[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: 229d28a525799ae2f65b1a2cd206b07189241026
Author: Sam James  gentoo  org>
AuthorDate: Sun Jul  2 23:34:19 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jul  2 23:34:42 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=229d28a5

app-emulation/qemu: use right CVE-2023-2861 patch for 8.0.2

Fixes: d2d08ad4d9a70136bf79818eb698e3cb7eead3b0
Bug: https://bugs.gentoo.org/909542
Signed-off-by: Sam James  gentoo.org>

 .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch  | 23 +-
 .../{qemu-8.0.2-r1.ebuild => qemu-8.0.2-r2.ebuild} |  0
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch 
b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
index 9a9c11a41d66..75fa534b4f1c 100644
--- a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
+++ b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
@@ -1,7 +1,7 @@
 https://bugs.gentoo.org/909542
-https://gitlab.com/qemu-project/qemu/-/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5
+https://gitlab.com/qemu-project/qemu/-/commit/b9d2887be4e616cdaeedd0b7456bfaa71ee798af
 
-From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001
+From b9d2887be4e616cdaeedd0b7456bfaa71ee798af Mon Sep 17 00:00:00 2001
 From: Christian Schoenebeck 
 Date: Wed, 7 Jun 2023 18:29:33 +0200
 Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
@@ -39,7 +39,6 @@ Reviewed-by: Michael Tokarev 
 Message-Id: 
 (cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
 Signed-off-by: Michael Tokarev 
-(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
 --- a/fsdev/virtfs-proxy-helper.c
 +++ b/fsdev/virtfs-proxy-helper.c
 @@ -26,6 +26,7 @@
@@ -108,7 +107,15 @@ Signed-off-by: Michael Tokarev 
  #ifdef O_PATH
  #define O_PATH_9P_UTIL O_PATH
  #else
-@@ -112,6 +114,38 @@ static inline void close_preserve_errno(int fd)
+@@ -95,6 +97,7 @@ static inline int errno_to_dotl(int err) {
+ #endif
+ 
+ #define qemu_openat openat
++#define qemu_fstat  fstat
+ #define qemu_fstatatfstatat
+ #define qemu_mkdiratmkdirat
+ #define qemu_renameat   renameat
+@@ -108,6 +111,38 @@ static inline void close_preserve_errno(int fd)
  errno = serrno;
  }
  
@@ -127,7 +134,7 @@ Signed-off-by: Michael Tokarev 
 +{
 +struct stat stbuf;
 +
-+if (fstat(fd, ) < 0) {
++if (qemu_fstat(fd, ) < 0) {
 +close_preserve_errno(fd);
 +return -1;
 +}
@@ -146,8 +153,8 @@ Signed-off-by: Michael Tokarev 
 +
  static inline int openat_dir(int dirfd, const char *name)
  {
- return openat(dirfd, name,
-@@ -146,6 +180,10 @@ again:
+ return qemu_openat(dirfd, name,
+@@ -142,6 +177,10 @@ again:
  return -1;
  }
  
@@ -158,5 +165,3 @@ Signed-off-by: Michael Tokarev 
  serrno = errno;
  /* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
   * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()
--- 
-GitLab

diff --git a/app-emulation/qemu/qemu-8.0.2-r1.ebuild 
b/app-emulation/qemu/qemu-8.0.2-r2.ebuild
similarity index 100%
rename from app-emulation/qemu/qemu-8.0.2-r1.ebuild
rename to app-emulation/qemu/qemu-8.0.2-r2.ebuild

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: d2d08ad4d9a70136bf79818eb698e3cb7eead3b0
Author: Sam James  gentoo  org>
AuthorDate: Sun Jul  2 23:00:41 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jul  2 23:00:43 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d08ad4

app-emulation/qemu: fix CVE-2023-2861 for 8.0.2

Bug: https://bugs.gentoo.org/909542
Signed-off-by: Sam James  gentoo.org>

 .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch  | 162 
 app-emulation/qemu/qemu-8.0.2-r1.ebuild| 964 +
 2 files changed, 1126 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch 
b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
new file mode 100644
index ..9a9c11a41d66
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-8.0.2-CVE-2023-2861.patch
@@ -0,0 +1,162 @@
+https://bugs.gentoo.org/909542
+https://gitlab.com/qemu-project/qemu/-/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5
+
+From 10fad73a2bf1c76c8aa9d6322755e5f877d83ce5 Mon Sep 17 00:00:00 2001
+From: Christian Schoenebeck 
+Date: Wed, 7 Jun 2023 18:29:33 +0200
+Subject: [PATCH] 9pfs: prevent opening special files (CVE-2023-2861)
+
+The 9p protocol does not specifically define how server shall behave when
+client tries to open a special file, however from security POV it does
+make sense for 9p server to prohibit opening any special file on host side
+in general. A sane Linux 9p client for instance would never attempt to
+open a special file on host side, it would always handle those exclusively
+on its guest side. A malicious client however could potentially escape
+from the exported 9p tree by creating and opening a device file on host
+side.
+
+With QEMU this could only be exploited in the following unsafe setups:
+
+  - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
+security model.
+
+or
+
+  - Using 9p 'proxy' fs driver (which is running its helper daemon as
+root).
+
+These setups were already discouraged for safety reasons before,
+however for obvious reasons we are now tightening behaviour on this.
+
+Fixes: CVE-2023-2861
+Reported-by: Yanwu Shen 
+Reported-by: Jietao Xiao 
+Reported-by: Jinku Li 
+Reported-by: Wenbo Shen 
+Signed-off-by: Christian Schoenebeck 
+Reviewed-by: Greg Kurz 
+Reviewed-by: Michael Tokarev 
+Message-Id: 
+(cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
+Signed-off-by: Michael Tokarev 
+(Mjt: drop adding qemu_fstat wrapper for 7.2 where wrappers aren't used)
+--- a/fsdev/virtfs-proxy-helper.c
 b/fsdev/virtfs-proxy-helper.c
+@@ -26,6 +26,7 @@
+ #include "qemu/xattr.h"
+ #include "9p-iov-marshal.h"
+ #include "hw/9pfs/9p-proxy.h"
++#include "hw/9pfs/9p-util.h"
+ #include "fsdev/9p-iov-marshal.h"
+ 
+ #define PROGNAME "virtfs-proxy-helper"
+@@ -338,6 +339,28 @@ static void resetugid(int suid, int sgid)
+ }
+ }
+ 
++/*
++ * Open regular file or directory. Attempts to open any special file are
++ * rejected.
++ *
++ * returns file descriptor or -1 on error
++ */
++static int open_regular(const char *pathname, int flags, mode_t mode)
++{
++int fd;
++
++fd = open(pathname, flags, mode);
++if (fd < 0) {
++return fd;
++}
++
++if (close_if_special_file(fd) < 0) {
++return -1;
++}
++
++return fd;
++}
++
+ /*
+  * send response in two parts
+  * 1) ProxyHeader
+@@ -682,7 +705,7 @@ static int do_create(struct iovec *iovec)
+ if (ret < 0) {
+ goto unmarshal_err_out;
+ }
+-ret = open(path.data, flags, mode);
++ret = open_regular(path.data, flags, mode);
+ if (ret < 0) {
+ ret = -errno;
+ }
+@@ -707,7 +730,7 @@ static int do_open(struct iovec *iovec)
+ if (ret < 0) {
+ goto err_out;
+ }
+-ret = open(path.data, flags);
++ret = open_regular(path.data, flags, 0);
+ if (ret < 0) {
+ ret = -errno;
+ }
+--- a/hw/9pfs/9p-util.h
 b/hw/9pfs/9p-util.h
+@@ -13,6 +13,8 @@
+ #ifndef QEMU_9P_UTIL_H
+ #define QEMU_9P_UTIL_H
+ 
++#include "qemu/error-report.h"
++
+ #ifdef O_PATH
+ #define O_PATH_9P_UTIL O_PATH
+ #else
+@@ -112,6 +114,38 @@ static inline void close_preserve_errno(int fd)
+ errno = serrno;
+ }
+ 
++/**
++ * close_if_special_file() - Close @fd if neither regular file nor directory.
++ *
++ * @fd: file descriptor of open file
++ * Return: 0 on regular file or directory, -1 otherwise
++ *
++ * CVE-2023-2861: Prohibit opening any special file directly on host
++ * (especially device files), as a compromised client could potentially gain
++ * access outside exported tree under certain, unsafe setups. We expect
++ * client to handle I/O on special files exclusively on guest side.
++ */
++static inline int close_if_special_file(int fd)
++{
++struct stat stbuf;
++
++if (fstat(fd, ) < 0) {
++close_preserve_errno(fd);
++return -1;
++}
++if (!S_ISREG(stbuf.st_mode) && !S_ISDIR(stbuf.st_mode)) {
++error_report_once(
++

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 25a4aeed4827c51fb13b41315a9d52c9b4b9de41
Author: Matthias Maier  gentoo  org>
AuthorDate: Thu May 18 21:03:43 2023 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Thu May 18 21:07:10 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25a4aeed

app-emulation/qemu: update live ebuild

Thanks to Paolo Bonzini for the update regarding
qemu-8.0.0-remove-python-meson-check.patch

Signed-off-by: Matthias Maier  gentoo.org>

 ...qemu-8.1.0-also-build-virtfs-proxy-helper.patch | 32 ++
 app-emulation/qemu/qemu-.ebuild|  5 ++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git 
a/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch 
b/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch
new file mode 100644
index ..61ea0f36d90a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-8.1.0-also-build-virtfs-proxy-helper.patch
@@ -0,0 +1,32 @@
+From d02ea89239768c93651a161d057f2bf04d56a024 Mon Sep 17 00:00:00 2001
+From: Matthias Maier 
+Date: Mon, 4 Apr 2022 12:56:59 +0200
+Subject: [PATCH] also build virtfs-proxy-helper
+
+The Gentoo ebuild splits the qemu build into a softmmu, user and tool
+phase in order to be able to build and link some of the qemu emulators
+statically. This unfortunately has the consequence that we never
+configure with "have_virtfs" and "have_tools" at the same time.
+
+As a workaround, simply build the virtfs userland unconditionally. After
+all, it is a tiny executable
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 063c736aee..fda8639293 100644
+--- a/meson.build
 b/meson.build
+@@ -2008,8 +2008,6 @@ have_virtfs = get_option('virtfs') \
+ .allowed()
+ 
+ have_virtfs_proxy_helper = get_option('virtfs_proxy_helper') \
+-.require(targetos != 'darwin', error_message: 'the virtfs proxy helper is 
incompatible with macOS') \
+-.require(have_virtfs, error_message: 'the virtfs proxy helper requires 
that virtfs is enabled') \
+ .disable_auto_if(not have_tools) \
+ .require(libcap_ng.found(), error_message: 'the virtfs proxy helper 
requires libcap-ng') \
+ .allowed()
+-- 
+2.35.1
+

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 3129dc21e59e..1446d5189be7 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -302,9 +302,8 @@ RDEPEND="${CDEPEND}
 PATCHES=(
"${FILESDIR}"/${PN}-8.0.0-disable-keymap.patch
"${FILESDIR}"/${PN}-8.0.0-make.patch
-   "${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
-   "${FILESDIR}"/${PN}-8.0.0-remove-python-meson-check.patch
+   "${FILESDIR}"/${PN}-8.1.0-also-build-virtfs-proxy-helper.patch
 )
 
 QA_PREBUILT="
@@ -450,7 +449,7 @@ src_prepare() {
sed -i -e 's/-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2//' configure || die
 
# Remove bundled modules
-   rm -r dtc meson roms/*/ || die
+   rm -r dtc roms/*/ || die
 }
 
 ##

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: be4c0fdfda7a00698701d61467154dba7009e38e
Author: Matthias Maier  gentoo  org>
AuthorDate: Fri May  5 16:19:24 2023 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Fri May  5 18:11:17 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4c0fdf

app-emulation/qemu: add 8.0.0

 - merge qemu-7.2.1 and qemu- ebuilds
 - remove static keyword
 - update to --enable-trace-backends configuration option

Bug: https://bugs.gentoo.org/905342
Bug: https://bugs.gentoo.org/865121
Signed-off-by: Matthias Maier  gentoo.org>

 app-emulation/qemu/Manifest|   1 +
 .../qemu/files/qemu-8.0.0-disable-keymap.patch |  18 +-
 app-emulation/qemu/files/qemu-8.0.0-make.patch |   9 +-
 app-emulation/qemu/qemu-8.0.0.ebuild   | 962 +
 4 files changed, 978 insertions(+), 12 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index e5c01c80e350..3d2659b0fa71 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,3 +1,4 @@
 DIST qemu-7.2.0-docs.tar.xz 1984184 BLAKE2B 
103900fb7903ed8d75f7f012bf61fa2d6fce345b657c851d0437c3384f5735bd1cfd3129320683ea7846ea0b0940e5af5b2663c9320f12fee74b058523a8ea06
 SHA512 
a7edd448982865e07533c300d3e44a8b50cefbdde1982b73c24d0b2aa74315439252c59b634c75de312860874c7b06c75aa72629da681b5105f28ee936794585
 DIST qemu-7.2.0.tar.xz 122408576 BLAKE2B 
415ff621356c59f88b29cfe3ef5db1e282b26bbafbee3d535477c6125ccb060ec9762d9e3ab9f70ce5478804dca0a46a59bcf12c112a2462029a93e578e61530
 SHA512 
f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13
 DIST qemu-7.2.1.tar.xz 122400592 BLAKE2B 
bae1df5d332beaca313c4bac88f06dd5992988d7c1b6fdc6ced4043d858f437339cd7d0009ae667f9e66705117697bee7ee44ec4e911cc203d34eecc3d8f139b
 SHA512 
e286dc66c923a5df77eb02d69235d048e80a7cced638fae52fbed385b4c3cd736cfea66bb3c9843bebf0a33e81ea141fc015e0bd82108df304f148ce59d9ae8a
+DIST qemu-8.0.0.tar.xz 127835148 BLAKE2B 
9b54aae10fe09691a26e68374723ded5fdda6409673b4de9461a25ee060cfd03968a16ddeadc21d48b9262e53aa6d4e5eb645376969f97c65807fad19607b04f
 SHA512 
1f31d1e653dec2d35f1b7a5468ee3f471553b48eca8c8afafffcf9243c6b2260e78a5b73da3fe567f9b85d4133573eebd397747b3aec501fb24076263eb07b27

diff --git a/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch 
b/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
index aab5dde5fbd9..6a5437056e6f 100644
--- a/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
+++ b/app-emulation/qemu/files/qemu-8.0.0-disable-keymap.patch
@@ -1,7 +1,8 @@
-diff -ruN qemu-.orig/meson.build qemu-/meson.build
 qemu-.orig/meson.build 2023-03-12 01:17:38.273756012 +0100
-+++ qemu-/meson.build  2023-03-12 01:18:44.854716789 +0100
-@@ -667,6 +667,8 @@
+diff --git a/meson.build b/meson.build
+index c44d05a13..5c5c09894 100644
+--- a/meson.build
 b/meson.build
+@@ -671,6 +671,8 @@ endif
  
  if get_option('xkbcommon').auto() and not have_system and not have_tools
xkbcommon = not_found
@@ -10,10 +11,11 @@ diff -ruN qemu-.orig/meson.build qemu-/meson.build
  else
xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
   method: 'pkg-config', kwargs: static_kwargs)
-diff -ruN qemu-.orig/pc-bios/keymaps/meson.build 
qemu-/pc-bios/keymaps/meson.build
 qemu-.orig/pc-bios/keymaps/meson.build 2023-03-12 01:17:38.321756706 
+0100
-+++ qemu-/pc-bios/keymaps/meson.build  2023-03-12 01:20:22.015111600 
+0100
-@@ -33,8 +33,10 @@
+diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build
+index 158a3b410..3bb318a23 100644
+--- a/pc-bios/keymaps/meson.build
 b/pc-bios/keymaps/meson.build
+@@ -33,8 +33,10 @@ keymaps = {
'tr': '-l tr',
  }
  

diff --git a/app-emulation/qemu/files/qemu-8.0.0-make.patch 
b/app-emulation/qemu/files/qemu-8.0.0-make.patch
index 4bf3f7157713..40bafd490052 100644
--- a/app-emulation/qemu/files/qemu-8.0.0-make.patch
+++ b/app-emulation/qemu/files/qemu-8.0.0-make.patch
@@ -1,7 +1,8 @@
-diff -ruN qemu-.orig/configure qemu-/configure
 qemu-.orig/configure   2023-03-12 01:26:15.488133462 +0100
-+++ qemu-/configure2023-03-12 01:29:19.355724020 +0100
-@@ -1068,7 +1068,7 @@
+diff --git a/configure b/configure
+index 800b5850f..331e8950d 100755
+--- a/configure
 b/configure
+@@ -1069,7 +1069,7 @@ then
  fi
  fi
  

diff --git a/app-emulation/qemu/qemu-8.0.0.ebuild 
b/app-emulation/qemu/qemu-8.0.0.ebuild
new file mode 100644
index ..76c3d4ecfbfc
--- /dev/null
+++ b/app-emulation/qemu/qemu-8.0.0.ebuild
@@ -0,0 +1,962 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Generate using 
https://github.com/thesamesam/sam-gentoo-scripts/blob/main/niche/generate-qemu-docs
+# Set to 1 if prebuilt, 0 if not
+# (the construct below is to allow 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: e0e93bcf1a9d0018635e78ab740968b79a9f7658
Author: Sam James  gentoo  org>
AuthorDate: Tue Feb 21 06:50:12 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Tue Feb 21 06:50:39 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0e93bcf

app-emulation/qemu: fix build w/ linux-headers-6.2

Closes: https://bugs.gentoo.org/895662
Signed-off-by: Sam James  gentoo.org>

 .../qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch  | 66 ++
 app-emulation/qemu/qemu-7.2.0-r2.ebuild|  1 +
 2 files changed, 67 insertions(+)

diff --git 
a/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch 
b/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch
new file mode 100644
index ..856997886cc9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.2.0-linux-headers-6.2-glibc-2.36.patch
@@ -0,0 +1,66 @@
+https://bugs.gentoo.org/895662
+https://gitlab.com/qemu-project/qemu/-/commit/9f0246539ae84a5e21efd1cc4516fc343f08115a
+
+From 9f0246539ae84a5e21efd1cc4516fc343f08115a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Date: Tue, 10 Jan 2023 12:49:00 -0500
+Subject: [PATCH] Revert "linux-user: add more compat ioctl definitions"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit c5495f4ecb0cdaaf2e9dddeb48f1689cdb520ca0.
+
+glibc has fixed (in 2.36.9000-40-g774058d729) the problem
+that caused a clash when both sys/mount.h annd linux/mount.h
+are included, and backported this to the 2.36 stable release
+too:
+
+  
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+It is saner for QEMU to remove the workaround it applied for
+glibc 2.36 and expect distros to ship the 2.36 maint release
+with the fix. This avoids needing to add a further workaround
+to QEMU to deal with the fact that linux/brtfs.h now also pulls
+in linux/mount.h via linux/fs.h since Linux 6.1
+
+Signed-off-by: Daniel P. Berrangé 
+Reviewed-by: Marc-André Lureau 
+Message-Id: <20230110174901.2580297-2-berra...@redhat.com>
+Signed-off-by: Laurent Vivier 
+--- a/linux-user/syscall.c
 b/linux-user/syscall.c
+@@ -111,31 +111,6 @@
+ #define FS_IOC32_SETFLAGS  _IOW('f', 2, int)
+ #define FS_IOC32_GETVERSION_IOR('v', 1, int)
+ #define FS_IOC32_SETVERSION_IOW('v', 2, int)
+-
+-#define BLKGETSIZE64 _IOR(0x12,114,size_t)
+-#define BLKDISCARD _IO(0x12,119)
+-#define BLKIOMIN _IO(0x12,120)
+-#define BLKIOOPT _IO(0x12,121)
+-#define BLKALIGNOFF _IO(0x12,122)
+-#define BLKPBSZGET _IO(0x12,123)
+-#define BLKDISCARDZEROES _IO(0x12,124)
+-#define BLKSECDISCARD _IO(0x12,125)
+-#define BLKROTATIONAL _IO(0x12,126)
+-#define BLKZEROOUT _IO(0x12,127)
+-
+-#define FIBMAP _IO(0x00,1)
+-#define FIGETBSZ   _IO(0x00,2)
+-
+-struct file_clone_range {
+-__s64 src_fd;
+-__u64 src_offset;
+-__u64 src_length;
+-__u64 dest_offset;
+-};
+-
+-#define FICLONE _IOW(0x94, 9, int)
+-#define FICLONERANGE_IOW(0x94, 13, struct file_clone_range)
+-
+ #else
+ #include 
+ #endif
+-- 
+GitLab

diff --git a/app-emulation/qemu/qemu-7.2.0-r2.ebuild 
b/app-emulation/qemu/qemu-7.2.0-r2.ebuild
index 7632e13429ee..c13da1572122 100644
--- a/app-emulation/qemu/qemu-7.2.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-7.2.0-r2.ebuild
@@ -315,6 +315,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
"${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
"${FILESDIR}"/${PN}-7.2.0-disable-gmp.patch
+   "${FILESDIR}"/${PN}-7.2.0-linux-headers-6.2-glibc-2.36.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Andreas K. Hüttel]

commit: 230e67a4b5a7fbb65587eabc556163f21c98f2dd
Author: Andreas K. Hüttel  gentoo  org>
AuthorDate: Sat Feb  4 16:45:33 2023 +
Commit: Andreas K. Hüttel  gentoo  org>
CommitDate: Sat Feb  4 16:45:51 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=230e67a4

app-emulation/qemu: drop 7.1.0, 7.1.0-r2

Bug: https://bugs.gentoo.org/883693
Signed-off-by: Andreas K. Hüttel  gentoo.org>

 app-emulation/qemu/Manifest|   2 -
 .../qemu/files/qemu-7.1.0-faccessat2.patch |  78 --
 .../qemu/files/qemu-7.1.0-loong-stat.patch |  98 --
 .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch  |  94 --
 app-emulation/qemu/files/qemu-7.1.0-strings.patch  |  26 -
 app-emulation/qemu/qemu-7.1.0-r2.ebuild| 967 
 app-emulation/qemu/qemu-7.1.0.ebuild   | 985 -
 7 files changed, 2250 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 12a458ea48a1..0754b3215fa0 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,2 @@
-DIST qemu-7.1.0-docs.tar.xz 2016780 BLAKE2B 
1b84361fe58d504ab740a0b805a25d02f497ca776e7251a99f0e98e3720d1a2029b7a171f9d79dd128ba17a82c72d497e09baa1a4b2f192ba390f0f3b1950792
 SHA512 
7a328303b8af0ab63aa1f0fe07a121d3ca459d00fca817412e645416af795930dbea0a3e60f4ca006a74d1672e84fa4e626e4d83918e0b685b601043d0d8159e
-DIST qemu-7.1.0.tar.xz 121833004 BLAKE2B 
e05f91ce4993c7591a2df08b5fb017f8b8ec2141ab7bfd55d14730ea6b793ac1091de539992058392a5522d4e58beee92a87752707be58e3619b8213ef9f35bf
 SHA512 
c60c5ff8ec99b7552e485768908920658fdd8035ff7a6fa370fb6881957dc8b7e5f18ff1a8f49bd6aa22909ede2a7c084986d8244f12074ccd33ebe40a0c411f
 DIST qemu-7.2.0-docs.tar.xz 1984184 BLAKE2B 
103900fb7903ed8d75f7f012bf61fa2d6fce345b657c851d0437c3384f5735bd1cfd3129320683ea7846ea0b0940e5af5b2663c9320f12fee74b058523a8ea06
 SHA512 
a7edd448982865e07533c300d3e44a8b50cefbdde1982b73c24d0b2aa74315439252c59b634c75de312860874c7b06c75aa72629da681b5105f28ee936794585
 DIST qemu-7.2.0.tar.xz 122408576 BLAKE2B 
415ff621356c59f88b29cfe3ef5db1e282b26bbafbee3d535477c6125ccb060ec9762d9e3ab9f70ce5478804dca0a46a59bcf12c112a2462029a93e578e61530
 SHA512 
f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13

diff --git a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch 
b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
deleted file mode 100644
index ea168f609fc8..
--- a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 35a2c85f7d691db7aa2c47181902ac87478eef7a Mon Sep 17 00:00:00 2001
-From: WANG Xuerui 
-Date: Sun, 9 Oct 2022 14:08:13 +0800
-Subject: [PATCH] linux-user: Implement faccessat2
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-User space has been preferring this syscall for a while, due to its
-closer match with C semantics, and newer platforms such as LoongArch
-apparently have libc implementations that don't fallback to faccessat
-so normal access checks are failing without the emulation in place.
-
-Tested by successfully emerging several packages within a Gentoo loong
-stage3 chroot, emulated on amd64 with help of static qemu-loongarch64.
-
-Reported-by: Andreas K. Hüttel 
-Signed-off-by: WANG Xuerui 
-Message-Id: <20221009060813.2289077-1-xe...@gentoo.org>
-[lv: removing defined(__NR_faccessat2) in syscall.c,
- adding defined(TARGET_NR_faccessat2) on print_faccessat()]
-Signed-off-by: Laurent Vivier 

