aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAric Belsito <lluixhi@gmail.com>2017-07-26 12:10:10 -0700
committerAric Belsito <lluixhi@gmail.com>2017-07-26 12:11:09 -0700
commit733898218545d7f941e865f69a628b9792ca25ff (patch)
tree62bef53004c490cf5cabaf1eec29be2f03f46f5f /app-emulation
parentsys-power/upower: 0.99.5 in main tree (diff)
downloadmusl-733898218545d7f941e865f69a628b9792ca25ff.tar.gz
musl-733898218545d7f941e865f69a628b9792ca25ff.tar.bz2
musl-733898218545d7f941e865f69a628b9792ca25ff.zip
app-emulation/qemu: version bump to 2.9.0-r56
Remove qemu-2.8.1-r2
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/qemu/Manifest34
-rw-r--r--app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch32
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch40
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch46
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch35
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch38
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch52
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch55
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch41
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch35
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch40
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch64
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch38
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch35
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch87
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch50
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch52
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch49
-rw-r--r--app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch64
-rw-r--r--app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch28
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch47
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch50
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch40
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch29
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch601
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch122
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch114
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch80
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch197
-rw-r--r--app-emulation/qemu/qemu-2.8.1-r2.ebuild770
-rw-r--r--app-emulation/qemu/qemu-2.9.0-r2.ebuild4
-rw-r--r--app-emulation/qemu/qemu-2.9.0-r56.ebuild (renamed from app-emulation/qemu/qemu-2.9.0-r54.ebuild)23
32 files changed, 1309 insertions, 1683 deletions
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index c719930..5fe223b 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -4,36 +4,24 @@ AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930 SH
AUX qemu-2.2.0-_sigev_un.patch 638 SHA256 1f66c5a55ec94d73182cd25f3de5490cdb075542246a37d206cfb7b4a99a40a4 SHA512 5a2f9af1b60fd5a088679f3481b8d0317da88d4922b02289265b8d193b3589dd6d498e66531fc37ed86b97f4a648a1068f2da646e381d89c472716ef58190eb1 WHIRLPOOL 8444edaa4e5d59a337a7ebba71807b51941642517e5e762fb3458fde1a53c63c919ca809e5f32b503f1a92e4ccd2d21a057995fec56fcf846246dadccbdc863f
AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
-AUX qemu-2.7.0-CVE-2016-8669-1.patch 1010 SHA256 3bc03869bede80013abb94ee029625a382c8059bc9474d9f6fd8e23840cff159 SHA512 53643363a470fba9b82c02b90f2573e45f59f5057993b2c15e1608916ece7f8582b4a84179e8ee70fcb8e3f3eb8a538a058401049ea38242bdb640c14ec54f7e WHIRLPOOL 873ed9b9784bb5757a07c1a494f70603cbe82751222d68a883327424e0d7e87d536400eca5fc7406080cbde2ab0a8fe0b3ee5c6dff81624db5d6d5964fec81be
-AUX qemu-2.8.0-CVE-2016-10028.patch 1384 SHA256 25a9f2b2014bbcbb008683211503716a2b4a0e8d96ea001d32b87d451cee1842 SHA512 6cfad99e54cfaea97f5c14fbbfe35768a8ea46196117bf770725e1079f9bccca3b7071416a14e60a36c3c919760ab49663fc8b551026c8cd58c10b3f2d7940b4 WHIRLPOOL 5c0c8350112cb63c8b3db7a15a9090cd2fba879317565b108285fd92c23a8b75a593a65d94b6e448086b126a735056065d07c1877abdb6815ebaa430cf4adabf
-AUX qemu-2.8.0-CVE-2016-10155.patch 1558 SHA256 53c20d983847a716f3f708c50ffbeb9d44fd8718f39d86556ae44394d1b2a624 SHA512 4ebfba87927c9f58fe1a0aa05b5850d391698617ce7c3e002d3adfd981ed8c23d35a6863e14f52264576dda31f84dc25421d2f930547f82ccfde126137d91aea WHIRLPOOL 44366afdf52eed47c28a6e9cec1ee7c613b5bac6441cf4f7bf29b30ef6ec7504e72a2d8c873a949e46f1cfd3055a407b673d6151802ab3c957cde8faaed20903
-AUX qemu-2.8.0-CVE-2016-9908.patch 1166 SHA256 22ef4999a3daf3c46a3c90ca20fb131545d4d0befeff7c3ca870585a3e03b7b7 SHA512 c46abda3a5b1a68c7c2e5236f8e424f4569a28ba2aea9b8ec32467e55b535492da6e4702d4758a5721f1bf222f7f2554a5e4c9a190781d60c40202a5291dcf49 WHIRLPOOL aa8087350770ecbb60049e3269ddf9d68258657ef6a088b562e344056689e578a390328dde9c5d2b5024e7fa03995b571295a1d64943d9b3882cf0c5f833dbd8
-AUX qemu-2.8.0-CVE-2016-9912.patch 1307 SHA256 e3eac321492a9ef42d88b04877511255c3731a9bb029d7c6ab2da0aa8f09e2d8 SHA512 f9ba4f167334d9b934c37fbed21ded8b3d71e5bdbdb1f15f81d4423b0790bfa127637155d5863b563fa974f1421c4ace1f2a4e3e81e3ae3d6045b2083210b103 WHIRLPOOL 7aa8dab7b6462f142365d274e6131ca1630c396e36c851cb562c081c4243c58e2ae22cf682e51145af08befcaba395254c765cf56112a6c177e1c9a18ffb5926
-AUX qemu-2.8.0-CVE-2017-5525-1.patch 1625 SHA256 88e253c306761017d66dca5b72184f89cebf3b617db7bc0e4b27025757a66181 SHA512 a7f82374ec4e264b065be7ba63c197d93fee230d68819bf68a0a67c84f89182d0cc0a42b9aadf53a8a903d640dacc55392174c7820379e92ad0e35c86c35a2dd WHIRLPOOL 63e192dc0e075139f18aee2d0541c75021852a7d7251321ca8fe7f9b793c72786a6aab878e308931289eab3c07c3cbbc8ad32b67de1193f85b672e16a8372495
-AUX qemu-2.8.0-CVE-2017-5525-2.patch 1664 SHA256 ab03a1cff62164090133f0dbace9724302e806a808b18d64628d12f0bd9abad6 SHA512 ac1d89331c3fc4d0ef7af411a12654329057676e9f016cb9a4a46dc9b4e01092c17af33d095f3104e71094ae585a35a8276a98560dd97f8d045e0b9fd2f0069f WHIRLPOOL 20457d7fe5b3842c0c601068dba410586fc4b4c7fce81ba3ee436a6cfec3b1b950797d6ca9a2a573fef21a29421f8c04a34d1dfefe0b7ade03a6ca51d16d99cb
-AUX qemu-2.8.0-CVE-2017-5552.patch 1481 SHA256 26616f16434b3aff65b1cd1ce82c6abdfbd44da8a047a5a32b1e07755c9a3e1b SHA512 3c3f5027be3bfe56c1445004bd28536e11f606cc6787fcefad3da267eb3e11b61110c8a4700fd9d6f95ce50f10a2678b2bc6f950297b949b837882a68901d6e5 WHIRLPOOL ca93726b8a0567f68fac634eef1e88c997c1e959cafb33bc6ba8871d9021591bb61be6b3635d3fac111e1e177dbbff939c93580d7f0824e752b378dbc38fbc45
-AUX qemu-2.8.0-CVE-2017-5578.patch 1084 SHA256 a7639fc84377b23ebc55dbb1c6d8c53bb2e6230be03b2efba78108257058d8b4 SHA512 8d160d56a94ec9380640badcab29fdd05f2f665377febd1b7e71a9c619d9db963eaa74cf74a2e0287fd2f6e2a7d4bce0f8e4281b3b0292347eece52b7344243b WHIRLPOOL efd3238bf720a1051a41ea621601afeea7546cc7e48d4a7f23bc0b3277bee368bb259a2735e6290b4609e78a1e54e29fe1ba7b088824284787faddc84491d876
-AUX qemu-2.8.0-CVE-2017-5579.patch 1132 SHA256 df32524c24aa4d7d9166bb5e159ba10023c7777b9583e920bd8590feec433580 SHA512 d4669821ae8e06a31b852a31699aa26421ce5fb6c049573cb6613515da486e390d8ddf71adb4e6c1a45a15bb468bbb45df68cbf5e9388660c9c03866becb9edd WHIRLPOOL 0d5ed483c6e3f849fc4b9568a3af4c086258ef1162a4e11baa65bcf35eeb8a505c8b7de935175fdc53e7284e23eb492a95326cdea6c690283085136cb02d3b7a
-AUX qemu-2.8.0-CVE-2017-5856.patch 2224 SHA256 92ddbba8c0d21bdae5b11ae064c21da939cbbb1fd0e6aa10477efced6bf9582f SHA512 7e043d8299d67d33c12bf5591f0881029013852df2243c2ea747fc6c4d1d6c0acffbaef7538634a60f8f875da94bb71db3e3a07972de066b7ac5d49e4d3cb906 WHIRLPOOL b5f38b059e4305b352e3807c2b7762fe856d1067431452fbbf991415ad17f25d152225d9e0ea61b5e8175e42abebbb2abdd85ac37f301ac123f81af822ff2f02
-AUX qemu-2.8.0-CVE-2017-5857.patch 1326 SHA256 e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb SHA512 d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 WHIRLPOOL cbe84c67ba9bb368baf2b1842e8c7c1ee3fb720630bcd53fdbdef9e8f3efdb25c1a927d0f65c9d1f6def28defe6997943a7867e8225eb12e395a0811ad3e32a1
-AUX qemu-2.8.0-CVE-2017-5898.patch 1412 SHA256 7f44668d51a94d19fcca0f496d8ac798fd654afe25d2998f7d07a148a836ade9 SHA512 2cd9af4957849a5d72dc0f0fbb30852870306ebc0a348cf5951df58d3029d1aae52df9261d2e4a9d7a4f132f78c390af8a049e1f109b324899bccd91e5c10d1f WHIRLPOOL c48e1fe163761880adab990683dc5d54ee31173763f11239ffee7c229bd65a2958a696dede39e7e645860980e2a7c5c6e5873e5db53872ac373d8d2415a167ab
-AUX qemu-2.8.0-CVE-2017-5973.patch 2815 SHA256 206d01053ce678e2c83174b278755e112099f76350aaa765525d344a87365ded SHA512 31b4bd1b8398d8044ace7660a049c492beda83613818a718477257e0bdf922d63423100fd59f2e8411dc952d282a7c405b916ab437b131b31c21dcf65f98edce WHIRLPOOL ea43efbdd5fdc51e1b8b5057fbe50b3911896cbda8437998ca203d34db82524eb42a77440f2490574a48f15ba1c4bbb7d9c40bfb6e99e96278a1d1912ea210a7
-AUX qemu-2.8.0-CVE-2017-5987.patch 1889 SHA256 c4f2175970deca9b00bf657e66b8df31a02efce469eec02279a9659b9cb18bb0 SHA512 32708f91edbbb61ac444ee71b97a30138380544389f6265d7cb7aec330ebaaa7ca69844a9462c817fbda117e78748fc4fdeb655e70bcd72ddd8b112fd9619b0d WHIRLPOOL 1aa99740495c0d2a577cf13c47669aeba75ad389394736ce16fde31c91931254820accad85a6d6fee9757595bec3f222413a89fe4ca125913be7ecc97f33b365
-AUX qemu-2.8.0-CVE-2017-6505.patch 1481 SHA256 55e3b7e65e519caef4fdd28cccb973613759cce0d67eb64c2093b4f0a4e428e1 SHA512 5326f28a9340f392e4f32e4cd5f58cae0769859e10fd4d201983d40ec6b4d094d6a0cad2638e1e6f3e5228b93af26cc4f4a155e0d94bad89d0ea9b866f535aa7 WHIRLPOOL c88312cd5e779a98c905f175d61400ef7bb59795cc1e0392da0018a158a4c435ffa07f1e6a621db6eea925a0dbb986442eab4f79f956dc1955058fc97670f390
-AUX qemu-2.8.0-CVE-2017-7377.patch 1554 SHA256 36fbd8ec9fa7d910fde8b6b8905717b322bd23b50c2b2f925e1a2415ae306755 SHA512 195be1a75340c41aa89614aad8d07f2cf630eb10f3160cb8a86d85371ea9d7dcdbe9d49e9752ac3d6765c8d4c99c845408933b57cf21199f77ba09fcf79a02c8 WHIRLPOOL 8d7677ae3cfe18e34072ef23666c4658553a7d3b564d96e480ae432281d403242f2013d9fb189d473ab9c31def515401d22c04ba8e86d93d0369e95b1e371574
