{qemu-2.8.1-r1.ebuild => qemu-2.8.1-r2.ebuild} |  2 +
 3 files changed, 94 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
new file mode 100644
index 00000000000..c5366f5758e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
@@ -0,0 +1,64 @@
+From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Mon, 17 Apr 2017 10:53:23 +0200
+Subject: [PATCH] 9pfs: local: set the path of the export root to "."
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The local backend was recently converted to using "at*()" syscalls in order
+to ensure all accesses happen below the shared directory. This requires that
+we only pass relative paths, otherwise the dirfd argument to the "at*()"
+syscalls is ignored and the path is treated as an absolute path in the host.
+This is actually the case for paths in all fids, with the notable exception
+of the root fid, whose path is "/". This causes the following backend ops to
+act on the "/" directory of the host instead of the virtfs shared directory
+when the export root is involved:
+- lstat
+- chmod
+- chown
+- utimensat
+
+ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
+host for example. This could cause security issues with a privileged QEMU.
+
+All "*at()" syscalls are being passed an open file descriptor. In the case
+of the export root, this file descriptor points to the path in the host that
+was passed to -fsdev.
+
+The fix is thus as simple as changing the path of the export root fid to be
+"." instead of "/".
+
+This is CVE-2017-7471.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Léo Gaspard <leo@gaspard.io>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/9pfs/9p-local.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index 45e9a1f..f3ebca4 100644
+--- a/hw/9pfs/9p-local.c
++++ b/hw/9pfs/9p-local.c
+@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
+ {
+     if (dir_path) {
+         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+-    } else {
++    } else if (strcmp(name, "/")) {
+         v9fs_path_sprintf(target, "%s", name);
++    } else {
++        /* We want the path of the export root to be relative, otherwise
++         * "*at()" syscalls would treat it as "/" in the host.
++         */
++        v9fs_path_sprintf(target, "%s", ".");
+     }
+     return 0;
+ }
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
new file mode 100644
index 00000000000..eac72f3dcb5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
@@ -0,0 +1,28 @@
+From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Fri, 7 Apr 2017 03:48:52 -0700
+Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
+
+Free 'orig_value' in error path.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p-xattr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
+index eec160b..d05c1a1 100644
+--- a/hw/9pfs/9p-xattr.c
++++ b/hw/9pfs/9p-xattr.c
+@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
+     g_free(name);
+     close_preserve_errno(dirfd);
+     if (xattr_len < 0) {
++        g_free(orig_value);
+         return -1;
+     }
+ 
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.1-r1.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.8.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.8.1-r2.ebuild
index 62dcf576139..2e9ad1977aa 100644
--- a/app-emulation/qemu/qemu-2.8.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
@@ -207,6 +207,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
 	"${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch   #614744
+	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch   #616484
+	"${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch   #616460
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-05-18  4:20 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-05-18  4:20 UTC (permalink / raw
  To: gentoo-commits

commit:     d032d5cc904b8793b96b3545750b0b8583154caa
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Thu May 18 04:12:17 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Thu May 18 04:20:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d032d5cc

app-emulation/qemu: rename patches

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 .../{qemu-2.9.0-bug616870.patch => qemu-2.9.0-CVE-2017-8309.patch}  | 0
 .../{qemu-2.9.0-bug616872.patch => qemu-2.9.0-CVE-2017-8379.patch}  | 0
 .../{qemu-2.9.0-bug616874.patch => qemu-2.9.0-CVE-2017-8380.patch}  | 0
 app-emulation/qemu/qemu-2.9.0-r2.ebuild                             | 6 +++---
 app-emulation/qemu/qemu-2.9.0-r54.ebuild                            | 6 +++---
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616870.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616872.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616874.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch

diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
index 6289ced538e..71de8e79100 100644
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
@@ -191,9 +191,9 @@ RDEPEND="${CDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )

diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
index 0d8029910fc..69908a33c9a 100644
--- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
@@ -194,9 +194,9 @@ RDEPEND="${CDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.9.0-bug616870.patch # bug 616870
-	"${FILESDIR}"/${PN}-2.9.0-bug616872.patch # bug 616872
-	"${FILESDIR}"/${PN}-2.9.0-bug616874.patch # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
 	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-07-26 17:15 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-07-26 17:15 UTC (permalink / raw
  To: gentoo-commits

commit:     e67f10960bca69fdede54d77eb54c4ab72b98d08
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 26 17:10:46 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Wed Jul 26 17:14:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67f1096

app-emulation/qemu: security fixes

  CVE-2017-11334, bug #621292
  CVE-2017-11434, bug #625614
  CVE-2017-9503, bug #621184
  CVE-2017-9524, bug #621292

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch     |  40 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch     |  29 +
 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch      | 272 +++++++
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch    | 122 ++++
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch    | 114 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch    |  80 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch    | 197 +++++
 app-emulation/qemu/qemu-2.9.0-r55.ebuild           | 792 +++++++++++++++++++++
 8 files changed, 1646 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
new file mode 100644
index 00000000000..bfe4c7d89f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
@@ -0,0 +1,40 @@
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest 
+From: Prasad J Pandit <address@hidden>
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff8..ad103ce 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
new file mode 100644
index 00000000000..5d32067c7a0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
@@ -0,0 +1,29 @@
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
+From: Prasad J Pandit <address@hidden>
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c..5dd1a41 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
+-- 
+2.9.4

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
new file mode 100644
index 00000000000..0b5987c6623
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
@@ -0,0 +1,272 @@
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Date: Fri, 2 Jun 2017 18:01:41 +0300
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
+
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
+setting any handlers. But starting from ff82911cd nbd_rwv (was
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
+let's just use nbd_{read,write,drop} functions.
+
+Functions nbd_{read,write,drop} has errp parameter, which is unused in
+this patch. This will be fixed later.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 107 ++++++++++++-----------------------------------------------
+ 1 file changed, 22 insertions(+), 85 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index d8bd927013..7f44ef0b15 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -104,69 +104,6 @@ struct NBDClient {
+ 
+ static void nbd_client_receive_next_request(NBDClient *client);
+ 
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
+-                                       GIOCondition condition,
+-                                       void *opaque)
+-{
+-    qemu_coroutine_enter(opaque);
+-    return TRUE;
+-}
+-
+-static int nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
+-{
+-    ssize_t ret;
+-    guint watch;
+-
+-    assert(qemu_in_coroutine());
+-    /* Negotiation are always in main loop. */
+-    watch = qio_channel_add_watch(ioc,
+-                                  G_IO_IN,
+-                                  nbd_negotiate_continue,
+-                                  qemu_coroutine_self(),
+-                                  NULL);
+-    ret = nbd_read(ioc, buffer, size, NULL);
+-    g_source_remove(watch);
+-    return ret;
+-
+-}
+-
+-static int nbd_negotiate_write(QIOChannel *ioc, const void *buffer, size_t size)
+-{
+-    ssize_t ret;
+-    guint watch;
+-
+-    assert(qemu_in_coroutine());
+-    /* Negotiation are always in main loop. */
+-    watch = qio_channel_add_watch(ioc,
+-                                  G_IO_OUT,
+-                                  nbd_negotiate_continue,
+-                                  qemu_coroutine_self(),
+-                                  NULL);
+-    ret = nbd_write(ioc, buffer, size, NULL);
+-    g_source_remove(watch);
+-    return ret;
+-}
+-
+-static int nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
+-{
+-    ssize_t ret;
+-    uint8_t *buffer = g_malloc(MIN(65536, size));
+-
+-    while (size > 0) {
+-        size_t count = MIN(65536, size);
+-        ret = nbd_negotiate_read(ioc, buffer, count);
+-        if (ret < 0) {
+-            g_free(buffer);
+-            return ret;
+-        }
+-
+-        size -= count;
+-    }
+-
+-    g_free(buffer);
+-    return 0;
+-}
+-
+ /* Basic flow for negotiation
+ 
+    Server         Client
+@@ -205,22 +142,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
+           type, opt, len);
+ 
+     magic = cpu_to_be64(NBD_REP_MAGIC);
+-    if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) < 0) {
++    if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
+         LOG("write failed (rep magic)");
+         return -EINVAL;
+     }
+     opt = cpu_to_be32(opt);
+-    if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) < 0) {
++    if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
+         LOG("write failed (rep opt)");
+         return -EINVAL;
+     }
+     type = cpu_to_be32(type);
+-    if (nbd_negotiate_write(ioc, &type, sizeof(type)) < 0) {
++    if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
+         LOG("write failed (rep type)");
+         return -EINVAL;
+     }
+     len = cpu_to_be32(len);
+-    if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
++    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+         LOG("write failed (rep data length)");
+         return -EINVAL;
+     }
+@@ -255,7 +192,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
+     if (ret < 0) {
+         goto out;
+     }
+-    if (nbd_negotiate_write(ioc, msg, len) < 0) {
++    if (nbd_write(ioc, msg, len, NULL) < 0) {
+         LOG("write failed (error message)");
+         ret = -EIO;
+     } else {
+@@ -286,15 +223,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
+     }
+ 
+     len = cpu_to_be32(name_len);
+-    if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
++    if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+         LOG("write failed (name length)");
+         return -EINVAL;
+     }
+-    if (nbd_negotiate_write(ioc, name, name_len) < 0) {
++    if (nbd_write(ioc, name, name_len, NULL) < 0) {
+         LOG("write failed (name buffer)");
+         return -EINVAL;
+     }
+-    if (nbd_negotiate_write(ioc, desc, desc_len) < 0) {
++    if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
+         LOG("write failed (description buffer)");
+         return -EINVAL;
+     }
+@@ -308,7 +245,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
+     NBDExport *exp;
+ 
+     if (length) {
+-        if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++        if (nbd_drop(client->ioc, length, NULL) < 0) {
+             return -EIO;
+         }
+         return nbd_negotiate_send_rep_err(client->ioc,
+@@ -339,7 +276,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
+         LOG("Bad length received");
+         goto fail;
+     }
+-    if (nbd_negotiate_read(client->ioc, name, length) < 0) {
++    if (nbd_read(client->ioc, name, length, NULL) < 0) {
+         LOG("read failed");
+         goto fail;
+     }
+@@ -372,7 +309,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+     TRACE("Setting up TLS");
+     ioc = client->ioc;
+     if (length) {
+-        if (nbd_negotiate_drop_sync(ioc, length) < 0) {
++        if (nbd_drop(ioc, length, NULL) < 0) {
+             return NULL;
+         }
+         nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
+@@ -436,7 +373,7 @@ static int nbd_negotiate_options(NBDClient *client)
+         ...           Rest of request
+     */
+ 
+-    if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) < 0) {
++    if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
+         LOG("read failed");
+         return -EIO;
+     }
+@@ -462,7 +399,7 @@ static int nbd_negotiate_options(NBDClient *client)
+         uint32_t clientflags, length;
+         uint64_t magic;
+ 
+-        if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) < 0) {
++        if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
+             LOG("read failed");
+             return -EINVAL;
+         }
+@@ -472,15 +409,15 @@ static int nbd_negotiate_options(NBDClient *client)
+             return -EINVAL;
+         }
+ 
+-        if (nbd_negotiate_read(client->ioc, &clientflags,
+-                               sizeof(clientflags)) < 0)
++        if (nbd_read(client->ioc, &clientflags,
++                      sizeof(clientflags), NULL) < 0)
+         {
+             LOG("read failed");
+             return -EINVAL;
+         }
+         clientflags = be32_to_cpu(clientflags);
+ 
+-        if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) < 0) {
++        if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
+             LOG("read failed");
+             return -EINVAL;
+         }
+@@ -510,7 +447,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 return -EINVAL;
+ 
+             default:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -548,7 +485,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 return nbd_negotiate_handle_export_name(client, length);
+ 
+             case NBD_OPT_STARTTLS:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 if (client->tlscreds) {
+@@ -567,7 +504,7 @@ static int nbd_negotiate_options(NBDClient *client)
+                 }
+                 break;
+             default:
+-                if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
++                if (nbd_drop(client->ioc, length, NULL) < 0) {
+                     return -EIO;
+                 }
+                 ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -656,12 +593,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+             TRACE("TLS cannot be enabled with oldstyle protocol");
+             goto fail;
+         }
+-        if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) < 0) {
++        if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+     } else {
+-        if (nbd_negotiate_write(client->ioc, buf, 18) < 0) {
++        if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+@@ -676,7 +613,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+         stq_be_p(buf + 18, client->exp->size);
+         stw_be_p(buf + 26, client->exp->nbdflags | myflags);
+         len = client->no_zeroes ? 10 : sizeof(buf) - 18;
+-        if (nbd_negotiate_write(client->ioc, buf + 18, len) < 0) {
++        if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
+             LOG("write failed");
+             goto fail;
+         }
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
new file mode 100644
index 00000000000..01c81d10ec0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
@@ -0,0 +1,122 @@
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:26:14 +0200
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
+
+This ensures that the request is unref'ed properly, and avoids a
+segmentation fault in the new qtest testcase that is added.
+This is CVE-2017-9503.
+
+Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c    | 31 ++++++++++++++++---------------
+ 2 files changed, 51 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 135662df31..734fdaef90 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
+ static void megasas_abort_command(MegasasCmd *cmd)
+ {
+     /* Never abort internal commands.  */
++    if (cmd->dcmd_opcode != -1) {
++        return;
++    }
+     if (cmd->req != NULL) {
+         scsi_req_cancel(cmd->req);
+     }
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+     uint64_t pd_size;
+     uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+     uint8_t cmdbuf[6];
+-    SCSIRequest *req;
+     size_t len, resid;
+ 
+     if (!cmd->iov_buf) {
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+         info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
+         info->vpd_page83[0] = 0x7f;
+         megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
+-        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "PD get info std inquiry");
+             g_free(cmd->iov_buf);
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "PD get info std inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
+         megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
+-        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "PD get info vpd inquiry");
+             return MFI_STAT_FLASH_ALLOC_FAIL;
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "PD get info vpd inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     }
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+     struct mfi_ld_info *info = cmd->iov_buf;
+     size_t dcmd_size = sizeof(struct mfi_ld_info);
+     uint8_t cdb[6];
+-    SCSIRequest *req;
+     ssize_t len, resid;
+     uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+     uint64_t ld_size;
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+         cmd->iov_buf = g_malloc0(dcmd_size);
+         info = cmd->iov_buf;
+         megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
+-        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+-        if (!req) {
++        cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
++        if (!cmd->req) {
+             trace_megasas_dcmd_req_alloc_failed(cmd->index,
+                                                 "LD get info vpd inquiry");
+             g_free(cmd->iov_buf);
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+         }
+         trace_megasas_dcmd_internal_submit(cmd->index,
+                                            "LD get info vpd inquiry", lun);
+-        len = scsi_req_enqueue(req);
++        len = scsi_req_enqueue(cmd->req);
+         if (len > 0) {
+             cmd->iov_size = len;
+-            scsi_req_continue(req);
++            scsi_req_continue(cmd->req);
+         }
+         return MFI_STAT_INVALID_STATUS;
+     }
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
+         return;
+     }
+ 
+-    if (cmd->req == NULL) {
++    if (cmd->dcmd_opcode != -1) {
+         /*
+          * Internal command complete
+          */

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
new file mode 100644
index 00000000000..74725a92736
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
@@ -0,0 +1,114 @@
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:18:23 +0200
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
+
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 25 +++++++++++--------------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index c353118882..a3f75c1650 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
+ 
+     hwaddr pa;
+     hwaddr pa_size;
++    uint32_t dcmd_opcode;
+     union mfi_frame *frame;
+     SCSIRequest *req;
+     QEMUSGList qsg;
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
+         cmd->context &= (uint64_t)0xFFFFFFFF;
+     }
+     cmd->count = count;
++    cmd->dcmd_opcode = -1;
+     s->busy++;
+ 
+     if (s->consumer_pa) {
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode;
+     int retval = 0;
+     size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    trace_megasas_handle_dcmd(cmd->index, opcode);
++    cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
++    trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
+     if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+-    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
++    while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
+         cmdptr++;
+     }
+     len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+-        trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
++        trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+     } else {
+         trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+                                         SCSIRequest *req)
+ {
+-    int opcode;
+     int retval = MFI_STAT_OK;
+     int lun = req->lun;
+ 
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
+-    switch (opcode) {
++    trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
++    switch (cmd->dcmd_opcode) {
+     case MFI_DCMD_PD_GET_INFO:
+         retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+         break;
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+         retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+         break;
+     default:
+-        trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
++        trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
+         retval = MFI_STAT_INVALID_DCMD;
+         break;
+     }
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ {
+     MegasasCmd *cmd = req->hba_private;
+     uint8_t *buf;
+-    uint32_t opcode;
+ 
+     trace_megasas_io_complete(cmd->index, len);
+ 
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+     }
+ 
+     buf = scsi_req_get_buf(req);
+-    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+-    if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
++    if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+         struct mfi_pd_info *info = cmd->iov_buf;
+ 
+         if (info->inquiry_data[0] == 0x7f) {
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+             memcpy(info->vpd_page83, buf, len);
+         }
+         scsi_req_continue(req);
+-    } else if (opcode == MFI_DCMD_LD_GET_INFO) {
++    } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
+         struct mfi_ld_info *info = cmd->iov_buf;
+ 
+         if (cmd->iov_buf) {
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
new file mode 100644
index 00000000000..9d77193b1f6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
@@ -0,0 +1,80 @@
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 26 May 2017 22:04:21 -0500
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
+
+If a non-NBD client connects to qemu-nbd, we would end up with
+a SIGSEGV in nbd_client_put() because we were trying to
+unregister the client's association to the export, even though
+we skipped inserting the client into that list.  Easy trigger
+in two terminals:
+
+$ qemu-nbd -p 30001 --format=raw file
+$ nmap 127.0.0.1 -p 30001
+
+nmap claims that it thinks it connected to a pago-services1
+server (which probably means nmap could be updated to learn the
+NBD protocol and give a more accurate diagnosis of the open
+port - but that's not our problem), then terminates immediately,
+so our call to nbd_negotiate() fails.  The fix is to reorder
+nbd_co_client_start() to ensure that all initialization occurs
+before we ever try talking to a client in nbd_negotiate(), so
+that the teardown sequence on negotiation failure doesn't fault
+while dereferencing a half-initialized object.
+
+While debugging this, I also noticed that nbd_update_server_watch()
+called by nbd_client_closed() was still adding a channel to accept
+the next client, even when the state was no longer RUNNING.  That
+is fixed by making nbd_can_accept() pay attention to the current
+state.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170527030421.28366-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 8 +++-----
+ qemu-nbd.c   | 2 +-
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index ee59e5d234..49b55f6ede 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+ 
+     if (exp) {
+         nbd_export_get(exp);
++        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+     }
++    qemu_co_mutex_init(&client->send_lock);
++
+     if (nbd_negotiate(data)) {
+         client_close(client);
+         goto out;
+     }
+-    qemu_co_mutex_init(&client->send_lock);
+-
+-    if (exp) {
+-        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+-    }
+ 
+     nbd_client_receive_next_request(client);
+ 
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index f60842fd86..651f85ecc1 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -325,7 +325,7 @@ out:
+ 
+ static int nbd_can_accept(void)
+ {
+-    return nb_fds < shared;
++    return state == RUNNING && nb_fds < shared;
+ }
+ 
+ static void nbd_export_closed(NBDExport *exp)
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
new file mode 100644
index 00000000000..e6934b379a2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
@@ -0,0 +1,197 @@
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 8 Jun 2017 17:26:17 -0500
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan
+
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
+server would not quit, regardless of how many probe connections
+came and went, until a connection actually negotiated).  But we
+broke that in commit ee7d7aa when removing the return value to
+nbd_client_new(), although that patch also introduced a bug causing
+an assertion failure on a client that fails negotiation.  We then
+made it worse during refactoring in commit 1a6245a (a segfault
+before we could even assert); the (masked) assertion was cleaned
+up in d3780c2 (still in 2.6), and just recently we finally fixed
+the segfault ("nbd: Fully intialize client in case of failed
+negotiation").  But that still means that ever since we added
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed
+port-scan being able to cause a denial of service by taking down
+qemu-nbd before a real client has a chance to connect.
+
+Since negotiation is now handled asynchronously via coroutines,
+we no longer have a synchronous point of return by re-adding a
+return value to nbd_client_new().  So this patch instead wires
+things up to pass the negotiation status through the close_fn
+callback function.
+
+Simple test across two terminals:
+$ qemu-nbd -f raw -p 30001 file
+$ nmap 127.0.0.1 -p 30001 && \
+  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
+
+Note that this patch does not change what constitutes successful
+negotiation (thus, a client must enter transmission phase before
+that client can be considered as a reason to terminate the server
+when the connection ends).  Perhaps we may want to tweak things
+in a later patch to also treat a client that uses NBD_OPT_ABORT
+as being a 'successful' negotiation (the client correctly talked
+the NBD protocol, and informed us it was not going to use our
+export after all), but that's a discussion for another day.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170608222617.20376-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ blockdev-nbd.c      |  6 +++++-
+ include/block/nbd.h |  2 +-
+ nbd/server.c        | 24 +++++++++++++++---------
+ qemu-nbd.c          |  4 ++--
+ 4 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index dd0860f4a6..28f551a7b0 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -27,6 +27,10 @@ typedef struct NBDServerData {
+ 
+ static NBDServerData *nbd_server;
+ 
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
++{
++    nbd_client_put(client);
++}
+ 
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+                            gpointer opaque)
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
+     nbd_client_new(NULL, cioc,
+                    nbd_server->tlscreds, NULL,
+-                   nbd_client_put);
++                   nbd_blockdev_client_closed);
+     object_unref(OBJECT(cioc));
+     return TRUE;
+ }
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index 416257abca..8fa5ce51f3 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
+                     QIOChannelSocket *sioc,
+                     QCryptoTLSCreds *tlscreds,
+                     const char *tlsaclname,
+-                    void (*close)(NBDClient *));
++                    void (*close_fn)(NBDClient *, bool));
+ void nbd_client_get(NBDClient *client);
+ void nbd_client_put(NBDClient *client);
+ 
+diff --git a/nbd/server.c b/nbd/server.c
+index 49b55f6ede..f2b1aa47ce 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+ 
+ struct NBDClient {
+     int refcount;
+-    void (*close)(NBDClient *client);
++    void (*close_fn)(NBDClient *client, bool negotiated);
+ 
+     bool no_zeroes;
+     NBDExport *exp;
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
+     }
+ }
+ 
+-static void client_close(NBDClient *client)
++static void client_close(NBDClient *client, bool negotiated)
+ {
+     if (client->closing) {
+         return;
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
+                          NULL);
+ 
+     /* Also tell the client, so that they release their reference.  */
+-    if (client->close) {
+-        client->close(client);
++    if (client->close_fn) {
++        client->close_fn(client, negotiated);
+     }
+ }
+ 
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
+ 
+     nbd_export_get(exp);
+     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
+-        client_close(client);
++        client_close(client, true);
+     }
+     nbd_export_set_name(exp, NULL);
+     nbd_export_set_description(exp, NULL);
+@@ -1337,7 +1337,7 @@ done:
+ 
+ out:
+     nbd_request_put(req);
+-    client_close(client);
++    client_close(client, true);
+     nbd_client_put(client);
+ }
+ 
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+     qemu_co_mutex_init(&client->send_lock);
+ 
+     if (nbd_negotiate(data)) {
+-        client_close(client);
++        client_close(client, false);
+         goto out;
+     }
+ 
+@@ -1373,11 +1373,17 @@ out:
+     g_free(data);
+ }
+ 
++/*
++ * Create a new client listener on the given export @exp, using the
++ * given channel @sioc.  Begin servicing it in a coroutine.  When the
++ * connection closes, call @close_fn with an indication of whether the
++ * client completed negotiation.
++ */
+ void nbd_client_new(NBDExport *exp,
+                     QIOChannelSocket *sioc,
+                     QCryptoTLSCreds *tlscreds,
+                     const char *tlsaclname,
+-                    void (*close_fn)(NBDClient *))
++                    void (*close_fn)(NBDClient *, bool))
+ {
+     NBDClient *client;
+     NBDClientNewData *data = g_new(NBDClientNewData, 1);
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
+     object_ref(OBJECT(client->sioc));
+     client->ioc = QIO_CHANNEL(sioc);
+     object_ref(OBJECT(client->ioc));
+-    client->close = close_fn;
++    client->close_fn = close_fn;
+ 
+     data->client = client;
+     data->co = qemu_coroutine_create(nbd_co_client_start, data);
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 651f85ecc1..9464a0461c 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
+ 
+ static void nbd_update_server_watch(void);
+ 
+-static void nbd_client_closed(NBDClient *client)
++static void nbd_client_closed(NBDClient *client, bool negotiated)
+ {
+     nb_fds--;
+-    if (nb_fds == 0 && !persistent && state == RUNNING) {
++    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
+         state = TERMINATE;
+     }
+     nbd_update_server_watch();
+-- 
+2.13.0
+

diff --git a/app-emulation/qemu/qemu-2.9.0-r55.ebuild b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
new file mode 100644
index 00000000000..4a7f4b1c5f1
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
@@ -0,0 +1,792 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
+	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
+	sparc64 x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:=[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+		~sys-firmware/ipxe-1.0.0_p20160620
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch    # bug 616870
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch    # bug 616872
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch    # bug 616874
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch    # bug 616636
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch    # bug 618808
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch   # bug 625614
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch   # bug 621292
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch  # bug 621292
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch  # bug 621184
+	"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
+)
+
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	default
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser bluetooth bluez)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+			--with-system-pixman
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dodoc docs/qmp-*.txt
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2017-11-12 20:22 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2017-11-12 20:22 UTC (permalink / raw
  To: gentoo-commits

commit:     23224f9e55bfc2ec41c8a8906a44e60791de07b5
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 12 20:10:34 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sun Nov 12 20:22:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23224f9e

app-emulation/qemu: Version bump to 2.10.1, various security fixes

Bug: https://bugs.gentoo.org/630432
Bug: https://bugs.gentoo.org/633822
Bug: https://bugs.gentoo.org/634070
Bug: https://bugs.gentoo.org/634148
Package-Manager: Portage-2.3.8, Repoman-2.3.4

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch    |  80 ---
 .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch    |  54 ++
 .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch    |  58 ++
 app-emulation/qemu/qemu-2.10.1.ebuild              | 796 +++++++++++++++++++++
 5 files changed, 909 insertions(+), 80 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 156b9a616ac..95c955ceb92 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
+DIST qemu-2.10.1.tar.bz2 30821108 SHA256 8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f WHIRLPOOL 79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b

diff --git a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
deleted file mode 100644
index 9d026568492..00000000000
--- a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
-From: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Date: Fri, 25 Aug 2017 01:35:53 +0200
-Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The if_fastq and if_batchq contain not only packets, but queues of packets
-for the same socket. When sofree frees a socket, it thus has to clear ifq_so
-from all the packets from the queues, not only the first.
-
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- slirp/socket.c | 39 +++++++++++++++++++++++----------------
- 1 file changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/slirp/socket.c b/slirp/socket.c
-index ecec0295a9..cb7b5b608d 100644
---- a/slirp/socket.c
-+++ b/slirp/socket.c
-@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
- }
- 
- /*
-+ * Remove references to so from the given message queue.
-+ */
-+static void
-+soqfree(struct socket *so, struct quehead *qh)
-+{
-+    struct mbuf *ifq;
-+
-+    for (ifq = (struct mbuf *) qh->qh_link;
-+             (struct quehead *) ifq != qh;
-+             ifq = ifq->ifq_next) {
-+        if (ifq->ifq_so == so) {
-+            struct mbuf *ifm;
-+            ifq->ifq_so = NULL;
-+            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
-+                ifm->ifq_so = NULL;
-+            }
-+        }
-+    }
-+}
-+
-+/*
-  * remque and free a socket, clobber cache
-  */
- void
- sofree(struct socket *so)
- {
-   Slirp *slirp = so->slirp;
--  struct mbuf *ifm;
- 
--  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
--       (struct quehead *) ifm != &slirp->if_fastq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
--
--  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
--       (struct quehead *) ifm != &slirp->if_batchq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
-+  soqfree(so, &slirp->if_fastq);
-+  soqfree(so, &slirp->if_batchq);
- 
-   if (so->so_emu==EMU_RSH && so->extra) {
- 	sofree(so->extra);
--- 
-2.13.5
-

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
new file mode 100644
index 00000000000..7d08b32b027
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
@@ -0,0 +1,54 @@
+From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Mon, 9 Oct 2017 14:43:42 +0100
+Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
+
+The websocket GSource is monitoring the size of the rawoutput
+buffer to determine if the channel can accepts more writes.
+The rawoutput buffer, however, is merely a temporary staging
+buffer before data is copied into the encoutput buffer. Thus
+its size will always be zero when the GSource runs.
+
+This flaw causes the encoutput buffer to grow without bound
+if the other end of the underlying data channel doesn't
+read data being sent. This can be seen with VNC if a client
+is on a slow WAN link and the guest OS is sending many screen
+updates. A malicious VNC client can act like it is on a slow
+link by playing a video in the guest and then reading data
+very slowly, causing QEMU host memory to expand arbitrarily.
+
+This issue is assigned CVE-2017-15268, publically reported in
+
+  https://bugs.launchpad.net/qemu/+bug/1718964
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ io/channel-websock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index d1d471f86e..04bcc059cd 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -28,7 +28,7 @@
+ #include <time.h>
+ 
+ 
+-/* Max amount to allow in rawinput/rawoutput buffers */
++/* Max amount to allow in rawinput/encoutput buffers */
+ #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
+ 
+ #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
+@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
+     if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
+         cond |= G_IO_IN;
+     }
+-    if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
++    if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
+         cond |= G_IO_OUT;
+     }
+ 
+-- 
+2.13.6
+

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
new file mode 100644
index 00000000000..a4ad2d5e435
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
@@ -0,0 +1,58 @@
+From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Wed, 11 Oct 2017 10:43:14 +0200
+Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
+
+Move dst calculation into the loop, so we apply the mask on each
+interation and will not overflow vga memory.
+
+Cc: Prasad J Pandit <pjp@fedoraproject.org>
+Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20171011084314.21752-1-kraxel@redhat.com
+---
+ hw/display/cirrus_vga.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index b4d579857a..bc32bf1e39 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
+     unsigned val = mem_value;
+     uint8_t *dst;
+ 
+-    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+     for (x = 0; x < 8; x++) {
++        dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
+ 	if (val & 0x80) {
+ 	    *dst = s->cirrus_shadow_gr1;
+ 	} else if (mode == 5) {
+ 	    *dst = s->cirrus_shadow_gr0;
+ 	}
+ 	val <<= 1;
+-	dst++;
+     }
+     memory_region_set_dirty(&s->vga.vram, offset, 8);
+ }
+@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
+     unsigned val = mem_value;
+     uint8_t *dst;
+ 
+-    dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
+     for (x = 0; x < 8; x++) {
++        dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
+ 	if (val & 0x80) {
+ 	    *dst = s->cirrus_shadow_gr1;
+ 	    *(dst + 1) = s->vga.gr[0x11];
+@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
+ 	    *(dst + 1) = s->vga.gr[0x10];
+ 	}
+ 	val <<= 1;
+-	dst += 2;
+     }
+     memory_region_set_dirty(&s->vga.vram, offset, 16);
+ }
+-- 
+2.13.6
+

diff --git a/app-emulation/qemu/qemu-2.10.1.ebuild b/app-emulation/qemu/qemu-2.10.1.ebuild
new file mode 100644
index 00000000000..e5aec863641
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.10.1.ebuild
@@ -0,0 +1,796 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.9.0-r52"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
+	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
+	sparc64 x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	gtk2? ( gtk )
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	sdl2? ( sdl )
+	static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bluetooth? ( net-wireless/bluez )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		gtk2? (
+			x11-libs/gtk+:2
+			vte? ( x11-libs/vte:0 )
+		)
+		!gtk2? (
+			x11-libs/gtk+:3
+			vte? ( x11-libs/vte:2.91 )
+		)
+	)
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		!sdl2? (
+			media-libs/libsdl[X]
+			>=media-libs/libsdl-1.2.11[static-libs(+)]
+		)
+		sdl2? (
+			media-libs/libsdl2[X]
+			media-libs/libsdl2[static-libs(+)]
+		)
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:=[static-libs(+)] )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
+		~sys-firmware/ipxe-1.0.0_p20160620
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.10.2[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	dev-lang/perl
+	=dev-lang/python-2*
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15268.patch
+	"${FILESDIR}"/${PN}-2.10.1-CVE-2017-15289.patch
+)
+
+STRIP_MASK="/usr/share/qemu/palcode-clipper"
+
+QA_PREBUILT="
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	default
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser bluetooth bluez)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
+		use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+			--with-system-pixman
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dohtml check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2018-03-18 20:02 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2018-03-18 20:02 UTC (permalink / raw
  To: gentoo-commits

commit:     46d903c2665d2910a22d78656c5f7bafdf702135
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 18 19:08:44 2018 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sun Mar 18 20:01:49 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46d903c2

app-emulation/qemu: 2.11.1: New binary blob pinning, CVE patches, maintenance

 * new binary blobs pinning
    =sys-firmware/edk2-ovmf-2017_p20180211
    =sys-firmware/ipxe-1.0.0_p20180211
    =sys-firmware/seabios-1.11.0
    =sys-firmware/sgabios-0.1_pre8-r1
    =sys-firmware/vgabios-0.7a-r1
   keyword ebuild

 * fix include path for capstone, bug 647570
 * add USE=capstone support, bug 647570

 * apply patch for CVE-2018-7550

Closes: https://bugs.gentoo.org/647570
Bug: https://bugs.gentoo.org/649616
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/qemu/Manifest                                 |  1 +
 .../qemu/files/qemu-2.11.1-capstone_include_path.patch      | 11 +++++++++++
 app-emulation/qemu/metadata.xml                             |  1 +
 .../qemu/{qemu-2.11.1-r50.ebuild => qemu-2.11.1-r51.ebuild} | 13 ++++++-------
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 218a778906a..cb0bb800a22 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,5 @@
 DIST qemu-2.11.0-patches-r0.tar.xz 16140 BLAKE2B 2e23908075195a7c28df574525a159e171277a2da6d7c0656a341a2db6a622237106d2dd8de5c9d61b5fb62fa5a163e9657406a2996cebc05baa53d42c5f5d15 SHA512 f7d92c2232398565b8cde294d38dc281c13503fb5967cc7871a2233b7fa354799619445e9ec89c285ef051f62ecef0bd38a135b0093bf5528c0b28c6e580c839
 DIST qemu-2.11.0.tar.bz2 32816398 BLAKE2B 2014a8246f3cba9069186629d9ec8c221672fcfd3e8cd28a7e57f467add81f7bd84363183ef5cc5d18af91bde9186a4da49c0133c8ead83eae4626b9fc364e99 SHA512 3681700833573c0aa6283af950bfa298970056f1b44489088d8863840a7694512138321f86961ef43b256abf15eddd2612fb9cdbe3d9a358542d4e7037cc2004
 DIST qemu-2.11.1-patches-r0.tar.xz 1640 BLAKE2B 8402a0bd086307413c3f088b7b2523adda5f370e3ce8e9ec39db905a5df495842cc2168b93b57e8516e98703ee1620e7cad77740529959a09a1d4224988829bc SHA512 2906f9497e61799da8efca0dac4a19addd3bf59770c742e3ed1600143b69397bbc4eecb2c1f64aef0e103447966d47ced1ec6908f78a793b8d06f99a0aa6dc4a
+DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 533c916b01c014bcfa6c733b76aa6da1f12cdf5f0d4ae33136453705a8aca9fdfeef998747cfdc72d19e08fa40ea97e2fd4c21412c030af314605059282f49ef SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a
 DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9 SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
new file mode 100644
index 00000000000..d79570ebb8a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
@@ -0,0 +1,11 @@
+--- qemu-2.11.1/include/disas/capstone.h	2018-02-14 22:53:22.000000000 +0100
++++ qemu-2.11.1/include/disas/capstone.h	2018-02-17 20:12:12.754703951 +0100
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include <capstone.h>
++#include <capstone/capstone.h>
+ 
+ #else
+ 

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index 3fe0408cc40..61c159a6584 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -9,6 +9,7 @@
 		<flag name="accessibility">Adds support for braille displays using brltty</flag>
 		<flag name="aio">Enables support for Linux's Async IO</flag>
 		<flag name="alsa">Enable alsa output for sound emulation</flag>
+		<flag name="capstone">Enable disassembly support with <pkg>dev-libs/capstone</pkg></flag>
 		<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
 		<flag name="fdt">Enables firmware device tree support</flag>
 		<flag name="glusterfs">Enables GlusterFS cluster fileystem via

diff --git a/app-emulation/qemu/qemu-2.11.1-r50.ebuild b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.11.1-r50.ebuild
rename to app-emulation/qemu/qemu-2.11.1-r51.ebuild
index 355bcfb72d4..ced8efcacc9 100644
--- a/app-emulation/qemu/qemu-2.11.1-r50.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
@@ -23,7 +23,7 @@ else
 	# KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 
 	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~chutzpah/distfiles/${P}-patches-r0.tar.xz"
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -31,8 +31,8 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
-	glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
+IUSE="accessibility +aio alsa bluetooth bzip2 capstone +caps +curl debug
+	+fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
 	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
 	pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
 	spice ssh static static-user systemtap tci test usb usbredir vde
@@ -71,7 +71,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 #
 # The attr lib isn't always linked in (although the USE flag is always
 # respected).  This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
+# when available rather than always using the external library.
 ALL_DEPEND="
 	>=dev-libs/glib-2.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
@@ -209,6 +209,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	"${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${WORKDIR}"/patches
 )
 
@@ -436,6 +437,7 @@ qemu_src_configure() {
 		$(conf_notuser aio linux-aio)
 		$(conf_notuser bzip2)
 		$(conf_notuser bluetooth bluez)
+		$(conf_notuser capstone)
 		$(conf_notuser caps cap-ng)
 		$(conf_notuser curl)
 		$(conf_notuser fdt)
@@ -531,9 +533,6 @@ qemu_src_configure() {
 		tc-enables-pie && conf_opts+=( --enable-pie )
 	fi
 
-	#bug #647570
-	conf_opts+=( --disable-capstone )
-
 	echo "../configure ${conf_opts[*]}"
 	cd "${builddir}"
 	../configure "${conf_opts[@]}" || die "configure failed"


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2018-03-27 15:44 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2018-03-27 15:44 UTC (permalink / raw
  To: gentoo-commits

commit:     2fc1bc6c7b1f41a3a7df74ce8e170996eb7e36d9
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 27 15:10:52 2018 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Mar 27 15:44:04 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fc1bc6c

app-emulation/qemu: add rule to fix permissions on /dev/vfio/vfio

The device node /dev/vfio/vfio gets created on modprobing the vfio*
modules. This happens in particular on demand when a qemu vm with PCI
passthrough is started up. The default permissios for the freshly
created device node is

  crw-rw-rw-  1 root root 10, 196 Mar 27 08:44 /dev/vfio/vfio

This is terrible.

This patch adds an udev rules and makes sure that the device node has rw
permissions for user root, and group kvm (and no permissions for all).
This fixes

 - startup when a qemu-kvm is started as non-root (provided the user is
   in group kvm, which is our current policy for accessing /dev/kvm, etc.,
   anyway).

 - work around this security vulnerability, where /dev/vfio/vfio is
   created with world writable permissions upon modprobe. [1]

Thanks to username234, Kash Pande, Ted Rodgers for discovery and patch!

[1] Steps to reproduce:

    % ls -la /dev/vfio/vfio
    crw-------  1 root root 10, 196 Mar 27 15:40 /dev/vfio/vfio

    % modprobe vfio

    % ls -la /dev/vfio/vfio
    crw-rw-rw-  1 root root 10, 196 Mar 27 15:41 /dev/vfio/vfio

[2] I cannot find an udev rule installed by libvirt/qemu/... that
    triggers these permissions.

Bug: https://bugs.gentoo.org/651668
Package-Manager: Portage-2.3.24, Repoman-2.3.6
RepoMan-Options: --force

 app-emulation/qemu/files/65-vfio.rules                              | 2 ++
 app-emulation/qemu/{qemu-2.11.1-r1.ebuild => qemu-2.11.1-r2.ebuild} | 1 +
 2 files changed, 3 insertions(+)

diff --git a/app-emulation/qemu/files/65-vfio.rules b/app-emulation/qemu/files/65-vfio.rules
new file mode 100644
index 00000000000..099b655683d
--- /dev/null
+++ b/app-emulation/qemu/files/65-vfio.rules
@@ -0,0 +1,2 @@
+SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+KERNEL=="vfio", OWNER="root", GROUP="kvm", MODE="0660"

diff --git a/app-emulation/qemu/qemu-2.11.1-r1.ebuild b/app-emulation/qemu/qemu-2.11.1-r2.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.11.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.11.1-r2.ebuild
index d0d85a2ac09..1eea347cd1d 100644
--- a/app-emulation/qemu/qemu-2.11.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r2.ebuild
@@ -679,6 +679,7 @@ src_install() {
 
 		if use kernel_linux; then
 			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+			udev_newrules "${FILESDIR}"/65-vfio.rules 65-vfio.rules
 		fi
 
 		if use python; then


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2018-06-15 14:10 Jason Donenfeld
  0 siblings, 0 replies; 56+ messages in thread
From: Jason Donenfeld @ 2018-06-15 14:10 UTC (permalink / raw
  To: gentoo-commits

commit:     c61676a2378adeebe401e204510cecd9077c4358
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 15 14:09:33 2018 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Fri Jun 15 14:10:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c61676a2

app-emulation/qemu: fix major TCG crash

This is a custom backport of a patch being prepared for 2.12.1.

