Add an authorization backend that talks to PAM to check whether the user
identity is allowed. This only uses the PAM account validation facility,
which is essentially just a check to see if the provided username is permitted
access. It doesn't use the authentication or session parts of PAM, since
that's dealt with by the relevant part of QEMU (eg VNC server).

Consider starting QEMU with a VNC server and telling it to use TLS with
x509 client certificates and configuring it to use an PAM to validate
the x509 distinguished name. In this example we're telling it to use PAM
for the QAuthZ impl with a service name of "qemu-vnc"

 $ qemu-system-x86_64 \
     -object tls-creds-x509,id=tls0,dir=/home/berrange/security/qemutls,\
             endpoint=server,verify-peer=yes \
     -object authz-pam,id=authz0,service=qemu-vnc \
     -vnc :1,tls-creds=tls0,tls-authz=authz0

This requires an /etc/pam/qemu-vnc file to be created with the auth
rules. A very simple file based whitelist can be setup using

  $ cat > /etc/pam/qemu-vnc <<EOF
  account         requisite       pam_listfile.so item=user sense=allow file=/etc/qemu/vnc.allow
  EOF

The /etc/qemu/vnc.allow file simply contains one username per line. Any
username not in the file is denied. The usernames in this example are
the x509 distinguished name from the client's x509 cert.

  $ cat > /etc/qemu/vnc.allow <<EOF
  CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB
  EOF

More interesting would be to configure PAM to use an LDAP backend, so
that the QEMU authorization check data can be centralized instead of
requiring each compute host to have file maintained.

The main limitation with this PAM module is that the rules apply to all
QEMU instances on the host. Setting up different rules per VM, would
require creating a separate PAM service name & config file for every
guest. An alternative approach for the future might be to not pass in
the plain username to PAM, but instead combine the VM name or UUID with
the username. This requires further consideration though.
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

GIO is required for the "-display spice-app" backend.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: NVictor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-9-marcandre.lureau@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Introduce MTTCG-enabled QEMU builds for mips32, mipsn32, and mips64.
Signed-off-by: NMiodrag Dinic <miodrag.dinic@imgtec.com>
Signed-off-by: NAleksandar Markovic <amarkovic@wavecomp.com>
Acked-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>

The current check to test if usbfs support should be compiled or not
solely relies on the presence of <linux/usbdevice_fs.h>, without
actually checking that all definition used by Qemu are provided by
this header file.

With sufficiently old kernel headers, <linux/usbdevice_fs.h> may be
present, but some of the definitions needed by Qemu may not be
available.

This commit improves the check by building a small program that
actually tests whether the necessary definitions are available.

In addition, it fixes a bug where have_usbfs was set to "yes"
regardless of the result of the test.
Signed-off-by: NThomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Message-Id: <20190213211827.20300-1-thomas.petazzoni@bootlin.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

We have now managed to eradicate all the places in the codebase
that triggered clang's -Waddress-of-packed-member warning. Remove
the compiler flag that exempted it from our usual -Werror policy.
This will prevent any new problematic code being added in future.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190208132112.31493-1-peter.maydell@linaro.org>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

The NetBSD support in Intel HAXM has beem merged upstream and is functional.
Signed-off-by: NKamil Rytarowski <n54@gmx.com>
Message-Id: <20190207233704.29978-1-n54@gmx.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

Signed-off-by: NCleber Rosa <crosa@redhat.com>
Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190207193605.25676-3-crosa@redhat.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

This looks like a leftover that was never implemented.
Signed-off-by: NCleber Rosa <crosa@redhat.com>
Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190207193605.25676-2-crosa@redhat.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

POSIX says that it is better to use &&/|| and two separate test
invocations than it is to try and use -a and -o (in fact, there
are some tests that are inherently ambiguous to parse if the
user passes in corner-case input like "(").

Since we cannot guarantee which shell runs configure, we cannot
rely on -o/-a always following bash's parser rules.
Signed-off-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190205023937.18245-1-eblake@redhat.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

The machine description we send is being (silently) thrown on the floor
by GDB and GDB silently uses the default machine description, because
the xml parse fails on <feature> nested within <feature>.
Changes to the xml in qemu source code have no effect.