AUX qemu-2.8.0-F_SHLCK-and-F_EXLCK.patch 574 SHA256 d02353daa0ecfe161e938a5e54feab641b901f4a35c8f5831133676a6f53f43f SHA512 6b64750335aae1142ca9132fb766ac2aaeacfcdda0aa0cfca19afc4c3ea3806e30ce603fcec3767e40e84efb0ae8b9a23f21d46c807c13bb646be74f99e13389 WHIRLPOOL 7401c3daf162c71a5a5c3729855fddb5df95609b34c86ea0f4d872c8f132d6ac089cfb35a990af70aef8b7b63fe075a1e2be376b6db09bc70e8d51e48aded354
-AUX qemu-2.8.1-CVE-2017-7471.patch 2310 SHA256 ae5129c0f278de155f69e3d306038fa259c28ecb09a623262362163b00de85cc SHA512 dd5c5bc8e5ee9eb27516276d53f78ecde00b4fe5debbbdd8db1c3a2f2ef663667598acbb3b95f220e709ed89e1a0077733ca4fc1cb2fa0eb0f700e9931ddd003 WHIRLPOOL c91ddbdbc685dc76efc417087d680751aaade178593ca96fbff7b8ae1e0d0bdb659faee676d31b606e16c4adf446632a8a9350a57a1ac049b7649bdc0c3b8cf0
-AUX qemu-2.8.1-CVE-2017-8086.patch 751 SHA256 ff6f3bc1a94861da633f9e5517dde6b2719e227773941e7c9651281c77216589 SHA512 84197e80d28322efaa327dc7ad3ffc5e8bf791d89255e8ac7d5c5e9cebba3786c4e21008cbfb704de5323554a9d3f0873068c0a06493d4ca3b7849523eab6212 WHIRLPOOL 73f88468ba89d8384c04ffa3af646c8b628f1fa52f27866095f84ea1241f421763699ae18553d835133de70d7f244d0638d83d15881e5a3858a1128b14a1bcf3
+AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072
+AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
+AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
+AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
+AUX qemu-2.9.0-CVE-2017-7539.patch 22018 SHA256 523d41e08a2aab888e3e63b4dda6a19e535fe6fba2bf08b6ead06498ca923f29 SHA512 5c81488aeae78307bee551a3a037f3b9cf55971a17c5df17f89f31224bdfa0a5e79141341314546256bffe542b781ad25151c54340a63c766086a578e5465825 WHIRLPOOL 085fc7e7d40c803a3caf15cdee77ce553b385919678ecf4bbcc3f532af5e482ca804a167af43e4f393da93aed88285690d84a3054c7f0df61d603d0046029dbc
AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
+AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8
+AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d
+AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374
+AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
-DIST qemu-2.8.1.tar.bz2 28366270 SHA256 018e4c7ed22c220395cf41f835d01505e49d0e579a548bd3d72b03809442bbcd SHA512 0397b4029cdcb77ed053c44b3579a3f34894038e6fc6b4aa88de14515f5a78bf2f41c5e865f37111529f567c85d2f1c4deefae47dde54f76eac79410e5b2bdda WHIRLPOOL c41f53f18fac44efd1c81ba9d95204d23e9a70dc9c21624177be2fe92a327428fd5704b25bc334229fa36ae395fb4c82ba3955db39719c4458343978a4d3141a
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
-EBUILD qemu-2.8.1-r2.ebuild 22908 SHA256 b21f2820c166fcf91f0be3f8eb323b49d8c8ccebd4c376d9dbcdebbe751bac52 SHA512 3fa48453417e0cfa4d24f11fd5f234ec8790744c65154456328a24641a6f03cffb5b50ecf2bf81388fc18b12b382042e882fa853a09ae2288beb459e8658db5e WHIRLPOOL b5881ff308b91dc53b3115e278d5cd89d5f3f5d69ea7355fea2a048e471da1c4079eb245aa262ab2c19c6d75ddac1770acab3fa1c39d2c6e74cf72d84426e16f
-EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 f722fa40663602c90dc07139580a3bcc5bcae60ce1a3808f2f38adc2d13211b1 SHA512 51822cc9753b27e6fed97bdd1e4845cbcfb0c8a4a9f55256820127994a1b3beda96765b83a8c578637a968b261f1bf6ef4c1d6ae09491e9f5f9d94af5cdb5ce4 WHIRLPOOL 20f5b6786e60eae4260df3bcdfb9f94d128abc03f9458cf3e42ddf5bb1b0749ea26bc18ba58c47c4d131cb5ab02898f7097dd85c3d9d19ac6bc49062d9d8a57b
-EBUILD qemu-2.9.0-r54.ebuild 23455 SHA256 cf27b44542770cf10be0bd69481e13ccdef4d512d4d02f2388eaf441b1b2b9b8 SHA512 e1344e489cb298807c992f257954e28c0c2d24a517bdd907bc60ebf2380cebc26861161e2a5deba8c95da5af700de198951696061ea916ea9c6f1037264e89dc WHIRLPOOL 3b764803988879ef45a1b28f016d0ac732d8aa18c1fab92e52e18677fea7d3777967281c075dcdc3daa7da083c66c423d7d30ffe2d876811a776bcc5e2de63da
+EBUILD qemu-2.9.0-r2.ebuild 22065 SHA256 45015103d32a318241da3d34c7340786571b65dc580f8493853c35e0ad5541ec SHA512 7b69c749172677046a101778ba2d8078bf8f5ccedc2d3c6767a2096838f8b80d0519bb798f23e7229fec04ca0c6c4c96caf7d07983ca2aca8d77e86b4f2ed229 WHIRLPOOL ebbf728a67a6f67ce2d40ac72cc95e27e46133e522d70a0e6d91525df7af048d2d1dfbb3e9534e4871882f5fe01749e3f749662414f802569c2f40ac66450afa
+EBUILD qemu-2.9.0-r56.ebuild 24010 SHA256 4185ac27c271ca09d383907cf914c020ba5f9614d5c3901d12e82d4069e0090f SHA512 fab143169a3c25fcf7b2532ec10c651c8b1c1875ea8cb0daa4ae29e153c9609ebc75184df1584944eadb541db76e931ff121866dcde58f3e25e29ad9eadc0a24 WHIRLPOOL 44d3f1fc2f01e61287508580beeacc9c1e1c709b6d19347f69a33ea3202ad7e8dd035d3df948dec11b3a62564a23a41a5c5a1e6faa1e2bde5f31d0ec9c02eb9b
MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
deleted file mode 100644
index cea8efc..0000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-http://bugs.gentoo.org/597108
-https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
-
-From: Prasad J Pandit <address@hidden>
-
-The JAZZ RC4030 chipset emulator has a periodic timer and
-associated interval reload register. The reload value is used
-as divider when computing timer's next tick value. If reload
-value is large, it could lead to divide by zero error. Limit
-the interval reload value to avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/dma/rc4030.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
-index 2f2576f..c1b4997 100644
---- a/hw/dma/rc4030.c
-+++ b/hw/dma/rc4030.c
-@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
- break;
- /* Interval timer reload */
- case 0x0228:
-- s->itr = val;
-+ s->itr = val & 0x01FF;
- qemu_irq_lower(s->timer_irq);
- set_next_tick(s);
- break;
---
-2.5.5
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
deleted file mode 100644
index 466c819..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10028.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
-https://bugs.gentoo.org/603444
-
-From: P J P
-Subject: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
-Date: Wed, 14 Dec 2016 12:31:56 +0530
-From: Prasad J Pandit <address@hidden>
-
-Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
-command, retrieves the maximum capabilities size to fill in the
-response object. It continues to fill in capabilities even if
-retrieved 'max_size' is zero(0), thus resulting in OOB access.
-Add check to avoid it.
-
-Reported-by: Zhenhao Hong <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index 758d33a..6ceeba3 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
-
- virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
- &max_size);
-+ if (!max_size) {
-+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
-+ return;
-+ }
-+
- resp = g_malloc0(sizeof(*resp) + max_size);
--
- resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
- virgl_renderer_fill_caps(gc.capset_id,
- gc.capset_version,
---
-2.9.3
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
deleted file mode 100644
index c486295..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Mon, 28 Nov 2016 17:49:04 -0800
-Subject: [PATCH] watchdog: 6300esb: add exit function
-
-When the Intel 6300ESB watchdog is hot unplug. The timer allocated
-in realize isn't freed thus leaking memory leak. This patch avoid
-this through adding the exit function.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/watchdog/wdt_i6300esb.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
-index a83d951..49b3cd1 100644
---- a/hw/watchdog/wdt_i6300esb.c
-+++ b/hw/watchdog/wdt_i6300esb.c
-@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
- /* qemu_register_coalesced_mmio (addr, 0x10); ? */
- }
-
-+static void i6300esb_exit(PCIDevice *dev)
-+{
-+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
-+
-+ timer_del(d->timer);
-+ timer_free(d->timer);
-+}
-+
- static WatchdogTimerModel model = {
- .wdt_name = "i6300esb",
- .wdt_description = "Intel 6300ESB",
-@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
- k->config_read = i6300esb_config_read;
- k->config_write = i6300esb_config_write;
- k->realize = i6300esb_realize;
-+ k->exit = i6300esb_exit;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
- k->class_id = PCI_CLASS_SYSTEM_OTHER;
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
deleted file mode 100644
index 841de65..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9908.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
-https://bugs.gentoo.org/601826
-
-From: Li Qiang
-Subject: [Qemu-devel] [PATCH] virtio-gpu: fix information leak in capset get dispatch
-Date: Tue, 1 Nov 2016 05:37:57 -0700
-From: Li Qiang <address@hidden>
-
-In virgl_cmd_get_capset function, it uses g_malloc to allocate
-a response struct to the guest. As the 'resp'struct hasn't been full
-initialized it will lead the 'resp->padding' field to the guest.
-Use g_malloc0 to avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index 23f39de..d98b140 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
-
- virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
- &max_size);
-- resp = g_malloc(sizeof(*resp) + max_size);
-+ resp = g_malloc0(sizeof(*resp) + max_size);
-
- resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
- virgl_renderer_fill_caps(gc.capset_id,
---
-1.8.3.1
-
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
deleted file mode 100644
index 55963f7..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-9912.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
-https://bugs.gentoo.org/602630
-
-From: Li Qiang
-Subject: [Qemu-devel] [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
-Date: Mon, 28 Nov 2016 21:29:25 -0500
-If the guest destroy the resource before detach banking, the 'iov'
-and 'addrs' field in resource is not freed thus leading memory
-leak issue. This patch avoid this.