- linux-user/strace.c| 2 +-
- linux-user/strace.list | 3 +++
- linux-user/syscall.c   | 9 +
- 3 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/linux-user/strace.c b/linux-user/strace.c
-index 86c081c83f..9ae5a812cd 100644
 a/linux-user/strace.c
-+++ b/linux-user/strace.c
-@@ -1969,7 +1969,7 @@ print_execv(CPUArchState *cpu_env, const struct 
syscallname *name,
- }
- #endif
- 
--#ifdef TARGET_NR_faccessat
-+#if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
- static void
- print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
- abi_long arg0, abi_long arg1, abi_long arg2,
-diff --git a/linux-user/strace.list b/linux-user/strace.list
-index a87415bf3d..3df2184580 100644
 a/linux-user/strace.list
-+++ b/linux-user/strace.list
-@@ -178,6 +178,9 @@
- #ifdef TARGET_NR_faccessat
- { TARGET_NR_faccessat, "faccessat" , NULL, print_faccessat, NULL },
- #endif
-+#ifdef TARGET_NR_faccessat2
-+{ TARGET_NR_faccessat2, "faccessat2" , NULL, print_faccessat, NULL },
-+#endif
- #ifdef TARGET_NR_fadvise64
- { TARGET_NR_fadvise64, "fadvise64" , NULL, NULL, NULL },
- #endif
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index d499cac1d5..e985ad167f 100644
 a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -9143,6 +9143,15 @@ static abi_long do_syscall1(CPUArchState *cpu_env, 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[John Helmert III]

commit: 7141cbe5b4dac76ab10d094f8a35b5b65efe343e
Author: John Helmert III  gentoo  org>
AuthorDate: Thu Dec  8 01:21:06 2022 +
Commit: John Helmert III  gentoo  org>
CommitDate: Thu Dec  8 01:21:33 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7141cbe5

app-emulation/qemu: drop 7.0.0-r3

Bug: https://bugs.gentoo.org/857657
Signed-off-by: John Helmert III  gentoo.org>

 app-emulation/qemu/Manifest|   2 -
 .../files/qemu-2.11.1-capstone_include_path.patch  |  11 -
 app-emulation/qemu/files/qemu-6.1.0-strings.patch  |  26 -
 ...qemu-7.0.0-also-build-virtfs-proxy-helper.patch |  32 -
 .../qemu/files/qemu-7.0.0-glibc-2.36.patch |  90 --
 .../qemu/files/qemu-7.0.0-have-user-meson.patch|  36 -
 .../qemu-7.0.0-pci-overflow-fortify-source-3.patch |  94 --
 .../qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch  | 182 
 app-emulation/qemu/qemu-7.0.0-r3.ebuild| 949 -
 9 files changed, 1422 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 92d47fc2acc5..2b1f883139dc 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,5 +1,3 @@
-DIST qemu-7.0.0-docs.tar.xz 5101176 BLAKE2B 
827d4af2b3fd229d146b47253d12a8bfd60614f5ba60e098abc58a6635bd9f8a029775932f4fc3dee3cb1f0a379133c47d819c53273547abbbf2aacd6bbd4fc5
 SHA512 
8f27b954a2f3710cee5cb78635631b035ea733f43381d378464733164b897bc0e8c6b373d80f1d97a65b761c13e342ae0c0836202d1506ec0b7c214b7388c7bb
-DIST qemu-7.0.0.tar.xz 125117636 BLAKE2B 
ceda6d9f1a585298bd49fed61e8bb35f0064ad8388a9f979c8bd68a38bfe1a47c5bb055e5f74f970c2c440957042b9de4a861524120040c56e4cd8b56c5cfb68
 SHA512 
44ecd10c018a3763e1bc87d1d35b98890d0d5636acd69fe9b5cadf5024d5af6a31684d60cbe1c3370e02986434c1fb0ad99224e0e6f6fe7eda169992508157b1
 DIST qemu-7.1.0-docs.tar.xz 2016780 BLAKE2B 
1b84361fe58d504ab740a0b805a25d02f497ca776e7251a99f0e98e3720d1a2029b7a171f9d79dd128ba17a82c72d497e09baa1a4b2f192ba390f0f3b1950792
 SHA512 
7a328303b8af0ab63aa1f0fe07a121d3ca459d00fca817412e645416af795930dbea0a3e60f4ca006a74d1672e84fa4e626e4d83918e0b685b601043d0d8159e
 DIST qemu-7.1.0.tar.xz 121833004 BLAKE2B 
e05f91ce4993c7591a2df08b5fb017f8b8ec2141ab7bfd55d14730ea6b793ac1091de539992058392a5522d4e58beee92a87752707be58e3619b8213ef9f35bf
 SHA512 
c60c5ff8ec99b7552e485768908920658fdd8035ff7a6fa370fb6881957dc8b7e5f18ff1a8f49bd6aa22909ede2a7c084986d8244f12074ccd33ebe40a0c411f
 DIST qemu-7.2.0-rc3.tar.xz 122373832 BLAKE2B 
6345cd631e3de26974fc0534de9c6b55d0bcab31b440c03066a46c6dd9580b535ed8f4f8117bcfb970bcf2fe51890887a676c8600e6b699a2c053199dfbe6966
 SHA512 
4f9d1554be22456538ccae1a39673033b088e6c1b4990fa8b57ae71061086d66d3cf33fa84ac19a878d11ee3cbc810f22fb28b03e6305c211a7156549cde6669

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch 
b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
deleted file mode 100644
index d79570ebb8aa..
--- a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
+++ /dev/null
@@ -1,11 +0,0 @@
 qemu-2.11.1/include/disas/capstone.h   2018-02-14 22:53:22.0 
+0100
-+++ qemu-2.11.1/include/disas/capstone.h   2018-02-17 20:12:12.754703951 
+0100
-@@ -3,7 +3,7 @@
- 
- #ifdef CONFIG_CAPSTONE
- 
--#include 
-+#include 
- 
- #else
- 

diff --git a/app-emulation/qemu/files/qemu-6.1.0-strings.patch 
b/app-emulation/qemu/files/qemu-6.1.0-strings.patch
deleted file mode 100644
index 2efe7b29330a..
--- a/app-emulation/qemu/files/qemu-6.1.0-strings.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Forward-ported from original patch for 5.2.0.
-
-diff --git a/configure b/configure
-index da2501489f..4660ee3ee5 100755
 a/configure
-+++ b/configure
-@@ -516,6 +516,7 @@ ld="${LD-${cross_prefix}ld}"
- ranlib="${RANLIB-${cross_prefix}ranlib}"
- nm="${NM-${cross_prefix}nm}"
- strip="${STRIP-${cross_prefix}strip}"
-+strings="${STRINGS-${cross_prefix}strings}"
- windres="${WINDRES-${cross_prefix}windres}"
- pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
- query_pkg_config() {
-@@ -2380,9 +2381,9 @@ int main(int argc, char *argv[])
- EOF
- 
- if compile_prog ; then
--if strings -a $TMPE | grep -q BiGeNdIaN ; then
-+if $strings -a $TMPE | grep -q BiGeNdIaN ; then
- bigendian="yes"
--elif strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
-+elif $strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
- bigendian="no"
- else
- echo big/little test failed

diff --git 
a/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch 
b/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch
deleted file mode 100644
index ca2e9433792c..
--- a/app-emulation/qemu/files/qemu-7.0.0-also-build-virtfs-proxy-helper.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c1093041466772f4b62961bcc5a354801d41355d Mon Sep 17 00:00:00 2001
-From: Matthias Maier 
-Date: Mon, 4 Apr 2022 12:56:59 +0200
-Subject: [PATCH] also 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Andreas K. Hüttel]

commit: 6bb8bad236a4dea657dfc9213229c34f7a5d9828
Author: Andreas K. Hüttel  gentoo  org>
AuthorDate: Sat Nov 12 19:41:59 2022 +
Commit: Andreas K. Hüttel  gentoo  org>
CommitDate: Sat Nov 12 19:43:26 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bb8bad2

app-emulation/qemu: 7.1.0 revbump, fixing 3 qemu-user bugs

Backport of 3 patches from master, for mips and loongarch64
usemode emulation

Signed-off-by: Andreas K. Hüttel  gentoo.org>

 .../qemu/files/qemu-7.1.0-faccessat2.patch |  78 ++
 .../qemu/files/qemu-7.1.0-loong-stat.patch |  98 ++
 .../qemu/files/qemu-7.1.0-mips-n32-syscalls.patch  |  94 ++
 app-emulation/qemu/qemu-7.1.0-r1.ebuild| 988 +
 4 files changed, 1258 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch 
b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
new file mode 100644
index ..ea168f609fc8
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-faccessat2.patch
@@ -0,0 +1,78 @@
+From 35a2c85f7d691db7aa2c47181902ac87478eef7a Mon Sep 17 00:00:00 2001
+From: WANG Xuerui 
+Date: Sun, 9 Oct 2022 14:08:13 +0800
+Subject: [PATCH] linux-user: Implement faccessat2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+User space has been preferring this syscall for a while, due to its
+closer match with C semantics, and newer platforms such as LoongArch
+apparently have libc implementations that don't fallback to faccessat
+so normal access checks are failing without the emulation in place.
+
+Tested by successfully emerging several packages within a Gentoo loong
+stage3 chroot, emulated on amd64 with help of static qemu-loongarch64.
+
+Reported-by: Andreas K. Hüttel 
+Signed-off-by: WANG Xuerui 
+Message-Id: <20221009060813.2289077-1-xe...@gentoo.org>
+[lv: removing defined(__NR_faccessat2) in syscall.c,
+ adding defined(TARGET_NR_faccessat2) on print_faccessat()]
+Signed-off-by: Laurent Vivier 
+---
+ linux-user/strace.c| 2 +-
+ linux-user/strace.list | 3 +++
+ linux-user/syscall.c   | 9 +
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/strace.c b/linux-user/strace.c
+index 86c081c83f..9ae5a812cd 100644
+--- a/linux-user/strace.c
 b/linux-user/strace.c
+@@ -1969,7 +1969,7 @@ print_execv(CPUArchState *cpu_env, const struct 
syscallname *name,
+ }
+ #endif
+ 
+-#ifdef TARGET_NR_faccessat
++#if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
+ static void
+ print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
+ abi_long arg0, abi_long arg1, abi_long arg2,
+diff --git a/linux-user/strace.list b/linux-user/strace.list
+index a87415bf3d..3df2184580 100644
+--- a/linux-user/strace.list
 b/linux-user/strace.list
+@@ -178,6 +178,9 @@
+ #ifdef TARGET_NR_faccessat
+ { TARGET_NR_faccessat, "faccessat" , NULL, print_faccessat, NULL },
+ #endif
++#ifdef TARGET_NR_faccessat2
++{ TARGET_NR_faccessat2, "faccessat2" , NULL, print_faccessat, NULL },
++#endif
+ #ifdef TARGET_NR_fadvise64
+ { TARGET_NR_fadvise64, "fadvise64" , NULL, NULL, NULL },
+ #endif
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index d499cac1d5..e985ad167f 100644
+--- a/linux-user/syscall.c
 b/linux-user/syscall.c
+@@ -9143,6 +9143,15 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
+ unlock_user(p, arg2, 0);
+ return ret;
+ #endif
++#if defined(TARGET_NR_faccessat2)
++case TARGET_NR_faccessat2:
++if (!(p = lock_user_string(arg2))) {
++return -TARGET_EFAULT;
++}
++ret = get_errno(faccessat(arg1, p, arg3, arg4));
++unlock_user(p, arg2, 0);
++return ret;
++#endif
+ #ifdef TARGET_NR_nice /* not on alpha */
+ case TARGET_NR_nice:
+ return get_errno(nice(arg1));
+-- 
+2.37.4
+

diff --git a/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch 
b/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
new file mode 100644
index ..85fd2c98914a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-loong-stat.patch
@@ -0,0 +1,98 @@
+From xe...@gentoo.org Thu Oct 06 10:07:10 2022
+Return-Path: 
+X-Original-To: dilfri...@gentoo.org
+Delivered-To: dilfri...@gentoo.org
+From: WANG Xuerui 
+To: qemu-de...@nongnu.org
+Cc: Richard Henderson ,
+   =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= ,
+   WANG Xuerui ,
+   Song Gao ,
+   Xiaojuan Yang ,
+   =?UTF-8?q?Andreas=20K=20=2E=20H=C3=BCttel?= 
+Subject: [PATCH RESEND] linux-user: Fix struct statfs ABI on loongarch64
+Date: Thu,  6 Oct 2022 18:07:10 +0800
+Message-Id: <20221006100710.427252-1-xe...@gentoo.org>
+X-Mailer: git-send-email 2.38.0
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Previously the 32-bit version was incorrectly chosen, leading to funny
+but incorrect output from e.g. df(1). Simply select the version

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[John Helmert III]

commit: 9badece6035892cc705ff09dca318c5a59473ae8
Author: John Helmert III  gentoo  org>
AuthorDate: Tue Sep 27 17:30:25 2022 +
Commit: John Helmert III  gentoo  org>
CommitDate: Tue Sep 27 17:31:02 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9badece6

app-emulation/qemu: fix configure failure with USE=capstone

Closes: https://bugs.gentoo.org/873157
Signed-off-by: John Helmert III  gentoo.org>

 .../files/qemu-7.1.0-capstone-include-path.patch   | 31 ++
 app-emulation/qemu/qemu-7.1.0.ebuild   |  2 +-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch 
b/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch
new file mode 100644
index ..585e798345f4
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-capstone-include-path.patch
@@ -0,0 +1,31 @@
+Forward ported from qemu-2.11.1-capstone_include_path.patch.
+This time also fix the capstone.h header check to use the path we're
+already patching in.
+
+Bug: https://bugs.gentoo.org/873157
+diff --git a/include/disas/capstone.h b/include/disas/capstone.h
+index e29068dd97..d8fdc5d537 100644
+--- a/include/disas/capstone.h
 b/include/disas/capstone.h
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include 
++#include 
+ 
+ #else
+ 
+diff --git a/meson.build b/meson.build
+index 20fddbd707..50ce96bbd1 100644
+--- a/meson.build
 b/meson.build
+@@ -2605,7 +2605,7 @@ if not get_option('capstone').auto() or have_system or 
have_user
+   # that reports a wrong -I path, causing the #include to
+   # fail later. If the system has such a broken version
+   # do not use it.
+-  if capstone.found() and not cc.compiles('#include ',
++  if capstone.found() and not cc.compiles('#include ',
+   dependencies: [capstone])
+ capstone = not_found
+ if get_option('capstone').enabled()

diff --git a/app-emulation/qemu/qemu-7.1.0.ebuild 
b/app-emulation/qemu/qemu-7.1.0.ebuild
index 499aa3a68895..82e527f614ec 100644
--- a/app-emulation/qemu/qemu-7.1.0.ebuild
+++ b/app-emulation/qemu/qemu-7.1.0.ebuild
@@ -303,11 +303,11 @@ RDEPEND="${CDEPEND}
)"
 
 PATCHES=(
-   "${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
"${FILESDIR}"/${PN}-6.0.0-make.patch
"${FILESDIR}"/${PN}-7.1.0-also-build-virtfs-proxy-helper.patch
"${FILESDIR}"/${PN}-7.1.0-strings.patch
+   "${FILESDIR}"/${PN}-7.1.0-capstone-include-path.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: db2a2bbc7edbb87b7c179b8cc61bef689a5211c5
Author: Sam James  gentoo  org>
AuthorDate: Wed Aug  3 18:21:19 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Wed Aug  3 18:21:25 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db2a2bbc

app-emulation/qemu: fix build w/ glibc 2.36

Closes: https://bugs.gentoo.org/863443
Signed-off-by: Sam James  gentoo.org>

 .../qemu/files/qemu-7.0.0-glibc-2.36.patch | 90 ++
 app-emulation/qemu/qemu-7.0.0-r3.ebuild|  1 +
 2 files changed, 91 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch 
b/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
new file mode 100644
index ..85343c4d00e7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.0.0-glibc-2.36.patch
@@ -0,0 +1,90 @@
+https://lore.kernel.org/all/20220802183409.gb2...@redhat.com/T/
+https://bugs.gentoo.org/863443
+
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+To: qemu-de...@nongnu.org
+Cc: Laurent Vivier ,
+ =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= 
+Subject: [PATCH for 7.1] linux-user: fix compat with glibc >= 2.36 sys/mount.h
+Date: Tue,  2 Aug 2022 12:41:34 -0400
+
+The latest glibc 2.36 has extended sys/mount.h so that it
+defines the FSCONFIG_* enum constants. These are historically
+defined in linux/mount.h, and thus if you include both headers
+the compiler complains:
+
+In file included from /usr/include/linux/fs.h:19,
+ from ../linux-user/syscall.c:98:
+/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum 
fsconfig_command'
+   95 | enum fsconfig_command {
+  |  ^~~~
+In file included from ../linux-user/syscall.c:31:
+/usr/include/sys/mount.h:189:6: note: originally defined here
+  189 | enum fsconfig_command
+  |  ^~~~
+/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 
'FSCONFIG_SET_FLAG'
+   96 | FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no 
value */
+  | ^
+/usr/include/sys/mount.h:191:3: note: previous definition of 
'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+  191 |   FSCONFIG_SET_FLAG   = 0,/* Set parameter, supplying no value 
*/
+  |   ^
+...snip...
+
+QEMU doesn't include linux/mount.h, but it does use
+linux/fs.h and thus gets linux/mount.h indirectly.
+
+glibc acknowledges this problem but does not appear to
+be intending to fix it in the forseeable future, simply
+documenting it as a known incompatibility with no
+workaround:
+
+  
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+  https://sourceware.org/glibc/wiki/Synchronizing_Headers
+
+To address this requires either removing use of sys/mount.h
+or linux/fs.h, despite QEMU needing declarations from
+both.
+
+This patch removes linux/fs.h, meaning we have to define
+various FS_IOC constants that are now unavailable.
+
+Signed-off-by: Daniel P. Berrangé 
+--- a/linux-user/syscall.c
 b/linux-user/syscall.c
+@@ -95,7 +95,25 @@
+ #include 
+ #include 
+ #include 
++
++#ifdef HAVE_SYS_MOUNT_FSCONFIG
++/*
++ * glibc >= 2.36 linux/mount.h conflicts with sys/mount.h,
++ * which in turn prevents use of linux/fs.h. So we have to
++ * define the constants ourselves for now.
++ */
++#define FS_IOC_GETFLAGS_IOR('f', 1, long)
++#define FS_IOC_SETFLAGS_IOW('f', 2, long)
++#define FS_IOC_GETVERSION  _IOR('v', 1, long)
++#define FS_IOC_SETVERSION  _IOW('v', 2, long)
++#define FS_IOC_FIEMAP  _IOWR('f', 11, struct fiemap)
++#define FS_IOC32_GETFLAGS  _IOR('f', 1, int)
++#define FS_IOC32_SETFLAGS  _IOW('f', 2, int)
++#define FS_IOC32_GETVERSION_IOR('v', 1, int)
++#define FS_IOC32_SETVERSION_IOW('v', 2, int)
++#else
+ #include 
++#endif
+ #include 
+ #if defined(CONFIG_FIEMAP)
+ #include 
+--- a/meson.build
 b/meson.build
+@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
+  cc.has_header_symbol('getopt.h', 'optreset'))
+ config_host_data.set('HAVE_IPPROTO_MPTCP',
+  cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
++config_host_data.set('HAVE_SYS_MOUNT_FSCONFIG',
++ cc.has_header_symbol('sys/mount.h', 'FSCONFIG_SET_FLAG'))
+ 
+ # has_member
+ config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',

diff --git a/app-emulation/qemu/qemu-7.0.0-r3.ebuild 
b/app-emulation/qemu/qemu-7.0.0-r3.ebuild
index d79b2ecdb29b..09762b74b160 100644
--- a/app-emulation/qemu/qemu-7.0.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-7.0.0-r3.ebuild
@@ -300,6 +300,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
"${FILESDIR}"/${P}-virtio-scsi-fixes.patch
"${FILESDIR}"/${P}-pci-overflow-fortify-source-3.patch
+   "${FILESDIR}"/${P}-glibc-2.36.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[WANG Xuerui]

commit: e7e343979dbfd7e4b4fcf85f36c17d414fc1e41e
Author: WANG Xuerui  gentoo  org>
AuthorDate: Tue Jul  5 00:39:29 2022 +
Commit: WANG Xuerui  gentoo  org>
CommitDate: Tue Jul  5 00:53:53 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7e34397

app-emulation/qemu: forward port 6.1.0-strings.patch to latest main branch

Due to upstream commit 
https://gitlab.com/qemu-project/qemu/-/commit/158bb2249ed9
("configure: Add cross prefix for widl tool").

Tentatively named 7.1.0, as 7.1.0 will be the first upstream version
this forwarded patch is applicable to.

