diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2016-10-26 16:47:50 -0500 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2016-10-26 16:48:21 -0500 |
| commit | 5a981e9d23127c779dc8ecb1d05ef08fe4d3a011 (patch) | |
| tree | 6da3e0d7a21372b5bed9b31f23f4a1c57f0a7e59 /app-emulation | |
| parent | app-emulation/spice: clean up XDG environment. (diff) | |
| download | gentoo-5a981e9d23127c779dc8ecb1d05ef08fe4d3a011.tar.gz gentoo-5a981e9d23127c779dc8ecb1d05ef08fe4d3a011.tar.bz2 gentoo-5a981e9d23127c779dc8ecb1d05ef08fe4d3a011.zip | |
app-emulation/qemu: multiple security fixes for 2.7.0-r5
CVE-2016-7466, bug 594520
CVE-2016-7907, bug 596048
CVE-2016-7908, bug 596049
CVE-2016-7909, bug 596048
CVE-2016-7994, bug 596738
CVE-2016-7994, bug 596738
CVE-2016-8576, bug 596752
CVE-2016-8577, bug 596776
CVE-2016-8578, bug 596774
CVE-2016-8668, bug 597110
CVE-2016-8669, bug 597108
CVE-2016-8669, bug 597108
CVE-2016-8909, bug 598044
CVE-2016-8910, bug 598046
Package-Manager: portage-2.3.0
Diffstat (limited to 'app-emulation')
14 files changed, 1189 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch new file mode 100644 index 000000000000..34b095a51374 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch @@ -0,0 +1,45 @@ +From: Prasad J Pandit <address@hidden> + +i.MX Fast Ethernet Controller uses buffer descriptors to manage +data flow to/fro receive & transmit queues. While transmitting +packets, it could continue to read buffer descriptors if a buffer +descriptor has length of zero and has crafted values in bd.flags. +Set an upper limit to number of buffer descriptors. + +Reported-by: Li Qiang <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/net/imx_fec.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +Update per + -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html + +diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c +index 1c415ab..1d74827 100644 +--- a/hw/net/imx_fec.c ++++ b/hw/net/imx_fec.c +@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = { + #define PHY_INT_PARFAULT (1 << 2) + #define PHY_INT_AUTONEG_PAGE (1 << 1) + ++#define IMX_MAX_DESC 1024 ++ + static void imx_eth_update(IMXFECState *s); + + /* +@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s) + + static void imx_fec_do_tx(IMXFECState *s) + { +- int frame_size = 0; ++ int frame_size = 0, descnt = 0; + uint8_t frame[ENET_MAX_FRAME_SIZE]; + uint8_t *ptr = frame; + uint32_t addr = s->tx_descriptor; + +- while (1) { ++ while (descnt++ < IMX_MAX_DESC) { + IMXFECBufDesc bd; + int len; + diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch new file mode 100644 index 000000000000..16d072fe7928 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch @@ -0,0 +1,52 @@ +From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Thu, 22 Sep 2016 16:02:37 +0530 +Subject: [PATCH] net: mcf: limit buffer descriptor count + +ColdFire Fast Ethernet Controller uses buffer descriptors to manage +data flow to/fro receive & transmit queues. While transmitting +packets, it could continue to read buffer descriptors if a buffer +descriptor has length of zero and has crafted values in bd.flags. +Set upper limit to number of buffer descriptors. + +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +--- + hw/net/mcf_fec.c | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c +index 0ee8ad9..d31fea1 100644 +--- a/hw/net/mcf_fec.c ++++ b/hw/net/mcf_fec.c +@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0) + #define DPRINTF(fmt, ...) do {} while(0) + #endif + ++#define FEC_MAX_DESC 1024 + #define FEC_MAX_FRAME_SIZE 2032 + + typedef struct { +@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) + uint32_t addr; + mcf_fec_bd bd; + int frame_size; +- int len; ++ int len, descnt = 0; + uint8_t frame[FEC_MAX_FRAME_SIZE]; + uint8_t *ptr; + +@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) + ptr = frame; + frame_size = 0; + addr = s->tx_descriptor; +- while (1) { ++ while (descnt++ < FEC_MAX_DESC) { + mcf_fec_read_bd(&bd, addr); + DPRINTF("tx_bd %x flags %04x len %d data %08x\n", + addr, bd.flags, bd.length, bd.data); +-- +1.7.0.4 + diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch new file mode 100644 index 000000000000..8e6ecff8926c --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch @@ -0,0 +1,32 @@ +From: Prasad J Pandit <address@hidden> + +The AMD PC-Net II emulator has set of control and status(CSR) +registers. Of these, CSR76 and CSR78 hold receive and transmit +descriptor ring length respectively. This ring length could range +from 1 to 65535. Setting ring length to zero leads to an infinite +loop in pcnet_rdra_addr. Add check to avoid it. + +Reported-by: Li Qiang <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/net/pcnet.