Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Yixun Lan <dlan@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/
Date: Wed, 15 Feb 2017 07:54:17
Message-Id: 1487145249.2777fe4b2c8501fd263b4c048e38815b26532e69.dlan@gentoo
1 commit: 2777fe4b2c8501fd263b4c048e38815b26532e69
2 Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
3 AuthorDate: Fri Feb 10 09:46:51 2017 +0000
4 Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
5 CommitDate: Wed Feb 15 07:54:09 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2777fe4b
7
8 app-emulation/xen: fix XSA-207
9
10 Xen Security Advisory 207
11 memory leak when destroying guest without PT devices
12
13 Gentoo-Bug: 607840
14
15 Package-Manager: Portage-2.3.3, Repoman-2.3.1
16
17 app-emulation/xen/Manifest | 1 +
18 app-emulation/xen/xen-4.7.1-r5.ebuild | 193 ++++++++++++++++++++++++++++++++++
19 app-emulation/xen/xen-4.8.0-r2.ebuild | 193 ++++++++++++++++++++++++++++++++++
20 3 files changed, 387 insertions(+)
21
22 diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
23 index c516bbbcbf..4b72ae53f1 100644
24 --- a/app-emulation/xen/Manifest
25 +++ b/app-emulation/xen/Manifest
26 @@ -2,3 +2,4 @@ DIST xen-4.7.1-upstream-patches-0.tar.xz 16420 SHA256 cb4724fedadc408ec390f99e99
27 DIST xen-4.7.1.tar.gz 20706864 SHA256 e87f4b0575e78657ee23d31470a15ecf1ce8c3a92a771cda46bbcd4d0d671ffe SHA512 eb03244f5fa7b54402fcc1d38f1e69c0ea4536d5ab2f9859b41b5e94920ad9db20fb146e3c3d3635e9ca1d12e93ce0429e57f24bf53d4a2c4b69babc76ec724e WHIRLPOOL 5d7ba29ea58bdedb6a237f7cb1c0aacf361dc35ebb07ec8e55773e07b1f38c1b151615b526e14daeca7c2db235114bde0b6d124219e8818c6e529873b5151fec
28 DIST xen-4.8.0.tar.gz 22499917 SHA256 1e15c713ab7ba3bfda8b4a285ed973529364fd1100e6dd5a61f29583dc667b04 SHA512 70b95553f9813573b12e52999a4df8701dec430f23c36a8dc70d25a46bb4bc9234e5b7feb74a04062af4c8d6b6bcfe947d90b2b172416206812e54bac9797454 WHIRLPOOL 1296c25a05e3ab81730a2587ea1c07c7c022f05cfefc580224185c8d5fc9853531031c1292f69eff944ae2752492c4b95f13e160be3c449a7626aeadf1a21102
29 DIST xen-security-patches-20.tar.xz 5608 SHA256 5bb4b6d93a07a3aa74497848ecdc9b7f0729f38d8a3e90d964c9aa85851ebfba SHA512 17171ca9f212153e49636c84455ec034b08e73be26f912e43995ac245d1927e6d4aa97a160f96d55f05e2c19c44d7ed8617ad10d8f4f27dc75f8f936624f73ce WHIRLPOOL 68e6f0033102298c31bdca88ac426fbcf3ee986250795404cead9e7577cf9bdb73c153f01d40b5cac31a2e845d862fe1dfcbb9022b550abb00779cf784f9b523
30 +DIST xen-security-patches-21.tar.xz 6888 SHA256 76e43fb4c41a606cb1a5e56045dedff0ed3c94b535d89a736664965ee4a44699 SHA512 eb889d90630b6a7c4b9785bf8c2db1d83c7878cec3aa125601b38f75f70a965e52aa5003024feec40d35ee940975dfd766eeb806cdcff717991876d50ce0839b WHIRLPOOL 9039cc7410fbb0e36e1ab74d597c7b1075f92e43b9d22bcb198c0594a0802fca50f86a9fa4343cea83a68eacd6acb6fa0ef73fbd20c19a27f5e92c3f32711af8
31
32 diff --git a/app-emulation/xen/xen-4.7.1-r5.ebuild b/app-emulation/xen/xen-4.7.1-r5.ebuild
33 new file mode 100644
34 index 0000000000..b70f6c1cf7
35 --- /dev/null
36 +++ b/app-emulation/xen/xen-4.7.1-r5.ebuild
37 @@ -0,0 +1,193 @@
38 +# Copyright 1999-2017 Gentoo Foundation
39 +# Distributed under the terms of the GNU General Public License v2
40 +# $Id$
41 +
42 +EAPI=5
43 +
44 +PYTHON_COMPAT=( python2_7 )
45 +
46 +inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
47 +
48 +MY_PV=${PV/_/-}
49 +MY_P=${PN}-${PV/_/-}
50 +
51 +if [[ $PV == *9999 ]]; then
52 + inherit git-r3
53 + KEYWORDS=""
54 + EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
55 + SRC_URI=""
56 +else
57 + KEYWORDS="~amd64 ~arm -x86"
58 + UPSTREAM_VER=0
59 + SECURITY_VER=21
60 + GENTOO_VER=
61 +
62 + [[ -n ${UPSTREAM_VER} ]] && \
63 + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
64 + [[ -n ${SECURITY_VER} ]] && \
