diff options
| author | Jed Liu | 2015-08-27 18:48:50 -0400 |
|---|---|---|
| committer | Jed Liu | 2015-08-27 18:48:50 -0400 |
| commit | 15fdc8067fa9660d58b3e8b71d25f07cc50d9e84 (patch) | |
| tree | 9e3b61012d125d093a3b7091365627c8dd78e06d | |
| parent | 6f9e0c16ebb1bbbadf369888c3c85362c8778e7d (diff) | |
| download | aur-15fdc8067fa9660d58b3e8b71d25f07cc50d9e84.tar.gz | |
upgpkg: qemu-minimal 2.4.0-2
| -rw-r--r-- | .SRCINFO | 35 | ||||
| -rw-r--r-- | CVE-2015-3456.patch | 84 | ||||
| -rw-r--r-- | PKGBUILD | 230 | ||||
| -rw-r--r-- | qemu-ga.service | 8 | ||||
| -rw-r--r-- | qemu.install | 18 | ||||
| -rw-r--r-- | qemu.sysusers | 1 |
6 files changed, 206 insertions, 170 deletions
@@ -1,7 +1,7 @@ pkgbase = qemu-minimal - pkgver = 2.3.0 - pkgrel = 3 - url = http://wiki.qemu.org/Index.html + pkgver = 2.4.0 + pkgrel = 2 + url = http://wiki.qemu.org/ arch = i686 arch = x86_64 license = GPL2 @@ -16,29 +16,42 @@ pkgbase = qemu-minimal makedepends = libaio makedepends = libseccomp makedepends = python2 + makedepends = libssh2 + makedepends = lzo + makedepends = snappy conflicts = qemu - options = !strip - source = http://wiki.qemu.org/download/qemu-2.3.0.tar.bz2 - source = CVE-2015-3456.patch + source = http://wiki.qemu.org/download/qemu-2.4.0.tar.bz2 + source = qemu.sysusers + source = qemu-ga.service source = 65-kvm.rules - md5sums = 2fab3ea4460de9b57192e5b8b311f221 - md5sums = 5e8a68940c4e0267e795a6ddd144e00e + md5sums = 186ee8194140a484a455f8e3c74589f4 + md5sums = 49778d11c28af170c4bebcc648b0ace1 + md5sums = 44ee242d758f9318c6a1ea1dae96aa3a md5sums = 33ab286a20242dda7743a900f369d68a pkgname = qemu-minimal pkgdesc = A generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. This is a stripped-down version of the official package and requires only the bare essentials for running on a headless server. install = qemu.install + depends = glibc depends = libjpeg depends = glib2 depends = util-linux - depends = curl depends = libsasl depends = seabios + depends = libcap depends = libcap-ng depends = libaio depends = libseccomp - depends = libssh2>=1.5.0 + depends = lzo + depends = snappy + depends = gcc-libs + depends = zlib + depends = bzip2 + depends = nspr + depends = ncurses + depends = libssh2 + depends = curl optdepends = samba: for SMB Server support replaces = qemu-kvm - backup = etc/qemu/target-x86_64.conf + options = !strip diff --git a/CVE-2015-3456.patch b/CVE-2015-3456.patch deleted file mode 100644 index 50c19d9f08fe..000000000000 --- a/CVE-2015-3456.patch +++ /dev/null @@ -1,84 +0,0 @@ -From e907746266721f305d67bc0718795fedee2e824c Mon Sep 17 00:00:00 2001 -From: Petr Matousek <pmatouse@redhat.com> -Date: Wed, 6 May 2015 09:48:59 +0200 -Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated buffer - -During processing of certain commands such as FD_CMD_READ_ID and -FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could -get out of bounds leading to memory corruption with values coming -from the guest. - -Fix this by making sure that the index is always bounded by the -allocated memory. - -This is CVE-2015-3456. - -Signed-off-by: Petr Matousek <pmatouse@redhat.com> -Reviewed-by: John Snow <jsnow@redhat.com> -Signed-off-by: John Snow <jsnow@redhat.com> ---- - hw/block/fdc.c | 17 +++++++++++------ - 1 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/hw/block/fdc.c