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c +index 198a01f..3078de8 100644 +--- a/hw/net/pcnet.c ++++ b/hw/net/pcnet.c +@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value) + case 47: /* POLLINT */ + case 72: + case 74: ++ break; + case 76: /* RCVRL */ + case 78: /* XMTRL */ ++ val = (val > 0) ? val : 512; ++ break; + case 112: + if (CSR_STOP(s) || CSR_SPND(s)) + break; +-- +2.5.5 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch new file mode 100644 index 000000000000..6fe77f367da5 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch @@ -0,0 +1,25 @@ +From: Li Qiang <address@hidden> + +In virtio gpu resource create dispatch, if the pixman format is zero +it doesn't free the resource object allocated previously. Thus leading +a host memory leak issue. This patch avoid this. + +Signed-off-by: Li Qiang <address@hidden> +--- + hw/display/virtio-gpu.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 7fe6ed8..5b6d17b 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, + qemu_log_mask(LOG_GUEST_ERROR, + "%s: host couldn't handle guest format %d\n", + __func__, c2d.format); ++ g_free(res); + cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; + return; + } +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch new file mode 100644 index 000000000000..dce1b2b2a326 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch @@ -0,0 +1,26 @@ +From: Li Qiang <address@hidden> + +While processing isochronous transfer descriptors(iTD), if the page +select(PG) field value is out of bands it will return. In this +situation the ehci's sg list doesn't be freed thus leading a memory +leak issue. This patch avoid this. + +Signed-off-by: Li Qiang <address@hidden> +--- + hw/usb/hcd-ehci.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c +index b093db7..f4ece9a 100644 +--- a/hw/usb/hcd-ehci.c ++++ b/hw/usb/hcd-ehci.c +@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, + if (off + len > 4096) { + /* transfer crosses page border */ + if (pg == 6) { ++ qemu_sglist_destroy(&ehci->isgl); + return -1; /* avoid page pg + 1 */ + } + ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch new file mode 100644 index 000000000000..9617cd5dc880 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch @@ -0,0 +1,61 @@ +From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <address@hidden> +Date: Fri, 7 Oct 2016 10:15:29 +0200 +Subject: [PATCH] xhci: limit the number of link trbs we are willing to process + +Signed-off-by: Gerd Hoffmann <address@hidden> +--- + hw/usb/hcd-xhci.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c +index 726435c..ee4fa48 100644 +--- a/hw/usb/hcd-xhci.c ++++ b/hw/usb/hcd-xhci.c +@@ -54,6 +54,8 @@ + * to the specs when it gets them */ + #define ER_FULL_HACK + ++#define TRB_LINK_LIMIT 4 ++ + #define LEN_CAP 0x40 + #define LEN_OPER (0x400 + 0x10 * MAXPORTS) + #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) +@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, + dma_addr_t *addr) + { + PCIDevice *pci_dev = PCI_DEVICE(xhci); ++ uint32_t link_cnt = 0; + + while (1) { + TRBType type; +@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, + ring->dequeue += TRB_SIZE; + return type; + } else { ++ if (++link_cnt > TRB_LINK_LIMIT) { ++ return 0; ++ } + ring->dequeue = xhci_mask64(trb->parameter); + if (trb->control & TRB_LK_TC) { + ring->ccs = !ring->ccs; +@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + bool ccs = ring->ccs; + /* hack to bundle together the two/three TDs that make a setup transfer */ + bool control_td_set = 0; ++ uint32_t link_cnt = 0; + + while (1) { + TRBType type; +@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) + type = TRB_TYPE(trb); + + if (type == TR_LINK) { ++ if (++link_cnt > TRB_LINK_LIMIT) { ++ return -length; ++ } + dequeue = xhci_mask64(trb.parameter); + if (trb.control & TRB_LK_TC) { + ccs = !ccs; +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch new file mode 100644 index 000000000000..8c295802c8ae --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch @@ -0,0 +1,34 @@ +From: Li Qiang <address@hidden> + +In 9pfs read dispatch function, it doesn't free two QEMUIOVector +object thus causing potential memory leak. This patch avoid this. + +Signed-off-by: Li Qiang <address@hidden> +--- + hw/9pfs/9p.