65 + SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
66 + [[ -n ${GENTOO_VER} ]] && \
67 + GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
68 + SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
69 + ${UPSTREAM_PATCHSET_URI}
70 + ${SECURITY_PATCHSET_URI}
71 + ${GENTOO_PATCHSET_URI}"
72 +fi
73 +
74 +DESCRIPTION="The Xen virtual machine monitor"
75 +HOMEPAGE="http://xen.org/"
76 +LICENSE="GPL-2"
77 +SLOT="0"
78 +IUSE="custom-cflags debug efi flask"
79 +
80 +DEPEND="${PYTHON_DEPS}
81 + efi? ( >=sys-devel/binutils-2.22[multitarget] )
82 + !efi? ( >=sys-devel/binutils-2.22 )"
83 +RDEPEND=""
84 +PDEPEND="~app-emulation/xen-tools-${PV}"
85 +
86 +# no tests are available for the hypervisor
87 +# prevent the silliness of /usr/lib/debug/usr/lib/debug files
88 +# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
89 +RESTRICT="test splitdebug strip"
90 +
91 +# Approved by QA team in bug #144032
92 +QA_WX_LOAD="boot/xen-syms-${PV}"
93 +
94 +REQUIRED_USE="arm? ( debug )"
95 +
96 +S="${WORKDIR}/${MY_P}"
97 +
98 +pkg_setup() {
99 + python-any-r1_pkg_setup
100 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
101 + if use amd64; then
102 + export XEN_TARGET_ARCH="x86_64"
103 + elif use arm; then
104 + export XEN_TARGET_ARCH="arm32"
105 + elif use arm64; then
106 + export XEN_TARGET_ARCH="arm64"
107 + else
108 + die "Unsupported architecture!"
109 + fi
110 + fi
111 +
112 + if use flask ; then
113 + export "XSM_ENABLE=y"
114 + export "FLASK_ENABLE=y"
115 + fi
116 +}
117 +
118 +src_prepare() {
119 + # Upstream's patchset
120 + if [[ -n ${UPSTREAM_VER} ]]; then
121 + EPATCH_SUFFIX="patch" \
122 + EPATCH_FORCE="yes" \
123 + EPATCH_OPTS="-p1" \
124 + epatch "${WORKDIR}"/patches-upstream
125 + fi
126 +
127 + # Security patchset
128 + if [[ -n ${SECURITY_VER} ]]; then
129 + einfo "Try to apply Xen Security patch set"
130 + # apply main xen patches
131 + # Two parallel systems, both work side by side
132 + # Over time they may concdense into one. This will suffice for now
133 + EPATCH_SUFFIX="patch"
134 + EPATCH_FORCE="yes"
135 +
136 + source "${WORKDIR}"/patches-security/${PV}.conf
137 +
138 + for i in ${XEN_SECURITY_MAIN}; do
139 + epatch "${WORKDIR}"/patches-security/xen/$i
140 + done
141 + fi
142 +
143 + # Gentoo's patchset
144 + if [[ -n ${GENTOO_VER} ]]; then
145 + EPATCH_SUFFIX="patch" \
146 + EPATCH_FORCE="yes" \
147 + epatch "${WORKDIR}"/patches-gentoo
148 + fi
149 +
150 + epatch "${FILESDIR}"/${PN}-4.6-efi.patch
151 +
152 + # Drop .config
153 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
154 +
155 + if use efi; then
156 + export EFI_VENDOR="gentoo"
157 + export EFI_MOUNTPOINT="boot"
158 + fi
159 +
160 + # if the user *really* wants to use their own custom-cflags, let them
161 + if use custom-cflags; then
162 + einfo "User wants their own CFLAGS - removing defaults"
163 + # try and remove all the default custom-cflags
164 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
165 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
166 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
167 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
168 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
169 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
170 + -i {} \; || die "failed to re-set custom-cflags"
171 + fi
172 +
173 + # remove -Werror for gcc-4.6's sake
174 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
175 + xargs sed -i 's/ *-Werror */ /'
176 + # not strictly necessary to fix this
177 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
178 +
179 + # Bug #575868 converted to a sed statement, typo of one char
180 + sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die
181 +
182 + epatch_user
183 +}
184 +
185 +src_configure() {