-
-Signed-off-by: Li Qiang <address@hidden>
----
- hw/display/virtio-gpu.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 60bce94..98dadf2 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -28,6 +28,8 @@
- static struct virtio_gpu_simple_resource*
- virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
-
-+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
-+
- #ifdef CONFIG_VIRGL
- #include <virglrenderer.h>
- #define VIRGL(_g, _virgl, _simple, ...) \
-@@ -358,6 +360,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
- struct virtio_gpu_simple_resource *res)
- {
- pixman_image_unref(res->image);
-+ virtio_gpu_cleanup_mapping(res);
- QTAILQ_REMOVE(&g->reslist, res, next);
- g_free(res);
- }
---
-1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
deleted file mode 100644
index 24411b4..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:30:21 -0800
-Subject: [PATCH] audio: ac97: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently the ac97 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/ac97.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
-index cbd959e..c306575 100644
---- a/hw/audio/ac97.c
-+++ b/hw/audio/ac97.c
-@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
- ac97_on_reset (&s->dev.qdev);
- }
-
-+static void ac97_exit(PCIDevice *dev)
-+{
-+ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
-+
-+ AUD_close_in(&s->card, s->voice_pi);
-+ AUD_close_out(&s->card, s->voice_po);
-+ AUD_close_in(&s->card, s->voice_mc);
-+ AUD_remove_card(&s->card);
-+}
-+
- static int ac97_init (PCIBus *bus)
- {
- pci_create_simple (bus, -1, "AC97");
-@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
-
- k->realize = ac97_realize;
-+ k->exit = ac97_exit;
- k->vendor_id = PCI_VENDOR_ID_INTEL;
- k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
- k->revision = 0x01;
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
deleted file mode 100644
index 6bbac58..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:32:22 -0800
-Subject: [PATCH] audio: es1370: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently the es1370 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/es1370.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
-index 8449b5f..883ec69 100644
---- a/hw/audio/es1370.c
-+++ b/hw/audio/es1370.c
-@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
- es1370_reset (s);
- }
-
-+static void es1370_exit(PCIDevice *dev)
-+{
-+ ES1370State *s = ES1370(dev);
-+ int i;
-+
-+ for (i = 0; i < 2; ++i) {
-+ AUD_close_out(&s->card, s->dac_voice[i]);
-+ }
-+
-+ AUD_close_in(&s->card, s->adc_voice);
-+ AUD_remove_card(&s->card);
-+}
-+
- static int es1370_init (PCIBus *bus)
- {
- pci_create_simple (bus, -1, TYPE_ES1370);
-@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
- PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
-
- k->realize = es1370_realize;
-+ k->exit = es1370_exit;
- k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
- k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
- k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
deleted file mode 100644
index 9475f3f..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 03:11:26 -0500
-Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the virgl_renderer_resource_attach_iov function fails the
-'res_iovs' will be leaked. Add check of the return value to
-free the 'res_iovs' when failing.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu-3d.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index e29f099..b13ced3 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
- return;
- }
-
-- virgl_renderer_resource_attach_iov(att_rb.resource_id,
-- res_iovs, att_rb.nr_entries);
-+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
-+ res_iovs, att_rb.nr_entries);
-+
-+ if (ret != 0)
-+ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
- }
-
- static void virgl_resource_detach_backing(VirtIOGPU *g,
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
deleted file mode 100644
index f93d1e7..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 04:28:41 -0500
-Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
-
-In the resource attach backing function, everytime it will
-allocate 'res->iov' thus can leading a memory leak. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 6a26258..ca88cf4 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
- return;
- }
-
-+ if (res->iov) {
-+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
-+ return;
-+ }
-+
- ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
- if (ret != 0) {
- cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
deleted file mode 100644
index e4572a8..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 4 Jan 2017 00:43:16 -0800
-Subject: [PATCH] serial: fix memory leak in serial exit
-
-The serial_exit_core function doesn't free some resources.
-This can lead memory leak when hotplug and unplug. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/char/serial.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/char/serial.c b/hw/char/serial.c
-index ffbacd8..67b18ed 100644
---- a/hw/char/serial.c
-+++ b/hw/char/serial.c
-@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
- void serial_exit_core(SerialState *s)
- {
- qemu_chr_fe_deinit(&s->chr);
-+
-+ timer_del(s->modem_status_poll);
-+ timer_free(s->modem_status_poll);
-+
-+ timer_del(s->fifo_timeout_timer);
-+ timer_free(s->fifo_timeout_timer);
-+
-+ fifo8_destroy(&s->recv_fifo);
-+ fifo8_destroy(&s->xmit_fifo);
-+
- qemu_unregister_reset(serial_reset, s);
- }
-
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
deleted file mode 100644
index 2ebd49f..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 2 Jan 2017 11:03:33 +0100
-Subject: [PATCH] megasas: fix guest-triggered memory leak
-
-If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
-will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
-Avoid this by returning only the status from map_dcmd, and loading
-cmd->iov_size in the caller.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 67fc1e7..6233865 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
- trace_megasas_dcmd_invalid_sge(cmd->index,
- cmd->frame->header.sge_count);
- cmd->iov_size = 0;
-- return -1;
-+ return -EINVAL;
- }
- iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
- iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
- pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
- qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
- cmd->iov_size = iov_size;
-- return cmd->iov_size;
-+ return 0;
- }
-
- static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
-@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
-
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- {
-- int opcode, len;
-+ int opcode;
- int retval = 0;
-+ size_t len;
- const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
-
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
- trace_megasas_handle_dcmd(cmd->index, opcode);
-- len = megasas_map_dcmd(s, cmd);
-- if (len < 0) {
-+ if (megasas_map_dcmd(s, cmd) < 0) {
- return MFI_STAT_MEMORY_NOT_AVAILABLE;
- }
- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
- cmdptr++;
- }
-+ len = cmd->iov_size;
- if (cmdptr->opcode == -1) {
- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
- retval = megasas_dcmd_dummy(s, cmd);
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
deleted file mode 100644
index 664a669..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
-backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
-we'll leak memory.
-
-This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
-"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
-
-Reported-by: 李强 <address@hidden>
-Signed-off-by: Gerd Hoffmann <address@hidden>
----
- hw/display/virtio-gpu-3d.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index f96a0c2..ecb09d1 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
- struct virtio_gpu_ctrl_command *cmd)
- {
- struct virtio_gpu_resource_unref unref;
-+ struct iovec *res_iovs = NULL;
-+ int num_iovs = 0;
-
- VIRTIO_GPU_FILL_CMD(unref);
- trace_virtio_gpu_cmd_res_unref(unref.resource_id);
-
-+ virgl_renderer_resource_detach_iov(unref.resource_id,
-+ &res_iovs,
-+ &num_iovs);
-+ if (res_iovs != NULL && num_iovs != 0) {
-+ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
-+ }
- virgl_renderer_resource_unref(unref.resource_id);
- }
-
---
-1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
deleted file mode 100644
index 9f94477..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 3 Feb 2017 00:52:28 +0530
-Subject: [PATCH] usb: ccid: check ccid apdu length
-
-CCID device emulator uses Application Protocol Data Units(APDU)
-to exchange command and responses to and from the host.
-The length in these units couldn't be greater than 65536. Add
-check to ensure the same. It'd also avoid potential integer
-overflow in emulated_apdu_from_guest.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170202192228.10847-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-smartcard-reader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
-index 89e11b6..1325ea1 100644
---- a/hw/usb/dev-smartcard-reader.c
-+++ b/hw/usb/dev-smartcard-reader.c
-@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
- DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
- recv->hdr.bSeq, len);
- ccid_add_pending_answer(s, (CCID_Header *)recv);
-- if (s->card) {
-+ if (s->card && len <= BULK_OUT_DATA_SIZE) {
- ccid_card_apdu_from_guest(s->card, recv->abData, len);
- } else {
- DPRINTF(s, D_WARN, "warning: discarded apdu\n");
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
deleted file mode 100644
index 50ff3c9..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5973.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-Limits should be big enough that normal guest should not hit it.
-Add a tracepoint to log them, just in case. Also, while being
-at it, log the existing link trb limit too.
-
-Reported-by: 李强 <address@hidden>
-Signed-off-by: Gerd Hoffmann <address@hidden>
----
- hw/usb/hcd-xhci.c | 15 ++++++++++++++-
- hw/usb/trace-events | 1 +
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index fbf8a8b..28dd2f2 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -51,6 +51,8 @@
- #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS)
-
- #define TRB_LINK_LIMIT 4
-+#define COMMAND_LIMIT 256
-+#define TRANSFER_LIMIT 256
-
- #define LEN_CAP 0x40
- #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
-@@ -943,6 +945,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
- return type;
- } else {
- if (++link_cnt > TRB_LINK_LIMIT) {
-+ trace_usb_xhci_enforced_limit("trb-link");
- return 0;
- }
- ring->dequeue = xhci_mask64(trb->parameter);
-@@ -2060,6 +2063,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
- XHCIRing *ring;
- USBEndpoint *ep = NULL;
- uint64_t mfindex;
-+ unsigned int count = 0;
- int length;
- int i;
-
-@@ -2172,6 +2176,10 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
- epctx->retry = xfer;
- break;
- }
-+ if (count++ > TRANSFER_LIMIT) {
-+ trace_usb_xhci_enforced_limit("transfers");
-+ break;
-+ }
- }
- epctx->kick_active--;
-
-@@ -2618,7 +2626,7 @@ static void xhci_process_commands(XHCIState *xhci)
- TRBType type;
- XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
- dma_addr_t addr;
-- unsigned int i, slotid = 0;
-+ unsigned int i, slotid = 0, count = 0;
-
- DPRINTF("xhci_process_commands()\n");
- if (!xhci_running(xhci)) {
-@@ -2735,6 +2743,11 @@ static void xhci_process_commands(XHCIState *xhci)
- }
- event.slotid = slotid;
- xhci_event(xhci, &event, 0);
-+
-+ if (count++ > COMMAND_LIMIT) {
-+ trace_usb_xhci_enforced_limit("commands");
-+ return;
-+ }
- }
- }
-
-diff --git a/hw/usb/trace-events b/hw/usb/trace-events
-index fdd1d29..0c323d4 100644
---- a/hw/usb/trace-events
-+++ b/hw/usb/trace-events
-@@ -174,6 +174,7 @@ usb_xhci_xfer_retry(void *xfer) "%p"
- usb_xhci_xfer_success(void *xfer, uint32_t bytes) "%p: len %d"
- usb_xhci_xfer_error(void *xfer, uint32_t ret) "%p: ret %d"
- usb_xhci_unimplemented(const char *item, int nr) "%s (0x%x)"
-+usb_xhci_enforced_limit(const char *item) "%s"
-
- # hw/usb/desc.c
- usb_desc_device(int addr, int len, int ret) "dev %d query device, len %d, ret %d"
---
-1.8.3.1
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
deleted file mode 100644
index bfde2e9..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5987.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-In the SDHCI protocol, the transfer mode register value
-is used during multi block transfer to check if block count
-register is enabled and should be updated. Transfer mode
-register could be set such that, block count register would
-not be updated, thus leading to an infinite loop. Add check
-to avoid it.
-
-Reported-by: Wjjzhang <address@hidden>
-Reported-by: Jiang Xin <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/sd/sdhci.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-Update: use qemu_log_mask(LOG_UNIMP, ...)
- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02354.html
-
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
-index 5bd5ab6..a9c744b 100644
---- a/hw/sd/sdhci.c
-+++ b/hw/sd/sdhci.c
-@@ -486,6 +486,11 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
- uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
- uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
-
-+ if (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || !s->blkcnt) {
-+ qemu_log_mask(LOG_UNIMP, "infinite transfer is not supported\n");
-+ return;
-+ }
-+
- /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
- * possible stop at page boundary if initial address is not page aligned,
- * allow them to work properly */
-@@ -797,11 +802,6 @@ static void sdhci_data_transfer(void *opaque)
- if (s->trnmod & SDHC_TRNS_DMA) {
- switch (SDHC_DMA_TYPE(s->hostctl)) {
- case SDHC_CTRL_SDMA:
-- if ((s->trnmod & SDHC_TRNS_MULTI) &&
-- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
-- break;
-- }
--
- if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
- sdhci_sdma_transfer_single_block(s);
- } else {
---
-2.9.3
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
deleted file mode 100644
index a15aa96..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-6505.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Tue, 7 Feb 2017 02:23:33 -0800
-Subject: [PATCH] usb: ohci: limit the number of link eds
-
-The guest may builds an infinite loop with link eds. This patch
-limit the number of linked ed to avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-id: 5899a02e.45ca240a.6c373.93c1@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-ohci.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
-index 2cba3e3..21c93e0 100644
---- a/hw/usb/hcd-ohci.c
-+++ b/hw/usb/hcd-ohci.c
-@@ -42,6 +42,8 @@
-
- #define OHCI_MAX_PORTS 15
-
-+#define ED_LINK_LIMIT 4
-+
- static int64_t usb_frame_time;
- static int64_t usb_bit_time;
-
-@@ -1184,7 +1186,7 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
- uint32_t next_ed;
- uint32_t cur;
- int active;
--
-+ uint32_t link_cnt = 0;
- active = 0;
-
- if (head == 0)
-@@ -1199,6 +1201,11 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
-
- next_ed = ed.next & OHCI_DPTR_MASK;
-
-+ if (++link_cnt > ED_LINK_LIMIT) {
-+ ohci_die(ohci);
-+ return 0;
-+ }
-+
- if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
- uint32_t addr;
- /* Cancel pending packets for ED that have been paused. */
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
deleted file mode 100644
index f2d317c..0000000
--- a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Mon, 27 Mar 2017 21:13:19 +0200
-Subject: [PATCH] 9pfs: fix file descriptor leak
-
-The v9fs_create() and v9fs_lcreate() functions are used to create a file
-on the backend and to associate it to a fid. The fid shouldn't be already
-in-use, otherwise both functions may silently leak a file descriptor or
-allocated memory. The current code doesn't check that.
