commit: 8aedcac7a5fbef4e8d4ae23184be1c125a4ca289
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Mon Oct 31 23:24:48 2016 +0000
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Mon Oct 31 23:24:48 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=8aedcac7
app-emulation/qemu: Sync with upstream
Drop the r99 name.
Add patch from ::musl-extras that disables an ifunc hack causing a segmentation
fault on startup when the avx test passes in configure.
app-emulation/qemu/Manifest | 21 ++++++--
.../qemu/files/qemu-2.2.0-_sigev_un.patch | 5 +-
.../qemu/files/qemu-2.7.0-CVE-2016-7907.patch | 45 ++++++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-7908.patch | 52 ++++++++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-7909.patch | 32 ++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch | 25 +++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch | 26 +++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8576.patch | 61 ++++++++++++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8577.patch | 34 ++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8578.patch | 58 ++++++++++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8668.patch | 30 +++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch | 29 ++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch | 34 ++++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8909.patch | 31 +++++++++++
.../qemu/files/qemu-2.7.0-CVE-2016-8910.patch | 29 ++++++++++
.../qemu/files/qemu-2.7.0-configure-ifunc.patch | 13 +++++
app-emulation/qemu/files/qemu-binfmt.initd-r1 | 54 +++++++++++--------
app-emulation/qemu/files/qemu-kvm-1.4 | 3 --
...{qemu-2.7.0-r99.ebuild => qemu-2.7.0-r5.ebuild} | 19 ++++++-
19 files changed, 568 insertions(+), 33 deletions(-)
diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 1eb09a6..3b5e653 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -2,7 +2,7 @@ AUX 65-kvm.rules 40 SHA256
c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd50070
AUX bridge.conf 454 SHA256
a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512
a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533
WHIRLPOOL
8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
AUX qemu-2.0.0-F_SHLCK-and-F_EXLCK.patch 563 SHA256
99de67d610ad13a1dcf6c67a3c2b5b87fb909220173a956435737f9bea3c371b SHA512
a29e9a889388a6627ed492a79e66514ffb5e64f9479646982091811548fc2a9bf6682104a6c774d83e645e4b1db39e491afd4efce789fe164623442a7f3e5d00
WHIRLPOOL
d3aab06099de263c22f4c71810a3b2cb8602d17731ec76674cd1415e539306555a7b96b789f0daad473600dfa04a83224ff603f7b9a9ac63a4902f74d0e9deb5
AUX qemu-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 930
SHA256 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac SHA512
ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea
WHIRLPOOL
06b9dd5251ac03405c97b1f5a623b4d86bda2f72fbcd52b90ae4d11a0cfb59cae62df2cb6189405fbe53ab05ff2b7ca8165fda239dbfe5f31ed70abb53b3b9f3
-AUX qemu-2.2.0-_sigev_un.patch 465 SHA256
4d5a1359a1bc25f1f8dcb7f021efc235b9c8f2535258ca65706c5fde15946ebe SHA512
af90b8dcd8b14716df6270436ae1d77c998a04547bf17f961b2d9a594d1abfb573ca25283a633de6bcd3a81a778b88a4c7950dbd39c23ee35191626da14eb802
WHIRLPOOL
cf40379cd0c9f3a8f89823a6d9415666a99885711bdde44067d4a3a082a9b33efbe69279c0782b2e84b7586389e82845dd30668240f236266f61ba447abb8241
+AUX qemu-2.2.0-_sigev_un.patch 636 SHA256
f3b9a4d6162c553f3110ad22716305818e2130e2ff5d628faf044fc58a5e3cb5 SHA512
f72b879daede5184904f64cabb276de96299a37a93fce444d09e9068671009e95a5e5d6b815ec41a5db5b3807de14d470a56bba5806ffd4dfec577577b046ccb
WHIRLPOOL
9453ad4966e10d504f3e867fd984642a3c1ee3ae847b5ca56196fd1f9e6c0f2d7b52ca07446212af72fef6d0ded1527a5eb306fa6cd915e8dd9ce11523362bac
