[app-emulation/qemu] version bump

app-emulation/qemu/Manifest

@@ -1 +1 @@
-DIST qemu-2.1.0.tar.bz2 23563306 SHA256 397e23184f4bf613589a8fe0c6542461dc2afdf17ed337e97e6fd2f31e8f8802 SHA512 8c00fd61432420229d762fa2ccf91cb8cec20206e2ec02ab2df13c6b3b9de7605fbfacb0fadd21f20f13c1de4c5216d8b11538738c0d0e5094582ded7c668f2e WHIRLPOOL 9d28aab8e20a5a60e85709d7a192a45425605693e54452f54decd65ecc77b504f1bc6ff60f5e9428314fb04911f966753f39a189adc8aa85776fd3c49b5a6858
+DIST qemu-2.1.1.tar.bz2 23567029 SHA256 be57bac8a8a1b47d76eecaa58b7eda390b7be8e5fdcbecfdf1a174380fc493e9 SHA512 4307b4d3d1227d69007391d87e1a3936dfbf188bbf512a0d97fbfdb475e7bf74593d5c5578b4e3aee396caa654a50ae3c132043087c1da78c182dad91b322295 WHIRLPOOL a1ff00a6f21e6667db87581f5975775c51ec0ef703ee6715ee8cc0b3cdca8b1c08607abfda956e8da2daa7be4f794e8f693f23d6fd15981c5c50b98388b0418d

app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch

@@ -1,36 +0,0 @@
-https://bugs.gentoo.org/520688
-
-From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001
-From: Gonglei <arei.gonglei@huawei.com>
-Date: Wed, 20 Aug 2014 13:52:30 +0800
-Subject: [PATCH] pcihp: fix possible array out of bounds
-
-Prevent out-of-bounds array access on
-acpi_pcihp_pci_status.
-
-Signed-off-by: Gonglei <arei.gonglei@huawei.com>
-Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
----
- hw/acpi/pcihp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
-index fae663a..34dedf1 100644
---- a/hw/acpi/pcihp.c
-+++ b/hw/acpi/pcihp.c
-@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
-     uint32_t val = 0;
-     int bsel = s->hotplug_select;
- 
--    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-+    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-         return 0;
-     }
- 
--- 
-2.0.0
-

app-emulation/qemu/files/qemu-2.1.1-readlink-self.patch

@@ -0,0 +1,81 @@
+fix already in upstream
+
+From f17f4989fa193fa8279474c5462289a3cfe69aea Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Fri, 8 Aug 2014 09:40:25 +0900
+Subject: [PATCH] linux-user: fix readlink handling with magic exe symlink
+
+The current code always returns the length of the path when it should
+be returning the number of bytes it wrote to the output string.
+
+Further, readlink is not supposed to append a NUL byte, but the current
+snprintf logic will always do just that.
+
+Even further, if you pass in a length of 0, you're suppoesd to get back
+an error (EINVAL), but the current logic just returns 0.
+
+Further still, if there was an error reading the symlink, we should not
+go ahead and try to read the target buffer as it is garbage.
+
+Simple test for the first two issues:
+$ cat test.c
+int main() {
+    char buf[50];
+    size_t len;
+    for (len = 0; len < 10; ++len) {
+        memset(buf, '!', sizeof(buf));
+        ssize_t ret = readlink("/proc/self/exe", buf, len);
+        buf[20] = '\0';
+        printf("readlink(/proc/self/exe, {%s}, %zu) = %zi\n", buf, len, ret);
+    }
+    return 0;
+}
+
+Now compare the output of the native:
+$ gcc test.c -o /tmp/x
+$ /tmp/x
+$ strace /tmp/x
+
+With what qemu does:
+$ armv7a-cros-linux-gnueabi-gcc test.c -o /tmp/x -static
+$ qemu-arm /tmp/x
+$ qemu-arm -strace /tmp/x
+
+Signed-off-by: Mike Frysinger <vapier@chromium.org>
+Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
+---
+ linux-user/syscall.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index fccf9f0..7c108ab 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -6636,11 +6636,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
+             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
+             if (!p || !p2) {
+                 ret = -TARGET_EFAULT;
++            } else if (!arg3) {
++                /* Short circuit this for the magic exe check. */
++                ret = -TARGET_EINVAL;
+             } else if (is_proc_myself((const char *)p, "exe")) {
+                 char real[PATH_MAX], *temp;
+                 temp = realpath(exec_path, real);
+-                ret = temp == NULL ? get_errno(-1) : strlen(real) ;
+-                snprintf((char *)p2, arg3, "%s", real);
++                /* Return value is # of bytes that we wrote to the buffer. */
++                if (temp == NULL) {
++                    ret = get_errno(-1);
++                } else {
++                    /* Don't worry about sign mismatch as earlier mapping
++                     * logic would have thrown a bad address error. */
++                    ret = MIN(strlen(real), arg3);
++                    /* We cannot NUL terminate the string. */
++                    memcpy(p2, real, ret);
++                }
+             } else {
+                 ret = get_errno(readlink(path(p), p2, arg3));
+             }
+-- 
+2.0.0
+

app-emulation/qemu/qemu-2.1.1.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.0.ebuild,v 1.8 2014/08/05 09:29:12 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-2.1.1.ebuild,v 1.1 2014/09/12 07:01:42 vapier Exp $
 
 EAPI=5
 
@@ -64,8 +64,13 @@ REQUIRED_USE="|| ( ${use_targets} )
 	virtfs? ( xattr )"
 
 # Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
+#
+# The attr lib isn't always linked in (although the USE flag is always
+# respected).  This is because qemu supports using the C library's API
+# when available rather than always using the extranl library.
 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
-	sys-libs/zlib[static-libs(+)]"
+	sys-libs/zlib[static-libs(+)]
+	xattr? ( sys-apps/attr[static-libs(+)] )"
 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
 	aio? ( dev-libs/libaio[static-libs(+)] )
@@ -91,7 +96,6 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	usb? ( >=dev-libs/libusb-1.0.18[static-libs(+)] )
 	uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
 	vde? ( net-misc/vde[static-libs(+)] )
-	xattr? ( sys-apps/attr[static-libs(+)] )
 	xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
 USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
 X86_FIRMWARE_DEPEND="
@@ -149,7 +153,9 @@ QA_PREBUILT="
 	usr/share/qemu/openbios-sparc64
 	usr/share/qemu/openbios-sparc32
 	usr/share/qemu/palcode-clipper
-	usr/share/qemu/s390-ccw.img"
+	usr/share/qemu/s390-ccw.img
+	usr/share/qemu/u-boot.e500
+"
 
 QA_WX_LOAD="usr/bin/qemu-i386
 	usr/bin/qemu-x86_64
@@ -252,7 +258,7 @@ src_prepare() {
 	use nls || rm -f po/*.po
 
 	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
-	epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688
+	epatch "${FILESDIR}"/${PN}-2.1.1-readlink-self.patch
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch
@@ -300,6 +306,7 @@ qemu_src_configure() {
 		$(use_enable debug debug-tcg)
 		--enable-docs
 		$(use_enable tci tcg-interpreter)
+		$(use_enable xattr attr)
 	)
 
 	# Disable options not used by user targets as the default configure
@@ -348,7 +355,6 @@ qemu_src_configure() {
 		$(conf_softmmu vhost-net)
 		$(conf_softmmu virtfs)
 		$(conf_softmmu vnc)
-		$(conf_softmmu xattr attr)
 		$(conf_softmmu xen)
 		$(conf_softmmu xen xen-pci-passthrough)
 		$(conf_softmmu xfs xfsctl)