summaryrefslogtreecommitdiff
path: root/app-emulation/qemu
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu')
-rw-r--r--app-emulation/qemu/Manifest17
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch15
-rw-r--r--app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch61
-rw-r--r--app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch12
-rw-r--r--app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch334
-rw-r--r--app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch135
-rw-r--r--app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch32
-rw-r--r--app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch38
-rw-r--r--app-emulation/qemu/files/qemu-4.2.0-CVE-2020-11102.patch144
-rw-r--r--app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch94
-rw-r--r--app-emulation/qemu/qemu-4.2.0-r5.ebuild (renamed from app-emulation/qemu/qemu-4.2.0-r2.ebuild)13
-rw-r--r--app-emulation/qemu/qemu-4.2.0-r6.ebuild (renamed from app-emulation/qemu/qemu-4.2.0-r3.ebuild)13
-rw-r--r--app-emulation/qemu/qemu-9999.ebuild7
13 files changed, 113 insertions, 802 deletions
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index d36a0efc6adb..9be1c90119e7 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,21 +2,14 @@ AUX 65-kvm.rules-r1 120 BLAKE2B a0d95f60e48f80e5f00b3a7ef3b520861fb781868844aff7
AUX bridge.conf 454 BLAKE2B 2f3e828a001ac77de96c8a11e3fc462149e1c16972c28b8367659c2896b7c3dd147e978ef6401b280fc3474bc959bee50f65d7525bee8bc04c19bc657ba7e22f SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533
AUX qemu-2.11.1-capstone_include_path.patch 264 BLAKE2B 955b498c0ea2657ee4c9d0054a32693ac2096232ae8358848fa8518bcb87c1cce5d9145ccf560320ba53d60ae8ed85f6be801b72707a964b247e8f1f1844f9cd SHA512 ebf1d6450b7c499a8e490b19f87a3b4f8bbc50ea44edaac8c12b0993947513a8b616af2d4cf6240c8e265824a44463f917333ffa510e6ffedf379921e28fc3ab
AUX qemu-2.5.0-cflags.patch 410 BLAKE2B 1d072b5dd00369bb565b30c2aa7047de92b441bf103faadb5dd42daf36ad1c5e39c5bdfdc2b5f2bb0bfec2ea1255b4182caeb467614a487f5cfcb341109a4884 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3
-AUX qemu-2.5.0-sysmacros.patch 333 BLAKE2B 8c38410c6ea789f669d89c7321cdc9e5c734bb3db332272657302977241f157b04fb07e27bda4f67ee560e39a7494344ad79616835e6ff483927f2b72ed9c597 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0
-AUX qemu-3.1.0-md-clear-md-no.patch 2690 BLAKE2B fcf6b7599985da60dcdf873e27c832075cd9c766d10ab3784c0f935965276b8c520005a62fc884a35c78942ce225bbd9a67083ef058e03f1a7c0963b816ae7b4 SHA512 bb452d110353bae4878ec030ef5f2f05c73294cbe08e8fc18267f23f922117e7e295302ac65df8008b5db3ff72bcff2e3eefd2da8b9a53868daea321d10958c1
-AUX qemu-4.0.0-fix_infiniband_include.patch 338 BLAKE2B 9c85e27ca7e99d5600247ce788edcf30b74650012c06f3b68ec395f55ca7cdfac7f24679077b06ff7ba37fc1b0a8fce281838709cfae9d20c9ee89d9dbd68da9 SHA512 c8cebaa40ca46f2a78131d4ea1951304cc39b39c3d9ec37f4be41906ce6dee303f5b21e66e6716ac4ad20ed4bf3dc06709e7db95113f2c7abd0036e0e0cc722d
-AUX qemu-4.0.0-linux-headers-5.2.patch 11360 BLAKE2B 6299f25424044df02e892f10d735e07af35de7ec2b4a15bcf57ec03db8956406bfe690d57f2265b5ae5c63902e4ac77614c11286ec5461e7a6da3d7237030557 SHA512 2da8020655e8b4d269cdbeaa2134cbbaee85efe30d5b7ef1180f5e74a5b8141211c781be3a229ae475fb9e9b5b1022c378768c73a5acbf42993eaa6f93fe370d
AUX qemu-4.0.0-mkdir_systemtap.patch 333 BLAKE2B e7e35e7fe510e7e1a86005f3d51384a81d1de7705f3b856656ec71cc0a2a29626e94918b3cc23b32e47c8073b77b62b498e71c3e956549e25ee5f4da1a8ac9cf SHA512 de48a7d663bd78051ed8a1f62d8b0b8e3bfe58d8a0001daf12518dbd087be3154e766be11c607485e7dd851b08d5675c4fb2a2fe5cf18f3b900164a4d93eab10
-AUX qemu-4.0.0-pc-q35-4.0.patch 5020 BLAKE2B ec3ad8fbf9ee1ce54109a81e913b97daebf347b2fc2217585e68741c3f77cae1272d7b721b59d7595b51d99eadbe7e26c47bcd46c96361a7f0df345fe5d6bcfb SHA512 3621525724a587f9aa1899b7b5c2130c27fca1b9a0e907e3fe1927a79a5d59f7597491538d6079822c52dd7bed41dd3cf6233a1be8472f3ed487e43447a74c7d
-AUX qemu-4.0.0-sanitize-interp_info.patch 930 BLAKE2B d555dedc493cfa1cf888cfa7ce2a4a7811f3fd12615fa5177f82c421ddd82c2d7ffcf2e5c28ca383aac1fff35d03cae6b4b6c5129c694d9b3986819aa1e12962 SHA512 7783acf1172c4fd935c2b8f5bd76e97cea6bbb3ee33a21b23a17f23933f6053b3a933f378c6eae184c2362cb090b6b2c1966f79f1f130cf7344205ef3df0178d
-AUX qemu-4.0.0-xkbcommon.patch 1107 BLAKE2B 865f6578677199b7a78fb285548982c47b1ab624eed28a474d9eb66af3bb266748f045389fdacf945f40ce58352f5041bcaa3ec1966e3f39591d2138455c6435 SHA512 0048751b6883e206b5c486c418e0b2b71f09dfe8dd156b9ac7b331bce1ac5ef9cd7d2e605da144c3983b7a74a8b2f1bb2c9eef991197ee4bfea014af53f54427
