--- qemu-0.9.1.orig/debian/qemu-ifup +++ qemu-0.9.1/debian/qemu-ifup @@ -0,0 +1,2 @@ +#!/bin/sh +sudo -p "Password for $0:" /sbin/ifconfig $1 172.20.0.1 --- qemu-0.9.1.orig/debian/rules +++ qemu-0.9.1/debian/rules @@ -0,0 +1,123 @@ +#!/usr/bin/make -f +# +# $Id: rules 320 2008-04-23 00:17:18Z guillem $ +# + +DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +# WARNING: Removing no-strict-aliasing will make qemu insta-segfault. +CFLAGS = -Wall -g -fno-strict-aliasing + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +ifeq ($(DEB_HOST_ARCH_OS),linux) + conf_arch += --enable-alsa +endif + +# Support multiple makes at once +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +NJOBS := -j $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +endif + +D = $(CURDIR)/debian/qemu + +qemu_bios_files = \ + bios.bin \ + vgabios.bin \ + vgabios-cirrus.bin \ + video.x \ + openbios-sparc32 \ + openbios-sparc64 \ + pxe-ne2k_pci.bin \ + pxe-rtl8139.bin \ + pxe-pcnet.bin \ + ppc_rom.bin \ + proll.elf + +qemu_docs = \ + qemu-doc.html \ + qemu-tech.html \ + qemu.1 \ + qemu-img.1 + +include /usr/share/quilt/quilt.make + +config-host.mak: configure + dh_testdir + + CFLAGS="$(CFLAGS)" ./configure \ + --prefix=/usr \ + --enable-adlib \ + $(conf_arch) + +setup-source: patch + $(MAKE) -f debian/rules config-host.mak + +build: setup-source + dh_testdir + + $(MAKE) $(NJOBS) + $(MAKE) -C pc-bios + +clean: unpatch + dh_testdir + dh_testroot + + -$(MAKE) -C pc-bios clean + -$(MAKE) distclean + + rm -f $(qemu_docs) + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs -a + + # Make qemu's "make install" happy + for i in $(qemu_bios_files); do \ + touch pc-bios/$$i; \ + done + + $(MAKE) DESTDIR=$(D) install + + # Clean up the mess + for i in $(qemu_bios_files); do \ + rm -f pc-bios/$$i $(D)/usr/share/qemu/$$i; \ + done + +binary-indep: +# Nothing to do. + +binary-arch: install + dh_testdir + dh_testroot + dh_install -a + dh_installdebconf -a + dh_installdocs -a + dh_installexamples -a + dh_installlogrotate -a + dh_installman -a + dh_installinfo -a + dh_installchangelogs -a Changelog + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + chmod a+x $(D)/etc/qemu-ifup + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch + +.PHONY: build clean binary-indep binary-arch binary install + --- qemu-0.9.1.orig/debian/control +++ qemu-0.9.1/debian/control @@ -0,0 +1,38 @@ +Source: qemu +Section: misc +Priority: optional +Maintainer: Debian QEMU Team +Uploaders: Aurelien Jarno , Riku Voipio , + Josh Triplett +Build-Depends: debhelper (>= 5), quilt (>= 0.40), binutils (>= 2.16), nasm, + gcc-3.4, libx11-dev, libsdl1.2-dev (>> 1.2.1), libncurses5-dev, zlib1g-dev, + texi2html, sharutils, libgnutls-dev, libfreebsd-dev [kfreebsd-i386 kfreebsd-amd64], + libasound2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], + libgpmg1-dev [amd64 i386 powerpc alpha sparc arm armeb armel s390] +Standards-Version: 3.7.3 +Homepage: http://www.qemu.org/ +Vcs-Browser: http://svn.debian.org/wsvn/pkg-qemu/ +Vcs-Svn: svn://svn.debian.org/pkg-qemu/trunk/ + +Package: qemu +Architecture: amd64 i386 powerpc alpha sparc arm armeb armel s390 kfreebsd-i386 kfreebsd-amd64 +Depends: ${shlibs:Depends}, vgabios (>= 0.5a-1), bochsbios (>= 2.3.5-1), + proll, openhackware +Recommends: debootstrap, sharutils, vde2 +Suggests: sudo, samba +Description: fast processor emulator + QEMU is a fast processor emulator: currently the package supports + ARM, CRIS, i386, M68k (ColdFire), MIPS, PowerPC, SH4, SPARc and x86-64 + emulation. By using dynamic translation it achieves reasonable speed + while being easy to port on new host CPUs. QEMU has two operating modes: + . + * User mode emulation: QEMU can launch Linux processes compiled for + one CPU on another CPU. + * Full system emulation: QEMU emulates a full system, including a + processor and various peripherals. It enables easier testing and + debugging of system code. It can also be used to provide virtual + hosting of several virtual PC on a single server. + . + As QEMU requires no host kernel patches to run, it is very safe and + easy to use. + --- qemu-0.9.1.orig/debian/qemu-make-debian-root.8 +++ qemu-0.9.1/debian/qemu-make-debian-root.8 @@ -0,0 +1,44 @@ +.\" $Id: qemu-make-debian-root.8 266 2008-01-06 20:29:04Z aurel32 $ +.TH qemu\-make\-debian\-root 8 2006-05-28 "0.0" Debian +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +qemu\-make\-debian\-root \- Create a debian root image for qemu +.SH SYNOPSIS +.B qemu\-make\-debian\-root +.RI [ -k "] " +.RI [ -s "] " +.I size-in-MiB distrib deburl image +.RI [ files-to-copy-in-/root ] +.SH DESCRIPTION +.B qemu\-make\-debian\-root +is a command to ease the creation of a debian root image for qemu. +The generated image is not bootable by itself, and an external kernel +is needed. It can be run with a command like: +.IP +.nf +.B qemu disk.img -kernel /boot/vmlinuz +.fi +.PP +.SH OPTIONS +.TP +.BR \-k +Keep file system. +.TP +.BR \-s +Create a sparse image. +.SH SEE ALSO +.BR qemu (1), +.BR qemu\-img (1). +.SH AUTHOR +This manual page was written by Guillem Jover . --- qemu-0.9.1.orig/debian/changelog +++ qemu-0.9.1/debian/changelog @@ -0,0 +1,978 @@ +qemu (0.9.1-10lenny1~bpo40+1) etch-backports; urgency=low + + * Security rebuild for etch-backports to fix CVE-2008-0928 (privilege + escalation), CVE-2008-4539 (heap-based buffer overflow) and CVE-2008-1945 + (media handling vulnerability) + * Remove openbios-sparc from Depends. + * Remove libbrlapi-dev from Build-Depends. + + -- Gerfried Fuchs Fri, 05 Jun 2009 11:13:53 +0200 + +qemu (0.9.1-10lenny1) stable-security; urgency=low + + * debian/patches/91_security.patch: fix privilege escalation. + (CVE-2008-0928). Closes: bug#469649. + * debian/patches/97_security.patch: fix heap-based buffer overflow in + the Cirrus VGA implementation (CVE-2008-4539). Closes: bug#526040. + * debian/patches/98_security.patch: fix media handling vulnerability + (CVE-2008-1945). Closes: bug#526013. + + -- Aurelien Jarno Sat, 02 May 2009 15:29:10 +0200 + +qemu (0.9.1-10) unstable; urgency=low + + * debian/patches/96_security.patch: fix off-by-one bug limiting VNC + passwords to 7 chars (CVE-2008-5714). + + -- Aurelien Jarno Sun, 28 Dec 2008 12:38:40 +0100 + +qemu (0.9.1-9) unstable; urgency=low + + * debian/patches/95_security.patch: fix remote DoS via VNC + (CORE-2008-1210/CVE-2008-2382). + + -- Aurelien Jarno Tue, 23 Dec 2008 15:06:11 +0100 + +qemu (0.9.1-8) unstable; urgency=low + + * debian/patches: + - cherry-pick from svn: 61_pseudotty.patch 62_fix-ptyblocking.patch + qemu is affected by #494831 too, these patches fix it here. + + -- Riku Voipio Wed, 19 Nov 2008 23:21:43 +0200 + +qemu (0.9.1-7) unstable; urgency=low + + * debian/qemu-make-debian-root: + - Fix bug introduced when fixing bug#496394 (Closes: bug#502325). + + -- Aurelien Jarno Thu, 16 Oct 2008 22:18:39 +0200 + +qemu (0.9.1-6) unstable; urgency=high + + [ Aurelien Jarno ] + * debian/control: + - Update list of supported targets (Closes: bug#488339). + * debian/qemu-make-debian-root: + - Use mktemp instead of $$ to create temporary directories (Closes: + bug#496394). + * debian/links: + - Add missing links to manpages. + + -- Aurelien Jarno Mon, 25 Aug 2008 04:38:35 +0200 + +qemu (0.9.1-5) unstable; urgency=high + + [ Guillem Jover ] + * Add Homepage field. + * Add Vcs-Browser and Vcs-Svn fields. + * Remove packaging repository information from debian/copyright. + * Add former package co-maintainers to debian/copyright. + * Serialize patch and configure steps in debian/rules to support parallel + builds, as we are patching configure. + * Remove myself from Uploaders. + + [ Aurelien Jarno ] + * debian/patches/70_manpage.patch: remove curses documentation, it is already + in debian/patches/80_ui_curses.patch (Closes: bug#477369). + * debian/patches/94_security.patch: add format= to drive options + (CVE-2008-2004). + + -- Aurelien Jarno Mon, 28 Apr 2008 21:54:12 +0200 + +qemu (0.9.1-4) unstable; urgency=high + + * debian/patches/52_ne2000_return.patch: drop, the patch is wrong. + * Backports from upstream: + - Typo in curses_keys.h + - Documentation for the -curses option + - Fix broken absoluteness check for cabs.d.*. + - USB-to-serial device. + - rtl8139: fix endianness on big endian targets + - restore rw support for vvfat + - x86-64: recompute DF after eflags has been modified when emulating + SYSCALL + - ignore reads to the EOI register + - IDE: Improve DMA transfers by increasing the buffer size + - Braille device support + - Add -no-shutdown option (Closes: #326406) + - Ask to use "mount -o remount" instead of "umount" and "mount" + /dev/shm (Closes: #476539). + * debian/qemu.doc-base: fix section. + + -- Aurelien Jarno Sun, 20 Apr 2008 23:29:42 +0200 + +qemu (0.9.1-3) unstable; urgency=low + + [ Aurelien Jarno ] + * debian/patches/42_arm_tls.patch: fix to get qemu-system-arm working + again. (Closes: #471722). + * debian/patches/56_dhcp.patch: fix DHCP server to correctly support + MS-Windows guests. (Closes: #471452). + + -- Aurelien Jarno Wed, 19 Mar 2008 18:58:29 +0100 + +qemu (0.9.1-2) unstable; urgency=low + + [ Aurelien Jarno ] + * debian/patches/80_ui_curses.patch: pull new patch from upstream CVS + (Closes: #442274). + * debian/patches/65_kfreebsd.patch: link with -lfreebsd. (Closes: + #465932). + * debian/patches/81_mips32r2_fpu.patch: patch pulled from upstream + to fix FPU issue on MIPS32R2. + * debian/patches/42_arm_tls.patch: reenable, mistakenly disabled in the + previous upload. (Closes: #469743). + * debian/rules: fix parallel building. (Closes: #469981). + * debian/patches/07_i386_exec_name.patch: install the i386 emulator as + qemu-system-i386, and change qemu into a link pointing to the i386 + version. + * debian/README.Debian: add notes about qemu-system-ppc and video.x + (Closes: #388735). + * debian/patches/70_manpage.patch: describe the -curses option. + (Closes: #433658). + * debian/patches/71_doc.patch: fix the monitor change option. (Closes: + #467106). + * debian/patches/35_syscall_sockaddr.patch: fix sockaddr (Closes: + #469351). + * debian/patches/43_arm_cpustate.patch: disable (Closes: #444171). + + -- Aurelien Jarno Mon, 17 Mar 2008 01:29:03 +0100 + +qemu (0.9.1-1) unstable; urgency=low + + [ Aurelien Jarno ] + * New upstream version. (Closes: #459801) + - Supports s390 host. (Closes: #441119) + - Fix PCI bar allocation. (Closes: #413315) + - Fix typo in keys name. (Closes: #426181) + - Fix segfault of qemu-i386 (Closes: #446868). + - debian/control: bump depends on openbios-sparc to + >= 1.0~alpha2+20080106. + - debian/patches/02_snapshot_use_tmpdir.patch: Refreshed. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/06_exit_segfault.patch: Likewise. + - debian/patches/10_signal_jobs.patch: Likewise. + - debian/patches/11_signal_sigaction.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_soopts.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/50_linuxbios_isa_bios_ram.patch: Likewise + - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise + - debian/patches/61_safe_64bit_int.patch: Removed, merged upstream. + - debian/patches/63_sparc_build.patch: Refreshed. + - debian/patches/80_ui_curses.patch: Likewise. + * debian/patches/90_security.patch: fix 64-bit overflow. (Closes: + #425634) + * debian/qemu-make-debian-root: add a -s option to create sparse + image. (Closes: #322325) + * debian/control: bump depends on bochsbios to >= 2.3.5-1. Use + BIOS-qemu-latest instead of BIOS-bochs-latest. (Closes: #402289, + #442822) + * debian/rules: build the non-dyngen part with default gcc. + * debian/rules: support DEB_BUILD_OPTIONS="parallel=n". + * debian/patches/70_manpage.patch: describe the arguments of the + -usbdevice option in the manpage. (Closes: #443801) + * debian/control: now using Standards-Version 3.7.3 (no changes needed). + * debian/control: build-depends on libgnutls-dev to enable TLS support + in VNC. + * debian/patches/01_nostrip.patch: don't strip binaries during make + install. (Closes: #437866) + * debian/patches/53_openbios_size.patch: increase maximum prom size to + support latest openbios. + + -- Aurelien Jarno Mon, 28 Jan 2008 21:24:14 +0100 + +qemu (0.9.0+20070816-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream snapshot. + - Fix hang on ARM during Etch installation. (Closes: #430164) + - Fix data corruption with qcow 2. (Closes: #440296) + - Fix errors with raw images > 4 GiB. (Closes: #425634) + - debian/patches/01_typo_qemu-img.patch: Removed, merged upstream. + - debian/patches/03_machines_list_no_error.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/38_syscall_semctl.patch: Likewise. + - debian/patches/40_sparc_fp_to_int.patch: Likewise. + - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: Likewise. + - debian/patches/62_linux_boot_nasm.patch: Likewise. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Synced. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/43_arm_cpustate.patch: Likewise. + - debian/patches/51_linuxbios_piix_ram_size.patch: Likewise. + - debian/patches/55_unmux_socketcall.patch: Likewise. + - debian/patches/60_ppc_ld.patch: Likewise. + - debian/patches/65_kfreebsd.patch: Likewise. + - debian/patches/80_ui_curses.patch: Likewise. + - debian/patches/90_security.patch: Likewise. + * Remove Elrond and Guilherme de S. Pastore from Uploaders, with their + permission, and add Aurelien Jarno and Riku Voipio. + * Remove Tag field, this is better maintained outside of the package. + * Add openbios-sparc64 to qemu_bios_files in debian/rules. + + [ Aurelien Jarno ] + * Fix FTBFS on amd64. (Closes: #434296) + - Drop debian/patches/34_syscalls_types.patch + * debian/control: + - Suggest samba. (Closes: #430368) + * Add OpenBIOS for sparc. (Closes: #407076) + - debian/control: depends on openbios-sparc. + - debian/links: provide symlinks in /usr/share/qemu. + + -- Guillem Jover Tue, 04 Sep 2007 04:04:47 +0300 + +qemu (0.9.0-2) unstable; urgency=high + + [ Guillem Jover ] + * Fix several security issues. (Closes: #424070) + Thanks to Tavis Ormandy . + - Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320 + - NE2000 "mtu" heap overflow. + - QEMU "net socket" heap overflow. + - QEMU NE2000 "receive" integer signedness error. CVE-2007-1321 + - Infinite loop in the emulated SB16 device. + - Unprivileged "aam" instruction does not correctly handle the + undocumented divisor operand. CVE-2007-1322 + - Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322 + - debian/patches/90_security.patch: New file. + * Enable adlib audio emulation. (Closes: #419170) + * Fix structure padding for target_eabi_flock64 when built for a 64 bit + architecture. (Closes: #414799) + Thanks to Stuart Anderson . + - debian/patches/44_arm_eabi_built_on_64bit_arches.patch: New file. + * Fix qemu to be able to use LinuxBios. (Closes: #412212) + Thanks to Ed Swierk . + - debian/patches/50_linuxbios_isa_bios_ram.patch: New file. + - 51_linuxbios_piix_ram_size.patch: Likewise. + * Fix segfault when booting a Linux kernel w/o a disk image, by exiting but + clarifying the message, as to use '/dev/null'. (Closes: #409817, #411780) + Thanks to Robert Millan . + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Updated. + * Fix segfault by using addrlen instead of target_addrlen in + do_getpeername()/do_getsockname(). (Closes: #411910) + Thanks to Stuart Anderson . + - debian/patches/35_syscall_sockaddr.patch: Updated. + * Fix semctl() for 32 bit targets on 64 bit hosts. (Closes: #414809) + Thanks to Stuart Anderson . + - debian/patches/38_syscall_semctl.patch: New file. + * Remove Elrond from Uploaders with consent, always welcome to join + back anytime. + + -- Guillem Jover Wed, 16 May 2007 08:08:31 +0300 + +qemu (0.9.0-1) experimental; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #409989) + - Support for relative paths in backing files for disk images. + (Closes: #390446) + - debian/patches/01_doc_typos.patch: Removed, merged upstream. + - debian/patches/38_syscall_arm_statfs64.patch: Likewise. + - debian/patches/51_serial_small_divider.patch: Likewise. + - debian/patches/67_ppc_ftbfs.patch: Likewise. + - debian/patches/21_net_soopts.patch: Synced. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/39_syscall_fadvise64.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/55_unmux_socketcall.patch: Likewise. + - debian/patches/80_ui_curses.patch: Likewise. + * Update the copyright information. + * The ACPI initialization code has been moved to bochsbios. + - debian/patches/acpi-dsdt.hex: Removed. + - debian/rules: Do not install acpi-dsdt.hex. + * Add more files to the list of roms removed from the tarball needed to + be touched so that upstream 'make install' does not fail. + * Added armeb and armel to Architecture fields and libgpmg1-dev + Build-Depends. + * Recommend vde2 instead of the transitional vde package. (Closes: #407251) + * Fix typo in qemu-img output. (Closes: #408542) + - debian/patches/01_typo_qemu-img.patch: New file. + Thanks to Adam Buchbinder . + * Symlink qemu-user(1) to qemu-m68k(1). + * Reduce redundancy in qemu-user(1) synopsis. + * Fix rounding in sparc floating point to integer conversions. + - debian/patches/40_sparc_fp_to_int.patch: New file. + Thanks to Aurelien Jarno . + + -- Guillem Jover Thu, 8 Feb 2007 01:01:29 +0200 + +qemu (0.8.2-5) unstable; urgency=low + + [ Guillem Jover ] + * Added a missing part to the ARM NPTL support patch, initially lost. + - debian/patches/42_arm_tls.patch: Updated. + + -- Guillem Jover Tue, 16 Jan 2007 11:44:00 +0200 + +qemu (0.8.2-4) unstable; urgency=medium + + [ Guillem Jover ] + * Disable using iasl for now until it's ported to big-endian systems and + include a locally built acpi-dsdt.hex file. + + -- Guillem Jover Sun, 3 Dec 2006 21:10:23 +0200 + +qemu (0.8.2-3) unstable; urgency=low + + [ Guillem Jover ] + * Hopefully really fix powerpc FTBFS. + + -- Guillem Jover Sun, 5 Nov 2006 17:09:53 +0200 + +qemu (0.8.2-2) unstable; urgency=low + + [ Guillem Jover ] + * Update Tag field to match new debtags vocabulary. + * Clean properly. (Closes: #390166) + - Remove the acpi generated files and the docs. + - Revert the docs regeneration forcing logic. + Thanks to Anderson Lizardo . + * On install use DESTDIR instead of specifying all paths. (Closes: #396139) + Thanks to Anderson Lizardo . + * Port to GNU/kFreeBSD. (Closes: #327622) + - Disable ALSA on non-linux systems. + - Add a Build-Depends on libfreebsd-dev on kfreebsd systems. + - Add kfreebsd-i386 and kfreebsd-amd64 to the Architecture field. + - debian/patches/65_kfreebsd.patch: New file. + Thanks Petr Salinger . + * In qemu-make-debian-root do not explicitely install in aptitude and + libsigc++-1.2-5c102, they are pulled now by default. And do not remove + aptitude afterwards. (Closes: #392481) + Thanks to Ted Percival . + * Add experimental ncurses ui support. (Closes: #369462) + - debian/patches/80_ui_curses.patch: New file. + Thanks to Andrzej Zaborowski . + * Add SO_PEERCRED and SO_SNDTIMEO support, and fix accept syscall when + being passed NULL pointers. + - debian/patches/21_net_sockopts.patch: Renamed to ... + - debian/patches/21_net_soopts.patch: ... here. Modify. + Thanks to Pablo Virolainen. + * Add a fadvise64 syscall stub. + - debian/patches/39_syscall_fadvise64.patch: New file. + Thanks to Pablo Virolainen. + * Add EABI unmuxed socket syscalls. + - debian/patches/55_unmux_socketcall.patch: New file. + Thanks to Riku Voipio. + * Add TLS sections to the ARM and x86 linker scripts so that qemu user + emulators can be linked statically. + - debian/patches/66_tls_ld.patch: New file. + * Move the documentation of the binary blob removals from the original + upstream tarball from README.Debian to debian/copyright. + * Reword the emphasis on "FAST!" from the package description. + * Fix FTBFS on powerpc by adding the missing fp_status variable to the + int32_to_float32 function calls. + - debian/patches/67_ppc_ftbfs.patch: New file. + + -- Guillem Jover Sun, 5 Nov 2006 08:48:27 +0200 + +qemu (0.8.2-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #379461, #385029, #388810) + - Add ACPI BIOS emulation support. (Closes: #372533) + - Fix mouse invisible wall when using Windows XP. (Closes: #384666) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/03_machines_list_no_error.patch: Likewise. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/06_exit_segfault.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/61_safe_64bit_int.patch: Likewise. + - debian/patches/63_sparc_build.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Removed, integrated upstream. + * Switch to quilt: + - debian/control: Add quilt (>= 0.40) to Build-Depends. + - debian/patches/series: New file. + - debian/patch.mk: Removed. + - debian/rules: Include '/usr/share/quilt/quilt.make' instead of + 'debian/patch.mk'. + * Build the ACPI Source Language files with iasl. + * Add a Tag field to the binary package, using data from debtags. + * Add 2006 to the debian/copyright years. + * Add a Recommends on vde. (Closes: #386780) + * Fix spelling error in package description (peripherials -> peripherals). + (Closes: #388700) + Thanks to Rakesh 'arky' Ambati . + * Fix ne2000_can_receive return code to 0 when the command is STOP. + (Closes: #386209) + - debian/patches/52_ne2000_return.patch: New file. + Thanks to Samuel Thibault . + * Document the binary blob removals from the original upstream tarball in + README.Debian. (Closes: #388740) + + -- Guillem Jover Mon, 25 Sep 2006 04:16:25 +0300 + +qemu (0.8.1-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #366955, #366637) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/35_syscall_sockaddr.patch: Likewise. + - debian/patches/36_syscall_prctl.patch: Likewise. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/41_arm_fpa_sigfpe.patch: Likewise. + - debian/patches/42_arm_tls.patch: Likewise. + - debian/patches/43_arm_cpustate.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Likewise. + - debian/patches/51_serial_small_divider.patch: Likewise. + - debian/patches/61_safe_64bit_int.patch: Likewise. + - debian/patches/63_sparc_build.patch: Likewise. + - debian/patches/40_arm_nwfpe_cpsr.patch: Removed, integrated upstream. + * Make the patch system apply the patch on the first run. + - debian/patches/64_ppc_asm_constraints.patch: Add DPATCHLEVEL. + * Document how to use the images created with qemu-make-debian-root in the + man page. Thanks to Jacobo . (Closes: #343450) + * Add support for the -snapshot option to use the TMPDIR evironment + variable. (Closes: #353880) + - debian/patches/02_snapshot_use_tmpdir.patch: New file. + * Do not exit with an error when using '-M ?'. (Closes: #365209) + - debian/patches/03_machines_list_no_error.patch: New file. + * Added symlink for system-mipsel emulator man page. + * Build and clean the pc-bios directory. + * Avoid segfaulting by using _exit(2) instead of exit(3) in qemu user + emulators. (Closes: #338289) + - debian/patches/06_exit_segfault.patch: New file. + * Enable ALSA audio support and add libasound2-dev to the Build-Depends. + * Now using Standards-Version 3.7.2 (no changes needed). + + -- Guillem Jover Sun, 28 May 2006 20:51:10 +0300 + +qemu (0.8.0-3) unstable; urgency=low + + [ Josh Triplett ] + * Fix FTBFS on PowerPC caused by asm constraint problem. (Closes: #361727) + - debian/patches/64_ppc_asm_constraints.patch. + + [ Guillem Jover ] + * Clamp addrlen from host to target when using AF_UNIX. This fixes + socket problems when using EABI. + - debian/patches/35_syscall_sockaddr.patch: New file. + * Fix floating point comparison on ARM NWFPE, due to glue code missmatch. + (Closes: #356287) + - debian/patches/40_arm_nwfpe_cpsr.patch: New file. + - debian/patches/40_fpu_arm_sigfpe.patch: Rename to ... + - debian/patches/41_arm_fpa_sigfpe.patch: ... this. Resync. + Thanks to Ulrich Hecht. + * Fix POSIX threads creation on ARM hanging when initializing the cpu + structure being it cyclic. + - debian/patches/43_arm_cpustate.patch: New file. + * Add TLS support for ARM. Stolen from Scratchbox. + - debian/patches/42_arm_tls.patch: New file. + * Fix sysctl endian problem. + - debian/patches/32_syscall_sysctl.patch: Update. + Thanks to Timo Savola . + * Remove now default '--enable-slirp' build option. (Closes: #356284) + Thanks to Anderson Lizardo . + * Remove unused sharedir to 'make install'. (Closes: #356418) + Thanks to Anderson Lizardo . + * Fix package not cleaning properly. (Closes: #356279) + Thanks to Anderson Lizardo for the initial + patch. + * Add needed syscalls to make debootstrap work. (Closes: #356291) + - debian/patches/36_syscall_prctl.patch: New file. + - debian/patches/37_syscall_mount.patch: Likewise. + - debian/patches/38_syscall_arm_statfs64.patch: Likewise. + Thanks to Anderson Lizardo . + * Remove obsolete Build-Dependency xlibs-dev. + + -- Guillem Jover Thu, 13 Apr 2006 11:53:00 +0300 + +qemu (0.8.0-2) unstable; urgency=low + + [ Guillem Jover ] + * Switch away from cdbs to plain debhelper. + * Upgrade to debhelper compat level 5. + * Allow overriding CC compiler variable. (Closes: #345772) + * Do not redefine 64 bit types on 64 bit arches. + - debian/patches/61_safe_64bit_int.patch: New file. + * Allow linux_boot.bin to be built on any arch by switching to nasm, + and Build-Depending on it. + - debian/patches/62_linux_boot_nasm.patch: New file. + * The serial hw driver uses a small divider that gets zeroed when shifting + bits to the right. (Closes: #276276, #348098) + - debian/patches/51_serial_small_divider.patch: New file. + Thanks to Samuel Thibault . + * Escaped hyphens in qemu-user manpage, use italics for filenames and + parameters and bold for options. + * Partial build failure fix for Sparc. (Bugs: #317145, #336970) + Thanks to Jurij Smakov . + + -- Guillem Jover Mon, 20 Feb 2006 09:17:46 +0200 + +qemu (0.8.0-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #344339) + - Added support for Virtual FAT. (Closes: #313123) + - Emulate repeated keystrokes when holding a key. (Closes: #298864) + - debian/patches/01_doc_typos.patch: Sync. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/33_syscall_ppc_clone.patch: Likewise. + - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. + - debian/patches/50_missing_keycodes.patch: Likewise. + * Added mips and mipsel to the lintian overrides for the user emulators + being shlib-with-non-pic-code. + * Added symlinks for mips, mipsel and system-arm emulator manpages. + + -- Guillem Jover Fri, 30 Dec 2005 05:44:53 +0200 + +qemu (0.7.2-2) unstable; urgency=low + + [ Josh Triplett ] + * Add support for signal handling on PowerPC. (Closes: #335509) + - debian/patches/12_signal_powerpc_support.patch: New file. + + [ Guillem Jover ] + * Add Josh Triplett to Uploaders and packaging team. + * Fix PowerPC build failure by reintroducing the ppc linker script and + adding the missing _SDA_BASE_ and _SDA2_BASE_ symbols. (Closes: #336983) + * Remove invalid patch making X11 fail at runtime. + - debian/patches/20_net_socket.patch: Remove. + - debian/patches/32_syscall_sysctl.patch: Sync. + Thanks to Daniel Gimpelevich . + * Avoid the patch system to try until it applies. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Added patch level. + - debian/patches/12_signal_powerpc_support.patch: Likewise. + + -- Guillem Jover Wed, 21 Dec 2005 22:11:34 +0200 + +qemu (0.7.2-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #321232, #327168) + - debian/patches/12_signal_silent.patch: Integrated upstream, remove. + - debian/patches/50_ppc_ldscript.patch: Likewise. + - debian/patches/33_syscall_truncate64.patch: Likewise. + - debian/patches/01_doc_typos.patch: Resync with upstream. + - debian/patches/04_do_not_print_rtc_freq_if_ok.patch: Likewise. + - debian/patches/05_non-fatal_if_linux_hd_missing.patch: Likewise. + - debian/patches/10_signal_jobs.patch: Likewise. + - debian/patches/11_signal_sigaction.patch: Likewise. + - debian/patches/20_net_socket.patch: Likewise. + - debian/patches/21_net_sockopt.patch: Likewise. + - debian/patches/22_net_tuntap_stall.patch: Likewise. + - debian/patches/30_syscall_ipc.patch: Likewise. + - debian/patches/31_syscalls.patch: Likewise. + - debian/patches/32_syscall_sysctl.patch: Likewise. + - debian/patches/40_fpu_arm_sigfpe.patch: Likewise. + * Repackaged upstream source to deal with binaries w/o sources. + - pc-bios/video.x: New file removed. + * Create a new qemu-user(1) manpage and link all user emulator manpages + to it. (Closes: #335163) + * Add missing '-' and '=' keycodes for sendkey command. + - debian/patches/50_missing_keycodes.patch: New file. (Closes: #334071) + Thanks to Robert Millan . + * Add manpage link for qemu-system-mips. + * Make sysctl byte-swap the name values. + - debian/patches/32_syscall_sysctl.patch: Merge patch. (Closes: #334458) + Thanks to Josh Triplett . + * Change documentation menu section to "Apps/Emulators". (Closes: #335062) + Thanks to Frans Pop . + * On PowerPC, do not zero registers r7-r31 in do_fork and zero register r3. + Fixing segfaults on programs using the clone syscall. + - debian/patches/33_syscall_ppc_clone.patch: New file. (Closes: #335159) + Thanks to Josh Triplett + and Paul Brook . + * Tighten vgabios and bochsbios versioned Depends. + * Add video.x to the list of roms to touch to make qemu Makefile happy. + * Add lintian overrides for the user emulators being shlib-with-non-pic-code. + * Wrap lines in debian/control fields (knowingly breaking policy). + + [ Guilherme de S. Pastore ] + * debian/control: + - Updated my e-mail address. + * debian/copyright: + - Dropped AndrĂ© from team members list, not a single contribution ever. + + -- Guillem Jover Mon, 31 Oct 2005 05:01:45 +0200 + +qemu (0.7.0-4) unstable; urgency=low + + [ Guillem Jover ] + * Rebuild source with locally deborked dpkg-source. (Closes: #321019) + * Added the location of the Subversion repo used for the packages and + fixed the upstream URL in debian/copyright. + * Lower case title header in qemu-make-debian-root man page. + * Use dd instead of cat to generate the qemu debian root image. + (Closes: #315952) + + -- Guillem Jover Wed, 3 Aug 2005 05:53:30 +0300 + +qemu (0.7.0-3) unstable; urgency=low + + [ Guillem Jover ] + * Update watch file to version 3, use perlre and new upstream site. + * Now using Standards-Version 3.6.2 (no changes needed). + * Fix TUN/TAP network interface stalling the connection. (Closes: #290569) + Thanks to Vitaly Belostotsky . + * Link against librt, needed by the new clock_gettime syscall. + - debian/patches/31_syscalls.patch: Update. (Closes: #315388) + Thanks to Timo Savola for noticing. + * Force Build-Dependency on binutils >= 2.16-1 needed by the amd64 and + powerpc linker scripts. (Closes: #262655) + * Force usage of gcc-3.4. (Closes: #319527) + * Add missing Build-Dependency on zlib1g-dev. + Thanks to Reinhard Tartler . + * Include in syscall.c to avoid the broken headers in + linux-kernel-headers 2.6.12. + - debian/patches/34_syscalls_types.patch: New file. + Thanks to Octavian Cerna . + * Fix powerpc linker script. + - debian/patches/50_ppc_ldscript.patch: New file. + Thanks to Octavian Cerna . + + -- Guillem Jover Mon, 1 Aug 2005 02:48:09 +0300 + +qemu (0.7.0-2) unstable; urgency=low + + [ Guillem Jover ] + * Add alpha, sparc, arm and s390 to Architectures (and to the + libgpmg1-dev Build-Depends). + + * Forward SIGSTOP and SIGCONT sent to QEMU to the emulated application. + - debian/patches/10_signal_jobs.patch: New file. + Thanks to Ulrich Hecht. + * Return EINVAL on emulated sigaction when given invalid signal + parameters SIGKILL and SIGSTOP. + - debian/patches/11_signal_sigaction.patch: New fle. + Thanks to Valtteri Rahkonen. + * Do not print messsages for uncaught signal, thus fixing the case + were some applications want to kill their siblings. + - debian/patches/12_signal_silent.patch: New file. + Thanks to Valtteri Rahkonen + + * Fix Unix sockets by handling correctly AF_UNIX socket address + structure length. + - debian/patches/20_net_socket.patch: New file. + Thanks to Timo Savola. + * Implement SO_LINGER, SO_RCVTIMEO, SO_SNDTIMEO, SO_PEERNAME and + SO_PEERCRED getsockoptions. + - debian/patches/21_net_sockopt.patch: New file. + Thanks to Valtteri Rahkonen. + + * Implement SysV IPC message and semaphore syscalls. + - debian/patches/30_syscall_ipc.patch: New file. + Thanks to Valtteri Rahkonen. + * Implement acct, umount2, uselib, swapon, syslog, ftruncate64, + mincore, madvise, readahead and clock_gettime syscalls. + - debian/patches/31_syscalls.patch: New file. + Thanks to Ulrich Hecht. + * Implement sysctl CTL_KERN/KERN_VERSION + - debian/patches/32_syscall_sysctl.patch: New file. + Thanks to Timo Savola. + * Implement truncate64 syscall. + - debian/patches/33_syscall_truncate64.patch: New file. + Thanks to Valtteri Rahkonen. + + * Implement ARM floating point exeption emulation. + - debian/patches/40_fpu_arm_sigfpe.patch: New file. + Thanks to Ulrich Hecht. + + -- Guillem Jover Sun, 19 Jun 2005 15:05:37 +0300 + +qemu (0.7.0-1) experimental; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #308459, #308494) + * Do