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../qemu-2.12.0-tcg-instruction-overflow.patch     | 183 +++++++++++++++++++++
 ...qemu-2.12.0-r2.ebuild => qemu-2.12.0-r3.ebuild} |   1 +
 2 files changed, 184 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch b/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch
new file mode 100644
index 00000000000..24df138a777
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch
@@ -0,0 +1,183 @@
+diff -ru qemu-2.12.0/tcg/aarch64/tcg-target.inc.c qemu-2.12.0-modified/tcg/aarch64/tcg-target.inc.c
+--- qemu-2.12.0/tcg/aarch64/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/aarch64/tcg-target.inc.c	2018-06-15 15:47:20.557969818 +0200
+@@ -1733,7 +1733,7 @@
+             tcg_out_insn(s, 3305, LDR, offset, TCG_REG_TMP);
+         }
+         tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
+-        s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, a0);
+         break;
+ 
+     case INDEX_op_goto_ptr:
+diff -ru qemu-2.12.0/tcg/arm/tcg-target.inc.c qemu-2.12.0-modified/tcg/arm/tcg-target.inc.c
+--- qemu-2.12.0/tcg/arm/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/arm/tcg-target.inc.c	2018-06-15 15:47:20.557969818 +0200
+@@ -1822,7 +1822,7 @@
+                 tcg_out_movi32(s, COND_AL, base, ptr - dil);
+             }
+             tcg_out_ld32_12(s, COND_AL, TCG_REG_PC, base, dil);
+-            s->tb_jmp_reset_offset[args[0]] = tcg_current_code_size(s);
++            set_jmp_reset_offset(s, args[0]);
+         }
+         break;
+     case INDEX_op_goto_ptr:
+diff -ru qemu-2.12.0/tcg/i386/tcg-target.inc.c qemu-2.12.0-modified/tcg/i386/tcg-target.inc.c
+--- qemu-2.12.0/tcg/i386/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/i386/tcg-target.inc.c	2018-06-15 15:47:20.558969815 +0200
+@@ -2245,7 +2245,7 @@
+             tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, -1,
+                                  (intptr_t)(s->tb_jmp_target_addr + a0));
+         }
+-        s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, a0);
+         break;
+     case INDEX_op_goto_ptr:
+         /* jmp to the given host address (could be epilogue) */
+diff -ru qemu-2.12.0/tcg/mips/tcg-target.inc.c qemu-2.12.0-modified/tcg/mips/tcg-target.inc.c
+--- qemu-2.12.0/tcg/mips/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/mips/tcg-target.inc.c	2018-06-15 15:47:20.558969815 +0200
+@@ -1744,7 +1744,7 @@
+             tcg_out_opc_reg(s, OPC_JR, 0, TCG_TMP0, 0);
+         }
+         tcg_out_nop(s);
+-        s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, a0);
+         break;
+     case INDEX_op_goto_ptr:
+         /* jmp to the given host address (could be epilogue) */
+diff -ru qemu-2.12.0/tcg/ppc/tcg-target.inc.c qemu-2.12.0-modified/tcg/ppc/tcg-target.inc.c
+--- qemu-2.12.0/tcg/ppc/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/ppc/tcg-target.inc.c	2018-06-15 15:47:20.558969815 +0200
+@@ -2025,10 +2025,10 @@
+         }
+         tcg_out32(s, MTSPR | RS(TCG_REG_TB) | CTR);
+         tcg_out32(s, BCCTR | BO_ALWAYS);
+-        s->tb_jmp_reset_offset[args[0]] = c = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, args[0]);
+         if (USE_REG_TB) {
+             /* For the unlinked case, need to reset TCG_REG_TB.  */
+-            c = -c;
++            c = -tcg_current_code_size(s);
+             assert(c == (int16_t)c);
+             tcg_out32(s, ADDI | TAI(TCG_REG_TB, TCG_REG_TB, c));
+         }
+diff -ru qemu-2.12.0/tcg/s390/tcg-target.inc.c qemu-2.12.0-modified/tcg/s390/tcg-target.inc.c
+--- qemu-2.12.0/tcg/s390/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/s390/tcg-target.inc.c	2018-06-15 15:47:20.558969815 +0200
+@@ -1783,7 +1783,7 @@
+             /* and go there */
+             tcg_out_insn(s, RR, BCR, S390_CC_ALWAYS, TCG_REG_TB);
+         }
+-        s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, a0);
+ 
+         /* For the unlinked path of goto_tb, we need to reset
+            TCG_REG_TB to the beginning of this TB.  */
+diff -ru qemu-2.12.0/tcg/sparc/tcg-target.inc.c qemu-2.12.0-modified/tcg/sparc/tcg-target.inc.c
+--- qemu-2.12.0/tcg/sparc/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/sparc/tcg-target.inc.c	2018-06-15 15:47:20.559969811 +0200
+@@ -1388,12 +1388,12 @@
+             tcg_out_arithi(s, TCG_REG_G0, TCG_REG_TB, 0, JMPL);
+             tcg_out_nop(s);
+         }
+-        s->tb_jmp_reset_offset[a0] = c = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, a0);
+ 
+         /* For the unlinked path of goto_tb, we need to reset
+            TCG_REG_TB to the beginning of this TB.  */
+         if (USE_REG_TB) {
+-            c = -c;
++            c = -tcg_current_code_size(s);
+             if (check_fit_i32(c, 13)) {
+                 tcg_out_arithi(s, TCG_REG_TB, TCG_REG_TB, c, ARITH_ADD);
+             } else {
+diff -ru qemu-2.12.0/tcg/tcg.c qemu-2.12.0-modified/tcg/tcg.c
+--- qemu-2.12.0/tcg/tcg.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/tcg.c	2018-06-15 16:02:55.042712421 +0200
+@@ -293,6 +293,14 @@
+     return l;
+ }
+ 
++static void set_jmp_reset_offset(TCGContext *s, int which)
++{
++    size_t off = tcg_current_code_size(s);
++    s->tb_jmp_reset_offset[which] = off;
++    /* Make sure that we didn't overflow the stored offset.  */
++    assert(s->tb_jmp_reset_offset[which] == off);
++}
++
+ #include "tcg-target.inc.c"
+ 
+ static void tcg_region_bounds(size_t curr_region, void **pstart, void **pend)
+@@ -866,6 +874,7 @@
+     /* No temps have been previously allocated for size or locality.  */
+     memset(s->free_temps, 0, sizeof(s->free_temps));
+ 
++    s->nb_ops = 0;
+     s->nb_labels = 0;
+     s->current_frame_offset = s->frame_start;
+ 
+@@ -1983,6 +1992,7 @@
+ {
+     QTAILQ_REMOVE(&s->ops, op, link);
+     QTAILQ_INSERT_TAIL(&s->free_ops, op, link);
++    s->nb_ops--;
+ 
+ #ifdef CONFIG_PROFILER
+     atomic_set(&s->prof.del_op_count, s->prof.del_op_count + 1);
+@@ -2002,6 +2012,7 @@
+     }
+     memset(op, 0, offsetof(TCGOp, link));
+     op->opc = opc;
++    s->nb_ops++;
+ 
+     return op;
+ }
+@@ -3351,7 +3362,10 @@
+             break;
+         case INDEX_op_insn_start:
+             if (num_insns >= 0) {
+-                s->gen_insn_end_off[num_insns] = tcg_current_code_size(s);
++                size_t off = tcg_current_code_size(s);
++                s->gen_insn_end_off[num_insns] = off;
++                /* Assert that we do not overflow our stored offset.  */
++                assert(s->gen_insn_end_off[num_insns] == off);
+             }
+             num_insns++;
+             for (i = 0; i < TARGET_INSN_START_WORDS; ++i) {
+Only in qemu-2.12.0-modified/tcg: tcg.c.orig
+diff -ru qemu-2.12.0/tcg/tcg.h qemu-2.12.0-modified/tcg/tcg.h
+--- qemu-2.12.0/tcg/tcg.h	2018-06-15 16:03:35.881570182 +0200
++++ qemu-2.12.0-modified/tcg/tcg.h	2018-06-15 16:04:06.514463493 +0200
+@@ -655,6 +655,7 @@
+     int nb_globals;
+     int nb_temps;
+     int nb_indirects;
++    int nb_ops;
+ 
+     /* goto_tb support */
+     tcg_insn_unit *code_buf;
+@@ -844,7 +845,7 @@
+ /* Test for whether to terminate the TB for using too many opcodes.  */
+ static inline bool tcg_op_buf_full(void)
+ {
+-    return false;
++    return tcg_ctx->nb_ops >= 4000;
+ }
+ 
+ /* pool based memory allocation */
+Only in qemu-2.12.0-modified/tcg: tcg.h.orig
+Only in qemu-2.12.0-modified/tcg: tcg.h.rej
+diff -ru qemu-2.12.0/tcg/tci/tcg-target.inc.c qemu-2.12.0-modified/tcg/tci/tcg-target.inc.c
+--- qemu-2.12.0/tcg/tci/tcg-target.inc.c	2018-04-24 18:30:47.000000000 +0200
++++ qemu-2.12.0-modified/tcg/tci/tcg-target.inc.c	2018-06-15 15:47:20.559969811 +0200
+@@ -574,7 +574,7 @@
+             /* Indirect jump method. */
+             TODO();
+         }
+-        s->tb_jmp_reset_offset[args[0]] = tcg_current_code_size(s);
++        set_jmp_reset_offset(s, args[0]);
+         break;
+     case INDEX_op_br:
+         tci_out_label(s, arg_label(args[0]));

diff --git a/app-emulation/qemu/qemu-2.12.0-r2.ebuild b/app-emulation/qemu/qemu-2.12.0-r3.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.12.0-r2.ebuild
rename to app-emulation/qemu/qemu-2.12.0-r3.ebuild
index 0aa4e9242b2..8a89d0ca6da 100644
--- a/app-emulation/qemu/qemu-2.12.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.12.0-r3.ebuild
@@ -216,6 +216,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${P}-tcg-instruction-overflow.patch # Will be fixed in 2.12.1
 	"${WORKDIR}"/patches
 )
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2018-08-19 17:49 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2018-08-19 17:49 UTC (permalink / raw
  To: gentoo-commits

commit:     3c2a27222ed2d98e4e3c449615998aff01a6042f
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 19 17:30:09 2018 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sun Aug 19 17:34:26 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c2a2722

app-emulation/qemu: version bump to 2.12.1, add ssbd support

Package-Manager: Portage-2.3.47, Repoman-2.3.10

 app-emulation/qemu/Manifest                        |  2 ++
 .../qemu/files/qemu-2.12.0-aarch64-simd-fix.patch  | 36 ----------------------
 .../{qemu-2.12.0-r4.ebuild => qemu-2.12.1.ebuild}  |  3 +-
 3 files changed, 3 insertions(+), 38 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 14b6c5804e4..8534038d8e8 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,4 +2,6 @@ DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 533c916b01c014bcfa6c733b76aa6da1
 DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9 SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354
 DIST qemu-2.12.0-patches-r5.tar.xz 5536 BLAKE2B 751a0fd7a6dd2433542dbfc8a1c9726fb612270b5a526e2e67729478b0f9b45689e23a70e077fb6b3b9cee115ff48d5334b16aba39efb79eff16baae3e1d349e SHA512 5c735632a3ca7ae7fbd9619b01683917749c02e7cdba85564fb157ef8d382ec999c1e1577eb00d4248a26c0f0ab9cb5af6355ca7fc68bcba054ffcca1947eebc
 DIST qemu-2.12.0.tar.bz2 41196232 BLAKE2B f258e570558249ea647c3571908f90b8bacdcef9a1814009b98571cf0e96406194d44aa041fd0a97c9b673f39a9eaae8d873824745509778a6784cd85f8398b0 SHA512 91d829f44c431e4c1cd335f3efea5afff9da62d832b0296a92417463ea0826d09ce226c2ea8ac167fe7b99b6bb976c7cb1357aaf17735ee57af6602161e46346
+DIST qemu-2.12.1-patches-r1.tar.xz 3648 BLAKE2B 07908004d0b56e60274cb59d4163770290d8fa6e31646e7d96db08427a219638ac53bdd988c9557471b95321a72982d740a29778d843652274a126737a0a6c00 SHA512 1c7768c14a8e168053f0322554214ba59932a9fa23c982b06dbb1b8fdcfc280ae1d97b20244600f357485bfbcb9ad8bd7968787550c8a4e5e243ac8502eff05e
+DIST qemu-2.12.1.tar.bz2 41192583 BLAKE2B ff903a5850e406ab542ad1a84300852599fa9c199e0f3290e4d6ddad5284192577351278a18dd5706463b08e817b49340989a35987a04672f7cede2097d1d18d SHA512 4c85e6180bf7ec61c0bdddb20e104a7c93fe6b1de27f6aa50d75633eb78491cb844798a9e3f536245eff7b4ebe9a6227f5f66b418ced44095b8e59c5cb33d4cd
 DIST qemu-3.0.0.tar.bz2 41491935 BLAKE2B 715ccca4fced730425eb5c24a78d89d2ab59f64007e0fc199d78c31c6ab72b5a0dbcf1840f214774c711d679c4166996790e93b2416c7d4f323d5b93ffa862ac SHA512 b82b78a063d60fa1372d9400934b47250138c438050d974113b1b2ea433eea0531be6cda1e82d14fcb3bc4ed35657703f62d9aedc095cb8d64badc65c3609ee5

diff --git a/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch b/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch
deleted file mode 100644
index c8b8a02354c..00000000000
--- a/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Richard Henderson <richard.henderson@linaro.org>
-To: qemu-devel@nongnu.org
-Cc: Jason@zx2c4.com,
-	qemu-stable@nongnu.org
-Subject: [PATCH for-3.0] tcg/i386: Mark xmm registers call-clobbered
-Date: Sun, 22 Jul 2018 18:29:41 -0700
-Message-Id: <20180723012941.16920-1-richard.henderson@linaro.org>
-X-Mailer: git-send-email 2.17.1
-
-When host vector registers and operations were introduced, I failed
-to mark the registers call clobbered as required by the ABI.
-
-Fixes: 770c2fc7bb7
-Cc: qemu-stable@nongnu.org
-Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/i386/tcg-target.inc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
-index e87b0d445e..a91e4f1313 100644
---- a/tcg/i386/tcg-target.inc.c
-+++ b/tcg/i386/tcg-target.inc.c
-@@ -3532,7 +3532,7 @@ static void tcg_target_init(TCGContext *s)
-         tcg_target_available_regs[TCG_TYPE_V256] = ALL_VECTOR_REGS;
-     }
- 
--    tcg_target_call_clobber_regs = 0;
-+    tcg_target_call_clobber_regs = ALL_VECTOR_REGS;
-     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EAX);
-     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EDX);
-     tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_ECX);
--- 
-2.17.1
-

diff --git a/app-emulation/qemu/qemu-2.12.0-r4.ebuild b/app-emulation/qemu/qemu-2.12.1.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.12.0-r4.ebuild
rename to app-emulation/qemu/qemu-2.12.1.ebuild
index eaa2e490445..c48588c9d54 100644
--- a/app-emulation/qemu/qemu-2.12.0-r4.ebuild
+++ b/app-emulation/qemu/qemu-2.12.1.ebuild
@@ -22,7 +22,7 @@ else
 	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 
 	# Gentoo specific patchsets:
-	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r5.tar.xz"
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -217,7 +217,6 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-2.12.0-aarch64-simd-fix.patch
 	"${WORKDIR}"/patches
 )
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-02-19  0:19 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2019-02-19  0:19 UTC (permalink / raw
  To: gentoo-commits

commit:     c5d70adc0520a858f4da5cd0d1161e91140f5347
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 19 00:16:24 2019 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Feb 19 00:19:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d70adc

app-emulation/qemu: fix vulnerability, bug #678302

Take over commit

  From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
  From: Gerd Hoffmann <kraxel <AT> redhat.com>
  Date: Tue, 8 Jan 2019 11:23:01 +0100
  Subject: [PATCH] i2c-ddc: fix oob read

Bug: https://bugs.gentoo.org/678302
Package-Manager: Portage-2.3.60, Repoman-2.3.12
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 .../qemu/files/qemu-3.1.0-CVE-2019-3812.patch      |  33 +
 app-emulation/qemu/qemu-3.1.0-r1.ebuild            | 810 +++++++++++++++++++++
 2 files changed, 843 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
new file mode 100644
index 00000000000..03db9e0a1f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
@@ -0,0 +1,33 @@
+From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 8 Jan 2019 11:23:01 +0100
+Subject: [PATCH] i2c-ddc: fix oob read
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Suggested-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190108102301.1957-1-kraxel@redhat.com
+---
+ hw/i2c/i2c-ddc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
+index be34fe072c..0a0367ff38 100644
+--- a/hw/i2c/i2c-ddc.c
++++ b/hw/i2c/i2c-ddc.c
+@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
+     I2CDDCState *s = I2CDDC(i2c);
+ 
+     int value;
+-    value = s->edid_blob[s->reg];
++    value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
+     s->reg++;
+     return value;
+ }
+-- 
+2.19.2
+

diff --git a/app-emulation/qemu/qemu-3.1.0-r1.ebuild b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
new file mode 100644
index 00000000000..1a51e555b08
--- /dev/null
+++ b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
@@ -0,0 +1,810 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.11.1-r50"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+
+	# Gentoo specific patchsets:
+	#SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
+	+fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+RESTRICT=strip
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+	tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	x11-libs/libxkbcommon[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? (
+		sys-fabric/libibumad:=[static-libs(+)]
+		sys-fabric/libibverbs:=[static-libs(+)]
+		sys-fabric/librdmacm:=[static-libs(+)]
+	)
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[X]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-2017_p20180211[binary]
+		~sys-firmware/ipxe-1.0.0_p20180211[binary]
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	${PYTHON_DEPS}
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-3.1.0-CVE-2018-20123.patch
+	"${FILESDIR}"/${PN}-3.1.0-CVE-2019-3812.patch
+	#"${WORKDIR}"/patches
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	default
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		--disable-bluez
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use sdl && conf_opts+=( --with-sdlabi=2.0 )
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		if [[ -e check-report.html ]]; then
+			docinto html
+			dodoc check-report.html
+		fi
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	[[ -f ${D}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-04-29  6:48 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2019-04-29  6:48 UTC (permalink / raw
  To: gentoo-commits

commit:     beb319291a0d5aef962d264a7349049ca2df634d
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 29 03:20:42 2019 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Apr 29 06:48:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=beb31929

app-emulation/qemu: remove obsolete

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch     |  35 -
 .../qemu/files/qemu-3.1.0-CVE-2019-3812.patch      |  33 -
 app-emulation/qemu/qemu-3.1.0-r1.ebuild            | 810 ---------------------
 3 files changed, 878 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch b/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch
deleted file mode 100644
index a021a6a970d..00000000000
--- a/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-If during pvrdma device initialisation an error occurs,
-pvrdma_realize() does not release memory resources, leading
-to memory leakage.
-
-Reported-by: Li Qiang <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/rdma/vmw/pvrdma_main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
-index 8a03ab4669..b65f8662df 100644
---- a/hw/rdma/vmw/pvrdma_main.c
-+++ b/hw/rdma/vmw/pvrdma_main.c
-@@ -579,7 +579,7 @@ static void pvrdma_shutdown_notifier(Notifier *n, void *opaque)
- 
- static void pvrdma_realize(PCIDevice *pdev, Error **errp)
- {
--    int rc;
-+    int rc = 0;
-     PVRDMADev *dev = PVRDMA_DEV(pdev);
-     Object *memdev_root;
-     bool ram_shared = false;
-@@ -655,6 +655,7 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
- 
- out:
-     if (rc) {
-+        pvrdma_fini(pdev);
-         error_append_hint(errp, "Device fail to load\n");
-     }
- }
--- 
-2.19.2

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
deleted file mode 100644
index 03db9e0a1f2..00000000000
--- a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Suggested-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190108102301.1957-1-kraxel@redhat.com
----
- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072c..0a0367ff38 100644
---- a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
-     I2CDDCState *s = I2CDDC(i2c);
- 
-     int value;
--    value = s->edid_blob[s->reg];
-+    value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
-     s->reg++;
-     return value;
- }
--- 
-2.19.2
-

diff --git a/app-emulation/qemu/qemu-3.1.0-r1.ebuild b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
deleted file mode 100644
index 560ab04a5c3..00000000000
--- a/app-emulation/qemu/qemu-3.1.0-r1.ebuild
+++ /dev/null
@@ -1,810 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.11.1-r50"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-	user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz"
-	KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-
-	# Gentoo specific patchsets:
-	#SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
-	+fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
-	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-	pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
-	spice ssh static static-user systemtap tci test usb usbredir vde
-	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-RESTRICT=strip
-
-COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
-	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
-	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
-	lm32 moxie tricore unicore32"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
-	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
-	tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy )
-	virtfs? ( xattr )
-	vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	x11-libs/libxkbcommon[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? (
-		sys-fabric/libibumad:=[static-libs(+)]
-		sys-fabric/libibverbs:=[static-libs(+)]
-		sys-fabric/librdmacm:=[static-libs(+)]
-	)
-	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	ncurses? (
-		sys-libs/ncurses:0=[unicode]
-		sys-libs/ncurses:0=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl,gbm]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph[static-libs(+)] )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[X]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-2017_p20180211[binary]
-		~sys-firmware/ipxe-1.0.0_p20180211[binary]
-		~sys-firmware/seabios-1.11.0[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre8[binary]
-	)
-	!pin-upstream-blobs? (
-		sys-firmware/edk2-ovmf
-		sys-firmware/ipxe
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC64_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-1.11.0[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-1.10.2[seavgabios]
-	)
-"
-
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	${PYTHON_DEPS}
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	gtk? ( nls? ( sys-devel/gettext ) )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
-	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-3.1.0-CVE-2018-20123.patch
-	"${FILESDIR}"/${PN}-3.1.0-CVE-2019-3812.patch
-	#"${WORKDIR}"/patches
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-pkg_setup() {
-	enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/default-configs >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-handle_locales() {
-	# Make sure locale list is kept up-to-date.
-	local detected sorted
-	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
-	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "PLOCALES: ${sorted}"
-		eerror " po/*.po: ${detected}"
-		die "sync PLOCALES"
-	fi
-
-	# Deal with selective install of locales.
-	if use nls ; then
-		# Delete locales the user does not want. #577814
-		rm_loc() { rm po/$1.po || die; }
-		l10n_for_each_disabled_locale_do rm_loc
-	else
-		# Cheap hack to disable gettext .mo generation.
-		rm -f po/*.po
-	fi
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i -r \
-		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-
-	default
-
-	# Fix ld and objcopy being called directly
-	tc-export AR LD OBJCOPY
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Run after we've applied all patches.
-	handle_locales
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--libdir=/usr/$(get_libdir)
-		--docdir=/usr/share/doc/${PF}/html
-		--disable-bsd-user
-		--disable-guest-agent
-		--disable-strip
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		--enable-docs
-		$(use_enable tci tcg-interpreter)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	conf_opts+=(
-		--disable-bluez
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_notuser seccomp)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh2)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_notuser virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts="oss"
-		use alsa && audio_opts="alsa,${audio_opts}"
-		use sdl && audio_opts="sdl,${audio_opts}"
-		use pulseaudio && audio_opts="pa,${audio_opts}"
-		conf_opts+=(
-			--audio-drv-list="${audio_opts}"
-		)
-		use sdl && conf_opts+=( --with-sdlabi=2.0 )
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-
-	# FreeBSD's kernel does not support QEMU assigning/grabbing
-	# host USB devices yet
-	use kernel_FreeBSD && \
-		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake -j1 check
-		emake -j1 check-report.html
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/scripts/qmp/qmp.py"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		if [[ -e check-report.html ]]; then
-			docinto html
-			dodoc check-report.html
-		fi
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	[[ -f ${D}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-05-17  7:43 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2019-05-17  7:43 UTC (permalink / raw
  To: gentoo-commits

commit:     9f4c389d721da9d13eae97c36040bea25eddc367
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Fri May 17 07:28:50 2019 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri May 17 07:28:50 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f4c389d

app-emulation/qemu: mds fixes for 3.1.0

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, ZombieLoad

Bug: https://bugs.gentoo.org/686026
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 .../qemu/files/qemu-3.1.0-md-clear-md-no.patch     |  38 +
 app-emulation/qemu/qemu-3.1.0-r5.ebuild            | 815 +++++++++++++++++++++
 2 files changed, 853 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
new file mode 100644
index 00000000000..1027b9c8762
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
@@ -0,0 +1,38 @@
+From 0fb766134bd97ead71646e13349f93769e536ed9 Mon Sep 17 00:00:00 2001
+From: Matthias Maier <tamiko@43-1.org>
+Date: Fri, 17 May 2019 02:21:10 -0500
+Subject: [PATCH] Define md-clear bit, expose md-no CPUID
+
+Fixes for CVE-2018-121{26|27|30}, CVE-2019-11091
+
+See related fixes for Ubuntu:
+  https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-2ubuntu3.1
+---
+ target/i386/cpu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index d6bb57d2..331a364a 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+         .feat_names = {
+             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
+             NULL, NULL, NULL, NULL,
+-            NULL, NULL, NULL, NULL,
++            NULL, NULL, "md-clear", NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+@@ -1183,7 +1183,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+         .type = MSR_FEATURE_WORD,
+         .feat_names = {
+             "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+-            "ssb-no", NULL, NULL, NULL,
++            "ssb-no", "mds-no", NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+-- 
+2.21.0
+

diff --git a/app-emulation/qemu/qemu-3.1.0-r5.ebuild b/app-emulation/qemu/qemu-3.1.0-r5.ebuild
new file mode 100644
index 00000000000..eb64c249564
--- /dev/null
+++ b/app-emulation/qemu/qemu-3.1.0-r5.ebuild
@@ -0,0 +1,815 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.11.1-r50"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+	user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+
+	# Gentoo specific patchsets:
+	SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
+	+fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+	pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
+	spice ssh static static-user systemtap tci test usb usbredir vde
+	+vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+RESTRICT=strip
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+	tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy )
+	virtfs? ( xattr )
+	vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	x11-libs/libxkbcommon[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? (
+		sys-fabric/libibumad:=[static-libs(+)]
+		sys-fabric/libibverbs:=[static-libs(+)]
+		sys-fabric/librdmacm:=[static-libs(+)]
+	)
+	iscsi? ( net-libs/libiscsi )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph[static-libs(+)] )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[X]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-2017_p20180211[binary]
+		~sys-firmware/ipxe-1.0.0_p20180211[binary]
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.11.0[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+BDEPEND="
+	${PYTHON_DEPS}
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	${PYTHON_DEPS}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${WORKDIR}"/patches
+	"${FILESDIR}"/${PN}-3.1.0-md-clear-md-no.patch
+)
+
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+pkg_setup() {
+	enewgroup kvm 78
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	# Alter target makefiles to accept CFLAGS set via flag-o
+	sed -i -r \
+		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
+		Makefile Makefile.target || die
+
+	default
+
+	# Fix ld and objcopy being called directly
+	tc-export AR LD OBJCOPY
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--libdir=/usr/$(get_libdir)
+		--docdir=/usr/share/doc/${PF}/html
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		--enable-docs
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		--disable-bluez
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh2)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts="oss"
+		use alsa && audio_opts="alsa,${audio_opts}"
+		use sdl && audio_opts="sdl,${audio_opts}"
+		use pulseaudio && audio_opts="pa,${audio_opts}"
+		conf_opts+=(
+			--audio-drv-list="${audio_opts}"
+		)
+		use sdl && conf_opts+=( --with-sdlabi=2.0 )
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/scripts/qmp/qmp.py"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		if [[ -e check-report.html ]]; then
+			docinto html
+			dodoc check-report.html
+		fi
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	[[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-05-17  8:58 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2019-05-17  8:58 UTC (permalink / raw
  To: gentoo-commits

commit:     4640ee91f01da20bcca0e7a422c1ccb694d8b833
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Fri May 17 08:37:09 2019 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri May 17 08:58:17 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4640ee91

app-emulation/qemu: apply full mds patches

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 .../qemu/files/qemu-3.1.0-md-clear-md-no.patch     | 29 +++++++++++++++++++---
 .../{qemu-4.0.0-r1.ebuild => qemu-4.0.0-r2.ebuild} |  0
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
index 1027b9c8762..a7b3e8cb8f2 100644
--- a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
+++ b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
@@ -33,6 +33,29 @@ index d6bb57d2..331a364a 100644
              NULL, NULL, NULL, NULL,
              NULL, NULL, NULL, NULL,
              NULL, NULL, NULL, NULL,
--- 
-2.21.0
-
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 83fb5225..d0bab4d7 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -694,6 +694,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ 
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
++#define CPUID_7_0_EDX_MD_CLEAR      (1U << 10) /* Microarchitectural Data Clear */
+ #define CPUID_7_0_EDX_SPEC_CTRL     (1U << 26) /* Speculation Control */
+ #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
+ #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass Disable */
+diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
+index 4d957fe8..b453552f 100644
+--- a/target/i386/hvf/x86_cpuid.c
++++ b/target/i386/hvf/x86_cpuid.c
+@@ -90,7 +90,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
+             }
+ 
+             ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
+-            edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
++            edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS | \
++                   CPUID_7_0_EDX_MD_CLEAR;
+         } else {
+             ebx = 0;
+             ecx = 0;

diff --git a/app-emulation/qemu/qemu-4.0.0-r1.ebuild b/app-emulation/qemu/qemu-4.0.0-r2.ebuild
similarity index 100%
rename from app-emulation/qemu/qemu-4.0.0-r1.ebuild
rename to app-emulation/qemu/qemu-4.0.0-r2.ebuild


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2019-05-21  3:53 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2019-05-21  3:53 UTC (permalink / raw
  To: gentoo-commits

commit:     06e1b02c0c7fcd1088f4efd7cbe721ca70c6df8a
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue May 21 03:52:24 2019 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue May 21 03:53:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e1b02c

app-emulation/qemu: fix infiniband include

Closes: https://bugs.gentoo.org/686412
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 .../qemu/files/qemu-4.0.0-fix_infiniband_include.patch       | 12 ++++++++++++
 app-emulation/qemu/qemu-4.0.0-r3.ebuild                      |  1 +
 app-emulation/qemu/qemu-9999.ebuild                          |  1 +
 3 files changed, 14 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch b/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
new file mode 100644
index 00000000000..2778cc8f4f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
@@ -0,0 +1,12 @@
+diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
+index d1660b64..86715bfd 100644
+--- a/hw/rdma/rdma_backend.c
++++ b/hw/rdma/rdma_backend.c
+@@ -21,7 +21,6 @@
+ #include "qapi/qapi-events-rdma.h"
+ 
+ #include <infiniband/verbs.h>
+-#include <infiniband/umad_types.h>
+ #include <infiniband/umad.h>
+ #include <rdma/rdma_user_cm.h>
+ 

diff --git a/app-emulation/qemu/qemu-4.0.0-r3.ebuild b/app-emulation/qemu/qemu-4.0.0-r3.ebuild
index 044b7f0286c..c2258e18215 100644
--- a/app-emulation/qemu/qemu-4.0.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-4.0.0-r3.ebuild
@@ -207,6 +207,7 @@ PATCHES=(
 	"${FILESDIR}"/${P}-sanitize-interp_info.patch
 	"${FILESDIR}"/${PN}-3.1.0-md-clear-md-no.patch
 	"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+	"${FILESDIR}"/${PN}-4.0.0-fix_infiniband_include.patch #686412
 )
 
 QA_PREBUILT="

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 0eccee5d2fa..676ae8f0a21 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -206,6 +206,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+	"${FILESDIR}"/${PN}-4.0.0-fix_infiniband_include.patch #686412
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-04-16 22:16 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-04-16 22:16 UTC (permalink / raw
  To: gentoo-commits

commit:     3a1b0a5e226c561f876d84210048b1fe3c95f2bb
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 16 22:15:28 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Apr 16 22:15:55 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a1b0a5e

app-emulation/qemu: fix epoll_create1 handling, bug #717548

Recent python started using epoll_create1() which had
a bug of missing translation for flags from target to host.

Pull upstreamed patch.

Reported-by: Barnabás Virágh
Closes: https://bugs.gentoo.org/717548
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 .../qemu/files/qemu-4.2.0-epoll_create1.patch      |  39 +
 app-emulation/qemu/qemu-4.2.0-r4.ebuild            | 838 +++++++++++++++++++++
 2 files changed, 877 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch b/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch
new file mode 100644
index 00000000000..bb20dd12087
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch
@@ -0,0 +1,39 @@
+From ce7ae180620a2fbf66232c3556678fbf4f136a5c Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Wed, 15 Apr 2020 19:28:42 +0100
+Subject: [PATCH] linux-user/syscall.c: add target-to-host mapping for
+ epoll_create1()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Noticed by Barnabás Virágh as a python-3.7 failue on qemu-alpha.
+
+The bug shows up on alpha as it's one of the targets where
+EPOLL_CLOEXEC differs from other targets:
+    sysdeps/unix/sysv/linux/alpha/bits/epoll.h: EPOLL_CLOEXEC  = 01000000
+    sysdeps/unix/sysv/linux/bits/epoll.h:        EPOLL_CLOEXEC = 02000000
+
+Bug: https://bugs.gentoo.org/717548
+Reported-by: Barnabás Virágh
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+---
+ linux-user/syscall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 674f70e70a..05f03919ff 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -12012,7 +12012,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
+ #endif
+ #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
+     case TARGET_NR_epoll_create1:
+-        return get_errno(epoll_create1(arg1));
++        return get_errno(epoll_create1(target_to_host_bitmask(arg1, fcntl_flags_tbl)));
+ #endif
+ #if defined(TARGET_NR_epoll_ctl)
+     case TARGET_NR_epoll_ctl:
+-- 
+2.26.1
+

diff --git a/app-emulation/qemu/qemu-4.2.0-r4.ebuild b/app-emulation/qemu/qemu-4.2.0-r4.ebuild
new file mode 100644
index 00000000000..ca09f22cc43
--- /dev/null
+++ b/app-emulation/qemu/qemu-4.2.0-r4.ebuild
@@ -0,0 +1,838 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="4.0.0-r50"
+
+inherit eutils linux-info toolchain-funcs multilib python-r1 \
+	udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
+	EGIT_SUBMODULES=(
+		slirp
+		tests/fp/berkeley-{test,soft}float-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="https://download.qemu.org/${P}.tar.xz
+		https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
+	+fdt glusterfs gnutls gtk infiniband iscsi jemalloc +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +oss +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	smartcard snappy spice ssh static static-user systemtap tci test usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	xfs +xkb"
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+	tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	static? ( static-user !alsa !gtk !opengl !pulseaudio !plugins !rbd !snappy )
+	static-user? ( !plugins )
+	virtfs? ( xattr )
+	vte? ( gtk )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? (
+		sys-fabric/libibumad:=[static-libs(+)]
+		sys-fabric/libibverbs:=[static-libs(+)]
+		sys-fabric/librdmacm:=[static-libs(+)]
+	)
+	iscsi? ( net-libs/libiscsi )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[X]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-201905[binary]
+		~sys-firmware/ipxe-1.0.0_p20190728[binary]
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-4.0.0-sanitize-interp_info.patch
+	"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+	"${FILESDIR}"/${PN}-4.2.0-CVE-2020-11102.patch #716518
+	"${FILESDIR}"/${PN}-4.2.0-epoll_create1.patch #717548
+	"${WORKDIR}"/patches
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR LD NM OBJCOPY PKG_CONFIG
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--with-confsuffix=/qemu
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable doc docs)
+		$(use_enable plugins)
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		--disable-bluez
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jemalloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser vhost-user-fs)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+		$(conf_notuser xkb xkbcommon)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(printf "%s," "${audio_opts[@]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake -j1 check
+		emake -j1 check-report.html
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-04-24 19:59 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-04-24 19:59 UTC (permalink / raw
  To: gentoo-commits

commit:     e5295c1235bc8f39e9b30c6c1671611f8602e969
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 24 19:59:21 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Apr 24 19:59:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5295c12

app-emulation/qemu: fix int overflow in ati-2d, bug #719266

Direct backport of upstream ac2071c3791b67fc7af78b8ceb
"ati-vga: Fix checks in ati_2d_blt() to avoid crash"

Bug: https://bugs.gentoo.org/719266
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 .../qemu/files/qemu-4.2.0-ati-vga-crash.patch      |  94 +++
 app-emulation/qemu/qemu-4.2.0-r6.ebuild            | 834 +++++++++++++++++++++
 2 files changed, 928 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
new file mode 100644
index 00000000000..5f442f0fd07
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
@@ -0,0 +1,94 @@
+https://bugs.gentoo.org/719266
+
+From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan <balaton@eik.bme.hu>
+Date: Mon, 6 Apr 2020 22:34:26 +0200
+Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash
+
+In some corner cases (that never happen during normal operation but a
+malicious guest could program wrong values) pixman functions were
+called with parameters that result in a crash. Fix this and add more
+checks to disallow such cases.
+
+Reported-by: Ziming Zhang <ezrakiez@gmail.com>
+Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
+Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++-----------
+ 1 file changed, 26 insertions(+), 11 deletions(-)
+
+--- a/hw/display/ati_2d.c
++++ b/hw/display/ati_2d.c
+@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s)
+             s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
+             surface_bits_per_pixel(ds),
+             (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
+-    int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+-                 s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
+-    int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+-                 s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
++    unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++                      s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
++    unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++                      s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
+     int bpp = ati_bpp_from_datatype(s);
++    if (!bpp) {
++        qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
++        return;
++    }
+     int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
++    if (!dst_stride) {
++        qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
++        return;
++    }
+     uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+                         s->regs.dst_offset : s->regs.default_offset);
+ 
+@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s)
+     switch (s->regs.dp_mix & GMC_ROP3_MASK) {
+     case ROP3_SRCCOPY:
+     {
+-        int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+-                     s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
+-        int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+-                     s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
++        unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++                       s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
++        unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++                       s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
+         int src_stride = DEFAULT_CNTL ?
+                          s->regs.src_pitch : s->regs.default_pitch;
++        if (!src_stride) {
++            qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
++            return;
++        }
+         uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+                             s->regs.src_offset : s->regs.default_offset);
+ 
+@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s)
+                                     dst_y * surface_stride(ds),
+                                     s->regs.dst_height * surface_stride(ds));
+         }
+-        s->regs.dst_x += s->regs.dst_width;
+-        s->regs.dst_y += s->regs.dst_height;
++        s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++                         dst_x + s->regs.dst_width : dst_x);
++        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++                         dst_y + s->regs.dst_height : dst_y);
+         break;
+     }
+     case ROP3_PATCOPY:
+@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s)
+                                     dst_y * surface_stride(ds),
+                                     s->regs.dst_height * surface_stride(ds));
+         }
+-        s->regs.dst_y += s->regs.dst_height;
++        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++                         dst_y + s->regs.dst_height : dst_y);
+         break;
+     }
+     default:
+-- 
+2.26.2
+

diff --git a/app-emulation/qemu/qemu-4.2.0-r6.ebuild b/app-emulation/qemu/qemu-4.2.0-r6.ebuild
new file mode 100644
index 00000000000..172ce2eba7b
--- /dev/null
+++ b/app-emulation/qemu/qemu-4.2.0-r6.ebuild
@@ -0,0 +1,834 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{3_6,3_7,3_8} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="4.0.0-r50"
+
+inherit eutils linux-info toolchain-funcs multilib python-r1 \
+	udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
+	EGIT_SUBMODULES=(
+		slirp
+		tests/fp/berkeley-{test,soft}float-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="https://download.qemu.org/${P}.tar.xz
+		https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r2.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
+	+fdt glusterfs gnutls gtk infiniband iscsi jemalloc +jpeg kernel_linux
+	kernel_FreeBSD lzo ncurses nfs nls numa opengl +oss +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	smartcard snappy spice ssh static static-user systemtap tci test usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	xfs +xkb"
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+	sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+	lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+	aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+	tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	static? ( static-user !alsa !gtk !opengl !pulseaudio !plugins !rbd !snappy )
+	static-user? ( !plugins )
+	virtfs? ( xattr )
+	vte? ( gtk )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? (
+		sys-fabric/libibumad:=[static-libs(+)]
+		sys-fabric/libibverbs:=[static-libs(+)]
+		sys-fabric/librdmacm:=[static-libs(+)]
+	)
+	iscsi? ( net-libs/libiscsi )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	ncurses? (
+		sys-libs/ncurses:0=[unicode]
+		sys-libs/ncurses:0=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl,gbm]
+	)
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[X]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-201905[binary]
+		~sys-firmware/ipxe-1.0.0_p20190728[binary]
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre8[binary]
+	)
+	!pin-upstream-blobs? (
+		sys-firmware/edk2-ovmf
+		sys-firmware/ipxe
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC64_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-1.12.0[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-1.10.2[seavgabios]
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.5.0-cflags.patch
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+	"${FILESDIR}"/${PN}-4.2.0-ati-vga-crash.patch #719266
+	"${WORKDIR}"/patches
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/default-configs >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+handle_locales() {
+	# Make sure locale list is kept up-to-date.
+	local detected sorted
+	detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
+	sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "PLOCALES: ${sorted}"
+		eerror " po/*.po: ${detected}"
+		die "sync PLOCALES"
+	fi
+
+	# Deal with selective install of locales.
+	if use nls ; then
+		# Delete locales the user does not want. #577814
+		rm_loc() { rm po/$1.po || die; }
+		l10n_for_each_disabled_locale_do rm_loc
+	else
+		# Cheap hack to disable gettext .mo generation.
+		rm -f po/*.po
+	fi
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR LD NM OBJCOPY PKG_CONFIG RANLIB
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Run after we've applied all patches.
+	handle_locales
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--with-confsuffix=/qemu
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-guest-agent
+		--disable-strip
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable doc docs)
+		$(use_enable plugins)
+		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	conf_opts+=(
+		--disable-bluez
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser jemalloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_notuser sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser vhost-user-fs)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_notuser virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+		$(conf_notuser xkb xkbcommon)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(printf "%s," "${audio_opts[@]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test $pv -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-09-08  7:33 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-09-08  7:33 UTC (permalink / raw
  To: gentoo-commits

commit:     3752d632441c34385ee7296126e3867536cb63e7
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  8 07:33:11 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Sep  8 07:33:20 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3752d632

app-emulation/qemu: tweak error message for missing SDL

Reported-by: Rafael Kitover
Bug: https://bugs.gentoo.org/740836
Package-Manager: Portage-3.0.5, Repoman-3.0.1
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/qemu-9999-format-error.patch | 14 ++++++++++++++
 app-emulation/qemu/qemu-9999.ebuild                   |  1 +
 2 files changed, 15 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-9999-format-error.patch b/app-emulation/qemu/files/qemu-9999-format-error.patch
new file mode 100644
index 00000000000..8bb4d96b77c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-9999-format-error.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/740836
+--- a/meson.build
++++ b/meson.build
+@@ -255,8 +255,8 @@ if sdl.found()
+                          method: 'pkg-config', static: enable_static)
+ else
+   if get_option('sdl_image').enabled()
+-    error('sdl-image required, but SDL was @0@',
+-          get_option('sdl').disabled() ? 'disabled' : 'not found')
++    error('sdl-image required, but SDL was @0@'.format(
++          get_option('sdl').disabled() ? 'disabled' : 'not found'))
+   endif
+   sdl_image = not_found
+ endif

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index a70062db3ec..da2bd1246ef 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -226,6 +226,7 @@ RDEPEND="${CDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${FILESDIR}"/${PN}-9999-cflags.patch
+	"${FILESDIR}"/${PN}-9999-format-error.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-10-21 20:55 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-10-21 20:55 UTC (permalink / raw
  To: gentoo-commits

commit:     c3e69a937f95044c6ccebc72b040d32e6dd0297d
Author:     Michal Privoznik <mprivozn <AT> redhat <DOT> com>
AuthorDate: Wed Oct 21 20:21:25 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Oct 21 20:55:00 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3e69a93

app-emulation/qemu-9999: Remove qemu-9999-cflags.patch

In upstream commit of v5.1.0-1916-g5770e8afd6 qemu removed CFLAGS
clobbering (among other env vars) rendering our patch redundant.

