diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 163 |
1 files changed, 145 insertions, 18 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index a1a418374f..59ff69d51d 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -35,30 +35,147 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
35 | file://CVE-2020-7039-2.patch \ | 35 | file://CVE-2020-7039-2.patch \ |
36 | file://CVE-2020-7039-3.patch \ | 36 | file://CVE-2020-7039-3.patch \ |
37 | file://0001-Add-enable-disable-udev.patch \ | 37 | file://0001-Add-enable-disable-udev.patch \ |
38 | file://CVE-2020-7211.patch \ | 38 | file://CVE-2020-7211.patch \ |
39 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ | 39 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ |
40 | file://CVE-2020-11102.patch \ | 40 | file://CVE-2020-11102.patch \ |
41 | file://CVE-2020-11869.patch \ | 41 | file://CVE-2020-11869.patch \ |
42 | file://CVE-2020-13361.patch \ | 42 | file://CVE-2020-13361.patch \ |
43 | file://CVE-2020-10761.patch \ | 43 | file://CVE-2020-10761.patch \ |
44 | file://CVE-2020-10702.patch \ | 44 | file://CVE-2020-10702.patch \ |
45 | file://CVE-2020-13659.patch \ | 45 | file://CVE-2020-13659.patch \ |
46 | file://CVE-2020-13800.patch \ | 46 | file://CVE-2020-13800.patch \ |
47 | file://CVE-2020-13362.patch \ | 47 | file://CVE-2020-13362.patch \ |
48 | file://CVE-2020-15863.patch \ | 48 | file://CVE-2020-15863.patch \ |
49 | file://CVE-2020-14364.patch \ | 49 | file://CVE-2020-14364.patch \ |
50 | file://CVE-2020-14415.patch \ | 50 | file://CVE-2020-14415.patch \ |
51 | file://CVE-2020-16092.patch \ | 51 | file://CVE-2020-16092.patch \ |
52 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ | 52 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ |
53 | file://CVE-2019-20175.patch \ | 53 | file://CVE-2019-20175.patch \ |
54 | file://CVE-2020-24352.patch \ | 54 | file://CVE-2020-24352.patch \ |
55 | file://CVE-2020-25723.patch \ | 55 | file://CVE-2020-25723.patch \ |
56 | " | 56 | file://CVE-2021-20203.patch \ |
57 | file://CVE-2021-3392.patch \ | ||
58 | file://CVE-2020-25085.patch \ | ||
59 | file://CVE-2020-25624_1.patch \ | ||
60 | file://CVE-2020-25624_2.patch \ | ||
61 | file://CVE-2020-25625.patch \ | ||
62 | file://CVE-2020-29443.patch \ | ||
63 | file://CVE-2021-20221.patch \ | ||
64 | file://CVE-2021-20181.patch \ | ||
65 | file://CVE-2021-3416_1.patch \ | ||
66 | file://CVE-2021-3416_2.patch \ | ||
67 | file://CVE-2021-3416_3.patch \ | ||
68 | file://CVE-2021-3416_5.patch \ | ||
69 | file://CVE-2021-3416_6.patch \ | ||
70 | file://CVE-2021-3416_7.patch \ | ||
71 | file://CVE-2021-3416_8.patch \ | ||
72 | file://CVE-2021-3416_9.patch \ | ||
73 | file://CVE-2021-3416_10.patch \ | ||
74 | file://CVE-2021-20257.patch \ | ||
75 | file://CVE-2021-3544.patch \ | ||
76 | file://CVE-2021-3544_2.patch \ | ||
77 | file://CVE-2021-3544_3.patch \ | ||
78 | file://CVE-2021-3544_4.patch \ | ||
79 | file://CVE-2021-3544_5.patch \ | ||
80 | file://CVE-2021-3545.patch \ | ||
81 | file://CVE-2021-3546.patch \ | ||
82 | file://CVE-2021-3527-1.patch \ | ||
83 | file://CVE-2021-3527-2.patch \ | ||
84 | file://CVE-2021-3582.patch \ | ||
85 | file://CVE-2021-3607.patch \ | ||
86 | file://CVE-2021-3608.patch \ | ||
87 | file://CVE-2020-12829_1.patch \ | ||
88 | file://CVE-2020-12829_2.patch \ | ||
89 | file://CVE-2020-12829_3.patch \ | ||
90 | file://CVE-2020-12829_4.patch \ | ||
91 | file://CVE-2020-12829_5.patch \ | ||
92 | file://CVE-2020-27617.patch \ | ||
93 | file://CVE-2020-28916.patch \ | ||
94 | file://CVE-2021-3682.patch \ | ||
95 | file://CVE-2020-13253_1.patch \ | ||
96 | file://CVE-2020-13253_2.patch \ | ||
97 | file://CVE-2020-13253_3.patch \ | ||
98 | file://CVE-2020-13253_4.patch \ | ||
99 | file://CVE-2020-13253_5.patch \ | ||
100 | file://CVE-2020-13791.patch \ | ||
101 | file://CVE-2022-35414.patch \ | ||
102 | file://CVE-2020-27821.patch \ | ||
103 | file://CVE-2020-13754-1.patch \ | ||
104 | file://CVE-2020-13754-2.patch \ | ||
105 | file://CVE-2020-13754-3.patch \ | ||
106 | file://CVE-2020-13754-4.patch \ | ||
107 | file://CVE-2021-3713.patch \ | ||
108 | file://CVE-2021-3748.patch \ | ||
109 | file://CVE-2021-3930.patch \ | ||
110 | file://CVE-2021-4206.patch \ | ||
111 | file://CVE-2021-4207.patch \ | ||
112 | file://CVE-2022-0216-1.patch \ | ||
113 | file://CVE-2022-0216-2.patch \ | ||
114 | file://CVE-2021-3750.patch \ | ||
115 | file://CVE-2021-3638.patch \ | ||
116 | file://CVE-2021-20196.patch \ | ||
