# Contributor: Valery Kartel # Contributor: Jakub Jirutka # Maintainer: Natanael Copa pkgname=qemu pkgver=2.8.1.1 pkgrel=1 pkgdesc="QEMU is a generic machine emulator and virtualizer" url="http://qemu.org/" arch="all" license="GPL2 LGPL-2" makedepends=" alsa-lib-dev bison curl-dev flex glib-dev gnutls-dev gtk+3.0-dev libaio-dev libcap-dev libcap-ng-dev libjpeg-turbo-dev libnfs-dev libpng-dev libssh2-dev libusb-dev linux-headers lzo-dev ncurses-dev paxmark snappy-dev spice-dev texinfo usbredir-dev util-linux-dev vde2-dev xfsprogs-dev zlib-dev " depends="" pkggroups="qemu" install="$pkgname.pre-install $pkgname.post-install" options="suid" # needed for qemu-bridge-helper subpackages="$pkgname-doc $pkgname-guest-agent:guest" _subsystems=" aarch64 alpha arm armeb cris i386 m68k microblaze microblazeel mips mips64 mips64el mipsel mipsn32 mipsn32el or32 ppc ppc64 ppc64abi32 ppc64le s390x sh4 sh4eb sparc sparc32plus sparc64 system-aarch64 system-alpha system-arm system-cris system-i386 system-lm32 system-m68k system-microblaze system-microblazeel system-mips system-mips64 system-mips64el system-mipsel system-moxie system-or32 system-ppc system-ppc64 system-ppcemb system-s390x system-sh4 system-sh4eb system-sparc system-sparc64 system-tricore system-unicore32 system-x86_64 system-xtensa system-xtensaeb x86_64 " for _sub in $_subsystems; do subpackages="$subpackages $pkgname-$_sub:_subsys" done case "$CARCH" in x86) _arch=i386 ;; x86_64) _arch=x86_64 ;; *) _arch="" ;; esac if [ -n "$_arch" ]; then subpackages="$subpackages $pkgname-gtk" gtk() { _subsys system-$_arch-gtk; } fi subpackages="$subpackages $pkgname-img" # -img must be declared the last source="http://wiki.qemu-project.org/download/$pkgname-$pkgver.tar.bz2 0001-elfload-load-PIE-executables-to-right-address.patch 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 0001-linux-user-fix-build-with-musl-on-aarch64.patch musl-F_SHLCK-and-F_EXLCK.patch fix-sigevent-and-sigval_t.patch xattr_size_max.patch ncurses.patch $pkgname-guest-agent.confd $pkgname-guest-agent.initd 80-kvm.rules bridge.conf CVE-2016-9102.patch CVE-2016-10155.patch CVE-2017-5525.patch CVE-2017-5552.patch CVE-2017-5578.patch CVE-2017-5579.patch CVE-2017-5856.patch CVE-2017-5857.patch CVE-2017-5898.patch CVE-2017-6505.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: # 2.8.1.1-r0: # - CVE-2016-9101 # - CVE-2016-9102 # - CVE-2016-9103 # - CVE-2016-9104 # - CVE-2016-9105 # - CVE-2016-9106 # - CVE-2016-10155 # - CVE-2017-5525 # - CVE-2017-5552 # - CVE-2017-5578 # - CVE-2017-5579 # - CVE-2017-5667 # - CVE-2017-5856 # - CVE-2017-5857 # - CVE-2017-5898 # - CVE-2017-5931 # - CVE-2017-2615 # - CVE-2017-2620 # - CVE-2017-6505 prepare() { default_prepare || return 1 # apply patches sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \ Makefile.target } _compile() { ../configure \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ --libexecdir=/usr/lib/qemu \ --audio-drv-list=oss,alsa \ --enable-kvm \ --enable-vde \ --enable-virtfs \ --enable-curl \ --enable-cap-ng \ --enable-linux-aio \ --enable-usb-redir \ --enable-libssh2 \ --enable-vhost-net \ --enable-pie \ --enable-snappy \ --enable-tpm \ --enable-libnfs \ --enable-lzo \ --enable-docs \ --enable-curses \ --disable-glusterfs \ --disable-debug-info \ --disable-bsd-user \ --disable-werror \ --disable-sdl \ --disable-xen \ --cc="${CC:-gcc}" \ "$@" \ || return 1 make ARFLAGS="rc" || return 1 } build() { mkdir -p "$builddir"/build \ "$builddir"/build-gtk cd "$builddir"/build _compile \ --enable-vnc \ --enable-vnc-png \ --enable-vnc-jpeg \ --enable-spice \ --enable-linux-user \ --enable-guest-agent \ --disable-gtk \ || return 1 # tests fails on x86 # http://lists.gnu.org/archive/html/qemu-devel/2012-11/msg01429.html # http://web.archiveorange.com/archive/v/21oVv8wOfpQGkyy8EK0N # make check || return 1 if [ -n "$_arch" ]; then cd "$builddir"/build-gtk _compile \ --enable-gtk \ --with-gtkabi=3.0 \ --disable-linux-user \ --disable-vnc \ --disable-spice \ --disable-guest-agent \ --target-list="$_arch-softmmu" \ || return 1 fi } package() { cd "$builddir"/build make DESTDIR="$pkgdir" install || return 1 paxmark -m "$pkgdir"/usr/bin/qemu-system-* || return 1 install -Dm640 -g qemu "$srcdir"/bridge.conf \ "$pkgdir"/etc/qemu/bridge.conf || return 1 install -Dm644 "$srcdir"/80-kvm.rules \ "$pkgdir"/lib/udev/rules.d/80-kvm.rules || return 1 # qemu-bridge-helper needs suid to create tunX devices; # allow only users in the qemu group to run it. chmod 04710 "$pkgdir"/usr/lib/qemu/qemu-bridge-helper || return 1 chgrp qemu "$pkgdir"/usr/lib/qemu/qemu-bridge-helper || return 1 if [ -n "$_arch" ]; then cd "$builddir"/build-gtk install $_arch-softmmu/qemu-system-$_arch \ "$pkgdir"/usr/bin/qemu-system-$_arch-gtk || return 1 fi # Do not install HTML docs. rm "$pkgdir"/usr/share/doc/qemu/*.html } _subsys() { local name=${1:-"${subpkgname#$pkgname-}"} pkgdesc="Qemu ${name/-/ } emulator" depends="qemu" options="" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-$name "$subpkgdir"/usr/bin/ } img() { pkgdesc="QEMU command line tool for manipulating disk images" replaces="qemu" options="" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-img \ "$pkgdir"/usr/bin/qemu-io \ "$subpkgdir"/usr/bin/ || return 1 # We exploit the fact that -img subpackage are created last # and check that we done have new systems that belongs in # subpackage. local path= retval=0 for path in "$pkgdir"/usr/bin/qemu-system-*; do if [ -r "$path" ]; then error "Please create a subpackage for ${path##*/}" retval=1 fi done return $retval } guest() { pkgdesc="QEMU guest agent" options="" mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/qemu-ga "$subpkgdir"/usr/bin/ || return 1 install -Dm755 "$srcdir"/$pkgname-guest-agent.initd \ "$subpkgdir"/etc/init.d/$pkgname-guest-agent || return 1 install -Dm644 "$srcdir"/$pkgname-guest-agent.confd \ "$subpkgdir"/etc/conf.d/$pkgname-guest-agent || return 1 } md5sums="a6a23a0c59fd0f8ec564b0fb89a79954 qemu-2.8.1.1.tar.bz2 672727bb1d8c8ab7b5def65dd1793c33 0001-elfload-load-PIE-executables-to-right-address.patch d364208c4847ad2baeb237900befecd1 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 