From: Romain Naour <romain.naour@gmail.com>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/qemu: security bump to version 6.1.0
Date: Sat, 28 Aug 2021 13:56:33 +0200 [thread overview]
Message-ID: <e82f10b3-0e56-7fd9-2f5c-1b46e2f96cfb@gmail.com> (raw)
In-Reply-To: <20210828102129.779491-1-fontaine.fabrice@gmail.com>
Hello Fabrice,
Le 28/08/2021 à 12:21, Fabrice Fontaine a écrit :
> - Fixes CVE-2021-3527, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546,
> CVE-2021-3582, CVE-2021-3607 and CVE-2021-3608
> - Drop second, fourth and fifth patches (already in version)
>
> https://wiki.qemu.org/ChangeLog/6.1
NAK, qemu 6.1 is not really a minor update.
There are some important dependencies changes like minimum gcc is now 7.5.0.
https://wiki.qemu.org/ChangeLog/6.1#Build_Information
This means that we have to update our gitlab-ci container (using gcc 6.x) used
to build all qemu defconfigs since host-qemu is build.
Also, I would add --disable-bpf to avoid issue with this new optional dependencies.
See my work in progress (feel free to comment and test):
https://gitlab.com/kubu93/buildroot/-/pipelines/359619546
https://gitlab.com/kubu93/buildroot/-/commits/qemu-6.1.0-defconfigs
You can notice a build issue with csky toolchain, see:
http://lists.busybox.net/pipermail/buildroot/2021-August/621504.html
I would suggest to try the qemu bump with gitlab-ci :)
Best regards,
Romain
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> .../0002-Fix-build-with-64-bits-time_t.patch | 98 -------------------
> ...atch => 0002-meson-add-tests-option.patch} | 0
> ....c-fix-fuse-lseek-on-uclibc-or-musl.patch} | 0
> .../0004-Makefile-ignore-long-options.patch | 41 --------
> ...5-block-export-fuse.c-fix-musl-build.patch | 46 ---------
> package/qemu/qemu.hash | 2 +-
> package/qemu/qemu.mk | 2 +-
> 7 files changed, 2 insertions(+), 187 deletions(-)
> delete mode 100644 package/qemu/0002-Fix-build-with-64-bits-time_t.patch
> rename package/qemu/{0003-meson-add-tests-option.patch => 0002-meson-add-tests-option.patch} (100%)
> rename package/qemu/{0006-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch => 0003-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch} (100%)
> delete mode 100644 package/qemu/0004-Makefile-ignore-long-options.patch
> delete mode 100644 package/qemu/0005-block-export-fuse.c-fix-musl-build.patch
>
> diff --git a/package/qemu/0002-Fix-build-with-64-bits-time_t.patch b/package/qemu/0002-Fix-build-with-64-bits-time_t.patch
> deleted file mode 100644
> index 934c0e28fd..0000000000
> --- a/package/qemu/0002-Fix-build-with-64-bits-time_t.patch
> +++ /dev/null
> @@ -1,98 +0,0 @@
> -From 839e51aa452345b440f8d2d0df84ab58bdedfcd1 Mon Sep 17 00:00:00 2001
> -From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -Date: Sat, 14 Nov 2020 21:54:17 +0100
> -Subject: [PATCH] Fix build with 64 bits time_t
> -
> -time element is deprecated on new input_event structure in kernel's
> -input.h [1]
> -
> -This will avoid the following build failure:
> -
> -hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status':
> -hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time'
> - 198 | if (gettimeofday(&evdev.time, NULL)) {
> - | ^
> -
> -Fixes:
> - - http://autobuild.buildroot.org/results/a538167e288c14208d557cd45446df86d3d599d5
> - - http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb
> -
> -[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=152194fe9c3f
> -
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - contrib/vhost-user-input/main.c | 10 +++++++++-
> - hw/input/virtio-input-host.c | 10 +++++++++-
> - 2 files changed, 18 insertions(+), 2 deletions(-)
> -
> -diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c