-
-This patch ensures that the fid isn't already associated to anything
-before using it.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-(reworded the changelog, Greg Kurz)
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index b8c0b99..48babce 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
- err = -ENOENT;
- goto out_nofid;
- }
-+ if (fidp->fid_type != P9_FID_NONE) {
-+ err = -EINVAL;
-+ goto out;
-+ }
-
- flags = get_dotl_openflags(pdu->s, flags);
- err = v9fs_co_open2(pdu, fidp, &name, gid,
-@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
- err = -EINVAL;
- goto out_nofid;
- }
-+ if (fidp->fid_type != P9_FID_NONE) {
-+ err = -EINVAL;
-+ goto out;
-+ }
- if (perm & P9_STAT_MODE_DIR) {
- err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
- fidp->uid, -1, &stbuf);
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
deleted file mode 100644
index c5366f5..0000000
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-7471.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 9c6b899f7a46893ab3b671e341a2234e9c0c060e Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Mon, 17 Apr 2017 10:53:23 +0200
-Subject: [PATCH] 9pfs: local: set the path of the export root to "."
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The local backend was recently converted to using "at*()" syscalls in order
-to ensure all accesses happen below the shared directory. This requires that
-we only pass relative paths, otherwise the dirfd argument to the "at*()"
-syscalls is ignored and the path is treated as an absolute path in the host.
-This is actually the case for paths in all fids, with the notable exception
-of the root fid, whose path is "/". This causes the following backend ops to
-act on the "/" directory of the host instead of the virtfs shared directory
-when the export root is involved:
-- lstat
-- chmod
-- chown
-- utimensat
-
-ie, chmod /9p_mount_point in the guest will be converted to chmod / in the
-host for example. This could cause security issues with a privileged QEMU.
-
-All "*at()" syscalls are being passed an open file descriptor. In the case
-of the export root, this file descriptor points to the path in the host that
-was passed to -fsdev.
-
-The fix is thus as simple as changing the path of the export root fid to be
-"." instead of "/".
-
-This is CVE-2017-7471.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Léo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/9pfs/9p-local.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index 45e9a1f..f3ebca4 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -1098,8 +1098,13 @@ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
- {
- if (dir_path) {
- v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-- } else {
-+ } else if (strcmp(name, "/")) {
- v9fs_path_sprintf(target, "%s", name);
-+ } else {
-+ /* We want the path of the export root to be relative, otherwise
-+ * "*at()" syscalls would treat it as "/" in the host.
-+ */
-+ v9fs_path_sprintf(target, "%s", ".");
- }
- return 0;
- }
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch b/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
deleted file mode 100644
index eac72f3..0000000
--- a/app-emulation/qemu/files/qemu-2.8.1-CVE-2017-8086.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4ffcdef4277a91af15a3c09f7d16af072c29f3f2 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Fri, 7 Apr 2017 03:48:52 -0700
-Subject: [PATCH] 9pfs: xattr: fix memory leak in v9fs_list_xattr
-
-Free 'orig_value' in error path.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p-xattr.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c
-index eec160b..d05c1a1 100644
---- a/hw/9pfs/9p-xattr.c
-+++ b/hw/9pfs/9p-xattr.c
-@@ -108,6 +108,7 @@ ssize_t v9fs_list_xattr(FsContext *ctx, const char *path,
- g_free(name);
- close_preserve_errno(dirfd);
- if (xattr_len < 0) {
-+ g_free(orig_value);
- return -1;
- }
-
---
-2.10.2
-
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
new file mode 100644
index 0000000..7db0692
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
@@ -0,0 +1,47 @@
+From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
+From: Max Reitz <mreitz@redhat.com>
+Date: Sun, 11 Jun 2017 14:37:14 +0200
+Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
+
+qemu proper has done so for 13 years
+(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
+done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
+Ignoring this signal is especially important in qemu-nbd because
+otherwise a client can easily take down the qemu-nbd server by dropping
+the connection when the server wants to send something, for example:
+
+$ qemu-nbd -x foo -f raw -t null-co:// &
+[1] 12726
+$ qemu-io -c quit nbd://localhost/bar
+can't open device nbd://localhost/bar: No export with name 'bar' available
+[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co://
+
+In this case, the client sends an NBD_OPT_ABORT and closes the
+connection (because it is not required to wait for a reply), but the
+server replies with an NBD_REP_ACK (because it is required to reply).
+
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ qemu-nbd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 9464a0461c..4dd3fd4732 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+ sa_sigterm.sa_handler = termsig_handler;
+ sigaction(SIGTERM, &sa_sigterm, NULL);
+
++#ifdef CONFIG_POSIX
++ signal(SIGPIPE, SIG_IGN);
++#endif
++
+ module_call_init(MODULE_INIT_TRACE);
+ qcrypto_init(&error_fatal);
+
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
new file mode 100644
index 0000000..0074f5f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
@@ -0,0 +1,50 @@
+From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 May 2017 13:01:28 +0200
+Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Don't reinvent a broken wheel, just use the hexdump function we have.
+
+Impact: low, broken code doesn't run unless you have debug logging
+enabled.
+
+Reported-by: 李强 <liqiang6-s@360.cn>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20170509110128.27261-1-kraxel@redhat.com
+---
+ hw/usb/redirect.c | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index b001a27f05..ad5ef783a6 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+ const uint8_t *data, int len)
+ {
+- int i, j, n;
+-
+ if (dev->debug < usbredirparser_debug_data) {
+ return;
+ }
+-
+- for (i = 0; i < len; i += j) {
+- char buf[128];
+-
+- n = sprintf(buf, "%s", desc);
+- for (j = 0; j < 8 && i + j < len; j++) {
+- n += sprintf(buf + n, " %02X", data[i + j]);
+- }
+- error_report("%s", buf);
+- }
++ qemu_hexdump((char *)data, stderr, desc, len);
+ }
+
+ /*
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
new file mode 100644
index 0000000..bfe4c7d
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
@@ -0,0 +1,40 @@
+[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
+From: Prasad J Pandit <address@hidden>
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff8..ad103ce 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(buf, ptr, l);
+ }
+
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
new file mode 100644
index 0000000..5d32067
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
@@ -0,0 +1,29 @@
+[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
+From: Prasad J Pandit <address@hidden>
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c..5dd1a41 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+ if (p >= p_end)
+ break;
+ len = *p++;
++ if (p + len > p_end) {
++ break;
++ }
+ DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+
+ switch(tag) {
+--
+2.9.4
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
new file mode 100644
index 0000000..3af1697
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
@@ -0,0 +1,601 @@
+From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Date: Fri, 2 Jun 2017 18:01:41 +0300
+Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
+
+Functions nbd_negotiate_{read,write,drop_sync} were introduced in
+1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
+qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
+qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
+setting any handlers. But starting from ff82911cd nbd_rwv (was
+nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
+watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
+let's just use nbd_{read,write,drop} functions.
+
+Functions nbd_{read,write,drop} has errp parameter, which is unused in
+this patch. This will be fixed later.
+
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 107 ++++++++++++-----------------------------------------------
+ 1 file changed, 22 insertions(+), 85 deletions(-)
+
+diff --git a/nbd/client.c b/nbd/client.c
+index a58fb02..6b74a62 100644
+--- a/nbd/client.c
++++ b/nbd/client.c
+@@ -86,9 +86,9 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+
+ */
+
+-/* Discard length bytes from channel. Return -errno on failure, or
+- * the amount of bytes consumed. */
+-static ssize_t drop_sync(QIOChannel *ioc, size_t size)
++/* Discard length bytes from channel. Return -errno on failure and 0 on
++ * success*/
++static int drop_sync(QIOChannel *ioc, size_t size)
+ {
+ ssize_t ret = 0;
+ char small[1024];
+@@ -96,14 +96,13 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
+
+ buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
+ while (size > 0) {
+- ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
++ ssize_t count = MIN(65536, size);
++ ret = read_sync(ioc, buffer, MIN(65536, size));
+
+- if (count <= 0) {
++ if (ret < 0) {
+ goto cleanup;
+ }
+- assert(count <= size);
+ size -= count;
+- ret += count;
+ }
+
+ cleanup:
+@@ -136,12 +135,12 @@ static int nbd_send_option_request(QIOChannel *ioc, uint32_t opt,
+ stl_be_p(&req.option, opt);
+ stl_be_p(&req.length, len);
+
+- if (write_sync(ioc, &req, sizeof(req)) != sizeof(req)) {
++ if (write_sync(ioc, &req, sizeof(req)) < 0) {
+ error_setg(errp, "Failed to send option request header");
+ return -1;
+ }
+
+- if (len && write_sync(ioc, (char *) data, len) != len) {
++ if (len && write_sync(ioc, (char *) data, len) < 0) {
+ error_setg(errp, "Failed to send option request data");
+ return -1;
+ }
+@@ -170,7 +169,7 @@ static int nbd_receive_option_reply(QIOChannel *ioc, uint32_t opt,
+ nbd_opt_reply *reply, Error **errp)
+ {
+ QEMU_BUILD_BUG_ON(sizeof(*reply) != 20);
+- if (read_sync(ioc, reply, sizeof(*reply)) != sizeof(*reply)) {
++ if (read_sync(ioc, reply, sizeof(*reply)) < 0) {
+ error_setg(errp, "failed to read option reply");
+ nbd_send_opt_abort(ioc);
+ return -1;
+@@ -219,7 +218,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, nbd_opt_reply *reply,
+ goto cleanup;
+ }
+ msg = g_malloc(reply->length + 1);
+- if (read_sync(ioc, msg, reply->length) != reply->length) {
++ if (read_sync(ioc, msg, reply->length) < 0) {
+ error_setg(errp, "failed to read option error message");
+ goto cleanup;
+ }
+@@ -321,7 +320,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+ nbd_send_opt_abort(ioc);
+ return -1;
+ }
+- if (read_sync(ioc, &namelen, sizeof(namelen)) != sizeof(namelen)) {
++ if (read_sync(ioc, &namelen, sizeof(namelen)) < 0) {
+ error_setg(errp, "failed to read option name length");
+ nbd_send_opt_abort(ioc);
+ return -1;
+@@ -334,7 +333,7 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+ return -1;
+ }
+ if (namelen != strlen(want)) {
+- if (drop_sync(ioc, len) != len) {
++ if (drop_sync(ioc, len) < 0) {
+ error_setg(errp, "failed to skip export name with wrong length");
+ nbd_send_opt_abort(ioc);
+ return -1;
+@@ -343,14 +342,14 @@ static int nbd_receive_list(QIOChannel *ioc, const char *want, bool *match,
+ }
+
+ assert(namelen < sizeof(name));
+- if (read_sync(ioc, name, namelen) != namelen) {
++ if (read_sync(ioc, name, namelen) < 0) {
+ error_setg(errp, "failed to read export name");
+ nbd_send_opt_abort(ioc);
+ return -1;
+ }
+ name[namelen] = '\0';
+ len -= namelen;
+- if (drop_sync(ioc, len) != len) {
++ if (drop_sync(ioc, len) < 0) {
+ error_setg(errp, "failed to read export description");
+ nbd_send_opt_abort(ioc);
+ return -1;
+@@ -477,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ goto fail;
+ }
+
+- if (read_sync(ioc, buf, 8) != 8) {
++ if (read_sync(ioc, buf, 8) < 0) {
+ error_setg(errp, "Failed to read data");
+ goto fail;
+ }
+@@ -503,7 +502,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ goto fail;
+ }
+
+- if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
++ if (read_sync(ioc, &magic, sizeof(magic)) < 0) {
+ error_setg(errp, "Failed to read magic");
+ goto fail;
+ }
+@@ -515,8 +514,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ uint16_t globalflags;
+ bool fixedNewStyle = false;
+
+- if (read_sync(ioc, &globalflags, sizeof(globalflags)) !=
+- sizeof(globalflags)) {
++ if (read_sync(ioc, &globalflags, sizeof(globalflags)) < 0) {
+ error_setg(errp, "Failed to read server flags");
+ goto fail;
+ }
+@@ -534,8 +532,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ }
+ /* client requested flags */
+ clientflags = cpu_to_be32(clientflags);
+- if (write_sync(ioc, &clientflags, sizeof(clientflags)) !=
+- sizeof(clientflags)) {
++ if (write_sync(ioc, &clientflags, sizeof(clientflags)) < 0) {
+ error_setg(errp, "Failed to send clientflags field");
+ goto fail;
+ }
+@@ -573,13 +570,13 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ }
+
+ /* Read the response */
+- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
++ if (read_sync(ioc, &s, sizeof(s)) < 0) {
+ error_setg(errp, "Failed to read export length");
+ goto fail;
+ }
+ *size = be64_to_cpu(s);
+
+- if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) {
++ if (read_sync(ioc, flags, sizeof(*flags)) < 0) {
+ error_setg(errp, "Failed to read export flags");
+ goto fail;
+ }
+@@ -596,14 +593,14 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ goto fail;
+ }
+
+- if (read_sync(ioc, &s, sizeof(s)) != sizeof(s)) {
++ if (read_sync(ioc, &s, sizeof(s)) < 0) {
+ error_setg(errp, "Failed to read export length");
+ goto fail;
+ }
+ *size = be64_to_cpu(s);
+ TRACE("Size is %" PRIu64, *size);
+
+- if (read_sync(ioc, &oldflags, sizeof(oldflags)) != sizeof(oldflags)) {
++ if (read_sync(ioc, &oldflags, sizeof(oldflags)) < 0) {
+ error_setg(errp, "Failed to read export flags");
+ goto fail;
+ }
+@@ -619,7 +616,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
+ }
+
+ TRACE("Size is %" PRIu64 ", export flags %" PRIx16, *size, *flags);
+- if (zeroes && drop_sync(ioc, 124) != 124) {
++ if (zeroes && drop_sync(ioc, 124) < 0) {
+ error_setg(errp, "Failed to read reserved block");
+ goto fail;
+ }
+@@ -744,7 +741,6 @@ int nbd_disconnect(int fd)
+ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
+ {
+ uint8_t buf[NBD_REQUEST_SIZE];
+- ssize_t ret;
+
+ TRACE("Sending request to server: "
+ "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64
+@@ -759,16 +755,7 @@ ssize_t nbd_send_request(QIOChannel *ioc, NBDRequest *request)
+ stq_be_p(buf + 16, request->from);
+ stl_be_p(buf + 24, request->len);
+
+- ret = write_sync(ioc, buf, sizeof(buf));
+- if (ret < 0) {
+- return ret;
+- }
+-
+- if (ret != sizeof(buf)) {
+- LOG("writing to socket failed");
+- return -EINVAL;
+- }
+- return 0;
++ return write_sync(ioc, buf, sizeof(buf));
+ }
+
+ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
+@@ -777,7 +764,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
+ uint32_t magic;
+ ssize_t ret;
+
+- ret = read_sync(ioc, buf, sizeof(buf));
++ ret = read_sync_eof(ioc, buf, sizeof(buf));
+ if (ret <= 0) {
+ return ret;
+ }
+diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
+index f43d990..e6bbc7c 100644
+--- a/nbd/nbd-internal.h
++++ b/nbd/nbd-internal.h
+@@ -94,7 +94,13 @@
+ #define NBD_ENOSPC 28
+ #define NBD_ESHUTDOWN 108
+
+-static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
++/* read_sync_eof
++ * Tries to read @size bytes from @ioc. Returns number of bytes actually read.