AUX qemu-2.5.0-cflags.patch 410 SHA256
17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512
0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3
WHIRLPOOL
5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
AUX qemu-2.5.0-sysmacros.patch 333 SHA256
a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512
329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0
WHIRLPOOL
2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
AUX qemu-2.7.0-CVE-2016-6836.patch 889 SHA256
a94812131e8baa66b81971579ab84b20bf15d544e2698448a5247ac0ddca0b3d SHA512
cf7f327f26aee5b6688eb662ced8aa07775ad9558b4a02db244303f6b7d37be9cd19b18d5725819b4708184105b98830864e0ad3af81373e59e880809036345b
WHIRLPOOL
df00627ad447162fdcac4b2c965a8cb5c916a7fb66d8c3a4f8f48bb2d869d7805cb3308cd495ff74ebf4840e7bc2d85abf8e666d78b3da9abb4e2bae22697a82
@@ -15,8 +15,21 @@ AUX qemu-2.7.0-CVE-2016-7421.patch 1183 SHA256
f3996d9d4658fb32a04ce8ae3d3510e6a
AUX qemu-2.7.0-CVE-2016-7422.patch 1125 SHA256
7a3d31031b8ea70be29715e8d384f47ad8758e81b9cfc3768e59dd6c6a00cb2a SHA512
6a08f661cd2b00214297570c8035042544b0e707b2f20f6c59c251a73971f2b7e1920c7242ca09a4684ea58dcb177d11d087ee5e0523792e3c446e70239498ef
WHIRLPOOL
82b38aa12e49695c1f0c67c303039afb05cc314d14e5bc8286bafebfbabd3eb3cddd41338d45f9510ea2f5074fd9028b39c251be0e5856e0221232a8b28797a9
AUX qemu-2.7.0-CVE-2016-7423.patch 925 SHA256
2b9b1102c3c9c54ba2c311661c3222b1df246a519e9eef57d0793951c1249ae0 SHA512
e4401163d15f9ebd9057b8ddf4187f7a0a2f379cb8aea2bd92b20f132f7714a4e386733884be4568eddbd4067b6cad80275ccc101276897c4796117a9b20144f
WHIRLPOOL
9bd9f5ed067604f065d3ac7447f8135dd72e178caa6f3c5a5ca7bc531a8008ec46620c4af33bea54a35dfe52e430d48dcf5b59145c4e1efc2a14cb789e38f5bd
AUX qemu-2.7.0-CVE-2016-7466.patch 830 SHA256
5664c091038185766a54b93495029bbf6de116e8752c2334fa1c71b8387e89c3 SHA512
d158b1f66766f33b1df561956cc3c77d40e1422e44791cfc753d3def2f1851c2c9c0aeb299bcd1ae969dde8f4249f4489ed90776ebb497db4f626217710e4f48
WHIRLPOOL
13112769ecd6420e17d2a3c0e110a2bd479fc09d8a2086d27f0703a4d6c35ded07e003f28ff14579655c5468cd02c77fa514ba7ed6543f61deb60c6de604c99b
-AUX qemu-binfmt.initd-r1 6910 SHA256
2886c567589b958f450a87537cdb6c5bf95e8c1e4afbdf59139d16819e79d51d SHA512
09f399b6b559c6dd64d77843f600afad464909e72ae0924e97a5ef2eea55b3fb8abf6fbd57c380ec60e2f9d145ec365fd9a24c2e1b84cc6cef7070e4fb5bd72e
WHIRLPOOL
983f6ae733c23c0049321184e1b6738ad5d27a70265945e6b47f3fb317ba3c84918b4929e728081549062fd0bf4a46c0a7e7184911355f3ac75963e1f8b70cd4
-AUX qemu-kvm-1.4 68 SHA256
8b1adf198129f001e75a2311fc420c168094d1084d2163cdf6a32b3b23c96137 SHA512
706fab4d155c410acc292e67fb354ce7dcd17f7e33f2ca8c9c44035ea128f8d36f89e27cf87ebe22721f5676be9e7f2ae5484fd000183c8ffd7854e02eb3d120
WHIRLPOOL
ef795330b592cef8e3d92f52a77eb77a671e6aa1a47d07531917b5c1c09e72e5df1a44aea939b086e0a3c5ef2a5cea9223556a46ceae73e55300475c42f07067
+AUX qemu-2.7.0-CVE-2016-7907.patch 1380 SHA256
58aa0af82a88de8967452c06ec229de381494e7ac222273ac5a7aa2c53dc5529 SHA512
5a311dea9554d7225d75fb2c680d2f7a2b151b46802176424f495e792ab4a9a101ad99099ccf2b6250230f23fc1ea804381129cd34eb0e4cd24c1e2442de9b51
WHIRLPOOL
69e7e01bc0b221581a8b1ef1af23eb59a6ad87acbfe821ccf8c23f349c9e31b84e4b8db83f48a849a4c5e9b6229f8d55e671da9f8485ecbc24855a8ab50b02ec
+AUX qemu-2.7.0-CVE-2016-7908.patch 1718 SHA256
3042b5425964c9bdb6ebc17d8f4bc5efd150547a348269d54e0962efc6a658d4 SHA512
441aa4fe46a2d6d425b1759ebadabc12fb1902f80364d351120932a13b9a46030bd2ad8c7faa57d6bcfbf740d9af2a96cec082a0d40b9a7469499ba1f19177bd
WHIRLPOOL
6d870c28645e6fcb12e55a4da5f9dffae78d1fcd013ae6fd9727ae46e05103dc8870d548117e7f396af79cf76947ee8d0b5285ec9b4c6aac840aa6d1e1fc9054
+AUX qemu-2.7.0-CVE-2016-7909.patch 975 SHA256
8fb9a27f56c6875f271ac0dc80fd78af8b70d40778ef967019e4a1b0a47ff1ae SHA512
