Commit Graph

226 Commits

Author SHA1 Message Date
Ryan Burns
18451cb59a qemu: fix CVE-2021-3713
Backport patch from 6.2.0-rc0
2021-10-27 21:51:17 -07:00
Ivan Babrou
decdbc3569
qemu: enable hvf acceleration on aarch64-darwin (#139960) 2021-10-01 01:42:17 -04:00
Artturin
b7fa38dcf6 qemu: add makeWrapper back to nativeBuildInputs 2021-09-29 15:53:21 +03:00
Alexandre Iooss
988da51d9c qemu: 6.0.0 -> 6.1.0 2021-09-29 09:56:09 +00:00
Vladimír Čunát
8ab6ba6b1c
Merge branch 'staging-next' into staging 2021-08-06 09:14:57 +02:00
Sandro Jäckel
22b442710a
qemu: format 2021-08-04 20:54:48 +02:00
arcnmx
14b3a15778 qemu: move makeWrapper to nativeBuildInputs 2021-08-04 10:08:53 -07:00
github-actions[bot]
dc802b2e19
Merge master into staging-next 2021-07-19 00:01:36 +00:00
Robert Scott
cddea297f2 qemu: add patches for CVE-2021-3545 & CVE-2021-3546 2021-07-18 14:49:50 +01:00
Maximilian Bosch
04be5ced7e
qemu: fix build w/glibc-2.33 2021-07-06 16:02:35 +02:00
AndersonTorres
e9e5f5f84d Change all alsaLib references to alsa-lib 2021-06-10 01:12:49 -03:00
Stéphan Kochen
44a41a2e11 qemu: fix darwin build
Co-authored-by: Michael Roitzsch <reactorcontrol@icloud.com>
2021-05-21 08:55:51 +02:00
Ryan Mulligan
ddcd4ddc2c qemu_full: add glusterfs support 2021-05-05 13:05:21 -07:00
Alyssa Ross
c49a518f9f qemu: 5.2.0 -> 6.0.0; adopt; broaden platforms
Tested building qemu_kvm, qemu_full, and qemu_test on x86_64-linux.
Also tested booting a VM generated with nixos-rebuild build-vm.

I wasn't able to test building pkgsMusl.qemu_kvm, because of many
build failures in dependencies.
2021-05-01 11:31:02 +00:00
Martin Weinelt
08adc07811
Merge pull request #120616 from risicle/ris-qemu-fix-CVE-numbers
qemu: patches: use correct CVE numbers for CVE-2021-20221 & CVE-2021-20181
2021-04-27 00:36:44 +02:00
Graham Christensen
040523e378
Merge pull request #120679 from lukegb/big-parallel
treewide: require big-parallel on large, slow builds
2021-04-25 21:22:57 -04:00
Luke Granger-Brown
3429633af3 qemu: require big-parallel
Compiles in about 2h50m on a 2-core builder, and 20m on a big-parallel
machine.
2021-04-26 00:50:07 +00:00
Robert Scott
5b0b678a31 qemu: patches: use correct CVE numbers for CVE-2021-20221 & CVE-2021-20181 2021-04-25 19:09:36 +01:00
Robert Scott
3f2857f782 qemu: add patches for many CVEs
CVE-2020-27821
CVE-2020-20221
CVE-2020-20181
CVE-2020-35517
CVE-2021-20263
CVE-2021-3416
CVE-2021-3409
CVE-2021-3392
2021-04-25 01:09:01 +01:00
Alyssa Ross
8e71416e5d qemu: set localstatedir
Otherwise qemu-qa, qemu-pr-helper, and virtiofsd, try to write to
$out/var at runtime.

Fixes: https://github.com/NixOS/nixpkgs/issues/113909
Fixes: https://github.com/NixOS/nixpkgs/pull/112886
2021-03-29 17:19:06 +00:00
Jörg Thalheim
c3b9c62eba
Merge pull request #112881 from alyssais/qemu-stack
qemu: re-enable stack protection
2021-03-07 11:40:24 +00:00
Sandro Jäckel
993fb95e78
qemu: remove not require enableParallelBuild 2021-03-03 16:23:53 +01:00
Sandro Jäckel
4ad340f37c
Revert "qemu: guard desktop file removal"
This reverts commit e74ae54da5.

rm -f ignores if the file exists or not.
2021-03-01 18:32:39 +01:00
Jörg Thalheim
3f2321e5c1
Merge pull request #112440 from bobrik/ivan/qemu-aarch64-darwin-prep 2021-02-16 06:49:16 +00:00
Florian Klink
c70a8c8d92
Merge pull request #113189 from nix-things-mobile/fix/qemu-repair
qemu: guard desktop file removal
2021-02-15 21:54:29 +01:00
daniel
e74ae54da5 qemu: guard desktop file removal
The qemu.desktop file should only be attempted to be removed if available.
2021-02-15 09:33:18 +01:00
TredwellGit
dd441204f6 qemu: set sysconfdir
Fixes https://github.com/NixOS/nixpkgs/issues/111675 and https://github.com/NixOS/nixpkgs/issues/110142.
2021-02-13 00:25:28 +00:00
Alyssa Ross
8f0bd879da
qemu: re-enable stack protection
5e25995295 ("qemu: 2.6.1 -> 2.7.0") added this, because the QEMU
build failed without it.  That's no longer the case, so we can bring
back stack protection.
2021-02-09 21:26:43 +00:00
Ivan Babrou
251add14cf qemu: only apply autoPatchelfHook on linux
It fails on darwin due to missing `patchelf` and the missing ELFs:

```
/nix/store/...-auto-patchelf-hook/nix-support/setup-hook: line 220: -l: command not found
```
2021-02-08 13:48:16 -08:00
Ivan Babrou
d29e8f0e59 qemu: rename VERSION to QEMU_VERSION to avoid name clash
In libc++ starting with LLVM8 there's `<version>` include in `cstddef`:

