aboutsummaryrefslogtreecommitdiff
path: root/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu
diff options
context:
space:
mode:
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu')
-rw-r--r--infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch43
-rw-r--r--infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix37
2 files changed, 71 insertions, 9 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch
new file mode 100644
index 000000000000..fa708b298365
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch
@@ -0,0 +1,43 @@
+From 6d19c0cc6c5a9bba308fc29d7c0edc2dc372c41b Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 21 Oct 2020 11:35:50 +0530
+Subject: [PATCH] net: remove an assert call in eth_get_gso_type
+
+eth_get_gso_type() routine returns segmentation offload type based on
+L3 protocol type. It calls g_assert_not_reached if L3 protocol is
+unknown, making the following return statement unreachable. Remove the
+g_assert call, it maybe triggered by a guest user.
+
+Reported-by: Gaoning Pan <pgn@zju.edu.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+---
+ net/eth.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/net/eth.c b/net/eth.c
+index 0c1d413ee2..eee77071f9 100644
+--- a/net/eth.c
++++ b/net/eth.c
+@@ -16,6 +16,7 @@
+ */
+
+ #include "qemu/osdep.h"
++#include "qemu/log.h"
+ #include "net/eth.h"
+ #include "net/checksum.h"
+ #include "net/tap.h"
+@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto)
+ return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state;
+ }
+ }
+-
+- /* Unsupported offload */
+- g_assert_not_reached();
++ qemu_log_mask(LOG_GUEST_ERROR, "%s: probably not GSO frame, "
++ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto);
+
+ return VIRTIO_NET_HDR_GSO_NONE | ecn_state;
+ }
+--
+2.28.0
+
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix
index 535f83711534..5d4b891ad5de 100644
--- a/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix
+++ b/infra/libkookie/nixpkgs/pkgs/applications/virtualization/qemu/default.nix
@@ -1,17 +1,19 @@
{ stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib
-, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex
+, perl, pixman, vde2, alsaLib, texinfo, flex
, bison, lzo, snappy, libaio, gnutls, nettle, curl
, makeWrapper
, attr, libcap, libcap_ng
, CoreServices, Cocoa, Hypervisor, rez, setfile
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
-, pulseSupport ? !stdenv.isDarwin, libpulseaudio
-, sdlSupport ? !stdenv.isDarwin, SDL2
-, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte, wrapGAppsHook
-, vncSupport ? true, libjpeg, libpng
-, smartcardSupport ? true, libcacard
-, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol
+, alsaSupport ? stdenv.lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner
+, pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio
+, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2
+, gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook
+, vncSupport ? !nixosTestRunner, libjpeg, libpng
+, smartcardSupport ? !nixosTestRunner, libcacard
+, spiceSupport ? !stdenv.isDarwin && !nixosTestRunner, spice, spice-protocol
+, ncursesSupport ? !nixosTestRunner, ncurses
, usbredirSupport ? spiceSupport, usbredir
, xenSupport ? false, xen
, cephSupport ? false, ceph
@@ -29,7 +31,7 @@
with stdenv.lib;
let
- audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa,"
+ audio = optionalString alsaSupport "alsa,"
+ optionalString pulseSupport "pa,"
+ optionalString sdlSupport "sdl,";
@@ -50,10 +52,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ python python.pkgs.sphinx pkgconfig flex bison ]
++ optionals gtkSupport [ wrapGAppsHook ];
buildInputs =
- [ zlib glib ncurses perl pixman
+ [ zlib glib perl pixman
vde2 texinfo makeWrapper lzo snappy
gnutls nettle curl
]
+ ++ optionals ncursesSupport [ ncurses ]
++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
++ optionals seccompSupport [ libseccomp ]
++ optionals numaSupport [ numactl ]
@@ -79,6 +82,13 @@ stdenv.mkDerivation rec {
./no-etc-install.patch
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
+ ./CVE-2020-27617.patch
+ (fetchpatch {
+ # e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3
+ name = "CVE-2020-28916.patch";
+ url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a";
+ sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis";
+ })
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
@@ -96,6 +106,15 @@ stdenv.mkDerivation rec {
})
];
+ # Remove CVE-2020-{29129,29130} for QEMU >5.1.0
+ postPatch = ''
+ (cd slirp && patch -p1 < ${fetchpatch {
+ name = "CVE-2020-29129_CVE-2020-29130.patch";
+ url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch";
+ sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w";
+ }})
+ '';
+
hardeningDisable = [ "stackprotector" ];
preConfigure = ''
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 00:33:05 +0000