[gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/ - gentoo-commits

From:	Yixun Lan <dlan@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/
Date:	Wed, 27 Jul 2016 01:21:30
Message-Id:	`1469582452.1c3369b9814771534f165928ec89ff8ba62ba45a.dlan@gentoo`

1

commit:     1c3369b9814771534f165928ec89ff8ba62ba45a

2

Author:     Yixun Lan <dlan <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jul 26 07:19:02 2016 +0000

4

Commit:     Yixun Lan <dlan <AT> gentoo <DOT> org>

5

CommitDate: Wed Jul 27 01:20:52 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c3369b9

7

8

app-emulation/xen: security bump, fix XSA-182,183

9

10

Gentoo-Bug: 588780

11

12

Package-Manager: portage-2.3.0

13

14

 app-emulation/xen/Manifest            |   1 +

15

 app-emulation/xen/xen-4.6.3-r1.ebuild | 193 ++++++++++++++++++++++++++++++++++

16

 app-emulation/xen/xen-4.7.0-r1.ebuild | 193 ++++++++++++++++++++++++++++++++++

17

 3 files changed, 387 insertions(+)

18

19

diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest

20

index 3010bd8..905cd14 100644

21

--- a/app-emulation/xen/Manifest

22

+++ b/app-emulation/xen/Manifest

23

@@ -9,5 +9,6 @@ DIST xen-security-patches-00.tar.gz 4280 SHA256 1cb3d3d4af15202ce8ea5d6a5982b8c9

24

 DIST xen-security-patches-01.tar.gz 4683 SHA256 ca1e565180aff5485f217735faa24bea2f7fc821d5c5a506d1854291681fdc28 SHA512 538d5df0c3b5b5277613af3a3fc11aa46a16cfdfdc88488da5020e3ad38580b8cdb12778e251c4b41c6b5cfe37d8266a599b8b15b4032491c0689e442b388847 WHIRLPOOL a22492288fa04919c60d9e7e15181bc7eb05f457b0aad0e8ece172443fd4208d4bdeb692ef713b99aa83eb030caf3dfcf1236b5d8de13e152b93096aa2e869b8

25

 DIST xen-security-patches-10.tar.gz 13289 SHA256 8937b3c0045f83ac0685ce129c99be8ab035f2ed92605d0c1100d4f898d978a3 SHA512 698963479149bd63695b3ffd7d108b798ce6c694560f2908b639f3a1b00d37d4994fbc1e0e21aaba1f3a113653d5b37c28679bc1d97d75a805844345c9c070c0 WHIRLPOOL 8c2433c35499819906abf5cb8898dac23cbf7523cc4b4e9291e696eb2871971a7300d3f54865ac32738a1b67c1de18e227085f14c5717b60ec951d5038fa0493

26

 DIST xen-security-patches-12.tar.xz 5172 SHA256 1d3c238cbefc243a17770722895f6bc725e807641a93908d3e4002b26e4f2a8b SHA512 06f80b12c30d18f84e880ffb529fe2b90e7ade1cb3479d2fbc21447cf2c5d50c7ba3a14ddd0b31f63e87af520bf80812158e4097e657f8316bdb5f8b443c9828 WHIRLPOOL 49b776cf3d1d05758dfe9ce9f5f5cb0573eaec5f1273648eedb04b408587bb3cfe8838ea551a29423cc30622c7426e852740138fa2795898f25c22de148f91c9

27

+DIST xen-security-patches-13.tar.xz 3192 SHA256 2721580673d4d4f6f8997961ca6f08d8f818279916d37e5e996af0b4ea008fc7 SHA512 4fd15ca8b611d67b4868f027f9833403b756b87e2f1142a7a0ca41b4fee6143fe57b62ba5360e99c9295fdd0a356048af545c19ea96e075da5aba97845d4a3af WHIRLPOOL 4fd99edcf9afc7937da48131c4d4a82eadf911fd62778dbdf937d7fb914e20d16b2765f538179d9d8ecca5d042ee39736fd1d8cbf01d7fc3e753032472e6bc65

28

 DIST xen-security-patches-9.tar.gz 9793 SHA256 2167d7bc2a631cf13d5b49c9577dbc8d128517e8ecbf90ef85c38f52ab3187aa SHA512 42f4997f35cc06333584a9a3c65366493094b60a6c67928b6165f3fb7d35d3a8f9dc0c3eadd4522de0d99bcc8511afba1d5e543396399b37983eb547abedca44 WHIRLPOOL 8abb68b4ac10fbc2b590c8a29cd2474d5392d3958542dad7f21ba4ad51c7541bb1686ed2629323e214c3e72b0de7212f25a4681f653d4179404c9f4c53e3d83a