not require a disk image when booting a Linux kernel. (Closes: #260935) + Thanks to Jonas Smedegaard . + + [ Guilherme de S. Pastore ] + * Rewrote README.Debian for more clarity + * Add support for amd64 as a host architecture. (Closes: #262655) + - Add build-depend on libgpmg1-dev on amd64. + * Fixed qemu-make-debian-root so that it shows the name by which + it was called on the usage notice, not "%s". (Closes: #303507) + Thanks to Micah Anderson . + + [ Elrond ] + * Clean up more files, so they don't end up in the final .diff.gz + * Switch to external proll and openhackware: + - Instead of patching qemu's Makefile, trick it by giving it empty + files to install and remove them straight after install. + - Don't ship the roms in debian/roms any more! + - Instead add more symlinks. + - Update Depends: apropiately. + + -- Guillem Jover Fri, 27 May 2005 02:06:20 +0300 + +qemu (0.6.1+20050407-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream snapshot. + - Fix -user-net. (Closes: #295019) + - Fix win2k and winxp image booting. (Closes: #285170, #292707) + - Fix installation of outdated documentation. (Closes: #286931) + - Provide qemu-img instead of qemu-mkcow. (Closes: #290713) + - Remove debian/patches/05_fix_openpic_timer_test.patch, integrated + upstream. + - Remove debian/patches/02_selectable_sdl_keyboard.patch, superseded + by new keyboard implementation. (Closes: #284510, #299432) + - Remove debian/patches/01_mkcow_section_and_hyphens.patch. + - Conditionalize qemu -g option for some architectures. (Closes: #298988) + * Added new copyright year to debian/copyright. + * Added initial qemu-make-debian-root man page. (Closes: #286932) + * Fixed typos in qemu documentation. (Closes: #301933) + Thanks to A Costa . + * Added Elrond to Uploaders and packaging team. + * Use the default target list: + - Do not build qemu-fast anymore as it is deprecated upstream anyway. + (Closes: #278602, #281510) + - New targets armeb and system-x86_64. + * Updated ROM images under debian/roms/: + - OpenHackWare 0.4. + - Proll 18 with qemu specific patches. + * Remove uudecoded files from pc-bios/ on clean. + * Fix qemu-make-debian-root to behave correctly even if the needed + Recommends are not installed. + + [ Guilherme de S. Pastore ] + * Create a doc-base entry for the package (Closes: #290669) + * debian/control: + - Add debootstrap to the 'Recommends: ' line, as needed by + qemu-make-debian-root (Closes: #302848) + - Moved sharutils from dependency to recommendation, as it is only + needed by qemu-make-debian-root + * debian/docs: + - Do not include README.distrib in the binary package (Closes: #302853) + + [ Elrond ] + * Replace "libgpmg1-dev | not+linux-gnu" by "libgpmg1-dev [i386 powerpc]" + in Build-Depends. qemu should not need to build-depend on it anyway, the + real problem is described in Bug#267174. When it is solved, we can + remove our dependency. Until then please remember to add any arch, which + we will build on and that has gpm. This change hopefully calms: + + * Add versions to the dependencies on bochsbios and vgabios + (Closes: #288997): + - vgabios: Use the current version from testing/unstable (0.4c+20041014-1), + according to Frans Pop , this fixed those + "blank screen" problems. + - bochsbios: Use the current version from unstable (2.1.1+20041109-3), as + Guillem Jover fixed the networking in that version. + + -- Guillem Jover Thu, 7 Apr 2005 01:26:01 +0300 + +qemu (0.6.1-1) unstable; urgency=low + + [ Guillem Jover ] + * New upstream release. (Closes: #281626) + - Booting from drive b is not supported anymore. (Closes: #275679) + - Fix ne2k network interface that was not working in some situations. + (Closes: #281862) + - Remove debian/patches/06_build_gcc3.4.patch, fixed upstream. + - Remove debian/patches/04_lfs.patch, fixed upstream. + - Remove debian/patches/02_fix_powerpc_FTBFS.patch, fixed upstream. + - Remove debian/patches/00_escape_manpage_hyphens.patch, not needed. + - Sync debian/patches/03_use_external_bios.patch. + * Include uuencoded source for proll 18, some build fixes and its binary + proll.bin on debian/roms/. + * Suggests sudo to be used by the qemu-ifup script. + Thanks to Elrond . + * Make sudo in qemu-ifup explain what the password is for. (Closes: #281380) + * Add an option to select the method to convert keyevent to keycode + in the SDL keyboard handling code. Added support for Right Shift in the + generic handler. (Closes: #282658) + Thanks to Elrond . + * Do not set RTC frequency to 1024 or warn about this if it has already + the correct value. (Closes: #281403) + * Enabled sparc-softmmu support. + + -- Guillem Jover Sat, 27 Nov 2004 23:23:49 +0100 + +qemu (0.6.0.dfsg.2-1) unstable; urgency=low + + [ Guillem Jover ] + * Repackaged upstream source to remove external included files. + - pc-bios/ppc-rom.bin: Removed. + - pc-bios/OpenHackWare_0.3.tar.bz2: Likewise. + - pc-bios/vgabios.bin: Likewise. + - pc-bios/vgabios-cirrus.bin: Likewise. + - pc-bios/vgabios-cvs-2004-06-17.tgz: Likewise. + * Include uuencoded source for OpenHackWare 0.3.1 and its binary + ppc-rom.bin on debian/roms/. Add a Build-Depends on sharutils. + * Update tundev.c. Pass -tun-dev to qemu without the equal sign. + Thanks to Isaac Clerencia . + * Fix README.Debian to point to the renamed qemu-make-debian-root. + * Add Depends on sharutils needed by qemu-make-debian-root. + (Closes: #272130) + * Use and depend on vgabios package, which is in sync with bochsbios + that checks for rom bios checksums. (Closes: #281202) + * Enable LFS globally, thus fixing problems with qemu-mkcow when using + an existing large image. + (Closes: #279925) + * Fix openpic timer write test, catched from a warning about a constant + value larger than the type it was casted to. + * Fix build failure with gcc 3.4. Patch stolen from Gentoo BTS. + + -- Guillem Jover Mon, 15 Nov 2004 10:46:54 +0100 + +qemu (0.6.0.dfsg.1-1) unstable; urgency=high + + [ Guillem Jover ] + * Repackaged upstream source to deal with binaries w/o sources. + (Closes: #268780) + - pc-bios/bios.bin: Removed binary without source. Now using + bochsbios package. + - pc-bios/vgabios.bin: Rebuilt from vgabios cvs 2004-06-17 snapshot, + source included. + - pc-bios/vgabios-cirrus.bin: Likewise. + - pc-bios/ppc-rom.bin: Rebuilt on voltaire, source included. + - pc-bios/linux_boot.bin: Rebuilt from source. + * Move make-debian-root.sh to /usr/sbin/qemu-make-debian-root. + (Closes: #268705) + + -- Guillem Jover Mon, 13 Sep 2004 01:28:54 +0200 + +qemu (0.6.0-2) unstable; urgency=high + + [ Guilherme de S. Pastore ] + * Fixed dangling symlinks under /usr/share/man/man1. (Closes: #264764) + + [ Guillem Jover ] + * Fix FTBFS on powerpc. + - debian/patches/02_fix_powerpc_FTBFS.patch: New file. + + -- Guillem Jover Wed, 18 Aug 2004 15:50:43 +0200 + +qemu (0.6.0-1) unstable; urgency=medium + + * New maintainers. (Closes: #258900) + * New upstream release. (Closes: #258732) + - Installs ppc BIOS ROM file. (Closes: #257492) + - Builds with -fno-strict-aliasing. (Closes: #257123) + + [ Guilherme de S. Pastore ] + * debian/rules: + - Cleaned up. + - Ported to use CDBS. + * 00_escape_manpage_hyphens.patch: + - Correct a little typo and escape hyphens in upstream manpage. + * 01_mkcow_section_and_hyphens.patch: + - Fix section mismatch and escape hyphens in the qemu-mkcow manpage. + * Added simple /etc/qemu-ifup helper script. (Closes: #245281) + Thanks to Martin Michlmayr . + * Cleaned debian/watch. + * UTF-8'ed debian/changelog. + * Updated Standards-Version to 3.6.1.1. + * Removed outdated and unnecessary debian/qemu-i386.sgml. + - Removed build dependency on docbook-to-man. + * Removed "x86" part from the description (hey, qemu is not x86-only + in any way). Deserves a complete rewrite, shall be done soon. + + [ Guillem Jover ] + * Lower-case package short description. + * Added missing CPU emulations to the description. + * Cleaned and updated debian/copyright. + * Removed manually added libx11-6 dependency. + * Only Build-Depends on libgpmg1-dev on GNU/Linux systems. + * Cosmetic unification to debian/changelog. + * debian/rules: + - Remove generated files. + - Give exec perms to qemu-ifup. + + -- Guillem Jover Sun, 8 Aug 2004 17:24:08 +0200 + +qemu (0.5.5-2) unstable; urgency=low + + * Re-enable SDL disabled while I was bugchasing. (Closes: #255014) + * Yes, this is really 0.5.5. (Closes: #254655) + * Enable slirp networking. (Closes: #253573) + * Add Build-Depends on libgpmg1-dev (found by Bastian Blank, probably breaks + Hurd but that's a problem for another day). + + -- Paul Russell Thu, 24 Jun 2004 06:26:42 +0200 + +qemu (0.5.5-1) unstable; urgency=low + + * New upstream release. (Closes: #237556, #237556) + * Applied patch to add options to make_debian_root.sh. (Closes: #238787) + * Applied patch for other archs: hmmm... (Closes: #251420) + * Do umount -d in make_debian_root.sh. (Closes: #251775) + + -- Paul Russell Tue, 1 Jun 2004 03:50:05 +0200 + +qemu (0.5.4-1) unstable; urgency=low + + * New upstream release. (Closes: #246634) + * qemu-mkcow included in upstream. + * Added tundev program source in doc, to see if people find it useful. + + -- Paul Russell Mon, 3 May 2004 08:14:49 +0200 + +qemu (0.5.3-1) unstable; urgency=low + + * New upstream release. (Closes: #237556) + * Use aalib-config --static-libs. (Closes: #243325) + * Document Control-Shift to release mouse pointer. (Closes: #238074) + + -- Paul Russell Tue, 13 Apr 2004 02:58:49 +0200 + +qemu (0.5.2-4) unstable; urgency=low + + * Fix PPC install (Michel Daenzer patch). (Closes: #238431) + * Simplify deps (might be wrong, but it's neater). (Closes: #238430) + + -- Paul Russell Wed, 17 Mar 2004 01:35:47 +0100 + +qemu (0.5.2-3) unstable; urgency=low + + * Make compile on woody. (Closes: #238163) + * Include qemu-doc.html. (Closes: #238076) + * Wrote qemu-i386 man page. (Closes: #238077) + + -- Paul Russell Mon, 15 Mar 2004 23:56:25 +0100 + +qemu (0.5.2-2) unstable; urgency=low + + * Fix build problem so bios.bin etc. can be found. (Closes: #237553) + + -- Paul Russell Fri, 12 Mar 2004 05:43:00 +0100 + +qemu (0.5.2-1) unstable; urgency=low + + * Initial Release. (Closes: #187407) + + -- Paul Russell Wed, 3 Mar 2004 02:18:54 +0100 + --- qemu-0.9.1.orig/debian/watch +++ qemu-0.9.1/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.qemu.org/download.html qemu-([\d.]*).tar.gz debian uupdate --- qemu-0.9.1.orig/debian/docs +++ qemu-0.9.1/debian/docs @@ -0,0 +1,4 @@ +README +TODO +qemu-doc.html +debian/tundev.c --- qemu-0.9.1.orig/debian/install +++ qemu-0.9.1/debian/install @@ -0,0 +1,3 @@ +debian/qemu-ifup etc/ +debian/qemu-make-debian-root usr/sbin/ +debian/overrides/qemu usr/share/lintian/overrides/ --- qemu-0.9.1.orig/debian/qemu.doc-base +++ qemu-0.9.1/debian/qemu.doc-base @@ -0,0 +1,12 @@ +Document: qemu-doc +Title: QEMU User Manual +Author: Fabrice Bellard +Abstract: The QEMU user manual intends to make the user understand what + qemu is/does, and to guide them through the first steps of getting + the emulator to work, documenting parameters and commands, among other + useful things. +Section: Emulators + +Format: HTML +Index: /usr/share/doc/qemu/qemu-doc.html +Files: /usr/share/doc/qemu/qemu-doc.html --- qemu-0.9.1.orig/debian/links +++ qemu-0.9.1/debian/links @@ -0,0 +1,40 @@ +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-alpha.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-cris.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-arm.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-armeb.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-i386.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-m68k.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-mips.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-mipsel.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-ppc.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-ppc64.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-ppc64abi32.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-sh4.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-sh4eb.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-sparc.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-sparc32plus.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-sparc64.1 +usr/share/man/man1/qemu-user.1 usr/share/man/man1/qemu-x86_64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-arm.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-cris.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-i386.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-m68k.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-mips.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-mips64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-mips64el.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-mipsel.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-ppc.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-ppc64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-ppcemb.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-sh4.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-sh4eb.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-sparc.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-sparc64.1 +usr/share/man/man1/qemu.1 usr/share/man/man1/qemu-system-x86_64.1 +usr/share/bochs/BIOS-qemu-latest usr/share/qemu/bios.bin +usr/share/vgabios/vgabios.bin usr/share/qemu/vgabios.bin +usr/share/vgabios/vgabios.cirrus.bin usr/share/qemu/vgabios-cirrus.bin +usr/share/proll/proll-qemu.elf usr/share/qemu/proll.elf +usr/share/openhackware/ppc_rom.bin usr/share/qemu/ppc_rom.bin +usr/share/openbios/openbios-sparc32 usr/share/qemu/openbios-sparc32 +usr/share/openbios/openbios-sparc64 usr/share/qemu/openbios-sparc64 --- qemu-0.9.1.orig/debian/compat +++ qemu-0.9.1/debian/compat @@ -0,0 +1 @@ +5 --- qemu-0.9.1.orig/debian/README.Debian +++ qemu-0.9.1/debian/README.Debian @@ -0,0 +1,25 @@ +qemu for Debian +--------------- + +The qemu debian package does not include the video.x file, which is +needed by qemu-system-ppc for some systems. The file is available from +the mac-on-linux project, and the sources are available on: + http://mac-on-linux.svn.sourceforge.net/viewvc/mac-on-linux/mac-drivers/video_driver/Makefile?revision=HEAD&view=markup + +They are not buildable on a Debian system though, hence video.x is not +present in the package. The qemu-system-ppc binary is still useful for +emulating a PReP platform, which does not need video.x. + + -- Aurelien Jarno Sun, 16 Mar 2008 19:17:39 +0100 + + +The qemu debian package includes a simple script called qemu-make-debian-root +under /usr/sbin, which uses debootstrap to create an image suitable for qemu +with a fresh Debian installation inside. + +If you just want a test system, not wanting to go through any installation +process, that might be just ideal. Take a look at the manual page +qemu-make-debian-root (8) for further usage instructions. + + -- Guilherme de S. Pastore , Sun May 15 09:49:11 2005 + --- qemu-0.9.1.orig/debian/copyright +++ qemu-0.9.1/debian/copyright @@ -0,0 +1,53 @@ +This package was debianized by Paul Russell on +Wed, 3 Mar 2004 02:18:54 +0100. + +Then maintained as part of the team by: + + Guilherme de S. Pastore + Elrond + Guillem Jover + +Now maintained as a team by: + + Aurelien Jarno + Josh Triplett + Riku Voipio + +The upstream source was downloaded from: + + + + All the binary blobs without sources contained in the pc-bios/ directory + in the original upstream tarball have been removed starting from Debian + package version 0.6.0.dfsg.1-1. Those roms which are free can be found + in split packages of their own, represented accordingly in the dependecy + relationships. + +Upstream Author: + + Fabrice Bellard + +Copyright: + + Copyright (C) 2003, 2004, 2005, 2006, 2007 Fabrice Bellard + +License: + + QEMU as a whole is released under the GNU General Public License. + On Debian systems, the complete text of the GNU General Public License + can be found in the file /usr/share/common-licenses/GPL. + + Parts of QEMU have specific licenses which are compatible with the + GNU General Public License. Hence each source file contains its own + licensing information. + + In particular, the QEMU virtual CPU core library (libqemu.a) is + released under the GNU Lesser General Public License. On Debian systems, + the complete text of the GNU Lesser General Public License can be found + in the file /usr/share/common-licenses/LGPL. + + Many hardware device emulation sources are released under the BSD license. + On Debian systems, the complete text of the BSD license be found in the + file /usr/share/common-licenses/BSD. + + --- qemu-0.9.1.orig/debian/TODO +++ qemu-0.9.1/debian/TODO @@ -0,0 +1,9 @@ +Just a small list of things not to forget for any new (upstream) release: + +* Make sure it works with the BIOS files in testing or otherwise raise the + dependency versions + +* If adding support for a new (host, not guest) arch: + Make sure to add it to the gpm Build-Dep (if that arch has gpm of course) + until Bug#267174 is solved. + --- qemu-0.9.1.orig/debian/qemu-user.1 +++ qemu-0.9.1/debian/qemu-user.1 @@ -0,0 +1,38 @@ +.\" $Id: qemu-user.1 234 2007-02-07 22:57:18Z guillem $ +.TH qemu\-user 1 2007-02-08 "0.9.0" Debian +.SH NAME +qemu\-user \- QEMU User Emulator +.SH SYNOPSIS +.B qemu\-user +.RI [ options ] +.I program +.RI [ program-arguments... ] +.SH DESCRIPTION +The +.B qemu\-user +emulator can run binaries for other architectures but with the same operating +system as the current one. +.SH OPTIONS +.TP +.BR \-h +Print this help. +.TP +.BR \-g +Wait gdb connection to port 1234. +.TP +.BR \-L " \fI\fP" +Set the elf interpreter prefix (default=\fI/usr/gnemul/qemu\-arm\fP). +.TP +.BR \-s " \fI\fP" +Set the stack size in bytes (default=\fI524288\fP). +.TP +.BR \-d " \fI\fP" +Activate log (logfile=\fI/tmp/qemu.log\fP) +.TP +.BR \-p " \fI\fP" +Set the host page size to 'pagesize'. +.SH SEE ALSO +.BR qemu (1), +.BR qemu\-img (1). +.SH AUTHOR +This manual page was written by Guillem Jover . --- qemu-0.9.1.orig/debian/qemu-make-debian-root +++ qemu-0.9.1/debian/qemu-make-debian-root @@ -0,0 +1,155 @@ +#! /bin/sh +# +# $Id: qemu-make-debian-root 351 2008-10-16 20:20:49Z aurel32 $ +# +# Script to make a debian root image. +# + +set -e + +which uudecode >/dev/null || { + echo "error: missing sharutils package" >&2 + exit 1 +} + +which debootstrap >/dev/null || { + echo "error: missing debootstrap package" >&2 + exit 1 +} + +KEEPFS=0 +if [ "$1" = "-k" ] || [ "$2" = "-k" ]; then + KEEPFS=1 + shift +fi + +SPARSE=0 +if [ "$1" = "-s" ] || [ "$2" = "-s" ]; then + SPARSE=1 + shift +fi + +if [ $# -lt 4 ]; then + echo Usage: "$0 [-k] size-in-MB distrib deburl image [files_to_copy_in_/root]" >&2 + echo "eg $0 150 sid http://proxy:10000/debian qemu" >&2 + exit 1 +fi + +SIZE=$1 +DISTRO=$2 +URL=$3 +IMAGE=$4 +shift 4 + +# now files to copy are in "$@". We don't put them in a variable +# because that would coufuse spaces-in-filenames with +# whitespace-separation. + + +if [ $SIZE -lt 130 ]; then + echo 'Size must be at least 130 megabytes (Debian unstable takes 100)' >&2 + exit 1 +fi + +cleanup() +{ + echo Cleaning up... >&2 + umount -d $TMP_DIR || true + rm -f $IMAGE.ext2 $IMAGE +} + +trap cleanup EXIT + +HEADS=16 +SECTORS=63 +# 512 bytes in a sector: cancel the 512 with one of the 1024s... +CYLINDERS=$(( $SIZE * 1024 * 2 / ($HEADS * $SECTORS) )) + +# Create a filesystem: one track for partition table. +if [ "$SPARSE" = "1" ]; then + dd bs=$(($SECTORS * 512)) if=/dev/zero of=$IMAGE.ext2 count=1 seek=$(($CYLINDERS * $HEADS - 2)) +else + dd bs=$(($SECTORS * 512)) if=/dev/zero of=$IMAGE.ext2 count=$(($CYLINDERS * $HEADS - 1)) +fi + +mke2fs -q -m1 -F $IMAGE.ext2 + +TMP_DIR="$(mktemp -d /tmp/mount.XXXXXX)" || \ + { echo >&2 "Failed to create temporary directory"; exit 1; } + +# Mount it. +mount -o loop $IMAGE.ext2 $TMP_DIR + +# Do debian install on it. +#debootstrap --exclude=syslinux,at,exim,mailx,libstdc++2.10-glibc2.2,mbr,setserial,fdutils,info,ipchains,lilo,pcmcia-cs,ppp,pppoe,pppoeconf,pppconfig $DISTRO $TMP_DIR $URL +debootstrap --exclude=syslinux,at,exim,mailx,libstdc++2.10-glibc2.2,mbr,setserial,fdutils,info,ipchains,iptables,lilo,pcmcia-cs,ppp,pppoe,pppoeconf,pppconfig,wget,telnet,cron,logrotate,exim4,exim4-base,exim4-config,exim4-daemon-light,pciutils,modconf,tasksel $DISTRO $TMP_DIR $URL + +# Final configuration. +cat > $TMP_DIR/etc/fstab < $TMP_DIR/etc/inittab.new +mv $TMP_DIR/etc/inittab.new $TMP_DIR/etc/inittab + +# Set hostname to base of image name. +basename $IMAGE > $TMP_DIR/etc/hostname + +# Create /etc/shadow +chroot $TMP_DIR pwconv + +# Set root password to "root" +sed 's/^root:[^:]*/root:$1$aybpiIGf$cB7iFDNZvViQtQjEZ5HFQ0/' < $TMP_DIR/etc/shadow > $TMP_DIR/etc/shadow.new +mv $TMP_DIR/etc/shadow.new $TMP_DIR/etc/shadow + +# Remove packages we don't need +chroot $TMP_DIR /usr/bin/dpkg --remove console-common console-tools console-data base-config man-db manpages +# Try to remove all libraries: some won't be removable. +chroot $TMP_DIR dpkg --remove `chroot $TMP_DIR dpkg --get-selections | sed -n 's/^\(lib[^ \t]*\)[\t ]*install/\1/p'` 2>/dev/null || true + + +# Copy wanted files to /root if asked to +if [ $# -gt 0 ]; then + cp -a "$@" $TMP_DIR/root/ +fi +umount -d $TMP_DIR + +# Create file with partition table. +uudecode -o- << "EOF" | gunzip > $IMAGE +begin 664 partition-table.gz +M'XL("*_<##\"`W!A +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Tiny code to open tap/tun device, and hand the fd to qemu. + Run as root, drops to given user. */ +int main(int argc, char *argv[]) +{ + struct ifreq ifr; + struct passwd *p; + unsigned int i; + char *newargs[argc + 1]; + int fd; + + if (argc < 4) { + fprintf(stderr, + "Usage: tundev user logfile qemu ...\n"); + exit(1); + } + + fd = open("/dev/net/tun", O_RDWR); + if (fd < 0) { + perror("Could not open /dev/net/tun"); + exit(1); + } + + memset(&ifr, 0, sizeof(ifr)); + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + strncpy(ifr.ifr_name, "tun%d", IFNAMSIZ); + if (ioctl(fd, TUNSETIFF, (void *) &ifr) != 0) { + perror("Could not get tun device"); + exit(1); + } + + /* Set userid. */ + p = getpwnam(argv[1]); + if (!p) { + fprintf(stderr, "No user '%s'\n", argv[1]); + exit(1); + } + setgroups(0, NULL); + setgid(p->pw_gid); + if (setuid(p->pw_uid) != 0) { + perror("setting uid"); + exit(1); + } + + /* Insert -tun-fd */ + newargs[0] = argv[3]; + newargs[1] = "-tun-fd"; + asprintf(&newargs[2], "%d", fd); + for (i = 4; i <= argc; i++) + newargs[i-1] = argv[i]; + + if (strcmp(argv[2], "-") == 0) { + execvp(newargs[0], newargs); + exit(1); + } + + switch (fork()) { + case 0: { + close(1); + close(2); + open(argv[2], O_WRONLY|O_APPEND); + open(argv[2], O_WRONLY|O_APPEND); + close(0); + execvp(newargs[0], newargs); + exit(1); + } + case -1: + perror("fork failed"); + exit(1); + } + printf("%s\n", ifr.ifr_name); + exit(0); +} --- qemu-0.9.1.orig/debian/overrides/qemu +++ qemu-0.9.1/debian/overrides/qemu @@ -0,0 +1,7 @@ +qemu: shlib-with-non-pic-code usr/bin/qemu-ppc +qemu: shlib-with-non-pic-code usr/bin/qemu-sparc +qemu: shlib-with-non-pic-code usr/bin/qemu-i386 +qemu: shlib-with-non-pic-code usr/bin/qemu-arm +qemu: shlib-with-non-pic-code usr/bin/qemu-armeb +qemu: shlib-with-non-pic-code usr/bin/qemu-mips +qemu: shlib-with-non-pic-code usr/bin/qemu-mipsel --- qemu-0.9.1.orig/debian/patches/05_non-fatal_if_linux_hd_missing.patch +++ qemu-0.9.1/debian/patches/05_non-fatal_if_linux_hd_missing.patch @@ -0,0 +1,13 @@ +Index: qemu-0.9.1/hw/pc.c +=================================================================== +--- qemu-0.9.1.orig/hw/pc.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/pc.c 2008-04-14 11:27:35.000000000 +0200 +@@ -388,7 +388,7 @@ + hda = drive_get_index(IF_IDE, 0, 0); + if (hda == -1) { + fprintf(stderr, "A disk image must be given for 'hda' when booting " +- "a Linux kernel\n"); ++ "a Linux kernel\n(if you really don't want it, use /dev/zero)\n"); + exit(1); + } + --- qemu-0.9.1.orig/debian/patches/35_syscall_sockaddr.patch +++ qemu-0.9.1/debian/patches/35_syscall_sockaddr.patch @@ -0,0 +1,69 @@ +Index: qemu-0.9.1/linux-user/syscall.c +=================================================================== +--- qemu-0.9.1.orig/linux-user/syscall.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/syscall.c 2008-04-14 11:27:36.000000000 +0200 +@@ -54,6 +54,7 @@ + //#include + #include + #include ++#include + #include + + #define termios host_termios +@@ -646,14 +647,17 @@ + + static inline abi_long target_to_host_sockaddr(struct sockaddr *addr, + abi_ulong target_addr, +- socklen_t len) ++ socklen_t *target_len) + { ++ const socklen_t len = sizeof (struct sockaddr_un); + struct target_sockaddr *target_saddr; + +- target_saddr = lock_user(VERIFY_READ, target_addr, len, 1); ++ target_saddr = lock_user(VERIFY_READ, target_addr, *target_len, 1); + if (!target_saddr) + return -TARGET_EFAULT; +- memcpy(addr, target_saddr, len); ++ if (target_saddr->sa_family == AF_UNIX && *target_len > len) ++ *target_len = len; ++ memcpy(addr, target_saddr, *target_len); + addr->sa_family = tswap16(target_saddr->sa_family); + unlock_user(target_saddr, target_addr, 0); + +@@ -1198,7 +1202,7 @@ + { + void *addr = alloca(addrlen); + +- target_to_host_sockaddr(addr, target_addr, addrlen); ++ target_to_host_sockaddr(addr, target_addr, &addrlen); + return get_errno(bind(sockfd, addr, addrlen)); + } + +@@ -1208,7 +1212,7 @@ + { + void *addr = alloca(addrlen); + +- target_to_host_sockaddr(addr, target_addr, addrlen); ++ target_to_host_sockaddr(addr, target_addr, &addrlen); + return get_errno(connect(sockfd, addr, addrlen)); + } + +@@ -1233,7 +1237,7 @@ + msg.msg_namelen = tswap32(msgp->msg_namelen); + msg.msg_name = alloca(msg.msg_namelen); + target_to_host_sockaddr(msg.msg_name, tswapl(msgp->msg_name), +- msg.msg_namelen); ++ &msg.msg_namelen); + } else { + msg.msg_name = NULL; + msg.msg_namelen = 0; +@@ -1365,7 +1369,7 @@ + return -TARGET_EFAULT; + if (target_addr) { + addr = alloca(addrlen); +- target_to_host_sockaddr(addr, target_addr, addrlen); ++ target_to_host_sockaddr(addr, target_addr, &addrlen); + ret = get_errno(sendto(fd, host_msg, len, flags, addr, addrlen)); + } else { + ret = get_errno(send(fd, host_msg, len, flags)); --- qemu-0.9.1.orig/debian/patches/31_syscalls.patch +++ qemu-0.9.1/debian/patches/31_syscalls.patch @@ -0,0 +1,55 @@ +Index: qemu-0.9.1/linux-user/syscall.c +=================================================================== +--- qemu-0.9.1.orig/linux-user/syscall.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/syscall.c 2008-04-14 11:27:37.000000000 +0200 +@@ -252,6 +252,7 @@ + extern int setresgid(gid_t, gid_t, gid_t); + extern int getresgid(gid_t *, gid_t *, gid_t *); + extern int setgroups(int, gid_t *); ++extern int uselib(const char*); + + #define ERRNO_TABLE_SIZE 1200 + +@@ -4139,7 +4140,8 @@ + #endif + #ifdef TARGET_NR_uselib + case TARGET_NR_uselib: +- goto unimplemented; ++ ret = get_errno(uselib(path((const char*)arg1))); ++ break; + #endif + #ifdef TARGET_NR_swapon + case TARGET_NR_swapon: +@@ -5406,7 +5408,8 @@ + goto unimplemented; + #ifdef TARGET_NR_mincore + case TARGET_NR_mincore: +- goto unimplemented; ++ ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3)); ++ break; + #endif + #ifdef TARGET_NR_madvise + case TARGET_NR_madvise: +@@ -5546,7 +5549,8 @@ + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: +- goto unimplemented; ++ ret = get_errno(readahead((int)arg1, (off64_t)arg2, (size_t)arg3)); ++ break; + #endif + #ifdef TARGET_NR_setxattr + case TARGET_NR_setxattr: +Index: qemu-0.9.1/Makefile.target +=================================================================== +--- qemu-0.9.1.orig/Makefile.target 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/Makefile.target 2008-04-14 11:27:19.000000000 +0200 +@@ -228,7 +228,7 @@ + ######################################################### + + CPPFLAGS+=-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE +-LIBS+=-lm ++LIBS+=-lm -lrt + ifndef CONFIG_USER_ONLY + LIBS+=-lz + endif --- qemu-0.9.1.orig/debian/patches/88_dma.patch +++ qemu-0.9.1/debian/patches/88_dma.patch @@ -0,0 +1,70 @@ +commit 43b0a943462c2620569776cc43e5b3fa04a73a3a +Author: aurel32 +Date: Sat Mar 29 12:15:35 2008 +0000 + + IDE: Improve DMA transfers by increasing the buffer size + + (Ian Jackson) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4132 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/hw/ide.c +=================================================================== +--- qemu-0.9.1.orig/hw/ide.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/ide.c 2008-04-14 11:26:14.000000000 +0200 +@@ -202,6 +202,12 @@ + /* set to 1 set disable mult support */ + #define MAX_MULT_SECTORS 16 + ++#define IDE_DMA_BUF_SECTORS 256 ++ ++#if (IDE_DMA_BUF_SECTORS < MAX_MULT_SECTORS) ++#error "IDE_DMA_BUF_SECTORS must be bigger or equal to MAX_MULT_SECTORS" ++#endif ++ + /* ATAPI defines */ + + #define ATAPI_PACKET_SIZE 12 +@@ -847,8 +853,8 @@ + + /* launch next transfer */ + n = s->nsector; +- if (n > MAX_MULT_SECTORS) +- n = MAX_MULT_SECTORS; ++ if (n > IDE_DMA_BUF_SECTORS) ++ n = IDE_DMA_BUF_SECTORS; + s->io_buffer_index = 0; + s->io_buffer_size = n * 512; + #ifdef DEBUG_AIO +@@ -946,8 +952,8 @@ + + /* launch next transfer */ + n = s->nsector; +- if (n > MAX_MULT_SECTORS) +- n = MAX_MULT_SECTORS; ++ if (n > IDE_DMA_BUF_SECTORS) ++ n = IDE_DMA_BUF_SECTORS; + s->io_buffer_index = 0; + s->io_buffer_size = n * 512; + +@@ -1241,8 +1247,8 @@ + data_offset = 16; + } else { + n = s->packet_transfer_size >> 11; +- if (n > (MAX_MULT_SECTORS / 4)) +- n = (MAX_MULT_SECTORS / 4); ++ if (n > (IDE_DMA_BUF_SECTORS / 4)) ++ n = (IDE_DMA_BUF_SECTORS / 4); + s->io_buffer_size = n * 2048; + data_offset = 0; + } +@@ -2434,7 +2440,7 @@ + + for(i = 0; i < 2; i++) { + s = ide_state + i; +- s->io_buffer = qemu_memalign(512, MAX_MULT_SECTORS*512 + 4); ++ s->io_buffer = qemu_memalign(512, IDE_DMA_BUF_SECTORS*512 + 4); + if (i == 0) + s->bs = hd0; + else --- qemu-0.9.1.orig/debian/patches/84_rtl8139.patch +++ qemu-0.9.1/debian/patches/84_rtl8139.patch @@ -0,0 +1,122 @@ +commit 1104c4b774c263da3d9f6e463d20bbc096e72b00 +Author: aurel32 +Date: Thu Mar 13 19:17:40 2008 +0000 + + rtl8139: fix endianness on big endian targets + + On big endian targets with mmio accesses, the values are not always + swapped, depending on the accessed register. The Linux 8139too module + was able to cope with that, but not the 8139cp one. + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4045 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/hw/rtl8139.c +=================================================================== +--- qemu-0.9.1.orig/hw/rtl8139.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/rtl8139.c 2008-04-14 11:26:14.000000000 +0200 +@@ -2735,13 +2735,8 @@ + default: + DEBUG_PRINT(("RTL8139: ioport write(w) addr=0x%x val=0x%04x via write(b)\n", addr, val)); + +-#ifdef TARGET_WORDS_BIGENDIAN +- rtl8139_io_writeb(opaque, addr, (val >> 8) & 0xff); +- rtl8139_io_writeb(opaque, addr + 1, val & 0xff); +-#else + rtl8139_io_writeb(opaque, addr, val & 0xff); + rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff); +-#endif + break; + } + } +@@ -2802,17 +2797,10 @@ + + default: + DEBUG_PRINT(("RTL8139: ioport write(l) addr=0x%x val=0x%08x via write(b)\n", addr, val)); +-#ifdef TARGET_WORDS_BIGENDIAN +- rtl8139_io_writeb(opaque, addr, (val >> 24) & 0xff); +- rtl8139_io_writeb(opaque, addr + 1, (val >> 16) & 0xff); +- rtl8139_io_writeb(opaque, addr + 2, (val >> 8) & 0xff); +- rtl8139_io_writeb(opaque, addr + 3, val & 0xff); +-#else + rtl8139_io_writeb(opaque, addr, val & 0xff); + rtl8139_io_writeb(opaque, addr + 1, (val >> 8) & 0xff); + rtl8139_io_writeb(opaque, addr + 2, (val >> 16) & 0xff); + rtl8139_io_writeb(opaque, addr + 3, (val >> 24) & 0xff); +-#endif + break; + } + } +@@ -2958,13 +2946,8 @@ + default: + DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x via read(b)\n", addr)); + +-#ifdef TARGET_WORDS_BIGENDIAN +- ret = rtl8139_io_readb(opaque, addr) << 8; +- ret |= rtl8139_io_readb(opaque, addr + 1); +-#else + ret = rtl8139_io_readb(opaque, addr); + ret |= rtl8139_io_readb(opaque, addr + 1) << 8; +-#endif + + DEBUG_PRINT(("RTL8139: ioport read(w) addr=0x%x val=0x%04x\n", addr, ret)); + break; +@@ -3031,17 +3014,10 @@ + default: + DEBUG_PRINT(("RTL8139: ioport read(l) addr=0x%x via read(b)\n", addr)); + +-#ifdef TARGET_WORDS_BIGENDIAN +- ret = rtl8139_io_readb(opaque, addr) << 24; +- ret |= rtl8139_io_readb(opaque, addr + 1) << 16; +- ret |= rtl8139_io_readb(opaque, addr + 2) << 8; +- ret |= rtl8139_io_readb(opaque, addr + 3); +-#else + ret = rtl8139_io_readb(opaque, addr); + ret |= rtl8139_io_readb(opaque, addr + 1) << 8; + ret |= rtl8139_io_readb(opaque, addr + 2) << 16; + ret |= rtl8139_io_readb(opaque, addr + 3) << 24; +-#endif + + DEBUG_PRINT(("RTL8139: read(l) addr=0x%x val=%08x\n", addr, ret)); + break; +@@ -3091,11 +3067,17 @@ + + static void rtl8139_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val) + { ++#ifdef TARGET_WORDS_BIGENDIAN ++ val = bswap16(val); ++#endif + rtl8139_io_writew(opaque, addr & 0xFF, val); + } + + static void rtl8139_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val) + { ++#ifdef TARGET_WORDS_BIGENDIAN ++ val = bswap32(val); ++#endif + rtl8139_io_writel(opaque, addr & 0xFF, val); + } + +@@ -3106,12 +3088,20 @@ + + static uint32_t rtl8139_mmio_readw(void *opaque, target_phys_addr_t addr) + { +- return rtl8139_io_readw(opaque, addr & 0xFF); ++ uint32_t val = rtl8139_io_readw(opaque, addr & 0xFF); ++#ifdef TARGET_WORDS_BIGENDIAN ++ val = bswap16(val); ++#endif ++ return val; + } + + static uint32_t rtl8139_mmio_readl(void *opaque, target_phys_addr_t addr) + { +- return rtl8139_io_readl(opaque, addr & 0xFF); ++ uint32_t val = rtl8139_io_readl(opaque, addr & 0xFF); ++#ifdef TARGET_WORDS_BIGENDIAN ++ val = bswap32(val); ++#endif ++ return val; + } + + /* */ --- qemu-0.9.1.orig/debian/patches/66_tls_ld.patch +++ qemu-0.9.1/debian/patches/66_tls_ld.patch @@ -0,0 +1,50 @@ +Index: arm.ld +=================================================================== +--- arm.ld.orig 2008-01-06 20:38:41.000000000 +0100 ++++ arm.ld 2008-04-14 11:26:14.000000000 +0200 +@@ -26,6 +26,10 @@ + { *(.rel.rodata) *(.rel.gnu.linkonce.r*) } + .rela.rodata : + { *(.rela.rodata) *(.rela.gnu.linkonce.r*) } ++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) } ++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) } ++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) } ++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) } + .rel.got : { *(.rel.got) } + .rela.got : { *(.rela.got) } + .rel.ctors : { *(.rel.ctors) } +@@ -58,6 +62,9 @@ + .