117 | file://CVE-2021-3507.patch \ | ||
118 | file://hw-block-nvme-refactor-nvme_addr_read.patch \ | ||
119 | file://hw-block-nvme-handle-dma-errors.patch \ | ||
120 | file://CVE-2021-3929.patch \ | ||
121 | file://CVE-2022-4144.patch \ | ||
122 | file://CVE-2020-15859.patch \ | ||
123 | file://CVE-2020-15469-1.patch \ | ||
124 | file://CVE-2020-15469-2.patch \ | ||
125 | file://CVE-2020-15469-3.patch \ | ||
126 | file://CVE-2020-15469-4.patch \ | ||
127 | file://CVE-2020-15469-5.patch \ | ||
128 | file://CVE-2020-15469-6.patch \ | ||
129 | file://CVE-2020-15469-7.patch \ | ||
130 | file://CVE-2020-15469-8.patch \ | ||
131 | file://CVE-2020-35504.patch \ | ||
132 | file://CVE-2020-35505.patch \ | ||
133 | file://CVE-2022-26354.patch \ | ||
134 | file://CVE-2021-3409-1.patch \ | ||
135 | file://CVE-2021-3409-2.patch \ | ||
136 | file://CVE-2021-3409-3.patch \ | ||
137 | file://CVE-2021-3409-4.patch \ | ||
138 | file://CVE-2021-3409-5.patch \ | ||
139 | file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ | ||
140 | file://CVE-2023-0330.patch \ | ||
141 | file://CVE-2023-3354.patch \ | ||
142 | file://CVE-2023-3180.patch \ | ||
143 | file://CVE-2020-24165.patch \ | ||
144 | file://CVE-2023-5088.patch \ | ||
145 | file://9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch \ | ||
146 | file://CVE-2023-2861.patch \ | ||
147 | " | ||
57 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 148 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
58 | 149 | ||
59 | SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" | 150 | SRC_URI[md5sum] = "278eeb294e4b497e79af7a57e660cb9a" |
60 | SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" | 151 | SRC_URI[sha256sum] = "d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0" |
61 | 152 | ||
153 | # Applies against virglrender < 0.6.0 and not qemu itself | ||
154 | CVE_CHECK_WHITELIST += "CVE-2017-5957" | ||
155 | |||
156 | # The VNC server can expose host files uder some circumstances. We don't | ||
157 | # enable it by default. | ||
158 | CVE_CHECK_WHITELIST += "CVE-2007-0998" | ||
159 | |||
160 | # 'The issues identified by this CVE were determined to not constitute a vulnerability.' | ||
161 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 | ||
162 | CVE_CHECK_WHITELIST += "CVE-2018-18438" | ||
163 | |||
164 | # the issue introduced in v5.1.0-rc0 | ||
165 | CVE_CHECK_WHITELIST += "CVE-2020-27661" | ||
166 | |||
167 | # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 | ||
168 | # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 | ||
169 | # this bug related to windows specific. | ||
170 | CVE_CHECK_WHITELIST += "CVE-2023-0664" | ||
171 | |||
172 | # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | ||
173 | # RHEL specific issue | ||
174 | CVE_CHECK_WHITELIST += "CVE-2023-2680" | ||
175 | |||
176 | # Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release. | ||
177 | CVE_CHECK_WHITELIST += "CVE-2021-20295" | ||
178 | |||
62 | COMPATIBLE_HOST_mipsarchn32 = "null" | 179 | COMPATIBLE_HOST_mipsarchn32 = "null" |
63 | COMPATIBLE_HOST_mipsarchn64 = "null" | 180 | COMPATIBLE_HOST_mipsarchn64 = "null" |
64 | 181 | ||
@@ -197,6 +314,16 @@ PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs" | |||
197 | PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" | 314 | PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" |
198 | PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" | 315 | PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" |
199 | PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" | 316 | PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" |
317 | PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" | ||
318 | PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone" | ||
319 | # libnfs is currently provided by meta-kodi | ||
320 | PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs" | ||
321 | PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" | ||
322 | PACKAGECONFIG[vde] = "--enable-vde,--disable-vde" | ||
323 | # version 4.2.0 doesn't have an "internal" option for enable-slirp, so use "git" which uses the same configure code path | ||
324 | PACKAGECONFIG[slirp] = "--enable-slirp=git,--disable-slirp" | ||
325 | PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd" | ||
326 | PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma" | ||
200 | 327 | ||
201 | INSANE_SKIP_${PN} = "arch" | 328 | INSANE_SKIP_${PN} = "arch" |
202 | 329 | ||