38fbaee6f2913993169e5b39d96927a1 0001-linux-user-fix-build-with-musl-on-aarch64.patch 19a26bd596f0a1c55d2e831106ce96f5 musl-F_SHLCK-and-F_EXLCK.patch 18f3194bdb0751d1c96140bd4d98b86f fix-sigevent-and-sigval_t.patch 36b835d7f00aa99f69d909bcdff9b1cf xattr_size_max.patch 4b3b899ebc67accff89ace306d48668e ncurses.patch 1663bc6977f6886a58394155b1bf3676 qemu-guest-agent.confd ea972f2fc5505488f68320bf386106bb qemu-guest-agent.initd 66660f143235201249dc0648b39b86ee 80-kvm.rules a2f5570453f2489b6e4023e96f70cb7e bridge.conf fcdd29dbfa628d009509d012e708195d CVE-2016-9102.patch c856f6933e89054b1551c899388ea135 CVE-2016-10155.patch 025eca2d1c54ab1405b4f51fe5e9ed10 CVE-2017-5525.patch e74541b2f280df892d5b0db47f28a25b CVE-2017-5552.patch 5bf67a11540bcd7574d3207c0dc528b2 CVE-2017-5578.patch 583264963ab9961a6472134b666dd7c6 CVE-2017-5579.patch 617be04c5990cef0cae6a4dc1cdf7d71 CVE-2017-5856.patch 228584e3469f42b423031f7010d23278 CVE-2017-5857.patch efe40d8b1d0fc1593f9415abd3d31cfe CVE-2017-5898.patch bebadea798d684fbff3b5e3c4759bd26 CVE-2017-6505.patch" sha256sums="f62ab18a1fb9ff5b4c81ed44becc945b11581eff777618141bdb787da55d3638 qemu-2.8.1.1.tar.bz2 af35304b165622a53f7557b59ffd8da5030f5fd444e669c862f9410131f3b987 0001-elfload-load-PIE-executables-to-right-address.patch 6af6cf9044997710a6d0fbdba30a35c8d775e30d30c032ec97db672f75ec88ac 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 1086ee9ea9411b3bacaf58bc72630a159260ef873a66710b7edb7223be1ea2c0 0001-linux-user-fix-build-with-musl-on-aarch64.patch ec5e2bd34636c47f464c6b9efd01e487a7b81602c8b598df6efe8d8ceed0c2e5 musl-F_SHLCK-and-F_EXLCK.patch 5bd5723873af643406b250641e7eaa248ce728b8caf8e761e219728f59ce6072 fix-sigevent-and-sigval_t.patch a0c21e70495ac249e3dfcba7420eebe044c6cccc5a8bdc5b635d89ca2e2eac7f xattr_size_max.patch f24b9492f208d386edc5a7a5222906e4816733348e0c557c09ce813bbd80be92 ncurses.patch d84e53a94584f37f3bd1b21f44077b5de0d07094c6729f26ae20ab1f7b9cc298 qemu-guest-agent.confd 5bef90ccab2e743868fd562eee9a3ded35c8d3e01fa387367ed55a0da95570d5 qemu-guest-agent.initd 37f666f1cdb7d8a62171de69b531681dcb0fba74236729dac8b6c019232eba84 80-kvm.rules 2f05021990014a5f832aa17317c1464806dc97c278f88d8284db88378f53cb32 bridge.conf b1f6b4a38fadc543ef53c49bc4a8a44e15d126aa1cc5ee9eacae5cdb28639c1c CVE-2016-9102.patch 7c8ff81f37f7c768eeebfa789e59ad2b3e63d9b7d9f91682fa0d024dbd0360f6 CVE-2016-10155.patch e2fae28919a467675a0b1747fae34f2cdc18a2b3332b99c7a2e49691b1220ba4 CVE-2017-5525.patch f9bb04f19677e62a49d2d13fc2e6540565911a3b51d59765d00dac23be5cdf8e CVE-2017-5552.patch c866543572e2b651f953f2f70f537ee77c418e7e1bb593e1bbd29d2c51c84777 CVE-2017-5578.patch 036d4d2a7b37c92f33bd033226699d4110273256682fe02bf2accde022f46c51 CVE-2017-5579.patch 5cfaf143a479f81d3ef955f1fbaa1da4f16cc16da1e602cb8de96644919df20e CVE-2017-5856.patch e2150a7cc92b72e3f20506b9c76b40599af8d2366d25bd9b245a0bffa66ad8eb CVE-2017-5857.patch 763784f398f73b10ce4bc103366ca7e5c889804fc144a419a00e6902380652f8 CVE-2017-5898.patch e941cde157d16f30707b67c180f9021b1014c46c6957cb169a5b7d79813eefd8 