Signed-off-by: WANG Xuerui  gentoo.org>

 app-emulation/qemu/files/qemu-7.1.0-strings.patch | 26 +++
 app-emulation/qemu/qemu-.ebuild   |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-7.1.0-strings.patch 
b/app-emulation/qemu/files/qemu-7.1.0-strings.patch
new file mode 100644
index ..01f235b9a33c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.1.0-strings.patch
@@ -0,0 +1,26 @@
+Forward-ported from original patch for 5.2.0.
+
+diff --git a/configure b/configure
+index da2501489f..4660ee3ee5 100755
+--- a/configure
 b/configure
+@@ -400,6 +400,7 @@ ld="${LD-${cross_prefix}ld}"
+ nm="${NM-${cross_prefix}nm}"
+ smbd="$SMBD"
+ strip="${STRIP-${cross_prefix}strip}"
++strings="${STRINGS-${cross_prefix}strings}"
+ widl="${WIDL-${cross_prefix}widl}"
+ windres="${WINDRES-${cross_prefix}windres}"
+ pkg_config_exe="${PKG_CONFIG-${cross_prefix}pkg-config}"
+@@ -1466,9 +1467,9 @@ int main(int argc, char *argv[])
+ EOF
+ 
+ if compile_prog ; then
+-if strings -a $TMPE | grep -q BiGeNdIaN ; then
++if $strings -a $TMPE | grep -q BiGeNdIaN ; then
+ bigendian="yes"
+-elif strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
++elif $strings -a $TMPE | grep -q LiTtLeEnDiAn ; then
+ bigendian="no"
+ else
+ echo big/little test failed

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 33c2357b1386..4b02fd9f5f85 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -278,8 +278,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
"${FILESDIR}"/${PN}-6.0.0-make.patch
-   "${FILESDIR}"/${PN}-6.1.0-strings.patch
"${FILESDIR}"/${PN}-7.0.0-also-build-virtfs-proxy-helper.patch
+   "${FILESDIR}"/${PN}-7.1.0-strings.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: a2440aa2b4c8ceaf4195e30f6b4888ede061d8dd
Author: Sam James  gentoo  org>
AuthorDate: Sat Jun  4 02:59:28 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Jun  4 03:01:29 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2440aa2

app-emulation/qemu: backport virtio-iscsi CPU usage fix; FORTIFY_SOURCE=3 fixes

- Backport virtio-iscsi CPU usage fix;
- Don't force -D_FORTIFY_SOURCE=2 (we patch it into toolchain so need to set it,
and by doing -U... -D...=2, it prevents usage of =3)
- Backport FORTIFY_SOURCE=3 crash fix

Closes: https://bugs.gentoo.org/849587
Closes: https://bugs.gentoo.org/849500
Signed-off-by: Sam James  gentoo.org>

 .../qemu-7.0.0-pci-overflow-fortify-source-3.patch |  94 +++
 .../qemu/files/qemu-7.0.0-virtio-scsi-fixes.patch  | 182 +
 .../{qemu-.ebuild => qemu-7.0.0-r2.ebuild} |  38 +++--
 app-emulation/qemu/qemu-.ebuild|  36 ++--
 4 files changed, 322 insertions(+), 28 deletions(-)

diff --git 
a/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch 
b/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
new file mode 100644
index ..767f66243fcc
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-7.0.0-pci-overflow-fortify-source-3.patch
@@ -0,0 +1,94 @@
+https://bugs.gentoo.org/849587
+https://bugzilla.opensuse.org/show_bug.cgi?id=1199924
+https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg06183.html
+
+From qemu-devel  Tue May 31 11:47:07 2022
+From: Claudio Fontana 
+Date: Tue, 31 May 2022 11:47:07 +
+To: qemu-devel
+Subject: [PATCH] pci: fix overflow in snprintf string formatting
+Message-Id: <20220531114707.18830-1-cfontana () suse ! de>
+X-MARC-Message: https://marc.info/?l=qemu-devel=165399772310578
+
+the code in pcibus_get_fw_dev_path contained the potential for a
+stack buffer overflow of 1 byte, potentially writing to the stack an
+extra NUL byte.
+
+This overflow could happen if the PCI slot is >= 0x1000,
+and the PCI function is >= 0x1000, due to the size parameter
+of snprintf being incorrectly calculated in the call:
+
+if (PCI_FUNC(d->devfn))
+snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+
+since the off obtained from a previous call to snprintf is added
+instead of subtracted from the total available size of the buffer.
+
+Without the accurate size guard from snprintf, we end up writing in the
+worst case:
+
+name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes
+
+In order to provide something more robust, replace all of the code in
+pcibus_get_fw_dev_path with a single call to g_strdup_printf,
+so there is no need to rely on manual calculations.
+
+Found by compiling QEMU with FORTIFY_SOURCE=3 as the error:
+
+*** buffer overflow detected ***: terminated
+
+Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
+[Switching to Thread 0x7642c380 (LWP 121307)]
+0x771ff55c in __pthread_kill_implementation () from /lib64/libc.so.6
+(gdb) bt
+ #0  0x771ff55c in __pthread_kill_implementation () at /lib64/libc.so.6
+ #1  0x771ac6f6 in raise () at /lib64/libc.so.6
+ #2  0x77195814 in abort () at /lib64/libc.so.6
+ #3  0x771f279e in __libc_message () at /lib64/libc.so.6
+ #4  0x7729767a in __fortify_fail () at /lib64/libc.so.6
+ #5  0x77295c36 in  () at /lib64/libc.so.6
+ #6  0x772957f5 in __snprintf_chk () at /lib64/libc.so.6
+ #7  0x55b1c1fd in pcibus_get_fw_dev_path ()
+ #8  0x55f2bde4 in qdev_get_fw_dev_path_helper.constprop ()
+ #9  0x55f2bd86 in qdev_get_fw_dev_path_helper.constprop ()
+ #10 0x559a6e5d in get_boot_device_path ()
+ #11 0x559a712c in get_boot_devices_list ()
+ #12 0x55b1a3d0 in fw_cfg_machine_reset ()
+ #13 0x55bf4c2d in pc_machine_reset ()
+ #14 0x55c66988 in qemu_system_reset ()
+ #15 0x55a6dff6 in qdev_machine_creation_done ()
+ #16 0x55c79186 in qmp_x_exit_preconfig.part ()
+ #17 0x55c7b459 in qemu_init ()
+ #18 0x55960a29 in main ()
+
+Found-by: Dario Faggioli 
+Found-by: Martin Liška 
+Cc: qemu-sta...@nongnu.org
+Signed-off-by: Claudio Fontana 
+--- a/hw/pci/pci.c
 b/hw/pci/pci.c
+@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char 
*buf, int len)
+ static char *pcibus_get_fw_dev_path(DeviceState *dev)
+ {
+ PCIDevice *d = (PCIDevice *)dev;
+-char path[50], name[33];
+-int off;
+-
+-off = snprintf(path, sizeof(path), "%s@%x",
+-   pci_dev_fw_name(dev, name, sizeof name),
+-   PCI_SLOT(d->devfn));
+-if (PCI_FUNC(d->devfn))
+-snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+-return g_strdup(path);
++char name[33];
++int has_func = !!PCI_FUNC(d->devfn);
++
++return g_strdup_printf("%s@%x%s%.*x",
++   

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[John Helmert III]

commit: adb5b77a6df5abbc85fbb62bd57a1465ec7a7b4b
Author: John Helmert III  gentoo  org>
AuthorDate: Thu May 19 17:25:33 2022 +
Commit: John Helmert III  gentoo  org>
CommitDate: Sun May 22 15:59:11 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb5b77a

app-emulation/qemu: drop 6.2.0, 6.2.0-r3, 6.2.0-r4, 7.0.0_rc4

Closes: https://bugs.gentoo.org/831046
Bug: https://bugs.gentoo.org/839762
Signed-off-by: John Helmert III  gentoo.org>

 app-emulation/qemu/Manifest|   2 -
 ...qemu-6.2.0-also-build-virtfs-proxy-helper.patch |  34 -
 ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch |  61 --
 .../qemu/files/qemu-6.2.0-user-SLIC-crash.patch| 173 
 app-emulation/qemu/metadata.xml|   2 -
 app-emulation/qemu/qemu-6.2.0-r3.ebuild| 924 
 app-emulation/qemu/qemu-6.2.0-r4.ebuild| 925 -
 app-emulation/qemu/qemu-6.2.0.ebuild   | 913 
 app-emulation/qemu/qemu-7.0.0_rc4.ebuild   | 914 
 9 files changed, 3948 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index df4132977826..31a2d4d54918 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,3 +1 @@
-DIST qemu-6.2.0.tar.xz 115667324 BLAKE2B 
3f2f02e5c36113df6231a9474c6d5db774e541312173813c28f578d669a51f391695d364dc806f5906d9e3c2796bb20b2606fcd46a247eb751ea517de9d7ce15
 SHA512 
e9f8231c9e1cfcc41cb47f10a55d63f6b8aee307af00cf6acf64acb7aa4f49fa7e9d6330703a2abea15d8b7bbaba7d3cb08c83edd98d82642367b527df730817
-DIST qemu-7.0.0-rc4.tar.xz 125126604 BLAKE2B 
e1614daf71ff2625cdd8307812d6dfc4103c7c8a981b49fdda7409b8b4749e2d8354d3f8e903791100e966744485148c9b70ff046c0f8c2b1259a4997a245248
 SHA512 
ca0e8f5f1608b36f8ad8d9e6aeeb00e07af23e59ffecbda84c4c34bbe686a53c481e26bcedd13165363057cab063dcda7e5191dd5aff2798fde5be711c6dd2ff
 DIST qemu-7.0.0.tar.xz 125117636 BLAKE2B 
ceda6d9f1a585298bd49fed61e8bb35f0064ad8388a9f979c8bd68a38bfe1a47c5bb055e5f74f970c2c440957042b9de4a861524120040c56e4cd8b56c5cfb68
 SHA512 
44ecd10c018a3763e1bc87d1d35b98890d0d5636acd69fe9b5cadf5024d5af6a31684d60cbe1c3370e02986434c1fb0ad99224e0e6f6fe7eda169992508157b1

diff --git 
a/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch 
b/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch
deleted file mode 100644
index af220802069c..
--- a/app-emulation/qemu/files/qemu-6.2.0-also-build-virtfs-proxy-helper.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 42e53a0aadb76dfa7c11cd3b14eb4a41efba9bbe Mon Sep 17 00:00:00 2001
-From: Matthias Maier 
-Date: Tue, 11 Jan 2022 07:20:31 -0600
-Subject: [PATCH] also build virtfs-proxy-helper
-
-The Gentoo ebuild splits the qemu build into a softmmu, user and tool
-phase in order to be able to build and link some of the qemu emulators
-statically. This unfortunately has the consequence that we never
-configure with "have_virtfs" and "have_tools" at the same time.
-
-As a workaround, simply build the virtfs userland unconditionally. After
-all, it is a tiny executable

- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index fbe856700..d6918b04c 100644
 a/meson.build
-+++ b/meson.build
-@@ -1390,7 +1390,7 @@ have_virtfs = (targetos == 'linux' and
- libattr.found() and
- libcap_ng.found())
- 
--have_virtfs_proxy_helper = have_virtfs and have_tools
-+have_virtfs_proxy_helper = have_tools and libcap_ng.found()
-
-
- 
- if get_option('virtfs').enabled()
-   if not have_virtfs
--- 
-2.34.1
-

diff --git 
a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch 
b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
deleted file mode 100644
index 156d94b0f57e..
--- 
a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-https://gitlab.com/qemu/qemu/-/commit/7b223e38603de3a75602e14914d26f9d4baf52eb.patch
-https://bugs.gentoo.org/836300
-
-From 7b223e38603de3a75602e14914d26f9d4baf52eb Mon Sep 17 00:00:00 2001
-From: Christian Ehrhardt 
-Date: Wed, 9 Feb 2022 12:14:56 +0100
-Subject: [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist
-
-The virtiofsd currently crashes when used with glibc 2.35.
-That is due to the rseq system call being added to every thread
-creation [1][2].
-
-[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
-[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
-
-This happens not at daemon start, but when a guest connects
-
-/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
--o source=/var/guests/j-virtiofs --socket-group=kvm
-virtio_session_mount: Waiting for vhost-user socket connection...
-# start ok, now guest will connect
-virtio_session_mount: Received 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sam James]

commit: 7e9e099c436cc0934ca4e092856e5b08909622d6
Author: Sam James  gentoo  org>
AuthorDate: Tue Mar 29 05:37:56 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Tue Mar 29 05:37:56 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e9e099c

app-emulation/qemu: add glibc-2.35 patch

Closes: https://bugs.gentoo.org/836300
Signed-off-by: Sam James  gentoo.org>

 ...u-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch |  61 ++
 app-emulation/qemu/qemu-6.2.0-r4.ebuild| 925 +
 2 files changed, 986 insertions(+)

diff --git 
a/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch 
b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
new file mode 100644
index ..156d94b0f57e
--- /dev/null
+++ 
b/app-emulation/qemu/files/qemu-6.2.0-glibc-2.35-rseq-seccomp-virtiofsd.patch
@@ -0,0 +1,61 @@
+https://gitlab.com/qemu/qemu/-/commit/7b223e38603de3a75602e14914d26f9d4baf52eb.patch
+https://bugs.gentoo.org/836300
+
+From 7b223e38603de3a75602e14914d26f9d4baf52eb Mon Sep 17 00:00:00 2001
+From: Christian Ehrhardt 
+Date: Wed, 9 Feb 2022 12:14:56 +0100
+Subject: [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist
+
+The virtiofsd currently crashes when used with glibc 2.35.
+That is due to the rseq system call being added to every thread
+creation [1][2].
+
+[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
+[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
+
+This happens not at daemon start, but when a guest connects
+
+/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
+-o source=/var/guests/j-virtiofs --socket-group=kvm
+virtio_session_mount: Waiting for vhost-user socket connection...
+# start ok, now guest will connect
+virtio_session_mount: Received vhost-user socket connection
+virtio_loop: Entry
+fv_queue_set_started: qidx=0 started=1
+fv_queue_set_started: qidx=1 started=1
+Bad system call (core dumped)
+
+We have to put rseq on the seccomp allowlist to avoid that the daemon
+is crashing in this case.
+
+Reported-by: Michael Hudson-Doyle 
+Signed-off-by: Christian Ehrhardt 
+Reviewed-by: Dr. David Alan Gilbert 
+Message-id: 20220209111456.3328420-1-christian.ehrha...@canonical.com
+
+[Moved rseq to its alphabetically ordered position in the seccomp
+allowlist.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi 
+---
+ tools/virtiofsd/passthrough_seccomp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tools/virtiofsd/passthrough_seccomp.c 
b/tools/virtiofsd/passthrough_seccomp.c
+index a3ce9f898d..2bc0127b69 100644
+--- a/tools/virtiofsd/passthrough_seccomp.c
 b/tools/virtiofsd/passthrough_seccomp.c
+@@ -91,6 +91,9 @@ static const int syscall_allowlist[] = {
+ SCMP_SYS(renameat2),
+ SCMP_SYS(removexattr),
+ SCMP_SYS(restart_syscall),
++#ifdef __NR_rseq
++SCMP_SYS(rseq), /* required since glibc 2.35 */
++#endif
+ SCMP_SYS(rt_sigaction),
+ SCMP_SYS(rt_sigprocmask),
+ SCMP_SYS(rt_sigreturn),
+-- 
+GitLab
+
+

diff --git a/app-emulation/qemu/qemu-6.2.0-r4.ebuild 
b/app-emulation/qemu/qemu-6.2.0-r4.ebuild
new file mode 100644
index ..e981bb09adc5
--- /dev/null
+++ b/app-emulation/qemu/qemu-6.2.0-r4.ebuild
@@ -0,0 +1,925 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8,9,10} )
+PYTHON_REQ_USE="ncurses,readline"
+
+FIRMWARE_ABI_VERSION="6.2.0"
+
+inherit linux-info toolchain-funcs python-r1 udev fcaps readme.gentoo-r1 \
+   pax-utils xdg-utils
+
+if [[ ${PV} = ** ]]; then
+   EGIT_REPO_URI="https://git.qemu.org/git/qemu.git;
+   EGIT_SUBMODULES=(
+   meson
+   tests/fp/berkeley-softfloat-3
+   tests/fp/berkeley-testfloat-3
+   ui/keycodemapdb
+   )
+   inherit git-r3
+   SRC_URI=""
+else
+   SRC_URI="https://download.qemu.org/${P}.tar.xz;
+   KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="https://www.qemu.org https://www.linux-kvm.org;
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bpf bzip2 capstone +caps +curl debug +doc
+   +fdt fuse glusterfs +gnutls gtk infiniband iscsi io-uring
+   jack jemalloc +jpeg
+   lzo multipath
+   ncurses nfs nls numa opengl +oss pam +pin-upstream-blobs
+   plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+   +slirp
+   smartcard snappy spice ssh static static-user systemtap test udev usb
+   usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+   xfs zstd"
+
+COMMON_TARGETS="
+   aarch64
+   alpha
+   arm
+   cris
+   hppa
+   i386
+   m68k
+   microblaze
+   microblazeel
+

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[John Helmert III]

commit: 4da484b352e21676d7e0b13c5aa54db2a69c8271
Author: John Helmert III  gentoo  org>
AuthorDate: Sat Jan  1 01:10:55 2022 +
Commit: John Helmert III  gentoo  org>
CommitDate: Sat Jan  1 01:22:09 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4da484b3

app-emulation/qemu: fix some automagic and patch runtime crash

Fix automagic audio backend use/linking (alsa, jack, oss, pulseaudio)
and pam, add upstream patches to fix crash when with user-provided
SLIC table, and fix calculating the --audio-drv-list argument.

Bug: https://bugs.gentoo.org/830170
Thanks-To: Ionen Wolkens  gentoo.org>
Signed-off-by: John Helmert III  gentoo.org>

 .../qemu/files/qemu-6.2.0-user-SLIC-crash.patch| 168 
 app-emulation/qemu/qemu-6.2.0-r1.ebuild| 922 +
 2 files changed, 1090 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch 
b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
new file mode 100644
index ..7d22feeade2a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch
@@ -0,0 +1,168 @@
+commit dce6c86f54eab61028e110497c222e73381379df
+Author: Igor Mammedov 
+Date:   Mon Dec 27 14:31:17 2021 -0500
+
+acpi: fix QEMU crash when started with SLIC table
+
+if QEMU is started with used provided SLIC table blob,
+
+  -acpitable sig=SLIC,oem_id='CRASH 
',oem_table_id="ME",oem_rev=2210,asl_compiler_id="",asl_compiler_rev=,data=/dev/null
+it will assert with:
+
+  hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len 
<= maxlen)
+
+and following backtrace:
+
+  ...
+  build_append_padded_str (array=0x56afe320, str=0x56afdb2e "CRASH 
ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
+  acpi_table_begin (desc=0x7fffd1b0, array=0x56afe320) at 
hw/acpi/aml-build.c:1727
+  build_fadt (tbl=0x56afe320, linker=0x57ca3830, f=0x7fffd318, 
oem_id=0x56afdb2e "CRASH ME", oem_table_id=0x56afdb34 "ME") at 
hw/acpi/aml-build.c:2064
+  ...
+
+which happens due to acpi_table_begin() expecting NULL terminated
+oem_id and oem_table_id strings, which is normally the case, but
+in case of user provided SLIC table, oem_id points to table's blob
+directly and as result oem_id became longer than expected.
+
+Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
+return NULL terminated strings.
+
+PS:
+After [1] refactoring, oem_id semantics became inconsistent, where
+NULL terminated string was coming from machine and old way pointer
+into byte array coming from -acpitable option. That used to work
+since build_header() wasn't expecting NULL terminated string and
+blindly copied the 1st 6 bytes only.
+
+However commit [2] broke that by replacing build_header() with
+acpi_table_begin(), which was expecting NULL terminated string
+and was checking oem_id size.
+
+1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
+2)
+Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use 
acpi_table_begin()/acpi_table_end() instead of build_header()")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
+Signed-off-by: Igor Mammedov 
+
+diff --git a/hw/acpi/core.c b/hw/acpi/core.c
+index 1e004d0078..3e811bf03c 100644
+--- a/hw/acpi/core.c
 b/hw/acpi/core.c
+@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
+ struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
+ 
+ if (memcmp(hdr->sig, "SLIC", 4) == 0) {
+-oem->id = hdr->oem_id;
+-oem->table_id = hdr->oem_table_id;
++oem->id = g_strndup(hdr->oem_id, 6);
++oem->table_id = g_strndup(hdr->oem_table_id, 8);
+ return 0;
+ }
+ }
+diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
+index a99c6e4fe3..570f82997b 100644
+--- a/hw/i386/acpi-build.c
 b/hw/i386/acpi-build.c
+@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState 
*machine)
+ 
+ /* Cleanup memory that's no longer used. */
+ g_array_free(table_offsets, true);
++g_free(slic_oem.id);
++g_free(slic_oem.table_id);
+ }
+ 
+ static void acpi_ram_update(MemoryRegion *mr, GArray *data)
+
+commit a22de122ad03ea40953ad0328b2c3e31002d8052
+Author: Igor Mammedov 
+Date:   Mon Dec 27 14:31:18 2021 -0500
+
+tests: acpi: whitelist expected blobs before changing them
+
+Signed-off-by: Igor Mammedov 
+
+diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic
+new file mode 100644
+index 00..f6a864cc86
+Binary files /dev/null and b/tests/data/acpi/q35/FACP.slic differ
+diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic
+new file mode 100644
+index 00..e69de29bb2
+diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[John Helmert III]

commit: 0ad99be8a35aff4afc249dd3b596b2eed6b5c884
Author: John Helmert III  gentoo  org>
AuthorDate: Tue Dec 21 23:29:36 2021 +
Commit: John Helmert III  gentoo  org>
CommitDate: Tue Dec 21 23:42:17 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ad99be8

app-emulation/qemu: fix unix socket path copy

This adds a patch of upstream commit
118d527f2e4baec5fe8060b22a6212468b8e4d3f. It is included in 6.2.0, but
fixes a 6.1.0 regression, so committing straight to stable.

Signed-off-by: John Helmert III  gentoo.org>

 .../files/qemu-6.1.0-fix-unix-socket-copy.patch| 76 ++
 .../{qemu-6.1.0-r2.ebuild => qemu-6.1.0-r3.ebuild} |  1 +
 2 files changed, 77 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch 
b/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch
new file mode 100644
index ..7701b26b4f9a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.1.0-fix-unix-socket-copy.patch
@@ -0,0 +1,76 @@
+commit 118d527f2e4baec5fe8060b22a6212468b8e4d3f
+Author: Michael Tokarev 
+Date:   Wed Sep 1 16:16:24 2021 +0300
+
+qemu-sockets: fix unix socket path copy (again)
+
+Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an
+assert which ensures the path within an address of a unix
+socket returned from the kernel is at least one byte and
+does not exceed sun_path buffer. Both of this constraints
+are wrong:
+
+A unix socket can be unnamed, in this case the path is
+completely empty (not even \0)
+
+And some implementations (notable linux) can add extra
+trailing byte (\0) _after_ the sun_path buffer if we
+passed buffer larger than it (and we do).
+
+So remove the assertion (since it causes real-life breakage)
+but at the same time fix the usage of sun_path. Namely,
+we should not access sun_path[0] if kernel did not return
+it at all (this is the case for unnamed sockets),
+and use the returned salen when copyig actual path as an
+upper constraint for the amount of bytes to copy - this
+will ensure we wont exceed the information provided by
+the kernel, regardless whenever there is a trailing \0
+or not. This also helps with unnamed sockets.
+
+Note the case of abstract socket, the sun_path is actually
+a blob and can contain \0 characters, - it should not be
+passed to g_strndup and the like, it should be accessed by
+memcpy-like functions.
+
+Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f
+Fixes: http://bugs.debian.org/993145
+Signed-off-by: Michael Tokarev 
+Reviewed-by: Daniel P. Berrangé 
+Reviewed-by: Marc-André Lureau 
+CC: qemu-sta...@nongnu.org
+
+diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
+index f2f3676d1f..c5043999e9 100644
+--- a/util/qemu-sockets.c
 b/util/qemu-sockets.c
+@@ -1345,25 +1345,22 @@ socket_sockaddr_to_address_unix(struct 
sockaddr_storage *sa,
+ SocketAddress *addr;
+ struct sockaddr_un *su = (struct sockaddr_un *)sa;
+ 
+-assert(salen >= sizeof(su->sun_family) + 1 &&
+-   salen <= sizeof(struct sockaddr_un));
+-
+ addr = g_new0(SocketAddress, 1);
+ addr->type = SOCKET_ADDRESS_TYPE_UNIX;
++salen -= offsetof(struct sockaddr_un, sun_path);
+ #ifdef CONFIG_LINUX
+-if (!su->sun_path[0]) {
++if (salen > 0 && !su->sun_path[0]) {
+ /* Linux abstract socket */
+-addr->u.q_unix.path = g_strndup(su->sun_path + 1,
+-salen - sizeof(su->sun_family) - 1);
++addr->u.q_unix.path = g_strndup(su->sun_path + 1, salen - 1);
+ addr->u.q_unix.has_abstract = true;
+ addr->u.q_unix.abstract = true;
+ addr->u.q_unix.has_tight = true;
+-addr->u.q_unix.tight = salen < sizeof(*su);
++addr->u.q_unix.tight = salen < sizeof(su->sun_path);
+ return addr;
+ }
+ #endif
+ 
+-addr->u.q_unix.path = g_strndup(su->sun_path, sizeof(su->sun_path));
++addr->u.q_unix.path = g_strndup(su->sun_path, salen);
+ return addr;
+ }
+ #endif /* WIN32 */

diff --git a/app-emulation/qemu/qemu-6.1.0-r2.ebuild 
b/app-emulation/qemu/qemu-6.1.0-r3.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-6.1.0-r2.ebuild
rename to app-emulation/qemu/qemu-6.1.0-r3.ebuild
index b91f85e5d967..8d2ca068f00d 100644
--- a/app-emulation/qemu/qemu-6.1.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-6.1.0-r3.ebuild
@@ -277,6 +277,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
"${FILESDIR}"/${PN}-6.0.0-make.patch
"${FILESDIR}"/${PN}-6.1.0-strings.patch
+   "${FILESDIR}"/${P}-fix-unix-socket-copy.patch
"${FILESDIR}"/${P}-automagic-libbpf.patch
"${FILESDIR}"/${P}-data-corruption.patch
 )

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: f09915592646599a26c0be1f368809f4a5e84532
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Sat Jun 26 19:55:04 2021 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Sat Jun 26 19:59:05 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0991559

app-emulation/qemu: allow MAKE='make ...' form

Reported-by: Toralf Förster
Closes: https://bugs.gentoo.org/795678
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/qemu-6.0.0-make.patch | 14 ++
 app-emulation/qemu/qemu-6.0.0.ebuild   |  1 +
 2 files changed, 15 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-6.0.0-make.patch 
b/app-emulation/qemu/files/qemu-6.0.0-make.patch
new file mode 100644
index 000..2dac1ca11d9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-6.0.0-make.patch
@@ -0,0 +1,14 @@
+Allow MAKE='make V=1' and similar.
+
+https://bugs.gentoo.org/795678
+--- a/configure
 b/configure
+@@ -1953,7 +1953,7 @@ if test -z "$python"
+ then
+ error_exit "Python not found. Use --python=/path/to/python"
+ fi
+-if ! has "$make"
++if ! has $make
+ then
+ error_exit "GNU make ($make) not found"
+ fi

diff --git a/app-emulation/qemu/qemu-6.0.0.ebuild 
b/app-emulation/qemu/qemu-6.0.0.ebuild
index fbd240df60c..8a8069a10e2 100644
--- a/app-emulation/qemu/qemu-6.0.0.ebuild
+++ b/app-emulation/qemu/qemu-6.0.0.ebuild
@@ -276,6 +276,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
"${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
+   "${FILESDIR}"/${PN}-6.0.0-make.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 957314a3054fd202618a5a44c076cbcda8c711d5
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Mon Apr 12 19:37:55 2021 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Mon Apr 12 19:39:33 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=957314a3

app-emulation/qemu: Do not rely on DCE for lock type test

Fix CFLAGS=-Og build break. -Og fails because gcc does not enable dead
code elimination (but does set __OPTIMIZE__ define).

