commit: 1a7685105711a4c1c8899a717d128a569e63e608
Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 01:16:47 2016 +0000
Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 01:17:44 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a768510
app-emulation/xen: security bump, XSA-185/186/187
Package-Manager: portage-2.3.0
app-emulation/xen/Manifest | 3 +
app-emulation/xen/xen-4.6.3-r2.ebuild | 193 ++++++++++++++++++++++++++++++++++
app-emulation/xen/xen-4.7.0-r2.ebuild | 193 ++++++++++++++++++++++++++++++++++
3 files changed, 389 insertions(+)
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 93dc0da..94e76a9 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -1,3 +1,6 @@
+DIST xen-4.6.3-upstream-patches-0.tar.xz 24736 SHA256
5ae2d11fe0d7a57c3c55c55b37f63ce2b9a1413ab39cc90a6ae16f61511749d5 SHA512
23540225457bc0f0f039d88a229a6915b0f1317f2f51f20b1fa51e919003316c8da8797a9560eb98c68045eae43a4f7665a450febd438d94952b956718cd66bd
WHIRLPOOL
01fc1b74c05b1f9cc63666df8a960a5390325d19a9413aeb606e478b7e4c9d18a96ba8f98c06e31388b27650a73d79cce01c1c6eba388b6e13c4981cdffce887
DIST xen-4.6.3.tar.gz 19707041 SHA256
02badfce9a037bd1bd4a94210c1f6b85467746216c71795805102b514bcf1fc4 SHA512
187a860b40c05139f22b8498a5fae1db173c3110d957147af29a56cb83b7111c9dc4946d65f9dffc847001fc01c5e9bf51886eaa1194bb9cfd0b6dbcd43a2c5c
WHIRLPOOL
f80fa73727218567b8d6c8d6bab9dfd577c4bb84ac737b084e4396128e8c4aa79776a277f73c283d5b12f17764b183b67fbf8596e240042dd0709f28cbab777e
+DIST xen-4.7.0-upstream-patches-0.tar.xz 24560 SHA256
3d24ff56a6a21cf91982ae7106bc5c55c8443d8398479778452e48d17903aa16 SHA512
934b81c21c4e13fee5fe4e02ef439f47df76d1ade3caf7adeec1e0144d2546fe3802cce0f715294789d393336740fc12b21fb2127b7edfb548497221b5b40f12
WHIRLPOOL
c67bf8139b0f2baf84b8c0ecff3726eeaf10f3f1cada6e3ad9a8cd92cd356bd7adc38f60f5835b7525786899bcd0c94c89700a958ea63bf0aff9f7139642154d
DIST xen-4.7.0.tar.gz 20702550 SHA256
be5876144d49729572ae06142e0bb93f1c1f2695578141eff2931995add24623 SHA512
2c52c8ef145dfab7d069e79318d5d631e1106a0ddc79d88b3bacf36c7f15cea67dccb704a245e785d2a1e42c6fb6c0ad74832f564aaeec025ad7b864031f0921
WHIRLPOOL
9725ac9fe94e78aab47b0534b5ee1a190106a773bf7d6204fed736abe7069b71937717b6680833736bd02a3a3a43f2eb2162fe7c0d992ddd47d12158b5d9835f
DIST xen-security-patches-13.tar.xz 3192 SHA256
2721580673d4d4f6f8997961ca6f08d8f818279916d37e5e996af0b4ea008fc7 SHA512
4fd15ca8b611d67b4868f027f9833403b756b87e2f1142a7a0ca41b4fee6143fe57b62ba5360e99c9295fdd0a356048af545c19ea96e075da5aba97845d4a3af
WHIRLPOOL
4fd99edcf9afc7937da48131c4d4a82eadf911fd62778dbdf937d7fb914e20d16b2765f538179d9d8ecca5d042ee39736fd1d8cbf01d7fc3e753032472e6bc65
+DIST xen-security-patches-15.tar.xz 5572 SHA256
60577d213ecde0734c2b49f75f56ce9895ad281e40329aff7a12a5d78035f105 SHA512
73c14edab07a61d2c98566dc12f10e710c0406f3dfd8d335a69413206638ff9e988a54cc822eaa64b0ef3128f66a135a85c2454d3fa67e29945f994783da8a52
WHIRLPOOL
3d6c9d22e67ba82de7d4a694c247a4e7063433e8f2d53821ec1b8c88e0a452645ecbb5959f81d1f4f7f0e7715419fa253f69c2df7a7435806dfbb0eea4012632
diff --git a/app-emulation/xen/xen-4.6.3-r2.ebuild
b/app-emulation/xen/xen-4.6.3-r2.ebuild
new file mode 100644
index 00000000..5773cce
--- /dev/null
+++ b/app-emulation/xen/xen-4.6.3-r2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${PV/_/-}
+
+if [[ $PV == *9999 ]]; then
+ inherit git-r3
+ KEYWORDS=""
+ EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
+ SRC_URI=""
+else
+ KEYWORDS="~amd64 ~arm -x86"
+ UPSTREAM_VER=0
+ SECURITY_VER=15
+ GENTOO_VER=
+
+ [[ -n ${UPSTREAM_VER} ]] && \
+
UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz";
+ [[ -n ${SECURITY_VER} ]] && \
+
SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz";
+ [[ -n ${GENTOO_VER} ]] && \
+
GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz";
+
SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
+ ${UPSTREAM_PATCHSET_URI}
+ ${SECURITY_PATCHSET_URI}
+ ${GENTOO_PATCHSET_URI}"
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/";
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask"
+
+DEPEND="${PYTHON_DEPS}
+ efi? ( >=sys-devel/binutils-2.22[multitarget] )
+ !efi? ( >=sys-devel/binutils-2.22 )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ python-any-r1_pkg_setup
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ elif use arm; then
+ export XEN_TARGET_ARCH="arm32"
+ elif use arm64; then
+ export XEN_TARGET_ARCH="arm64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Upstream's patchset
+ if [[ -n ${UPSTREAM_VER} ]]; then
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ EPATCH_OPTS="-p1" \
+ epatch "${WORKDIR}"/patches-upstream
+ fi
+
+ # Security patchset
+ if [[ -n ${SECURITY_VER} ]]; then
+ einfo "Try to apply Xen Security patch set"
+ # apply main xen patches
+ # Two parallel systems, both work side by side
+ # Over time they may concdense into one. This will suffice for
now
+ EPATCH_SUFFIX="patch"
+ EPATCH_FORCE="yes"
+
+ source "${WORKDIR}"/patches-security/${PV}.conf
+
+ for i in ${XEN_SECURITY_MAIN}; do
+ epatch "${WORKDIR}"/patches-security/xen/$i
+ done
+ fi
+
+ # Gentoo's patchset
+ if [[ -n ${GENTOO_VER} ]]; then
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ epatch "${WORKDIR}"/patches-gentoo
+ fi
+
+ epatch "${FILESDIR}"/${PN}-4.6-efi.patch
+
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't
drop"
+
+ if use efi; then
+ export EFI_VENDOR="gentoo"
+ export EFI_MOUNTPOINT="boot"
+ fi
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk
-exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e
's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e
's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \; || die "failed to re-set custom-cflags"
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /'
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to
re-set setup.py"
+
+ # Bug #575868 converted to a sed statement, typo of one char
+ sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h ||
die
+
+ epatch_user
+}
+
+src_configure() {
+ use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+ use debug && myopt="${myopt} debug=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ unset LDFLAGS
+ unset ASFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C
xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+
+ # The 'make install' doesn't 'mkdir -p' the subdirs
+ if use efi; then
+ mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+ fi
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+
+ # make install likes to throw in some extra EFI bits if it built
+ use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " https://wiki.gentoo.org/wiki/Xen";
+ elog " http://en.gentoo-wiki.com/wiki/Xen/";
+
+ use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+
+ elog "You can optionally block the installation of /boot/xen-syms by an
entry"
+ elog "in folder /etc/portage/env using the portage's feature
INSTALL_MASK"
+ elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
+}
diff --git a/app-emulation/xen/xen-4.7.0-r2.ebuild
b/app-emulation/xen/xen-4.7.0-r2.ebuild
new file mode 100644
index 00000000..5773cce
--- /dev/null
+++ b/app-emulation/xen/xen-4.7.0-r2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${PV/_/-}
+
+if [[ $PV == *9999 ]]; then
+ inherit git-r3
+ KEYWORDS=""
+ EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
+ SRC_URI=""
+else
+ KEYWORDS="~amd64 ~arm -x86"
+ UPSTREAM_VER=0
+ SECURITY_VER=15
+ GENTOO_VER=
+
+ [[ -n ${UPSTREAM_VER} ]] && \
+
UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz";
+ [[ -n ${SECURITY_VER} ]] && \
+
SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz";