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } + __exidx_end = .; + .reginfo : { *(.reginfo) } ++ /* Thread Local Storage sections */ ++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) } ++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } + /* Adjust the address for the data segment. We want to adjust up to + the same address within the page on the next page up. */ + . = ALIGN(0x100000) + (. & (0x100000 - 1)); +Index: i386.ld +=================================================================== +--- i386.ld.orig 2008-01-06 20:38:42.000000000 +0100 ++++ i386.ld 2008-04-14 11:26:14.000000000 +0200 +@@ -28,6 +28,10 @@ + { *(.rel.rodata) *(.rel.gnu.linkonce.r*) } + .rela.rodata : + { *(.rela.rodata) *(.rela.gnu.linkonce.r*) } ++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) } ++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) } ++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) } ++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) } + .rel.got : { *(.rel.got) } + .rela.got : { *(.rela.got) } + .rel.ctors : { *(.rel.ctors) } +@@ -53,6 +57,9 @@ + _etext = .; + PROVIDE (etext = .); + .fini : { *(.fini) } =0x47ff041f ++ /* Thread Local Storage sections */ ++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) } ++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) } + . = ALIGN(32 / 8); + PROVIDE (__preinit_array_start = .); + .preinit_array : { *(.preinit_array) } --- qemu-0.9.1.orig/debian/patches/91_security.patch +++ qemu-0.9.1/debian/patches/91_security.patch @@ -0,0 +1,134 @@ +Patch based on commit 6677 of upstream SVN. It fixes CVE-2008-0928. + +diff -Nurdp qemu-0.9.1.orig/block.c qemu-0.9.1/block.c +--- qemu-0.9.1.orig/block.c 2009-05-03 13:50:53.000000000 +0200 ++++ qemu-0.9.1/block.c 2009-05-03 14:09:42.000000000 +0200 +@@ -312,6 +312,7 @@ int bdrv_file_open(BlockDriverState **pb + bdrv_delete(bs); + return ret; + } ++ bs->growable = 1; + *pbs = bs; + return 0; + } +@@ -496,6 +497,39 @@ int bdrv_commit(BlockDriverState *bs) + return 0; + } + ++static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset, ++ size_t size) ++{ ++ int64_t len; ++ ++ if (!bdrv_is_inserted(bs)) ++ return -ENOMEDIUM; ++ ++ if (bs->growable) ++ return 0; ++ ++ len = bdrv_getlength(bs); ++ ++ if ((offset + size) > len) ++ return -EIO; ++ ++ return 0; ++} ++ ++static int bdrv_check_request(BlockDriverState *bs, int64_t sector_num, ++ int nb_sectors) ++{ ++ int64_t offset; ++ ++ /* Deal with byte accesses */ ++ if (sector_num < 0) ++ offset = -sector_num; ++ else ++ offset = sector_num * 512; ++ ++ return bdrv_check_byte_request(bs, offset, nb_sectors * 512); ++} ++ + /* return < 0 if error. See bdrv_write() for the return codes */ + int bdrv_read(BlockDriverState *bs, int64_t sector_num, + uint8_t *buf, int nb_sectors) +@@ -504,6 +538,8 @@ int bdrv_read(BlockDriverState *bs, int6 + + if (!drv) + return -ENOMEDIUM; ++ if (bdrv_check_request(bs, sector_num, nb_sectors)) ++ return -EIO; + + if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { + memcpy(buf, bs->boot_sector_data, 512); +@@ -547,6 +583,8 @@ int bdrv_write(BlockDriverState *bs, int + return -EACCES; + if (sector_num < 0) + return -EINVAL; ++ if (bdrv_check_request(bs, sector_num, nb_sectors)) ++ return -EIO; + if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { + memcpy(bs->boot_sector_data, buf, 512); + } +@@ -676,6 +714,9 @@ int bdrv_pread(BlockDriverState *bs, int + + if (!drv) + return -ENOMEDIUM; ++ if (bdrv_check_byte_request(bs, offset, count1)) ++ return -EIO; ++ + if (!drv->bdrv_pread) + return bdrv_pread_em(bs, offset, buf1, count1); + return drv->bdrv_pread(bs, offset, buf1, count1); +@@ -691,6 +732,9 @@ int bdrv_pwrite(BlockDriverState *bs, in + + if (!drv) + return -ENOMEDIUM; ++ if (bdrv_check_byte_request(bs, offset, count1)) ++ return -EIO; ++ + if (!drv->bdrv_pwrite) + return bdrv_pwrite_em(bs, offset, buf1, count1); + return drv->bdrv_pwrite(bs, offset, buf1, count1); +@@ -959,6 +1003,9 @@ int bdrv_write_compressed(BlockDriverSta + return -ENOMEDIUM; + if (!drv->bdrv_write_compressed) + return -ENOTSUP; ++ if (bdrv_check_request(bs, sector_num, nb_sectors)) ++ return -EIO; ++ + return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors); + } + +@@ -1105,6 +1152,8 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDri + + if (!drv) + return NULL; ++ if (bdrv_check_request(bs, sector_num, nb_sectors)) ++ return NULL; + + /* XXX: we assume that nb_sectors == 0 is suppored by the async read */ + if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { +@@ -1136,6 +1185,9 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDr + return NULL; + if (bs->read_only) + return NULL; ++ if (bdrv_check_request(bs, sector_num, nb_sectors)) ++ return NULL; ++ + if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { + memcpy(bs->boot_sector_data, buf, 512); + } +Les fichiers binaires qemu-0.9.1.orig/.block.c.swp et qemu-0.9.1/.block.c.swp sont différents. +diff -Nurdp qemu-0.9.1.orig/block_int.h qemu-0.9.1/block_int.h +--- qemu-0.9.1.orig/block_int.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/block_int.h 2009-05-03 13:57:46.000000000 +0200 +@@ -124,6 +124,9 @@ struct BlockDriverState { + uint64_t rd_ops; + uint64_t wr_ops; + ++ /* Whether the disk can expand beyond total_sectors */ ++ int growable; ++ + /* NOTE: the following infos are only hints for real hardware + drivers. They are not used by the block driver */ + int cyls, heads, secs, translation; --- qemu-0.9.1.orig/debian/patches/62_fix-ptyblocking.patch +++ qemu-0.9.1/debian/patches/62_fix-ptyblocking.patch @@ -0,0 +1,169 @@ +--- trunk/vl.c 2008/07/23 15:19:59 4927 ++++ trunk/vl.c 2008/07/28 18:55:32 4956 +@@ -2464,21 +2464,162 @@ + #endif + + #if defined(__linux__) || defined(__sun__) ++ ++typedef struct { ++ int fd; ++ int connected; ++ int polling; ++ int read_bytes; ++ QEMUTimer *timer; ++} PtyCharDriver; ++ ++static void pty_chr_update_read_handler(CharDriverState *chr); ++static void pty_chr_state(CharDriverState *chr, int connected); ++ ++static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len) ++{ ++ PtyCharDriver *s = chr->opaque; ++ ++ if (!s->connected) { ++ /* guest sends data, check for (re-)connect */ ++ pty_chr_update_read_handler(chr); ++ return 0; ++ } ++ return unix_write(s->fd, buf, len); ++} ++ ++static int pty_chr_read_poll(void *opaque) ++{ ++ CharDriverState *chr = opaque; ++ PtyCharDriver *s = chr->opaque; ++ ++ s->read_bytes = qemu_chr_can_read(chr); ++ return s->read_bytes; ++} ++ ++static void pty_chr_read(void *opaque) ++{ ++ CharDriverState *chr = opaque; ++ PtyCharDriver *s = chr->opaque; ++ int size, len; ++ uint8_t buf[1024]; ++ ++ len = sizeof(buf); ++ if (len > s->read_bytes) ++ len = s->read_bytes; ++ if (len == 0) ++ return; ++ size = read(s->fd, buf, len); ++ if ((size == -1 && errno == EIO) || ++ (size == 0)) { ++ pty_chr_state(chr, 0); ++ return; ++ } ++ if (size > 0) { ++ pty_chr_state(chr, 1); ++ qemu_chr_read(chr, buf, size); ++ } ++} ++ ++static void pty_chr_update_read_handler(CharDriverState *chr) ++{ ++ PtyCharDriver *s = chr->opaque; ++ ++ qemu_set_fd_handler2(s->fd, pty_chr_read_poll, ++ pty_chr_read, NULL, chr); ++ s->polling = 1; ++ /* ++ * Short timeout here: just need wait long enougth that qemu makes ++ * it through the poll loop once. When reconnected we want a ++ * short timeout so we notice it almost instantly. Otherwise ++ * read() gives us -EIO instantly, making pty_chr_state() reset the ++ * timeout to the normal (much longer) poll interval before the ++ * timer triggers. ++ */ ++ qemu_mod_timer(s->timer, qemu_get_clock(rt_clock) + 10); ++} ++ ++static void pty_chr_state(CharDriverState *chr, int connected) ++{ ++ PtyCharDriver *s = chr->opaque; ++ ++ if (!connected) { ++ qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); ++ s->connected = 0; ++ s->polling = 0; ++ /* (re-)connect poll interval for idle guests: once per second. ++ * We check more frequently in case the guests sends data to ++ * the virtual device linked to our pty. */ ++ qemu_mod_timer(s->timer, qemu_get_clock(rt_clock) + 1000); ++ } else { ++ if (!s->connected) ++ qemu_chr_reset(chr); ++ s->connected = 1; ++ } ++} ++ ++void pty_chr_timer(void *opaque) ++{ ++ struct CharDriverState *chr = opaque; ++ PtyCharDriver *s = chr->opaque; ++ ++ if (s->connected) ++ return; ++ if (s->polling) { ++ /* If we arrive here without polling being cleared due ++ * read returning -EIO, then we are (re-)connected */ ++ pty_chr_state(chr, 1); ++ return; ++ } ++ ++ /* Next poll ... */ ++ pty_chr_update_read_handler(chr); ++} ++ ++static void pty_chr_close(struct CharDriverState *chr) ++{ ++ PtyCharDriver *s = chr->opaque; ++ ++ qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); ++ close(s->fd); ++ qemu_free(s); ++} ++ + static CharDriverState *qemu_chr_open_pty(void) + { ++ CharDriverState *chr; ++ PtyCharDriver *s; + struct termios tty; +- int master_fd, slave_fd; ++ int slave_fd; + +- if (openpty(&master_fd, &slave_fd, NULL, NULL, NULL) < 0) { ++ chr = qemu_mallocz(sizeof(CharDriverState)); ++ if (!chr) ++ return NULL; ++ s = qemu_mallocz(sizeof(PtyCharDriver)); ++ if (!s) { ++ qemu_free(chr); ++ return NULL; ++ } ++ ++ if (openpty(&s->fd, &slave_fd, NULL, NULL, NULL) < 0) { + return NULL; + } + + /* Set raw attributes on the pty. */ + cfmakeraw(&tty); + tcsetattr(slave_fd, TCSAFLUSH, &tty); ++ close(slave_fd); ++ ++ fprintf(stderr, "char device redirected to %s\n", ptsname(s->fd)); + +- fprintf(stderr, "char device redirected to %s\n", ptsname(master_fd)); +- return qemu_chr_open_fd(master_fd, master_fd); ++ chr->opaque = s; ++ chr->chr_write = pty_chr_write; ++ chr->chr_update_read_handler = pty_chr_update_read_handler; ++ chr->chr_close = pty_chr_close; ++ ++ s->timer = qemu_new_timer(rt_clock, pty_chr_timer, chr); ++ ++ return chr; + } + + static void tty_serial_init(int fd, int speed, --- qemu-0.9.1.orig/debian/patches/04_do_not_print_rtc_freq_if_ok.patch +++ qemu-0.9.1/debian/patches/04_do_not_print_rtc_freq_if_ok.patch @@ -0,0 +1,20 @@ +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/vl.c 2008-04-14 11:27:38.000000000 +0200 +@@ -1302,11 +1302,14 @@ + static int rtc_start_timer(struct qemu_alarm_timer *t) + { + int rtc_fd; ++ unsigned long current_rtc_freq = 0; + + TFR(rtc_fd = open("/dev/rtc", O_RDONLY)); + if (rtc_fd < 0) + return -1; +- if (ioctl(rtc_fd, RTC_IRQP_SET, RTC_FREQ) < 0) { ++ ioctl(rtc_fd, RTC_IRQP_READ, ¤t_rtc_freq); ++ if (current_rtc_freq != RTC_FREQ && ++ ioctl(rtc_fd, RTC_IRQP_SET, RTC_FREQ) < 0) { + fprintf(stderr, "Could not configure '/dev/rtc' to have a 1024 Hz timer. This is not a fatal\n" + "error, but for better emulation accuracy either use a 2.6 host Linux kernel or\n" + "type 'echo 1024 > /proc/sys/dev/rtc/max-user-freq' as root.\n"); --- qemu-0.9.1.orig/debian/patches/80_ui_curses.patch +++ qemu-0.9.1/debian/patches/80_ui_curses.patch @@ -0,0 +1,1788 @@ +commit ea85a83baf27032c4b7a0a6bb495fa276df2d2ef +Author: balrog +Date: Sun Feb 10 16:33:12 2008 +0000 + + Add an ncurses UI. + +Index: qemu-0.9.1/Makefile +=================================================================== +--- qemu-0.9.1.orig/Makefile 2008-04-14 11:26:13.000000000 +0200 ++++ qemu-0.9.1/Makefile 2008-04-14 11:27:19.000000000 +0200 +@@ -90,6 +90,9 @@ + ifdef CONFIG_SDL + OBJS+=sdl.o x_keymap.o + endif ++ifdef CONFIG_CURSES ++OBJS+=curses.o ++endif + OBJS+=vnc.o d3des.o + + ifdef CONFIG_COCOA +@@ -113,6 +116,9 @@ + vnc.o: vnc.c keymaps.c sdl_keysym.h vnchextile.h d3des.c d3des.h + $(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) $(CONFIG_VNC_TLS_CFLAGS) -c -o $@ $< + ++curses.o: curses.c keymaps.c curses_keys.h ++ $(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $< ++ + audio/sdlaudio.o: audio/sdlaudio.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(SDL_CFLAGS) $(BASE_CFLAGS) -c -o $@ $< + +Index: qemu-0.9.1/Makefile.target +=================================================================== +--- qemu-0.9.1.orig/Makefile.target 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/Makefile.target 2008-04-14 11:27:17.000000000 +0200 +@@ -565,7 +565,7 @@ + endif + + $(QEMU_SYSTEM): $(VL_OBJS) ../libqemu_common.a libqemu.a +- $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(VL_LIBS) ++ $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(CURSES_LIBS) $(COCOA_LIBS) $(VL_LIBS) + + depend: $(SRCS) + $(CC) -MM $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) $^ 1>.depend +Index: qemu-0.9.1/configure +=================================================================== +--- qemu-0.9.1.orig/configure 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/configure 2008-04-14 11:27:17.000000000 +0200 +@@ -106,6 +106,7 @@ + build_docs="no" + uname_release="" + nptl="yes" ++curses="yes" + + # OS specific + targetos=`uname -s` +@@ -318,6 +319,8 @@ + ;; + --disable-werror) werror="no" + ;; ++ --disable-curses) curses="no" ++ ;; + *) echo "ERROR: unknown option $opt"; show_help="yes" + ;; + --disable-nptl) nptl="no" +@@ -684,6 +687,20 @@ + fi + fi + ++########################################## ++# curses probe ++ ++if test "$curses" = "yes" ; then ++ curses=no ++ cat > $TMPC << EOF ++#include ++int main(void) { return curses_version(); } ++EOF ++ if $cc -o $TMPE $TMPC -lcurses 2> /dev/null ; then ++ curses=yes ++ fi ++fi # test "$curses" ++ + # Check if tools are available to build documentation. + if [ -x "`which texi2html 2>/dev/null`" ] && \ + [ -x "`which pod2man 2>/dev/null`" ]; then +@@ -734,6 +751,7 @@ + if test "$sdl" != "no" ; then + echo "SDL static link $sdl_static" + fi ++echo "curses support $curses" + echo "mingw32 support $mingw32" + echo "Adlib support $adlib" + echo "CoreAudio support $coreaudio" +@@ -980,8 +998,13 @@ + fi + fi + if test "$cocoa" = "yes" ; then +- echo "#define CONFIG_COCOA 1" >> $config_h +- echo "CONFIG_COCOA=yes" >> $config_mak ++ echo "#define CONFIG_COCOA 1" >> $config_h ++ echo "CONFIG_COCOA=yes" >> $config_mak ++fi ++if test "$curses" = "yes" ; then ++ echo "#define CONFIG_CURSES 1" >> $config_h ++ echo "CONFIG_CURSES=yes" >> $config_mak ++ echo "CURSES_LIBS=-lcurses" >> $config_mak + fi + + # XXX: suppress that +@@ -1046,7 +1069,8 @@ + -a "$sdl" = "no" -a "$cocoa" = "no" ; then + echo "ERROR: QEMU requires SDL or Cocoa for graphical output" + echo "To build QEMU without graphical output configure with --disable-gfx-check" +- echo "Note that this will disable all output from the virtual graphics card." ++ echo "Note that this will disable all output from the virtual graphics card" ++ echo "except through VNC or curses." + exit 1; + fi + +Index: qemu-0.9.1/console.c +=================================================================== +--- qemu-0.9.1.orig/console.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/console.c 2008-04-14 11:26:14.000000000 +0200 +@@ -121,6 +121,7 @@ + vga_hw_update_ptr hw_update; + vga_hw_invalidate_ptr hw_invalidate; + vga_hw_screen_dump_ptr hw_screen_dump; ++ vga_hw_text_update_ptr hw_text_update; + void *hw; + + int g_width, g_height; +@@ -135,6 +136,7 @@ + TextAttributes t_attrib_default; /* default text attributes */ + TextAttributes t_attrib; /* currently active text attributes */ + TextCell *cells; ++ int text_x[2], text_y[2], cursor_invalidate; + + enum TTYState state; + int esc_params[MAX_ESC_PARAMS]; +@@ -171,6 +173,12 @@ + consoles[0]->hw_screen_dump(consoles[0]->hw, filename); + } + ++void vga_hw_text_update(console_ch_t *chardata) ++{ ++ if (active_console && active_console->hw_text_update) ++ active_console->hw_text_update(active_console->hw, chardata); ++} ++ + /* convert a RGBA color to a color index usable in graphic primitives */ + static unsigned int vga_get_color(DisplayState *ds, unsigned int rgba) + { +@@ -515,12 +523,25 @@ + s->cells = cells; + } + ++static inline void text_update_xy(TextConsole *s, int x, int y) ++{ ++ s->text_x[0] = MIN(s->text_x[0], x); ++ s->text_x[1] = MAX(s->text_x[1], x); ++ s->text_y[0] = MIN(s->text_y[0], y); ++ s->text_y[1] = MAX(s->text_y[1], y); ++} ++ + static void update_xy(TextConsole *s, int x, int y) + { + TextCell *c; + int y1, y2; + + if (s == active_console) { ++ if (!s->ds->depth) { ++ text_update_xy(s, x, y); ++ return; ++ } ++ + y1 = (s->y_base + y) % s->total_height; + y2 = y1 - s->y_displayed; + if (y2 < 0) +@@ -542,6 +563,12 @@ + + if (s == active_console) { + int x = s->x; ++ ++ if (!s->ds->depth) { ++ s->cursor_invalidate = 1; ++ return; ++ } ++ + if (x >= s->width) { + x = s->width - 1; + } +@@ -571,6 +598,14 @@ + + if (s != active_console) + return; ++ if (!s->ds->depth) { ++ s->text_x[0] = 0; ++ s->text_y[0] = 0; ++ s->text_x[1] = s->width - 1; ++ s->text_y[1] = s->height - 1; ++ s->cursor_invalidate = 1; ++ return; ++ } + + vga_fill_rect(s->ds, 0, 0, s->ds->width, s->ds->height, + color_table[0][COLOR_BLACK]); +@@ -648,6 +683,14 @@ + c++; + } + if (s == active_console && s->y_displayed == s->y_base) { ++ if (!s->ds->depth) { ++ s->text_x[0] = 0; ++ s->text_y[0] = 0; ++ s->text_x[1] = s->width - 1; ++ s->text_y[1] = s->height - 1; ++ return; ++ } ++ + vga_bitblt(s->ds, 0, FONT_HEIGHT, 0, 0, + s->width * FONT_WIDTH, + (s->height - 1) * FONT_HEIGHT); +@@ -998,21 +1041,7 @@ + s = consoles[index]; + if (s) { + active_console = s; +- if (s->console_type != GRAPHIC_CONSOLE) { +- if (s->g_width != s->ds->width || +- s->g_height != s->ds->height) { +- if (s->console_type == TEXT_CONSOLE_FIXED_SIZE) { +- dpy_resize(s->ds, s->g_width, s->g_height); +- } else { +- s->g_width = s->ds->width; +- s->g_height = s->ds->height; +- text_console_resize(s); +- } +- } +- console_refresh(s); +- } else { +- vga_hw_invalidate(); +- } ++ vga_hw_invalidate(); + } + } + +@@ -1116,6 +1145,52 @@ + } + } + ++static void text_console_invalidate(void *opaque) ++{ ++ TextConsole *s = (TextConsole *) opaque; ++ ++ if (s->console_type != GRAPHIC_CONSOLE) { ++ if (s->g_width != s->ds->width || ++ s->g_height != s->ds->height) { ++ if (s->console_type == TEXT_CONSOLE_FIXED_SIZE) ++ dpy_resize(s->ds, s->g_width, s->g_height); ++ else { ++ s->g_width = s->ds->width; ++ s->g_height = s->ds->height; ++ text_console_resize(s); ++ } ++ } ++ } ++ console_refresh(s); ++} ++ ++static void text_console_update(void *opaque, console_ch_t *chardata) ++{ ++ TextConsole *s = (TextConsole *) opaque; ++ int i, j, src; ++ ++ if (s->text_x[0] <= s->text_x[1]) { ++ src = (s->y_base + s->text_y[0]) * s->width; ++ chardata += s->text_y[0] * s->width; ++ for (i = s->text_y[0]; i <= s->text_y[1]; i ++) ++ for (j = 0; j < s->width; j ++, src ++) ++ console_write_ch(chardata ++, s->cells[src].ch | ++ (s->cells[src].t_attrib.fgcol << 12) | ++ (s->cells[src].t_attrib.bgcol << 8) | ++ (s->cells[src].t_attrib.bold << 21)); ++ dpy_update(s->ds, s->text_x[0], s->text_y[0], ++ s->text_x[1] - s->text_x[0], i - s->text_y[0]); ++ s->text_x[0] = s->width; ++ s->text_y[0] = s->height; ++ s->text_x[1] = 0; ++ s->text_y[1] = 0; ++ } ++ if (s->cursor_invalidate) { ++ dpy_cursor(s->ds, s->x, s->y); ++ s->cursor_invalidate = 0; ++ } ++} ++ + static TextConsole *new_console(DisplayState *ds, console_type_t console_type) + { + TextConsole *s; +@@ -1150,6 +1225,7 @@ + TextConsole *graphic_console_init(DisplayState *ds, vga_hw_update_ptr update, + vga_hw_invalidate_ptr invalidate, + vga_hw_screen_dump_ptr screen_dump, ++ vga_hw_text_update_ptr text_update, + void *opaque) + { + TextConsole *s; +@@ -1160,13 +1236,14 @@ + s->hw_update = update; + s->hw_invalidate = invalidate; + s->hw_screen_dump = screen_dump; ++ s->hw_text_update = text_update; + s->hw = opaque; + return s; + } + + int is_graphic_console(void) + { +- return active_console->console_type == GRAPHIC_CONSOLE; ++ return active_console && active_console->console_type == GRAPHIC_CONSOLE; + } + + void console_color_init(DisplayState *ds) +@@ -1234,6 +1311,10 @@ + s->g_width = width; + s->g_height = height; + ++ s->hw_invalidate = text_console_invalidate; ++ s->hw_text_update = text_console_update; ++ s->hw = s; ++ + /* Set text attribute defaults */ + s->t_attrib_default.bold = 0; + s->t_attrib_default.uline = 0; +Index: qemu-0.9.1/console.h +=================================================================== +--- qemu-0.9.1.orig/console.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/console.h 2008-04-14 11:26:14.000000000 +0200 +@@ -79,6 +79,7 @@ + int dst_x, int dst_y, int w, int h); + void (*dpy_fill)(struct DisplayState *s, int x, int y, + int w, int h, uint32_t c); ++ void (*dpy_text_cursor)(struct DisplayState *s, int x, int y); + void (*mouse_set)(int x, int y, int on); + void (*cursor_define)(int width, int height, int bpp, int hot_x, int hot_y, + uint8_t *image, uint8_t *mask); +@@ -94,17 +95,32 @@ + s->dpy_resize(s, w, h); + } + ++static inline void dpy_cursor(DisplayState *s, int x, int y) ++{ ++ if (s->dpy_text_cursor) ++ s->dpy_text_cursor(s, x, y); ++} ++ ++typedef unsigned long console_ch_t; ++static inline void console_write_ch(console_ch_t *dest, uint32_t ch) ++{ ++ cpu_to_le32wu((uint32_t *) dest, ch); ++} ++ + typedef void (*vga_hw_update_ptr)(void *); + typedef void (*vga_hw_invalidate_ptr)(void *); + typedef void (*vga_hw_screen_dump_ptr)(void *, const char *); ++typedef void (*vga_hw_text_update_ptr)(void *, console_ch_t *); + + TextConsole *graphic_console_init(DisplayState *ds, vga_hw_update_ptr update, + vga_hw_invalidate_ptr invalidate, + vga_hw_screen_dump_ptr screen_dump, ++ vga_hw_text_update_ptr text_update, + void *opaque); + void vga_hw_update(void); + void vga_hw_invalidate(void); + void vga_hw_screen_dump(const char *filename); ++void vga_hw_text_update(console_ch_t *chardata); + + int is_graphic_console(void); + CharDriverState *text_console_init(DisplayState *ds, const char *p); +@@ -124,6 +140,9 @@ + int vnc_display_password(DisplayState *ds, const char *password); + void do_info_vnc(void); + ++/* curses.c */ ++void curses_display_init(DisplayState *ds, int full_screen); ++ + /* x_keymap.c */ + extern uint8_t _translate_keycode(const int key); + +Index: qemu-0.9.1/curses.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/curses.c 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,370 @@ ++/* ++ * QEMU curses/ncurses display driver ++ * ++ * Copyright (c) 2005 Andrzej Zaborowski ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include "qemu-common.h" ++#include "console.h" ++#include "sysemu.h" ++ ++#include ++ ++#ifndef _WIN32 ++#include ++#include ++#include ++#endif ++ ++#define FONT_HEIGHT 16 ++#define FONT_WIDTH 8 ++ ++static console_ch_t screen[160 * 100]; ++static WINDOW *screenpad = NULL; ++static int width, height, gwidth, gheight, invalidate; ++static int px, py, sminx, sminy, smaxx, smaxy; ++ ++static void curses_update(DisplayState *ds, int x, int y, int w, int h) ++{ ++ chtype *line; ++ ++ line = ((chtype *) screen) + y * width; ++ for (h += y; y < h; y ++, line += width) ++ mvwaddchnstr(screenpad, y, 0, line, width); ++ ++ pnoutrefresh(screenpad, py, px, sminy, sminx, smaxy - 1, smaxx - 1); ++ refresh(); ++} ++ ++static void curses_calc_pad(void) ++{ ++ if (is_graphic_console()) { ++ width = gwidth; ++ height = gheight; ++ } else { ++ width = COLS; ++ height = LINES; ++ } ++ ++ if (screenpad) ++ delwin(screenpad); ++ ++ clear(); ++ refresh(); ++ ++ screenpad = newpad(height, width); ++ ++ if (width > COLS) { ++ px = (width - COLS) / 2; ++ sminx = 0; ++ smaxx = COLS; ++ } else { ++ px = 0; ++ sminx = (COLS - width) / 2; ++ smaxx = sminx + width; ++ } ++ ++ if (height > LINES) { ++ py = (height - LINES) / 2; ++ sminy = 0; ++ smaxy = LINES; ++ } else { ++ py = 0; ++ sminy = (LINES - height) / 2; ++ smaxy = sminy + height; ++ } ++} ++ ++static void curses_resize(DisplayState *ds, int w, int h) ++{ ++ if (w == gwidth && h == gheight) ++ return; ++ ++ gwidth = w; ++ gheight = h; ++ ++ curses_calc_pad(); ++} ++ ++#ifndef _WIN32 ++#ifdef SIGWINCH ++static void curses_winch_handler(int signum) ++{ ++ struct winsize { ++ unsigned short ws_row; ++ unsigned short ws_col; ++ unsigned short ws_xpixel; /* unused */ ++ unsigned short ws_ypixel; /* unused */ ++ } ws; ++ ++ /* terminal size changed */ ++ if (ioctl(1, TIOCGWINSZ, &ws) == -1) ++ return; ++ ++ resize_term(ws.ws_row, ws.ws_col); ++ curses_calc_pad(); ++ invalidate = 1; ++ ++ /* some systems require this */ ++ signal(SIGWINCH, curses_winch_handler); ++} ++#endif ++#endif ++ ++static void curses_cursor_position(DisplayState *ds, int x, int y) ++{ ++ if (x >= 0) { ++ x = sminx + x - px; ++ y = sminy + y - py; ++ ++ if (x >= 0 && y >= 0 && x < COLS && y < LINES) { ++ move(y, x); ++ curs_set(1); ++ /* it seems that curs_set(1) must always be called before ++ * curs_set(2) for the latter to have effect */ ++ if (!is_graphic_console()) ++ curs_set(2); ++ return; ++ } ++ } ++ ++ curs_set(0); ++} ++ ++/* generic keyboard conversion */ ++ ++#include "curses_keys.h" ++#include "keymaps.c" ++ ++static kbd_layout_t *kbd_layout = 0; ++static int keycode2keysym[CURSES_KEYS]; ++ ++static void curses_refresh(DisplayState *ds) ++{ ++ int chr, nextchr, keysym, keycode; ++ ++ if (invalidate) { ++ clear(); ++ refresh(); ++ curses_calc_pad(); ++ ds->width = FONT_WIDTH * width; ++ ds->height = FONT_HEIGHT * height; ++ vga_hw_invalidate(); ++ invalidate = 0; ++ } ++ ++ vga_hw_text_update(screen); ++ ++ nextchr = ERR; ++ while (1) { ++ /* while there are any pending key strokes to process */ ++ if (nextchr == ERR) ++ chr = getch(); ++ else { ++ chr = nextchr; ++ nextchr = ERR; ++ } ++ ++ if (chr == ERR) ++ break; ++ ++ /* this shouldn't occur when we use a custom SIGWINCH handler */ ++ if (chr == KEY_RESIZE) { ++ clear(); ++ refresh(); ++ curses_calc_pad(); ++ curses_update(ds, 0, 0, width, height); ++ ds->width = FONT_WIDTH * width; ++ ds->height = FONT_HEIGHT * height; ++ continue; ++ } ++ ++ keycode = curses2keycode[chr]; ++ if (keycode == -1) ++ continue; ++ ++ /* alt key */ ++ if (keycode == 1) { ++ nextchr = getch(); ++ ++ if (nextchr != ERR) { ++ keycode = curses2keycode[nextchr]; ++ nextchr = ERR; ++ if (keycode == -1) ++ continue; ++ ++ keycode |= ALT; ++ ++ /* process keys reserved for qemu */ ++ if (keycode >= QEMU_KEY_CONSOLE0 && ++ keycode < QEMU_KEY_CONSOLE0 + 9) { ++ erase(); ++ wnoutrefresh(stdscr); ++ console_select(keycode - QEMU_KEY_CONSOLE0); ++ ++ invalidate = 1; ++ continue; ++ } ++ } ++ } ++ ++ if (kbd_layout && !(keycode & GREY)) { ++ keysym = keycode2keysym[keycode & KEY_MASK]; ++ if (keysym == -1) ++ keysym = chr; ++ ++ keycode &= ~KEY_MASK; ++ keycode |= keysym2scancode(kbd_layout, keysym); ++ } ++ ++ if (is_graphic_console()) { ++ /* since terminals don't know about key press and release ++ * events, we need to emit both for each key received */ ++ if (keycode & SHIFT) ++ kbd_put_keycode(SHIFT_CODE); ++ if (keycode & CNTRL) ++ kbd_put_keycode(CNTRL_CODE); ++ if (keycode & ALT) ++ kbd_put_keycode(ALT_CODE); ++ if (keycode & GREY) ++ kbd_put_keycode(GREY_CODE); ++ kbd_put_keycode(keycode & KEY_MASK); ++ if (keycode & GREY) ++ kbd_put_keycode(GREY_CODE); ++ kbd_put_keycode((keycode & KEY_MASK) | KEY_RELEASE); ++ if (keycode & ALT) ++ kbd_put_keycode(ALT_CODE | KEY_RELEASE); ++ if (keycode & CNTRL) ++ kbd_put_keycode(CNTRL_CODE | KEY_RELEASE); ++ if (keycode & SHIFT) ++ kbd_put_keycode(SHIFT_CODE | KEY_RELEASE); ++ } else { ++ keysym = curses2keysym[chr]; ++ if (keysym == -1) ++ keysym = chr; ++ ++ kbd_put_keysym(keysym); ++ } ++ } ++} ++ ++static void curses_cleanup(void *opaque) ++{ ++ endwin(); ++} ++ ++static void curses_atexit(void) ++{ ++ curses_cleanup(NULL); ++} ++ ++static void curses_setup(void) ++{ ++ int i, colour_default[8] = { ++ COLOR_BLACK, COLOR_BLUE, COLOR_GREEN, COLOR_CYAN, ++ COLOR_RED, COLOR_MAGENTA, COLOR_YELLOW, COLOR_WHITE, ++ }; ++ ++ /* input as raw as possible, let everything be interpreted ++ * by the guest system */ ++ initscr(); noecho(); intrflush(stdscr, FALSE); ++ nodelay(stdscr, TRUE); nonl(); keypad(stdscr, TRUE); ++ start_color(); raw(); scrollok(stdscr, FALSE); ++ ++ for (i = 0; i < 64; i ++) ++ init_pair(i, colour_default[i & 7], colour_default[i >> 3]); ++} ++ ++static void curses_keyboard_setup(void) ++{ ++ int i, keycode, keysym; ++ ++#if defined(__APPLE__) ++ /* always use generic keymaps */ ++ if (!keyboard_layout) ++ keyboard_layout = "en-us"; ++#endif ++ if(keyboard_layout) { ++ kbd_layout = init_keyboard_layout(keyboard_layout); ++ if (!kbd_layout) ++ exit(1); ++ } ++ ++ for (i = 0; i < CURSES_KEYS; i ++) ++ keycode2keysym[i] = -1; ++ ++ for (i = 0; i < CURSES_KEYS; i ++) { ++ if (curses2keycode[i] == -1) ++ continue; ++ ++ keycode = curses2keycode[i] & KEY_MASK; ++ if (keycode2keysym[keycode] >= 0) ++ continue; ++ ++ for (keysym = 0; keysym < CURSES_KEYS; keysym ++) ++ if (curses2keycode[keysym] == keycode) { ++ keycode2keysym[keycode] = keysym; ++ break; ++ } ++ ++ if (keysym >= CURSES_KEYS) ++ keycode2keysym[keycode] = i; ++ } ++} ++ ++void curses_display_init(DisplayState *ds, int full_screen) ++{ ++#ifndef _WIN32 ++ if (!isatty(1)) { ++ fprintf(stderr, "We need a terminal output\n"); ++ exit(1); ++ } ++#endif ++ ++ curses_setup(); ++ curses_keyboard_setup(); ++ atexit(curses_atexit); ++ ++#ifndef _WIN32 ++ signal(SIGINT, SIG_DFL); ++ signal(SIGQUIT, SIG_DFL); ++#ifdef SIGWINCH ++ /* some curses implementations provide a handler, but we ++ * want to be sure this is handled regardless of the library */ ++ signal(SIGWINCH, curses_winch_handler); ++#endif ++#endif ++ ++ ds->data = (void *) screen; ++ ds->linesize = 0; ++ ds->depth = 0; ++ ds->width = 640; ++ ds->height = 400; ++ ds->dpy_update = curses_update; ++ ds->dpy_resize = curses_resize; ++ ds->dpy_refresh = curses_refresh; ++ ds->dpy_text_cursor = curses_cursor_position; ++ ++ invalidate = 1; ++ ++ /* Standard VGA initial text mode dimensions */ ++ curses_resize(ds, 80, 25); ++} +Index: qemu-0.9.1/curses_keys.