The fix avoids DCE reliance downstream entirely.

Reported-by: Luke-Jr
Closes: https://bugs.gentoo.org/782364
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch | 18 ++
 app-emulation/qemu/qemu-5.2.0-r50.ebuild|  1 +
 app-emulation/qemu/qemu-.ebuild |  1 +
 3 files changed, 20 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch 
b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
new file mode 100644
index 000..679a9f391b0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-dce-locks.patch
@@ -0,0 +1,18 @@
+Fix CFLAGS=-Og build break. -Og fails because gcc does not enable dead
+code elimination (but does set __OPTIMIZE__ define).
+
+The fix avoids DCE reliance downstream entirely.
+
+Reported-by: Luke-Jr
+Bug: https://bugs.gentoo.org/782364
+--- a/include/qemu/lockable.h
 b/include/qemu/lockable.h
+@@ -28,7 +28,7 @@ struct QemuLockable {
+  * to QEMU_MAKE_LOCKABLE.  For optimized builds, we can rely on dead-code 
elimination
+  * from the compiler, and give the errors already at link time.
+  */
+-#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__)
++#if defined(__OPTIMIZE__) && !defined(__SANITIZE_ADDRESS__) && 
defined(VALIDATE_LOCKS_VIA_DCE)
+ void unknown_lock_type(void *);
+ #else
+ static inline void unknown_lock_type(void *unused)

diff --git a/app-emulation/qemu/qemu-5.2.0-r50.ebuild 
b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
index 6b9bfbec8c9..7a9f08f8539 100644
--- a/app-emulation/qemu/qemu-5.2.0-r50.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0-r50.ebuild
@@ -234,6 +234,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-5.2.0-strings.patch
"${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
"${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
+   "${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
 )
 
 QA_PREBUILT="

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 9e8be4658ae..9970b1a031f 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -272,6 +272,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-5.2.0-strings.patch
"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
+   "${FILESDIR}"/${PN}-5.2.0-dce-locks.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 470064cb7fb8c6cda0b5f2ea40fcb6542faf86de
Author: Maciej S. Szmigiero  maciej  szmigiero  name>
AuthorDate: Sun Feb 28 22:58:09 2021 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Sun Feb 28 23:24:08 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=470064cb

app-emulation/qemu: Add /dev/vhost-vsock to udev rules

The installed udev rules should also cover /dev/vhost-vsock just as they
currently cover /dev/vhost-net.
The upstream systemd rules will include vhost-vsock in systemd v248.

Closes: https://bugs.gentoo.org/773286
Signed-off-by: Maciej S. Szmigiero  maciej.szmigiero.name>
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/65-kvm.rules-r2  | 3 +++
 app-emulation/qemu/{qemu-.ebuild => qemu-5.2.0-r3.ebuild} | 7 ---
 app-emulation/qemu/qemu-.ebuild   | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app-emulation/qemu/files/65-kvm.rules-r2 
b/app-emulation/qemu/files/65-kvm.rules-r2
new file mode 100644
index 000..15c89b20187
--- /dev/null
+++ b/app-emulation/qemu/files/65-kvm.rules-r2
@@ -0,0 +1,3 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"
+KERNEL=="vhost-vsock", GROUP="kvm", MODE="0660", 
OPTIONS+="static_node=vhost-vsock"

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-5.2.0-r3.ebuild
similarity index 99%
copy from app-emulation/qemu/qemu-.ebuild
copy to app-emulation/qemu/qemu-5.2.0-r3.ebuild
index dcde210564b..063ad7becb4 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0-r3.ebuild
@@ -226,10 +226,11 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-   "${FILESDIR}"/${PN}-5.2.0-strings.patch
"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
"${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
-   "${FILESDIR}"/${PN}--fix-firmware-path.patch
+   "${FILESDIR}"/${PN}-5.2.0-strings.patch
+   "${FILESDIR}"/${PN}-5.2.0-fix-firmware-path.patch
+   "${FILESDIR}"/${PN}-5.2.0-no-pie-ld.patch
 )
 
 QA_PREBUILT="
@@ -722,7 +723,7 @@ src_install() {
[[ -e check-report.html ]] && dodoc check-report.html
 
if use kernel_linux; then
-   udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+   udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
fi
 
if use python; then

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index dcde210564b..1104aacd55d 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -722,7 +722,7 @@ src_install() {
[[ -e check-report.html ]] && dodoc check-report.html
 
if use kernel_linux; then
-   udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+   udev_newrules "${FILESDIR}"/65-kvm.rules-r2 65-kvm.rules
fi
 
if use python; then

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 1cc25abb2720fce0fdfaa38e1e3f5b39a4dcf895
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Sat Dec 12 23:30:03 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Sat Dec 12 23:53:12 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cc25abb

app-emulation/qemu: drop USE=xkb, use prebuilt keymaps

USE=xkb re-generates qemu keymaps instead of already prebuilt ones.
It has a few problems:
- present /usr/bin/qemu-keymaps is preferred over locally built one
- /usr/bin/qemu-keymaps can't be ran on a system without
  x11-misc/xkeyboard-config

Let's rely on prebuilt keymaps.

Reported-by: Ben Kohler
Closes: https://bugs.gentoo.org/759604
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Sergei Trofimovich  gentoo.org>

 .../qemu/files/qemu-5.2.0-disable-keymap.patch | 25 ++
 app-emulation/qemu/qemu-5.2.0.ebuild   |  7 +++---
 app-emulation/qemu/qemu-.ebuild|  6 +++---
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch 
b/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch
new file mode 100644
index 000..4b5676be4d2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-disable-keymap.patch
@@ -0,0 +1,25 @@
+Do not use system's 'qemu-keymap' in native case.
+--- a/meson.build
 b/meson.build
+@@ -337,6 +337,8 @@ if 'CONFIG_LIBCAP_NG' in config_host
+ endif
+ if get_option('xkbcommon').auto() and not have_system and not have_tools
+   xkbcommon = not_found
++elif get_option('xkbcommon').disabled()
++  xkbcommon = not_found
+ else
+   xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
+  method: 'pkg-config', static: enable_static)
+--- a/pc-bios/keymaps/meson.build
 b/pc-bios/keymaps/meson.build
+@@ -33,7 +33,9 @@ keymaps = {
+   'tr': '-l tr',
+ }
+ 
+-if meson.is_cross_build() or 'CONFIG_XKBCOMMON' not in config_host
++if meson.is_cross_build()
+   native_qemu_keymap = find_program('qemu-keymap', required: false, disabler: 
true)
++elif get_option('xkbcommon').disabled()
++  native_qemu_keymap = not_found
+ else
+   native_qemu_keymap = qemu_keymap

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild 
b/app-emulation/qemu/qemu-5.2.0.ebuild
index 5fb557f10fb..6401088ec2b 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -41,7 +41,7 @@ IUSE="accessibility +aio alsa bzip2 capstone +caps +curl 
debug doc
+slirp
smartcard snappy spice ssh static static-user systemtap test udev usb
usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-   xfs +xkb zstd"
+   xfs zstd"
 
 COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
@@ -93,7 +93,6 @@ ALL_DEPEND="
 # softmmu targets (qemu-system-*).
 SOFTMMU_TOOLS_DEPEND="
dev-libs/libxml2[static-libs(+)]
-   xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? (
app-accessibility/brltty[api]
@@ -225,6 +224,7 @@ RDEPEND="${CDEPEND}
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
"${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
+   "${FILESDIR}"/${PN}-5.2.0-disable-keymap.patch
 )
 
 QA_PREBUILT="
@@ -487,7 +487,8 @@ qemu_src_configure() {
$(conf_notuser xen)
$(conf_notuser xen xen-pci-passthrough)
$(conf_notuser xfs xfsctl)
-   $(conf_notuser xkb xkbcommon)
+   # use prebuilt keymaps, bug #759604
+   --disable-xkbcommon
$(conf_notuser zstd)
)
 

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 2ca83e90d02..ad937601f52 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -41,7 +41,7 @@ IUSE="accessibility +aio alsa bzip2 capstone +caps +curl 
debug doc
+slirp
smartcard snappy spice ssh static static-user systemtap test udev usb
usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
-   xfs +xkb zstd"
+   xfs zstd"
 
 COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
@@ -93,7 +93,6 @@ ALL_DEPEND="
 # softmmu targets (qemu-system-*).
 SOFTMMU_TOOLS_DEPEND="
dev-libs/libxml2[static-libs(+)]
-   xkb? ( x11-libs/libxkbcommon[static-libs(+)] )
>=x11-libs/pixman-0.28.0[static-libs(+)]
accessibility? (
app-accessibility/brltty[api]
@@ -486,7 +485,8 @@ qemu_src_configure() {
$(conf_notuser xen)
$(conf_notuser xen xen-pci-passthrough)
$(conf_notuser xfs xfsctl)
-   

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: b75adffb42822e75a6e3e4c5b7ad02258134b221
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Sat Dec 12 08:32:52 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Sat Dec 12 08:33:16 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b75adffb

app-emulation/qemu: make ./configure -Werror-clean

Fix safe-stack detection on gcc -Wall -Wextra to
avoid declaration of unused parameters.

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Sergei Trofimovich  gentoo.org>

 .../qemu/files/qemu-5.2.0-cleaner-werror.patch | 40 ++
 app-emulation/qemu/qemu-5.2.0.ebuild   |  1 +
 2 files changed, 41 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch 
b/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch
new file mode 100644
index 000..33115f1df48
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-5.2.0-cleaner-werror.patch
@@ -0,0 +1,40 @@
+-Wall -Wextra compains about unused arguments,
+causes safe-stack to be mis-detected.
+--- a/configure
 b/configure
+@@ -2293,7 +2293,7 @@ fi
+ cat > $TMPC << EOF
+ #include 
+ #include 
+-int main(int argc, char *argv[]) {
++int main(void) {
+ return printf("%zu", SIZE_MAX);
+ }
+ EOF
+@@ -4911,7 +4911,7 @@ fi
+ 
+ if test "$safe_stack" = "yes"; then
+ cat > $TMPC << EOF
+-int main(int argc, char *argv[])
++int main(void)
+ {
+ #if ! __has_feature(safe_stack)
+ #error SafeStack Disabled
+@@ -4933,7 +4933,7 @@ EOF
+   fi
+ else
+ cat > $TMPC << EOF
+-int main(int argc, char *argv[])
++int main(void)
+ {
+ #if defined(__has_feature)
+ #if __has_feature(safe_stack)
+@@ -5283,7 +5283,7 @@ static const int Z = 1;
+ #define TAUT(X) ((X) == Z)
+ #define PAREN(X, Y) (X == Y)
+ #define ID(X) (X)
+-int main(int argc, char *argv[])
++int main(void)
+ {
+ int x = 0, y = 0;
+ x = ID(x);

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild 
b/app-emulation/qemu/qemu-5.2.0.ebuild
index 154a8d68519..ebb2803247e 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -223,6 +223,7 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
+   "${FILESDIR}"/${PN}-5.2.0-cleaner-werror.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 3ef9e5361d90e4a3b60da326db292bdd13322529
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Thu Dec 10 15:01:02 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Thu Dec 10 15:03:03 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ef9e536

app-emulation/qemu: revert "fix safe-stack feature detection"

I misinterpreted what test does. Will need to check why it passes for me.
Reverting it for now.

This reverts commit 541bb02a46aa817953c29c8ffef222bbfb58ebd8.

Reported-by: Agostino Sarubbo
Closes: https://bugs.gentoo.org/759331
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch | 12 
 app-emulation/qemu/qemu-5.2.0.ebuild |  1 -
 2 files changed, 13 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch 
b/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch
deleted file mode 100644
index 77ed254ab98..000
--- a/app-emulation/qemu/files/qemu-5.2.0-safe-stack.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-If SafeStack fails to build it should be disabled, not enabled.
 a/configure
-+++ b/configure
-@@ -4956,7 +4956,7 @@ if test "$safe_stack" = "no"; then
-   fi
- else # "$safe_stack" = ""
-   # Set safe_stack to yes or no based on pre-existing flags
--  if compile_prog "-Werror" ""; then
-+  if ! compile_prog "-Werror" ""; then
- safe_stack="no"
-   else
- safe_stack="yes"

diff --git a/app-emulation/qemu/qemu-5.2.0.ebuild 
b/app-emulation/qemu/qemu-5.2.0.ebuild
index a0c14681fac..3a200179aa2 100644
--- a/app-emulation/qemu/qemu-5.2.0.ebuild
+++ b/app-emulation/qemu/qemu-5.2.0.ebuild
@@ -225,7 +225,6 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-   "${FILESDIR}"/${PN}-5.2.0-safe-stack.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: c3e69a937f95044c6ccebc72b040d32e6dd0297d
Author: Michal Privoznik  redhat  com>
AuthorDate: Wed Oct 21 20:21:25 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Wed Oct 21 20:55:00 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3e69a93

app-emulation/qemu-: Remove qemu--cflags.patch

In upstream commit of v5.1.0-1916-g5770e8afd6 qemu removed CFLAGS
clobbering (among other env vars) rendering our patch redundant.

Signed-off-by: Michal Privoznik  redhat.com>
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/qemu--cflags.patch | 12 
 app-emulation/qemu/qemu-.ebuild |  1 -
 2 files changed, 13 deletions(-)

diff --git a/app-emulation/qemu/files/qemu--cflags.patch 
b/app-emulation/qemu/files/qemu--cflags.patch
deleted file mode 100644
index 1c732a453a9..000
--- a/app-emulation/qemu/files/qemu--cflags.patch
+++ /dev/null
@@ -1,12 +0,0 @@
 a/configure
-+++ b/configure
-@@ -6349,9 +6349,6 @@ if test "$debug_info" = "yes"; then
-   CFLAGS="-g $CFLAGS"
-   LDFLAGS="-g $LDFLAGS"
- fi
--if test "$debug" = "no"; then
--  CFLAGS="-O2 $CFLAGS"
--fi
- 
- case "$ARCH" in
- alpha)

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 2b03ed218ed..764cce197cf 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -225,7 +225,6 @@ RDEPEND="${CDEPEND}
 
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
-   "${FILESDIR}"/${PN}--cflags.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 3752d632441c34385ee7296126e3867536cb63e7
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Tue Sep  8 07:33:11 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Tue Sep  8 07:33:20 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3752d632

app-emulation/qemu: tweak error message for missing SDL

Reported-by: Rafael Kitover
Bug: https://bugs.gentoo.org/740836
Package-Manager: Portage-3.0.5, Repoman-3.0.1
Signed-off-by: Sergei Trofimovich  gentoo.org>

 app-emulation/qemu/files/qemu--format-error.patch | 14 ++
 app-emulation/qemu/qemu-.ebuild   |  1 +
 2 files changed, 15 insertions(+)

diff --git a/app-emulation/qemu/files/qemu--format-error.patch 
b/app-emulation/qemu/files/qemu--format-error.patch
new file mode 100644
index 000..8bb4d96b77c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu--format-error.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/740836
+--- a/meson.build
 b/meson.build
+@@ -255,8 +255,8 @@ if sdl.found()
+  method: 'pkg-config', static: enable_static)
+ else
+   if get_option('sdl_image').enabled()
+-error('sdl-image required, but SDL was @0@',
+-  get_option('sdl').disabled() ? 'disabled' : 'not found')
++error('sdl-image required, but SDL was @0@'.format(
++  get_option('sdl').disabled() ? 'disabled' : 'not found'))
+   endif
+   sdl_image = not_found
+ endif

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index a70062db3ec..da2bd1246ef 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -226,6 +226,7 @@ RDEPEND="${CDEPEND}
 PATCHES=(
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
"${FILESDIR}"/${PN}--cflags.patch
+   "${FILESDIR}"/${PN}--format-error.patch
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: e5295c1235bc8f39e9b30c6c1671611f8602e969
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Fri Apr 24 19:59:21 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Fri Apr 24 19:59:37 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5295c12

app-emulation/qemu: fix int overflow in ati-2d, bug #719266

Direct backport of upstream ac2071c3791b67fc7af78b8ceb
"ati-vga: Fix checks in ati_2d_blt() to avoid crash"

Bug: https://bugs.gentoo.org/719266
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich  gentoo.org>

 .../qemu/files/qemu-4.2.0-ati-vga-crash.patch  |  94 +++
 app-emulation/qemu/qemu-4.2.0-r6.ebuild| 834 +
 2 files changed, 928 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch 
b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
new file mode 100644
index 000..5f442f0fd07
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
@@ -0,0 +1,94 @@
+https://bugs.gentoo.org/719266
+
+From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan 
+Date: Mon, 6 Apr 2020 22:34:26 +0200
+Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash
+
+In some corner cases (that never happen during normal operation but a
+malicious guest could program wrong values) pixman functions were
+called with parameters that result in a crash. Fix this and add more
+checks to disallow such cases.
+
+Reported-by: Ziming Zhang 
+Signed-off-by: BALATON Zoltan 
+Message-id: 20200406204029.19559747...@zero.eik.bme.hu
+Signed-off-by: Gerd Hoffmann 
+---
+ hw/display/ati_2d.c | 37 ++---
+ 1 file changed, 26 insertions(+), 11 deletions(-)
+
+--- a/hw/display/ati_2d.c
 b/hw/display/ati_2d.c
+@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s)
+ s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
+ surface_bits_per_pixel(ds),
+ (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
+-int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
+-int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
++unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++  s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
++unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++  s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
+ int bpp = ati_bpp_from_datatype(s);
++if (!bpp) {
++qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
++return;
++}
+ int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
++if (!dst_stride) {
++qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
++return;
++}
+ uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+ s->regs.dst_offset : s->regs.default_offset);
+ 
+@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s)
+ switch (s->regs.dp_mix & GMC_ROP3_MASK) {
+ case ROP3_SRCCOPY:
+ {
+-int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
+-int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
++unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++   s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
++unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++   s->regs.src_y : s->regs.src_y + 1 - 
s->regs.dst_height);
+ int src_stride = DEFAULT_CNTL ?
+  s->regs.src_pitch : s->regs.default_pitch;
++if (!src_stride) {
++qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
++return;
++}
+ uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+ s->regs.src_offset : s->regs.default_offset);
+ 
+@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_y * surface_stride(ds),
+ s->regs.dst_height * surface_stride(ds));
+ }
+-s->regs.dst_x += s->regs.dst_width;
+-s->regs.dst_y += s->regs.dst_height;
++s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++ dst_x + s->regs.dst_width : dst_x);
++s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++ dst_y + s->regs.dst_height : dst_y);
+ break;
+ }
+ case ROP3_PATCOPY:
+@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_y * surface_stride(ds),
+

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Sergei Trofimovich]

commit: 3a1b0a5e226c561f876d84210048b1fe3c95f2bb
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Thu Apr 16 22:15:28 2020 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Thu Apr 16 22:15:55 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a1b0a5e

app-emulation/qemu: fix epoll_create1 handling, bug #717548

Recent python started using epoll_create1() which had
a bug of missing translation for flags from target to host.

Pull upstreamed patch.

Reported-by: Barnabás Virágh
Closes: https://bugs.gentoo.org/717548
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich  gentoo.org>

 .../qemu/files/qemu-4.2.0-epoll_create1.patch  |  39 +
 app-emulation/qemu/qemu-4.2.0-r4.ebuild| 838 +
 2 files changed, 877 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch 
b/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch
new file mode 100644
index 000..bb20dd12087
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-epoll_create1.patch
@@ -0,0 +1,39 @@
+From ce7ae180620a2fbf66232c3556678fbf4f136a5c Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich 
+Date: Wed, 15 Apr 2020 19:28:42 +0100
+Subject: [PATCH] linux-user/syscall.c: add target-to-host mapping for
+ epoll_create1()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Noticed by Barnabás Virágh as a python-3.7 failue on qemu-alpha.
+
+The bug shows up on alpha as it's one of the targets where
+EPOLL_CLOEXEC differs from other targets:
+sysdeps/unix/sysv/linux/alpha/bits/epoll.h: EPOLL_CLOEXEC  = 0100
+sysdeps/unix/sysv/linux/bits/epoll.h:EPOLL_CLOEXEC = 0200
+
+Bug: https://bugs.gentoo.org/717548
+Reported-by: Barnabás Virágh
+Signed-off-by: Sergei Trofimovich 
+---
+ linux-user/syscall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 674f70e70a..05f03919ff 100644
+--- a/linux-user/syscall.c
 b/linux-user/syscall.c
+@@ -12012,7 +12012,7 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
+ #endif
+ #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
+ case TARGET_NR_epoll_create1:
+-return get_errno(epoll_create1(arg1));
++return get_errno(epoll_create1(target_to_host_bitmask(arg1, 
fcntl_flags_tbl)));
+ #endif
+ #if defined(TARGET_NR_epoll_ctl)
+ case TARGET_NR_epoll_ctl:
+-- 
+2.26.1
+

diff --git a/app-emulation/qemu/qemu-4.2.0-r4.ebuild 
b/app-emulation/qemu/qemu-4.2.0-r4.ebuild
new file mode 100644
index 000..ca09f22cc43
--- /dev/null
+++ b/app-emulation/qemu/qemu-4.2.0-r4.ebuild
@@ -0,0 +1,838 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="4.0.0-r50"
+
+inherit eutils linux-info toolchain-funcs multilib python-r1 \
+   udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils
+
+if [[ ${PV} = ** ]]; then
+   EGIT_REPO_URI="https://git.qemu.org/git/qemu.git;
+   EGIT_SUBMODULES=(
+   slirp
+   tests/fp/berkeley-{test,soft}float-3
+   ui/keycodemapdb
+   )
+   inherit git-r3
+   SRC_URI=""
+else
+   SRC_URI="https://download.qemu.org/${P}.tar.xz
+   https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz;
+   KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc
+   +fdt glusterfs gnutls gtk infiniband iscsi jemalloc +jpeg kernel_linux
+   kernel_FreeBSD lzo ncurses nfs nls numa opengl +oss +pin-upstream-blobs
+   plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux
+   smartcard snappy spice ssh static static-user systemtap tci test usb
+   usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen
+   xfs +xkb"
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+   mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+   sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+   lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+   aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+   tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' 
${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+RESTRICT="!test? ( test )"
+# Allow no targets to be built so that people 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 06e1b02c0c7fcd1088f4efd7cbe721ca70c6df8a
Author: Matthias Maier  gentoo  org>
AuthorDate: Tue May 21 03:52:24 2019 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Tue May 21 03:53:05 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e1b02c

app-emulation/qemu: fix infiniband include

Closes: https://bugs.gentoo.org/686412
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier  gentoo.org>

 .../qemu/files/qemu-4.0.0-fix_infiniband_include.patch   | 12 
 app-emulation/qemu/qemu-4.0.0-r3.ebuild  |  1 +
 app-emulation/qemu/qemu-.ebuild  |  1 +
 3 files changed, 14 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch 
b/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
new file mode 100644
index 000..2778cc8f4f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
@@ -0,0 +1,12 @@
+diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
+index d1660b64..86715bfd 100644
+--- a/hw/rdma/rdma_backend.c
 b/hw/rdma/rdma_backend.c
+@@ -21,7 +21,6 @@
+ #include "qapi/qapi-events-rdma.h"
+ 
+ #include 
+-#include 
+ #include 
+ #include 
+ 

diff --git a/app-emulation/qemu/qemu-4.0.0-r3.ebuild 
b/app-emulation/qemu/qemu-4.0.0-r3.ebuild
index 044b7f0286c..c2258e18215 100644
--- a/app-emulation/qemu/qemu-4.0.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-4.0.0-r3.ebuild
@@ -207,6 +207,7 @@ PATCHES=(
"${FILESDIR}"/${P}-sanitize-interp_info.patch
"${FILESDIR}"/${PN}-3.1.0-md-clear-md-no.patch
"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+   "${FILESDIR}"/${PN}-4.0.0-fix_infiniband_include.patch #686412
 )
 
 QA_PREBUILT="