-AUX qemu-4.2.0-CVE-2020-11102.patch 4924 BLAKE2B 59def39ea9088447bd033870be36e0b3e79f1b581a553118e06279f2ca322a86398ef7b3f31bbfaa210b4a767bb370fb828c1da9451196347ee1f5c1d89f19a9 SHA512 31bb5772d493506266bcbff5fa3fbaea32569fb4f8fe7c569306b9eccd7b62d0f00592e82787ea5c06a20dcc73c5a0c14ce62e402393ebf4cfe1d838a2c7aefb
+AUX qemu-4.2.0-ati-vga-crash.patch 4213 BLAKE2B bd67a7fa5cc782360e42dba38be05d973a18ee0a281a1d6623b836769f6d3e0e7de87111ab5b20ddc4d6b3e069e0dd9dc9c6a4fc56fc076562b69d89f4600936 SHA512 6075eed84d4cd0252fd8c82316c0b47c56e3deef5852acf5677a9e091610102c1d790ea1da4c7b6595f84bf1362e824f4ffe06675d4dc0b96da4c6401b4d0cc0
AUX qemu-4.2.0-cflags.patch 508 BLAKE2B 86724caca22a4bd2b21db306d04d8c0f6a542a15b82bb4e340f3ddb8471f47e854276ff33adee7bd5682ecb797efdb048e9d028d954a064712d1e817e1eb6e26 SHA512 5bfb8f0e739d7bb260b5b5b0a2d28f30b97833b8037227c511f55c9bd9502241c891e7e3780e750598ccfd7fb01615254f1c7f6634787fec67539a61a217e18d
AUX qemu-binfmt.initd.head 1442 BLAKE2B 23aa5338914aa7c47f9b1cc1d28291abd0ea037a33cca81f990decfafac2907c86c042350c9dd45591d16330846d4e11d2c8a2a409a68ad81656d9c2c51964c0 SHA512 3fec8946a37bfbd2089f5d95089ed5987a198fc0139ee7482d4bb38c2ffa0e165667a7853afcf2b458bc3e2a6540f172c929ca5a334a00db47e2d0f881382c0e
AUX qemu-binfmt.initd.tail 245 BLAKE2B dd59f2944c6e3f0c4d282b94b687a9b5c51dd77c5103fb9889bd9ce56874495397676ae6c8375d9e9e23094828477240778d9e0f361e68cdd63fdad574851561 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737
-DIST qemu-4.2.0-patches-r1.tar.xz 14552 BLAKE2B e8832ce5b7ccda02dcd63fa60a458322a36ba754c8bc682839de4ee33cf21a83cde434bdc062916d3c83e81026b68ebf2fbe099dc6c54c191875f830d95c63ae SHA512 7495e4c9ca80fd25a1bc8244b384f88f3bc6d7190e2840b1614e3bc6fd51938e42792c6a4dbdb2d400a45532e558814462647f35d5ab21e175bec84868a4161d
+DIST qemu-4.2.0-patches-r2.tar.xz 17868 BLAKE2B 3783d0f923ded66cce1195248981c83bbaf8b7ad2a270207e92e60b4d05d4787cd9324649c113a4616c2a9ddcef99841264f19915615b7a0a24dac9febed48ba SHA512 556f1c595a35ee4279b2d0890d90e48cd43d9d641ccca495e2494f62ab48dfc000dbe23718276271ced3d4b7680c814f8f8846195089ff56186f618063a83b48
DIST qemu-4.2.0.tar.xz 62222068 BLAKE2B 27c9fbcd5093af425764674817ab9299224bd03f37b5983786f6f437fff1fab3b7da247c55c4ca8b8c42726b9867005944a2f7f04f2d0d94d753961615f901ef SHA512 2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56
-EBUILD qemu-4.2.0-r2.ebuild 24433 BLAKE2B 76aa9bfba93a69410762da8228a66bdf768031e3636fae9b7dd3f9393f6ab35baccf2840900f5eaf5c751dbcdcbbbd6a02de9eebf41d8b8b69d5adb055f09836 SHA512 3cf46d297948865e72d19190ad09e6eb38a9413c3c9cddf68fb5d54db6dad2c8afeaac85ef26178dcbd69b1f2b38d204b52214b2a87edd2d437acb9330f97adb
-EBUILD qemu-4.2.0-r3.ebuild 24588 BLAKE2B 62d1b2d813eba84c499fa72746006958294a73ac940496b1c8606b77f17e19e551cfea8e5af5e5e389ca1153ede8a6a73cddb10b7971ce3ec353e38d882d309e SHA512 298f54434c03ec9c32dfd6b1c677d5fe876ca4e605d7e236698c3d0a3199981119f17b6c5e2a636914893c49573c09a69c25040e58ed18048ead72d6bd9195e1
-EBUILD qemu-9999.ebuild 24336 BLAKE2B 2c37e9f9dde0a942daf432579c4f0a47c5373dc3f640c139f3c96936aa92150274aa3d7fe37bf795a166c40e3abead8874eb1e7666ed6001183485bb67402e79 SHA512 5888ca6188a32b39e2dfad3a4c10a8356cbf32502522d244eb33ece87f348e3f546b15d5c413d6b281760f87150ce8bc9b86cc49e233d5798c2e8d7e96c47203
+EBUILD qemu-4.2.0-r5.ebuild 24410 BLAKE2B 62165db1afd588b237dbcfd6383e140d4c3b82336a0dd921e7a0249ec2400d82c721a85036ccfb5d8ad97c0f4659f17101e93aa673b4e6626b188a784e2d8857 SHA512 7e5e226646041d42cf34721c837a0bbdf14c14cf6fa8cf181e5c4af85cb20c5fc4ee29524133e09024da4fc7ae6d3626a6d17da205b3161de2f4d3ca8010472a
+EBUILD qemu-4.2.0-r6.ebuild 24467 BLAKE2B 850484ea855dc4939329b19e46414844b2b0a505ba4c4190377f47197681f3d1d249074573f388de759dc9340ff0bfdc6e2a56df8c1eefca41dd02cdeffccb74 SHA512 f18d944c2683ef1d93f017cc8025bd51dd7ef561d7f1ad8c0176b146bbd23d3a3b3f8d4e155eee1865d940b707179febe6ee37ae04e8cd16373875bd504119d3
+EBUILD qemu-9999.ebuild 24313 BLAKE2B ef0e66599c42688b16d3576e799681004acc1f83709a0307fb12b535bbb9a79a95c3343a5261f0bb14e1cf83844ccf9223c236661d5ecb459845585f75362a40 SHA512 4783f436324c02d1b58cb6f6a7d144d7a52eb3667600f28b32830d63eca43e2500361f4765010a2ee5f4d32335f33bd51637051780da698e77e3d11c9d0d1fab
MISC metadata.xml 4379 BLAKE2B 6608d9d9926e801dd84c9b8dc8f177fea1ee1896754c717cd0189aa2399e85abedd67d92f4fa0b35a84a3d86fa2871232098b6380caf408ace7a6dc96968228d SHA512 ff90794397e5e10df98bccc55508d5b5a963c0a14ee506fb2130499660e9b64aee6fcdba41906103a4f6e77a27f228b7cd34835b7035ce49bd6a8cbf2f25242e