> -index 6020c6f33a..e688c3e0a9 100644
> ---- a/contrib/vhost-user-input/main.c
> -+++ b/contrib/vhost-user-input/main.c
> -@@ -15,6 +15,11 @@
> - #include "standard-headers/linux/virtio_input.h"
> - #include "qapi/error.h"
> -
> -+#ifndef input_event_sec
> -+#define input_event_sec time.tv_sec
> -+#define input_event_usec time.tv_usec
> -+#endif
> -+
> - enum {
> - VHOST_USER_INPUT_MAX_QUEUES = 2,
> - };
> -@@ -113,13 +118,16 @@ vi_evdev_watch(VuDev *dev, int condition, void *data)
> - static void vi_handle_status(VuInput *vi, virtio_input_event *event)
> - {
> - struct input_event evdev;
> -+ struct timeval tval;
> - int rc;
> -
> -- if (gettimeofday(&evdev.time, NULL)) {
> -+ if (gettimeofday(&tval, NULL)) {
> - perror("vi_handle_status: gettimeofday");
> - return;
> - }
> -
> -+ evdev.input_event_sec = tval.tv_sec;
> -+ evdev.input_event_usec = tval.tv_usec;
> - evdev.type = le16toh(event->type);
> - evdev.code = le16toh(event->code);
> - evdev.value = le32toh(event->value);
> -diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c
> -index 85daf73f1a..2e261737e1 100644
> ---- a/hw/input/virtio-input-host.c
> -+++ b/hw/input/virtio-input-host.c
> -@@ -16,6 +16,11 @@
> - #include <sys/ioctl.h>
> - #include "standard-headers/linux/input.h"
> -
> -+#ifndef input_event_sec
> -+#define input_event_sec time.tv_sec
> -+#define input_event_usec time.tv_usec
> -+#endif
> -+
> - /* ----------------------------------------------------------------- */
> -
> - static struct virtio_input_config virtio_input_host_config[] = {
> -@@ -193,13 +198,16 @@ static void virtio_input_host_handle_status(VirtIOInput *vinput,
> - {
> - VirtIOInputHost *vih = VIRTIO_INPUT_HOST(vinput);
> - struct input_event evdev;
> -+ struct timeval tval;
> - int rc;
> -
> -- if (gettimeofday(&evdev.time, NULL)) {
> -+ if (gettimeofday(&tval, NULL)) {
> - perror("virtio_input_host_handle_status: gettimeofday");
> - return;
> - }
> -
> -+ evdev.input_event_sec = tval.tv_sec;
> -+ evdev.input_event_usec = tval.tv_usec;
> - evdev.type = le16_to_cpu(event->type);
> - evdev.code = le16_to_cpu(event->code);
> - evdev.value = le32_to_cpu(event->value);
> ---
> -2.29.2
> -
> diff --git a/package/qemu/0003-meson-add-tests-option.patch b/package/qemu/0002-meson-add-tests-option.patch
> similarity index 100%
> rename from package/qemu/0003-meson-add-tests-option.patch
> rename to package/qemu/0002-meson-add-tests-option.patch
> diff --git a/package/qemu/0006-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch b/package/qemu/0003-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch
> similarity index 100%
> rename from package/qemu/0006-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch
> rename to package/qemu/0003-block-export-fuse.c-fix-fuse-lseek-on-uclibc-or-musl.patch
> diff --git a/package/qemu/0004-Makefile-ignore-long-options.patch b/package/qemu/0004-Makefile-ignore-long-options.patch
> deleted file mode 100644
> index 2d14b70c03..0000000000
> --- a/package/qemu/0004-Makefile-ignore-long-options.patch
> +++ /dev/null
> @@ -1,41 +0,0 @@
> -From 14833e24dea49303ebc2464813601054b6cdfcac Mon Sep 17 00:00:00 2001
> -From: Alexey Neyman <stilor@att.net>
> -Date: Wed, 21 Jul 2021 19:08:46 -0700
> -Subject: [PATCH] Makefile: ignore long options
> -
> -When searching for options like -n in MAKEFLAGS, current code may result
> -in a false positive match when make is invoked with long options like
> ---no-print-directory. This has been observed with certain versions of
> -host make (e.g. 3.82) while building the Qemu package in buildroot.
> -
> -Filter out such long options before searching for one-character options.