e2793eb18179a7c7276c4d437ea68bb02a6a3963842dd74041fdf3c9f239d6353c7d9e5705c1342fc01b5c7e3bc1bfb882d8094fbe4144ac5f705852579139ca
WHIRLPOOL
b73aef899c94c9130385dd757b25783b20fce9d32faa245847353766e046bd769789d8b107ef06c726a0e2471a5ef1599716343782c8a82267b79ca53c281414
+AUX qemu-2.7.0-CVE-2016-7994-1.patch 835 SHA256
6b84d2273197bd441761469245991d02b5de8b70c29abf096df301e87b5c2478 SHA512
7a8c1c6ffc654f428485057a31d40a831707e5e6a84e32f722f6fc4c86ed474dcd19bfc8034b3a603362d821e7170f46e25ddc2ca50b60f00f45455241ba9464
WHIRLPOOL
80c5c51535cec848664811d8cf41db9d931e3215522fcaa404fa55f0c3b821bac346129b254b60a72cc09493366d8499882874dcb797e8a81e39157f64539b73
+AUX qemu-2.7.0-CVE-2016-7994-2.patch 896 SHA256
c23fdfb127f60d24c4b56e7745463f5655ace7af9f5fa392544e7ce05a564c5d SHA512
4243d04a573ccee043911645e716a9c6f7e28858163b48ea58e7a9734d817ac9237c4866fce843dbe10fa996cdd5453f3b704509ff4761f2ec4531d9355cc7ce
WHIRLPOOL
c5f7b605f566f94ad170c4819c378f9a1e3ae2740130000d9bea4c741f29365a1b5a1f1d495646e866c39a18d7da1236d731861005099457e09bead9fffa8105
+AUX qemu-2.7.0-CVE-2016-8576.patch 2092 SHA256
dbe3ee6778cdd802fbd7d7cb2aa991cc73e6be160bad90f2e40de02ab820a865 SHA512
25daaa79f4cb355c5dce639a14c2e265142a0c83bdbc813816789f37e293846f3768f08b9f04f692ce5b8719dadd2dbedb75f314a3f441a70e0789ecc88eb8de
WHIRLPOOL
25fc67d9dc8e8d8345778b46b16f9f7c5d6da39ebefea60ef81b20e4685014a019d4c39a6619dbf48411800ae9e9c383a7243fb055ea1f2bd0b2cb7e1a2c8d4e
+AUX qemu-2.7.0-CVE-2016-8577.patch 1020 SHA256
fbe7b6183f019ed6c8c6afeeed4854c23991d3f18501e8f3403df8812cefd420 SHA512
364434deb120856a114a94aaab2edbaf9e5f9246e6393f584949a6b706dbdc5b711f459a48e3825554e2fa9595a1aa78fee3711cfeba3b94219b4f47e269b2de
WHIRLPOOL
561f7bd41f0ac439808070757cdff9f69f6a378fe6610269c32d600575ed60b22919f4d3ea08f621648dbf3e5e97290737005e9df5949bdeeba9319901cf427e
+AUX qemu-2.7.0-CVE-2016-8578.patch 2208 SHA256
9b0e7852aefeb3950de38babec7a30f3225342670a72160829baa5e50786bdef SHA512
326ec2112b1cbaa4b4ddcacc02f4accd5b73e78db07e93b229d891f4cbc8d5a2db82c727d920613abd1668402ffeb16a223d8271db569435966aaece271da875
WHIRLPOOL
88ca80aa1883813f1ec9c0802e830f719317130de6959df393188e4e82764125868baec038a1dac94eab33851706838d245b205edcbf8e1864ceb83257648b99
+AUX qemu-2.7.0-CVE-2016-8668.patch 1124 SHA256
26f16376a73bdf9052039d1bd90545b75cc8fb0a89e0bffbf5881b537319b759 SHA512
de4df82297d199cadafefd57bc895cdf21c5acb0e0a6223212272991b652c302475d8662fb013d6a3e949d2e57a14a0ac6d861f486de8b5130fd84d66957c899
WHIRLPOOL
3995164f25accfd5c837c85fbb590acd0b7effb08370a7d4c0cb03c042ee03b2b10ca9892bd50251d17a1ba2ffff1e7a04e918f4d4e1c85406df95a6802c03c2
+AUX qemu-2.7.0-CVE-2016-8669-1.patch 911 SHA256
ad841a34490a02123df31aef5a0b9d31912eec8465e0c5da7cf73dc880ffd8f4 SHA512
23a26716ea554d9af73afb08d3a3d1e668e23bc0710508196039454dfccbe3764feda63d901a9c053c52af92cd069f5a4f078efdc9924f6d3cfe6a21f9d287de
WHIRLPOOL
412d7a4be19defa4a098fad6a66cadd7eca9cb5971828636dfd20a57b3eef09f3801660dbf507ac1ef0fa82f9f01583e9c5e2b1e45c016adb535cd951ff16eff
+AUX qemu-2.7.0-CVE-2016-8669-2.patch 1037 SHA256
176a35f5191023ad665cb4019663618d48948b174b16888776245d1a001ec186 SHA512
82a71c9566f37aceffbbaa45547bc686c028353a1845bd63e49550e71201921bc2fb9793077fc1fc74d77417da84dae71e0862243acbb3d900db258a343b8ede
WHIRLPOOL
f489c52bf2ca6e434695a5ca12af64a83e6534536c07b02c54f82c72e59e3f026e6a9fd9cec5eb62e2cf8d009f878ac1015f58d9f5ba725a03e1e194c4abc96c
+AUX qemu-2.7.0-CVE-2016-8909.patch 980 SHA256
989210bfac97091e67fbe973be7a6d8aa0e6411069904a07f7c57c67e8539bb8 SHA512
23a1cfa4f257e598152d92e11d94e88c52b3702aa585fba3a71340ee16dfbd29234d6e5c81613ea71b64cead8dcdbb536246096b1c374290aa39871daacb25af
WHIRLPOOL
