diff options
author | Ismael Luceno | 2021-09-10 14:29:45 +0200 |
---|---|---|
committer | Ismael Luceno | 2021-09-10 14:29:45 +0200 |
commit | e861cfea763b182ba974537e7ed0cbcee8f67ded (patch) | |
tree | 95b5981bc25ce1f037e1d09ed536975a65b4f09e /utils | |
parent | c0549aa0c6c61f28bb655e01c7b98792c25b8770 (diff) |
qemu 6.1.0
Diffstat (limited to 'utils')
-rwxr-xr-x | utils/qemu/BUILD | 9 | ||||
-rwxr-xr-x | utils/qemu/CONFIGURE | 2 | ||||
-rwxr-xr-x | utils/qemu/DEPENDS | 93 | ||||
-rwxr-xr-x | utils/qemu/DETAILS | 4 | ||||
-rw-r--r-- | utils/qemu/HISTORY | 20 | ||||
-rw-r--r-- | utils/qemu/archs | 5 | ||||
-rw-r--r-- | utils/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch | 24 | ||||
-rw-r--r-- | utils/qemu/patches/CVE-2021-20255.patch | 44 | ||||
-rw-r--r-- | utils/qemu/patches/mmap-mremap-efault.patch | 39 | ||||
-rw-r--r-- | utils/qemu/patches/musl-9p-limits_h.patch | 4 | ||||
-rw-r--r-- | utils/qemu/patches/musl-F_SHLCK-and-F_EXLCK.patch | 19 | ||||
-rw-r--r-- | utils/qemu/patches/musl-fix-SIOCGSTAMPNS.patch | 4 | ||||
-rw-r--r-- | utils/qemu/patches/musl-fix-sigevent-and-sigval_t.patch | 26 | ||||
-rw-r--r-- | utils/qemu/patches/musl-initialize-msghdr.patch | 15 |
14 files changed, 216 insertions, 92 deletions
diff --git a/utils/qemu/BUILD b/utils/qemu/BUILD index 6ecca90c62..2ddbfeb364 100755 --- a/utils/qemu/BUILD +++ b/utils/qemu/BUILD @@ -1,3 +1,6 @@ +# remove -ffast-math; hardfloat requires an exact IEEE implementation +CFLAGS="${CFLAGS//-ffast-math}" && + message "${MESSAGE_COLOR}Target list: $QEMU_ARCHS${DEFAULT_COLOR}" && cd "${SOURCE_DIRECTORY}" && @@ -6,6 +9,12 @@ if [[ "x${QEMU_VNC_TLS}" == "xnone" ]]; then OPTS="${OPTS} --disable-gcrypt --disable-nettle" fi && +case "$HOST" in + (*-musl) + OPTS+=' --disable-fuse' + ;; +esac && + ./configure --prefix="$INSTALL_ROOT/usr" \ --sysconfdir="$INSTALL_ROOT/etc" \ --localstatedir="$INSTALL_ROOT/var" \ diff --git a/utils/qemu/CONFIGURE b/utils/qemu/CONFIGURE index ca0ff39d91..3f68472e79 100755 --- a/utils/qemu/CONFIGURE +++ b/utils/qemu/CONFIGURE @@ -50,7 +50,7 @@ config_query_option QEMU_OPTS "Enable VNC support?" y \ '--enable-vnc' \ '--disable-vnc --disable-vnc-sasl --disable-vnc-jpeg --disable-vnc-png' && -config_query_multi QEMU_VNC_TLS "Enable TLS encryption in VNC?" 'none' 'nettle' 'gcrypt' && +persistent_remove QEMU_VNC_TLS && config_query_option QEMU_OPTS \ 'Build documentation? (requires: perl, python, texinfo)' y \ diff --git a/utils/qemu/DEPENDS b/utils/qemu/DEPENDS index 59b6e8c66f..c886c2cf4d 100755 --- a/utils/qemu/DEPENDS +++ b/utils/qemu/DEPENDS @@ -1,4 +1,20 @@ -depends python3 "--python=python3" && +. "$GRIMOIRE"/VDEPENDS && +vdepends <<! && + meson + ninja-build-system + python3 flags: --python=python3 +! + +case "$HOST" in + (*-musl) + vdepends <<< 'musl >= 1.2.2' + ;; + (*) + optional_depends fuse3 \ + --{enable,disable}-fuse \ + 'for FUSE block device export' + ;; +esac && if list_find "alsa" $QEMU_AUDIO; then depends alsa-lib @@ -37,6 +53,11 @@ optional_depends sdl2 \ '--enable-sdl' \ '--disable-sdl' \ 'for SDL 2.x UI (recommended)' && +if is_depends_enabled "$SPELL" sdl2; then + optional_depends sdl2_image \ + --{enable,disable}-sdl-image \ + 'for SDL Image support for icons' +fi && optional_depends ncurses \ "--enable-curses" \ @@ -84,32 +105,46 @@ optional_depends libcacard \ 'for SmartCard support' && optional_depends lzo \ - '--enable-lzo' \ - '--disable-lzo' \ - 'for lzo compression support' && + --{enable,disable}-lzo \ + 'for LZO compression support' && optional_depends snappy \ - '--enable-lzo' \ - '--disable-lzo' \ - 'for snappy compression support' && + --{enable,disable}-snappy \ + 'for Snappy compression support' && optional_depends bzip2 \ - '--enable-bzip2' \ - '--disable-bzip2' \ - 'for reading bzip2-compressed dmg images' && + --{enable,disable}-bzip2 \ + 'for reading bzip2-compressed DMG images' && + +optional_depends lzfse \ + --{enable,disable}-lzfse \ + 'for reading lzfse-compressed DMG images' && + +optional_depends zstd \ + --{enable,disable}-zstd \ + 'for migration and qcow2 cluster compression' && + +optional_depends libxml2 \ + '--enable-libxml2 --enable-parallels' \ + '--disable-libxml2' \ + 'for Parallels image format support' && case "$QEMU_OPTS" in *--enable-vnc*) - suggest_depends gnutls \ - "--enable-gnutls" \ - "--disable-gnutls" \ - "to enable TLS encryption for VNC server" && - - case "$QEMU_VNC_TLS" in - nettle) - depends nettle '--enable-nettle --disable-gcrypt' ;; - gcrypt) - depends libgcrypt '--enable-gcrypt --disable-nettle' ;; - esac + # In QEMU's order of preference + optional_depends gnutls \ + --{enable,disable}-gnutls \ + 'to enable TLS encryption for VNC server using GnuTLS' && + if ! is_depends_enabled "$SPELL" gnutls; then + optional_depends libgcrypt \ + --{enable,disable}-gcrypt \ + 'to enable TLS encryption for VNC server using libgcrypt' && + if ! is_depends_enabled "$SPELL" libgcrypt; then + optional_depends nettle \ + --{enable,disable}-nettle \ + 'to enable TLS encryption for VNC server using Nettle' + fi + fi && + suggest_depends LIBSASL \ "--enable-vnc-sasl" \ "--disable-vnc-sasl" \ @@ -127,6 +162,22 @@ case "$QEMU_OPTS" in *--enable-vnc*) ;; esac && +optional_depends capstone \ + --{enable,disable}-capstone \ + 'for capstone disassembler support' && + +optional_depends jemalloc \ + --{enable,disable}-jemalloc \ + 'for jemalloc support' && + +optional_depends libssh2 \ + --{enable,disable}-libssh \ + 'for SSH block device support' && + +optional_depends DEVICE-MANAGER \ + --{enable,disable}-libudev \ + 'to enumerate host devices with libudev' && + suggest_depends bridge-utils \ '' \ '' \ diff --git a/utils/qemu/DETAILS b/utils/qemu/DETAILS index b0f621686a..4b151ecb4e 100755 --- a/utils/qemu/DETAILS +++ b/utils/qemu/DETAILS @@ -1,5 +1,5 @@ SPELL=qemu - VERSION=5.1.0 + VERSION=6.1.0 SOURCE=$SPELL-$VERSION.tar.bz2 SOURCE2=$SOURCE.sig SOURCE_DIRECTORY="$BUILD_DIRECTORY/$SPELL-${VERSION%-*}" @@ -13,7 +13,7 @@ SOURCE_DIRECTORY="$BUILD_DIRECTORY/$SPELL-${VERSION%-*}" WEB_SITE=http://qemu.org/ KEYWORDS="emulator utils" ENTERED=20051102 - SECURITY_PATCH=1 + SECURITY_PATCH=2 TMPFS=OFF SHORT="generic and open source processor emulator" cat << EOF diff --git a/utils/qemu/HISTORY b/utils/qemu/HISTORY index 14246dd522..a497835ca0 100644 --- a/utils/qemu/HISTORY +++ b/utils/qemu/HISTORY @@ -1,3 +1,23 @@ +2021-09-10 Ismael Luceno <ismael@sourcemage.org> + * DETAILS: updated spell to 6.1.0 + * DEPENDS: on musl hosts request musl 1.2.2+ (sigevent API) + added meson and ninja-build-system + added optional deps on: DEVICE-MANAGER, capstone, fuse3, jemalloc, + libssh2, libxml2, lzfse, sdl2_image, and zstd + fixed flags for snappy + * CONFIGURE, DEPENDS: reworked TLS library dependencies + * BUILD: added removal of -ffast-math from CFLAGS + added --disable-fuse for musl + * archs: added avr; removed lm32, moxie, tilegx and unicore32 + * patches/musl-F_SHLCK-and-F_EXLCK.patch, + patches/musl-fix-duplicated-sysinfo.patch, + patches/musl-fix-sigevent-and-sigval_t.patch: removed, no longer needed + * patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch, + patches/mmap-mremap-efault.patch: updated for 6.1.0 + * patches/musl-initialize-msghdr.patch: added to fix sendmsg syscall emulation + * patches/CVE-2021-20255.patch: added security fix + * DETAILS: SECURITY_PATCH++ + 2021-09-09 Ismael Luceno <ismael@sourcemage.org> * patches/musl-fix-duplicated-sysinfo.patch: fixed for glibc * CONFIGURE: added sanitization of QEMU_ARCHS diff --git a/utils/qemu/archs b/utils/qemu/archs index 5db6b88788..c6c70fab10 100644 --- a/utils/qemu/archs +++ b/utils/qemu/archs @@ -6,13 +6,13 @@ alpha-softmmu alpha on arm-linux-user arm-user on arm-softmmu arm on armeb-linux-user armeb-user on +avr-softmmu avr on cris-linux-user cris-user on cris-softmmu cris on hppa-linux-user hppa-user on hppa-softmmu hppa on i386-linux-user i386-user on i386-softmmu i386 on -lm32-softmmu lm32 on m68k-linux-user m68k-user on m68k-softmmu m68k on microblaze-linux-user microblaze-user on @@ -29,7 +29,6 @@ mipsel-linux-user mipsel-user on mipsel-softmmu mipsel on mipsn32-linux-user mipsn32-user on mipsn32el-linux-user mipsn32el-user on -moxie-softmmu moxie on nios2-linux-user nios2-user on nios2-softmmu nios2 on or1k-linux-user or1k-user on @@ -55,9 +54,7 @@ sparc-softmmu sparc on sparc32plus-linux-user sparc32plus-user on sparc64-linux-user sparc64-user on sparc64-softmmu sparc64 on -tilegx-linux-user tilegx-user on tricore-softmmu tricore on -unicore32-softmmu unicore32 on x86_64-linux-user x86_64-user on x86_64-softmmu x86_64 on xtensa-linux-user xtensa-user on diff --git a/utils/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch b/utils/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch index e434b238be..4c792b0f02 100644 --- a/utils/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch +++ b/utils/qemu/patches/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch @@ -1,5 +1,22 @@ -Updated version of 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch for qemu-3.0.0 -from alpine, original author Natanael Copa. +From 8fbb4e6797ed67310b74cbaaa061269db45a5b71 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Tue, 29 Apr 2014 15:51:31 +0200 +Subject: [PATCH] linux-user/signal.c: define __SIGRTMIN/MAX for non-GNU + platforms + +The __SIGRTMIN and __SIGRTMAX are glibc internals and are not available +on all platforms, so we define those if they are missing. + +This is needed for musl libc. + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +Origin: Alpine Linux +--- + linux-user/signal.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/linux-user/signal.c b/linux-user/signal.c +index 5ca6d62b15..e917c16d91 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -25,6 +25,13 @@ @@ -16,3 +33,6 @@ from alpine, original author Natanael Copa. static struct target_sigaction sigact_table[TARGET_NSIG]; static void host_signal_handler(int host_signum, siginfo_t *info, +-- +2.23.0 + diff --git a/utils/qemu/patches/CVE-2021-20255.patch b/utils/qemu/patches/CVE-2021-20255.patch new file mode 100644 index 0000000000..9b9984d69a --- /dev/null +++ b/utils/qemu/patches/CVE-2021-20255.patch @@ -0,0 +1,44 @@ +CVE-2021-20255 patch adapted from QEMU patch by Stefan Weil + +Link: https://bugzilla.redhat.com/show_bug.cgi?id=1930646 + +Signed-off-by: Neha Agarwal <nehaagarwal@microsoft.com> +Origin: Alpine Linux +--- +diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c +index 16e95ef9cc..2474cf3dc2 100644 +--- a/hw/net/eepro100.c ++++ b/hw/net/eepro100.c +@@ -279,6 +279,9 @@ typedef struct { + /* Quasi static device properties (no need to save them). */ + uint16_t stats_size; + bool has_extended_tcb_support; ++ ++ /* Flag to avoid recursions. */ ++ bool busy; + } EEPRO100State; + + /* Word indices in EEPROM. */ +@@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s) + Therefore we limit the number of iterations. */ + unsigned max_loop_count = 16; + ++ if (s->busy) { ++ /* Prevent recursions. */ ++ logout("recursion in %s:%u\n", __FILE__, __LINE__); ++ return; ++ } ++ ++ s->busy = true; ++ + for (;;) { + bool bit_el; + bool bit_s; +@@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s) + } + TRACE(OTHER, logout("CU list empty\n")); + /* List is empty. Now CU is idle or suspended. */ ++ s->busy = false; + } + + static void eepro100_cu_command(EEPRO100State * s, uint8_t val) diff --git a/utils/qemu/patches/mmap-mremap-efault.patch b/utils/qemu/patches/mmap-mremap-efault.patch index b033d23ffd..0127543e75 100644 --- a/utils/qemu/patches/mmap-mremap-efault.patch +++ b/utils/qemu/patches/mmap-mremap-efault.patch @@ -1,24 +1,33 @@ -Source: @pullmoll -Upstream: no -Reason: errno=EFAULT when the address passed to mremap(2) is not valid +From da39a3ee5e6b4b0d3255bfef95601890afd80709 Mon Sep 17 00:00:00 2001 +From: Jürgen Buchmüller <pullmoll@t-online.de> +Subject: [PATCH] linux-user: Return errno=EFAULT on invalid address to mremap -See Rich Felker's comment at https://www.openwall.com/lists/musl/2017/06/21/2 for -why we need to return errno as described in man mremap(2) from qemu-user-static. Also speed up the loop when checking for increasing the mappings size to go -in steps of TARGET_PAGE_SIZE and OR-in a check for the very last byte of the range. +in steps of TARGET_PAGE_SIZE and OR-in a check for the very last byte of +the range. +Ref: <https://www.openwall.com/lists/musl/2017/06/21/2> + +Upstream-Status: Pending +[ismael@iodev.co.uk: Normalized patch format] +--- + linux-user/mmap.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git linux-user/mmap.c linux-user/mmap.c +index 7e3b245..1e8d0f1 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c -@@ -692,7 +692,7 @@ - if (!guest_range_valid(old_addr, old_size) || - ((flags & MREMAP_FIXED) && - !guest_range_valid(new_addr, new_size))) { +@@ -752,7 +752,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, + !guest_range_valid_untagged(new_addr, new_size)) || + ((flags & MREMAP_MAYMOVE) == 0 && + !guest_range_valid_untagged(old_addr, new_size))) { - errno = ENOMEM; + errno = EFAULT; return -1; } -@@ -728,9 +728,10 @@ +@@ -789,9 +789,10 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, abi_ulong addr; for (addr = old_addr + old_size; addr < old_addr + new_size; @@ -29,13 +38,13 @@ in steps of TARGET_PAGE_SIZE and OR-in a check for the very last byte of the ran + prot |= page_get_flags(old_addr + new_size - 1); } if (prot == 0) { - host_addr = mremap(g2h(old_addr), old_size, new_size, flags); -@@ -738,7 +739,7 @@ - mmap_reserve(old_addr + old_size, new_size - old_size); + host_addr = mremap(g2h_untagged(old_addr), +@@ -810,7 +811,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, + } } } else { - errno = ENOMEM; + errno = EFAULT; host_addr = MAP_FAILED; } - /* Check if address fits target address space */ + } diff --git a/utils/qemu/patches/musl-9p-limits_h.patch b/utils/qemu/patches/musl-9p-limits_h.patch index 5d0c5be3ce..01e2b253fc 100644 --- a/utils/qemu/patches/musl-9p-limits_h.patch +++ b/utils/qemu/patches/musl-9p-limits_h.patch @@ -1,6 +1,8 @@ +Origin: Alpine Linux + --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c -@@ -11,6 +11,7 @@ +@@ -16,6 +16,7 @@ * */ diff --git a/utils/qemu/patches/musl-F_SHLCK-and-F_EXLCK.patch b/utils/qemu/patches/musl-F_SHLCK-and-F_EXLCK.patch deleted file mode 100644 index 548c0e6c7f..0000000000 --- a/utils/qemu/patches/musl-F_SHLCK-and-F_EXLCK.patch +++ /dev/null @@ -1,19 +0,0 @@ -This patch was not upstreamed to qemu as those should probably be -defined in musl libc. - ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -114,6 +114,13 @@ - - #include "qemu.h" - -+#ifndef F_SHLCK -+#define F_SHLCK 8 -+#endif -+#ifndef F_EXLCK -+#define F_EXLCK 4 -+#endif -+ - #ifndef CLONE_IO - #define CLONE_IO 0x80000000 /* Clone io context */ - #endif diff --git a/utils/qemu/patches/musl-fix-SIOCGSTAMPNS.patch b/utils/qemu/patches/musl-fix-SIOCGSTAMPNS.patch index fb7dd7c171..49c095901f 100644 --- a/utils/qemu/patches/musl-fix-SIOCGSTAMPNS.patch +++ b/utils/qemu/patches/musl-fix-SIOCGSTAMPNS.patch @@ -1,6 +1,8 @@ +Origin: Alpine Linux + --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -34,6 +34,7 @@ +@@ -36,6 +36,7 @@ #include <sys/resource.h> #include <sys/swap.h> #include <linux/capability.h> diff --git a/utils/qemu/patches/musl-fix-sigevent-and-sigval_t.patch b/utils/qemu/patches/musl-fix-sigevent-and-sigval_t.patch deleted file mode 100644 index 61a5236b4d..0000000000 --- a/utils/qemu/patches/musl-fix-sigevent-and-sigval_t.patch +++ /dev/null @@ -1,26 +0,0 @@ -Origin: Void-Linux - ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -5020,9 +5020,20 @@ - return 0; - } - --static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp, -+struct host_sigevent { -+ union sigval sigev_value; -+ int sigev_signo; -+ int sigev_notify; -+ union { -+ int _pad[64-sizeof(int) * 2 + sizeof(union sigval)]; -+ int _tid; -+ } _sigev_un; -+}; -+ -+static inline abi_long target_to_host_sigevent(struct sigevent *sevp, - abi_ulong target_addr) - { -+ struct host_sigevent *host_sevp = (struct host_sigevent *) sevp; - struct target_sigevent *target_sevp; - - if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) { diff --git a/utils/qemu/patches/musl-initialize-msghdr.patch b/utils/qemu/patches/musl-initialize-msghdr.patch new file mode 100644 index 0000000000..aff916ecd7 --- /dev/null +++ b/utils/qemu/patches/musl-initialize-msghdr.patch @@ -0,0 +1,15 @@ +Source: https://github.com/void-linux/void-packages/issues/23557 + +diff --git linux-user/syscall.c linux-user/syscall.c +index 945fc25..8d8b68a 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -3209,7 +3209,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, + int flags, int send) + { + abi_long ret, len; +- struct msghdr msg; ++ struct msghdr msg = {0}; + abi_ulong count; + struct iovec *vec; + abi_ulong target_vec; |