[app-emulation/qemu] version bump

app-emulation/qemu/Manifest

@@ -1 +1 @@
-DIST qemu-2.0.0.tar.bz2 12839647 SHA256 60cc1aa0cad39cec891f970bed60ca8a484f071adad4943123599ac223543a3b SHA512 8fe2e8faa66251aaea7d6017ee71675d5b05f93f92be7e2ad3e1d02af185b3d6c4069bd83a13fb1e35a3e8947aff76f22446b395f97ac18b6f7a99744202e3fa WHIRLPOOL 6b39916acdcaa5e22510afec8a972935e71064de9ff0a3f9a698a8142f66b130a24d0a38cc56a7a92dbdc78d5145abe743a9c6933f819ce9e682b7cffdac1508
+DIST qemu-2.1.0.tar.bz2 23563306 SHA256 397e23184f4bf613589a8fe0c6542461dc2afdf17ed337e97e6fd2f31e8f8802 SHA512 8c00fd61432420229d762fa2ccf91cb8cec20206e2ec02ab2df13c6b3b9de7605fbfacb0fadd21f20f13c1de4c5216d8b11538738c0d0e5094582ded7c668f2e WHIRLPOOL 9d28aab8e20a5a60e85709d7a192a45425605693e54452f54decd65ecc77b504f1bc6ff60f5e9428314fb04911f966753f39a189adc8aa85776fd3c49b5a6858

app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch

@@ -1,40 +0,0 @@
-From 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Thu, 3 Apr 2014 19:52:25 +0300
-Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load
-
-CVE-2013-4541
-
-s->setup_len and s->setup_index are fed into usb_packet_copy as
-size/offset into s->data_buf, it's possible for invalid state to exploit
-this to load arbitrary data.
-
-setup_len and setup_index should be checked to make sure
-they are not negative.
-
-Cc: Gerd Hoffmann <kraxel@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
-Signed-off-by: Juan Quintela <quintela@redhat.com>
----
- hw/usb/bus.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/bus.c b/hw/usb/bus.c
-index fe70429..e48b19f 100644
---- a/hw/usb/bus.c
-+++ b/hw/usb/bus.c
-@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id)
-     } else {
-         dev->attached = 1;
-     }
--    if (dev->setup_index >= sizeof(dev->data_buf) ||
-+    if (dev->setup_index < 0 ||
-+        dev->setup_len < 0 ||
-+        dev->setup_index >= sizeof(dev->data_buf) ||
-         dev->setup_len >= sizeof(dev->data_buf)) {
-         return -EINVAL;
-     }
--- 
-1.9.3
-

app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch

@@ -1,48 +0,0 @@
-From 42eb58179b3b215bb507da3262b682b8a2ec10b5 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 15 May 2014 16:10:11 +0200
-Subject: [PATCH] qcow1: Validate L2 table size (CVE-2014-0222)
-
-Too large L2 table sizes cause unbounded allocations. Images actually
-created by qemu-img only have 512 byte or 4k L2 tables.
-
-To keep things consistent with cluster sizes, allow ranges between 512
-bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
-working, but L2 table sizes smaller than a cluster don't make a lot of
-sense).
-
-This also means that the number of bytes on the virtual disk that are
-described by the same L2 table is limited to at most 8k * 64k or 2^29,
-preventively avoiding any integer overflows.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Benoit Canet <benoit@irqsave.net>
----
- block/qcow.c               |  8 ++++++++
- tests/qemu-iotests/092     | 15 +++++++++++++++
- tests/qemu-iotests/092.out | 11 +++++++++++
- 3 files changed, 34 insertions(+)
-
-diff --git a/block/qcow.c b/block/qcow.c
-index e60df23..e8038e5 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -139,6 +139,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
-         goto fail;
-     }
- 
-+    /* l2_bits specifies number of entries; storing a uint64_t in each entry,
-+     * so bytes = num_entries << 3. */
-+    if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) {
-+        error_setg(errp, "L2 table size must be between 512 and 64k");
-+        ret = -EINVAL;
-+        goto fail;
-+    }
-+
-     if (header.crypt_method > QCOW_CRYPT_AES) {
-         error_setg(errp, "invalid encryption method in qcow header");
-         ret = -EINVAL;
--- 
-1.9.3
-

