Fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild). Restored manual doc installation (upstream installs only html bits). Added USE=kvm to live ebuild. Dropped old.

(Portage version: 2.2.0_alpha84_p18/cvs/Linux x86_64)

5 files changed, 79 insertions, 213 deletions

diff --git a/app-emulation/qemu/ChangeLog b/app-emulation/qemu/ChangeLog
index 4f6c83673e6d..ae3f0d6565fd 100644
--- a/app-emulation/qemu/ChangeLog
+++ b/app-emulation/qemu/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for app-emulation/qemu
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.98 2012/01/23 21:34:33 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/ChangeLog,v 1.99 2012/01/26 19:01:15 slyfox Exp $
+
+*qemu-1.0-r2 (26 Jan 2012)
+
+  26 Jan 2012; Sergei Trofimovich <slyfox@gentoo.org>
+  +files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch,
+  +qemu-1.0-r2.ebuild, -qemu-0.14.0.ebuild, -qemu-1.0-r1.ebuild,
+  qemu-9999.ebuild:
+  Fix for bug #400595 / CVE-2012-0029 (picked from qemu-kvm ebuild). Restored
+  manual doc installation (upstream installs only html bits). Added USE=kvm to
+  live ebuild. Dropped old.
 
   23 Jan 2012; Sergei Trofimovich <slyfox@gentoo.org> qemu-9999.ebuild:
   Whitespace.
diff --git a/app-emulation/qemu/files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch b/app-emulation/qemu/files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch
new file mode 100644
index 000000000000..bd2bdc7425df
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch
@@ -0,0 +1,37 @@
+From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001
+From: Anthony Liguori <aliguori@us.ibm.com>
+Date: Mon, 23 Jan 2012 07:30:43 -0600
+Subject: [PATCH 26/26] e1000: bounds packet size against buffer size
+
+Otherwise we can write beyond the buffer and corrupt memory.  This is tracked
+as CVE-2012-0029.
+
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+---
+ hw/e1000.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/hw/e1000.c b/hw/e1000.c
+index 986ed9c..e164d79 100644
+--- a/hw/e1000.c
++++ b/hw/e1000.c
+@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+             bytes = split_size;
+             if (tp->size + bytes > msh)
+                 bytes = msh - tp->size;
++
++            bytes = MIN(sizeof(tp->data) - tp->size, bytes);
+             pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes);
+             if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
+                 memmove(tp->header, tp->data, hdr);
+@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+         // context descriptor TSE is not set, while data descriptor TSE is set
+         DBGOUT(TXERR, "TCP segmentaion Error\n");
+     } else {
++        split_size = MIN(sizeof(tp->data) - tp->size, split_size);
+         pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size);
+         tp->size += split_size;
+     }
+-- 
+1.7.7.6
+
diff --git a/app-emulation/qemu/qemu-0.14.0.ebuild b/app-emulation/qemu/qemu-0.14.0.ebuild
deleted file mode 100644
index 0eee361742f8..000000000000
--- a/app-emulation/qemu/qemu-0.14.0.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-0.14.0.ebuild,v 1.4 2012/01/22 08:00:09 slyfox Exp $