186 + use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
187 +
188 + use debug && myopt="${myopt} debug=y"
189 +
190 + if use custom-cflags; then
191 + filter-flags -fPIE -fstack-protector
192 + replace-flags -O3 -O2
193 + else
194 + unset CFLAGS
195 + unset LDFLAGS
196 + unset ASFLAGS
197 + fi
198 +}
199 +
200 +src_compile() {
201 + # Send raw LDFLAGS so that --as-needed works
202 + emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
203 +}
204 +
205 +src_install() {
206 + local myopt
207 + use debug && myopt="${myopt} debug=y"
208 +
209 + # The 'make install' doesn't 'mkdir -p' the subdirs
210 + if use efi; then
211 + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
212 + fi
213 +
214 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
215 +
216 + # make install likes to throw in some extra EFI bits if it built
217 + use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
218 +}
219 +
220 +pkg_postinst() {
221 + elog "Official Xen Guide and the unoffical wiki page:"
222 + elog " https://wiki.gentoo.org/wiki/Xen"
223 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
224 +
225 + use efi && einfo "The efi executable is installed in boot/efi/gentoo"
226 +
227 + elog "You can optionally block the installation of /boot/xen-syms by an entry"
228 + elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
229 + elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
230 +}
231
232 diff --git a/app-emulation/xen/xen-4.8.0-r2.ebuild b/app-emulation/xen/xen-4.8.0-r2.ebuild
233 new file mode 100644
234 index 0000000000..2519bf5d85
235 --- /dev/null
236 +++ b/app-emulation/xen/xen-4.8.0-r2.ebuild
237 @@ -0,0 +1,193 @@
238 +# Copyright 1999-2017 Gentoo Foundation
239 +# Distributed under the terms of the GNU General Public License v2
240 +# $Id$
241 +
242 +EAPI=5
243 +
244 +PYTHON_COMPAT=( python2_7 )
245 +
246 +inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
247 +
248 +MY_PV=${PV/_/-}
249 +MY_P=${PN}-${PV/_/-}
250 +
251 +if [[ $PV == *9999 ]]; then
252 + inherit git-r3
253 + KEYWORDS=""
254 + EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
255 + SRC_URI=""
256 +else
257 + KEYWORDS="~amd64 ~arm -x86"
258 + UPSTREAM_VER=
259 + SECURITY_VER=21
260 + GENTOO_VER=
261 +
262 + [[ -n ${UPSTREAM_VER} ]] && \
263 + UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
264 + [[ -n ${SECURITY_VER} ]] && \
265 + SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
266 + [[ -n ${GENTOO_VER} ]] && \
267 + GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
268 + SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
269 + ${UPSTREAM_PATCHSET_URI}
270 + ${SECURITY_PATCHSET_URI}
271 + ${GENTOO_PATCHSET_URI}"
272 +fi
273 +
274 +DESCRIPTION="The Xen virtual machine monitor"
275 +HOMEPAGE="http://xen.org/"
276 +LICENSE="GPL-2"
277 +SLOT="0"
278 +IUSE="custom-cflags debug efi flask"
279 +
280 +DEPEND="${PYTHON_DEPS}
281 + efi? ( >=sys-devel/binutils-2.22[multitarget] )
282 + !efi? ( >=sys-devel/binutils-2.22 )"
283 +RDEPEND=""
284 +PDEPEND="~app-emulation/xen-tools-${PV}"
285 +
286 +# no tests are available for the hypervisor
287 +# prevent the silliness of /usr/lib/debug/usr/lib/debug files
288 +# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
289 +RESTRICT="test splitdebug strip"
290 +
291 +# Approved by QA team in bug #144032
292 +QA_WX_LOAD="boot/xen-syms-${PV}"
293 +
294 +REQUIRED_USE="arm? ( debug )"
295 +
296 +S="${WORKDIR}/${MY_P}"
297 +
298 +pkg_setup() {
299 + python-any-r1_pkg_setup
300 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
301 + if use amd64; then
302 + export XEN_TARGET_ARCH="x86_64"
303 + elif use arm; then
304 + export XEN_TARGET_ARCH="arm32"
305 + elif use arm64; then
306 + export XEN_TARGET_ARCH="arm64"
307 + else
308 + die "Unsupported architecture!"
