Commit graph

146 commits

Author SHA1 Message Date
Franz Pletz
3a4e2376e4
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu
binaries used for nixos test is tolerable.
2017-03-11 13:43:42 +01:00
Franz Pletz
621e7a9945
qemu: fetch vnc bugfix patch from debian
This version of the patch applies cleanly to the 2.8.0 release.
2017-03-11 09:32:48 +01:00
Franz Pletz
c512180f9c
qemu: add patches for multiple CVEs
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
2017-03-11 08:14:29 +01:00
Jan Malakhovski
1c8940a2b8 qemu: add xen support 2017-03-05 13:59:28 +00:00
Jan Malakhovski
eff9b09fb7 qemu: separate usbredirSupport option out of spiceSupport option 2017-03-05 13:59:28 +00:00
Franz Pletz
6bafe64a20
qemu: apply patches for multiple CVEs
Fixes:

  * CVE-2017-2615
  * CVE-2017-5667
  * CVE-2017-5898
  * CVE-2017-5931
  * CVE-2017-5973

We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.

cc #23072
2017-02-25 09:40:53 +01:00
Graham Christensen
f46c5b293b
qemu: 2.7 -> 2.8, drop 2.7 2017-01-26 20:23:40 -05:00
Antoine Eiche
9f1514f086 qemu: fix several CVEs
- CVE 2016-9845
- CVE-2016-9846
- CVE-2016-9907
- CVE-2016-9912
2017-01-20 11:09:02 +01:00
Antoine Eiche
0bd3f82a67 qemu: fix the url of patch for CVE-2016-9921 and CVE-2016-9922 2017-01-20 11:02:22 +01:00
Graham Christensen
f5ca9a4212
Merge branch 'roundup-15' 2016-12-28 21:04:51 -05:00
Antoine Eiche
bc63738c6f
qemu: fix CVE-2016-9921 and CVE-2016-9922 2016-12-28 20:37:00 -05:00
Antoine Eiche
a5dd311208
qemu: fix CVE-2016-9911 2016-12-28 20:36:53 -05:00
Michael Raskin
442623e499 qemu_28: init at 2.8.0; not updating the main Qemu expression yet because there were some claims about NixOS test fragility 2016-12-28 15:04:51 +01:00
Eelco Dolstra
8a0843c3c4
qemu-kvm: Mark the version for tests
(cherry picked from commit d58a4ec1ba77e390c53c09ba6198b78f8568d495)
2016-12-20 10:52:46 +01:00
aszlig
38ea64e867
qemu_test: Make chown() calls to the store a no-op
The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.

This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.

Fixes the misc test (and possibly future tests) on older Nix versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-16 13:06:25 +01:00
Eelco Dolstra
705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk
97259c811e qemu: use python2 2016-11-24 22:28:03 +01:00
Franz Pletz
336bacfa1d
qemu: add patch to fix CVE-2016-7907
cc #20647
2016-11-23 23:23:49 -05:00
Bjørn Forsman
bbe5f99e0b qemu: add curl to buildInputs
Enables support for accessing files over HTTP:

  qemu-system-x86_64 -drive media=cdrom,file=http://host/path.iso,readonly

Increases the closures size from 445 to 447 MiB.
2016-11-23 17:44:02 +01:00
Franz Pletz
f4a318b528
qemu: add patches for CVE-2016-7994 & CVE-2016-8668 2016-11-17 22:00:44 +01:00
aszlig
6cfb3b6364
nixos/tests: Use a patched QEMU for testing
The reason to patch QEMU is that with latest Nix, tests like "printing"
or "misc" fail because they expect the store paths to be owned by uid 0
and gid 0.

Starting with NixOS/nix@5e51ffb1c2, Nix
builds inside of a new user namespace. Unfortunately this also means
that bind-mounted store paths that are part of the derivation's inputs
are no longer owned by uid 0 and gid 0 but by uid 65534 and gid 65534.

This in turn causes things like sudo or cups to fail with errors about
insecure file permissions.

So in order to avoid that, let's make sure the VM always gets files
owned by uid 0 and gid 0 and does a no-op when doing a chmod on a store
path.

In addition, this adds a virtualisation.qemu.program option so that we
can make sure that we only use the patched version if we're *really*
running NixOS VM tests (that is, whenever we have imported
test-instrumentation.nix).

Tested against the "misc" and "printing" tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-17 17:16:16 +01:00
Franz Pletz
25c01931bb
qemu: add patches to fix lots of CVEs
Patches from Debian and upstream git repo.