Signed-off-by: Michal Privoznik <mprivozn <AT> redhat.com>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/qemu-9999-cflags.patch | 12 ------------
 app-emulation/qemu/qemu-9999.ebuild             |  1 -
 2 files changed, 13 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-9999-cflags.patch b/app-emulation/qemu/files/qemu-9999-cflags.patch
deleted file mode 100644
index 1c732a453a9..00000000000
--- a/app-emulation/qemu/files/qemu-9999-cflags.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -6349,9 +6349,6 @@ if test "$debug_info" = "yes"; then
-   CFLAGS="-g $CFLAGS"
-   LDFLAGS="-g $LDFLAGS"
- fi
--if test "$debug" = "no"; then
--  CFLAGS="-O2 $CFLAGS"
--fi
- 
- case "$ARCH" in
- alpha)

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 2b03ed218ed..764cce197cf 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -225,7 +225,6 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-9999-cflags.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-12-10 15:03 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-12-10 15:03 UTC (permalink / raw
  To: gentoo-commits

commit:     3ef9e5361d90e4a3b60da326db292bdd13322529
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 10 15:01:02 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Dec 10 15:03:03 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ef9e536

app-emulation/qemu: revert "fix safe-stack feature detection"

I misinterpreted what test does. Will need to check why it passes for me.
Reverting it for now.

This reverts commit 541bb02a46aa817953c29c8ffef222bbfb58ebd8.

Reported-by: Agostino Sarubbo
Closes: https://bugs.gentoo.org/759331
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch | 12 ------------
 app-emulation/qemu/qemu-5.2.0.ebuild                 |  1 -
 2 files changed, 13 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch b/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch
deleted file mode 100644
index 77ed254ab98..00000000000
--- a/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-If SafeStack fails to build it should be disabled, not enabled.
---- a/configure
-+++ b/configure
-@@ -4956,7 +4956,7 @@ if test "$safe_stack" = "no"; then
-   fi
- else # "$safe_stack" = ""
-   # Set safe_stack to yes or no based on pre-existing flags
--  if compile_prog "-Werror" ""; then
-+  if ! compile_prog "-Werror" ""; then
-     safe_stack="no"
-   else
-     safe_stack="yes"

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild b/app-emulation/qemu/qemu-5.2.0.ebuild
index a0c14681fac..3a200179aa2 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -225,7 +225,6 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-safe-stack.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-12-12  8:33 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-12-12  8:33 UTC (permalink / raw
  To: gentoo-commits

commit:     b75adffb42822e75a6e3e4c5b7ad02258134b221
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 08:32:52 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 08:33:16 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b75adffb

app-emulation/qemu: make ./configure -Werror-clean

Fix safe-stack detection on gcc -Wall -Wextra to
avoid declaration of unused parameters.

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 .../qemu/files/qemu-5.2.0-cleaner-werror.patch     | 40 ++++++++++++++++++++++
 app-emulation/qemu/qemu-5.2.0.ebuild               |  1 +
 2 files changed, 41 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch b/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch
new file mode 100644
index 00000000000..33115f1df48
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch
@@ -0,0 +1,40 @@
+-Wall -Wextra compains about unused arguments,
+causes safe-stack to be mis-detected.
+--- a/configure
++++ b/configure
+@@ -2293,7 +2293,7 @@ fi
+ cat > $TMPC << EOF
+ #include <stdint.h>
+ #include <stdio.h>
+-int main(int argc, char *argv[]) {
++int main(void) {
+     return printf("%zu", SIZE_MAX);
+ }
+ EOF
+@@ -4911,7 +4911,7 @@ fi
+ 
+ if test "$safe_stack" = "yes"; then
+ cat > $TMPC << EOF
+-int main(int argc, char *argv[])
++int main(void)
+ {
+ #if ! __has_feature(safe_stack)
+ #error SafeStack Disabled
+@@ -4933,7 +4933,7 @@ EOF
+   fi
+ else
+ cat > $TMPC << EOF
+-int main(int argc, char *argv[])
++int main(void)
+ {
+ #if defined(__has_feature)
+ #if __has_feature(safe_stack)
+@@ -5283,7 +5283,7 @@ static const int Z = 1;
+ #define TAUT(X) ((X) == Z)
+ #define PAREN(X, Y) (X == Y)
+ #define ID(X) (X)
+-int main(int argc, char *argv[])
++int main(void)
+ {
+     int x = 0, y = 0;
+     x = ID(x);

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild b/app-emulation/qemu/qemu-5.2.0.ebuild
index 154a8d68519..ebb2803247e 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -223,6 +223,7 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2020-12-12 23:53 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2020-12-12 23:53 UTC (permalink / raw
  To: gentoo-commits

commit:     1cc25abb2720fce0fdfaa38e1e3f5b39a4dcf895
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 23:30:03 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 23:53:12 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc25abb

app-emulation/qemu: drop USE=xkb, use prebuilt keymaps

USE=xkb re-generates qemu keymaps instead of already prebuilt ones.
It has a few problems:
- present /usr/bin/qemu-keymaps is preferred over locally built one
- /usr/bin/qemu-keymaps can't be ran on a system without
  x11-misc/xkeyboard-config

Let's rely on prebuilt keymaps.

Reported-by: Ben Kohler
Closes: https://bugs.gentoo.org/759604
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 .../qemu/files/qemu-5.2.0-disable-keymap.patch     | 25 ++++++++++++++++++++++
 app-emulation/qemu/qemu-5.2.0.ebuild               |  7 +++---
 app-emulation/qemu/qemu-9999.ebuild                |  6 +++---
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch b/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch
new file mode 100644
index 00000000000..4b5676be4d2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch
@@ -0,0 +1,25 @@
+Do not use system's 'qemu-keymap' in native case.
+--- a/meson.build
++++ b/meson.build
+@@ -337,6 +337,8 @@ if 'CONFIG_LIBCAP_NG' in config_host
+ endif
+ if get_option('xkbcommon').auto() and not have_system and not have_tools
+   xkbcommon = not_found
++elif get_option('xkbcommon').disabled()
++  xkbcommon = not_found
+ else
+   xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
+                          method: 'pkg-config', static: enable_static)
+--- a/pc-bios/keymaps/meson.build
++++ b/pc-bios/keymaps/meson.build
+@@ -33,7 +33,9 @@ keymaps = {
+   'tr': '-l tr',
+ }
+ 
+-if meson.is_cross_build() or 'CONFIG_XKBCOMMON' not in config_host
++if meson.is_cross_build()
+   native_qemu_keymap = find_program('qemu-keymap', required: false, disabler: true)
++elif get_option('xkbcommon').disabled()
++  native_qemu_keymap = not_found
+ else
+   native_qemu_keymap = qemu_keymap

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild b/app-emulation/qemu/qemu-5.2.0.ebuild
index 5fb557f10fb..6401088ec2b 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -41,7 +41,7 @@ IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
 	+slirp
 	smartcard snappy spice ssh static static-user systemtap test udev usb
 	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs +xkb zstd"
+	xfs zstd"
 
 COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
 	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
@@ -93,7 +93,6 @@ ALL_DEPEND="
 # softmmu targets (qemu-system-*).
 SOFTMMU_TOOLS_DEPEND="
 	dev-libs/libxml2[static-libs(+)]
-	xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	accessibility? (
 		app-accessibility/brltty[api]
@@ -225,6 +224,7 @@ RDEPEND="${CDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
+	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 )
 
 QA_PREBUILT="
@@ -487,7 +487,8 @@ qemu_src_configure() {
 		$(conf_notuser xen)
 		$(conf_notuser xen xen-pci-passthrough)
 		$(conf_notuser xfs xfsctl)
-		$(conf_notuser xkb xkbcommon)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
 		$(conf_notuser zstd)
 	)
 

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 2ca83e90d02..ad937601f52 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -41,7 +41,7 @@ IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
 	+slirp
 	smartcard snappy spice ssh static static-user systemtap test udev usb
 	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs +xkb zstd"
+	xfs zstd"
 
 COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
 	mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
@@ -93,7 +93,6 @@ ALL_DEPEND="
 # softmmu targets (qemu-system-*).
 SOFTMMU_TOOLS_DEPEND="
 	dev-libs/libxml2[static-libs(+)]
-	xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	accessibility? (
 		app-accessibility/brltty[api]
@@ -486,7 +485,8 @@ qemu_src_configure() {
 		$(conf_notuser xen)
 		$(conf_notuser xen xen-pci-passthrough)
 		$(conf_notuser xfs xfsctl)
-		$(conf_notuser xkb xkbcommon)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
 		$(conf_notuser zstd)
 	)
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-02-28 23:24 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2021-02-28 23:24 UTC (permalink / raw
  To: gentoo-commits

commit:     470064cb7fb8c6cda0b5f2ea40fcb6542faf86de
Author:     Maciej S. Szmigiero <mail <AT> maciej <DOT> szmigiero <DOT> name>
AuthorDate: Sun Feb 28 22:58:09 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Feb 28 23:24:08 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=470064cb

app-emulation/qemu: Add /dev/vhost-vsock to udev rules

The installed udev rules should also cover /dev/vhost-vsock just as they
currently cover /dev/vhost-net.
The upstream systemd rules will include vhost-vsock in systemd v248.

Closes: https://bugs.gentoo.org/773286
Signed-off-by: Maciej S. Szmigiero <mail <AT> maciej.szmigiero.name>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/65-kvm.rules-r2                      | 3 +++
 app-emulation/qemu/{qemu-9999.ebuild => qemu-5.2.0-r3.ebuild} | 7 ++++---
 app-emulation/qemu/qemu-9999.ebuild                           | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app-emulation/qemu/files/65-kvm.rules-r2 b/app-emulation/qemu/files/65-kvm.rules-r2
new file mode 100644
index 00000000000..15c89b20187
--- /dev/null
+++ b/app-emulation/qemu/files/65-kvm.rules-r2
@@ -0,0 +1,3 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"
+KERNEL=="vhost-vsock", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-vsock"

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-5.2.0-r3.ebuild
similarity index 99%
copy from app-emulation/qemu/qemu-9999.ebuild
copy to app-emulation/qemu/qemu-5.2.0-r3.ebuild
index dcde210564b..063ad7becb4 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0-r3.ebuild
@@ -226,10 +226,11 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-strings.patch
 	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-9999-fix-firmware-path.patch
+	"${FILESDIR}"/${PN}-5.2.0-strings.patch
+	"${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
+	"${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
 )
 
 QA_PREBUILT="
@@ -722,7 +723,7 @@ src_install() {
 		[[ -e check-report.html ]] && dodoc check-report.html
 
 		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
 		fi
 
 		if use python; then

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index dcde210564b..1104aacd55d 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -722,7 +722,7 @@ src_install() {
 		[[ -e check-report.html ]] && dodoc check-report.html
 
 		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
 		fi
 
 		if use python; then


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-04-12 19:39 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2021-04-12 19:39 UTC (permalink / raw
  To: gentoo-commits

commit:     957314a3054fd202618a5a44c076cbcda8c711d5
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 12 19:37:55 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Apr 12 19:39:33 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=957314a3

app-emulation/qemu: Do not rely on DCE for lock type test

Fix CFLAGS=-Og build break. -Og fails because gcc does not enable dead
code elimination (but does set __OPTIMIZE__ define).

The fix avoids DCE reliance downstream entirely.

Reported-by: Luke-Jr
Closes: https://bugs.gentoo.org/782364
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch | 18 ++++++++++++++++++
 app-emulation/qemu/qemu-5.2.0-r50.ebuild            |  1 +
 app-emulation/qemu/qemu-9999.ebuild                 |  1 +
 3 files changed, 20 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
new file mode 100644
index 00000000000..679a9f391b0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
@@ -0,0 +1,18 @@
+Fix CFLAGS=-Og build break. -Og fails because gcc does not enable dead
+code elimination (but does set __OPTIMIZE__ define).
+
+The fix avoids DCE reliance downstream entirely.
+
+Reported-by: Luke-Jr
+Bug: https://bugs.gentoo.org/782364
+--- a/include/qemu/lockable.h
++++ b/include/qemu/lockable.h
+@@ -28,7 +28,7 @@ struct QemuLockable {
+  * to QEMU_MAKE_LOCKABLE.  For optimized builds, we can rely on dead-code elimination
+  * from the compiler, and give the errors already at link time.
+  */
+-#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__)
++#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__) && defined(VALIDATE_LOCKS_VIA_DCE)
+ void unknown_lock_type(void *);
+ #else
+ static inline void unknown_lock_type(void *unused)

diff --git a/app-emulation/qemu/qemu-5.2.0-r50.ebuild b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
index 6b9bfbec8c9..7a9f08f8539 100644
--- a/app-emulation/qemu/qemu-5.2.0-r50.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
@@ -234,6 +234,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-strings.patch
 	"${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
 	"${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
+	"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
 )
 
 QA_PREBUILT="

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 9e8be4658ae..9970b1a031f 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -272,6 +272,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-strings.patch
 	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-06-26 19:59 Sergei Trofimovich
  0 siblings, 0 replies; 56+ messages in thread
From: Sergei Trofimovich @ 2021-06-26 19:59 UTC (permalink / raw
  To: gentoo-commits

commit:     f09915592646599a26c0be1f368809f4a5e84532
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 26 19:55:04 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Jun 26 19:59:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0991559

app-emulation/qemu: allow MAKE='make ...' form

Reported-by: Toralf Förster
Closes: https://bugs.gentoo.org/795678
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-emulation/qemu/files/qemu-6.0.0-make.patch | 14 ++++++++++++++
 app-emulation/qemu/qemu-6.0.0.ebuild           |  1 +
 2 files changed, 15 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.0.0-make.patch b/app-emulation/qemu/files/qemu-6.0.0-make.patch
new file mode 100644
index 00000000000..2dac1ca11d9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.0.0-make.patch
@@ -0,0 +1,14 @@
+Allow MAKE='make V=1' and similar.
+
+https://bugs.gentoo.org/795678
+--- a/configure
++++ b/configure
+@@ -1953,7 +1953,7 @@ if test -z "$python"
+ then
+     error_exit "Python not found. Use --python=/path/to/python"
+ fi
+-if ! has "$make"
++if ! has $make
+ then
+     error_exit "GNU make ($make) not found"
+ fi

diff --git a/app-emulation/qemu/qemu-6.0.0.ebuild b/app-emulation/qemu/qemu-6.0.0.ebuild
index fbd240df60c..8a8069a10e2 100644
--- a/app-emulation/qemu/qemu-6.0.0.ebuild
+++ b/app-emulation/qemu/qemu-6.0.0.ebuild
@@ -276,6 +276,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
+	"${FILESDIR}"/${PN}-6.0.0-make.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2021-12-21 23:53 John Helmert III
  0 siblings, 0 replies; 56+ messages in thread
From: John Helmert III @ 2021-12-21 23:53 UTC (permalink / raw
  To: gentoo-commits

commit:     0ad99be8a35aff4afc249dd3b596b2eed6b5c884
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 21 23:29:36 2021 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Tue Dec 21 23:42:17 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ad99be8

app-emulation/qemu: fix unix socket path copy

This adds a patch of upstream commit
118d527f2e4baec5fe8060b22a6212468b8e4d3f. It is included in 6.2.0, but
fixes a 6.1.0 regression, so committing straight to stable.

Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 .../files/qemu-6.1.0-fix-unix-socket-copy.patch    | 76 ++++++++++++++++++++++
 .../{qemu-6.1.0-r2.ebuild => qemu-6.1.0-r3.ebuild} |  1 +
 2 files changed, 77 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch b/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch
new file mode 100644
index 000000000000..7701b26b4f9a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch
@@ -0,0 +1,76 @@
+commit 118d527f2e4baec5fe8060b22a6212468b8e4d3f
+Author: Michael Tokarev <mjt@tls.msk.ru>
+Date:   Wed Sep 1 16:16:24 2021 +0300
+
+    qemu-sockets: fix unix socket path copy (again)
+    
+    Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an
+    assert which ensures the path within an address of a unix
+    socket returned from the kernel is at least one byte and
+    does not exceed sun_path buffer. Both of this constraints
+    are wrong:
+    
+    A unix socket can be unnamed, in this case the path is
+    completely empty (not even \0)
+    
+    And some implementations (notable linux) can add extra
+    trailing byte (\0) _after_ the sun_path buffer if we
+    passed buffer larger than it (and we do).
+    
+    So remove the assertion (since it causes real-life breakage)
+    but at the same time fix the usage of sun_path. Namely,
+    we should not access sun_path[0] if kernel did not return
+    it at all (this is the case for unnamed sockets),
+    and use the returned salen when copyig actual path as an
+    upper constraint for the amount of bytes to copy - this
+    will ensure we wont exceed the information provided by
+    the kernel, regardless whenever there is a trailing \0
+    or not. This also helps with unnamed sockets.
+    
+    Note the case of abstract socket, the sun_path is actually
+    a blob and can contain \0 characters, - it should not be
+    passed to g_strndup and the like, it should be accessed by
+    memcpy-like functions.
+    
+    Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f
+    Fixes: http://bugs.debian.org/993145
+    Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+    Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+    CC: qemu-stable@nongnu.org
+
+diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
+index f2f3676d1f..c5043999e9 100644
+--- a/util/qemu-sockets.c
++++ b/util/qemu-sockets.c
+@@ -1345,25 +1345,22 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage *sa,
+     SocketAddress *addr;
+     struct sockaddr_un *su = (struct sockaddr_un *)sa;
+ 
+-    assert(salen >= sizeof(su->sun_family) + 1 &&
+-           salen <= sizeof(struct sockaddr_un));
+-
+     addr = g_new0(SocketAddress, 1);
+     addr->type = SOCKET_ADDRESS_TYPE_UNIX;
++    salen -= offsetof(struct sockaddr_un, sun_path);
+ #ifdef CONFIG_LINUX
+-    if (!su->sun_path[0]) {
++    if (salen > 0 && !su->sun_path[0]) {
+         /* Linux abstract socket */
+-        addr->u.q_unix.path = g_strndup(su->sun_path + 1,
+-                                        salen - sizeof(su->sun_family) - 1);
++        addr->u.q_unix.path = g_strndup(su->sun_path + 1, salen - 1);
+         addr->u.q_unix.has_abstract = true;
+         addr->u.q_unix.abstract = true;
+         addr->u.q_unix.has_tight = true;
+-        addr->u.q_unix.tight = salen < sizeof(*su);
++        addr->u.q_unix.tight = salen < sizeof(su->sun_path);
+         return addr;
+     }
+ #endif
+ 
+-    addr->u.q_unix.path = g_strndup(su->sun_path, sizeof(su->sun_path));
++    addr->u.q_unix.path = g_strndup(su->sun_path, salen);
+     return addr;
+ }
+ #endif /* WIN32 */

diff --git a/app-emulation/qemu/qemu-6.1.0-r2.ebuild b/app-emulation/qemu/qemu-6.1.0-r3.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-6.1.0-r2.ebuild
rename to app-emulation/qemu/qemu-6.1.0-r3.ebuild
index b91f85e5d967..8d2ca068f00d 100644
--- a/app-emulation/qemu/qemu-6.1.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-6.1.0-r3.ebuild
@@ -277,6 +277,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-6.0.0-make.patch
 	"${FILESDIR}"/${PN}-6.1.0-strings.patch
+	"${FILESDIR}"/${P}-fix-unix-socket-copy.patch
 	"${FILESDIR}"/${P}-automagic-libbpf.patch
 	"${FILESDIR}"/${P}-data-corruption.patch
 )


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-01-01  1:22 John Helmert III
  0 siblings, 0 replies; 56+ messages in thread
From: John Helmert III @ 2022-01-01  1:22 UTC (permalink / raw
  To: gentoo-commits

commit:     4da484b352e21676d7e0b13c5aa54db2a69c8271
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  1 01:10:55 2022 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Sat Jan  1 01:22:09 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4da484b3

app-emulation/qemu: fix some automagic and patch runtime crash

Fix automagic audio backend use/linking (alsa, jack, oss, pulseaudio)
and pam, add upstream patches to fix crash when with user-provided
SLIC table, and fix calculating the --audio-drv-list argument.

Bug: https://bugs.gentoo.org/830170
Thanks-To: Ionen Wolkens <ionen <AT> gentoo.org>
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 .../qemu/files/qemu-6.2.0-user-SLIC-crash.patch    | 168 ++++
 app-emulation/qemu/qemu-6.2.0-r1.ebuild            | 922 +++++++++++++++++++++
 2 files changed, 1090 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
new file mode 100644
index 000000000000..7d22feeade2a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
@@ -0,0 +1,168 @@
+commit dce6c86f54eab61028e110497c222e73381379df
+Author: Igor Mammedov <imammedo@redhat.com>
+Date:   Mon Dec 27 14:31:17 2021 -0500
+
+    acpi: fix QEMU crash when started with SLIC table
+    
+    if QEMU is started with used provided SLIC table blob,
+    
+      -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
+    it will assert with:
+    
+      hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
+    
+    and following backtrace:
+    
+      ...
+      build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
+      acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
+      build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
+      ...
+    
+    which happens due to acpi_table_begin() expecting NULL terminated
+    oem_id and oem_table_id strings, which is normally the case, but
+    in case of user provided SLIC table, oem_id points to table's blob
+    directly and as result oem_id became longer than expected.
+    
+    Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
+    return NULL terminated strings.
+    
+    PS:
+    After [1] refactoring, oem_id semantics became inconsistent, where
+    NULL terminated string was coming from machine and old way pointer
+    into byte array coming from -acpitable option. That used to work
+    since build_header() wasn't expecting NULL terminated string and
+    blindly copied the 1st 6 bytes only.
+    
+    However commit [2] broke that by replacing build_header() with
+    acpi_table_begin(), which was expecting NULL terminated string
+    and was checking oem_id size.
+    
+    1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
+    2)
+    Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
+    Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
+    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+
+diff --git a/hw/acpi/core.c b/hw/acpi/core.c
+index 1e004d0078..3e811bf03c 100644
+--- a/hw/acpi/core.c
++++ b/hw/acpi/core.c
+@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
+         struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
+ 
+         if (memcmp(hdr->sig, "SLIC", 4) == 0) {
+-            oem->id = hdr->oem_id;
+-            oem->table_id = hdr->oem_table_id;
++            oem->id = g_strndup(hdr->oem_id, 6);
++            oem->table_id = g_strndup(hdr->oem_table_id, 8);
+             return 0;
+         }
+     }
+diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
+index a99c6e4fe3..570f82997b 100644
+--- a/hw/i386/acpi-build.c
++++ b/hw/i386/acpi-build.c
+@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
+ 
+     /* Cleanup memory that's no longer used. */
+     g_array_free(table_offsets, true);
++    g_free(slic_oem.id);
++    g_free(slic_oem.table_id);
+ }
+ 
+ static void acpi_ram_update(MemoryRegion *mr, GArray *data)
+
+commit a22de122ad03ea40953ad0328b2c3e31002d8052
+Author: Igor Mammedov <imammedo@redhat.com>
+Date:   Mon Dec 27 14:31:18 2021 -0500
+
+    tests: acpi: whitelist expected blobs before changing them
+    
+    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+
+diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic
+new file mode 100644
+index 0000000000..f6a864cc86
+Binary files /dev/null and b/tests/data/acpi/q35/FACP.slic differ
+diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
+new file mode 100644
+index 0000000000..e69de29bb2
+diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
+index dfb8523c8b..49dbf8fa3e 100644
+--- a/tests/qtest/bios-tables-test-allowed-diff.h
++++ b/tests/qtest/bios-tables-test-allowed-diff.h
+@@ -1 +1,3 @@
+ /* List of comma-separated changed AML files to ignore */
++"tests/data/acpi/q35/FACP.slic",
++"tests/data/acpi/q35/SLIC.slic",
+
+commit cb913395d76f8fdfd7f1d0c8ea77d4710821bbd3
+Author: Igor Mammedov <imammedo@redhat.com>
+Date:   Mon Dec 27 14:31:19 2021 -0500
+
+    tests: acpi: add SLIC table test
+    
+    When user uses '-acpitable' to add SLIC table, some ACPI
+    tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to
+    match that of SLIC. Test makes sure thati QEMU handles
+    those fields correctly when SLIC table is added with
+    '-acpitable' option.
+    
+    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+
+diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
+index 258874167e..ae7ef13ec7 100644
+--- a/tests/qtest/bios-tables-test.c
++++ b/tests/qtest/bios-tables-test.c
+@@ -1567,6 +1567,19 @@ static void test_acpi_oem_fields_virt(void)
+     g_free(args);
+ }
+
++static void test_acpi_q35_slic(void)
++{
++    test_data data = {
++        .machine = MACHINE_Q35,
++        .variant = ".slic",
++    };
++
++    test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME',"
++                  "oem_rev=00002210,asl_compiler_id='qemu',"
++                  "asl_compiler_rev=00000000,data=/dev/null",
++                  &data);
++    free_test_data(&data);
++}
+
+ int main(int argc, char *argv[])
+ {
+@@ -1639,6 +1652,7 @@ int main(int argc, char *argv[])
+             qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic);
+             qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar);
+         }
++        qtest_add_func("acpi/q35/slic", test_acpi_q35_slic);
+     } else if (strcmp(arch, "aarch64") == 0) {
+         if (has_tcg) {
+             qtest_add_func("acpi/virt", test_acpi_virt_tcg);
+
+commit ffba261306370e0ad8506401b104be5fa4749ade
+Author: Igor Mammedov <imammedo@redhat.com>
+Date:   Mon Dec 27 14:31:20 2021 -0500
+
+    tests: acpi: SLIC: update expected blobs
+    
+    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+
+diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic
+index f6a864cc86..891fd4b784 100644
+Binary files a/tests/data/acpi/q35/FACP.slic and b/tests/data/acpi/q35/FACP.slic differ
+diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
+index e69de29bb2..fd26592e24 100644
+Binary files a/tests/data/acpi/q35/SLIC.slic and b/tests/data/acpi/q35/SLIC.slic differ
+diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
+index 49dbf8fa3e..dfb8523c8b 100644
+--- a/tests/qtest/bios-tables-test-allowed-diff.h
++++ b/tests/qtest/bios-tables-test-allowed-diff.h
+@@ -1,3 +1 @@
+ /* List of comma-separated changed AML files to ignore */
+-"tests/data/acpi/q35/FACP.slic",
+-"tests/data/acpi/q35/SLIC.slic",

diff --git a/app-emulation/qemu/qemu-6.2.0-r1.ebuild b/app-emulation/qemu/qemu-6.2.0-r1.ebuild
new file mode 100644
index 000000000000..3f1ccc352eb5
--- /dev/null
+++ b/app-emulation/qemu/qemu-6.2.0-r1.ebuild
@@ -0,0 +1,922 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8,9,10} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="6.2.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+		pax-utils xdg-utils
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
+	EGIT_SUBMODULES=(
+		meson
+		tests/fp/berkeley-softfloat-3
+		tests/fp/berkeley-testfloat-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="https://download.qemu.org/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
+	+fdt fuse glusterfs gnutls gtk infiniband iscsi io-uring
+	jack jemalloc +jpeg kernel_linux
+	kernel_FreeBSD lzo multipath
+	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	+slirp
+	smartcard snappy spice ssh static static-user systemtap test udev usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	xfs zstd"
+
+COMMON_TARGETS="
+	aarch64
+	alpha
+	arm
+	cris
+	hppa
+	i386
+	m68k
+	microblaze
+	microblazeel
+	mips
+	mips64
+	mips64el
+	mipsel
+	nios2
+	or1k
+	ppc
+	ppc64
+	riscv32
+	riscv64
+	s390x
+	sh4
+	sh4eb
+	sparc
+	sparc64
+	x86_64
+	xtensa
+	xtensaeb
+"
+IUSE_SOFTMMU_TARGETS="
+	${COMMON_TARGETS}
+	avr
+	rx
+	tricore
+"
+IUSE_USER_TARGETS="
+	${COMMON_TARGETS}
+	aarch64_be
+	armeb
+	hexagon
+	mipsn32
+	mipsn32el
+	ppc64abi32
+	ppc64le
+	sparc32plus
+"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	qemu_softmmu_targets_x86_64? ( fdt )
+	sdl-image? ( sdl )
+	static? ( static-user !alsa !gtk !jack !opengl !pulseaudio !plugins !rbd !snappy !udev )
+	static-user? ( !plugins )
+	vhost-user-fs? ( caps seccomp )
+	virgl? ( opengl )
+	virtfs? ( caps xattr )
+	vte? ( gtk )
+	multipath? ( udev )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bpf? ( dev-libs/libbpf:= )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
+	jack? ( virtual/jack )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	multipath? ( sys-fs/multipath-tools )
+	ncurses? (
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl(+),gbm(+)]
+	)
+	pam? ( sys-libs/pam )
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[video]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	slirp? ( net-libs/libslirp[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	udev? ( virtual/libudev:= )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
+	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
+"
+
+EDK2_OVMF_VERSION="202105"
+SEABIOS_VERSION="1.14.0"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre10[binary]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
+		sys-firmware/ipxe[qemu]
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
+	)
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? ( sec-policy/selinux-qemu )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-6.0.0-make.patch
+	"${FILESDIR}"/${PN}-6.1.0-strings.patch
+	"${FILESDIR}"/${PN}-6.2.0-user-SLIC-crash.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
+	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32
+"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/configs/targets/ >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-containers # bug #732972
+		--disable-guest-agent
+		--disable-strip
+
+		# bug #746752: TCG interpreter has a few limitations:
+		# - it does not support FPU
+		# - it's generally slower on non-self-modifying code
+		# It's advantage is support for host architectures
+		# where native codegeneration is not implemented.
+		# Gentoo has qemu keyworded only on targets with
+		# native code generation available. Avoid the interpreter.
+		--disable-tcg-interpreter
+
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable doc docs)
+		$(use_enable nls gettext)
+		$(use_enable pam auth-pam)
+		$(use_enable plugins)
+		$(use_enable xattr attr)
+		$(use_enable alsa)
+		$(use_enable jack)
+		$(use_enable oss)
+		$(use_enable pulseaudio pa)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	# Enable option only for softmmu build, but not 'user' or 'tools'
+	conf_softmmu() {
+		if [[ ${buildtype} == "softmmu" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Enable option only for tools build, but not 'user' or 'softmmu'
+	conf_tools() {
+		if [[ ${buildtype} == "tools" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Special case for the malloc flag, because the --disable flag does
+	# not exist and trying like above will break configuring.
+	conf_malloc() {
+		if [[ ! ${buildtype} == "user" ]] ; then
+			usex "${1}" "--enable-malloc=${1}" ""
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_softmmu bpf)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_notuser fdt)
+		$(conf_notuser fuse)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser io-uring linux-io-uring)
+		$(conf_malloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser multipath mpath)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_softmmu sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser slirp slirp system)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser udev libudev)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser vhost-user-fs)
+		$(conf_tools vhost-user-fs virtiofsd)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
+		$(conf_notuser zstd)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev jack)
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	# Meson will not use a cross-file unless cross_prefix is set.
+	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
+
+	# Plumb through equivalent of EXTRA_ECONF to allow experiments
+	# like bug #747928.
+	conf_opts+=( ${EXTRA_CONF_QEMU} )
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+
+	# FreeBSD's kernel does not support QEMU assigning/grabbing
+	# host USB devices yet
+	use kernel_FreeBSD && \
+		sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC/PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-03-29  5:38 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2022-03-29  5:38 UTC (permalink / raw
  To: gentoo-commits

commit:     7e9e099c436cc0934ca4e092856e5b08909622d6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 29 05:37:56 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Mar 29 05:37:56 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e9e099c

app-emulation/qemu: add glibc-2.35 patch

Closes: https://bugs.gentoo.org/836300
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch |  61 ++
 app-emulation/qemu/qemu-6.2.0-r4.ebuild            | 925 +++++++++++++++++++++
 2 files changed, 986 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
new file mode 100644
index 000000000000..156d94b0f57e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
@@ -0,0 +1,61 @@
+https://gitlab.com/qemu/qemu/-/commit/7b223e38603de3a75602e14914d26f9d4baf52eb.patch
+https://bugs.gentoo.org/836300
+
+From 7b223e38603de3a75602e14914d26f9d4baf52eb Mon Sep 17 00:00:00 2001
+From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Date: Wed, 9 Feb 2022 12:14:56 +0100
+Subject: [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist
+
+The virtiofsd currently crashes when used with glibc 2.35.
+That is due to the rseq system call being added to every thread
+creation [1][2].
+
+[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
+[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
+
+This happens not at daemon start, but when a guest connects
+
+    /usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
+        -o source=/var/guests/j-virtiofs --socket-group=kvm
+    virtio_session_mount: Waiting for vhost-user socket connection...
+    # start ok, now guest will connect
+    virtio_session_mount: Received vhost-user socket connection
+    virtio_loop: Entry
+    fv_queue_set_started: qidx=0 started=1
+    fv_queue_set_started: qidx=1 started=1
+    Bad system call (core dumped)
+
+We have to put rseq on the seccomp allowlist to avoid that the daemon
+is crashing in this case.
+
+Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
+Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com
+
+[Moved rseq to its alphabetically ordered position in the seccomp
+allowlist.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ tools/virtiofsd/passthrough_seccomp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
+index a3ce9f898d..2bc0127b69 100644
+--- a/tools/virtiofsd/passthrough_seccomp.c
++++ b/tools/virtiofsd/passthrough_seccomp.c
+@@ -91,6 +91,9 @@ static const int syscall_allowlist[] = {
+     SCMP_SYS(renameat2),
+     SCMP_SYS(removexattr),
+     SCMP_SYS(restart_syscall),
++#ifdef __NR_rseq
++    SCMP_SYS(rseq), /* required since glibc 2.35 */
++#endif
+     SCMP_SYS(rt_sigaction),
+     SCMP_SYS(rt_sigprocmask),
+     SCMP_SYS(rt_sigreturn),
+-- 
+GitLab
+
+

diff --git a/app-emulation/qemu/qemu-6.2.0-r4.ebuild b/app-emulation/qemu/qemu-6.2.0-r4.ebuild
new file mode 100644
index 000000000000..e981bb09adc5
--- /dev/null
+++ b/app-emulation/qemu/qemu-6.2.0-r4.ebuild
@@ -0,0 +1,925 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8,9,10} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="6.2.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+		pax-utils xdg-utils
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
+	EGIT_SUBMODULES=(
+		meson
+		tests/fp/berkeley-softfloat-3
+		tests/fp/berkeley-testfloat-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	SRC_URI="https://download.qemu.org/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
+	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
+	jack jemalloc +jpeg
+	lzo multipath
+	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	+slirp
+	smartcard snappy spice ssh static static-user systemtap test udev usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	xfs zstd"
+
+COMMON_TARGETS="
+	aarch64
+	alpha
+	arm
+	cris
+	hppa
+	i386
+	m68k
+	microblaze
+	microblazeel
+	mips
+	mips64
+	mips64el
+	mipsel
+	nios2
+	or1k
+	ppc
+	ppc64
+	riscv32
+	riscv64
+	s390x
+	sh4
+	sh4eb
+	sparc
+	sparc64
+	x86_64
+	xtensa
+	xtensaeb
+"
+IUSE_SOFTMMU_TARGETS="
+	${COMMON_TARGETS}
+	avr
+	rx
+	tricore
+"
+IUSE_USER_TARGETS="
+	${COMMON_TARGETS}
+	aarch64_be
+	armeb
+	hexagon
+	mipsn32
+	mipsn32el
+	ppc64abi32
+	ppc64le
+	sparc32plus
+"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	qemu_softmmu_targets_x86_64? ( fdt )
+	sdl-image? ( sdl )
+	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
+	static-user? ( !plugins )
+	vhost-user-fs? ( caps seccomp )
+	virgl? ( opengl )
+	virtfs? ( caps xattr )
+	vnc? ( gnutls )
+	vte? ( gtk )
+	multipath? ( udev )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	dev-libs/libxml2[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bpf? ( dev-libs/libbpf:= )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
+	jack? ( virtual/jack )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	multipath? ( sys-fs/multipath-tools )
+	ncurses? (
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl(+),gbm(+)]
+	)
+	pam? ( sys-libs/pam )
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[video]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	slirp? ( net-libs/libslirp[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	udev? ( virtual/libudev:= )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
+	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
+"
+
+EDK2_OVMF_VERSION="202105"
+SEABIOS_VERSION="1.14.0"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
+		~sys-firmware/sgabios-0.1_pre10[binary]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
+		sys-firmware/ipxe[qemu]
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+		sys-firmware/sgabios
+	)"
+PPC_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
+	)
+	!pin-upstream-blobs? (
+		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
+	)
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? (
+		sec-policy/selinux-qemu
+		sys-libs/libselinux
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-6.0.0-make.patch
+	"${FILESDIR}"/${PN}-6.1.0-strings.patch
+	"${FILESDIR}"/${PN}-6.2.0-user-SLIC-crash.patch
+	"${FILESDIR}"/${PN}-6.2.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
+	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-ppc64abi32
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32
+"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/configs/targets/ >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# Remove bundled copy of libfdt
+	rm -r dtc || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}"
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-containers # bug #732972
+		--disable-guest-agent
+		--disable-strip
+		--with-git-submodules=ignore
+
+		# bug #746752: TCG interpreter has a few limitations:
+		# - it does not support FPU
+		# - it's generally slower on non-self-modifying code
+		# It's advantage is support for host architectures
+		# where native codegeneration is not implemented.
+		# Gentoo has qemu keyworded only on targets with
+		# native code generation available. Avoid the interpreter.
+		--disable-tcg-interpreter
+
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--python="${PYTHON}"
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+		$(use_enable alsa)
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable jack)
+		$(use_enable nls gettext)
+		$(use_enable oss)
+		$(use_enable plugins)
+		$(use_enable pulseaudio pa)
+		$(use_enable selinux)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	# Enable option only for softmmu build, but not 'user' or 'tools'
+	conf_softmmu() {
+		if [[ ${buildtype} == "softmmu" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Enable option only for tools build, but not 'user' or 'softmmu'
+	conf_tools() {
+		if [[ ${buildtype} == "tools" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Special case for the malloc flag, because the --disable flag does
+	# not exist and trying like above will break configuring.
+	conf_malloc() {
+		if [[ ! ${buildtype} == "user" ]] ; then
+			usex "${1}" "--enable-malloc=${1}" ""
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_softmmu bpf)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_tools doc docs)
+		$(conf_notuser fdt)
+		$(conf_notuser fuse)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser io-uring linux-io-uring)
+		$(conf_malloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser multipath mpath)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser pam auth-pam)
+		$(conf_notuser png vnc-png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_softmmu sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser slirp slirp system)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser udev libudev)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser vhost-user-fs)
+		$(conf_tools vhost-user-fs virtiofsd)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		$(conf_notuser xfs xfsctl)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
+		$(conf_notuser zstd)
+	)
+
+	if [[ ${buildtype} == "user" ]] ; then
+		conf_opts+=( --disable-libxml2 )
+	else
+		conf_opts+=( --enable-libxml2 )
+	fi
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev jack)
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	# Meson will not use a cross-file unless cross_prefix is set.
+	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
+
+	# Plumb through equivalent of EXTRA_ECONF to allow experiments
+	# like bug #747928.
+	conf_opts+=( ${EXTRA_CONF_QEMU} )
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		default
+	fi
+
+	cd "${S}/tools-build"
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build"
+	emake DESTDIR="${ED}" install
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}"
+	dodoc MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		# PPC/PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/seabios)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+	echo "  $(best_version sys-firmware/edk2-ovmf)"
+	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/seabios)"
+	if has_version 'sys-firmware/seabios[binary]'; then
+		echo "    USE=binary"
+	else
+		echo "    USE=''"
+	fi
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-05-22 15:59 John Helmert III
  0 siblings, 0 replies; 56+ messages in thread
From: John Helmert III @ 2022-05-22 15:59 UTC (permalink / raw
  To: gentoo-commits