9909ed14f5fa4a1d2ea0f8bb13f5a0e08e2f7888078e1f5b4cfaf381ccabeac22c998c9785efee6a307dbeed45801d8354650c18c6920bfb13da030127d9da7e
+AUX qemu-2.7.0-CVE-2016-8910.patch 848 SHA256
919e566e98434486f89ecfc3158ccee59c5bbdf3848b2a668136901871f5f1ab SHA512
1f695ebc2f10b2cda5a9b93c097adb49858af94817c14a406c7d26edd42353c776b0afc4779bc1c6f930dadcf450906924f8080ca5c87eb7c7e6b5694464dc7e
WHIRLPOOL
574900ab3eca13429769c7e2b56fd4e4b1220800b2e5bc933eef502c633614eab22cba6af4fdd1fd55e3a7e70d3d5ead1cb1970f8211b5f4fc43e3d782865f1b
+AUX qemu-2.7.0-configure-ifunc.patch 517 SHA256
40f6183f1f490216855e83cf03bf21ec8d23786acf83cda21292fea92776d898 SHA512
e34476b5fc5039091862dc9e93c47b69e203e7e394092e7e0bda467b7523e0b5b743c2c6eaf1f36fad3ee743278e321a50d356b6365e2340280556ca6d9b32ad
WHIRLPOOL
cb6f92a70f91557f14a0f6719d1b3a4dee9cfcb5c34aa897eee0ad48d13c45255252666d826ce00f3183da86b9b265e0dd93aa9b85210cde2a7ce3de56644e59
+AUX qemu-binfmt.initd-r1 7966 SHA256
5b4b432aa1e44f387c9eb789de0ec6322741fd36dd241f76520f17c6cd6ac49b SHA512
2ba0bff6eb2b6bac4ed440f793771ce9551cad48e38bddb6cf04f804faac2407e80879f66771910344ddcea45f0014095dcc8bfeb0aad5085ef048fd3612dbd8
WHIRLPOOL
a2a1fb830a970757d1e203378c7d382b161b1040f3b8aaf0f22bb3b5e46467eff395474ff40d93c9f133bab307b345a6f75d63eae9f8dd8daf67324db41032f9
DIST qemu-2.7.0.tar.bz2 26867760 SHA256
326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512
654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db
WHIRLPOOL
dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
-EBUILD qemu-2.7.0-r99.ebuild 21332 SHA256
a6d13be36bb59bf53727dba5fe1dd5f397652531d339cf622acd15aef6cd482f SHA512
fd1ef102a4b7d4554a2b864d321419413b967f9f585031f74c600dc350db541588fa98a150329aa1134dbc761933484a2ce2e14979c096fe076cf92f7bdfedee
WHIRLPOOL
50e36b66bfd83516ce4003681bcba2327da80c679aad3ab658007a87652c22f7e584eb4fb5d635b570096243abd361075c6c8e35197c2e9bbed34a4d7353537c
+EBUILD qemu-2.7.0-r5.ebuild 22219 SHA256
3241db5ffacb81638a3b9dcd01676d59bc5abe87ef374baa44685231d7cb6de2 SHA512
2dbbf9f2a1eab0b9d52dd3609f5bac95f511a5f243c3def7d6b074bda97ef1383c2afc3290261f81a7af25ea7021eed4826da73a244bcad2e9677c7909c38618
WHIRLPOOL
591b38c5bba7b5566dfc2fce30f398153aec9b0986baf8bb82e83b5f68ce20dc4b0fb000e511355dca058ac8c7355b3add2c00e0db9573e6f507ad65ce451d86
MISC metadata.xml 3925 SHA256
d1c219b7da0cbf77919cd1e055acbb3f6788a574fd802c98a43c89a411697b36 SHA512
3ff45d1c8ede12b4eedc7d01f39777b76a1cbd0ba9364299dec99d4b4a05cade5784d6f6e50197d5b5ae1f1b8e831c49da195eb53263c49b7d16aec8ee28b6e6
WHIRLPOOL
bc25783fac0f3f13318834cc535404af9af20de16c7aeec222e59dc2ed7740ac5e767b329a5bcd6356d0cbae2428e278515f1446aa8ecb87a873bf4dbe04bf41
diff --git a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
index 588291c..5827c2e 100644
--- a/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
+++ b/app-emulation/qemu/files/qemu-2.2.0-_sigev_un.patch
@@ -1,5 +1,6 @@
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
+diff -ur a/qemu-2.2.0/linux-user/syscall.c b/qemu-2.2.0/linux-user/syscall.c
+--- a/qemu-2.2.0/linux-user/syscall.c 2014-12-09 15:45:43.000000000 -0100
++++ b/qemu-2.2.0/linux-user/syscall.c 2015-03-16 19:09:49.050386155 -0100
@@ -5033,7 +5033,7 @@
host_sevp->sigev_signo =
target_to_host_signal(tswap32(target_sevp->sigev_signo));
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
new file mode 100644
index 0000000..34b095a
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7907.patch
@@ -0,0 +1,45 @@
+From: Prasad J Pandit <address@hidden>
+
+i.MX Fast Ethernet Controller uses buffer descriptors to manage
+data flow to/fro receive & transmit queues. While transmitting
+packets, it could continue to read buffer descriptors if a buffer
+descriptor has length of zero and has crafted values in bd.flags.