app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch

@@ -1,57 +0,0 @@
-From 46485de0cb357b57373e1ca895adedf1f3ed46ec Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 8 May 2014 13:08:20 +0200
-Subject: [PATCH] qcow1: Validate image size (CVE-2014-0223)
-
-A huge image size could cause s->l1_size to overflow. Make sure that
-images never require a L1 table larger than what fits in s->l1_size.
-
-This cannot only cause unbounded allocations, but also the allocation of
-a too small L1 table, resulting in out-of-bounds array accesses (both
-reads and writes).
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- block/qcow.c               | 16 ++++++++++++++--
- tests/qemu-iotests/092     |  9 +++++++++
- tests/qemu-iotests/092.out |  7 +++++++
- 3 files changed, 30 insertions(+), 2 deletions(-)
-
-diff --git a/block/qcow.c b/block/qcow.c
-index e8038e5..3566c05 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -61,7 +61,7 @@ typedef struct BDRVQcowState {
-     int cluster_sectors;
-     int l2_bits;
-     int l2_size;
--    int l1_size;
-+    unsigned int l1_size;
-     uint64_t cluster_offset_mask;
-     uint64_t l1_table_offset;
-     uint64_t *l1_table;
-@@ -166,7 +166,19 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
- 
-     /* read the level 1 table */
-     shift = s->cluster_bits + s->l2_bits;
--    s->l1_size = (header.size + (1LL << shift) - 1) >> shift;
-+    if (header.size > UINT64_MAX - (1LL << shift)) {
-+        error_setg(errp, "Image too large");
-+        ret = -EINVAL;
-+        goto fail;
-+    } else {
-+        uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift;
-+        if (l1_size > INT_MAX / sizeof(uint64_t)) {
-+            error_setg(errp, "Image too large");
-+            ret = -EINVAL;
-+            goto fail;
-+        }
-+        s->l1_size = l1_size;
-+    }
- 
-     s->l1_table_offset = header.l1_table_offset;
-     s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t));
--- 
-1.9.3
-

app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch

@@ -1,52 +0,0 @@
-From 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Wed, 7 May 2014 17:30:30 +0200
-Subject: [PATCH] qcow1: Check maximum cluster size
-
-Huge values for header.cluster_bits cause unbounded allocations (e.g.
-for s->cluster_cache) and crash qemu this way. Less huge values may
-survive those allocations, but can cause integer overflows later on.
-
-The only cluster sizes that qemu can create are 4k (for standalone
-images) and 512 (for images with backing files), so we can limit it
-to 64k.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Benoit Canet <benoit@irqsave.net>
----
- block/qcow.c               | 10 ++++++--
- tests/qemu-iotests/092     | 63 ++++++++++++++++++++++++++++++++++++++++++++++
- tests/qemu-iotests/092.out | 13 ++++++++++
- tests/qemu-iotests/group   |  1 +
- 4 files changed, 85 insertions(+), 2 deletions(-)
- create mode 100755 tests/qemu-iotests/092
- create mode 100644 tests/qemu-iotests/092.out
-
-diff --git a/block/qcow.c b/block/qcow.c
-index 3684794..e60df23 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -128,11 +128,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
-         goto fail;
-     }
- 
--    if (header.size <= 1 || header.cluster_bits < 9) {
--        error_setg(errp, "invalid value in qcow header");
-+    if (header.size <= 1) {
-+        error_setg(errp, "Image size is too small (must be at least 2 bytes)");
-         ret = -EINVAL;
-         goto fail;
-     }
-+    if (header.cluster_bits < 9 || header.cluster_bits > 16) {
-+        error_setg(errp, "Cluster size must be between 512 and 64k");
-+        ret = -EINVAL;
-+        goto fail;
-+    }
-+
-     if (header.crypt_method > QCOW_CRYPT_AES) {
-         error_setg(errp, "invalid encryption method in qcow header");
-         ret = -EINVAL;
--- 
-1.9.3
-