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 0eccee5d2fa..676ae8f0a21 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -206,6 +206,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
+   "${FILESDIR}"/${PN}-4.0.0-fix_infiniband_include.patch #686412
 )
 
 QA_PREBUILT="

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 4640ee91f01da20bcca0e7a422c1ccb694d8b833
Author: Matthias Maier  gentoo  org>
AuthorDate: Fri May 17 08:37:09 2019 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Fri May 17 08:58:17 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4640ee91

app-emulation/qemu: apply full mds patches

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier  gentoo.org>

 .../qemu/files/qemu-3.1.0-md-clear-md-no.patch | 29 +++---
 .../{qemu-4.0.0-r1.ebuild => qemu-4.0.0-r2.ebuild} |  0
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch 
b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
index 1027b9c8762..a7b3e8cb8f2 100644
--- a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
+++ b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
@@ -33,6 +33,29 @@ index d6bb57d2..331a364a 100644
  NULL, NULL, NULL, NULL,
  NULL, NULL, NULL, NULL,
  NULL, NULL, NULL, NULL,
--- 
-2.21.0
-
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 83fb5225..d0bab4d7 100644
+--- a/target/i386/cpu.h
 b/target/i386/cpu.h
+@@ -694,6 +694,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
+ 
+ #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network 
Instructions */
+ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation 
Single Precision */
++#define CPUID_7_0_EDX_MD_CLEAR  (1U << 10) /* Microarchitectural Data 
Clear */
+ #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
+ #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
+ #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass 
Disable */
+diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
+index 4d957fe8..b453552f 100644
+--- a/target/i386/hvf/x86_cpuid.c
 b/target/i386/hvf/x86_cpuid.c
+@@ -90,7 +90,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
+ }
+ 
+ ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
+-edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
++edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS 
| \
++   CPUID_7_0_EDX_MD_CLEAR;
+ } else {
+ ebx = 0;
+ ecx = 0;

diff --git a/app-emulation/qemu/qemu-4.0.0-r1.ebuild 
b/app-emulation/qemu/qemu-4.0.0-r2.ebuild
similarity index 100%
rename from app-emulation/qemu/qemu-4.0.0-r1.ebuild
rename to app-emulation/qemu/qemu-4.0.0-r2.ebuild

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 9f4c389d721da9d13eae97c36040bea25eddc367
Author: Matthias Maier  gentoo  org>
AuthorDate: Fri May 17 07:28:50 2019 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Fri May 17 07:28:50 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f4c389d

app-emulation/qemu: mds fixes for 3.1.0

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, ZombieLoad

Bug: https://bugs.gentoo.org/686026
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Matthias Maier  gentoo.org>

 .../qemu/files/qemu-3.1.0-md-clear-md-no.patch |  38 +
 app-emulation/qemu/qemu-3.1.0-r5.ebuild| 815 +
 2 files changed, 853 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch 
b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
new file mode 100644
index 000..1027b9c8762
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
@@ -0,0 +1,38 @@
+From 0fb766134bd97ead71646e13349f93769e536ed9 Mon Sep 17 00:00:00 2001
+From: Matthias Maier 
+Date: Fri, 17 May 2019 02:21:10 -0500
+Subject: [PATCH] Define md-clear bit, expose md-no CPUID
+
+Fixes for CVE-2018-121{26|27|30}, CVE-2019-11091
+
+See related fixes for Ubuntu:
+  https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-2ubuntu3.1
+---
+ target/i386/cpu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index d6bb57d2..331a364a 100644
+--- a/target/i386/cpu.c
 b/target/i386/cpu.c
+@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] 
= {
+ .feat_names = {
+ NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
+ NULL, NULL, NULL, NULL,
+-NULL, NULL, NULL, NULL,
++NULL, NULL, "md-clear", NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+@@ -1183,7 +1183,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] 
= {
+ .type = MSR_FEATURE_WORD,
+ .feat_names = {
+ "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
+-"ssb-no", NULL, NULL, NULL,
++"ssb-no", "mds-no", NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+-- 
+2.21.0
+

diff --git a/app-emulation/qemu/qemu-3.1.0-r5.ebuild 
b/app-emulation/qemu/qemu-3.1.0-r5.ebuild
new file mode 100644
index 000..eb64c249564
--- /dev/null
+++ b/app-emulation/qemu/qemu-3.1.0-r5.ebuild
@@ -0,0 +1,815 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.11.1-r50"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+   user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = ** ]]; then
+   EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+   inherit git-r3
+   SRC_URI=""
+else
+   SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz;
+   KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+
+   # Gentoo specific patchsets:
+   SRC_URI+=" 
https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz;
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
+   +fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
+   kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+   pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
+   spice ssh static static-user systemtap tci test usb usbredir vde
+   +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+RESTRICT=strip
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+   mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+   sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+   lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+   aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+   tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' 
${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+   qemu_softmmu_targets_arm? ( fdt )
+   qemu_softmmu_targets_microblaze? ( fdt )
+   qemu_softmmu_targets_mips64el? ( fdt )
+   

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: beb319291a0d5aef962d264a7349049ca2df634d
Author: Matthias Maier  gentoo  org>
AuthorDate: Mon Apr 29 03:20:42 2019 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Mon Apr 29 06:48:44 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=beb31929

app-emulation/qemu: remove obsolete

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Matthias Maier  gentoo.org>

 .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch |  35 -
 .../qemu/files/qemu-3.1.0-CVE-2019-3812.patch  |  33 -
 app-emulation/qemu/qemu-3.1.0-r1.ebuild| 810 -
 3 files changed, 878 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch 
b/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch
deleted file mode 100644
index a021a6a970d..000
--- a/app-emulation/qemu/files/qemu-3.1.0-CVE-2018-20123.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Prasad J Pandit 
-
-If during pvrdma device initialisation an error occurs,
-pvrdma_realize() does not release memory resources, leading
-to memory leakage.
-
-Reported-by: Li Qiang 
-Signed-off-by: Prasad J Pandit 

- hw/rdma/vmw/pvrdma_main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
-index 8a03ab4669..b65f8662df 100644
 a/hw/rdma/vmw/pvrdma_main.c
-+++ b/hw/rdma/vmw/pvrdma_main.c
-@@ -579,7 +579,7 @@ static void pvrdma_shutdown_notifier(Notifier *n, void 
*opaque)
- 
- static void pvrdma_realize(PCIDevice *pdev, Error **errp)
- {
--int rc;
-+int rc = 0;
- PVRDMADev *dev = PVRDMA_DEV(pdev);
- Object *memdev_root;
- bool ram_shared = false;
-@@ -655,6 +655,7 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
- 
- out:
- if (rc) {
-+pvrdma_fini(pdev);
- error_append_hint(errp, "Device fail to load\n");
- }
- }
--- 
-2.19.2

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch 
b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
deleted file mode 100644
index 03db9e0a1f2..000
--- a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann 
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Suggested-by: Michael Hanselmann 
-Signed-off-by: Gerd Hoffmann 
-Reviewed-by: Michael Hanselmann 
-Reviewed-by: Philippe Mathieu-Daudé 
-Message-id: 20190108102301.1957-1-kra...@redhat.com

- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072c..0a0367ff38 100644
 a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
- I2CDDCState *s = I2CDDC(i2c);
- 
- int value;
--value = s->edid_blob[s->reg];
-+value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
- s->reg++;
- return value;
- }
--- 
-2.19.2
-

diff --git a/app-emulation/qemu/qemu-3.1.0-r1.ebuild 
b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
deleted file mode 100644
index 560ab04a5c3..000
--- a/app-emulation/qemu/qemu-3.1.0-r1.ebuild
+++ /dev/null
@@ -1,810 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-FIRMWARE_ABI_VERSION="2.11.1-r50"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
-   user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = ** ]]; then
-   EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-   inherit git-r3
-   SRC_URI=""
-else
-   SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz;
-   KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-
-   # Gentoo specific patchsets:
-   #SRC_URI+=" 
https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz;
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
-   +fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
-   kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
-   pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
-   spice ssh static static-user systemtap tci test usb usbredir vde
-   +vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-RESTRICT=strip
-
-COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
-   mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
-   sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: c5d70adc0520a858f4da5cd0d1161e91140f5347
Author: Matthias Maier  gentoo  org>
AuthorDate: Tue Feb 19 00:16:24 2019 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Tue Feb 19 00:19:03 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d70adc

app-emulation/qemu: fix vulnerability, bug #678302

Take over commit

  From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
  From: Gerd Hoffmann  redhat.com>
  Date: Tue, 8 Jan 2019 11:23:01 +0100
  Subject: [PATCH] i2c-ddc: fix oob read

Bug: https://bugs.gentoo.org/678302
Package-Manager: Portage-2.3.60, Repoman-2.3.12
Signed-off-by: Matthias Maier  gentoo.org>

 .../qemu/files/qemu-3.1.0-CVE-2019-3812.patch  |  33 +
 app-emulation/qemu/qemu-3.1.0-r1.ebuild| 810 +
 2 files changed, 843 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch 
b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
new file mode 100644
index 000..03db9e0a1f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-3.1.0-CVE-2019-3812.patch
@@ -0,0 +1,33 @@
+From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Tue, 8 Jan 2019 11:23:01 +0100
+Subject: [PATCH] i2c-ddc: fix oob read
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Suggested-by: Michael Hanselmann 
+Signed-off-by: Gerd Hoffmann 
+Reviewed-by: Michael Hanselmann 
+Reviewed-by: Philippe Mathieu-Daudé 
+Message-id: 20190108102301.1957-1-kra...@redhat.com
+---
+ hw/i2c/i2c-ddc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
+index be34fe072c..0a0367ff38 100644
+--- a/hw/i2c/i2c-ddc.c
 b/hw/i2c/i2c-ddc.c
+@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
+ I2CDDCState *s = I2CDDC(i2c);
+ 
+ int value;
+-value = s->edid_blob[s->reg];
++value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
+ s->reg++;
+ return value;
+ }
+-- 
+2.19.2
+

diff --git a/app-emulation/qemu/qemu-3.1.0-r1.ebuild 
b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
new file mode 100644
index 000..1a51e555b08
--- /dev/null
+++ b/app-emulation/qemu/qemu-3.1.0-r1.ebuild
@@ -0,0 +1,810 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+FIRMWARE_ABI_VERSION="2.11.1-r50"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+   user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = ** ]]; then
+   EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+   inherit git-r3
+   SRC_URI=""
+else
+   SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz;
+   KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+
+   # Gentoo specific patchsets:
+   #SRC_URI+=" 
https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz;
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug
+   +fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux
+   kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
+   pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy
+   spice ssh static static-user systemtap tci test usb usbredir vde
+   +vhost-net virgl virtfs +vnc vte xattr xen xfs"
+
+RESTRICT=strip
+
+COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel
+   mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x
+   sh4 sh4eb sparc sparc64 x86_64 xtensa xtensaeb"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
+   lm32 moxie tricore unicore32"
+IUSE_USER_TARGETS="${COMMON_TARGETS}
+   aarch64_be armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus
+   tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' 
${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
+
+# Allow no targets to be built so that people can get a tools-only build.
+# Block USE flag configurations known to not work.
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+   qemu_softmmu_targets_arm? ( fdt )
+   qemu_softmmu_targets_microblaze? ( fdt )
+   qemu_softmmu_targets_mips64el? ( fdt )
+   qemu_softmmu_targets_ppc64? ( fdt )
+   qemu_softmmu_targets_ppc? ( fdt )
+   qemu_softmmu_targets_riscv32? ( fdt )
+   qemu_softmmu_targets_riscv64? ( fdt )
+   static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy )
+   virtfs? ( xattr )
+   vte? ( gtk )"
+
+# Dependencies required for qemu tools (qemu-nbd, 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 3c2a27222ed2d98e4e3c449615998aff01a6042f
Author: Matthias Maier  gentoo  org>
AuthorDate: Sun Aug 19 17:30:09 2018 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Sun Aug 19 17:34:26 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c2a2722

app-emulation/qemu: version bump to 2.12.1, add ssbd support

Package-Manager: Portage-2.3.47, Repoman-2.3.10

 app-emulation/qemu/Manifest|  2 ++
 .../qemu/files/qemu-2.12.0-aarch64-simd-fix.patch  | 36 --
 .../{qemu-2.12.0-r4.ebuild => qemu-2.12.1.ebuild}  |  3 +-
 3 files changed, 3 insertions(+), 38 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 14b6c5804e4..8534038d8e8 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,4 +2,6 @@ DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 
533c916b01c014bcfa6c733b76aa6da1
 DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 
6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9
 SHA512 
1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354
 DIST qemu-2.12.0-patches-r5.tar.xz 5536 BLAKE2B 
751a0fd7a6dd2433542dbfc8a1c9726fb612270b5a526e2e67729478b0f9b45689e23a70e077fb6b3b9cee115ff48d5334b16aba39efb79eff16baae3e1d349e
 SHA512 
5c735632a3ca7ae7fbd9619b01683917749c02e7cdba85564fb157ef8d382ec999c1e1577eb00d4248a26c0f0ab9cb5af6355ca7fc68bcba054ffcca1947eebc
 DIST qemu-2.12.0.tar.bz2 41196232 BLAKE2B 
f258e570558249ea647c3571908f90b8bacdcef9a1814009b98571cf0e96406194d44aa041fd0a97c9b673f39a9eaae8d873824745509778a6784cd85f8398b0
 SHA512 
91d829f44c431e4c1cd335f3efea5afff9da62d832b0296a92417463ea0826d09ce226c2ea8ac167fe7b99b6bb976c7cb1357aaf17735ee57af6602161e46346
+DIST qemu-2.12.1-patches-r1.tar.xz 3648 BLAKE2B 
07908004d0b56e60274cb59d4163770290d8fa6e31646e7d96db08427a219638ac53bdd988c9557471b95321a72982d740a29778d843652274a126737a0a6c00
 SHA512 
1c7768c14a8e168053f0322554214ba59932a9fa23c982b06dbb1b8fdcfc280ae1d97b20244600f357485bfbcb9ad8bd7968787550c8a4e5e243ac8502eff05e
+DIST qemu-2.12.1.tar.bz2 41192583 BLAKE2B 
ff903a5850e406ab542ad1a84300852599fa9c199e0f3290e4d6ddad5284192577351278a18dd5706463b08e817b49340989a35987a04672f7cede2097d1d18d
 SHA512 
4c85e6180bf7ec61c0bdddb20e104a7c93fe6b1de27f6aa50d75633eb78491cb844798a9e3f536245eff7b4ebe9a6227f5f66b418ced44095b8e59c5cb33d4cd
 DIST qemu-3.0.0.tar.bz2 41491935 BLAKE2B 
715ccca4fced730425eb5c24a78d89d2ab59f64007e0fc199d78c31c6ab72b5a0dbcf1840f214774c711d679c4166996790e93b2416c7d4f323d5b93ffa862ac
 SHA512 
b82b78a063d60fa1372d9400934b47250138c438050d974113b1b2ea433eea0531be6cda1e82d14fcb3bc4ed35657703f62d9aedc095cb8d64badc65c3609ee5

diff --git a/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch 
b/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch
deleted file mode 100644
index c8b8a02354c..000
--- a/app-emulation/qemu/files/qemu-2.12.0-aarch64-simd-fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Richard Henderson 
-To: qemu-de...@nongnu.org
-Cc: ja...@zx2c4.com,
-   qemu-sta...@nongnu.org
-Subject: [PATCH for-3.0] tcg/i386: Mark xmm registers call-clobbered
-Date: Sun, 22 Jul 2018 18:29:41 -0700
-Message-Id: <20180723012941.16920-1-richard.hender...@linaro.org>
-X-Mailer: git-send-email 2.17.1
-
-When host vector registers and operations were introduced, I failed
-to mark the registers call clobbered as required by the ABI.
-
-Fixes: 770c2fc7bb7
-Cc: qemu-sta...@nongnu.org
-Reported-by: Jason A. Donenfeld 
-Signed-off-by: Richard Henderson 

- tcg/i386/tcg-target.inc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
-index e87b0d445e..a91e4f1313 100644
 a/tcg/i386/tcg-target.inc.c
-+++ b/tcg/i386/tcg-target.inc.c
-@@ -3532,7 +3532,7 @@ static void tcg_target_init(TCGContext *s)
- tcg_target_available_regs[TCG_TYPE_V256] = ALL_VECTOR_REGS;
- }
- 
--tcg_target_call_clobber_regs = 0;
-+tcg_target_call_clobber_regs = ALL_VECTOR_REGS;
- tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EAX);
- tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_EDX);
- tcg_regset_set_reg(tcg_target_call_clobber_regs, TCG_REG_ECX);
--- 
-2.17.1
-

diff --git a/app-emulation/qemu/qemu-2.12.0-r4.ebuild 
b/app-emulation/qemu/qemu-2.12.1.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.12.0-r4.ebuild
rename to app-emulation/qemu/qemu-2.12.1.ebuild
index eaa2e490445..c48588c9d54 100644
--- a/app-emulation/qemu/qemu-2.12.0-r4.ebuild
+++ b/app-emulation/qemu/qemu-2.12.1.ebuild
@@ -22,7 +22,7 @@ else
KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 
# Gentoo specific patchsets:
-   SRC_URI+=" 
https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r5.tar.xz;
+   SRC_URI+=" 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Jason Donenfeld]

commit: c61676a2378adeebe401e204510cecd9077c4358
Author: Jason A. Donenfeld  gentoo  org>
AuthorDate: Fri Jun 15 14:09:33 2018 +
Commit: Jason Donenfeld  gentoo  org>
CommitDate: Fri Jun 15 14:10:00 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c61676a2

app-emulation/qemu: fix major TCG crash

This is a custom backport of a patch being prepared for 2.12.1.

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../qemu-2.12.0-tcg-instruction-overflow.patch | 183 +
 ...qemu-2.12.0-r2.ebuild => qemu-2.12.0-r3.ebuild} |   1 +
 2 files changed, 184 insertions(+)

diff --git 
a/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch 
b/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch
new file mode 100644
index 000..24df138a777
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.12.0-tcg-instruction-overflow.patch
@@ -0,0 +1,183 @@
+diff -ru qemu-2.12.0/tcg/aarch64/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/aarch64/tcg-target.inc.c
+--- qemu-2.12.0/tcg/aarch64/tcg-target.inc.c   2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/aarch64/tcg-target.inc.c  2018-06-15 
15:47:20.557969818 +0200
+@@ -1733,7 +1733,7 @@
+ tcg_out_insn(s, 3305, LDR, offset, TCG_REG_TMP);
+ }
+ tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
+-s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++set_jmp_reset_offset(s, a0);
+ break;
+ 
+ case INDEX_op_goto_ptr:
+diff -ru qemu-2.12.0/tcg/arm/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/arm/tcg-target.inc.c
+--- qemu-2.12.0/tcg/arm/tcg-target.inc.c   2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/arm/tcg-target.inc.c  2018-06-15 
15:47:20.557969818 +0200
+@@ -1822,7 +1822,7 @@
+ tcg_out_movi32(s, COND_AL, base, ptr - dil);
+ }
+ tcg_out_ld32_12(s, COND_AL, TCG_REG_PC, base, dil);
+-s->tb_jmp_reset_offset[args[0]] = tcg_current_code_size(s);
++set_jmp_reset_offset(s, args[0]);
+ }
+ break;
+ case INDEX_op_goto_ptr:
+diff -ru qemu-2.12.0/tcg/i386/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/i386/tcg-target.inc.c
+--- qemu-2.12.0/tcg/i386/tcg-target.inc.c  2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/i386/tcg-target.inc.c 2018-06-15 
15:47:20.558969815 +0200
+@@ -2245,7 +2245,7 @@
+ tcg_out_modrm_offset(s, OPC_GRP5, EXT5_JMPN_Ev, -1,
+  (intptr_t)(s->tb_jmp_target_addr + a0));
+ }
+-s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++set_jmp_reset_offset(s, a0);
+ break;
+ case INDEX_op_goto_ptr:
+ /* jmp to the given host address (could be epilogue) */
+diff -ru qemu-2.12.0/tcg/mips/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/mips/tcg-target.inc.c
+--- qemu-2.12.0/tcg/mips/tcg-target.inc.c  2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/mips/tcg-target.inc.c 2018-06-15 
15:47:20.558969815 +0200
+@@ -1744,7 +1744,7 @@
+ tcg_out_opc_reg(s, OPC_JR, 0, TCG_TMP0, 0);
+ }
+ tcg_out_nop(s);
+-s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++set_jmp_reset_offset(s, a0);
+ break;
+ case INDEX_op_goto_ptr:
+ /* jmp to the given host address (could be epilogue) */
+diff -ru qemu-2.12.0/tcg/ppc/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/ppc/tcg-target.inc.c
+--- qemu-2.12.0/tcg/ppc/tcg-target.inc.c   2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/ppc/tcg-target.inc.c  2018-06-15 
15:47:20.558969815 +0200
+@@ -2025,10 +2025,10 @@
+ }
+ tcg_out32(s, MTSPR | RS(TCG_REG_TB) | CTR);
+ tcg_out32(s, BCCTR | BO_ALWAYS);
+-s->tb_jmp_reset_offset[args[0]] = c = tcg_current_code_size(s);
++set_jmp_reset_offset(s, args[0]);
+ if (USE_REG_TB) {
+ /* For the unlinked case, need to reset TCG_REG_TB.  */
+-c = -c;
++c = -tcg_current_code_size(s);
+ assert(c == (int16_t)c);
+ tcg_out32(s, ADDI | TAI(TCG_REG_TB, TCG_REG_TB, c));
+ }
+diff -ru qemu-2.12.0/tcg/s390/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/s390/tcg-target.inc.c
+--- qemu-2.12.0/tcg/s390/tcg-target.inc.c  2018-04-24 18:30:47.0 
+0200
 qemu-2.12.0-modified/tcg/s390/tcg-target.inc.c 2018-06-15 
15:47:20.558969815 +0200
+@@ -1783,7 +1783,7 @@
+ /* and go there */
+ tcg_out_insn(s, RR, BCR, S390_CC_ALWAYS, TCG_REG_TB);
+ }
+-s->tb_jmp_reset_offset[a0] = tcg_current_code_size(s);
++set_jmp_reset_offset(s, a0);
+ 
+ /* For the unlinked path of goto_tb, we need to reset
+TCG_REG_TB to the beginning of this TB.  */
+diff -ru qemu-2.12.0/tcg/sparc/tcg-target.inc.c 
qemu-2.12.0-modified/tcg/sparc/tcg-target.inc.c
+--- 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 2fc1bc6c7b1f41a3a7df74ce8e170996eb7e36d9
Author: Matthias Maier  gentoo  org>
AuthorDate: Tue Mar 27 15:10:52 2018 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Tue Mar 27 15:44:04 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fc1bc6c

app-emulation/qemu: add rule to fix permissions on /dev/vfio/vfio

The device node /dev/vfio/vfio gets created on modprobing the vfio*
modules. This happens in particular on demand when a qemu vm with PCI
passthrough is started up. The default permissios for the freshly
created device node is

  crw-rw-rw-  1 root root 10, 196 Mar 27 08:44 /dev/vfio/vfio

This is terrible.

This patch adds an udev rules and makes sure that the device node has rw
permissions for user root, and group kvm (and no permissions for all).
This fixes

 - startup when a qemu-kvm is started as non-root (provided the user is
   in group kvm, which is our current policy for accessing /dev/kvm, etc.,
   anyway).

 - work around this security vulnerability, where /dev/vfio/vfio is
   created with world writable permissions upon modprobe. [1]

Thanks to username234, Kash Pande, Ted Rodgers for discovery and patch!

[1] Steps to reproduce:

% ls -la /dev/vfio/vfio
crw---  1 root root 10, 196 Mar 27 15:40 /dev/vfio/vfio

% modprobe vfio

% ls -la /dev/vfio/vfio
crw-rw-rw-  1 root root 10, 196 Mar 27 15:41 /dev/vfio/vfio

[2] I cannot find an udev rule installed by libvirt/qemu/... that
triggers these permissions.

