diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 78 |
1 files changed, 20 insertions, 58 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index f76cbbb5cb..7893df0df2 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -21,62 +21,37 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ | |||
21 | SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | 21 | SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ |
22 | file://powerpc_rom.bin \ | 22 | file://powerpc_rom.bin \ |
23 | file://run-ptest \ | 23 | file://run-ptest \ |
24 | file://fix-strerrorname_np.patch \ | ||
24 | file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ | 25 | file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ |
25 | file://0003-apic-fixup-fallthrough-to-PIC.patch \ | 26 | file://0002-apic-fixup-fallthrough-to-PIC.patch \ |
26 | file://0004-configure-Add-pkg-config-handling-for-libgcrypt.patch \ | 27 | file://0004-qemu-Do-not-include-file-if-not-exists.patch \ |
27 | file://0005-qemu-Do-not-include-file-if-not-exists.patch \ | 28 | file://0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \ |
28 | file://0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \ | 29 | file://0006-qemu-Determinism-fixes.patch \ |
29 | file://0007-qemu-Determinism-fixes.patch \ | 30 | file://0007-tests-meson.build-use-relative-path-to-refer-to-file.patch \ |
30 | file://0008-tests-meson.build-use-relative-path-to-refer-to-file.patch \ | 31 | file://0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ |
31 | file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ | 32 | file://0010-configure-lookup-meson-exutable-from-PATH.patch \ |
32 | file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \ | 33 | file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \ |
33 | file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ | ||
34 | file://fixedmeson.patch \ | ||
35 | file://no-pip.patch \ | ||
36 | file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \ | ||
37 | file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \ | ||
38 | file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \ | ||
39 | file://0003-linux-user-Add-strace-for-shmat.patch \ | ||
40 | file://0004-linux-user-Rewrite-target_shmat.patch \ | ||
41 | file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ | ||
42 | file://CVE-2023-6683.patch \ | ||
43 | file://qemu-guest-agent.init \ | 34 | file://qemu-guest-agent.init \ |
44 | file://qemu-guest-agent.udev \ | 35 | file://qemu-guest-agent.udev \ |
45 | " | 36 | " |
37 | # file index at download.qemu.org isn't reliable: https://gitlab.com/qemu-project/qemu-web/-/issues/9 | ||
38 | UPSTREAM_CHECK_URI = "https://www.qemu.org" | ||
46 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 39 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
47 | 40 | ||
48 | # SDK_OLDEST_KERNEL is set below 4.17, which is the minimum version required by QEMU >= 8.1 | 41 | SRC_URI[sha256sum] = "ef786f2398cb5184600f69aef4d5d691efd44576a3cff4126d38d4c6fec87759" |
49 | # This is due to two MMAP flags being used at certain points | ||
50 | SRC_URI:append:class-nativesdk = " \ | ||
51 | file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \ | ||
52 | file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ | ||
53 | " | ||
54 | |||
55 | # Support building and using native version on pre 4.17 kernels | ||
56 | SRC_URI:append:class-native = " \ | ||
57 | file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \ | ||
58 | file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ | ||
59 | " | ||
60 | |||
61 | SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be" | ||
62 | 42 | ||
63 | CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." | 43 | CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." |
64 | 44 | ||
65 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 | 45 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 |
66 | CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability." | 46 | CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability." |
67 | 47 | ||
68 | # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 | ||
69 | # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 | ||
70 | CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows" | ||
71 | |||
72 | # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | 48 | # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 |
73 | CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue." | 49 | CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue." |
74 | 50 | ||
75 | CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before 8.2.0" | 51 | # NVD DB has this CVE as version-less (with "-") |
76 | 52 | CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0" | |
77 | CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" | ||
78 | 53 | ||
79 | CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" | 54 | CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985" |
80 | 55 | ||
81 | COMPATIBLE_HOST:mipsarchn32 = "null" | 56 | COMPATIBLE_HOST:mipsarchn32 = "null" |
82 | COMPATIBLE_HOST:mipsarchn64 = "null" | 57 | COMPATIBLE_HOST:mipsarchn64 = "null" |
@@ -182,27 +157,16 @@ do_install () { | |||
182 | rm ${D}${datadir}/qemu/s390-netboot.img -f | 157 | rm ${D}${datadir}/qemu/s390-netboot.img -f |
183 | # ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel] | 158 | # ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel] |
184 | rm ${D}${datadir}/qemu/s390-ccw.img -f | 159 | rm ${D}${datadir}/qemu/s390-ccw.img -f |
160 | # We don't support PARISC and these cause strip and SDK relocation errors | ||
161 | rm ${D}${datadir}/qemu/hppa* -f | ||
185 | } | 162 | } |
186 | 163 | ||
187 | # The following fragment will create a wrapper for qemu-mips user emulation | ||
188 | # binary in order to work around a segmentation fault issue. Basically, by | ||
189 | # default, the reserved virtual address space for 32-on-64 bit is set to 4GB. | ||
190 | # This will trigger a MMU access fault in the virtual CPU. With this change, | ||
191 | # the qemu-mips works fine. | ||
192 | # IMPORTANT: This piece needs to be removed once the root cause is fixed! | ||
193 | do_install:append() { | ||
194 | if [ -e "${D}/${bindir}/qemu-mips" ]; then | ||
195 | create_wrapper ${D}/${bindir}/qemu-mips \ | ||
196 | QEMU_RESERVED_VA=0x0 | ||
197 | fi | ||
198 | } | ||
199 | # END of qemu-mips workaround | ||
200 | |||
201 | # Disable kvm/virgl/mesa on targets that do not support it | 164 | # Disable kvm/virgl/mesa on targets that do not support it |
202 | PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" | 165 | PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" |
203 | PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie" | 166 | PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie" |
204 | 167 | ||
205 | PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" | 168 | PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl2" |
169 | PACKAGECONFIG[sdl-image] = "--enable-sdl-image,--disable-sdl-image,libsdl2-image" | ||
206 | PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" | 170 | PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" |
207 | PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," | 171 | PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," |
208 | PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," | 172 | PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," |
@@ -213,6 +177,7 @@ PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpe | |||
213 | PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl," | 177 | PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl," |
214 | PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss," | 178 | PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss," |
215 | PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses," | 179 | PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses," |
180 | PACKAGECONFIG[pixman] = "--enable-pixman,--disable-pixman,pixman" | ||
216 | PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native" | 181 | PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native" |
217 | PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native" | 182 | PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native" |
218 | PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng," | 183 | PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng," |
@@ -287,9 +252,6 @@ python split_qemu_packages () { | |||
287 | subpackages += do_split_packages(d, archdir, r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common') | 252 | subpackages += do_split_packages(d, archdir, r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common') |
288 | if subpackages: | 253 | if subpackages: |
289 | d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages)) | 254 | d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages)) |
290 | mipspackage = d.getVar('PN') + "-user-mips" | ||
291 | if mipspackage in ' '.join(subpackages): | ||
292 | d.appendVar('RDEPENDS:' + mipspackage, ' ' + d.getVar("MLPREFIX") + 'bash') | ||
293 | } | 255 | } |
294 | 256 | ||
295 | # Put the guest agent in a separate package | 257 | # Put the guest agent in a separate package |