+Set an upper limit to number of buffer descriptors.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/imx_fec.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+Update per
+ -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html
+
+diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
+index 1c415ab..1d74827 100644
+--- a/hw/net/imx_fec.c
++++ b/hw/net/imx_fec.c
+@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
+ #define PHY_INT_PARFAULT (1 << 2)
+ #define PHY_INT_AUTONEG_PAGE (1 << 1)
+
++#define IMX_MAX_DESC 1024
++
+ static void imx_eth_update(IMXFECState *s);
+
+ /*
+@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
+
+ static void imx_fec_do_tx(IMXFECState *s)
+ {
+- int frame_size = 0;
++ int frame_size = 0, descnt = 0;
+ uint8_t frame[ENET_MAX_FRAME_SIZE];
+ uint8_t *ptr = frame;
+ uint32_t addr = s->tx_descriptor;
+
+- while (1) {
++ while (descnt++ < IMX_MAX_DESC) {
+ IMXFECBufDesc bd;
+ int len;
+
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
new file mode 100644
index 0000000..16d072f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7908.patch
@@ -0,0 +1,52 @@
+From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <p...@fedoraproject.org>
+Date: Thu, 22 Sep 2016 16:02:37 +0530
+Subject: [PATCH] net: mcf: limit buffer descriptor count
+
+ColdFire Fast Ethernet Controller uses buffer descriptors to manage
+data flow to/fro receive & transmit queues. While transmitting
+packets, it could continue to read buffer descriptors if a buffer
+descriptor has length of zero and has crafted values in bd.flags.
+Set upper limit to number of buffer descriptors.
+
+Reported-by: Li Qiang <liqiang...@360.cn>
+Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
+Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
+Signed-off-by: Jason Wang <jasow...@redhat.com>
+---
+ hw/net/mcf_fec.c | 5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
+index 0ee8ad9..d31fea1 100644
+--- a/hw/net/mcf_fec.c
++++ b/hw/net/mcf_fec.c
+@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
+ #define DPRINTF(fmt, ...) do {} while(0)
+ #endif
+
++#define FEC_MAX_DESC 1024
+ #define FEC_MAX_FRAME_SIZE 2032
+
+ typedef struct {
+@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
+ uint32_t addr;
+ mcf_fec_bd bd;
+ int frame_size;
+- int len;
++ int len, descnt = 0;
+ uint8_t frame[FEC_MAX_FRAME_SIZE];
+ uint8_t *ptr;
+
+@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
+ ptr = frame;
+ frame_size = 0;
+ addr = s->tx_descriptor;
+- while (1) {
++ while (descnt++ < FEC_MAX_DESC) {
+ mcf_fec_read_bd(&bd, addr);
+ DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
+ addr, bd.flags, bd.length, bd.data);
+--
+1.7.0.4
+
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
new file mode 100644
index 0000000..8e6ecff
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7909.patch
@@ -0,0 +1,32 @@
+From: Prasad J Pandit <address@hidden>
+
+The AMD PC-Net II emulator has set of control and status(CSR)
+registers. Of these, CSR76 and CSR78 hold receive and transmit
+descriptor ring length respectively. This ring length could range
+from 1 to 65535. Setting ring length to zero leads to an infinite
+loop in pcnet_rdra_addr. Add check to avoid it.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/pcnet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
+index 198a01f..3078de8 100644
+--- a/hw/net/pcnet.c
++++ b/hw/net/pcnet.c
+@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t
rap, uint32_t new_value)
+ case 47: /* POLLINT */
+ case 72:
+ case 74:
++ break;
+ case 76: /* RCVRL */
+ case 78: /* XMTRL */
++ val = (val > 0) ? val : 512;
++ break;
+ case 112:
+ if (CSR_STOP(s) || CSR_SPND(s))
+ break;
+--
+2.5.5
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
new file mode 100644
index 0000000..6fe77f3
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-1.patch
@@ -0,0 +1,25 @@
+From: Li Qiang <address@hidden>
+
+In virtio gpu resource create dispatch, if the pixman format is zero
+it doesn't free the resource object allocated previously. Thus leading
+a host memory leak issue. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/display/virtio-gpu.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 7fe6ed8..5b6d17b 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: host couldn't handle guest format %d\n",
+ __func__, c2d.format);
++ g_free(res);
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ return;
+ }
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
new file mode 100644