diff --git a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch b/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
deleted file mode 100644
index f2e766dc1c35..000000000000
--- a/app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Linux C libs are moving away from implicit header pollution with sys/types.h
-
---- a/include/qemu/osdep.h
-+++ b/include/qemu/osdep.h
-@@ -78,6 +78,10 @@ extern int daemon(int, int);
- #include <assert.h>
- #include <signal.h>
-
-+#ifdef __linux__
-+#include <sys/sysmacros.h>
-+#endif
-+
- #ifdef __OpenBSD__
- #include <sys/signal.h>
- #endif
diff --git a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch b/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
deleted file mode 100644
index a7b3e8cb8f20..000000000000
--- a/app-emulation/qemu/files/qemu-3.1.0-md-clear-md-no.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0fb766134bd97ead71646e13349f93769e536ed9 Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@43-1.org>
-Date: Fri, 17 May 2019 02:21:10 -0500
-Subject: [PATCH] Define md-clear bit, expose md-no CPUID
-
-Fixes for CVE-2018-121{26|27|30}, CVE-2019-11091
-
-See related fixes for Ubuntu:
- https://launchpad.net/ubuntu/+source/qemu/1:3.1+dfsg-2ubuntu3.1
----
- target/i386/cpu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/target/i386/cpu.c b/target/i386/cpu.c
-index d6bb57d2..331a364a 100644
---- a/target/i386/cpu.c
-+++ b/target/i386/cpu.c
-@@ -1076,7 +1076,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
- .feat_names = {
- NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
- NULL, NULL, NULL, NULL,
-- NULL, NULL, NULL, NULL,
-+ NULL, NULL, "md-clear", NULL,
- NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
-@@ -1183,7 +1183,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
- .type = MSR_FEATURE_WORD,
- .feat_names = {
- "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
-- "ssb-no", NULL, NULL, NULL,
-+ "ssb-no", "mds-no", NULL, NULL,
- NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
-diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 83fb5225..d0bab4d7 100644
---- a/target/i386/cpu.h
-+++ b/target/i386/cpu.h
-@@ -694,6 +694,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
-
- #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
- #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
-+#define CPUID_7_0_EDX_MD_CLEAR (1U << 10) /* Microarchitectural Data Clear */
- #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
- #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /*Arch Capabilities*/
- #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */
-diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
-index 4d957fe8..b453552f 100644
---- a/target/i386/hvf/x86_cpuid.c
-+++ b/target/i386/hvf/x86_cpuid.c
-@@ -90,7 +90,8 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
- }
-
- ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
-- edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
-+ edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS | \
-+ CPUID_7_0_EDX_MD_CLEAR;
- } else {
- ebx = 0;
- ecx = 0;
diff --git a/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch b/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
deleted file mode 100644
index 2778cc8f4f2e..000000000000
--- a/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
-index d1660b64..86715bfd 100644
---- a/hw/rdma/rdma_backend.c
-+++ b/hw/rdma/rdma_backend.c
-@@ -21,7 +21,6 @@
- #include "qapi/qapi-events-rdma.h"
-
- #include <infiniband/verbs.h>
--#include <infiniband/umad_types.h>
- #include <infiniband/umad.h>
- #include <rdma/rdma_user_cm.h>
-
diff --git a/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch b/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch
deleted file mode 100644
index 43be8629dfa8..000000000000
--- a/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch
+++ /dev/null
@@ -1,334 +0,0 @@
-From 6d5d5dde9adb5acb32e6b8e3dfbf47fff0f308d2 Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 18 Jul 2019 15:06:41 +0200
-Subject: [PATCH] linux-user: fix to handle variably sized SIOCGSTAMP with new
- kernels
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-The SIOCGSTAMP symbol was previously defined in the
-asm-generic/sockios.h header file. QEMU sees that header
-indirectly via sys/socket.h
-
-In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
-the asm-generic/sockios.h header no longer defines SIOCGSTAMP.
-Instead it provides only SIOCGSTAMP_OLD, which only uses a
-32-bit time_t on 32-bit architectures.