29

 DIST xen-upstream-patches-0.tar.gz 2297 SHA256 bf21272ad029391d30bf31896efcadc75267538f6c7de5d239453f19659d58ee SHA512 3f5d60aaebd181bddab4dd02e0064de2f75672f44a687a7331fa40e81d56763fea84504081a449d11403b21ad0ba2dac075f0b1796809ef8d16e244f6be99e3d WHIRLPOOL 4ebe79c8f2ea1c45e88e59941e477ed5639dbca3fe95c9a67e07afb0f4b6fb8b7fea8e58422d7c8f906299e4f37c14b4db15200997e5a92b647df98fa93e10c7

30

31

diff --git a/app-emulation/xen/xen-4.6.3-r1.ebuild b/app-emulation/xen/xen-4.6.3-r1.ebuild

32

new file mode 100644

33

index 0000000..6577d28

34

--- /dev/null

35

+++ b/app-emulation/xen/xen-4.6.3-r1.ebuild

36

@@ -0,0 +1,193 @@

37

+# Copyright 1999-2016 Gentoo Foundation

38

+# Distributed under the terms of the GNU General Public License v2

39

+# $Id$

40

+

41

+EAPI=5

42

+

43

+PYTHON_COMPAT=( python2_7 )

44

+

45

+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs

46

+

47

+MY_PV=${PV/_/-}

48

+MY_P=${PN}-${PV/_/-}

49

+

50

+if [[ $PV == *9999 ]]; then

51

+	inherit git-r3

52

+	KEYWORDS=""

53

+	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"

54

+	SRC_URI=""

55

+else

56

+	KEYWORDS="~amd64 ~arm -x86"

57

+	UPSTREAM_VER=

58

+	SECURITY_VER=13

59

+	GENTOO_VER=

60

+

61

+	[[ -n ${UPSTREAM_VER} ]] && \

62

+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"

63

+	[[ -n ${SECURITY_VER} ]] && \

64

+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"

65

+	[[ -n ${GENTOO_VER} ]] && \

66

+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"

67

+	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz

68

+		${UPSTREAM_PATCHSET_URI}

69

+		${SECURITY_PATCHSET_URI}

70

+		${GENTOO_PATCHSET_URI}"

71

+fi

72

+

73

+DESCRIPTION="The Xen virtual machine monitor"

74

+HOMEPAGE="http://xen.org/"

75

+LICENSE="GPL-2"

76

+SLOT="0"

77

+IUSE="custom-cflags debug efi flask"

78

+

79

+DEPEND="${PYTHON_DEPS}

80

+	efi? ( >=sys-devel/binutils-2.22[multitarget] )

81

+	!efi? ( >=sys-devel/binutils-2.22 )"

82

+RDEPEND=""

83

+PDEPEND="~app-emulation/xen-tools-${PV}"

84

+

85

+# no tests are available for the hypervisor

86

+# prevent the silliness of /usr/lib/debug/usr/lib/debug files

87

+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms

88

+RESTRICT="test splitdebug strip"

89

+

90

+# Approved by QA team in bug #144032

91

+QA_WX_LOAD="boot/xen-syms-${PV}"

92

+

93

+REQUIRED_USE="arm? ( debug )"

94

+

95

+S="${WORKDIR}/${MY_P}"

96

+

97

+pkg_setup() {

98

+	python-any-r1_pkg_setup

99

+	if [[ -z ${XEN_TARGET_ARCH} ]]; then

100

+		if use amd64; then

101

+			export XEN_TARGET_ARCH="x86_64"

102

+		elif use arm; then

103

+			export XEN_TARGET_ARCH="arm32"

104

+		elif use arm64; then

105

+			export XEN_TARGET_ARCH="arm64"

106

+		else

107

+			die "Unsupported architecture!"