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/curses_keys.h 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,484 @@ ++/* ++ * Keycode and keysyms conversion tables for curses ++ * ++ * Copyright (c) 2005 Andrzej Zaborowski ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++#define KEY_RELEASE 0x80 ++#define KEY_MASK 0x7f ++#define SHIFT_CODE 0x2a ++#define SHIFT 0x0080 ++#define GREY_CODE 0xe0 ++#define GREY 0x0100 ++#define CNTRL_CODE 0x1d ++#define CNTRL 0x0200 ++#define ALT_CODE 0x38 ++#define ALT 0x0400 ++ ++/* curses won't detect a Control + Alt + 1, so use Alt + 1 */ ++#define QEMU_KEY_CONSOLE0 (2 | ALT) /* (curses2keycode['1'] | ALT) */ ++ ++#define CURSES_KEYS KEY_MAX /* KEY_MAX defined in */ ++ ++int curses2keycode[CURSES_KEYS] = { ++ [0 ... (CURSES_KEYS - 1)] = -1, ++ ++ [0x01b] = 1, /* Escape */ ++ ['1'] = 2, ++ ['2'] = 3, ++ ['3'] = 4, ++ ['4'] = 5, ++ ['5'] = 6, ++ ['6'] = 7, ++ ['7'] = 8, ++ ['8'] = 9, ++ ['9'] = 10, ++ ['0'] = 11, ++ ['-'] = 12, ++ ['='] = 13, ++ [0x07f] = 14, /* Backspace */ ++ [0x107] = 14, /* Backspace */ ++ ++ ['\t'] = 15, /* Tab */ ++ ['q'] = 16, ++ ['w'] = 17, ++ ['e'] = 18, ++ ['r'] = 19, ++ ['t'] = 20, ++ ['y'] = 21, ++ ['u'] = 22, ++ ['i'] = 23, ++ ['o'] = 24, ++ ['p'] = 25, ++ ['['] = 26, ++ [']'] = 27, ++ ['\n'] = 28, /* Return */ ++ ['\r'] = 28, /* Return */ ++ [0x157] = 28, /* Return */ ++ ++ ['a'] = 30, ++ ['s'] = 31, ++ ['d'] = 32, ++ ['f'] = 33, ++ ['g'] = 34, ++ ['h'] = 35, ++ ['j'] = 36, ++ ['k'] = 37, ++ ['l'] = 38, ++ [';'] = 39, ++ ['\''] = 40, /* Single quote */ ++ ['`'] = 41, ++ ['\\'] = 43, /* Backslash */ ++ ++ ['z'] = 44, ++ ['x'] = 45, ++ ['c'] = 46, ++ ['v'] = 47, ++ ['b'] = 48, ++ ['n'] = 49, ++ ['m'] = 50, ++ [','] = 51, ++ ['.'] = 52, ++ ['/'] = 53, ++ ++ [' '] = 57, ++ ++ [0x109] = 59, /* Function Key 1 */ ++ [0x10a] = 60, /* Function Key 2 */ ++ [0x10b] = 61, /* Function Key 3 */ ++ [0x10c] = 62, /* Function Key 4 */ ++ [0x10d] = 63, /* Function Key 5 */ ++ [0x10e] = 64, /* Function Key 6 */ ++ [0x10f] = 65, /* Function Key 7 */ ++ [0x110] = 66, /* Function Key 8 */ ++ [0x111] = 67, /* Function Key 9 */ ++ [0x112] = 68, /* Function Key 10 */ ++ [0x113] = 87, /* Function Key 11 */ ++ [0x114] = 88, /* Function Key 12 */ ++ ++ [0x106] = 71 | GREY, /* Home */ ++ [0x103] = 72 | GREY, /* Up Arrow */ ++ [0x153] = 73 | GREY, /* Page Up */ ++ [0x104] = 75 | GREY, /* Left Arrow */ ++ [0x105] = 77 | GREY, /* Right Arrow */ ++ [0x168] = 79 | GREY, /* End */ ++ [0x102] = 80 | GREY, /* Down Arrow */ ++ [0x152] = 81 | GREY, /* Page Down */ ++ [0x14b] = 82 | GREY, /* Insert */ ++ [0x14a] = 83 | GREY, /* Delete */ ++ ++ ['!'] = 2 | SHIFT, ++ ['@'] = 3 | SHIFT, ++ ['#'] = 4 | SHIFT, ++ ['$'] = 5 | SHIFT, ++ ['%'] = 6 | SHIFT, ++ ['^'] = 7 | SHIFT, ++ ['&'] = 8 | SHIFT, ++ ['*'] = 9 | SHIFT, ++ ['('] = 10 | SHIFT, ++ [')'] = 11 | SHIFT, ++ ['_'] = 12 | SHIFT, ++ ['+'] = 13 | SHIFT, ++ ++ [0x161] = 15 | SHIFT, /* Shift + Tab */ ++ ['Q'] = 16 | SHIFT, ++ ['W'] = 17 | SHIFT, ++ ['E'] = 18 | SHIFT, ++ ['R'] = 19 | SHIFT, ++ ['T'] = 20 | SHIFT, ++ ['Y'] = 21 | SHIFT, ++ ['U'] = 22 | SHIFT, ++ ['I'] = 23 | SHIFT, ++ ['O'] = 24 | SHIFT, ++ ['P'] = 25 | SHIFT, ++ ['{'] = 26 | SHIFT, ++ ['}'] = 27 | SHIFT, ++ ++ ['A'] = 30 | SHIFT, ++ ['S'] = 31 | SHIFT, ++ ['D'] = 32 | SHIFT, ++ ['F'] = 33 | SHIFT, ++ ['G'] = 34 | SHIFT, ++ ['H'] = 35 | SHIFT, ++ ['J'] = 36 | SHIFT, ++ ['K'] = 37 | SHIFT, ++ ['L'] = 38 | SHIFT, ++ [':'] = 39 | SHIFT, ++ ['"'] = 40 | SHIFT, ++ ['~'] = 41 | SHIFT, ++ ['|'] = 43 | SHIFT, ++ ++ ['Z'] = 44 | SHIFT, ++ ['X'] = 45 | SHIFT, ++ ['C'] = 46 | SHIFT, ++ ['V'] = 47 | SHIFT, ++ ['B'] = 48 | SHIFT, ++ ['N'] = 49 | SHIFT, ++ ['M'] = 50 | SHIFT, ++ ['<'] = 51 | SHIFT, ++ ['>'] = 52 | SHIFT, ++ ['?'] = 53 | SHIFT, ++ ++ [0x115] = 59 | SHIFT, /* Shift + Function Key 1 */ ++ [0x116] = 60 | SHIFT, /* Shift + Function Key 2 */ ++ [0x117] = 61 | SHIFT, /* Shift + Function Key 3 */ ++ [0x118] = 62 | SHIFT, /* Shift + Function Key 4 */ ++ [0x119] = 63 | SHIFT, /* Shift + Function Key 5 */ ++ [0x11a] = 64 | SHIFT, /* Shift + Function Key 6 */ ++ [0x11b] = 65 | SHIFT, /* Shift + Function Key 7 */ ++ [0x11c] = 66 | SHIFT, /* Shift + Function Key 8 */ ++ ++ [0x011] = 16 | CNTRL, /* Control + q */ ++ [0x017] = 17 | CNTRL, /* Control + w */ ++ [0x005] = 18 | CNTRL, /* Control + e */ ++ [0x012] = 19 | CNTRL, /* Control + r */ ++ [0x014] = 20 | CNTRL, /* Control + t */ ++ [0x019] = 21 | CNTRL, /* Control + y */ ++ [0x015] = 22 | CNTRL, /* Control + u */ ++ [0x009] = 23 | CNTRL, /* Control + i */ ++ [0x00f] = 24 | CNTRL, /* Control + o */ ++ [0x010] = 25 | CNTRL, /* Control + p */ ++ ++ [0x001] = 30 | CNTRL, /* Control + a */ ++ [0x013] = 31 | CNTRL, /* Control + s */ ++ [0x004] = 32 | CNTRL, /* Control + d */ ++ [0x006] = 33 | CNTRL, /* Control + f */ ++ [0x007] = 34 | CNTRL, /* Control + g */ ++ [0x008] = 35 | CNTRL, /* Control + h */ ++ [0x00a] = 36 | CNTRL, /* Control + j */ ++ [0x00b] = 37 | CNTRL, /* Control + k */ ++ [0x00c] = 38 | CNTRL, /* Control + l */ ++ ++ [0x01a] = 44 | CNTRL, /* Control + z */ ++ [0x018] = 45 | CNTRL, /* Control + x */ ++ [0x003] = 46 | CNTRL, /* Control + c */ ++ [0x016] = 47 | CNTRL, /* Control + v */ ++ [0x002] = 48 | CNTRL, /* Control + b */ ++ [0x00e] = 49 | CNTRL, /* Control + n */ ++ /* Control + m collides with the keycode for Enter */ ++ ++}; ++ ++int curses2keysym[CURSES_KEYS] = { ++ [0 ... (CURSES_KEYS - 1)] = -1, ++ ++ ['\n'] = '\n', ++ ['\r'] = '\n', ++ ++ [0x07f] = QEMU_KEY_BACKSPACE, ++ ++ [0x102] = QEMU_KEY_DOWN, ++ [0x103] = QEMU_KEY_UP, ++ [0x104] = QEMU_KEY_LEFT, ++ [0x105] = QEMU_KEY_RIGHT, ++ [0x106] = QEMU_KEY_HOME, ++ [0x107] = QEMU_KEY_BACKSPACE, ++ ++ [0x14a] = QEMU_KEY_DELETE, ++ [0x152] = QEMU_KEY_PAGEDOWN, ++ [0x153] = QEMU_KEY_PAGEUP, ++ [0x157] = '\n', ++ [0x168] = QEMU_KEY_END, ++ ++}; ++ ++typedef struct { ++ const char* name; ++ int keysym; ++} name2keysym_t; ++ ++static name2keysym_t name2keysym[] = { ++ /* Plain ASCII */ ++ { "space", 0x020 }, ++ { "exclam", 0x021 }, ++ { "quotedbl", 0x022 }, ++ { "numbersign", 0x023 }, ++ { "dollar", 0x024 }, ++ { "percent", 0x025 }, ++ { "ampersand", 0x026 }, ++ { "apostrophe", 0x027 }, ++ { "parenleft", 0x028 }, ++ { "parenright", 0x029 }, ++ { "asterisk", 0x02a }, ++ { "plus", 0x02b }, ++ { "comma", 0x02c }, ++ { "minus", 0x02d }, ++ { "period", 0x02e }, ++ { "slash", 0x02f }, ++ { "0", 0x030 }, ++ { "1", 0x031 }, ++ { "2", 0x032 }, ++ { "3", 0x033 }, ++ { "4", 0x034 }, ++ { "5", 0x035 }, ++ { "6", 0x036 }, ++ { "7", 0x037 }, ++ { "8", 0x038 }, ++ { "9", 0x039 }, ++ { "colon", 0x03a }, ++ { "semicolon", 0x03b }, ++ { "less", 0x03c }, ++ { "equal", 0x03d }, ++ { "greater", 0x03e }, ++ { "question", 0x03f }, ++ { "at", 0x040 }, ++ { "A", 0x041 }, ++ { "B", 0x042 }, ++ { "C", 0x043 }, ++ { "D", 0x044 }, ++ { "E", 0x045 }, ++ { "F", 0x046 }, ++ { "G", 0x047 }, ++ { "H", 0x048 }, ++ { "I", 0x049 }, ++ { "J", 0x04a }, ++ { "K", 0x04b }, ++ { "L", 0x04c }, ++ { "M", 0x04d }, ++ { "N", 0x04e }, ++ { "O", 0x04f }, ++ { "P", 0x050 }, ++ { "Q", 0x051 }, ++ { "R", 0x052 }, ++ { "S", 0x053 }, ++ { "T", 0x054 }, ++ { "U", 0x055 }, ++ { "V", 0x056 }, ++ { "W", 0x057 }, ++ { "X", 0x058 }, ++ { "Y", 0x059 }, ++ { "Z", 0x05a }, ++ { "bracketleft", 0x05b }, ++ { "backslash", 0x05c }, ++ { "bracketright", 0x05d }, ++ { "asciicircum", 0x05e }, ++ { "underscore", 0x05f }, ++ { "grave", 0x060 }, ++ { "a", 0x061 }, ++ { "b", 0x062 }, ++ { "c", 0x063 }, ++ { "d", 0x064 }, ++ { "e", 0x065 }, ++ { "f", 0x066 }, ++ { "g", 0x067 }, ++ { "h", 0x068 }, ++ { "i", 0x069 }, ++ { "j", 0x06a }, ++ { "k", 0x06b }, ++ { "l", 0x06c }, ++ { "m", 0x06d }, ++ { "n", 0x06e }, ++ { "o", 0x06f }, ++ { "p", 0x070 }, ++ { "q", 0x071 }, ++ { "r", 0x072 }, ++ { "s", 0x073 }, ++ { "t", 0x074 }, ++ { "u", 0x075 }, ++ { "v", 0x076 }, ++ { "w", 0x077 }, ++ { "x", 0x078 }, ++ { "y", 0x079 }, ++ { "z", 0x07a }, ++ { "braceleft", 0x07b }, ++ { "bar", 0x07c }, ++ { "braceright", 0x07d }, ++ { "asciitilde", 0x07e }, ++ ++ /* Latin-1 extensions */ ++ { "nobreakspace", 0x0a0 }, ++ { "exclamdown", 0x0a1 }, ++ { "cent", 0x0a2 }, ++ { "sterling", 0x0a3 }, ++ { "currency", 0x0a4 }, ++ { "yen", 0x0a5 }, ++ { "brokenbar", 0x0a6 }, ++ { "section", 0x0a7 }, ++ { "diaeresis", 0x0a8 }, ++ { "copyright", 0x0a9 }, ++ { "ordfeminine", 0x0aa }, ++ { "guillemotleft", 0x0ab }, ++ { "notsign", 0x0ac }, ++ { "hyphen", 0x0ad }, ++ { "registered", 0x0ae }, ++ { "macron", 0x0af }, ++ { "degree", 0x0b0 }, ++ { "plusminus", 0x0b1 }, ++ { "twosuperior", 0x0b2 }, ++ { "threesuperior", 0x0b3 }, ++ { "acute", 0x0b4 }, ++ { "mu", 0x0b5 }, ++ { "paragraph", 0x0b6 }, ++ { "periodcentered", 0x0b7 }, ++ { "cedilla", 0x0b8 }, ++ { "onesuperior", 0x0b9 }, ++ { "masculine", 0x0ba }, ++ { "guillemotright", 0x0bb }, ++ { "onequarter", 0x0bc }, ++ { "onehalf", 0x0bd }, ++ { "threequarters", 0x0be }, ++ { "questiondown", 0x0bf }, ++ { "Agrave", 0x0c0 }, ++ { "Aacute", 0x0c1 }, ++ { "Acircumflex", 0x0c2 }, ++ { "Atilde", 0x0c3 }, ++ { "Adiaeresis", 0x0c4 }, ++ { "Aring", 0x0c5 }, ++ { "AE", 0x0c6 }, ++ { "Ccedilla", 0x0c7 }, ++ { "Egrave", 0x0c8 }, ++ { "Eacute", 0x0c9 }, ++ { "Ecircumflex", 0x0ca }, ++ { "Ediaeresis", 0x0cb }, ++ { "Igrave", 0x0cc }, ++ { "Iacute", 0x0cd }, ++ { "Icircumflex", 0x0ce }, ++ { "Idiaeresis", 0x0cf }, ++ { "ETH", 0x0d0 }, ++ { "Eth", 0x0d0 }, ++ { "Ntilde", 0x0d1 }, ++ { "Ograve", 0x0d2 }, ++ { "Oacute", 0x0d3 }, ++ { "Ocircumflex", 0x0d4 }, ++ { "Otilde", 0x0d5 }, ++ { "Odiaeresis", 0x0d6 }, ++ { "multiply", 0x0d7 }, ++ { "Ooblique", 0x0d8 }, ++ { "Oslash", 0x0d8 }, ++ { "Ugrave", 0x0d9 }, ++ { "Uacute", 0x0da }, ++ { "Ucircumflex", 0x0db }, ++ { "Udiaeresis", 0x0dc }, ++ { "Yacute", 0x0dd }, ++ { "THORN", 0x0de }, ++ { "Thorn", 0x0de }, ++ { "ssharp", 0x0df }, ++ { "agrave", 0x0e0 }, ++ { "aacute", 0x0e1 }, ++ { "acircumflex", 0x0e2 }, ++ { "atilde", 0x0e3 }, ++ { "adiaeresis", 0x0e4 }, ++ { "aring", 0x0e5 }, ++ { "ae", 0x0e6 }, ++ { "ccedilla", 0x0e7 }, ++ { "egrave", 0x0e8 }, ++ { "eacute", 0x0e9 }, ++ { "ecircumflex", 0x0ea }, ++ { "ediaeresis", 0x0eb }, ++ { "igrave", 0x0ec }, ++ { "iacute", 0x0ed }, ++ { "icircumflex", 0x0ee }, ++ { "idiaeresis", 0x0ef }, ++ { "eth", 0x0f0 }, ++ { "ntilde", 0x0f1 }, ++ { "ograve", 0x0f2 }, ++ { "oacute", 0x0f3 }, ++ { "ocircumflex", 0x0f4 }, ++ { "otilde", 0x0f5 }, ++ { "odiaeresis", 0x0f6 }, ++ { "division", 0x0f7 }, ++ { "oslash", 0x0f8 }, ++ { "ooblique", 0x0f8 }, ++ { "ugrave", 0x0f9 }, ++ { "uacute", 0x0fa }, ++ { "ucircumflex", 0x0fb }, ++ { "udiaeresis", 0x0fc }, ++ { "yacute", 0x0fd }, ++ { "thorn", 0x0fe }, ++ { "ydiaeresis", 0x0ff }, ++ ++ /* Special keys */ ++ { "BackSpace", 0x07f }, ++ { "Tab", '\t' }, ++ { "Return", '\r' }, ++ { "Right", 0x105 }, ++ { "Left", 0x104 }, ++ { "Up", 0x103 }, ++ { "Down", 0x102 }, ++ { "Page_Down", 0x152 }, ++ { "Page_Up", 0x153 }, ++ { "Insert", 0x14b }, ++ { "Delete", 0x14a }, ++ { "Home", 0x106 }, ++ { "End", 0x168 }, ++ { "F1", 0x109 }, ++ { "F2", 0x10a }, ++ { "F3", 0x10b }, ++ { "F4", 0x10c }, ++ { "F5", 0x10d }, ++ { "F6", 0x10e }, ++ { "F7", 0x10f }, ++ { "F8", 0x110 }, ++ { "F9", 0x111 }, ++ { "F10", 0x112 }, ++ { "F11", 0x113 }, ++ { "F12", 0x114 }, ++ { "F13", 0x115 }, ++ { "F14", 0x116 }, ++ { "F15", 0x117 }, ++ { "F16", 0x118 }, ++ { "F17", 0x119 }, ++ { "F18", 0x11a }, ++ { "F19", 0x11b }, ++ { "F20", 0x11c }, ++ { "Escape", 27 }, ++ ++ { 0, 0 }, ++}; +Index: qemu-0.9.1/hw/cirrus_vga.c +=================================================================== +--- qemu-0.9.1.orig/hw/cirrus_vga.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/cirrus_vga.c 2008-04-14 11:27:17.000000000 +0200 +@@ -3257,7 +3257,8 @@ + ds, vga_ram_base, vga_ram_offset, vga_ram_size); + cirrus_init_common(s, device_id, 1); + +- graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s); ++ graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, ++ s->text_update, s); + + s->pci_dev = (PCIDevice *)d; + +Index: qemu-0.9.1/hw/jazz_led.c +=================================================================== +--- qemu-0.9.1.orig/hw/jazz_led.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/jazz_led.c 2008-04-14 11:26:14.000000000 +0200 +@@ -285,6 +285,22 @@ + printf("jazz_led_screen_dump() not implemented\n"); + } + ++static void jazz_led_text_update(void *opaque, console_ch_t *chardata) ++{ ++ LedState *s = opaque; ++ char buf[2]; ++ ++ dpy_cursor(s->ds, -1, -1); ++ dpy_resize(s->ds, 2, 1); ++ ++ /* TODO: draw the segments */ ++ snprintf(buf, 2, "%02hhx\n", s->segments); ++ console_write_ch(chardata++, 0x00200100 | buf[0]); ++ console_write_ch(chardata++, 0x00200100 | buf[1]); ++ ++ dpy_update(s->ds, 0, 0, 2, 1); ++} ++ + void jazz_led_init(DisplayState *ds, target_phys_addr_t base) + { + LedState *s; +@@ -301,5 +317,7 @@ + io = cpu_register_io_memory(0, led_read, led_write, s); + cpu_register_physical_memory(s->base, 1, io); + +- graphic_console_init(ds, jazz_led_update_display, jazz_led_invalidate_display, jazz_led_screen_dump, s); ++ graphic_console_init(ds, jazz_led_update_display, ++ jazz_led_invalidate_display, jazz_led_screen_dump, ++ jazz_led_text_update, s); + } +Index: qemu-0.9.1/hw/omap_lcdc.c +=================================================================== +--- qemu-0.9.1.orig/hw/omap_lcdc.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/omap_lcdc.c 2008-04-14 11:26:14.000000000 +0200 +@@ -495,7 +495,7 @@ + cpu_register_physical_memory(s->base, 0x100, iomemtype); + + graphic_console_init(ds, omap_update_display, +- omap_invalidate_display, omap_screen_dump, s); ++ omap_invalidate_display, omap_screen_dump, NULL, s); + + return s; + } +Index: qemu-0.9.1/hw/pl110.c +=================================================================== +--- qemu-0.9.1.orig/hw/pl110.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/pl110.c 2008-04-14 11:26:14.000000000 +0200 +@@ -426,7 +426,7 @@ + s->versatile = versatile; + s->irq = irq; + graphic_console_init(ds, pl110_update_display, pl110_invalidate_display, +- NULL, s); ++ NULL, NULL, s); + /* ??? Save/restore. */ + return s; + } +Index: qemu-0.9.1/hw/pxa2xx_lcd.c +=================================================================== +--- qemu-0.9.1.orig/hw/pxa2xx_lcd.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/pxa2xx_lcd.c 2008-04-14 11:26:14.000000000 +0200 +@@ -1002,7 +1002,7 @@ + cpu_register_physical_memory(base, 0x00100000, iomemtype); + + graphic_console_init(ds, pxa2xx_update_display, +- pxa2xx_invalidate_display, pxa2xx_screen_dump, s); ++ pxa2xx_invalidate_display, pxa2xx_screen_dump, NULL, s); + + switch (s->ds->depth) { + case 0: +Index: qemu-0.9.1/hw/ssd0303.c +=================================================================== +--- qemu-0.9.1.orig/hw/ssd0303.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/ssd0303.c 2008-04-14 11:26:14.000000000 +0200 +@@ -270,6 +270,6 @@ + s->i2c.recv = ssd0303_recv; + s->i2c.send = ssd0303_send; + graphic_console_init(ds, ssd0303_update_display, ssd0303_invalidate_display, +- NULL, s); ++ NULL, NULL, s); + dpy_resize(s->ds, 96 * MAGNIFY, 16 * MAGNIFY); + } +Index: qemu-0.9.1/hw/ssd0323.c +=================================================================== +--- qemu-0.9.1.orig/hw/ssd0323.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/ssd0323.c 2008-04-14 11:26:14.000000000 +0200 +@@ -280,7 +280,7 @@ + s = (ssd0323_state *)qemu_mallocz(sizeof(ssd0323_state)); + s->ds = ds; + graphic_console_init(ds, ssd0323_update_display, ssd0323_invalidate_display, +- NULL, s); ++ NULL, NULL, s); + dpy_resize(s->ds, 128 * MAGNIFY, 64 * MAGNIFY); + s->col_end = 63; + s->row_end = 79; +Index: qemu-0.9.1/hw/tcx.c +=================================================================== +--- qemu-0.9.1.orig/hw/tcx.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/tcx.c 2008-04-14 11:26:14.000000000 +0200 +@@ -537,12 +537,13 @@ + s->cplane_offset = vram_offset; + cpu_register_physical_memory(addr + 0x0a000000ULL, size, vram_offset); + graphic_console_init(s->ds, tcx24_update_display, +- tcx24_invalidate_display, tcx24_screen_dump, s); ++ tcx24_invalidate_display, ++ tcx24_screen_dump, NULL, s); + } else { + cpu_register_physical_memory(addr + 0x00300000ULL, TCX_THC_NREGS_8, + dummy_memory); + graphic_console_init(s->ds, tcx_update_display, tcx_invalidate_display, +- tcx_screen_dump, s); ++ tcx_screen_dump, NULL, s); + } + // NetBSD writes here even with 8-bit display + cpu_register_physical_memory(addr + 0x00301000ULL, TCX_THC_NREGS_24, +Index: qemu-0.9.1/hw/vga.c +=================================================================== +--- qemu-0.9.1.orig/hw/vga.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/vga.c 2008-04-14 11:26:14.000000000 +0200 +@@ -1152,7 +1152,7 @@ + } + + if (width != s->last_width || height != s->last_height || +- cw != s->last_cw || cheight != s->last_ch) { ++ cw != s->last_cw || cheight != s->last_ch || s->message_screen) { + s->last_scr_width = width * cw; + s->last_scr_height = height * cheight; + dpy_resize(s->ds, s->last_scr_width, s->last_scr_height); +@@ -1160,6 +1160,7 @@ + s->last_height = height; + s->last_ch = cheight; + s->last_cw = cw; ++ s->message_screen = 0; + full_update = 1; + } + cursor_offset = ((s->cr[0x0e] << 8) | s->cr[0x0f]) - s->start_addr; +@@ -1660,6 +1661,167 @@ + s->graphic_mode = -1; /* force full update */ + } + ++#define TEXTMODE_X(x) ((x) % width) ++#define TEXTMODE_Y(x) ((x) / width) ++#define VMEM2CHTYPE(v) ((v & 0xff0007ff) | \ ++ ((v & 0x00000800) << 10) | ((v & 0x00007000) >> 1)) ++/* relay text rendering to the display driver ++ * instead of doing a full vga_update_display() */ ++static void vga_update_text(void *opaque, console_ch_t *chardata) ++{ ++ VGAState *s = (VGAState *) opaque; ++ int graphic_mode, i, cursor_offset, cursor_visible; ++ int cw, cheight, width, height, size, c_min, c_max; ++ uint32_t *src; ++ console_ch_t *dst, val; ++ char msg_buffer[80]; ++ int full_update; ++ full_update = 0; ++ ++ if (!(s->ar_index & 0x20)) { ++ graphic_mode = GMODE_BLANK; ++ } else { ++ graphic_mode = s->gr[6] & 1; ++ } ++ if (graphic_mode != s->graphic_mode) { ++ s->graphic_mode = graphic_mode; ++ full_update = 1; ++ } ++ if (s->last_width == -1) { ++ s->last_width = 0; ++ full_update = 1; ++ } ++ ++ switch (graphic_mode) { ++ case GMODE_TEXT: ++ /* TODO: update palette */ ++ full_update |= update_basic_params(s); ++ ++ /* total width & height */ ++ cheight = (s->cr[9] & 0x1f) + 1; ++ cw = 8; ++ if (!(s->sr[1] & 0x01)) ++ cw = 9; ++ if (s->sr[1] & 0x08) ++ cw = 16; /* NOTE: no 18 pixel wide */ ++ width = (s->cr[0x01] + 1); ++ if (s->cr[0x06] == 100) { ++ /* ugly hack for CGA 160x100x16 - explain me the logic */ ++ height = 100; ++ } else { ++ height = s->cr[0x12] | ++ ((s->cr[0x07] & 0x02) << 7) | ++ ((s->cr[0x07] & 0x40) << 3); ++ height = (height + 1) / cheight; ++ } ++ ++ size = (height * width); ++ if (size > CH_ATTR_SIZE) { ++ if (!full_update) ++ return; ++ ++ sprintf(msg_buffer, "%i x %i Text mode", width, height); ++ break; ++ } ++ ++ if (width != s->last_width || height != s->last_height || ++ cw != s->last_cw || cheight != s->last_ch || s->message_screen) { ++ s->last_scr_width = width * cw; ++ s->last_scr_height = height * cheight; ++ dpy_resize(s->ds, width, height); ++ s->last_width = width; ++ s->last_height = height; ++ s->last_ch = cheight; ++ s->last_cw = cw; ++ s->message_screen = 0; ++ full_update = 1; ++ } ++ ++ /* Update "hardware" cursor */ ++ cursor_offset = ((s->cr[0x0e] << 8) | s->cr[0x0f]) - s->start_addr; ++ if (cursor_offset != s->cursor_offset || ++ s->cr[0xa] != s->cursor_start || ++ s->cr[0xb] != s->cursor_end || full_update) { ++ cursor_visible = !(s->cr[0xa] & 0x20); ++ if (cursor_visible && cursor_offset < size && cursor_offset >= 0) ++ dpy_cursor(s->ds, ++ TEXTMODE_X(cursor_offset), ++ TEXTMODE_Y(cursor_offset)); ++ else ++ dpy_cursor(s->ds, -1, -1); ++ s->cursor_offset = cursor_offset; ++ s->cursor_start = s->cr[0xa]; ++ s->cursor_end = s->cr[0xb]; ++ } ++ ++ src = (uint32_t *) s->vram_ptr + s->start_addr; ++ dst = chardata; ++ ++ if (full_update) { ++ for (i = 0; i < size; src ++, dst ++, i ++) ++ console_write_ch(dst, VMEM2CHTYPE(*src)); ++ ++ dpy_update(s->ds, 0, 0, width, height); ++ } else { ++ c_max = 0; ++ ++ for (i = 0; i < size; src ++, dst ++, i ++) { ++ console_write_ch(&val, VMEM2CHTYPE(*src)); ++ if (*dst != val) { ++ *dst = val; ++ c_max = i; ++ break; ++ } ++ } ++ c_min = i; ++ for (; i < size; src ++, dst ++, i ++) { ++ console_write_ch(&val, VMEM2CHTYPE(*src)); ++ if (*dst != val) { ++ *dst = val; ++ c_max = i; ++ } ++ } ++ ++ if (c_min <= c_max) { ++ i = TEXTMODE_Y(c_min); ++ dpy_update(s->ds, 0, i, width, TEXTMODE_Y(c_max) - i + 1); ++ } ++ } ++ ++ return; ++ case GMODE_GRAPH: ++ if (!full_update) ++ return; ++ ++ s->get_resolution(s, &width, &height); ++ sprintf(msg_buffer, "%i x %i Graphic mode", width, height); ++ break; ++ case GMODE_BLANK: ++ default: ++ if (!full_update) ++ return; ++ ++ sprintf(msg_buffer, "VGA Blank mode"); ++ break; ++ } ++ ++ /* Display a message */ ++ dpy_cursor(s->ds, -1, -1); ++ dpy_resize(s->ds, 60, 3); ++ s->message_screen = 1; ++ ++ for (dst = chardata, i = 0; i < 60 * 3; i ++) ++ console_write_ch(dst ++, ' '); ++ ++ size = strlen(msg_buffer); ++ width = (60 - size) / 2; ++ dst = chardata + 60 + width; ++ for (i = 0; i < size; i ++) ++ console_write_ch(dst ++, 0x00200100 | msg_buffer[i]); ++ ++ dpy_update(s->ds, 0, 0, 60, 3); ++} ++ + static CPUReadMemoryFunc *vga_mem_read[3] = { + vga_mem_readb, + vga_mem_readw, +@@ -1830,6 +1992,7 @@ + s->update = vga_update_display; + s->invalidate = vga_invalidate_display; + s->screen_dump = vga_screen_dump; ++ s->text_update = vga_update_text; + } + + /* used by both ISA and PCI */ +@@ -1971,7 +2134,8 @@ + vga_common_init(s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); + vga_init(s); + +- graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s); ++ graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, ++ s->text_update, s); + + #ifdef CONFIG_BOCHS_VBE + /* XXX: use optimized standard vga accesses */ +@@ -1995,7 +2159,8 @@ + vga_common_init(s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); + vga_mm_init(s, vram_base, ctrl_base, it_shift); + +- graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s); ++ graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, ++ s->text_update, s); + + #ifdef CONFIG_BOCHS_VBE + /* XXX: use optimized standard vga accesses */ +@@ -2023,7 +2188,8 @@ + vga_common_init(s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); + vga_init(s); + +- graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s); ++ graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, ++ s->text_update, s); + + s->pci_dev = &d->dev; + +Index: qemu-0.9.1/hw/vga_int.h +=================================================================== +--- qemu-0.9.1.orig/hw/vga_int.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/vga_int.h 2008-04-14 11:26:14.000000000 +0200 +@@ -129,6 +129,7 @@ + uint32_t line_compare; \ + uint32_t start_addr; \ + uint32_t plane_updated; \ ++ int message_screen; \ + uint8_t last_cw, last_ch; \ + uint32_t last_width, last_height; /* in chars or pixels */ \ + uint32_t last_scr_width, last_scr_height; /* in pixels */ \ +@@ -139,6 +140,7 @@ + vga_hw_update_ptr update; \ + vga_hw_invalidate_ptr invalidate; \ + vga_hw_screen_dump_ptr screen_dump; \ ++ vga_hw_text_update_ptr text_update; \ + /* hardware mouse cursor support */ \ + uint32_t invalidated_y_table[VGA_MAX_HEIGHT / 32]; \ + void (*cursor_invalidate)(struct VGAState *s); \ +Index: qemu-0.9.1/hw/vmware_vga.c +=================================================================== +--- qemu-0.9.1.orig/hw/vmware_vga.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/vmware_vga.c 2008-04-14 11:26:14.000000000 +0200 +@@ -949,6 +949,14 @@ + } + } + ++static void vmsvga_text_update(void *opaque, console_ch_t *chardata) ++{ ++ struct vmsvga_state_s *s = (struct vmsvga_state_s *) opaque; ++ ++ if (s->text_update) ++ s->text_update(opaque, chardata); ++} ++ + #ifdef DIRECT_VRAM + static uint32_t vmsvga_vram_readb(void *opaque, target_phys_addr_t addr) + { +@@ -1114,7 +1122,8 @@ + 1, 4, vmsvga_bios_write, s); + + graphic_console_init(ds, vmsvga_update_display, +- vmsvga_invalidate_display, vmsvga_screen_dump, s); ++ vmsvga_invalidate_display, vmsvga_screen_dump, ++ vmsvga_text_update, s); + + #ifdef EMBED_STDVGA + vga_common_init((VGAState *) s, ds, +Index: qemu-0.9.1/monitor.c +=================================================================== +--- qemu-0.9.1.orig/monitor.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/monitor.c 2008-04-14 11:26:14.000000000 +0200 +@@ -824,6 +824,8 @@ + { 0x31, "n" }, + { 0x32, "m" }, + ++ { 0x37, "asterisk" }, ++ + { 0x39, "spc" }, + { 0x3a, "caps_lock" }, + { 0x3b, "f1" }, +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-04-14 11:27:19.000000000 +0200 +@@ -172,6 +172,7 @@ + int vga_ram_size; + static DisplayState display_state; + int nographic; ++int curses; + const char* keyboard_layout = NULL; + int64_t ticks_per_sec; + int ram_size; +@@ -7608,6 +7609,9 @@ + " (default is CL-GD5446 PCI VGA)\n" + "-no-acpi disable ACPI\n" + #endif ++#ifdef CONFIG_CURSES ++ "-curses use a curses/ncurses interface instead of SDL\n" ++#endif + "-no-reboot exit instead of rebooting\n" + "-loadvm file start right away with a saved state (loadvm in monitor)\n" + "-vnc display start a VNC server on display\n" +@@ -7712,6 +7716,7 @@ + QEMU_OPTION_smp, + QEMU_OPTION_vnc, + QEMU_OPTION_no_acpi, ++ QEMU_OPTION_curses, + QEMU_OPTION_no_reboot, + QEMU_OPTION_show_cursor, + QEMU_OPTION_daemonize, +@@ -7808,6 +7813,9 @@ + { "usbdevice", HAS_ARG, QEMU_OPTION_usbdevice }, + { "smp", HAS_ARG, QEMU_OPTION_smp }, + { "vnc", HAS_ARG, QEMU_OPTION_vnc }, ++#ifdef CONFIG_CURSES ++ { "curses", 0, QEMU_OPTION_curses }, ++#endif + + /* temporary options */ + { "usb", 0, QEMU_OPTION_usb }, +@@ -8134,6 +8142,7 @@ + #endif + snapshot = 0; + nographic = 0; ++ curses = 0; + kernel_filename = NULL; + kernel_cmdline = ""; + cyls = heads = secs = 0; +@@ -8310,6 +8319,11 @@ + pstrcpy(monitor_device, sizeof(monitor_device), "stdio"); + nographic = 1; + break; ++#ifdef CONFIG_CURSES ++ case QEMU_OPTION_curses: ++ curses = 1; ++ break; ++#endif + case QEMU_OPTION_portrait: + graphic_rotate = 1; + break; +@@ -8850,13 +8864,23 @@ + /* terminal init */ + memset(&display_state, 0, sizeof(display_state)); + if (nographic) { ++ if (curses) { ++ fprintf(stderr, "fatal: -nographic can't be used with -curses\n"); ++ exit(1); ++ } + /* nearly nothing to do */ + dumb_display_init(ds); + } else if (vnc_display != NULL) { + vnc_display_init(ds); + if (vnc_display_open(ds, vnc_display) < 0) + exit(1); +- } else { ++ } else ++#if defined(CONFIG_CURSES) ++ if (curses) { ++ curses_display_init(ds, full_screen); ++ } else ++#endif ++ { + #if defined(CONFIG_SDL) + sdl_display_init(ds, full_screen, no_frame); + #elif defined(CONFIG_COCOA) +Index: qemu-0.9.1/vnc.c +=================================================================== +--- qemu-0.9.1.orig/vnc.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/vnc.c 2008-04-14 11:26:14.000000000 +0200 +@@ -954,6 +954,7 @@ + return; + } + break; ++ case 0x3a: /* CapsLock */ + case 0x45: /* NumLock */ + if (!down) + vs->modifiers_state[keycode] ^= 1; +Index: qemu-0.9.1/qemu-doc.texi +=================================================================== +--- qemu-0.9.1.orig/qemu-doc.texi 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/qemu-doc.texi 2008-04-14 11:27:19.000000000 +0200 +@@ -390,6 +390,12 @@ + the console. Therefore, you can still use QEMU to debug a Linux kernel + with a serial console. + ++@item -curses ++ ++Normally, QEMU uses SDL to display the VGA output. With this option, ++QEMU can display the VGA output when in text mode using a ++curses/ncurses interface. Nothing is displayed in graphical mode. ++ + @item -no-frame + + Do not use decorations for SDL windows and start them using the whole --- qemu-0.9.1.orig/debian/patches/61_pseudotty.patch +++ qemu-0.9.1/debian/patches/61_pseudotty.patch @@ -0,0 +1,95 @@ +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-11-19 23:20:46.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-11-19 23:20:49.000000000 +0200 +@@ -2203,28 +2203,78 @@ + return chr; + } + ++#ifdef __sun__ ++/* Once Solaris has openpty(), this is going to be removed. */ ++int openpty(int *amaster, int *aslave, char *name, ++ struct termios *termp, struct winsize *winp) ++{ ++ const char *slave; ++ int mfd = -1, sfd = -1; ++ ++ *amaster = *aslave = -1; ++ ++ mfd = open("/dev/ptmx", O_RDWR | O_NOCTTY); ++ if (mfd < 0) ++ goto err; ++ ++ if (grantpt(mfd) == -1 || unlockpt(mfd) == -1) ++ goto err; ++ ++ if ((slave = ptsname(mfd)) == NULL) ++ goto err; ++ ++ if ((sfd = open(slave, O_RDONLY | O_NOCTTY)) == -1) ++ goto err; ++ ++ if (ioctl(sfd, I_PUSH, "ptem") == -1 || ++ (termp != NULL && tcgetattr(sfd, termp) < 0)) ++ goto err; ++ ++ if (amaster) ++ *amaster = mfd; ++ if (aslave) ++ *aslave = sfd; ++ if (winp) ++ ioctl(sfd, TIOCSWINSZ, winp); ++ ++ return 0; ++ ++err: ++ if (sfd != -1) ++ close(sfd); ++ close(mfd); ++ return -1; ++} ++ ++void cfmakeraw (struct termios *termios_p) ++{ ++ termios_p->c_iflag &= ++ ~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON); ++ termios_p->c_oflag &= ~OPOST; ++ termios_p->c_lflag &= ~(ECHO|ECHONL|ICANON|ISIG|IEXTEN); ++ termios_p->c_cflag &= ~(CSIZE|PARENB); ++ termios_p->c_cflag |= CS8; ++ ++ termios_p->c_cc[VMIN] = 0; ++ termios_p->c_cc[VTIME] = 0; ++} ++#endif ++ + #if defined(__linux__) || defined(__sun__) + static CharDriverState *qemu_chr_open_pty(void) + { + struct termios tty; +- char slave_name[1024]; + int master_fd, slave_fd; + +-#if defined(__linux__) +- /* Not satisfying */ +- if (openpty(&master_fd, &slave_fd, slave_name, NULL, NULL) < 0) { ++ if (openpty(&master_fd, &slave_fd, NULL, NULL, NULL) < 0) { + return NULL; + } +-#endif + +- /* Disabling local echo and line-buffered output */ +- tcgetattr (master_fd, &tty); +- tty.c_lflag &= ~(ECHO|ICANON|ISIG); +- tty.c_cc[VMIN] = 1; +- tty.c_cc[VTIME] = 0; +- tcsetattr (master_fd, TCSAFLUSH, &tty); ++ /* Set raw attributes on the pty. */ ++ cfmakeraw(&tty); ++ tcsetattr(slave_fd, TCSAFLUSH, &tty); + +- fprintf(stderr, "char device redirected to %s\n", slave_name); ++ fprintf(stderr, "char device redirected to %s\n", ptsname(master_fd)); + return qemu_chr_open_fd(master_fd, master_fd); + } + --- qemu-0.9.1.orig/debian/patches/series +++ qemu-0.9.1/debian/patches/series @@ -0,0 +1,52 @@ +01_nostrip.patch +02_snapshot_use_tmpdir.patch -p0 +04_do_not_print_rtc_freq_if_ok.patch +05_non-fatal_if_linux_hd_missing.patch +06_exit_segfault.patch -p0 +07_i386_exec_name.patch +10_signal_jobs.patch -p0 +11_signal_sigaction.patch -p0 +12_signal_powerpc_support.patch -p0 +21_net_soopts.patch -p0 +22_net_tuntap_stall.patch -p0 +30_syscall_ipc.patch -p0 +31_syscalls.patch +32_syscall_sysctl.patch -p0 +33_syscall_ppc_clone.patch -p0 +35_syscall_sockaddr.patch +39_syscall_fadvise64.patch -p0 +41_arm_fpa_sigfpe.patch -p0 +42_arm_tls.patch +#43_arm_cpustate.patch +50_linuxbios_isa_bios_ram.patch -p0 +51_linuxbios_piix_ram_size.patch -p0 +53_openbios_size.patch +55_unmux_socketcall.patch +60_ppc_ld.patch +61_pseudotty.patch +62_fix-ptyblocking.patch +63_sparc_build.patch -p0 +64_ppc_asm_constraints.patch +65_kfreebsd.patch +66_tls_ld.patch -p0 +70_manpage.patch -p0 +71_doc.patch +80_ui_curses.patch +81_mips32r2_fpu.patch +82_mips_abs.patch +83_usb-serial.patch +84_rtl8139.patch +85_vvfat.patch +86_df.patch +87_eoi.patch +88_dma.patch +89_braille.patch +90_security.patch +91_security.patch +92_no_shutdown.patch +93_tmpfs.patch +94_security.patch +95_security.patch +96_security.patch +97_security.patch +98_security.patch --- qemu-0.9.1.orig/debian/patches/12_signal_powerpc_support.patch +++ qemu-0.9.1/debian/patches/12_signal_powerpc_support.patch @@ -0,0 +1,476 @@ +Index: linux-user/signal.c +=================================================================== +--- linux-user/signal.