From f46c5b293b73b63f6b1c222250f876b7ac95fcb1 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Wed, 25 Jan 2017 09:33:23 -0500 Subject: [PATCH] qemu: 2.7 -> 2.8, drop 2.7 --- pkgs/applications/virtualization/qemu/2.8.nix | 93 ------------- .../virtualization/qemu/CVE-2016-9102.patch | 12 -- .../virtualization/qemu/default.nix | 127 +----------------- pkgs/top-level/all-packages.nix | 5 - 4 files changed, 5 insertions(+), 232 deletions(-) delete mode 100644 pkgs/applications/virtualization/qemu/2.8.nix delete mode 100644 pkgs/applications/virtualization/qemu/CVE-2016-9102.patch diff --git a/pkgs/applications/virtualization/qemu/2.8.nix b/pkgs/applications/virtualization/qemu/2.8.nix deleted file mode 100644 index 677386819d3..00000000000 --- a/pkgs/applications/virtualization/qemu/2.8.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ stdenv, fetchurl, fetchpatch, python2, zlib, pkgconfig, glib -, ncurses, perl, pixman, vde2, alsaLib, texinfo, libuuid, flex -, bison, lzo, snappy, libaio, gnutls, nettle, curl -, makeWrapper -, attr, libcap, libcap_ng -, CoreServices, Cocoa, rez, setfile -, numaSupport ? stdenv.isLinux, numactl -, seccompSupport ? stdenv.isLinux, libseccomp -, pulseSupport ? !stdenv.isDarwin, libpulseaudio -, sdlSupport ? !stdenv.isDarwin, SDL -, vncSupport ? true, libjpeg, libpng -, spiceSupport ? !stdenv.isDarwin, spice, spice_protocol, usbredir -, x86Only ? false -, nixosTestRunner ? false -}: - -with stdenv.lib; -let - version = "2.8.0"; - audio = optionalString (hasSuffix "linux" stdenv.system) "alsa," - + optionalString pulseSupport "pa," - + optionalString sdlSupport "sdl,"; -in - -stdenv.mkDerivation rec { - name = "qemu-" - + stdenv.lib.optionalString x86Only "x86-only-" - + stdenv.lib.optionalString nixosTestRunner "for-vm-tests-" - + version; - - src = fetchurl { - url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; - sha256 = "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"; - }; - - buildInputs = - [ python2 zlib pkgconfig glib ncurses perl pixman - vde2 texinfo libuuid flex bison makeWrapper lzo snappy - gnutls nettle curl - ] - ++ optionals stdenv.isDarwin [ CoreServices Cocoa rez setfile ] - ++ optionals seccompSupport [ libseccomp ] - ++ optionals numaSupport [ numactl ] - ++ optionals pulseSupport [ libpulseaudio ] - ++ optionals sdlSupport [ SDL ] - ++ optionals vncSupport [ libjpeg libpng ] - ++ optionals spiceSupport [ spice_protocol spice usbredir ] - ++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ]; - - enableParallelBuilding = true; - - patches = [ - ./no-etc-install.patch - ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; - hardeningDisable = [ "stackprotector" ]; - - configureFlags = - [ "--smbd=smbd" # use `smbd' from $PATH - "--audio-drv-list=${audio}" - "--sysconfdir=/etc" - "--localstatedir=/var" - ] - ++ optional numaSupport "--enable-numa" - ++ optional seccompSupport "--enable-seccomp" - ++ optional spiceSupport "--enable-spice" - ++ optional x86Only "--target-list=i386-softmmu,x86_64-softmmu" - ++ optional stdenv.isDarwin "--enable-cocoa" - ++ optional stdenv.isLinux "--enable-linux-aio"; - - postFixup = - '' - for exe in $out/bin/qemu-system-* ; do - paxmark m $exe - done - ''; - - postInstall = - '' - # Add a ‘qemu-kvm’ wrapper for compatibility/convenience. - p="$out/bin/qemu-system-${if stdenv.system == "x86_64-linux" then "x86_64" else "i386"}" - if [ -e "$p" ]; then - makeWrapper "$p" $out/bin/qemu-kvm --add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)" - fi - ''; - - meta = with stdenv.lib; { - homepage = http://www.qemu.org/; - description = "A generic and open source machine emulator and virtualizer"; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ viric eelco ]; - platforms = platforms.linux ++ platforms.darwin; - }; -} diff --git a/pkgs/applications/virtualization/qemu/CVE-2016-9102.patch b/pkgs/applications/virtualization/qemu/CVE-2016-9102.patch deleted file mode 100644 index 05a95599937..00000000000 --- a/pkgs/applications/virtualization/qemu/CVE-2016-9102.