Fixes:

 * CVE-2016-6836
 * CVE-2016-7155
 * CVE-2016-7156
 * CVE-2016-7157
 * CVE-2016-7421
 * CVE-2016-7422
 * CVE-2016-7423
 * CVE-2016-7466
 * CVE-2016-8909
 * CVE-2016-8910
 * CVE-2016-9102
 * CVE-2016-9103
 * CVE-2016-9104
 * CVE-2016-9105
 * CVE-2016-9106

cc #20078
2016-11-03 02:45:16 +01:00
Graham Christensen
5e25995295
qemu: 2.6.1 -> 2.7.0 2016-09-25 15:40:47 -04:00
Robin Gloster
7b1597bec2
qemu: 2.6.0 -> 2.6.1 2016-08-31 13:31:22 +02:00
Robin Gloster
7eaa83a3e9
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet.
Fixes from 2.7 tree.
2016-08-31 13:31:22 +02:00
Joachim Fasting
dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Rickard Nilsson
13b8606241 qemu: 2.5.1 -> 2.6.0 2016-05-25 10:42:45 +02:00
Domen Kožar
8a34a3b37a qemu: 2.5.0 -> 2.5.1
Hopefully this also fixes installer tests on i686
2016-03-30 15:12:41 +01:00
Matthew Bauer
864ec69c84 qemu: compile with cocoa for darwin support
This uses the --enable-cocoa flag in qemu to build in Darwin.
2016-03-04 17:45:34 -06:00
Franz Pletz
6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Domen Kožar
caa9c53d6e qemu: enable numa 2015-12-15 23:41:55 +01:00
William A. Kennington III
cfda3f3eed qemu: 2.4.0.1 -> 2.4.1 2015-11-05 18:18:35 -08:00
Karn Kallio
5012fffecb qemu: 2.4.0 updated to 2.4.0.1 2015-10-12 10:53:46 +02:00
Vladimír Čunát
ab295420c5 qemu: qemu-2.4.0-x86-only -> qemu-x86-only-2.4.0 2015-09-17 12:47:45 +02:00
Domen Kožar
d2fbbb2100 Revert "Revert "qemu: 2.2.1 -> 2.4.0""
This reverts commit df592a6535.

Segfauls on build machines were not caused due to qemu bump.
2015-09-12 12:56:18 +02:00
Domen Kožar
df592a6535 Revert "qemu: 2.2.1 -> 2.4.0"
This reverts commit 0e0e3c0c08.

I've been seeing quite some QEMU segfaults on Hydra,
hopefully reverting the bump will fix the issue.

(cherry picked from commit 863c121c0782b82900d736f9f71dbcfa80f62e1d)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-09-07 12:22:13 +02:00
Anton Fedotov
0e0e3c0c08 qemu: 2.2.1 -> 2.4.0 2015-08-26 13:16:53 +03:00
Shea Levy
145768bf9b Unmaintain a bunch of packages 2015-07-01 08:11:05 -04:00
Eelco Dolstra
98a4eabd99 Revert "qemu: 2.2.2 -> 2.3.0"
This reverts commit 19c259161b.
2015-06-04 14:54:48 +02:00
Eelco Dolstra
3096d03435 Revert "Refactor mkFlag / shouldUsePkg into the nixpkgs libraries"
This reverts commit 25a148fa19.
2015-06-04 14:54:48 +02:00
Eelco Dolstra
4f60156afb Revert "qemu-nix: Build statically"
This reverts commit 5afa4f18d6.
2015-06-04 14:54:47 +02:00
William A. Kennington III
5afa4f18d6 qemu-nix: Build statically 2015-06-01 01:50:05 -07:00
William A. Kennington III
b07929b0a3 Use libpulseaudio instead of pulseaudio 2015-05-29 14:32:56 -07:00
William A. Kennington III
25a148fa19 Refactor mkFlag / shouldUsePkg into the nixpkgs libraries 2015-05-22 13:26:55 -07:00
William A. Kennington III
19c259161b qemu: 2.2.2 -> 2.3.0 2015-05-20 18:30:22 -07:00
William A. Kennington III
53d5b564d4 qemu: 2.2.0 -> 2.2.1 2015-03-26 14:54:00 -07:00
William A. Kennington III
63ae630c6c qemu: 2.0.0 -> 2.2.0
Additionally, add support for more external features as well as more
sound system types.
2014-12-10 15:18:54 -08:00
Russell O'Connor
a431a96df9 Allow QEMU to fallback to full simulation if /dev/kvm is not available. 2014-08-13 23:26:26 +02:00
Austin Seipp
de96d25294 qemu: 1.7.1 -> 2.0.0
The patch for CVE-2014-0150 is still required.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 15:52:44 -05:00
Eelco Dolstra
39faed1f2f qemu: Apply patch for CVE-2014-0150, CVE-2014-2894 2014-04-28 14:37:46 +02:00
Eelco Dolstra
0af5d11a6f qemu-image: Remove (obsolete) 2014-04-28 14:34:34 +02:00
Eelco Dolstra
f2cb4def59 qemu: Update to 1.7.1 2014-04-17 15:54:42 +02:00
Jaka Hudoklin
413ebfb246 virt-manager: update to 1.0.1, fix & update dependencies, gtk3 support
- Vte, add gtk3 support, enable introspection, update to 0.35.90
- Spice-gtk, add gtk3 support
- gtk-vnc, add gtk3 support
- Add libvirt-glib (thanks @bjornfor)
- Add usbredir
- qemu, enable usbredir
- spice-gtk, enable usbredir
- virt-manager, update to 1.0.1