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/signal.c 2008-04-14 11:26:14.000000000 +0200 +@@ -2,6 +2,7 @@ + * Emulation of Linux signals + * + * Copyright (c) 2003 Fabrice Bellard ++ * Copyright (c) 2005 Josh Triplett + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -16,6 +17,12 @@ + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ * ++ * Various portions adapted from the Linux kernel: ++ * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) ++ * Derived from "arch/i386/kernel/signal.c" ++ * Copyright (C) 1991, 1992 Linus Torvalds ++ * 1997-11-28 Modified for POSIX.1b signals by Richard Henderson + */ + #include + #include +@@ -2717,6 +2724,370 @@ + return 0; + } + ++#elif defined(TARGET_PPC) ++/* Adapted from the Linux kernel: ++ * arch/ppc/kernel/signal.c ++ * include/asm-ppc/elf.h ++ * include/asm-ppc/ptrace.h ++ * include/asm-ppc/sigcontext.h ++ * include/asm-ppc/ucontext.h ++ */ ++ ++/* ++ * When we have signals to deliver, we set up on the ++ * user stack, going down from the original stack pointer: ++ * a sigregs struct ++ * a sigcontext struct ++ * a gap of __SIGNAL_FRAMESIZE bytes ++ * ++ * Each of these things must be a multiple of 16 bytes in size. ++ * ++ */ ++ ++#define TARGET_ELF_NGREG 48 /* includes nip, msr, lr, etc. */ ++#define TARGET_ELF_NFPREG 33 /* includes fpscr */ ++#define TARGET_ELF_NVRREG 33 /* includes vscr */ ++ ++/* General registers */ ++typedef unsigned long target_elf_greg_t; ++typedef target_elf_greg_t target_elf_gregset_t[TARGET_ELF_NGREG]; ++ ++/* Floating point registers */ ++typedef double target_elf_fpreg_t; ++typedef target_elf_fpreg_t target_elf_fpregset_t[TARGET_ELF_NFPREG]; ++ ++/* Altivec registers */ ++/* FIXME: Altivec not supported yet. */ ++/* typedef __vector128 elf_vrreg_t; */ ++typedef uint64_t target_elf_vrreg_t[2]; ++typedef target_elf_vrreg_t target_elf_vrregset_t[TARGET_ELF_NVRREG]; ++ ++struct target_mcontext { ++ target_elf_gregset_t mc_gregs; ++ target_elf_fpregset_t mc_fregs; ++ /* The kernel calls this mc_pad, but does #define tramp mc_pad */ ++ target_ulong tramp[2]; ++ target_elf_vrregset_t mc_vregs __attribute__((__aligned__(16))); ++}; ++ ++struct target_sigregs { ++ struct target_mcontext mctx; /* all the register values */ ++ /* Programs using the rs6000/xcoff abi can save up to 19 gp regs ++ and 18 fp regs below sp before decrementing it. */ ++ int abigap[56]; ++}; ++ ++struct target_sigcontext { ++ target_ulong _unused[4]; ++ uint32_t signal; ++ target_ulong handler; ++ target_ulong oldmask; ++ struct target_pt_regs *regs; ++}; ++ ++#define __SIGNAL_FRAMESIZE 64 ++ ++static int ++save_user_regs(CPUState *env, struct target_mcontext *frame, int sigret) ++{ ++ /* save general and floating-point registers */ ++#if 0 /* FIXME: handle floating-point, Altivec, SPE */ ++ CHECK_FULL_REGS(regs); ++ preempt_disable(); ++ if (regs->msr & MSR_FP) ++ giveup_fpu(current); ++#ifdef CONFIG_ALTIVEC ++ if (current->thread.used_vr && (regs->msr & MSR_VEC)) ++ giveup_altivec(current); ++#endif /* CONFIG_ALTIVEC */ ++#ifdef CONFIG_SPE ++ if (current->thread.used_spe && (regs->msr & MSR_SPE)) ++ giveup_spe(current); ++#endif /* CONFIG_ALTIVEC */ ++ preempt_enable(); ++#endif /* 0 */ ++ ++ /* Note: this needs to be in the same order as target_pt_regs */ ++ if(!memcpy(&frame->mc_gregs, env->gpr, ++ 32*sizeof(target_elf_greg_t)) ++ || __put_user(env->nip, &frame->mc_gregs[32]) ++ || __put_user(env->msr, &frame->mc_gregs[33]) ++ /* FIXME: || __put_user(orig_gpr3, &frame->mc_gregs[34]) */ ++ || __put_user(env->ctr, &frame->mc_gregs[35]) ++ || __put_user(env->lr, &frame->mc_gregs[36]) ++ || __put_user(ppc_load_xer(env), &frame->mc_gregs[37]) ++ || __put_user(ppc_load_cr(env), &frame->mc_gregs[38]) ++ || __put_user(env->spr[SPR_MQ], &frame->mc_gregs[39]) ++ /* FIXME: || __put_user(trap, &frame->mc_gregs[40]) */ ++ || __put_user(env->spr[SPR_DAR], &frame->mc_gregs[41]) ++ || __put_user(env->spr[SPR_DSISR], &frame->mc_gregs[42]) ++ /* FIXME: || __put_user(result, &frame->mc_gregs[43]) */) ++ return 1; ++ ++ if(!memcpy(&frame->mc_fregs, env->fpr, ++ 32*sizeof(target_elf_fpreg_t)) ++ || __put_user(ppc_load_fpscr(env), &frame->mc_fregs[32])) ++ ++ ppc_store_fpscr(env, 0, 0xFF); /* turn off all fp exceptions */ ++ ++#if 0 /* FIXME: handle Altivec, SPE */ ++#ifdef CONFIG_ALTIVEC ++ /* save altivec registers */ ++ if (current->thread.used_vr) { ++ if (!memcpy(&frame->mc_vregs, current->thread.vr, ++ ELF_NVRREG * sizeof(vector128))) ++ return 1; ++ /* set MSR_VEC in the saved MSR value to indicate that ++ frame->mc_vregs contains valid data */ ++ if (__put_user(regs->msr | MSR_VEC, &frame->mc_gregs[PT_MSR])) ++ return 1; ++ } ++ /* else assert((regs->msr & MSR_VEC) == 0) */ ++ ++ /* We always copy to/from vrsave, it's 0 if we don't have or don't ++ * use altivec. Since VSCR only contains 32 bits saved in the least ++ * significant bits of a vector, we "cheat" and stuff VRSAVE in the ++ * most significant bits of that same vector. --BenH ++ */ ++ if (__put_user(current->thread.vrsave, (u32 __user *)&frame->mc_vregs[32])) ++ return 1; ++#endif /* CONFIG_ALTIVEC */ ++ ++#ifdef CONFIG_SPE ++ /* save spe registers */ ++ if (current->thread.used_spe) { ++ if (!memcpy(&frame->mc_vregs, current->thread.evr, ++ ELF_NEVRREG * sizeof(u32))) ++ return 1; ++ /* set MSR_SPE in the saved MSR value to indicate that ++ frame->mc_vregs contains valid data */ ++ if (__put_user(regs->msr | MSR_SPE, &frame->mc_gregs[PT_MSR])) ++ return 1; ++ } ++ /* else assert((regs->msr & MSR_SPE) == 0) */ ++ ++ /* We always copy to/from spefscr */ ++ if (__put_user(current->thread.spefscr, (u32 *)&frame->mc_vregs + ELF_NEVRREG)) ++ return 1; ++#endif /* CONFIG_SPE */ ++#endif /* 0 */ ++ ++ if (sigret) { ++ /* Set up the sigreturn trampoline: li r0,sigret; sc */ ++ if (__put_user(0x38000000UL + sigret, &frame->tramp[0]) ++ || __put_user(0x44000002UL, &frame->tramp[1])) ++ return 1; ++#if 0 ++ flush_icache_range((unsigned long) &frame->tramp[0], ++ (unsigned long) &frame->tramp[2]); ++#endif ++ } ++ ++ return 0; ++} ++ ++static int ++restore_user_regs(CPUState *env, struct target_mcontext *sr, int sig) ++{ ++ target_ulong save_r2 = 0; ++ target_ulong saved_cr; ++ target_ulong saved_xer; ++ double saved_fpscr; ++ ++#if 0 /* FIXME: handle Altivec, SPE */ ++#if defined(CONFIG_ALTIVEC) || defined(CONFIG_SPE) ++ unsigned long msr; ++#endif ++#endif /* 0 */ ++ ++ /* backup/restore the TLS as we don't want it to be modified */ ++ if (!sig) ++ save_r2 = env->gpr[2]; ++ ++ /* Copy all registers except MSR */ ++ /* Note: this needs to be in the same order as target_pt_regs */ ++ if(!memcpy(env->gpr, &sr->mc_gregs, ++ 32*sizeof(target_elf_greg_t)) ++ || __get_user(env->nip, &sr->mc_gregs[32]) ++ /* FIXME: || __get_user(orig_gpr3, &sr->mc_gregs[34]) */ ++ || __get_user(env->ctr, &sr->mc_gregs[35]) ++ || __get_user(env->lr, &sr->mc_gregs[36]) ++ || __get_user(saved_xer, &sr->mc_gregs[37]) ++ || __get_user(saved_cr, &sr->mc_gregs[38]) ++ || __get_user(env->spr[SPR_MQ], &sr->mc_gregs[39]) ++ /* FIXME: || __get_user(trap, &sr->mc_gregs[40]) */ ++ || __get_user(env->spr[SPR_DAR], &sr->mc_gregs[41]) ++ || __get_user(env->spr[SPR_DSISR], &sr->mc_gregs[42]) ++ /* FIXME: || __get_user(result, &sr->mc_gregs[43]) */) ++ return 1; ++ ppc_store_xer(env, saved_xer); ++ ppc_store_cr(env, saved_cr, 0xFF); ++ ++ if (!sig) ++ env->gpr[2] = save_r2; ++ ++ /* The kernel delays restoring the floating-point registers until the ++ * thread uses floating-point again. For simplicity, just restore the ++ * registers now. */ ++ if(!memcpy(env->fpr, &sr->mc_fregs, ++ 32*sizeof(target_elf_fpreg_t)) ++ || __get_user(saved_fpscr, &sr->mc_fregs[32])) ++ return 1; ++ ppc_store_fpscr(env, saved_fpscr, 0xFF); ++ ++#if 0 /* FIXME: handle Altivec, SPE */ ++#ifdef CONFIG_ALTIVEC ++ /* force the process to reload the altivec registers from ++ current->thread when it next does altivec instructions */ ++ regs->msr &= ~MSR_VEC; ++ if (!__get_user(msr, &sr->mc_gregs[PT_MSR]) && (msr & MSR_VEC) != 0) { ++ /* restore altivec registers from the stack */ ++ if (!memcpy(current->thread.vr, &sr->mc_vregs, ++ sizeof(sr->mc_vregs))) ++ return 1; ++ } else if (current->thread.used_vr) ++ memset(¤t->thread.vr, 0, ELF_NVRREG * sizeof(vector128)); ++ ++ /* Always get VRSAVE back */ ++ if (__get_user(current->thread.vrsave, (u32 __user *)&sr->mc_vregs[32])) ++ return 1; ++#endif /* CONFIG_ALTIVEC */ ++ ++#ifdef CONFIG_SPE ++ /* force the process to reload the spe registers from ++ current->thread when it next does spe instructions */ ++ regs->msr &= ~MSR_SPE; ++ if (!__get_user(msr, &sr->mc_gregs[PT_MSR]) && (msr & MSR_SPE) != 0) { ++ /* restore spe registers from the stack */ ++ if (!memcpy(current->thread.evr, &sr->mc_vregs, ++ ELF_NEVRREG * sizeof(u32))) ++ return 1; ++ } else if (current->thread.used_spe) ++ memset(¤t->thread.evr, 0, ELF_NEVRREG * sizeof(u32)); ++ ++ /* Always get SPEFSCR back */ ++ if (__get_user(current->thread.spefscr, (u32 *)&sr->mc_vregs + ELF_NEVRREG)) ++ return 1; ++#endif /* CONFIG_SPE */ ++#endif /* 0 */ ++ ++#if 0 /* FIXME: handle floating-point, Altivec, SPE */ ++#ifndef CONFIG_SMP ++ preempt_disable(); ++ if (last_task_used_math == current) ++ last_task_used_math = NULL; ++ if (last_task_used_altivec == current) ++ last_task_used_altivec = NULL; ++ if (last_task_used_spe == current) ++ last_task_used_spe = NULL; ++ preempt_enable(); ++#endif ++#endif /* 0 */ ++ return 0; ++} ++ ++static void setup_frame(int sig, struct emulated_sigaction *ka, ++ target_sigset_t *oldset, CPUState *env) ++{ ++ struct target_sigcontext *sc; ++ struct target_sigregs *frame; ++ target_ulong origsp = env->gpr[1]; ++ target_ulong newsp = origsp; ++ ++ /* Set up Signal Frame */ ++ newsp -= sizeof(struct target_sigregs); ++ frame = (struct target_sigregs *) newsp; ++ ++ /* Put a sigcontext on the stack */ ++ newsp -= sizeof(*sc); ++ sc = (struct target_sigcontext *) newsp; ++ ++ /* create a stack frame for the caller of the handler */ ++ newsp -= __SIGNAL_FRAMESIZE; ++ ++ if (!access_ok(VERIFY_WRITE, (void *) newsp, origsp - newsp)) ++ goto badframe; ++ ++#if TARGET_NSIG != 64 ++#error "Please adjust handle_signal()" ++#endif ++ if (__put_user((target_ulong) ka->sa._sa_handler, &sc->handler) ++ || __put_user(oldset->sig[0], &sc->oldmask) ++ || __put_user(oldset->sig[1], &sc->_unused[3]) ++ || __put_user(frame, (target_ulong *)&sc->regs) ++ || __put_user(sig, &sc->signal)) ++ goto badframe; ++ ++ if (save_user_regs(env, &frame->mctx, TARGET_NR_sigreturn)) ++ goto badframe; ++ ++ if (__put_user(env->gpr[1], (unsigned long *)newsp)) ++ goto badframe; ++ env->gpr[1] = newsp; ++ env->gpr[3] = sig; ++ env->gpr[4] = (unsigned long) sc; ++ env->nip = (unsigned long) ka->sa._sa_handler; ++ env->lr = (unsigned long) frame->mctx.tramp; ++ /* FIXME: env->trap = 0; */ ++ ++ return; ++ ++badframe: ++#ifdef DEBUG_SIGNAL ++ fprintf(stderr, ++ "badframe in handle_signal, frame=%p newsp=%lx\n", ++ frame, newsp); ++#endif ++ force_sig(TARGET_SIGSEGV); ++} ++ ++static void setup_rt_frame(int sig, struct emulated_sigaction *ka, ++ target_siginfo_t *info, ++ target_sigset_t *set, CPUState *env) ++{ ++ fprintf(stderr, "setup_rt_frame: not implemented\n"); ++} ++ ++long do_sigreturn(CPUState *env) ++{ ++ struct target_sigcontext *sc; ++ struct target_sigcontext sigctx; ++ struct target_mcontext *sr; ++ target_sigset_t set; ++ sigset_t host_set; ++ ++ /* Always make any pending restarted system calls return -EINTR */ ++#if 0 /* FIXME */ ++ current_thread_info()->restart_block.fn = do_no_restart_syscall; ++#endif ++ ++ sc = (struct target_sigcontext *)(env->gpr[1] + __SIGNAL_FRAMESIZE); ++ if (!memcpy(&sigctx, sc, sizeof(sigctx))) ++ goto badframe; ++ ++ set.sig[0] = sigctx.oldmask; ++ set.sig[1] = sigctx._unused[3]; ++ target_to_host_sigset_internal(&host_set, &set); ++ sigprocmask(SIG_SETMASK, &host_set, NULL); ++ ++ sr = (struct target_mcontext *) tswapl((target_ulong)sigctx.regs); ++ if (!access_ok(VERIFY_READ, sr, sizeof(*sr)) ++ || restore_user_regs(env, sr, 1)) ++ goto badframe; ++ ++ return 0; ++ ++badframe: ++ force_sig(TARGET_SIGSEGV); ++ return 0; ++} ++ ++long do_rt_sigreturn(CPUState *env) ++{ ++ fprintf(stderr, "do_rt_sigreturn: not implemented\n"); ++ return -ENOSYS; ++} ++ + #else + + static void setup_frame(int sig, struct emulated_sigaction *ka, +Index: target-ppc/cpu.h +=================================================================== +--- target-ppc/cpu.h.orig 2008-01-06 20:38:45.000000000 +0100 ++++ target-ppc/cpu.h 2008-04-14 11:26:14.000000000 +0200 +@@ -742,6 +742,10 @@ + target_ulong ppc_load_xer (CPUPPCState *env); + void ppc_store_xer (CPUPPCState *env, target_ulong value); + void ppc_store_msr (CPUPPCState *env, target_ulong value); ++float64 ppc_load_fpscr(CPUPPCState *env); ++void ppc_store_fpscr(CPUPPCState *env, float64 f, uint32_t mask); ++uint32_t ppc_load_cr (CPUPPCState *env); ++void ppc_store_cr (CPUPPCState *env, uint32_t value, uint32_t mask); + + void cpu_ppc_reset (void *opaque); + +Index: target-ppc/helper.c +=================================================================== +--- target-ppc/helper.c.orig 2008-01-06 20:38:45.000000000 +0100 ++++ target-ppc/helper.c 2008-04-14 11:26:14.000000000 +0200 +@@ -2139,6 +2139,60 @@ + hreg_store_msr(env, value, 0); + } + ++#if defined(WORDS_BIGENDIAN) ++#define WORD0 0 ++#define WORD1 1 ++#else ++#define WORD0 1 ++#define WORD1 0 ++#endif ++float64 ppc_load_fpscr(CPUPPCState *env) ++{ ++ /* The 32 MSB of the target fpr are undefined. ++ * They'll be zero... ++ */ ++ union { ++ float64 d; ++ struct { ++ uint32_t u[2]; ++ } s; ++ } u; ++ ++ u.s.u[WORD0] = 0; ++ u.s.u[WORD1] = env->fpscr; ++ return u.d; ++} ++#undef WORD0 ++#undef WORD1 ++ ++void ppc_store_fpscr(CPUPPCState *env, float64 f, uint32_t mask) ++{ ++ env->ft0 = f; ++ do_store_fpscr(mask); ++} ++ ++uint32_t ppc_load_cr (CPUPPCState *env) ++{ ++ return (env->crf[0] << 28) | ++ (env->crf[1] << 24) | ++ (env->crf[2] << 20) | ++ (env->crf[3] << 16) | ++ (env->crf[4] << 12) | ++ (env->crf[5] << 8) | ++ (env->crf[6] << 4) | ++ (env->crf[7] << 0); ++} ++ ++void ppc_store_cr (CPUPPCState *env, uint32_t value, uint32_t mask) ++{ ++ int i, sh; ++ ++ for (i = 0, sh = 7; i < 8; i++, sh--) { ++ if (mask & (1 << sh)) ++ env->crf[i] = (value >> (sh * 4)) & 0xFUL; ++ } ++} ++ + /*****************************************************************************/ + /* Exception processing */ + #if defined (CONFIG_USER_ONLY) --- qemu-0.9.1.orig/debian/patches/22_net_tuntap_stall.patch +++ qemu-0.9.1/debian/patches/22_net_tuntap_stall.patch @@ -0,0 +1,13 @@ +Index: vl.c +=================================================================== +--- vl.c.orig 2008-04-14 11:26:13.000000000 +0200 ++++ vl.c 2008-04-14 11:27:19.000000000 +0200 +@@ -4085,7 +4085,7 @@ + return -1; + } + memset(&ifr, 0, sizeof(ifr)); +- ifr.ifr_flags = IFF_TAP | IFF_NO_PI; ++ ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE; + if (ifname[0] != '\0') + pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname); + else --- qemu-0.9.1.orig/debian/patches/56_dhcp.patch +++ qemu-0.9.1/debian/patches/56_dhcp.patch @@ -0,0 +1,23 @@ +diff --git a/slirp/bootp.c b/slirp/bootp.c +index 3ae3db2..6166ccc 100644 +--- a/slirp/bootp.c ++++ b/slirp/bootp.c +@@ -156,10 +156,15 @@ static void bootp_reply(struct bootp_t *bp) + + if (dhcp_msg_type == DHCPDISCOVER) { + new_addr: +- bc = get_new_addr(&daddr.sin_addr); ++ /* Try to find a previously assigned address */ ++ bc = find_addr(&daddr.sin_addr, bp->bp_hwaddr); + if (!bc) { +- dprintf("no address left\n"); +- return; ++ /* Try to find the next available address */ ++ bc = get_new_addr(&daddr.sin_addr); ++ if (!bc) { ++ dprintf("no address left\n"); ++ return; ++ } + } + memcpy(bc->macaddr, client_ethaddr, 6); + } else { --- qemu-0.9.1.orig/debian/patches/30_syscall_ipc.patch +++ qemu-0.9.1/debian/patches/30_syscall_ipc.patch @@ -0,0 +1,25 @@ +Index: linux-user/syscall.c +=================================================================== +--- linux-user/syscall.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/syscall.c 2008-04-14 11:27:37.000000000 +0200 +@@ -44,8 +44,10 @@ + #include + #include + #include ++#include + #include + #include ++#include + #include + #include + #include +@@ -2149,7 +2151,8 @@ + ret = get_errno(shmctl(first, second, NULL)); + break; + default: +- goto unimplemented; ++ ret = get_errno(shmctl(first, second, (struct shmid_ds *) ptr)); ++ break; + } + break; + default: --- qemu-0.9.1.orig/debian/patches/33_syscall_ppc_clone.patch +++ qemu-0.9.1/debian/patches/33_syscall_ppc_clone.patch @@ -0,0 +1,17 @@ +Index: linux-user/syscall.c +=================================================================== +--- linux-user/syscall.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/syscall.c 2008-04-14 11:27:37.000000000 +0200 +@@ -2861,11 +2861,7 @@ + if (!newsp) + newsp = env->gpr[1]; + new_env->gpr[1] = newsp; +- { +- int i; +- for (i = 7; i < 32; i++) +- new_env->gpr[i] = 0; +- } ++ new_env->gpr[3] = 0; + #elif defined(TARGET_SH4) + if (!newsp) + newsp = env->gregs[15]; --- qemu-0.9.1.orig/debian/patches/65_kfreebsd.patch +++ qemu-0.9.1/debian/patches/65_kfreebsd.patch @@ -0,0 +1,12 @@ +Index: qemu-0.9.1/configure +=================================================================== +--- qemu-0.9.1.orig/configure 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/configure 2008-04-14 11:27:19.000000000 +0200 +@@ -126,6 +126,7 @@ + ;; + GNU/kFreeBSD) + oss="yes" ++VL_OS_LDFLAGS="-lfreebsd" + if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then + kqemu="yes" + fi --- qemu-0.9.1.orig/debian/patches/21_net_soopts.patch +++ qemu-0.9.1/debian/patches/21_net_soopts.patch @@ -0,0 +1,204 @@ +Index: linux-user/syscall.c +=================================================================== +--- linux-user/syscall.c.orig 2008-01-06 20:38:42.000000000 +0100 ++++ linux-user/syscall.c 2008-04-14 11:27:37.000000000 +0200 +@@ -785,6 +785,28 @@ + return 0; + } + ++static inline void copy_to_user_linger(target_ulong target_addr, ++ struct linger *host_l) ++{ ++ struct target_linger *target_l; ++ ++ lock_user_struct(VERIFY_WRITE, target_l, target_addr, 0); ++ target_l->l_onoff = tswapl(host_l->l_onoff); ++ target_l->l_linger = tswapl(host_l->l_linger); ++ unlock_user_struct(target_l, target_addr, 1); ++} ++ ++static inline void copy_from_user_linger(struct linger *host_l, ++ target_ulong target_addr) ++{ ++ struct target_linger *target_l; ++ ++ lock_user_struct(VERIFY_WRITE, target_l, target_addr, 1); ++ host_l->l_onoff = tswapl(target_l->l_onoff); ++ host_l->l_linger = tswapl(target_l->l_linger); ++ unlock_user_struct(target_l, target_addr, 0); ++} ++ + /* do_setsockopt() Must return target values and target errnos. */ + static abi_long do_setsockopt(int sockfd, int level, int optname, + abi_ulong optval_addr, socklen_t optlen) +@@ -835,7 +857,6 @@ + break; + case TARGET_SOL_SOCKET: + switch (optname) { +- /* Options with 'int' argument. */ + case TARGET_SO_DEBUG: + optname = SO_DEBUG; + break; +@@ -892,17 +913,48 @@ + case TARGET_SO_SNDTIMEO: + optname = SO_SNDTIMEO; + break; +- break; ++ case TARGET_SO_LINGER: ++ optname = SO_LINGER; ++ break; + default: + goto unimplemented; + } + if (optlen < sizeof(uint32_t)) + return -TARGET_EINVAL; ++ switch (optname) { ++ /* Options with non-'int' argument. */ ++ case SO_RCVTIMEO: ++ case SO_SNDTIMEO: ++ { ++ struct timeval tval; ++ if(optlen < sizeof(struct target_timeval)) ++ return -TARGET_EINVAL; ++ copy_from_user_timeval(&tval,optval_addr); ++ ret = get_errno(setsockopt(sockfd, level, optname, &tval,sizeof(tval))); ++ } ++ break; ++ case SO_LINGER: ++ { ++ struct linger tmp; ++ if (optlen < sizeof(struct target_linger)) ++ return -TARGET_EINVAL; ++ optname = SO_LINGER; ++ copy_from_user_linger(&tmp,optval_addr); ++ ret = get_errno(setsockopt(sockfd, level, optname, &tmp, sizeof(tmp))); ++ } ++ break; ++ /* All remaning options take an 'int' argument. */ ++ default: ++ { ++ if (optlen < sizeof(uint32_t)) ++ return -TARGET_EINVAL; + +- if (get_user_u32(val, optval_addr)) +- return -TARGET_EFAULT; +- ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val))); +- break; ++ if (get_user_u32(val, optval_addr)) ++ return -TARGET_EFAULT; ++ ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val))); ++ } ++ break; ++ } + default: + unimplemented: + gemu_log("Unsupported setsockopt level=%d optname=%d \n", level, optname); +@@ -922,13 +974,57 @@ + case TARGET_SOL_SOCKET: + level = SOL_SOCKET; + switch (optname) { +- case TARGET_SO_LINGER: ++ case TARGET_SO_LINGER: { ++ if (get_user_u32(len, optlen)) ++ return -TARGET_EFAULT; ++ if(len < sizeof(struct target_linger)) ++ return -TARGET_EINVAL; ++ struct linger l; ++ len=sizeof(l); ++ ++ ret = get_errno(getsockopt(sockfd, level, optname, &l, &len)); ++ copy_to_user_linger(optval_addr,&l); ++ if (put_user_u32(optlen, sizeof(struct target_linger))) ++ return -TARGET_EFAULT; ++ } ++ break; ++ + case TARGET_SO_RCVTIMEO: +- case TARGET_SO_SNDTIMEO: +- case TARGET_SO_PEERCRED: ++ case TARGET_SO_SNDTIMEO: { ++ if (get_user_u32(len, optlen)) ++ return -TARGET_EFAULT; ++ if(len < sizeof(struct target_timeval)) ++ return -TARGET_EINVAL; ++ struct timeval tval; ++ len=sizeof(tval); ++ ++ ret = get_errno(getsockopt(sockfd, level, optname, &tval, &len)); ++ copy_to_user_timeval(optval_addr,&tval); ++ if (put_user_u32(optlen, sizeof(struct target_timeval))) ++ return -TARGET_EFAULT; ++ } ++ break; ++ + case TARGET_SO_PEERNAME: + /* These don't just return a single integer */ + goto unimplemented; ++ case TARGET_SO_PEERCRED: { ++ struct ucred caller; ++ socklen_t optlen = sizeof (caller); ++ ret = get_errno(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, ++ &caller, &optlen)); ++ ++ if (optlen != 0 && optval_addr != 0) { ++ if (put_user_u32(optval_addr + 0, caller.pid)) ++ return -TARGET_EFAULT; ++ if (put_user_u32(optval_addr + 4, caller.uid)) ++ return -TARGET_EFAULT; ++ if (put_user_u32(optval_addr + 8, caller.gid)) ++ return -TARGET_EFAULT; ++ } ++ } ++ break; ++ + default: + goto int_case; + } +@@ -1171,16 +1267,23 @@ + void *addr; + abi_long ret; + +- if (get_user_u32(addrlen, target_addrlen_addr)) +- return -TARGET_EFAULT; +- +- addr = alloca(addrlen); ++ if (target_addrlen_addr != (target_ulong)NULL && ++ target_addr != (target_ulong)NULL) { ++ if (get_user_u32(addrlen, target_addrlen_addr)) ++ return -TARGET_EFAULT; ++ addr = alloca(addrlen); ++ ret = get_errno(accept(fd, addr, &addrlen)); ++ } else { ++ ret = get_errno(accept(fd, NULL, NULL)); ++ return ret; ++ } + +- ret = get_errno(accept(fd, addr, &addrlen)); + if (!is_error(ret)) { +- host_to_target_sockaddr(target_addr, addr, addrlen); +- if (put_user_u32(addrlen, target_addrlen_addr)) +- ret = -TARGET_EFAULT; ++ if (target_addr != (target_ulong)NULL) ++ host_to_target_sockaddr(target_addr, addr, addrlen); ++ if (target_addrlen_addr != (target_ulong)NULL) ++ if (put_user_u32(addrlen, target_addrlen_addr)) ++ ret = -TARGET_EFAULT; + } + return ret; + } +Index: linux-user/syscall_defs.h +=================================================================== +--- linux-user/syscall_defs.h.orig 2008-01-06 20:38:42.000000000 +0100 ++++ linux-user/syscall_defs.h 2008-04-14 11:26:14.000000000 +0200 +@@ -114,6 +114,11 @@ + abi_long tv_nsec; + }; + ++struct target_linger { ++ target_long l_onoff; ++ target_long l_linger; ++}; ++ + struct target_itimerval { + struct target_timeval it_interval; + struct target_timeval it_value; --- qemu-0.9.1.orig/debian/patches/63_sparc_build.patch +++ qemu-0.9.1/debian/patches/63_sparc_build.patch @@ -0,0 +1,13 @@ +Index: sparc.ld +=================================================================== +--- sparc.ld.orig 2008-01-06 20:38:42.000000000 +0100 ++++ sparc.ld 2008-04-14 11:26:14.000000000 +0200 +@@ -6,7 +6,7 @@ + SECTIONS + { + /* Read-only sections, merged into text segment: */ +- . = 0x60000000 + SIZEOF_HEADERS; ++ . = 0x60000000 + 0x400; + .interp : { *(.interp) } + .hash : { *(.hash) } + .dynsym : { *(.dynsym) } --- qemu-0.9.1.orig/debian/patches/32_syscall_sysctl.patch +++ qemu-0.9.1/debian/patches/32_syscall_sysctl.patch @@ -0,0 +1,50 @@ +Index: linux-user/syscall.c +=================================================================== +--- linux-user/syscall.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/syscall.c 2008-04-14 11:27:37.000000000 +0200 +@@ -54,6 +54,7 @@ + //#include + #include + #include ++#include + + #define termios host_termios + #define winsize host_winsize +@@ -4856,9 +4857,34 @@ + break; + #endif + case TARGET_NR__sysctl: +- /* We don't implement this, but ENOTDIR is always a safe +- return value. */ +- ret = -TARGET_ENOTDIR; ++ { ++ struct __sysctl_args *args = (struct __sysctl_args *) arg1; ++ int *name_target, *name, nlen, *oldlenp, oldlen, newlen, i; ++ void *oldval, *newval; ++ ++ name_target = (int *) tswapl((long) args->name); ++ nlen = tswapl(args->nlen); ++ oldval = (void *) tswapl((long) args->oldval); ++ oldlenp = (int *) tswapl((long) args->oldlenp); ++ oldlen = tswapl(*oldlenp); ++ newval = (void *) tswapl((long) args->newval); ++ newlen = tswapl(args->newlen); ++ ++ name = alloca(nlen * sizeof (int)); ++ for (i = 0; i < nlen; i++) ++ name[i] = tswapl(name_target[i]); ++ ++ if (nlen == 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION) { ++ ret = get_errno( ++ sysctl(name, nlen, oldval, &oldlen, newval, newlen)); ++ if (!is_error(ret)) { ++ *oldlenp = tswapl(oldlen); ++ } ++ } else { ++ gemu_log("qemu: Unsupported sysctl name\n"); ++ ret = -ENOSYS; ++ } ++ } + break; + case TARGET_NR_sched_setparam: + { --- qemu-0.9.1.orig/debian/patches/42_arm_tls.patch +++ qemu-0.9.1/debian/patches/42_arm_tls.patch @@ -0,0 +1,831 @@ +Index: qemu-0.9.1/configure +=================================================================== +--- qemu-0.9.1.orig/configure 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/configure 2008-04-14 11:27:20.000000000 +0200 +@@ -105,6 +105,7 @@ + darwin_user="no" + build_docs="no" + uname_release="" ++nptl="yes" + + # OS specific + targetos=`uname -s` +@@ -318,6 +319,8 @@ + ;; + *) echo "ERROR: unknown option $opt"; show_help="yes" + ;; ++ --disable-nptl) nptl="no" ++ ;; + esac + done + +@@ -413,6 +416,7 @@ + echo " --disable-linux-user disable all linux usermode emulation targets" + echo " --enable-darwin-user enable all darwin usermode emulation targets" + echo " --disable-darwin-user disable all darwin usermode emulation targets" ++echo " --disable-nptl disable usermode NPTL guest support" + echo " --fmod-lib path to FMOD library" + echo " --fmod-inc path to FMOD includes" + echo " --enable-uname-release=R Return R for uname -r in usermode emulation" +@@ -579,6 +583,23 @@ + } + EOF + ++# check NPTL support ++cat > $TMPC < ++void foo() ++{ ++#ifndef CLONE_SETTLS ++#error bork ++#endif ++} ++EOF ++ ++if $cc -c -o $TMPO $TMPC 2> /dev/null ; then ++ : ++else ++ nptl="no" ++fi ++ + ########################################## + # SDL probe + +@@ -743,6 +764,7 @@ + echo "Documentation $build_docs" + [ ! -z "$uname_release" ] && \ + echo "uname -r $uname_release" ++echo "NPTL support $nptl" + + if test $sdl_too_old = "yes"; then + echo "-> Your SDL version is too old - please upgrade to have SDL support" +@@ -947,6 +969,14 @@ + else + echo "SDL_CFLAGS=`$sdl_config --cflags`" >> $config_mak + fi ++else ++ if test "$nptl" = "yes" ; then ++ case "$target_cpu" in ++ arm | armeb) ++ echo "#define USE_NPTL 1" >> $config_h ++ ;; ++ esac ++ fi + fi + if test "$cocoa" = "yes" ; then + echo "#define CONFIG_COCOA 1" >> $config_h +Index: qemu-0.9.1/exec-all.h +=================================================================== +--- qemu-0.9.1.orig/exec-all.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/exec-all.h 2008-04-14 11:26:14.000000000 +0200 +@@ -340,170 +340,7 @@ + extern CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4]; + extern void *io_mem_opaque[IO_MEM_NB_ENTRIES]; + +-#if defined(__powerpc__) +-static inline int testandset (int *p) +-{ +- int ret; +- __asm__ __volatile__ ( +- "0: lwarx %0,0,%1\n" +- " xor. %0,%3,%0\n" +- " bne 1f\n" +- " stwcx. %2,0,%1\n" +- " bne- 0b\n" +- "1: " +- : "=&r" (ret) +- : "r" (p), "r" (1), "r" (0) +- : "cr0", "memory"); +- return ret; +-} +-#elif defined(__i386__) +-static inline int testandset (int *p) +-{ +- long int readval = 0; +- +- __asm__ __volatile__ ("lock; cmpxchgl %2, %0" +- : "+m" (*p), "+a" (readval) +- : "r" (1) +- : "cc"); +- return readval; +-} +-#elif defined(__x86_64__) +-static inline int testandset (int *p) +-{ +- long int readval = 0; +- +- __asm__ __volatile__ ("lock; cmpxchgl %2, %0" +- : "+m" (*p), "+a" (readval) +- : "r" (1) +- : "cc"); +- return readval; +-} +-#elif defined(__s390__) +-static inline int testandset (int *p) +-{ +- int ret; +- +- __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n" +- " jl 0b" +- : "=&d" (ret) +- : "r" (1), "a" (p), "0" (*p) +- : "cc", "memory" ); +- return ret; +-} +-#elif defined(__alpha__) +-static inline int testandset (int *p) +-{ +- int ret; +- unsigned long one; +- +- __asm__ __volatile__ ("0: mov 1,%2\n" +- " ldl_l %0,%1\n" +- " stl_c %2,%1\n" +- " beq %2,1f\n" +- ".subsection 2\n" +- "1: br 0b\n" +- ".previous" +- : "=r" (ret), "=m" (*p), "=r" (one) +- : "m" (*p)); +- return ret; +-} +-#elif defined(__sparc__) +-static inline int testandset (int *p) +-{ +- int ret; +- +- __asm__ __volatile__("ldstub [%1], %0" +- : "=r" (ret) +- : "r" (p) +- : "memory"); +- +- return (ret ? 1 : 0); +-} +-#elif defined(__arm__) +-static inline int testandset (int *spinlock) +-{ +- register unsigned int ret; +- __asm__ __volatile__("swp %0, %1, [%2]" +- : "=r"(ret) +- : "0"(1), "r"(spinlock)); +- +- return ret; +-} +-#elif defined(__mc68000) +-static inline int testandset (int *p) +-{ +- char ret; +- __asm__ __volatile__("tas %1; sne %0" +- : "=r" (ret) +- : "m" (p) +- : "cc","memory"); +- return ret; +-} +-#elif defined(__ia64) +- +-#include +- +-static inline int testandset (int *p) +-{ +- return __sync_lock_test_and_set (p, 1); +-} +-#elif defined(__mips__) +-static inline int testandset (int *p) +-{ +- int ret; +- +- __asm__ __volatile__ ( +- " .set push \n" +- " .set noat \n" +- " .set mips2 \n" +- "1: li $1, 1 \n" +- " ll %0, %1 \n" +- " sc $1, %1 \n" +- " beqz $1, 1b \n" +- " .set pop " +- : "=r" (ret), "+R" (*p) +- : +- : "memory"); +- +- return ret; +-} +-#else +-#error unimplemented CPU support +-#endif +- +-typedef int spinlock_t; +- +-#define SPIN_LOCK_UNLOCKED 0 +- +-#if defined(CONFIG_USER_ONLY) +-static inline void spin_lock(spinlock_t *lock) +-{ +- while (testandset(lock)); +-} +- +-static inline void spin_unlock(spinlock_t *lock) +-{ +- *lock = 0; +-} +- +-static inline int spin_trylock(spinlock_t *lock) +-{ +- return !testandset(lock); +-} +-#else +-static inline void spin_lock(spinlock_t *lock) +-{ +-} +- +-static inline void spin_unlock(spinlock_t *lock) +-{ +-} +- +-static inline int spin_trylock(spinlock_t *lock) +-{ +- return 1; +-} +-#endif ++#include "spinlock.h" + + extern spinlock_t tb_lock; + +Index: qemu-0.9.1/linux-user/arm/syscall.h +=================================================================== +--- qemu-0.9.1.orig/linux-user/arm/syscall.h 2008-01-06 20:38:43.000000000 +0100 ++++ qemu-0.9.1/linux-user/arm/syscall.h 2008-04-14 11:26:14.000000000 +0200 +@@ -28,7 +28,9 @@ + #define ARM_SYSCALL_BASE 0x900000 + #define ARM_THUMB_SYSCALL 0 + +-#define ARM_NR_cacheflush (ARM_SYSCALL_BASE + 0xf0000 + 2) ++#define ARM_NR_BASE 0xf0000 ++#define ARM_NR_cacheflush (ARM_NR_BASE + 2) ++#define ARM_NR_set_tls (ARM_NR_BASE + 5) + + #define ARM_NR_semihosting 0x123456 + #define ARM_NR_thumb_semihosting 0xAB +Index: qemu-0.9.1/linux-user/main.c +=================================================================== +--- qemu-0.9.1.orig/linux-user/main.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/main.c 2008-04-14 11:26:14.000000000 +0200 +@@ -363,6 +363,50 @@ + } + } + ++/* Handle a jump to the kernel code page. */ ++static int ++do_kernel_trap(CPUARMState *env) ++{ ++ uint32_t addr; ++ uint32_t *ptr; ++ uint32_t cpsr; ++ ++ switch (env->regs[15]) { ++ case 0xffff0fc0: /* __kernel_cmpxchg */ ++ /* XXX: This only works between threads, not between processes. ++ Use native atomic operations. */ ++ /* ??? This probably breaks horribly if the access segfaults. */ ++ cpu_lock(); ++ ptr = (uint32_t *)env->regs[2]; ++ cpsr = cpsr_read(env); ++ if (*ptr == env->regs[0]) { ++ *ptr = env->regs[1]; ++ env->regs[0] = 0; ++ cpsr |= CPSR_C; ++ } else { ++ env->regs[0] = -1; ++ cpsr &= ~CPSR_C; ++ } ++ cpsr_write(env, cpsr, CPSR_C); ++ cpu_unlock(); ++ break; ++ case 0xffff0fe0: /* __kernel_get_tls */ ++ env->regs[0] = env->cp15.c13_tls2; ++ break; ++ default: ++ return 1; ++ } ++ /* Jump back to the caller. */ ++ addr = env->regs[14]; ++ if (addr & 1) { ++ env->thumb = 1; ++ addr &= ~1; ++ } ++ env->regs[15] = addr; ++ ++ return 0; ++} ++ + void cpu_loop(CPUARMState *env) + { + int trapnr; +@@ -473,10 +517,8 @@ + } + } + +- if (n == ARM_NR_cacheflush) { +- arm_cache_flush(env->regs[0], env->regs[1]); +- } else if (n == ARM_NR_semihosting +- || n == ARM_NR_thumb_semihosting) { ++ if (n == ARM_NR_semihosting ++ || n == ARM_NR_thumb_semihosting) { + env->regs[0] = do_arm_semihosting (env); + } else if (n == 0 || n >= ARM_SYSCALL_BASE + || (env->thumb && n == ARM_THUMB_SYSCALL)) { +@@ -487,14 +529,35 @@ + n -= ARM_SYSCALL_BASE; + env->eabi = 0; + } +- env->regs[0] = do_syscall(env, +- n, +- env->regs[0], +- env->regs[1], +- env->regs[2], +- env->regs[3], +- env->regs[4], +- env->regs[5]); ++ if (n > ARM_NR_BASE) { ++ switch (n) ++ { ++ case ARM_NR_cacheflush: ++ arm_cache_flush(env->regs[0], env->regs[1]); ++ break; ++#ifdef USE_NPTL ++ case ARM_NR_set_tls: ++ cpu_set_tls(env, env->regs[0]); ++ env->regs[0] = 0; ++ break; ++#endif ++ default: ++ printf ("Error: Bad syscall: %x\n", n); ++ env->regs[0] = -ENOSYS; ++ goto error; ++ } ++ } ++ else ++ { ++ env->regs[0] = do_syscall(env, ++ n, ++ env->regs[0], ++ env->regs[1], ++ env->regs[2], ++ env->regs[3], ++ env->regs[4], ++ env->regs[5]); ++ } + } else { + goto error; + } +@@ -533,6 +596,10 @@ + } + } + break; ++ case EXCP_KERNEL_TRAP: ++ if (do_kernel_trap(env)) ++ goto error; ++ break; + default: + error: + fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", +@@ -2398,6 +2465,10 @@ + ts->heap_base = info->brk; + /* This will be filled in on the first SYS_HEAPINFO call. */ + ts->heap_limit = 0; ++ /* Register the magic kernel code page. The cpu will generate a ++ special exception when it tries to execute code here. We can't ++ put real code here because it may be in use by the host kernel. */ ++ page_set_flags(0xffff0000, 0xffff0fff, 0); + #endif + + if (gdbstub_port) { +Index: qemu-0.9.1/linux-user/qemu.h +=================================================================== +--- qemu-0.9.1.orig/linux-user/qemu.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/linux-user/qemu.h 2008-04-14 11:26:14.000000000 +0200 +@@ -109,6 +109,9 @@ + #endif + int used; /* non zero if used */ + struct image_info *info; ++#ifdef USE_NPTL ++ uint32_t *child_tidptr; ++#endif + uint8_t stack[0]; + } __attribute__((aligned(16))) TaskState; + +Index: qemu-0.9.1/linux-user/syscall.c +=================================================================== +--- qemu-0.9.1.orig/linux-user/syscall.