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 119ee58..543a791 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) + if (len < 0) { + /* IO error return the error */ + err = len; +- goto out; ++ goto out_free_iovec; + } + } while (count < max_count && len > 0); + err = pdu_marshal(pdu, offset, "d", count); + if (err < 0) { +- goto out; ++ goto out_free_iovec; + } + err += offset + count; ++out_free_iovec: + qemu_iovec_destroy(&qiov); + qemu_iovec_destroy(&qiov_full); + } else if (fidp->fid_type == P9_FID_XATTR) { +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch new file mode 100644 index 000000000000..74eee7e4d94d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch @@ -0,0 +1,58 @@ +From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Mon, 17 Oct 2016 14:13:58 +0200 +Subject: [PATCH] 9pfs: allocate space for guest originated empty strings + +If a guest sends an empty string paramater to any 9P operation, the current +code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }. + +This is unfortunate because it can cause NULL pointer dereference to happen +at various locations in the 9pfs code. And we don't want to check str->data +everywhere we pass it to strcmp() or any other function which expects a +dereferenceable pointer. + +This patch enforces the allocation of genuine C empty strings instead, so +callers don't have to bother. + +Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if +the returned string is empty. It now uses v9fs_string_size() since +name.data cannot be NULL anymore. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +[groug, rewritten title and changelog, + fix empty string check in v9fs_xattrwalk()] +Signed-off-by: Greg Kurz <groug@kaod.org> +--- + fsdev/9p-iov-marshal.c | 2 +- + hw/9pfs/9p.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c +index 663cad5..1d16f8d 100644 +--- a/fsdev/9p-iov-marshal.c ++++ b/fsdev/9p-iov-marshal.c +@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, + str->data = g_malloc(str->size + 1); + copied = v9fs_unpack(str->data, out_sg, out_num, offset, + str->size); +- if (copied > 0) { ++ if (copied >= 0) { + str->data[str->size] = 0; + } else { + v9fs_string_free(str); +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 119ee58..39a7e1d 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque) + goto out; + } + v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); +- if (name.data == NULL) { ++ if (!v9fs_string_size(&name)) { + /* + * listxattr request. Get the size first + */ +-- +2.7.3 + diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch new file mode 100644 index 000000000000..a27d3a6fb196 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch @@ -0,0 +1,30 @@ +From: Prasad J Pandit <address@hidden> + +Rocker network switch emulator has test registers to help debug +DMA operations. While testing host DMA access, a buffer address +is written to register 'TEST_DMA_ADDR' and its size is written to +register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT +test, if DMA buffer size was greater than 'INT_MAX', it leads to +an invalid buffer access. Limit the DMA buffer size to avoid it. + +Reported-by: Huawei PSIRT <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/net/rocker/rocker.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c +index 30f2ce4..e9d215a 100644 +--- a/hw/net/rocker/rocker.c ++++ b/hw/net/rocker/rocker.c +@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val) + rocker_msix_irq(r, val); + break; + case ROCKER_TEST_DMA_SIZE: +- r->test_dma_size = val; ++ r->test_dma_size = val & 0xFFFF; + break; + case ROCKER_TEST_DMA_ADDR + 4: + r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32; +-- +2.5.5 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch new file mode 100644 index 000000000000..457f022d596b --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch @@ -0,0 +1,29 @@ +From: Prasad J Pandit <address@hidden> + +The JAZZ RC4030 chipset emulator has a periodic timer and +associated interval reload register. The reload value is used +as divider when computing timer's next tick value. If reload +value is large, it could lead to divide by zero error. Limit +the interval reload value to avoid it. + +Reported-by: Huawei PSIRT <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/dma/rc4030.