-
-EAPI="2"
-
-if [[ ${PV} = *9999* ]]; then
-	EGIT_REPO_URI="git://git.qemu.org/qemu.git"
-	GIT_ECLASS="git"
-fi
-
-inherit eutils flag-o-matic ${GIT_ECLASS} linux-info toolchain-funcs
-
-if [[ ${PV} = *9999* ]]; then
-	SRC_URI=""
-	KEYWORDS=""
-else
-	SRC_URI="http://download.savannah.gnu.org/releases/qemu/${P}.tar.gz"
-	KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
-fi
-
-DESCRIPTION="QEMU emulator and ABI wrapper"
-HOMEPAGE="http://www.qemu.org"
-
-LICENSE="GPL-2"
-SLOT="0"
-# xen is disabled until the deps are fixed
-IUSE="+aio alsa bluetooth brltty curl esd fdt hardened jpeg ncurses \
-png pulseaudio qemu-ifup sasl sdl ssl static vde"
-
-COMMON_TARGETS="i386 x86_64 arm cris m68k microblaze mips mipsel ppc ppc64 sh4 sh4eb sparc sparc64"
-IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} mips64 mips64el ppcemb"
-IUSE_USER_TARGETS="${COMMON_TARGETS} alpha armeb ppc64abi32 sparc32plus"
-
-for target in ${IUSE_SOFTMMU_TARGETS}; do
-	IUSE="${IUSE} +qemu_softmmu_targets_${target}"
-done
-
-for target in ${IUSE_USER_TARGETS}; do
-	IUSE="${IUSE} +qemu_user_targets_${target}"
-done
-
-RESTRICT="test"
-
-RDEPEND="
-	!app-emulation/qemu-kvm
-	!app-emulation/qemu-user
-	sys-apps/pciutils
-	>=sys-apps/util-linux-2.16.0
-	sys-libs/zlib
-	aio? ( dev-libs/libaio )
-	alsa? ( >=media-libs/alsa-lib-1.0.13 )
-	bluetooth? ( net-wireless/bluez )
-	brltty? ( app-accessibility/brltty )
-	curl? ( net-misc/curl )
-	esd? ( media-sound/esound )
-	fdt? ( >=sys-apps/dtc-1.2.0 )
-	jpeg? ( virtual/jpeg )
-	ncurses? ( sys-libs/ncurses )
-	png? ( media-libs/libpng )
-	pulseaudio? ( media-sound/pulseaudio )
-	qemu-ifup? ( sys-apps/iproute2 net-misc/bridge-utils )
-	sasl? ( dev-libs/cyrus-sasl )
-	sdl? ( >=media-libs/libsdl-1.2.11[X] )
-	ssl? ( net-libs/gnutls )
-	vde? ( net-misc/vde )
-"
-
-DEPEND="${RDEPEND}
-	app-text/texi2html
-	>=sys-kernel/linux-headers-2.6.29
-	ssl? ( dev-util/pkgconfig )
-"
-
-pkg_setup() {
-	use qemu_softmmu_targets_x86_64 || ewarn "You disabled default target QEMU_SOFTMMU_TARGETS=x86_64"
-}
-
-src_prepare() {
-	# prevent docs to get automatically installed
-	sed -i '/$(DESTDIR)$(docdir)/d' Makefile || die
-	# Alter target makefiles to accept CFLAGS set via flag-o
-	sed -i 's/^\(C\|OP_C\|HELPER_C\)FLAGS=/\1FLAGS+=/' \
-		Makefile Makefile.target || die
-	# append CFLAGS while linking
-	sed -i 's/$(LDFLAGS)/$(QEMU_CFLAGS) $(CFLAGS) $(LDFLAGS)/' rules.mak || die
-}
-
-src_configure() {
-	local conf_opts audio_opts user_targets
-
-	for target in ${IUSE_SOFTMMU_TARGETS} ; do
-		use "qemu_softmmu_targets_${target}" && \
-		softmmu_targets="${softmmu_targets} ${target}-softmmu"
-	done
-
-	for target in ${IUSE_USER_TARGETS} ; do
-		use "qemu_user_targets_${target}" && \
-		user_targets="${user_targets} ${target}-linux-user"
-	done
-
-	if [ -z "${softmmu_targets}" ]; then
-		conf_opts="${conf_opts} --disable-system"
-	else
-		einfo "Building the following softmmu targets: ${softmmu_targets}"
-	fi
-
-	if [ ! -z "${user_targets}" ]; then
-		einfo "Building the following user targets: ${user_targets}"
-		conf_opts="${conf_opts} --enable-linux-user"
-	else
-		conf_opts="${conf_opts} --disable-linux-user"
-	fi
-