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index d938427..7557a7d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3261,6 +3261,7 @@ - xattr_fidp->fs.xattr.flags = flags; - v9fs_string_init(&xattr_fidp->fs.xattr.name); - v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); -+ g_free(xattr_fidp->fs.xattr.value); - xattr_fidp->fs.xattr.value = g_malloc0(size); - err = offset; - put_fid(pdu, file_fidp); diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index ae88399f13a..d7910eb938f 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, fetchpatch, python2, zlib, pkgconfig, glib -, ncurses, perl, pixman, vde2, alsaLib, texinfo, libuuid, flex +, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex , bison, lzo, snappy, libaio, gnutls, nettle, curl , makeWrapper , attr, libcap, libcap_ng @@ -16,26 +16,26 @@ with stdenv.lib; let - version = "2.7.0"; + version = "2.8.0"; audio = optionalString (hasSuffix "linux" stdenv.system) "alsa," + optionalString pulseSupport "pa," + optionalString sdlSupport "sdl,"; in stdenv.mkDerivation rec { - name = "qemu-" + name = "qemu-" + stdenv.lib.optionalString x86Only "x86-only-" + stdenv.lib.optionalString nixosTestRunner "for-vm-tests-" + version; src = fetchurl { url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; - sha256 = "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij"; + sha256 = "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"; }; buildInputs = [ python2 zlib pkgconfig glib ncurses perl pixman - vde2 texinfo libuuid flex bison makeWrapper lzo snappy + vde2 texinfo flex bison makeWrapper lzo snappy gnutls nettle curl ] ++ optionals stdenv.isDarwin [ CoreServices Cocoa rez setfile ] @@ -51,123 +51,6 @@ stdenv.mkDerivation rec { patches = [ ./no-etc-install.patch - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/net-vmxnet-initialise-local-tx-descriptor-CVE-2016-6836.patch"; - sha256 = "1i01vsxsdwrb5r7i9dmrshal4fvpj2j01cmvfkl5wz3ssq5z02wc"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-mptconfig-fix-an-assert-expression-CVE-2016-7157.patch"; - sha256 = "1wqf9k79wdr1k25siyhhybz1bpb0iyshv6fvsf55pgk5p0dg1970"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK-CVE-2016-7157.patch"; - sha256 = "0l78fcbq8mywlgax234dh4226kxzbdgmarz1yrssaaiipkzq4xgw"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj-CVE-2016-7423.patch"; - sha256 = "14l8w40zjjhpmzz4rkh69h5na8d4did7v99ng7nzrychakd5l29h"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-pvscsi-check-page-count-while-initialising-descriptor-rings-CVE-2016-7155.patch"; - sha256 = "1dwkci5mqgx3xz2q69kbcn48l8vwql9g3qaza2jxi402xdgc07zn"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-pvscsi-limit-loop-to-fetch-SG-list-CVE-2016-7156.patch"; - sha256 = "1r5xm4m9g39p89smsia4i9jbs32nq9gdkpx6wgd91vmswggcbqsi"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/scsi-pvscsi-limit-process-IO-loop-to-ring-size-CVE-2016-7421.patch"; - sha256 = "07661d1kd0ddkmzsrjph7jnhz2qbfavkxamnvs3axaqpp52kx6ga"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/usb-xhci-fix-memory-leak-in-usb_xhci_exit-CVE-2016-7466.patch"; - sha256 = "0nckwzn9k6369vni12s8hhjn73gbk6ns0mazns0dlgcq546q2fjj"; - }) - (fetchpatch { - url = "https://sources.debian.net/data/main/q/qemu/1:2.7+dfsg-3/debian/patches/virtio-add-check-for-descriptor-s-mapped-address-CVE-2016-7422.patch"; - sha256 = "1f1ilpzlxfjqvwmv9h0mzygwl5l8zd690f32vxfv9g6rfbr5h72k"; - }) - (fetchpatch { - name = "qemu-CVE-2016-8909.