index 0000000..dce1b2b
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-7994-2.patch
@@ -0,0 +1,26 @@
+From: Li Qiang <address@hidden>
+
+While processing isochronous transfer descriptors(iTD), if the page
+select(PG) field value is out of bands it will return. In this
+situation the ehci's sg list doesn't be freed thus leading a memory
+leak issue. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/usb/hcd-ehci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index b093db7..f4ece9a 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
+ if (off + len > 4096) {
+ /* transfer crosses page border */
+ if (pg == 6) {
++ qemu_sglist_destroy(&ehci->isgl);
+ return -1; /* avoid page pg + 1 */
+ }
+ ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
new file mode 100644
index 0000000..9617cd5
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8576.patch
@@ -0,0 +1,61 @@
+From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <address@hidden>
+Date: Fri, 7 Oct 2016 10:15:29 +0200
+Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
+
+Signed-off-by: Gerd Hoffmann <address@hidden>
+---
+ hw/usb/hcd-xhci.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 726435c..ee4fa48 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -54,6 +54,8 @@
+ * to the specs when it gets them */
+ #define ER_FULL_HACK
+
++#define TRB_LINK_LIMIT 4
++
+ #define LEN_CAP 0x40
+ #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
+ #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
+@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing
*ring, XHCITRB *trb,
+ dma_addr_t *addr)
+ {
+ PCIDevice *pci_dev = PCI_DEVICE(xhci);
++ uint32_t link_cnt = 0;
+
+ while (1) {
+ TRBType type;
+@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing
*ring, XHCITRB *trb,
+ ring->dequeue += TRB_SIZE;
+ return type;
+ } else {
++ if (++link_cnt > TRB_LINK_LIMIT) {
++ return 0;
++ }
+ ring->dequeue = xhci_mask64(trb->parameter);
+ if (trb->control & TRB_LK_TC) {
+ ring->ccs = !ring->ccs;
+@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const
XHCIRing *ring)
+ bool ccs = ring->ccs;
+ /* hack to bundle together the two/three TDs that make a setup transfer */
+ bool control_td_set = 0;
++ uint32_t link_cnt = 0;
+
+ while (1) {
+ TRBType type;
+@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const
XHCIRing *ring)
+ type = TRB_TYPE(trb);
+
+ if (type == TR_LINK) {
++ if (++link_cnt > TRB_LINK_LIMIT) {
++ return -length;
++ }
+ dequeue = xhci_mask64(trb.parameter);
+ if (trb.control & TRB_LK_TC) {
+ ccs = !ccs;
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
new file mode 100644
index 0000000..8c29580
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8577.patch
@@ -0,0 +1,34 @@
+From: Li Qiang <address@hidden>
+
+In 9pfs read dispatch function, it doesn't free two QEMUIOVector
+object thus causing potential memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <address@hidden>
+---
+ hw/9pfs/9p.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..543a791 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
+ if (len < 0) {
+ /* IO error return the error */
+ err = len;
+- goto out;
++ goto out_free_iovec;
+ }
+ } while (count < max_count && len > 0);
+ err = pdu_marshal(pdu, offset, "d", count);
+ if (err < 0) {
+- goto out;
++ goto out_free_iovec;
+ }
+ err += offset + count;
++out_free_iovec:
+ qemu_iovec_destroy(&qiov);
+ qemu_iovec_destroy(&qiov_full);
+ } else if (fidp->fid_type == P9_FID_XATTR) {
+--
+1.8.3.1
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
new file mode 100644
index 0000000..74eee7e
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8578.patch
@@ -0,0 +1,58 @@
+From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang...@360.cn>
+Date: Mon, 17 Oct 2016 14:13:58 +0200
+Subject: [PATCH] 9pfs: allocate space for guest originated empty strings
+
+If a guest sends an empty string paramater to any 9P operation, the current
+code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
+
+This is unfortunate because it can cause NULL pointer dereference to happen
+at various locations in the 9pfs code. And we don't want to check str->data
+everywhere we pass it to strcmp() or any other function which expects a
+dereferenceable pointer.
+
+This patch enforces the allocation of genuine C empty strings instead, so
+callers don't have to bother.
+
+Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
+the returned string is empty. It now uses v9fs_string_size() since
+name.data cannot be NULL anymore.