++ * May return a value >= 0 and < size only on EOF, i.e. when iteratively called
++ * qio_channel_readv() returns 0. So, there are no needs to call read_sync_eof
++ * iteratively.
++ */
++static inline ssize_t read_sync_eof(QIOChannel *ioc, void *buffer, size_t size)
+ {
+ struct iovec iov = { .iov_base = buffer, .iov_len = size };
+ /* Sockets are kept in blocking mode in the negotiation phase. After
+@@ -105,12 +111,32 @@ static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
+ return nbd_wr_syncv(ioc, &iov, 1, size, true);
+ }
+
+-static inline ssize_t write_sync(QIOChannel *ioc, const void *buffer,
+- size_t size)
++/* read_sync
++ * Reads @size bytes from @ioc. Returns 0 on success.
++ */
++static inline int read_sync(QIOChannel *ioc, void *buffer, size_t size)
++{
++ ssize_t ret = read_sync_eof(ioc, buffer, size);
++
++ if (ret >= 0 && ret != size) {
++ ret = -EINVAL;
++ }
++
++ return ret < 0 ? ret : 0;
++}
++
++/* write_sync
++ * Writes @size bytes to @ioc. Returns 0 on success.
++ */
++static inline int write_sync(QIOChannel *ioc, const void *buffer, size_t size)
+ {
+ struct iovec iov = { .iov_base = (void *) buffer, .iov_len = size };
+
+- return nbd_wr_syncv(ioc, &iov, 1, size, false);
++ ssize_t ret = nbd_wr_syncv(ioc, &iov, 1, size, false);
++
++ assert(ret < 0 || ret == size);
++
++ return ret < 0 ? ret : 0;
+ }
+
+ struct NBDTLSHandshakeData {
+diff --git a/nbd/server.c b/nbd/server.c
+index 924a1fe..a1f106b 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -104,69 +104,6 @@ struct NBDClient {
+
+ static void nbd_client_receive_next_request(NBDClient *client);
+
+-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
+- GIOCondition condition,
+- void *opaque)
+-{
+- qemu_coroutine_enter(opaque);
+- return TRUE;
+-}
+-
+-static ssize_t nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
+-{
+- ssize_t ret;
+- guint watch;
+-
+- assert(qemu_in_coroutine());
+- /* Negotiation are always in main loop. */
+- watch = qio_channel_add_watch(ioc,
+- G_IO_IN,
+- nbd_negotiate_continue,
+- qemu_coroutine_self(),
+- NULL);
+- ret = read_sync(ioc, buffer, size);
+- g_source_remove(watch);
+- return ret;
+-
+-}
+-
+-static ssize_t nbd_negotiate_write(QIOChannel *ioc, const void *buffer,
+- size_t size)
+-{
+- ssize_t ret;
+- guint watch;
+-
+- assert(qemu_in_coroutine());
+- /* Negotiation are always in main loop. */
+- watch = qio_channel_add_watch(ioc,
+- G_IO_OUT,
+- nbd_negotiate_continue,
+- qemu_coroutine_self(),
+- NULL);
+- ret = write_sync(ioc, buffer, size);
+- g_source_remove(watch);
+- return ret;
+-}
+-
+-static ssize_t nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
+-{
+- ssize_t ret, dropped = size;
+- uint8_t *buffer = g_malloc(MIN(65536, size));
+-
+- while (size > 0) {
+- ret = nbd_negotiate_read(ioc, buffer, MIN(65536, size));
+- if (ret < 0) {
+- g_free(buffer);
+- return ret;
+- }
+-
+- assert(ret <= size);
+- size -= ret;
+- }
+-
+- g_free(buffer);
+- return dropped;
+-}
+
+ /* Basic flow for negotiation
+
+@@ -206,22 +143,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
+ type, opt, len);
+
+ magic = cpu_to_be64(NBD_REP_MAGIC);
+- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) {
++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
+ LOG("write failed (rep magic)");
+ return -EINVAL;
+ }
+ opt = cpu_to_be32(opt);
+- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) != sizeof(opt)) {
++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
+ LOG("write failed (rep opt)");
+ return -EINVAL;
+ }
+ type = cpu_to_be32(type);
+- if (nbd_negotiate_write(ioc, &type, sizeof(type)) != sizeof(type)) {
++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
+ LOG("write failed (rep type)");
+ return -EINVAL;
+ }
+ len = cpu_to_be32(len);
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+ LOG("write failed (rep data length)");
+ return -EINVAL;
+ }
+@@ -256,7 +193,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
+ if (ret < 0) {
+ goto out;
+ }
+- if (nbd_negotiate_write(ioc, msg, len) != len) {
++ if (nbd_write(ioc, msg, len, NULL) < 0) {
+ LOG("write failed (error message)");
+ ret = -EIO;
+ } else {
+@@ -287,15 +224,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
+ }
+
+ len = cpu_to_be32(name_len);
+- if (nbd_negotiate_write(ioc, &len, sizeof(len)) != sizeof(len)) {
++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
+ LOG("write failed (name length)");
+ return -EINVAL;
+ }
+- if (nbd_negotiate_write(ioc, name, name_len) != name_len) {
++ if (nbd_write(ioc, name, name_len, NULL) < 0) {
+ LOG("write failed (name buffer)");
+ return -EINVAL;
+ }
+- if (nbd_negotiate_write(ioc, desc, desc_len) != desc_len) {
++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
+ LOG("write failed (description buffer)");
+ return -EINVAL;
+ }
+@@ -309,7 +246,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
+ NBDExport *exp;
+
+ if (length) {
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ return nbd_negotiate_send_rep_err(client->ioc,
+@@ -340,7 +277,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
+ LOG("Bad length received");
+ goto fail;
+ }
+- if (nbd_negotiate_read(client->ioc, name, length) != length) {
++ if (nbd_read(client->ioc, name, length, NULL) < 0) {
+ LOG("read failed");
+ goto fail;
+ }
+@@ -373,7 +310,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+ TRACE("Setting up TLS");
+ ioc = client->ioc;
+ if (length) {
+- if (nbd_negotiate_drop_sync(ioc, length) != length) {
++ if (nbd_drop(ioc, length, NULL) < 0) {
+ return NULL;
+ }
+ nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
+@@ -437,8 +374,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ ... Rest of request
+ */
+
+- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) !=
+- sizeof(flags)) {
++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
+ LOG("read failed");
+ return -EIO;
+ }
+@@ -464,8 +400,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ uint32_t clientflags, length;
+ uint64_t magic;
+
+- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) !=
+- sizeof(magic)) {
++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
+ LOG("read failed");
+ return -EINVAL;
+ }
+@@ -475,15 +410,15 @@ static int nbd_negotiate_options(NBDClient *client)
+ return -EINVAL;
+ }
+
+- if (nbd_negotiate_read(client->ioc, &clientflags,
+- sizeof(clientflags)) != sizeof(clientflags)) {
++ if (nbd_read(client->ioc, &clientflags,
++ sizeof(clientflags), NULL) < 0)
++ {
+ LOG("read failed");
+ return -EINVAL;
+ }
+ clientflags = be32_to_cpu(clientflags);
+
+- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) !=
+- sizeof(length)) {
++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
+ LOG("read failed");
+ return -EINVAL;
+ }
+@@ -513,7 +448,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ return -EINVAL;
+
+ default:
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -551,7 +486,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ return nbd_negotiate_handle_export_name(client, length);
+
+ case NBD_OPT_STARTTLS:
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ if (client->tlscreds) {
+@@ -570,7 +505,7 @@ static int nbd_negotiate_options(NBDClient *client)
+ }
+ break;
+ default:
+- if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
++ if (nbd_drop(client->ioc, length, NULL) < 0) {
+ return -EIO;
+ }
+ ret = nbd_negotiate_send_rep_err(client->ioc,
+@@ -659,12 +594,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+ TRACE("TLS cannot be enabled with oldstyle protocol");
+ goto fail;
+ }
+- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) != sizeof(buf)) {
++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+ } else {
+- if (nbd_negotiate_write(client->ioc, buf, 18) != 18) {
++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+@@ -679,7 +614,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
+ stq_be_p(buf + 18, client->exp->size);
+ stw_be_p(buf + 26, client->exp->nbdflags | myflags);
+ len = client->no_zeroes ? 10 : sizeof(buf) - 18;
+- if (nbd_negotiate_write(client->ioc, buf + 18, len) != len) {
++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
+ LOG("write failed");
+ goto fail;
+ }
+@@ -702,11 +637,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
+ return ret;
+ }
+
+- if (ret != sizeof(buf)) {
+- LOG("read failed");
+- return -EINVAL;
+- }
+-
+ /* Request
+ [ 0 .. 3] magic (NBD_REQUEST_MAGIC)
+ [ 4 .. 5] flags (NBD_CMD_FLAG_FUA, ...)