> -
> -Signed-off-by: Alexey Neyman <stilor@att.net>
> -Message-Id: <20210722020846.3678817-1-stilor@att.net>
> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ----
> - Makefile | 8 +++++---
> - 1 file changed, 5 insertions(+), 3 deletions(-)
> -
> -diff --git a/Makefile b/Makefile
> -index 6c36330eef..401c623a65 100644
> ---- a/Makefile
> -+++ b/Makefile
> -@@ -129,9 +129,11 @@ endif
> - # 4. Rules to bridge to other makefiles
> -
> - ifneq ($(NINJA),)
> --MAKE.n = $(findstring n,$(firstword $(MAKEFLAGS)))
> --MAKE.k = $(findstring k,$(firstword $(MAKEFLAGS)))
> --MAKE.q = $(findstring q,$(firstword $(MAKEFLAGS)))
> -+# Filter out long options to avoid flags like --no-print-directory which
> -+# may result in false positive match for MAKE.n
> -+MAKE.n = $(findstring n,$(firstword $(filter-out --%,$(MAKEFLAGS))))
> -+MAKE.k = $(findstring k,$(firstword $(filter-out --%,$(MAKEFLAGS))))
> -+MAKE.q = $(findstring q,$(firstword $(filter-out --%,$(MAKEFLAGS))))
> - MAKE.nq = $(if $(word 2, $(MAKE.n) $(MAKE.q)),nq)
> - NINJAFLAGS = $(if $V,-v) $(if $(MAKE.n), -n) $(if $(MAKE.k), -k0) \
> - $(filter-out -j, $(lastword -j1 $(filter -l% -j%, $(MAKEFLAGS)))) \
> ---
> -2.27.0
> -
> diff --git a/package/qemu/0005-block-export-fuse.c-fix-musl-build.patch b/package/qemu/0005-block-export-fuse.c-fix-musl-build.patch
> deleted file mode 100644
> index 0da6b3ff73..0000000000
> --- a/package/qemu/0005-block-export-fuse.c-fix-musl-build.patch
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -From 4d5280c066eb46a31556044fb52c2618928b0019 Mon Sep 17 00:00:00 2001
> -From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -Date: Mon, 9 Aug 2021 10:04:07 +0200
> -Subject: [PATCH] block/export/fuse.c: fix musl build
> -
> -Fix the following build failure on musl raised since version 6.0.0 and
> -https://gitlab.com/qemu-project/qemu/-/commit/4ca37a96a75aafe7a37ba51ab1912b09b7190a6b
> -because musl does not define FALLOC_FL_ZERO_RANGE:
> -
> -../block/export/fuse.c: In function 'fuse_fallocate':
> -../block/export/fuse.c:563:23: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function)
> - 563 | } else if (mode & FALLOC_FL_ZERO_RANGE) {
> - | ^~~~~~~~~~~~~~~~~~~~
> -
> -Fixes:
> - - http://autobuild.buildroot.org/results/b96e3d364fd1f8bbfb18904a742e73327d308f64
> -
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -[Upstream status: sent to qemu-devel@nongnu.org]
> ----
> - block/export/fuse.c | 2 ++
> - 1 file changed, 2 insertions(+)
> -
> -diff --git a/block/export/fuse.c b/block/export/fuse.c
> -index ada9e263eb..07e31129a6 100644
> ---- a/block/export/fuse.c
> -+++ b/block/export/fuse.c
> -@@ -635,6 +635,7 @@ static void fuse_fallocate(fuse_req_t req, fuse_ino_t inode, int mode,
> - offset += size;
> - length -= size;
> - } while (ret == 0 && length > 0);
> -+#ifdef FALLOC_FL_ZERO_RANGE
> - } else if (mode & FALLOC_FL_ZERO_RANGE) {
> - if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + length > blk_len) {
> - /* No need for zeroes, we are going to write them ourselves */
> -@@ -654,6 +655,7 @@ static void fuse_fallocate(fuse_req_t req, fuse_ino_t inode, int mode,
> - offset += size;
> - length -= size;
> - } while (ret == 0 && length > 0);
> -+#endif
> - } else if (!mode) {
> - /* We can only fallocate at the EOF with a truncate */
> - if (offset < blk_len) {
> ---
> -2.30.2
> -
> diff --git a/package/qemu/qemu.hash b/package/qemu/qemu.hash
> index 5e873791b8..0613fce493 100644
> --- a/package/qemu/qemu.hash
> +++ b/package/qemu/qemu.hash
> @@ -1,4 +1,4 @@
> # Locally computed, tarball verified with GPG signature
> -sha256 87bc1a471ca24b97e7005711066007d443423d19aacda3d442558ae032fa30b9 qemu-6.0.0.tar.xz
> +sha256 eebc089db3414bbeedf1e464beda0a7515aad30f73261abc246c9b27503a3c96 qemu-6.1.0.tar.xz
> sha256 6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100 COPYING
> sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
> diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk
> index a58bc9024a..37dfc63907 100644
> --- a/package/qemu/qemu.mk
> +++ b/package/qemu/qemu.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -QEMU_VERSION = 6.0.0
> +QEMU_VERSION = 6.1.0
> QEMU_SOURCE = qemu-$(QEMU_VERSION).tar.xz
> QEMU_SITE = http://download.qemu.org
> QEMU_LICENSE = GPL-2.0, LGPL-2.1, MIT, BSD-3-Clause, BSD-2-Clause, Others/BSD-1c
>
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
next prev parent reply other threads:[~2021-08-28 11:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-28 10:21 [Buildroot] [PATCH 1/1] package/qemu: security bump to version 6.1.0 Fabrice Fontaine
2021-08-28 11:56 ` Romain Naour [this message]
2021-08-28 12:32 ` Fabrice Fontaine
2021-08-28 13:08 ` Romain Naour
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e82f10b3-0e56-7fd9-2f5c-1b46e2f96cfb@gmail.com \
--to=romain.naour@gmail.com \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.