app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch

@@ -1,41 +0,0 @@
-https://bugs.gentoo.org/510208
-
-From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Tue, 13 May 2014 12:33:16 +0300
-Subject: [PATCH] usb: fix up post load checks
-
-Correct post load checks:
-1. dev->setup_len == sizeof(dev->data_buf)
-    seems fine, no need to fail migration
-2. When state is DATA, passing index > len
-   will cause memcpy with negative length,
-   resulting in heap overflow
-
-First of the issues was reported by dgilbert.
-
-Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Juan Quintela <quintela@redhat.com>
----
- hw/usb/bus.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/usb/bus.c b/hw/usb/bus.c
-index 699aa10..927a47b 100644
---- a/hw/usb/bus.c
-+++ b/hw/usb/bus.c
-@@ -51,8 +51,8 @@ static int usb_device_post_load(void *opaque, int version_id)
-     }
-     if (dev->setup_index < 0 ||
-         dev->setup_len < 0 ||
--        dev->setup_index >= sizeof(dev->data_buf) ||
--        dev->setup_len >= sizeof(dev->data_buf)) {
-+        dev->setup_index > dev->setup_len ||
-+        dev->setup_len > sizeof(dev->data_buf)) {
-         return -EINVAL;
-     }
-     return 0;
--- 
-1.9.3
-

app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch

@@ -1,30 +0,0 @@
-From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001
-From: Tim Comer <comer0@gmail.com>
-Date: Sat, 19 Apr 2014 12:51:42 -0400
-Subject: [PATCH] virtfs-proxy-helper: fix call to accept
-
-The current code calls accept() without initializing the size parameter
-which means the accept call might write too much to the stack.
-
-URL: https://bugs.gentoo.org/486714
-Signed-off-by: Tim Comer <comer0@gmail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- fsdev/virtfs-proxy-helper.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
-index bfecb87..cd291d3 100644
---- a/fsdev/virtfs-proxy-helper.c
-+++ b/fsdev/virtfs-proxy-helper.c
-@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid)
-         return -1;
-     }
- 
-+    size = sizeof(qemu);
-     client = accept(sock, (struct sockaddr *)&qemu, &size);
-     if (client < 0) {
-         do_perror("accept");
--- 
-1.9.2
-

app-emulation/qemu/files/qemu-binfmt.initd-r1

@@ -1,16 +1,22 @@
 #!/sbin/runscript
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/files/qemu-binfmt.initd-r1,v 1.3 2013/02/17 22:05:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/files/qemu-binfmt.initd-r1,v 1.5 2014/08/04 06:47:22 vapier Exp $
 
 # enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
 
+# Defaulting to OC should be safe because it comes down to:
+#  - do we trust the interp itself to not be malicious?  yes; we built it.
+#  - do we trust the programs we're running?  ish; same permission as native
+#    binaries apply.  so if user can do bad stuff natively, cross isn't worse.
+: ${QEMU_BINFMT_FLAGS:=OC}
+
 depend() {
     after procfs
 }
 
 start() {
-   ebegin "Registering qemu-user binaries"
+   ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
 
    if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
       modprobe -q binfmt_misc
@@ -50,55 +56,58 @@ start() {
 
    # register the interpreter for each cpu except for the native one
    if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
-      echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register
-      echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register
+      echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
+      echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
-      echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:P' > /proc/sys/fs/binfmt_misc/register
+      echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
-      echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
-      echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
+   fi
+   if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
+      echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
-      echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
-      echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
-      echo   'Please check cpu value and header information for m68k!'
-      echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:P' > /proc/sys/fs/binfmt_misc/register
+      #echo   'Please check cpu value and header information for m68k!'
+      echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
       # FIXME: We could use the other endianness on a MIPS host.
-      echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
-      echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
-      echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
-      echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
-      echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
-      echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:P' > /proc/sys/fs/binfmt_misc/register
+      echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
-      echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:P' > /proc/sys/fs/binfmt_misc/register
+      echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
-      echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:P' > /proc/sys/fs/binfmt_misc/register
+      echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
-   if [ $cpu != "s390x" -a -x "/usr/local/bin/qemu-s390x" ] ; then
-      echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:P' > /proc/sys/fs/binfmt_misc/register
+   if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
+      echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
    fi
    eend $?
 }
@@ -110,6 +119,7 @@ stop() {
    arches="${arches} i386 i486"
    arches="${arches} alpha"
    arches="${arches} arm armeb"
+   arches="${arches} aarch64"
    arches="${arches} sparc"
    arches="${arches} ppc"
    arches="${arches} m68k"

app-emulation/qemu/files/qemu-kvm-1.4

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@"

app-emulation/qemu/qemu-2.1.0.ebuild

@@ -1,9 +1,11 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.0.0-r1.ebuild,v 1.2 2014/05/31 16:14:44 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0.ebuild,v 1.1 2014/08/04 06:45:21 vapier Exp $
 