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/syscall.c 2008-04-14 11:27:21.000000000 +0200 +@@ -74,9 +74,18 @@ + #include + + #include "qemu.h" ++#include "spinlock.h" + + //#define DEBUG + ++#ifdef USE_NPTL ++#define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \ ++ CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID) ++#else ++/* XXX: Hardcode the above values. */ ++#define CLONE_NPTL_FLAGS2 0 ++#endif ++ + #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \ + || defined(TARGET_M68K) || defined(TARGET_SH4) || defined(TARGET_CRIS) + /* 16 bit uid wrappers emulation */ +@@ -2807,9 +2816,19 @@ + thread/process */ + #define NEW_STACK_SIZE 8192 + ++#ifdef USE_NPTL ++static spinlock_t nptl_lock = SPIN_LOCK_UNLOCKED; ++#endif ++ + static int clone_func(void *arg) + { + CPUState *env = arg; ++#ifdef HAVE_NPTL ++ /* Wait until the parent has finshed initializing the tls state. */ ++ while (!spin_trylock(&nptl_lock)) ++ usleep(1); ++ spin_unlock(&nptl_lock); ++#endif + cpu_loop(env); + /* never exits */ + return 0; +@@ -2817,12 +2836,20 @@ + + /* do_fork() Must return host values and target errnos (unlike most + do_*() functions). */ +-int do_fork(CPUState *env, unsigned int flags, abi_ulong newsp) ++int do_fork(CPUState *env, unsigned int flags, unsigned long newsp, ++ uint32_t *parent_tidptr, void *newtls, ++ uint32_t *child_tidptr) + { + int ret; + TaskState *ts; + uint8_t *new_stack; + CPUState *new_env; ++#ifdef USE_NPTL ++ unsigned int nptl_flags; ++ ++ if (flags & CLONE_PARENT_SETTID) ++ *parent_tidptr = gettid(); ++#endif + + if (flags & CLONE_VM) { + ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE); +@@ -2889,16 +2916,64 @@ + #error unsupported target CPU + #endif + new_env->opaque = ts; ++#ifdef USE_NPTL ++ nptl_flags = flags; ++ flags &= ~CLONE_NPTL_FLAGS2; ++ ++ if (nptl_flags & CLONE_CHILD_CLEARTID) { ++ ts->child_tidptr = child_tidptr; ++ } ++ ++ if (nptl_flags & CLONE_SETTLS) ++ cpu_set_tls (new_env, newtls); ++ ++ /* Grab the global cpu lock so that the thread setup appears ++ atomic. */ ++ if (nptl_flags & CLONE_CHILD_SETTID) ++ spin_lock(&nptl_lock); ++ ++#else ++ if (flags & CLONE_NPTL_FLAGS2) ++ return -EINVAL; ++#endif + #ifdef __ia64__ + ret = __clone2(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env); + #else + ret = clone(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env); + #endif ++#ifdef USE_NPTL ++ if (ret != -1) { ++ if (nptl_flags & CLONE_CHILD_SETTID) ++ *child_tidptr = ret; ++ } ++ ++ /* Allow the child to continue. */ ++ if (nptl_flags & CLONE_CHILD_SETTID) ++ spin_unlock(&nptl_lock); ++#endif + } else { + /* if no CLONE_VM, we consider it is a fork */ +- if ((flags & ~CSIGNAL) != 0) ++ if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0) + return -EINVAL; + ret = fork(); ++#ifdef USE_NPTL ++ /* There is a race condition here. The parent process could ++ theoretically read the TID in the child process before the child ++ tid is set. This would require using either ptrace ++ (not implemented) or having *_tidptr to point at a shared memory ++ mapping. We can't repeat the spinlock hack used above because ++ the child process gets its own copy of the lock. */ ++ if (ret == 0) { ++ /* Child Process. */ ++ if (flags & CLONE_CHILD_SETTID) ++ *child_tidptr = gettid(); ++ ts = (TaskState *)env->opaque; ++ if (flags & CLONE_CHILD_CLEARTID) ++ ts->child_tidptr = child_tidptr; ++ if (flags & CLONE_SETTLS) ++ cpu_set_tls (env, newtls); ++ } ++#endif + } + return ret; + } +@@ -3223,7 +3298,7 @@ + ret = do_brk(arg1); + break; + case TARGET_NR_fork: +- ret = get_errno(do_fork(cpu_env, SIGCHLD, 0)); ++ ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, NULL, NULL, NULL)); + break; + #ifdef TARGET_NR_waitpid + case TARGET_NR_waitpid: +@@ -4586,7 +4661,8 @@ + ret = get_errno(fsync(arg1)); + break; + case TARGET_NR_clone: +- ret = get_errno(do_fork(cpu_env, arg1, arg2)); ++ ret = get_errno(do_fork(cpu_env, arg1, arg2, (uint32_t *)arg3, ++ (void *)arg4, (uint32_t *)arg5)); + break; + #ifdef __NR_exit_group + /* new thread calls */ +@@ -5031,7 +5107,8 @@ + #endif + #ifdef TARGET_NR_vfork + case TARGET_NR_vfork: +- ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0)); ++ ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0, ++ NULL, NULL, NULL)); + break; + #endif + #ifdef TARGET_NR_ugetrlimit +Index: qemu-0.9.1/spinlock.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/spinlock.h 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,188 @@ ++/* ++ * Atomic operation helper include ++ * ++ * Copyright (c) 2005 Fabrice Bellard ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++#ifndef SPINLOCK_H ++#define SPINLOCK_H ++ ++#if defined(__powerpc__) ++static inline int testandset (int *p) ++{ ++ int ret; ++ __asm__ __volatile__ ( ++ "0: lwarx %0,0,%1\n" ++ " xor. %0,%3,%0\n" ++ " bne 1f\n" ++ " stwcx. %2,0,%1\n" ++ " bne- 0b\n" ++ "1: " ++ : "=&r" (ret) ++ : "r" (p), "r" (1), "r" (0) ++ : "cr0", "memory"); ++ return ret; ++} ++#elif defined(__i386__) ++static inline int testandset (int *p) ++{ ++ long int readval = 0; ++ ++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0" ++ : "+m" (*p), "+a" (readval) ++ : "r" (1) ++ : "cc"); ++ return readval; ++} ++#elif defined(__x86_64__) ++static inline int testandset (int *p) ++{ ++ long int readval = 0; ++ ++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0" ++ : "+m" (*p), "+a" (readval) ++ : "r" (1) ++ : "cc"); ++ return readval; ++} ++#elif defined(__s390__) ++static inline int testandset (int *p) ++{ ++ int ret; ++ ++ __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n" ++ " jl 0b" ++ : "=&d" (ret) ++ : "r" (1), "a" (p), "0" (*p) ++ : "cc", "memory" ); ++ return ret; ++} ++#elif defined(__alpha__) ++static inline int testandset (int *p) ++{ ++ int ret; ++ unsigned long one; ++ ++ __asm__ __volatile__ ("0: mov 1,%2\n" ++ " ldl_l %0,%1\n" ++ " stl_c %2,%1\n" ++ " beq %2,1f\n" ++ ".subsection 2\n" ++ "1: br 0b\n" ++ ".previous" ++ : "=r" (ret), "=m" (*p), "=r" (one) ++ : "m" (*p)); ++ return ret; ++} ++#elif defined(__sparc__) ++static inline int testandset (int *p) ++{ ++ int ret; ++ ++ __asm__ __volatile__("ldstub [%1], %0" ++ : "=r" (ret) ++ : "r" (p) ++ : "memory"); ++ ++ return (ret ? 1 : 0); ++} ++#elif defined(__arm__) ++static inline int testandset (int *spinlock) ++{ ++ register unsigned int ret; ++ __asm__ __volatile__("swp %0, %1, [%2]" ++ : "=r"(ret) ++ : "0"(1), "r"(spinlock)); ++ ++ return ret; ++} ++#elif defined(__mc68000) ++static inline int testandset (int *p) ++{ ++ char ret; ++ __asm__ __volatile__("tas %1; sne %0" ++ : "=r" (ret) ++ : "m" (p) ++ : "cc","memory"); ++ return ret; ++} ++#elif defined(__ia64) ++ ++#include ++ ++static inline int testandset (int *p) ++{ ++ return __sync_lock_test_and_set (p, 1); ++} ++#elif defined(__mips__) ++static inline int testandset (int *p) ++{ ++ int ret; ++ ++ __asm__ __volatile__ ( ++ " .set push \n" ++ " .set noat \n" ++ " .set mips2 \n" ++ "1: li $1, 1 \n" ++ " ll %0, %1 \n" ++ " sc $1, %1 \n" ++ " beqz $1, 1b \n" ++ " .set pop " ++ : "=r" (ret), "+R" (*p) ++ : ++ : "memory"); ++ ++ return ret; ++} ++#else ++#error unimplemented CPU support ++#endif ++ ++typedef int spinlock_t; ++ ++#define SPIN_LOCK_UNLOCKED 0 ++ ++#if defined(CONFIG_USER_ONLY) ++static inline void spin_lock(spinlock_t *lock) ++{ ++ while (testandset(lock)); ++} ++ ++static inline void spin_unlock(spinlock_t *lock) ++{ ++ *lock = 0; ++} ++ ++static inline int spin_trylock(spinlock_t *lock) ++{ ++ return !testandset(lock); ++} ++#else ++static inline void spin_lock(spinlock_t *lock) ++{ ++} ++ ++static inline void spin_unlock(spinlock_t *lock) ++{ ++} ++ ++static inline int spin_trylock(spinlock_t *lock) ++{ ++ return 1; ++} ++#endif ++ ++#endif +Index: qemu-0.9.1/target-arm/cpu.h +=================================================================== +--- qemu-0.9.1.orig/target-arm/cpu.h 2008-01-06 20:38:44.000000000 +0100 ++++ qemu-0.9.1/target-arm/cpu.h 2008-04-14 11:26:14.000000000 +0200 +@@ -38,6 +38,7 @@ + #define EXCP_FIQ 6 + #define EXCP_BKPT 7 + #define EXCP_EXCEPTION_EXIT 8 /* Return from v7M exception. */ ++#define EXCP_KERNEL_TRAP 9 /* Jumped to kernel code page. */ + + #define ARMV7M_EXCP_RESET 1 + #define ARMV7M_EXCP_NMI 2 +@@ -222,6 +223,15 @@ + void cpu_lock(void); + void cpu_unlock(void); + ++void cpu_lock(void); ++void cpu_unlock(void); ++#if defined(USE_NPTL) ++static inline void cpu_set_tls(CPUARMState *env, void *newtls) ++{ ++ env->cp15.c13_tls2 = (uint32_t)(long)newtls; ++} ++#endif ++ + #define CPSR_M (0x1f) + #define CPSR_T (1 << 5) + #define CPSR_F (1 << 6) +Index: qemu-0.9.1/target-arm/op.c +=================================================================== +--- qemu-0.9.1.orig/target-arm/op.c 2008-01-06 20:38:44.000000000 +0100 ++++ qemu-0.9.1/target-arm/op.c 2008-04-14 11:26:14.000000000 +0200 +@@ -1009,6 +1009,12 @@ + cpu_loop_exit(); + } + ++void OPPROTO op_kernel_trap(void) ++{ ++ env->exception_index = EXCP_KERNEL_TRAP; ++ cpu_loop_exit(); ++} ++ + /* VFP support. We follow the convention used for VFP instrunctions: + Single precition routines have a "s" suffix, double precision a + "d" suffix. */ +Index: qemu-0.9.1/target-arm/translate.c +=================================================================== +--- qemu-0.9.1.orig/target-arm/translate.c 2008-01-06 20:38:44.000000000 +0100 ++++ qemu-0.9.1/target-arm/translate.c 2008-04-14 11:26:14.000000000 +0200 +@@ -7519,6 +7519,13 @@ + conditional execution block. */ + gen_op_exception_exit(); + } ++#else ++ /* Intercept jump to the magic kernel page. */ ++ if (dc->pc > 0xffff0000) { ++ gen_op_kernel_trap(); ++ dc->is_jmp = DISAS_UPDATE; ++ break; ++ } + #endif + + if (env->nb_breakpoints > 0) { --- qemu-0.9.1.orig/debian/patches/43_arm_cpustate.patch +++ qemu-0.9.1/debian/patches/43_arm_cpustate.patch @@ -0,0 +1,35 @@ +Index: qemu-0.9.1/exec.c +=================================================================== +--- qemu-0.9.1.orig/exec.c 2008-01-28 02:21:46.000000000 +0100 ++++ qemu-0.9.1/exec.c 2008-01-28 02:22:17.000000000 +0100 +@@ -308,24 +308,18 @@ + + void cpu_exec_init(CPUState *env) + { +- CPUState **penv; +- int cpu_index; +- + if (!code_gen_ptr) { + code_gen_ptr = code_gen_buffer; + page_init(); + io_mem_init(); + } +- env->next_cpu = NULL; +- penv = &first_cpu; +- cpu_index = 0; +- while (*penv != NULL) { +- penv = (CPUState **)&(*penv)->next_cpu; +- cpu_index++; +- } +- env->cpu_index = cpu_index; ++ ++ if (first_cpu) ++ env->cpu_index = first_cpu->cpu_index + 1; ++ ++ env->next_cpu = first_cpu; + env->nb_watchpoints = 0; +- *penv = env; ++ first_cpu = env; + } + + static inline void invalidate_page_bitmap(PageDesc *p) --- qemu-0.9.1.orig/debian/patches/90_security.patch +++ qemu-0.9.1/debian/patches/90_security.patch @@ -0,0 +1,331 @@ +Index: qemu-0.9.1/block.c +=================================================================== +--- qemu-0.9.1.orig/block.c 2008-04-14 11:26:13.000000000 +0200 ++++ qemu-0.9.1/block.c 2008-04-14 11:26:14.000000000 +0200 +@@ -549,13 +549,21 @@ + return -ENOMEDIUM; + if (bs->read_only) + return -EACCES; ++ if (sector_num < 0) ++ return -EINVAL; + if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) { + memcpy(bs->boot_sector_data, buf, 512); + } + if (drv->bdrv_pwrite) { + int ret, len; ++ int64_t ns; ++ + len = nb_sectors * 512; +- ret = drv->bdrv_pwrite(bs, sector_num * 512, buf, len); ++ ns = sector_num * 512; ++ if (ns < 0) ++ return -EINVAL; ++ ++ ret = drv->bdrv_pwrite(bs, ns, buf, len); + if (ret < 0) + return ret; + else if (ret != len) +Index: qemu-0.9.1/hw/cirrus_vga.c +=================================================================== +--- qemu-0.9.1.orig/hw/cirrus_vga.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/hw/cirrus_vga.c 2008-04-14 11:26:15.000000000 +0200 +@@ -220,6 +220,20 @@ + #define CIRRUS_HOOK_NOT_HANDLED 0 + #define CIRRUS_HOOK_HANDLED 1 + ++#define BLTUNSAFE(s) \ ++ ( \ ++ ( /* check dst is within bounds */ \ ++ (s)->cirrus_blt_height * (s)->cirrus_blt_dstpitch \ ++ + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \ ++ (s)->vram_size \ ++ ) || \ ++ ( /* check src is within bounds */ \ ++ (s)->cirrus_blt_height * (s)->cirrus_blt_srcpitch \ ++ + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \ ++ (s)->vram_size \ ++ ) \ ++ ) ++ + struct CirrusVGAState; + typedef void (*cirrus_bitblt_rop_t) (struct CirrusVGAState *s, + uint8_t * dst, const uint8_t * src, +@@ -639,7 +653,7 @@ + + for (y = 0; y < lines; y++) { + off_cur = off_begin; +- off_cur_end = off_cur + bytesperline; ++ off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask; + off_cur &= TARGET_PAGE_MASK; + while (off_cur < off_cur_end) { + cpu_physical_memory_set_dirty(s->vram_offset + off_cur); +@@ -654,7 +668,11 @@ + { + uint8_t *dst; + +- dst = s->vram_ptr + s->cirrus_blt_dstaddr; ++ dst = s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask); ++ ++ if (BLTUNSAFE(s)) ++ return 0; ++ + (*s->cirrus_rop) (s, dst, src, + s->cirrus_blt_dstpitch, 0, + s->cirrus_blt_width, s->cirrus_blt_height); +@@ -670,8 +688,10 @@ + { + cirrus_fill_t rop_func; + ++ if (BLTUNSAFE(s)) ++ return 0; + rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; +- rop_func(s, s->vram_ptr + s->cirrus_blt_dstaddr, ++ rop_func(s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), + s->cirrus_blt_dstpitch, + s->cirrus_blt_width, s->cirrus_blt_height); + cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, +@@ -690,8 +710,8 @@ + static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s) + { + return cirrus_bitblt_common_patterncopy(s, +- s->vram_ptr + +- (s->cirrus_blt_srcaddr & ~7)); ++ s->vram_ptr + ((s->cirrus_blt_srcaddr & ~7) & ++ s->cirrus_addr_mask)); + } + + static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) +@@ -741,8 +761,10 @@ + if (notify) + vga_hw_update(); + +- (*s->cirrus_rop) (s, s->vram_ptr + s->cirrus_blt_dstaddr, +- s->vram_ptr + s->cirrus_blt_srcaddr, ++ (*s->cirrus_rop) (s, s->vram_ptr + ++ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), ++ s->vram_ptr + ++ (s->cirrus_blt_srcaddr & s->cirrus_addr_mask), + s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, + s->cirrus_blt_width, s->cirrus_blt_height); + +@@ -768,8 +790,14 @@ + s->cirrus_blt_srcaddr - s->start_addr, + s->cirrus_blt_width, s->cirrus_blt_height); + } else { +- (*s->cirrus_rop) (s, s->vram_ptr + s->cirrus_blt_dstaddr, +- s->vram_ptr + s->cirrus_blt_srcaddr, ++ ++ if (BLTUNSAFE(s)) ++ return 0; ++ ++ (*s->cirrus_rop) (s, s->vram_ptr + ++ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), ++ s->vram_ptr + ++ (s->cirrus_blt_srcaddr & s->cirrus_addr_mask), + s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, + s->cirrus_blt_width, s->cirrus_blt_height); + +@@ -801,8 +829,9 @@ + } else { + /* at least one scan line */ + do { +- (*s->cirrus_rop)(s, s->vram_ptr + s->cirrus_blt_dstaddr, +- s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1); ++ (*s->cirrus_rop)(s, s->vram_ptr + ++ (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), ++ s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1); + cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0, + s->cirrus_blt_width, 1); + s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch; +@@ -1920,7 +1949,7 @@ + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vram_ptr + offset; ++ dst = s->vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; +@@ -1943,7 +1972,7 @@ + unsigned val = mem_value; + uint8_t *dst; + +- dst = s->vram_ptr + offset; ++ dst = s->vram_ptr + (offset &= s->cirrus_addr_mask); + for (x = 0; x < 8; x++) { + if (val & 0x80) { + *dst = s->cirrus_shadow_gr1; +Index: qemu-0.9.1/hw/cirrus_vga_rop.h +=================================================================== +--- qemu-0.9.1.orig/hw/cirrus_vga_rop.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/cirrus_vga_rop.h 2008-04-14 11:26:15.000000000 +0200 +@@ -31,6 +31,12 @@ + int x,y; + dstpitch -= bltwidth; + srcpitch -= bltwidth; ++ ++ if (dstpitch < 0 || srcpitch < 0) { ++ /* is 0 valid? srcpitch == 0 could be useful */ ++ return; ++ } ++ + for (y = 0; y < bltheight; y++) { + for (x = 0; x < bltwidth; x++) { + ROP_OP(*dst, *src); +Index: qemu-0.9.1/hw/dma.c +=================================================================== +--- qemu-0.9.1.orig/hw/dma.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/dma.c 2008-04-14 11:26:15.000000000 +0200 +@@ -341,9 +341,11 @@ + #endif + + r = dma_controllers[ncont].regs + ichan; +- n = r->transfer_handler (r->opaque, ichan + (ncont << 2), +- r->now[COUNT], (r->base[COUNT] + 1) << ncont); +- r->now[COUNT] = n; ++ if (r->transfer_handler) { ++ n = r->transfer_handler (r->opaque, ichan + (ncont << 2), ++ r->now[COUNT], (r->base[COUNT] + 1) << ncont); ++ r->now[COUNT] = n; ++ } + ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont); + } + +Index: qemu-0.9.1/hw/fdc.c +=================================================================== +--- qemu-0.9.1.orig/hw/fdc.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/fdc.c 2008-04-14 11:26:15.000000000 +0200 +@@ -1247,7 +1247,13 @@ + len = fdctrl->data_len - fdctrl->data_pos; + if (len > FD_SECTOR_LEN) + len = FD_SECTOR_LEN; +- bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1); ++ if (cur_drv->bs) { ++ bdrv_read(cur_drv->bs, fd_sector(cur_drv), ++ fdctrl->fifo, 1); ++ } else { ++ FLOPPY_ERROR("can't read data from drive\n"); ++ return 0; ++ } + } + } + retval = fdctrl->fifo[pos]; +Index: qemu-0.9.1/hw/pc.c +=================================================================== +--- qemu-0.9.1.orig/hw/pc.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/hw/pc.c 2008-04-14 11:26:15.000000000 +0200 +@@ -329,7 +329,8 @@ + case 0x400: + case 0x401: + fprintf(stderr, "BIOS panic at rombios.c, line %d\n", val); +- exit(1); ++ /* according to documentation, these can be safely ignored */ ++ break; + case 0x402: + case 0x403: + #ifdef DEBUG_BIOS +@@ -352,8 +353,9 @@ + /* LGPL'ed VGA BIOS messages */ + case 0x501: + case 0x502: ++ /* according to documentation, these can be safely ignored */ + fprintf(stderr, "VGA BIOS panic, line %d\n", val); +- exit(1); ++ break; + case 0x500: + case 0x503: + #ifdef DEBUG_BIOS +Index: qemu-0.9.1/hw/sb16.c +=================================================================== +--- qemu-0.9.1.orig/hw/sb16.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/sb16.c 2008-04-14 11:26:15.000000000 +0200 +@@ -1240,8 +1240,10 @@ + s->block_size); + #endif + +- while (s->left_till_irq <= 0) { +- s->left_till_irq = s->block_size + s->left_till_irq; ++ if (s->block_size) { ++ while (s->left_till_irq <= 0) { ++ s->left_till_irq = s->block_size + s->left_till_irq; ++ } + } + + return dma_pos; +Index: qemu-0.9.1/slirp/slirp.c +=================================================================== +--- qemu-0.9.1.orig/slirp/slirp.c 2008-01-06 20:38:44.000000000 +0100 ++++ qemu-0.9.1/slirp/slirp.c 2008-04-14 11:26:15.000000000 +0200 +@@ -620,6 +620,10 @@ + if (!m) + return; + /* Note: we add to align the IP header */ ++ /* taviso: large values in ne2k TCNT register may exceed msize on transmit */ ++ if (M_FREEROOM(m) < pkt_len + 2) { ++ m_inc(m, pkt_len + 2); ++ } + m->m_len = pkt_len + 2; + memcpy(m->m_data + 2, pkt, pkt_len); + +Index: qemu-0.9.1/target-i386/translate.c +=================================================================== +--- qemu-0.9.1.orig/target-i386/translate.c 2008-01-06 20:38:45.000000000 +0100 ++++ qemu-0.9.1/target-i386/translate.c 2008-04-14 11:26:15.000000000 +0200 +@@ -5510,6 +5510,7 @@ + gen_jmp_im(pc_start - s->cs_base); + gen_op_into(s->pc - pc_start); + break; ++#ifdef WANT_ICEBP + case 0xf1: /* icebp (undocumented, exits to external debugger) */ + if (gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP)) + break; +@@ -5521,6 +5522,7 @@ + cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM); + #endif + break; ++#endif /* icebp */ + case 0xfa: /* cli */ + if (!s->vm86) { + if (s->cpl <= s->iopl) { +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-04-14 11:26:54.000000000 +0200 +@@ -4198,8 +4198,8 @@ + VLANClientState *vc; + int fd; + int state; /* 0 = getting length, 1 = getting data */ +- int index; +- int packet_len; ++ unsigned int index; ++ unsigned int packet_len; + uint8_t buf[4096]; + struct sockaddr_in dgram_dst; /* contains inet host and port destination iff connectionless (SOCK_DGRAM) */ + } NetSocketState; +@@ -4230,7 +4230,8 @@ + static void net_socket_send(void *opaque) + { + NetSocketState *s = opaque; +- int l, size, err; ++ int size, err; ++ unsigned l; + uint8_t buf1[4096]; + const uint8_t *buf; + +@@ -4269,7 +4270,15 @@ + l = s->packet_len - s->index; + if (l > size) + l = size; +- memcpy(s->buf + s->index, buf, l); ++ if (s->index + l <= sizeof(s->buf)) { ++ memcpy(s->buf + s->index, buf, l); ++ } else { ++ fprintf(stderr, "serious error: oversized packet received," ++ "connection terminated.\n"); ++ s->state = 0; ++ goto eoc; ++ } ++ + s->index += l; + buf += l; + size -= l; --- qemu-0.9.1.orig/debian/patches/95_security.patch +++ qemu-0.9.1/debian/patches/95_security.patch @@ -0,0 +1,27 @@ +Properly handle the case of SetPixelEncodings with a length of zero. + +This commit addresses CORE-2008-1210/CVE-2008-2382. + +Signed-off-by: Anthony Liguori + +diff --git a/vnc.c b/vnc.c +index 3a7d762..575fd68 100644 +--- a/vnc.c ++++ b/vnc.c +@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + if (len == 1) + return 4; + +- if (len == 4) +- return 4 + (read_u16(data, 2) * 4); ++ if (len == 4) { ++ limit = read_u16(data, 2); ++ if (limit > 0) ++ return 4 + (limit * 4); ++ } else ++ limit = read_u16(data, 2); + +- limit = read_u16(data, 2); + for (i = 0; i < limit; i++) { + int32_t val = read_s32(data, 4 + (i * 4)); + memcpy(data + 4 + (i * 4), &val, sizeof(val)); --- qemu-0.9.1.orig/debian/patches/83_usb-serial.patch +++ qemu-0.9.1/debian/patches/83_usb-serial.patch @@ -0,0 +1,800 @@ +commit c4ca814904a59f51ae30b64de4c62848f300f17e +Author: balrog +Date: Mon Jan 14 03:41:02 2008 +0000 + + USB-to-serial device (Samuel Thibault). + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@3914 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/Makefile +=================================================================== +--- qemu-0.9.1.orig/Makefile 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/Makefile 2008-04-14 11:27:17.000000000 +0200 +@@ -57,7 +57,7 @@ + OBJS+=ssd0303.o ssd0323.o ads7846.o stellaris_input.o + OBJS+=scsi-disk.o cdrom.o + OBJS+=scsi-generic.o +-OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o ++OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o + OBJS+=sd.o ssi-sd.o + + ifdef CONFIG_WIN32 +Index: qemu-0.9.1/hw/usb-serial.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/hw/usb-serial.c 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,549 @@ ++/* ++ * FTDI FT232BM Device emulation ++ * ++ * Copyright (c) 2006 CodeSourcery. ++ * Copyright (c) 2008 Samuel Thibault ++ * Written by Paul Brook, reused for FTDI by Samuel Thibault ++ * ++ * This code is licenced under the LGPL. ++ */ ++ ++#include "qemu-common.h" ++#include "usb.h" ++#include "qemu-char.h" ++ ++//#define DEBUG_Serial ++ ++#ifdef DEBUG_Serial ++#define DPRINTF(fmt, args...) \ ++do { printf("usb-serial: " fmt , ##args); } while (0) ++#else ++#define DPRINTF(fmt, args...) do {} while(0) ++#endif ++ ++#define RECV_BUF 384 ++#define SEND_BUF 128 // Not used for now ++ ++/* Commands */ ++#define FTDI_RESET 0 ++#define FTDI_SET_MDM_CTRL 1 ++#define FTDI_SET_FLOW_CTRL 2 ++#define FTDI_SET_BAUD 3 ++#define FTDI_SET_DATA 4 ++#define FTDI_GET_MDM_ST 5 ++#define FTDI_SET_EVENT_CHR 6 ++#define FTDI_SET_ERROR_CHR 7 ++#define FTDI_SET_LATENCY 9 ++#define FTDI_GET_LATENCY 10 ++ ++#define DeviceOutVendor ((USB_DIR_OUT|USB_TYPE_VENDOR|USB_RECIP_DEVICE)<<8) ++#define DeviceInVendor ((USB_DIR_IN |USB_TYPE_VENDOR|USB_RECIP_DEVICE)<<8) ++ ++/* RESET */ ++ ++#define FTDI_RESET_SIO 0 ++#define FTDI_RESET_RX 1 ++#define FTDI_RESET_TX 2 ++ ++/* SET_MDM_CTRL */ ++ ++#define FTDI_MDM_CTRL 3 ++#define FTDI_DTR 1 ++#define FTDI_RTS 2 ++ ++/* SET_FLOW_CTRL */ ++ ++#define FTDI_RTS_CTS_HS 1 ++#define FTDI_DTR_DSR_HS 2 ++#define FTDI_XON_XOFF_HS 4 ++ ++/* SET_DATA */ ++ ++#define FTDI_PARITY (0x7 << 8) ++#define FTDI_ODD (0x1 << 8) ++#define FTDI_EVEN (0x2 << 8) ++#define FTDI_MARK (0x3 << 8) ++#define FTDI_SPACE (0x4 << 8) ++ ++#define FTDI_STOP (0x3 << 11) ++#define FTDI_STOP1 (0x0 << 11) ++#define FTDI_STOP15 (0x1 << 11) ++#define FTDI_STOP2 (0x2 << 11) ++ ++/* GET_MDM_ST */ ++/* TODO: should be sent every 40ms */ ++#define FTDI_CTS (1<<4) // CTS line status ++#define FTDI_DSR (1<<5) // DSR line status ++#define FTDI_RI (1<<6) // RI line status ++#define FTDI_RLSD (1<<7) // Receive Line Signal Detect ++ ++/* Status */ ++ ++#define FTDI_DR (1<<0) // Data Ready ++#define FTDI_OE (1<<1) // Overrun Err ++#define FTDI_PE (1<<2) // Parity Err ++#define FTDI_FE (1<<3) // Framing Err ++#define FTDI_BI (1<<4) // Break Interrupt ++#define FTDI_THRE (1<<5) // Transmitter Holding Register ++#define FTDI_TEMT (1<<6) // Transmitter Empty ++#define FTDI_FIFO (1<<7) // Error in FIFO ++ ++typedef struct { ++ USBDevice dev; ++ uint16_t vendorid; ++ uint16_t productid; ++ uint8_t recv_buf[RECV_BUF]; ++ uint8_t recv_ptr; ++ uint8_t recv_used; ++ uint8_t send_buf[SEND_BUF]; ++ uint8_t event_chr; ++ uint8_t error_chr; ++ uint8_t event_trigger; ++ uint8_t lines; ++ QEMUSerialSetParams params; ++ int latency; /* ms */ ++ CharDriverState *cs; ++} USBSerialState; ++ ++static const uint8_t qemu_serial_dev_descriptor[] = { ++ 0x12, /* u8 bLength; */ ++ 0x01, /* u8 bDescriptorType; Device */ ++ 0x00, 0x02, /* u16 bcdUSB; v2.0 */ ++ ++ 0x00, /* u8 bDeviceClass; */ ++ 0x00, /* u8 bDeviceSubClass; */ ++ 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */ ++ 0x08, /* u8 bMaxPacketSize0; 8 Bytes */ ++ ++ /* Vendor and product id are arbitrary. */ ++ 0x03, 0x04, /* u16 idVendor; */ ++ 0x00, 0xFF, /* u16 idProduct; */ ++ 0x00, 0x04, /* u16 bcdDevice */ ++ ++ 0x01, /* u8 iManufacturer; */ ++ 0x02, /* u8 iProduct; */ ++ 0x03, /* u8 iSerialNumber; */ ++ 0x01 /* u8 bNumConfigurations; */ ++}; ++ ++static const uint8_t qemu_serial_config_descriptor[] = { ++ ++ /* one configuration */ ++ 0x09, /* u8 bLength; */ ++ 0x02, /* u8 bDescriptorType; Configuration */ ++ 0x20, 0x00, /* u16 wTotalLength; */ ++ 0x01, /* u8 bNumInterfaces; (1) */ ++ 0x01, /* u8 bConfigurationValue; */ ++ 0x00, /* u8 iConfiguration; */ ++ 0x80, /* u8 bmAttributes; ++ Bit 7: must be set, ++ 6: Self-powered, ++ 5: Remote wakeup, ++ 4..0: resvd */ ++ 100/2, /* u8 MaxPower; */ ++ ++ /* one interface */ ++ 0x09, /* u8 if_bLength; */ ++ 0x04, /* u8 if_bDescriptorType; Interface */ ++ 0x00, /* u8 if_bInterfaceNumber; */ ++ 0x00, /* u8 if_bAlternateSetting; */ ++ 0x02, /* u8 if_bNumEndpoints; */ ++ 0xff, /* u8 if_bInterfaceClass; Vendor Specific */ ++ 0xff, /* u8 if_bInterfaceSubClass; Vendor Specific */ ++ 0xff, /* u8 if_bInterfaceProtocol; Vendor Specific */ ++ 0x02, /* u8 if_iInterface; */ ++ ++ /* Bulk-In endpoint */ ++ 0x07, /* u8 ep_bLength; */ ++ 0x05, /* u8 ep_bDescriptorType; Endpoint */ ++ 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */ ++ 0x02, /* u8 ep_bmAttributes; Bulk */ ++ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */ ++ 0x00, /* u8 ep_bInterval; */ ++ ++ /* Bulk-Out endpoint */ ++ 0x07, /* u8 ep_bLength; */ ++ 0x05, /* u8 ep_bDescriptorType; Endpoint */ ++ 0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */ ++ 0x02, /* u8 ep_bmAttributes; Bulk */ ++ 0x40, 0x00, /* u16 ep_wMaxPacketSize; */ ++ 0x00 /* u8 ep_bInterval; */ ++}; ++ ++static void usb_serial_reset(USBSerialState *s) ++{ ++ /* TODO: Set flow control to none */ ++ s->event_chr = 0x0d; ++ s->event_trigger = 0; ++ s->recv_ptr = 0; ++ s->recv_used = 0; ++ /* TODO: purge in char driver */ ++ s->lines &= ~(FTDI_DTR|FTDI_RTS); ++} ++ ++static void usb_serial_handle_reset(USBDevice *dev) ++{ ++ USBSerialState *s = (USBSerialState *)dev; ++ ++ DPRINTF("Reset\n"); ++ ++ usb_serial_reset(s); ++ /* TODO: Reset char device, send BREAK? */ ++} ++ ++static int usb_serial_handle_control(USBDevice *dev, int request, int value, ++ int index, int length, uint8_t *data) ++{ ++ USBSerialState *s = (USBSerialState *)dev; ++ int ret = 0; ++ ++ //DPRINTF("got control %x, value %x\n",request, value); ++ switch (request) { ++ case DeviceRequest | USB_REQ_GET_STATUS: ++ data[0] = (0 << USB_DEVICE_SELF_POWERED) | ++ (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP); ++ data[1] = 0x00; ++ ret = 2; ++ break; ++ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE: ++ if (value == USB_DEVICE_REMOTE_WAKEUP) { ++ dev->remote_wakeup = 0; ++ } else { ++ goto fail; ++ } ++ ret = 0; ++ break; ++ case DeviceOutRequest | USB_REQ_SET_FEATURE: ++ if (value == USB_DEVICE_REMOTE_WAKEUP) { ++ dev->remote_wakeup = 1; ++ } else { ++ goto fail; ++ } ++ ret = 0; ++ break; ++ case DeviceOutRequest | USB_REQ_SET_ADDRESS: ++ dev->addr = value; ++ ret = 0; ++ break; ++ case DeviceRequest | USB_REQ_GET_DESCRIPTOR: ++ switch(value >> 8) { ++ case USB_DT_DEVICE: ++ memcpy(data, qemu_serial_dev_descriptor, ++ sizeof(qemu_serial_dev_descriptor)); ++ data[8] = s->vendorid & 0xff; ++ data[9] = ((s->vendorid) >> 8) & 0xff; ++ data[10] = s->productid & 0xff; ++ data[11] = ((s->productid) >> 8) & 0xff; ++ ret = sizeof(qemu_serial_dev_descriptor); ++ break; ++ case USB_DT_CONFIG: ++ memcpy(data, qemu_serial_config_descriptor, ++ sizeof(qemu_serial_config_descriptor)); ++ ret = sizeof(qemu_serial_config_descriptor); ++ break; ++ case USB_DT_STRING: ++ switch(value & 0xff) { ++ case 0: ++ /* language ids */ ++ data[0] = 4; ++ data[1] = 3; ++ data[2] = 0x09; ++ data[3] = 0x04; ++ ret = 4; ++ break; ++ case 1: ++ /* vendor description */ ++ ret = set_usb_string(data, "QEMU " QEMU_VERSION); ++ break; ++ case 2: ++ /* product description */ ++ ret = set_usb_string(data, "QEMU USB SERIAL"); ++ break; ++ case 3: ++ /* serial number */ ++ ret = set_usb_string(data, "1"); ++ break; ++ default: ++ goto fail; ++ } ++ break; ++ default: ++ goto fail; ++ } ++ break; ++ case DeviceRequest | USB_REQ_GET_CONFIGURATION: ++ data[0] = 1; ++ ret = 1; ++ break; ++ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION: ++ ret = 0; ++ break; ++ case DeviceRequest | USB_REQ_GET_INTERFACE: ++ data[0] = 0; ++ ret = 1; ++ break; ++ case InterfaceOutRequest | USB_REQ_SET_INTERFACE: ++ ret = 0; ++ break; ++ case EndpointOutRequest | USB_REQ_CLEAR_FEATURE: ++ ret = 0; ++ break; ++ ++ /* Class specific requests. */ ++ case DeviceOutVendor | FTDI_RESET: ++ switch (value) { ++ case FTDI_RESET_SIO: ++ usb_serial_reset(s); ++ break; ++ case FTDI_RESET_RX: ++ s->recv_ptr = 0; ++ s->recv_used = 0; ++ /* TODO: purge from char device */ ++ break; ++ case FTDI_RESET_TX: ++ /* TODO: purge from char device */ ++ break; ++ } ++ break; ++ case DeviceOutVendor | FTDI_SET_MDM_CTRL: ++ s->lines = value & FTDI_MDM_CTRL; ++ break; ++ case DeviceOutVendor | FTDI_SET_FLOW_CTRL: ++ /* TODO: ioctl */ ++ break; ++ case DeviceOutVendor | FTDI_SET_BAUD: { ++ static const int subdivisors8[8] = { 0, 4, 2, 1, 3, 5, 6, 7 }; ++ int subdivisor8 = subdivisors8[((value & 0xc000) >> 14) ++ | ((index & 1) << 2)]; ++ int divisor = value & 0x3fff; ++ ++ /* chip special cases */ ++ if (divisor == 1 && subdivisor8 == 0) ++ subdivisor8 = 4; ++ if (divisor == 0 && subdivisor8 == 0) ++ divisor = 1; ++ ++ s->params.speed = (48000000 / 2) / (8 * divisor + subdivisor8); ++ qemu_chr_ioctl(s->cs, CHR_IOCTL_SERIAL_SET_PARAMS, &s->params); ++ break; ++ } ++ case DeviceOutVendor | FTDI_SET_DATA: ++ switch (value & FTDI_PARITY) { ++ case 0: ++ s->params.parity = 'N'; ++ break; ++ case FTDI_ODD: ++ s->params.parity = 'O'; ++ break; ++ case FTDI_EVEN: ++ s->params.parity = 'E'; ++ break; ++ default: ++ DPRINTF("unsupported parity %d\n", value & FTDI_PARITY); ++ goto fail; ++ } ++ switch (value & FTDI_STOP) { ++ case FTDI_STOP1: ++ s->params.stop_bits = 1; ++ break; ++ case FTDI_STOP2: ++ s->params.stop_bits = 2; ++ break; ++ default: ++ DPRINTF("unsupported stop bits %d\n", value & FTDI_STOP); ++ goto fail; ++ } ++ qemu_chr_ioctl(s->cs, CHR_IOCTL_SERIAL_SET_PARAMS, &s->params); ++ /* TODO: TX ON/OFF */ ++ break; ++ case DeviceInVendor | FTDI_GET_MDM_ST: ++ /* TODO: return modem status */ ++ data[0] = 0; ++ ret = 1; ++ break; ++ case DeviceOutVendor | FTDI_SET_EVENT_CHR: ++ /* TODO: handle it */ ++ s->event_chr = value; ++ break; ++ case DeviceOutVendor | FTDI_SET_ERROR_CHR: ++ /* TODO: handle it */ ++ s->error_chr = value; ++ break; ++ case DeviceOutVendor | FTDI_SET_LATENCY: ++ s->latency = value; ++ break; ++ case DeviceInVendor | FTDI_GET_LATENCY: ++ data[0] = s->latency; ++ ret = 1; ++ break; ++ default: ++ fail: ++ DPRINTF("got unsupported/bogus control %x, value %x\n", request, value); ++ ret = USB_RET_STALL; ++ break; ++ } ++ return ret; ++} ++ ++static int usb_serial_handle_data(USBDevice *dev, USBPacket *p) ++{ ++ USBSerialState *s = (USBSerialState *)dev; ++ int ret = 0; ++ uint8_t devep = p->devep; ++ uint8_t *data = p->data; ++ int len = p->len; ++ int first_len; ++ ++ switch (p->pid) { ++ case USB_TOKEN_OUT: ++ if (devep != 2) ++ goto fail; ++ qemu_chr_write(s->cs, data, len); ++ break; ++ ++ case USB_TOKEN_IN: ++ if (devep != 1) ++ goto fail; ++ first_len = RECV_BUF - s->recv_ptr; ++ if (len <= 2) { ++ ret = USB_RET_NAK; ++ break; ++ } ++ /* TODO: Report serial line status */ ++ *data++ = 0; ++ *data++ = 0; ++ len -= 2; ++ if (len > s->recv_used) ++ len = s->recv_used; ++ if (!len) { ++ ret = USB_RET_NAK; ++ break; ++ } ++ if (first_len > len) ++ first_len = len; ++ memcpy(data, s->recv_buf + s->recv_ptr, first_len); ++ if (len > first_len) ++ memcpy(data + first_len, s->recv_buf, len - first_len); ++ s->recv_used -= len; ++ s->recv_ptr = (s->recv_ptr + len) % RECV_BUF; ++ ret = len + 2; ++ break; ++ ++ default: ++ DPRINTF("Bad token\n"); ++ fail: ++ ret = USB_RET_STALL; ++ break; ++ } ++ ++ return ret; ++} ++ ++static void usb_serial_handle_destroy(USBDevice *dev) ++{ ++ USBSerialState *s = (USBSerialState *)dev; ++ ++ qemu_chr_close(s->cs); ++ qemu_free(s); ++} ++ ++int usb_serial_can_read(void *opaque) ++{ ++ USBSerialState *s = opaque; ++ return RECV_BUF - s->recv_used; ++} ++ ++void usb_serial_read(void *opaque, const uint8_t *buf, int size) ++{ ++ USBSerialState *s = opaque; ++ int first_size = RECV_BUF - s->recv_ptr; ++ if (first_size > size) ++ first_size = size; ++ memcpy(s->recv_buf + s->recv_ptr + s->recv_used, buf, first_size); ++ if (size > first_size) ++ memcpy(s->recv_buf, buf + first_size, size - first_size); ++ s->recv_used += size; ++} ++ ++void usb_serial_event(void *opaque, int event) ++{ ++ USBSerialState *s = opaque; ++ ++ switch (event) { ++ case CHR_EVENT_BREAK: ++ /* TODO: Send Break to USB */ ++ break; ++ case CHR_EVENT_FOCUS: ++ break; ++ case CHR_EVENT_RESET: ++ usb_serial_reset(s); ++ /* TODO: Reset USB port */ ++ break; ++ } ++} ++ ++USBDevice *usb_serial_init(const char *filename) ++{ ++ USBSerialState *s; ++ CharDriverState *cdrv; ++ unsigned short vendorid = 0x0403, productid = 0x6001; ++ ++ while (*filename && *filename != ':') { ++ const char *p; ++ char *e; ++ if (strstart(filename, "vendorid=", &p)) { ++ vendorid = strtol(p, &e, 16); ++ if (e == p || (*e && *e != ',' && *e != ':')) { ++ printf("bogus vendor ID %s\n", p); ++ return NULL; ++ } ++ filename = e; ++ } else if (strstart(filename, "productid=", &p)) { ++ productid = strtol(p, &e, 16); ++ if (e == p || (*e && *e != ',' && *e != ':')) { ++ printf("bogus product ID %s\n", p); ++ return NULL; ++ } ++ filename = e; ++ } else { ++ printf("unrecognized serial USB option %s\n", filename); ++ return NULL; ++ } ++ while(*filename == ',') ++ filename++; ++ } ++ if (!