In addition, the default machine description has fs_base, which fails to
be retrieved, which breaks the whole register window.  Add it and the
other control registers.
Signed-off-by: NDoug Gale <doug16k@gmail.com>
Message-Id: <20190124040457.2546-1-doug16k@gmail.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

After this patch contrib/elf2dmp can be built for Windows x86 and x86_64
hosts by mingw.
Signed-off-by: NViktor Prutyanov <viktor.prutyanov@phystech.edu>
Message-Id: <20181220012441.13694-7-viktor.prutyanov@phystech.edu>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

On Linux (and maybe some BSDs), we require libutil for the openpty()
function. However, this library is not available on some other systems, so
we currently use a fragile if-statement in the configure script to check
whether we need the library or not. Unfortunately, we also hard-coded a
"-lutil" in the tests/Makefile.include file, so this breaks the build on
Solaris, for example (see buglink below). To fix the issue, add the "-lutil"
to "libs_tools" in the configure script instead, then this gets properly
propagated to the tests, too.
And while we're at it, also replace the fragile if-statement in the confi-
gure script with a proper link-check for the availability of this function.

Buglink: https://bugs.launchpad.net/qemu/+bug/1777252Signed-off-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

When Xen is detected via pkg-config, it isn't necessary to modify
LDFLAGS as modifying libs_softmmu is enough.
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>

Its last uses was removed by: 6d7c06c2
"Remove broken Xen PV domain builder".
Signed-off-by: NAnthony PERARD <anthony.perard@citrix.com>
Reviewed-by: NPaul Durrant <paul.durrant@citrix.com>

SDL1.2 was deprecated in the 2.12.0 release with:

  commit e52c6ba3
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Mon Jan 15 14:25:33 2018 +0000

    ui: deprecate use of SDL 1.2 in favour of 2.0 series

    The SDL 2.0 release was made in Aug, 2013:

      https://www.libsdl.org/release/

    That will soon be 4 + 1/2 years ago, which is enough time to consider
    the 2.0 series widely supported.

    Thus we deprecate the SDL 1.2 support, which will allow us to delete it
    in the last release of 2018. By this time, SDL 2.0 will be more than 5
    years old.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
    Message-id: 20180115142533.24585-1-berrange@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

It is thus able to be removed in the 3.1.0 release.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180822131554.3398-4-berrange@redhat.com>

[ kraxel: rebase ]
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Commit 5f9b1e35 remove the dependency between OpenGL and X11.
However the milkymist-tmu2 device do require X11.
When using SDL, the configure script sets need_x11=yes, so the X11
flags are populated to the makefiles.
When building without SDL, X11 is not pulled and populated, leading
to a link failure:

    LINK    lm32-softmmu/qemu-system-lm32
  hw/lm32/milkymist.o: In function `milkymist_tmu2_create':
  hw/lm32/milkymist-hw.h:114: undefined reference to `XOpenDisplay'
  hw/lm32/milkymist-hw.h:140: undefined reference to `XFree'
  hw/lm32/milkymist-hw.h:141: undefined reference to `XCloseDisplay'
  hw/lm32/milkymist-hw.h:130: undefined reference to `XCloseDisplay'
  ../hw/display/milkymist-tmu2.o: In function `tmu2_glx_init':
  hw/display/milkymist-tmu2.c:112: undefined reference to `XOpenDisplay'
  hw/display/milkymist-tmu2.c:123: undefined reference to `XFree'
  collect2: error: ld returned 1 exit status
  gmake[1]: *** [Makefile:199: qemu-system-lm32] Error 1

Enforce the X11 dependency when the LM32 target is built.
This will allow us to build QEMU without SDL.
Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190130120005.23123-3-philmd@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

On FreeBSD 11.2:

  $ nbdkit memory size=1M --run './qemu-io -f raw -c "aio_write 0 512" $nbd'
  Parsing error: non-numeric argument, or extraneous/unrecognized suffix -- aio_write

After main option parsing, we reinitialize optind so we can parse each
command.  However reinitializing optind to 0 does not work on FreeBSD.
What happens when you do this is optind remains 0 after the option
parsing loop, and the result is we try to parse argv[optind] ==
argv[0] == "aio_write" as if it was the first parameter.

The FreeBSD manual page says:

  In order to use getopt() to evaluate multiple sets of arguments, or to
  evaluate a single set of arguments multiple times, the variable optreset
  must be set to 1 before the second and each additional set of calls to
  getopt(), and the variable optind must be reinitialized.

(From the rest of the man page it is clear that optind must be
reinitialized to 1).

The glibc man page says:

  A program that scans multiple argument vectors,  or  rescans  the  same
  vector  more than once, and wants to make use of GNU extensions such as
  '+' and '-' at  the  start  of  optstring,  or  changes  the  value  of
  POSIXLY_CORRECT  between scans, must reinitialize getopt() by resetting
  optind to 0, rather than the traditional value of 1.  (Resetting  to  0
  forces  the  invocation  of  an  internal  initialization  routine that
  rechecks POSIXLY_CORRECT and checks for GNU extensions in optstring.)

This commit introduces an OS-portability function called
qemu_reset_optind which provides a way of resetting optind that works
on FreeBSD and platforms that use optreset, while keeping it the same
as now on other platforms.