+ [[ -n ${GENTOO_VER} ]] && \
+
GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz";
+
SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
+ ${UPSTREAM_PATCHSET_URI}
+ ${SECURITY_PATCHSET_URI}
+ ${GENTOO_PATCHSET_URI}"
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/";
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask"
+
+DEPEND="${PYTHON_DEPS}
+ efi? ( >=sys-devel/binutils-2.22[multitarget] )
+ !efi? ( >=sys-devel/binutils-2.22 )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ python-any-r1_pkg_setup
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ elif use arm; then
+ export XEN_TARGET_ARCH="arm32"
+ elif use arm64; then
+ export XEN_TARGET_ARCH="arm64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Upstream's patchset
+ if [[ -n ${UPSTREAM_VER} ]]; then
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ EPATCH_OPTS="-p1" \
+ epatch "${WORKDIR}"/patches-upstream
+ fi
+
+ # Security patchset
+ if [[ -n ${SECURITY_VER} ]]; then
+ einfo "Try to apply Xen Security patch set"
+ # apply main xen patches
+ # Two parallel systems, both work side by side
+ # Over time they may concdense into one. This will suffice for
now
+ EPATCH_SUFFIX="patch"
+ EPATCH_FORCE="yes"
+
+ source "${WORKDIR}"/patches-security/${PV}.conf
+
+ for i in ${XEN_SECURITY_MAIN}; do
+ epatch "${WORKDIR}"/patches-security/xen/$i
+ done
+ fi
+
+ # Gentoo's patchset
+ if [[ -n ${GENTOO_VER} ]]; then
+ EPATCH_SUFFIX="patch" \
+ EPATCH_FORCE="yes" \
+ epatch "${WORKDIR}"/patches-gentoo
+ fi
+
+ epatch "${FILESDIR}"/${PN}-4.6-efi.patch
+
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't
drop"
+
+ if use efi; then
+ export EFI_VENDOR="gentoo"
+ export EFI_MOUNTPOINT="boot"
+ fi
+
+ # if the user *really* wants to use their own custom-cflags, let them
+ if use custom-cflags; then
+ einfo "User wants their own CFLAGS - removing defaults"
+ # try and remove all the default custom-cflags
+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk
-exec sed \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+ -e
's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+ -e
's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+ -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+ -i {} \; || die "failed to re-set custom-cflags"
+ fi
+
+ # remove -Werror for gcc-4.6's sake
+ find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+ xargs sed -i 's/ *-Werror */ /'
+ # not strictly necessary to fix this
+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to
re-set setup.py"
+
+ # Bug #575868 converted to a sed statement, typo of one char
+ sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h ||
die
+
+ epatch_user
+}
+
+src_configure() {
+ use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+ use debug && myopt="${myopt} debug=y"
+
+ if use custom-cflags; then
+ filter-flags -fPIE -fstack-protector
+ replace-flags -O3 -O2
+ else
+ unset CFLAGS
+ unset LDFLAGS
+ unset ASFLAGS
+ fi
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C
xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+
+ # The 'make install' doesn't 'mkdir -p' the subdirs
+ if use efi; then
+ mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+ fi
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+
+ # make install likes to throw in some extra EFI bits if it built
+ use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide and the unoffical wiki page:"
+ elog " https://wiki.gentoo.org/wiki/Xen";
+ elog " http://en.gentoo-wiki.com/wiki/Xen/";
+
+ use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+
+ elog "You can optionally block the installation of /boot/xen-syms by an
entry"
+ elog "in folder /etc/portage/env using the portage's feature
INSTALL_MASK"
+ elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
+}