+@@ -737,7 +667,6 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, NBDRequest *request)
+ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
+ {
+ uint8_t buf[NBD_REPLY_SIZE];
+- ssize_t ret;
+
+ reply->error = system_errno_to_nbd_errno(reply->error);
+
+@@ -754,16 +683,7 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply *reply)
+ stl_be_p(buf + 4, reply->error);
+ stq_be_p(buf + 8, reply->handle);
+
+- ret = write_sync(ioc, buf, sizeof(buf));
+- if (ret < 0) {
+- return ret;
+- }
+-
+- if (ret != sizeof(buf)) {
+- LOG("writing to socket failed");
+- return -EINVAL;
+- }
+- return 0;
++ return write_sync(ioc, buf, sizeof(buf));
+ }
+
+ #define MAX_NBD_REQUESTS 16
+@@ -1067,7 +987,7 @@ static ssize_t nbd_co_send_reply(NBDRequestData *req, NBDReply *reply,
+ rc = nbd_send_reply(client->ioc, reply);
+ if (rc >= 0) {
+ ret = write_sync(client->ioc, req->data, len);
+- if (ret != len) {
++ if (ret < 0) {
+ rc = -EIO;
+ }
+ }
+@@ -1141,7 +1061,7 @@ static ssize_t nbd_co_receive_request(NBDRequestData *req,
+ if (request->type == NBD_CMD_WRITE) {
+ TRACE("Reading %" PRIu32 " byte(s)", request->len);
+
+- if (read_sync(client->ioc, req->data, request->len) != request->len) {
++ if (read_sync(client->ioc, req->data, request->len) < 0) {
+ LOG("reading from socket failed");
+ rc = -EIO;
+ goto out;
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
new file mode 100644
index 0000000..01c81d1
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
@@ -0,0 +1,122 @@
+From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:26:14 +0200
+Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
+
+This ensures that the request is unref'ed properly, and avoids a
+segmentation fault in the new qtest testcase that is added.
+This is CVE-2017-9503.
+
+Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 31 ++++++++++++++++---------------
+ 2 files changed, 51 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 135662df31..734fdaef90 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
+ static void megasas_abort_command(MegasasCmd *cmd)
+ {
+ /* Never abort internal commands. */
++ if (cmd->dcmd_opcode != -1) {
++ return;
++ }
+ if (cmd->req != NULL) {
+ scsi_req_cancel(cmd->req);
+ }
+@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ uint64_t pd_size;
+ uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+ uint8_t cmdbuf[6];
+- SCSIRequest *req;
+ size_t len, resid;
+
+ if (!cmd->iov_buf) {
+@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
+ info->vpd_page83[0] = 0x7f;
+ megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info std inquiry");
+ g_free(cmd->iov_buf);
+@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info std inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
+ megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
+- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "PD get info vpd inquiry");
+ return MFI_STAT_FLASH_ALLOC_FAIL;
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "PD get info vpd inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ struct mfi_ld_info *info = cmd->iov_buf;
+ size_t dcmd_size = sizeof(struct mfi_ld_info);
+ uint8_t cdb[6];
+- SCSIRequest *req;
+ ssize_t len, resid;
+ uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
+ uint64_t ld_size;
+@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ cmd->iov_buf = g_malloc0(dcmd_size);
+ info = cmd->iov_buf;
+ megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
+- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+- if (!req) {
++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
++ if (!cmd->req) {
+ trace_megasas_dcmd_req_alloc_failed(cmd->index,
+ "LD get info vpd inquiry");
+ g_free(cmd->iov_buf);
+@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+ }
+ trace_megasas_dcmd_internal_submit(cmd->index,
+ "LD get info vpd inquiry", lun);
+- len = scsi_req_enqueue(req);
++ len = scsi_req_enqueue(cmd->req);
+ if (len > 0) {
+ cmd->iov_size = len;
+- scsi_req_continue(req);
++ scsi_req_continue(cmd->req);
+ }
+ return MFI_STAT_INVALID_STATUS;
+ }
+@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
+ return;
+ }
+
+- if (cmd->req == NULL) {
++ if (cmd->dcmd_opcode != -1) {
+ /*
+ * Internal command complete
+ */
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
new file mode 100644
index 0000000..74725a9
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
@@ -0,0 +1,114 @@
+From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 1 Jun 2017 17:18:23 +0200
+Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
+
+Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 25 +++++++++++--------------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index c353118882..a3f75c1650 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
+
+ hwaddr pa;
+ hwaddr pa_size;
++ uint32_t dcmd_opcode;
+ union mfi_frame *frame;
+ SCSIRequest *req;
+ QEMUSGList qsg;
+@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
+ cmd->context &= (uint64_t)0xFFFFFFFF;
+ }
+ cmd->count = count;
++ cmd->dcmd_opcode = -1;
+ s->busy++;
+
+ if (s->consumer_pa) {
+@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
+
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+- int opcode;
+ int retval = 0;
+ size_t len;
+ const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- trace_megasas_handle_dcmd(cmd->index, opcode);
++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
+ if (megasas_map_dcmd(s, cmd) < 0) {
+ return MFI_STAT_MEMORY_NOT_AVAILABLE;
+ }
+- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
+ cmdptr++;
+ }
+ len = cmd->iov_size;
+ if (cmdptr->opcode == -1) {
+- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
+ retval = megasas_dcmd_dummy(s, cmd);
+ } else {
+ trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
+@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+ SCSIRequest *req)
+ {
+- int opcode;
+ int retval = MFI_STAT_OK;
+ int lun = req->lun;
+
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
+- switch (opcode) {
++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
++ switch (cmd->dcmd_opcode) {
+ case MFI_DCMD_PD_GET_INFO:
+ retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+ break;
+@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
+ retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+ break;
+ default:
+- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
+ retval = MFI_STAT_INVALID_DCMD;
+ break;
+ }
+@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ {
+ MegasasCmd *cmd = req->hba_private;
+ uint8_t *buf;
+- uint32_t opcode;
+
+ trace_megasas_io_complete(cmd->index, len);
+
+@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ }
+
+ buf = scsi_req_get_buf(req);
+- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
+ struct mfi_pd_info *info = cmd->iov_buf;
+
+ if (info->inquiry_data[0] == 0x7f) {
+@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+ memcpy(info->vpd_page83, buf, len);
+ }
+ scsi_req_continue(req);
+- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
+ struct mfi_ld_info *info = cmd->iov_buf;
+
+ if (cmd->iov_buf) {
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
new file mode 100644
index 0000000..9d77193
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
@@ -0,0 +1,80 @@
+From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 26 May 2017 22:04:21 -0500
+Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
+
+If a non-NBD client connects to qemu-nbd, we would end up with
+a SIGSEGV in nbd_client_put() because we were trying to
+unregister the client's association to the export, even though
+we skipped inserting the client into that list. Easy trigger
+in two terminals:
+
+$ qemu-nbd -p 30001 --format=raw file
+$ nmap 127.0.0.1 -p 30001
+
+nmap claims that it thinks it connected to a pago-services1
+server (which probably means nmap could be updated to learn the
+NBD protocol and give a more accurate diagnosis of the open
+port - but that's not our problem), then terminates immediately,
+so our call to nbd_negotiate() fails. The fix is to reorder
+nbd_co_client_start() to ensure that all initialization occurs
+before we ever try talking to a client in nbd_negotiate(), so
+that the teardown sequence on negotiation failure doesn't fault
+while dereferencing a half-initialized object.
+
+While debugging this, I also noticed that nbd_update_server_watch()
+called by nbd_client_closed() was still adding a channel to accept
+the next client, even when the state was no longer RUNNING. That
+is fixed by making nbd_can_accept() pay attention to the current
+state.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170527030421.28366-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ nbd/server.c | 8 +++-----
+ qemu-nbd.c | 2 +-
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index ee59e5d234..49b55f6ede 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+
+ if (exp) {
+ nbd_export_get(exp);
++ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+ }
++ qemu_co_mutex_init(&client->send_lock);
++
+ if (nbd_negotiate(data)) {
+ client_close(client);
+ goto out;
+ }
+- qemu_co_mutex_init(&client->send_lock);
+-
+- if (exp) {
+- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
+- }
+
+ nbd_client_receive_next_request(client);
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index f60842fd86..651f85ecc1 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -325,7 +325,7 @@ out:
+
+ static int nbd_can_accept(void)
+ {
+- return nb_fds < shared;
++ return state == RUNNING && nb_fds < shared;
+ }
+
+ static void nbd_export_closed(NBDExport *exp)
+--
+2.13.0
+
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
new file mode 100644
index 0000000..e6934b3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
@@ -0,0 +1,197 @@
+From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 8 Jun 2017 17:26:17 -0500
+Subject: [PATCH] nbd: Fix regression on resiliency to port scan
+
+Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
+server would not quit, regardless of how many probe connections
+came and went, until a connection actually negotiated). But we
+broke that in commit ee7d7aa when removing the return value to
+nbd_client_new(), although that patch also introduced a bug causing
+an assertion failure on a client that fails negotiation. We then
+made it worse during refactoring in commit 1a6245a (a segfault
+before we could even assert); the (masked) assertion was cleaned
+up in d3780c2 (still in 2.6), and just recently we finally fixed
+the segfault ("nbd: Fully intialize client in case of failed
+negotiation"). But that still means that ever since we added
+TLS support to qemu-nbd, we have been vulnerable to an ill-timed
+port-scan being able to cause a denial of service by taking down
+qemu-nbd before a real client has a chance to connect.
+
+Since negotiation is now handled asynchronously via coroutines,
+we no longer have a synchronous point of return by re-adding a
+return value to nbd_client_new(). So this patch instead wires
+things up to pass the negotiation status through the close_fn
+callback function.
+
+Simple test across two terminals:
+$ qemu-nbd -f raw -p 30001 file
+$ nmap 127.0.0.1 -p 30001 && \
+ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
+
+Note that this patch does not change what constitutes successful
+negotiation (thus, a client must enter transmission phase before
+that client can be considered as a reason to terminate the server
+when the connection ends). Perhaps we may want to tweak things
+in a later patch to also treat a client that uses NBD_OPT_ABORT
+as being a 'successful' negotiation (the client correctly talked
+the NBD protocol, and informed us it was not going to use our
+export after all), but that's a discussion for another day.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
+
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20170608222617.20376-1-eblake@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ blockdev-nbd.c | 6 +++++-
+ include/block/nbd.h | 2 +-
+ nbd/server.c | 24 +++++++++++++++---------
+ qemu-nbd.c | 4 ++--
+ 4 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/blockdev-nbd.c b/blockdev-nbd.c
+index dd0860f4a6..28f551a7b0 100644
+--- a/blockdev-nbd.c
++++ b/blockdev-nbd.c
+@@ -27,6 +27,10 @@ typedef struct NBDServerData {
+
+ static NBDServerData *nbd_server;
+
++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
++{
++ nbd_client_put(client);
++}
+
+ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+ gpointer opaque)
+@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
+ qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
+ nbd_client_new(NULL, cioc,
+ nbd_server->tlscreds, NULL,
+- nbd_client_put);
++ nbd_blockdev_client_closed);
+ object_unref(OBJECT(cioc));
+ return TRUE;
+ }
+diff --git a/include/block/nbd.h b/include/block/nbd.h
+index 416257abca..8fa5ce51f3 100644
+--- a/include/block/nbd.h
++++ b/include/block/nbd.h
+@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
+ QIOChannelSocket *sioc,
+ QCryptoTLSCreds *tlscreds,
+ const char *tlsaclname,
+- void (*close)(NBDClient *));
++ void (*close_fn)(NBDClient *, bool));
+ void nbd_client_get(NBDClient *client);
+ void nbd_client_put(NBDClient *client);
+
+diff --git a/nbd/server.c b/nbd/server.c
+index 49b55f6ede..f2b1aa47ce 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
+
+ struct NBDClient {
+ int refcount;
+- void (*close)(NBDClient *client);
++ void (*close_fn)(NBDClient *client, bool negotiated);
+
+ bool no_zeroes;
+ NBDExport *exp;
+@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
+ }
+ }
+
+-static void client_close(NBDClient *client)
++static void client_close(NBDClient *client, bool negotiated)
+ {
+ if (client->closing) {
+ return;
+@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
+ NULL);
+
+ /* Also tell the client, so that they release their reference. */
+- if (client->close) {
+- client->close(client);
++ if (client->close_fn) {
++ client->close_fn(client, negotiated);
+ }
+ }
+
+@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
+
+ nbd_export_get(exp);
+ QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
+- client_close(client);
++ client_close(client, true);
+ }
+ nbd_export_set_name(exp, NULL);
+ nbd_export_set_description(exp, NULL);
+@@ -1337,7 +1337,7 @@ done:
+
+ out:
+ nbd_request_put(req);
+- client_close(client);
++ client_close(client, true);
+ nbd_client_put(client);
+ }
+
+@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
+ qemu_co_mutex_init(&client->send_lock);
+
+ if (nbd_negotiate(data)) {
+- client_close(client);
++ client_close(client, false);
+ goto out;
+ }
+
+@@ -1373,11 +1373,17 @@ out:
+ g_free(data);
+ }
+
++/*
++ * Create a new client listener on the given export @exp, using the
++ * given channel @sioc. Begin servicing it in a coroutine. When the
++ * connection closes, call @close_fn with an indication of whether the
++ * client completed negotiation.