*filename) { ++ printf("character device specification needed\n"); ++ return NULL; ++ } ++ filename++; ++ s = qemu_mallocz(sizeof(USBSerialState)); ++ if (!s) ++ return NULL; ++ ++ cdrv = qemu_chr_open(filename); ++ if (!cdrv) ++ goto fail; ++ s->cs = cdrv; ++ qemu_chr_add_handlers(cdrv, usb_serial_can_read, usb_serial_read, usb_serial_event, s); ++ ++ s->dev.speed = USB_SPEED_FULL; ++ s->dev.handle_packet = usb_generic_handle_packet; ++ ++ s->dev.handle_reset = usb_serial_handle_reset; ++ s->dev.handle_control = usb_serial_handle_control; ++ s->dev.handle_data = usb_serial_handle_data; ++ s->dev.handle_destroy = usb_serial_handle_destroy; ++ ++ s->vendorid = vendorid; ++ s->productid = productid; ++ ++ snprintf(s->dev.devname, sizeof(s->dev.devname), "QEMU USB Serial(%.16s)", ++ filename); ++ ++ usb_serial_handle_reset((USBDevice *)s); ++ return (USBDevice *)s; ++ fail: ++ qemu_free(s); ++ return NULL; ++} +Index: qemu-0.9.1/hw/usb.h +=================================================================== +--- qemu-0.9.1.orig/hw/usb.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/usb.h 2008-04-14 11:26:14.000000000 +0200 +@@ -217,6 +217,9 @@ + /* usb-wacom.c */ + USBDevice *usb_wacom_init(void); + ++/* usb-serial.c */ ++USBDevice *usb_serial_init(const char *filename); ++ + /* usb ports of the VM */ + + void qemu_register_usb_port(USBPort *port, void *opaque, int index, +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-04-14 11:27:17.000000000 +0200 +@@ -2051,6 +2051,20 @@ + } + } + ++static void fd_chr_close(struct CharDriverState *chr) ++{ ++ FDCharDriver *s = chr->opaque; ++ ++ if (s->fd_in >= 0) { ++ if (nographic && s->fd_in == 0) { ++ } else { ++ qemu_set_fd_handler2(s->fd_in, NULL, NULL, NULL, NULL); ++ } ++ } ++ ++ qemu_free(s); ++} ++ + /* open a character device to a unix fd */ + static CharDriverState *qemu_chr_open_fd(int fd_in, int fd_out) + { +@@ -2070,6 +2084,7 @@ + chr->opaque = s; + chr->chr_write = fd_chr_write; + chr->chr_update_read_handler = fd_chr_update_read_handler; ++ chr->chr_close = fd_chr_close; + + qemu_chr_reset(chr); + +@@ -2156,6 +2171,7 @@ + /* init terminal so that we can grab keys */ + static struct termios oldtty; + static int old_fd0_flags; ++static int term_atexit_done; + + static void term_exit(void) + { +@@ -2185,11 +2201,20 @@ + + tcsetattr (0, TCSANOW, &tty); + +- atexit(term_exit); ++ if (!term_atexit_done++) ++ atexit(term_exit); + + fcntl(0, F_SETFL, O_NONBLOCK); + } + ++static void qemu_chr_close_stdio(struct CharDriverState *chr) ++{ ++ term_exit(); ++ stdio_nb_clients--; ++ qemu_set_fd_handler2(0, NULL, NULL, NULL, NULL); ++ fd_chr_close(chr); ++} ++ + static CharDriverState *qemu_chr_open_stdio(void) + { + CharDriverState *chr; +@@ -2197,6 +2222,7 @@ + if (stdio_nb_clients >= STDIO_MAX_CLIENTS) + return NULL; + chr = qemu_chr_open_fd(0, 1); ++ chr->chr_close = qemu_chr_close_stdio; + qemu_set_fd_handler2(0, stdio_read_poll, stdio_read, NULL, chr); + stdio_nb_clients++; + term_init(); +@@ -2241,45 +2267,33 @@ + #endif + tcgetattr (fd, &tty); + +- switch(speed) { +- case 50: ++#define MARGIN 1.1 ++ if (speed <= 50 * MARGIN) + spd = B50; +- break; +- case 75: ++ else if (speed <= 75 * MARGIN) + spd = B75; +- break; +- case 300: ++ else if (speed <= 300 * MARGIN) + spd = B300; +- break; +- case 600: ++ else if (speed <= 600 * MARGIN) + spd = B600; +- break; +- case 1200: ++ else if (speed <= 1200 * MARGIN) + spd = B1200; +- break; +- case 2400: ++ else if (speed <= 2400 * MARGIN) + spd = B2400; +- break; +- case 4800: ++ else if (speed <= 4800 * MARGIN) + spd = B4800; +- break; +- case 9600: ++ else if (speed <= 9600 * MARGIN) + spd = B9600; +- break; +- case 19200: ++ else if (speed <= 19200 * MARGIN) + spd = B19200; +- break; +- case 38400: ++ else if (speed <= 38400 * MARGIN) + spd = B38400; +- break; +- case 57600: ++ else if (speed <= 57600 * MARGIN) + spd = B57600; +- break; +- default: +- case 115200: ++ else if (speed <= 115200 * MARGIN) ++ spd = B115200; ++ else + spd = B115200; +- break; +- } + + cfsetispeed(&tty, spd); + cfsetospeed(&tty, spd); +@@ -3431,6 +3445,7 @@ + { + if (chr->chr_close) + chr->chr_close(chr); ++ qemu_free(chr); + } + + /***********************************************************/ +@@ -5200,6 +5215,8 @@ + dev = usb_msd_init(p); + } else if (!strcmp(devname, "wacom-tablet")) { + dev = usb_wacom_init(); ++ } else if (strstart(devname, "serial:", &p)) { ++ dev = usb_serial_init(p); + } else { + return -1; + } +Index: qemu-0.9.1/qemu-doc.texi +=================================================================== +--- qemu-0.9.1.orig/qemu-doc.texi 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/qemu-doc.texi 2008-04-14 11:27:17.000000000 +0200 +@@ -524,6 +524,10 @@ + @item host:vendor_id:product_id + Pass through the host device identified by vendor_id:product_id (Linux only). + ++@item serial:[vendorid=@var{vendor_id}][,productid=@var{product_id}]:@var{dev} ++Serial converter to host character device @var{dev}, see @code{-serial} for the ++available devices. ++ + @end table + + @end table +@@ -1561,27 +1565,37 @@ + USB devices can be connected with the @option{-usbdevice} commandline option + or the @code{usb_add} monitor command. Available devices are: + +-@table @var +-@item @code{mouse} ++@table @code ++@item mouse + Virtual Mouse. This will override the PS/2 mouse emulation when activated. +-@item @code{tablet} ++@item tablet + Pointer device that uses absolute coordinates (like a touchscreen). + This means qemu is able to report the mouse position without having + to grab the mouse. Also overrides the PS/2 mouse emulation when activated. +-@item @code{disk:@var{file}} ++@item disk:@var{file} + Mass storage device based on @var{file} (@pxref{disk_images}) +-@item @code{host:@var{bus.addr}} ++@item host:@var{bus.addr} + Pass through the host device identified by @var{bus.addr} + (Linux only) +-@item @code{host:@var{vendor_id:product_id}} ++@item host:@var{vendor_id:product_id} + Pass through the host device identified by @var{vendor_id:product_id} + (Linux only) +-@item @code{wacom-tablet} ++@item wacom-tablet + Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet} + above but it can be used with the tslib library because in addition to touch + coordinates it reports touch pressure. +-@item @code{keyboard} ++@item keyboard + Standard USB keyboard. Will override the PS/2 keyboard (if present). ++@item serial:[vendorid=@var{vendor_id}][,product_id=@var{product_id}]:@var{dev} ++Serial converter. This emulates an FTDI FT232BM chip connected to host character ++device @var{dev}. The available character devices are the same as for the ++@code{-serial} option. The @code{vendorid} and @code{productid} options can be ++used to override the default 0403:6001. For instance, ++@example ++usb_add serial:productid=FA00:tcp:192.168.0.2:4444 ++@end example ++will connect to tcp port 4444 of ip 192.168.0.2, and plug that to the virtual ++serial converter, faking a Matrix Orbital LCD Display (USB ID 0403:FA00). + @end table + + @node host_usb_devices --- qemu-0.9.1.orig/debian/patches/07_i386_exec_name.patch +++ qemu-0.9.1/debian/patches/07_i386_exec_name.patch @@ -0,0 +1,26 @@ +Index: qemu-0.9.1/Makefile.target +=================================================================== +--- qemu-0.9.1.orig/Makefile.target 2008-04-14 11:26:13.000000000 +0200 ++++ qemu-0.9.1/Makefile.target 2008-04-14 11:27:37.000000000 +0200 +@@ -74,11 +74,7 @@ + QEMU_USER=qemu-$(TARGET_ARCH2) + # system emulator name + ifdef CONFIG_SOFTMMU +-ifeq ($(TARGET_ARCH), i386) +-QEMU_SYSTEM=qemu$(EXESUF) +-else + QEMU_SYSTEM=qemu-system-$(TARGET_ARCH2)$(EXESUF) +-endif + else + QEMU_SYSTEM=qemu-fast + endif +@@ -634,6 +630,9 @@ + ifneq ($(PROGS),) + $(INSTALL) -m 755 $(PROGS) "$(DESTDIR)$(bindir)" + endif ++ifeq ($(TARGET_ARCH), i386) ++ ln -sf qemu-system-i386$(EXESUF) "$(DESTDIR)$(bindir)/qemu$(EXESUF)" ++endif + + ifneq ($(wildcard .depend),) + include .depend --- qemu-0.9.1.orig/debian/patches/55_unmux_socketcall.patch +++ qemu-0.9.1/debian/patches/55_unmux_socketcall.patch @@ -0,0 +1,32 @@ +Index: qemu-0.9.1/linux-user/arm/syscall_nr.h +=================================================================== +--- qemu-0.9.1.orig/linux-user/arm/syscall_nr.h 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/arm/syscall_nr.h 2008-04-14 11:26:14.000000000 +0200 +@@ -256,9 +256,8 @@ + #define TARGET_NR_epoll_ctl (251) + #define TARGET_NR_epoll_wait (252) + #define TARGET_NR_remap_file_pages (253) +- /* 254 for set_thread_area */ +- /* 255 for get_thread_area */ +- /* 256 for set_tid_address */ ++#define TARGET_NR_set_thread_area (254) ++#define TARGET_NR_get_thread_area (255) + #define TARGET_NR_set_tid_address 256 + #define TARGET_NR_timer_create 257 + #define TARGET_NR_timer_settime 258 +Index: qemu-0.9.1/linux-user/syscall.c +=================================================================== +--- qemu-0.9.1.orig/linux-user/syscall.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/linux-user/syscall.c 2008-04-14 11:26:14.000000000 +0200 +@@ -5701,7 +5701,10 @@ + case TARGET_NR_getdomainname: + goto unimplemented_nowarn; + #endif +- ++#ifdef TARGET_NR_futex ++ case TARGET_NR_futex: ++ goto unimplemented_nowarn; ++#endif + #ifdef TARGET_NR_clock_gettime + case TARGET_NR_clock_gettime: + { --- qemu-0.9.1.orig/debian/patches/97_security.patch +++ qemu-0.9.1/debian/patches/97_security.patch @@ -0,0 +1,39 @@ +commit 65d35a09979e63541afc5bfc595b9f1b1b4ae069 +Author: aurel32 +Date: Sat Nov 1 00:53:39 2008 +0000 + + CVE-2008-4539: fix a heap overflow in Cirrus emulation + + The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has + been announced and the patch has been applied. As a consequence it has + wrongly applied and QEMU is still vulnerable to this bug if using VNC. + + (noticed by Jan Niehusmann) + + Signed-off-by: Aurelien Jarno + + git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162 + +diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c +index 55f3ced..af9c9e6 100644 +--- a/hw/cirrus_vga.c ++++ b/hw/cirrus_vga.c +@@ -785,15 +785,14 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) + + static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s) + { ++ if (BLTUNSAFE(s)) ++ return 0; ++ + if (s->ds->dpy_copy) { + cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr, + s->cirrus_blt_srcaddr - s->start_addr, + s->cirrus_blt_width, s->cirrus_blt_height); + } else { +- +- if (BLTUNSAFE(s)) +- return 0; +- + (*s->cirrus_rop) (s, s->vram_ptr + + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), + s->vram_ptr + --- qemu-0.9.1.orig/debian/patches/70_manpage.patch +++ qemu-0.9.1/debian/patches/70_manpage.patch @@ -0,0 +1,33 @@ +Index: qemu-doc.texi +=================================================================== +--- qemu-doc.texi.orig 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-doc.texi 2008-04-14 11:27:20.000000000 +0200 +@@ -492,6 +498,28 @@ + + @item -usbdevice @var{devname} + Add the USB device @var{devname}. @xref{usb_devices}. ++ ++@table @code ++ ++@item mouse ++Virtual Mouse. This will override the PS/2 mouse emulation when activated. ++ ++@item tablet ++Pointer device that uses absolute coordinates (like a touchscreen). This ++means qemu is able to report the mouse position without having to grab the ++mouse. Also overrides the PS/2 mouse emulation when activated. ++ ++@item disk:file ++Mass storage device based on file ++ ++@item host:bus.addr ++Pass through the host device identified by bus.addr (Linux only). ++ ++@item host:vendor_id:product_id ++Pass through the host device identified by vendor_id:product_id (Linux only). ++ ++@end table ++ + @end table + + Network options: --- qemu-0.9.1.orig/debian/patches/51_linuxbios_piix_ram_size.patch +++ qemu-0.9.1/debian/patches/51_linuxbios_piix_ram_size.patch @@ -0,0 +1,50 @@ +Index: hw/pc.c +=================================================================== +--- hw/pc.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ hw/pc.c 2008-04-14 11:27:17.000000000 +0200 +@@ -844,7 +844,7 @@ + ferr_irq = i8259[13]; + + if (pci_enabled) { +- pci_bus = i440fx_init(&i440fx_state, i8259); ++ pci_bus = i440fx_init(&i440fx_state, i8259, ram_size); + piix3_devfn = piix3_init(pci_bus, -1); + } else { + pci_bus = NULL; +Index: hw/pc.h +=================================================================== +--- hw/pc.h.orig 2008-01-06 20:38:42.000000000 +0100 ++++ hw/pc.h 2008-04-14 11:26:14.000000000 +0200 +@@ -97,7 +97,7 @@ + int pcspk_audio_init(AudioState *, qemu_irq *pic); + + /* piix_pci.c */ +-PCIBus *i440fx_init(PCIDevice **pi440fx_state, qemu_irq *pic); ++PCIBus *i440fx_init(PCIDevice **pi440fx_state, qemu_irq *pic, int ram_size); + void i440fx_set_smm(PCIDevice *d, int val); + int piix3_init(PCIBus *bus, int devfn); + void i440fx_init_memory_mappings(PCIDevice *d); +Index: hw/piix_pci.c +=================================================================== +--- hw/piix_pci.c.orig 2008-01-06 20:38:42.000000000 +0100 ++++ hw/piix_pci.c 2008-04-14 11:26:14.000000000 +0200 +@@ -169,7 +169,7 @@ + return 0; + } + +-PCIBus *i440fx_init(PCIDevice **pi440fx_state, qemu_irq *pic) ++PCIBus *i440fx_init(PCIDevice **pi440fx_state, qemu_irq *pic, int ram_size) + { + PCIBus *b; + PCIDevice *d; +@@ -200,6 +200,10 @@ + d->config[0x0a] = 0x00; // class_sub = host2pci + d->config[0x0b] = 0x06; // class_base = PCI_bridge + d->config[0x0e] = 0x00; // header_type ++ ram_size = ram_size / 8 / 1024 / 1024; ++ if (ram_size > 255) ++ ram_size = 255; ++ d->config[0x57] = ram_size; + + d->config[0x72] = 0x02; /* SMRAM */ + --- qemu-0.9.1.orig/debian/patches/01_nostrip.patch +++ qemu-0.9.1/debian/patches/01_nostrip.patch @@ -0,0 +1,26 @@ +Index: qemu-0.9.1/Makefile +=================================================================== +--- qemu-0.9.1.orig/Makefile 2008-01-06 20:38:41.000000000 +0100 ++++ qemu-0.9.1/Makefile 2008-04-14 11:27:19.000000000 +0200 +@@ -174,7 +174,7 @@ + install: all $(if $(BUILD_DOCS),install-doc) + mkdir -p "$(DESTDIR)$(bindir)" + ifneq ($(TOOLS),) +- $(INSTALL) -m 755 -s $(TOOLS) "$(DESTDIR)$(bindir)" ++ $(INSTALL) -m 755 $(TOOLS) "$(DESTDIR)$(bindir)" + endif + mkdir -p "$(DESTDIR)$(datadir)" + for x in bios.bin vgabios.bin vgabios-cirrus.bin ppc_rom.bin \ +Index: qemu-0.9.1/Makefile.target +=================================================================== +--- qemu-0.9.1.orig/Makefile.target 2008-01-06 20:38:41.000000000 +0100 ++++ qemu-0.9.1/Makefile.target 2008-04-14 11:27:38.000000000 +0200 +@@ -632,7 +632,7 @@ + + install: all + ifneq ($(PROGS),) +- $(INSTALL) -m 755 -s $(PROGS) "$(DESTDIR)$(bindir)" ++ $(INSTALL) -m 755 $(PROGS) "$(DESTDIR)$(bindir)" + endif + + ifneq ($(wildcard .depend),) --- qemu-0.9.1.orig/debian/patches/11_signal_sigaction.patch +++ qemu-0.9.1/debian/patches/11_signal_sigaction.patch @@ -0,0 +1,16 @@ +Index: linux-user/signal.c +=================================================================== +--- linux-user/signal.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/signal.c 2008-04-14 11:27:38.000000000 +0200 +@@ -512,6 +512,11 @@ + + if (sig < 1 || sig > TARGET_NSIG || sig == SIGKILL || sig == SIGSTOP) + return -EINVAL; ++ ++ /* no point doing the stuff as those are not allowed for sigaction */ ++ if ((sig == TARGET_SIGKILL) || (sig == TARGET_SIGSTOP)) ++ return -EINVAL; ++ + k = &sigact_table[sig - 1]; + #if defined(DEBUG_SIGNAL) + fprintf(stderr, "sigaction sig=%d act=0x%08x, oact=0x%08x\n", --- qemu-0.9.1.orig/debian/patches/86_df.patch +++ qemu-0.9.1/debian/patches/86_df.patch @@ -0,0 +1,23 @@ +commit 953d3ae6fbd433d2d6f0402a0de81e32e09023d5 +Author: aurel32 +Date: Fri Mar 28 22:30:30 2008 +0000 + + x86-64: recompute DF after eflags has been modified when emulating SYSCALL + + (Jakub Jermar) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4120 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/target-i386/helper.c +=================================================================== +--- qemu-0.9.1.orig/target-i386/helper.c 2008-01-06 20:38:45.000000000 +0100 ++++ qemu-0.9.1/target-i386/helper.c 2008-04-14 11:26:14.000000000 +0200 +@@ -1008,6 +1008,7 @@ + DESC_S_MASK | + DESC_W_MASK | DESC_A_MASK); + env->eflags &= ~env->fmask; ++ load_eflags(env->eflags, 0); + if (code64) + env->eip = env->lstar; + else --- qemu-0.9.1.orig/debian/patches/60_ppc_ld.patch +++ qemu-0.9.1/debian/patches/60_ppc_ld.patch @@ -0,0 +1,21 @@ +Index: qemu-0.9.1/ppc.ld +=================================================================== +--- qemu-0.9.1.orig/ppc.ld 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/ppc.ld 2008-04-14 11:26:14.000000000 +0200 +@@ -8,6 +8,7 @@ + SECTIONS + { + /* Read-only sections, merged into text segment: */ ++ PROVIDE (__executable_start = 0x60000000); + . = 0x60000000 + SIZEOF_HEADERS; + .interp : { *(.interp) } + .hash : { *(.hash) } +@@ -210,7 +211,7 @@ + .debug_aranges 0 : { *(.debug_aranges) } + .debug_pubnames 0 : { *(.debug_pubnames) } + /* DWARF 2 */ +- .debug_info 0 : { *(.debug_info) } ++ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } + .debug_abbrev 0 : { *(.debug_abbrev) } + .debug_line 0 : { *(.debug_line) } + .debug_frame 0 : { *(.debug_frame) } --- qemu-0.9.1.orig/debian/patches/96_security.patch +++ qemu-0.9.1/debian/patches/96_security.patch @@ -0,0 +1,33 @@ +commit 7e5b685255b2dbc9d96f954c86fcc86a56fee0c6 +Author: aliguori +Date: Wed Dec 10 15:12:57 2008 +0000 + + Fix off-by-one bug limiting VNC passwords to 7 chars (Chris Webb) + + monitor_readline expects buf_size to include the terminating \0, but + do_change_vnc in monitor.c calls it as though it doesn't. The other site + where monitor_readline reads a password (in vl.c) passes the buffer + length + correctly. + + Signed-off-by: Chris Webb + Signed-off-by: Anthony Liguori + + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@5966 c046a42c-6fe2-441c-8c8c-71466251a162 + +diff --git a/monitor.c b/monitor.c +index f142a87..bec9211 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -434,8 +434,7 @@ static void do_change_vnc(const char *target) + if (strcmp(target, "passwd") == 0 || + strcmp(target, "password") == 0) { + char password[9]; +- monitor_readline("Password: ", 1, password, sizeof(password)-1); +- password[sizeof(password)-1] = '\0'; ++ monitor_readline("Password: ", 1, password, sizeof(password)); + if (vnc_display_password(NULL, password) < 0) + term_printf("could not set VNC server password\n"); + } else { --- qemu-0.9.1.orig/debian/patches/06_exit_segfault.patch +++ qemu-0.9.1/debian/patches/06_exit_segfault.patch @@ -0,0 +1,40 @@ +Index: linux-user/main.c +=================================================================== +--- linux-user/main.c.orig 2008-01-06 20:38:42.000000000 +0100 ++++ linux-user/main.c 2008-04-14 11:27:36.000000000 +0200 +@@ -714,7 +714,7 @@ + default: + printf ("Unhandled trap: 0x%x\n", trapnr); + cpu_dump_state(env, stderr, fprintf, 0); +- exit (1); ++ _exit (1); + } + process_pending_signals (env); + } +@@ -1646,7 +1646,7 @@ + default: + printf ("Unhandled trap: 0x%x\n", trapnr); + cpu_dump_state(env, stderr, fprintf, 0); +- exit (1); ++ _exit (1); + } + process_pending_signals (env); + } +@@ -1972,7 +1972,7 @@ + for(item = cpu_log_items; item->mask != 0; item++) { + printf("%-10s %s\n", item->name, item->help); + } +- exit(1); ++ _exit(1); + } + cpu_set_log(mask); + } else if (!strcmp(r, "s")) { +@@ -1991,7 +1991,7 @@ + if (qemu_host_page_size == 0 || + (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) { + fprintf(stderr, "page size must be a power of two\n"); +- exit(1); ++ _exit(1); + } + } else if (!strcmp(r, "g")) { + gdbstub_port = atoi(argv[optind++]); --- qemu-0.9.1.orig/debian/patches/02_snapshot_use_tmpdir.patch +++ qemu-0.9.1/debian/patches/02_snapshot_use_tmpdir.patch @@ -0,0 +1,18 @@ +Index: block.c +=================================================================== +--- block.c.orig 2008-01-06 20:38:42.000000000 +0100 ++++ block.c 2008-04-14 11:27:17.000000000 +0200 +@@ -191,8 +191,12 @@ + void get_tmp_filename(char *filename, int size) + { + int fd; ++ char *tmpdir; + /* XXX: race condition possible */ +- pstrcpy(filename, size, "/tmp/vl.XXXXXX"); ++ tmpdir = getenv("TMPDIR"); ++ if (!tmpdir) ++ tmpdir = "/tmp"; ++ snprintf(filename, size, "%s/vl.XXXXXX", tmpdir); + fd = mkstemp(filename); + close(fd); + } --- qemu-0.9.1.orig/debian/patches/82_mips_abs.patch +++ qemu-0.9.1/debian/patches/82_mips_abs.patch @@ -0,0 +1,24 @@ +commit fcb2adefba1ccba4b6eaf27750970d654edd89c8 +Author: ths +Date: Tue Jan 8 18:11:08 2008 +0000 + + Fix broken absoluteness check for cabs.d.*. + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@3900 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/target-mips/op_helper.c +=================================================================== +--- qemu-0.9.1.orig/target-mips/op_helper.c 2008-01-06 20:38:45.000000000 +0100 ++++ qemu-0.9.1/target-mips/op_helper.c 2008-04-14 11:26:14.000000000 +0200 +@@ -1250,8 +1250,8 @@ + void do_cmpabs_d_ ## op (long cc) \ + { \ + int c; \ +- FDT0 = float64_chs(FDT0); \ +- FDT1 = float64_chs(FDT1); \ ++ FDT0 = float64_abs(FDT0); \ ++ FDT1 = float64_abs(FDT1); \ + c = cond; \ + update_fcr31(); \ + if (c) \ --- qemu-0.9.1.orig/debian/patches/50_linuxbios_isa_bios_ram.patch +++ qemu-0.9.1/debian/patches/50_linuxbios_isa_bios_ram.patch @@ -0,0 +1,24 @@ +Index: hw/pc.c +=================================================================== +--- hw/pc.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ hw/pc.c 2008-04-14 11:27:35.000000000 +0200 +@@ -794,15 +794,13 @@ + cpu_register_physical_memory(0xc0000, 0x10000, + vga_bios_offset | IO_MEM_ROM); + +- /* map the last 128KB of the BIOS in ISA space */ ++ /* copy the last 128KB of the BIOS to ISA space */ + isa_bios_size = bios_size; + if (isa_bios_size > (128 * 1024)) + isa_bios_size = 128 * 1024; +- cpu_register_physical_memory(0xd0000, (192 * 1024) - isa_bios_size, +- IO_MEM_UNASSIGNED); +- cpu_register_physical_memory(0x100000 - isa_bios_size, +- isa_bios_size, +- (bios_offset + bios_size - isa_bios_size) | IO_MEM_ROM); ++ memcpy(phys_ram_base + 0x100000 - isa_bios_size, ++ phys_ram_base + bios_offset + bios_size - isa_bios_size, ++ isa_bios_size); + + { + ram_addr_t option_rom_offset; --- qemu-0.9.1.orig/debian/patches/92_no_shutdown.patch +++ qemu-0.9.1/debian/patches/92_no_shutdown.patch @@ -0,0 +1,71 @@ +commit dfe25b09e14cc6bdffe7c899f857affc9130309f +Author: aurel32 +Date: Fri Apr 11 21:35:52 2008 +0000 + + Stop before shutdown + + (Eduardo Felipe) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4192 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-04-14 11:26:15.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-04-14 11:26:15.000000000 +0200 +@@ -216,6 +216,7 @@ + int acpi_enabled = 1; + int fd_bootchk = 1; + int no_reboot = 0; ++int no_shutdown = 0; + int cursor_hide = 1; + int graphic_rotate = 0; + int daemonize = 0; +@@ -7490,7 +7491,12 @@ + + if (shutdown_requested) { + ret = EXCP_INTERRUPT; +- break; ++ if (no_shutdown) { ++ vm_stop(0); ++ no_shutdown = 0; ++ } ++ else ++ break; + } + if (reset_requested) { + reset_requested = 0; +@@ -7649,6 +7655,7 @@ + "-curses use a curses/ncurses interface instead of SDL\n" + #endif + "-no-reboot exit instead of rebooting\n" ++ "-no-shutdown stop before shutdown\n" + "-loadvm file start right away with a saved state (loadvm in monitor)\n" + "-vnc display start a VNC server on display\n" + #ifndef _WIN32 +@@ -7754,6 +7761,7 @@ + QEMU_OPTION_no_acpi, + QEMU_OPTION_curses, + QEMU_OPTION_no_reboot, ++ QEMU_OPTION_no_shutdown, + QEMU_OPTION_show_cursor, + QEMU_OPTION_daemonize, + QEMU_OPTION_option_rom, +@@ -7859,6 +7867,7 @@ + { "vmwarevga", 0, QEMU_OPTION_vmsvga }, + { "no-acpi", 0, QEMU_OPTION_no_acpi }, + { "no-reboot", 0, QEMU_OPTION_no_reboot }, ++ { "no-shutdown", 0, QEMU_OPTION_no_shutdown }, + { "show-cursor", 0, QEMU_OPTION_show_cursor }, + { "daemonize", 0, QEMU_OPTION_daemonize }, + { "option-rom", HAS_ARG, QEMU_OPTION_option_rom }, +@@ -8641,6 +8650,9 @@ + case QEMU_OPTION_no_reboot: + no_reboot = 1; + break; ++ case QEMU_OPTION_no_shutdown: ++ no_shutdown = 1; ++ break; + case QEMU_OPTION_show_cursor: + cursor_hide = 0; + break; --- qemu-0.9.1.orig/debian/patches/81_mips32r2_fpu.patch +++ qemu-0.9.1/debian/patches/81_mips32r2_fpu.patch @@ -0,0 +1,19 @@ +commit e11972fd3238aa5b3847cdc530afe1c7319ffce2 +Author: ths +Date: Wed Jan 9 12:03:22 2008 +0000 + + Fix typo which broke MIPS32R2 64-bit FPU support. + +Index: qemu-0.9.1/target-mips/exec.h +=================================================================== +--- qemu-0.9.1.orig/target-mips/exec.h 2008-01-06 20:38:45.000000000 +0100 ++++ qemu-0.9.1/target-mips/exec.h 2008-04-14 11:26:14.000000000 +0200 +@@ -258,7 +258,7 @@ + if (env->CP0_Status & (1 << CP0St_FR)) + env->hflags |= MIPS_HFLAG_F64; + if (env->insn_flags & ISA_MIPS32R2) { +- if (env->fpu->fcr0 & FCR0_F64) ++ if (env->fpu->fcr0 & (1 << FCR0_F64)) + env->hflags |= MIPS_HFLAG_COP1X; + } else if (env->insn_flags & ISA_MIPS32) { + if (env->hflags & MIPS_HFLAG_64) --- qemu-0.9.1.orig/debian/patches/89_braille.patch +++ qemu-0.9.1/debian/patches/89_braille.patch @@ -0,0 +1,857 @@ +commit 4a0163c1e18b1c752bfaf086bf806f0fc7be5c41 +Author: aurel32 +Date: Tue Apr 8 06:01:02 2008 +0000 + + Braille device support + + (Samuel Thibault) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4173 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/Makefile +=================================================================== +--- qemu-0.9.1.orig/Makefile 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/Makefile 2008-04-14 11:26:14.000000000 +0200 +@@ -60,6 +60,11 @@ + OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o + OBJS+=sd.o ssi-sd.o + ++ifdef CONFIG_BRLAPI ++OBJS+= baum.o ++LIBS+=-lbrlapi ++endif ++ + ifdef CONFIG_WIN32 + OBJS+=tap-win32.o + endif +Index: qemu-0.9.1/Makefile.target +=================================================================== +--- qemu-0.9.1.orig/Makefile.target 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/Makefile.target 2008-04-14 11:26:14.000000000 +0200 +@@ -565,7 +565,7 @@ + endif + + $(QEMU_SYSTEM): $(VL_OBJS) ../libqemu_common.a libqemu.a +- $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(CURSES_LIBS) $(COCOA_LIBS) $(VL_LIBS) ++ $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(CURSES_LIBS) $(COCOA_LIBS) $(VL_LIBS) $(BRLAPI_LIBS) + + depend: $(SRCS) + $(CC) -MM $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) $^ 1>.depend +Index: qemu-0.9.1/configure +=================================================================== +--- qemu-0.9.1.orig/configure 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/configure 2008-04-14 11:26:14.000000000 +0200 +@@ -281,6 +281,8 @@ + ;; + --disable-kqemu) kqemu="no" + ;; ++ --disable-brlapi) brlapi="no" ++ ;; + --enable-profiler) profiler="yes" + ;; + --enable-cocoa) cocoa="yes" ; coreaudio="yes" ; sdl="no" +@@ -413,6 +415,7 @@ + echo " --enable-alsa enable ALSA audio driver" + echo " --enable-fmod enable FMOD audio driver" + echo " --enable-dsound enable DirectSound audio driver" ++echo " --disable-brlapi disable BrlAPI" + echo " --disable-vnc-tls disable TLS encryption for VNC server" + echo " --enable-system enable all system emulation targets" + echo " --disable-system disable all system emulation targets" +@@ -688,6 +691,20 @@ + fi + + ########################################## ++# BrlAPI probe ++ ++if test -z "$brlapi" ; then ++ brlapi=no ++cat > $TMPC << EOF ++#include ++int main( void ) { return brlapi__openConnection (NULL, NULL, NULL); } ++EOF ++ if $cc -o $TMPE ${OS_CFLAGS} $TMPC -lbrlapi 2> /tmp/qemu-$$-brlapi.log ; then ++ brlapi=yes ++ fi # brlapi compile test ++fi # -z $brlapi ++ ++########################################## + # curses probe + + if test "$curses" = "yes" ; then +@@ -780,6 +797,7 @@ + echo "Target Sparc Arch $sparc_cpu" + fi + echo "kqemu support $kqemu" ++echo "brlapi support $brlapi" + echo "Documentation $build_docs" + [ ! -z "$uname_release" ] && \ + echo "uname -r $uname_release" +@@ -1006,6 +1024,11 @@ + echo "CONFIG_CURSES=yes" >> $config_mak + echo "CURSES_LIBS=-lcurses" >> $config_mak + fi ++if test "$brlapi" = "yes" ; then ++ echo "CONFIG_BRLAPI=yes" >> $config_mak ++ echo "#define CONFIG_BRLAPI 1" >> $config_h ++ echo "BRLAPI_LIBS=-lbrlapi" >> $config_mak ++fi + + # XXX: suppress that + if [ "$bsd" = "yes" ] ; then +Index: qemu-0.9.1/hw/baum.