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=0c0fc2b5fd534786051889459848764edd798050"; - sha256 = "0mavkajxchfacpl4gpg7dhppbnhs1bbqn2rwqwiwkl0m5h19d9fv"; - }) - (fetchpatch { - name = "qemu-CVE-2016-8910.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=c7c35916692fe010fef25ac338443d3fe40be225"; - sha256 = "10qmlggifdmvj5hg3brs712agjq6ppnslm0n5d5jfgjl7599wxml"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9103.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=eb687602853b4ae656e9236ee4222609f3a6887d"; - sha256 = "0j20n4z1wzybx8m7pn1zsxmz4rbl8z14mbalfabcjdgz8sx8g90d"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9104.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6"; - sha256 = "1l99sf70098l6v05dq4x7p2glxx1l4nq1l8l3711ykp9vxkp91qs"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9105.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c"; - sha256 = "0b2w5myw2vjqk81wm8dz373xfhfkx3hgy7bxr94l060snxcl7ar4"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9106.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9"; - sha256 = "0npi3fag52icq7xr799h5zi11xscbakdhqmdab0kyl6q331cc32z"; - }) - (fetchpatch { - name = "qemu-CVE-2016-7994.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=cb3a0522b694cc5bb6424497b3f828ccd28fd1dd"; - sha256 = "1zhmbqlj0hc69ia4s6h59pi1z3nmijkryxwmf4bzp9gahx8x4xm3"; - }) - (fetchpatch { - name = "qemu-CVE-2016-8668.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=8caed3d564672e8bc6d2e4c6a35228afd01f4723"; - sha256 = "19sq6fh7nh8wrk52skky4vwm80029lhm093g11f539krmzjgipik"; - }) - (fetchpatch { - name = "qemu-CVE-2016-7907.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=070c4b92b8cd5390889716677a0b92444d6e087a"; - sha256 = "0in89697r6kwkf302v3cg16390q7qs33n2b4kba26m4x65632dxm"; - }) - - # FIXME: Fix for CVE-2016-9101 not yet ready: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html - - # from http://git.qemu.org/?p=qemu.git;a=patch;h=ff55e94d23ae94c8628b0115320157c763eb3e06 - ./CVE-2016-9102.patch - - (fetchpatch { - name = "qemu-CVE-2016-9911.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=791f97758e223de3290592d169f8e6339c281714"; - sha256 = "0952mpc81h42k5kqsw42prnw5vw86r3j88wk5z4sr1xd1sg428d6"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9921_9922.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70"; - sha256 = "125xlysdgpp59m4rp1mb59i3ipmf3yjk8x01gzvxcg1hnpgm4j4c"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9845.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=42a8dadc74f8982fc269e54e3c5627b54d9f83d8"; - sha256 = "0qivj585pp1g6xfzknzgi5d2p6can3ihfgpxz3wi12h5jl5q6677"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9846.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=2d1cd6c7a91a4beb99a0c3a21be529222a708545"; - sha256 = "1pa8wwxaz4k4sw1zfa4w0zlxkw6qpsrny1z8c8i8di91aswspq3i"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9907.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf"; - sha256 = "0phsk2x6mfsd6gabmfk4pr5nc4aymcqsfd88zihlm9d20gg9pbv3"; - }) - (fetchpatch { - name = "qemu-CVE-2016-9912.patch"; - url = "http://git.qemu.org/?p=qemu.git;a=patch;h=b8e23926c568f2e963af39028b71c472e3023793"; - sha256 = "1b711s63pg6rzqkqyx0mrlb4x6jv3dscc90qg8w6lflwlhwa73iv"; - }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch; hardeningDisable = [ "stackprotector" ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 53ce759578d..8a720045a8d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14656,11 +14656,6 @@ with pkgs; inherit (darwin.stubs) rez setfile; }; - qemu_28 = callPackage ../applications/virtualization/qemu/2.8.nix { - inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa; - inherit (darwin.stubs) rez setfile; - }; - qgis = callPackage ../applications/gis/qgis {}; qgroundcontrol = qt55.callPackage ../applications/science/robotics/qgroundcontrol { };