b/hw/block/fdc.c -index f72a392..d8a8edd 100644 ---- a/hw/block/fdc.c -+++ b/hw/block/fdc.c -@@ -1497,7 +1497,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) - { - FDrive *cur_drv; - uint32_t retval = 0; -- int pos; -+ uint32_t pos; - - cur_drv = get_cur_drv(fdctrl); - fdctrl->dsr &= ~FD_DSR_PWRDOWN; -@@ -1506,8 +1506,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl) - return 0; - } - pos = fdctrl->data_pos; -+ pos %= FD_SECTOR_LEN; - if (fdctrl->msr & FD_MSR_NONDMA) { -- pos %= FD_SECTOR_LEN; - if (pos == 0) { - if (fdctrl->data_pos != 0) - if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) { -@@ -1852,10 +1852,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction) - static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction) - { - FDrive *cur_drv = get_cur_drv(fdctrl); -+ uint32_t pos; - -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) { -+ pos = fdctrl->data_pos - 1; -+ pos %= FD_SECTOR_LEN; -+ if (fdctrl->fifo[pos] & 0x80) { - /* Command parameters done */ -- if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) { -+ if (fdctrl->fifo[pos] & 0x40) { - fdctrl->fifo[0] = fdctrl->fifo[1]; - fdctrl->fifo[2] = 0; - fdctrl->fifo[3] = 0; -@@ -1955,7 +1958,7 @@ static uint8_t command_to_handler[256]; - static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) - { - FDrive *cur_drv; -- int pos; -+ uint32_t pos; - - /* Reset mode */ - if (!(fdctrl->dor & FD_DOR_nRESET)) { -@@ -2004,7 +2007,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value) - } - - FLOPPY_DPRINTF("%s: %02x\n", __func__, value); -- fdctrl->fifo[fdctrl->data_pos++] = value; -+ pos = fdctrl->data_pos++; -+ pos %= FD_SECTOR_LEN; -+ fdctrl->fifo[pos] = value; - if (fdctrl->data_pos == fdctrl->data_len) { - /* We now have all parameters - * and will be able to treat the command --- -1.7.0.4 - @@ -1,118 +1,210 @@ -# $Id: PKGBUILD 240417 2015-06-07 17:12:34Z seblu $ +# $Id: PKGBUILD 244413 2015-08-20 09:51:39Z seblu $ # Maintainer: Tobias Powalowski <tpowa@archlinux.org> -#pkgname=('qemu' 'libcacard') +# Contributor: Sébastien "Seblu" Luttringer <seblu@seblu.net> +#pkgbase=qemu +#pkgname=('qemu' +# 'qemu-arch-extra' +# 'qemu-block-iscsi' +# 'qemu-block-rbd' +# 'qemu-block-gluster' +# 'qemu-guest-agent' +# 'libcacard') pkgname='qemu-minimal' -pkgver=2.3.0 -pkgrel=3 +pkgver=2.4.0 +pkgrel=2 arch=('i686' 'x86_64') license=('GPL2' 'LGPL2.1') -url="http://wiki.qemu.org/Index.html" +url='http://wiki.qemu.org/' #makedepends=('pixman' 'libjpeg' 'libpng' 'sdl' 'alsa-lib' 'nss' 'glib2' -# 'gnutls>=2.4.1' 'bluez-libs' 'vde2' 'util-linux' 'curl' 'libsasl' +# 'gnutls' 'bluez-libs' 'vde2' 'util-linux' 'curl' 'libsasl' # 'libgl' 'libpulse' 'seabios' 'libcap-ng' 'libaio' 'libseccomp' # 'libiscsi' 'libcacard' 'spice' 'spice-protocol' 'python2' -# 'usbredir' 'ceph') +# 'usbredir' 'ceph' 'glusterfs' 'libssh2' 'lzo' 'snappy') makedepends=('libjpeg' 'glib2' 'util-linux' 'curl' 'libsasl' 'seabios' 'libcap-ng' 'libaio' 'libseccomp' 'python2' - ) + 'libssh2' 'lzo' 'snappy') conflicts=('qemu') -options=(!strip) source=(http://wiki.qemu.org/download/${pkgname:0:-8}-${pkgver}.tar.bz2 - CVE-2015-3456.patch + qemu.sysusers + qemu-ga.service 65-kvm.rules) +md5sums=('186ee8194140a484a455f8e3c74589f4' + '49778d11c28af170c4bebcc648b0ace1' + '44ee242d758f9318c6a1ea1dae96aa3a' + '33ab286a20242dda7743a900f369d68a') + +_extra_arches=(aarch64 