++ */
+ void nbd_client_new(NBDExport *exp,
+ QIOChannelSocket *sioc,
+ QCryptoTLSCreds *tlscreds,
+ const char *tlsaclname,
+- void (*close_fn)(NBDClient *))
++ void (*close_fn)(NBDClient *, bool))
+ {
+ NBDClient *client;
+ NBDClientNewData *data = g_new(NBDClientNewData, 1);
+@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
+ object_ref(OBJECT(client->sioc));
+ client->ioc = QIO_CHANNEL(sioc);
+ object_ref(OBJECT(client->ioc));
+- client->close = close_fn;
++ client->close_fn = close_fn;
+
+ data->client = client;
+ data->co = qemu_coroutine_create(nbd_co_client_start, data);
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 651f85ecc1..9464a0461c 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
+
+ static void nbd_update_server_watch(void);
+
+-static void nbd_client_closed(NBDClient *client)
++static void nbd_client_closed(NBDClient *client, bool negotiated)
+ {
+ nb_fds--;
+- if (nb_fds == 0 && !persistent && state == RUNNING) {
++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
+ state = TERMINATE;
+ }
+ nbd_update_server_watch();
+--
+2.13.0
+
diff --git a/app-emulation/qemu/qemu-2.8.1-r2.ebuild b/app-emulation/qemu/qemu-2.8.1-r2.ebuild
deleted file mode 100644
index ff24476..0000000
--- a/app-emulation/qemu/qemu-2.8.1-r2.ebuild
+++ /dev/null
@@ -1,770 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="ncurses,readline"
-
-PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
-
-inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
- user udev fcaps readme.gentoo-r1 pax-utils l10n
-
-if [[ ${PV} = *9999* ]]; then
- EGIT_REPO_URI="git://git.qemu.org/qemu.git"
- inherit git-r3
- SRC_URI=""
-else
- SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
- KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
-fi
-
-DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
-HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
-
-LICENSE="GPL-2 LGPL-2 BSD-2"
-SLOT="0"
-IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
- glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
- kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
- pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
- spice ssh static static-user systemtap tci test usb usbredir vde
- +vhost-net virgl virtfs +vnc vte xattr xen xfs"
-
-COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
- mips mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc
- sparc64 x86_64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
- lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
-IUSE_USER_TARGETS="${COMMON_TARGETS}
- armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
-
-use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
-use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
-IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
-
-# Allow no targets to be built so that people can get a tools-only build.
-# Block USE flag configurations known to not work.
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
- gtk2? ( gtk )
- qemu_softmmu_targets_arm? ( fdt )
- qemu_softmmu_targets_microblaze? ( fdt )
- qemu_softmmu_targets_ppc? ( fdt )
- qemu_softmmu_targets_ppc64? ( fdt )
- sdl2? ( sdl )
- static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
- virtfs? ( xattr )
- vte? ( gtk )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# and user/softmmu targets (qemu-*, qemu-system-*).
-#
-# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
-#
-# The attr lib isn't always linked in (although the USE flag is always
-# respected). This is because qemu supports using the C library's API
-# when available rather than always using the extranl library.
-ALL_DEPEND="
- >=dev-libs/glib-2.0[static-libs(+)]
- sys-libs/zlib[static-libs(+)]
- python? ( ${PYTHON_DEPS} )
- systemtap? ( dev-util/systemtap )
- xattr? ( sys-apps/attr[static-libs(+)] )"
-
-# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
-# softmmu targets (qemu-system-*).
-SOFTMMU_TOOLS_DEPEND="
- >=x11-libs/pixman-0.28.0[static-libs(+)]
- accessibility? (
- app-accessibility/brltty[api]
- app-accessibility/brltty[static-libs(+)]
- )
- aio? ( dev-libs/libaio[static-libs(+)] )
- alsa? ( >=media-libs/alsa-lib-1.0.13 )
- bluetooth? ( net-wireless/bluez )
- bzip2? ( app-arch/bzip2[static-libs(+)] )
- caps? ( sys-libs/libcap-ng[static-libs(+)] )
- curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
- fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
- glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
- gnutls? (
- dev-libs/nettle:=[static-libs(+)]
- >=net-libs/gnutls-3.0:=[static-libs(+)]
- )
- gtk? (
- gtk2? (
- x11-libs/gtk+:2
- vte? ( x11-libs/vte:0 )
- )
- !gtk2? (
- x11-libs/gtk+:3
- vte? ( x11-libs/vte:2.91 )
- )
- )
- infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
- iscsi? ( net-libs/libiscsi )
- jpeg? ( virtual/jpeg:0=[static-libs(+)] )
- lzo? ( dev-libs/lzo:2[static-libs(+)] )
- ncurses? (
- sys-libs/ncurses:0=[unicode]
- sys-libs/ncurses:0=[static-libs(+)]
- )
- nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
- numa? ( sys-process/numactl[static-libs(+)] )
- opengl? (
- virtual/opengl
- media-libs/libepoxy[static-libs(+)]
- media-libs/mesa[static-libs(+)]
- media-libs/mesa[egl,gbm]
- )
- png? ( media-libs/libpng:0=[static-libs(+)] )
- pulseaudio? ( media-sound/pulseaudio )
- rbd? ( sys-cluster/ceph[static-libs(+)] )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
- sdl? (
- !sdl2? (
- media-libs/libsdl[X]
- >=media-libs/libsdl-1.2.11[static-libs(+)]
- )
- sdl2? (
- media-libs/libsdl2[X]
- media-libs/libsdl2[static-libs(+)]
- )
- )
- seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
- smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
- snappy? ( app-arch/snappy[static-libs(+)] )
- spice? (
- >=app-emulation/spice-protocol-0.12.3
- >=app-emulation/spice-0.12.0[static-libs(+)]
- )
- ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
- usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
- usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
- vde? ( net-misc/vde[static-libs(+)] )
- virgl? ( media-libs/virglrenderer[static-libs(+)] )
- virtfs? ( sys-libs/libcap )
- xen? ( app-emulation/xen-tools:= )
- xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
-
-X86_FIRMWARE_DEPEND="
- >=sys-firmware/ipxe-1.0.0_p20130624
- pin-upstream-blobs? (
- ~sys-firmware/seabios-1.10.1
- ~sys-firmware/sgabios-0.1_pre8
- ~sys-firmware/vgabios-0.7a
- )
- !pin-upstream-blobs? (
- sys-firmware/seabios
- sys-firmware/sgabios
- sys-firmware/vgabios
- )"
-
-CDEPEND="
- !static? (
- ${ALL_DEPEND//\[static-libs(+)]}
- ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
- )
- qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
- qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
-DEPEND="${CDEPEND}
- dev-lang/perl
- =dev-lang/python-2*
- sys-apps/texinfo
- virtual/pkgconfig
- kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
- gtk? ( nls? ( sys-devel/gettext ) )
- static? (
- ${ALL_DEPEND}
- ${SOFTMMU_TOOLS_DEPEND}
- )
- static-user? ( ${ALL_DEPEND} )
- test? (
- dev-libs/glib[utils]
- sys-devel/bc
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-qemu )"
-
-PATCHES=(
- # musl patches
- "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
- "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
- "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
-
- # gentoo patches
- "${FILESDIR}"/${PN}-2.5.0-cflags.patch
- "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
- "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
- "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
- "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
- "${FILESDIR}"/${PN}-2.8.1-CVE-2017-7471.patch #616484
- "${FILESDIR}"/${PN}-2.8.1-CVE-2017-8086.patch #616460
-)
-
-STRIP_MASK="/usr/share/qemu/palcode-clipper"
-
-QA_PREBUILT="
- usr/share/qemu/openbios-ppc
- usr/share/qemu/openbios-sparc64
- usr/share/qemu/openbios-sparc32
- usr/share/qemu/palcode-clipper
- usr/share/qemu/s390-ccw.img
- usr/share/qemu/u-boot.e500"
-
-QA_WX_LOAD="usr/bin/qemu-i386
- usr/bin/qemu-x86_64
- usr/bin/qemu-alpha
- usr/bin/qemu-arm
- usr/bin/qemu-cris
- usr/bin/qemu-m68k
- usr/bin/qemu-microblaze
- usr/bin/qemu-microblazeel
- usr/bin/qemu-mips
- usr/bin/qemu-mipsel
- usr/bin/qemu-or32
- usr/bin/qemu-ppc
- usr/bin/qemu-ppc64
- usr/bin/qemu-ppc64abi32
- usr/bin/qemu-sh4
- usr/bin/qemu-sh4eb
- usr/bin/qemu-sparc
- usr/bin/qemu-sparc64
- usr/bin/qemu-armeb
- usr/bin/qemu-sparc32plus
- usr/bin/qemu-s390x
- usr/bin/qemu-unicore32"
-
-DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
-kernel module loaded before running kvm. The easiest way to ensure that the
-kernel module is loaded is to load it on boot.
- For AMD CPUs the module is called 'kvm-amd'.
- For Intel CPUs the module is called 'kvm-intel'.
-Please review /etc/conf.d/modules for how to load these.
-
-Make sure your user is in the 'kvm' group. Just run
- $ gpasswd -a <USER> kvm
-then have <USER> re-login.
-
-For brand new installs, the default permissions on /dev/kvm might not let
-you access it. You can tell udev to reset ownership/perms:
- $ udevadm trigger -c add /dev/kvm
-
-If you want to register binfmt handlers for qemu user targets:
-For openrc:
- # rc-update add qemu-binfmt
-For systemd:
- # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
-
-pkg_pretend() {
- if use kernel_linux && kernel_is lt 2 6 25; then
- eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
- elif use kernel_linux; then
- if ! linux_config_exists; then
- eerror "Unable to check your kernel for KVM support"
- else
- CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
- ERROR_KVM="You must enable KVM in your kernel to continue"
- ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
- ERROR_KVM_AMD+=" your kernel configuration."
- ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
- ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
- ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
- ERROR_TUN+=" into your kernel or loaded as a module to use the"
- ERROR_TUN+=" virtual network device if using -net tap."
- ERROR_BRIDGE="You will also need support for 802.1d"
- ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
- use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
- ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
- ERROR_VHOST_NET+=" support"
-
- if use amd64 || use x86 || use amd64-linux || use x86-linux; then
- CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
- fi
-
- use python && CONFIG_CHECK+=" ~DEBUG_FS"
- ERROR_DEBUG_FS="debugFS support required for kvm_stat"
-
- # Now do the actual checks setup above
- check_extra_config
- fi
- fi
-
- if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
- eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
- eerror "instances are still pointing to it. Please update your"
- eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
- eerror "and the right system binary (e.g. qemu-system-x86_64)."
- die "update your virt configs to not use qemu-kvm"
- fi
-}
-
-pkg_setup() {
- enewgroup kvm 78
-}
-
-# Sanity check to make sure target lists are kept up-to-date.
-check_targets() {
- local var=$1 mak=$2
- local detected sorted
-
- pushd "${S}"/default-configs >/dev/null || die
-
- # Force C locale until glibc is updated. #564936
- detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
- sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
- if [[ ${sorted} != "${detected}" ]] ; then
- eerror "The ebuild needs to be kept in sync."
- eerror "${var}: ${sorted}"
- eerror "$(printf '%-*s' ${#var} configure): ${detected}"
- die "sync ${var} to the list of targets"
- fi
-
- popd >/dev/null
-}
-
-handle_locales() {
- # Make sure locale list is kept up-to-date.
- local detected sorted
- detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
- sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
- if [[ ${sorted} != "${detected}" ]] ; then
- eerror "The ebuild needs to be kept in sync."
- eerror "PLOCALES: ${sorted}"
- eerror " po/*.po: ${detected}"
- die "sync PLOCALES"
- fi
-
- # Deal with selective install of locales.
- if use nls ; then
- # Delete locales the user does not want. #577814
- rm_loc() { rm po/$1.po || die; }
- l10n_for_each_disabled_locale_do rm_loc
- else
- # Cheap hack to disable gettext .mo generation.