 EAPI=5
 
+#MY_P="${P/_/-}"
+
 PYTHON_COMPAT=( python{2_6,2_7} )
 PYTHON_REQ_USE="ncurses,readline"
 
@@ -31,10 +33,10 @@ LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
 IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
 gtk iscsi +jpeg \
-kernel_linux kernel_FreeBSD ncurses opengl +png pulseaudio python \
-rbd sasl +seccomp sdl selinux smartcard spice ssh static static-softmmu \
-static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \
-virtfs +vnc xattr xen xfs"
+kernel_linux kernel_FreeBSD lzo ncurses nls numa opengl +png pulseaudio python \
+rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \
+static-user systemtap tci test +threads tpm tls usb usbredir +uuid vde \
++vhost-net virtfs +vnc xattr xen xfs"
 
 COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
 mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
@@ -71,12 +73,14 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
 	glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
 	jpeg? ( virtual/jpeg[static-libs(+)] )
+	lzo? ( dev-libs/lzo[static-libs(+)] )
 	ncurses? ( sys-libs/ncurses[static-libs(+)] )
 	png? ( media-libs/libpng[static-libs(+)] )
 	rbd? ( sys-cluster/ceph[static-libs(+)] )
 	sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
 	sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] )
 	seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
+	snappy? ( app-arch/snappy[static-libs(+)] )
 	spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] )
 	ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
 	tls? ( net-libs/gnutls[static-libs(+)] )
@@ -123,6 +127,7 @@ DEPEND="${RDEPEND}
 	sys-apps/texinfo
 	virtual/pkgconfig
 	kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
+	gtk? ( nls? ( sys-devel/gettext ) )
 	static-softmmu? ( ${SOFTMMU_LIB_DEPEND} )
 	static-user? ( ${USER_LIB_DEPEND} )
 	test? (
@@ -228,19 +233,18 @@ pkg_setup() {
 	enewgroup kvm 78
 }
 
+#S="${WORKDIR}/${MY_P}"
+
 src_prepare() {
 	# Alter target makefiles to accept CFLAGS set via flag-o
 	sed -i -r \
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
+	# Cheap hack to disable gettext .mo generation.
+	use nls || rm -f po/*.po
+
 	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
-	epatch "${FILESDIR}"/qemu-9999-virtfs-proxy-helper-accept.patch #486714
-	epatch "${FILESDIR}"/${P}-CVE-2013-4541.patch #510208
-	epatch "${FILESDIR}"/${P}-usb-post-load-checks.patch #510208
-	epatch "${FILESDIR}"/${P}-qcow-check-max-sizes.patch #510234
-	epatch "${FILESDIR}"/${P}-CVE-2014-0222.patch #510234
-	epatch "${FILESDIR}"/${P}-CVE-2014-0223.patch #510234
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch
@@ -301,11 +305,15 @@ qemu_src_configure() {
 			--disable-curses
 			--disable-kvm
 			--disable-libiscsi
+			--disable-lzo
 			--disable-glusterfs
+			--disable-numa
+			--disable-snappy
 			--disable-seccomp
 			--disable-sdl
 			--disable-smartcard-nss
 			--disable-tools
+			--disable-tpm
 			--disable-vde
 			--disable-libssh2
 			--disable-libusb
@@ -329,15 +337,19 @@ qemu_src_configure() {
 			$(use_enable iscsi libiscsi)
 			$(use_enable jpeg vnc-jpeg)
 			$(use_enable kernel_linux kvm)
+			$(use_enable lzo)
 			$(use_enable ncurses curses)
+			$(use_enable numa)
 			$(use_enable opengl glx)
 			$(use_enable png vnc-png)
 			$(use_enable rbd)
 			$(use_enable sasl vnc-sasl)
 			$(use_enable seccomp)
 			$(use_enable smartcard smartcard-nss)
+			$(use_enable snappy)
 			$(use_enable spice)
 			$(use_enable ssh libssh2)
+			$(use_enable tpm)
 			$(use_enable tls vnc-tls)
 			$(use_enable tls vnc-ws)
 			$(use_enable usb libusb)
@@ -433,6 +445,7 @@ src_compile() {
 src_test() {
 	if [[ -n ${softmmu_targets} ]]; then
 		cd "${S}/softmmu-build"
+		pax-mark m */qemu-system-* #515550
 		emake -j1 check
 		emake -j1 check-report.html
 	fi
@@ -490,58 +503,58 @@ src_install() {
 	dodoc docs/qmp/*.txt
 
