From 47789523ddcc62fde6c55eb1bfbfe7bd3ce4cd11 Mon Sep 17 00:00:00 2001 From: Xiangyu Chen Date: Mon, 8 Jul 2024 17:34:04 +0800 Subject: qemu: Upgrade 8.2.1 -> 8.2.2 This was a bugfix release, this version fixed several important fixes according to upstream. Dropped CVE-2023-6683.patch since already contained the fix. (From OE-Core rev: f548a3a24f3fc26b09e2fcc8544065beb5293f91) Signed-off-by: Xiangyu Chen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu-native_8.2.1.bb | 9 --- meta/recipes-devtools/qemu/qemu-native_8.2.2.bb | 9 +++ .../qemu/qemu-system-native_8.2.1.bb | 31 -------- .../qemu/qemu-system-native_8.2.2.bb | 31 ++++++++ meta/recipes-devtools/qemu/qemu.inc | 3 +- .../recipes-devtools/qemu/qemu/CVE-2023-6683.patch | 91 ---------------------- meta/recipes-devtools/qemu/qemu_8.2.1.bb | 27 ------- meta/recipes-devtools/qemu/qemu_8.2.2.bb | 27 +++++++ 8 files changed, 68 insertions(+), 160 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu-native_8.2.1.bb create mode 100644 meta/recipes-devtools/qemu/qemu-native_8.2.2.bb delete mode 100644 meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb create mode 100644 meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch delete mode 100644 meta/recipes-devtools/qemu/qemu_8.2.1.bb create mode 100644 meta/recipes-devtools/qemu/qemu_8.2.2.bb (limited to 'meta/recipes-devtools') diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.1.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.1.bb deleted file mode 100644 index a77953529b..0000000000 --- a/meta/recipes-devtools/qemu/qemu-native_8.2.1.bb +++ /dev/null @@ -1,9 +0,0 @@ -BPN = "qemu" - -DEPENDS += "glib-2.0-native zlib-native" - -require qemu-native.inc - -EXTRA_OECONF:append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-install-blobs --disable-guest-agent" - -PACKAGECONFIG ??= "pie" diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb new file mode 100644 index 0000000000..a77953529b --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb @@ -0,0 +1,9 @@ +BPN = "qemu" + +DEPENDS += "glib-2.0-native zlib-native" + +require qemu-native.inc + +EXTRA_OECONF:append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-install-blobs --disable-guest-agent" + +PACKAGECONFIG ??= "pie" diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb deleted file mode 100644 index 0634b34242..0000000000 --- a/meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb +++ /dev/null @@ -1,31 +0,0 @@ -BPN = "qemu" - -require qemu-native.inc - -# As some of the files installed by qemu-native and qemu-system-native -# are the same, we depend on qemu-native to get the full installation set -# and avoid file clashes -DEPENDS += "glib-2.0-native zlib-native pixman-native qemu-native" - -EXTRA_OECONF:append = " --target-list=${@get_qemu_system_target_list(d)}" - -PACKAGECONFIG ??= "fdt alsa kvm pie slirp png \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ -" - -# Handle distros such as CentOS 5 32-bit that do not have kvm support -PACKAGECONFIG:remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" - -do_install:append() { - install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu - - # The following is also installed by qemu-native - rm -f ${D}${datadir}/qemu/trace-events-all - rm -rf ${D}${datadir}/qemu/keymaps - rm -rf ${D}${datadir}/icons/ - rm -rf ${D}${includedir}/qemu-plugin.h - - # Install qmp.py to be used with testimage - install -d ${D}${libdir}/qemu-python/qmp/ - install -D ${S}/python/qemu/qmp/* ${D}${libdir}/qemu-python/qmp/ -} diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb new file mode 100644 index 0000000000..0634b34242 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb @@ -0,0 +1,31 @@ +BPN = "qemu" + +require qemu-native.inc + +# As some of the files installed by qemu-native and qemu-system-native +# are the same, we depend on qemu-native to get the full installation set +# and avoid file clashes +DEPENDS += "glib-2.0-native zlib-native pixman-native qemu-native" + +EXTRA_OECONF:append = " --target-list=${@get_qemu_system_target_list(d)}" + +PACKAGECONFIG ??= "fdt alsa kvm pie slirp png \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ +" + +# Handle distros such as CentOS 5 32-bit that do not have kvm support +PACKAGECONFIG:remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" + +do_install:append() { + install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu + + # The following is also installed by qemu-native + rm -f ${D}${datadir}/qemu/trace-events-all + rm -rf ${D}${datadir}/qemu/keymaps + rm -rf ${D}${datadir}/icons/ + rm -rf ${D}${includedir}/qemu-plugin.h + + # Install qmp.py to be used with testimage + install -d ${D}${libdir}/qemu-python/qmp/ + install -D ${S}/python/qemu/qmp/* ${D}${libdir}/qemu-python/qmp/ +} diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index d22bc31ce3..e121ae70cc 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -39,7 +39,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0003-linux-user-Add-strace-for-shmat.patch \ file://0004-linux-user-Rewrite-target_shmat.patch \ file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ - file://CVE-2023-6683.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ file://CVE-2024-3446-01.patch \ @@ -63,7 +62,7 @@ SRC_URI:append:class-native = " \ file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ " -SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be" +SRC_URI[sha256sum] = "847346c1b82c1a54b2c38f6edbd85549edeb17430b7d4d3da12620e2962bc4f3" CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch deleted file mode 100644 index 732cb6af18..