Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c6d4197e4f27
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 994e221f1668
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on Jan 19, 2021

  1. qemu: 5.1.0 -> 5.2.0 

    Updates to latest version of QEMU.
The build system has changed to ninja.
There are several configuration flags that aren't enabled. I will
defer to maintainers on those.

Adds autoPatchelfHook for patching output dynamically linked binaries.

qemu: use Nix's meson vs bundled

qemu: remove custom directory locations

It appears that these directories are no longer automatically prefixed
with $out/, so they are now trying to write to the system /etc/, /var/
directories, which is not permitted in sandbox.
The default directories seem to work OK, so using those.
    @drewrisinger
    drewrisinger committed Jan 19, 2021
    Copy the full SHA
    9e403b1 View commit details

Commits on Jan 22, 2021

  1. Merge pull request #106988 from drewrisinger/dr-pr-qemu-bump 

    qemu: 5.1.0 -> 5.2.0
    @flokli
    flokli authored Jan 22, 2021

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    994e221 View commit details
43 changes: 0 additions & 43 deletions pkgs/applications/virtualization/qemu/CVE-2020-27617.patch
View file

This file was deleted.

38 changes: 12 additions & 26 deletions pkgs/applications/virtualization/qemu/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{ lib, stdenv, fetchurl, fetchpatch, python, zlib, pkg-config, glib
, perl, pixman, vde2, alsaLib, texinfo, flex
, bison, lzo, snappy, libaio, gnutls, nettle, curl
, makeWrapper
, bison, lzo, snappy, libaio, gnutls, nettle, curl, ninja, meson
, makeWrapper, autoPatchelfHook
, attr, libcap, libcap_ng
, CoreServices, Cocoa, Hypervisor, rez, setfile
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
, alsaSupport ? lib.hasSuffix "linux" stdenv.hostPlatform.system && !nixosTestRunner
, pulseSupport ? !stdenv.isDarwin && !nixosTestRunner, libpulseaudio
, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2
, sdlSupport ? !stdenv.isDarwin && !nixosTestRunner, SDL2, SDL2_image
, gtkSupport ? !stdenv.isDarwin && !xenSupport && !nixosTestRunner, gtk3, gettext, vte, wrapGAppsHook
, vncSupport ? !nixosTestRunner, libjpeg, libpng
, smartcardSupport ? !nixosTestRunner, libcacard
@@ -39,18 +39,18 @@ let
in

stdenv.mkDerivation rec {
version = "5.1.0";
version = "5.2.0";
pname = "qemu"
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
+ lib.optionalString nixosTestRunner "-for-vm-tests";

src = fetchurl {
url= "https://download.qemu.org/qemu-${version}.tar.xz";
sha256 = "1rd41wwlvp0vpialjp2czs6i3lsc338xc72l3zkbb7ixjfslw5y9";
sha256 = "1g0pvx4qbirpcn9mni704y03n3lvkmw2c0rbcwvydyr8ns4xh66b";
};

nativeBuildInputs = [ python python.pkgs.sphinx pkg-config flex bison ]
nativeBuildInputs = [ python python.pkgs.sphinx pkg-config flex bison meson ninja autoPatchelfHook ]
++ optionals gtkSupport [ wrapGAppsHook ];
buildInputs =
[ zlib glib perl pixman
@@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
++ optionals seccompSupport [ libseccomp ]
++ optionals numaSupport [ numactl ]
++ optionals pulseSupport [ libpulseaudio ]
++ optionals sdlSupport [ SDL2 ]
++ optionals sdlSupport [ SDL2 SDL2_image ]
++ optionals gtkSupport [ gtk3 gettext vte ]
++ optionals vncSupport [ libjpeg libpng ]
++ optionals smartcardSupport [ libcacard ]
@@ -77,20 +77,13 @@ stdenv.mkDerivation rec {
++ optionals smbdSupport [ samba ];

enableParallelBuilding = true;
dontUseMesonConfigure = true; # meson's configurePhase isn't compatible with qemu build

outputs = [ "out" "ga" ];

patches = [
./no-etc-install.patch
./fix-qemu-ga.patch
./9p-ignore-noatime.patch
./CVE-2020-27617.patch
(fetchpatch {
# e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3
name = "CVE-2020-28916.patch";
url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a";
sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis";
})
] ++ optional nixosTestRunner ./force-uid0-on-9p.patch
++ optionals stdenv.hostPlatform.isMusl [
(fetchpatch {
@@ -108,27 +101,19 @@ stdenv.mkDerivation rec {
})
];

# Remove CVE-2020-{29129,29130} for QEMU >5.1.0
postPatch = ''
(cd slirp && patch -p1 < ${fetchpatch {
name = "CVE-2020-29129_CVE-2020-29130.patch";
url = "https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f.patch";
sha256 = "01vbjqgnc0kp881l5p6b31cyyirhwhavm6x36hlgkymswvl3wh9w";
}})
'';

hardeningDisable = [ "stackprotector" ];

preConfigure = ''
unset CPP # intereferes with dependency calculation
# this script isn't marked as executable b/c it's indirectly used by meson. Needed to patch its shebang
chmod +x ./scripts/shaderinclude.pl
patchShebangs .
'' + optionalString stdenv.hostPlatform.isMusl ''
NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H"
'';

configureFlags =
[ "--audio-drv-list=${audio}"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-docs"
"--enable-tools"
"--enable-guest-agent"
@@ -169,6 +154,7 @@ stdenv.mkDerivation rec {
wrapGApp $f
done
'';
preBuild = "cd build";

# Add a ‘qemu-kvm’ wrapper for compatibility/convenience.
postInstall = ''
12 changes: 0 additions & 12 deletions pkgs/applications/virtualization/qemu/no-etc-install.patch
View file

This file was deleted.