- rm -f po/*.po
- fi
-}
-
-src_prepare() {
- check_targets IUSE_SOFTMMU_TARGETS softmmu
- check_targets IUSE_USER_TARGETS linux-user
-
- # Alter target makefiles to accept CFLAGS set via flag-o
- sed -i -r \
- -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
- Makefile Makefile.target || die
-
- default
-
- # Fix ld and objcopy being called directly
- tc-export AR LD OBJCOPY
-
- # Verbose builds
- MAKEOPTS+=" V=1"
-
- # Run after we've applied all patches.
- handle_locales
-}
-
-##
-# configures qemu based on the build directory and the build type
-# we are using.
-#
-qemu_src_configure() {
- debug-print-function ${FUNCNAME} "$@"
-
- local buildtype=$1
- local builddir="${S}/${buildtype}-build"
-
- mkdir "${builddir}"
-
- local conf_opts=(
- --prefix=/usr
- --sysconfdir=/etc
- --libdir=/usr/$(get_libdir)
- --docdir=/usr/share/doc/${PF}/html
- --disable-bsd-user
- --disable-guest-agent
- --disable-strip
- --disable-werror
- # We support gnutls/nettle for crypto operations. It is possible
- # to use gcrypt when gnutls/nettle are disabled (but not when they
- # are enabled), but it's not really worth the hassle. Disable it
- # all the time to avoid automatically detecting it. #568856
- --disable-gcrypt
- --python="${PYTHON}"
- --cc="$(tc-getCC)"
- --cxx="$(tc-getCXX)"
- --host-cc="$(tc-getBUILD_CC)"
- $(use_enable debug debug-info)
- $(use_enable debug debug-tcg)
- --enable-docs
- $(use_enable tci tcg-interpreter)
- $(use_enable xattr attr)
- )
-
- # Disable options not used by user targets. This simplifies building
- # static user targets (USE=static-user) considerably.
- conf_notuser() {
- if [[ ${buildtype} == "user" ]] ; then
- echo "--disable-${2:-$1}"
- else
- use_enable "$@"
- fi
- }
- conf_opts+=(
- $(conf_notuser accessibility brlapi)
- $(conf_notuser aio linux-aio)
- $(conf_notuser bzip2)
- $(conf_notuser bluetooth bluez)
- $(conf_notuser caps cap-ng)
- $(conf_notuser curl)
- $(conf_notuser fdt)
- $(conf_notuser glusterfs)
- $(conf_notuser gnutls)
- $(conf_notuser gnutls nettle)
- $(conf_notuser gtk)
- $(conf_notuser infiniband rdma)
- $(conf_notuser iscsi libiscsi)
- $(conf_notuser jpeg vnc-jpeg)
- $(conf_notuser kernel_linux kvm)
- $(conf_notuser lzo)
- $(conf_notuser ncurses curses)
- $(conf_notuser nfs libnfs)
- $(conf_notuser numa)
- $(conf_notuser opengl)
- $(conf_notuser png vnc-png)
- $(conf_notuser rbd)
- $(conf_notuser sasl vnc-sasl)
- $(conf_notuser sdl)
- $(conf_notuser seccomp)
- $(conf_notuser smartcard)
- $(conf_notuser snappy)
- $(conf_notuser spice)
- $(conf_notuser ssh libssh2)
- $(conf_notuser usb libusb)
- $(conf_notuser usbredir usb-redir)
- $(conf_notuser vde)
- $(conf_notuser vhost-net)
- $(conf_notuser virgl virglrenderer)
- $(conf_notuser virtfs)
- $(conf_notuser vnc)
- $(conf_notuser vte)
- $(conf_notuser xen)
- $(conf_notuser xen xen-pci-passthrough)
- $(conf_notuser xfs xfsctl)
- )
-
- if [[ ! ${buildtype} == "user" ]] ; then
- # audio options
- local audio_opts="oss"
- use alsa && audio_opts="alsa,${audio_opts}"
- use sdl && audio_opts="sdl,${audio_opts}"
- use pulseaudio && audio_opts="pa,${audio_opts}"
- conf_opts+=(
- --audio-drv-list="${audio_opts}"
- )
- use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
- use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
- fi
-
- case ${buildtype} in
- user)
- conf_opts+=(
- --enable-linux-user
- --disable-system
- --disable-blobs
- --disable-tools
- )
- local static_flag="static-user"
- ;;
- softmmu)
- conf_opts+=(
- --disable-linux-user
- --enable-system
- --disable-tools
- --with-system-pixman
- )
- local static_flag="static"
- ;;
- tools)
- conf_opts+=(
- --disable-linux-user
- --disable-system
- --disable-blobs
- --enable-tools
- )
- local static_flag="static"
- ;;
- esac
-
- local targets="${buildtype}_targets"
- [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
-
- # Add support for SystemTAP
- use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
-
- # We always want to attempt to build with PIE support as it results
- # in a more secure binary. But it doesn't work with static or if
- # the current GCC doesn't have PIE support.
- if use ${static_flag}; then
- conf_opts+=( --static --disable-pie )
- else
- gcc-specs-pie && conf_opts+=( --enable-pie )
- fi
-
- echo "../configure ${conf_opts[*]}"
- cd "${builddir}"
- ../configure "${conf_opts[@]}" || die "configure failed"
-
- # FreeBSD's kernel does not support QEMU assigning/grabbing
- # host USB devices yet
- use kernel_FreeBSD && \
- sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
-}
-
-src_configure() {
- local target
-
- python_setup
-
- softmmu_targets= softmmu_bins=()
- user_targets= user_bins=()
-
- for target in ${IUSE_SOFTMMU_TARGETS} ; do
- if use "qemu_softmmu_targets_${target}"; then
- softmmu_targets+=",${target}-softmmu"
- softmmu_bins+=( "qemu-system-${target}" )
- fi
- done
-
- for target in ${IUSE_USER_TARGETS} ; do
- if use "qemu_user_targets_${target}"; then
- user_targets+=",${target}-linux-user"
- user_bins+=( "qemu-${target}" )
- fi
- done
-
- softmmu_targets=${softmmu_targets#,}
- user_targets=${user_targets#,}
-
- [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
- [[ -n ${user_targets} ]] && qemu_src_configure "user"
- qemu_src_configure "tools"
-}
-
-src_compile() {
- if [[ -n ${user_targets} ]]; then
- cd "${S}/user-build"
- default
- fi
-
- if [[ -n ${softmmu_targets} ]]; then
- cd "${S}/softmmu-build"
- default
- fi
-
- cd "${S}/tools-build"
- default
-}
-
-src_test() {
- if [[ -n ${softmmu_targets} ]]; then
- cd "${S}/softmmu-build"
- pax-mark m */qemu-system-* #515550
- emake -j1 check
- emake -j1 check-report.html
- fi
-}
-
-qemu_python_install() {
- python_domodule "${S}/scripts/qmp/qmp.py"
-
- python_doscript "${S}/scripts/kvm/vmxcap"
- python_doscript "${S}/scripts/qmp/qmp-shell"
- python_doscript "${S}/scripts/qmp/qemu-ga-client"
-}
-
-# Generate binfmt support files.
-# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
-# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
-generate_initd() {
- local out="${T}/qemu-binfmt"
- local out_systemd="${T}/qemu.conf"
- local d="${T}/binfmt.d"
-
- einfo "Generating qemu binfmt scripts and configuration files"
-
- # Generate the debian fragments first.
- mkdir -p "${d}"
- "${S}"/scripts/qemu-binfmt-conf.sh \
- --debian \
- --exportdir "${d}" \
- --qemu-path "${EPREFIX}/usr/bin" \
- || die
- # Then turn the fragments into a shell script we can source.
- sed -E -i \
- -e 's:^([^ ]+) (.*)$:\1="\2":' \
- "${d}"/* || die
-
- # Generate the init.d script by assembling the fragments from above.
- local f qcpu package interpreter magic mask
- cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
- for f in "${d}"/qemu-* ; do
- source "${f}"
-
- # Normalize the cpu logic like we do in the init.d for the native cpu.
- qcpu=${package#qemu-}
- case ${qcpu} in
- arm*) qcpu="arm";;
- mips*) qcpu="mips";;
- ppc*) qcpu="ppc";;
- s390*) qcpu="s390";;
- sh*) qcpu="sh";;
- sparc*) qcpu="sparc";;
- esac
-
- cat <<EOF >>"${out}"
- if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
- echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
- fi
-EOF
-
- echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
-
- done
- cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
-}
-
-src_install() {
- if [[ -n ${user_targets} ]]; then
- cd "${S}/user-build"
- emake DESTDIR="${ED}" install
-
- # Install binfmt handler init script for user targets.
- generate_initd
- doinitd "${T}/qemu-binfmt"
-
- # Install binfmt/qemu.conf.
- insinto "/usr/share/qemu/binfmt.d"
- doins "${T}/qemu.conf"
- fi
-
- if [[ -n ${softmmu_targets} ]]; then
- cd "${S}/softmmu-build"
- emake DESTDIR="${ED}" install
-
- # This might not exist if the test failed. #512010
- [[ -e check-report.html ]] && dohtml check-report.html
-
- if use kernel_linux; then
- udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
- fi
-
- if use python; then
- python_foreach_impl qemu_python_install
- fi
- fi
-
- cd "${S}/tools-build"
- emake DESTDIR="${ED}" install
-
- # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
- pushd "${ED}"/usr/bin >/dev/null
- pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
- popd >/dev/null
-
- # Install config file example for qemu-bridge-helper
- insinto "/etc/qemu"
- doins "${FILESDIR}/bridge.conf"
-
- # Remove the docdir placed qmp-commands.txt
- mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
-
- cd "${S}"
- dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
- newdoc pc-bios/README README.pc-bios
- dodoc docs/qmp-*.txt
-
- if [[ -n ${softmmu_targets} ]]; then
- # Remove SeaBIOS since we're using the SeaBIOS packaged one
- rm "${ED}/usr/share/qemu/bios.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
- dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
- fi
-
- # Remove vgabios since we're using the vgabios packaged one
- rm "${ED}/usr/share/qemu/vgabios.bin"
- rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
- rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
- rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
- rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
- dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
- dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
- dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
- dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
- dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
- fi
-
- # Remove sgabios since we're using the sgabios packaged one
- rm "${ED}/usr/share/qemu/sgabios.bin"
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
- dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
- fi
-
- # Remove iPXE since we're using the iPXE packaged one
- rm "${ED}"/usr/share/qemu/pxe-*.rom
- if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
- dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
- dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
- dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
- dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
- dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
- dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
- fi
- fi
-
- DISABLE_AUTOFORMATTING=true
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- DISABLE_AUTOFORMATTING=true
- readme.gentoo_print_elog
-
- if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
- udev_reload
- fi
-
- fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
-}
-
-pkg_info() {
- echo "Using:"
- echo " $(best_version app-emulation/spice-protocol)"
- echo " $(best_version sys-firmware/ipxe)"
- echo " $(best_version sys-firmware/seabios)"
- if has_version 'sys-firmware/seabios[binary]'; then
- echo " USE=binary"
- else
- echo " USE=''"
- fi
- echo " $(best_version sys-firmware/vgabios)"
-}
diff --git a/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
index 3efa65c..397b86c 100644
--- a/app-emulation/qemu/qemu-2.9.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r2.ebuild
@@ -17,7 +17,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
- KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
+ KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -513,7 +513,7 @@ qemu_src_configure() {
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
- gcc-specs-pie && conf_opts+=( --enable-pie )
+ tc-enables-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"
diff --git a/app-emulation/qemu/qemu-2.9.0-r54.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
index c36797b..ad2e5f7 100644
--- a/app-emulation/qemu/qemu-2.9.0-r54.ebuild
+++ b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
@@ -137,7 +137,7 @@ SOFTMMU_TOOLS_DEPEND="
)
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
- snappy? ( app-arch/snappy[static-libs(+)] )
+ snappy? ( app-arch/snappy:=[static-libs(+)] )
spice? (
>=app-emulation/spice-protocol-0.12.3
>=app-emulation/spice-0.12.0[static-libs(+)]
@@ -200,11 +200,20 @@ PATCHES=(
# gentoo patches
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
- "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
+ "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7539.patch # bug 625850
)
STRIP_MASK="/usr/share/qemu/palcode-clipper"
@@ -516,7 +525,7 @@ qemu_src_configure() {
if use ${static_flag}; then
conf_opts+=( --static --disable-pie )
else
- gcc-specs-pie && conf_opts+=( --enable-pie )
+ tc-enables-pie && conf_opts+=( --enable-pie )
fi
echo "../configure ${conf_opts[*]}"