-	# Fix QA issues. QEMU needs executable heaps and we need to mark it as such
-	conf_opts="${conf_opts} --extra-ldflags=-Wl,-z,execheap"
-
-	# Add support for static builds
-	use static && conf_opts="${conf_opts} --static"
-
-	# Fix the $(prefix)/etc issue
-	conf_opts="${conf_opts} --sysconfdir=/etc"
-
-	#config options
-	conf_opts="${conf_opts} $(use_enable aio linux-aio)"
-	conf_opts="${conf_opts} $(use_enable bluetooth bluez)"
-	conf_opts="${conf_opts} $(use_enable brltty brlapi)"
-	conf_opts="${conf_opts} $(use_enable curl)"
-	conf_opts="${conf_opts} $(use_enable fdt)"
-	conf_opts="${conf_opts} $(use_enable hardened user-pie)"
-	conf_opts="${conf_opts} $(use_enable jpeg vnc-jpeg)"
-	conf_opts="${conf_opts} $(use_enable ncurses curses)"
-	conf_opts="${conf_opts} $(use_enable png vnc-png)"
-	conf_opts="${conf_opts} $(use_enable sasl vnc-sasl)"
-	conf_opts="${conf_opts} $(use_enable sdl)"
-	conf_opts="${conf_opts} $(use_enable ssl vnc-tls)"
-	conf_opts="${conf_opts} $(use_enable vde)"
-	conf_opts="${conf_opts} --disable-xen"
-	conf_opts="${conf_opts} --disable-darwin-user --disable-bsd-user"
-
-	# audio options
-	audio_opts="oss"
-	use alsa && audio_opts="alsa ${audio_opts}"
-	use esd && audio_opts="esd ${audio_opts}"
-	use pulseaudio && audio_opts="pa ${audio_opts}"
-	use sdl && audio_opts="sdl ${audio_opts}"
-	./configure --prefix=/usr \
-		--disable-strip \
-		--disable-werror \
-		--disable-kvm \
-		--enable-nptl \
-		--enable-uuid \
-		${conf_opts} \
-		--audio-drv-list="${audio_opts}" \
-		--target-list="${softmmu_targets} ${user_targets}" \
-		--cc="$(tc-getCC)" \
-		--host-cc="$(tc-getBUILD_CC)" \
-		|| die "configure failed"
-
-		# this is for qemu upstream's threaded support which is
-		# in development and broken
-		# the kvm project has its own support for threaded IO
-		# which is always on and works
-		# --enable-io-thread \
-}
-
-src_compile() {
-	# Restricting parallel build until we get a patch to fix this
-	emake || die
-}
-
-src_install() {
-	emake DESTDIR="${D}" install || die "make install failed"
-
-	if [ ! -z "${softmmu_targets}" ]; then
-		exeinto /etc/qemu
-		use qemu-ifup && { doexe \
-			"${FILESDIR}/qemu-ifup" \
-			"${FILESDIR}/qemu-ifdown" \
-			|| die "qemu interface scripts missing" ; }
-	fi
-
-	dodoc Changelog MAINTAINERS TODO pci-ids.txt || die
-	newdoc pc-bios/README README.pc-bios || die
-	dohtml qemu-doc.html qemu-tech.html || die
-}
-
-pkg_postinst() {
-	use qemu-ifup || return
-	elog "You will need the Universal TUN/TAP driver compiled into your"
-	elog "kernel or loaded as a module to use the virtual network device"
-	elog "if using -net tap.  You will also need support for 802.1d"
-	elog "Ethernet Bridging and a configured bridge if using the provided"
-	elog "qemu-ifup script from /etc/qemu."
-	echo
-}
diff --git a/app-emulation/qemu/qemu-1.0-r1.ebuild b/app-emulation/qemu/qemu-1.0-r2.ebuild
index 053c3dc4f5b1..5bbdb5886da9 100644
--- a/app-emulation/qemu/qemu-1.0-r1.ebuild
+++ b/app-emulation/qemu/qemu-1.0-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-1.0-r1.ebuild,v 1.1 2012/01/23 21:15:03 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-1.0-r2.ebuild,v 1.1 2012/01/26 19:01:15 slyfox Exp $
 
