From 6004e2b78c61499376b05ec6542d866a459b1408 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20F=C3=B6rster?= Date: Tue, 5 Aug 2014 09:36:07 +0200 Subject: [PATCH] [app-emulation/qemu] version bump --- app-emulation/qemu/Manifest | 2 +- .../qemu/files/qemu-2.0.0-CVE-2013-4541.patch | 40 ------ .../qemu/files/qemu-2.0.0-CVE-2014-0222.patch | 48 ------- .../qemu/files/qemu-2.0.0-CVE-2014-0223.patch | 57 -------- .../qemu-2.0.0-qcow-check-max-sizes.patch | 52 ------- .../qemu-2.0.0-usb-post-load-checks.patch | 41 ------ ...qemu-9999-virtfs-proxy-helper-accept.patch | 30 ---- app-emulation/qemu/files/qemu-binfmt.initd-r1 | 54 +++++--- app-emulation/qemu/files/qemu-kvm-1.4 | 3 - ...qemu-2.0.0-r1.ebuild => qemu-2.1.0.ebuild} | 129 ++++++++++-------- 10 files changed, 104 insertions(+), 352 deletions(-) delete mode 100644 app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch delete mode 100644 app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch delete mode 100644 app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch delete mode 100644 app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch delete mode 100644 app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch delete mode 100644 app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch delete mode 100644 app-emulation/qemu/files/qemu-kvm-1.4 rename app-emulation/qemu/{qemu-2.0.0-r1.ebuild => qemu-2.1.0.ebuild} (81%) diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest index 1927505..b6de635 100644 --- a/app-emulation/qemu/Manifest +++ b/app-emulation/qemu/Manifest @@ -1 +1 @@ -DIST qemu-2.0.0.tar.bz2 12839647 SHA256 60cc1aa0cad39cec891f970bed60ca8a484f071adad4943123599ac223543a3b SHA512 8fe2e8faa66251aaea7d6017ee71675d5b05f93f92be7e2ad3e1d02af185b3d6c4069bd83a13fb1e35a3e8947aff76f22446b395f97ac18b6f7a99744202e3fa WHIRLPOOL 6b39916acdcaa5e22510afec8a972935e71064de9ff0a3f9a698a8142f66b130a24d0a38cc56a7a92dbdc78d5145abe743a9c6933f819ce9e682b7cffdac1508 +DIST qemu-2.1.0.tar.bz2 23563306 SHA256 397e23184f4bf613589a8fe0c6542461dc2afdf17ed337e97e6fd2f31e8f8802 SHA512 8c00fd61432420229d762fa2ccf91cb8cec20206e2ec02ab2df13c6b3b9de7605fbfacb0fadd21f20f13c1de4c5216d8b11538738c0d0e5094582ded7c668f2e WHIRLPOOL 9d28aab8e20a5a60e85709d7a192a45425605693e54452f54decd65ecc77b504f1bc6ff60f5e9428314fb04911f966753f39a189adc8aa85776fd3c49b5a6858 diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch deleted file mode 100644 index c4e0d81..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2013-4541.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:25 +0300 -Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load - -CVE-2013-4541 - -s->setup_len and s->setup_index are fed into usb_packet_copy as -size/offset into s->data_buf, it's possible for invalid state to exploit -this to load arbitrary data. - -setup_len and setup_index should be checked to make sure -they are not negative. - -Cc: Gerd Hoffmann -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Gerd Hoffmann -Signed-off-by: Juan Quintela ---- - hw/usb/bus.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/bus.c b/hw/usb/bus.c -index fe70429..e48b19f 100644 ---- a/hw/usb/bus.c -+++ b/hw/usb/bus.c -@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id) - } else { - dev->attached = 1; - } -- if (dev->setup_index >= sizeof(dev->data_buf) || -+ if (dev->setup_index < 0 || -+ dev->setup_len < 0 || -+ dev->setup_index >= sizeof(dev->data_buf) || - dev->setup_len >= sizeof(dev->data_buf)) { - return -EINVAL; - } --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch deleted file mode 100644 index 754ad48..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0222.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 42eb58179b3b215bb507da3262b682b8a2ec10b5 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 15 May 2014 16:10:11 +0200 -Subject: [PATCH] qcow1: Validate L2 table size (CVE-2014-0222) - -Too large L2 table sizes cause unbounded allocations. Images actually -created by qemu-img only have 512 byte or 4k L2 tables. - -To keep things consistent with cluster sizes, allow ranges between 512 -bytes and 64k (in fact, down to 1 entry = 8 bytes is technically -working, but L2 table sizes smaller than a cluster don't make a lot of -sense). - -This also means that the number of bytes on the virtual disk that are -described by the same L2 table is limited to at most 8k * 64k or 2^29, -preventively avoiding any integer overflows. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Benoit Canet ---- - block/qcow.c | 8 ++++++++ - tests/qemu-iotests/092 | 15 +++++++++++++++ - tests/qemu-iotests/092.out | 11 +++++++++++ - 3 files changed, 34 insertions(+) - -diff --git a/block/qcow.c b/block/qcow.c -index e60df23..e8038e5 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -139,6 +139,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - goto fail; - } - -+ /* l2_bits specifies number of entries; storing a uint64_t in each entry, -+ * so bytes = num_entries << 3. */ -+ if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) { -+ error_setg(errp, "L2 table size must be between 512 and 64k"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret = -EINVAL; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch b/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch deleted file mode 100644 index a5b20a4..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-CVE-2014-0223.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 46485de0cb357b57373e1ca895adedf1f3ed46ec Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 8 May 2014 13:08:20 +0200 -Subject: [PATCH] qcow1: Validate image size (CVE-2014-0223) - -A huge image size could cause s->l1_size to overflow. Make sure that -images never require a L1 table larger than what fits in s->l1_size. - -This cannot only cause unbounded allocations, but also the allocation of -a too small L1 table, resulting in out-of-bounds array accesses (both -reads and writes). - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf ---- - block/qcow.c | 16 ++++++++++++++-- - tests/qemu-iotests/092 | 9 +++++++++ - tests/qemu-iotests/092.out | 7 +++++++ - 3 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/block/qcow.c b/block/qcow.c -index e8038e5..3566c05 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -61,7 +61,7 @@ typedef struct BDRVQcowState { - int cluster_sectors; - int l2_bits; - int l2_size; -- int l1_size; -+ unsigned int l1_size; - uint64_t cluster_offset_mask; - uint64_t l1_table_offset; - uint64_t *l1_table; -@@ -166,7 +166,19 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - - /* read the level 1 table */ - shift = s->cluster_bits + s->l2_bits; -- s->l1_size = (header.size + (1LL << shift) - 1) >> shift; -+ if (header.size > UINT64_MAX - (1LL << shift)) { -+ error_setg(errp, "Image too large"); -+ ret = -EINVAL; -+ goto fail; -+ } else { -+ uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift; -+ if (l1_size > INT_MAX / sizeof(uint64_t)) { -+ error_setg(errp, "Image too large"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ s->l1_size = l1_size; -+ } - - s->l1_table_offset = header.l1_table_offset; - s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t)); --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch b/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch deleted file mode 100644 index 54fdd79..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-qcow-check-max-sizes.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Wed, 7 May 2014 17:30:30 +0200 -Subject: [PATCH] qcow1: Check maximum cluster size - -Huge values for header.cluster_bits cause unbounded allocations (e.g. -for s->cluster_cache) and crash qemu this way. Less huge values may -survive those allocations, but can cause integer overflows later on. - -The only cluster sizes that qemu can create are 4k (for standalone -images) and 512 (for images with backing files), so we can limit it -to 64k. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Reviewed-by: Benoit Canet ---- - block/qcow.c | 10 ++++++-- - tests/qemu-iotests/092 | 63 ++++++++++++++++++++++++++++++++++++++++++++++ - tests/qemu-iotests/092.out | 13 ++++++++++ - tests/qemu-iotests/group | 1 + - 4 files changed, 85 insertions(+), 2 deletions(-) - create mode 100755 tests/qemu-iotests/092 - create mode 100644 tests/qemu-iotests/092.out - -diff --git a/block/qcow.c b/block/qcow.c -index 3684794..e60df23 100644 ---- a/block/qcow.c -+++ b/block/qcow.c -@@ -128,11 +128,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, - goto fail; - } - -- if (header.size <= 1 || header.cluster_bits < 9) { -- error_setg(errp, "invalid value in qcow header"); -+ if (header.size <= 1) { -+ error_setg(errp, "Image size is too small (must be at least 2 bytes)"); - ret = -EINVAL; - goto fail; - } -+ if (header.cluster_bits < 9 || header.cluster_bits > 16) { -+ error_setg(errp, "Cluster size must be between 512 and 64k"); -+ ret = -EINVAL; -+ goto fail; -+ } -+ - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret = -EINVAL; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch b/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch deleted file mode 100644 index 4e85c59..0000000 --- a/app-emulation/qemu/files/qemu-2.0.0-usb-post-load-checks.patch +++ /dev/null @@ -1,41 +0,0 @@ -https://bugs.gentoo.org/510208 - -From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Tue, 13 May 2014 12:33:16 +0300 -Subject: [PATCH] usb: fix up post load checks - -Correct post load checks: -1. dev->setup_len == sizeof(dev->data_buf) - seems fine, no need to fail migration -2. When state is DATA, passing index > len - will cause memcpy with negative length, - resulting in heap overflow - -First of the issues was reported by dgilbert. - -Reported-by: "Dr. David Alan Gilbert" -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela ---- - hw/usb/bus.