+
+Signed-off-by: Li Qiang <liqiang...@360.cn>
+[groug, rewritten title and changelog,
+ fix empty string check in v9fs_xattrwalk()]
+Signed-off-by: Greg Kurz <gr...@kaod.org>
+---
+ fsdev/9p-iov-marshal.c | 2 +-
+ hw/9pfs/9p.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
+index 663cad5..1d16f8d 100644
+--- a/fsdev/9p-iov-marshal.c
++++ b/fsdev/9p-iov-marshal.c
+@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int
out_num, size_t offset,
+ str->data = g_malloc(str->size + 1);
+ copied = v9fs_unpack(str->data, out_sg, out_num, offset,
+ str->size);
+- if (copied > 0) {
++ if (copied >= 0) {
+ str->data[str->size] = 0;
+ } else {
+ v9fs_string_free(str);
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index 119ee58..39a7e1d 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque)
+ goto out;
+ }
+ v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
+- if (name.data == NULL) {
++ if (!v9fs_string_size(&name)) {
+ /*
+ * listxattr request. Get the size first
+ */
+--
+2.7.3
+
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
new file mode 100644
index 0000000..a27d3a6
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
@@ -0,0 +1,30 @@
+From: Prasad J Pandit <address@hidden>
+
+Rocker network switch emulator has test registers to help debug
+DMA operations. While testing host DMA access, a buffer address
+is written to register 'TEST_DMA_ADDR' and its size is written to
+register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
+test, if DMA buffer size was greater than 'INT_MAX', it leads to
+an invalid buffer access. Limit the DMA buffer size to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/rocker/rocker.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
+index 30f2ce4..e9d215a 100644
+--- a/hw/net/rocker/rocker.c
++++ b/hw/net/rocker/rocker.c
+@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr,
uint32_t val)
+ rocker_msix_irq(r, val);
+ break;
+ case ROCKER_TEST_DMA_SIZE:
+- r->test_dma_size = val;
++ r->test_dma_size = val & 0xFFFF;
+ break;
+ case ROCKER_TEST_DMA_ADDR + 4:
+ r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
+--
+2.5.5
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
new file mode 100644
index 0000000..457f022
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-1.patch
@@ -0,0 +1,29 @@
+From: Prasad J Pandit <address@hidden>
+
+The JAZZ RC4030 chipset emulator has a periodic timer and
+associated interval reload register. The reload value is used
+as divider when computing timer's next tick value. If reload
+value is large, it could lead to divide by zero error. Limit
+the interval reload value to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/dma/rc4030.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
+index 2f2576f..c1b4997 100644
+--- a/hw/dma/rc4030.c
++++ b/hw/dma/rc4030.c
+@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr,
uint64_t data,
+ break;
+ /* Interval timer reload */
+ case 0x0228:
+- s->itr = val;
++ s->itr = val & 0x01FF;
+ qemu_irq_lower(s->timer_irq);
+ set_next_tick(s);
+ break;
+--
+2.5.5
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
new file mode 100644
index 0000000..23393b7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8669-2.patch
@@ -0,0 +1,34 @@
+From: Prasad J Pandit <address@hidden>
+
+16550A UART device uses an oscillator to generate frequencies
+(baud base), which decide communication speed. This speed could
+be changed by dividing it by a divider. If the divider is
+greater than the baud base, speed is set to zero, leading to a
+divide by zero error. Add check to avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/char/serial.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Update per
+ -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index 3442f47..eec72b7 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
+ int speed, parity, data_bits, stop_bits, frame_size;
+ QEMUSerialSetParams ssp;
+
+- if (s->divider == 0)
++ if (s->divider == 0 || s->divider > s->baudbase) {
+ return;
++ }
+
+ /* Start bit. */
+ frame_size = 1;
+--
+2.5.5
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
new file mode 100644
index 0000000..ed6613f
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8909.patch
@@ -0,0 +1,31 @@
+From: Prasad J Pandit <address@hidden>
+
+Intel HDA emulator uses stream of buffers during DMA data
+transfers. Each entry has buffer length and buffer pointer
+position, which are used to derive bytes to 'copy'. If this
+length and buffer pointer were to be same, 'copy' could be
+set to zero(0), leading to an infinite loop. Add check to
+avoid it.
+
+Reported-by: Huawei PSIRT <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/audio/intel-hda.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
+index cd95340..537face 100644
+--- a/hw/audio/intel-hda.c
++++ b/hw/audio/intel-hda.c
+@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t
stnr, bool output,
+ }
+
+ left = len;
+- while (left > 0) {
++ s = st->bentries;
++ while (left > 0 && s-- > 0) {
+ copy = left;
+ if (copy > st->bsize - st->lpib)
+ copy = st->bsize - st->lpib;
+--
+2.7.4
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
new file mode 100644
index 0000000..c93f796
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8910.patch
@@ -0,0 +1,29 @@
+From: Prasad J Pandit <address@hidden>
+
+RTL8139 ethernet controller in C+ mode supports multiple
+descriptor rings, each with maximum of 64 descriptors. While
+processing transmit descriptor ring in 'rtl8139_cplus_transmit',
+it does not limit the descriptor count and runs forever. Add
+check to avoid it.