commit:     adb5b77a6df5abbc85fbb62bd57a1465ec7a7b4b
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 17:25:33 2022 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Sun May 22 15:59:11 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb5b77a

app-emulation/qemu: drop 6.2.0, 6.2.0-r3, 6.2.0-r4, 7.0.0_rc4

Closes: https://bugs.gentoo.org/831046
Bug: https://bugs.gentoo.org/839762
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   2 -
 ...qemu-6.2.0-also-build-virtfs-proxy-helper.patch |  34 -
 ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch |  61 --
 .../qemu/files/qemu-6.2.0-user-SLIC-crash.patch    | 173 ----
 app-emulation/qemu/metadata.xml                    |   2 -
 app-emulation/qemu/qemu-6.2.0-r3.ebuild            | 924 --------------------
 app-emulation/qemu/qemu-6.2.0-r4.ebuild            | 925 ---------------------
 app-emulation/qemu/qemu-6.2.0.ebuild               | 913 --------------------
 app-emulation/qemu/qemu-7.0.0_rc4.ebuild           | 914 --------------------
 9 files changed, 3948 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index df4132977826..31a2d4d54918 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,3 +1 @@
-DIST qemu-6.2.0.tar.xz 115667324 BLAKE2B 3f2f02e5c36113df6231a9474c6d5db774e541312173813c28f578d669a51f391695d364dc806f5906d9e3c2796bb20b2606fcd46a247eb751ea517de9d7ce15 SHA512 e9f8231c9e1cfcc41cb47f10a55d63f6b8aee307af00cf6acf64acb7aa4f49fa7e9d6330703a2abea15d8b7bbaba7d3cb08c83edd98d82642367b527df730817
-DIST qemu-7.0.0-rc4.tar.xz 125126604 BLAKE2B e1614daf71ff2625cdd8307812d6dfc4103c7c8a981b49fdda7409b8b4749e2d8354d3f8e903791100e966744485148c9b70ff046c0f8c2b1259a4997a245248 SHA512 ca0e8f5f1608b36f8ad8d9e6aeeb00e07af23e59ffecbda84c4c34bbe686a53c481e26bcedd13165363057cab063dcda7e5191dd5aff2798fde5be711c6dd2ff
 DIST qemu-7.0.0.tar.xz 125117636 BLAKE2B ceda6d9f1a585298bd49fed61e8bb35f0064ad8388a9f979c8bd68a38bfe1a47c5bb055e5f74f970c2c440957042b9de4a861524120040c56e4cd8b56c5cfb68 SHA512 44ecd10c018a3763e1bc87d1d35b98890d0d5636acd69fe9b5cadf5024d5af6a31684d60cbe1c3370e02986434c1fb0ad99224e0e6f6fe7eda169992508157b1

diff --git a/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch b/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch
deleted file mode 100644
index af220802069c..000000000000
--- a/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 42e53a0aadb76dfa7c11cd3b14eb4a41efba9bbe Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@43-1.org>
-Date: Tue, 11 Jan 2022 07:20:31 -0600
-Subject: [PATCH] also build virtfs-proxy-helper
-
-The Gentoo ebuild splits the qemu build into a softmmu, user and tool
-phase in order to be able to build and link some of the qemu emulators
-statically. This unfortunately has the consequence that we never
-configure with "have_virtfs" and "have_tools" at the same time.
-
-As a workaround, simply build the virtfs userland unconditionally. After
-all, it is a tiny executable
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index fbe856700..d6918b04c 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1390,7 +1390,7 @@ have_virtfs = (targetos == 'linux' and
-     libattr.found() and
-     libcap_ng.found())
- 
--have_virtfs_proxy_helper = have_virtfs and have_tools
-+have_virtfs_proxy_helper = have_tools and libcap_ng.found()
-
-
- 
- if get_option('virtfs').enabled()
-   if not have_virtfs
--- 
-2.34.1
-

diff --git a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
deleted file mode 100644
index 156d94b0f57e..000000000000
--- a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-https://gitlab.com/qemu/qemu/-/commit/7b223e38603de3a75602e14914d26f9d4baf52eb.patch
-https://bugs.gentoo.org/836300
-
-From 7b223e38603de3a75602e14914d26f9d4baf52eb Mon Sep 17 00:00:00 2001
-From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Date: Wed, 9 Feb 2022 12:14:56 +0100
-Subject: [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist
-
-The virtiofsd currently crashes when used with glibc 2.35.
-That is due to the rseq system call being added to every thread
-creation [1][2].
-
-[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
-[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
-
-This happens not at daemon start, but when a guest connects
-
-    /usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
-        -o source=/var/guests/j-virtiofs --socket-group=kvm
-    virtio_session_mount: Waiting for vhost-user socket connection...
-    # start ok, now guest will connect
-    virtio_session_mount: Received vhost-user socket connection
-    virtio_loop: Entry
-    fv_queue_set_started: qidx=0 started=1
-    fv_queue_set_started: qidx=1 started=1
-    Bad system call (core dumped)
-
-We have to put rseq on the seccomp allowlist to avoid that the daemon
-is crashing in this case.
-
-Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
-Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com
-
-[Moved rseq to its alphabetically ordered position in the seccomp
-allowlist.
---Stefan]
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tools/virtiofsd/passthrough_seccomp.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
-index a3ce9f898d..2bc0127b69 100644
---- a/tools/virtiofsd/passthrough_seccomp.c
-+++ b/tools/virtiofsd/passthrough_seccomp.c
-@@ -91,6 +91,9 @@ static const int syscall_allowlist[] = {
-     SCMP_SYS(renameat2),
-     SCMP_SYS(removexattr),
-     SCMP_SYS(restart_syscall),
-+#ifdef __NR_rseq
-+    SCMP_SYS(rseq), /* required since glibc 2.35 */
-+#endif
-     SCMP_SYS(rt_sigaction),
-     SCMP_SYS(rt_sigprocmask),
-     SCMP_SYS(rt_sigreturn),
--- 
-GitLab
-
-

diff --git a/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
deleted file mode 100644
index 76809782b5f7..000000000000
--- a/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-Gentoo bug: https://bugs.gentoo.org/830170
-Upstream bug: https://gitlab.com/qemu-project/qemu/-/issues/786
-Patches taken from
-https://lore.kernel.org/qemu-devel/20211227193120.1084176-1-imammedo@redhat.com/
-
-commit dce6c86f54eab61028e110497c222e73381379df
-Author: Igor Mammedov <imammedo@redhat.com>
-Date:   Mon Dec 27 14:31:17 2021 -0500
-
-    acpi: fix QEMU crash when started with SLIC table
-    
-    if QEMU is started with used provided SLIC table blob,
-    
-      -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
-    it will assert with:
-    
-      hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
-    
-    and following backtrace:
-    
-      ...
-      build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
-      acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
-      build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
-      ...
-    
-    which happens due to acpi_table_begin() expecting NULL terminated
-    oem_id and oem_table_id strings, which is normally the case, but
-    in case of user provided SLIC table, oem_id points to table's blob
-    directly and as result oem_id became longer than expected.
-    
-    Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
-    return NULL terminated strings.
-    
-    PS:
-    After [1] refactoring, oem_id semantics became inconsistent, where
-    NULL terminated string was coming from machine and old way pointer
-    into byte array coming from -acpitable option. That used to work
-    since build_header() wasn't expecting NULL terminated string and
-    blindly copied the 1st 6 bytes only.
-    
-    However commit [2] broke that by replacing build_header() with
-    acpi_table_begin(), which was expecting NULL terminated string
-    and was checking oem_id size.
-    
-    1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-    2)
-    Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
-    Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
-    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index 1e004d0078..3e811bf03c 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
-         struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
- 
-         if (memcmp(hdr->sig, "SLIC", 4) == 0) {
--            oem->id = hdr->oem_id;
--            oem->table_id = hdr->oem_table_id;
-+            oem->id = g_strndup(hdr->oem_id, 6);
-+            oem->table_id = g_strndup(hdr->oem_table_id, 8);
-             return 0;
-         }
-     }
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index a99c6e4fe3..570f82997b 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
- 
-     /* Cleanup memory that's no longer used. */
-     g_array_free(table_offsets, true);
-+    g_free(slic_oem.id);
-+    g_free(slic_oem.table_id);
- }
- 
- static void acpi_ram_update(MemoryRegion *mr, GArray *data)
-
-commit a22de122ad03ea40953ad0328b2c3e31002d8052
-Author: Igor Mammedov <imammedo@redhat.com>
-Date:   Mon Dec 27 14:31:18 2021 -0500
-
-    tests: acpi: whitelist expected blobs before changing them
-    
-    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-
-diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic
-new file mode 100644
-index 0000000000..f6a864cc86
-Binary files /dev/null and b/tests/data/acpi/q35/FACP.slic differ
-diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
-new file mode 100644
-index 0000000000..e69de29bb2
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index dfb8523c8b..49dbf8fa3e 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1 +1,3 @@
- /* List of comma-separated changed AML files to ignore */
-+"tests/data/acpi/q35/FACP.slic",
-+"tests/data/acpi/q35/SLIC.slic",
-
-commit cb913395d76f8fdfd7f1d0c8ea77d4710821bbd3
-Author: Igor Mammedov <imammedo@redhat.com>
-Date:   Mon Dec 27 14:31:19 2021 -0500
-
-    tests: acpi: add SLIC table test
-    
-    When user uses '-acpitable' to add SLIC table, some ACPI
-    tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to
-    match that of SLIC. Test makes sure thati QEMU handles
-    those fields correctly when SLIC table is added with
-    '-acpitable' option.
-    
-    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-
-diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
-index 258874167e..ae7ef13ec7 100644
---- a/tests/qtest/bios-tables-test.c
-+++ b/tests/qtest/bios-tables-test.c
-@@ -1567,6 +1567,19 @@ static void test_acpi_oem_fields_virt(void)
-     g_free(args);
- }
-
-+static void test_acpi_q35_slic(void)
-+{
-+    test_data data = {
-+        .machine = MACHINE_Q35,
-+        .variant = ".slic",
-+    };
-+
-+    test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME',"
-+                  "oem_rev=00002210,asl_compiler_id='qemu',"
-+                  "asl_compiler_rev=00000000,data=/dev/null",
-+                  &data);
-+    free_test_data(&data);
-+}
-
- int main(int argc, char *argv[])
- {
-@@ -1639,6 +1652,7 @@ int main(int argc, char *argv[])
-             qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic);
-             qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar);
-         }
-+        qtest_add_func("acpi/q35/slic", test_acpi_q35_slic);
-     } else if (strcmp(arch, "aarch64") == 0) {
-         if (has_tcg) {
-             qtest_add_func("acpi/virt", test_acpi_virt_tcg);
-
-commit ffba261306370e0ad8506401b104be5fa4749ade
-Author: Igor Mammedov <imammedo@redhat.com>
-Date:   Mon Dec 27 14:31:20 2021 -0500
-
-    tests: acpi: SLIC: update expected blobs
-    
-    Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-
-diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic
-index f6a864cc86..891fd4b784 100644
-Binary files a/tests/data/acpi/q35/FACP.slic and b/tests/data/acpi/q35/FACP.slic differ
-diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
-index e69de29bb2..fd26592e24 100644
-Binary files a/tests/data/acpi/q35/SLIC.slic and b/tests/data/acpi/q35/SLIC.slic differ
-diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
-index 49dbf8fa3e..dfb8523c8b 100644
---- a/tests/qtest/bios-tables-test-allowed-diff.h
-+++ b/tests/qtest/bios-tables-test-allowed-diff.h
-@@ -1,3 +1 @@
- /* List of comma-separated changed AML files to ignore */
--"tests/data/acpi/q35/FACP.slic",
--"tests/data/acpi/q35/SLIC.slic",

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index 380994d16817..5fbcd7706e9c 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -72,7 +72,5 @@
 		<flag name="xattr">Add support for getting and setting POSIX extended attributes, through
 		<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.</flag>
 		<flag name="xen">Enables support for Xen backends</flag>
-		<flag name="xfs">Support xfsctl() notification and syncing for XFS backed
-		virtual disks.</flag>
 	</use>
 </pkgmetadata>

diff --git a/app-emulation/qemu/qemu-6.2.0-r3.ebuild b/app-emulation/qemu/qemu-6.2.0-r3.ebuild
deleted file mode 100644
index c81b239e4719..000000000000
--- a/app-emulation/qemu/qemu-6.2.0-r3.ebuild
+++ /dev/null
@@ -1,924 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8,9,10} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="6.2.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64abi32
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202105"
-SEABIOS_VERSION="1.14.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
-	"${FILESDIR}"/${PN}-6.2.0-user-SLIC-crash.patch
-	"${FILESDIR}"/${PN}-6.2.0-also-build-virtfs-proxy-helper.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}

diff --git a/app-emulation/qemu/qemu-6.2.0-r4.ebuild b/app-emulation/qemu/qemu-6.2.0-r4.ebuild
deleted file mode 100644
index ffa64f5de70b..000000000000
--- a/app-emulation/qemu/qemu-6.2.0-r4.ebuild
+++ /dev/null
@@ -1,925 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8,9,10} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="6.2.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64abi32
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202105"
-SEABIOS_VERSION="1.14.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
-	"${FILESDIR}"/${PN}-6.2.0-user-SLIC-crash.patch
-	"${FILESDIR}"/${PN}-6.2.0-also-build-virtfs-proxy-helper.patch
-	"${FILESDIR}"/${PN}-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}

diff --git a/app-emulation/qemu/qemu-6.2.0.ebuild b/app-emulation/qemu/qemu-6.2.0.ebuild
deleted file mode 100644
index a6348eb89e7c..000000000000
--- a/app-emulation/qemu/qemu-6.2.0.ebuild
+++ /dev/null
@@ -1,913 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8,9,10} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="6.2.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="https://git.qemu.org/git/qemu.git"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
-	KEYWORDS="amd64 arm64 ~ppc ppc64 x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	xfs zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64abi32
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	dev-libs/libxml2[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? (
-		sys-cluster/rdma-core[static-libs(+)]
-	)
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	xfs? ( sys-fs/xfsprogs[static-libs(+)] )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202105"
-SEABIOS_VERSION="1.14.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-ppc64abi32
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable doc docs)
-		$(use_enable nls gettext)
-		$(use_enable plugins)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		$(conf_notuser xfs xfsctl)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ${buildtype} == "user" ]] ; then
-		conf_opts+=( --disable-libxml2 )
-	else
-		conf_opts+=( --enable-libxml2 )
-	fi
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list="${audio_opts// /,}"
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}

diff --git a/app-emulation/qemu/qemu-7.0.0_rc4.ebuild b/app-emulation/qemu/qemu-7.0.0_rc4.ebuild
deleted file mode 100644
index 758887aed2bf..000000000000
--- a/app-emulation/qemu/qemu-7.0.0_rc4.ebuild
+++ /dev/null
@@ -1,914 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8,9,10} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="6.2.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	MY_P="${PN}-${PV/_rc/-rc}"
-	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
-	#KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
-	S="${WORKDIR}/${MY_P}"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202105"
-SEABIOS_VERSION="1.14.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
-	"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}"
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		default
-	fi
-
-	cd "${S}/tools-build"
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build"
-	emake DESTDIR="${ED}" install
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}"
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-06-04  3:01 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2022-06-04  3:01 UTC (permalink / raw
  To: gentoo-commits

commit:     a2440aa2b4c8ceaf4195e30f6b4888ede061d8dd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  4 02:59:28 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun  4 03:01:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2440aa2

app-emulation/qemu: backport virtio-iscsi CPU usage fix; FORTIFY_SOURCE=3 fixes

- Backport virtio-iscsi CPU usage fix;
- Don't force -D_FORTIFY_SOURCE=2 (we patch it into toolchain so need to set it,
and by doing -U... -D...=2, it prevents usage of =3)
- Backport FORTIFY_SOURCE=3 crash fix

Closes: https://bugs.gentoo.org/849587
Closes: https://bugs.gentoo.org/849500
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../qemu-7.0.0-pci-overflow-fortify-source-3.patch |  94 +++++++++++
 .../qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch  | 182 +++++++++++++++++++++
 .../{qemu-9999.ebuild => qemu-7.0.0-r2.ebuild}     |  38 +++--
 app-emulation/qemu/qemu-9999.ebuild                |  36 ++--
 4 files changed, 322 insertions(+), 28 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch b/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
new file mode 100644
index 000000000000..767f66243fcc
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
@@ -0,0 +1,94 @@
+https://bugs.gentoo.org/849587
+https://bugzilla.opensuse.org/show_bug.cgi?id=1199924
+https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg06183.html
+
+From qemu-devel  Tue May 31 11:47:07 2022
+From: Claudio Fontana <cfontana () suse ! de>
+Date: Tue, 31 May 2022 11:47:07 +0000
+To: qemu-devel
+Subject: [PATCH] pci: fix overflow in snprintf string formatting
+Message-Id: <20220531114707.18830-1-cfontana () suse ! de>
+X-MARC-Message: https://marc.info/?l=qemu-devel&m=165399772310578
+
+the code in pcibus_get_fw_dev_path contained the potential for a
+stack buffer overflow of 1 byte, potentially writing to the stack an
+extra NUL byte.
+
+This overflow could happen if the PCI slot is >= 0x10000000,
+and the PCI function is >= 0x10000000, due to the size parameter
+of snprintf being incorrectly calculated in the call:
+
+    if (PCI_FUNC(d->devfn))
+        snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+
+since the off obtained from a previous call to snprintf is added
+instead of subtracted from the total available size of the buffer.
+
+Without the accurate size guard from snprintf, we end up writing in the
+worst case:
+
+name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes
+
+In order to provide something more robust, replace all of the code in
+pcibus_get_fw_dev_path with a single call to g_strdup_printf,
+so there is no need to rely on manual calculations.
+
+Found by compiling QEMU with FORTIFY_SOURCE=3 as the error:
+
+*** buffer overflow detected ***: terminated
+
+Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
+[Switching to Thread 0x7ffff642c380 (LWP 121307)]
+0x00007ffff71ff55c in __pthread_kill_implementation () from /lib64/libc.so.6
+(gdb) bt
+ #0  0x00007ffff71ff55c in __pthread_kill_implementation () at /lib64/libc.so.6
+ #1  0x00007ffff71ac6f6 in raise () at /lib64/libc.so.6
+ #2  0x00007ffff7195814 in abort () at /lib64/libc.so.6
+ #3  0x00007ffff71f279e in __libc_message () at /lib64/libc.so.6
+ #4  0x00007ffff729767a in __fortify_fail () at /lib64/libc.so.6
+ #5  0x00007ffff7295c36 in  () at /lib64/libc.so.6
+ #6  0x00007ffff72957f5 in __snprintf_chk () at /lib64/libc.so.6
+ #7  0x0000555555b1c1fd in pcibus_get_fw_dev_path ()
+ #8  0x0000555555f2bde4 in qdev_get_fw_dev_path_helper.constprop ()
+ #9  0x0000555555f2bd86 in qdev_get_fw_dev_path_helper.constprop ()
+ #10 0x00005555559a6e5d in get_boot_device_path ()
+ #11 0x00005555559a712c in get_boot_devices_list ()
+ #12 0x0000555555b1a3d0 in fw_cfg_machine_reset ()
+ #13 0x0000555555bf4c2d in pc_machine_reset ()
+ #14 0x0000555555c66988 in qemu_system_reset ()
+ #15 0x0000555555a6dff6 in qdev_machine_creation_done ()
+ #16 0x0000555555c79186 in qmp_x_exit_preconfig.part ()
+ #17 0x0000555555c7b459 in qemu_init ()
+ #18 0x0000555555960a29 in main ()
+
+Found-by: Dario Faggioli <Dario Faggioli <dfaggioli@suse.com>
+Found-by: Martin Liška <martin.liska@suse.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Claudio Fontana <cfontana@suse.de>
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
+ static char *pcibus_get_fw_dev_path(DeviceState *dev)
+ {
+     PCIDevice *d = (PCIDevice *)dev;
+-    char path[50], name[33];
+-    int off;
+-
+-    off = snprintf(path, sizeof(path), "%s@%x",
+-                   pci_dev_fw_name(dev, name, sizeof name),
+-                   PCI_SLOT(d->devfn));
+-    if (PCI_FUNC(d->devfn))
+-        snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+-    return g_strdup(path);
++    char name[33];
++    int has_func = !!PCI_FUNC(d->devfn);
++
++    return g_strdup_printf("%s@%x%s%.*x",
++                           pci_dev_fw_name(dev, name, sizeof(name)),
++                           PCI_SLOT(d->devfn),
++                           has_func ? "," : "",
++                           has_func,
++                           PCI_FUNC(d->devfn));
+ }
+ 
+ static char *pcibus_get_dev_path(DeviceState *dev)

diff --git a/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch b/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch
new file mode 100644
index 000000000000..9ec6ede80896
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch
@@ -0,0 +1,182 @@
+https://bugs.gentoo.org/849500
+https://gitlab.com/qemu-project/qemu/-/commit/2f743ef6366c2df4ef51ef3ae318138cdc0125ab.patch
+https://gitlab.com/qemu-project/qemu/-/commit/38738f7dbbda90fbc161757b7f4be35b52205552.patch
+
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:36 +0100
+Subject: [PATCH] virtio-scsi: fix ctrl and event handler functions in
+ dataplane mode
+
+Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
+virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
+virtqueue handler function to be used in both the dataplane and
+non-datpalane code paths.
+
+It failed to convert the ctrl and event virtqueue handler functions,
+which are not designed to be called from the dataplane code path but
+will be since the ioeventfd is set up for those virtqueues when
+dataplane starts.
+
+Convert the ctrl and event virtqueue handler functions now so they
+operate correctly when called from the dataplane code path. Avoid code
+duplication by extracting this code into a helper function.
+
+Fixes: f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare virtio_scsi_handle_cmd for dataplane")
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-2-stefanha@redhat.com
+[Fixed s/by used/be used/ typo pointed out by Michael Tokarev
+<mjt@tls.msk.ru>.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -472,16 +472,32 @@ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
+     return progress;
+ }
+ 
++/*
++ * If dataplane is configured but not yet started, do so now and return true on
++ * success.
++ *
++ * Dataplane is started by the core virtio code but virtqueue handler functions
++ * can also be invoked when a guest kicks before DRIVER_OK, so this helper
++ * function helps us deal with manually starting ioeventfd in that case.
++ */
++static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s)
++{
++    if (!s->ctx || s->dataplane_started) {
++        return false;
++    }
++
++    virtio_device_start_ioeventfd(&s->parent_obj.parent_obj);
++    return !s->dataplane_fenced;
++}
++
+ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ {
+     VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+ 
+-    if (s->ctx) {
+-        virtio_device_start_ioeventfd(vdev);
+-        if (!s->dataplane_fenced) {
+-            return;
+-        }
++    if (virtio_scsi_defer_to_dataplane(s)) {
++        return;
+     }
++
+     virtio_scsi_acquire(s);
+     virtio_scsi_handle_ctrl_vq(s, vq);
+     virtio_scsi_release(s);
+@@ -720,12 +736,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+     /* use non-QOM casts in the data path */
+     VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+ 
+-    if (s->ctx && !s->dataplane_started) {
+-        virtio_device_start_ioeventfd(vdev);
+-        if (!s->dataplane_fenced) {
+-            return;
+-        }
++    if (virtio_scsi_defer_to_dataplane(s)) {
++        return;
+     }
++
+     virtio_scsi_acquire(s);
+     virtio_scsi_handle_cmd_vq(s, vq);
+     virtio_scsi_release(s);
+@@ -855,12 +869,10 @@ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+ {
+     VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+ 
+-    if (s->ctx) {
+-        virtio_device_start_ioeventfd(vdev);
+-        if (!s->dataplane_fenced) {
+-            return;
+-        }
++    if (virtio_scsi_defer_to_dataplane(s)) {
++        return;
+     }
++
+     virtio_scsi_acquire(s);
+     virtio_scsi_handle_event_vq(s, vq);
+     virtio_scsi_release(s);
+GitLab
+
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:37 +0100
+Subject: [PATCH] virtio-scsi: don't waste CPU polling the event virtqueue
+
+The virtio-scsi event virtqueue is not emptied by its handler function.
+This is typical for rx virtqueues where the device uses buffers when
+some event occurs (e.g. a packet is received, an error condition
+happens, etc).
+
+Polling non-empty virtqueues wastes CPU cycles. We are not waiting for
+new buffers to become available, we are waiting for an event to occur,
+so it's a misuse of CPU resources to poll for buffers.
+
+Introduce the new virtio_queue_aio_attach_host_notifier_no_poll() API,
+which is identical to virtio_queue_aio_attach_host_notifier() except
+that it does not poll the virtqueue.
+
+Before this patch the following command-line consumed 100% CPU in the
+IOThread polling and calling virtio_scsi_handle_event():
+
+  $ qemu-system-x86_64 -M accel=kvm -m 1G -cpu host \
+      --object iothread,id=iothread0 \
+      --device virtio-scsi-pci,iothread=iothread0 \
+      --blockdev file,filename=test.img,aio=native,cache.direct=on,node-name=drive0 \
+      --device scsi-hd,drive=drive0
+
+After this patch CPU is no longer wasted.
+
+Reported-by: Nir Soffer <nsoffer@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Tested-by: Nir Soffer <nsoffer@redhat.com>
+Message-id: 20220427143541.119567-3-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+--- a/hw/scsi/virtio-scsi-dataplane.c
++++ b/hw/scsi/virtio-scsi-dataplane.c
+@@ -138,7 +138,7 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+ 
+     aio_context_acquire(s->ctx);
+     virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
+-    virtio_queue_aio_attach_host_notifier(vs->event_vq, s->ctx);
++    virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
+ 
+     for (i = 0; i < vs->conf.num_queues; i++) {
+         virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3534,6 +3534,19 @@ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx)
+                                 virtio_queue_host_notifier_aio_poll_end);
+ }
+ 
++/*
++ * Same as virtio_queue_aio_attach_host_notifier() but without polling. Use
++ * this for rx virtqueues and similar cases where the virtqueue handler
++ * function does not pop all elements. When the virtqueue is left non-empty
++ * polling consumes CPU cycles and should not be used.
++ */
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx)
++{
++    aio_set_event_notifier(ctx, &vq->host_notifier, true,
++                           virtio_queue_host_notifier_read,
++                           NULL, NULL);
++}
++
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ {
+     aio_set_event_notifier(ctx, &vq->host_notifier, true, NULL, NULL, NULL);
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -317,6 +317,7 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
+ void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled);
+ void virtio_queue_host_notifier_read(EventNotifier *n);
+ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx);
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx);
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
+ VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
+ VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
+GitLab

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-7.0.0-r2.ebuild
similarity index 96%
copy from app-emulation/qemu/qemu-9999.ebuild
copy to app-emulation/qemu/qemu-7.0.0-r2.ebuild
index 23c0cb89295f..f048b6385812 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-7.0.0-r2.ebuild
@@ -6,12 +6,12 @@ EAPI=8
 PYTHON_COMPAT=( python3_{8,9,10} )
 PYTHON_REQ_USE="ncurses,readline"
 
-FIRMWARE_ABI_VERSION="6.2.0"
+FIRMWARE_ABI_VERSION="7.0.0"
 
 inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
 		pax-utils xdg-utils
 
-if [[ ${PV} = *9999* ]]; then
+if [[ ${PV} == *9999* ]]; then
 	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
 	EGIT_SUBMODULES=(
 		meson
@@ -22,8 +22,10 @@ if [[ ${PV} = *9999* ]]; then
 	inherit git-r3
 	SRC_URI=""
 else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
+	MY_P="${PN}-${PV/_rc/-rc}"
+	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
 	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+	S="${WORKDIR}/${MY_P}"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -147,7 +149,7 @@ SOFTMMU_TOOLS_DEPEND="
 	capstone? ( dev-libs/capstone:= )
 	caps? ( sys-libs/libcap-ng[static-libs(+)] )
 	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
 	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
 	gnutls? (
@@ -163,7 +165,7 @@ SOFTMMU_TOOLS_DEPEND="
 	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
 	jack? ( virtual/jack )
 	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	multipath? ( sys-fs/multipath-tools )
 	ncurses? (
@@ -277,6 +279,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-6.0.0-make.patch
 	"${FILESDIR}"/${PN}-6.1.0-strings.patch
 	"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${P}-virtio-scsi-fixes.patch
+	"${FILESDIR}"/${P}-pci-overflow-fortify-source-3.patch
 )
 
 QA_PREBUILT="
@@ -416,6 +420,11 @@ src_prepare() {
 	# Verbose builds
 	MAKEOPTS+=" V=1"
 
+	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
+	# this setting (-U then -D..=2) will prevent us from trying out 3, so
+	# drop it. No change to level of protection b/c we patch our toolchain.
+	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
+
 	# Remove bundled copy of libfdt
 	rm -r dtc || die
 }
@@ -430,7 +439,7 @@ qemu_src_configure() {
 	local buildtype=$1
 	local builddir="${S}/${buildtype}-build"
 
-	mkdir "${builddir}"
+	mkdir "${builddir}" || die
 
 	local conf_opts=(
 		--prefix=/usr
@@ -466,6 +475,7 @@ qemu_src_configure() {
 		--cc="$(tc-getCC)"
 		--cxx="$(tc-getCXX)"
 		--host-cc="$(tc-getBUILD_CC)"
+
 		$(use_enable alsa)
 		$(use_enable debug debug-info)
 		$(use_enable debug debug-tcg)
@@ -671,22 +681,22 @@ src_configure() {
 
 src_compile() {
 	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
+		cd "${S}/user-build" || die
 		default
 	fi
 
 	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
+		cd "${S}/softmmu-build" || die
 		default
 	fi
 
-	cd "${S}/tools-build"
+	cd "${S}/tools-build" || die
 	default
 }
 
 src_test() {
 	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
+		cd "${S}/softmmu-build" || die
 		pax-mark m */qemu-system-* #515550
 		emake check
 	fi
@@ -783,19 +793,19 @@ src_install() {
 		fi
 	fi
 
-	cd "${S}/tools-build"
+	cd "${S}/tools-build" || die
 	emake DESTDIR="${ED}" install
 
 	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
+	pushd "${ED}"/usr/bin >/dev/null || die
 	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
+	popd >/dev/null || die
 
 	# Install config file example for qemu-bridge-helper
 	insinto "/etc/qemu"
 	doins "${FILESDIR}/bridge.conf"
 
-	cd "${S}"
+	cd "${S}" || die
 	dodoc MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios
 

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 23c0cb89295f..b9d896ec56bc 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -6,12 +6,12 @@ EAPI=8
 PYTHON_COMPAT=( python3_{8,9,10} )
 PYTHON_REQ_USE="ncurses,readline"
 
-FIRMWARE_ABI_VERSION="6.2.0"
+FIRMWARE_ABI_VERSION="7.0.0"
 
 inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
 		pax-utils xdg-utils
 
-if [[ ${PV} = *9999* ]]; then
+if [[ ${PV} == *9999* ]]; then
 	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
 	EGIT_SUBMODULES=(
 		meson
@@ -22,8 +22,10 @@ if [[ ${PV} = *9999* ]]; then
 	inherit git-r3
 	SRC_URI=""
 else
-	SRC_URI="https://download.qemu.org/${P}.tar.xz"
+	MY_P="${PN}-${PV/_rc/-rc}"
+	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
 	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+	S="${WORKDIR}/${MY_P}"
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -147,7 +149,7 @@ SOFTMMU_TOOLS_DEPEND="
 	capstone? ( dev-libs/capstone:= )
 	caps? ( sys-libs/libcap-ng[static-libs(+)] )
 	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.0[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
 	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
 	gnutls? (
@@ -163,7 +165,7 @@ SOFTMMU_TOOLS_DEPEND="
 	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
 	jack? ( virtual/jack )
 	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
+	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	multipath? ( sys-fs/multipath-tools )
 	ncurses? (
@@ -416,6 +418,11 @@ src_prepare() {
 	# Verbose builds
 	MAKEOPTS+=" V=1"
 
+	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
+	# this setting (-U then -D..=2) will prevent us from trying out 3, so
+	# drop it. No change to level of protection b/c we patch our toolchain.
+	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
+
 	# Remove bundled copy of libfdt
 	rm -r dtc || die
 }
@@ -430,7 +437,7 @@ qemu_src_configure() {
 	local buildtype=$1
 	local builddir="${S}/${buildtype}-build"
 
-	mkdir "${builddir}"
+	mkdir "${builddir}" || die
 
 	local conf_opts=(
 		--prefix=/usr
@@ -466,6 +473,7 @@ qemu_src_configure() {
 		--cc="$(tc-getCC)"
 		--cxx="$(tc-getCXX)"
 		--host-cc="$(tc-getBUILD_CC)"
+
 		$(use_enable alsa)
 		$(use_enable debug debug-info)
 		$(use_enable debug debug-tcg)
@@ -671,22 +679,22 @@ src_configure() {
 
 src_compile() {
 	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
+		cd "${S}/user-build" || die
 		default
 	fi
 
 	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
+		cd "${S}/softmmu-build" || die
 		default
 	fi
 
-	cd "${S}/tools-build"
+	cd "${S}/tools-build" || die
 	default
 }
 
 src_test() {
 	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
+		cd "${S}/softmmu-build" || die
 		pax-mark m */qemu-system-* #515550
 		emake check
 	fi
@@ -783,19 +791,19 @@ src_install() {
 		fi
 	fi
 
-	cd "${S}/tools-build"
+	cd "${S}/tools-build" || die
 	emake DESTDIR="${ED}" install
 
 	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null
+	pushd "${ED}"/usr/bin >/dev/null || die
 	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null
+	popd >/dev/null || die
 
 	# Install config file example for qemu-bridge-helper
 	insinto "/etc/qemu"
 	doins "${FILESDIR}/bridge.conf"
 
-	cd "${S}"
+	cd "${S}" || die
 	dodoc MAINTAINERS docs/specs/pci-ids.txt
 	newdoc pc-bios/README README.pc-bios
 


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-07-05  1:05 WANG Xuerui
  0 siblings, 0 replies; 56+ messages in thread
From: WANG Xuerui @ 2022-07-05  1:05 UTC (permalink / raw
  To: gentoo-commits

commit:     e7e343979dbfd7e4b4fcf85f36c17d414fc1e41e
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  5 00:39:29 2022 +0000
Commit:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Tue Jul  5 00:53:53 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7e34397

app-emulation/qemu: forward port 6.1.0-strings.patch to latest main branch

Due to upstream commit https://gitlab.com/qemu-project/qemu/-/commit/158bb2249ed9
("configure: Add cross prefix for widl tool").

Tentatively named 7.1.0, as 7.1.0 will be the first upstream version
this forwarded patch is applicable to.

Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>

 app-emulation/qemu/files/qemu-7.1.0-strings.patch | 26 +++++++++++++++++++++++
 app-emulation/qemu/qemu-9999.ebuild               |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-strings.patch b/app-emulation/qemu/files/qemu-7.1.0-strings.patch
new file mode 100644
index 000000000000..01f235b9a33c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-strings.patch
@@ -0,0 +1,26 @@
+Forward-ported from original patch for 5.2.0.
+
+diff --git a/configure b/configure
+index da2501489f..4660ee3ee5 100755
+--- a/configure
++++ b/configure
+@@ -400,6 +400,7 @@ ld="${LD-${cross_prefix}ld}"
+ nm="${NM-${cross_prefix}nm}"
+ smbd="$SMBD"
+ strip="${STRIP-${cross_prefix}strip}"
++strings="${STRINGS-${cross_prefix}strings}"
+ widl="${WIDL-${cross_prefix}widl}"
+ windres="${WINDRES-${cross_prefix}windres}"
+ pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
+@@ -1466,9 +1467,9 @@ int main(int argc, char *argv[])
+ EOF
+ 
+ if compile_prog ; then
+-    if strings -a $TMPE | grep -q BiGeNdIaN ; then
++    if $strings -a $TMPE | grep -q BiGeNdIaN ; then
+         bigendian="yes"
+-    elif strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
++    elif $strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
+         bigendian="no"
+     else
+         echo big/little test failed

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 33c2357b1386..4b02fd9f5f85 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -278,8 +278,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
 	"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-7.1.0-strings.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-08-03 18:21 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2022-08-03 18:21 UTC (permalink / raw
  To: gentoo-commits

commit:     db2a2bbc7edbb87b7c179b8cc61bef689a5211c5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  3 18:21:19 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  3 18:21:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db2a2bbc

app-emulation/qemu: fix build w/ glibc 2.36

Closes: https://bugs.gentoo.org/863443
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../qemu/files/qemu-7.0.0-glibc-2.36.patch         | 90 ++++++++++++++++++++++
 app-emulation/qemu/qemu-7.0.0-r3.ebuild            |  1 +
 2 files changed, 91 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch b/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
new file mode 100644
index 000000000000..85343c4d00e7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
@@ -0,0 +1,90 @@
+https://lore.kernel.org/all/20220802183409.GB2040@redhat.com/T/
+https://bugs.gentoo.org/863443
+
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+To: qemu-devel@nongnu.org
+Cc: Laurent Vivier <laurent@vivier.eu>,
+ =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Subject: [PATCH for 7.1] linux-user: fix compat with glibc >= 2.36 sys/mount.h
+Date: Tue,  2 Aug 2022 12:41:34 -0400
+
+The latest glibc 2.36 has extended sys/mount.h so that it
+defines the FSCONFIG_* enum constants. These are historically
+defined in linux/mount.h, and thus if you include both headers
+the compiler complains:
+
+In file included from /usr/include/linux/fs.h:19,
+                 from ../linux-user/syscall.c:98:
+/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
+   95 | enum fsconfig_command {
+      |      ^~~~~~~~~~~~~~~~
+In file included from ../linux-user/syscall.c:31:
+/usr/include/sys/mount.h:189:6: note: originally defined here
+  189 | enum fsconfig_command
+      |      ^~~~~~~~~~~~~~~~
+/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
+   96 |         FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
+      |         ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:191:3: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+  191 |   FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
+      |   ^~~~~~~~~~~~~~~~~
+...snip...
+
+QEMU doesn't include linux/mount.h, but it does use
+linux/fs.h and thus gets linux/mount.h indirectly.
+
+glibc acknowledges this problem but does not appear to
+be intending to fix it in the forseeable future, simply
+documenting it as a known incompatibility with no
+workaround:
+
+  https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+  https://sourceware.org/glibc/wiki/Synchronizing_Headers
+
+To address this requires either removing use of sys/mount.h
+or linux/fs.h, despite QEMU needing declarations from
+both.
+
+This patch removes linux/fs.h, meaning we have to define
+various FS_IOC constants that are now unavailable.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -95,7 +95,25 @@
+ #include <linux/soundcard.h>
+ #include <linux/kd.h>
+ #include <linux/mtio.h>
++
++#ifdef HAVE_SYS_MOUNT_FSCONFIG
++/*
++ * glibc >= 2.36 linux/mount.h conflicts with sys/mount.h,
++ * which in turn prevents use of linux/fs.h. So we have to
++ * define the constants ourselves for now.
++ */
++#define FS_IOC_GETFLAGS                _IOR('f', 1, long)
++#define FS_IOC_SETFLAGS                _IOW('f', 2, long)
++#define FS_IOC_GETVERSION              _IOR('v', 1, long)
++#define FS_IOC_SETVERSION              _IOW('v', 2, long)
++#define FS_IOC_FIEMAP                  _IOWR('f', 11, struct fiemap)
++#define FS_IOC32_GETFLAGS              _IOR('f', 1, int)
++#define FS_IOC32_SETFLAGS              _IOW('f', 2, int)
++#define FS_IOC32_GETVERSION            _IOR('v', 1, int)
++#define FS_IOC32_SETVERSION            _IOW('v', 2, int)
++#else
+ #include <linux/fs.h>
++#endif
+ #include <linux/fd.h>
+ #if defined(CONFIG_FIEMAP)
+ #include <linux/fiemap.h>
+--- a/meson.build
++++ b/meson.build
+@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
+                      cc.has_header_symbol('getopt.h', 'optreset'))
+ config_host_data.set('HAVE_IPPROTO_MPTCP',
+                      cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
++config_host_data.set('HAVE_SYS_MOUNT_FSCONFIG',
++                     cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG'))
+ 
+ # has_member
+ config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',

diff --git a/app-emulation/qemu/qemu-7.0.0-r3.ebuild b/app-emulation/qemu/qemu-7.0.0-r3.ebuild
index d79b2ecdb29b..09762b74b160 100644
--- a/app-emulation/qemu/qemu-7.0.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-7.0.0-r3.ebuild
@@ -300,6 +300,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
 	"${FILESDIR}"/${P}-virtio-scsi-fixes.patch
 	"${FILESDIR}"/${P}-pci-overflow-fortify-source-3.patch
+	"${FILESDIR}"/${P}-glibc-2.36.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-09-27 17:31 John Helmert III
  0 siblings, 0 replies; 56+ messages in thread
From: John Helmert III @ 2022-09-27 17:31 UTC (permalink / raw
  To: gentoo-commits

commit:     9badece6035892cc705ff09dca318c5a59473ae8
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 17:30:25 2022 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 17:31:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9badece6

app-emulation/qemu: fix configure failure with USE=capstone

Closes: https://bugs.gentoo.org/873157
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 .../files/qemu-7.1.0-capstone-include-path.patch   | 31 ++++++++++++++++++++++
 app-emulation/qemu/qemu-7.1.0.ebuild               |  2 +-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch b/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch
new file mode 100644
index 000000000000..585e798345f4
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch
@@ -0,0 +1,31 @@
+Forward ported from qemu-2.11.1-capstone_include_path.patch.
+This time also fix the capstone.h header check to use the path we're
+already patching in.
+
+Bug: https://bugs.gentoo.org/873157
+diff --git a/include/disas/capstone.h b/include/disas/capstone.h
+index e29068dd97..d8fdc5d537 100644
+--- a/include/disas/capstone.h
++++ b/include/disas/capstone.h
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include <capstone.h>
++#include <capstone/capstone.h>
+ 
+ #else
+ 
+diff --git a/meson.build b/meson.build
+index 20fddbd707..50ce96bbd1 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2605,7 +2605,7 @@ if not get_option('capstone').auto() or have_system or have_user
+   # that reports a wrong -I path, causing the #include to
+   # fail later. If the system has such a broken version
+   # do not use it.
+-  if capstone.found() and not cc.compiles('#include <capstone.h>',
++  if capstone.found() and not cc.compiles('#include <capstone/capstone.h>',
+                                           dependencies: [capstone])
+     capstone = not_found
+     if get_option('capstone').enabled()

diff --git a/app-emulation/qemu/qemu-7.1.0.ebuild b/app-emulation/qemu/qemu-7.1.0.ebuild
index 499aa3a68895..82e527f614ec 100644
--- a/app-emulation/qemu/qemu-7.1.0.ebuild
+++ b/app-emulation/qemu/qemu-7.1.0.ebuild
@@ -303,11 +303,11 @@ RDEPEND="${CDEPEND}
 	)"
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
 	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-6.0.0-make.patch
 	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
 	"${FILESDIR}"/${PN}-7.1.0-strings.patch
+	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-11-12 19:43 Andreas K. Hüttel
  0 siblings, 0 replies; 56+ messages in thread
From: Andreas K. Hüttel @ 2022-11-12 19:43 UTC (permalink / raw
  To: gentoo-commits

commit:     6bb8bad236a4dea657dfc9213229c34f7a5d9828
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 12 19:41:59 2022 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sat Nov 12 19:43:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bb8bad2

app-emulation/qemu: 7.1.0 revbump, fixing 3 qemu-user bugs

Backport of 3 patches from master, for mips and loongarch64
usemode emulation

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 .../qemu/files/qemu-7.1.0-faccessat2.patch         |  78 ++
 .../qemu/files/qemu-7.1.0-loong-stat.patch         |  98 ++
 .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch  |  94 ++
 app-emulation/qemu/qemu-7.1.0-r1.ebuild            | 988 +++++++++++++++++++++
 4 files changed, 1258 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
new file mode 100644
index 000000000000..ea168f609fc8
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
@@ -0,0 +1,78 @@
+From 35a2c85f7d691db7aa2c47181902ac87478eef7a Mon Sep 17 00:00:00 2001
+From: WANG Xuerui <xen0n@gentoo.org>
+Date: Sun, 9 Oct 2022 14:08:13 +0800
+Subject: [PATCH] linux-user: Implement faccessat2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+User space has been preferring this syscall for a while, due to its
+closer match with C semantics, and newer platforms such as LoongArch
+apparently have libc implementations that don't fallback to faccessat
+so normal access checks are failing without the emulation in place.
+
+Tested by successfully emerging several packages within a Gentoo loong
+stage3 chroot, emulated on amd64 with help of static qemu-loongarch64.
+
+Reported-by: Andreas K. Hüttel <dilfridge@gentoo.org>
+Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
+Message-Id: <20221009060813.2289077-1-xen0n@gentoo.org>
+[lv: removing defined(__NR_faccessat2) in syscall.c,
+     adding defined(TARGET_NR_faccessat2) on print_faccessat()]
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+---
+ linux-user/strace.c    | 2 +-
+ linux-user/strace.list | 3 +++
+ linux-user/syscall.c   | 9 +++++++++
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/strace.c b/linux-user/strace.c
+index 86c081c83f..9ae5a812cd 100644
+--- a/linux-user/strace.c
++++ b/linux-user/strace.c
+@@ -1969,7 +1969,7 @@ print_execv(CPUArchState *cpu_env, const struct syscallname *name,
+ }
+ #endif
+ 
+-#ifdef TARGET_NR_faccessat
++#if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
+ static void
+ print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
+                 abi_long arg0, abi_long arg1, abi_long arg2,
+diff --git a/linux-user/strace.list b/linux-user/strace.list
+index a87415bf3d..3df2184580 100644
+--- a/linux-user/strace.list
++++ b/linux-user/strace.list
+@@ -178,6 +178,9 @@
+ #ifdef TARGET_NR_faccessat
+ { TARGET_NR_faccessat, "faccessat" , NULL, print_faccessat, NULL },
+ #endif
++#ifdef TARGET_NR_faccessat2
++{ TARGET_NR_faccessat2, "faccessat2" , NULL, print_faccessat, NULL },
++#endif
+ #ifdef TARGET_NR_fadvise64
+ { TARGET_NR_fadvise64, "fadvise64" , NULL, NULL, NULL },
+ #endif
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index d499cac1d5..e985ad167f 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -9143,6 +9143,15 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+         unlock_user(p, arg2, 0);
+         return ret;
+ #endif
++#if defined(TARGET_NR_faccessat2)
++    case TARGET_NR_faccessat2:
++        if (!(p = lock_user_string(arg2))) {
++            return -TARGET_EFAULT;
++        }
++        ret = get_errno(faccessat(arg1, p, arg3, arg4));
++        unlock_user(p, arg2, 0);
++        return ret;
++#endif
+ #ifdef TARGET_NR_nice /* not on alpha */
+     case TARGET_NR_nice:
+         return get_errno(nice(arg1));
+-- 
+2.37.4
+

diff --git a/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch b/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
new file mode 100644
index 000000000000..85fd2c98914a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
@@ -0,0 +1,98 @@
+From xen0n@gentoo.org Thu Oct 06 10:07:10 2022
+Return-Path: <xen0n@gentoo.org>
+X-Original-To: dilfridge@gentoo.org
+Delivered-To: dilfridge@gentoo.org
+From: WANG Xuerui <xen0n@gentoo.org>
+To: qemu-devel@nongnu.org
+Cc: Richard Henderson <richard.henderson@linaro.org>,
+	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
+	WANG Xuerui <xen0n@gentoo.org>,
+	Song Gao <gaosong@loongson.cn>,
+	Xiaojuan Yang <yangxiaojuan@loongson.cn>,
+	=?UTF-8?q?Andreas=20K=20=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>
+Subject: [PATCH RESEND] linux-user: Fix struct statfs ABI on loongarch64
+Date: Thu,  6 Oct 2022 18:07:10 +0800
+Message-Id: <20221006100710.427252-1-xen0n@gentoo.org>
+X-Mailer: git-send-email 2.38.0
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Previously the 32-bit version was incorrectly chosen, leading to funny
+but incorrect output from e.g. df(1). Simply select the version
+corresponding to the 64-bit asm-generic definition.
+
+For reference, this program should produce the same output no matter
+natively compiled or not, for loongarch64 or not:
+
+```c
+#include <stdio.h>
+#include <sys/statfs.h>
+
+int main(int argc, const char *argv[])
+{
+  struct statfs b;
+  if (statfs(argv[0], &b))
+    return 1;
+
+  printf("f_type = 0x%lx\n", b.f_type);
+  printf("f_bsize = %ld\n", b.f_bsize);
+  printf("f_blocks = %ld\n", b.f_blocks);
+  printf("f_bfree = %ld\n", b.f_bfree);
+  printf("f_bavail = %ld\n", b.f_bavail);
+
+  return 0;
+}
+
+// Example output on my amd64 box, with the test binary residing on a
+// btrfs partition.
+
+// Native and emulated output after the fix:
+//
+// f_type = 0x9123683e
+// f_bsize = 4096
+// f_blocks = 268435456
+// f_bfree = 168406890
+// f_bavail = 168355058
+
+// Output before the fix, note the messed layout:
+//
+// f_type = 0x10009123683e
+// f_bsize = 723302085239504896
+// f_blocks = 168355058
+// f_bfree = 2250817541779750912
+// f_bavail = 1099229433104
+```
+
+Fixes: 1f63019632 ("linux-user: Add LoongArch syscall support")
+Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
+Cc: Song Gao <gaosong@loongson.cn>
+Cc: Xiaojuan Yang <yangxiaojuan@loongson.cn>
+Cc: Andreas K. Hüttel <dilfridge@gentoo.org>
+---
+
+Resend with amended commit message to 100% clarify the example output
+are generated on my box and will differ for everyone else. Sorry for
+the noise.
+
+ linux-user/syscall_defs.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
+index 01ee10a88f..77864de57f 100644
+--- a/linux-user/syscall_defs.h
++++ b/linux-user/syscall_defs.h
+@@ -2262,7 +2262,8 @@ struct target_statfs64 {
+ };
+ #elif (defined(TARGET_PPC64) || defined(TARGET_X86_64) || \
+        defined(TARGET_SPARC64) || defined(TARGET_AARCH64) || \
+-       defined(TARGET_RISCV)) && !defined(TARGET_ABI32)
++       defined(TARGET_RISCV) || defined(TARGET_LOONGARCH64)) && \
++       !defined(TARGET_ABI32)
+ struct target_statfs {
+ 	abi_long f_type;
+ 	abi_long f_bsize;
+-- 
+2.38.0
+
+

diff --git a/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch b/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch
new file mode 100644
index 000000000000..5ed67668d0a6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch
@@ -0,0 +1,94 @@
+From xen0n@gentoo.org Thu Oct 06 08:55:00 2022
+Return-Path: <xen0n@gentoo.org>
+X-Original-To: dilfridge@gentoo.org
+Delivered-To: dilfridge@gentoo.org
+From: WANG Xuerui <xen0n@gentoo.org>
+To: qemu-devel@nongnu.org
+Cc: WANG Xuerui <xen0n@gentoo.org>,
+	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
+	Jiaxun Yang <jiaxun.yang@flygoat.com>,
+	=?UTF-8?q?Andreas=20K=20=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>,
+	Joshua Kinard <kumba@gentoo.org>
+Subject: [PATCH] linux-user: Fix more MIPS n32 syscall ABI issues
+Date: Thu,  6 Oct 2022 16:55:00 +0800
+Message-Id: <20221006085500.290341-1-xen0n@gentoo.org>
+X-Mailer: git-send-email 2.38.0
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In commit 80f0fe3a85 ("linux-user: Fix syscall parameter handling for
+MIPS n32") the ABI problem regarding offset64 on MIPS n32 was fixed,
+but still some cases remain where the n32 is incorrectly treated as any
+other 32-bit ABI that passes 64-bit arguments in pairs of GPRs. Fix by
+excluding TARGET_ABI_MIPSN32 from various TARGET_ABI_BITS == 32 checks.
+
+Closes: https://gitlab.com/qemu-project/qemu/-/issues/1238
+Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
+Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Cc: Andreas K. Hüttel <dilfridge@gentoo.org>
+Cc: Joshua Kinard <kumba@gentoo.org>
+---
+
+Note: I can't reproduce the crash with neither MIPS n32 sysroot at my hand
+(a self-built one for Loongson-2F, and stage3-mips64_n32-openrc-20221001T170527Z),
+so I can only verify by looking at the (host and qemu) strace outputs, and
+would have to ask you to review/test this harder. Thanks.
+
+ linux-user/syscall.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 2e954d8dbd..8b2d39fe73 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -11793,7 +11793,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+         return -host_to_target_errno(ret);
+ #endif
+ 
+-#if TARGET_ABI_BITS == 32
++#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
+ 
+ #ifdef TARGET_NR_fadvise64_64
+     case TARGET_NR_fadvise64_64:
+@@ -11920,7 +11920,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+         return get_errno(sys_gettid());
+ #ifdef TARGET_NR_readahead
+     case TARGET_NR_readahead:
+-#if TARGET_ABI_BITS == 32
++#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
+         if (regpairs_aligned(cpu_env, num)) {
+             arg2 = arg3;
+             arg3 = arg4;
+@@ -12612,7 +12612,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+ #endif /* CONFIG_EVENTFD  */
+ #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
+     case TARGET_NR_fallocate:
+-#if TARGET_ABI_BITS == 32
++#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
+         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
+                                   target_offset64(arg5, arg6)));
+ #else
+@@ -12623,7 +12623,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+ #if defined(CONFIG_SYNC_FILE_RANGE)
+ #if defined(TARGET_NR_sync_file_range)
+     case TARGET_NR_sync_file_range:
+-#if TARGET_ABI_BITS == 32
++#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
+ #if defined(TARGET_MIPS)
+         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
+                                         target_offset64(arg5, arg6), arg7));
+@@ -12645,7 +12645,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
+     case TARGET_NR_arm_sync_file_range:
+ #endif
+         /* This is like sync_file_range but the arguments are reordered */
+-#if TARGET_ABI_BITS == 32
++#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
+         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
+                                         target_offset64(arg5, arg6), arg2));
+ #else
+-- 
+2.38.0
+
+

diff --git a/app-emulation/qemu/qemu-7.1.0-r1.ebuild b/app-emulation/qemu/qemu-7.1.0-r1.ebuild
new file mode 100644
index 000000000000..8a48da933fe9
--- /dev/null
+++ b/app-emulation/qemu/qemu-7.1.0-r1.ebuild
@@ -0,0 +1,988 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
+# Set to 1 if prebuilt, 0 if not
+# (the construct below is to allow overriding from env for script)
+QEMU_DOCS_PREBUILT=${QEMU_DOCS_PREBUILT:-1}
+QEMU_DOCS_PREBUILT_DEV=ajak
+QEMU_DOCS_VERSION="${PV}"
+# Default to generating docs (inc. man pages) if no prebuilt; overridden later
+# bug #830088
+QEMU_DOC_USEFLAG="+doc"
+
+PYTHON_COMPAT=( python3_{8,9,10,11} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="7.1.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+		pax-utils xdg-utils
+
+if [[ ${PV} == *9999* ]]; then
+	QEMU_DOCS_PREBUILT=0
+
+	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
+	EGIT_SUBMODULES=(
+		tests/fp/berkeley-softfloat-3
+		tests/fp/berkeley-testfloat-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	MY_P="${PN}-${PV/_rc/-rc}"
+	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
+
+	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
+	fi
+
+	S="${WORKDIR}/${MY_P}"
+	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOC_USEFLAG="doc"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug ${QEMU_DOC_USEFLAG}
+	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
+	jack jemalloc +jpeg
+	lzo multipath
+	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	+slirp
+	smartcard snappy spice ssh static static-user systemtap test udev usb
+	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+	zstd"
+
+COMMON_TARGETS="
+	aarch64
+	alpha
+	arm
+	cris
+	hppa
+	i386
+	loongarch64
+	m68k
+	microblaze
+	microblazeel
+	mips
+	mips64
+	mips64el
+	mipsel
+	nios2
+	or1k
+	ppc
+	ppc64
+	riscv32
+	riscv64
+	s390x
+	sh4
+	sh4eb
+	sparc
+	sparc64
+	x86_64
+	xtensa
+	xtensaeb
+"
+IUSE_SOFTMMU_TARGETS="
+	${COMMON_TARGETS}
+	avr
+	rx
+	tricore
+"
+IUSE_USER_TARGETS="
+	${COMMON_TARGETS}
+	aarch64_be
+	armeb
+	hexagon
+	mipsn32
+	mipsn32el
+	ppc64le
+	sparc32plus
+"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	qemu_softmmu_targets_x86_64? ( fdt )
+	sdl-image? ( sdl )
+	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
+	static-user? ( !plugins )
+	vhost-user-fs? ( caps seccomp )
+	virgl? ( opengl )
+	virtfs? ( caps xattr )
+	vnc? ( gnutls )
+	vte? ( gtk )
+	multipath? ( udev )
+	plugins? ( !static !static-user )
+"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	>=dev-libs/glib-2.0[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bpf? ( dev-libs/libbpf:= )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:= )
+	caps? ( sys-libs/libcap-ng[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		dev-libs/nettle:=[static-libs(+)]
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/gtk+:3
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
+	jack? ( virtual/jack )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	multipath? ( sys-fs/multipath-tools )
+	ncurses? (
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl(+),gbm(+)]
+	)
+	pam? ( sys-libs/pam )
+	png? ( media-libs/libpng:0=[static-libs(+)] )
+	pulseaudio? ( media-sound/pulseaudio )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[video]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	slirp? ( net-libs/libslirp[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.12.3
+		>=app-emulation/spice-0.12.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	udev? ( virtual/libudev:= )
+	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
+"
+
+EDK2_OVMF_VERSION="202202"
+SEABIOS_VERSION="1.16.0"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		~sys-firmware/sgabios-0.1_pre10[binary]
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
+			>=sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		)
+		sys-firmware/ipxe[qemu]
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+		sys-firmware/sgabios
+	)"
+PPC_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	dev-util/meson
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
+	)
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	!static? (
+		${ALL_DEPEND//\[static-libs(+)]}
+		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	)
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static? (
+		${ALL_DEPEND}
+		${SOFTMMU_TOOLS_DEPEND}
+	)
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? (
+		sec-policy/selinux-qemu
+		sys-libs/libselinux
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-6.0.0-make.patch
+	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-7.1.0-strings.patch
+	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
+	"${FILESDIR}"/${PN}-7.1.0-mips-n32-syscalls.patch
+	"${FILESDIR}"/${PN}-7.1.0-loong-stat.patch
+	"${FILESDIR}"/${PN}-7.1.0-faccessat2.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
+	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32
+"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/configs/targets/ >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
+	# this setting (-U then -D..=2) will prevent us from trying out 3, so
+	# drop it. No change to level of protection b/c we patch our toolchain.
+	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
+
+	# Remove bundled modules
+	rm -r dtc meson roms/*/ slirp || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}" || die
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-containers # bug #732972
+		--disable-guest-agent
+		--disable-strip
+		--with-git-submodules=ignore
+
+		# bug #746752: TCG interpreter has a few limitations:
+		# - it does not support FPU
+		# - it's generally slower on non-self-modifying code
+		# It's advantage is support for host architectures
+		# where native codegeneration is not implemented.
+		# Gentoo has qemu keyworded only on targets with
+		# native code generation available. Avoid the interpreter.
+		--disable-tcg-interpreter
+
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+
+		$(use_enable alsa)
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable jack)
+		$(use_enable nls gettext)
+		$(use_enable oss)
+		$(use_enable plugins)
+		$(use_enable pulseaudio pa)
+		$(use_enable selinux)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	# Enable option only for softmmu build, but not 'user' or 'tools'
+	conf_softmmu() {
+		if [[ ${buildtype} == "softmmu" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Enable option only for tools build, but not 'user' or 'softmmu'
+	conf_tools() {
+		if [[ ${buildtype} == "tools" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Special case for the malloc flag, because the --disable flag does
+	# not exist and trying like above will break configuring.
+	conf_malloc() {
+		if [[ ! ${buildtype} == "user" ]] ; then
+			usex "${1}" "--enable-malloc=${1}" ""
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_softmmu bpf)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser caps cap-ng)
+		$(conf_notuser curl)
+		$(conf_tools doc docs)
+		$(conf_notuser fdt)
+		$(conf_notuser fuse)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser io-uring linux-io-uring)
+		$(conf_malloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser multipath mpath)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser pam auth-pam)
+		$(conf_notuser png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_softmmu sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser slirp slirp system)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser udev libudev)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
+		$(conf_notuser zstd)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev jack)
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-blobs
+			--disable-tools
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+		)
+		local static_flag="static"
+
+		for target in ${IUSE_SOFTMMU_TARGETS}; do
+			if use "qemu_softmmu_targets_${target}"; then
+				conf_opts+=(
+					# For some reason, adding this with the setting set
+					# to on *or* off makes the build always fail.
+					# --with-devices-${target}=gentoo
+				)
+			fi
+		done
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--disable-blobs
+			--enable-tools
+		)
+		local static_flag="static"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	# Meson will not use a cross-file unless cross_prefix is set.
+	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
+
+	# Plumb through equivalent of EXTRA_ECONF to allow experiments
+	# like bug #747928.
+	conf_opts+=( ${EXTRA_CONF_QEMU} )
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+
+			# Needed to rework vhost-user-fs handling thanks to https://gitlab.com/qemu-project/qemu/-/commit/5166dab
+			# The option was converted into being configurable by
+			# Kconfig's. So, to enable it, we insert the necessary
+			# options into each arch's softmmu target gentoo.mak file,
+			# then configure with --with-devices-${target}=gentoo.
+			if use vhost-user-fs; then
+				echo "CONFIG_VHOST_USER_FS=y for ${target}-softmmu" || die
+				echo "CONFIG_VIRTIO=y" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
+				echo "CONFIG_VHOST_USER_FS=y" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
+			else
+				echo "CONFIG_VHOST_USER_FS=n for ${target}-softmmu" || die
+				echo "CONFIG_VIRTIO=n" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
+				echo "CONFIG_VHOST_USER_FS=n" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
+			fi
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build" || die
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		default
+	fi
+
+	cd "${S}/tools-build" || die
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build" || die
+	emake DESTDIR="${ED}" install
+
+	# If USE=doc, there'll be newly generated docs which we install instead.
+	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null || die
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null || die
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}" || die
+	dodoc MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+
+		# PPC/PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+
+		if has_version 'sys-firmware/edk2-ovmf-bin'; then
+			ewarn "	$(best_version sys-firmware/edk2-ovmf-bin)"
+		else
+			ewarn " $(best_version sys-firmware/edk2-ovmf)"
+		fi
+
+		if has_version 'sys-firmware/seabios-bin'; then
+			ewarn "	$(best_version sys-firmware/seabios-bin)"
+		else
+			ewarn " $(best_version sys-firmware/seabios)"
+		fi
+
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+
+	if has_version 'sys-firmware/edk2-ovmf-bin'; then
+		echo "  $(best_version sys-firmware/edk2-ovmf-bin)"
+	else
+		echo "  $(best_version sys-firmware/edk2-ovmf)"
+	fi
+
+	if has_version 'sys-firmware/seabios-bin'; then
+		echo "  $(best_version sys-firmware/seabios-bin)"
+	else
+		echo "  $(best_version sys-firmware/seabios)"
+	fi
+
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+	udev_reload
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2022-12-08  1:22 John Helmert III
  0 siblings, 0 replies; 56+ messages in thread
From: John Helmert III @ 2022-12-08  1:22 UTC (permalink / raw
  To: gentoo-commits

commit:     7141cbe5b4dac76ab10d094f8a35b5b65efe343e
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  8 01:21:06 2022 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Thu Dec  8 01:21:33 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7141cbe5

app-emulation/qemu: drop 7.0.0-r3

Bug: https://bugs.gentoo.org/857657
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   2 -
 .../files/qemu-2.11.1-capstone_include_path.patch  |  11 -
 app-emulation/qemu/files/qemu-6.1.0-strings.patch  |  26 -
 ...qemu-7.0.0-also-build-virtfs-proxy-helper.patch |  32 -
 .../qemu/files/qemu-7.0.0-glibc-2.36.patch         |  90 --
 .../qemu/files/qemu-7.0.0-have-user-meson.patch    |  36 -
 .../qemu-7.0.0-pci-overflow-fortify-source-3.patch |  94 --
 .../qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch  | 182 ----
 app-emulation/qemu/qemu-7.0.0-r3.ebuild            | 949 ---------------------
 9 files changed, 1422 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 92d47fc2acc5..2b1f883139dc 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,5 +1,3 @@
-DIST qemu-7.0.0-docs.tar.xz 5101176 BLAKE2B 827d4af2b3fd229d146b47253d12a8bfd60614f5ba60e098abc58a6635bd9f8a029775932f4fc3dee3cb1f0a379133c47d819c53273547abbbf2aacd6bbd4fc5 SHA512 8f27b954a2f3710cee5cb78635631b035ea733f43381d378464733164b897bc0e8c6b373d80f1d97a65b761c13e342ae0c0836202d1506ec0b7c214b7388c7bb
-DIST qemu-7.0.0.tar.xz 125117636 BLAKE2B ceda6d9f1a585298bd49fed61e8bb35f0064ad8388a9f979c8bd68a38bfe1a47c5bb055e5f74f970c2c440957042b9de4a861524120040c56e4cd8b56c5cfb68 SHA512 44ecd10c018a3763e1bc87d1d35b98890d0d5636acd69fe9b5cadf5024d5af6a31684d60cbe1c3370e02986434c1fb0ad99224e0e6f6fe7eda169992508157b1
 DIST qemu-7.1.0-docs.tar.xz 2016780 BLAKE2B 1b84361fe58d504ab740a0b805a25d02f497ca776e7251a99f0e98e3720d1a2029b7a171f9d79dd128ba17a82c72d497e09baa1a4b2f192ba390f0f3b1950792 SHA512 7a328303b8af0ab63aa1f0fe07a121d3ca459d00fca817412e645416af795930dbea0a3e60f4ca006a74d1672e84fa4e626e4d83918e0b685b601043d0d8159e
 DIST qemu-7.1.0.tar.xz 121833004 BLAKE2B e05f91ce4993c7591a2df08b5fb017f8b8ec2141ab7bfd55d14730ea6b793ac1091de539992058392a5522d4e58beee92a87752707be58e3619b8213ef9f35bf SHA512 c60c5ff8ec99b7552e485768908920658fdd8035ff7a6fa370fb6881957dc8b7e5f18ff1a8f49bd6aa22909ede2a7c084986d8244f12074ccd33ebe40a0c411f
 DIST qemu-7.2.0-rc3.tar.xz 122373832 BLAKE2B 6345cd631e3de26974fc0534de9c6b55d0bcab31b440c03066a46c6dd9580b535ed8f4f8117bcfb970bcf2fe51890887a676c8600e6b699a2c053199dfbe6966 SHA512 4f9d1554be22456538ccae1a39673033b088e6c1b4990fa8b57ae71061086d66d3cf33fa84ac19a878d11ee3cbc810f22fb28b03e6305c211a7156549cde6669

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
deleted file mode 100644
index d79570ebb8aa..000000000000
--- a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- qemu-2.11.1/include/disas/capstone.h	2018-02-14 22:53:22.000000000 +0100
-+++ qemu-2.11.1/include/disas/capstone.h	2018-02-17 20:12:12.754703951 +0100
-@@ -3,7 +3,7 @@
- 
- #ifdef CONFIG_CAPSTONE
- 
--#include <capstone.h>
-+#include <capstone/capstone.h>
- 
- #else
- 

diff --git a/app-emulation/qemu/files/qemu-6.1.0-strings.patch b/app-emulation/qemu/files/qemu-6.1.0-strings.patch
deleted file mode 100644
index 2efe7b29330a..000000000000
--- a/app-emulation/qemu/files/qemu-6.1.0-strings.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Forward-ported from original patch for 5.2.0.
-
-diff --git a/configure b/configure
-index da2501489f..4660ee3ee5 100755
---- a/configure
-+++ b/configure
-@@ -516,6 +516,7 @@ ld="${LD-${cross_prefix}ld}"
- ranlib="${RANLIB-${cross_prefix}ranlib}"
- nm="${NM-${cross_prefix}nm}"
- strip="${STRIP-${cross_prefix}strip}"
-+strings="${STRINGS-${cross_prefix}strings}"
- windres="${WINDRES-${cross_prefix}windres}"
- pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
- query_pkg_config() {
-@@ -2380,9 +2381,9 @@ int main(int argc, char *argv[])
- EOF
- 
- if compile_prog ; then
--    if strings -a $TMPE | grep -q BiGeNdIaN ; then
-+    if $strings -a $TMPE | grep -q BiGeNdIaN ; then
-         bigendian="yes"
--    elif strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
-+    elif $strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
-         bigendian="no"
-     else
-         echo big/little test failed

diff --git a/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch b/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch
deleted file mode 100644
index ca2e9433792c..000000000000
--- a/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c1093041466772f4b62961bcc5a354801d41355d Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@43-1.org>
-Date: Mon, 4 Apr 2022 12:56:59 +0200
-Subject: [PATCH] also build virtfs-proxy-helper
-
-The Gentoo ebuild splits the qemu build into a softmmu, user and tool
-phase in order to be able to build and link some of the qemu emulators
-statically. This unfortunately has the consequence that we never
-configure with "have_virtfs" and "have_tools" at the same time.
-
-As a workaround, simply build the virtfs userland unconditionally. After
-all, it is a tiny executable
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 861de93c4f..a8d29be3aa 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1474,7 +1474,7 @@ have_virtfs = get_option('virtfs') \
-     .disable_auto_if(not have_tools and not have_system) \
-     .allowed()
- 
--have_virtfs_proxy_helper = targetos != 'darwin' and have_virtfs and have_tools
-+have_virtfs_proxy_helper = have_tools and libattr.found() and libcap_ng.found()
- 
- foreach k : get_option('trace_backends')
-   config_host_data.set('CONFIG_TRACE_' + k.to_upper(), true)
--- 
-2.35.1
-

diff --git a/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch b/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
deleted file mode 100644
index 85343c4d00e7..000000000000
--- a/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-https://lore.kernel.org/all/20220802183409.GB2040@redhat.com/T/
-https://bugs.gentoo.org/863443
-
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-To: qemu-devel@nongnu.org
-Cc: Laurent Vivier <laurent@vivier.eu>,
- =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Subject: [PATCH for 7.1] linux-user: fix compat with glibc >= 2.36 sys/mount.h
-Date: Tue,  2 Aug 2022 12:41:34 -0400
-
-The latest glibc 2.36 has extended sys/mount.h so that it
-defines the FSCONFIG_* enum constants. These are historically
-defined in linux/mount.h, and thus if you include both headers
-the compiler complains:
-
-In file included from /usr/include/linux/fs.h:19,
-                 from ../linux-user/syscall.c:98:
-/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
-   95 | enum fsconfig_command {
-      |      ^~~~~~~~~~~~~~~~
-In file included from ../linux-user/syscall.c:31:
-/usr/include/sys/mount.h:189:6: note: originally defined here
-  189 | enum fsconfig_command
-      |      ^~~~~~~~~~~~~~~~
-/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
-   96 |         FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
-      |         ^~~~~~~~~~~~~~~~~
-/usr/include/sys/mount.h:191:3: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
-  191 |   FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
-      |   ^~~~~~~~~~~~~~~~~
-...snip...
-
-QEMU doesn't include linux/mount.h, but it does use
-linux/fs.h and thus gets linux/mount.h indirectly.
-
-glibc acknowledges this problem but does not appear to
-be intending to fix it in the forseeable future, simply
-documenting it as a known incompatibility with no
-workaround:
-
-  https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
-  https://sourceware.org/glibc/wiki/Synchronizing_Headers
-
-To address this requires either removing use of sys/mount.h
-or linux/fs.h, despite QEMU needing declarations from
-both.
-
-This patch removes linux/fs.h, meaning we have to define
-various FS_IOC constants that are now unavailable.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -95,7 +95,25 @@
- #include <linux/soundcard.h>
- #include <linux/kd.h>
- #include <linux/mtio.h>
-+
-+#ifdef HAVE_SYS_MOUNT_FSCONFIG
-+/*
-+ * glibc >= 2.36 linux/mount.h conflicts with sys/mount.h,
-+ * which in turn prevents use of linux/fs.h. So we have to
-+ * define the constants ourselves for now.
-+ */
-+#define FS_IOC_GETFLAGS                _IOR('f', 1, long)
-+#define FS_IOC_SETFLAGS                _IOW('f', 2, long)
-+#define FS_IOC_GETVERSION              _IOR('v', 1, long)
-+#define FS_IOC_SETVERSION              _IOW('v', 2, long)
-+#define FS_IOC_FIEMAP                  _IOWR('f', 11, struct fiemap)
-+#define FS_IOC32_GETFLAGS              _IOR('f', 1, int)
-+#define FS_IOC32_SETFLAGS              _IOW('f', 2, int)
-+#define FS_IOC32_GETVERSION            _IOR('v', 1, int)
-+#define FS_IOC32_SETVERSION            _IOW('v', 2, int)
-+#else
- #include <linux/fs.h>
-+#endif
- #include <linux/fd.h>
- #if defined(CONFIG_FIEMAP)
- #include <linux/fiemap.h>
---- a/meson.build
-+++ b/meson.build
-@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
-                      cc.has_header_symbol('getopt.h', 'optreset'))
- config_host_data.set('HAVE_IPPROTO_MPTCP',
-                      cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
-+config_host_data.set('HAVE_SYS_MOUNT_FSCONFIG',
-+                     cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG'))
- 
- # has_member
- config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',

diff --git a/app-emulation/qemu/files/qemu-7.0.0-have-user-meson.patch b/app-emulation/qemu/files/qemu-7.0.0-have-user-meson.patch
deleted file mode 100644
index 2acf73cff86e..000000000000
--- a/app-emulation/qemu/files/qemu-7.0.0-have-user-meson.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 2296b4655694744f7c8dcdc9440c21d86e19968e Mon Sep 17 00:00:00 2001
-From: Thomas Huth <thuth@redhat.com>
-Date: Wed, 22 Jun 2022 16:03:28 +0200
-Subject: [PATCH] common-user: Only compile the common user code if have_user
- is set
-
-There is no need to waste cycles here if we only compile the system
-binaries or tools. Additionally, this change is even a hard requirement
-for building the tools on systems that do not have an entry in the
-common-user/host/ folder (since common-user/meson.build is trying
-to add such a path via the include_directories() command).
-
-Reported-by: Michael Tokarev <mjt@tls.msk.ru>
-Signed-off-by: Thomas Huth <thuth@redhat.com>
-Reviewed-by: Zhang Chen <chen.zhang@intel.com>
-Message-Id: <20220622140328.383961-1-thuth@redhat.com>
-Signed-off-by: Laurent Vivier <laurent@vivier.eu>
----
- common-user/meson.build | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/common-user/meson.build b/common-user/meson.build
-index 26212dda5c..ac9de5b9e3 100644
---- a/common-user/meson.build
-+++ b/common-user/meson.build
-@@ -1,3 +1,7 @@
-+if not have_user
-+   subdir_done()
-+endif
-+
- common_user_inc += include_directories('host/' / host_arch)
- 
- user_ss.add(files(
--- 
-GitLab
-

diff --git a/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch b/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
deleted file mode 100644
index 767f66243fcc..000000000000
--- a/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-https://bugs.gentoo.org/849587
-https://bugzilla.opensuse.org/show_bug.cgi?id=1199924
-https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg06183.html
-
-From qemu-devel  Tue May 31 11:47:07 2022
-From: Claudio Fontana <cfontana () suse ! de>
-Date: Tue, 31 May 2022 11:47:07 +0000
-To: qemu-devel
-Subject: [PATCH] pci: fix overflow in snprintf string formatting
-Message-Id: <20220531114707.18830-1-cfontana () suse ! de>
-X-MARC-Message: https://marc.info/?l=qemu-devel&m=165399772310578
-
-the code in pcibus_get_fw_dev_path contained the potential for a
-stack buffer overflow of 1 byte, potentially writing to the stack an
-extra NUL byte.
-
-This overflow could happen if the PCI slot is >= 0x10000000,
-and the PCI function is >= 0x10000000, due to the size parameter
-of snprintf being incorrectly calculated in the call:
-
-    if (PCI_FUNC(d->devfn))
-        snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
-
-since the off obtained from a previous call to snprintf is added
-instead of subtracted from the total available size of the buffer.
-
-Without the accurate size guard from snprintf, we end up writing in the
-worst case:
-
-name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes
-
-In order to provide something more robust, replace all of the code in
-pcibus_get_fw_dev_path with a single call to g_strdup_printf,
-so there is no need to rely on manual calculations.
-
-Found by compiling QEMU with FORTIFY_SOURCE=3 as the error:
-
-*** buffer overflow detected ***: terminated
-
-Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
-[Switching to Thread 0x7ffff642c380 (LWP 121307)]
-0x00007ffff71ff55c in __pthread_kill_implementation () from /lib64/libc.so.6
-(gdb) bt
- #0  0x00007ffff71ff55c in __pthread_kill_implementation () at /lib64/libc.so.6
- #1  0x00007ffff71ac6f6 in raise () at /lib64/libc.so.6
- #2  0x00007ffff7195814 in abort () at /lib64/libc.so.6
- #3  0x00007ffff71f279e in __libc_message () at /lib64/libc.so.6
- #4  0x00007ffff729767a in __fortify_fail () at /lib64/libc.so.6
- #5  0x00007ffff7295c36 in  () at /lib64/libc.so.6
- #6  0x00007ffff72957f5 in __snprintf_chk () at /lib64/libc.so.6
- #7  0x0000555555b1c1fd in pcibus_get_fw_dev_path ()
- #8  0x0000555555f2bde4 in qdev_get_fw_dev_path_helper.constprop ()
- #9  0x0000555555f2bd86 in qdev_get_fw_dev_path_helper.constprop ()
- #10 0x00005555559a6e5d in get_boot_device_path ()
- #11 0x00005555559a712c in get_boot_devices_list ()
- #12 0x0000555555b1a3d0 in fw_cfg_machine_reset ()
- #13 0x0000555555bf4c2d in pc_machine_reset ()
- #14 0x0000555555c66988 in qemu_system_reset ()
- #15 0x0000555555a6dff6 in qdev_machine_creation_done ()
- #16 0x0000555555c79186 in qmp_x_exit_preconfig.part ()
- #17 0x0000555555c7b459 in qemu_init ()
- #18 0x0000555555960a29 in main ()
-
-Found-by: Dario Faggioli <Dario Faggioli <dfaggioli@suse.com>
-Found-by: Martin Liška <martin.liska@suse.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Claudio Fontana <cfontana@suse.de>
---- a/hw/pci/pci.c
-+++ b/hw/pci/pci.c
-@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
- static char *pcibus_get_fw_dev_path(DeviceState *dev)
- {
-     PCIDevice *d = (PCIDevice *)dev;
--    char path[50], name[33];
--    int off;
--
--    off = snprintf(path, sizeof(path), "%s@%x",
--                   pci_dev_fw_name(dev, name, sizeof name),
--                   PCI_SLOT(d->devfn));
--    if (PCI_FUNC(d->devfn))
--        snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
--    return g_strdup(path);
-+    char name[33];
-+    int has_func = !!PCI_FUNC(d->devfn);
-+
-+    return g_strdup_printf("%s@%x%s%.*x",
-+                           pci_dev_fw_name(dev, name, sizeof(name)),
-+                           PCI_SLOT(d->devfn),
-+                           has_func ? "," : "",
-+                           has_func,
-+                           PCI_FUNC(d->devfn));
- }
- 
- static char *pcibus_get_dev_path(DeviceState *dev)