alpha arm armeb cris lm32 m68k microblaze microblazeel mips +mips64 mips64el mipsel mipsn32 mipsn32el or32 ppc ppc64 ppc64abi32 ppc64le s390x +sh4 sh4eb sparc sparc32plus sparc64 moxie ppcemb tricore unicore32 xtensa xtensaeb) +_extra_blob=(QEMU,cgthree.bin QEMU,tcx.bin bamboo.dtb openbios-ppc +openbios-sparc32 openbios-sparc64 palcode-clipper petalogix-ml605.dtb +petalogix-s3adsp1800.dtb ppc_rom.bin s390-ccw.img s390-zipl.rom slof.bin +spapr-rtas.bin u-boot.e500) prepare() { - cd "${srcdir}/${pkgname:0:-8}-${pkgver}" - patch -p1 -i ${srcdir}/CVE-2015-3456.patch + for _p in *.patch; do + [[ -e "$_p" ]] || continue + msg2 "Patching $_p" + patch -p1 -d ${pkgname:0:-8}-${pkgver} < "$_p" + done } build () { - cd "${srcdir}/${pkgname:0:-8}-${pkgver}" + cd ${pkgname:0:-8}-${pkgver} # qemu vs. make 4 == bad export ARFLAGS="rv" # http://permalink.gmane.org/gmane.comp.emulators.qemu/238740 - + export CFLAGS+=' -fPIC' # gtk gui breaks keymappings at the moment # ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='pa alsa sdl' \ # --python=/usr/bin/python2 --smbd=/usr/bin/smbd \ # --enable-docs --libexecdir=/usr/lib/qemu \ # --disable-gtk --enable-linux-aio --enable-seccomp \ # --enable-spice --localstatedir=/var \ -# --enable-tpm +# --enable-tpm \ +# --enable-modules --enable-{rbd,glusterfs,libiscsi,curl} ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='' \ --python=/usr/bin/python2 --smbd=/usr/bin/smbd \ --enable-docs --libexecdir=/usr/lib/qemu \ --disable-gtk --enable-linux-aio --enable-seccomp \ --disable-spice --localstatedir=/var \ - --enable-tpm + --enable-tpm \ + --enable-modules --enable-curl make V=99 } package() { - pkgdesc="A generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. This is a stripped-down version of the official package and requires only the bare essentials for running on a headless server." -# depends=('pixman' 'libjpeg' 'libpng' 'sdl' 'alsa-lib' 'nss' 'glib2' -# 'gnutls>=2.4.1' 'bluez-libs' 'vde2' 'util-linux' 'curl' 'libsasl' -# 'libgl' 'libpulse' 'seabios' 'libcap-ng' 'libaio' 'libseccomp' -# 'libiscsi' 'libcacard' 'spice' 'usbredir' 'libssh2>=1.5.0' 'ceph') - depends=('libjpeg' 'glib2' - 'util-linux' 'curl' 'libsasl' - 'seabios' 'libcap-ng' 'libaio' 'libseccomp' - 'libssh2>=1.5.0' + pkgdesc='A generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. This is a stripped-down version of the official package and requires only the bare essentials for running on a headless server.' +# depends=('glibc' 'pixman' 'libjpeg' 'libpng' 'sdl' 'alsa-lib' 'nss' 'glib2' +# 'gnutls' 'bluez-libs' 'vde2' 'util-linux' 'libsasl' 'libgl' +# 'seabios' 'libcap' 'libcap-ng' 'libaio' 'libseccomp' 'libcacard' +# 'spice' 'usbredir' 'lzo' 'snappy' 'gcc-libs' 'zlib' 'bzip2' 'nspr' +# 'ncurses' 'libx11' 'libusb' 'libpulse' 'libssh2' 'curl') + depends=('glibc' 'libjpeg' 'glib2' + 'util-linux' 'libsasl' + 'seabios' 'libcap' 'libcap-ng' 'libaio' 'libseccomp' + 'lzo' 'snappy' 'gcc-libs' 'zlib' 'bzip2' 'nspr' + 'ncurses' 'libssh2' 'curl' ) - backup=('etc/qemu/target-x86_64.conf') replaces=('qemu-kvm') +# optdepends=('samba: SMB/CIFS server support' +# 'qemu-arch-extra: extra architectures support' +# 'qemu-block-iscsi: iSCSI block support' +# 'qemu-block-rbd: RBD block support' +# 'qemu-block-gluster: glusterfs block support') optdepends=('samba: for SMB Server support') + options=(!strip) install=qemu.install - cd "${srcdir}/${pkgname:0:-8}-${pkgver}" - make DESTDIR="${pkgdir}" libexecdir="/usr/lib/qemu" install + + make -C ${pkgname:0:-8}-${pkgver} DESTDIR="${pkgdir}" libexecdir="/usr/lib/qemu" install + + cd "${pkgdir}" + # provided by seabios package - rm "${pkgdir}/usr/share/qemu/bios.bin" - rm "${pkgdir}/usr/share/qemu/acpi-dsdt.aml" - rm "${pkgdir}/usr/share/qemu/q35-acpi-dsdt.aml" - rm "${pkgdir}/usr/share/qemu/bios-256k.bin" - rm "${pkgdir}/usr/share/qemu/vgabios-cirrus.bin" - rm "${pkgdir}/usr/share/qemu/vgabios-qxl.bin" - rm "${pkgdir}/usr/share/qemu/vgabios-stdvga.bin" - rm "${pkgdir}/usr/share/qemu/vgabios-vmware.bin" + rm usr/share/qemu/bios.bin + rm usr/share/qemu/acpi-dsdt.aml + rm usr/share/qemu/q35-acpi-dsdt.aml + rm usr/share/qemu/bios-256k.bin + rm usr/share/qemu/vgabios-cirrus.bin + rm usr/share/qemu/vgabios-qxl.bin + rm usr/share/qemu/vgabios-stdvga.bin + rm usr/share/qemu/vgabios-vmware.bin # remove conflicting /var/run directory - rm -r "${pkgdir}/var" - install -D -m644 "${srcdir}/65-kvm.rules" \ - "${pkgdir}/usr/lib/udev/rules.d/65-kvm.rules" + rm -r var + + # systemd stuff + install -D -m644 "${srcdir}/65-kvm.rules" usr/lib/udev/rules.d/65-kvm.rules + install -D -m644 "${srcdir}/qemu.sysusers" usr/lib/sysusers.d/qemu.conf + # bridge_helper needs suid # https://bugs.archlinux.org/task/32565 - chmod u+s "${pkgdir}/usr/lib/qemu/qemu-bridge-helper" - # add sample config - echo "allow br0" > ${pkgdir}/etc/qemu/bridge.conf.sample - # strip scripts directory - find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do - case "$(file -bi "$binary")" in - *application/x-executable*) # Binaries - /usr/bin/strip $STRIP_BINARIES "$binary";; - esac - done - # remove libcacard files - rm -rf ${pkgdir}/usr/include/cacard - rm -rf ${pkgdir}/usr/lib/libcacard* - rm -rf ${pkgdir}/usr/lib/pkgconfig/libcacard.pc - rm -rf ${pkgdir}/usr/bin/vscclient + chmod u+s usr/lib/qemu/qemu-bridge-helper + +# # remove libcacard files +# rm -r usr/include/cacard +# rm usr/lib/libcacard* +# rm usr/lib/pkgconfig/libcacard.pc +# rm usr/bin/vscclient +# +# # remove splitted block modules +# rm usr/lib/qemu/block-{iscsi,rbd,gluster}.so + + # remove guest agent + rm usr/bin/qemu-ga + + # remove extra arch + for _arch in "${_extra_arches[@]}"; do + rm -f usr/bin/qemu-${_arch} usr/bin/qemu-system-${_arch} + done + for _blob in "${_extra_blob[@]}"; do + rm usr/share/qemu/${_blob} + done } -#package_libcacard() { -# pkgdesc="Common Access Card (CAC) Emulation" -# options=('strip') -# depends=('nss' 'libaio' 'libcap-ng' 'libiscsi' 'curl' 'vde2' 'glib2') -# mkdir -p ${pkgdir}/usr/bin -# mkdir -p ${pkgdir}/usr/lib/pkgconfig -# mkdir -p ${pkgdir}/usr/include/cacard -# cp -a ${srcdir}/qemu-${pkgver}/libcacard/*.h ${pkgdir}/usr/include/cacard/ -# cp -a ${srcdir}/qemu-${pkgver}/.libs/libcacard.so* ${pkgdir}/usr/lib/ -# cp -a ${srcdir}/qemu-${pkgver}/libcacard.pc ${pkgdir}/usr/lib/pkgconfig/ -# cp -a ${srcdir}/qemu-${pkgver}/.libs/vscclient ${pkgdir}/usr/bin/ -#} -md5sums=('2fab3ea4460de9b57192e5b8b311f221' - '5e8a68940c4e0267e795a6ddd144e00e' - '33ab286a20242dda7743a900f369d68a') +package_qemu-arch-extra() { + pkgdesc='QEMU with full support for non x86 architectures' + depends=('glibc' 'gcc-libs' 'glib2' 'qemu') + options=(!strip) + + cd qemu-${pkgver} + install -dm755 "${pkgdir}"/usr/bin + for _arch in "${_extra_arches[@]}"; do + install -m755 ${_arch}-*/qemu-*${_arch} "${pkgdir}"/usr/bin + done + + cd pc-bios + for _blob in "${_extra_blob[@]}"; do + install -Dm644 ${_blob} "${pkgdir}"/usr/share/qemu/${_blob} + done + + # manually stripping + find "${pkgdir}"/usr/bin -type f -exec strip {} \; +} + +package_qemu-block-iscsi() { + pkgdesc='QEMU iSCSI block module' + depends=('glibc' 'glib2' 'libiscsi') + + install -D qemu-${pkgver}/block-iscsi.so "${pkgdir}"/usr/lib/qemu/block-iscsi.so +} + +package_qemu-block-rbd() { + pkgdesc='QEMU RBD block module' + depends=('glibc' 'glib2' 'ceph') + + install -D qemu-${pkgver}/block-rbd.so "${pkgdir}"/usr/lib/qemu/block-rbd.so +} + +package_qemu-block-gluster() { + pkgdesc='QEMU GlusterFS block module' + depends=('glibc' 'glib2' 'glusterfs') + + install -D qemu-${pkgver}/block-gluster.so "${pkgdir}"/usr/lib/qemu/block-gluster.so +} + +package_qemu-guest-agent() { + pkgdesc='QEMU Guest Agent' + depends=('glibc' 'gcc-libs' 'glib2') + + install -D qemu-${pkgver}/qemu-ga "${pkgdir}"/usr/bin/qemu-ga + install -D qemu-ga.service "${pkgdir}"/usr/lib/systemd/system/qemu-ga.service +} + +package_libcacard() { + pkgdesc='Common Access Card (CAC) Emulation' + depends=('glibc' 'nss' 'nspr' 'glib2') + + cd "${pkgdir}" + install -d usr/{bin,lib/pkgconfig,include/cacard} + cp -a "${srcdir}"/qemu-${pkgver}/libcacard/*.h usr/include/cacard/ + cp -a "${srcdir}"/qemu-${pkgver}/libcacard.pc usr/lib/pkgconfig/ + cp -a "${srcdir}"/qemu-${pkgver}/.libs/vscclient usr/bin/ + cp -a "${srcdir}"/qemu-${pkgver}/.libs/libcacard.so* usr/lib/ +} + + +# vim:set ts=2 sw=2 et: diff --git a/qemu-ga.service b/qemu-ga.service new file mode 100644 index 000000000000..e5eb469f9d49 --- /dev/null +++ b/qemu-ga.service @@ -0,0 +1,8 @@ +[Unit] +Description=QEMU Guest Agent + +[Service] +ExecStart=/usr/bin/qemu-ga + +[Install] +WantedBy=multi-user.target diff --git a/qemu.install b/qemu.install index 59a32cd8ddda..b1604ef1329e 100644 --- a/qemu.install +++ b/qemu.install @@ -1,19 +1,25 @@ -# kvm: the new package version +# Arg 1: the new package version post_install() { - # - groupadd kvm -f -g 78 + # create kvm group + systemd-sysusers qemu.conf + + # trigger events on modules files when already loaded + for _f in /sys/devices/virtual/misc/{kvm,vhost-net}; do + [[ -e "$_f" ]] && udevadm trigger "$_f" + done } +# arg 1: the new package version +# arg 2: the old package version post_upgrade() { - if [ "$(vercmp $2 0.11)" -lt 0 ]; then + if (( "$(vercmp $2 0.11)" < 0 )); then echo "With the release of qemu and qemu-kvm 0.12.X, the kqemu kernel module" echo "is no longer supported and will be removed from the repositories. You" echo "can safely uninstall it from your system." fi - if [ "$(vercmp $2 1.3.1)" -lt 0 ]; then + if (( "$(vercmp $2 1.3.1)" < 0 )); then echo "With the release of qemu 1.3.0, qemu-kvm binary is removed." echo "You need to change the emulator path, if you use libvirt by using:" echo "'virsh edit <vm-name>'" fi } - diff --git a/qemu.sysusers b/qemu.sysusers new file mode 100644 index 000000000000..4c03e8242d92 --- /dev/null +++ b/qemu.sysusers @@ -0,0 +1 @@ +g kvm 78 - |