 EAPI=4
 
@@ -63,18 +63,22 @@ RDEPEND="
 	)
 	png? ( media-libs/libpng )
 	pulseaudio? ( media-sound/pulseaudio )
-	qemu-ifup? ( sys-apps/iproute2 net-misc/bridge-utils )
+	qemu-ifup? (
+		sys-apps/iproute2
+		net-misc/bridge-utils
+	)
 	rbd? ( sys-cluster/ceph )
 	sasl? ( dev-libs/cyrus-sasl )
 	sdl? ( >=media-libs/libsdl-1.2.11[X] )
-	spice? ( >=app-emulation/spice-0.9.0
-			>=app-emulation/spice-protocol-0.8.1 )
+	spice? (
+		>=app-emulation/spice-0.9.0
+		>=app-emulation/spice-protocol-0.8.1
+	)
 	ssl? ( net-libs/gnutls )
 	usbredir? ( sys-apps/usbredir )
 	vde? ( net-misc/vde )
 	xattr? ( sys-apps/attr )
 	xen? ( app-emulation/xen-tools )
-
 "
 
 DEPEND="${RDEPEND}
@@ -122,6 +126,11 @@ pkg_setup() {
 }
 
 src_prepare() {
+	# bug #400595 / CVE-2012-0029
+	epatch "${FILESDIR}"/qemu-kvm-1.0-e1000-bounds-packet-size-against-buffer-size.patch
+
+	# prevent docs to get automatically installed
+	sed -i '/$(DESTDIR)$(docdir)/d' Makefile || die
 	# Alter target makefiles to accept CFLAGS set via flag-o
 	sed -i 's/^\(C\|OP_C\|HELPER_C\)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
@@ -218,10 +227,7 @@ src_configure() {
 }
 
 src_install() {
-	emake \
-		DESTDIR="${D}" \
-		docdir="${EPREFIX}"/usr/share/doc/"${PF}" \
-	    install || die "make install failed"
+	emake DESTDIR="${D}" install || die "make install failed"
 
 	if [[ -n ${softmmu_targets} ]]; then
 		if use qemu-ifup; then
@@ -229,6 +235,10 @@ src_install() {
 			doexe "${FILESDIR}"/qemu-if{up,down}
 		fi
 	fi
+
+	dodoc Changelog MAINTAINERS TODO pci-ids.txt || die
+	newdoc pc-bios/README README.pc-bios || die
+	dohtml qemu-doc.html qemu-tech.html || die
 }
 
 pkg_postinst() {
diff --git a/app-emulation/qemu/qemu-9999.ebuild b/app-emulation/qemu/qemu-9999.ebuild
index 28c28d615882..e44fb7fa3ba6 100644
--- a/app-emulation/qemu/qemu-9999.ebuild
+++ b/app-emulation/qemu/qemu-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.12 2012/01/23 21:34:33 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/qemu/qemu-9999.ebuild,v 1.13 2012/01/26 19:01:15 slyfox Exp $
 
 EAPI=4
 
@@ -22,7 +22,7 @@ HOMEPAGE="http://www.qemu.org"
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="+aio alsa bluetooth brltty curl esd fdt hardened jpeg ncurses nss
+IUSE="+aio alsa bluetooth brltty curl esd fdt hardened jpeg kvm ncurses nss
 opengl png pulseaudio qemu-ifup rbd sasl sdl spice ssl static threads usbredir vde
 +vhost-net xattr xen"
 
@@ -123,9 +123,13 @@ QA_WX_LOAD="${QA_PRESTRIPPED}
 
 pkg_setup() {
 	use qemu_softmmu_targets_x86_64 || ewarn "You disabled default target QEMU_SOFTMMU_TARGETS=x86_64"
+
+	use kvm && ewarn "You have enabled USE=kvm feature. Please consider using app-emulation/qemu-kvm"
 }
 
 src_prepare() {
+	# prevent docs to get automatically installed
+	sed -i '/$(DESTDIR)$(docdir)/d' Makefile || die
 	# Alter target makefiles to accept CFLAGS set via flag-o
 	sed -i 's/^\(C\|OP_C\|HELPER_C\)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
@@ -206,7 +210,7 @@ src_configure() {
 		--sysconfdir="${EPREFIX}"/etc \
 		--disable-strip \
 		--disable-werror \
-		--disable-kvm \
+		$(use_enable kvm) \
 		--disable-libiscsi \
 		--enable-nptl \
 		--enable-uuid \
@@ -222,10 +226,7 @@ src_configure() {
 }
 
 src_install() {
-	emake \
-		DESTDIR="${D}" \
-		docdir="${EPREFIX}"/usr/share/doc/"${PF}" \
-	    install || die "make install failed"
+	emake DESTDIR="${D}" install || die "make install failed"
 
 	if [[ -n ${softmmu_targets} ]]; then
 		if use qemu-ifup; then
@@ -233,6 +234,10 @@ src_install() {
 			doexe "${FILESDIR}"/qemu-if{up,down}
 		fi
 	fi
+
+	dodoc Changelog MAINTAINERS TODO pci-ids.txt
+	newdoc pc-bios/README README.pc-bios
+	dohtml qemu-doc.html qemu-tech.html
 }
 
 pkg_postinst() {