-
-The linux/sockios.h header then defines SIOCGSTAMP using
-either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If
-SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even
-on 32-bit architectures
-
-To cope with this we must now convert the old and new type from
-the target to the host one.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Laurent Vivier <laurent@vivier.eu>
-Reviewed-by: Arnd Bergmann <arnd@arndb.de>
-Message-Id: <20190718130641.15294-1-laurent@vivier.eu>
-Signed-off-by: Laurent Vivier <laurent@vivier.eu>
----
- linux-user/ioctls.h | 21 ++++++-
- linux-user/syscall.c | 140 ++++++++++++++++++++++++++++++++++++---------
- linux-user/syscall_defs.h | 30 +++++++++-
- linux-user/syscall_types.h | 6 --
- 4 files changed, 159 insertions(+), 38 deletions(-)
-
-diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
-index ae895162..e6a27ad9 100644
---- a/linux-user/ioctls.h
-+++ b/linux-user/ioctls.h
-@@ -219,8 +219,25 @@
- IOCTL(SIOCGRARP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_arpreq)))
- IOCTL(SIOCGIWNAME, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_char_ifreq)))
- IOCTL(SIOCGPGRP, IOC_R, MK_PTR(TYPE_INT)) /* pid_t */
-- IOCTL(SIOCGSTAMP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timeval)))
-- IOCTL(SIOCGSTAMPNS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timespec)))
-+
-+ /*
-+ * We can't use IOCTL_SPECIAL() because it will set
-+ * host_cmd to XXX_OLD and XXX_NEW and these macros
-+ * are not defined with kernel prior to 5.2.
-+ * We must set host_cmd to the same value as in target_cmd
-+ * otherwise the consistency check in syscall_init()
-+ * will trigger an error.
-+ * host_cmd is ignored by the do_ioctl_XXX() helpers.
-+ * FIXME: create a macro to define this kind of entry
-+ */
-+ { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD,
-+ "SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP },
-+ { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD,
-+ "SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS },
-+ { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW,
-+ "SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP },
-+ { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW,
-+ "SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS },
-
- IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT))
- IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT))
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 96cd4bf8..6df480e1 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -37,6 +37,7 @@
- #include <sched.h>
- #include <sys/timex.h>
- #include <sys/socket.h>
-+#include <linux/sockios.h>
- #include <sys/un.h>
- #include <sys/uio.h>
- #include <poll.h>
-@@ -1139,8 +1140,9 @@ static inline abi_long copy_from_user_timeval(struct timeval *tv,
- {
- struct target_timeval *target_tv;
-
-- if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
-+ if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
- return -TARGET_EFAULT;
-+ }
-
- __get_user(tv->tv_sec, &target_tv->tv_sec);
- __get_user(tv->tv_usec, &target_tv->tv_usec);
-@@ -1155,8 +1157,26 @@ static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
- {
- struct target_timeval *target_tv;
-
-- if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
-+ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
-+ return -TARGET_EFAULT;
-+ }
-+
-+ __put_user(tv->tv_sec, &target_tv->tv_sec);
-+ __put_user(tv->tv_usec, &target_tv->tv_usec);
-+
-+ unlock_user_struct(target_tv, target_tv_addr, 1);
-+
-+ return 0;
-+}
-+
-+static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr,
-+ const struct timeval *tv)
-+{
-+ struct target__kernel_sock_timeval *target_tv;
-+
-+ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
- return -TARGET_EFAULT;
-+ }
-
- __put_user(tv->tv_sec, &target_tv->tv_sec);
- __put_user(tv->tv_usec, &target_tv->tv_usec);
-@@ -1166,6 +1186,48 @@ static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
- return 0;
- }
-
-+static inline abi_long target_to_host_timespec(struct timespec *host_ts,
-+ abi_ulong target_addr)
-+{
-+ struct target_timespec *target_ts;
-+
-+ if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
-+ return -TARGET_EFAULT;
-+ }
-+ __get_user(host_ts->tv_sec, &target_ts->tv_sec);
-+ __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
-+ unlock_user_struct(target_ts, target_addr, 0);
-+ return 0;
-+}
-+
-+static inline abi_long host_to_target_timespec(abi_ulong target_addr,
-+ struct timespec *host_ts)
-+{
-+ struct target_timespec *target_ts;
-+
-+ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
-+ return -TARGET_EFAULT;
-+ }
-+ __put_user(host_ts->tv_sec, &target_ts->tv_sec);
-+ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
-+ unlock_user_struct(target_ts, target_addr, 1);
-+ return 0;
-+}
-+
-+static inline abi_long host_to_target_timespec64(abi_ulong target_addr,
-+ struct timespec *host_ts)
-+{
-+ struct target__kernel_timespec *target_ts;
-+
-+ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
-+ return -TARGET_EFAULT;
-+ }
-+ __put_user(host_ts->tv_sec, &target_ts->tv_sec);
-+ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
-+ unlock_user_struct(target_ts, target_addr, 1);
-+ return 0;
-+}
-+
- static inline abi_long copy_from_user_timezone(struct timezone *tz,
- abi_ulong target_tz_addr)
- {
-@@ -4790,6 +4852,54 @@ static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
- return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
- }
-
-+static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp,
-+ int fd, int cmd, abi_long arg)
-+{
-+ struct timeval tv;
-+ abi_long ret;
-+
-+ ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv));
-+ if (is_error(ret)) {
-+ return ret;
-+ }
-+
-+ if (cmd == (int)TARGET_SIOCGSTAMP_OLD) {