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/usb/bus.c b/hw/usb/bus.c -index 699aa10..927a47b 100644 ---- a/hw/usb/bus.c -+++ b/hw/usb/bus.c -@@ -51,8 +51,8 @@ static int usb_device_post_load(void *opaque, int version_id) - } - if (dev->setup_index < 0 || - dev->setup_len < 0 || -- dev->setup_index >= sizeof(dev->data_buf) || -- dev->setup_len >= sizeof(dev->data_buf)) { -+ dev->setup_index > dev->setup_len || -+ dev->setup_len > sizeof(dev->data_buf)) { - return -EINVAL; - } - return 0; --- -1.9.3 - diff --git a/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch b/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch deleted file mode 100644 index f8a5249..0000000 --- a/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001 -From: Tim Comer -Date: Sat, 19 Apr 2014 12:51:42 -0400 -Subject: [PATCH] virtfs-proxy-helper: fix call to accept - -The current code calls accept() without initializing the size parameter -which means the accept call might write too much to the stack. - -URL: https://bugs.gentoo.org/486714 -Signed-off-by: Tim Comer -Signed-off-by: Mike Frysinger ---- - fsdev/virtfs-proxy-helper.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c -index bfecb87..cd291d3 100644 ---- a/fsdev/virtfs-proxy-helper.c -+++ b/fsdev/virtfs-proxy-helper.c -@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid) - return -1; - } - -+ size = sizeof(qemu); - client = accept(sock, (struct sockaddr *)&qemu, &size); - if (client < 0) { - do_perror("accept"); --- -1.9.2 - diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1 b/app-emulation/qemu/files/qemu-binfmt.initd-r1 index 4b1dba5..d9484bd 100644 --- a/app-emulation/qemu/files/qemu-binfmt.initd-r1 +++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1 @@ -1,16 +1,22 @@ #!/sbin/runscript -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/files/qemu-binfmt.initd-r1,v 1.3 2013/02/17 22:05:22 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/files/qemu-binfmt.initd-r1,v 1.5 2014/08/04 06:47:22 vapier Exp $ # enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel +# Defaulting to OC should be safe because it comes down to: +# - do we trust the interp itself to not be malicious? yes; we built it. +# - do we trust the programs we're running? ish; same permission as native +# binaries apply. so if user can do bad stuff natively, cross isn't worse. +: ${QEMU_BINFMT_FLAGS:=OC} + depend() { after procfs } start() { - ebegin "Registering qemu-user binaries" + ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})" if [ ! -d /proc/sys/fs/binfmt_misc ] ; then modprobe -q binfmt_misc @@ -50,55 +56,58 @@ start() { # register the interpreter for each cpu except for the native one if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then - echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register - echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P' > /proc/sys/fs/binfmt_misc/register + echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then - echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:P' > /proc/sys/fs/binfmt_misc/register + echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then - echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:P' > /proc/sys/fs/binfmt_misc/register + echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then - echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:P' > /proc/sys/fs/binfmt_misc/register + echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register + fi + if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then + echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then - echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:P' > /proc/sys/fs/binfmt_misc/register + echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then - echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:P' > /proc/sys/fs/binfmt_misc/register + echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then - echo 'Please check cpu value and header information for m68k!' - echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:P' > /proc/sys/fs/binfmt_misc/register + #echo 'Please check cpu value and header information for m68k!' + echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then # FIXME: We could use the other endianness on a MIPS host. - echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:P' > /proc/sys/fs/binfmt_misc/register + echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then - echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:P' > /proc/sys/fs/binfmt_misc/register + echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then - echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:P' > /proc/sys/fs/binfmt_misc/register + echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then - echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:P' > /proc/sys/fs/binfmt_misc/register + echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then - echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:P' > /proc/sys/fs/binfmt_misc/register + echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then - echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:P' > /proc/sys/fs/binfmt_misc/register + echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then - echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:P' > /proc/sys/fs/binfmt_misc/register + echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then - echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:P' > /proc/sys/fs/binfmt_misc/register + echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi - if [ $cpu != "s390x" -a -x "/usr/local/bin/qemu-s390x" ] ; then - echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:P' > /proc/sys/fs/binfmt_misc/register + if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then + echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register fi eend $? } @@ -110,6 +119,7 @@ stop() { arches="${arches} i386 i486" arches="${arches} alpha" arches="${arches} arm armeb" + arches="${arches} aarch64" arches="${arches} sparc" arches="${arches} ppc" arches="${arches} m68k" diff --git a/app-emulation/qemu/files/qemu-kvm-1.4 b/app-emulation/qemu/files/qemu-kvm-1.4 deleted file mode 100644 index 08da00b..0000000 --- a/app-emulation/qemu/files/qemu-kvm-1.4 +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@" diff --git a/app-emulation/qemu/qemu-2.0.0-r1.ebuild b/app-emulation/qemu/qemu-2.1.0.ebuild similarity index 81% rename from app-emulation/qemu/qemu-2.0.0-r1.ebuild rename to app-emulation/qemu/qemu-2.1.0.ebuild index ef3d9ab..9b22f48 100644 --- a/app-emulation/qemu/qemu-2.0.0-r1.ebuild +++ b/app-emulation/qemu/qemu-2.1.0.ebuild @@ -1,9 +1,11 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.0.0-r1.ebuild,v 1.2 2014/05/31 16:14:44 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0.ebuild,v 1.1 2014/08/04 06:45:21 vapier Exp $ EAPI=5 +#MY_P="${P/_/-}" + PYTHON_COMPAT=( python{2_6,2_7} ) PYTHON_REQ_USE="ncurses,readline" @@ -31,10 +33,10 @@ LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \ gtk iscsi +jpeg \ -kernel_linux kernel_FreeBSD ncurses opengl +png pulseaudio python \ -rbd sasl +seccomp sdl selinux smartcard spice ssh static static-softmmu \ -static-user systemtap tci test +threads tls usb usbredir +uuid vde +vhost-net \ -virtfs +vnc xattr xen xfs" +kernel_linux kernel_FreeBSD lzo ncurses nls numa opengl +png pulseaudio python \ +rbd sasl +seccomp sdl selinux smartcard snappy spice ssh static static-softmmu \ +static-user systemtap tci test +threads tpm tls usb usbredir +uuid vde \ ++vhost-net virtfs +vnc xattr xen xfs" COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32 @@ -71,12 +73,14 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) jpeg? ( virtual/jpeg[static-libs(+)] ) + lzo? ( dev-libs/lzo[static-libs(+)] ) ncurses? ( sys-libs/ncurses[static-libs(+)] ) png? ( media-libs/libpng[static-libs(+)] ) rbd? ( sys-cluster/ceph[static-libs(+)] ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) sdl? ( >=media-libs/libsdl-1.2.11[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + snappy? ( app-arch/snappy[static-libs(+)] ) spice? ( >=app-emulation/spice-0.12.0[static-libs(+)] ) ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) tls? ( net-libs/gnutls[static-libs(+)] ) @@ -123,6 +127,7 @@ DEPEND="${RDEPEND} sys-apps/texinfo virtual/pkgconfig kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) static-softmmu? ( ${SOFTMMU_LIB_DEPEND} ) static-user? ( ${USER_LIB_DEPEND} ) test? ( @@ -228,19 +233,18 @@ pkg_setup() { enewgroup kvm 78 } +#S="${WORKDIR}/${MY_P}" + src_prepare() { # Alter target makefiles to accept CFLAGS set via flag-o sed -i -r \ -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ Makefile Makefile.target || die + # Cheap hack to disable gettext .mo generation. + use nls || rm -f po/*.po + epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch - epatch "${FILESDIR}"/qemu-9999-virtfs-proxy-helper-accept.patch #486714 - epatch "${FILESDIR}"/${P}-CVE-2013-4541.patch #510208 - epatch "${FILESDIR}"/${P}-usb-post-load-checks.patch #510208 - epatch "${FILESDIR}"/${P}-qcow-check-max-sizes.patch #510234 - epatch "${FILESDIR}"/${P}-CVE-2014-0222.patch #510234 - epatch "${FILESDIR}"/${P}-CVE-2014-0223.patch #510234 [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ epatch @@ -301,11 +305,15 @@ qemu_src_configure() { --disable-curses --disable-kvm --disable-libiscsi + --disable-lzo --disable-glusterfs + --disable-numa + --disable-snappy --disable-seccomp --disable-sdl --disable-smartcard-nss --disable-tools + --disable-tpm --disable-vde --disable-libssh2 --disable-libusb @@ -329,15 +337,19 @@ qemu_src_configure() { $(use_enable iscsi libiscsi) $(use_enable jpeg vnc-jpeg) $(use_enable kernel_linux kvm) + $(use_enable lzo) $(use_enable ncurses curses) + $(use_enable numa) $(use_enable opengl glx) $(use_enable png vnc-png) $(use_enable rbd) $(use_enable sasl vnc-sasl) $(use_enable seccomp) $(use_enable smartcard smartcard-nss) + $(use_enable snappy) $(use_enable spice) $(use_enable ssh libssh2) + $(use_enable tpm) $(use_enable tls vnc-tls) $(use_enable tls vnc-ws) $(use_enable usb libusb) @@ -433,6 +445,7 @@ src_compile() { src_test() { if [[ -n ${softmmu_targets} ]]; then cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 emake -j1 check emake -j1 check-report.html fi @@ -490,58 +503,58 @@ src_install() { dodoc docs/qmp/*.txt # Remove SeaBIOS since we're using the SeaBIOS packaged ones - rm "${ED}/usr/share/qemu/bios.bin" - rm "${ED}/usr/share/qemu/bios-256k.bin" - rm "${ED}/usr/share/qemu/kvmvapic.bin" - rm "${ED}/usr/share/qemu/linuxboot.bin" - rm "${ED}/usr/share/qemu/multiboot.bin" - rm "${ED}/usr/share/qemu/acpi-dsdt.aml" - rm "${ED}/usr/share/qemu/q35-acpi-dsdt.aml" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin - dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin - dosym ../seabios/kvmvapic.bin /usr/share/qemu/kvmvapic.bin - dosym ../seabios/linuxboot.bin /usr/share/qemu/linuxboot.bin - dosym ../seabios/multiboot.bin /usr/share/qemu/multiboot.bin - dosym ../seabios/acpi-dsdt.aml /usr/share/qemu/acpi-dsdt.aml - dosym ../seabios/q35-acpi-dsdt.aml /usr/share/qemu/q35-acpi-dsdt.aml - fi + if [[ -n ${softmmu_targets} ]]; then + rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" + rm "${ED}/usr/share/qemu/kvmvapic.bin" + rm "${ED}/usr/share/qemu/linuxboot.bin" + rm "${ED}/usr/share/qemu/multiboot.bin" + rm "${ED}/usr/share/qemu/acpi-dsdt.aml" + rm "${ED}/usr/share/qemu/q35-acpi-dsdt.aml" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin + dosym ../seabios/kvmvapic.bin /usr/share/qemu/kvmvapic.bin + dosym ../seabios/linuxboot.bin /usr/share/qemu/linuxboot.bin + dosym ../seabios/multiboot.bin /usr/share/qemu/multiboot.bin + dosym ../seabios/acpi-dsdt.aml /usr/share/qemu/acpi-dsdt.aml + dosym ../seabios/q35-acpi-dsdt.aml /usr/share/qemu/q35-acpi-dsdt.aml + fi - # Remove vgabios since we're using the seabios packaged one - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" - rm "${ED}/usr/share/qemu/vgabios-qxl.bin" - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" - rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../seabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../seabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../seabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../seabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin - fi + # Remove vgabios since we're using the seabios packaged one + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi - # Remove sgabios since we're using the sgabios packaged one - rm "${ED}/usr/share/qemu/sgabios.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin - fi + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi - # Remove iPXE since we're using the iPXE packaged one - rm "${ED}"/usr/share/qemu/pxe-*.rom - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi fi qemu_support_kvm && readme.gentoo_create_doc } pkg_postinst() { - local virtfs_caps= - if qemu_support_kvm; then readme.gentoo_print_elog ewarn "Migration from qemu-kvm instances and loading qemu-kvm created" @@ -561,11 +574,11 @@ pkg_postinst() { fi fi - virtfs_caps+="cap_chown,cap_dac_override,cap_fowner,cap_fsetid," - virtfs_caps+="cap_setgid,cap_mknod,cap_setuid" - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper - use virtfs && fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper + if use virtfs && [ -n "${softmmu_targets}" ]; then + local virtfs_caps="cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_mknod,cap_setuid" + fcaps ${virtfs_caps} /usr/bin/virtfs-proxy-helper + fi } pkg_info() {