diff --git a/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch b/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch
deleted file mode 100644
index 9ec6ede80896..000000000000
--- a/app-emulation/qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-https://bugs.gentoo.org/849500
-https://gitlab.com/qemu-project/qemu/-/commit/2f743ef6366c2df4ef51ef3ae318138cdc0125ab.patch
-https://gitlab.com/qemu-project/qemu/-/commit/38738f7dbbda90fbc161757b7f4be35b52205552.patch
-
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Wed, 27 Apr 2022 15:35:36 +0100
-Subject: [PATCH] virtio-scsi: fix ctrl and event handler functions in
- dataplane mode
-
-Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
-virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
-virtqueue handler function to be used in both the dataplane and
-non-datpalane code paths.
-
-It failed to convert the ctrl and event virtqueue handler functions,
-which are not designed to be called from the dataplane code path but
-will be since the ioeventfd is set up for those virtqueues when
-dataplane starts.
-
-Convert the ctrl and event virtqueue handler functions now so they
-operate correctly when called from the dataplane code path. Avoid code
-duplication by extracting this code into a helper function.
-
-Fixes: f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare virtio_scsi_handle_cmd for dataplane")
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20220427143541.119567-2-stefanha@redhat.com
-[Fixed s/by used/be used/ typo pointed out by Michael Tokarev
-<mjt@tls.msk.ru>.
---Stefan]
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---- a/hw/scsi/virtio-scsi.c
-+++ b/hw/scsi/virtio-scsi.c
-@@ -472,16 +472,32 @@ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
-     return progress;
- }
- 
-+/*
-+ * If dataplane is configured but not yet started, do so now and return true on
-+ * success.
-+ *
-+ * Dataplane is started by the core virtio code but virtqueue handler functions
-+ * can also be invoked when a guest kicks before DRIVER_OK, so this helper
-+ * function helps us deal with manually starting ioeventfd in that case.
-+ */
-+static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s)
-+{
-+    if (!s->ctx || s->dataplane_started) {
-+        return false;
-+    }
-+
-+    virtio_device_start_ioeventfd(&s->parent_obj.parent_obj);
-+    return !s->dataplane_fenced;
-+}
-+
- static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
- {
-     VirtIOSCSI *s = (VirtIOSCSI *)vdev;
- 
--    if (s->ctx) {
--        virtio_device_start_ioeventfd(vdev);
--        if (!s->dataplane_fenced) {
--            return;
--        }
-+    if (virtio_scsi_defer_to_dataplane(s)) {
-+        return;
-     }
-+
-     virtio_scsi_acquire(s);
-     virtio_scsi_handle_ctrl_vq(s, vq);
-     virtio_scsi_release(s);
-@@ -720,12 +736,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
-     /* use non-QOM casts in the data path */
-     VirtIOSCSI *s = (VirtIOSCSI *)vdev;
- 
--    if (s->ctx && !s->dataplane_started) {
--        virtio_device_start_ioeventfd(vdev);
--        if (!s->dataplane_fenced) {
--            return;
--        }
-+    if (virtio_scsi_defer_to_dataplane(s)) {
-+        return;
-     }
-+
-     virtio_scsi_acquire(s);
-     virtio_scsi_handle_cmd_vq(s, vq);
-     virtio_scsi_release(s);
-@@ -855,12 +869,10 @@ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
- {
-     VirtIOSCSI *s = VIRTIO_SCSI(vdev);
- 
--    if (s->ctx) {
--        virtio_device_start_ioeventfd(vdev);
--        if (!s->dataplane_fenced) {
--            return;
--        }
-+    if (virtio_scsi_defer_to_dataplane(s)) {
-+        return;
-     }
-+
-     virtio_scsi_acquire(s);
-     virtio_scsi_handle_event_vq(s, vq);
-     virtio_scsi_release(s);
-GitLab
-
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Wed, 27 Apr 2022 15:35:37 +0100
-Subject: [PATCH] virtio-scsi: don't waste CPU polling the event virtqueue
-
-The virtio-scsi event virtqueue is not emptied by its handler function.
-This is typical for rx virtqueues where the device uses buffers when
-some event occurs (e.g. a packet is received, an error condition
-happens, etc).
-
-Polling non-empty virtqueues wastes CPU cycles. We are not waiting for
-new buffers to become available, we are waiting for an event to occur,
-so it's a misuse of CPU resources to poll for buffers.
-
-Introduce the new virtio_queue_aio_attach_host_notifier_no_poll() API,
-which is identical to virtio_queue_aio_attach_host_notifier() except
-that it does not poll the virtqueue.
-
-Before this patch the following command-line consumed 100% CPU in the
-IOThread polling and calling virtio_scsi_handle_event():
-
-  $ qemu-system-x86_64 -M accel=kvm -m 1G -cpu host \
-      --object iothread,id=iothread0 \
-      --device virtio-scsi-pci,iothread=iothread0 \
-      --blockdev file,filename=test.img,aio=native,cache.direct=on,node-name=drive0 \
-      --device scsi-hd,drive=drive0
-
-After this patch CPU is no longer wasted.
-
-Reported-by: Nir Soffer <nsoffer@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Tested-by: Nir Soffer <nsoffer@redhat.com>
-Message-id: 20220427143541.119567-3-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---- a/hw/scsi/virtio-scsi-dataplane.c
-+++ b/hw/scsi/virtio-scsi-dataplane.c
-@@ -138,7 +138,7 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
- 
-     aio_context_acquire(s->ctx);
-     virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
--    virtio_queue_aio_attach_host_notifier(vs->event_vq, s->ctx);
-+    virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
- 
-     for (i = 0; i < vs->conf.num_queues; i++) {
-         virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -3534,6 +3534,19 @@ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx)
-                                 virtio_queue_host_notifier_aio_poll_end);
- }
- 
-+/*
-+ * Same as virtio_queue_aio_attach_host_notifier() but without polling. Use
-+ * this for rx virtqueues and similar cases where the virtqueue handler
-+ * function does not pop all elements. When the virtqueue is left non-empty
-+ * polling consumes CPU cycles and should not be used.
-+ */
-+void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx)
-+{
-+    aio_set_event_notifier(ctx, &vq->host_notifier, true,
-+                           virtio_queue_host_notifier_read,
-+                           NULL, NULL);
-+}
-+
- void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx)
- {
-     aio_set_event_notifier(ctx, &vq->host_notifier, true, NULL, NULL, NULL);
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -317,6 +317,7 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
- void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled);
- void virtio_queue_host_notifier_read(EventNotifier *n);
- void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx);
-+void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx);
- void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
- VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
- VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
-GitLab

diff --git a/app-emulation/qemu/qemu-7.0.0-r3.ebuild b/app-emulation/qemu/qemu-7.0.0-r3.ebuild
deleted file mode 100644
index 126f0338e5ba..000000000000
--- a/app-emulation/qemu/qemu-7.0.0-r3.ebuild
+++ /dev/null
@@ -1,949 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
-# Set to 1 if prebuilt, 0 if not
-# (the construct below is to allow overriding from env for script)
-: ${QEMU_DOCS_PREBUILT:=1}
-
-QEMU_DOCS_PREBUILT_DEV=sam
-QEMU_DOCS_VERSION=$(ver_cut 1-3)
-# Default to generating docs (inc. man pages) if no prebuilt; overridden later
-# bug #830088
-QEMU_DOCS_USEFLAG="+doc"
-
-PYTHON_COMPAT=( python3_{8,9,10,11} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="7.0.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} == *9999* ]]; then
-	QEMU_DOCS_PREBUILT=0
-
-	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
-	EGIT_SUBMODULES=(
-		meson
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	MY_P="${PN}-${PV/_rc/-rc}"
-	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
-
-	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
-	fi
-
-	KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ppc64 ~riscv x86"
-	S="${WORKDIR}/${MY_P}"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOCS_USEFLAG="doc"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug ${QEMU_DOCS_USEFLAG}
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202105"
-SEABIOS_VERSION="1.14.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}[binary]
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-		sys-firmware/ipxe[qemu]
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-${SEABIOS_VERSION}[binary,seavgabios]
-	)
-	!pin-upstream-blobs? (
-		>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-6.1.0-strings.patch
-	"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
-	"${FILESDIR}"/${P}-virtio-scsi-fixes.patch
-	"${FILESDIR}"/${P}-pci-overflow-fortify-source-3.patch
-	"${FILESDIR}"/${P}-glibc-2.36.patch
-	"${FILESDIR}"/${PN}-7.0.0-have-user-meson.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
-	# this setting (-U then -D..=2) will prevent us from trying out 3, so
-	# drop it. No change to level of protection b/c we patch our toolchain.
-	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
-
-	# Remove bundled copy of libfdt
-	rm -r dtc || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}" || die
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--python="${PYTHON}"
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png vnc-png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser vhost-user-fs)
-		$(conf_tools vhost-user-fs virtiofsd)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build" || die
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		default
-	fi
-
-	cd "${S}/tools-build" || die
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build" || die
-	emake DESTDIR="${ED}" install
-
-	# If USE=doc, there'll be newly generated docs which we install instead.
-	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null || die
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null || die
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}" || die
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		rm "${ED}/usr/share/qemu/bios.bin"
-		rm "${ED}/usr/share/qemu/bios-256k.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		rm "${ED}/usr/share/qemu/sgabios.bin"
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		rm "${ED}"/usr/share/qemu/pxe-*.rom
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-		ewarn "	$(best_version sys-firmware/edk2-ovmf)"
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/seabios)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-	echo "  $(best_version sys-firmware/edk2-ovmf)"
-	if has_version 'sys-firmware/edk2-ovmf[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/seabios)"
-	if has_version 'sys-firmware/seabios[binary]'; then
-		echo "    USE=binary"
-	else
-		echo "    USE=''"
-	fi
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-02-04 16:46 Andreas K. Hüttel
  0 siblings, 0 replies; 56+ messages in thread
From: Andreas K. Hüttel @ 2023-02-04 16:46 UTC (permalink / raw
  To: gentoo-commits

commit:     230e67a4b5a7fbb65587eabc556163f21c98f2dd
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 16:45:33 2023 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 16:45:51 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=230e67a4

app-emulation/qemu: drop 7.1.0, 7.1.0-r2

Bug: https://bugs.gentoo.org/883693
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   2 -
 .../qemu/files/qemu-7.1.0-faccessat2.patch         |  78 --
 .../qemu/files/qemu-7.1.0-loong-stat.patch         |  98 --
 .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch  |  94 --
 app-emulation/qemu/files/qemu-7.1.0-strings.patch  |  26 -
 app-emulation/qemu/qemu-7.1.0-r2.ebuild            | 967 --------------------
 app-emulation/qemu/qemu-7.1.0.ebuild               | 985 ---------------------
 7 files changed, 2250 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 12a458ea48a1..0754b3215fa0 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,2 @@
-DIST qemu-7.1.0-docs.tar.xz 2016780 BLAKE2B 1b84361fe58d504ab740a0b805a25d02f497ca776e7251a99f0e98e3720d1a2029b7a171f9d79dd128ba17a82c72d497e09baa1a4b2f192ba390f0f3b1950792 SHA512 7a328303b8af0ab63aa1f0fe07a121d3ca459d00fca817412e645416af795930dbea0a3e60f4ca006a74d1672e84fa4e626e4d83918e0b685b601043d0d8159e
-DIST qemu-7.1.0.tar.xz 121833004 BLAKE2B e05f91ce4993c7591a2df08b5fb017f8b8ec2141ab7bfd55d14730ea6b793ac1091de539992058392a5522d4e58beee92a87752707be58e3619b8213ef9f35bf SHA512 c60c5ff8ec99b7552e485768908920658fdd8035ff7a6fa370fb6881957dc8b7e5f18ff1a8f49bd6aa22909ede2a7c084986d8244f12074ccd33ebe40a0c411f
 DIST qemu-7.2.0-docs.tar.xz 1984184 BLAKE2B 103900fb7903ed8d75f7f012bf61fa2d6fce345b657c851d0437c3384f5735bd1cfd3129320683ea7846ea0b0940e5af5b2663c9320f12fee74b058523a8ea06 SHA512 a7edd448982865e07533c300d3e44a8b50cefbdde1982b73c24d0b2aa74315439252c59b634c75de312860874c7b06c75aa72629da681b5105f28ee936794585
 DIST qemu-7.2.0.tar.xz 122408576 BLAKE2B 415ff621356c59f88b29cfe3ef5db1e282b26bbafbee3d535477c6125ccb060ec9762d9e3ab9f70ce5478804dca0a46a59bcf12c112a2462029a93e578e61530 SHA512 f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13

diff --git a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
deleted file mode 100644
index ea168f609fc8..000000000000
--- a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 35a2c85f7d691db7aa2c47181902ac87478eef7a Mon Sep 17 00:00:00 2001
-From: WANG Xuerui <xen0n@gentoo.org>
-Date: Sun, 9 Oct 2022 14:08:13 +0800
-Subject: [PATCH] linux-user: Implement faccessat2
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-User space has been preferring this syscall for a while, due to its
-closer match with C semantics, and newer platforms such as LoongArch
-apparently have libc implementations that don't fallback to faccessat
-so normal access checks are failing without the emulation in place.
-
-Tested by successfully emerging several packages within a Gentoo loong
-stage3 chroot, emulated on amd64 with help of static qemu-loongarch64.
-
-Reported-by: Andreas K. Hüttel <dilfridge@gentoo.org>
-Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
-Message-Id: <20221009060813.2289077-1-xen0n@gentoo.org>
-[lv: removing defined(__NR_faccessat2) in syscall.c,
-     adding defined(TARGET_NR_faccessat2) on print_faccessat()]
-Signed-off-by: Laurent Vivier <laurent@vivier.eu>
----
- linux-user/strace.c    | 2 +-
- linux-user/strace.list | 3 +++
- linux-user/syscall.c   | 9 +++++++++
- 3 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/linux-user/strace.c b/linux-user/strace.c
-index 86c081c83f..9ae5a812cd 100644
---- a/linux-user/strace.c
-+++ b/linux-user/strace.c
-@@ -1969,7 +1969,7 @@ print_execv(CPUArchState *cpu_env, const struct syscallname *name,
- }
- #endif
- 
--#ifdef TARGET_NR_faccessat
-+#if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
- static void
- print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
-                 abi_long arg0, abi_long arg1, abi_long arg2,
-diff --git a/linux-user/strace.list b/linux-user/strace.list
-index a87415bf3d..3df2184580 100644
---- a/linux-user/strace.list
-+++ b/linux-user/strace.list
-@@ -178,6 +178,9 @@
- #ifdef TARGET_NR_faccessat
- { TARGET_NR_faccessat, "faccessat" , NULL, print_faccessat, NULL },
- #endif
-+#ifdef TARGET_NR_faccessat2
-+{ TARGET_NR_faccessat2, "faccessat2" , NULL, print_faccessat, NULL },
-+#endif
- #ifdef TARGET_NR_fadvise64
- { TARGET_NR_fadvise64, "fadvise64" , NULL, NULL, NULL },
- #endif
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index d499cac1d5..e985ad167f 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -9143,6 +9143,15 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-         unlock_user(p, arg2, 0);
-         return ret;
- #endif
-+#if defined(TARGET_NR_faccessat2)
-+    case TARGET_NR_faccessat2:
-+        if (!(p = lock_user_string(arg2))) {
-+            return -TARGET_EFAULT;
-+        }
-+        ret = get_errno(faccessat(arg1, p, arg3, arg4));
-+        unlock_user(p, arg2, 0);
-+        return ret;
-+#endif
- #ifdef TARGET_NR_nice /* not on alpha */
-     case TARGET_NR_nice:
-         return get_errno(nice(arg1));
--- 
-2.37.4
-

diff --git a/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch b/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
deleted file mode 100644
index 85fd2c98914a..000000000000
--- a/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From xen0n@gentoo.org Thu Oct 06 10:07:10 2022
-Return-Path: <xen0n@gentoo.org>
-X-Original-To: dilfridge@gentoo.org
-Delivered-To: dilfridge@gentoo.org
-From: WANG Xuerui <xen0n@gentoo.org>
-To: qemu-devel@nongnu.org
-Cc: Richard Henderson <richard.henderson@linaro.org>,
-	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
-	WANG Xuerui <xen0n@gentoo.org>,
-	Song Gao <gaosong@loongson.cn>,
-	Xiaojuan Yang <yangxiaojuan@loongson.cn>,
-	=?UTF-8?q?Andreas=20K=20=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>
-Subject: [PATCH RESEND] linux-user: Fix struct statfs ABI on loongarch64
-Date: Thu,  6 Oct 2022 18:07:10 +0800
-Message-Id: <20221006100710.427252-1-xen0n@gentoo.org>
-X-Mailer: git-send-email 2.38.0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Previously the 32-bit version was incorrectly chosen, leading to funny
-but incorrect output from e.g. df(1). Simply select the version
-corresponding to the 64-bit asm-generic definition.
-
-For reference, this program should produce the same output no matter
-natively compiled or not, for loongarch64 or not:
-
-```c
-#include <stdio.h>
-#include <sys/statfs.h>
-
-int main(int argc, const char *argv[])
-{
-  struct statfs b;
-  if (statfs(argv[0], &b))
-    return 1;
-
-  printf("f_type = 0x%lx\n", b.f_type);
-  printf("f_bsize = %ld\n", b.f_bsize);
-  printf("f_blocks = %ld\n", b.f_blocks);
-  printf("f_bfree = %ld\n", b.f_bfree);
-  printf("f_bavail = %ld\n", b.f_bavail);
-
-  return 0;
-}
-
-// Example output on my amd64 box, with the test binary residing on a
-// btrfs partition.
-
-// Native and emulated output after the fix:
-//
-// f_type = 0x9123683e
-// f_bsize = 4096
-// f_blocks = 268435456
-// f_bfree = 168406890
-// f_bavail = 168355058
-
-// Output before the fix, note the messed layout:
-//
-// f_type = 0x10009123683e
-// f_bsize = 723302085239504896
-// f_blocks = 168355058
-// f_bfree = 2250817541779750912
-// f_bavail = 1099229433104
-```
-
-Fixes: 1f63019632 ("linux-user: Add LoongArch syscall support")
-Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
-Cc: Song Gao <gaosong@loongson.cn>
-Cc: Xiaojuan Yang <yangxiaojuan@loongson.cn>
-Cc: Andreas K. Hüttel <dilfridge@gentoo.org>
----
-
-Resend with amended commit message to 100% clarify the example output
-are generated on my box and will differ for everyone else. Sorry for
-the noise.
-
- linux-user/syscall_defs.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
-index 01ee10a88f..77864de57f 100644
---- a/linux-user/syscall_defs.h
-+++ b/linux-user/syscall_defs.h
-@@ -2262,7 +2262,8 @@ struct target_statfs64 {
- };
- #elif (defined(TARGET_PPC64) || defined(TARGET_X86_64) || \
-        defined(TARGET_SPARC64) || defined(TARGET_AARCH64) || \
--       defined(TARGET_RISCV)) && !defined(TARGET_ABI32)
-+       defined(TARGET_RISCV) || defined(TARGET_LOONGARCH64)) && \
-+       !defined(TARGET_ABI32)
- struct target_statfs {
- 	abi_long f_type;
- 	abi_long f_bsize;
--- 
-2.38.0
-
-

diff --git a/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch b/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch
deleted file mode 100644
index 5ed67668d0a6..000000000000
--- a/app-emulation/qemu/files/qemu-7.1.0-mips-n32-syscalls.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From xen0n@gentoo.org Thu Oct 06 08:55:00 2022
-Return-Path: <xen0n@gentoo.org>
-X-Original-To: dilfridge@gentoo.org
-Delivered-To: dilfridge@gentoo.org
-From: WANG Xuerui <xen0n@gentoo.org>
-To: qemu-devel@nongnu.org
-Cc: WANG Xuerui <xen0n@gentoo.org>,
-	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
-	Jiaxun Yang <jiaxun.yang@flygoat.com>,
-	=?UTF-8?q?Andreas=20K=20=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>,
-	Joshua Kinard <kumba@gentoo.org>
-Subject: [PATCH] linux-user: Fix more MIPS n32 syscall ABI issues
-Date: Thu,  6 Oct 2022 16:55:00 +0800
-Message-Id: <20221006085500.290341-1-xen0n@gentoo.org>
-X-Mailer: git-send-email 2.38.0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In commit 80f0fe3a85 ("linux-user: Fix syscall parameter handling for
-MIPS n32") the ABI problem regarding offset64 on MIPS n32 was fixed,
-but still some cases remain where the n32 is incorrectly treated as any
-other 32-bit ABI that passes 64-bit arguments in pairs of GPRs. Fix by
-excluding TARGET_ABI_MIPSN32 from various TARGET_ABI_BITS == 32 checks.
-
-Closes: https://gitlab.com/qemu-project/qemu/-/issues/1238
-Signed-off-by: WANG Xuerui <xen0n@gentoo.org>
-Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
-Cc: Andreas K. Hüttel <dilfridge@gentoo.org>
-Cc: Joshua Kinard <kumba@gentoo.org>
----
-
-Note: I can't reproduce the crash with neither MIPS n32 sysroot at my hand
-(a self-built one for Loongson-2F, and stage3-mips64_n32-openrc-20221001T170527Z),
-so I can only verify by looking at the (host and qemu) strace outputs, and
-would have to ask you to review/test this harder. Thanks.
-
- linux-user/syscall.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 2e954d8dbd..8b2d39fe73 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -11793,7 +11793,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-         return -host_to_target_errno(ret);
- #endif
- 
--#if TARGET_ABI_BITS == 32
-+#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
- 
- #ifdef TARGET_NR_fadvise64_64
-     case TARGET_NR_fadvise64_64:
-@@ -11920,7 +11920,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-         return get_errno(sys_gettid());
- #ifdef TARGET_NR_readahead
-     case TARGET_NR_readahead:
--#if TARGET_ABI_BITS == 32
-+#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
-         if (regpairs_aligned(cpu_env, num)) {
-             arg2 = arg3;
-             arg3 = arg4;
-@@ -12612,7 +12612,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
- #endif /* CONFIG_EVENTFD  */
- #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
-     case TARGET_NR_fallocate:
--#if TARGET_ABI_BITS == 32
-+#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
-         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
-                                   target_offset64(arg5, arg6)));
- #else
-@@ -12623,7 +12623,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
- #if defined(CONFIG_SYNC_FILE_RANGE)
- #if defined(TARGET_NR_sync_file_range)
-     case TARGET_NR_sync_file_range:
--#if TARGET_ABI_BITS == 32
-+#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
- #if defined(TARGET_MIPS)
-         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
-                                         target_offset64(arg5, arg6), arg7));
-@@ -12645,7 +12645,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
-     case TARGET_NR_arm_sync_file_range:
- #endif
-         /* This is like sync_file_range but the arguments are reordered */
--#if TARGET_ABI_BITS == 32
-+#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
-         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
-                                         target_offset64(arg5, arg6), arg2));
- #else
--- 
-2.38.0
-
-

diff --git a/app-emulation/qemu/files/qemu-7.1.0-strings.patch b/app-emulation/qemu/files/qemu-7.1.0-strings.patch
deleted file mode 100644
index 01f235b9a33c..000000000000
--- a/app-emulation/qemu/files/qemu-7.1.0-strings.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Forward-ported from original patch for 5.2.0.
-
-diff --git a/configure b/configure
-index da2501489f..4660ee3ee5 100755
---- a/configure
-+++ b/configure
-@@ -400,6 +400,7 @@ ld="${LD-${cross_prefix}ld}"
- nm="${NM-${cross_prefix}nm}"
- smbd="$SMBD"
- strip="${STRIP-${cross_prefix}strip}"
-+strings="${STRINGS-${cross_prefix}strings}"
- widl="${WIDL-${cross_prefix}widl}"
- windres="${WINDRES-${cross_prefix}windres}"
- pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
-@@ -1466,9 +1467,9 @@ int main(int argc, char *argv[])
- EOF
- 
- if compile_prog ; then
--    if strings -a $TMPE | grep -q BiGeNdIaN ; then
-+    if $strings -a $TMPE | grep -q BiGeNdIaN ; then
-         bigendian="yes"
--    elif strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
-+    elif $strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
-         bigendian="no"
-     else
-         echo big/little test failed

diff --git a/app-emulation/qemu/qemu-7.1.0-r2.ebuild b/app-emulation/qemu/qemu-7.1.0-r2.ebuild
deleted file mode 100644
index d3ffa41c1420..000000000000
--- a/app-emulation/qemu/qemu-7.1.0-r2.ebuild
+++ /dev/null
@@ -1,967 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
-# Set to 1 if prebuilt, 0 if not
-# (the construct below is to allow overriding from env for script)
-QEMU_DOCS_PREBUILT=${QEMU_DOCS_PREBUILT:-1}
-QEMU_DOCS_PREBUILT_DEV=ajak
-QEMU_DOCS_VERSION="${PV}"
-# Default to generating docs (inc. man pages) if no prebuilt; overridden later
-# bug #830088
-QEMU_DOC_USEFLAG="+doc"
-
-PYTHON_COMPAT=( python3_{9,10,11} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="7.1.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} == *9999* ]]; then
-	QEMU_DOCS_PREBUILT=0
-
-	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
-	EGIT_SUBMODULES=(
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	MY_P="${PN}-${PV/_rc/-rc}"
-	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
-
-	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
-	fi
-
-	S="${WORKDIR}/${MY_P}"
-	KEYWORDS="amd64 ~arm arm64 ~loong ~ppc ppc64 ~riscv x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOC_USEFLAG="doc"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +curl debug ${QEMU_DOC_USEFLAG}
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen
-	zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	loongarch64
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="
-	${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	virgl? ( opengl )
-	virtfs? ( xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	sys-libs/libcap-ng[static-libs(+)]
-	>=sys-libs/libseccomp-2.1.0[static-libs(+)]
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202202"
-SEABIOS_VERSION="1.16.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		|| (
-			>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-			>=sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
-		)
-		sys-firmware/ipxe[qemu]
-		|| (
-			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		)
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
-	)
-	!pin-upstream-blobs? (
-		|| (
-			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		)
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	dev-util/meson
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
-	"${FILESDIR}"/${PN}-7.1.0-strings.patch
-	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
-	"${FILESDIR}"/${PN}-7.1.0-mips-n32-syscalls.patch
-	"${FILESDIR}"/${PN}-7.1.0-loong-stat.patch
-	"${FILESDIR}"/${PN}-7.1.0-faccessat2.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
-	# this setting (-U then -D..=2) will prevent us from trying out 3, so
-	# drop it. No change to level of protection b/c we patch our toolchain.
-	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
-
-	# Remove bundled modules
-	rm -r dtc meson roms/*/ slirp || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}" || die
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-			--disable-cap-ng
-			--disable-seccomp
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-			--enable-cap-ng
-			--enable-seccomp
-		)
-		local static_flag="static"
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-cap-ng
-			--enable-seccomp
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build" || die
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		default
-	fi
-
-	cd "${S}/tools-build" || die
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build" || die
-	emake DESTDIR="${ED}" install
-
-	# If USE=doc, there'll be newly generated docs which we install instead.
-	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null || die
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null || die
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}" || die
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-
-		if has_version 'sys-firmware/edk2-ovmf-bin'; then
-			ewarn "	$(best_version sys-firmware/edk2-ovmf-bin)"
-		else
-			ewarn " $(best_version sys-firmware/edk2-ovmf)"
-		fi
-
-		if has_version 'sys-firmware/seabios-bin'; then
-			ewarn "	$(best_version sys-firmware/seabios-bin)"
-		else
-			ewarn " $(best_version sys-firmware/seabios)"
-		fi
-
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-
-	if has_version 'sys-firmware/edk2-ovmf-bin'; then
-		echo "  $(best_version sys-firmware/edk2-ovmf-bin)"
-	else
-		echo "  $(best_version sys-firmware/edk2-ovmf)"
-	fi
-
-	if has_version 'sys-firmware/seabios-bin'; then
-		echo "  $(best_version sys-firmware/seabios-bin)"
-	else
-		echo "  $(best_version sys-firmware/seabios)"
-	fi
-
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-	udev_reload
-}

diff --git a/app-emulation/qemu/qemu-7.1.0.ebuild b/app-emulation/qemu/qemu-7.1.0.ebuild
deleted file mode 100644
index b1ff815a7ca4..000000000000
--- a/app-emulation/qemu/qemu-7.1.0.ebuild
+++ /dev/null
@@ -1,985 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
-# Set to 1 if prebuilt, 0 if not
-# (the construct below is to allow overriding from env for script)
-QEMU_DOCS_PREBUILT=${QEMU_DOCS_PREBUILT:-1}
-QEMU_DOCS_PREBUILT_DEV=ajak
-QEMU_DOCS_VERSION="${PV}"
-# Default to generating docs (inc. man pages) if no prebuilt; overridden later
-# bug #830088
-QEMU_DOC_USEFLAG="+doc"
-
-PYTHON_COMPAT=( python3_{9,10,11} )
-PYTHON_REQ_USE="ncurses,readline"
-
-FIRMWARE_ABI_VERSION="7.1.0"
-
-inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
-		pax-utils xdg-utils
-
-if [[ ${PV} == *9999* ]]; then
-	QEMU_DOCS_PREBUILT=0
-
-	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
-	EGIT_SUBMODULES=(
-		tests/fp/berkeley-softfloat-3
-		tests/fp/berkeley-testfloat-3
-		ui/keycodemapdb
-	)
-	inherit git-r3
-	SRC_URI=""
-else
-	MY_P="${PN}-${PV/_rc/-rc}"
-	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
-
-	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
-	fi
-
-	S="${WORKDIR}/${MY_P}"
-	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-
-[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOC_USEFLAG="doc"
-
-IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug ${QEMU_DOC_USEFLAG}
-	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
-	jack jemalloc +jpeg
-	lzo multipath
-	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
-	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
-	+slirp
-	smartcard snappy spice ssh static static-user systemtap test udev usb
-	usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-	zstd"
-
-COMMON_TARGETS="
-	aarch64
-	alpha
-	arm
-	cris
-	hppa
-	i386
-	loongarch64
-	m68k
-	microblaze
-	microblazeel
-	mips
-	mips64
-	mips64el
-	mipsel
-	nios2
-	or1k
-	ppc
-	ppc64
-	riscv32
-	riscv64
-	s390x
-	sh4
-	sh4eb
-	sparc
-	sparc64
-	x86_64
-	xtensa
-	xtensaeb
-"
-IUSE_SOFTMMU_TARGETS="
-	${COMMON_TARGETS}
-	avr
-	rx
-	tricore
-"
-IUSE_USER_TARGETS="
-	${COMMON_TARGETS}
-	aarch64_be
-	armeb
-	hexagon
-	mipsn32
-	mipsn32el
-	ppc64le
-	sparc32plus
-"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-RESTRICT="!test? ( test )"
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
-	qemu_softmmu_targets_arm? ( fdt )
-	qemu_softmmu_targets_microblaze? ( fdt )
-	qemu_softmmu_targets_mips64el? ( fdt )
-	qemu_softmmu_targets_ppc64? ( fdt )
-	qemu_softmmu_targets_ppc? ( fdt )
-	qemu_softmmu_targets_riscv32? ( fdt )
-	qemu_softmmu_targets_riscv64? ( fdt )
-	qemu_softmmu_targets_x86_64? ( fdt )
-	sdl-image? ( sdl )
-	static? ( static-user !alsa !gtk !jack !opengl !pam !pulseaudio !plugins !rbd !snappy !udev )
-	static-user? ( !plugins )
-	vhost-user-fs? ( caps seccomp )
-	virgl? ( opengl )
-	virtfs? ( caps xattr )
-	vnc? ( gnutls )
-	vte? ( gtk )
-	multipath? ( udev )
-	plugins? ( !static !static-user )
-"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected).  This is because qemu supports using the C library's API
-# when available rather than always using the external library.
-ALL_DEPEND="
-	>=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]
-	python? ( ${PYTHON_DEPS} )
-	systemtap? ( dev-util/systemtap )
-	xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
-	>=x11-libs/pixman-0.28.0[static-libs(+)]
-	accessibility? (
-		app-accessibility/brltty[api]
-		app-accessibility/brltty[static-libs(+)]
-	)
-	aio? ( dev-libs/libaio[static-libs(+)] )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bpf? ( dev-libs/libbpf:= )
-	bzip2? ( app-arch/bzip2[static-libs(+)] )
-	capstone? ( dev-libs/capstone:= )
-	caps? ( sys-libs/libcap-ng[static-libs(+)] )
-	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
-	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
-	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
-	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
-	gnutls? (
-		dev-libs/nettle:=[static-libs(+)]
-		>=net-libs/gnutls-3.0:=[static-libs(+)]
-	)
-	gtk? (
-		x11-libs/gtk+:3
-		vte? ( x11-libs/vte:2.91 )
-	)
-	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
-	iscsi? ( net-libs/libiscsi )
-	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
-	jack? ( virtual/jack )
-	jemalloc? ( dev-libs/jemalloc )
-	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
-	lzo? ( dev-libs/lzo:2[static-libs(+)] )
-	multipath? ( sys-fs/multipath-tools )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)]
-		sys-libs/ncurses:=[static-libs(+)]
-	)
-	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
-	numa? ( sys-process/numactl[static-libs(+)] )
-	opengl? (
-		virtual/opengl
-		media-libs/libepoxy[static-libs(+)]
-		media-libs/mesa[static-libs(+)]
-		media-libs/mesa[egl(+),gbm(+)]
-	)
-	pam? ( sys-libs/pam )
-	png? ( media-libs/libpng:0=[static-libs(+)] )
-	pulseaudio? ( media-sound/pulseaudio )
-	rbd? ( sys-cluster/ceph )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
-	sdl? (
-		media-libs/libsdl2[video]
-		media-libs/libsdl2[static-libs(+)]
-	)
-	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
-	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
-	slirp? ( net-libs/libslirp[static-libs(+)] )
-	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
-	snappy? ( app-arch/snappy:= )
-	spice? (
-		>=app-emulation/spice-protocol-0.12.3
-		>=app-emulation/spice-0.12.0[static-libs(+)]
-	)
-	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
-	udev? ( virtual/libudev:= )
-	usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
-	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
-	vde? ( net-misc/vde[static-libs(+)] )
-	virgl? ( media-libs/virglrenderer[static-libs(+)] )
-	virtfs? ( sys-libs/libcap )
-	xen? ( app-emulation/xen-tools:= )
-	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
-"
-
-EDK2_OVMF_VERSION="202202"
-SEABIOS_VERSION="1.16.0"
-
-X86_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
-		~sys-firmware/ipxe-1.21.1[binary,qemu]
-		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		~sys-firmware/sgabios-0.1_pre10[binary]
-	)
-	!pin-upstream-blobs? (
-		|| (
-			>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
-			>=sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
-		)
-		sys-firmware/ipxe[qemu]
-		|| (
-			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		)
-		sys-firmware/sgabios
-	)"
-PPC_FIRMWARE_DEPEND="
-	pin-upstream-blobs? (
-		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
-	)
-	!pin-upstream-blobs? (
-		|| (
-			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
-			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
-		)
-	)
-"
-
-BDEPEND="
-	$(python_gen_impl_dep)
-	dev-lang/perl
-	dev-util/meson
-	sys-apps/texinfo
-	virtual/pkgconfig
-	doc? (
-		dev-python/sphinx[${PYTHON_USEDEP}]
-		dev-python/sphinx_rtd_theme[${PYTHON_USEDEP}]
-	)
-	gtk? ( nls? ( sys-devel/gettext ) )
-	test? (
-		dev-libs/glib[utils]
-		sys-devel/bc
-	)
-"
-CDEPEND="
-	!static? (
-		${ALL_DEPEND//\[static-libs(+)]}
-		${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
-	)
-	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
-	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
-"
-DEPEND="${CDEPEND}
-	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
-	static? (
-		${ALL_DEPEND}
-		${SOFTMMU_TOOLS_DEPEND}
-	)
-	static-user? ( ${ALL_DEPEND} )"
-RDEPEND="${CDEPEND}
-	acct-group/kvm
-	selinux? (
-		sec-policy/selinux-qemu
-		sys-libs/libselinux
-	)"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-6.0.0-make.patch
-	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
-	"${FILESDIR}"/${PN}-7.1.0-strings.patch
-	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
-)
-
-QA_PREBUILT="
-	usr/share/qemu/hppa-firmware.img
-	usr/share/qemu/openbios-ppc
-	usr/share/qemu/openbios-sparc64
-	usr/share/qemu/openbios-sparc32
-	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
-	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
-	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img
-	usr/share/qemu/s390-netboot.img
-	usr/share/qemu/u-boot.e500
-"
-
-QA_WX_LOAD="usr/bin/qemu-i386
-	usr/bin/qemu-x86_64
-	usr/bin/qemu-alpha
-	usr/bin/qemu-arm
-	usr/bin/qemu-cris
-	usr/bin/qemu-m68k
-	usr/bin/qemu-microblaze
-	usr/bin/qemu-microblazeel
-	usr/bin/qemu-mips
-	usr/bin/qemu-mipsel
-	usr/bin/qemu-or1k
-	usr/bin/qemu-ppc
-	usr/bin/qemu-ppc64
-	usr/bin/qemu-sh4
-	usr/bin/qemu-sh4eb
-	usr/bin/qemu-sparc
-	usr/bin/qemu-sparc64
-	usr/bin/qemu-armeb
-	usr/bin/qemu-sparc32plus
-	usr/bin/qemu-s390x
-	usr/bin/qemu-unicore32
-"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
-	For AMD CPUs the module is called 'kvm-amd'.
-	For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
-	$ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it.  You can tell udev to reset ownership/perms:
-	$ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
-	# rc-update add qemu-binfmt
-For systemd:
-	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
-	if use kernel_linux && kernel_is lt 2 6 25; then
-		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
-	elif use kernel_linux; then
-		if ! linux_config_exists; then
-			eerror "Unable to check your kernel for KVM support"
-		else
-			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
-			ERROR_KVM="You must enable KVM in your kernel to continue"
-			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
-			ERROR_KVM_AMD+=" your kernel configuration."
-			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
-			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
-			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
-			ERROR_TUN+=" into your kernel or loaded as a module to use the"
-			ERROR_TUN+=" virtual network device if using -net tap."
-			ERROR_BRIDGE="You will also need support for 802.1d"
-			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
-			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
-			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
-			ERROR_VHOST_NET+=" support"
-
-			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
-				if grep -q AuthenticAMD /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_AMD"
-				elif grep -q GenuineIntel /proc/cpuinfo; then
-					CONFIG_CHECK+=" ~KVM_INTEL"
-				fi
-			fi
-
-			use python && CONFIG_CHECK+=" ~DEBUG_FS"
-			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
-			# Now do the actual checks setup above
-			check_extra_config
-		fi
-	fi
-
-	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
-		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
-		eerror "instances are still pointing to it.  Please update your"
-		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
-		eerror "and the right system binary (e.g. qemu-system-x86_64)."
-		die "update your virt configs to not use qemu-kvm"
-	fi
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
-	local var=$1 mak=$2
-	local detected sorted
-
-	pushd "${S}"/configs/targets/ >/dev/null || die
-
-	# Force C locale until glibc is updated. #564936
-	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
-	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
-	if [[ ${sorted} != "${detected}" ]] ; then
-		eerror "The ebuild needs to be kept in sync."
-		eerror "${var}: ${sorted}"
-		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
-		die "sync ${var} to the list of targets"
-	fi
-
-	popd >/dev/null
-}
-
-src_prepare() {
-	check_targets IUSE_SOFTMMU_TARGETS softmmu
-	check_targets IUSE_USER_TARGETS linux-user
-
-	default
-
-	# Use correct toolchain to fix cross-compiling
-	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
-	export WINDRES=${CHOST}-windres
-
-	# Verbose builds
-	MAKEOPTS+=" V=1"
-
-	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
-	# this setting (-U then -D..=2) will prevent us from trying out 3, so
-	# drop it. No change to level of protection b/c we patch our toolchain.
-	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
-
-	# Remove bundled modules
-	rm -r dtc meson roms/*/ slirp || die
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
-	debug-print-function ${FUNCNAME} "$@"
-
-	local buildtype=$1
-	local builddir="${S}/${buildtype}-build"
-
-	mkdir "${builddir}" || die
-
-	local conf_opts=(
-		--prefix=/usr
-		--sysconfdir=/etc
-		--bindir=/usr/bin
-		--libdir=/usr/$(get_libdir)
-		--datadir=/usr/share
-		--docdir=/usr/share/doc/${PF}/html
-		--mandir=/usr/share/man
-		--localstatedir=/var
-		--disable-bsd-user
-		--disable-containers # bug #732972
-		--disable-guest-agent
-		--disable-strip
-		--with-git-submodules=ignore
-
-		# bug #746752: TCG interpreter has a few limitations:
-		# - it does not support FPU
-		# - it's generally slower on non-self-modifying code
-		# It's advantage is support for host architectures
-		# where native codegeneration is not implemented.
-		# Gentoo has qemu keyworded only on targets with
-		# native code generation available. Avoid the interpreter.
-		--disable-tcg-interpreter
-
-		--disable-werror
-		# We support gnutls/nettle for crypto operations.  It is possible
-		# to use gcrypt when gnutls/nettle are disabled (but not when they
-		# are enabled), but it's not really worth the hassle.  Disable it
-		# all the time to avoid automatically detecting it. #568856
-		--disable-gcrypt
-		--cc="$(tc-getCC)"
-		--cxx="$(tc-getCXX)"
-		--host-cc="$(tc-getBUILD_CC)"
-
-		$(use_enable alsa)
-		$(use_enable debug debug-info)
-		$(use_enable debug debug-tcg)
-		$(use_enable jack)
-		$(use_enable nls gettext)
-		$(use_enable oss)
-		$(use_enable plugins)
-		$(use_enable pulseaudio pa)
-		$(use_enable selinux)
-		$(use_enable xattr attr)
-	)
-
-	# Disable options not used by user targets. This simplifies building
-	# static user targets (USE=static-user) considerably.
-	conf_notuser() {
-		if [[ ${buildtype} == "user" ]] ; then
-			echo "--disable-${2:-$1}"
-		else
-			use_enable "$@"
-		fi
-	}
-	# Enable option only for softmmu build, but not 'user' or 'tools'
-	conf_softmmu() {
-		if [[ ${buildtype} == "softmmu" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Enable option only for tools build, but not 'user' or 'softmmu'
-	conf_tools() {
-		if [[ ${buildtype} == "tools" ]] ; then
-			use_enable "$@"
-		else
-			echo "--disable-${2:-$1}"
-		fi
-	}
-	# Special case for the malloc flag, because the --disable flag does
-	# not exist and trying like above will break configuring.
-	conf_malloc() {
-		if [[ ! ${buildtype} == "user" ]] ; then
-			usex "${1}" "--enable-malloc=${1}" ""
-		fi
-	}
-	conf_opts+=(
-		$(conf_notuser accessibility brlapi)
-		$(conf_notuser aio linux-aio)
-		$(conf_softmmu bpf)
-		$(conf_notuser bzip2)
-		$(conf_notuser capstone)
-		$(conf_notuser caps cap-ng)
-		$(conf_notuser curl)
-		$(conf_tools doc docs)
-		$(conf_notuser fdt)
-		$(conf_notuser fuse)
-		$(conf_notuser glusterfs)
-		$(conf_notuser gnutls)
-		$(conf_notuser gnutls nettle)
-		$(conf_notuser gtk)
-		$(conf_notuser infiniband rdma)
-		$(conf_notuser iscsi libiscsi)
-		$(conf_notuser io-uring linux-io-uring)
-		$(conf_malloc jemalloc)
-		$(conf_notuser jpeg vnc-jpeg)
-		$(conf_notuser kernel_linux kvm)
-		$(conf_notuser lzo)
-		$(conf_notuser multipath mpath)
-		$(conf_notuser ncurses curses)
-		$(conf_notuser nfs libnfs)
-		$(conf_notuser numa)
-		$(conf_notuser opengl)
-		$(conf_notuser pam auth-pam)
-		$(conf_notuser png)
-		$(conf_notuser rbd)
-		$(conf_notuser sasl vnc-sasl)
-		$(conf_notuser sdl)
-		$(conf_softmmu sdl-image)
-		$(conf_notuser seccomp)
-		$(conf_notuser slirp slirp system)
-		$(conf_notuser smartcard)
-		$(conf_notuser snappy)
-		$(conf_notuser spice)
-		$(conf_notuser ssh libssh)
-		$(conf_notuser udev libudev)
-		$(conf_notuser usb libusb)
-		$(conf_notuser usbredir usb-redir)
-		$(conf_notuser vde)
-		$(conf_notuser vhost-net)
-		$(conf_notuser virgl virglrenderer)
-		$(conf_softmmu virtfs)
-		$(conf_notuser vnc)
-		$(conf_notuser vte)
-		$(conf_notuser xen)
-		$(conf_notuser xen xen-pci-passthrough)
-		# use prebuilt keymaps, bug #759604
-		--disable-xkbcommon
-		$(conf_notuser zstd)
-	)
-
-	if [[ ! ${buildtype} == "user" ]] ; then
-		# audio options
-		local audio_opts=(
-			# Note: backend order matters here: #716202
-			# We iterate from higher-level to lower level.
-			$(usex pulseaudio pa "")
-			$(usev jack)
-			$(usev sdl)
-			$(usev alsa)
-			$(usev oss)
-		)
-		conf_opts+=(
-			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
-		)
-	fi
-
-	case ${buildtype} in
-	user)
-		conf_opts+=(
-			--enable-linux-user
-			--disable-system
-			--disable-blobs
-			--disable-tools
-		)
-		local static_flag="static-user"
-		;;
-	softmmu)
-		conf_opts+=(
-			--disable-linux-user
-			--enable-system
-			--disable-tools
-		)
-		local static_flag="static"
-
-		for target in ${IUSE_SOFTMMU_TARGETS}; do
-			if use "qemu_softmmu_targets_${target}"; then
-				conf_opts+=(
-					# For some reason, adding this with the setting set
-					# to on *or* off makes the build always fail.
-					# --with-devices-${target}=gentoo
-				)
-			fi
-		done
-		;;
-	tools)
-		conf_opts+=(
-			--disable-linux-user
-			--disable-system
-			--disable-blobs
-			--enable-tools
-		)
-		local static_flag="static"
-		;;
-	esac
-
-	local targets="${buildtype}_targets"
-	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
-	# Add support for SystemTAP
-	use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
-	# We always want to attempt to build with PIE support as it results
-	# in a more secure binary. But it doesn't work with static or if
-	# the current GCC doesn't have PIE support.
-	if use ${static_flag}; then
-		conf_opts+=( --static --disable-pie )
-	else
-		tc-enables-pie && conf_opts+=( --enable-pie )
-	fi
-
-	# Meson will not use a cross-file unless cross_prefix is set.
-	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
-
-	# Plumb through equivalent of EXTRA_ECONF to allow experiments
-	# like bug #747928.
-	conf_opts+=( ${EXTRA_CONF_QEMU} )
-
-	echo "../configure ${conf_opts[*]}"
-	cd "${builddir}"
-	../configure "${conf_opts[@]}" || die "configure failed"
-}
-
-src_configure() {
-	local target
-
-	python_setup
-
-	softmmu_targets= softmmu_bins=()
-	user_targets= user_bins=()
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		if use "qemu_softmmu_targets_${target}"; then
-			softmmu_targets+=",${target}-softmmu"
-			softmmu_bins+=( "qemu-system-${target}" )
-
-			# Needed to rework vhost-user-fs handling thanks to https://gitlab.com/qemu-project/qemu/-/commit/5166dab
-			# The option was converted into being configurable by
-			# Kconfig's. So, to enable it, we insert the necessary
-			# options into each arch's softmmu target gentoo.mak file,
-			# then configure with --with-devices-${target}=gentoo.
-			if use vhost-user-fs; then
-				echo "CONFIG_VHOST_USER_FS=y for ${target}-softmmu" || die
-				echo "CONFIG_VIRTIO=y" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
-				echo "CONFIG_VHOST_USER_FS=y" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
-			else
-				echo "CONFIG_VHOST_USER_FS=n for ${target}-softmmu" || die
-				echo "CONFIG_VIRTIO=n" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
-				echo "CONFIG_VHOST_USER_FS=n" >> "configs/devices/${target}-softmmu/gentoo.mak" || die
-			fi
-		fi
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		if use "qemu_user_targets_${target}"; then
-			user_targets+=",${target}-linux-user"
-			user_bins+=( "qemu-${target}" )
-		fi
-	done
-
-	softmmu_targets=${softmmu_targets#,}
-	user_targets=${user_targets#,}
-
-	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
-	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
-	qemu_src_configure "tools"
-}
-
-src_compile() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build" || die
-		default
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		default
-	fi
-
-	cd "${S}/tools-build" || die
-	default
-}
-
-src_test() {
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build" || die
-		pax-mark m */qemu-system-* #515550
-		emake check
-	fi
-}
-
-qemu_python_install() {
-	python_domodule "${S}/python/qemu"
-
-	python_doscript "${S}/scripts/kvm/vmxcap"
-	python_doscript "${S}/scripts/qmp/qmp-shell"
-	python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
-	local out="${T}/qemu-binfmt"
-	local out_systemd="${T}/qemu.conf"
-	local d="${T}/binfmt.d"
-
-	einfo "Generating qemu binfmt scripts and configuration files"
-
-	# Generate the debian fragments first.
-	mkdir -p "${d}"
-	"${S}"/scripts/qemu-binfmt-conf.sh \
-		--debian \
-		--exportdir "${d}" \
-		--qemu-path "${EPREFIX}/usr/bin" \
-		|| die
-	# Then turn the fragments into a shell script we can source.
-	sed -E -i \
-		-e 's:^([^ ]+) (.*)$:\1="\2":' \
-		"${d}"/* || die
-
-	# Generate the init.d script by assembling the fragments from above.
-	local f qcpu package interpreter magic mask
-	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
-	for f in "${d}"/qemu-* ; do
-		source "${f}"
-
-		# Normalize the cpu logic like we do in the init.d for the native cpu.
-		qcpu=${package#qemu-}
-		case ${qcpu} in
-		arm*)   qcpu="arm";;
-		mips*)  qcpu="mips";;
-		ppc*)   qcpu="ppc";;
-		s390*)  qcpu="s390";;
-		sh*)    qcpu="sh";;
-		sparc*) qcpu="sparc";;
-		esac
-
-		# we use 'printf' here to be portable across 'sh'
-		# implementations: #679168
-		cat <<EOF >>"${out}"
-	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
-		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
-	fi
-EOF
-
-		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
-	done
-	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
-	if [[ -n ${user_targets} ]]; then
-		cd "${S}/user-build"
-		emake DESTDIR="${ED}" install
-
-		# Install binfmt handler init script for user targets.
-		generate_initd
-		doinitd "${T}/qemu-binfmt"
-
-		# Install binfmt/qemu.conf.
-		insinto "/usr/share/qemu/binfmt.d"
-		doins "${T}/qemu.conf"
-	fi
-
-	if [[ -n ${softmmu_targets} ]]; then
-		cd "${S}/softmmu-build"
-		emake DESTDIR="${ED}" install
-
-		# This might not exist if the test failed. #512010
-		[[ -e check-report.html ]] && dodoc check-report.html
-
-		if use kernel_linux; then
-			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
-		fi
-
-		if use python; then
-			python_foreach_impl qemu_python_install
-		fi
-	fi
-
-	cd "${S}/tools-build" || die
-	emake DESTDIR="${ED}" install
-
-	# If USE=doc, there'll be newly generated docs which we install instead.
-	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
-		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
-	fi
-
-	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
-	pushd "${ED}"/usr/bin >/dev/null || die
-	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
-	popd >/dev/null || die
-
-	# Install config file example for qemu-bridge-helper
-	insinto "/etc/qemu"
-	doins "${FILESDIR}/bridge.conf"
-
-	cd "${S}" || die
-	dodoc MAINTAINERS docs/specs/pci-ids.txt
-	newdoc pc-bios/README README.pc-bios
-
-	# Disallow stripping of prebuilt firmware files.
-	dostrip -x ${QA_PREBUILT}
-
-	if [[ -n ${softmmu_targets} ]]; then
-		# Remove SeaBIOS since we're using the SeaBIOS packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		fi
-
-		# Remove vgabios since we're using the seavgabios packaged one
-		rm "${ED}/usr/share/qemu/vgabios.bin"
-		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
-		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-
-		# PPC/PPC64 loads vgabios-stdvga
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
-			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
-			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
-			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-		fi
-
-		# Remove sgabios since we're using the sgabios packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-		fi
-
-		# Remove iPXE since we're using the iPXE packaged one
-		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
-		fi
-	fi
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-firmware_abi_change() {
-	local pv
-	for pv in ${REPLACING_VERSIONS}; do
-		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
-			return 0
-		fi
-	done
-	return 1
-}
-
-pkg_postinst() {
-	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
-		udev_reload
-	fi
-
-	xdg_icon_cache_update
-
-	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
-		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
-
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_print_elog
-
-	if use pin-upstream-blobs && firmware_abi_change; then
-		ewarn "This version of qemu pins new versions of firmware blobs:"
-
-		if has_version 'sys-firmware/edk2-ovmf-bin'; then
-			ewarn "	$(best_version sys-firmware/edk2-ovmf-bin)"
-		else
-			ewarn " $(best_version sys-firmware/edk2-ovmf)"
-		fi
-
-		if has_version 'sys-firmware/seabios-bin'; then
-			ewarn "	$(best_version sys-firmware/seabios-bin)"
-		else
-			ewarn " $(best_version sys-firmware/seabios)"
-		fi
-
-		ewarn "	$(best_version sys-firmware/ipxe)"
-		ewarn "	$(best_version sys-firmware/sgabios)"
-		ewarn "This might break resume of hibernated guests (started with a different"
-		ewarn "firmware version) and live migration to/from qemu versions with different"
-		ewarn "firmware. Please (cold) restart all running guests. For functional"
-		ewarn "guest migration ensure that all"
-		ewarn "hosts run at least"
-		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
-	fi
-}
-
-pkg_info() {
-	echo "Using:"
-	echo "  $(best_version app-emulation/spice-protocol)"
-
-	if has_version 'sys-firmware/edk2-ovmf-bin'; then
-		echo "  $(best_version sys-firmware/edk2-ovmf-bin)"
-	else
-		echo "  $(best_version sys-firmware/edk2-ovmf)"
-	fi
-
-	if has_version 'sys-firmware/seabios-bin'; then
-		echo "  $(best_version sys-firmware/seabios-bin)"
-	else
-		echo "  $(best_version sys-firmware/seabios)"
-	fi
-
-	echo "  $(best_version sys-firmware/ipxe)"
-	echo "  $(best_version sys-firmware/sgabios)"
-}
-
-pkg_postrm() {
-	xdg_icon_cache_update
-	udev_reload
-}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-02-21  6:50 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2023-02-21  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     e0e93bcf1a9d0018635e78ab740968b79a9f7658
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 21 06:50:12 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 21 06:50:39 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0e93bcf