-+ if (copy_to_user_timeval(arg, &tv)) {
-+ return -TARGET_EFAULT;
-+ }
-+ } else {
-+ if (copy_to_user_timeval64(arg, &tv)) {
-+ return -TARGET_EFAULT;
-+ }
-+ }
-+
-+ return ret;
-+}
-+
-+static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp,
-+ int fd, int cmd, abi_long arg)
-+{
-+ struct timespec ts;
-+ abi_long ret;
-+
-+ ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts));
-+ if (is_error(ret)) {
-+ return ret;
-+ }
-+
-+ if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) {
-+ if (host_to_target_timespec(arg, &ts)) {
-+ return -TARGET_EFAULT;
-+ }
-+ } else{
-+ if (host_to_target_timespec64(arg, &ts)) {
-+ return -TARGET_EFAULT;
-+ }
-+ }
-+
-+ return ret;
-+}
-+
- #ifdef TIOCGPTPEER
- static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp,
- int fd, int cmd, abi_long arg)
-@@ -6160,32 +6270,6 @@ static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
- }
- #endif
-
--static inline abi_long target_to_host_timespec(struct timespec *host_ts,
-- abi_ulong target_addr)
--{
-- struct target_timespec *target_ts;
--
-- if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
-- return -TARGET_EFAULT;
-- __get_user(host_ts->tv_sec, &target_ts->tv_sec);
-- __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
-- unlock_user_struct(target_ts, target_addr, 0);
-- return 0;
--}
--
--static inline abi_long host_to_target_timespec(abi_ulong target_addr,
-- struct timespec *host_ts)
--{
-- struct target_timespec *target_ts;
--
-- if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
-- return -TARGET_EFAULT;
-- __put_user(host_ts->tv_sec, &target_ts->tv_sec);
-- __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
-- unlock_user_struct(target_ts, target_addr, 1);
-- return 0;
--}
--
- static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
- abi_ulong target_addr)
- {
-diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
-index 12c84071..cfb3eeec 100644
---- a/linux-user/syscall_defs.h
-+++ b/linux-user/syscall_defs.h
-@@ -208,16 +208,34 @@ struct target_linger {
- abi_int l_linger; /* How long to linger for */
- };
-
-+#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
-+struct target_timeval {
-+ abi_long tv_sec;
-+ abi_int tv_usec;
-+};
-+#define target__kernel_sock_timeval target_timeval
-+#else
- struct target_timeval {
- abi_long tv_sec;
- abi_long tv_usec;
- };
-
-+struct target__kernel_sock_timeval {
-+ abi_llong tv_sec;
-+ abi_llong tv_usec;
-+};
-+#endif
-+
- struct target_timespec {
- abi_long tv_sec;
- abi_long tv_nsec;
- };
-
-+struct target__kernel_timespec {
-+ abi_llong tv_sec;
-+ abi_llong tv_nsec;
-+};
-+
- struct target_timezone {
- abi_int tz_minuteswest;
- abi_int tz_dsttime;
-@@ -743,8 +761,17 @@ struct target_pollfd {
- #define TARGET_SIOCATMARK 0x8905
- #define TARGET_SIOCGPGRP 0x8904
- #endif
--#define TARGET_SIOCGSTAMP 0x8906 /* Get stamp (timeval) */
--#define TARGET_SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */
-+
-+#if defined(TARGET_SH4)
-+#define TARGET_SIOCGSTAMP_OLD TARGET_IOR('s', 100, struct target_timeval)
-+#define TARGET_SIOCGSTAMPNS_OLD TARGET_IOR('s', 101, struct target_timespec)
-+#else
-+#define TARGET_SIOCGSTAMP_OLD 0x8906
-+#define TARGET_SIOCGSTAMPNS_OLD 0x8907
-+#endif
-+
-+#define TARGET_SIOCGSTAMP_NEW TARGET_IOR(0x89, 0x06, abi_llong[2])
-+#define TARGET_SIOCGSTAMPNS_NEW TARGET_IOR(0x89, 0x07, abi_llong[2])
-
- /* Networking ioctls */
- #define TARGET_SIOCADDRT 0x890B /* add routing table entry */
-diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
-index b98a23b0..4e369838 100644
---- a/linux-user/syscall_types.h
-+++ b/linux-user/syscall_types.h
-@@ -14,12 +14,6 @@ STRUCT(serial_icounter_struct,
- STRUCT(sockaddr,
- TYPE_SHORT, MK_ARRAY(TYPE_CHAR, 14))
-
--STRUCT(timeval,
-- MK_ARRAY(TYPE_LONG, 2))
--
--STRUCT(timespec,
-- MK_ARRAY(TYPE_LONG, 2))
--
- STRUCT(rtentry,
- TYPE_ULONG, MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr),
- TYPE_SHORT, TYPE_SHORT, TYPE_ULONG, TYPE_PTRVOID, TYPE_SHORT, TYPE_PTRVOID,
diff --git a/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch b/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch
deleted file mode 100644
index ebabc0c4c294..000000000000
--- a/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-Backport of QEMU v4.1 commit for stable v4.0.1 release
-
-commit c87759ce876a7a0b17c2bf4f0b964bd51f0ee871
-Author: Alex Williamson <address@hidden>
-Date: Tue May 14 14:14:41 2019 -0600
-
- q35: Revert to kernel irqchip
-
- Commit b2fc91db8447 ("q35: set split kernel irqchip as default") changed
- the default for the pc-q35-4.0 machine type to use split irqchip, which
- turned out to have disasterous effects on vfio-pci INTx support. KVM
- resampling irqfds are registered for handling these interrupts, but
- these are non-functional in split irqchip mode. We can't simply test
- for split irqchip in QEMU as userspace handling of this interrupt is a
- significant performance regression versus KVM handling (GeForce GPUs
- assigned to Windows VMs are non-functional without forcing MSI mode or
- re-enabling kernel irqchip).
-
- The resolution is to revert the change in default irqchip mode in the
- pc-q35-4.1 machine and create a pc-q35-4.0.1 machine for the 4.0-stable
- branch. The qemu-q35-4.0 machine type should not be used in vfio-pci
- configurations for devices requiring legacy INTx support without
- explicitly modifying the VM configuration to use kernel irqchip.
-
-Link: https://bugs.launchpad.net/qemu/+bug/1826422
-Fixes: b2fc91db8447 ("q35: set split kernel irqchip as default")
-Cc: address@hidden
-Reviewed-by: Peter Xu <address@hidden>
-Signed-off-by: Alex Williamson <address@hidden>
----
-
-Same code as v1, just updating the commit log as a formal backport of
-the merged 4.1 commit.