Bug: https://bugs.gentoo.org/651668
Package-Manager: Portage-2.3.24, Repoman-2.3.6
RepoMan-Options: --force

 app-emulation/qemu/files/65-vfio.rules  | 2 ++
 app-emulation/qemu/{qemu-2.11.1-r1.ebuild => qemu-2.11.1-r2.ebuild} | 1 +
 2 files changed, 3 insertions(+)

diff --git a/app-emulation/qemu/files/65-vfio.rules 
b/app-emulation/qemu/files/65-vfio.rules
new file mode 100644
index 000..099b655683d
--- /dev/null
+++ b/app-emulation/qemu/files/65-vfio.rules
@@ -0,0 +1,2 @@
+SUBSYSTEM=="vfio", OWNER="root", GROUP="kvm"
+KERNEL=="vfio", OWNER="root", GROUP="kvm", MODE="0660"

diff --git a/app-emulation/qemu/qemu-2.11.1-r1.ebuild 
b/app-emulation/qemu/qemu-2.11.1-r2.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.11.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.11.1-r2.ebuild
index d0d85a2ac09..1eea347cd1d 100644
--- a/app-emulation/qemu/qemu-2.11.1-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r2.ebuild
@@ -679,6 +679,7 @@ src_install() {
 
if use kernel_linux; then
udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
+   udev_newrules "${FILESDIR}"/65-vfio.rules 65-vfio.rules
fi
 
if use python; then

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 46d903c2665d2910a22d78656c5f7bafdf702135
Author: Matthias Maier  gentoo  org>
AuthorDate: Sun Mar 18 19:08:44 2018 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Sun Mar 18 20:01:49 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46d903c2

app-emulation/qemu: 2.11.1: New binary blob pinning, CVE patches, maintenance

 * new binary blobs pinning
=sys-firmware/edk2-ovmf-2017_p20180211
=sys-firmware/ipxe-1.0.0_p20180211
=sys-firmware/seabios-1.11.0
=sys-firmware/sgabios-0.1_pre8-r1
=sys-firmware/vgabios-0.7a-r1
   keyword ebuild

 * fix include path for capstone, bug 647570
 * add USE=capstone support, bug 647570

 * apply patch for CVE-2018-7550

Closes: https://bugs.gentoo.org/647570
Bug: https://bugs.gentoo.org/649616
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/qemu/Manifest |  1 +
 .../qemu/files/qemu-2.11.1-capstone_include_path.patch  | 11 +++
 app-emulation/qemu/metadata.xml |  1 +
 .../qemu/{qemu-2.11.1-r50.ebuild => qemu-2.11.1-r51.ebuild} | 13 ++---
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 218a778906a..cb0bb800a22 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1,4 +1,5 @@
 DIST qemu-2.11.0-patches-r0.tar.xz 16140 BLAKE2B 
2e23908075195a7c28df574525a159e171277a2da6d7c0656a341a2db6a622237106d2dd8de5c9d61b5fb62fa5a163e9657406a2996cebc05baa53d42c5f5d15
 SHA512 
f7d92c2232398565b8cde294d38dc281c13503fb5967cc7871a2233b7fa354799619445e9ec89c285ef051f62ecef0bd38a135b0093bf5528c0b28c6e580c839
 DIST qemu-2.11.0.tar.bz2 32816398 BLAKE2B 
2014a8246f3cba9069186629d9ec8c221672fcfd3e8cd28a7e57f467add81f7bd84363183ef5cc5d18af91bde9186a4da49c0133c8ead83eae4626b9fc364e99
 SHA512 
3681700833573c0aa6283af950bfa298970056f1b44489088d8863840a7694512138321f86961ef43b256abf15eddd2612fb9cdbe3d9a358542d4e7037cc2004
 DIST qemu-2.11.1-patches-r0.tar.xz 1640 BLAKE2B 
8402a0bd086307413c3f088b7b2523adda5f370e3ce8e9ec39db905a5df495842cc2168b93b57e8516e98703ee1620e7cad77740529959a09a1d4224988829bc
 SHA512 
2906f9497e61799da8efca0dac4a19addd3bf59770c742e3ed1600143b69397bbc4eecb2c1f64aef0e103447966d47ced1ec6908f78a793b8d06f99a0aa6dc4a
+DIST qemu-2.11.1-patches-r1.tar.xz 2064 BLAKE2B 
533c916b01c014bcfa6c733b76aa6da1f12cdf5f0d4ae33136453705a8aca9fdfeef998747cfdc72d19e08fa40ea97e2fd4c21412c030af314605059282f49ef
 SHA512 
12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a
 DIST qemu-2.11.1.tar.bz2 32819412 BLAKE2B 
6b6d4e7b8dcf33aeedb0b33bad267da07ad17c2eeeb5fbd2c038d760bc03224e55ba0f03eb248c62bc0e8636c2c660ea76b367eaea96bee16388053f82c8b8a9
 SHA512 
1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354

diff --git a/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch 
b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
new file mode 100644
index 000..d79570ebb8a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.11.1-capstone_include_path.patch
@@ -0,0 +1,11 @@
+--- qemu-2.11.1/include/disas/capstone.h   2018-02-14 22:53:22.0 
+0100
 qemu-2.11.1/include/disas/capstone.h   2018-02-17 20:12:12.754703951 
+0100
+@@ -3,7 +3,7 @@
+ 
+ #ifdef CONFIG_CAPSTONE
+ 
+-#include 
++#include 
+ 
+ #else
+ 

diff --git a/app-emulation/qemu/metadata.xml b/app-emulation/qemu/metadata.xml
index 3fe0408cc40..61c159a6584 100644
--- a/app-emulation/qemu/metadata.xml
+++ b/app-emulation/qemu/metadata.xml
@@ -9,6 +9,7 @@
Adds support for braille displays 
using brltty
Enables support for Linux's Async IO
Enable alsa output for sound emulation
+   Enable disassembly support with 
dev-libs/capstone
Support ISOs / -cdrom directives vis HTTP or 
HTTPS.
Enables firmware device tree support
Enables GlusterFS cluster fileystem via

diff --git a/app-emulation/qemu/qemu-2.11.1-r50.ebuild 
b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
similarity index 98%
rename from app-emulation/qemu/qemu-2.11.1-r50.ebuild
rename to app-emulation/qemu/qemu-2.11.1-r51.ebuild
index 355bcfb72d4..ced8efcacc9 100644
--- a/app-emulation/qemu/qemu-2.11.1-r50.ebuild
+++ b/app-emulation/qemu/qemu-2.11.1-r51.ebuild
@@ -23,7 +23,7 @@ else
# KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 
# Gentoo specific patchsets:
-   SRC_URI+=" 
https://dev.gentoo.org/~chutzpah/distfiles/${P}-patches-r0.tar.xz;
+   SRC_URI+=" 
https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz;
 fi
 
 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -31,8 +31,8 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 23224f9e55bfc2ec41c8a8906a44e60791de07b5
Author: Matthias Maier  gentoo  org>
AuthorDate: Sun Nov 12 20:10:34 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Sun Nov 12 20:22:03 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23224f9e

app-emulation/qemu: Version bump to 2.10.1, various security fixes

Bug: https://bugs.gentoo.org/630432
Bug: https://bugs.gentoo.org/633822
Bug: https://bugs.gentoo.org/634070
Bug: https://bugs.gentoo.org/634148
Package-Manager: Portage-2.3.8, Repoman-2.3.4

 app-emulation/qemu/Manifest|   1 +
 .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch|  80 ---
 .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch|  54 ++
 .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch|  58 ++
 app-emulation/qemu/qemu-2.10.1.ebuild  | 796 +
 5 files changed, 909 insertions(+), 80 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 156b9a616ac..95c955ceb92 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.10.0.tar.bz2 30955656 SHA256 
7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 
ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9
 WHIRLPOOL 
58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
+DIST qemu-2.10.1.tar.bz2 30821108 SHA256 
8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 
1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f
 WHIRLPOOL 
79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b

diff --git a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch 
b/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
deleted file mode 100644
index 9d026568492..000
--- a/app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
-From: Samuel Thibault 
-Date: Fri, 25 Aug 2017 01:35:53 +0200
-Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The if_fastq and if_batchq contain not only packets, but queues of packets
-for the same socket. When sofree frees a socket, it thus has to clear ifq_so
-from all the packets from the queues, not only the first.
-
-Signed-off-by: Samuel Thibault 
-Reviewed-by: Philippe Mathieu-Daudé 
-Cc: qemu-sta...@nongnu.org
-Signed-off-by: Peter Maydell 

- slirp/socket.c | 39 +++
- 1 file changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/slirp/socket.c b/slirp/socket.c
-index ecec0295a9..cb7b5b608d 100644
 a/slirp/socket.c
-+++ b/slirp/socket.c
-@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
- }
- 
- /*
-+ * Remove references to so from the given message queue.
-+ */
-+static void
-+soqfree(struct socket *so, struct quehead *qh)
-+{
-+struct mbuf *ifq;
-+
-+for (ifq = (struct mbuf *) qh->qh_link;
-+ (struct quehead *) ifq != qh;
-+ ifq = ifq->ifq_next) {
-+if (ifq->ifq_so == so) {
-+struct mbuf *ifm;
-+ifq->ifq_so = NULL;
-+for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
-+ifm->ifq_so = NULL;
-+}
-+}
-+}
-+}
-+
-+/*
-  * remque and free a socket, clobber cache
-  */
- void
- sofree(struct socket *so)
- {
-   Slirp *slirp = so->slirp;
--  struct mbuf *ifm;
- 
--  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
--   (struct quehead *) ifm != >if_fastq;
--   ifm = ifm->ifq_next) {
--if (ifm->ifq_so == so) {
--  ifm->ifq_so = NULL;
--}
--  }
--
--  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
--   (struct quehead *) ifm != >if_batchq;
--   ifm = ifm->ifq_next) {
--if (ifm->ifq_so == so) {
--  ifm->ifq_so = NULL;
--}
--  }
-+  soqfree(so, >if_fastq);
-+  soqfree(so, >if_batchq);
- 
-   if (so->so_emu==EMU_RSH && so->extra) {
-   sofree(so->extra);
--- 
-2.13.5
-

diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch 
b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
new file mode 100644
index 000..7d08b32b027
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
@@ -0,0 +1,54 @@
+From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" 
+Date: Mon, 9 Oct 2017 14:43:42 +0100
+Subject: [PATCH] io: monitor encoutput buffer size from websocket 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: e67f10960bca69fdede54d77eb54c4ab72b98d08
Author: Matthias Maier  gentoo  org>
AuthorDate: Wed Jul 26 17:10:46 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Wed Jul 26 17:14:53 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67f1096

app-emulation/qemu: security fixes

  CVE-2017-11334, bug #621292
  CVE-2017-11434, bug #625614
  CVE-2017-9503, bug #621184
  CVE-2017-9524, bug #621292

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch |  40 ++
 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch |  29 +
 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch  | 272 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch| 122 
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch| 114 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch|  80 +++
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch| 197 +
 app-emulation/qemu/qemu-2.9.0-r55.ebuild   | 792 +
 8 files changed, 1646 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
new file mode 100644
index 000..bfe4c7d89f2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
@@ -0,0 +1,40 @@
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest 
+From: Prasad J Pandit 
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex 
+Signed-off-by: Prasad J Pandit 
+Message-Id: 
+Signed-off-by: Paolo Bonzini 
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff8..ad103ce 100644
+--- a/exec.c
 b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult 
address_space_write_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+-ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ptr = qemu_ram_ptr_length(mr->ram_block, addr1, );
+ memcpy(ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace 
*as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+-ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ptr = qemu_ram_ptr_length(mr->ram_block, addr1, );
+ memcpy(buf, ptr, l);
+ }
+ 
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
new file mode 100644
index 000..5d32067c7a0
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
@@ -0,0 +1,29 @@
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
+From: Prasad J Pandit 
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert 
+Signed-off-by: Prasad J Pandit 
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c..5dd1a41 100644
+--- a/slirp/bootp.c
 b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int 
*pmsg_type,
+ if (p >= p_end)
+ break;
+ len = *p++;
++if (p + len > p_end) {
++break;
++}
+ DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+ switch(tag) {
+-- 
+2.9.4

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
new file mode 100644
index 000..0b5987c6623
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
@@ -0,0 +1,272 @@
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy 
+Date: Fri, 2 Jun 2017 18:01:41 +0300
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
+
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
+setting any handlers. But starting from ff82911cd nbd_rwv (was
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
+let's just use nbd_{read,write,drop} 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: d032d5cc904b8793b96b3545750b0b8583154caa
Author: Matthias Maier  gentoo  org>
AuthorDate: Thu May 18 04:12:17 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Thu May 18 04:20:13 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d032d5cc

app-emulation/qemu: rename patches

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 .../{qemu-2.9.0-bug616870.patch => qemu-2.9.0-CVE-2017-8309.patch}  | 0
 .../{qemu-2.9.0-bug616872.patch => qemu-2.9.0-CVE-2017-8379.patch}  | 0
 .../{qemu-2.9.0-bug616874.patch => qemu-2.9.0-CVE-2017-8380.patch}  | 0
 app-emulation/qemu/qemu-2.9.0-r2.ebuild | 6 +++---
 app-emulation/qemu/qemu-2.9.0-r54.ebuild| 6 +++---
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616870.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616870.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616872.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616872.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch

diff --git a/app-emulation/qemu/files/qemu-2.9.0-bug616874.patch 
b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
similarity index 100%
rename from app-emulation/qemu/files/qemu-2.9.0-bug616874.patch
rename to app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch

diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild 
b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
index 6289ced538e..71de8e79100 100644
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
@@ -191,9 +191,9 @@ RDEPEND="${CDEPEND}
 PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-   "${FILESDIR}"/${PN}-2.9.0-bug616870.patch # bug 616870
-   "${FILESDIR}"/${PN}-2.9.0-bug616872.patch # bug 616872
-   "${FILESDIR}"/${PN}-2.9.0-bug616874.patch # bug 616874
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )

diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild 
b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
index 0d8029910fc..69908a33c9a 100644
--- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r54.ebuild
@@ -194,9 +194,9 @@ RDEPEND="${CDEPEND}
 PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-   "${FILESDIR}"/${PN}-2.9.0-bug616870.patch # bug 616870
-   "${FILESDIR}"/${PN}-2.9.0-bug616872.patch # bug 616872
-   "${FILESDIR}"/${PN}-2.9.0-bug616874.patch # bug 616874
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+   "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
 )

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 51d94aaeff0e35fa68711f5623c5e6f68be2fac8
Author: Matthias Maier  gentoo  org>
AuthorDate: Tue Apr 25 13:32:43 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Tue Apr 25 13:51:31 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51d94aae

app-emulation/qemu: security fixes

CVE-2017-7471, bug #616484

CVE-2017-7718, bug #616482
  already applied on stable-2.8 as 3328c14e63f08fb07e8c6dec779c9d365e9e9864

CVE-2017-7980, bug #616462
  already applied on stable-2.8 as a290442234fa214fcb7f45fc91d802bcb8d05c4b
   031700e4527b9e05798f7040dccdf638da27aee2

CVE-2017-8086, bug #616460

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 .../qemu/files/qemu-2.8.1-CVE-2017-7471.patch  | 64 ++
 .../qemu/files/qemu-2.8.1-CVE-2017-8086.patch  | 28 ++
 .../{qemu-2.8.1-r1.ebuild => qemu-2.8.1-r2.ebuild} |  2 +
 3 files changed, 94 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch 
b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
new file mode 100644
index 000..c5366f5758e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
@@ -0,0 +1,64 @@
+From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
+From: Greg Kurz 
+Date: Mon, 17 Apr 2017 10:53:23 +0200
+Subject: [PATCH] 9pfs: local: set the path of the export root to "."
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The local backend was recently converted to using "at*()" syscalls in order
+to ensure all accesses happen below the shared directory. This requires that
+we only pass relative paths, otherwise the dirfd argument to the "at*()"
+syscalls is ignored and the path is treated as an absolute path in the host.
+This is actually the case for paths in all fids, with the notable exception
+of the root fid, whose path is "/". This causes the following backend ops to
+act on the "/" directory of the host instead of the virtfs shared directory
+when the export root is involved:
+- lstat
+- chmod
+- chown
+- utimensat
+
+ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
+host for example. This could cause security issues with a privileged QEMU.
+
+All "*at()" syscalls are being passed an open file descriptor. In the case
+of the export root, this file descriptor points to the path in the host that
+was passed to -fsdev.
+
+The fix is thus as simple as changing the path of the export root fid to be
+"." instead of "/".
+
+This is CVE-2017-7471.
+
+Cc: qemu-sta...@nongnu.org
+Reported-by: Léo Gaspard 
+Signed-off-by: Greg Kurz 
+Reviewed-by: Eric Blake 
+Signed-off-by: Peter Maydell 
+---
+ hw/9pfs/9p-local.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index 45e9a1f..f3ebca4 100644
+--- a/hw/9pfs/9p-local.c
 b/hw/9pfs/9p-local.c
+@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath 
*dir_path,
+ {
+ if (dir_path) {
+ v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+-} else {
++} else if (strcmp(name, "/")) {
+ v9fs_path_sprintf(target, "%s", name);
++} else {
++/* We want the path of the export root to be relative, otherwise
++ * "*at()" syscalls would treat it as "/" in the host.
++ */
++v9fs_path_sprintf(target, "%s", ".");
+ }
+ return 0;
+ }
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch 
b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
new file mode 100644
index 000..eac72f3dcb5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
@@ -0,0 +1,28 @@
+From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Fri, 7 Apr 2017 03:48:52 -0700
+Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
+
+Free 'orig_value' in error path.
+
+Signed-off-by: Li Qiang 
+Signed-off-by: Greg Kurz 
+---
+ hw/9pfs/9p-xattr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
+index eec160b..d05c1a1 100644
+--- a/hw/9pfs/9p-xattr.c
 b/hw/9pfs/9p-xattr.c
+@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
+ g_free(name);
+ close_preserve_errno(dirfd);
+ if (xattr_len < 0) {
++g_free(orig_value);
+ return -1;
+ }
+ 
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.1-r1.ebuild 
b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.8.1-r1.ebuild
rename to app-emulation/qemu/qemu-2.8.1-r2.ebuild
index 62dcf576139..2e9ad1977aa 100644
--- a/app-emulation/qemu/qemu-2.8.1-r1.ebuild
+++ 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: b054426687f5eccea1873b53afed11100ca1eb8d
Author: Matthias Maier  gentoo  org>
AuthorDate: Mon Mar 27 03:18:22 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Mon Mar 27 03:40:37 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0544266

app-emulation/qemu: security patches, bug #612220

  CVE-2017-6505, bug #612220

Package-Manager: Portage-2.3.3, Repoman-2.3.2

 .../qemu/files/qemu-2.8.0-CVE-2017-6505.patch  | 52 ++
 .../{qemu-2.8.0-r7.ebuild => qemu-2.8.0-r8.ebuild} |  1 +
 2 files changed, 53 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch 
b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
new file mode 100644
index 000..a15aa96bd56
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
@@ -0,0 +1,52 @@
+From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Tue, 7 Feb 2017 02:23:33 -0800
+Subject: [PATCH] usb: ohci: limit the number of link eds
+
+The guest may builds an infinite loop with link eds. This patch
+limit the number of linked ed to avoid this.
+
+Signed-off-by: Li Qiang 
+Message-id: 5899a02e.45ca240a.6c373.9...@mx.google.com
+Signed-off-by: Gerd Hoffmann 
+---
+ hw/usb/hcd-ohci.c | 9 -
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
+index 2cba3e3..21c93e0 100644
+--- a/hw/usb/hcd-ohci.c
 b/hw/usb/hcd-ohci.c
+@@ -42,6 +42,8 @@
+ 
+ #define OHCI_MAX_PORTS 15
+ 
++#define ED_LINK_LIMIT 4
++
+ static int64_t usb_frame_time;
+ static int64_t usb_bit_time;
+ 
+@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, 
uint32_t head, int completion)
+ uint32_t next_ed;
+ uint32_t cur;
+ int active;
+-
++uint32_t link_cnt = 0;
+ active = 0;
+ 
+ if (head == 0)
+@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, 
uint32_t head, int completion)
+ 
+ next_ed = ed.next & OHCI_DPTR_MASK;
+ 
++if (++link_cnt > ED_LINK_LIMIT) {
++ohci_die(ohci);
++return 0;
++}
++
+ if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
+ uint32_t addr;
+ /* Cancel pending packets for ED that have been paused.  */
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/qemu-2.8.0-r7.ebuild 
b/app-emulation/qemu/qemu-2.8.0-r8.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.8.0-r7.ebuild
rename to app-emulation/qemu/qemu-2.8.0-r8.ebuild
index 2088438d8e5..8df1a91630a 100644
--- a/app-emulation/qemu/qemu-2.8.0-r7.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r8.ebuild
@@ -206,6 +206,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch   #609398
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch   #609638
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch   #609206
+   "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch   #612220
 )
 
 STRIP_MASK="/usr/share/qemu/palcode-clipper"

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb
Author: Matthias Maier  gentoo  org>
AuthorDate: Mon Feb 13 04:50:18 2017 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Mon Feb 13 04:50:18 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69f166f7

app-emulation/qemu: fix various security issues, bug #608728 and others

This commit applies upstream patches to 2.8.0 for the following CVEs

  CVE-2016-10155 #606720
  CVE-2017-2615  #608034
  CVE-2017-5525  #606264
  CVE-2017-5552  #606722
  CVE-2017-5578  #607000
  CVE-2017-5579  #607100
  CVE-2017-5667  #607766
  CVE-2017-5856  #608036
  CVE-2017-5857  #608038
  CVE-2017-5898  #608520
  CVE-2017-5931  #608728

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch |  46 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch  |  48 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch|  52 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch|  55 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch  |  41 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch  |  35 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch  |  40 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch  |  37 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch  |  64 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch  |  38 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch  |  35 ++
 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch  |  46 ++
 app-emulation/qemu/qemu-2.8.0-r1.ebuild| 691 +
 13 files changed, 1228 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch 
b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
new file mode 100644
index 00..c486295d06
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
@@ -0,0 +1,46 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+Signed-off-by: Li Qiang 
+Message-Id: <583cde9c.3223ed0a.7f0c2.8...@mx.google.com>
+Signed-off-by: Paolo Bonzini 
+---
+ hw/watchdog/wdt_i6300esb.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
 b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+ /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++timer_del(d->timer);
++timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+ .wdt_name = "i6300esb",
+ .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void 
*data)
+ k->config_read = i6300esb_config_read;
+ k->config_write = i6300esb_config_write;
+ k->realize = i6300esb_realize;
++k->exit = i6300esb_exit;
+ k->vendor_id = PCI_VENDOR_ID_INTEL;
+ k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+ k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+2.10.2
+

diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch 
b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
new file mode 100644
index 00..f0bba80165
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
@@ -0,0 +1,48 @@
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang 
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+  address, so check it as-is against vram size ]
+
+Cc: qemu-sta...@nongnu.org
+Cc: P J P 
+Cc: Laszlo Ersek 
+Cc: Paolo Bonzini 
+Cc: Wolfgang Bumiller 
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann 
+Message-id: 1485938101-26602-1-git-send-email-kra...@redhat.com
+Reviewed-by: Laszlo Ersek 
+---
+ hw/display/cirrus_vga.c | 7 +++
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409..16f27e8 100644
+--- a/hw/display/cirrus_vga.c
 b/hw/display/cirrus_vga.c

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: cccbca44a3b25022fd715ea6112adffbb7293483
Author: Mike Frysinger  gentoo  org>
AuthorDate: Thu Dec 29 18:19:47 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Thu Dec 29 18:47:13 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cccbca44

app-emulation/qemu: version bump to 2.7.1

Update the 7422 patch to match the version upstream merged.
Update the 8669-1 patch to include upstream references since it is
still not merged/fixed.

 app-emulation/qemu/Manifest|   1 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7422.patch  |  47 +-
 .../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch|   3 +
 app-emulation/qemu/qemu-2.7.1.ebuild   | 699 +
 4 files changed, 726 insertions(+), 24 deletions(-)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 5e3e9b5..5d40bbd 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.7.0.tar.bz2 26867760 SHA256 
326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 
654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db
 WHIRLPOOL 
dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
+DIST qemu-2.7.1.tar.bz2 26868403 SHA256 
68636788eb69bcb0b44ba220b32b50495d6bd5712a934c282217831c4822958f SHA512 
16a83946e9064733254c82c961749bf9c56a0a2a8ee46145b4a78e1452ac0e2548d888963d18c80e28f65202890fd643b0011951b5b1c66ef16234767ed91898
 WHIRLPOOL 
ae3d3c2b2a3700613733659847de6187755631cb09e8c3548ea30cd994357c9ff128646edce88dfe4dce53e6c1c0f37f8de3688ee7e22262033b40f3fc706efa

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
index 6368e7f..cc60581 100644
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7422.patch
@@ -1,38 +1,37 @@
-From: Prasad J Pandit 
+From 973e7170dddefb491a48df5cba33b2ae151013a0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Mon, 19 Sep 2016 23:55:45 +0530
+Subject: [PATCH] virtio: add check for descriptor's mapped address
 
 virtio back end uses set of buffers to facilitate I/O operations.
 If its size is too large, 'cpu_physical_memory_map' could return
-a null address. This would result in a null dereference
-while un-mapping descriptors. Add check to avoid it.
+a null address. This would result in a null dereference while
+un-mapping descriptors. Add check to avoid it.
 
