summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-05 23:00:14 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-09 09:09:49 +0000
commit0d298198e57753213391788a8a9204d99648636b (patch)
tree043c08668b5e30472f230bf41b7837382d3636ac /meta/recipes-devtools
parent10c69538c0cb8708c7eff9e8dc05ca7c669cb61c (diff)
downloadpoky-0d298198e57753213391788a8a9204d99648636b.tar.gz
qemu: Upgrade 5.1.0->5.2.0
This involves some pretty major changes for qemu. In particular, they switched to meson+ninja so we have to adapt to that. Patch changes: * CVE patches - dropped as backports * cflags fix - upstream code changed significantly, need new patch if still issues * mips TLB entries - dropped as merged upstream * usb fix - dropped as merged upstream * find_datadir - dropped as code no longer present that I could find A patch was added to allow us to force the configure script into "cross" mode without setting cross_prefix which has other effects we don't need/want. Dependencies on meson/ninja were added. Specifying the python interpreter causes the internal meson copy to be built/used which is undesireable for us so don't do that. The correct python is in PATH anyway. Acked-by: Alistair Francis <alistair.francis@wdc.com> (From OE-Core rev: 181c635567aafb9b4787d8d6d0bcd4a615ceae80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/qemu/qemu-native_5.2.0.bb (renamed from meta/recipes-devtools/qemu/qemu-native_5.1.0.bb)0
-rw-r--r--meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb (renamed from meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb)0
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc19
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch8
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch16
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch8
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch59
-rw-r--r--meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch12
-rw-r--r--meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch8
-rw-r--r--meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch8
-rw-r--r--meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch28
-rw-r--r--meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch44
-rw-r--r--meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch8
-rw-r--r--meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch6
-rw-r--r--meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch40
-rw-r--r--meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch23
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch101
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch51
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch64
-rw-r--r--meta/recipes-devtools/qemu/qemu/cross.patch30
-rw-r--r--meta/recipes-devtools/qemu/qemu/find_datadir.patch39
-rw-r--r--meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch89
-rw-r--r--meta/recipes-devtools/qemu/qemu_5.2.0.bb (renamed from meta/recipes-devtools/qemu/qemu_5.1.0.bb)2
25 files changed, 126 insertions, 638 deletions
diff --git a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb
index c8acff8e19..c8acff8e19 100644
--- a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb
index 222b55cbc6..222b55cbc6 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4864d7e93c..23d0adb901 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -21,7 +21,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
21 file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ 21 file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
22 file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ 22 file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
23 file://0004-qemu-disable-Valgrind.patch \ 23 file://0004-qemu-disable-Valgrind.patch \
24 file://0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
25 file://0006-chardev-connect-socket-to-a-spawned-command.patch \ 24 file://0006-chardev-connect-socket-to-a-spawned-command.patch \
26 file://0007-apic-fixup-fallthrough-to-PIC.patch \ 25 file://0007-apic-fixup-fallthrough-to-PIC.patch \
27 file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ 26 file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
@@ -29,18 +28,13 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
29 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ 28 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
30 file://0001-Add-enable-disable-udev.patch \ 29 file://0001-Add-enable-disable-udev.patch \
31 file://0001-qemu-Do-not-include-file-if-not-exists.patch \ 30 file://0001-qemu-Do-not-include-file-if-not-exists.patch \
32 file://find_datadir.patch \
33 file://usb-fix-setup_len-init.patch \
34 file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \
35 file://CVE-2020-24352.patch \
36 file://CVE-2020-29129-CVE-2020-29130.patch \
37 file://CVE-2020-25624.patch \
38 file://CVE-2020-25723.patch \
39 file://CVE-2020-28916.patch \
40 " 31 "
41UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" 32UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
42 33
43SRC_URI[sha256sum] = "c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5" 34SRC_URI[sha256sum] = "cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc"
35
36SRC_URI_append_class-target = " file://cross.patch"
37SRC_URI_append_class-nativesdk = " file://cross.patch"
44 38
45COMPATIBLE_HOST_mipsarchn32 = "null" 39COMPATIBLE_HOST_mipsarchn32 = "null"
46COMPATIBLE_HOST_mipsarchn64 = "null" 40COMPATIBLE_HOST_mipsarchn64 = "null"
@@ -85,13 +79,14 @@ EXTRA_OECONF = " \
85 --sysconfdir=${sysconfdir} \ 79 --sysconfdir=${sysconfdir} \
86 --libexecdir=${libexecdir} \ 80 --libexecdir=${libexecdir} \
87 --localstatedir=${localstatedir} \ 81 --localstatedir=${localstatedir} \
88 --with-confsuffix=/${BPN} \ 82 --with-suffix=${BPN} \
89 --disable-strip \ 83 --disable-strip \
90 --disable-werror \ 84 --disable-werror \
91 --extra-cflags='${CFLAGS}' \ 85 --extra-cflags='${CFLAGS}' \
92 --extra-ldflags='${LDFLAGS}' \ 86 --extra-ldflags='${LDFLAGS}' \
93 --with-git=/bin/false \ 87 --with-git=/bin/false \