-
- hw/core/machine.c | 3 +++
- hw/i386/pc.c | 3 +++
- hw/i386/pc_q35.c | 16 ++++++++++++++--
- include/hw/boards.h | 3 +++
- include/hw/i386/pc.h | 3 +++
- 5 files changed, 26 insertions(+), 2 deletions(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 743fef28982c..5d046a43e3d2 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -24,6 +24,9 @@
- #include "hw/pci/pci.h"
- #include "hw/mem/nvdimm.h"
-
-+GlobalProperty hw_compat_4_0[] = {};
-+const size_t hw_compat_4_0_len = G_N_ELEMENTS(hw_compat_4_0);
-+
- GlobalProperty hw_compat_3_1[] = {
- { "pcie-root-port", "x-speed", "2_5" },
- { "pcie-root-port", "x-width", "1" },
-diff --git a/hw/i386/pc.c b/hw/i386/pc.c
-index f2c15bf1f2c3..d98b737b8f3b 100644
---- a/hw/i386/pc.c
-+++ b/hw/i386/pc.c
-@@ -115,6 +115,9 @@ struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
- /* Physical Address of PVH entry point read from kernel ELF NOTE */
- static size_t pvh_start_addr;
-
-+GlobalProperty pc_compat_4_0[] = {};
-+const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0);
-+
- GlobalProperty pc_compat_3_1[] = {
- { "intel-iommu", "dma-drain", "off" },
- { "Opteron_G3" "-" TYPE_X86_CPU, "rdtscp", "off" },
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 372c6b73bebd..45cc29d1adb7 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -357,7 +357,7 @@ static void pc_q35_machine_options(MachineClass *m)
- m->units_per_default_bus = 1;
- m->default_machine_opts = "firmware=bios-256k.bin";
- m->default_display = "std";
-- m->default_kernel_irqchip_split = true;
-+ m->default_kernel_irqchip_split = false;
- m->no_floppy = 1;
- machine_class_allow_dynamic_sysbus_dev(m, TYPE_AMD_IOMMU_DEVICE);
- machine_class_allow_dynamic_sysbus_dev(m, TYPE_INTEL_IOMMU_DEVICE);
-@@ -365,12 +365,24 @@ static void pc_q35_machine_options(MachineClass *m)
- m->max_cpus = 288;
- }
-
--static void pc_q35_4_0_machine_options(MachineClass *m)
-+static void pc_q35_4_0_1_machine_options(MachineClass *m)
- {
- pc_q35_machine_options(m);
- m->alias = "q35";
- }
-
-+DEFINE_Q35_MACHINE(v4_0_1, "pc-q35-4.0.1", NULL,
-+ pc_q35_4_0_1_machine_options);
-+
-+static void pc_q35_4_0_machine_options(MachineClass *m)
-+{
-+ pc_q35_4_0_1_machine_options(m);
-+ m->default_kernel_irqchip_split = true;
-+ m->alias = NULL;
-+ compat_props_add(m->compat_props, hw_compat_4_0, hw_compat_4_0_len);
-+ compat_props_add(m->compat_props, pc_compat_4_0, pc_compat_4_0_len);
-+}
-+
- DEFINE_Q35_MACHINE(v4_0, "pc-q35-4.0", NULL,
- pc_q35_4_0_machine_options);
-
-diff --git a/include/hw/boards.h b/include/hw/boards.h
-index e231860666a1..fe1885cbffa0 100644
---- a/include/hw/boards.h
-+++ b/include/hw/boards.h
-@@ -293,6 +293,9 @@ struct MachineState {
- } \
- type_init(machine_initfn##_register_types)
-
-+extern GlobalProperty hw_compat_4_0[];
-+extern const size_t hw_compat_4_0_len;
-+
- extern GlobalProperty hw_compat_3_1[];
- extern const size_t hw_compat_3_1_len;
-
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index ca65ef18afb4..43df7230a22b 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -293,6 +293,9 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
- int e820_get_num_entries(void);
- bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
-
-+extern GlobalProperty pc_compat_4_0[];
-+extern const size_t pc_compat_4_0_len;
-+
- extern GlobalProperty pc_compat_3_1[];
- extern const size_t pc_compat_3_1_len;
diff --git a/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch b/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch
deleted file mode 100644
index 58ff0c788288..000000000000
--- a/app-emulation/qemu/files/qemu-4.0.0-sanitize-interp_info.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-linux-user: Sanitize interp_info and, for mips
-
-Sanitize interp_info structure in load_elf_binary() and, for mips only,
-init its field fp_abi. This fixes appearances of "Unexpected FPU mode"
-message in some MIPS use cases.
-
-Signed-off-by: Daniel Santos <address@hidden>
-Signed-off-by: Aleksandar Markovic <address@hidden>
----
- linux-user/elfload.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/linux-user/elfload.c b/linux-user/elfload.c
-index c1a2602..7f09d57 100644
---- a/linux-user/elfload.c
-+++ b/linux-user/elfload.c
-@@ -2698,6 +2698,11 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
- char *elf_interpreter = NULL;
- char *scratch;
-
-+ memset(&interp_info, 0, sizeof(interp_info));
-+#ifdef TARGET_MIPS
-+ interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN;
-+#endif
-+
- info->start_mmap = (abi_ulong)ELF_START_MMAP;
-
- load_elf_image(bprm->filename, bprm->fd, info,
---
-2.7.4
-
-
diff --git a/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch b/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch
deleted file mode 100644
index 3d9a5163ecf5..000000000000
--- a/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From cef396dc0b11a09ede85b275ed1ceee71b60a4b3 Mon Sep 17 00:00:00 2001
-From: James Le Cuirot <chewi@gentoo.org>
-Date: Sat, 14 Sep 2019 15:47:20 +0100
-Subject: [PATCH] configure: Add xkbcommon configure options
-
-This dependency is currently "automagic", which is bad for distributions.
