commit: 2173f763545280ffb82d133af19c49e01b79507e
Author: Ian Delaney <idella4 <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 12 13:18:00 2016 +0000
Commit: Ian Delaney <idella4 <AT> gentoo <DOT> org>
CommitDate: Tue Jan 12 13:19:01 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2173f763
app-emulation/xen: rm vulnerable vns. 4.6.0-r{3,4}
Package-Manager: portage-2.2.26
app-emulation/xen/Manifest | 2 +-
app-emulation/xen/xen-4.6.0-r3.ebuild | 189 ---------------------
.../{xen-4.6.0-r4.ebuild => xen-4.6.0-r7.ebuild} | 15 +-
3 files changed, 12 insertions(+), 194 deletions(-)
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index ad42f72..54643b7 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -4,5 +4,5 @@ DIST xen-4.6.0.tar.gz 19694350 SHA256
6fa1c2431df55aa5950d248e6093b8c8c0f11c357a
DIST xen-security-patches-0.tar.xz 5944 SHA256
c0456793064185f0781668264a09a2412a25e2ff8c4ce0d332204e37b94d7e96 SHA512
de812e66563e608548b220aa00c8fd71973af748a00cea79959f46a5b6893a38248d2ea455026af43f47e3f5e566d08b5a6f3d18f22e940d75d2a2ca76cec3d3
WHIRLPOOL
3e18d32798bdfe584ee8d102963090b569ec3660fd5723d8c608091e5c7d935c1edced5e258d92bf51fe06975455a3ae33dfedd01702c6076aedf97ea61f2d1b
DIST xen-security-patches-1.tar.gz 7040 SHA256
30733e9ca71bf4291ff212eb191afb22687ccd9b2579767fe0ee013152980c76 SHA512
89c72897f18a86c2060bb76a182e7cca72ad2f33a3aab964ecae66e057aeecafee2e9986204d6feb98f81ccb740460ee2cb37663b1ab79f47adc1dd73e0091bc
WHIRLPOOL
c27e612b87b4a30abbf59e6be019e2c21a78bfbdf1715da5498d95607d390d616251768d419ac5ce76087bbf7cdfc410dd0088ba48e425082cea971efcb64346
DIST xen-security-patches-2.tar.gz 7370 SHA256
f24bf4b0cba29b51ee71f6ef82654cddf157c63d62fc1119f17255b2388e03ab SHA512
209dea670467ff1df18428c15b25229c05d676d1a2f646cddb221544ae888241ade48a22be037f97dce249ac322c1f30bb477675e5e2cc04a2fbd839e02f1f57
WHIRLPOOL
ae66a2fbc0d0f0a555d407ebd3198fa58ee043515fb9821d7b9eda46d088bc87b3de16fe015fd1142294429dd2c1c7826e414a55980e27123185c1a86fb0a8a6
-DIST xen-security-patches-3.tar.gz 7349 SHA256
a1876b918c0a608618f349deed11b547a65c5909c31d72a89340d4908c572f46 SHA512
f5e8e7ab5d9be6aa036e52627931f1b2648de642664b2922f9cab64f44d19ac8682f5beb7fdbcb842ee19346202093fade3f10e39ba60fcb12a101deb4408818
WHIRLPOOL
14ee65babe4edd901914c8b8ddb5d7b54e6738d77642514fe611bf84541ae0a932bcb48f86179d5e7a6741135b9c7b129e8244cc22922c4e592604a696b6082f
DIST xen-security-patches-4.tar.gz 7731 SHA256
b51c6616a303b4d5123fed1e58240163c8e0cf8e0de32db58c11a40a48124d52 SHA512
cef89bb68bdb4a5f947d6be8ae7a799276fd187e396c5ba85f8aa2b0b5349ba606d3742d5b8d8212df6da38f8af9711416d9a25176e713240a0a7f2194d84fc5
WHIRLPOOL
912dc869fa4eb355a86023133adcb818e87f4979d537a885b3f1c6e35ff141b7d7a33e81105dcddf34aafa4c306df79a210346f5037337173923e1dc8280ac47
+DIST xen-upstream-patches-0.tar.gz 2297 SHA256
bf21272ad029391d30bf31896efcadc75267538f6c7de5d239453f19659d58ee SHA512
3f5d60aaebd181bddab4dd02e0064de2f75672f44a687a7331fa40e81d56763fea84504081a449d11403b21ad0ba2dac075f0b1796809ef8d16e244f6be99e3d
WHIRLPOOL
4ebe79c8f2ea1c45e88e59941e477ed5639dbca3fe95c9a67e07afb0f4b6fb8b7fea8e58422d7c8f906299e4f37c14b4db15200997e5a92b647df98fa93e10c7
diff --git a/app-emulation/xen/xen-4.6.0-r3.ebuild
b/app-emulation/xen/xen-4.6.0-r3.ebuild
deleted file mode 100644
index 7ff1d1d..0000000
--- a/app-emulation/xen/xen-4.6.0-r3.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${PV/_/-}
-
-if [[ $PV == *9999 ]]; then
- inherit git-r3
- KEYWORDS=""
- EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
- SRC_URI=""
-else
- KEYWORDS="~amd64 ~arm ~arm64 -x86"
- UPSTREAM_VER=0
- SECURITY_VER=0
- SEC_VER=1
- GENTOO_VER=
-
- [[ -n ${UPSTREAM_VER} ]] && \
-
UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz";
- [[ -n ${SECURITY_VER} ]] && \
-
SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz";
- [[ -n ${GENTOO_VER} ]] && \
-
GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz";
-
SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
- ${UPSTREAM_PATCHSET_URI}
- ${SECURITY_PATCHSET_URI}
- ${GENTOO_PATCHSET_URI}
-
https://dev.gentoo.org/~idella4/distfiles/xen-security-patches-${SEC_VER}.tar.gz";
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/";
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- elif use arm; then
- export XEN_TARGET_ARCH="arm32"
- elif use arm64; then
- export XEN_TARGET_ARCH="arm64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Upstream's patchset
