1 files changed, 20 insertions, 58 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index f76cbbb5cb..7893df0df2 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -21,62 +21,37 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
 SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
           file://powerpc_rom.bin \
           file://run-ptest \
+           file://fix-strerrorname_np.patch \
           file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
-           file://0003-apic-fixup-fallthrough-to-PIC.patch \
+           file://0002-apic-fixup-fallthrough-to-PIC.patch \
-           file://0004-configure-Add-pkg-config-handling-for-libgcrypt.patch \
+           file://0004-qemu-Do-not-include-file-if-not-exists.patch \
-           file://0005-qemu-Do-not-include-file-if-not-exists.patch \
+           file://0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \
-           file://0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \
+           file://0006-qemu-Determinism-fixes.patch \
-           file://0007-qemu-Determinism-fixes.patch \
+           file://0007-tests-meson.build-use-relative-path-to-refer-to-file.patch \
-           file://0008-tests-meson.build-use-relative-path-to-refer-to-file.patch \
+           file://0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \
-           file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \
+           file://0010-configure-lookup-meson-exutable-from-PATH.patch \
-           file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
+           file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \
-           file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \
-           file://fixedmeson.patch \
-           file://no-pip.patch \
-           file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \
-           file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \
-           file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \
-           file://0003-linux-user-Add-strace-for-shmat.patch \
-           file://0004-linux-user-Rewrite-target_shmat.patch \
-           file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
-           file://CVE-2023-6683.patch \
           file://qemu-guest-agent.init \
           file://qemu-guest-agent.udev \
           "
+# file index at download.qemu.org isn't reliable: https://gitlab.com/qemu-project/qemu-web/-/issues/9
+UPSTREAM_CHECK_URI = "https://www.qemu.org"
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
-# SDK_OLDEST_KERNEL is set below 4.17, which is the minimum version required by QEMU >= 8.1
+SRC_URI[sha256sum] = "ef786f2398cb5184600f69aef4d5d691efd44576a3cff4126d38d4c6fec87759"
-# This is due to two MMAP flags being used at certain points
-SRC_URI:append:class-nativesdk = " \
-        file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \
-        file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
-        "
-# Support building and using native version on pre 4.17 kernels
-SRC_URI:append:class-native = " \
-        file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \
-        file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
-        "
-SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be"
 CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
 # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
 CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
-# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
-# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
-CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
 # As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387
 CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue."
-CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before 8.2.0"
+# NVD DB has this CVE as version-less (with "-")
+CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0"
-CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
-CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
+CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
@@ -182,27 +157,16 @@ do_install () {
        rm ${D}${datadir}/qemu/s390-netboot.img -f
        # ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel]
        rm ${D}${datadir}/qemu/s390-ccw.img -f
+        # We don't support PARISC and these cause strip and SDK relocation errors
+        rm ${D}${datadir}/qemu/hppa* -f
 }
-# The following fragment will create a wrapper for qemu-mips user emulation
-# binary in order to work around a segmentation fault issue. Basically, by
-# default, the reserved virtual address space for 32-on-64 bit is set to 4GB.
-# This will trigger a MMU access fault in the virtual CPU. With this change,
-# the qemu-mips works fine.
-# IMPORTANT: This piece needs to be removed once the root cause is fixed!
-do_install:append() {
-        if [ -e "${D}/${bindir}/qemu-mips" ]; then
-                create_wrapper ${D}/${bindir}/qemu-mips \
-                        QEMU_RESERVED_VA=0x0
-        fi
-}
-# END of qemu-mips workaround
 # Disable kvm/virgl/mesa on targets that do not support it
 PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+"
 PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie"
-PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
+PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl2"
+PACKAGECONFIG[sdl-image] = "--enable-sdl-image,--disable-sdl-image,libsdl2-image"
 PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"
 PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"
 PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
@@ -213,6 +177,7 @@ PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpe
 PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl,"
 PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss,"
 PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses,"
+PACKAGECONFIG[pixman] = "--enable-pixman,--disable-pixman,pixman"
 PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native"
 PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native"
 PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng,"
@@ -287,9 +252,6 @@ python split_qemu_packages () {
    subpackages += do_split_packages(d, archdir, r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common')
    if subpackages:
        d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages))
-    mipspackage = d.getVar('PN') + "-user-mips"
-    if mipspackage in ' '.join(subpackages):
-        d.appendVar('RDEPENDS:' + mipspackage, ' ' + d.getVar("MLPREFIX") + 'bash')
 }
 # Put the guest agent in a separate package

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index f76cbbb5cb..7893df0df2 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -21,62 +21,37 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
21	SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \	21	SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
22	file://powerpc_rom.bin \	22	file://powerpc_rom.bin \
23	file://run-ptest \	23	file://run-ptest \
		24	file://fix-strerrorname_np.patch \
24	file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \	25	file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
25	file://0003-apic-fixup-fallthrough-to-PIC.patch \	26	file://0002-apic-fixup-fallthrough-to-PIC.patch \
26	file://0004-configure-Add-pkg-config-handling-for-libgcrypt.patch \	27	file://0004-qemu-Do-not-include-file-if-not-exists.patch \
27	file://0005-qemu-Do-not-include-file-if-not-exists.patch \	28	file://0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \
28	file://0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \	29	file://0006-qemu-Determinism-fixes.patch \
29	file://0007-qemu-Determinism-fixes.patch \	30	file://0007-tests-meson.build-use-relative-path-to-refer-to-file.patch \
30	file://0008-tests-meson.build-use-relative-path-to-refer-to-file.patch \	31	file://0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \
31	file://0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \	32	file://0010-configure-lookup-meson-exutable-from-PATH.patch \
32	file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \	33	file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \
33	file://0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch \
34	file://fixedmeson.patch \
35	file://no-pip.patch \
36	file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \
37	file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \
38	file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \
39	file://0003-linux-user-Add-strace-for-shmat.patch \
40	file://0004-linux-user-Rewrite-target_shmat.patch \
41	file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
42	file://CVE-2023-6683.patch \
43	file://qemu-guest-agent.init \	34	file://qemu-guest-agent.init \
44	file://qemu-guest-agent.udev \	35	file://qemu-guest-agent.udev \
45	"	36	"
		37	# file index at download.qemu.org isn't reliable: https://gitlab.com/qemu-project/qemu-web/-/issues/9
		38	UPSTREAM_CHECK_URI = "https://www.qemu.org"
46	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"	39	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
47		40
48	# SDK_OLDEST_KERNEL is set below 4.17, which is the minimum version required by QEMU >= 8.1	41	SRC_URI[sha256sum] = "ef786f2398cb5184600f69aef4d5d691efd44576a3cff4126d38d4c6fec87759"
49	# This is due to two MMAP flags being used at certain points
50	SRC_URI:append:class-nativesdk = " \
51	file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \
52	file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
53	"
54
55	# Support building and using native version on pre 4.17 kernels
56	SRC_URI:append:class-native = " \
57	file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \
58	file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
59	"
60
61	SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be"
62		42
63	CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."	43	CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
64		44
65	# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11	45	# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
66	CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."	46	CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
67		47
68	# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
69	# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
70	CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
71
72	# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387	48	# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387
73	CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue."	49	CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue."
74		50
75	CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before 8.2.0"	51	# NVD DB has this CVE as version-less (with "-")
76		52	CVE_STATUS[CVE-2024-6505] = "fixed-version: this CVE is fixed since 9.1.0"
77	CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
78		53
79	CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"	54	CVE_STATUS[CVE-2023-1386] = "disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
80		55
81	COMPATIBLE_HOST:mipsarchn32 = "null"	56	COMPATIBLE_HOST:mipsarchn32 = "null"
82	COMPATIBLE_HOST:mipsarchn64 = "null"	57	COMPATIBLE_HOST:mipsarchn64 = "null"
@@ -182,27 +157,16 @@ do_install () {
182	rm ${D}${datadir}/qemu/s390-netboot.img -f	157	rm ${D}${datadir}/qemu/s390-netboot.img -f
183	# ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel]	158	# ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel]
184	rm ${D}${datadir}/qemu/s390-ccw.img -f	159	rm ${D}${datadir}/qemu/s390-ccw.img -f
		160	# We don't support PARISC and these cause strip and SDK relocation errors
		161	rm ${D}${datadir}/qemu/hppa* -f
185	}	162	}
186		163
187	# The following fragment will create a wrapper for qemu-mips user emulation
188	# binary in order to work around a segmentation fault issue. Basically, by
189	# default, the reserved virtual address space for 32-on-64 bit is set to 4GB.
190	# This will trigger a MMU access fault in the virtual CPU. With this change,
191	# the qemu-mips works fine.
192	# IMPORTANT: This piece needs to be removed once the root cause is fixed!
193	do_install:append() {
194	if [ -e "${D}/${bindir}/qemu-mips" ]; then
195	create_wrapper ${D}/${bindir}/qemu-mips \
196	QEMU_RESERVED_VA=0x0
197	fi
198	}
199	# END of qemu-mips workaround
200
201	# Disable kvm/virgl/mesa on targets that do not support it	164	# Disable kvm/virgl/mesa on targets that do not support it
202	PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+"	165	PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+"
203	PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie"	166	PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie"
204		167
205	PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"	168	PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl2"
		169	PACKAGECONFIG[sdl-image] = "--enable-sdl-image,--disable-sdl-image,libsdl2-image"
206	PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"	170	PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"
207	PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"	171	PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"
208	PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"	172	PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
@@ -213,6 +177,7 @@ PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpe
213	PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl,"	177	PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl,"
214	PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss,"	178	PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss,"
215	PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses,"	179	PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses,"
		180	PACKAGECONFIG[pixman] = "--enable-pixman,--disable-pixman,pixman"
216	PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native"	181	PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native"
217	PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native"	182	PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native"
218	PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng,"	183	PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng,"
@@ -287,9 +252,6 @@ python split_qemu_packages () {
287	subpackages += do_split_packages(d, archdir, r'^qemu-((?!system\|edid\|ga\|img\|io\|nbd\|pr-helper\|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common')	252	subpackages += do_split_packages(d, archdir, r'^qemu-((?!system\|edid\|ga\|img\|io\|nbd\|pr-helper\|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common')
288	if subpackages:	253	if subpackages:
289	d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages))	254	d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages))
290	mipspackage = d.getVar('PN') + "-user-mips"
291	if mipspackage in ' '.join(subpackages):
292	d.appendVar('RDEPENDS:' + mipspackage, ' ' + d.getVar("MLPREFIX") + 'bash')
293	}	255	}
294		256
295	# Put the guest agent in a separate package	257	# Put the guest agent in a separate package