[Bjørn:
* Set namePrefix = "" to preserve package name "virt-manager"
  (instead of "python2.7-virt-manager")
* Add dconf to GIO_EXTRA_MODULES to get persistent settings in
  virt-manager. Without it:
  GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.
* Add ${gtk3}/share to XDG_DATA_DIRS to unbreak "Take Screenshot"
  feature (fixes "Settings schema 'org.gtk.Settings.FileChooser' is not installed")
* gtk-vnc: don't pull "pkgs" attrset for optionalString, use stdenv.lib.optionalString instead.
]
2014-04-05 18:37:05 +02:00
William A. Kennington III
b6d3526c53 qemu: Update 1.5.2 -> 1.7.0 2014-03-18 14:24:46 +01:00
Eelco Dolstra
7ee76ebd0c qemu: Revert to 1.5.2
1.6.0 breaks many VM builds because it gives incorrect RTC values to
the guest.  See

  http://hydra.nixos.org/eval/981543
  http://hydra.nixos.org/eval/981440
2013-08-26 15:48:21 +02:00
Rickard Nilsson
5303fb0f0f qemu: Update to 1.6.0 2013-08-23 10:26:29 +02:00
Eelco Dolstra
c8c817a3b4 qemu-kvm: Disambiguate 2013-07-31 14:53:35 +02:00
Eelco Dolstra
00e311e438 qemu-kvm: Remove
But install a qemu-kvm wrapper in qemu.
2013-07-31 14:53:34 +02:00
Eelco Dolstra
945c70202f qemu: Update to 1.5.2 2013-07-31 14:53:34 +02:00
Bjørn Forsman
f142483de0 qemu: enable spice protocol support by default
We already enable VNC and SDL support by default and adding spice only
increases the closure size from 513 MB to 518 MB.

Closure size:
  du -sch $(nix-store -qR ./result)
2013-07-18 02:40:24 +02:00
Eelco Dolstra
abc10b4715 qemu: Allow building only the x86 emulator 2013-07-04 18:27:26 +02:00
Eelco Dolstra
b625a16068 qemu: Merge qemu-kvm dependencies 2013-07-04 18:27:26 +02:00
Eelco Dolstra
d199fe766a qemu: Merge stuff from qemu-kvm 2013-07-04 18:27:26 +02:00
Eelco Dolstra
9da1586d75 qemu: Update to 1.5.1 2013-07-04 18:27:26 +02:00
Rickard Nilsson
e382e34f51 qemu: Enable support for VDE networking 2013-06-25 19:47:17 +02:00
Rickard Nilsson
270da328b9 qemu: Enable virtfs
This makes it possible to share host directories to qemu guests
using 9P.
2013-06-25 12:20:10 +02:00
Lluís Batlle i Rossell
744a215a45 qemu: update to 1.4.0 2013-04-10 18:26:42 +02:00
Shea Levy
8f51038a13 qemu-1.3.1
Also, old qemu is unreferenced in nixos and nixpkgs tree, so remove it absent explicit need.
2013-02-07 20:44:02 -05:00
Eelco Dolstra
5553546c21 Remove a bunch of unreferenced files
Plus a small number of obsolete packages (like old versions of qemu).
2012-11-29 13:43:37 +01:00
Lluís Batlle i Rossell
b4955eea65 Adding qemu 1.0.1.
svn path=/nixpkgs/trunk/; revision=33232
2012-03-18 10:31:15 +00:00
Eelco Dolstra
c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Alexander Tsamutali
69c91f30ce applications/virtualization/qemu: Added 0.15.nix
svn path=/nixpkgs/trunk/; revision=31401
2012-01-07 15:06:49 +00:00
Ludovic Courtès
3cf686b4fc QEMU: Build with ncurses support.
svn path=/nixpkgs/trunk/; revision=27458
2011-06-14 16:28:17 +00:00
Lluís Batlle i Rossell
b44c4a88e8 Setting me as maintainer of qemu, and telling hydra to build it (heavy package)
svn path=/nixpkgs/trunk/; revision=24861
2010-11-25 22:01:24 +00:00
Lluís Batlle i Rossell
79c06ac912 Updating qemu
svn path=/nixpkgs/trunk/; revision=24784
2010-11-20 14:48:23 +00:00
Eelco Dolstra
907bb1aac6 * ltrace: updated to 0.5.3.
* libdbi / libdbi-drivers: updated to 0.8.3, and make it compile with
  SQLite.
* qemu-image: fix the URL.
* gdmap: make it build again (requires an older GTK+).
* rlwrap: updated to 0.37.
* smbfs-fuse -> fusesmb to match the upstream name.
* x11vnc: updated to 0.9.10.
* clearlyU: fix the URL.
* Various packages: follow the coding conventions.