-
-Signed-off-by: James Le Cuirot <chewi@gentoo.org>
----
- configure | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/configure b/configure
-index 30aad233d1..30544f52e6 100755
---- a/configure
-+++ b/configure
-@@ -1521,6 +1521,10 @@ for opt do
- ;;
- --disable-libpmem) libpmem=no
- ;;
-+ --enable-xkbcommon) xkbcommon=yes
-+ ;;
-+ --disable-xkbcommon) xkbcommon=no
-+ ;;
- *)
- echo "ERROR: unknown option $opt"
- echo "Try '$0 --help' for more information"
-@@ -1804,6 +1808,7 @@ disabled with --disable-FEATURE, default is enabled if available:
- capstone capstone disassembler support
- debug-mutex mutex debugging support
- libpmem libpmem support
-+ xkbcommon xkbcommon support
-
- NOTE: The object files are built at the place where configure is launched
- EOF
---
-2.23.0
-
diff --git a/app-emulation/qemu/files/qemu-4.2.0-CVE-2020-11102.patch b/app-emulation/qemu/files/qemu-4.2.0-CVE-2020-11102.patch
deleted file mode 100644
index 118c81971d83..000000000000
--- a/app-emulation/qemu/files/qemu-4.2.0-CVE-2020-11102.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From 8ffb7265af64ec81748335ec8f20e7ab542c3850 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Tue, 24 Mar 2020 22:57:22 +0530
-Subject: [PATCH] net: tulip: check frame size and r/w data length
-
-Tulip network driver while copying tx/rx buffers does not check
-frame size against r/w data length. This may lead to OOB buffer
-access. Add check to avoid it.
-
-Limit iterations over descriptors to avoid potential infinite
-loop issue in tulip_xmit_list_update.
-
-Reported-by: Li Qiang <pangpei.lq@antfin.com>
-Reported-by: Ziming Zhang <ezrakiez@gmail.com>
-Reported-by: Jason Wang <jasowang@redhat.com>
-Tested-by: Li Qiang <liq3ea@gmail.com>
-Reviewed-by: Li Qiang <liq3ea@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/tulip.c | 36 +++++++++++++++++++++++++++---------
- 1 file changed, 27 insertions(+), 9 deletions(-)
-
-diff --git a/hw/net/tulip.c b/hw/net/tulip.c
-index cfac2719d3..1295f51d07 100644
---- a/hw/net/tulip.c
-+++ b/hw/net/tulip.c
-@@ -170,6 +170,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
- } else {
- len = s->rx_frame_len;
- }
-+
-+ if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
-+ return;
-+ }
- pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame +
- (s->rx_frame_size - s->rx_frame_len), len);
- s->rx_frame_len -= len;
-@@ -181,6 +185,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
- } else {
- len = s->rx_frame_len;
- }
-+
-+ if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
-+ return;
-+ }
- pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame +
- (s->rx_frame_size - s->rx_frame_len), len);
- s->rx_frame_len -= len;
-@@ -227,7 +235,8 @@ static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
-
- trace_tulip_receive(buf, size);
-
-- if (size < 14 || size > 2048 || s->rx_frame_len || tulip_rx_stopped(s)) {
-+ if (size < 14 || size > sizeof(s->rx_frame) - 4
-+ || s->rx_frame_len || tulip_rx_stopped(s)) {
- return 0;
- }
-
-@@ -275,7 +284,6 @@ static ssize_t tulip_receive_nc(NetClientState *nc,
- return tulip_receive(qemu_get_nic_opaque(nc), buf, size);
- }
-
--
- static NetClientInfo net_tulip_info = {
- .type = NET_CLIENT_DRIVER_NIC,
- .size = sizeof(NICState),
-@@ -558,7 +566,7 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
- if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) {
- /* Internal or external Loopback */
- tulip_receive(s, s->tx_frame, s->tx_frame_len);
-- } else {
-+ } else if (s->tx_frame_len <= sizeof(s->tx_frame)) {
- qemu_send_packet(qemu_get_queue(s->nic),
- s->tx_frame, s->tx_frame_len);
- }
-@@ -570,23 +578,31 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
- }
- }
-
--static void tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
-+static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
- {
- int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
- int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK;
-
-+ if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) {
-+ return -1;
-+ }
- if (len1) {
- pci_dma_read(&s->dev, desc->buf_addr1,
- s->tx_frame + s->tx_frame_len, len1);
- s->tx_frame_len += len1;
- }
-
-+ if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) {
-+ return -1;
-+ }
- if (len2) {
- pci_dma_read(&s->dev, desc->buf_addr2,
- s->tx_frame + s->tx_frame_len, len2);
- s->tx_frame_len += len2;
- }
- desc->status = (len1 + len2) ? 0 : 0x7fffffff;
-+
-+ return 0;
- }
-
- static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n)
-@@ -651,13 +667,15 @@ static uint32_t tulip_ts(TULIPState *s)
-
- static void tulip_xmit_list_update(TULIPState *s)
- {
-+#define TULIP_DESC_MAX 128
-+ uint8_t i = 0;
- struct tulip_descriptor desc;
-
- if (tulip_ts(s) != CSR5_TS_SUSPENDED) {
- return;
- }
-
-- for (;;) {
-+ for (i = 0; i < TULIP_DESC_MAX; i++) {
- tulip_desc_read(s, s->current_tx_desc, &desc);
- tulip_dump_tx_descriptor(s, &desc);
-
-@@ -675,10 +693,10 @@ static void tulip_xmit_list_update(TULIPState *s)
- s->tx_frame_len = 0;
- }
-
-- tulip_copy_tx_buffers(s, &desc);
--
-- if (desc.control & TDES1_LS) {
-- tulip_tx(s, &desc);
-+ if (!tulip_copy_tx_buffers(s, &desc)) {
-+ if (desc.control & TDES1_LS) {
-+ tulip_tx(s, &desc);
-+ }
- }
- }
- tulip_desc_write(s, s->current_tx_desc, &desc);
---
-2.24.1
-
diff --git a/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
new file mode 100644
index 000000000000..5f442f0fd07a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-4.2.0-ati-vga-crash.patch
@@ -0,0 +1,94 @@
+https://bugs.gentoo.org/719266
+
+From ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan <balaton@eik.bme.hu>
+Date: Mon, 6 Apr 2020 22:34:26 +0200
+Subject: [PATCH] ati-vga: Fix checks in ati_2d_blt() to avoid crash
+
+In some corner cases (that never happen during normal operation but a
+malicious guest could program wrong values) pixman functions were
+called with parameters that result in a crash. Fix this and add more
+checks to disallow such cases.