 	# Remove SeaBIOS since we're using the SeaBIOS packaged ones
-	rm "${ED}/usr/share/qemu/bios.bin"
-	rm "${ED}/usr/share/qemu/bios-256k.bin"
-	rm "${ED}/usr/share/qemu/kvmvapic.bin"
-	rm "${ED}/usr/share/qemu/linuxboot.bin"
-	rm "${ED}/usr/share/qemu/multiboot.bin"
-	rm "${ED}/usr/share/qemu/acpi-dsdt.aml"
-	rm "${ED}/usr/share/qemu/q35-acpi-dsdt.aml"
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
-		dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
-		dosym ../seabios/kvmvapic.bin /usr/share/qemu/kvmvapic.bin
-		dosym ../seabios/linuxboot.bin /usr/share/qemu/linuxboot.bin
-		dosym ../seabios/multiboot.bin /usr/share/qemu/multiboot.bin
-		dosym ../seabios/acpi-dsdt.aml /usr/share/qemu/acpi-dsdt.aml
-		dosym ../seabios/q35-acpi-dsdt.aml /usr/share/qemu/q35-acpi-dsdt.aml
-	fi
+	if [[ -n ${softmmu_targets} ]]; then
+		rm "${ED}/usr/share/qemu/bios.bin"
+		rm "${ED}/usr/share/qemu/bios-256k.bin"
+		rm "${ED}/usr/share/qemu/kvmvapic.bin"
+		rm "${ED}/usr/share/qemu/linuxboot.bin"
+		rm "${ED}/usr/share/qemu/multiboot.bin"
+		rm "${ED}/usr/share/qemu/acpi-dsdt.aml"
+		rm "${ED}/usr/share/qemu/q35-acpi-dsdt.aml"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
+			dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
+			dosym ../seabios/kvmvapic.bin /usr/share/qemu/kvmvapic.bin
+			dosym ../seabios/linuxboot.bin /usr/share/qemu/linuxboot.bin
+			dosym ../seabios/multiboot.bin /usr/share/qemu/multiboot.bin
+			dosym ../seabios/acpi-dsdt.aml /usr/share/qemu/acpi-dsdt.aml
+			dosym ../seabios/q35-acpi-dsdt.aml /usr/share/qemu/q35-acpi-dsdt.aml
+		fi
 
-	# Remove vgabios since we're using the seabios packaged one
-	rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
-	rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
-	rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
-	rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../seabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
-		dosym ../seabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
-		dosym ../seabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
-		dosym ../seabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
-	fi
+		# Remove vgabios since we're using the seabios packaged one
+		rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
+		rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
+		rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
+		rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../seabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
+			dosym ../seabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
+			dosym ../seabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
+			dosym ../seabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
+		fi
 
-	# Remove sgabios since we're using the sgabios packaged one
-	rm "${ED}/usr/share/qemu/sgabios.bin"
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
-	fi
+		# Remove sgabios since we're using the sgabios packaged one
+		rm "${ED}/usr/share/qemu/sgabios.bin"
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
+		fi
 
-	# Remove iPXE since we're using the iPXE packaged one
-	rm "${ED}"/usr/share/qemu/pxe-*.rom
-	if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
-		dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
-		dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
-		dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
-		dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
-		dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
-		dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		# Remove iPXE since we're using the iPXE packaged one
+		rm "${ED}"/usr/share/qemu/pxe-*.rom
+		if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
+			dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
+			dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
+			dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
+			dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
+			dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
+			dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
+		fi
 	fi
 
 	qemu_support_kvm && readme.gentoo_create_doc
 }
 
 pkg_postinst() {
-	local virtfs_caps=
-
 	if qemu_support_kvm; then
 		readme.gentoo_print_elog
 		ewarn "Migration from qemu-kvm instances and loading qemu-kvm created"
@@ -561,11 +574,11 @@ pkg_postinst() {
 		fi
 	fi
 
-	virtfs_caps+="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,"
-	virtfs_caps+="cap_setgid,cap_mknod,cap_setuid"
-
 	fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-	use virtfs && fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
+	if use virtfs && [ -n "${softmmu_targets}" ]; then
+		local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid"
+		fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper
+	fi
 }
 
 pkg_info() {