108

+		fi

109

+	fi

110

+

111

+	if use flask ; then

112

+		export "XSM_ENABLE=y"

113

+		export "FLASK_ENABLE=y"

114

+	fi

115

+}

116

+

117

+src_prepare() {

118

+	# Upstream's patchset

119

+	if [[ -n ${UPSTREAM_VER} ]]; then

120

+		EPATCH_SUFFIX="patch" \

121

+		EPATCH_FORCE="yes" \

122

+		EPATCH_OPTS="-p1" \

123

+			epatch "${WORKDIR}"/patches-upstream

124

+	fi

125

+

126

+	# Security patchset

127

+	if [[ -n ${SECURITY_VER} ]]; then

128

+	einfo "Try to apply Xen Security patch set"

129

+		# apply main xen patches

130

+		# Two parallel systems, both work side by side

131

+		# Over time they may concdense into one. This will suffice for now

132

+		EPATCH_SUFFIX="patch"

133

+		EPATCH_FORCE="yes"

134

+

135

+		source "${WORKDIR}"/patches-security/${PV}.conf

136

+

137

+		for i in ${XEN_SECURITY_MAIN}; do

138

+			epatch "${WORKDIR}"/patches-security/xen/$i

139

+		done

140

+	fi

141

+

142

+	# Gentoo's patchset

143

+	if [[ -n ${GENTOO_VER} ]]; then

144

+		EPATCH_SUFFIX="patch" \

145

+		EPATCH_FORCE="yes" \

146

+			epatch "${WORKDIR}"/patches-gentoo

147

+	fi

148

+

149

+	epatch "${FILESDIR}"/${PN}-4.6-efi.patch

150

+

151

+	# Drop .config

152

+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"

153

+

154

+	if use efi; then

155

+		export EFI_VENDOR="gentoo"

156

+		export EFI_MOUNTPOINT="boot"

157

+	fi

158

+

159

+	# if the user *really* wants to use their own custom-cflags, let them

160

+	if use custom-cflags; then

161

+		einfo "User wants their own CFLAGS - removing defaults"

162

+		# try and remove all the default custom-cflags

163

+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \

164

+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \

165

+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \

166

+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \

167

+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \

168

+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \

169

+			-i {} \; || die "failed to re-set custom-cflags"

170

+	fi

171

+

172

+	# remove -Werror for gcc-4.6's sake

173

+	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \

174

+		xargs sed -i 's/ *-Werror */ /'

175

+	# not strictly necessary to fix this

176

+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"

177

+

178

+	# Bug #575868 converted to a sed statement, typo of one char

179

+	sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die

180

+

181

+	epatch_user

182

+}

183

+

184

+src_configure() {

185

+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"

186

+

187

+	use debug && myopt="${myopt} debug=y"

188

+

189

+	if use custom-cflags; then

190

+		filter-flags -fPIE -fstack-protector

191

+		replace-flags -O3 -O2

192

+	else

193

+		unset CFLAGS

194

+		unset LDFLAGS

195

+		unset ASFLAGS

196

+	fi

197

+}

198

+

199

+src_compile() {

200

+	# Send raw LDFLAGS so that --as-needed works

201

+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}

202

+}

203

+

204

+src_install() {

205

+	local myopt

206

+	use debug && myopt="${myopt} debug=y"

207

+

208

+	# The 'make install' doesn't 'mkdir -p' the subdirs

209

+	if use efi; then

210

+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die

211

+	fi

212

+

213

+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install

214

+

215

+	# make install likes to throw in some extra EFI bits if it built

216

+	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"

217

+}

218

+

219

+pkg_postinst() {

220

+	elog "Official Xen Guide and the unoffical wiki page:"

221

+	elog " https://wiki.gentoo.org/wiki/Xen"

222

+	elog " http://en.gentoo-wiki.com/wiki/Xen/"

223

+

224

+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"

225

+

226

+	elog "You can optionally block the installation of /boot/xen-syms by an entry"

227

+	elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"

228

+	elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"

229

+}

230

231

diff --git a/app-emulation/xen/xen-4.7.0-r1.ebuild b/app-emulation/xen/xen-4.7.0-r1.ebuild

232

new file mode 100644

233

index 0000000..6577d28

234

--- /dev/null

235

+++ b/app-emulation/xen/xen-4.7.0-r1.ebuild

236

@@ -0,0 +1,193 @@

237

+# Copyright 1999-2016 Gentoo Foundation

238

+# Distributed under the terms of the GNU General Public License v2

239

+# $Id$

240

+

241

+EAPI=5

242

+

243

+PYTHON_COMPAT=( python2_7 )

244

+

245

+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs

246

+

247

+MY_PV=${PV/_/-}

248

+MY_P=${PN}-${PV/_/-}

249

+

250

+if [[ $PV == *9999 ]]; then

251

+	inherit git-r3

252

+	KEYWORDS=""

253

+	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"

254

+	SRC_URI=""

255

+else

256

+	KEYWORDS="~amd64 ~arm -x86"

257

+	UPSTREAM_VER=

258

+	SECURITY_VER=13

259

+	GENTOO_VER=

260

+

261

+	[[ -n ${UPSTREAM_VER} ]] && \

262

+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"

263

+	[[ -n ${SECURITY_VER} ]] && \

264

+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"

265

+	[[ -n ${GENTOO_VER} ]] && \

266

+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"

267

+	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz

268

+		${UPSTREAM_PATCHSET_URI}

269

+		${SECURITY_PATCHSET_URI}

270

+		${GENTOO_PATCHSET_URI}"

271

+fi

272

+

273

+DESCRIPTION="The Xen virtual machine monitor"

274

+HOMEPAGE="http://xen.org/"

275

+LICENSE="GPL-2"

276

+SLOT="0"

277

+IUSE="custom-cflags debug efi flask"

278

+

279

+DEPEND="${PYTHON_DEPS}

280

+	efi? ( >=sys-devel/binutils-2.22[multitarget] )

281

+	!efi? ( >=sys-devel/binutils-2.22 )"

282

+RDEPEND=""

283

+PDEPEND="~app-emulation/xen-tools-${PV}"

284

+

285

+# no tests are available for the hypervisor

286

+# prevent the silliness of /usr/lib/debug/usr/lib/debug files

287

+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms

288

+RESTRICT="test splitdebug strip"

289

+

290

+# Approved by QA team in bug #144032

291

+QA_WX_LOAD="boot/xen-syms-${PV}"

292

+

293

+REQUIRED_USE="arm? ( debug )"

294

+

295

+S="${WORKDIR}/${MY_P}"

296

+

297

+pkg_setup() {

298

+	python-any-r1_pkg_setup

299

+	if [[ -z ${XEN_TARGET_ARCH} ]]; then

300

+		if use amd64; then

301

+			export XEN_TARGET_ARCH="x86_64"

302

+		elif use arm; then

303

+			export XEN_TARGET_ARCH="arm32"

304

+		elif use arm64; then

305

+			export XEN_TARGET_ARCH="arm64"

306

+		else

307

+			die "Unsupported architecture!"

308

+		fi

309

+	fi

310

+

311

+	if use flask ; then

312

+		export "XSM_ENABLE=y"

313

+		export "FLASK_ENABLE=y"

314

+	fi

315

+}

316

+

317

+src_prepare() {

318

+	# Upstream's patchset

319

+	if [[ -n ${UPSTREAM_VER} ]]; then

320

+		EPATCH_SUFFIX="patch" \

321

+		EPATCH_FORCE="yes" \

322

+		EPATCH_OPTS="-p1" \

323

+			epatch "${WORKDIR}"/patches-upstream

324

+	fi

325

+

326

+	# Security patchset

327

+	if [[ -n ${SECURITY_VER} ]]; then

328

+	einfo "Try to apply Xen Security patch set"

329

+		# apply main xen patches

330

+		# Two parallel systems, both work side by side

331

+		# Over time they may concdense into one. This will suffice for now

332

+		EPATCH_SUFFIX="patch"

333

+		EPATCH_FORCE="yes"

334

+

335

+		source "${WORKDIR}"/patches-security/${PV}.conf

336

+

337

+		for i in ${XEN_SECURITY_MAIN}; do

338

+			epatch "${WORKDIR}"/patches-security/xen/$i

339

+		done

340

+	fi

341

+

342

+	# Gentoo's patchset

343

+	if [[ -n ${GENTOO_VER} ]]; then

344

+		EPATCH_SUFFIX="patch" \

345

+		EPATCH_FORCE="yes" \

346

+			epatch "${WORKDIR}"/patches-gentoo

347

+	fi

348

+

349

+	epatch "${FILESDIR}"/${PN}-4.6-efi.patch

350

+

351

+	# Drop .config

352

+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"

353

+

354

+	if use efi; then

355

+		export EFI_VENDOR="gentoo"

356

+		export EFI_MOUNTPOINT="boot"

357

+	fi

358

+

359

+	# if the user *really* wants to use their own custom-cflags, let them

360

+	if use custom-cflags; then

361

+		einfo "User wants their own CFLAGS - removing defaults"

362

+		# try and remove all the default custom-cflags

363

+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \

364

+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \

365

+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \

366

+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \

367

+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \

368

+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \

369

+			-i {} \; || die "failed to re-set custom-cflags"

370

+	fi

371

+

372

+	# remove -Werror for gcc-4.6's sake

373

+	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \

374

+		xargs sed -i 's/ *-Werror */ /'

375

+	# not strictly necessary to fix this

376

+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"

377

+

378

+	# Bug #575868 converted to a sed statement, typo of one char

379

+	sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h || die

380

+

381

+	epatch_user

382

+}

383

+

384

+src_configure() {

385

+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"

386

+

387

+	use debug && myopt="${myopt} debug=y"

388

+

389

+	if use custom-cflags; then

390

+		filter-flags -fPIE -fstack-protector

391

+		replace-flags -O3 -O2

392

+	else

393

+		unset CFLAGS

394

+		unset LDFLAGS

395

+		unset ASFLAGS

396

+	fi

397

+}

398

+

399

+src_compile() {

400

+	# Send raw LDFLAGS so that --as-needed works

401

+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}

402

+}

403

+

404

+src_install() {

405

+	local myopt

406

+	use debug && myopt="${myopt} debug=y"

407

+

408

+	# The 'make install' doesn't 'mkdir -p' the subdirs

409

+	if use efi; then

410

+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die

411

+	fi

412

+

413

+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install

414

+

415

+	# make install likes to throw in some extra EFI bits if it built

416

+	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"

417

+}

418

+

419

+pkg_postinst() {

420

+	elog "Official Xen Guide and the unoffical wiki page:"

421

+	elog " https://wiki.gentoo.org/wiki/Xen"

422

+	elog " http://en.gentoo-wiki.com/wiki/Xen/"

423

+

424

+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"

425

+

426

+	elog "You can optionally block the installation of /boot/xen-syms by an entry"

427

+	elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"

428

+	elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"

429

+}

1	commit: 1c3369b9814771534f165928ec89ff8ba62ba45a
2	Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jul 26 07:19:02 2016 +0000
4	Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
5	CommitDate: Wed Jul 27 01:20:52 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c3369b9
7
8	app-emulation/xen: security bump, fix XSA-182,183
9
10	Gentoo-Bug: 588780
11
12	Package-Manager: portage-2.3.0
13
14	app-emulation/xen/Manifest \| 1 +
15	app-emulation/xen/xen-4.6.3-r1.ebuild \| 193 ++++++++++++++++++++++++++++++++++
16	app-emulation/xen/xen-4.7.0-r1.ebuild \| 193 ++++++++++++++++++++++++++++++++++
17	3 files changed, 387 insertions(+)
18
19	diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
20	index 3010bd8..905cd14 100644
21	--- a/app-emulation/xen/Manifest
22	+++ b/app-emulation/xen/Manifest
23	@@ -9,5 +9,6 @@ DIST xen-security-patches-00.tar.gz 4280 SHA256 1cb3d3d4af15202ce8ea5d6a5982b8c9
24	DIST xen-security-patches-01.tar.gz 4683 SHA256 ca1e565180aff5485f217735faa24bea2f7fc821d5c5a506d1854291681fdc28 SHA512 538d5df0c3b5b5277613af3a3fc11aa46a16cfdfdc88488da5020e3ad38580b8cdb12778e251c4b41c6b5cfe37d8266a599b8b15b4032491c0689e442b388847 WHIRLPOOL a22492288fa04919c60d9e7e15181bc7eb05f457b0aad0e8ece172443fd4208d4bdeb692ef713b99aa83eb030caf3dfcf1236b5d8de13e152b93096aa2e869b8
25	DIST xen-security-patches-10.tar.gz 13289 SHA256 8937b3c0045f83ac0685ce129c99be8ab035f2ed92605d0c1100d4f898d978a3 SHA512 698963479149bd63695b3ffd7d108b798ce6c694560f2908b639f3a1b00d37d4994fbc1e0e21aaba1f3a113653d5b37c28679bc1d97d75a805844345c9c070c0 WHIRLPOOL 8c2433c35499819906abf5cb8898dac23cbf7523cc4b4e9291e696eb2871971a7300d3f54865ac32738a1b67c1de18e227085f14c5717b60ec951d5038fa0493
26	DIST xen-security-patches-12.tar.xz 5172 SHA256 1d3c238cbefc243a17770722895f6bc725e807641a93908d3e4002b26e4f2a8b SHA512 06f80b12c30d18f84e880ffb529fe2b90e7ade1cb3479d2fbc21447cf2c5d50c7ba3a14ddd0b31f63e87af520bf80812158e4097e657f8316bdb5f8b443c9828 WHIRLPOOL 49b776cf3d1d05758dfe9ce9f5f5cb0573eaec5f1273648eedb04b408587bb3cfe8838ea551a29423cc30622c7426e852740138fa2795898f25c22de148f91c9
27	+DIST xen-security-patches-13.tar.xz 3192 SHA256 2721580673d4d4f6f8997961ca6f08d8f818279916d37e5e996af0b4ea008fc7 SHA512 4fd15ca8b611d67b4868f027f9833403b756b87e2f1142a7a0ca41b4fee6143fe57b62ba5360e99c9295fdd0a356048af545c19ea96e075da5aba97845d4a3af WHIRLPOOL 4fd99edcf9afc7937da48131c4d4a82eadf911fd62778dbdf937d7fb914e20d16b2765f538179d9d8ecca5d042ee39736fd1d8cbf01d7fc3e753032472e6bc65
28	DIST xen-security-patches-9.tar.gz 9793 SHA256 2167d7bc2a631cf13d5b49c9577dbc8d128517e8ecbf90ef85c38f52ab3187aa SHA512 42f4997f35cc06333584a9a3c65366493094b60a6c67928b6165f3fb7d35d3a8f9dc0c3eadd4522de0d99bcc8511afba1d5e543396399b37983eb547abedca44 WHIRLPOOL 8abb68b4ac10fbc2b590c8a29cd2474d5392d3958542dad7f21ba4ad51c7541bb1686ed2629323e214c3e72b0de7212f25a4681f653d4179404c9f4c53e3d83a
29	DIST xen-upstream-patches-0.tar.gz 2297 SHA256 bf21272ad029391d30bf31896efcadc75267538f6c7de5d239453f19659d58ee SHA512 3f5d60aaebd181bddab4dd02e0064de2f75672f44a687a7331fa40e81d56763fea84504081a449d11403b21ad0ba2dac075f0b1796809ef8d16e244f6be99e3d WHIRLPOOL 4ebe79c8f2ea1c45e88e59941e477ed5639dbca3fe95c9a67e07afb0f4b6fb8b7fea8e58422d7c8f906299e4f37c14b4db15200997e5a92b647df98fa93e10c7
30
31	diff --git a/app-emulation/xen/xen-4.6.3-r1.ebuild b/app-emulation/xen/xen-4.6.3-r1.ebuild
32	new file mode 100644
33	index 0000000..6577d28
34	--- /dev/null
35	+++ b/app-emulation/xen/xen-4.6.3-r1.ebuild
36	@@ -0,0 +1,193 @@
37	+# Copyright 1999-2016 Gentoo Foundation
38	+# Distributed under the terms of the GNU General Public License v2
39	+# $Id$
40	+
41	+EAPI=5
42	+
43	+PYTHON_COMPAT=( python2_7 )
44	+
45	+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
46	+
47	+MY_PV=${PV/_/-}
48	+MY_P=${PN}-${PV/_/-}
49	+
50	+if [[ $PV == *9999 ]]; then
51	+ inherit git-r3
52	+ KEYWORDS=""
53	+ EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
54	+ SRC_URI=""
55	+else
56	+ KEYWORDS="~amd64 ~arm -x86"
57	+ UPSTREAM_VER=