CVE-2017-6505.patch" sha512sums="6e680aa329e1cf739b5dac3d232abc584a71efd990227e598226cbd118c298b4496593b1084fb55e0e2580c4cc9364562c3ad63f33465b9b93de633cf4cabc15 qemu-2.8.1.1.tar.bz2 405008589cad1c8b609eca004d520bf944366e8525f85a19fc6e283c95b84b6c2429822ba064675823ab69f1406a57377266a65021623d1cd581e7db000134fd 0001-elfload-load-PIE-executables-to-right-address.patch ec84b27648c01c6e58781295dcd0c2ff8e5a635f9836ef50c1da5d0ed125db1afc4cb5b01cb97606d6dd8f417acba93e1560d9a32ca29161a4bb730b302440ea 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch 4431dad803156d424a6c9fc74783762590b27fcb3bfadb6b23b149bc9e71c31f139991541aa4e0583c17ac531242dff02ebf4d5a8f9a9a77be757fb30cb65565 0001-linux-user-fix-build-with-musl-on-aarch64.patch 224f5b44da749921e8a821359478c5238d8b6e24a9c0b4c5738c34e82f3062ec4639d495b8b5883d304af4a0d567e38aa6623aac1aa3a7164a5757c036528ac0 musl-F_SHLCK-and-F_EXLCK.patch 5da8114b9bd2e62f0f1f0f73f393fdbd738c5dea827ea60cedffd6f6edd0f5a97489c7148d37a8ec5a148d4e65d75cbefe9353714ee6b6f51a600200133fc914 fix-sigevent-and-sigval_t.patch 4b1e26ba4d53f9f762cbd5cea8ef6f8062d827ae3ae07bc36c5b0c0be4e94fc1856ad2477e8e791b074b8a25d51ed6d0ddd75e605e54600e5dd0799143793ce4 xattr_size_max.patch b6ed02aaf95a9bb30a5f107d35371207967edca058f3ca11348b0b629ea7a9c4baa618db68a3df72199eea6d86d14ced74a5a229d17604cc3f0adedcfeae7a73 ncurses.patch d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd 316b40d97587fea717821852859d81039cfdcb276a658bb6e6fb554e321d5856a833ebb3778149c4732cea625bac320b1008d374c88a9aae35c0fb67977c01b7 qemu-guest-agent.initd 9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules 749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf c605c658f6a15467b9c21fb89995497a24ee8093f1c7eb68e17d89cc106dc7f3473195287ab349e822a5a287b08845f817ac9087bc4a8293707a2b9fa8264683 CVE-2016-9102.patch 350f53bf39bc644fd3f6cad297a5bcd33829e83283285ec372354c2b70a51bf52be691499f2fc40c1c76bb3ceaf3c65fb1a82e384e18cecda6ef38bbf457ab09 CVE-2016-10155.patch a633ffdbd6eb58b1f091553db7944b72f6c5ea412b82f8162b4ece4b3c98aa550246bb8ab865b24468455f92bbb4908d842e03e84b9fb1fb0f1084a4e6097288 CVE-2017-5525.patch 1a17a4c9c5c2bb724735dade20c196bf90f5ab419b0dc5ca3ce771ac68d493d1f831722fe1aac8636f2c22ebecaa4560693aad98a87bd4e45c9fa529a1549546 CVE-2017-5552.patch 5f104e05e904a1392ca31203f02b7b546aeb91f1a438631c8a5f0fb5c6c051b19d8d0219b2c71aadd5d5404222d5dbc8e80127d2afaea6ed2bf918007d613a8a CVE-2017-5578.patch 74415ea5e6f6bfa787a2515da86c3ead87b0a9694d6adbdd390cbb3be43e1c88b4be4a8891f46bc6af520d3d5582c9ebe70572e2bb78d13c29d5ca12695d33ed CVE-2017-5579.patch 2b051f9d9265f9039e2cfed0bbdc93360f1660ea5b4129ec01f6faa3c1b6b135f5c949ddc26fe05a91a95a3ac558e8844ec292558c1dd66552868cbbc6aa8744 CVE-2017-5856.patch d6d000b57f1fb194f9554165621109b364ebdb61416bc07e2283f2d493c33e770d1b63002d62565aae1ac19ed0ad9e572c207341aa1ad023581f349f62158d30 CVE-2017-5857.patch 80f89d75970345fbf6771cb16ed0d48c91c52b6b63ac967b3dbef56c16b654df432fa7ada0549c1b812d3d641f831fe20cb8b0eb52c46b8e73ade2801a563a8d CVE-2017-5898.patch a151ffb922670e044851c15b1404dc4bbf62905fa075ebedce36d706cbc97e8d8c2abbb53946d2d42a24d86a616425d936abf1da2298390c38867743931fd1b8 CVE-2017-6505.patch"