94 --disable-git-update \ 88 --disable-git-update \
89 --meson=meson \
95 ${PACKAGECONFIG_CONFARGS} \ 90 ${PACKAGECONFIG_CONFARGS} \
96 " 91 "
97 92
@@ -99,7 +94,7 @@ export LIBTOOL="${HOST_SYS}-libtool"
99 94
100B = "${WORKDIR}/build" 95B = "${WORKDIR}/build"
101 96
102EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" 97#EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3"
103 98
104do_configure_prepend_class-native() { 99do_configure_prepend_class-native() {
105 # Append build host pkg-config paths for native target since the host may provide sdl 100 # Append build host pkg-config paths for native target since the host may provide sdl
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
index 1304ee3bfd..c99adee8a9 100644
--- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
@@ -12,11 +12,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
12 configure | 4 ++++ 12 configure | 4 ++++
13 1 file changed, 4 insertions(+) 13 1 file changed, 4 insertions(+)
14 14
15Index: qemu-5.1.0/configure 15Index: qemu-5.2.0/configure
16=================================================================== 16===================================================================
17--- qemu-5.1.0.orig/configure 17--- qemu-5.2.0.orig/configure
18+++ qemu-5.1.0/configure 18+++ qemu-5.2.0/configure
19@@ -1640,6 +1640,10 @@ for opt do 19@@ -1525,6 +1525,10 @@ for opt do
20 ;; 20 ;;
21 --disable-libdaxctl) libdaxctl=no 21 --disable-libdaxctl) libdaxctl=no
22 ;; 22 ;;
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
index 46c9da08a5..8ce12bdb43 100644
--- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -20,11 +20,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
20 hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- 20 hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
21 1 file changed, 93 insertions(+), 1 deletion(-) 21 1 file changed, 93 insertions(+), 1 deletion(-)
22 22
23Index: qemu-5.1.0/hw/usb/dev-wacom.c 23Index: qemu-5.2.0/hw/usb/dev-wacom.c
24=================================================================== 24===================================================================
25--- qemu-5.1.0.orig/hw/usb/dev-wacom.c 25--- qemu-5.2.0.orig/hw/usb/dev-wacom.c
26+++ qemu-5.1.0/hw/usb/dev-wacom.c 26+++ qemu-5.2.0/hw/usb/dev-wacom.c
27@@ -74,6 +74,89 @@ static const USBDescStrings desc_strings 27@@ -69,6 +69,89 @@ static const USBDescStrings desc_strings
28 [STR_SERIALNUMBER] = "1", 28 [STR_SERIALNUMBER] = "1",
29 }; 29 };
30 30
@@ -114,16 +114,16 @@ Index: qemu-5.1.0/hw/usb/dev-wacom.c
114 static const USBDescIface desc_iface_wacom = { 114 static const USBDescIface desc_iface_wacom = {
115 .bInterfaceNumber = 0, 115 .bInterfaceNumber = 0,
116 .bNumEndpoints = 1, 116 .bNumEndpoints = 1,
117@@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac 117@@ -86,7 +169,7 @@ static const USBDescIface desc_iface_wac
118 0x00, /* u8 country_code */ 118 0x00, /* u8 country_code */
119 0x01, /* u8 num_descriptors */ 119 0x01, /* u8 num_descriptors */
120 0x22, /* u8 type: Report */ 120 USB_DT_REPORT, /* u8 type: Report */
121- 0x6e, 0, /* u16 len */ 121- 0x6e, 0, /* u16 len */
122+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ 122+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */
123 }, 123 },
124 }, 124 },
125 }, 125 },
126@@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB 126@@ -266,6 +349,15 @@ static void usb_wacom_handle_control(USB
127 } 127 }
128 128
129 switch (request) { 129 switch (request) {
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
index d6c0f9ebe9..3fe9aa6eb5 100644
--- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
@@ -15,10 +15,10 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
15 linux-user/syscall.c | 2 ++ 15 linux-user/syscall.c | 2 ++
16 1 file changed, 2 insertions(+) 16 1 file changed, 2 insertions(+)
17 17
18Index: qemu-5.1.0/linux-user/syscall.c 18Index: qemu-5.2.0/linux-user/syscall.c
19=================================================================== 19===================================================================
20--- qemu-5.1.0.orig/linux-user/syscall.c 20--- qemu-5.2.0.orig/linux-user/syscall.c
21+++ qemu-5.1.0/linux-user/syscall.c 21+++ qemu-5.2.0/linux-user/syscall.c
22@@ -109,7 +109,9 @@ 22@@ -109,7 +109,9 @@
23 #include <linux/blkpg.h> 23 #include <linux/blkpg.h>
24 #include <netpacket/packet.h> 24 #include <netpacket/packet.h>
@@ -28,4 +28,4 @@ Index: qemu-5.1.0/linux-user/syscall.c
28+#endif 28+#endif
29 #include <linux/rtc.h> 29 #include <linux/rtc.h>
30 #include <sound/asound.h> 30 #include <sound/asound.h>
31 #ifdef HAVE_DRM_H 31 #ifdef CONFIG_BTRFS
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
deleted file mode 100644
index 5227b7cbd2..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
3Date: Fri, 16 Oct 2020 15:20:37 +0200
4Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core
5 (16 -> 64)
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10Per "MIPS32 34K Processor Core Family Software User's Manual,
11Revision 01.13" page 8 in "Joint TLB (JTLB)" section:
12
13 "The JTLB is a fully associative TLB cache containing 16, 32,
14 or 64-dual-entries mapping up to 128 virtual pages to their
15 corresponding physical addresses."
16
17There is no particular reason to restrict the 34Kf core model to
1816 TLB entries, so raise its config to 64.
19
20This is helpful for other projects, in particular the Yocto Project:
21
22 Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit
23 MIPS CI loop. It was observed that in this case CI test execution
24 time was almost twice longer than 64bit MIPS variant that runs
25 under MIPS64R2-generic model. It was investigated and concluded
26 that the difference in number of TLBs 16 in 34Kf case vs 64 in
27 MIPS64R2-generic is responsible for most of CI real time execution
28 difference. Because with 16 TLBs linux user-land trashes TLB more
29 and it needs to execute more instructions in TLB refill handler
30 calls, as result it runs much longer.
31
32(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html)
33
34Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992
35Reported-by: Victor Kamensky <kamensky@cisco.com>
36Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
37Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
38Message-Id: <20201016133317.553068-1-f4bug@amsat.org>
39
40Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69]
41Signed-off-by: Victor Kamensky <kamensky@cisco.com>
42
43---
44 target/mips/translate_init.c.inc | 2 +-
45 1 file changed, 1 insertion(+), 1 deletion(-)
46
47Index: qemu-5.1.0/target/mips/translate_init.inc.c
48===================================================================
49--- qemu-5.1.0.orig/target/mips/translate_init.inc.c
50+++ qemu-5.1.0/target/mips/translate_init.inc.c
51@@ -254,7 +254,7 @@ const mips_def_t mips_defs[] =
52 .CP0_PRid = 0x00019500,
53 .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
54 (MMU_TYPE_R4000 << CP0C0_MT),
55- .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) |
56+ .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) |
57 (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) |
58 (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) |
59 (1 << CP0C1_CA),
diff --git a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index f379948f14..3cb1dac9c3 100644
--- a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -16,13 +16,13 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
16 tests/Makefile.include | 8 ++++++++ 16 tests/Makefile.include | 8 ++++++++
17 1 file changed, 8 insertions(+) 17 1 file changed, 8 insertions(+)
18 18
19Index: qemu-5.1.0/tests/Makefile.include 19Index: qemu-5.2.0/tests/Makefile.include
20=================================================================== 20===================================================================
21--- qemu-5.1.0.orig/tests/Makefile.include 21--- qemu-5.2.0.orig/tests/Makefile.include
22+++ qemu-5.1.0/tests/Makefile.include 22+++ qemu-5.2.0/tests/Makefile.include
23@@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) 23@@ -155,4 +155,12 @@ clean: check-clean
24 -include $(wildcard tests/qtest/*.d) 24
25 -include $(wildcard tests/qtest/libqos/*.d) 25 check-speed: bench-speed
26 26
27+buildtest-TESTS: $(check-unit-y) 27+buildtest-TESTS: $(check-unit-y)
28+ 28+
diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index 33cef42217..fd54f96b03 100644
--- a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -18,11 +18,11 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
18 hw/mips/malta.c | 2 +- 18 hw/mips/malta.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-) 19 1 file changed, 1 insertion(+), 1 deletion(-)
20 20
21Index: qemu-5.1.0/hw/mips/malta.c 21Index: qemu-5.2.0/hw/mips/malta.c
22=================================================================== 22===================================================================
23--- qemu-5.1.0.orig/hw/mips/malta.c 23--- qemu-5.2.0.orig/hw/mips/malta.c
24+++ qemu-5.1.0/hw/mips/malta.c 24+++ qemu-5.2.0/hw/mips/malta.c
25@@ -59,7 +59,7 @@ 25@@ -62,7 +62,7 @@
26 26
27 #define ENVP_ADDR 0x80002000l 27 #define ENVP_ADDR 0x80002000l
28 #define ENVP_NB_ENTRIES 16 28 #define ENVP_NB_ENTRIES 16
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
index 71f537f9b0..a0bd1c5ebc 100644
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
+++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
@@ -12,11 +12,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
12 configure | 9 --------- 12 configure | 9 ---------
13 1 file changed, 9 deletions(-) 13 1 file changed, 9 deletions(-)
14 14
15Index: qemu-5.1.0/configure 15Index: qemu-5.2.0/configure
16=================================================================== 16===================================================================
17--- qemu-5.1.0.orig/configure 17--- qemu-5.2.0.orig/configure
18+++ qemu-5.1.0/configure 18+++ qemu-5.2.0/configure
19@@ -5751,15 +5751,6 @@ fi 19@@ -5001,15 +5001,6 @@ fi
20 # check if we have valgrind/valgrind.h 20 # check if we have valgrind/valgrind.h
21 21
22 valgrind_h=no 22 valgrind_h=no
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
deleted file mode 100644
index 02ebbee1a0..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ /dev/null
@@ -1,28 +0,0 @@
1From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001
2From: Stephen Arnold <sarnold@vctlabs.com>
3Date: Sun, 12 Jun 2016 18:09:56 -0700
4Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
5
6Upstream-Status: Pending
7
8[update patch context]
9Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
10---
11 configure | 4 ----
12 1 file changed, 4 deletions(-)
13
14Index: qemu-5.1.0/configure
15===================================================================
16--- qemu-5.1.0.orig/configure
17+++ qemu-5.1.0/configure
18@@ -6515,10 +6515,6 @@ write_c_skeleton
19 if test "$gcov" = "yes" ; then
20 QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS"
21 QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS"
22-elif test "$fortify_source" = "yes" ; then
23- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
24-elif test "$debug" = "no"; then
25- CFLAGS="-O2 $CFLAGS"
26 fi
27
28 if test "$have_asan" = "yes"; then
diff --git a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
index 98fd5e9133..201125c1f4 100644
--- a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
+++ b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
@@ -51,11 +51,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
51 qapi/char.json | 5 +++ 51 qapi/char.json | 5 +++
52 3 files changed, 109 insertions(+) 52 3 files changed, 109 insertions(+)
53 53
54Index: qemu-5.1.0/chardev/char-socket.c 54Index: qemu-5.2.0/chardev/char-socket.c
55=================================================================== 55===================================================================
56--- qemu-5.1.0.orig/chardev/char-socket.c 56--- qemu-5.2.0.orig/chardev/char-socket.c
57+++ qemu-5.1.0/chardev/char-socket.c 57+++ qemu-5.2.0/chardev/char-socket.c
58@@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket( 58@@ -1308,6 +1308,67 @@ static bool qmp_chardev_validate_socket(
59 return true; 59 return true;
60 } 60 }
61 61
@@ -123,7 +123,7 @@ Index: qemu-5.1.0/chardev/char-socket.c
123 123
124 static void qmp_chardev_open_socket(Chardev *chr, 124 static void qmp_chardev_open_socket(Chardev *chr,
125 ChardevBackend *backend, 125 ChardevBackend *backend,
126@@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char 126@@ -1316,6 +1377,9 @@ static void qmp_chardev_open_socket(Char
127 { 127 {
128 SocketChardev *s = SOCKET_CHARDEV(chr); 128 SocketChardev *s = SOCKET_CHARDEV(chr);
129 ChardevSocket *sock = backend->u.socket.data; 129 ChardevSocket *sock = backend->u.socket.data;
@@ -133,7 +133,7 @@ Index: qemu-5.1.0/chardev/char-socket.c
133 bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; 133 bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
134 bool is_listen = sock->has_server ? sock->server : true; 134 bool is_listen = sock->has_server ? sock->server : true;
135 bool is_telnet = sock->has_telnet ? sock->telnet : false; 135 bool is_telnet = sock->has_telnet ? sock->telnet : false;
136@@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char 136@@ -1381,6 +1445,14 @@ static void qmp_chardev_open_socket(Char
137 137
138 update_disconnected_filename(s); 138 update_disconnected_filename(s);
139 139
@@ -148,15 +148,17 @@ Index: qemu-5.1.0/chardev/char-socket.c
148 if (s->is_listen) { 148 if (s->is_listen) {
149 if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, 149 if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
150 is_waitconnect, errp) < 0) { 150 is_waitconnect, errp) < 0) {
151@@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp 151@@ -1400,6 +1472,9 @@ static void qemu_chr_parse_socket(QemuOp
152 const char *host = qemu_opt_get(opts, "host"); 152 const char *host = qemu_opt_get(opts, "host");
153 const char *port = qemu_opt_get(opts, "port"); 153 const char *port = qemu_opt_get(opts, "port");
154 const char *fd = qemu_opt_get(opts, "fd"); 154 const char *fd = qemu_opt_get(opts, "fd");
155+#ifndef _WIN32 155+#ifndef _WIN32
156+ const char *cmd = qemu_opt_get(opts, "cmd"); 156+ const char *cmd = qemu_opt_get(opts, "cmd");
157+#endif 157+#endif
158 #ifdef CONFIG_LINUX
158 bool tight = qemu_opt_get_bool(opts, "tight", true); 159 bool tight = qemu_opt_get_bool(opts, "tight", true);
159 bool abstract = qemu_opt_get_bool(opts, "abstract", false); 160 bool abstract = qemu_opt_get_bool(opts, "abstract", false);
161@@ -1407,6 +1482,20 @@ static void qemu_chr_parse_socket(QemuOp
160 SocketAddressLegacy *addr; 162 SocketAddressLegacy *addr;
161 ChardevSocket *sock; 163 ChardevSocket *sock;
162 164
@@ -173,19 +175,19 @@ Index: qemu-5.1.0/chardev/char-socket.c
173+ } 175+ }
174+ } else 176+ } else
175+#endif 177+#endif
178+
176 if ((!!path + !!fd + !!host) != 1) { 179 if ((!!path + !!fd + !!host) != 1) {
177 error_setg(errp, 180 error_setg(errp,
178 "Exactly one of 'path', 'fd' or 'host' required"); 181 "Exactly one of 'path', 'fd' or 'host' required");
179@@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp 182@@ -1448,13 +1537,24 @@ static void qemu_chr_parse_socket(QemuOp
183 sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds"));
180 sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); 184 sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
181 sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); 185 sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
182
183- addr = g_new0(SocketAddressLegacy, 1);
184+#ifndef _WIN32 186+#ifndef _WIN32
185+ sock->cmd = g_strdup(cmd); 187+ sock->cmd = g_strdup(cmd);
186+#endif 188+#endif
187+ 189
188+ addr = g_new0(SocketAddressLegacy, 1); 190 addr = g_new0(SocketAddressLegacy, 1);
189+#ifndef _WIN32 191+#ifndef _WIN32
190+ if (path || cmd) { 192+ if (path || cmd) {
191+#else 193+#else
@@ -199,14 +201,14 @@ Index: qemu-5.1.0/chardev/char-socket.c
199+#else 201+#else
200 q_unix->path = g_strdup(path); 202 q_unix->path = g_strdup(path);
201+#endif 203+#endif
204 #ifdef CONFIG_LINUX
205 q_unix->has_tight = true;
202 q_unix->tight = tight; 206 q_unix->tight = tight;
203 q_unix->abstract = abstract; 207Index: qemu-5.2.0/chardev/char.c
204 } else if (host) {
205Index: qemu-5.1.0/chardev/char.c
206=================================================================== 208===================================================================
207--- qemu-5.1.0.orig/chardev/char.c 209--- qemu-5.2.0.orig/chardev/char.c
208+++ qemu-5.1.0/chardev/char.c 210+++ qemu-5.2.0/chardev/char.c
209@@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = { 211@@ -839,6 +839,9 @@ QemuOptsList qemu_chardev_opts = {
210 .name = "path", 212 .name = "path",
211 .type = QEMU_OPT_STRING, 213 .type = QEMU_OPT_STRING,
212 },{ 214 },{
@@ -216,10 +218,10 @@ Index: qemu-5.1.0/chardev/char.c
216 .name = "host", 218 .name = "host",
217 .type = QEMU_OPT_STRING, 219 .type = QEMU_OPT_STRING,
218 },{ 220 },{
219Index: qemu-5.1.0/qapi/char.json 221Index: qemu-5.2.0/qapi/char.json
220=================================================================== 222===================================================================
221--- qemu-5.1.0.orig/qapi/char.json 223--- qemu-5.2.0.orig/qapi/char.json
222+++ qemu-5.1.0/qapi/char.json 224+++ qemu-5.2.0/qapi/char.json
223@@ -250,6 +250,10 @@ 225@@ -250,6 +250,10 @@
224 # 226 #
225 # @addr: socket address to listen on (server=true) 227 # @addr: socket address to listen on (server=true)
diff --git a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
index 034ac57821..294cf5129f 100644
--- a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
+++ b/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
@@ -29,11 +29,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
29 hw/intc/apic.c | 2 +- 29 hw/intc/apic.c | 2 +-
30 1 file changed, 1 insertion(+), 1 deletion(-) 30 1 file changed, 1 insertion(+), 1 deletion(-)
31 31
32Index: qemu-5.1.0/hw/intc/apic.c 32Index: qemu-5.2.0/hw/intc/apic.c
33=================================================================== 33===================================================================
34--- qemu-5.1.0.orig/hw/intc/apic.c 34--- qemu-5.2.0.orig/hw/intc/apic.c
35+++ qemu-5.1.0/hw/intc/apic.c 35+++ qemu-5.2.0/hw/intc/apic.c
36@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de 36@@ -605,7 +605,7 @@ int apic_accept_pic_intr(DeviceState *de
37 APICCommonState *s = APIC(dev); 37 APICCommonState *s = APIC(dev);
38 uint32_t lvt0; 38 uint32_t lvt0;
39 39
diff --git a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index d20f04ee59..74621a08e8 100644
--- a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -18,10 +18,10 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
18 linux-user/main.c | 2 +- 18 linux-user/main.c | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-) 19 1 file changed, 1 insertion(+), 1 deletion(-)
20 20
21Index: qemu-5.1.0/linux-user/main.c 21Index: qemu-5.2.0/linux-user/main.c
22=================================================================== 22===================================================================
23--- qemu-5.1.0.orig/linux-user/main.c 23--- qemu-5.2.0.orig/linux-user/main.c
24+++ qemu-5.1.0/linux-user/main.c 24+++ qemu-5.2.0/linux-user/main.c
25@@ -92,7 +92,7 @@ static int last_log_mask; 25@@ -92,7 +92,7 @@ static int last_log_mask;
26 (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) 26 (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
27 /* There are a number of places where we assign reserved_va to a variable 27 /* There are a number of places where we assign reserved_va to a variable
diff --git a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch
index f2a44986b7..2ddc09966c 100644
--- a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch
+++ b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch
@@ -28,10 +28,10 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
28 linux-user/syscall.c | 5 +---- 28 linux-user/syscall.c | 5 +----
29 4 files changed, 10 insertions(+), 23 deletions(-) 29 4 files changed, 10 insertions(+), 23 deletions(-)
30 30
31Index: qemu-5.1.0/include/exec/cpu-all.h 31Index: qemu-5.2.0/include/exec/cpu-all.h
32=================================================================== 32===================================================================
33--- qemu-5.1.0.orig/include/exec/cpu-all.h 33--- qemu-5.2.0.orig/include/exec/cpu-all.h
34+++ qemu-5.1.0/include/exec/cpu-all.h 34+++ qemu-5.2.0/include/exec/cpu-all.h
35@@ -176,11 +176,8 @@ extern unsigned long reserved_va; 35@@ -176,11 +176,8 @@ extern unsigned long reserved_va;
36 * avoid setting bits at the top of guest addresses that might need 36 * avoid setting bits at the top of guest addresses that might need
37 * to be used for tags. 37 * to be used for tags.
@@ -46,10 +46,10 @@ Index: qemu-5.1.0/include/exec/cpu-all.h
46 #else 46 #else
47 47
48 #include "exec/hwaddr.h" 48 #include "exec/hwaddr.h"
49Index: qemu-5.1.0/include/exec/cpu_ldst.h 49Index: qemu-5.2.0/include/exec/cpu_ldst.h
50=================================================================== 50===================================================================
51--- qemu-5.1.0.orig/include/exec/cpu_ldst.h 51--- qemu-5.2.0.orig/include/exec/cpu_ldst.h
52+++ qemu-5.1.0/include/exec/cpu_ldst.h 52+++ qemu-5.2.0/include/exec/cpu_ldst.h
53@@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; 53@@ -75,7 +75,10 @@ typedef uint64_t abi_ptr;
54 #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS 54 #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
55 #define guest_addr_valid(x) (1) 55 #define guest_addr_valid(x) (1)
@@ -62,20 +62,20 @@ Index: qemu-5.1.0/include/exec/cpu_ldst.h
62 #endif 62 #endif
63 #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) 63 #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
64 64
65Index: qemu-5.1.0/linux-user/mmap.c 65Index: qemu-5.2.0/linux-user/mmap.c
66=================================================================== 66===================================================================
67--- qemu-5.1.0.orig/linux-user/mmap.c 67--- qemu-5.2.0.orig/linux-user/mmap.c
68+++ qemu-5.1.0/linux-user/mmap.c 68+++ qemu-5.2.0/linux-user/mmap.c
69@@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi 69@@ -119,7 +119,7 @@ int target_mprotect(abi_ulong start, abi
70 return -TARGET_EINVAL; 70 }
71 len = TARGET_PAGE_ALIGN(len); 71 len = TARGET_PAGE_ALIGN(len);
72 end = start + len; 72 end = start + len;
73- if (!guest_range_valid(start, len)) { 73- if (!guest_range_valid(start, len)) {
74+ if (end < start) { 74+ if (end < start) {
75 return -TARGET_ENOMEM; 75 return -TARGET_ENOMEM;
76 } 76 }
77 prot &= PROT_READ | PROT_WRITE | PROT_EXEC; 77 if (len == 0) {
78@@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab 78@@ -527,8 +527,8 @@ abi_long target_mmap(abi_ulong start, ab
79 * It can fail only on 64-bit host with 32-bit target. 79 * It can fail only on 64-bit host with 32-bit target.
80 * On any other target/host host mmap() handles this error correctly. 80 * On any other target/host host mmap() handles this error correctly.
81 */ 81 */
@@ -86,7 +86,7 @@ Index: qemu-5.1.0/linux-user/mmap.c
86 goto fail; 86 goto fail;
87 } 87 }
88 88
89@@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u 89@@ -664,10 +664,8 @@ int target_munmap(abi_ulong start, abi_u
90 if (start & ~TARGET_PAGE_MASK) 90 if (start & ~TARGET_PAGE_MASK)
91 return -TARGET_EINVAL; 91 return -TARGET_EINVAL;
92 len = TARGET_PAGE_ALIGN(len); 92 len = TARGET_PAGE_ALIGN(len);
@@ -98,7 +98,7 @@ Index: qemu-5.1.0/linux-user/mmap.c
98 mmap_lock(); 98 mmap_lock();
99 end = start + len; 99 end = start + len;
100 real_start = start & qemu_host_page_mask; 100 real_start = start & qemu_host_page_mask;
101@@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add 101@@ -722,13 +720,6 @@ abi_long target_mremap(abi_ulong old_add
102 int prot; 102 int prot;
103 void *host_addr; 103 void *host_addr;
104 104
@@ -112,11 +112,11 @@ Index: qemu-5.1.0/linux-user/mmap.c
112 mmap_lock(); 112 mmap_lock();
113 113
114 if (flags & MREMAP_FIXED) { 114 if (flags & MREMAP_FIXED) {
115Index: qemu-5.1.0/linux-user/syscall.c 115Index: qemu-5.2.0/linux-user/syscall.c
116=================================================================== 116===================================================================
117--- qemu-5.1.0.orig/linux-user/syscall.c 117--- qemu-5.2.0.orig/linux-user/syscall.c
118+++ qemu-5.1.0/linux-user/syscall.c 118+++ qemu-5.2.0/linux-user/syscall.c
119@@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch 119@@ -4590,9 +4590,6 @@ static inline abi_ulong do_shmat(CPUArch
120 return -TARGET_EINVAL; 120 return -TARGET_EINVAL;
121 } 121 }
122 } 122 }
@@ -126,7 +126,7 @@ Index: qemu-5.1.0/linux-user/syscall.c
126 126
127 mmap_lock(); 127 mmap_lock();
128 128
129@@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env, 129@@ -7790,7 +7787,7 @@ static int open_self_maps(void *cpu_env,
130 const char *path; 130 const char *path;
131 131
132 max = h2g_valid(max - 1) ? 132 max = h2g_valid(max - 1) ?
diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
index d7e3fffdd0..c5d206b91b 100644
--- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
+++ b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
@@ -14,11 +14,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
14 configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- 14 configure | 48 ++++++++++++++++++++++++++++++++++++++++--------
15 1 file changed, 40 insertions(+), 8 deletions(-) 15 1 file changed, 40 insertions(+), 8 deletions(-)
16 16
17Index: qemu-5.1.0/configure 17Index: qemu-5.2.0/configure
18=================================================================== 18===================================================================
19--- qemu-5.1.0.orig/configure 19--- qemu-5.2.0.orig/configure
20+++ qemu-5.1.0/configure 20+++ qemu-5.2.0/configure
21@@ -3084,6 +3084,30 @@ has_libgcrypt() { 21@@ -2956,6 +2956,30 @@ has_libgcrypt() {
22 return 0 22 return 0
23 } 23 }
24 24
@@ -49,7 +49,7 @@ Index: qemu-5.1.0/configure
49 49
50 if test "$nettle" != "no"; then 50 if test "$nettle" != "no"; then
51 pass="no" 51 pass="no"
52@@ -3124,7 +3148,14 @@ fi 52@@ -2994,7 +3018,14 @@ fi
53 53
54 if test "$gcrypt" != "no"; then 54 if test "$gcrypt" != "no"; then
55 pass="no" 55 pass="no"
@@ -65,7 +65,7 @@ Index: qemu-5.1.0/configure
65 gcrypt_cflags=$(libgcrypt-config --cflags) 65 gcrypt_cflags=$(libgcrypt-config --cflags)
66 gcrypt_libs=$(libgcrypt-config --libs) 66 gcrypt_libs=$(libgcrypt-config --libs)
67 # Debian has removed -lgpg-error from libgcrypt-config 67 # Debian has removed -lgpg-error from libgcrypt-config
68@@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then 68@@ -3004,12 +3035,12 @@ if test "$gcrypt" != "no"; then
69 then 69 then
70 gcrypt_libs="$gcrypt_libs -lgpg-error" 70 gcrypt_libs="$gcrypt_libs -lgpg-error"
71 fi 71 fi
@@ -74,18 +74,11 @@ Index: qemu-5.1.0/configure
74- # Link test to make sure the given libraries work (e.g for static). 74- # Link test to make sure the given libraries work (e.g for static).
75- write_c_skeleton 75- write_c_skeleton
76- if compile_prog "" "$gcrypt_libs" ; then 76- if compile_prog "" "$gcrypt_libs" ; then
77- LIBS="$gcrypt_libs $LIBS"
78- QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
79- pass="yes"
80- fi
81+ # Link test to make sure the given libraries work (e.g for static). 77+ # Link test to make sure the given libraries work (e.g for static).
82+ write_c_skeleton 78+ write_c_skeleton
83+ if compile_prog "" "$gcrypt_libs" ; then 79+ if compile_prog "" "$gcrypt_libs" ; then
84+ LIBS="$gcrypt_libs $LIBS" 80 pass="yes"
85+ QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" 81- fi
86+ pass="yes"
87 fi 82 fi
88+
89 if test "$pass" = "yes"; then 83 if test "$pass" = "yes"; then
90 gcrypt="yes" 84 gcrypt="yes"
91 cat > $TMPC << EOF
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch
deleted file mode 100644
index 861ff6c3b0..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001
2From: Prasad J Pandit <pjp@fedoraproject.org>
3Date: Wed, 21 Oct 2020 16:08:18 +0530
4Subject: [PATCH 1/1] ati: check x y display parameter values
5
6The source and destination x,y display parameters in ati_2d_blt()
7may run off the vga limits if either of s->regs.[src|dst]_[xy] is
8zero. Check the parameter values to avoid potential crash.
9
10Reported-by: Gaoning Pan <pgn@zju.edu.cn>
11Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
12Message-id: 20201021103818.1704030-1-ppandit@redhat.com
13Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
14
15Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ]
16CVE: CVE-2020-24352
17Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
18---
19 hw/display/ati_2d.c | 10 ++++++----
20 1 file changed, 6 insertions(+), 4 deletions(-)
21
22diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
23index 23a8ae0..4dc10ea 100644
24--- a/hw/display/ati_2d.c
25+++ b/hw/display/ati_2d.c
26@@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s)
27 dst_stride *= bpp;
28 }
29 uint8_t *end = s->vga.vram_ptr + s->vga.vram_size;
30- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) *
31- dst_stride >= end) {
32+ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end
33+ || dst_bits + dst_x
34+ + (dst_y + s->regs.dst_height) * dst_stride >= end) {
35 qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
36 return;
37 }
38@@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s)
39 src_bits += s->regs.crtc_offset & 0x07ffffff;
40 src_stride *= bpp;
41 }
42- if (src_bits >= end || src_bits + src_x +
43- (src_y + s->regs.dst_height) * src_stride >= end) {
44+ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end
45+ || src_bits + src_x
46+ + (src_y + s->regs.dst_height) * src_stride >= end) {
47 qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
48 return;
49 }
50--
511.8.3.1
52
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch
deleted file mode 100644
index 7631bab39f..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch
+++ /dev/null
@@ -1,101 +0,0 @@
1From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001
2From: Prasad J Pandit <pjp@fedoraproject.org>
3Date: Tue, 15 Sep 2020 23:52:58 +0530
4Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables
5
6While servicing the OHCI transfer descriptors(TD), OHCI host
7controller derives variables 'start_addr', 'end_addr', 'len'
8etc. from values supplied by the host controller driver.
9Host controller driver may supply values such that using
10above variables leads to out-of-bounds access issues.
11Add checks to avoid them.
12
13AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0
14 READ of size 2 at 0x7ffd53af76a0 thread T0
15 #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734
16 #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180
17 #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214
18 #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257
19 #4 timerlist_run_timers ../util/qemu-timer.c:572
20 #5 qemu_clock_run_timers ../util/qemu-timer.c:586
21 #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672
22 #7 main_loop_wait ../util/main-loop.c:527
23 #8 qemu_main_loop ../softmmu/vl.c:1676
24 #9 main ../softmmu/main.c:50
25
26Reported-by: Gaoning Pan <pgn@zju.edu.cn>
27Reported-by: Yongkang Jia <j_kangel@163.com>
28Reported-by: Yi Ren <yunye.ry@alibaba-inc.com>
29Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
30Message-id: 20200915182259.68522-2-ppandit@redhat.com
31Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
32
33Upstream-Status: Backport
34CVE: CVE-2020-25624
35[https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058]
36Signed-off-by: Li Wang <li.wang@windriver.com>
37---
38 hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++--
39 1 file changed, 22 insertions(+), 2 deletions(-)
40
41diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
42index 1e6e85e..9dc5910 100644
43--- a/hw/usb/hcd-ohci.c
44+++ b/hw/usb/hcd-ohci.c
45@@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
46 }
47
48 start_offset = iso_td.offset[relative_frame_number];
49- next_offset = iso_td.offset[relative_frame_number + 1];
50+ if (relative_frame_number < frame_count) {
51+ next_offset = iso_td.offset[relative_frame_number + 1];
52+ } else {
53+ next_offset = iso_td.be;
54+ }
55
56 if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
57 ((relative_frame_number < frame_count) &&
58@@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
59 }
60 } else {
61 /* Last packet in the ISO TD */
62- end_addr = iso_td.be;
63+ end_addr = next_offset;
64+ }
65+
66+ if (start_addr > end_addr) {
67+ trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
68+ return 1;
69 }
70
71 if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
72@@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
73 } else {
74 len = end_addr - start_addr + 1;
75 }
76+ if (len > sizeof(ohci->usb_buf)) {
77+ len = sizeof(ohci->usb_buf);
78+ }
79
80 if (len && dir != OHCI_TD_DIR_IN) {
81 if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
82@@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
83 if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
84 len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
85 } else {
86+ if (td.cbp > td.be) {
87+ trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
88+ ohci_die(ohci);
89+ return 1;
90+ }
91 len = (td.be - td.cbp) + 1;
92 }
93+ if (len > sizeof(ohci->usb_buf)) {
94+ len = sizeof(ohci->usb_buf);
95+ }
96
97 pktlen = len;
98 if (len && dir != OHCI_TD_DIR_IN) {
99--
1002.17.1
101
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
deleted file mode 100644
index 90b3a2f41c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From 2fdb42d840400d58f2e706ecca82c142b97bcbd6 Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@163.com>
3Date: Wed, 12 Aug 2020 09:17:27 -0700
4Subject: [PATCH] hw: ehci: check return value of 'usb_packet_map'
5
6If 'usb_packet_map' fails, we should stop to process the usb
7request.
8
9Signed-off-by: Li Qiang <liq3ea@163.com>
10Message-Id: <20200812161727.29412-1-liq3ea@163.com>
11Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12
13Upstream-Status: Backport
14CVE: CVE-2020-25723
15[https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6]
16Signed-off-by: Li Wang <li.wang@windriver.com>
17---
18 hw/usb/hcd-ehci.c | 10 ++++++++--
19 1 file changed, 8 insertions(+), 2 deletions(-)
20
21diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
22index 1495e8f..1fbb02a 100644
23--- a/hw/usb/hcd-ehci.c
24+++ b/hw/usb/hcd-ehci.c
25@@ -1373,7 +1373,10 @@ static int ehci_execute(EHCIPacket *p, const char *action)
26 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
27 usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
28 (p->qtd.token & QTD_TOKEN_IOC) != 0);
29- usb_packet_map(&p->packet, &p->sgl);
30+ if (usb_packet_map(&p->packet, &p->sgl)) {
31+ qemu_sglist_destroy(&p->sgl);
32+ return -1;
33+ }
34 p->async = EHCI_ASYNC_INITIALIZED;
35 }
36
37@@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci,
38 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
39 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
40 (itd->transact[i] & ITD_XACT_IOC) != 0);
41- usb_packet_map(&ehci->ipacket, &ehci->isgl);
42+ if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
43+ qemu_sglist_destroy(&ehci->isgl);
44+ return -1;
45+ }
46 usb_handle_packet(dev, &ehci->ipacket);
47 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
48 } else {
49--
502.17.1
51
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
deleted file mode 100644
index 5212196837..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001
2From: Prasad J Pandit <pjp@fedoraproject.org>
3Date: Wed, 11 Nov 2020 18:36:36 +0530
4Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null
5descriptor
6
7While receiving packets via e1000e_write_packet_to_guest() routine,
8'desc_offset' is advanced only when RX descriptor is processed. And
9RX descriptor is not processed if it has NULL buffer address.
10This may lead to an infinite loop condition. Increament 'desc_offset'
11to process next descriptor in the ring to avoid infinite loop.
12
13Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
14Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
15Signed-off-by: Jason Wang <jasowang@redhat.com>
16
17Upstream-Status: Backport
18CVE: CVE-2020-28916
19[https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a]
20Signed-off-by: Li Wang <li.wang@windriver.com>
21---
22 hw/net/e1000e_core.c | 8 ++++----
23 1 file changed, 4 insertions(+), 4 deletions(-)
24
25diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
26index bcd186c..d3e3cdc 100644
27--- a/hw/net/e1000e_core.c
28+++ b/hw/net/e1000e_core.c
29@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
30 (const char *) &fcs_pad, e1000x_fcs_len(core->mac));
31 }
32 }
33- desc_offset += desc_size;
34- if (desc_offset >= total_size) {
35- is_last = true;
36- }
37 } else { /* as per intel docs; skip descriptors with null buf addr */
38 trace_e1000e_rx_null_descriptor();
39 }
40+ desc_offset += desc_size;
41+ if (desc_offset >= total_size) {
42+ is_last = true;
43+ }
44
45 e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
46 rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
47--
482.17.1
49
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch
deleted file mode 100644
index e5829f6dad..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001
2From: Prasad J Pandit <pjp@fedoraproject.org>
3Date: Thu, 26 Nov 2020 19:27:06 +0530
4Subject: [PATCH] slirp: check pkt_len before reading protocol header
5MIME-Version: 1.0
6Content-Type: text/plain; charset=utf8
7Content-Transfer-Encoding: 8bit
8
9While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
10routines, ensure that pkt_len is large enough to accommodate the
11respective protocol headers, lest it should do an OOB access.
12Add check to avoid it.
13
14CVE-2020-29129 CVE-2020-29130
15 QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
16 -> https://www.openwall.com/lists/oss-security/2020/11/27/1
17
18Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
19Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
20Message-Id: <20201126135706.273950-1-ppandit@redhat.com>
21Reviewed-by: Marc-Andrà Lureau <marcandre.lureau@redhat.com>
22
23Upstream-Status: Backport
24CVE: CVE-2020-29129 CVE-2020-29130
25[https://git.qemu.org/?p=libslirp.git;a=commit;h=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f]
26Signed-off-by: Li Wang <li.wang@windriver.com>
27---
28 slirp/src/ncsi.c | 4 ++++
29 slirp/src/slirp.c | 4 ++++
30 2 files changed, 8 insertions(+)
31
32diff --git a/slirp/src/ncsi.c b/slirp/src/ncsi.c
33index 3c1dfef..75dcc08 100644
34--- a/slirp/src/ncsi.c
35+++ b/slirp/src/ncsi.c
36@@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
37 uint32_t checksum;
38 uint32_t *pchecksum;
39
40+ if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) {
41+ return; /* packet too short */
42+ }
43+
44 memset(ncsi_reply, 0, sizeof(ncsi_reply));
45
46 memset(reh->h_dest, 0xff, ETH_ALEN);
47diff --git a/slirp/src/slirp.c b/slirp/src/slirp.c
48index dba7c98..9be58e2 100644
49--- a/slirp/src/slirp.c
50+++ b/slirp/src/slirp.c
51@@ -756,6 +756,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
52 return;
53 }
54
55+ if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) {
56+ return; /* packet too short */
57+ }
58+
59 ar_op = ntohs(ah->ar_op);
60 switch (ar_op) {
61 case ARPOP_REQUEST:
62--
632.17.1
64
diff --git a/meta/recipes-devtools/qemu/qemu/cross.patch b/meta/recipes-devtools/qemu/qemu/cross.patch
new file mode 100644
index 0000000000..438c1ad086
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/cross.patch
@@ -0,0 +1,30 @@
1We need to be able to trigger configure's cross code but we don't want
2to set cross_prefix as it does other things we don't want. Patch things
3so we can do what we need in the target config case.
4
5Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?]
6Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
7
8
9Index: qemu-5.2.0/configure
10===================================================================
11--- qemu-5.2.0.orig/configure
12+++ qemu-5.2.0/configure
13@@ -6973,7 +6973,6 @@ if has $sdl2_config; then
14 fi
15 echo "strip = [$(meson_quote $strip)]" >> $cross
16 echo "windres = [$(meson_quote $windres)]" >> $cross
17-if test -n "$cross_prefix"; then
18 cross_arg="--cross-file config-meson.cross"
19 echo "[host_machine]" >> $cross
20 if test "$mingw32" = "yes" ; then
21@@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then
22 else
23 echo "endian = 'little'" >> $cross
24 fi
25-else
26- cross_arg="--native-file config-meson.cross"
27-fi
28 mv $cross config-meson.cross
29
30 rm -rf meson-private meson-info meson-logs
diff --git a/meta/recipes-devtools/qemu/qemu/find_datadir.patch b/meta/recipes-devtools/qemu/qemu/find_datadir.patch
deleted file mode 100644
index 9a4c11267a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/find_datadir.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1qemu: search for datadir as in version 4.2
2
3os_find_datadir() was changed after the 4.2 release. We need to check for
4../share/qemu relative to the executable because that is where the runqemu
5configuration assumes it will be.
6
7Upstream-Status: Submitted [qemu-devel@nongnu.org]
8
9Signed-off-by: Joe Slater <joe.slater@windriver.com>
10
11
12Index: qemu-5.1.0/os-posix.c
13===================================================================
14--- qemu-5.1.0.orig/os-posix.c
15+++ qemu-5.1.0/os-posix.c
16@@ -82,8 +82,9 @@ void os_setup_signal_handling(void)
17
18 /*
19 * Find a likely location for support files using the location of the binary.
20+ * Typically, this would be "$bindir/../share/qemu".
21 * When running from the build tree this will be "$bindir/../pc-bios".
22- * Otherwise, this is CONFIG_QEMU_DATADIR.
23+ * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure.
24 *
25 * The caller must use g_free() to free the returned data when it is
26 * no longer required.
27@@ -96,6 +97,12 @@ char *os_find_datadir(void)
28 exec_dir = qemu_get_exec_dir();
29 g_return_val_if_fail(exec_dir != NULL, NULL);
30
31+ dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL);
32+ if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
33+ return g_steal_pointer(&dir);
34+ }
35+ g_free(dir); /* no autofree this time */
36+
37 dir = g_build_filename(exec_dir, "..", "pc-bios", NULL);
38 if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
39 return g_steal_pointer(&dir);
diff --git a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch
deleted file mode 100644
index 92801da46f..0000000000
--- a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch
+++ /dev/null
@@ -1,89 +0,0 @@
1CVE: CVE-2020-14364
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001
6From: Gerd Hoffmann <kraxel@redhat.com>
7Date: Tue, 25 Aug 2020 07:36:36 +0200
8Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364)
9
10Store calculated setup_len in a local variable, verify it, and only
11write it to the struct (USBDevice->setup_len) in case it passed the
12sanity checks.
13
14This prevents other code (do_token_{in,out} functions specifically)
15from working with invalid USBDevice->setup_len values and overrunning
16the USBDevice->setup_buf[] buffer.
17
18Fixes: CVE-2020-14364
19Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
20Tested-by: Gonglei <arei.gonglei@huawei.com>
21Reviewed-by: Li Qiang <liq3ea@gmail.com>
22Message-id: 20200825053636.29648-1-kraxel@redhat.com
23---
24 hw/usb/core.c | 16 ++++++++++------
25 1 file changed, 10 insertions(+), 6 deletions(-)
26
27diff --git a/hw/usb/core.c b/hw/usb/core.c
28index 5abd128b6bc..5234dcc73fe 100644
29--- a/hw/usb/core.c
30+++ b/hw/usb/core.c
31@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream)
32 static void do_token_setup(USBDevice *s, USBPacket *p)
33 {
34 int request, value, index;
35+ unsigned int setup_len;
36
37 if (p->iov.size != 8) {
38 p->status = USB_RET_STALL;
39@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p)
40 usb_packet_copy(p, s->setup_buf, p->iov.size);
41 s->setup_index = 0;
42 p->actual_length = 0;
43- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
44- if (s->setup_len > sizeof(s->data_buf)) {
45+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
46+ if (setup_len > sizeof(s->data_buf)) {
47 fprintf(stderr,
48 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
49- s->setup_len, sizeof(s->data_buf));
50+ setup_len, sizeof(s->data_buf));
51 p->status = USB_RET_STALL;
52 return;
53 }
54+ s->setup_len = setup_len;
55
56 request = (s->setup_buf[0] << 8) | s->setup_buf[1];
57 value = (s->setup_buf[3] << 8) | s->setup_buf[2];
58@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p)
59 static void do_parameter(USBDevice *s, USBPacket *p)
60 {
61 int i, request, value, index;
62+ unsigned int setup_len;
63
64 for (i = 0; i < 8; i++) {
65 s->setup_buf[i] = p->parameter >> (i*8);
66 }
67
68 s->setup_state = SETUP_STATE_PARAM;
69- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
70 s->setup_index = 0;
71
72 request = (s->setup_buf[0] << 8) | s->setup_buf[1];
73 value = (s->setup_buf[3] << 8) | s->setup_buf[2];
74 index = (s->setup_buf[5] << 8) | s->setup_buf[4];
75
76- if (s->setup_len > sizeof(s->data_buf)) {
77+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
78+ if (setup_len > sizeof(s->data_buf)) {
79 fprintf(stderr,
80 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
81- s->setup_len, sizeof(s->data_buf));
82+ setup_len, sizeof(s->data_buf));
83 p->status = USB_RET_STALL;
84 return;
85 }
86+ s->setup_len = setup_len;
87
88 if (p->pid == USB_TOKEN_OUT) {
89 usb_packet_copy(p, s->data_buf, s->setup_len);
diff --git a/meta/recipes-devtools/qemu/qemu_5.1.0.bb b/meta/recipes-devtools/qemu/qemu_5.2.0.bb
index 599ff82fc1..7afa66e396 100644
--- a/meta/recipes-devtools/qemu/qemu_5.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_5.2.0.bb
@@ -6,7 +6,7 @@ require qemu.inc
6# void (*_function)(sigval_t); 6# void (*_function)(sigval_t);
7COMPATIBLE_HOST_libc-musl = 'null' 7COMPATIBLE_HOST_libc-musl = 'null'
8 8
9DEPENDS = "glib-2.0 zlib pixman bison-native" 9DEPENDS = "glib-2.0 zlib pixman bison-native ninja-native meson-native"
10 10
11RDEPENDS_${PN}_class-target += "bash" 11RDEPENDS_${PN}_class-target += "bash"
12 12