-Reported-by: Qinghao Tang 
-Signed-off-by: Prasad J Pandit 
+Reported-by: Qinghao Tang 
+Signed-off-by: Prasad J Pandit 
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+Reviewed-by: Laszlo Ersek 
 ---
- hw/virtio/virtio.c | 10 ++
- 1 file changed, 6 insertions(+), 4 deletions(-)
+ hw/virtio/virtio.c | 5 +
+ 1 file changed, 5 insertions(+)
 
 diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index 15ee3a7..0a4c5b6 100644
+index fcf3358d6c0d..bb656b1ccff0 100644
 --- a/hw/virtio/virtio.c
 +++ b/hw/virtio/virtio.c
-@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
+@@ -495,6 +495,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
  }
  
  iov[num_sg].iov_base = cpu_physical_memory_map(pa, , is_write);
--iov[num_sg].iov_len = len;
--addr[num_sg] = pa;
-+if (iov[num_sg].iov_base) {
-+iov[num_sg].iov_len = len;
-+addr[num_sg] = pa;
- 
-+pa += len;
-+num_sg++;
++if (!iov[num_sg].iov_base) {
++error_report("virtio: bogus descriptor or out of resources");
++exit(1);
 +}
- sz -= len;
--pa += len;
--num_sg++;
- }
- *p_num_sg = num_sg;
- }
++
+ iov[num_sg].iov_len = len;
+ addr[num_sg] = pa;
+ 
 -- 
-2.5.5
+2.11.0

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
index 457f022..cea8efc 100644
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
@@ -1,3 +1,6 @@
+http://bugs.gentoo.org/597108
+https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
+
 From: Prasad J Pandit 
 
 The JAZZ RC4030 chipset emulator has a periodic timer and

diff --git a/app-emulation/qemu/qemu-2.7.1.ebuild 
b/app-emulation/qemu/qemu-2.7.1.ebuild
new file mode 100644
index ..12eea6f
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.1.ebuild
@@ -0,0 +1,699 @@
+# Copyright 1999-2016 Gentoo 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: cad0a6324b5d4a5954893dfd29b5b97ee7a361d3
Author: Matthias Maier  gentoo  org>
AuthorDate: Sat Nov 12 17:26:09 2016 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Sat Nov 12 17:28:38 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cad0a632

app-emulation/qemu: security fixes, bug #598772

CVE-2016-9102, bug #598328
CVE-2016-9103, bug #598328
CVE-2016-9104, bug #598328
CVE-2016-9105, bug #598328
CVE-2016-9106, bug #598772

Package-Manager: portage-2.3.0

 .../qemu/files/qemu-2.7.0-CVE-2016-9102.patch  |  21 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9103.patch  |  27 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9104.patch  |  92 +++
 .../qemu/files/qemu-2.7.0-CVE-2016-9105.patch  |  25 +
 .../qemu/files/qemu-2.7.0-CVE-2016-9106.patch  |  27 +
 app-emulation/qemu/qemu-2.7.0-r6.ebuild| 708 +
 6 files changed, 900 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
new file mode 100644
index ..963eca9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9102.patch
@@ -0,0 +1,21 @@
+From: Li Qiang 
+
+The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
+situation that this field has been allocated previously. Every time, it
+will be allocated directly. This leads a host memory leak issue. This
+patch fix this.
+
+-- 
+1.8.3.1
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 75ba5f1..a4c7109 100644
+--- a/hw/9pfs/9p.c
 b/hw/9pfs/9p.c
+@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
+ xattr_fidp->fs.xattr.flags = flags;
+ v9fs_string_init(_fidp->fs.xattr.name);
+ v9fs_string_copy(_fidp->fs.xattr.name, );
++g_free(xattr_fidp->fs.xattr.value);
+ xattr_fidp->fs.xattr.value = g_malloc(size);
+ err = offset;
+ put_fid(pdu, file_fidp);

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
new file mode 100644
index ..7520863
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch
@@ -0,0 +1,27 @@
+Author: Li Qiang 
+Date:   Mon Oct 17 14:13:58 2016 +0200
+
+9pfs: fix information leak in xattr read
+
+9pfs uses g_malloc() to allocate the xattr memory space, if the guest
+reads this memory before writing to it, this will leak host heap memory
+to the guest. This patch avoid this.
+
+Signed-off-by: Li Qiang 
+Reviewed-by: Greg Kurz 
+Signed-off-by: Greg Kurz 
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 26aa7d5..bf23b01 100644
+--- a/hw/9pfs/9p.c
 b/hw/9pfs/9p.c
+@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
+ xattr_fidp->fs.xattr.flags = flags;
+ v9fs_string_init(_fidp->fs.xattr.name);
+ v9fs_string_copy(_fidp->fs.xattr.name, );
+ g_free(xattr_fidp->fs.xattr.value);
+-xattr_fidp->fs.xattr.value = g_malloc(size);
++xattr_fidp->fs.xattr.value = g_malloc0(size);
+ err = offset;
+ put_fid(pdu, file_fidp);
+ out_nofid:

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
new file mode 100644
index ..f1aec55
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9104.patch
@@ -0,0 +1,92 @@
+From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Tue, 1 Nov 2016 12:00:40 +0100
+Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
+originated offset: they must ensure this offset does not go beyond
+the size of the extended attribute that was set in v9fs_xattrcreate().
+Unfortunately, the current code implement these checks with unsafe
+calculations on 32 and 64 bit values, which may allow a malicious
+guest to cause OOB access anyway.
+
+Fix this by comparing the offset and the xattr size, which are
+both uint64_t, before trying to compute the effective number of bytes
+to read or write.
+
+Suggested-by: Greg Kurz 
+Signed-off-by: Li Qiang 
+Reviewed-by: Greg Kurz 
+Reviewed-By: Guido Günther 
+Signed-off-by: Greg Kurz 
+---
+ hw/9pfs/9p.c | 32 
+ 1 file changed, 12 insertions(+), 20 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index ab18ef2..7705ead 100644
+--- a/hw/9pfs/9p.c
 b/hw/9pfs/9p.c
+@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, 
V9fsFidState *fidp,
+ {
+ ssize_t err;
+ size_t offset = 7;
+-int read_count;
+-int64_t xattr_len;
++

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: 153ded7835ad0fbd8ec8a7552f90c973d1c2dd28
Author: Matthias Maier  gentoo  org>
AuthorDate: Tue Sep 27 02:01:29 2016 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Tue Sep 27 02:01:29 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=153ded78

app-emulation/qemu: security fixes, bug #594520, bug #594368

  CVE-2016-7466.patch # bug 594520
  CVE-2016-7423.patch # bug 594368

Package-Manager: portage-2.3.0

 .../qemu/files/qemu-2.7.0-CVE-2016-7423.patch  |  31 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7466.patch  |  26 +
 app-emulation/qemu/qemu-2.7.0-r4.ebuild| 689 +
 3 files changed, 746 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
new file mode 100644
index ..fdd871b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7423.patch
@@ -0,0 +1,31 @@
+From: Li Qiang 
+
+When processing IO request in mptsas, it uses g_new to allocate
+a 'req' object. If an error occurs before 'req->sreq' is
+allocated, It could lead to an OOB write in mptsas_free_request
+function. Use g_new0 to avoid it.
+
+Reported-by: Li Qiang 
+Signed-off-by: Prasad J Pandit 
+Message-Id: 
+Cc: address@hidden
+Signed-off-by: Paolo Bonzini 
+---
+ hw/scsi/mptsas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
+index 0e0a22f..eaae1bb 100644
+--- a/hw/scsi/mptsas.c
 b/hw/scsi/mptsas.c
+@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
+ goto bad;
+ }
+ 
+-req = g_new(MPTSASRequest, 1);
++req = g_new0(MPTSASRequest, 1);
+ QTAILQ_INSERT_TAIL(>pending, req, next);
+ req->scsi_io = *scsi_io;
+ req->dev = s;
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
new file mode 100644
index ..d5028bb
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7466.patch
@@ -0,0 +1,26 @@
+From: Li Qiang 
+
+If the xhci uses msix, it doesn't free the corresponding
+memory, thus leading a memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang 
+---
+ hw/usb/hcd-xhci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 188f954..281a2a5 100644
+--- a/hw/usb/hcd-xhci.c
 b/hw/usb/hcd-xhci.c
+@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
+ /* destroy msix memory region */
+ if (dev->msix_table && dev->msix_pba
+ && dev->msix_entry_used) {
+-memory_region_del_subregion(>mem, >msix_table_mmio);
+-memory_region_del_subregion(>mem, >msix_pba_mmio);
++msix_uninit(dev, >mem, >mem);
+ }
+ 
+ usb_bus_release(>bus);
+-- 
+1.8.3.1

diff --git a/app-emulation/qemu/qemu-2.7.0-r4.ebuild 
b/app-emulation/qemu/qemu-2.7.0-r4.ebuild
new file mode 100644
index ..66a65ec
--- /dev/null
+++ b/app-emulation/qemu/qemu-2.7.0-r4.ebuild
@@ -0,0 +1,689 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="ncurses,readline"
+
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
+
+inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
+   user udev fcaps readme.gentoo-r1 pax-utils l10n
+
+if [[ ${PV} = ** ]]; then
+   EGIT_REPO_URI="git://git.qemu.org/qemu.git"
+   inherit git-2
+   SRC_URI=""
+else
+   SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2;
+   KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+fi
+
+DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
+HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org;
+
+LICENSE="GPL-2 LGPL-2 BSD-2"
+SLOT="0"
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs 
\
+gnutls gtk gtk2 infiniband iscsi +jpeg \
+kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
++png pulseaudio python \
+rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static 
static-softmmu
+static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
+virgl virtfs +vnc vte xattr xen xfs"
+
+COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
+mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
+x86_64"
+IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa 
xtensaeb"
+IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 
ppc64le sparc32plus tilegx"
+
+use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' 
${IUSE_SOFTMMU_TARGETS})
+use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
+IUSE+=" 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: b28fcd11405545eb2e4973f96823337531eebb08
Author: Matthias Maier  gentoo  org>
AuthorDate: Fri Sep  9 05:10:05 2016 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Fri Sep  9 05:10:38 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b28fcd11

app-emulation/qemu: fix static-user dep, security patches, bug #593038

This commit resolves

  bug #591202
  bug #593024
  bug #593034 CVE-2016-7155
  bug #593036 CVE-2016-7156
  bug #593038 CVE-2016-7157

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.7.0-CVE-2016-7155.patch  |  81 +++
 .../qemu/files/qemu-2.7.0-CVE-2016-7156.patch  |  62 ++
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-1.patch|  28 +
 .../qemu/files/qemu-2.7.0-CVE-2016-7157-2.patch|  27 +
 app-emulation/qemu/qemu-2.7.0-r1.ebuild| 684 +
 5 files changed, 882 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
new file mode 100644
index ..495faf2
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7155.patch
@@ -0,0 +1,81 @@
+From: Prasad J Pandit 
+
+Vmware Paravirtual SCSI emulation uses command descriptors to
+process SCSI commands. These descriptors come with their ring
+buffers. A guest could set the page count for these rings to
+an arbitrary value, leading to infinite loop or OOB access.
+Add check to avoid it.
+
+Reported-by: Tom Victor 
+Reported-by: Li Qiang 
+Signed-off-by: Prasad J Pandit 
+---
+ hw/scsi/vmw_pvscsi.c | 21 ++---
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+Update per review
+  -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 5116f4a..4245c15 100644
+--- a/hw/scsi/vmw_pvscsi.c
 b/hw/scsi/vmw_pvscsi.c
+@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
+ return log;
+ }
+ 
+-static int
++static void
+ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
+ {
+ int i;
+@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, 
PVSCSICmdDescSetupRings *ri)
+ uint32_t req_ring_size, cmp_ring_size;
+ m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
+ 
+-if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
+-|| (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
+-return -1;
+-}
+ req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
+ cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
+ txr_len_log2 = pvscsi_log2(req_ring_size - 1);
+@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, 
PVSCSICmdDescSetupRings *ri)
+ 
+ /* Flush ring state page changes */
+ smp_wmb();
+-
+-return 0;
+ }
+ 
+ static int
+@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings 
*rc)
+ 
+ trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
+ for (i = 0; i < rc->cmpRingNumPages; i++) {
+-trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
++trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
+ }
+ }
+ 
+@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
+ 
+ trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
+ 
++if (!rc->reqRingNumPages
++|| rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
++|| !rc->cmpRingNumPages
++|| rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
++return PVSCSI_COMMAND_PROCESSING_FAILED;
++}
++
+ pvscsi_dbg_dump_tx_rings_config(rc);
+-if (pvscsi_ring_init_data(>rings, rc) < 0) {
+-return PVSCSI_COMMAND_PROCESSING_FAILED;
+-}
++pvscsi_ring_init_data(>rings, rc);
+ 
+ s->rings_info_valid = TRUE;
+ return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
+-- 
+2.5.5

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
new file mode 100644
index ..9c21a67
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7156.patch
@@ -0,0 +1,62 @@
+From: Prasad J Pandit 
+
+In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
+long time or go into an infinite loop due to two different bugs:
+
+1) the request descriptor data length is defined to be 64 bit. While
+building SG list from a request descriptor, it gets truncated to 32bit
+in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
+situation for large 'dataLen' values, when data_length is cast to uint32_t
+and chunk_size becomes always zero.  Fix this by removing the incorrect
+cast.
+
+2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
+element has a zero length.  Get out of the loop early when this happens,
+by introducing an upper limit on the number 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: fd20fa64ab7026533a5e4c554697cc4bcab9e7ef
Author: Matthias Maier  gentoo  org>
AuthorDate: Mon Sep  5 16:42:22 2016 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Mon Sep  5 16:45:42 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd20fa64

app-emulation/qemu: drop vulnerable 2.5.1, bug #592430, and 19 others

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.5.0-CVE-2015-8558.patch  |  50 --
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch  |  46 --
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch |  98 ---
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch | 135 
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch | 155 -
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch | 179 --
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch  | 107 
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch  |  16 -
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 --
 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  |  82 ---
 app-emulation/qemu/qemu-2.5.1.ebuild   | 693 -
 11 files changed, 1608 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch 
b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
deleted file mode 100644
index fbc6a0a..
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8558.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://bugs.gentoo.org/568246
-
-From 156a2e4dbffa85997636a7a39ef12da6f1b40254 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann 
-Date: Mon, 14 Dec 2015 09:21:23 +0100
-Subject: [PATCH] ehci: make idt processing more robust
-
-Make ehci_process_itd return an error in case we didn't do any actual
-iso transfer because we've found no active transaction.  That'll avoid
-ehci happily run in circles forever if the guest builds a loop out of
-idts.
-
-This is CVE-2015-8558.
-
-Cc: qemu-sta...@nongnu.org
-Reported-by: Qinghao Tang 
-Tested-by: P J P 
-Signed-off-by: Gerd Hoffmann 

- hw/usb/hcd-ehci.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 4e2161b..d07f228 100644
 a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
- {
- USBDevice *dev;
- USBEndpoint *ep;
--uint32_t i, len, pid, dir, devaddr, endp;
-+uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
- uint32_t pg, off, ptr1, ptr2, max, mult;
- 
- ehci->periodic_sched_active = PERIODIC_ACTIVE;
-@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
- ehci_raise_irq(ehci, USBSTS_INT);
- }
- itd->transact[i] &= ~ITD_XACT_ACTIVE;
-+xfers++;
- }
- }
--return 0;
-+return xfers ? 0 : -1;
- }
- 
- 
--- 
-2.6.2
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch 
b/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
deleted file mode 100644
index d179c33..
--- a/app-emulation/qemu/files/qemu-2.5.0-CVE-2016-2198.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From dff0367cf66f489aa772320fa2937a8cac1ca30d Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit 
-Date: Fri, 29 Jan 2016 18:30:34 +0530
-Subject: [PATCH] usb: ehci: add capability mmio write function
-
-USB Ehci emulation supports host controller capability registers.
-But its mmio '.write' function was missing, which lead to a null
-pointer dereference issue. Add a do nothing 'ehci_caps_write'
-definition to avoid it; Do nothing because capability registers
-are Read Only(RO).
-
-Reported-by: Zuozhi Fzz 
-Signed-off-by: Prasad J Pandit 
-Message-id: 1454072434-16045-1-git-send-email-ppan...@redhat.com
-Signed-off-by: Gerd Hoffmann 

- hw/usb/hcd-ehci.c | 6 ++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 1b50601..0f95d0d 100644
 a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -895,6 +895,11 @@ static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
- return s->caps[addr];
- }
- 
-+static void ehci_caps_write(void *ptr, hwaddr addr,
-+ uint64_t val, unsigned size)
-+{
-+}
-+
- static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
- unsigned size)
- {
-@@ -2315,6 +2320,7 @@ static void ehci_frame_timer(void *opaque)
- 
- static const MemoryRegionOps ehci_mmio_caps_ops = {
- .read = ehci_caps_read,
-+.write = ehci_caps_write,
- .valid.min_access_size = 1,
- .valid.max_access_size = 4,
- .impl.min_access_size = 1,
--- 
-2.7.4
-

diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch 
b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-0.patch
deleted file mode 100644
index 684f6ad..
--- 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Matthias Maier]

commit: ceb67390ecbe843f184b5bde6428cb9e2f3dcd81
Author: Matthias Maier  gentoo  org>
AuthorDate: Mon Sep  5 05:18:46 2016 +
Commit: Matthias Maier  gentoo  org>
CommitDate: Mon Sep  5 05:30:00 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceb67390

app-emulation/qemu: apply patch for CVE-2016-6836, bug #591242

Package-Manager: portage-2.2.28

 .../qemu/files/qemu-2.7.0-CVE-2016-6836.patch  | 27 ++
 app-emulation/qemu/qemu-2.7.0.ebuild   |  1 +
 2 files changed, 28 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch 
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
new file mode 100644
index ..56f7435
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
@@ -0,0 +1,27 @@
+From: Li Qiang 
+
+In Vmxnet3 device emulator while processing transmit(tx) queue,
+when it reaches end of packet, it calls vmxnet3_complete_packet.
+In that local 'txcq_descr' object is not initialised, which could
+leak host memory bytes a guest.
+
+Reported-by: Li Qiang 
+Signed-off-by: Prasad J Pandit 
+---
+ hw/net/vmxnet3.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index 90f6943..92f6af9 100644
+--- a/hw/net/vmxnet3.c
 b/hw/net/vmxnet3.c
+@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int 
qidx, uint32_t tx_ridx)
+ 
+ VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, >txq_descr[qidx].comp_ring);
+ 
++memset(_descr, 0, sizeof(txcq_descr));
+ txcq_descr.txdIdx = tx_ridx;
+ txcq_descr.gen = vmxnet3_ring_curr_gen(>txq_descr[qidx].comp_ring);
+ 
+-- 
+2.5.5

diff --git a/app-emulation/qemu/qemu-2.7.0.ebuild 
b/app-emulation/qemu/qemu-2.7.0.ebuild
index 6f65fc9..a3aefc2 100644
--- a/app-emulation/qemu/qemu-2.7.0.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0.ebuild
@@ -333,6 +333,7 @@ src_prepare() {
 
epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+   epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Luca Barbato]

commit: ccc9ac6f494435c750ec71d67d09d41739e54c35
Author: Luca Barbato  gentoo  org>
AuthorDate: Sun Aug  7 14:01:31 2016 +
Commit: Luca Barbato  gentoo  org>
CommitDate: Sun Aug  7 14:01:31 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccc9ac6f

app-emulation/qemu: Drop a -Werror when it could cause a false positive

The check code could trigger recent compiler warnings.

Package-Manager: portage-2.2.26

 app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch | 11 +++
 app-emulation/qemu/qemu-2.6.0.ebuild  |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch 
b/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
new file mode 100644
index 000..5fd678c
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.6.0-glib-size_t.patch
@@ -0,0 +1,11 @@
+--- a/configure2016-08-07 15:50:20.386687733 +0200
 b/configure2016-08-07 15:53:55.489691690 +0200
+@@ -2967,7 +2967,7 @@
+ }
+ EOF
+
+-if ! compile_prog "-Werror $CFLAGS" "$LIBS" ; then
++if ! compile_prog "$CFLAGS" "$LIBS" ; then
+ error_exit "sizeof(size_t) doesn't match GLIB_SIZEOF_SIZE_T."\
+"You probably need to set PKG_CONFIG_LIBDIR"\
+  "to point to the right pkg-config files for your"\

diff --git a/app-emulation/qemu/qemu-2.6.0.ebuild 
b/app-emulation/qemu/qemu-2.6.0.ebuild
index 8f9ff83..e45a5d1 100644
--- a/app-emulation/qemu/qemu-2.6.0.ebuild
+++ b/app-emulation/qemu/qemu-2.6.0.ebuild
@@ -334,7 +334,7 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
-
+   epatch "${FILESDIR}"/${PN}-2.6.0-glib-size_t.patch
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: cb48eca5e347d3b916edb77078f1d2bd39716d66
Author: Mike Frysinger  gentoo  org>
AuthorDate: Tue Jun  7 02:58:50 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Tue Jun  7 02:59:12 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb48eca5

app-emulation/qemu: fix static linking errors w/curl[ssl,curl_ssl_openssl]

 .../qemu/files/qemu-2.6.0-crypto-static.patch  | 60 ++
 app-emulation/qemu/qemu-2.6.0.ebuild   |  3 +-
 app-emulation/qemu/qemu-.ebuild|  4 +-
 3 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch 
b/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
new file mode 100644
index 000..4856373
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.6.0-crypto-static.patch
@@ -0,0 +1,60 @@
+https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01611.html
+
+From 6a2909cf98e892783b2502df6f7f4de46d13e42b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger 
+Date: Mon, 6 Jun 2016 17:58:26 -0400
+Subject: [PATCH] crypto: aes: always rename internal symbols
+
+OpenSSL's libcrypto always defines AES symbols with the same names as
+qemu's local aes code.  This is problematic when enabling at least curl
+as that frequently also uses libcrypto.  It might not be noticed when
+running, but if you try to statically link, everything falls down.
+
+An example snippet:
+  LINK  qemu-nbd
+.../libcrypto.a(aes-x86_64.o): In function 'AES_encrypt':
+(.text+0x460): multiple definition of 'AES_encrypt'
+crypto/aes.o:aes.c:(.text+0x670): first defined here
+.../libcrypto.a(aes-x86_64.o): In function 'AES_decrypt':
+(.text+0x9f0): multiple definition of 'AES_decrypt'
+crypto/aes.o:aes.c:(.text+0xb30): first defined here
+.../libcrypto.a(aes-x86_64.o): In function 'AES_cbc_encrypt':
+(.text+0xf90): multiple definition of 'AES_cbc_encrypt'
+crypto/aes.o:aes.c:(.text+0xff0): first defined here
+collect2: error: ld returned 1 exit status
+.../qemu-2.6.0/rules.mak:105: recipe for target 'qemu-nbd' failed
+make: *** [qemu-nbd] Error 1
+
+The aes.h header has redefines already for FreeBSD, but go ahead and
+enable that for everyone since there's no real good reason to not use
+a namespace all the time.
+
+Signed-off-by: Mike Frysinger 
+---
+ include/crypto/aes.h | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/include/crypto/aes.h b/include/crypto/aes.h
+index a006da2224a9..12fb321b89de 100644
+--- a/include/crypto/aes.h
 b/include/crypto/aes.h
+@@ -10,14 +10,13 @@ struct aes_key_st {
+ };
+ typedef struct aes_key_st AES_KEY;
+ 
+-/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */
+-#ifdef __FreeBSD__
++/* FreeBSD/OpenSSL have their own AES functions with the same names in 
-lcrypto
++ * (which might be pulled in via curl), so redefine to avoid conflicts. */
+ #define AES_set_encrypt_key QEMU_AES_set_encrypt_key
+ #define AES_set_decrypt_key QEMU_AES_set_decrypt_key
+ #define AES_encrypt QEMU_AES_encrypt
+ #define AES_decrypt QEMU_AES_decrypt
+ #define AES_cbc_encrypt QEMU_AES_cbc_encrypt
+-#endif
+ 
+ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+   AES_KEY *key);
+-- 
+2.8.2
+

diff --git a/app-emulation/qemu/qemu-2.6.0.ebuild 
b/app-emulation/qemu/qemu-2.6.0.ebuild
index 81504ad..95a953e 100644
--- a/app-emulation/qemu/qemu-2.6.0.ebuild
+++ b/app-emulation/qemu/qemu-2.6.0.ebuild
@@ -327,8 +327,9 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
 
-   epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+   epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+   epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
 
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 8f136c3..95a953e 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -327,7 +327,9 @@ src_prepare() {
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
Makefile Makefile.target || die
 
-   epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+   epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
+   epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+   epatch "${FILESDIR}"/${PN}-2.6.0-crypto-static.patch
 
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 6b13602fdf3ffadf7a32cf41f29580a686bd0802
Author: Mike Frysinger  gentoo  org>
AuthorDate: Tue May 17 04:40:51 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Tue May 17 04:41:34 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b13602f

app-emulation/qemu: workaround breakage in xfs/linux headers #577810

Add upstream patch to workaround some combinations of xfsprogs & linux
headers so we don't have to worry about stable breakage anymore.  This
fix is already in upstream & unstable versions.