- if [[ -n ${UPSTREAM_VER} ]]; then
- EPATCH_SUFFIX="patch" \
- EPATCH_FORCE="yes" \
- EPATCH_OPTS="-p1" \
- epatch "${WORKDIR}"/patches-upstream
- fi
-
- if [[ -n ${SECURITY_VER} ]]; then
- einfo "Try to apply Xen Security patcheset"
- # apply main xen patches
- # Add patches from tarball in devspace ~idella4 to those from
~dlan
- # Leave this commented for now as a record of an approach; wip
- #mkdir "${WORKDIR}"/patches-security/xen || die
- #mv "${WORKDIR}"/{xsa15[6-9].patch,xsa160-4.6.patch} \
- # "${WORKDIR}"/patches-security/xen || die
- XEN_SECURITY_MAIN="xsa156.patch xsa15[8-9].patch
xsa160-4.6.patch"
- for i in ${XEN_SECURITY_MAIN}; do
- EPATCH_SUFFIX="patch" \
- EPATCH_FORCE="yes" \
- epatch "${WORKDIR}"/$i
- done
- fi
-
- # Gentoo's patchset
- if [[ -n ${GENTOO_VER} ]]; then
- EPATCH_SUFFIX="patch" \
- EPATCH_FORCE="yes" \
- epatch "${WORKDIR}"/patches-gentoo
- fi
-
- epatch "${FILESDIR}"/${PN}-4.6-efi.patch
-
- # Drop .config
- sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't
drop"
-
- if use efi; then
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="boot"
- fi
-
- # if the user *really* wants to use their own custom-cflags, let them
- if use custom-cflags; then
- einfo "User wants their own CFLAGS - removing defaults"
- # try and remove all the default custom-cflags
- find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk
-exec sed \
- -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
- -e
's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
- -e
's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
- -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
- -i {} \; || die "failed to re-set custom-cflags"
- fi
-
- # remove -Werror for gcc-4.6's sake
- find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
- xargs sed -i 's/ *-Werror */ /'
- # not strictly necessary to fix this
- sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to
re-set setup.py"
-
- epatch_user
-}
-
-src_configure() {
- use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
- use debug && myopt="${myopt} debug=y"
-
- if use custom-cflags; then
- filter-flags -fPIE -fstack-protector
- replace-flags -O3 -O2
- else
- unset CFLAGS
- unset LDFLAGS
- unset ASFLAGS
- fi
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C
xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-
- # make install likes to throw in some extra EFI bits if it built
- use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
- elog "Official Xen Guide and the unoffical wiki page:"
- elog " https://wiki.gentoo.org/wiki/Xen";
- elog " http://en.gentoo-wiki.com/wiki/Xen/";
-
- use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-
- elog "You can optionally block the installation of /boot/xen-syms by an
entry"
- elog "in folder /etc/portage/env using the portage's feature
INSTALL_MASK"
- elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
-}
diff --git a/app-emulation/xen/xen-4.6.0-r4.ebuild
b/app-emulation/xen/xen-4.6.0-r7.ebuild
similarity index 91%
rename from app-emulation/xen/xen-4.6.0-r4.ebuild
rename to app-emulation/xen/xen-4.6.0-r7.ebuild
index 277e71a..81de4e5 100644
--- a/app-emulation/xen/xen-4.6.0-r4.ebuild
+++ b/app-emulation/xen/xen-4.6.0-r7.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -21,11 +21,14 @@ else
UPSTREAM_VER=0
SECURITY_VER=0
# var set to reflect https://dev.gentoo.org/~idella4/
- SEC_VER=3
+ # first instance of UPS_VER (usptream ver)
+ UPS_VER=0
+ SEC_VER=4
GENTOO_VER=
[[ -n ${UPSTREAM_VER} ]] && \
-
UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz";
+
UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
+
https://dev.gentoo.org/~idella4/distfiles/${PN}-upstream-patches-${UPS_VER}.tar.gz";
[[ -n ${SECURITY_VER} ]] && \
SECURITY_PATCHSET_URI="https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SECURITY_VER}.tar.xz
https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SEC_VER}.tar.gz";
@@ -49,7 +52,10 @@ DEPEND="${PYTHON_DEPS}
RDEPEND=""
PDEPEND="~app-emulation/xen-tools-${PV}"
-RESTRICT="test"
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
# Approved by QA team in bug #144032
QA_WX_LOAD="boot/xen-syms-${PV}"
@@ -85,6 +91,7 @@ src_prepare() {
EPATCH_FORCE="yes" \
EPATCH_OPTS="-p1" \
epatch "${WORKDIR}"/patches-upstream
+ epatch "${WORKDIR}"/libexec.patch
fi
if [[ -n ${SECURITY_VER} ]]; then