The following things also align:

* QEMU has a file called `VERSION` in repo root
* QEMU prepends repo root to include path in build
* macOS has a case-insensetive filesystem

All of this combined means that `VERSION` file is included as a header.

Working around this be renaming `VERSION` -> `QEMU_VERSION` to resolve ambiguity.

The problem really only appears on `aarch64-darwin`, since on `x86_64-darwin`
there are no C++ files to compile. The workaround is harmless enough to apply.
2021-02-08 13:45:47 -08:00
Ivan Babrou
bb475b01d2 qemu: do not force x86_64 cpu on darwin
This change produces the following warning:

```
... configure: line 619: sysctl: command not found
```

It's benign and sysctl is only useful on MacOS X Leopard:

* https://github.com/qemu/qemu/blob/v5.2.0/configure#L615-L621

Leopard is 13 years old and is not supported by Nix.

The sysctl check is removed in qemu master branch already.

Plus aarch64-darwin is coming in #105026, so there's no reason to force x86_64.
2021-02-08 13:39:10 -08:00
Milan
b7871c3f2d
qemu: fix build when desktop file does not exist (#110721)
The qemu-user variants as used by binfmt emulation through
`(lib.systems.elaborate lib.systems.examples.aarch64-multiplatform).emulator pkgs`
does not install a .desktop file since qemu 5.2.0. This change allows
the build to continue if deletion of the desktop file fails.
2021-01-25 19:24:32 +01:00
Drew Risinger
9e403b19a1 qemu: 5.1.0 -> 5.2.0
Updates to latest version of QEMU.
The build system has changed to ninja.
There are several configuration flags that aren't enabled. I will
defer to maintainers on those.

Adds autoPatchelfHook for patching output dynamically linked binaries.

qemu: use Nix's meson vs bundled

qemu: remove custom directory locations

It appears that these directories are no longer automatically prefixed
with $out/, so they are now trying to write to the system /etc/, /var/
directories, which is not permitted in sandbox.
The default directories seem to work OK, so using those.
2021-01-19 14:06:28 -05:00
Sandro
1afec60627
Merge pull request #95274 from misuzu/qemu-iscsi 2021-01-17 20:16:06 +01:00
Ben Siraphob
5d566c43b4 pkgs/applications: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Ben Siraphob
108bdac3d9 pkgs/applications: stdenv.lib -> lib 2021-01-15 14:24:03 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
misuzu
c5dd597870 qemu: libiscsi support 2020-12-29 16:19:42 +02:00
Martin Weinelt
c3f268000e
qemu: fix CVE-2020-28916
While receiving packets via e1000e_write_packet_to_guest an infinite
loop could be triggered if the receive descriptor had a NULL buffer
address.

A privileged guest user could use this to induce a DoS Scenario.

Fixes: CVE-2020-28916
2020-12-01 16:54:21 +01:00
Martin Weinelt
bd3ce46719
qemu: fix CVE-2020-29129, CVE-2020-29130 in vendored libslirp
Fixes out-of-bounds access in libslirp while processing ARP/NCSI packets.

Fixes: CVE-2020-29129, CVE-2020-29130
2020-11-28 02:47:44 +01:00
Martin Weinelt
0c54b757e9
qemu: apply patch for CVE-2020-27617
An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Fixes: CVE-2020-27617
2020-11-02 14:01:01 +01:00
Andreas Rammhold
2451796b49
qemu: make ncurses optional for the test runner
This shaves another 3MB off the closure size of QEMU.
2020-10-19 17:49:31 +02:00
Andreas Rammhold
e79eed4840
qemu: strip down the features for the test runner
This allows much faster VM-test based systemd testing as the closure of
qemu suddenly shrinks to reasonable sizes again.
2020-10-19 17:39:47 +02:00
Arthur Gautier
4e73ee6a53 qemu: adds tpm support 2020-08-23 17:24:38 -07:00
misuzu
24028674a1 qemu: 5.0.0 -> 5.1.0 2020-08-16 08:12:55 +00:00
worldofpeace
bf5fe68ad2
Merge pull request #95203 from alyssais/qemu
qemu-utils: install man pages
2020-08-11 17:10:41 -04:00
Alyssa Ross
1e3d56ec16
qemu-utils: install man pages 2020-08-11 21:02:49 +00:00
Peter Hoeg
cde67612b2 qemu: drop invalid and redundant qemu.desktop 2020-07-22 13:38:23 +08:00
Markus Kowalewski
5d87992126
qemu-utils: inherit meta data from qemu 2020-06-11 18:27:34 +02:00
Frederik Rietdijk
08900c0554 Merge master into staging-next 2020-06-04 15:25:54 +02:00