Note that the qemu codebase sets optind in many other places, but in
those other places it's setting a local variable and not using getopt.
This change is only needed in places where we are using getopt and the
associated global variable optind.
Signed-off-by: NRichard W.M. Jones <rjones@redhat.com>
Message-id: 20190118101114.11759-2-rjones@redhat.com
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMax Reitz <mreitz@redhat.com>

Add the drivers listed in audio_possible_drivers to audio_drv_list,
using the try-* variants.  That way the probable drivers are compiled by
default if possible.

Additioal tweaks:
  linux: reorder to: pa alsa sdl oss.
  *bsd: drop pa.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Message-id: 20190124112055.547-7-kraxel@redhat.com

Fixes the openbsd build failure with SDL disabled.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Message-id: 20190124112055.547-4-kraxel@redhat.com

For those audio drivers which can be probed (sdl, alsa, pulse) add a
try-$name variants.  Unlike the variants without try- prefix they will
not error out on probe failure, the driver will be dropped from the list
instead.  Mainly useful for the audio_drv_list default values.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Message-id: 20190124112055.547-3-kraxel@redhat.com

Use pkg-config to probe for alsa and pulseaudio.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190124112055.547-2-kraxel@redhat.com

Different versions of GCC and Clang use different versions of the C standard.
This repeatedly caused problems already, e.g. with duplicated typedefs:

 https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg05829.html

or with for-loop variable initializers:

 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg00237.html

To avoid these problems, we should enforce the C language version to the
same level for all compilers. Since our minimum compiler versions is
GCC v4.8, our best option is "gnu99" for C code right now ("gnu17" is not
available there yet, and "gnu11" is marked as "experimental"), and "gnu++98"
for the few C++ code that we have in the repository.
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: NGreg Kurz <groug@kaod.org>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NThomas Huth <thuth@redhat.com>

Modern desktop environments can render icons at very large sizes,
especially with high DPI screens. Providing a 32x32 pixel bitmap is
nowhere near sufficient anymore.

When displayed in GNOME shell the QEMU icon looks awful, having been
scaled up to at least x4 its base size. This is compounded by the fact
that the BMP file doesn't do transparency, so while we've removed white
pixels, we still have anti-aliased nearly-white pixels which make the
logo look appalling on black backgrounds.

Loading a high resolution PNG icon addresses both problems, but requires
use of the extra SDL2_image library.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20190110120047.25369-4-berrange@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The icon associated with a GtkWindow is just a hint to window managers
and not all of them will honour it. Some will instead want to show the
icon listed by the .desktop file. The desktop file is located based on
the application ID, which is set using g_set_prgname. QEMU has not
historically provided a desktop file or set its app ID, so it got a
broken icon in GNOME shell, which is now fixed.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20190110120047.25369-3-berrange@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

QEMU currently installs logos to $prefix/share/qemu/ which means no GUI
toolkit or applications can find them by default.

The accepted standards for desktop applications declare that application
logos / icons should be installed under $prefix/share/icons, so use this
directory location.

Pre-rendered icons are provided at the standard sizes expected for GUI
applications, along with the scalable SVG, to ensure maximum portability.

The PNGs are rendered from the SVG using inkscape, however, this is not
wired up into the default make rules to avoid requiring inkscape as a
mandatory tool in build systems / developer workstations.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20190110120047.25369-2-berrange@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

We want to build our s390-ccw bios with -march=z900 so that it also
works with the oldest s390x CPU that we support with TCG. However,
Clang on s390x does not support -march=z900 anymore, so we can not
use this compiler to build the s390-ccw bios. Thus add a proper test
to the configure script to see whether the compiler is usable.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1547470346-18416-1-git-send-email-thuth@redhat.com>
Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Some functionality is dependent on the Python version
detected/configured on configure.  While it's possible to run the
Python version later and check for the version, doing it once is
preferable.  Also, it's a relevant information to keep in build logs,
as the overall behavior of the build can be affected by it.
Signed-off-by: NCleber Rosa <crosa@redhat.com>
Message-Id: <20181109150710.31085-2-crosa@redhat.com>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

This reverts commit ce2eefd7. The
underlying cause was fixed with eb4f8e10.
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>

It is broken since Xen 4.9 [1] and it will not build in Xen 4.12. Also,
it is not built by default since QEMU 2.6.

[1] https://lists.xenproject.org/archives/html/xen-devel/2018-09/msg00313.htmlSigned-off-by: NAnthony PERARD <anthony.perard@citrix.com>
Acked-by: NStefano Stabellini <sstabellini@kernel.org>

This test is failing on the Travis CI [*] since some time now,
disable it until it get fixed.

[*] https://travis-ci.org/qemu/qemu/builds/474821674Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190103150951.17592-3-philmd@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

All other variables are set using 'y', which is what the rules.mak
functions expect to parse.
Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190103150951.17592-2-philmd@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

This removes some clutter in compilation logging, and allows some
easier tweaking per compilation unit/CFLAGS overriding.

Note that we can't move those define in os-win32.h, since they must be
set before the first system headers are included.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181122110039.15972-3-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Looking at chardev/spice.c code, I realize compilation was broken for
a while with spice-server < 0.12.3. Let's bump required version
to 0.12.5, released May 19 2014, instead of adding more #ifdef.

(this patch combines changes from an early version and some of
Frediano "[PATCH 2/2] spice: Bump required spice-server version to
0.12.6")

According to repology, all the distros that are build target platforms
for QEMU include it:

      RHEL-7: 0.14.0
      Debian (Stretch): 0.12.8
      Debian (Jessie): 0.12.5
      FreeBSD (ports): 0.14.0
      OpenSUSE Leap 15: 0.14.0
      Ubuntu (Xenial): 0.12.6

Note that a previous version of this patch was bumping version to
0.12.6. Unfortunately, Debian Jessie (oldstable) is stuck with spice
server 0.12.5, and QEMU should keep building until after 2y of current
stable (Stretch), which will be around June 17th 2019. Qemu 4.1
should thus be free of bumping to spice-server 0.12.6 during 4.1
development cycle.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20181128155932.16171-1-marcandre.lureau@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

SLOF receives a device tree and updates it with various properties
before switching to the guest kernel and QEMU is not aware of any changes
made by SLOF. Since there is no real RTAS (QEMU implements it), it makes
sense to pass the SLOF final device tree to QEMU to let it implement
RTAS related tasks better, such as PCI host bus adapter hotplug.

Specifially, now QEMU can find out the actual XICS phandle (for PHB
hotplug) and the RTAS linux,rtas-entry/base properties (for firmware
assisted NMI - FWNMI).

This stores the initial DT blob in the sPAPR machine and replaces it
in the KVMPPC_H_UPDATE_DT (new private hypercall) handler.

This adds an @update_dt_enabled machine property to allow backward
migration.

SLOF already has a hypercall since
https://github.com/aik/SLOF/commit/e6fc84652c9c0073f9183

This makes use of the new fdt_check_full() helper. In order to allow
the configure script to pick the correct DTC version, this adjusts
the DTC presense test.
Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: NGreg Kurz <groug@kaod.org>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
Signed-off-by: NGreg Kurz <groug@kaod.org>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

macOS provides pthread_setname_np that doesn't have thread id argument.
Signed-off-by: NRoman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NAlistair Francis <alistair.francis@wdc.com>
Signed-off-by: NMichael Clark <mjc@sifive.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-Id: <52160afacecc5b109dc43a412fa3e74ddd6277fb.1545246859.git.alistair.francis@wdc.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

This commit includes the support to lzfse opensource library. With this
library dmg block driver can decompress images with this type of
compression inside.
Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Now that we require at least GCC 4.8, we don't need this als workaround
for 4.6 and 4.7 anymore.
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Signed-off-by: NThomas Huth <thuth@redhat.com>

Since we have got a check for Clang >= 3.4 now, we do not need to
check for older Clang versions in the configure test for 128-bit ints
anymore.
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Signed-off-by: NThomas Huth <thuth@redhat.com>

So far we only had implicit requirements for the minimum compiler version,
e.g. we require at least GCC 4.1 for the support of atomics. However,
such old compiler versions are not tested anymore by the developers, so
they are not really supported anymore. Since we recently declared explicitly
what platforms we intend to support, we can also get more explicit on the
compiler version now. The supported distributions use the following version
of GCC:

      RHEL-7: 4.8.5
      Debian (Stretch): 6.3.0
      Debian (Jessie): 4.8.4
      OpenBSD (ports): 4.9.4
      FreeBSD (ports): 8.2.0
      OpenSUSE Leap 15: 7.3.1
      Ubuntu (Xenial): 5.3.1
      macOS (Homebrew): 8.2.0

So we can safely assume GCC 4.8 these days. For Clang, the situation is
a little bit more ambiguous, since it is sometimes not available in the
main distros but rather third party repositories. At least Debian Jessie
uses version 3.5, and EPEL7 for RHEL7 uses 3.4, so let's use 3.4 as
minimum Clang version now - we still can adjust this later if necessary.

Unfortunately Apple uses different version numbers for the Clang that is
included in their Xcode suite, so we need to check the version numbers
for Xcode separately. Xcode 5.1 seems to be the first one that has been
shipped with LLVM 3.4, so use this version as the minimum there.
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Signed-off-by: NThomas Huth <thuth@redhat.com>