+
+Reported-by: Andrew Henderson <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/rtl8139.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 3345bc6..f05e59c 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
+ {
+ int txcount = 0;
+
+- while (rtl8139_cplus_transmit_one(s))
++ while (txcount < 64 && rtl8139_cplus_transmit_one(s))
+ {
+ ++txcount;
+ }
+--
+2.7.4
diff --git a/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
new file mode 100644
index 0000000..d090323
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-configure-ifunc.patch
@@ -0,0 +1,13 @@
+diff -Naur qemu-2.7.0.orig/configure qemu-2.7.0/configure
+--- qemu-2.7.0.orig/configure 2016-09-05 18:30:41.722529882 -0700
++++ qemu-2.7.0/configure 2016-09-05 18:32:22.473649654 -0700
+@@ -1805,7 +1805,8 @@
+ EOF
+ if compile_object "" ; then
+ if has readelf; then
+- if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo"; then
++ if readelf --syms $TMPO 2>/dev/null |grep -q "IFUNC.*foo" &&
++ ldd $TMPO >dev/null 2>&1; then
+ avx2_opt="yes"
+ fi
+ fi
diff --git a/app-emulation/qemu/files/qemu-binfmt.initd-r1
b/app-emulation/qemu/files/qemu-binfmt.initd-r1
index 84e909f..18adb65 100644
--- a/app-emulation/qemu/files/qemu-binfmt.initd-r1
+++ b/app-emulation/qemu/files/qemu-binfmt.initd-r1
@@ -1,16 +1,22 @@
-#!/sbin/runscript
-# Copyright 1999-2013 Gentoo Foundation
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the
kernel
+# Defaulting to OC should be safe because it comes down to:
+# - do we trust the interp itself to not be malicious? yes; we built it.
+# - do we trust the programs we're running? ish; same permission as native
+# binaries apply. so if user can do bad stuff natively, cross isn't worse.
+: ${QEMU_BINFMT_FLAGS:=OC}
+
depend() {
after procfs
}
start() {
- ebegin "Registering qemu-user binaries"
+ ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
modprobe -q binfmt_misc
@@ -50,55 +56,58 @@ start() {
# register the interpreter for each cpu except for the native one
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
- echo
':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P'
> /proc/sys/fs/binfmt_misc/register
- echo
':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
+ echo
':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
- echo
':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
- echo
':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
- echo
':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
+ fi
+ if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
+ echo
':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
- echo
':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
- echo
':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
- echo 'Please check cpu value and header information for m68k!'
- echo
':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:P'
> /proc/sys/fs/binfmt_misc/register
+ #echo 'Please check cpu value and header information for m68k!'
+ echo
':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
# FIXME: We could use the other endianness on a MIPS host.
- echo
':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
- echo
':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
- echo
':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
- echo
':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
- echo
':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
- echo
':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
- echo
':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
- echo
':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:P'
> /proc/sys/fs/binfmt_misc/register
+ echo
':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
- if [ $cpu != "s390x" -a -x "/usr/local/bin/qemu-s390x" ] ; then
- echo
':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:P'
> /proc/sys/fs/binfmt_misc/register
+ if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
+ echo
':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}"
> /proc/sys/fs/binfmt_misc/register
fi
eend $?
}
@@ -110,6 +119,7 @@ stop() {
arches="${arches} i386 i486"
arches="${arches} alpha"
arches="${arches} arm armeb"
+ arches="${arches} aarch64"
arches="${arches} sparc"
arches="${arches} ppc"
arches="${arches} m68k"
diff --git a/app-emulation/qemu/files/qemu-kvm-1.4
b/app-emulation/qemu/files/qemu-kvm-1.4
deleted file mode 100644
index 08da00b..0000000
--- a/app-emulation/qemu/files/qemu-kvm-1.4
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec /usr/bin/qemu-system-x86_64 -machine accel=kvm "$@"
diff --git a/app-emulation/qemu/qemu-2.7.0-r99.ebuild
b/app-emulation/qemu/qemu-2.7.0-r5.ebuild
similarity index 95%
rename from app-emulation/qemu/qemu-2.7.0-r99.ebuild
rename to app-emulation/qemu/qemu-2.7.0-r5.ebuild
index f8432d3..5872941 100644
--- a/app-emulation/qemu/qemu-2.7.0-r99.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0-r5.ebuild
@@ -18,7 +18,7 @@ if [[ ${PV} = *9999* ]]; then
SRC_URI=""
else
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2";
- KEYWORDS="amd64 ~ppc x86"
+ KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
fi
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
@@ -337,9 +337,11 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-2.0.0-F_SHLCK-and-F_EXLCK.patch
epatch
"${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
epatch "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
+ epatch "${FILESDIR}"/${PN}-2.7.0-configure-ifunc.patch
epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
+
epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242
epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034
epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036
@@ -348,8 +350,21 @@ src_prepare() {
epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284
epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950
epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956
- epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520
epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368
+ epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520
+ epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048
+ epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049
+ epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048
+ epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
+ epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
+ epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752
+ epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776
+ epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774
+ epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110
+ epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
+ epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
+ epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044
+ epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046
# Fix ld and objcopy being called directly
tc-export AR LD OBJCOPY