app-emulation/qemu: fix build w/ linux-headers-6.2

Closes: https://bugs.gentoo.org/895662
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch  | 66 ++++++++++++++++++++++
 app-emulation/qemu/qemu-7.2.0-r2.ebuild            |  1 +
 2 files changed, 67 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch b/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch
new file mode 100644
index 000000000000..856997886cc9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch
@@ -0,0 +1,66 @@
+https://bugs.gentoo.org/895662
+https://gitlab.com/qemu-project/qemu/-/commit/9f0246539ae84a5e21efd1cc4516fc343f08115a
+
+From 9f0246539ae84a5e21efd1cc4516fc343f08115a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 10 Jan 2023 12:49:00 -0500
+Subject: [PATCH] Revert "linux-user: add more compat ioctl definitions"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit c5495f4ecb0cdaaf2e9dddeb48f1689cdb520ca0.
+
+glibc has fixed (in 2.36.9000-40-g774058d729) the problem
+that caused a clash when both sys/mount.h annd linux/mount.h
+are included, and backported this to the 2.36 stable release
+too:
+
+  https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+It is saner for QEMU to remove the workaround it applied for
+glibc 2.36 and expect distros to ship the 2.36 maint release
+with the fix. This avoids needing to add a further workaround
+to QEMU to deal with the fact that linux/brtfs.h now also pulls
+in linux/mount.h via linux/fs.h since Linux 6.1
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-Id: <20230110174901.2580297-2-berrange@redhat.com>
+Signed-off-by: Laurent Vivier <laurent@vivier.eu>
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -111,31 +111,6 @@
+ #define FS_IOC32_SETFLAGS              _IOW('f', 2, int)
+ #define FS_IOC32_GETVERSION            _IOR('v', 1, int)
+ #define FS_IOC32_SETVERSION            _IOW('v', 2, int)
+-
+-#define BLKGETSIZE64 _IOR(0x12,114,size_t)
+-#define BLKDISCARD _IO(0x12,119)
+-#define BLKIOMIN _IO(0x12,120)
+-#define BLKIOOPT _IO(0x12,121)
+-#define BLKALIGNOFF _IO(0x12,122)
+-#define BLKPBSZGET _IO(0x12,123)
+-#define BLKDISCARDZEROES _IO(0x12,124)
+-#define BLKSECDISCARD _IO(0x12,125)
+-#define BLKROTATIONAL _IO(0x12,126)
+-#define BLKZEROOUT _IO(0x12,127)
+-
+-#define FIBMAP     _IO(0x00,1)
+-#define FIGETBSZ   _IO(0x00,2)
+-
+-struct file_clone_range {
+-        __s64 src_fd;
+-        __u64 src_offset;
+-        __u64 src_length;
+-        __u64 dest_offset;
+-};
+-
+-#define FICLONE         _IOW(0x94, 9, int)
+-#define FICLONERANGE    _IOW(0x94, 13, struct file_clone_range)
+-
+ #else
+ #include <linux/fs.h>
+ #endif
+-- 
+GitLab

diff --git a/app-emulation/qemu/qemu-7.2.0-r2.ebuild b/app-emulation/qemu/qemu-7.2.0-r2.ebuild
index 7632e13429ee..c13da1572122 100644
--- a/app-emulation/qemu/qemu-7.2.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-7.2.0-r2.ebuild
@@ -315,6 +315,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
 	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
 	"${FILESDIR}"/${PN}-7.2.0-disable-gmp.patch
+	"${FILESDIR}"/${PN}-7.2.0-linux-headers-6.2-glibc-2.36.patch
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-05-05 18:11 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2023-05-05 18:11 UTC (permalink / raw
  To: gentoo-commits

commit:     be4c0fdfda7a00698701d61467154dba7009e38e
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Fri May  5 16:19:24 2023 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri May  5 18:11:17 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4c0fdf

app-emulation/qemu: add 8.0.0

 - merge qemu-7.2.1 and qemu-9999 ebuilds
 - remove static keyword
 - update to --enable-trace-backends configuration option

Bug: https://bugs.gentoo.org/905342
Bug: https://bugs.gentoo.org/865121
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |   1 +
 .../qemu/files/qemu-8.0.0-disable-keymap.patch     |  18 +-
 app-emulation/qemu/files/qemu-8.0.0-make.patch     |   9 +-
 app-emulation/qemu/qemu-8.0.0.ebuild               | 962 +++++++++++++++++++++
 4 files changed, 978 insertions(+), 12 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index e5c01c80e350..3d2659b0fa71 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,3 +1,4 @@
 DIST qemu-7.2.0-docs.tar.xz 1984184 BLAKE2B 103900fb7903ed8d75f7f012bf61fa2d6fce345b657c851d0437c3384f5735bd1cfd3129320683ea7846ea0b0940e5af5b2663c9320f12fee74b058523a8ea06 SHA512 a7edd448982865e07533c300d3e44a8b50cefbdde1982b73c24d0b2aa74315439252c59b634c75de312860874c7b06c75aa72629da681b5105f28ee936794585
 DIST qemu-7.2.0.tar.xz 122408576 BLAKE2B 415ff621356c59f88b29cfe3ef5db1e282b26bbafbee3d535477c6125ccb060ec9762d9e3ab9f70ce5478804dca0a46a59bcf12c112a2462029a93e578e61530 SHA512 f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13
 DIST qemu-7.2.1.tar.xz 122400592 BLAKE2B bae1df5d332beaca313c4bac88f06dd5992988d7c1b6fdc6ced4043d858f437339cd7d0009ae667f9e66705117697bee7ee44ec4e911cc203d34eecc3d8f139b SHA512 e286dc66c923a5df77eb02d69235d048e80a7cced638fae52fbed385b4c3cd736cfea66bb3c9843bebf0a33e81ea141fc015e0bd82108df304f148ce59d9ae8a
+DIST qemu-8.0.0.tar.xz 127835148 BLAKE2B 9b54aae10fe09691a26e68374723ded5fdda6409673b4de9461a25ee060cfd03968a16ddeadc21d48b9262e53aa6d4e5eb645376969f97c65807fad19607b04f SHA512 1f31d1e653dec2d35f1b7a5468ee3f471553b48eca8c8afafffcf9243c6b2260e78a5b73da3fe567f9b85d4133573eebd397747b3aec501fb24076263eb07b27

diff --git a/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch b/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
index aab5dde5fbd9..6a5437056e6f 100644
--- a/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
+++ b/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
@@ -1,7 +1,8 @@
-diff -ruN qemu-9999.orig/meson.build qemu-9999/meson.build
---- qemu-9999.orig/meson.build	2023-03-12 01:17:38.273756012 +0100
-+++ qemu-9999/meson.build	2023-03-12 01:18:44.854716789 +0100
-@@ -667,6 +667,8 @@
+diff --git a/meson.build b/meson.build
+index c44d05a13..5c5c09894 100644
+--- a/meson.build
++++ b/meson.build
+@@ -671,6 +671,8 @@ endif
  
  if get_option('xkbcommon').auto() and not have_system and not have_tools
    xkbcommon = not_found
@@ -10,10 +11,11 @@ diff -ruN qemu-9999.orig/meson.build qemu-9999/meson.build
  else
    xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
                           method: 'pkg-config', kwargs: static_kwargs)
-diff -ruN qemu-9999.orig/pc-bios/keymaps/meson.build qemu-9999/pc-bios/keymaps/meson.build
---- qemu-9999.orig/pc-bios/keymaps/meson.build	2023-03-12 01:17:38.321756706 +0100
-+++ qemu-9999/pc-bios/keymaps/meson.build	2023-03-12 01:20:22.015111600 +0100
-@@ -33,8 +33,10 @@
+diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build
+index 158a3b410..3bb318a23 100644
+--- a/pc-bios/keymaps/meson.build
++++ b/pc-bios/keymaps/meson.build
+@@ -33,8 +33,10 @@ keymaps = {
    'tr': '-l tr',
  }
  

diff --git a/app-emulation/qemu/files/qemu-8.0.0-make.patch b/app-emulation/qemu/files/qemu-8.0.0-make.patch
index 4bf3f7157713..40bafd490052 100644
--- a/app-emulation/qemu/files/qemu-8.0.0-make.patch
+++ b/app-emulation/qemu/files/qemu-8.0.0-make.patch
@@ -1,7 +1,8 @@
-diff -ruN qemu-9999.orig/configure qemu-9999/configure
---- qemu-9999.orig/configure	2023-03-12 01:26:15.488133462 +0100
-+++ qemu-9999/configure	2023-03-12 01:29:19.355724020 +0100
-@@ -1068,7 +1068,7 @@
+diff --git a/configure b/configure
+index 800b5850f..331e8950d 100755
+--- a/configure
++++ b/configure
+@@ -1069,7 +1069,7 @@ then
      fi
  fi
  

diff --git a/app-emulation/qemu/qemu-8.0.0.ebuild b/app-emulation/qemu/qemu-8.0.0.ebuild
new file mode 100644
index 000000000000..76c3d4ecfbfc
--- /dev/null
+++ b/app-emulation/qemu/qemu-8.0.0.ebuild
@@ -0,0 +1,962 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
+# Set to 1 if prebuilt, 0 if not
+# (the construct below is to allow overriding from env for script)
+QEMU_DOCS_PREBUILT=${QEMU_DOCS_PREBUILT:-0}
+QEMU_DOCS_PREBUILT_DEV=ajak
+QEMU_DOCS_VERSION="7.2.0"
+# Default to generating docs (inc. man pages) if no prebuilt; overridden later
+# bug #830088
+QEMU_DOC_USEFLAG="+doc"
+
+PYTHON_COMPAT=( python3_{9,10,11} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="7.2.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+		pax-utils xdg-utils
+
+if [[ ${PV} == *9999* ]]; then
+	QEMU_DOCS_PREBUILT=0
+
+	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
+	EGIT_SUBMODULES=(
+		tests/fp/berkeley-softfloat-3
+		tests/fp/berkeley-testfloat-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	MY_P="${PN}-${PV/_rc/-rc}"
+	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
+
+	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
+	fi
+
+	S="${WORKDIR}/${MY_P}"
+	[[ "${PV}" != *_rc* ]] && KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOC_USEFLAG="doc"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +curl debug ${QEMU_DOC_USEFLAG}
+	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
+	jack jemalloc +jpeg
+	lzo multipath
+	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	+slirp
+	smartcard snappy spice ssh static-user systemtap test udev usb
+	usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen
+	zstd"
+
+COMMON_TARGETS="
+	aarch64
+	alpha
+	arm
+	cris
+	hppa
+	i386
+	loongarch64
+	m68k
+	microblaze
+	microblazeel
+	mips
+	mips64
+	mips64el
+	mipsel
+	nios2
+	or1k
+	ppc
+	ppc64
+	riscv32
+	riscv64
+	s390x
+	sh4
+	sh4eb
+	sparc
+	sparc64
+	x86_64
+	xtensa
+	xtensaeb
+"
+IUSE_SOFTMMU_TARGETS="
+	${COMMON_TARGETS}
+	avr
+	rx
+	tricore
+"
+IUSE_USER_TARGETS="
+	${COMMON_TARGETS}
+	aarch64_be
+	armeb
+	hexagon
+	mipsn32
+	mipsn32el
+	ppc64le
+	sparc32plus
+"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	qemu_softmmu_targets_x86_64? ( fdt )
+	sdl-image? ( sdl )
+	static-user? ( !plugins )
+	virgl? ( opengl )
+	virtfs? ( xattr )
+	vnc? ( gnutls )
+	vte? ( gtk )
+	multipath? ( udev )
+	plugins? ( !static-user )
+"
+for smname in ${IUSE_SOFTMMU_TARGETS} ; do
+	REQUIRED_USE+=" qemu_softmmu_targets_${smname}? ( seccomp ) "
+done
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	dev-libs/glib:2[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	sys-libs/libcap-ng[static-libs(+)]
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bpf? ( dev-libs/libbpf:= )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:=[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+		dev-libs/nettle:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/cairo
+		x11-libs/gdk-pixbuf:2
+		x11-libs/gtk+:3
+		x11-libs/libX11
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
+	jack? ( virtual/jack )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	multipath? ( sys-fs/multipath-tools )
+	ncurses? (
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl(+),gbm(+)]
+	)
+	pam? ( sys-libs/pam )
+	png? ( >=media-libs/libpng-1.6.34:=[static-libs(+)] )
+	pulseaudio? ( media-libs/libpulse )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[video]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	slirp? ( net-libs/libslirp[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.14.0
+		>=app-emulation/spice-0.14.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	udev? ( virtual/libudev:= )
+	usb? ( >=virtual/libusb-1-r2:1[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
+"
+
+EDK2_OVMF_VERSION="202202"
+SEABIOS_VERSION="1.16.0"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		~sys-firmware/sgabios-0.1_pre10[binary]
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
+			>=sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		)
+		sys-firmware/ipxe[qemu]
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+		sys-firmware/sgabios
+	)"
+PPC_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	dev-util/meson
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx-rtd-theme[${PYTHON_USEDEP}]
+	)
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	${ALL_DEPEND//\[static-libs(+)]}
+	${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? (
+		sec-policy/selinux-qemu
+		sys-libs/libselinux
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-8.0.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-8.0.0-make.patch
+	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
+	"${FILESDIR}"/${PN}-7.2.0-disable-gmp.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
+	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32
+"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/configs/targets/ >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
+	# this setting (-U then -D..=2) will prevent us from trying out 3, so
+	# drop it. No change to level of protection b/c we patch our toolchain.
+	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
+
+	# Remove bundled modules
+	rm -r dtc meson roms/*/ || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}" || die
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-containers # bug #732972
+		--disable-guest-agent
+		--disable-strip
+		--with-git-submodules=ignore
+
+		# bug #746752: TCG interpreter has a few limitations:
+		# - it does not support FPU
+		# - it's generally slower on non-self-modifying code
+		# It's advantage is support for host architectures
+		# where native codegeneration is not implemented.
+		# Gentoo has qemu keyworded only on targets with
+		# native code generation available. Avoid the interpreter.
+		--disable-tcg-interpreter
+
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+
+		$(use_enable alsa)
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable jack)
+		$(use_enable nls gettext)
+		$(use_enable oss)
+		$(use_enable plugins)
+		$(use_enable pulseaudio pa)
+		$(use_enable selinux)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	# Enable option only for softmmu build, but not 'user' or 'tools'
+	conf_softmmu() {
+		if [[ ${buildtype} == "softmmu" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Enable option only for tools build, but not 'user' or 'softmmu'
+	conf_tools() {
+		if [[ ${buildtype} == "tools" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Special case for the malloc flag, because the --disable flag does
+	# not exist and trying like above will break configuring.
+	conf_malloc() {
+		if [[ ! ${buildtype} == "user" ]] ; then
+			usex "${1}" "--enable-malloc=${1}" ""
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_softmmu bpf)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser curl)
+		$(conf_tools doc docs)
+		$(conf_notuser fdt)
+		$(conf_notuser fuse)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser io-uring linux-io-uring)
+		$(conf_malloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser multipath mpath)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser pam auth-pam)
+		$(conf_notuser png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_softmmu sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser slirp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser udev libudev)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
+		$(conf_notuser zstd)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev jack)
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-tools
+			--disable-cap-ng
+			--disable-seccomp
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+			--enable-cap-ng
+			--enable-seccomp
+		)
+		local static_flag="none"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--enable-tools
+			--enable-cap-ng
+		)
+		local static_flag="none"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backends="dtrace" )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if [[ ${static_flag} != "none" ]] && use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	# Meson will not use a cross-file unless cross_prefix is set.
+	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
+
+	# Plumb through equivalent of EXTRA_ECONF to allow experiments
+	# like bug #747928.
+	conf_opts+=( ${EXTRA_CONF_QEMU} )
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build" || die
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		default
+	fi
+
+	cd "${S}/tools-build" || die
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build" || die
+	emake DESTDIR="${ED}" install
+
+	# If USE=doc, there'll be newly generated docs which we install instead.
+	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null || die
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null || die
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}" || die
+	dodoc MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+
+		# PPC/PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+
+		if has_version 'sys-firmware/edk2-ovmf-bin'; then
+			ewarn "	$(best_version sys-firmware/edk2-ovmf-bin)"
+		else
+			ewarn " $(best_version sys-firmware/edk2-ovmf)"
+		fi
+
+		if has_version 'sys-firmware/seabios-bin'; then
+			ewarn "	$(best_version sys-firmware/seabios-bin)"
+		else
+			ewarn " $(best_version sys-firmware/seabios)"
+		fi
+
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+
+	if has_version 'sys-firmware/edk2-ovmf-bin'; then
+		echo "  $(best_version sys-firmware/edk2-ovmf-bin)"
+	else
+		echo "  $(best_version sys-firmware/edk2-ovmf)"
+	fi
+
+	if has_version 'sys-firmware/seabios-bin'; then
+		echo "  $(best_version sys-firmware/seabios-bin)"
+	else
+		echo "  $(best_version sys-firmware/seabios)"
+	fi
+
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+	udev_reload
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-05-18 21:07 Matthias Maier
  0 siblings, 0 replies; 56+ messages in thread
From: Matthias Maier @ 2023-05-18 21:07 UTC (permalink / raw
  To: gentoo-commits

commit:     25a4aeed4827c51fb13b41315a9d52c9b4b9de41
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Thu May 18 21:03:43 2023 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Thu May 18 21:07:10 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25a4aeed

app-emulation/qemu: update live ebuild

Thanks to Paolo Bonzini for the update regarding
qemu-8.0.0-remove-python-meson-check.patch

Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 ...qemu-8.1.0-also-build-virtfs-proxy-helper.patch | 32 ++++++++++++++++++++++
 app-emulation/qemu/qemu-9999.ebuild                |  5 ++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch b/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch
new file mode 100644
index 000000000000..61ea0f36d90a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch
@@ -0,0 +1,32 @@
+From d02ea89239768c93651a161d057f2bf04d56a024 Mon Sep 17 00:00:00 2001
+From: Matthias Maier <tamiko@43-1.org>
+Date: Mon, 4 Apr 2022 12:56:59 +0200
+Subject: [PATCH] also build virtfs-proxy-helper
+
+The Gentoo ebuild splits the qemu build into a softmmu, user and tool
+phase in order to be able to build and link some of the qemu emulators
+statically. This unfortunately has the consequence that we never
+configure with "have_virtfs" and "have_tools" at the same time.
+
+As a workaround, simply build the virtfs userland unconditionally. After
+all, it is a tiny executable
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 063c736aee..fda8639293 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2008,8 +2008,6 @@ have_virtfs = get_option('virtfs') \
+     .allowed()
+ 
+ have_virtfs_proxy_helper = get_option('virtfs_proxy_helper') \
+-    .require(targetos != 'darwin', error_message: 'the virtfs proxy helper is incompatible with macOS') \
+-    .require(have_virtfs, error_message: 'the virtfs proxy helper requires that virtfs is enabled') \
+     .disable_auto_if(not have_tools) \
+     .require(libcap_ng.found(), error_message: 'the virtfs proxy helper requires libcap-ng') \
+     .allowed()
+-- 
+2.35.1
+

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 3129dc21e59e..1446d5189be7 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -302,9 +302,8 @@ RDEPEND="${CDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-8.0.0-disable-keymap.patch
 	"${FILESDIR}"/${PN}-8.0.0-make.patch
-	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
 	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
-	"${FILESDIR}"/${PN}-8.0.0-remove-python-meson-check.patch
+	"${FILESDIR}"/${PN}-8.1.0-also-build-virtfs-proxy-helper.patch
 )
 
 QA_PREBUILT="
@@ -450,7 +449,7 @@ src_prepare() {
 	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
 
 	# Remove bundled modules
-	rm -r dtc meson roms/*/ || die
+	rm -r dtc roms/*/ || die
 }
 
 ##


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-07-02 23:01 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2023-07-02 23:01 UTC (permalink / raw
  To: gentoo-commits

commit:     d2d08ad4d9a70136bf79818eb698e3cb7eead3b0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  2 23:00:41 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul  2 23:00:43 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d08ad4

app-emulation/qemu: fix CVE-2023-2861 for 8.0.2

Bug: https://bugs.gentoo.org/909542
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch      | 162 ++++
 app-emulation/qemu/qemu-8.0.2-r1.ebuild            | 964 +++++++++++++++++++++
 2 files changed, 1126 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
new file mode 100644
index 000000000000..9a9c11a41d66
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
@@ -0,0 +1,162 @@
+https://bugs.gentoo.org/909542
+https://gitlab.com/qemu-project/qemu/-/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5
+
+From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001
+From: Christian Schoenebeck <qemu_oss@crudebyte.com>
+Date: Wed, 7 Jun 2023 18:29:33 +0200
+Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
+
+The 9p protocol does not specifically define how server shall behave when
+client tries to open a special file, however from security POV it does
+make sense for 9p server to prohibit opening any special file on host side
+in general. A sane Linux 9p client for instance would never attempt to
+open a special file on host side, it would always handle those exclusively
+on its guest side. A malicious client however could potentially escape
+from the exported 9p tree by creating and opening a device file on host
+side.
+
+With QEMU this could only be exploited in the following unsafe setups:
+
+  - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
+    security model.
+
+or
+
+  - Using 9p 'proxy' fs driver (which is running its helper daemon as
+    root).
+
+These setups were already discouraged for safety reasons before,
+however for obvious reasons we are now tightening behaviour on this.
+
+Fixes: CVE-2023-2861
+Reported-by: Yanwu Shen <ywsPlz@gmail.com>
+Reported-by: Jietao Xiao <shawtao1125@gmail.com>
+Reported-by: Jinku Li <jkli@xidian.edu.cn>
+Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
+Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
+Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
+(cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
+--- a/fsdev/virtfs-proxy-helper.c
++++ b/fsdev/virtfs-proxy-helper.c
+@@ -26,6 +26,7 @@
+ #include "qemu/xattr.h"
+ #include "9p-iov-marshal.h"
+ #include "hw/9pfs/9p-proxy.h"
++#include "hw/9pfs/9p-util.h"
+ #include "fsdev/9p-iov-marshal.h"
+ 
+ #define PROGNAME "virtfs-proxy-helper"
+@@ -338,6 +339,28 @@ static void resetugid(int suid, int sgid)
+     }
+ }
+ 
++/*
++ * Open regular file or directory. Attempts to open any special file are
++ * rejected.
++ *
++ * returns file descriptor or -1 on error
++ */
++static int open_regular(const char *pathname, int flags, mode_t mode)
++{
++    int fd;
++
++    fd = open(pathname, flags, mode);
++    if (fd < 0) {
++        return fd;
++    }
++
++    if (close_if_special_file(fd) < 0) {
++        return -1;
++    }
++
++    return fd;
++}
++
+ /*
+  * send response in two parts
+  * 1) ProxyHeader
+@@ -682,7 +705,7 @@ static int do_create(struct iovec *iovec)
+     if (ret < 0) {
+         goto unmarshal_err_out;
+     }
+-    ret = open(path.data, flags, mode);
++    ret = open_regular(path.data, flags, mode);
+     if (ret < 0) {
+         ret = -errno;
+     }
+@@ -707,7 +730,7 @@ static int do_open(struct iovec *iovec)
+     if (ret < 0) {
+         goto err_out;
+     }
+-    ret = open(path.data, flags);
++    ret = open_regular(path.data, flags, 0);
+     if (ret < 0) {
+         ret = -errno;
+     }
+--- a/hw/9pfs/9p-util.h
++++ b/hw/9pfs/9p-util.h
+@@ -13,6 +13,8 @@
+ #ifndef QEMU_9P_UTIL_H
+ #define QEMU_9P_UTIL_H
+ 
++#include "qemu/error-report.h"
++
+ #ifdef O_PATH
+ #define O_PATH_9P_UTIL O_PATH
+ #else
+@@ -112,6 +114,38 @@ static inline void close_preserve_errno(int fd)
+     errno = serrno;
+ }
+ 
++/**
++ * close_if_special_file() - Close @fd if neither regular file nor directory.
++ *
++ * @fd: file descriptor of open file
++ * Return: 0 on regular file or directory, -1 otherwise
++ *
++ * CVE-2023-2861: Prohibit opening any special file directly on host
++ * (especially device files), as a compromised client could potentially gain
++ * access outside exported tree under certain, unsafe setups. We expect
++ * client to handle I/O on special files exclusively on guest side.
++ */
++static inline int close_if_special_file(int fd)
++{
++    struct stat stbuf;
++
++    if (fstat(fd, &stbuf) < 0) {
++        close_preserve_errno(fd);
++        return -1;
++    }
++    if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) {
++        error_report_once(
++            "9p: broken or compromised client detected; attempt to open "
++            "special file (i.e. neither regular file, nor directory)"
++        );
++        close(fd);
++        errno = ENXIO;
++        return -1;
++    }
++
++    return 0;
++}
++
+ static inline int openat_dir(int dirfd, const char *name)
+ {
+     return openat(dirfd, name,
+@@ -146,6 +180,10 @@ again:
+         return -1;
+     }
+ 
++    if (close_if_special_file(fd) < 0) {
++        return -1;
++    }
++
+     serrno = errno;
+     /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
+      * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()
+-- 
+GitLab