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c +index 2f2576f..c1b4997 100644 +--- a/hw/dma/rc4030.c ++++ b/hw/dma/rc4030.c +@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, + break; + /* Interval timer reload */ + case 0x0228: +- s->itr = val; ++ s->itr = val & 0x01FF; + qemu_irq_lower(s->timer_irq); + set_next_tick(s); + break; +-- +2.5.5 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch new file mode 100644 index 000000000000..23393b7d590d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch @@ -0,0 +1,34 @@ +From: Prasad J Pandit <address@hidden> + +16550A UART device uses an oscillator to generate frequencies +(baud base), which decide communication speed. This speed could +be changed by dividing it by a divider. If the divider is +greater than the baud base, speed is set to zero, leading to a +divide by zero error. Add check to avoid it. + +Reported-by: Huawei PSIRT <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/char/serial.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Update per + -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index 3442f47..eec72b7 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) + int speed, parity, data_bits, stop_bits, frame_size; + QEMUSerialSetParams ssp; + +- if (s->divider == 0) ++ if (s->divider == 0 || s->divider > s->baudbase) { + return; ++ } + + /* Start bit. */ + frame_size = 1; +-- +2.5.5 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch new file mode 100644 index 000000000000..ed6613f89660 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch @@ -0,0 +1,31 @@ +From: Prasad J Pandit <address@hidden> + +Intel HDA emulator uses stream of buffers during DMA data +transfers. Each entry has buffer length and buffer pointer +position, which are used to derive bytes to 'copy'. If this +length and buffer pointer were to be same, 'copy' could be +set to zero(0), leading to an infinite loop. Add check to +avoid it. + +Reported-by: Huawei PSIRT <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/audio/intel-hda.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c +index cd95340..537face 100644 +--- a/hw/audio/intel-hda.c ++++ b/hw/audio/intel-hda.c +@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output, + } + + left = len; +- while (left > 0) { ++ s = st->bentries; ++ while (left > 0 && s-- > 0) { + copy = left; + if (copy > st->bsize - st->lpib) + copy = st->bsize - st->lpib; +-- +2.7.4 diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch new file mode 100644 index 000000000000..c93f79631fcb --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch @@ -0,0 +1,29 @@ +From: Prasad J Pandit <address@hidden> + +RTL8139 ethernet controller in C+ mode supports multiple +descriptor rings, each with maximum of 64 descriptors. While +processing transmit descriptor ring in 'rtl8139_cplus_transmit', +it does not limit the descriptor count and runs forever. Add +check to avoid it. + +Reported-by: Andrew Henderson <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/net/rtl8139.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c +index 3345bc6..f05e59c 100644 +--- a/hw/net/rtl8139.c ++++ b/hw/net/rtl8139.c +@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s) + { + int txcount = 0; + +- while (rtl8139_cplus_transmit_one(s)) ++ while (txcount < 64 && rtl8139_cplus_transmit_one(s)) + { + ++txcount; + } +-- +2.7.4 diff --git a/app-emulation/qemu/qemu-2.7.0-r5.ebuild b/app-emulation/qemu/qemu-2.7.0-r5.ebuild new file mode 100644 index 000000000000..cece751794b5 --- /dev/null +++ b/app-emulation/qemu/qemu-2.7.0-r5.ebuild @@ -0,0 +1,703 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="ncurses,readline" + +PLOCALES="bg de_DE fr_FR hu it tr zh_CN" + +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ + user udev fcaps readme.gentoo-r1 pax-utils l10n + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="git://git.qemu.org/qemu.git" + inherit git-2 + SRC_URI="" +else + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" +fi + +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" + +LICENSE="GPL-2 LGPL-2 BSD-2" +SLOT="0" +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \ +gnutls gtk gtk2 infiniband iscsi +jpeg \ +kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs ++png