 .../qemu/files/qemu-2.5.1-xfs-linux-headers.patch  | 82 ++
 app-emulation/qemu/qemu-2.5.1.ebuild   |  1 +
 2 files changed, 83 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch 
b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
new file mode 100644
index 000..743171b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-xfs-linux-headers.patch
@@ -0,0 +1,82 @@
+https://bugs.gentoo.org/577810
+
+From 277abf15a60f7653bfb05ffb513ed74ffdaea1b7 Mon Sep 17 00:00:00 2001
+From: Jan Vesely 
+Date: Fri, 29 Apr 2016 13:15:23 -0400
+Subject: [PATCH] configure: Check if struct fsxattr is available from linux
+ header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes build failure with --enable-xfsctl and
+new linux headers (>=4.5) and older xfsprogs(<4.5):
+In file included from /usr/include/xfs/xfs.h:38:0,
+ from 
/var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97:
+/usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’
+ struct fsxattr {
+^
+In file included from 
/var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0:
+/usr/include/linux/fs.h:155:8: note: originally defined here
+ struct fsxattr {
+
+This is really a bug in the system headers, but we can work around it
+by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides
+the struct, so that xfs_fs.h doesn't try to define it as well.
+
+CC: qemu-triv...@nongnu.org
+CC: Markus Armbruster 
+CC: Peter Maydell 
+CC: Stefan Weil 
+Tested-by: Stefan Weil 
+Signed-off-by: Jan Vesely 
+[PMM: adjusted commit message, comments]
+Signed-off-by: Peter Maydell 
+---
+ configure | 23 +++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/configure b/configure
+index ab54f3c..c37fc5f 100755
+--- a/configure
 b/configure
+@@ -4494,6 +4494,21 @@ if test "$fortify_source" != "no"; then
+ fi
+ 
+ ##
++# check if struct fsxattr is available via linux/fs.h
++
++have_fsxattr=no
++cat > $TMPC << EOF
++#include 
++struct fsxattr foo;
++int main(void) {
++  return 0;
++}
++EOF
++if compile_prog "" "" ; then
++have_fsxattr=yes
++fi
++
++##
+ # End of CC checks
+ # After here, no more $cc or $ld runs
+ 
+@@ -5160,6 +5175,14 @@ fi
+ if test "$have_ifaddrs_h" = "yes" ; then
+ echo "HAVE_IFADDRS_H=y" >> $config_host_mak
+ fi
++
++# Work around a system header bug with some kernel/XFS header
++# versions where they both try to define 'struct fsxattr':
++# xfs headers will not try to redefine structs from linux headers
++# if this macro is set.
++if test "$have_fsxattr" = "yes" ; then
++echo "HAVE_FSXATTR=y" >> $config_host_mak
++fi
+ if test "$vte" = "yes" ; then
+   echo "CONFIG_VTE=y" >> $config_host_mak
+   echo "VTE_CFLAGS=$vte_cflags" >> $config_host_mak
+-- 
+2.8.2
+

diff --git a/app-emulation/qemu/qemu-2.5.1.ebuild 
b/app-emulation/qemu/qemu-2.5.1.ebuild
index 27d1c30..ae5fa97 100644
--- a/app-emulation/qemu/qemu-2.5.1.ebuild
+++ b/app-emulation/qemu/qemu-2.5.1.ebuild
@@ -343,6 +343,7 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2016-4020.patch #580040
epatch "${FILESDIR}"/${PN}-2.5.1-CVE-2015-8558.patch #568246 #580426
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+   epatch "${FILESDIR}"/${PN}-2.5.1-xfs-linux-headers.patch #577810
 
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 78f6468a75114af92b5f86ef97d7614b08ffdeb4
Author: Mike Frysinger  gentoo  org>
AuthorDate: Sat Apr 23 20:23:02 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Sat Apr 23 20:29:50 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f6468a

app-misc/qemu: version bump & bug fixes #579614 #580040 #580426

 app-emulation/qemu/Manifest|   1 +
 .../qemu/files/qemu-2.5.1-CVE-2015-8558.patch  | 107 
 .../qemu/files/qemu-2.5.1-CVE-2016-4020.patch  |  16 +
 .../files/qemu-2.5.1-stellaris_enet-overflow.patch |  47 ++
 app-emulation/qemu/qemu-2.5.1.ebuild   | 686 +
 5 files changed, 857 insertions(+)

diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 70a4faa..2e2539b 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1,2 @@
 DIST qemu-2.5.0.tar.bz2 25464996 SHA256 
3443887401619fe33bfa5d900a4f2d6a79425ae2b7e43d5b8c36eb7a683772d4 SHA512 
12153f94cc7f834fd6a85f25690c36f2331d88d414426fb8b9ac20a34e6f9222b1eda30b727674af583580fae90dfd6d0614a905dce1567d94cd049d426b9dd3
 WHIRLPOOL 
8f5717989d8d234ecf1763ee386b2e1f20c3b17918de130c6dae255e4523a230b2b01a759eba25e4b9f604c680d9b868c56f58bd71b7c6c2c22a2e46804435ef
+DIST qemu-2.5.1.tar.bz2 25464539 SHA256 
028752c33bb786abbfe496ba57315dc5a7d0a33b5a7a767f6d7a29020c525d2c SHA512 
66959ad6a2a89f23c5daba245c76f71ddc03a33a1167bca639a042ebbf7329b2e698cd2c0e65c22a9874563a34256a48386aa9df6475b06d38db74187e3e3b3f
 WHIRLPOOL 
32525271574692d56b7794dc63606659f46e6ae19a56dee31b3cec33dab9c4eb74147a65db4940229492d8680f38c2d05bc2a8fbcb4b6887b0c1cbe5fbbe44cf

diff --git a/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch 
b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
new file mode 100644
index 000..cf1a4c3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.1-CVE-2015-8558.patch
@@ -0,0 +1,107 @@
+https://bugs.gentoo.org/580426
+https://bugs.gentoo.org/568246
+
+From a49923d2837d20510d645d3758f1ad87c32d0730 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Mon, 18 Apr 2016 09:20:54 +0200
+Subject: [PATCH] Revert "ehci: make idt processing more robust"
+
+This reverts commit 156a2e4dbffa85997636a7a39ef12da6f1b40254.
+
+Breaks FreeBSD.
+
+Signed-off-by: Gerd Hoffmann 
+---
+ hw/usb/hcd-ehci.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index d5c0e1c..43a8f7a 100644
+--- a/hw/usb/hcd-ehci.c
 b/hw/usb/hcd-ehci.c
+@@ -1397,7 +1397,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ {
+ USBDevice *dev;
+ USBEndpoint *ep;
+-uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
++uint32_t i, len, pid, dir, devaddr, endp;
+ uint32_t pg, off, ptr1, ptr2, max, mult;
+ 
+ ehci->periodic_sched_active = PERIODIC_ACTIVE;
+@@ -1489,10 +1489,9 @@ static int ehci_process_itd(EHCIState *ehci,
+ ehci_raise_irq(ehci, USBSTS_INT);
+ }
+ itd->transact[i] &= ~ITD_XACT_ACTIVE;
+-xfers++;
+ }
+ }
+-return xfers ? 0 : -1;
++return 0;
+ }
+ 
+ 
+-- 
+2.7.4
+
+From 1ae3f2f178087711f9591350abad133525ba93f2 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Mon, 18 Apr 2016 09:11:38 +0200
+Subject: [PATCH] ehci: apply limit to iTD/sidt descriptors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
+DoS by the guest (create a circular iTD queue and let qemu ehci
+emulation run in circles forever).  Unfortunately this has two problems:
+First it misses the case of siTDs, and second it reportedly breaks
+FreeBSD.
+
+So lets go for a different approach: just count the number of iTDs and
+siTDs we have seen per frame and apply a limit.  That should really
+catch all cases now.
+
+Reported-by: 杜少博 
+Signed-off-by: Gerd Hoffmann 
+---
+ hw/usb/hcd-ehci.c | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 159f58d..d5c0e1c 100644
+--- a/hw/usb/hcd-ehci.c
 b/hw/usb/hcd-ehci.c
+@@ -2011,6 +2011,7 @@ static int ehci_state_writeback(EHCIQueue *q)
+ static void ehci_advance_state(EHCIState *ehci, int async)
+ {
+ EHCIQueue *q = NULL;
++int itd_count = 0;
+ int again;
+ 
+ do {
+@@ -2035,10 +2036,12 @@ static void ehci_advance_state(EHCIState *ehci, int 
async)
+ 
+ case EST_FETCHITD:
+ again = ehci_state_fetchitd(ehci, async);
++itd_count++;
+ break;
+ 
+ case EST_FETCHSITD:
+ again = ehci_state_fetchsitd(ehci, async);
++itd_count++;
+ break;
+ 
+ case EST_ADVANCEQUEUE:
+@@ -2087,7 +2090,8 @@ static void ehci_advance_state(EHCIState *ehci, int 
async)
+ break;
+   

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 346b8a658c0fb521e9a783699a678756765d8845
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Mar 23 05:22:02 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Mar 23 05:22:02 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=346b8a65

app-emulation/qemu: backport various upstream fixes

 .../qemu/files/qemu-2.5.0-CVE-2015-8613.patch  |  35 ++
 .../qemu/files/qemu-2.5.0-CVE-2015-8619.patch  | 121 
 .../qemu/files/qemu-2.5.0-CVE-2016-1714.patch  |  58 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-1922.patch  |  65 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-1981.patch  |  98 +++
 .../qemu/files/qemu-2.5.0-CVE-2016-2197.patch  |  43 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-2198.patch  |  46 ++
 .../qemu/files/qemu-2.5.0-CVE-2016-2392.patch  |  35 ++
 .../files/qemu-2.5.0-rng-stack-corrupt-0.patch |  98 +++
 .../files/qemu-2.5.0-rng-stack-corrupt-1.patch | 135 +
 .../files/qemu-2.5.0-rng-stack-corrupt-2.patch | 155 +
 .../files/qemu-2.5.0-rng-stack-corrupt-3.patch | 179 ++
 .../qemu/files/qemu-2.5.0-sysmacros.patch  |  15 +
 .../qemu/files/qemu-2.5.0-usb-ehci-oob.patch   |  52 ++
 .../files/qemu-2.5.0-usb-ndis-int-overflow.patch   |  59 ++
 app-emulation/qemu/qemu-2.5.0-r2.ebuild| 669 +
 16 files changed, 1863 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch 
b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
new file mode 100644
index 000..61a52ee
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8613.patch
@@ -0,0 +1,35 @@
+From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001
+From: P J P 
+Date: Mon, 21 Dec 2015 15:13:13 +0530
+Subject: [PATCH] scsi: initialise info object with appropriate size
+
+While processing controller 'CTRL_GET_INFO' command, the routine
+'megasas_ctrl_get_info' overflows the '' object size. Use its
+appropriate size to null initialise it.
+
+Reported-by: Qinghao Tang 
+Signed-off-by: Prasad J Pandit 
+Message-Id: 
+Cc: qemu-sta...@nongnu.org
+Signed-off-by: Paolo Bonzini 
+Signed-off-by: P J P 
+---
+ hw/scsi/megasas.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index d7dc667..576f56c 100644
+--- a/hw/scsi/megasas.c
 b/hw/scsi/megasas.c
+@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, 
MegasasCmd *cmd)
+ BusChild *kid;
+ int num_pd_disks = 0;
+ 
+-memset(, 0x0, cmd->iov_size);
++memset(, 0x0, dcmd_size);
+ if (cmd->iov_size < dcmd_size) {
+ trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
+ dcmd_size);
+-- 
+2.7.4
+

diff --git a/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch 
b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
new file mode 100644
index 000..be67336
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-CVE-2015-8619.patch
@@ -0,0 +1,121 @@
+From 64ffbe04eaafebf4045a3ace52a360c14959d196 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller 
+Date: Wed, 13 Jan 2016 09:09:58 +0100
+Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
+
+When processing 'sendkey' command, hmp_sendkey routine null
+terminates the 'keyname_buf' array. This results in an OOB
+write issue, if 'keyname_len' was to fall outside of
+'keyname_buf' array.
+
+Since the keyname's length is known the keyname_buf can be
+removed altogether by adding a length parameter to
+index_from_key() and using it for the error output as well.
+
+Reported-by: Ling Liu 
+Signed-off-by: Wolfgang Bumiller 
+Message-Id: <20160113080958.GA18934@olga>
+[Comparison with "<" dumbed down, test for junk after strtoul()
+tweaked]
+Signed-off-by: Markus Armbruster 
+---
+ hmp.c| 18 --
+ include/ui/console.h |  2 +-
+ ui/input-legacy.c|  5 +++--
+ 3 files changed, 12 insertions(+), 13 deletions(-)
+
+diff --git a/hmp.c b/hmp.c
+index 54f2620..9c571f5 100644
+--- a/hmp.c
 b/hmp.c
+@@ -1731,21 +1731,18 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
+ int has_hold_time = qdict_haskey(qdict, "hold-time");
+ int hold_time = qdict_get_try_int(qdict, "hold-time", -1);
+ Error *err = NULL;
+-char keyname_buf[16];
+ char *separator;
+ int keyname_len;
+ 
+ while (1) {
+ separator = strchr(keys, '-');
+ keyname_len = separator ? separator - keys : strlen(keys);
+-pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
+ 
+ /* Be compatible with old interface, convert user inputted "<" */
+-if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
+-

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 75d0202d68b81bc06d451b574670d8374751789f
Author: Mike Frysinger  gentoo  org>
AuthorDate: Tue Dec 15 05:43:01 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Tue Dec 15 05:55:01 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75d0202d

app-emulation/qemu: add upstream fixes for #567828 #568214

 .../qemu/files/qemu-2.4.1-CVE-2015-7549.patch  |  62 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-8504.patch  |  46 ++
 app-emulation/qemu/qemu-2.4.1-r2.ebuild| 642 +
 3 files changed, 750 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch 
b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch
new file mode 100644
index 000..897fe34
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7549.patch
@@ -0,0 +1,62 @@
+https://bugs.gentoo.org/568214
+
+From 43b11a91dd861a946b231b89b7542856ade23d1b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= 
+Date: Fri, 26 Jun 2015 14:25:29 +0200
+Subject: [PATCH] msix: implement pba write (but read-only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+qpci_msix_pending() writes on pba region, causing qemu to SEGV:
+
+  Program received signal SIGSEGV, Segmentation fault.
+  [Switching to Thread 0x77fba8c0 (LWP 25882)]
+  0x in ?? ()
+  (gdb) bt
+  #0  0x in  ()
+  #1  0x556556c5 in memory_region_oldmmio_write_accessor 
(mr=0x579f3f80, addr=0, value=0x7fffbf68, size=4, shift=0, 
mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
+  #2  0x556558e1 in access_with_adjusted_size (addr=0, 
value=0x7fffbf68, size=4, access_size_min=1, access_size_max=4, 
access=0x5565563e , 
mr=0x579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
+  #3  0x556581eb in memory_region_dispatch_write (mr=0x579f3f80, 
addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
+  #4  0x5560b6f9 in address_space_rw (as=0x55eff4e0 
, addr=3759147008, attrs=..., buf=0x7fffc1b0 "", 
len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
+  #5  0x5560baa2 in cpu_physical_memory_rw (addr=3759147008, 
buf=0x7fffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
+  #6  0x5564c005 in cpu_physical_memory_write (addr=3759147008, 
buf=0x7fffc1b0, len=4) at 
/home/elmarco/src/qemu/include/exec/cpu-common.h:80
+  #7  0x5564cd9c in qtest_process_command (chr=0x5642b890, 
words=0x578de4b0) at /home/elmarco/src/qemu/qtest.c:378
+  #8  0x5564db77 in qtest_process_inbuf (chr=0x5642b890, 
inbuf=0x5641b340) at /home/elmarco/src/qemu/qtest.c:569
+  #9  0x5564dc07 in qtest_read (opaque=0x5642b890, 
buf=0x7fffc2e0 "writel 0xe0100800 0x0\n", size=22) at 
/home/elmarco/src/qemu/qtest.c:581
+  #10 0x5574ce3e in qemu_chr_be_write (s=0x5642b890, 
buf=0x7fffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
+  #11 0x55751263 in tcp_chr_read (chan=0x5642bcf0, cond=G_IO_IN, 
opaque=0x5642b890) at qemu-char.c:2876
+  #12 0x764c9a8a in g_main_context_dispatch (context=0x5641c400) 
at gmain.c:3122
+
+(without this patch, this can be reproduced with the ivshmem qtest)
+
+Implement an empty mmio write to avoid the crash.
+
+Signed-off-by: Marc-André Lureau 
+Reviewed-by: Paolo Bonzini 
+---
+ hw/pci/msix.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/pci/msix.c b/hw/pci/msix.c
+index 2fdada4..64c93d8 100644
+--- a/hw/pci/msix.c
 b/hw/pci/msix.c
+@@ -200,8 +200,14 @@ static uint64_t msix_pba_mmio_read(void *opaque, hwaddr 
addr,
+ return pci_get_long(dev->msix_pba + addr);
+ }
+ 
++static void msix_pba_mmio_write(void *opaque, hwaddr addr,
++uint64_t val, unsigned size)
++{
++}
++
+ static const MemoryRegionOps msix_pba_mmio_ops = {
+ .read = msix_pba_mmio_read,
++.write = msix_pba_mmio_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch 
b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch
new file mode 100644
index 000..7b0102a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8504.patch
@@ -0,0 +1,46 @@
+https://bugs.gentoo.org/567828
+
+From 4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Thu, 3 Dec 2015 18:54:17 +0530
+Subject: [PATCH] ui: vnc: avoid floating point exception
+
+While sending 'SetPixelFormat' messages to a VNC server,
+the client could set the 'red-max', 'green-max' and 'blue-max'
+values to be zero. This leads to a floating point exception in
+write_png_palette while 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 32c4e7044c0a00de9d1a10fc8db207c4fa34dbba
Author: Mike Frysinger  gentoo  org>
AuthorDate: Tue Dec  8 03:11:31 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Tue Dec  8 03:11:31 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32c4e704

app-emulation/qemu: add upstream security fixes #566792 #567144

 .../qemu/files/qemu-2.4.1-CVE-2015-7504.patch  |  49 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-7512.patch  |  37 ++
 .../qemu/files/qemu-2.4.1-CVE-2015-8345.patch  |  65 +++
 app-emulation/qemu/qemu-2.4.1-r1.ebuild| 644 +
 4 files changed, 795 insertions(+)

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch 
b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch
new file mode 100644
index 000..e86e0c6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7504.patch
@@ -0,0 +1,49 @@
+From 837f21aacf5a714c23ddaadbbc5212f9b661e3f7 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Fri, 20 Nov 2015 11:50:31 +0530
+Subject: [PATCH] net: pcnet: add check to validate receive data
+ size(CVE-2015-7504)
+
+In loopback mode, pcnet_receive routine appends CRC code to the
+receive buffer. If the data size given is same as the buffer size,
+the appended CRC code overwrites 4 bytes after s->buffer. Added a
+check to avoid that.
+
+Reported by: Qinghao Tang 
+Cc: qemu-sta...@nongnu.org
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Prasad J Pandit 
+Signed-off-by: Jason Wang 
+---
+ hw/net/pcnet.c | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 0eb3cc4..309c40b 100644
+--- a/hw/net/pcnet.c
 b/hw/net/pcnet.c
+@@ -1084,7 +1084,7 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t 
*buf, size_t size_)
+ uint32_t fcs = ~0;
+ uint8_t *p = src;
+ 
+-while (p != [size-4])
++while (p != [size])
+ CRC(fcs, *p++);
+ crc_err = (*(uint32_t *)p != htonl(fcs));
+ }
+@@ -1233,8 +1233,10 @@ static void pcnet_transmit(PCNetState *s)
+ bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
+ 
+ /* if multi-tmd packet outsizes s->buffer then skip it silently.
+-   Note: this is not what real hw does */
+-if (s->xmit_pos + bcnt > sizeof(s->buffer)) {
++ * Note: this is not what real hw does.
++ * Last four bytes of s->buffer are used to store CRC FCS code.
++ */
++if (s->xmit_pos + bcnt > sizeof(s->buffer) - 4) {
+ s->xmit_pos = -1;
+ goto txdone;
+ }
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch 
b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch
new file mode 100644
index 000..4fee9ef
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-7512.patch
@@ -0,0 +1,37 @@
+From 8b98a2f07175d46c3f7217639bd5e03f2ec56343 Mon Sep 17 00:00:00 2001
+From: Jason Wang 
+Date: Mon, 30 Nov 2015 15:00:06 +0800
+Subject: [PATCH] pcnet: fix rx buffer overflow(CVE-2015-7512)
+
+Backends could provide a packet whose length is greater than buffer
+size. Check for this and truncate the packet to avoid rx buffer
+overflow in this case.
+
+Cc: Prasad J Pandit 
+Cc: qemu-sta...@nongnu.org
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Jason Wang 
+---
+ hw/net/pcnet.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 309c40b..1f4a3db 100644
+--- a/hw/net/pcnet.c
 b/hw/net/pcnet.c
+@@ -1064,6 +1064,12 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t 
*buf, size_t size_)
+ int pktcount = 0;
+ 
+ if (!s->looptest) {
++if (size > 4092) {
++#ifdef PCNET_DEBUG_RMD
++fprintf(stderr, "pcnet: truncates rx packet.\n");
++#endif
++size = 4092;
++}
+ memcpy(src, buf, size);
+ /* no need to compute the CRC */
+ src[size] = 0;
+-- 
+2.6.2
+

diff --git a/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch 
b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch
new file mode 100644
index 000..f01d9ac
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.1-CVE-2015-8345.patch
@@ -0,0 +1,65 @@
+https://bugs.gentoo.org/566792
+
+From 00837731d254908a841d69298a4f9f077babaf24 Mon Sep 17 00:00:00 2001
+From: Stefan Weil 
+Date: Fri, 20 Nov 2015 08:42:33 +0100
+Subject: [PATCH] eepro100: Prevent two endless loops
+
+http://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg04592.html
+shows an example how an endless loop in function action_command can
+be achieved.
+
+During my code 

[gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/

[Mike Frysinger]

commit: 48dc0173191a6bdea35ada3682f5426511ccd654
Author: Mike Frysinger  gentoo  org>
AuthorDate: Mon Nov 23 00:41:00 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Mon Nov 23 00:41:00 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48dc0173

app-emulation/qemu: update cflags patch #565866

 app-emulation/qemu/files/qemu-2.5.0-cflags.patch | 13 +
 app-emulation/qemu/qemu-.ebuild  |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app-emulation/qemu/files/qemu-2.5.0-cflags.patch 
b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
new file mode 100644
index 000..173394f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-cflags.patch
@@ -0,0 +1,13 @@
+--- a/configure
 b/configure
+@@ -4468,10 +4468,6 @@ fi
+ if test "$gcov" = "yes" ; then
+   CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+-  CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+-  CFLAGS="-O2 $CFLAGS"
+ fi
+ 
+ ##

diff --git a/app-emulation/qemu/qemu-.ebuild 
b/app-emulation/qemu/qemu-.ebuild
index 3123715..aa8b852 100644
--- a/app-emulation/qemu/qemu-.ebuild
+++ b/app-emulation/qemu/qemu-.ebuild
@@ -306,7 +306,7 @@ src_prepare() {
# Cheap hack to disable gettext .mo generation.
use nls || rm -f po/*.po
 
-   epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
+   epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
[[ -n ${BACKPORTS} ]] && \
EPATCH_FORCE=yes EPATCH_SUFFIX="patch" 
EPATCH_SOURCE="${S}/patches" \
epatch