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/hw/baum.c 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,643 @@ ++/* ++ * QEMU Baum Braille Device ++ * ++ * Copyright (c) 2008 Samuel Thibault ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++#include "qemu-common.h" ++#include "qemu-char.h" ++#include "qemu-timer.h" ++#include "usb.h" ++#include ++#include ++#include ++#include ++#ifdef CONFIG_SDL ++#include ++#endif ++ ++#if 0 ++#define DPRINTF(fmt, ...) \ ++ printf(fmt, ## __VA_ARGS__) ++#else ++#define DPRINTF(fmt, ...) ++#endif ++ ++#define ESC 0x1B ++ ++#define BAUM_REQ_DisplayData 0x01 ++#define BAUM_REQ_GetVersionNumber 0x05 ++#define BAUM_REQ_GetKeys 0x08 ++#define BAUM_REQ_SetMode 0x12 ++#define BAUM_REQ_SetProtocol 0x15 ++#define BAUM_REQ_GetDeviceIdentity 0x84 ++#define BAUM_REQ_GetSerialNumber 0x8A ++ ++#define BAUM_RSP_CellCount 0x01 ++#define BAUM_RSP_VersionNumber 0x05 ++#define BAUM_RSP_ModeSetting 0x11 ++#define BAUM_RSP_CommunicationChannel 0x16 ++#define BAUM_RSP_PowerdownSignal 0x17 ++#define BAUM_RSP_HorizontalSensors 0x20 ++#define BAUM_RSP_VerticalSensors 0x21 ++#define BAUM_RSP_RoutingKeys 0x22 ++#define BAUM_RSP_Switches 0x23 ++#define BAUM_RSP_TopKeys 0x24 ++#define BAUM_RSP_HorizontalSensor 0x25 ++#define BAUM_RSP_VerticalSensor 0x26 ++#define BAUM_RSP_RoutingKey 0x27 ++#define BAUM_RSP_FrontKeys6 0x28 ++#define BAUM_RSP_BackKeys6 0x29 ++#define BAUM_RSP_CommandKeys 0x2B ++#define BAUM_RSP_FrontKeys10 0x2C ++#define BAUM_RSP_BackKeys10 0x2D ++#define BAUM_RSP_EntryKeys 0x33 ++#define BAUM_RSP_JoyStick 0x34 ++#define BAUM_RSP_ErrorCode 0x40 ++#define BAUM_RSP_InfoBlock 0x42 ++#define BAUM_RSP_DeviceIdentity 0x84 ++#define BAUM_RSP_SerialNumber 0x8A ++#define BAUM_RSP_BluetoothName 0x8C ++ ++#define BAUM_TL1 0x01 ++#define BAUM_TL2 0x02 ++#define BAUM_TL3 0x04 ++#define BAUM_TR1 0x08 ++#define BAUM_TR2 0x10 ++#define BAUM_TR3 0x20 ++ ++#define BUF_SIZE 256 ++ ++typedef struct { ++ CharDriverState *chr; ++ ++ brlapi_handle_t *brlapi; ++ int brlapi_fd; ++ int x, y; ++ ++ uint8_t in_buf[BUF_SIZE]; ++ uint8_t in_buf_used; ++ uint8_t out_buf[BUF_SIZE]; ++ uint8_t out_buf_used, out_buf_ptr; ++ ++ QEMUTimer *cellCount_timer; ++} BaumDriverState; ++ ++/* Let's assume NABCC by default */ ++static const uint8_t nabcc_translation[256] = { ++ [0] = ' ', ++#ifndef BRLAPI_DOTS ++#define BRLAPI_DOTS(d1,d2,d3,d4,d5,d6,d7,d8) \ ++ ((d1?BRLAPI_DOT1:0)|\ ++ (d2?BRLAPI_DOT2:0)|\ ++ (d3?BRLAPI_DOT3:0)|\ ++ (d4?BRLAPI_DOT4:0)|\ ++ (d5?BRLAPI_DOT5:0)|\ ++ (d6?BRLAPI_DOT6:0)|\ ++ (d7?BRLAPI_DOT7:0)|\ ++ (d8?BRLAPI_DOT8:0)) ++#endif ++ [BRLAPI_DOTS(1,0,0,0,0,0,0,0)] = 'a', ++ [BRLAPI_DOTS(1,1,0,0,0,0,0,0)] = 'b', ++ [BRLAPI_DOTS(1,0,0,1,0,0,0,0)] = 'c', ++ [BRLAPI_DOTS(1,0,0,1,1,0,0,0)] = 'd', ++ [BRLAPI_DOTS(1,0,0,0,1,0,0,0)] = 'e', ++ [BRLAPI_DOTS(1,1,0,1,0,0,0,0)] = 'f', ++ [BRLAPI_DOTS(1,1,0,1,1,0,0,0)] = 'g', ++ [BRLAPI_DOTS(1,1,0,0,1,0,0,0)] = 'h', ++ [BRLAPI_DOTS(0,1,0,1,0,0,0,0)] = 'i', ++ [BRLAPI_DOTS(0,1,0,1,1,0,0,0)] = 'j', ++ [BRLAPI_DOTS(1,0,1,0,0,0,0,0)] = 'k', ++ [BRLAPI_DOTS(1,1,1,0,0,0,0,0)] = 'l', ++ [BRLAPI_DOTS(1,0,1,1,0,0,0,0)] = 'm', ++ [BRLAPI_DOTS(1,0,1,1,1,0,0,0)] = 'n', ++ [BRLAPI_DOTS(1,0,1,0,1,0,0,0)] = 'o', ++ [BRLAPI_DOTS(1,1,1,1,0,0,0,0)] = 'p', ++ [BRLAPI_DOTS(1,1,1,1,1,0,0,0)] = 'q', ++ [BRLAPI_DOTS(1,1,1,0,1,0,0,0)] = 'r', ++ [BRLAPI_DOTS(0,1,1,1,0,0,0,0)] = 's', ++ [BRLAPI_DOTS(0,1,1,1,1,0,0,0)] = 't', ++ [BRLAPI_DOTS(1,0,1,0,0,1,0,0)] = 'u', ++ [BRLAPI_DOTS(1,1,1,0,0,1,0,0)] = 'v', ++ [BRLAPI_DOTS(0,1,0,1,1,1,0,0)] = 'w', ++ [BRLAPI_DOTS(1,0,1,1,0,1,0,0)] = 'x', ++ [BRLAPI_DOTS(1,0,1,1,1,1,0,0)] = 'y', ++ [BRLAPI_DOTS(1,0,1,0,1,1,0,0)] = 'z', ++ ++ [BRLAPI_DOTS(1,0,0,0,0,0,1,0)] = 'A', ++ [BRLAPI_DOTS(1,1,0,0,0,0,1,0)] = 'B', ++ [BRLAPI_DOTS(1,0,0,1,0,0,1,0)] = 'C', ++ [BRLAPI_DOTS(1,0,0,1,1,0,1,0)] = 'D', ++ [BRLAPI_DOTS(1,0,0,0,1,0,1,0)] = 'E', ++ [BRLAPI_DOTS(1,1,0,1,0,0,1,0)] = 'F', ++ [BRLAPI_DOTS(1,1,0,1,1,0,1,0)] = 'G', ++ [BRLAPI_DOTS(1,1,0,0,1,0,1,0)] = 'H', ++ [BRLAPI_DOTS(0,1,0,1,0,0,1,0)] = 'I', ++ [BRLAPI_DOTS(0,1,0,1,1,0,1,0)] = 'J', ++ [BRLAPI_DOTS(1,0,1,0,0,0,1,0)] = 'K', ++ [BRLAPI_DOTS(1,1,1,0,0,0,1,0)] = 'L', ++ [BRLAPI_DOTS(1,0,1,1,0,0,1,0)] = 'M', ++ [BRLAPI_DOTS(1,0,1,1,1,0,1,0)] = 'N', ++ [BRLAPI_DOTS(1,0,1,0,1,0,1,0)] = 'O', ++ [BRLAPI_DOTS(1,1,1,1,0,0,1,0)] = 'P', ++ [BRLAPI_DOTS(1,1,1,1,1,0,1,0)] = 'Q', ++ [BRLAPI_DOTS(1,1,1,0,1,0,1,0)] = 'R', ++ [BRLAPI_DOTS(0,1,1,1,0,0,1,0)] = 'S', ++ [BRLAPI_DOTS(0,1,1,1,1,0,1,0)] = 'T', ++ [BRLAPI_DOTS(1,0,1,0,0,1,1,0)] = 'U', ++ [BRLAPI_DOTS(1,1,1,0,0,1,1,0)] = 'V', ++ [BRLAPI_DOTS(0,1,0,1,1,1,1,0)] = 'W', ++ [BRLAPI_DOTS(1,0,1,1,0,1,1,0)] = 'X', ++ [BRLAPI_DOTS(1,0,1,1,1,1,1,0)] = 'Y', ++ [BRLAPI_DOTS(1,0,1,0,1,1,1,0)] = 'Z', ++ ++ [BRLAPI_DOTS(0,0,1,0,1,1,0,0)] = '0', ++ [BRLAPI_DOTS(0,1,0,0,0,0,0,0)] = '1', ++ [BRLAPI_DOTS(0,1,1,0,0,0,0,0)] = '2', ++ [BRLAPI_DOTS(0,1,0,0,1,0,0,0)] = '3', ++ [BRLAPI_DOTS(0,1,0,0,1,1,0,0)] = '4', ++ [BRLAPI_DOTS(0,1,0,0,0,1,0,0)] = '5', ++ [BRLAPI_DOTS(0,1,1,0,1,0,0,0)] = '6', ++ [BRLAPI_DOTS(0,1,1,0,1,1,0,0)] = '7', ++ [BRLAPI_DOTS(0,1,1,0,0,1,0,0)] = '8', ++ [BRLAPI_DOTS(0,0,1,0,1,0,0,0)] = '9', ++ ++ [BRLAPI_DOTS(0,0,0,1,0,1,0,0)] = '.', ++ [BRLAPI_DOTS(0,0,1,1,0,1,0,0)] = '+', ++ [BRLAPI_DOTS(0,0,1,0,0,1,0,0)] = '-', ++ [BRLAPI_DOTS(1,0,0,0,0,1,0,0)] = '*', ++ [BRLAPI_DOTS(0,0,1,1,0,0,0,0)] = '/', ++ [BRLAPI_DOTS(1,1,1,0,1,1,0,0)] = '(', ++ [BRLAPI_DOTS(0,1,1,1,1,1,0,0)] = ')', ++ ++ [BRLAPI_DOTS(1,1,1,1,0,1,0,0)] = '&', ++ [BRLAPI_DOTS(0,0,1,1,1,1,0,0)] = '#', ++ ++ [BRLAPI_DOTS(0,0,0,0,0,1,0,0)] = ',', ++ [BRLAPI_DOTS(0,0,0,0,1,1,0,0)] = ';', ++ [BRLAPI_DOTS(1,0,0,0,1,1,0,0)] = ':', ++ [BRLAPI_DOTS(0,1,1,1,0,1,0,0)] = '!', ++ [BRLAPI_DOTS(1,0,0,1,1,1,0,0)] = '?', ++ [BRLAPI_DOTS(0,0,0,0,1,0,0,0)] = '"', ++ [BRLAPI_DOTS(0,0,1,0,0,0,0,0)] ='\'', ++ [BRLAPI_DOTS(0,0,0,1,0,0,0,0)] = '`', ++ [BRLAPI_DOTS(0,0,0,1,1,0,1,0)] = '^', ++ [BRLAPI_DOTS(0,0,0,1,1,0,0,0)] = '~', ++ [BRLAPI_DOTS(0,1,0,1,0,1,1,0)] = '[', ++ [BRLAPI_DOTS(1,1,0,1,1,1,1,0)] = ']', ++ [BRLAPI_DOTS(0,1,0,1,0,1,0,0)] = '{', ++ [BRLAPI_DOTS(1,1,0,1,1,1,0,0)] = '}', ++ [BRLAPI_DOTS(1,1,1,1,1,1,0,0)] = '=', ++ [BRLAPI_DOTS(1,1,0,0,0,1,0,0)] = '<', ++ [BRLAPI_DOTS(0,0,1,1,1,0,0,0)] = '>', ++ [BRLAPI_DOTS(1,1,0,1,0,1,0,0)] = '$', ++ [BRLAPI_DOTS(1,0,0,1,0,1,0,0)] = '%', ++ [BRLAPI_DOTS(0,0,0,1,0,0,1,0)] = '@', ++ [BRLAPI_DOTS(1,1,0,0,1,1,0,0)] = '|', ++ [BRLAPI_DOTS(1,1,0,0,1,1,1,0)] ='\\', ++ [BRLAPI_DOTS(0,0,0,1,1,1,0,0)] = '_', ++}; ++ ++/* The serial port can receive more of our data */ ++static void baum_accept_input(struct CharDriverState *chr) ++{ ++ BaumDriverState *baum = chr->opaque; ++ int room, first; ++ ++ if (!baum->out_buf_used) ++ return; ++ room = qemu_chr_can_read(chr); ++ if (!room) ++ return; ++ if (room > baum->out_buf_used) ++ room = baum->out_buf_used; ++ ++ first = BUF_SIZE - baum->out_buf_ptr; ++ if (room > first) { ++ qemu_chr_read(chr, baum->out_buf + baum->out_buf_ptr, first); ++ baum->out_buf_ptr = 0; ++ baum->out_buf_used -= first; ++ room -= first; ++ } ++ qemu_chr_read(chr, baum->out_buf + baum->out_buf_ptr, room); ++ baum->out_buf_ptr += room; ++ baum->out_buf_used -= room; ++} ++ ++/* We want to send a packet */ ++static void baum_write_packet(BaumDriverState *baum, const uint8_t *buf, int len) ++{ ++ uint8_t io_buf[1 + 2 * len], *cur = io_buf; ++ int room; ++ *cur++ = ESC; ++ while (len--) ++ if ((*cur++ = *buf++) == ESC) ++ *cur++ = ESC; ++ room = qemu_chr_can_read(baum->chr); ++ len = cur - io_buf; ++ if (len <= room) { ++ /* Fits */ ++ qemu_chr_read(baum->chr, io_buf, len); ++ } else { ++ int first; ++ uint8_t out; ++ /* Can't fit all, send what can be, and store the rest. */ ++ qemu_chr_read(baum->chr, io_buf, room); ++ len -= room; ++ cur = io_buf + room; ++ if (len > BUF_SIZE - baum->out_buf_used) { ++ /* Can't even store it, drop the previous data... */ ++ assert(len <= BUF_SIZE); ++ baum->out_buf_used = 0; ++ baum->out_buf_ptr = 0; ++ } ++ out = baum->out_buf_ptr; ++ baum->out_buf_used += len; ++ first = BUF_SIZE - baum->out_buf_ptr; ++ if (len > first) { ++ memcpy(baum->out_buf + out, cur, first); ++ out = 0; ++ len -= first; ++ cur += first; ++ } ++ memcpy(baum->out_buf + out, cur, len); ++ } ++} ++ ++/* Called when the other end seems to have a wrong idea of our display size */ ++static void baum_cellCount_timer_cb(void *opaque) ++{ ++ BaumDriverState *baum = opaque; ++ uint8_t cell_count[] = { BAUM_RSP_CellCount, baum->x * baum->y }; ++ DPRINTF("Timeout waiting for DisplayData, sending cell count\n"); ++ baum_write_packet(baum, cell_count, sizeof(cell_count)); ++} ++ ++/* Try to interpret a whole incoming packet */ ++static int baum_eat_packet(BaumDriverState *baum, const uint8_t *buf, int len) ++{ ++ const uint8_t *cur = buf; ++ uint8_t req = 0; ++ ++ if (!len--) ++ return 0; ++ if (*cur++ != ESC) { ++ while (*cur != ESC) { ++ if (!len--) ++ return 0; ++ cur++; ++ } ++ DPRINTF("Dropped %d bytes!\n", cur - buf); ++ } ++ ++#define EAT(c) do {\ ++ if (!len--) \ ++ return 0; \ ++ if ((c = *cur++) == ESC) { \ ++ if (!len--) \ ++ return 0; \ ++ if (*cur++ != ESC) { \ ++ DPRINTF("Broken packet %#2x, tossing\n", req); \ ++ if (qemu_timer_pending(baum->cellCount_timer)) { \ ++ qemu_del_timer(baum->cellCount_timer); \ ++ baum_cellCount_timer_cb(baum); \ ++ } \ ++ return (cur - 2 - buf); \ ++ } \ ++ } \ ++} while (0) ++ ++ EAT(req); ++ switch (req) { ++ case BAUM_REQ_DisplayData: ++ { ++ uint8_t cells[baum->x * baum->y], c; ++ uint8_t text[baum->x * baum->y]; ++ uint8_t zero[baum->x * baum->y]; ++ int cursor = BRLAPI_CURSOR_OFF; ++ int i; ++ ++ /* Allow 100ms to complete the DisplayData packet */ ++ qemu_mod_timer(baum->cellCount_timer, qemu_get_clock(vm_clock) + ticks_per_sec / 10); ++ for (i = 0; i < baum->x * baum->y ; i++) { ++ EAT(c); ++ cells[i] = c; ++ if ((c & (BRLAPI_DOT7|BRLAPI_DOT8)) ++ == (BRLAPI_DOT7|BRLAPI_DOT8)) { ++ cursor = i + 1; ++ c &= ~(BRLAPI_DOT7|BRLAPI_DOT8); ++ } ++ if (!(c = nabcc_translation[c])) ++ c = '?'; ++ text[i] = c; ++ } ++ qemu_del_timer(baum->cellCount_timer); ++ ++ memset(zero, 0, sizeof(zero)); ++ ++ brlapi_writeArguments_t wa = { ++ .displayNumber = BRLAPI_DISPLAY_DEFAULT, ++ .regionBegin = 1, ++ .regionSize = baum->x * baum->y, ++ .text = text, ++ .textSize = baum->x * baum->y, ++ .andMask = zero, ++ .orMask = cells, ++ .cursor = cursor, ++ .charset = "ISO-8859-1", ++ }; ++ ++ if (brlapi__write(baum->brlapi, &wa) == -1) ++ brlapi_perror("baum brlapi_write"); ++ break; ++ } ++ case BAUM_REQ_SetMode: ++ { ++ uint8_t mode, setting; ++ DPRINTF("SetMode\n"); ++ EAT(mode); ++ EAT(setting); ++ /* ignore */ ++ break; ++ } ++ case BAUM_REQ_SetProtocol: ++ { ++ uint8_t protocol; ++ DPRINTF("SetProtocol\n"); ++ EAT(protocol); ++ /* ignore */ ++ break; ++ } ++ case BAUM_REQ_GetDeviceIdentity: ++ { ++ uint8_t identity[17] = { BAUM_RSP_DeviceIdentity, ++ 'B','a','u','m',' ','V','a','r','i','o' }; ++ DPRINTF("GetDeviceIdentity\n"); ++ identity[11] = '0' + baum->x / 10; ++ identity[12] = '0' + baum->x % 10; ++ baum_write_packet(baum, identity, sizeof(identity)); ++ break; ++ } ++ case BAUM_REQ_GetVersionNumber: ++ { ++ uint8_t version[] = { BAUM_RSP_VersionNumber, 1 }; /* ? */ ++ DPRINTF("GetVersionNumber\n"); ++ baum_write_packet(baum, version, sizeof(version)); ++ break; ++ } ++ case BAUM_REQ_GetSerialNumber: ++ { ++ uint8_t serial[] = { BAUM_RSP_SerialNumber, ++ '0','0','0','0','0','0','0','0' }; ++ DPRINTF("GetSerialNumber\n"); ++ baum_write_packet(baum, serial, sizeof(serial)); ++ break; ++ } ++ case BAUM_REQ_GetKeys: ++ { ++ DPRINTF("Get%0#2x\n", req); ++ /* ignore */ ++ break; ++ } ++ default: ++ DPRINTF("unrecognized request %0#2x\n", req); ++ do ++ if (!len--) ++ return 0; ++ while (*cur++ != ESC); ++ cur--; ++ break; ++ } ++ return cur - buf; ++} ++ ++/* The other end is writing some data. Store it and try to interpret */ ++static int baum_write(CharDriverState *chr, const uint8_t *buf, int len) ++{ ++ BaumDriverState *baum = chr->opaque; ++ int tocopy, cur, eaten, orig_len = len; ++ ++ if (!len) ++ return 0; ++ if (!baum->brlapi) ++ return len; ++ ++ while (len) { ++ /* Complete our buffer as much as possible */ ++ tocopy = len; ++ if (tocopy > BUF_SIZE - baum->in_buf_used) ++ tocopy = BUF_SIZE - baum->in_buf_used; ++ ++ memcpy(baum->in_buf + baum->in_buf_used, buf, tocopy); ++ baum->in_buf_used += tocopy; ++ buf += tocopy; ++ len -= tocopy; ++ ++ /* Interpret it as much as possible */ ++ cur = 0; ++ while (cur < baum->in_buf_used && ++ (eaten = baum_eat_packet(baum, baum->in_buf + cur, baum->in_buf_used - cur))) ++ cur += eaten; ++ ++ /* Shift the remainder */ ++ if (cur) { ++ memmove(baum->in_buf, baum->in_buf + cur, baum->in_buf_used - cur); ++ baum->in_buf_used -= cur; ++ } ++ ++ /* And continue if any data left */ ++ } ++ return orig_len; ++} ++ ++/* The other end sent us some event */ ++static void baum_send_event(CharDriverState *chr, int event) ++{ ++ BaumDriverState *baum = chr->opaque; ++ switch (event) { ++ case CHR_EVENT_BREAK: ++ break; ++ case CHR_EVENT_RESET: ++ /* Reset state */ ++ baum->in_buf_used = 0; ++ break; ++ } ++} ++ ++/* Send the key code to the other end */ ++static void baum_send_key(BaumDriverState *baum, uint8_t type, uint8_t value) { ++ uint8_t packet[] = { type, value }; ++ DPRINTF("writing key %x %x\n", type, value); ++ baum_write_packet(baum, packet, sizeof(packet)); ++} ++ ++/* We got some data on the BrlAPI socket */ ++static void baum_chr_read(void *opaque) ++{ ++ BaumDriverState *baum = opaque; ++ brlapi_keyCode_t code; ++ int ret; ++ if (!baum->brlapi) ++ return; ++ while ((ret = brlapi__readKey(baum->brlapi, 0, &code)) == 1) { ++ DPRINTF("got key %"BRLAPI_PRIxKEYCODE"\n", code); ++ /* Emulate */ ++ switch (code & BRLAPI_KEY_TYPE_MASK) { ++ case BRLAPI_KEY_TYPE_CMD: ++ switch (code & BRLAPI_KEY_CMD_BLK_MASK) { ++ case BRLAPI_KEY_CMD_ROUTE: ++ baum_send_key(baum, BAUM_RSP_RoutingKey, (code & BRLAPI_KEY_CMD_ARG_MASK)+1); ++ baum_send_key(baum, BAUM_RSP_RoutingKey, 0); ++ break; ++ case 0: ++ switch (code & BRLAPI_KEY_CMD_ARG_MASK) { ++ case BRLAPI_KEY_CMD_FWINLT: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_FWINRT: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR2); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_LNUP: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR1); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_LNDN: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TR3); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_TOP: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL1|BAUM_TR1); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_BOT: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL3|BAUM_TR3); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_TOP_LEFT: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR1); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_BOT_LEFT: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR3); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_HOME: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL2|BAUM_TR1|BAUM_TR3); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ case BRLAPI_KEY_CMD_PREFMENU: ++ baum_send_key(baum, BAUM_RSP_TopKeys, BAUM_TL1|BAUM_TL3|BAUM_TR1); ++ baum_send_key(baum, BAUM_RSP_TopKeys, 0); ++ break; ++ } ++ } ++ break; ++ case BRLAPI_KEY_TYPE_SYM: ++ break; ++ } ++ } ++ if (ret == -1 && (brlapi_errno != BRLAPI_ERROR_LIBCERR || errno != EINTR)) { ++ brlapi_perror("baum: brlapi_readKey"); ++ brlapi__closeConnection(baum->brlapi); ++ free(baum->brlapi); ++ baum->brlapi = NULL; ++ } ++} ++ ++CharDriverState *chr_baum_init(void) ++{ ++ BaumDriverState *baum; ++ CharDriverState *chr; ++ brlapi_handle_t *handle; ++#ifdef CONFIG_SDL ++ SDL_SysWMinfo info; ++#endif ++ int tty; ++ ++ baum = qemu_mallocz(sizeof(BaumDriverState)); ++ if (!baum) ++ return NULL; ++ ++ baum->chr = chr = qemu_mallocz(sizeof(CharDriverState)); ++ if (!chr) ++ goto fail_baum; ++ ++ chr->opaque = baum; ++ chr->chr_write = baum_write; ++ chr->chr_send_event = baum_send_event; ++ chr->chr_accept_input = baum_accept_input; ++ ++ handle = qemu_mallocz(brlapi_getHandleSize()); ++ if (!handle) ++ goto fail_chr; ++ baum->brlapi = handle; ++ ++ baum->brlapi_fd = brlapi__openConnection(handle, NULL, NULL); ++ if (baum->brlapi_fd == -1) { ++ brlapi_perror("baum_init: brlapi_openConnection"); ++ goto fail_handle; ++ } ++ ++ baum->cellCount_timer = qemu_new_timer(vm_clock, baum_cellCount_timer_cb, baum); ++ ++ if (brlapi__getDisplaySize(handle, &baum->x, &baum->y) == -1) { ++ brlapi_perror("baum_init: brlapi_getDisplaySize"); ++ goto fail; ++ } ++ ++#ifdef CONFIG_SDL ++ memset(&info, 0, sizeof(info)); ++ SDL_VERSION(&info.version); ++ if (SDL_GetWMInfo(&info)) ++ tty = info.info.x11.wmwindow; ++ else ++#endif ++ tty = BRLAPI_TTY_DEFAULT; ++ ++ if (brlapi__enterTtyMode(handle, tty, NULL) == -1) { ++ brlapi_perror("baum_init: brlapi_enterTtyMode"); ++ goto fail; ++ } ++ ++ qemu_set_fd_handler(baum->brlapi_fd, baum_chr_read, NULL, baum); ++ ++ qemu_chr_reset(chr); ++ ++ return chr; ++ ++fail: ++ qemu_free_timer(baum->cellCount_timer); ++ brlapi__closeConnection(handle); ++fail_handle: ++ free(handle); ++fail_chr: ++ free(chr); ++fail_baum: ++ free(baum); ++ return NULL; ++} ++ ++USBDevice *usb_baum_init(void) ++{ ++ /* USB Product ID of Super Vario 40 */ ++ return usb_serial_init("productid=FE72:braille"); ++} +Index: qemu-0.9.1/hw/baum.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ qemu-0.9.1/hw/baum.h 2008-04-14 11:26:14.000000000 +0200 +@@ -0,0 +1,29 @@ ++/* ++ * QEMU Baum ++ * ++ * Copyright (c) 2008 Samuel Thibault ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/* usb device */ ++USBDevice *usb_baum_init(void); ++ ++/* char device */ ++CharDriverState *chr_baum_init(void); +Index: qemu-0.9.1/qemu-doc.texi +=================================================================== +--- qemu-0.9.1.orig/qemu-doc.texi 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/qemu-doc.texi 2008-04-14 11:26:14.000000000 +0200 +@@ -528,6 +528,10 @@ + Serial converter to host character device @var{dev}, see @code{-serial} for the + available devices. + ++@item braille ++Braille device. This will use BrlAPI to display the braille output on a real ++or fake device. ++ + @end table + + @end table +@@ -841,6 +845,10 @@ + @item -serial mon:telnet::4444,server,nowait + @end table + ++@item braille ++Braille device. This will use BrlAPI to display the braille output on a real ++or fake device. ++ + @end table + + @item -parallel @var{dev} +@@ -1596,6 +1604,9 @@ + @end example + will connect to tcp port 4444 of ip 192.168.0.2, and plug that to the virtual + serial converter, faking a Matrix Orbital LCD Display (USB ID 0403:FA00). ++@item braille ++Braille device. This will use BrlAPI to display the braille output on a real ++or fake device. + @end table + + @node host_usb_devices +Index: qemu-0.9.1/vl.c +=================================================================== +--- qemu-0.9.1.orig/vl.c 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/vl.c 2008-04-14 11:27:17.000000000 +0200 +@@ -29,6 +29,7 @@ + #include "hw/fdc.h" + #include "hw/audiodev.h" + #include "hw/isa.h" ++#include "hw/baum.h" + #include "net.h" + #include "console.h" + #include "sysemu.h" +@@ -3434,7 +3435,12 @@ + } else + if (strstart(filename, "file:", &p)) { + return qemu_chr_open_win_file_out(p); +- } ++ } else ++#endif ++#ifdef CONFIG_BRLAPI ++ if (!strcmp(filename, "braille")) { ++ return chr_baum_init(); ++ } else + #endif + { + return NULL; +@@ -5217,6 +5223,10 @@ + dev = usb_wacom_init(); + } else if (strstart(devname, "serial:", &p)) { + dev = usb_serial_init(p); ++#ifdef CONFIG_BRLAPI ++ } else if (!strcmp(devname, "braille")) { ++ dev = usb_baum_init(); ++#endif + } else { + return -1; + } --- qemu-0.9.1.orig/debian/patches/93_tmpfs.patch +++ qemu-0.9.1/debian/patches/93_tmpfs.patch @@ -0,0 +1,24 @@ +commit b25b2e302ddaeb3a674892cf9b3f50a92fb8c26c +Author: aurel32 +Date: Sun Apr 20 21:10:41 2008 +0000 + + Use "mount -o remount" instead of "umount" and "mount /dev/shm", + which results in emptying this virtual file system. + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4228 c046a42c-6fe2-441c-8c8c-71466251a162 + +diff --git a/osdep.c b/osdep.c +index 64bc16e..ae7e3fb 100644 +--- a/osdep.c ++++ b/osdep.c +@@ -107,8 +107,7 @@ static void *kqemu_vmalloc(size_t size) + tmpdir, ram_mb); + if (strcmp(tmpdir, "/dev/shm") == 0) { + fprintf(stderr, "To have more space available provided you have enough RAM and swap, do as root:\n" +- "umount /dev/shm\n" +- "mount -t tmpfs -o size=%dm none /dev/shm\n", ++ "mount -o remount,size=%dm /dev/shm\n", + ram_mb + 16); + } else { + fprintf(stderr, --- qemu-0.9.1.orig/debian/patches/71_doc.patch +++ qemu-0.9.1/debian/patches/71_doc.patch @@ -0,0 +1,21 @@ +commit 3bed1834e876c7f922694e0dbfe8f5d2da480b6d +Author: Aurelien Jarno +Date: Sun Mar 16 22:15:30 2008 +0100 + + Documentation update for the monitor change command + + Signed-off-by: Aurelien Jarno + +Index: qemu-0.9.1/qemu-doc.texi +=================================================================== +--- qemu-0.9.1.orig/qemu-doc.texi 2008-04-14 11:26:14.000000000 +0200 ++++ qemu-0.9.1/qemu-doc.texi 2008-04-14 11:27:19.000000000 +0200 +@@ -1046,7 +1046,7 @@ + Change the medium for a removable disk device to point to @var{filename}. eg + + @example +-(qemu) change cdrom /path/to/some.iso ++(qemu) change ide1-cd0 /path/to/some.iso + @end example + + @item change vnc @var{display},@var{options} --- qemu-0.9.1.orig/debian/patches/53_openbios_size.patch +++ qemu-0.9.1/debian/patches/53_openbios_size.patch @@ -0,0 +1,26 @@ +Index: qemu-0.9.1/hw/sun4m.c +=================================================================== +--- qemu-0.9.1.orig/hw/sun4m.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/sun4m.c 2008-04-14 11:26:14.000000000 +0200 +@@ -71,7 +71,7 @@ + #define KERNEL_LOAD_ADDR 0x00004000 + #define CMDLINE_ADDR 0x007ff000 + #define INITRD_LOAD_ADDR 0x00800000 +-#define PROM_SIZE_MAX (512 * 1024) ++#define PROM_SIZE_MAX (1024 * 1024) + #define PROM_VADDR 0xffd00000 + #define PROM_FILENAME "openbios-sparc32" + +Index: qemu-0.9.1/hw/sun4u.c +=================================================================== +--- qemu-0.9.1.orig/hw/sun4u.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/sun4u.c 2008-04-14 11:26:14.000000000 +0200 +@@ -35,7 +35,7 @@ + #define KERNEL_LOAD_ADDR 0x00404000 + #define CMDLINE_ADDR 0x003ff000 + #define INITRD_LOAD_ADDR 0x00300000 +-#define PROM_SIZE_MAX (512 * 1024) ++#define PROM_SIZE_MAX (1024 * 1024) + #define PROM_ADDR 0x1fff0000000ULL + #define PROM_VADDR 0x000ffd00000ULL + #define APB_SPECIAL_BASE 0x1fe00000000ULL --- qemu-0.9.1.orig/debian/patches/98_security.patch +++ qemu-0.9.1/debian/patches/98_security.patch @@ -0,0 +1,77 @@ +commit 334c0241c006533d1f4ed7e07239ec00b46c6efd +Author: aurel32 +Date: Thu Aug 21 22:24:32 2008 +0000 + + Add image format option for USB mass-storage devices + + (fix CVE-2008-1945) + + Signed-off-by: Aurelien Jarno + + git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162 + +diff --git a/hw/usb-msd.c b/hw/usb-msd.c +index 01d492d..f7ad25e 100644 +--- a/hw/usb-msd.c ++++ b/hw/usb-msd.c +@@ -517,13 +517,42 @@ USBDevice *usb_msd_init(const char *filename) + { + MSDState *s; + BlockDriverState *bdrv; ++ BlockDriver *drv = NULL; ++ const char *p1; ++ char fmt[32]; ++ ++ p1 = strchr(filename, ':'); ++ if (p1++) { ++ const char *p2; ++ ++ if (strstart(filename, "format=", &p2)) { ++ int len = MIN(p1 - p2, sizeof(fmt)); ++ pstrcpy(fmt, len, p2); ++ ++ drv = bdrv_find_format(fmt); ++ if (!drv) { ++ printf("invalid format %s\n", fmt); ++ return NULL; ++ } ++ } else if (*filename != ':') { ++ printf("unrecognized USB mass-storage option %s\n", filename); ++ return NULL; ++ } ++ ++ filename = p1; ++ } ++ ++ if (!*filename) { ++ printf("block device specification needed\n"); ++ return NULL; ++ } + + s = qemu_mallocz(sizeof(MSDState)); + if (!s) + return NULL; + + bdrv = bdrv_new("usb"); +- if (bdrv_open(bdrv, filename, 0) < 0) ++ if (bdrv_open2(bdrv, filename, 0, drv) < 0) + goto fail; + if (qemu_key_check(bdrv, filename)) + goto fail; +diff --git a/qemu-doc.texi b/qemu-doc.texi +index 636d819..9519d9a 100644 +--- a/qemu-doc.texi ++++ b/qemu-doc.texi +@@ -550,8 +550,10 @@ Pointer device that uses absolute coordinates (like a touchscreen). This + means qemu is able to report the mouse position without having to grab the + mouse. Also overrides the PS/2 mouse emulation when activated. + +-@item disk:file +-Mass storage device based on file ++@item disk:[format=@var{format}]:file ++Mass storage device based on file. The optional @var{format} argument ++will be used rather than detecting the format. Can be used to specifiy ++format=raw to avoid interpreting an untrusted format header. + + @item host:bus.addr + Pass through the host device identified by bus.addr (Linux only). --- qemu-0.9.1.orig/debian/patches/87_eoi.patch +++ qemu-0.9.1/debian/patches/87_eoi.patch @@ -0,0 +1,25 @@ +commit 9127f94b9af96153838091a5409c51843061c8a3 +Author: aurel32 +Date: Fri Mar 28 22:31:36 2008 +0000 + + ignore reads to the EOI register + + (Glauber Costa) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4124 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/hw/apic.c +=================================================================== +--- qemu-0.9.1.orig/hw/apic.c 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/hw/apic.c 2008-04-14 11:26:14.000000000 +0200 +@@ -604,6 +604,9 @@ + /* ppr */ + val = apic_get_ppr(s); + break; ++ case 0x0b: ++ val = 0; ++ break; + case 0x0d: + val = s->log_dest << 24; + break; --- qemu-0.9.1.orig/debian/patches/94_security.patch +++ qemu-0.9.1/debian/patches/94_security.patch @@ -0,0 +1,77 @@ +commit 2e095576078414ffd9a918b5dbcdaeb870d20b1f +Author: Aurelien Jarno +Date: Mon Apr 28 21:53:44 2008 +0200 + + add format= to drive options (CVE-2008-2004) + + It is possible for a guest with a raw formatted disk image to write a + header to that disk image describing another format (such as qcow2). + Stopping and subsequent restart of the guest will cause qemu to detect + that format, and could allow the guest to read any host file if qemu is + sufficiently privileged (typical in virt environments). + + The patch defaults to existing behaviour (probing based on file contents), + so it still requires the mgmt app (e.g. libvirt xml) to pass a new + "format=raw" parameter for raw disk images. + + Originally noted by Avi Kivity, patch from Chris Wright. + +diff --git a/qemu-doc.texi b/qemu-doc.texi +index 45c89ce..1f409f4 100644 +--- a/qemu-doc.texi ++++ b/qemu-doc.texi +@@ -261,6 +261,10 @@ These options have the same definition as they have in @option{-hdachs}. + @var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}). + @item cache=@var{cache} + @var{cache} is "on" or "off" and allows to disable host cache to access data. ++@item format=@var{format} ++Specify which disk @var{format} will be used rather than detecting ++the format. Can be used to specifiy format=raw to avoid interpreting ++an untrusted format header. + @end table + + Instead of @option{-cdrom} you can use: +diff --git a/vl.c b/vl.c +index c30a87f..728e07e 100644 +--- a/vl.c ++++ b/vl.c +@@ -4912,13 +4912,14 @@ + int bus_id, unit_id; + int cyls, heads, secs, translation; + BlockDriverState *bdrv; ++ BlockDriver *drv = NULL; + int max_devs; + int index; + int cache; + int bdrv_flags; + char *params[] = { "bus", "unit", "if", "index", "cyls", "heads", + "secs", "trans", "media", "snapshot", "file", +- "cache", NULL }; ++ "cache", "format", NULL }; + + if (check_params(buf, sizeof(buf), params, str) < 0) { + fprintf(stderr, "qemu: unknowm parameter '%s' in '%s'\n", +@@ -5086,6 +5087,14 @@ + } + } + ++ if (get_param_value(buf, sizeof(buf), "format", str)) { ++ drv = bdrv_find_format(buf); ++ if (!drv) { ++ fprintf(stderr, "qemu: '%s' invalid format\n", buf); ++ return -1; ++ } ++ } ++ + get_param_value(file, sizeof(file), "file", str); + + /* compute bus and unit according index */ +@@ -5185,7 +5194,7 @@ + bdrv_flags |= BDRV_O_SNAPSHOT; + if (!cache) + bdrv_flags |= BDRV_O_DIRECT; +- if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) { ++ if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) { + fprintf(stderr, "qemu: could not open disk image %s\n", + file); + return -1; --- qemu-0.9.1.orig/debian/patches/41_arm_fpa_sigfpe.patch +++ qemu-0.9.1/debian/patches/41_arm_fpa_sigfpe.patch @@ -0,0 +1,100 @@ +Index: linux-user/main.c +=================================================================== +--- linux-user/main.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/main.c 2008-04-14 11:27:36.000000000 +0200 +@@ -377,19 +377,68 @@ + { + TaskState *ts = env->opaque; + uint32_t opcode; ++ int rc; + + /* we handle the FPU emulation here, as Linux */ + /* we get the opcode */ + /* FIXME - what to do if get_user() fails? */ + get_user_u32(opcode, env->regs[15]); + +- if (EmulateAll(opcode, &ts->fpa, env) == 0) { ++ rc = EmulateAll(opcode, &ts->fpa, env); ++ if (rc == 0) { /* illegal instruction */ + info.si_signo = SIGILL; + info.si_errno = 0; + info.si_code = TARGET_ILL_ILLOPN; + info._sifields._sigfault._addr = env->regs[15]; + queue_signal(info.si_signo, &info); +- } else { ++ } else if (rc < 0) { /* FP exception */ ++ int arm_fpe=0; ++ ++ /* translate softfloat flags to FPSR flags */ ++ if (-rc & float_flag_invalid) ++ arm_fpe |= BIT_IOC; ++ if (-rc & float_flag_divbyzero) ++ arm_fpe |= BIT_DZC; ++ if (-rc & float_flag_overflow) ++ arm_fpe |= BIT_OFC; ++ if (-rc & float_flag_underflow) ++ arm_fpe |= BIT_UFC; ++ if (-rc & float_flag_inexact) ++ arm_fpe |= BIT_IXC; ++ ++ FPSR fpsr = ts->fpa.fpsr; ++ //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe); ++ ++ if (fpsr & (arm_fpe << 16)) { /* exception enabled? */ ++ info.si_signo = SIGFPE; ++ info.si_errno = 0; ++ ++ /* ordered by priority, least first */ ++ if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES; ++ if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND; ++ if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF; ++ if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV; ++ if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV; ++ ++ info._sifields._sigfault._addr = env->regs[15]; ++ queue_signal(info.si_signo, &info); ++ } else { ++ env->regs[15] += 4; ++ } ++ ++ /* accumulate unenabled exceptions */ ++ if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC)) ++ fpsr |= BIT_IXC; ++ if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC)) ++ fpsr |= BIT_UFC; ++ if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC)) ++ fpsr |= BIT_OFC; ++ if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC)) ++ fpsr |= BIT_DZC; ++ if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC)) ++ fpsr |= BIT_IOC; ++ ts->fpa.fpsr=fpsr; ++ } else { /* everything OK */ + /* increment PC */ + env->regs[15] += 4; + } +Index: target-arm/nwfpe/fpa11.c +=================================================================== +--- target-arm/nwfpe/fpa11.c.orig 2008-01-06 20:38:44.000000000 +0100 ++++ target-arm/nwfpe/fpa11.c 2008-04-14 11:26:14.000000000 +0200 +@@ -162,6 +162,8 @@ + fpa11->initflag = 1; + } + ++ set_float_exception_flags(0, &fpa11->fp_status); ++ + if (TEST_OPCODE(opcode,MASK_CPRT)) + { + //fprintf(stderr,"emulating CPRT\n"); +@@ -191,6 +193,11 @@ + } + + // restore_flags(flags); ++ if(nRc == 1 && get_float_exception_flags(&fpa11->fp_status)) ++ { ++ //printf("fef 0x%x\n",float_exception_flags); ++ nRc=-get_float_exception_flags(&fpa11->fp_status); ++ } + + //printf("returning %d\n",nRc); + return(nRc); --- qemu-0.9.1.orig/debian/patches/10_signal_jobs.patch +++ qemu-0.9.1/debian/patches/10_signal_jobs.patch @@ -0,0 +1,21 @@ +Index: linux-user/signal.c +=================================================================== +--- linux-user/signal.c.orig 2008-01-06 20:38:42.000000000 +0100 ++++ linux-user/signal.c 2008-04-14 11:27:38.000000000 +0200 +@@ -364,10 +364,15 @@ + k = &sigact_table[sig - 1]; + handler = k->sa._sa_handler; + if (handler == TARGET_SIG_DFL) { ++ if (sig == TARGET_SIGTSTP || sig == TARGET_SIGTTIN || sig == TARGET_SIGTTOU) { ++ kill(getpid(),SIGSTOP); ++ return 0; ++ } else + /* default handler : ignore some signal. The other are fatal */ + if (sig != TARGET_SIGCHLD && + sig != TARGET_SIGURG && +- sig != TARGET_SIGWINCH) { ++ sig != TARGET_SIGWINCH && ++ sig != TARGET_SIGCONT) { + force_sig(sig); + } else { + return 0; /* indicate ignored */ --- qemu-0.9.1.orig/debian/patches/39_syscall_fadvise64.patch +++ qemu-0.9.1/debian/patches/39_syscall_fadvise64.patch @@ -0,0 +1,29 @@ +Index: linux-user/arm/syscall_nr.h +=================================================================== +--- linux-user/arm/syscall_nr.h.orig 2008-01-06 20:38:43.000000000 +0100 ++++ linux-user/arm/syscall_nr.h 2008-04-14 11:27:21.000000000 +0200 +@@ -273,6 +273,7 @@ + #define TARGET_NR_fstatfs64 267 + #define TARGET_NR_tgkill 268 + #define TARGET_NR_utimes 269 ++#define TARGET_NR_fadvise64_64 270 + #define TARGET_NR_arm_fadvise64_64 270 + #define TARGET_NR_pciconfig_iobase 271 + #define TARGET_NR_pciconfig_read 272 +Index: linux-user/syscall.c +=================================================================== +--- linux-user/syscall.c.orig 2008-04-14 11:26:14.000000000 +0200 ++++ linux-user/syscall.c 2008-04-14 11:27:36.000000000 +0200 +@@ -5437,6 +5437,12 @@ + ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3)); + break; + #endif ++#ifdef TARGET_NR_fadvise64_64 ++ case TARGET_NR_fadvise64_64: ++ /* Just return success */ ++ ret = get_errno(0); ++ break; ++#endif + #ifdef TARGET_NR_madvise + case TARGET_NR_madvise: + /* A straight passthrough may not be safe because qemu sometimes --- qemu-0.9.1.orig/debian/patches/85_vvfat.patch +++ qemu-0.9.1/debian/patches/85_vvfat.patch @@ -0,0 +1,36 @@ +commit 08120e44a2bd9a8b53a2e4610b5d5637c3060d1a +Author: aurel32 +Date: Tue Mar 18 06:52:48 2008 +0000 + + restore rw support for vvfat + + (Carlo Marcelo Arenas) + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@4080 c046a42c-6fe2-441c-8c8c-71466251a162 + +Index: qemu-0.9.1/block-qcow.c +=================================================================== +--- qemu-0.9.1.orig/block-qcow.c 2008-01-06 20:38:41.000000000 +0100 ++++ qemu-0.9.1/block-qcow.c 2008-04-14 11:26:14.000000000 +0200 +@@ -752,11 +752,15 @@ + header_size = sizeof(header); + backing_filename_len = 0; + if (backing_file) { +- header.backing_file_offset = cpu_to_be64(header_size); +- backing_filename_len = strlen(backing_file); +- header.backing_file_size = cpu_to_be32(backing_filename_len); +- header_size += backing_filename_len; +- header.mtime = cpu_to_be32(0); ++ if (strcmp(backing_file, "fat:")) { ++ header.backing_file_offset = cpu_to_be64(header_size); ++ backing_filename_len = strlen(backing_file); ++ header.backing_file_size = cpu_to_be32(backing_filename_len); ++ header_size += backing_filename_len; ++ } else { ++ /* special backing file for vvfat */ ++ backing_file = NULL; ++ } + header.cluster_bits = 9; /* 512 byte cluster to avoid copying + unmodifyed sectors */ + header.l2_bits = 12; /* 32 KB L2 tables */ --- qemu-0.9.1.orig/debian/patches/64_ppc_asm_constraints.patch +++ qemu-0.9.1/debian/patches/64_ppc_asm_constraints.patch @@ -0,0 +1,13 @@ +Index: qemu-0.9.1/cpu-all.h +=================================================================== +--- qemu-0.9.1.orig/cpu-all.h 2008-01-06 20:38:42.000000000 +0100 ++++ qemu-0.9.1/cpu-all.h 2008-04-14 11:26:14.000000000 +0200 +@@ -280,7 +280,7 @@ + static inline void stl_le_p(void *ptr, int v) + { + #ifdef __powerpc__ +- __asm__ __volatile__ ("stwbrx %1,0,%2" : "=m" (*(uint32_t *)ptr) : "r" (v), "r" (ptr)); ++ __asm__ __volatile__ ("stwbrx %0,0,%1" : : "r" (v), "r" (ptr) : "memory"); + #else + uint8_t *p = ptr; + p[0] = v;