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Wed, 24 Jan 2024 11:57:48 +0100 -Subject: [PATCH] ui/clipboard: mark type as not available when there is no - data -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT -message with len=0. In qemu_clipboard_set_data(), the clipboard info -will be updated setting data to NULL (because g_memdup(data, size) -returns NULL when size is 0). If the client does not set the -VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then -the 'request' callback for the clipboard peer is not initialized. -Later, because data is NULL, qemu_clipboard_request() can be reached -via vdagent_chr_write() and vdagent_clipboard_recv_request() and -there, the clipboard owner's 'request' callback will be attempted to -be called, but that is a NULL pointer. - -In particular, this can happen when using the KRDC (22.12.3) VNC -client. - -Another scenario leading to the same issue is with two clients (say -noVNC and KRDC): - -The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and -initializes its cbpeer. - -The KRDC client does not, but triggers a vnc_client_cut_text() (note -it's not the _ext variant)). There, a new clipboard info with it as -the 'owner' is created and via qemu_clipboard_set_data() is called, -which in turn calls qemu_clipboard_update() with that info. - -In qemu_clipboard_update(), the notifier for the noVNC client will be -called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the -noVNC client. The 'owner' in that clipboard info is the clipboard peer -for the KRDC client, which did not initialize the 'request' function. -That sounds correct to me, it is the owner of that clipboard info. - -Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set -the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it -passes), that clipboard info is passed to qemu_clipboard_request() and -the original segfault still happens. - -Fix the issue by handling updates with size 0 differently. In -particular, mark in the clipboard info that the type is not available. - -While at it, switch to g_memdup2(), because g_memdup() is deprecated. - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2023-6683 -Reported-by: Markus Frank -Suggested-by: Marc-André Lureau -Signed-off-by: Fiona Ebner -Reviewed-by: Marc-André Lureau -Tested-by: Markus Frank -Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com> - -CVE: CVE-2023-6683 - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a] -Signed-off-by: Simone Weiß - ---- - ui/clipboard.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/ui/clipboard.c b/ui/clipboard.c -index 3d14bffaf80f..b3f6fa3c9e1f 100644 ---- a/ui/clipboard.c -+++ b/ui/clipboard.c -@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, - } - - g_free(info->types[type].data); -- info->types[type].data = g_memdup(data, size); -- info->types[type].size = size; -- info->types[type].available = true; -+ if (size) { -+ info->types[type].data = g_memdup2(data, size); -+ info->types[type].size = size; -+ info->types[type].available = true; -+ } else { -+ info->types[type].data = NULL; -+ info->types[type].size = 0; -+ info->types[type].available = false; -+ } - - if (update) { - qemu_clipboard_update(info); diff --git a/meta/recipes-devtools/qemu/qemu_8.2.1.bb b/meta/recipes-devtools/qemu/qemu_8.2.1.bb deleted file mode 100644 index dc1352232e..0000000000 --- a/meta/recipes-devtools/qemu/qemu_8.2.1.bb +++ /dev/null @@ -1,27 +0,0 @@ -BBCLASSEXTEND = "nativesdk" - -require qemu.inc - -DEPENDS += "glib-2.0 zlib pixman" - -DEPENDS:append:libc-musl = " libucontext" - -CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" - -RDEPENDS:${PN}-common:class-target += "bash" - -EXTRA_OECONF:append:class-target = " --target-list=${@get_qemu_target_list(d)}" -EXTRA_OECONF:append:class-target:mipsarcho32 = "${@bb.utils.contains('BBEXTENDCURR', 'multilib', ' --disable-capstone', '', d)}" -EXTRA_OECONF:append:class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" - -PACKAGECONFIG ??= " \ - fdt sdl kvm pie slirp \ - ${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio xen', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ -" -PACKAGECONFIG:class-nativesdk ??= "fdt sdl kvm pie slirp \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ -" -# ppc32 hosts are no longer supported in qemu -COMPATIBLE_HOST:powerpc = "null" diff --git a/meta/recipes-devtools/qemu/qemu_8.2.2.bb b/meta/recipes-devtools/qemu/qemu_8.2.2.bb new file mode 100644 index 0000000000..dc1352232e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu_8.2.2.bb @@ -0,0 +1,27 @@ +BBCLASSEXTEND = "nativesdk" + +require qemu.inc + +DEPENDS += "glib-2.0 zlib pixman" + +DEPENDS:append:libc-musl = " libucontext" + +CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" + +RDEPENDS:${PN}-common:class-target += "bash" + +EXTRA_OECONF:append:class-target = " --target-list=${@get_qemu_target_list(d)}" +EXTRA_OECONF:append:class-target:mipsarcho32 = "${@bb.utils.contains('BBEXTENDCURR', 'multilib', ' --disable-capstone', '', d)}" +EXTRA_OECONF:append:class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" + +PACKAGECONFIG ??= " \ + fdt sdl kvm pie slirp \ + ${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio xen', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ +" +PACKAGECONFIG:class-nativesdk ??= "fdt sdl kvm pie slirp \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ +" +# ppc32 hosts are no longer supported in qemu +COMPATIBLE_HOST:powerpc = "null" -- cgit v1.2.3-54-g00ecf