pulseaudio python \ +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu +static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \ +virgl virtfs +vnc vte xattr xen xfs" + +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips +mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 +x86_64" +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb" +IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" + +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" + +# Allow no targets to be built so that people can get a tools-only build. +# Block USE flag configurations known to not work. +REQUIRED_USE="${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) + qemu_softmmu_targets_arm? ( fdt ) + qemu_softmmu_targets_microblaze? ( fdt ) + qemu_softmmu_targets_ppc? ( fdt ) + qemu_softmmu_targets_ppc64? ( fdt ) + sdl2? ( sdl ) + static? ( static-softmmu static-user ) + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) + virtfs? ( xattr ) + vte? ( gtk )" + +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. +# +# Older versions of gnutls are supported, but it's simpler to just require +# the latest versions. This is also why we require nettle. +# +# TODO: Split out tools deps into another var. e.g. bzip2 is only used by +# system binaries and tools, not user binaries. +COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] + dev-libs/libpcre[static-libs(+)] + sys-libs/zlib[static-libs(+)] + bzip2? ( app-arch/bzip2[static-libs(+)] ) + xattr? ( sys-apps/attr[static-libs(+)] )" +SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} + >=x11-libs/pixman-0.28.0[static-libs(+)] + accessibility? ( app-accessibility/brltty[static-libs(+)] ) + aio? ( dev-libs/libaio[static-libs(+)] ) + alsa? ( >=media-libs/alsa-lib-1.0.13 ) + bluetooth? ( net-wireless/bluez ) + caps? ( sys-libs/libcap-ng[static-libs(+)] ) + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) + gnutls? ( + dev-libs/nettle:=[static-libs(+)] + >=net-libs/gnutls-3.0:=[static-libs(+)] + ) + gtk? ( + gtk2? ( + x11-libs/gtk+:2 + vte? ( x11-libs/vte:0 ) + ) + !gtk2? ( + x11-libs/gtk+:3 + vte? ( x11-libs/vte:2.90 ) + ) + ) + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) + iscsi? ( net-libs/libiscsi ) + jpeg? ( virtual/jpeg:0=[static-libs(+)] ) + lzo? ( dev-libs/lzo:2[static-libs(+)] ) + ncurses? ( sys-libs/ncurses:0=[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + numa? ( sys-process/numactl[static-libs(+)] ) + opengl? ( + virtual/opengl + media-libs/libepoxy[static-libs(+)] + media-libs/mesa[static-libs(+)] + media-libs/mesa[egl,gles2,gbm] + ) + png? ( media-libs/libpng:0=[static-libs(+)] ) + pulseaudio? ( media-sound/pulseaudio ) + rbd? ( sys-cluster/ceph[static-libs(+)] ) + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) + sdl? ( + !sdl2? ( + media-libs/libsdl[X] + >=media-libs/libsdl-1.2.11[static-libs(+)] + ) + sdl2? ( + media-libs/libsdl2[X] + media-libs/libsdl2[static-libs(+)] + ) + ) + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) + snappy? ( app-arch/snappy[static-libs(+)] ) + spice? ( + >=app-emulation/spice-protocol-0.12.3 + >=app-emulation/spice-0.12.0[static-libs(+)] + ) + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) + usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) + uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] ) + vde? ( net-misc/vde[static-libs(+)] ) + virgl? ( media-libs/virglrenderer[static-libs(+)] ) + virtfs? ( sys-libs/libcap ) + xfs? ( sys-fs/xfsprogs[static-libs(+)] )" +USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" +X86_FIRMWARE_DEPEND=" + >=sys-firmware/ipxe-1.0.0_p20130624 + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.8.2 + ~sys-firmware/sgabios-0.1_pre8 + ~sys-firmware/vgabios-0.7a + ) + !pin-upstream-blobs? ( + sys-firmware/seabios + sys-firmware/sgabios + sys-firmware/vgabios + )" +CDEPEND=" + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + python? ( ${PYTHON_DEPS} ) + systemtap? ( dev-util/systemtap ) + xen? ( app-emulation/xen-tools:= )" +DEPEND="${CDEPEND} + dev-lang/perl + =dev-lang/python-2* + sys-apps/texinfo + virtual/pkgconfig + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) + test? ( + dev-libs/glib[utils] + sys-devel/bc + )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-qemu ) +" + +STRIP_MASK="/usr/share/qemu/palcode-clipper" + +QA_PREBUILT=" + usr/share/qemu/openbios-ppc + usr/share/qemu/openbios-sparc64 + usr/share/qemu/openbios-sparc32 + usr/share/qemu/palcode-clipper + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500 +" + +QA_WX_LOAD="usr/bin/qemu-i386 + usr/bin/qemu-x86_64 + usr/bin/qemu-alpha + usr/bin/qemu-arm + usr/bin/qemu-cris + usr/bin/qemu-m68k + usr/bin/qemu-microblaze + usr/bin/qemu-microblazeel + usr/bin/qemu-mips + usr/bin/qemu-mipsel + usr/bin/qemu-or32 + usr/bin/qemu-ppc + usr/bin/qemu-ppc64 + usr/bin/qemu-ppc64abi32 + usr/bin/qemu-sh4 + usr/bin/qemu-sh4eb + usr/bin/qemu-sparc + usr/bin/qemu-sparc64 + usr/bin/qemu-armeb + usr/bin/qemu-sparc32plus + usr/bin/qemu-s390x + usr/bin/qemu-unicore32" + +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure +you have the kernel module loaded before running kvm. The easiest way to +ensure that the kernel module is loaded is to load it on boot.\n +For AMD CPUs the module is called 'kvm-amd'.\n +For Intel CPUs the module is called 'kvm-intel'.\n +Please review /etc/conf.d/modules for how to load these.\n\n +Make sure your user is in the 'kvm' group\n +Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n +For brand new installs, the default permissions on /dev/kvm might not let you +access it. You can tell udev to reset ownership/perms:\n +udevadm trigger -c add /dev/kvm" + +qemu_support_kvm() { + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ + use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \ + use qemu_softmmu_targets_s390x; then + return 0 + fi + + return 1 +} + +pkg_pretend() { + if use kernel_linux && kernel_is lt 2 6 25; then + eerror "This version of KVM requres a host kernel of 2.6.25 or higher." + elif use kernel_linux; then + if ! linux_config_exists; then + eerror "Unable to check your kernel for KVM support" + else + CONFIG_CHECK="~KVM ~TUN ~BRIDGE" + ERROR_KVM="You must enable KVM in your kernel to continue" + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" + ERROR_KVM_AMD+=" your kernel configuration." + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." + ERROR_TUN="You will need the Universal TUN/TAP driver compiled" + ERROR_TUN+=" into your kernel or loaded as a module to use the" + ERROR_TUN+=" virtual network device if using -net tap." + ERROR_BRIDGE="You will also need support for 802.1d" + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" + ERROR_VHOST_NET+=" support" + + if use amd64 || use x86 || use amd64-linux || use x86-linux; then + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + fi + + use python && CONFIG_CHECK+=" ~DEBUG_FS" + ERROR_DEBUG_FS="debugFS support required for kvm_stat" + + # Now do the actual checks setup above + check_extra_config + fi + fi + + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" + eerror "instances are still pointing to it. Please update your" + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" + eerror "and the right system binary (e.g. qemu-system-x86_64)." + die "update your virt configs to not use qemu-kvm" + fi +} + +pkg_setup() { + enewgroup kvm 78 +} + +# Sanity check to make sure target lists are kept up-to-date. +check_targets() { + local var=$1 mak=$2 + local detected sorted + + pushd "${S}"/default-configs >/dev/null || die + + # Force C locale until glibc is updated. #564936 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "${var}: ${sorted}" + eerror "$(printf '%-*s' ${#var} configure): ${detected}" + die "sync ${var} to the list of targets" + fi + + popd >/dev/null +} + +handle_locales() { + # Make sure locale list is kept up-to-date. + local detected sorted + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "PLOCALES: ${sorted}" + eerror " po/*.po: ${detected}" + die "sync PLOCALES" + fi + + # Deal with selective install of locales. + if use nls ; then + # Delete locales the user does not want. #577814 + rm_loc() { rm po/$1.po || die; } + l10n_for_each_disabled_locale_do rm_loc + else + # Cheap hack to disable gettext .mo generation. + rm -f po/*.po + fi +} + +src_prepare() { + check_targets IUSE_SOFTMMU_TARGETS softmmu + check_targets IUSE_USER_TARGETS linux-user + + # Alter target makefiles to accept CFLAGS set via flag-o + sed -i -r \ + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ + Makefile Makefile.target || die + + epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch + epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch + + epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242 + epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034 + epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036 + epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038 + epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038 + epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284 + epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950 + epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956 + epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368 + epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520 + epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048 + epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049 + epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048 + epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738 + epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738 + epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752 + epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776 + epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774 + epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110 + epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108 + epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108 + epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044 + epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046 + + # Fix ld and objcopy being called directly + tc-export AR LD OBJCOPY + + # Verbose builds + MAKEOPTS+=" V=1" + + epatch_user + + # Run after we've applied all patches. + handle_locales +} + +## +# configures qemu based on the build directory and the build type +# we are using. +# +qemu_src_configure() { + debug-print-function ${FUNCNAME} "$@" + + local buildtype=$1 + local builddir="${S}/${buildtype}-build" + local static_flag="static-${buildtype}" + + mkdir "${builddir}" + + local conf_opts=( + --prefix=/usr + --sysconfdir=/etc + --libdir=/usr/$(get_libdir) + --docdir=/usr/share/doc/${PF}/html + --disable-bsd-user + --disable-guest-agent + --disable-strip + --disable-werror + # We support gnutls/nettle for crypto operations. It is possible + # to use gcrypt when gnutls/nettle are disabled (but not when they + # are enabled), but it's not really worth the hassle. Disable it + # all the time to avoid automatically detecting it. #568856 + --disable-gcrypt + --python="${PYTHON}" + --cc="$(tc-getCC)" + --cxx="$(tc-getCXX)" + --host-cc="$(tc-getBUILD_CC)" + $(use_enable debug debug-info) + $(use_enable debug debug-tcg) + --enable-docs + $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) + ) + + # Disable options not used by user targets as the default configure + # options will autoprobe and try to link in a bunch of unused junk. + conf_softmmu() { + if [[ ${buildtype} == "user" ]] ; then + echo "--disable-${2:-$1}" + else + use_enable "$@" + fi + } + conf_opts+=( + $(conf_softmmu accessibility brlapi) + $(conf_softmmu aio linux-aio) + $(conf_softmmu bzip2) + $(conf_softmmu bluetooth bluez) + $(conf_softmmu caps cap-ng) + $(conf_softmmu curl) + $(conf_softmmu fdt) + $(conf_softmmu glusterfs) + $(conf_softmmu gnutls) + $(conf_softmmu gnutls nettle) + $(conf_softmmu gtk) + $(conf_softmmu infiniband rdma) + $(conf_softmmu iscsi libiscsi) + $(conf_softmmu jpeg vnc-jpeg) + $(conf_softmmu kernel_linux kvm) + $(conf_softmmu lzo) + $(conf_softmmu ncurses curses) + $(conf_softmmu nfs libnfs) + $(conf_softmmu numa) + $(conf_softmmu opengl) + $(conf_softmmu png vnc-png) + $(conf_softmmu rbd) + $(conf_softmmu sasl vnc-sasl) + $(conf_softmmu sdl) + $(conf_softmmu seccomp) + $(conf_softmmu smartcard) + $(conf_softmmu snappy) + $(conf_softmmu spice) + $(conf_softmmu ssh libssh2) + $(conf_softmmu usb libusb) + $(conf_softmmu usbredir usb-redir) + $(conf_softmmu uuid) + $(conf_softmmu vde) + $(conf_softmmu vhost-net) + $(conf_softmmu virgl virglrenderer) + $(conf_softmmu virtfs) + $(conf_softmmu vnc) + $(conf_softmmu vte) + $(conf_softmmu xen) + $(conf_softmmu xen xen-pci-passthrough) + $(conf_softmmu xfs xfsctl) + ) + + case ${buildtype} in + user) + conf_opts+=( + --enable-linux-user + --disable-system + --disable-blobs + --disable-tools + ) + ;; + softmmu) + # audio options + local audio_opts="oss" + use alsa && audio_opts="alsa,${audio_opts}" + use sdl && audio_opts="sdl,${audio_opts}" + use pulseaudio && audio_opts="pa,${audio_opts}" + + conf_opts+=( + --disable-linux-user + --enable-system + --with-system-pixman + --audio-drv-list="${audio_opts}" + ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) + ;; + tools) + conf_opts+=( + --disable-linux-user + --disable-system + --disable-blobs + $(use_enable bzip2) + ) + static_flag="static" + ;; + esac + + local targets="${buildtype}_targets" + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) + + # Add support for SystemTAP + use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) + + # We always want to attempt to build with PIE support as it results + # in a more secure binary. But it doesn't work with static or if + # the current GCC doesn't have PIE support. + if use ${static_flag}; then + conf_opts+=( --static --disable-pie ) + else + gcc-specs-pie && conf_opts+=( --enable-pie ) + fi + + echo "../configure ${conf_opts[*]}" + cd "${builddir}" + ../configure "${conf_opts[@]}" || die "configure failed" + + # FreeBSD's kernel does not support QEMU assigning/grabbing + # host USB devices yet + use kernel_FreeBSD && \ + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak +} + +src_configure() { + local target + + python_setup + + softmmu_targets= softmmu_bins=() + user_targets= user_bins=() + + for target in ${IUSE_SOFTMMU_TARGETS} ; do + if use "qemu_softmmu_targets_${target}"; then + softmmu_targets+=",${target}-softmmu" + softmmu_bins+=( "qemu-system-${target}" ) + fi + done + + for target in ${IUSE_USER_TARGETS} ; do + if use "qemu_user_targets_${target}"; then + user_targets+=",${target}-linux-user" + user_bins+=( "qemu-${target}" ) + fi + done + + softmmu_targets=${softmmu_targets#,} + user_targets=${user_targets#,} + + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" + [[ -n ${user_targets} ]] && qemu_src_configure "user" + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools" +} + +src_compile() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + default + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + default + fi + + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + default + fi +} + +src_test() { + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 + emake -j1 check + emake -j1 check-report.html + fi +} + +qemu_python_install() { + python_domodule "${S}/scripts/qmp/qmp.py" + + python_doscript "${S}/scripts/kvm/vmxcap" + python_doscript "${S}/scripts/qmp/qmp-shell" + python_doscript "${S}/scripts/qmp/qemu-ga-client" +} + +src_install() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + emake DESTDIR="${ED}" install + + # Install binfmt handler init script for user targets + newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + emake DESTDIR="${ED}" install + + # This might not exist if the test failed. #512010 + [[ -e check-report.html ]] && dohtml check-report.html + + if use kernel_linux; then + udev_dorules "${FILESDIR}"/65-kvm.rules + fi + + if use python; then + python_foreach_impl qemu_python_install + fi + fi + + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + emake DESTDIR="${ED}" install + fi + + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 + pushd "${ED}"/usr/bin >/dev/null + pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" + popd >/dev/null + + # Install config file example for qemu-bridge-helper + insinto "/etc/qemu" + doins "${FILESDIR}/bridge.conf" + + # Remove the docdir placed qmp-commands.txt + mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die + + cd "${S}" + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt + newdoc pc-bios/README README.pc-bios + dodoc docs/qmp-*.txt + + if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + fi + + # Remove vgabios since we're using the vgabios packaged one + rm "${ED}/usr/share/qemu/vgabios.bin" + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin + dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi + + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi + + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi + fi + + qemu_support_kvm && readme.gentoo_create_doc +} + +pkg_postinst() { + if qemu_support_kvm; then + readme.gentoo_print_elog + fi + + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then + udev_reload + fi + + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper +} + +pkg_info() { + echo "Using:" + echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/ipxe)" + echo " $(best_version sys-firmware/seabios)" + if has_version 'sys-firmware/seabios[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/vgabios)" +} |