From b1aa1d68aa681342fec240ab904ef4d7459d59f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20F=C3=B6rster?= <Dessa@gmake.de>
Date: Thu, 28 Aug 2014 10:43:18 +0200
Subject: [PATCH] [app-emulation/qemu] sync

---
 app-emulation/qemu/files/CVE-2014-5388.patch  | 12 -------
 .../qemu/files/qemu-2.1.0-CVE-2014-5388.patch | 36 +++++++++++++++++++
 app-emulation/qemu/qemu-2.1.0-r1.ebuild       |  2 +-
 3 files changed, 37 insertions(+), 13 deletions(-)
 delete mode 100644 app-emulation/qemu/files/CVE-2014-5388.patch
 create mode 100644 app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch

diff --git a/app-emulation/qemu/files/CVE-2014-5388.patch b/app-emulation/qemu/files/CVE-2014-5388.patch
deleted file mode 100644
index 3481e9e..0000000
--- a/app-emulation/qemu/files/CVE-2014-5388.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
---- hw/acpi/pcihp.c.orig	2014-08-27 12:53:38.200621592 +0000
-+++ hw/acpi/pcihp.c	2014-08-27 12:53:58.390518561 +0000
-@@ -231,7 +231,7 @@
-     uint32_t val = 0;
-     int bsel = s->hotplug_select;
- 
--    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-+    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
-         return 0;
-     }
- 
diff --git a/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
new file mode 100644
index 0000000..26a012b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.1.0-CVE-2014-5388.patch
@@ -0,0 +1,36 @@
+https://bugs.gentoo.org/520688
+
+From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Wed, 20 Aug 2014 13:52:30 +0800
+Subject: [PATCH] pcihp: fix possible array out of bounds
+
+Prevent out-of-bounds array access on
+acpi_pcihp_pci_status.
+
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
+---
+ hw/acpi/pcihp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
+index fae663a..34dedf1 100644
+--- a/hw/acpi/pcihp.c
++++ b/hw/acpi/pcihp.c
+@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
+     uint32_t val = 0;
+     int bsel = s->hotplug_select;
+ 
+-    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
++    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+         return 0;
+     }
+ 
+-- 
+2.0.0
+
diff --git a/app-emulation/qemu/qemu-2.1.0-r1.ebuild b/app-emulation/qemu/qemu-2.1.0-r1.ebuild
index 8b5c7ea..e6fa241 100644
--- a/app-emulation/qemu/qemu-2.1.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-2.1.0-r1.ebuild
@@ -252,7 +252,7 @@ src_prepare() {
 	use nls || rm -f po/*.po
 
 	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
-	epatch "${FILESDIR}"/CVE-2014-5388.patch
+	epatch "${FILESDIR}"/${P}-CVE-2014-5388.patch #520688
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch