diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 163 |
1 files changed, 145 insertions, 18 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a1a418374f..59ff69d51d 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
| @@ -35,30 +35,147 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
| 35 | file://CVE-2020-7039-2.patch \ | 35 | file://CVE-2020-7039-2.patch \ |
| 36 | file://CVE-2020-7039-3.patch \ | 36 | file://CVE-2020-7039-3.patch \ |
| 37 | file://0001-Add-enable-disable-udev.patch \ | 37 | file://0001-Add-enable-disable-udev.patch \ |
| 38 | file://CVE-2020-7211.patch \ | 38 | file://CVE-2020-7211.patch \ |
| 39 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ | 39 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ |
| 40 | file://CVE-2020-11102.patch \ | 40 | file://CVE-2020-11102.patch \ |
| 41 | file://CVE-2020-11869.patch \ | 41 | file://CVE-2020-11869.patch \ |
| 42 | file://CVE-2020-13361.patch \ | 42 | file://CVE-2020-13361.patch \ |
| 43 | file://CVE-2020-10761.patch \ | 43 | file://CVE-2020-10761.patch \ |
| 44 | file://CVE-2020-10702.patch \ | 44 | file://CVE-2020-10702.patch \ |
| 45 | file://CVE-2020-13659.patch \ | 45 | file://CVE-2020-13659.patch \ |
| 46 | file://CVE-2020-13800.patch \ | 46 | file://CVE-2020-13800.patch \ |
| 47 | file://CVE-2020-13362.patch \ | 47 | file://CVE-2020-13362.patch \ |
| 48 | file://CVE-2020-15863.patch \ | 48 | file://CVE-2020-15863.patch \ |
| 49 | file://CVE-2020-14364.patch \ | 49 | file://CVE-2020-14364.patch \ |
| 50 | file://CVE-2020-14415.patch \ | 50 | file://CVE-2020-14415.patch \ |
| 51 | file://CVE-2020-16092.patch \ | 51 | file://CVE-2020-16092.patch \ |
| 52 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ | 52 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ |
| 53 | file://CVE-2019-20175.patch \ | 53 | file://CVE-2019-20175.patch \ |
| 54 | file://CVE-2020-24352.patch \ | 54 | file://CVE-2020-24352.patch \ |
| 55 | file://CVE-2020-25723.patch \ | 55 | file://CVE-2020-25723.patch \ |
| 56 | " | 56 | file://CVE-2021-20203.patch \ |
| 57 | file://CVE-2021-3392.patch \ | ||
| 58 | file://CVE-2020-25085.patch \ | ||
| 59 | file://CVE-2020-25624_1.patch \ | ||
| 60 | file://CVE-2020-25624_2.patch \ | ||
| 61 | file://CVE-2020-25625.patch \ | ||
| 62 | file://CVE-2020-29443.patch \ | ||
| 63 | file://CVE-2021-20221.patch \ | ||
| 64 | file://CVE-2021-20181.patch \ | ||
| 65 | file://CVE-2021-3416_1.patch \ | ||
| 66 | file://CVE-2021-3416_2.patch \ | ||
| 67 | file://CVE-2021-3416_3.patch \ | ||
| 68 | file://CVE-2021-3416_5.patch \ | ||
| 69 | file://CVE-2021-3416_6.patch \ | ||
| 70 | file://CVE-2021-3416_7.patch \ | ||
| 71 | file://CVE-2021-3416_8.patch \ | ||
| 72 | file://CVE-2021-3416_9.patch \ | ||
| 73 | file://CVE-2021-3416_10.patch \ | ||
| 74 | file://CVE-2021-20257.patch \ | ||
| 75 | file://CVE-2021-3544.patch \ | ||
| 76 | file://CVE-2021-3544_2.patch \ | ||
| 77 | file://CVE-2021-3544_3.patch \ | ||
| 78 | file://CVE-2021-3544_4.patch \ | ||
| 79 | file://CVE-2021-3544_5.patch \ | ||
| 80 | file://CVE-2021-3545.patch \ | ||
| 81 | file://CVE-2021-3546.patch \ | ||
| 82 | file://CVE-2021-3527-1.patch \ | ||
| 83 | file://CVE-2021-3527-2.patch \ | ||
| 84 | file://CVE-2021-3582.patch \ | ||
| 85 | file://CVE-2021-3607.patch \ | ||
| 86 | file://CVE-2021-3608.patch \ | ||
| 87 | file://CVE-2020-12829_1.patch \ | ||
| 88 | file://CVE-2020-12829_2.patch \ | ||
| 89 | file://CVE-2020-12829_3.patch \ | ||
| 90 | file://CVE-2020-12829_4.patch \ | ||
| 91 | file://CVE-2020-12829_5.patch \ | ||
| 92 | file://CVE-2020-27617.patch \ | ||
| 93 | file://CVE-2020-28916.patch \ | ||
| 94 | file://CVE-2021-3682.patch \ | ||
| 95 | file://CVE-2020-13253_1.patch \ | ||
| 96 | file://CVE-2020-13253_2.patch \ | ||
| 97 | file://CVE-2020-13253_3.patch \ | ||
| 98 | file://CVE-2020-13253_4.patch \ | ||
| 99 | file://CVE-2020-13253_5.patch \ | ||
| 100 | file://CVE-2020-13791.patch \ | ||
| 101 | file://CVE-2022-35414.patch \ | ||
| 102 | file://CVE-2020-27821.patch \ | ||
| 103 | file://CVE-2020-13754-1.patch \ | ||
| 104 | file://CVE-2020-13754-2.patch \ | ||
| 105 | file://CVE-2020-13754-3.patch \ | ||
| 106 | file://CVE-2020-13754-4.patch \ | ||
| 107 | file://CVE-2021-3713.patch \ | ||
| 108 | file://CVE-2021-3748.patch \ | ||
| 109 | file://CVE-2021-3930.patch \ | ||
| 110 | file://CVE-2021-4206.patch \ | ||
| 111 | file://CVE-2021-4207.patch \ | ||
| 112 | file://CVE-2022-0216-1.patch \ | ||
| 113 | file://CVE-2022-0216-2.patch \ | ||
| 114 | file://CVE-2021-3750.patch \ | ||
| 115 | file://CVE-2021-3638.patch \ | ||
| 116 | file://CVE-2021-20196.patch \ | ||
| 117 | file://CVE-2021-3507.patch \ | ||
| 118 | file://hw-block-nvme-refactor-nvme_addr_read.patch \ | ||
| 119 | file://hw-block-nvme-handle-dma-errors.patch \ | ||
| 120 | file://CVE-2021-3929.patch \ | ||
| 121 | file://CVE-2022-4144.patch \ | ||
| 122 | file://CVE-2020-15859.patch \ | ||
| 123 | file://CVE-2020-15469-1.patch \ | ||
| 124 | file://CVE-2020-15469-2.patch \ | ||
| 125 | file://CVE-2020-15469-3.patch \ | ||
| 126 | file://CVE-2020-15469-4.patch \ | ||
| 127 | file://CVE-2020-15469-5.patch \ | ||
| 128 | file://CVE-2020-15469-6.patch \ | ||
| 129 | file://CVE-2020-15469-7.patch \ | ||
| 130 | file://CVE-2020-15469-8.patch \ | ||
| 131 | file://CVE-2020-35504.patch \ | ||
| 132 | file://CVE-2020-35505.patch \ | ||
| 133 | file://CVE-2022-26354.patch \ | ||
| 134 | file://CVE-2021-3409-1.patch \ | ||
| 135 | file://CVE-2021-3409-2.patch \ | ||
| 136 | file://CVE-2021-3409-3.patch \ | ||
| 137 | file://CVE-2021-3409-4.patch \ | ||
| 138 | file://CVE-2021-3409-5.patch \ | ||
| 139 | file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ | ||
| 140 | file://CVE-2023-0330.patch \ | ||
| 141 | file://CVE-2023-3354.patch \ | ||
| 142 | file://CVE-2023-3180.patch \ | ||
| 143 | file://CVE-2020-24165.patch \ | ||
| 144 | file://CVE-2023-5088.patch \ | ||
| 145 | file://9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch \ | ||
| 146 | file://CVE-2023-2861.patch \ | ||
| 147 | " | ||
| 57 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 148 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
| 58 | 149 | ||
| 59 | SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" | 150 | SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" |
| 60 | SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" | 151 | SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" |
| 61 | 152 | ||
| 153 | # Applies against virglrender < 0.6.0 and not qemu itself | ||
| 154 | CVE_CHECK_WHITELIST += "CVE-2017-5957" | ||
| 155 | |||
| 156 | # The VNC server can expose host files uder some circumstances. We don't | ||
| 157 | # enable it by default. | ||
| 158 | CVE_CHECK_WHITELIST += "CVE-2007-0998" | ||
| 159 | |||
| 160 | # 'The issues identified by this CVE were determined to not constitute a vulnerability.' | ||
| 161 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 | ||
| 162 | CVE_CHECK_WHITELIST += "CVE-2018-18438" | ||
| 163 | |||
| 164 | # the issue introduced in v5.1.0-rc0 | ||
| 165 | CVE_CHECK_WHITELIST += "CVE-2020-27661" | ||
| 166 | |||
| 167 | # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 | ||
| 168 | # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 | ||
| 169 | # this bug related to windows specific. | ||
| 170 | CVE_CHECK_WHITELIST += "CVE-2023-0664" | ||
| 171 | |||
| 172 | # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | ||
| 173 | # RHEL specific issue | ||
| 174 | CVE_CHECK_WHITELIST += "CVE-2023-2680" | ||
| 175 | |||
| 176 | # Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release. | ||
| 177 | CVE_CHECK_WHITELIST += "CVE-2021-20295" | ||
| 178 | |||
| 62 | COMPATIBLE_HOST_mipsarchn32 = "null" | 179 | COMPATIBLE_HOST_mipsarchn32 = "null" |
| 63 | COMPATIBLE_HOST_mipsarchn64 = "null" | 180 | COMPATIBLE_HOST_mipsarchn64 = "null" |
| 64 | 181 | ||
| @@ -197,6 +314,16 @@ PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs" | |||
| 197 | PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" | 314 | PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" |
| 198 | PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" | 315 | PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" |
| 199 | PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" | 316 | PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" |
| 317 | PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" | ||
| 318 | PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone" | ||
| 319 | # libnfs is currently provided by meta-kodi | ||
| 320 | PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs" | ||
| 321 | PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" | ||
| 322 | PACKAGECONFIG[vde] = "--enable-vde,--disable-vde" | ||
| 323 | # version 4.2.0 doesn't have an "internal" option for enable-slirp, so use "git" which uses the same configure code path | ||
| 324 | PACKAGECONFIG[slirp] = "--enable-slirp=git,--disable-slirp" | ||
| 325 | PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd" | ||
| 326 | PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma" | ||
| 200 | 327 | ||
| 201 | INSANE_SKIP_${PN} = "arch" | 328 | INSANE_SKIP_${PN} = "arch" |
| 202 | 329 | ||