diff --git a/app-emulation/qemu/qemu-8.0.2-r1.ebuild b/app-emulation/qemu/qemu-8.0.2-r1.ebuild
new file mode 100644
index 000000000000..78edcdb58018
--- /dev/null
+++ b/app-emulation/qemu/qemu-8.0.2-r1.ebuild
@@ -0,0 +1,964 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Generate using https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
+# Set to 1 if prebuilt, 0 if not
+# (the construct below is to allow overriding from env for script)
+QEMU_DOCS_PREBUILT=${QEMU_DOCS_PREBUILT:-1}
+QEMU_DOCS_PREBUILT_DEV=sam
+QEMU_DOCS_VERSION="8.0.0"
+# Default to generating docs (inc. man pages) if no prebuilt; overridden later
+# bug #830088
+QEMU_DOC_USEFLAG="+doc"
+
+PYTHON_COMPAT=( python3_{9,10,11} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="7.2.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+		pax-utils xdg-utils
+
+if [[ ${PV} == *9999* ]]; then
+	QEMU_DOCS_PREBUILT=0
+
+	EGIT_REPO_URI="https://gitlab.com/qemu-project/qemu.git/"
+	EGIT_SUBMODULES=(
+		tests/fp/berkeley-softfloat-3
+		tests/fp/berkeley-testfloat-3
+		ui/keycodemapdb
+	)
+	inherit git-r3
+	SRC_URI=""
+else
+	MY_P="${PN}-${PV/_rc/-rc}"
+	SRC_URI="https://download.qemu.org/${MY_P}.tar.xz"
+
+	if [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		SRC_URI+=" !doc? ( https://dev.gentoo.org/~${QEMU_DOCS_PREBUILT_DEV}/distfiles/${CATEGORY}/${PN}/${PN}-${QEMU_DOCS_VERSION}-docs.tar.xz )"
+	fi
+
+	S="${WORKDIR}/${MY_P}"
+	[[ "${PV}" != *_rc* ]] && KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org"
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+[[ ${QEMU_DOCS_PREBUILT} == 1 ]] && QEMU_DOC_USEFLAG="doc"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +curl debug ${QEMU_DOC_USEFLAG}
+	+fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
+	jack jemalloc +jpeg
+	lzo multipath
+	ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+	plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+	+slirp
+	smartcard snappy spice ssh static-user systemtap test udev usb
+	usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen
+	zstd"
+
+COMMON_TARGETS="
+	aarch64
+	alpha
+	arm
+	cris
+	hppa
+	i386
+	loongarch64
+	m68k
+	microblaze
+	microblazeel
+	mips
+	mips64
+	mips64el
+	mipsel
+	nios2
+	or1k
+	ppc
+	ppc64
+	riscv32
+	riscv64
+	s390x
+	sh4
+	sh4eb
+	sparc
+	sparc64
+	x86_64
+	xtensa
+	xtensaeb
+"
+IUSE_SOFTMMU_TARGETS="
+	${COMMON_TARGETS}
+	avr
+	rx
+	tricore
+"
+IUSE_USER_TARGETS="
+	${COMMON_TARGETS}
+	aarch64_be
+	armeb
+	hexagon
+	mipsn32
+	mipsn32el
+	ppc64le
+	sparc32plus
+"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	qemu_softmmu_targets_arm? ( fdt )
+	qemu_softmmu_targets_microblaze? ( fdt )
+	qemu_softmmu_targets_mips64el? ( fdt )
+	qemu_softmmu_targets_ppc64? ( fdt )
+	qemu_softmmu_targets_ppc? ( fdt )
+	qemu_softmmu_targets_riscv32? ( fdt )
+	qemu_softmmu_targets_riscv64? ( fdt )
+	qemu_softmmu_targets_x86_64? ( fdt )
+	sdl-image? ( sdl )
+	static-user? ( !plugins )
+	virgl? ( opengl )
+	virtfs? ( xattr )
+	vnc? ( gnutls )
+	vte? ( gtk )
+	multipath? ( udev )
+	plugins? ( !static-user )
+"
+for smname in ${IUSE_SOFTMMU_TARGETS} ; do
+	REQUIRED_USE+=" qemu_softmmu_targets_${smname}? ( kernel_linux? ( seccomp ) )"
+done
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# and user/softmmu targets (qemu-*, qemu-system-*).
+#
+# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the external library.
+ALL_DEPEND="
+	dev-libs/glib:2[static-libs(+)]
+	sys-libs/zlib[static-libs(+)]
+	python? ( ${PYTHON_DEPS} )
+	systemtap? ( dev-util/systemtap )
+	xattr? ( sys-apps/attr[static-libs(+)] )"
+
+# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
+# softmmu targets (qemu-system-*).
+SOFTMMU_TOOLS_DEPEND="
+	>=x11-libs/pixman-0.28.0[static-libs(+)]
+	accessibility? (
+		app-accessibility/brltty[api]
+		app-accessibility/brltty[static-libs(+)]
+	)
+	aio? ( dev-libs/libaio[static-libs(+)] )
+	alsa? ( >=media-libs/alsa-lib-1.0.13 )
+	bpf? ( dev-libs/libbpf:= )
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
+	capstone? ( dev-libs/capstone:=[static-libs(+)] )
+	curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
+	fdt? ( >=sys-apps/dtc-1.5.1[static-libs(+)] )
+	fuse? ( >=sys-fs/fuse-3.1:3[static-libs(+)] )
+	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
+	gnutls? (
+		>=net-libs/gnutls-3.0:=[static-libs(+)]
+		dev-libs/nettle:=[static-libs(+)]
+	)
+	gtk? (
+		x11-libs/cairo
+		x11-libs/gdk-pixbuf:2
+		x11-libs/gtk+:3
+		x11-libs/libX11
+		vte? ( x11-libs/vte:2.91 )
+	)
+	infiniband? ( sys-cluster/rdma-core[static-libs(+)] )
+	iscsi? ( net-libs/libiscsi )
+	io-uring? ( sys-libs/liburing:=[static-libs(+)] )
+	jack? ( virtual/jack )
+	jemalloc? ( dev-libs/jemalloc )
+	jpeg? ( media-libs/libjpeg-turbo:=[static-libs(+)] )
+	kernel_linux? ( sys-libs/libcap-ng[static-libs(+)] )
+	lzo? ( dev-libs/lzo:2[static-libs(+)] )
+	multipath? ( sys-fs/multipath-tools )
+	ncurses? (
+		sys-libs/ncurses:=[unicode(+)]
+		sys-libs/ncurses:=[static-libs(+)]
+	)
+	nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] )
+	numa? ( sys-process/numactl[static-libs(+)] )
+	opengl? (
+		virtual/opengl
+		media-libs/libepoxy[static-libs(+)]
+		media-libs/mesa[static-libs(+)]
+		media-libs/mesa[egl(+),gbm(+)]
+	)
+	pam? ( sys-libs/pam )
+	png? ( >=media-libs/libpng-1.6.34:=[static-libs(+)] )
+	pulseaudio? ( media-libs/libpulse )
+	rbd? ( sys-cluster/ceph )
+	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
+	sdl? (
+		media-libs/libsdl2[video]
+		media-libs/libsdl2[static-libs(+)]
+	)
+	sdl-image? ( media-libs/sdl2-image[static-libs(+)] )
+	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	slirp? ( net-libs/libslirp[static-libs(+)] )
+	smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
+	snappy? ( app-arch/snappy:= )
+	spice? (
+		>=app-emulation/spice-protocol-0.14.0
+		>=app-emulation/spice-0.14.0[static-libs(+)]
+	)
+	ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] )
+	udev? ( virtual/libudev:= )
+	usb? ( >=virtual/libusb-1-r2:1[static-libs(+)] )
+	usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
+	vde? ( net-misc/vde[static-libs(+)] )
+	virgl? ( media-libs/virglrenderer[static-libs(+)] )
+	virtfs? ( sys-libs/libcap )
+	xen? ( app-emulation/xen-tools:= )
+	zstd? ( >=app-arch/zstd-1.4.0[static-libs(+)] )
+"
+
+EDK2_OVMF_VERSION="202202"
+SEABIOS_VERSION="1.16.0"
+
+X86_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		~sys-firmware/ipxe-1.21.1[binary,qemu]
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		~sys-firmware/sgabios-0.1_pre10[binary]
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/edk2-ovmf-${EDK2_OVMF_VERSION}
+			>=sys-firmware/edk2-ovmf-bin-${EDK2_OVMF_VERSION}
+		)
+		sys-firmware/ipxe[qemu]
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+		sys-firmware/sgabios
+	)"
+PPC_FIRMWARE_DEPEND="
+	pin-upstream-blobs? (
+		~sys-firmware/seabios-bin-${SEABIOS_VERSION}
+	)
+	!pin-upstream-blobs? (
+		|| (
+			>=sys-firmware/seabios-${SEABIOS_VERSION}[seavgabios]
+			>=sys-firmware/seabios-bin-${SEABIOS_VERSION}
+		)
+	)
+"
+
+BDEPEND="
+	$(python_gen_impl_dep)
+	dev-lang/perl
+	dev-util/meson
+	sys-apps/texinfo
+	virtual/pkgconfig
+	doc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx-rtd-theme[${PYTHON_USEDEP}]
+	)
+	gtk? ( nls? ( sys-devel/gettext ) )
+	test? (
+		dev-libs/glib[utils]
+		sys-devel/bc
+	)
+"
+CDEPEND="
+	${ALL_DEPEND//\[static-libs(+)]}
+	${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
+	qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc? ( ${PPC_FIRMWARE_DEPEND} )
+	qemu_softmmu_targets_ppc64? ( ${PPC_FIRMWARE_DEPEND} )
+"
+DEPEND="${CDEPEND}
+	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	static-user? ( ${ALL_DEPEND} )"
+RDEPEND="${CDEPEND}
+	acct-group/kvm
+	selinux? (
+		sec-policy/selinux-qemu
+		sys-libs/libselinux
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-8.0.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-8.0.0-make.patch
+	"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
+	"${FILESDIR}"/${PN}-7.2.0-disable-gmp.patch
+	"${FILESDIR}"/${PN}-8.0.0-remove-python-meson-check.patch
+	"${FILESDIR}"/${P}-CVE-2023-2861.patch
+)
+
+QA_PREBUILT="
+	usr/share/qemu/hppa-firmware.img
+	usr/share/qemu/openbios-ppc
+	usr/share/qemu/openbios-sparc64
+	usr/share/qemu/openbios-sparc32
+	usr/share/qemu/opensbi-riscv64-generic-fw_dynamic.elf
+	usr/share/qemu/opensbi-riscv32-generic-fw_dynamic.elf
+	usr/share/qemu/palcode-clipper
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/s390-netboot.img
+	usr/share/qemu/u-boot.e500
+"
+
+QA_WX_LOAD="usr/bin/qemu-i386
+	usr/bin/qemu-x86_64
+	usr/bin/qemu-alpha
+	usr/bin/qemu-arm
+	usr/bin/qemu-cris
+	usr/bin/qemu-m68k
+	usr/bin/qemu-microblaze
+	usr/bin/qemu-microblazeel
+	usr/bin/qemu-mips
+	usr/bin/qemu-mipsel
+	usr/bin/qemu-or1k
+	usr/bin/qemu-ppc
+	usr/bin/qemu-ppc64
+	usr/bin/qemu-sh4
+	usr/bin/qemu-sh4eb
+	usr/bin/qemu-sparc
+	usr/bin/qemu-sparc64
+	usr/bin/qemu-armeb
+	usr/bin/qemu-sparc32plus
+	usr/bin/qemu-s390x
+	usr/bin/qemu-unicore32
+"
+
+DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
+kernel module loaded before running kvm. The easiest way to ensure that the
+kernel module is loaded is to load it on boot.
+	For AMD CPUs the module is called 'kvm-amd'.
+	For Intel CPUs the module is called 'kvm-intel'.
+Please review /etc/conf.d/modules for how to load these.
+
+Make sure your user is in the 'kvm' group. Just run
+	$ gpasswd -a <USER> kvm
+then have <USER> re-login.
+
+For brand new installs, the default permissions on /dev/kvm might not let
+you access it.  You can tell udev to reset ownership/perms:
+	$ udevadm trigger -c add /dev/kvm
+
+If you want to register binfmt handlers for qemu user targets:
+For openrc:
+	# rc-update add qemu-binfmt
+For systemd:
+	# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 2 6 25; then
+		eerror "This version of KVM requires a host kernel of 2.6.25 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use the"
+			ERROR_TUN+=" virtual network device if using -net tap."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
+			ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
+			ERROR_VHOST_NET+=" support"
+
+			if use amd64 || use x86 || use amd64-linux || use x86-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			use python && CONFIG_CHECK+=" ~DEBUG_FS"
+			ERROR_DEBUG_FS="debugFS support required for kvm_stat"
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+
+	if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
+		eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
+		eerror "instances are still pointing to it.  Please update your"
+		eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
+		eerror "and the right system binary (e.g. qemu-system-x86_64)."
+		die "update your virt configs to not use qemu-kvm"
+	fi
+}
+
+# Sanity check to make sure target lists are kept up-to-date.
+check_targets() {
+	local var=$1 mak=$2
+	local detected sorted
+
+	pushd "${S}"/configs/targets/ >/dev/null || die
+
+	# Force C locale until glibc is updated. #564936
+	detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
+	sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
+	if [[ ${sorted} != "${detected}" ]] ; then
+		eerror "The ebuild needs to be kept in sync."
+		eerror "${var}: ${sorted}"
+		eerror "$(printf '%-*s' ${#var} configure): ${detected}"
+		die "sync ${var} to the list of targets"
+	fi
+
+	popd >/dev/null
+}
+
+src_prepare() {
+	check_targets IUSE_SOFTMMU_TARGETS softmmu
+	check_targets IUSE_USER_TARGETS linux-user
+
+	default
+
+	# Use correct toolchain to fix cross-compiling
+	tc-export AR AS LD NM OBJCOPY PKG_CONFIG RANLIB STRINGS
+	export WINDRES=${CHOST}-windres
+
+	# Verbose builds
+	MAKEOPTS+=" V=1"
+
+	# We already force -D_FORTIFY_SOURCE=2 (or 3) in our toolchain, but
+	# this setting (-U then -D..=2) will prevent us from trying out 3, so
+	# drop it. No change to level of protection b/c we patch our toolchain.
+	sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
+
+	# Remove bundled modules
+	rm -r dtc meson roms/*/ || die
+}
+
+##
+# configures qemu based on the build directory and the build type
+# we are using.
+#
+qemu_src_configure() {
+	debug-print-function ${FUNCNAME} "$@"
+
+	local buildtype=$1
+	local builddir="${S}/${buildtype}-build"
+
+	mkdir "${builddir}" || die
+
+	local conf_opts=(
+		--prefix=/usr
+		--sysconfdir=/etc
+		--bindir=/usr/bin
+		--libdir=/usr/$(get_libdir)
+		--datadir=/usr/share
+		--docdir=/usr/share/doc/${PF}/html
+		--mandir=/usr/share/man
+		--localstatedir=/var
+		--disable-bsd-user
+		--disable-containers # bug #732972
+		--disable-guest-agent
+		--disable-strip
+		--with-git-submodules=ignore
+
+		# bug #746752: TCG interpreter has a few limitations:
+		# - it does not support FPU
+		# - it's generally slower on non-self-modifying code
+		# It's advantage is support for host architectures
+		# where native codegeneration is not implemented.
+		# Gentoo has qemu keyworded only on targets with
+		# native code generation available. Avoid the interpreter.
+		--disable-tcg-interpreter
+
+		--disable-werror
+		# We support gnutls/nettle for crypto operations.  It is possible
+		# to use gcrypt when gnutls/nettle are disabled (but not when they
+		# are enabled), but it's not really worth the hassle.  Disable it
+		# all the time to avoid automatically detecting it. #568856
+		--disable-gcrypt
+		--cc="$(tc-getCC)"
+		--cxx="$(tc-getCXX)"
+		--host-cc="$(tc-getBUILD_CC)"
+
+		$(use_enable alsa)
+		$(use_enable debug debug-info)
+		$(use_enable debug debug-tcg)
+		$(use_enable jack)
+		$(use_enable nls gettext)
+		$(use_enable oss)
+		$(use_enable plugins)
+		$(use_enable pulseaudio pa)
+		$(use_enable selinux)
+		$(use_enable xattr attr)
+	)
+
+	# Disable options not used by user targets. This simplifies building
+	# static user targets (USE=static-user) considerably.
+	conf_notuser() {
+		if [[ ${buildtype} == "user" ]] ; then
+			echo "--disable-${2:-$1}"
+		else
+			use_enable "$@"
+		fi
+	}
+	# Enable option only for softmmu build, but not 'user' or 'tools'
+	conf_softmmu() {
+		if [[ ${buildtype} == "softmmu" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Enable option only for tools build, but not 'user' or 'softmmu'
+	conf_tools() {
+		if [[ ${buildtype} == "tools" ]] ; then
+			use_enable "$@"
+		else
+			echo "--disable-${2:-$1}"
+		fi
+	}
+	# Special case for the malloc flag, because the --disable flag does
+	# not exist and trying like above will break configuring.
+	conf_malloc() {
+		if [[ ! ${buildtype} == "user" ]] ; then
+			usex "${1}" "--enable-malloc=${1}" ""
+		fi
+	}
+	conf_opts+=(
+		$(conf_notuser accessibility brlapi)
+		$(conf_notuser aio linux-aio)
+		$(conf_softmmu bpf)
+		$(conf_notuser bzip2)
+		$(conf_notuser capstone)
+		$(conf_notuser curl)
+		$(conf_tools doc docs)
+		$(conf_notuser fdt)
+		$(conf_notuser fuse)
+		$(conf_notuser glusterfs)
+		$(conf_notuser gnutls)
+		$(conf_notuser gnutls nettle)
+		$(conf_notuser gtk)
+		$(conf_notuser infiniband rdma)
+		$(conf_notuser iscsi libiscsi)
+		$(conf_notuser io-uring linux-io-uring)
+		$(conf_malloc jemalloc)
+		$(conf_notuser jpeg vnc-jpeg)
+		$(conf_notuser kernel_linux kvm)
+		$(conf_notuser lzo)
+		$(conf_notuser multipath mpath)
+		$(conf_notuser ncurses curses)
+		$(conf_notuser nfs libnfs)
+		$(conf_notuser numa)
+		$(conf_notuser opengl)
+		$(conf_notuser pam auth-pam)
+		$(conf_notuser png)
+		$(conf_notuser rbd)
+		$(conf_notuser sasl vnc-sasl)
+		$(conf_notuser sdl)
+		$(conf_softmmu sdl-image)
+		$(conf_notuser seccomp)
+		$(conf_notuser slirp)
+		$(conf_notuser smartcard)
+		$(conf_notuser snappy)
+		$(conf_notuser spice)
+		$(conf_notuser ssh libssh)
+		$(conf_notuser udev libudev)
+		$(conf_notuser usb libusb)
+		$(conf_notuser usbredir usb-redir)
+		$(conf_notuser vde)
+		$(conf_notuser vhost-net)
+		$(conf_notuser virgl virglrenderer)
+		$(conf_softmmu virtfs)
+		$(conf_notuser vnc)
+		$(conf_notuser vte)
+		$(conf_notuser xen)
+		$(conf_notuser xen xen-pci-passthrough)
+		# use prebuilt keymaps, bug #759604
+		--disable-xkbcommon
+		$(conf_notuser zstd)
+	)
+
+	if [[ ! ${buildtype} == "user" ]] ; then
+		# audio options
+		local audio_opts=(
+			# Note: backend order matters here: #716202
+			# We iterate from higher-level to lower level.
+			$(usex pulseaudio pa "")
+			$(usev jack)
+			$(usev sdl)
+			$(usev alsa)
+			$(usev oss)
+		)
+		conf_opts+=(
+			--audio-drv-list=$(IFS=,; echo "${audio_opts[*]}")
+		)
+	fi
+
+	case ${buildtype} in
+	user)
+		conf_opts+=(
+			--enable-linux-user
+			--disable-system
+			--disable-tools
+			--disable-cap-ng
+			--disable-seccomp
+		)
+		local static_flag="static-user"
+		;;
+	softmmu)
+		conf_opts+=(
+			--disable-linux-user
+			--enable-system
+			--disable-tools
+			--enable-cap-ng
+			--enable-seccomp
+		)
+		local static_flag="none"
+		;;
+	tools)
+		conf_opts+=(
+			--disable-linux-user
+			--disable-system
+			--enable-tools
+			--enable-cap-ng
+		)
+		local static_flag="none"
+		;;
+	esac
+
+	local targets="${buildtype}_targets"
+	[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
+
+	# Add support for SystemTAP
+	use systemtap && conf_opts+=( --enable-trace-backends="dtrace" )
+
+	# We always want to attempt to build with PIE support as it results
+	# in a more secure binary. But it doesn't work with static or if
+	# the current GCC doesn't have PIE support.
+	if [[ ${static_flag} != "none" ]] && use ${static_flag}; then
+		conf_opts+=( --static --disable-pie )
+	else
+		tc-enables-pie && conf_opts+=( --enable-pie )
+	fi
+
+	# Meson will not use a cross-file unless cross_prefix is set.
+	tc-is-cross-compiler && conf_opts+=( --cross-prefix="${CHOST}-" )
+
+	# Plumb through equivalent of EXTRA_ECONF to allow experiments
+	# like bug #747928.
+	conf_opts+=( ${EXTRA_CONF_QEMU} )
+
+	echo "../configure ${conf_opts[*]}"
+	cd "${builddir}"
+	../configure "${conf_opts[@]}" || die "configure failed"
+}
+
+src_configure() {
+	local target
+
+	python_setup
+
+	softmmu_targets= softmmu_bins=()
+	user_targets= user_bins=()
+
+	for target in ${IUSE_SOFTMMU_TARGETS} ; do
+		if use "qemu_softmmu_targets_${target}"; then
+			softmmu_targets+=",${target}-softmmu"
+			softmmu_bins+=( "qemu-system-${target}" )
+		fi
+	done
+
+	for target in ${IUSE_USER_TARGETS} ; do
+		if use "qemu_user_targets_${target}"; then
+			user_targets+=",${target}-linux-user"
+			user_bins+=( "qemu-${target}" )
+		fi
+	done
+
+	softmmu_targets=${softmmu_targets#,}
+	user_targets=${user_targets#,}
+
+	[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
+	[[ -n ${user_targets}    ]] && qemu_src_configure "user"
+	qemu_src_configure "tools"
+}
+
+src_compile() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build" || die
+		default
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		default
+	fi
+
+	cd "${S}/tools-build" || die
+	default
+}
+
+src_test() {
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build" || die
+		pax-mark m */qemu-system-* #515550
+		emake check
+	fi
+}
+
+qemu_python_install() {
+	python_domodule "${S}/python/qemu"
+
+	python_doscript "${S}/scripts/kvm/vmxcap"
+	python_doscript "${S}/scripts/qmp/qmp-shell"
+	python_doscript "${S}/scripts/qmp/qemu-ga-client"
+}
+
+# Generate binfmt support files.
+#   - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
+#   - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
+generate_initd() {
+	local out="${T}/qemu-binfmt"
+	local out_systemd="${T}/qemu.conf"
+	local d="${T}/binfmt.d"
+
+	einfo "Generating qemu binfmt scripts and configuration files"
+
+	# Generate the debian fragments first.
+	mkdir -p "${d}"
+	"${S}"/scripts/qemu-binfmt-conf.sh \
+		--debian \
+		--exportdir "${d}" \
+		--qemu-path "${EPREFIX}/usr/bin" \
+		|| die
+	# Then turn the fragments into a shell script we can source.
+	sed -E -i \
+		-e 's:^([^ ]+) (.*)$:\1="\2":' \
+		"${d}"/* || die
+
+	# Generate the init.d script by assembling the fragments from above.
+	local f qcpu package interpreter magic mask
+	cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
+	for f in "${d}"/qemu-* ; do
+		source "${f}"
+
+		# Normalize the cpu logic like we do in the init.d for the native cpu.
+		qcpu=${package#qemu-}
+		case ${qcpu} in
+		arm*)   qcpu="arm";;
+		mips*)  qcpu="mips";;
+		ppc*)   qcpu="ppc";;
+		s390*)  qcpu="s390";;
+		sh*)    qcpu="sh";;
+		sparc*) qcpu="sparc";;
+		esac
+
+		# we use 'printf' here to be portable across 'sh'
+		# implementations: #679168
+		cat <<EOF >>"${out}"
+	if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
+		printf '%s\n' ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
+	fi
+EOF
+
+		echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
+
+	done
+	cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
+}
+
+src_install() {
+	if [[ -n ${user_targets} ]]; then
+		cd "${S}/user-build"
+		emake DESTDIR="${ED}" install
+
+		# Install binfmt handler init script for user targets.
+		generate_initd
+		doinitd "${T}/qemu-binfmt"
+
+		# Install binfmt/qemu.conf.
+		insinto "/usr/share/qemu/binfmt.d"
+		doins "${T}/qemu.conf"
+	fi
+
+	if [[ -n ${softmmu_targets} ]]; then
+		cd "${S}/softmmu-build"
+		emake DESTDIR="${ED}" install
+
+		# This might not exist if the test failed. #512010
+		[[ -e check-report.html ]] && dodoc check-report.html
+
+		if use kernel_linux; then
+			udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
+		fi
+
+		if use python; then
+			python_foreach_impl qemu_python_install
+		fi
+	fi
+
+	cd "${S}/tools-build" || die
+	emake DESTDIR="${ED}" install
+
+	# If USE=doc, there'll be newly generated docs which we install instead.
+	if ! use doc && [[ ${QEMU_DOCS_PREBUILT} == 1 ]] ; then
+		doman "${WORKDIR}"/${PN}-${QEMU_DOCS_VERSION}-docs/docs/*.[0-8]
+	fi
+
+	# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
+	pushd "${ED}"/usr/bin >/dev/null || die
+	pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
+	popd >/dev/null || die
+
+	# Install config file example for qemu-bridge-helper
+	insinto "/etc/qemu"
+	doins "${FILESDIR}/bridge.conf"
+
+	cd "${S}" || die
+	dodoc MAINTAINERS docs/specs/pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+
+	# Disallow stripping of prebuilt firmware files.
+	dostrip -x ${QA_PREBUILT}
+
+	if [[ -n ${softmmu_targets} ]]; then
+		# Remove SeaBIOS since we're using the SeaBIOS packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+		fi
+
+		# Remove vgabios since we're using the seavgabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios.bin"
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+
+		# PPC/PPC64 loads vgabios-stdvga
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64; then
+			dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
+			dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
+			dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
+
+		# Remove sgabios since we're using the sgabios packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
+
+		# Remove iPXE since we're using the iPXE packaged one
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
+	fi
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+firmware_abi_change() {
+	local pv
+	for pv in ${REPLACING_VERSIONS}; do
+		if ver_test ${pv} -lt ${FIRMWARE_ABI_VERSION}; then
+			return 0
+		fi
+	done
+	return 1
+}
+
+pkg_postinst() {
+	if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
+		udev_reload
+	fi
+
+	xdg_icon_cache_update
+
+	[[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \
+		fcaps cap_net_admin "${EROOT}"/usr/libexec/qemu-bridge-helper
+
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_print_elog
+
+	if use pin-upstream-blobs && firmware_abi_change; then
+		ewarn "This version of qemu pins new versions of firmware blobs:"
+
+		if has_version 'sys-firmware/edk2-ovmf-bin'; then
+			ewarn "	$(best_version sys-firmware/edk2-ovmf-bin)"
+		else
+			ewarn " $(best_version sys-firmware/edk2-ovmf)"
+		fi
+
+		if has_version 'sys-firmware/seabios-bin'; then
+			ewarn "	$(best_version sys-firmware/seabios-bin)"
+		else
+			ewarn " $(best_version sys-firmware/seabios)"
+		fi
+
+		ewarn "	$(best_version sys-firmware/ipxe)"
+		ewarn "	$(best_version sys-firmware/sgabios)"
+		ewarn "This might break resume of hibernated guests (started with a different"
+		ewarn "firmware version) and live migration to/from qemu versions with different"
+		ewarn "firmware. Please (cold) restart all running guests. For functional"
+		ewarn "guest migration ensure that all"
+		ewarn "hosts run at least"
+		ewarn "	app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
+	fi
+}
+
+pkg_info() {
+	echo "Using:"
+	echo "  $(best_version app-emulation/spice-protocol)"
+
+	if has_version 'sys-firmware/edk2-ovmf-bin'; then
+		echo "  $(best_version sys-firmware/edk2-ovmf-bin)"
+	else
+		echo "  $(best_version sys-firmware/edk2-ovmf)"
+	fi
+
+	if has_version 'sys-firmware/seabios-bin'; then
+		echo "  $(best_version sys-firmware/seabios-bin)"
+	else
+		echo "  $(best_version sys-firmware/seabios)"
+	fi
+
+	echo "  $(best_version sys-firmware/ipxe)"
+	echo "  $(best_version sys-firmware/sgabios)"
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+	udev_reload
+}


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2023-07-02 23:35 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2023-07-02 23:35 UTC (permalink / raw
  To: gentoo-commits

commit:     229d28a525799ae2f65b1a2cd206b07189241026
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  2 23:34:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul  2 23:34:42 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=229d28a5

app-emulation/qemu: use right CVE-2023-2861 patch for 8.0.2

Fixes: d2d08ad4d9a70136bf79818eb698e3cb7eead3b0
Bug: https://bugs.gentoo.org/909542
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch      | 23 +++++++++++++---------
 .../{qemu-8.0.2-r1.ebuild => qemu-8.0.2-r2.ebuild} |  0
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
index 9a9c11a41d66..75fa534b4f1c 100644
--- a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
+++ b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
@@ -1,7 +1,7 @@
 https://bugs.gentoo.org/909542
-https://gitlab.com/qemu-project/qemu/-/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5
+https://gitlab.com/qemu-project/qemu/-/commit/b9d2887be4e616cdaeedd0b7456bfaa71ee798af
 
-From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001
+From b9d2887be4e616cdaeedd0b7456bfaa71ee798af Mon Sep 17 00:00:00 2001
 From: Christian Schoenebeck <qemu_oss@crudebyte.com>
 Date: Wed, 7 Jun 2023 18:29:33 +0200
 Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
@@ -39,7 +39,6 @@ Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
 Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
 (cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
 --- a/fsdev/virtfs-proxy-helper.c
 +++ b/fsdev/virtfs-proxy-helper.c
 @@ -26,6 +26,7 @@
@@ -108,7 +107,15 @@ Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
  #ifdef O_PATH
  #define O_PATH_9P_UTIL O_PATH
  #else
-@@ -112,6 +114,38 @@ static inline void close_preserve_errno(int fd)
+@@ -95,6 +97,7 @@ static inline int errno_to_dotl(int err) {
+ #endif
+ 
+ #define qemu_openat     openat
++#define qemu_fstat      fstat
+ #define qemu_fstatat    fstatat
+ #define qemu_mkdirat    mkdirat
+ #define qemu_renameat   renameat
+@@ -108,6 +111,38 @@ static inline void close_preserve_errno(int fd)
      errno = serrno;
  }
  
@@ -127,7 +134,7 @@ Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 +{
 +    struct stat stbuf;
 +
-+    if (fstat(fd, &stbuf) < 0) {
++    if (qemu_fstat(fd, &stbuf) < 0) {
 +        close_preserve_errno(fd);
 +        return -1;
 +    }
@@ -146,8 +153,8 @@ Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 +
  static inline int openat_dir(int dirfd, const char *name)
  {
-     return openat(dirfd, name,
-@@ -146,6 +180,10 @@ again:
+     return qemu_openat(dirfd, name,
+@@ -142,6 +177,10 @@ again:
          return -1;
      }
  
@@ -158,5 +165,3 @@ Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
      serrno = errno;
      /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
       * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()
--- 
-GitLab

diff --git a/app-emulation/qemu/qemu-8.0.2-r1.ebuild b/app-emulation/qemu/qemu-8.0.2-r2.ebuild
similarity index 100%
rename from app-emulation/qemu/qemu-8.0.2-r1.ebuild
rename to app-emulation/qemu/qemu-8.0.2-r2.ebuild


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
@ 2024-04-29  2:38 Sam James
  0 siblings, 0 replies; 56+ messages in thread
From: Sam James @ 2024-04-29  2:38 UTC (permalink / raw
  To: gentoo-commits

commit:     d6f20b2493dd5a01308582403e31050b33037508
Author:     Michal Privoznik <michal.privoznik <AT> gmail <DOT> com>
AuthorDate: Sun Apr 28 14:48:08 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 29 01:26:20 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6f20b24

app-emulation/qemu: Update live ebuild

Because we want to download all dependencies in fetch phase
(fixed in [1]), we keep a list of subprojects among with their
latest commit hash. Well, in commit [2] qemu bumped
'berkeley-testfloat-3'. Reflect that in our live ebuild.
Unfortunately, I've missed this in qemu-8.2.0 timeframe (in which
the qemu commit was merged), but there's no real harm as these
subprojects are part of dist tar. IOW, it's only live ebuild that
needs to fetch subprojects explicitly.

Also, some patches don't apply cleanly anymore. Rebase them.

Oh, and 'nios2' target was removed [3].

1: https://github.com/gentoo/gentoo/pull/32684
2: https://gitlab.com/qemu-project/qemu/-/commit/c01196bdddc280ae3710912e98e78f3103155eaf
3: https://gitlab.com/qemu-project/qemu/-/commit/6c3014858c4c0024dd0560f08a6eda0f92f658d6

Signed-off-by: Michal Privoznik <michal.privoznik <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-emulation/qemu/Manifest                        |  2 +-
 ...qemu-9.0.0-also-build-virtfs-proxy-helper.patch | 35 +++++++++++++++++
 .../files/qemu-9.0.0-capstone-include-path.patch   | 42 +++++++++++++++++++++
 .../qemu/files/qemu-9.0.0-disable-keymap.patch     | 44 ++++++++++++++++++++++
 app-emulation/qemu/qemu-9999.ebuild                | 10 ++---
 5 files changed, 127 insertions(+), 6 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index a6d749083741..a77588838fe3 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,5 +1,5 @@
 DIST berkeley-softfloat-3-b64af41c3276f97f0e181920400ee056b9c88037.tar.bz2 84094 BLAKE2B 396f9df2e6ad559545054e89916915c3a3c8ff80e5e409498fec497b564d8b3ac9dd3cb966e26dce232ddff82af18a0e84e864ca18a80c2a2f4fe47e320249c2 SHA512 93c20d50a356c90f4293d8c7593611b2e0a9bc7567b6d946319f8ae06962ae1e297c8788f66fd38a1d3a0d44661bff9a07a63eaa84c8bb40ae01a45476be446c
-DIST berkeley-testfloat-3-40619cbb3bf32872df8c53cc457039229428a263.tar.bz2 90086 BLAKE2B ab2070622453a7a0a1fbcf234df68cc7316474c04482b2ac13c700edbb5624968c5274f337dc84f06c4ab6c3e82698cd7b0b30fe206d004b0715f15a2cc7cfd1 SHA512 969892af9fdf16d45660753ed02bbd8d6159928e5e6ef2f87aed8a08d995bb19d2115fb6b559522074492b2595716d314c5c059bfa69c7fbb5aab9275582c22e
+DIST berkeley-testfloat-3-e7af9751d9f9fd3b47911f51a5cfd08af256a9ab.tar.bz2 90020 BLAKE2B 3dda1ba90c4a5ad5cbce2acf35e93f7adbd387ae0e0f929b2cd4cbdf263f95183103118f32be38e8c80de49d7df44c26319ee2f465061d004ae7e64e43eeeb3e SHA512 65f41f42ea563b2cdceb6c71633f41e6694a79ffd02afed4540353a8e73668ae40118dfc108163aae751acbaa7c49630ed99f423465089503c03aee76b07f221
 DIST keycodemapdb-f5772a62ec52591ff6870b7e8ef32482371f22c6.tar.bz2 27971 BLAKE2B 0ed69ad24c53bd459c8753565814bcc1cd858f20d3a046c38912a35bcb0ba6d388ef5d2b93157cd028959284b330caf5467d82071c3df56a405dd8e08fd177c7 SHA512 8f2cc14e8bd46cb045e3ebfe32e463793ab7472ebda9b57b8ea0b06fa107a1a99c3ebcacb9c4548e30698d8ec154c0e56f789385201182b680819b8068a103f2
 DIST qemu-7.2.0-docs.tar.xz 1984184 BLAKE2B 103900fb7903ed8d75f7f012bf61fa2d6fce345b657c851d0437c3384f5735bd1cfd3129320683ea7846ea0b0940e5af5b2663c9320f12fee74b058523a8ea06 SHA512 a7edd448982865e07533c300d3e44a8b50cefbdde1982b73c24d0b2aa74315439252c59b634c75de312860874c7b06c75aa72629da681b5105f28ee936794585
 DIST qemu-7.2.10.tar.xz 121311584 BLAKE2B e3b5156302cc699c38ad966340f68b1c72d00a2c420732368a22a9671a27d87ccd64e06c97b2e47d1dddf2d1d202b5103a6fc51221502b1c812d1c63a082d976 SHA512 d402dc49b9ed5da773785ce9c8ed75b66985286ab8a2f0956cb88277b9da88a5a86cf02226c6b24fe63635405f2fe89ebac9288cf2d4b59df22b4d05c2a8fe30

diff --git a/app-emulation/qemu/files/qemu-9.0.0-also-build-virtfs-proxy-helper.patch b/app-emulation/qemu/files/qemu-9.0.0-also-build-virtfs-proxy-helper.patch
new file mode 100644
index 000000000000..603d20c42fc8
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-9.0.0-also-build-virtfs-proxy-helper.patch
@@ -0,0 +1,35 @@
+From 951325a0c9519d4910d80cc6c7a5728c0dbc4946 Mon Sep 17 00:00:00 2001
+Message-ID: <951325a0c9519d4910d80cc6c7a5728c0dbc4946.1714317553.git.mprivozn@redhat.com>
+From: Matthias Maier <tamiko@43-1.org>
+Date: Mon, 4 Apr 2022 12:56:59 +0200
+Subject: [PATCH] also build virtfs-proxy-helper
+
+The Gentoo ebuild splits the qemu build into a softmmu, user and tool
+phase in order to be able to build and link some of the qemu emulators
+statically. This unfortunately has the consequence that we never
+configure with "have_virtfs" and "have_tools" at the same time.
+
+As a workaround, simply build the virtfs userland unconditionally. After
+all, it is a tiny executable.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ meson.build | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index c3a2be7b2d..50a5cfcf4e 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2116,8 +2116,6 @@ have_virtfs = get_option('virtfs') \
+     .allowed()
+ 
+ have_virtfs_proxy_helper = get_option('virtfs_proxy_helper') \
+-    .require(host_os != 'darwin', error_message: 'the virtfs proxy helper is incompatible with macOS') \
+-    .require(have_virtfs, error_message: 'the virtfs proxy helper requires that virtfs is enabled') \
+     .disable_auto_if(not have_tools) \
+     .require(libcap_ng.found(), error_message: 'the virtfs proxy helper requires libcap-ng') \
+     .allowed()
+-- 
+2.43.2
+

diff --git a/app-emulation/qemu/files/qemu-9.0.0-capstone-include-path.patch b/app-emulation/qemu/files/qemu-9.0.0-capstone-include-path.patch
new file mode 100644
index 000000000000..3e0408d6b213
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-9.0.0-capstone-include-path.patch
@@ -0,0 +1,42 @@
+From 67a8b35e98f5c0853f7cdf26db0ebc6ce20b929c Mon Sep 17 00:00:00 2001
+Message-ID: <67a8b35e98f5c0853f7cdf26db0ebc6ce20b929c.1714317553.git.mprivozn@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Sun, 28 Apr 2024 17:10:46 +0200
+Subject: [PATCH] Forward ported from qemu-7.1.0-capstone-include-path.patch.
+
+Bug: https://bugs.gentoo.org/873157
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ include/disas/capstone.h | 2 +-
+ meson.build              | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/disas/capstone.h b/include/disas/capstone.h
+index e29068dd97..d8fdc5d537 100644
+--- a/include/disas/capstone.h
++++ b/include/disas/capstone.h
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include <capstone.h>
++#include <capstone/capstone.h>
+ 
+ #else
+ 
+diff --git a/meson.build b/meson.build
+index ea3ccff968..c3a2be7b2d 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1712,7 +1712,7 @@ if not get_option('capstone').auto() or have_system or have_user
+   # that reports a wrong -I path, causing the #include to
+   # fail later. If the system has such a broken version
+   # do not use it.
+-  if capstone.found() and not cc.compiles('#include <capstone.h>',
++  if capstone.found() and not cc.compiles('#include <capstone/capstone.h>',
+                                           dependencies: [capstone])
+     capstone = not_found
+     if get_option('capstone').enabled()
+-- 
+2.43.2
+

diff --git a/app-emulation/qemu/files/qemu-9.0.0-disable-keymap.patch b/app-emulation/qemu/files/qemu-9.0.0-disable-keymap.patch
new file mode 100644
index 000000000000..c85d213626e2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-9.0.0-disable-keymap.patch
@@ -0,0 +1,44 @@
+From 8cca781563e89facd312d622a69af124eb2757c6 Mon Sep 17 00:00:00 2001
+Message-ID: <8cca781563e89facd312d622a69af124eb2757c6.1714317553.git.mprivozn@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Sun, 28 Apr 2024 17:10:13 +0200
+Subject: [PATCH] 8.0.0-disable-keymap.patch
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ meson.build                 | 2 ++
+ pc-bios/keymaps/meson.build | 4 +++-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 5db2dbc12e..ea3ccff968 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1098,6 +1098,8 @@ endif
+ 
+ if get_option('xkbcommon').auto() and not have_system and not have_tools
+   xkbcommon = not_found
++elif get_option('xkbcommon').disabled()
++  xkbcommon = not_found
+ else
+   xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
+                          method: 'pkg-config')
+diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build
+index 0bd8ce0077..3888f4c64f 100644
+--- a/pc-bios/keymaps/meson.build
++++ b/pc-bios/keymaps/meson.build
+@@ -33,8 +33,10 @@ keymaps = {
+   'tr': '-l tr',
+ }
+ 
+-if meson.is_cross_build() or not xkbcommon.found()
++if meson.is_cross_build()
+   native_qemu_keymap = find_program('qemu-keymap', required: false, disabler: true)
++elif get_option('xkbcommon').disabled()
++  native_qemu_keymap = not_found
+ else
+   native_qemu_keymap = qemu_keymap
+ endif
+-- 
+2.43.2
+

diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 381a891e0191..12e510eb4cc0 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -31,7 +31,7 @@ if [[ ${PV} == *9999* ]]; then
 	declare -A SUBPROJECTS=(
 		[keycodemapdb]="f5772a62ec52591ff6870b7e8ef32482371f22c6"
 		[berkeley-softfloat-3]="b64af41c3276f97f0e181920400ee056b9c88037"
-		[berkeley-testfloat-3]="40619cbb3bf32872df8c53cc457039229428a263"
+		[berkeley-testfloat-3]="e7af9751d9f9fd3b47911f51a5cfd08af256a9ab"
 	)
 
 	for proj in "${!SUBPROJECTS[@]}"; do
@@ -84,7 +84,6 @@ COMMON_TARGETS="
 	mips64
 	mips64el
 	mipsel
-	nios2
 	or1k
 	ppc
 	ppc64
@@ -316,11 +315,12 @@ RDEPEND="
 "
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-8.0.0-disable-keymap.patch
-	"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
-	"${FILESDIR}"/${PN}-8.1.0-also-build-virtfs-proxy-helper.patch
+	"${FILESDIR}"/${PN}-9.0.0-disable-keymap.patch
+	"${FILESDIR}"/${PN}-9.0.0-capstone-include-path.patch
+	"${FILESDIR}"/${PN}-9.0.0-also-build-virtfs-proxy-helper.patch
 	"${FILESDIR}"/${PN}-8.1.0-skip-tests.patch
 	"${FILESDIR}"/${PN}-8.1.0-find-sphinx.patch
+
 )
 
 QA_PREBUILT="


^ permalink raw reply related	[flat|nested] 56+ messages in thread

end of thread, other threads:[~2024-04-29  2:38 UTC | newest]

Thread overview: 56+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-05  1:05 [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/ WANG Xuerui
  -- strict thread matches above, loose matches on Subject: below --
2024-04-29  2:38 Sam James
2023-07-02 23:35 Sam James
2023-07-02 23:01 Sam James
2023-05-18 21:07 Matthias Maier
2023-05-05 18:11 Matthias Maier
2023-02-21  6:50 Sam James
2023-02-04 16:46 Andreas K. Hüttel
2022-12-08  1:22 John Helmert III
2022-11-12 19:43 Andreas K. Hüttel
2022-09-27 17:31 John Helmert III
2022-08-03 18:21 Sam James
2022-06-04  3:01 Sam James
2022-05-22 15:59 John Helmert III
2022-03-29  5:38 Sam James
2022-01-01  1:22 John Helmert III
2021-12-21 23:53 John Helmert III
2021-06-26 19:59 Sergei Trofimovich
2021-04-12 19:39 Sergei Trofimovich
2021-02-28 23:24 Sergei Trofimovich
2020-12-12 23:53 Sergei Trofimovich
2020-12-12  8:33 Sergei Trofimovich
2020-12-10 15:03 Sergei Trofimovich
2020-10-21 20:55 Sergei Trofimovich
2020-09-08  7:33 Sergei Trofimovich
2020-04-24 19:59 Sergei Trofimovich
2020-04-16 22:16 Sergei Trofimovich
2019-05-21  3:53 Matthias Maier
2019-05-17  8:58 Matthias Maier
2019-05-17  7:43 Matthias Maier
2019-04-29  6:48 Matthias Maier
2019-02-19  0:19 Matthias Maier
2018-08-19 17:49 Matthias Maier
2018-06-15 14:10 Jason Donenfeld
2018-03-27 15:44 Matthias Maier
2018-03-18 20:02 Matthias Maier
2017-11-12 20:22 Matthias Maier
2017-07-26 17:15 Matthias Maier
2017-05-18  4:20 Matthias Maier
2017-04-25 13:51 Matthias Maier
2017-03-27  4:03 Matthias Maier
2017-02-13  4:58 Matthias Maier
2016-12-29 18:47 Mike Frysinger
2016-11-12 17:29 Matthias Maier
2016-09-27  2:17 Matthias Maier
2016-09-09  5:23 Matthias Maier
2016-09-05 16:45 Matthias Maier
2016-09-05  5:30 Matthias Maier
2016-08-07 14:04 Luca Barbato
2016-06-07  3:02 Mike Frysinger
2016-05-17  4:41 Mike Frysinger
2016-04-23 20:30 Mike Frysinger
2016-03-23  5:25 Mike Frysinger
2015-12-15  5:55 Mike Frysinger
2015-12-08  3:17 Mike Frysinger
2015-11-23  0:41 Mike Frysinger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox