1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

102 commits

Author SHA1 Message Date
Franz Pletz 536ab403d4
qemu: 2.9.0 -> 2.9.1
Security and bugfix release.
2017-09-28 16:59:41 +02:00
Tim Jäger 0c1c3d2b99 qemu: fix HDA recording latency
Very long latency occurs for audio inputs when simulating an Intel HDA device.

Patch courtesy of Volker Rümeling.
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03336.html
2017-08-16 09:48:49 +02:00
Thomas Tuegel fe800447c2
qemu: unset CPP
Commit 093cc00cdd sets the environment variable
`CPP' by default, but this interferes with dependency calculation.
2017-07-21 16:49:24 -05:00
Volth 1931ad0e2c qemu: 2.8.1 -> 2.9.0 2017-04-23 14:20:48 +02:00
Volth 160a84013e qemu: 2.8.0 -> 2.8.1 2017-04-02 00:21:56 +00:00
aszlig 0a7673d202
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e4.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-03-11 15:16:49 +01:00
Franz Pletz 3a4e2376e4
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu
binaries used for nixos test is tolerable.
2017-03-11 13:43:42 +01:00
Franz Pletz 621e7a9945
qemu: fetch vnc bugfix patch from debian
This version of the patch applies cleanly to the 2.8.0 release.
2017-03-11 09:32:48 +01:00
Franz Pletz c512180f9c
qemu: add patches for multiple CVEs
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
2017-03-11 08:14:29 +01:00
Jan Malakhovski 1c8940a2b8 qemu: add xen support 2017-03-05 13:59:28 +00:00
Jan Malakhovski eff9b09fb7 qemu: separate usbredirSupport option out of spiceSupport option 2017-03-05 13:59:28 +00:00
Franz Pletz 6bafe64a20
qemu: apply patches for multiple CVEs
Fixes:

  * CVE-2017-2615
  * CVE-2017-5667
  * CVE-2017-5898
  * CVE-2017-5931
  * CVE-2017-5973

We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.

cc #23072
2017-02-25 09:40:53 +01:00
Graham Christensen f46c5b293b
qemu: 2.7 -> 2.8, drop 2.7 2017-01-26 20:23:40 -05:00
Antoine Eiche 9f1514f086 qemu: fix several CVEs
- CVE 2016-9845
- CVE-2016-9846
- CVE-2016-9907
- CVE-2016-9912
2017-01-20 11:09:02 +01:00
Antoine Eiche 0bd3f82a67 qemu: fix the url of patch for CVE-2016-9921 and CVE-2016-9922 2017-01-20 11:02:22 +01:00
Graham Christensen f5ca9a4212
Merge branch 'roundup-15' 2016-12-28 21:04:51 -05:00
Antoine Eiche bc63738c6f
qemu: fix CVE-2016-9921 and CVE-2016-9922 2016-12-28 20:37:00 -05:00
Antoine Eiche a5dd311208
qemu: fix CVE-2016-9911 2016-12-28 20:36:53 -05:00
Michael Raskin 442623e499 qemu_28: init at 2.8.0; not updating the main Qemu expression yet because there were some claims about NixOS test fragility 2016-12-28 15:04:51 +01:00
Eelco Dolstra 8a0843c3c4
qemu-kvm: Mark the version for tests
(cherry picked from commit d58a4ec1ba)
2016-12-20 10:52:46 +01:00
aszlig 38ea64e867
qemu_test: Make chown() calls to the store a no-op
The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.

This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.

Fixes the misc test (and possibly future tests) on older Nix versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-16 13:06:25 +01:00
Eelco Dolstra 705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Vladimír Čunát 925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk 97259c811e qemu: use python2 2016-11-24 22:28:03 +01:00
Franz Pletz 336bacfa1d
qemu: add patch to fix CVE-2016-7907
cc #20647
2016-11-23 23:23:49 -05:00
Bjørn Forsman bbe5f99e0b qemu: add curl to buildInputs
Enables support for accessing files over HTTP:

  qemu-system-x86_64 -drive media=cdrom,file=http://host/path.iso,readonly

Increases the closures size from 445 to 447 MiB.
2016-11-23 17:44:02 +01:00
Franz Pletz f4a318b528
qemu: add patches for CVE-2016-7994 & CVE-2016-8668 2016-11-17 22:00:44 +01:00
aszlig 6cfb3b6364
nixos/tests: Use a patched QEMU for testing
The reason to patch QEMU is that with latest Nix, tests like "printing"
or "misc" fail because they expect the store paths to be owned by uid 0
and gid 0.

Starting with NixOS/nix@5e51ffb1c2, Nix
builds inside of a new user namespace. Unfortunately this also means
that bind-mounted store paths that are part of the derivation's inputs
are no longer owned by uid 0 and gid 0 but by uid 65534 and gid 65534.

This in turn causes things like sudo or cups to fail with errors about
insecure file permissions.

So in order to avoid that, let's make sure the VM always gets files
owned by uid 0 and gid 0 and does a no-op when doing a chmod on a store
path.

In addition, this adds a virtualisation.qemu.program option so that we
can make sure that we only use the patched version if we're *really*
running NixOS VM tests (that is, whenever we have imported
test-instrumentation.nix).

Tested against the "misc" and "printing" tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-17 17:16:16 +01:00
Franz Pletz 25c01931bb
qemu: add patches to fix lots of CVEs
Patches from Debian and upstream git repo.

Fixes:

 * CVE-2016-6836
 * CVE-2016-7155
 * CVE-2016-7156
 * CVE-2016-7157
 * CVE-2016-7421
 * CVE-2016-7422
 * CVE-2016-7423
 * CVE-2016-7466
 * CVE-2016-8909
 * CVE-2016-8910
 * CVE-2016-9102
 * CVE-2016-9103
 * CVE-2016-9104
 * CVE-2016-9105
 * CVE-2016-9106

cc #20078
2016-11-03 02:45:16 +01:00
Graham Christensen 5e25995295
qemu: 2.6.1 -> 2.7.0 2016-09-25 15:40:47 -04:00
Robin Gloster 7b1597bec2
qemu: 2.6.0 -> 2.6.1 2016-08-31 13:31:22 +02:00
Robin Gloster 7eaa83a3e9
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet.
Fixes from 2.7 tree.
2016-08-31 13:31:22 +02:00
Joachim Fasting dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Rickard Nilsson 13b8606241 qemu: 2.5.1 -> 2.6.0 2016-05-25 10:42:45 +02:00
Domen Kožar 8a34a3b37a qemu: 2.5.0 -> 2.5.1
Hopefully this also fixes installer tests on i686
2016-03-30 15:12:41 +01:00
Matthew Bauer 864ec69c84 qemu: compile with cocoa for darwin support
This uses the --enable-cocoa flag in qemu to build in Darwin.
2016-03-04 17:45:34 -06:00
Franz Pletz 6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Domen Kožar caa9c53d6e qemu: enable numa 2015-12-15 23:41:55 +01:00
William A. Kennington III cfda3f3eed qemu: 2.4.0.1 -> 2.4.1 2015-11-05 18:18:35 -08:00
Karn Kallio 5012fffecb qemu: 2.4.0 updated to 2.4.0.1 2015-10-12 10:53:46 +02:00
Vladimír Čunát ab295420c5 qemu: qemu-2.4.0-x86-only -> qemu-x86-only-2.4.0 2015-09-17 12:47:45 +02:00
Domen Kožar d2fbbb2100 Revert "Revert "qemu: 2.2.1 -> 2.4.0""
This reverts commit df592a6535.

Segfauls on build machines were not caused due to qemu bump.
2015-09-12 12:56:18 +02:00
Domen Kožar df592a6535 Revert "qemu: 2.2.1 -> 2.4.0"
This reverts commit 0e0e3c0c08.

I've been seeing quite some QEMU segfaults on Hydra,
hopefully reverting the bump will fix the issue.

(cherry picked from commit 863c121c07)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-09-07 12:22:13 +02:00
Anton Fedotov 0e0e3c0c08 qemu: 2.2.1 -> 2.4.0 2015-08-26 13:16:53 +03:00
Shea Levy 145768bf9b Unmaintain a bunch of packages 2015-07-01 08:11:05 -04:00
Eelco Dolstra 98a4eabd99 Revert "qemu: 2.2.2 -> 2.3.0"
This reverts commit 19c259161b.
2015-06-04 14:54:48 +02:00
Eelco Dolstra 3096d03435 Revert "Refactor mkFlag / shouldUsePkg into the nixpkgs libraries"
This reverts commit 25a148fa19.
2015-06-04 14:54:48 +02:00
Eelco Dolstra 4f60156afb Revert "qemu-nix: Build statically"
This reverts commit 5afa4f18d6.
2015-06-04 14:54:47 +02:00
William A. Kennington III 5afa4f18d6 qemu-nix: Build statically 2015-06-01 01:50:05 -07:00
William A. Kennington III b07929b0a3 Use libpulseaudio instead of pulseaudio 2015-05-29 14:32:56 -07:00