svn path=/nixpkgs/trunk/; revision=22814
2010-07-29 18:55:16 +00:00
Eelco Dolstra
ba498d4a43 * composedArgsAndFun -> makeOverridable for consistency.
* Rename a few single-version packages to "default.nix".

svn path=/nixpkgs/trunk/; revision=22803
2010-07-29 08:21:21 +00:00
Lluís Batlle i Rossell
dddd34bc4e Updating qemu.
svn path=/nixpkgs/trunk/; revision=20458
2010-03-06 23:37:01 +00:00
Lluís Batlle i Rossell
7506ae348d Updating qemu
svn path=/nixpkgs/trunk/; revision=20115
2010-02-18 18:42:11 +00:00
Armijn Hemel
cd2a151621 remove some old versions of qemu. svn version has also been outdated, but I'm not removing that one yet
svn path=/nixpkgs/trunk/; revision=19158
2009-12-30 18:02:07 +00:00
Armijn Hemel
8772bf65b0 add 0.12.1
svn path=/nixpkgs/trunk/; revision=19151
2009-12-30 12:56:08 +00:00
Eelco Dolstra
7f5b839524 * Removed selectVersion. There's no good reason to write
`selectVersion ./foo "bar"' instead of `import ./foo/bar.nix'.
* Replaced `with args' with formal function arguments in several
  packages.
* Renamed several files to `default.nix'.  As a general rule, version
  numbers should only be included in the filename when there is a
  reason to keep multiple versions of a package in Nixpkgs.
  Otherwise, it just makes it harder to update the package.

svn path=/nixpkgs/trunk/; revision=18403
2009-11-18 09:39:59 +00:00
Lluís Batlle i Rossell
4f906f38a8 Updating qemu to 0.11.0, and making it use stdenv with the usual gcc, and not an older.
svn path=/nixpkgs/trunk/; revision=18305
2009-11-09 09:15:58 +00:00
Marc Weber
52647ea3b0 FullDepEntry -> fullDepEntry, PackEntry -> packEntry
svn path=/nixpkgs/trunk/; revision=15662
2009-05-19 23:25:58 +00:00
Michael Raskin
cd61acfa10 Update qemu
svn path=/nixpkgs/trunk/; revision=15542
2009-05-10 21:22:16 +00:00
Michael Raskin
8f51ff86fd Qemu SVN head..
svn path=/nixpkgs/trunk/; revision=14222
2009-02-24 12:22:15 +00:00
Michael Raskin
abf1aeca3b Fixed missing description
svn path=/nixpkgs/trunk/; revision=13629
2008-12-14 11:21:30 +00:00
Michael Raskin
c5363217ad meta.function -> passthru.function, not killing other contents of passthru
svn path=/nixpkgs/trunk/; revision=13190
2008-11-04 21:24:10 +00:00
Michael Raskin
87ff8d6347 Changed builderDefs to use composedArgsAndFun, reduced number of nulls, made overrides in builderDefsPackage to work in an intuitive manner.
svn path=/nixpkgs/trunk/; revision=12655
2008-08-19 05:54:09 +00:00
Wouter den Breejen
df8ae9639a More mirrors / updates . . .
svn path=/nixpkgs/trunk/; revision=12308
2008-07-07 17:10:21 +00:00
Eelco Dolstra
125c7ea4e3 * Qemu: apply the Samba patch from KVM.
svn path=/nixpkgs/trunk/; revision=11991
2008-06-05 15:43:06 +00:00
Michael Raskin
71f8e0911a Added src to meta for builderDefs-based packages.
svn path=/nixpkgs/trunk/; revision=10913
2008-03-02 18:49:31 +00:00
Michael Raskin
dcddcf0d87 Updated QEmu.
svn path=/nixpkgs/trunk/; revision=10882
2008-02-28 09:59:34 +00:00
Michael Raskin
bc46eaf404 Some review of builder-defs and dependent files. No rebuild needed. Now it should be possible to override elements in builderDefs
svn path=/nixpkgs/trunk/; revision=10214
2008-01-18 12:36:56 +00:00
Michael Raskin
fa272cab14 Fixed bridge-utils, added qemu, tuned builder-defs unpack, added xlaunch - a tool to launch X using everything possible from the job except slim.
svn path=/nixpkgs/trunk/; revision=9985
2007-12-31 08:49:41 +00:00