+
+Reported-by: Ziming Zhang <ezrakiez@gmail.com>
+Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
+Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/ati_2d.c | 37 ++++++++++++++++++++++++++-----------
+ 1 file changed, 26 insertions(+), 11 deletions(-)
+
+--- a/hw/display/ati_2d.c
++++ b/hw/display/ati_2d.c
+@@ -53,12 +53,20 @@ void ati_2d_blt(ATIVGAState *s)
+ s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
+ surface_bits_per_pixel(ds),
+ (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
+- int dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+- s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
+- int dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+- s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
++ unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++ s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
++ unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++ s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
+ int bpp = ati_bpp_from_datatype(s);
++ if (!bpp) {
++ qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
++ return;
++ }
+ int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
++ if (!dst_stride) {
++ qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
++ return;
++ }
+ uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+ s->regs.dst_offset : s->regs.default_offset);
+
+@@ -82,12 +90,16 @@ void ati_2d_blt(ATIVGAState *s)
+ switch (s->regs.dp_mix & GMC_ROP3_MASK) {
+ case ROP3_SRCCOPY:
+ {
+- int src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
+- s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
+- int src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
+- s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
++ unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++ s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
++ unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++ s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
+ int src_stride = DEFAULT_CNTL ?
+ s->regs.src_pitch : s->regs.default_pitch;
++ if (!src_stride) {
++ qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
++ return;
++ }
+ uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
+ s->regs.src_offset : s->regs.default_offset);
+
+@@ -137,8 +149,10 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_y * surface_stride(ds),
+ s->regs.dst_height * surface_stride(ds));
+ }
+- s->regs.dst_x += s->regs.dst_width;
+- s->regs.dst_y += s->regs.dst_height;
++ s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
++ dst_x + s->regs.dst_width : dst_x);
++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++ dst_y + s->regs.dst_height : dst_y);
+ break;
+ }
+ case ROP3_PATCOPY:
+@@ -179,7 +193,8 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_y * surface_stride(ds),
+ s->regs.dst_height * surface_stride(ds));
+ }
+- s->regs.dst_y += s->regs.dst_height;
++ s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
++ dst_y + s->regs.dst_height : dst_y);
+ break;
+ }
+ default:
+--
+2.26.2
+
diff --git a/app-emulation/qemu/qemu-4.2.0-r2.ebuild b/app-emulation/qemu/qemu-4.2.0-r5.ebuild
index c23828e7a8d6..b0b4efc874c5 100644
--- a/app-emulation/qemu/qemu-4.2.0-r2.ebuild
+++ b/app-emulation/qemu/qemu-4.2.0-r5.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_COMPAT=( python{3_6,3_7,3_8} )
PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
@@ -24,7 +24,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI=""
else
SRC_URI="https://download.qemu.org/${P}.tar.xz
- https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+ https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r2.tar.xz"
KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86"
fi
@@ -216,9 +216,7 @@ RDEPEND="${CDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
- "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
- "${FILESDIR}"/${PN}-4.0.0-sanitize-interp_info.patch
"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
"${WORKDIR}"/patches
)
@@ -374,7 +372,7 @@ src_prepare() {
default
# Use correct toolchain to fix cross-compiling
- tc-export AR LD NM OBJCOPY PKG_CONFIG
+ tc-export AR LD NM OBJCOPY PKG_CONFIG RANLIB
export WINDRES=${CHOST}-windres
# Verbose builds
@@ -496,6 +494,8 @@ qemu_src_configure() {
if [[ ! ${buildtype} == "user" ]] ; then
# audio options
local audio_opts=(
+ # Note: backend order matters here: #716202
+ # We iterate from higher-level to lower level.
$(usex pulseaudio pa "")
$(usev sdl)
$(usev alsa)
@@ -609,8 +609,7 @@ src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
- emake -j1 check
- emake -j1 check-report.html
+ emake check
fi
}
diff --git a/app-emulation/qemu/qemu-4.2.0-r3.ebuild b/app-emulation/qemu/qemu-4.2.0-r6.ebuild
index 83a1b141b2a8..172ce2eba7b5 100644
--- a/app-emulation/qemu/qemu-4.2.0-r3.ebuild
+++ b/app-emulation/qemu/qemu-4.2.0-r6.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_COMPAT=( python{3_6,3_7,3_8} )
PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
@@ -24,7 +24,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI=""
else
SRC_URI="https://download.qemu.org/${P}.tar.xz
- https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz"
+ https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r2.tar.xz"
KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86"
fi
@@ -216,11 +216,9 @@ RDEPEND="${CDEPEND}
PATCHES=(
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
- "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
"${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch
- "${FILESDIR}"/${PN}-4.0.0-sanitize-interp_info.patch
"${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902
- "${FILESDIR}"/${PN}-4.2.0-CVE-2020-11102.patch #716518
+ "${FILESDIR}"/${PN}-4.2.0-ati-vga-crash.patch #719266
"${WORKDIR}"/patches
)
@@ -375,7 +373,7 @@ src_prepare() {
default
# Use correct toolchain to fix cross-compiling
- tc-export AR LD NM OBJCOPY PKG_CONFIG
+ tc-export AR LD NM OBJCOPY PKG_CONFIG RANLIB
export WINDRES=${CHOST}-windres
# Verbose builds
@@ -612,8 +610,7 @@ src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
- emake -j1 check
- emake -j1 check-report.html
+ emake check
fi
}
diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index dac2f00c38e8..b189a315909f 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_COMPAT=( python{3_6,3_7,3_8} )
PYTHON_REQ_USE="ncurses,readline"
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
@@ -370,7 +370,7 @@ src_prepare() {
default
# Use correct toolchain to fix cross-compiling
- tc-export AR LD NM OBJCOPY PKG_CONFIG
+ tc-export AR LD NM OBJCOPY PKG_CONFIG RANLIB
export WINDRES=${CHOST}-windres
# Verbose builds
@@ -606,8 +606,7 @@ src_test() {
if [[ -n ${softmmu_targets} ]]; then
cd "${S}/softmmu-build"
pax-mark m */qemu-system-* #515550
- emake -j1 check
- emake -j1 check-report.html
+ emake check
fi
}