309 + fi
310 + fi
311 +
312 + if use flask ; then
313 + export "XSM_ENABLE=y"
314 + export "FLASK_ENABLE=y"
315 + fi
316 +}
317 +
318 +src_prepare() {
319 + # Upstream's patchset
320 + if [[ -n ${UPSTREAM_VER} ]]; then
321 + EPATCH_SUFFIX="patch" \
322 + EPATCH_FORCE="yes" \
323 + EPATCH_OPTS="-p1" \
324 + epatch "${WORKDIR}"/patches-upstream
325 + fi
326 +
327 + # Security patchset
328 + if [[ -n ${SECURITY_VER} ]]; then
329 + einfo "Try to apply Xen Security patch set"
330 + # apply main xen patches
331 + # Two parallel systems, both work side by side
332 + # Over time they may concdense into one. This will suffice for now
333 + EPATCH_SUFFIX="patch"
334 + EPATCH_FORCE="yes"
335 +
336 + source "${WORKDIR}"/patches-security/${PV}.conf
337 +
338 + for i in ${XEN_SECURITY_MAIN}; do
339 + epatch "${WORKDIR}"/patches-security/xen/$i
340 + done
341 + fi
342 +
343 + # Gentoo's patchset
344 + if [[ -n ${GENTOO_VER} ]]; then
345 + EPATCH_SUFFIX="patch" \
346 + EPATCH_FORCE="yes" \
347 + epatch "${WORKDIR}"/patches-gentoo
348 + fi
349 +
350 + epatch "${FILESDIR}"/${PN}-4.6-efi.patch
351 +
352 + # Drop .config
353 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
354 +
355 + if use efi; then
356 + export EFI_VENDOR="gentoo"
357 + export EFI_MOUNTPOINT="boot"
358 + fi
359 +
360 + # if the user *really* wants to use their own custom-cflags, let them
361 + if use custom-cflags; then
362 + einfo "User wants their own CFLAGS - removing defaults"
363 + # try and remove all the default custom-cflags
364 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
365 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
366 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
367 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
368 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
369 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
370 + -i {} \; || die "failed to re-set custom-cflags"
371 + fi
372 +
373 + # remove -Werror for gcc-4.6's sake
374 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
375 + xargs sed -i 's/ *-Werror */ /'
376 + # not strictly necessary to fix this
377 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
378 +
379 + # Bug #575868 converted to a sed statement, typo of one char
380 + sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die
381 +
382 + epatch_user
383 +}
384 +
385 +src_configure() {
386 + use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
387 +
388 + use debug && myopt="${myopt} debug=y"
389 +
390 + if use custom-cflags; then
391 + filter-flags -fPIE -fstack-protector
392 + replace-flags -O3 -O2
393 + else
394 + unset CFLAGS
395 + unset LDFLAGS
396 + unset ASFLAGS
397 + fi
398 +}
399 +
400 +src_compile() {
401 + # Send raw LDFLAGS so that --as-needed works
402 + emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
403 +}
404 +
405 +src_install() {
406 + local myopt
407 + use debug && myopt="${myopt} debug=y"
408 +
409 + # The 'make install' doesn't 'mkdir -p' the subdirs
410 + if use efi; then
411 + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
412 + fi
413 +
414 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
415 +
416 + # make install likes to throw in some extra EFI bits if it built
417 + use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
418 +}
419 +
420 +pkg_postinst() {
421 + elog "Official Xen Guide and the unoffical wiki page:"
422 + elog " https://wiki.gentoo.org/wiki/Xen"
423 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
424 +
425 + use efi && einfo "The efi executable is installed in boot/efi/gentoo"
426 +
427 + elog "You can optionally block the installation of /boot/xen-syms by an entry"
428 + elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
429 + elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
430 +}
Report Message
Find on MARC Find on Google Groups