58	+ SECURITY_VER=13
59	+ GENTOO_VER=
60	+
61	+ [[ -n ${UPSTREAM_VER} ]] && \
62	+ UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
63	+ [[ -n ${SECURITY_VER} ]] && \
64	+ SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
65	+ [[ -n ${GENTOO_VER} ]] && \
66	+ GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
67	+ SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
68	+ ${UPSTREAM_PATCHSET_URI}
69	+ ${SECURITY_PATCHSET_URI}
70	+ ${GENTOO_PATCHSET_URI}"
71	+fi
72	+
73	+DESCRIPTION="The Xen virtual machine monitor"
74	+HOMEPAGE="http://xen.org/"
75	+LICENSE="GPL-2"
76	+SLOT="0"
77	+IUSE="custom-cflags debug efi flask"
78	+
79	+DEPEND="${PYTHON_DEPS}
80	+ efi? ( >=sys-devel/binutils-2.22[multitarget] )
81	+ !efi? ( >=sys-devel/binutils-2.22 )"
82	+RDEPEND=""
83	+PDEPEND="~app-emulation/xen-tools-${PV}"
84	+
85	+# no tests are available for the hypervisor
86	+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
87	+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
88	+RESTRICT="test splitdebug strip"
89	+
90	+# Approved by QA team in bug #144032
91	+QA_WX_LOAD="boot/xen-syms-${PV}"
92	+
93	+REQUIRED_USE="arm? ( debug )"
94	+
95	+S="${WORKDIR}/${MY_P}"
96	+
97	+pkg_setup() {
98	+ python-any-r1_pkg_setup
99	+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
100	+ if use amd64; then
101	+ export XEN_TARGET_ARCH="x86_64"
102	+ elif use arm; then
103	+ export XEN_TARGET_ARCH="arm32"
104	+ elif use arm64; then
105	+ export XEN_TARGET_ARCH="arm64"
106	+ else
107	+ die "Unsupported architecture!"
108	+ fi
109	+ fi
110	+
111	+ if use flask ; then
112	+ export "XSM_ENABLE=y"
113	+ export "FLASK_ENABLE=y"
114	+ fi
115	+}
116	+
117	+src_prepare() {
118	+ # Upstream's patchset
119	+ if [[ -n ${UPSTREAM_VER} ]]; then
120	+ EPATCH_SUFFIX="patch" \
121	+ EPATCH_FORCE="yes" \
122	+ EPATCH_OPTS="-p1" \
123	+ epatch "${WORKDIR}"/patches-upstream
124	+ fi
125	+
126	+ # Security patchset
127	+ if [[ -n ${SECURITY_VER} ]]; then
128	+ einfo "Try to apply Xen Security patch set"
129	+ # apply main xen patches
130	+ # Two parallel systems, both work side by side
131	+ # Over time they may concdense into one. This will suffice for now
132	+ EPATCH_SUFFIX="patch"
133	+ EPATCH_FORCE="yes"
134	+
135	+ source "${WORKDIR}"/patches-security/${PV}.conf
136	+
137	+ for i in ${XEN_SECURITY_MAIN}; do
138	+ epatch "${WORKDIR}"/patches-security/xen/$i
139	+ done
140	+ fi
141	+
142	+ # Gentoo's patchset
143	+ if [[ -n ${GENTOO_VER} ]]; then
144	+ EPATCH_SUFFIX="patch" \
145	+ EPATCH_FORCE="yes" \
146	+ epatch "${WORKDIR}"/patches-gentoo
147	+ fi
148	+
149	+ epatch "${FILESDIR}"/${PN}-4.6-efi.patch
150	+
151	+ # Drop .config
152	+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk \|\| die "Couldn't drop"
153	+
154	+ if use efi; then
155	+ export EFI_VENDOR="gentoo"
156	+ export EFI_MOUNTPOINT="boot"
157	+ fi
158	+
159	+ # if the user really wants to use their own custom-cflags, let them
160	+ if use custom-cflags; then
161	+ einfo "User wants their own CFLAGS - removing defaults"
162	+ # try and remove all the default custom-cflags
163	+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
164	+ -e 's/CFLAGS\(.\)=\(.\)-O3\(.*\)/CFLAGS\1=\2\3/' \
165	+ -e 's/CFLAGS\(.\)=\(.\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
166	+ -e 's/CFLAGS\(.\)=\(.\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
167	+ -e 's/CFLAGS\(.\)=\(.\)-g3\s\(.\)/CFLAGS\1=\2 \3/' \
168	+ -e 's/CFLAGS\(.\)=\(.\)-O2\(.*\)/CFLAGS\1=\2\3/' \
169	+ -i {} \; \|\| die "failed to re-set custom-cflags"
170	+ fi
171	+
172	+ # remove -Werror for gcc-4.6's sake
173	+ find "${S}" -name 'Makefile' -o -name '.mk' -o -name 'common.make' \| \
174	+ xargs sed -i 's/ -Werror / /'
175	+ # not strictly necessary to fix this
176	+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" \|\| die "failed to re-set setup.py"
177	+
178	+ # Bug #575868 converted to a sed statement, typo of one char
179	+ sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h \|\| die
180	+
181	+ epatch_user
182	+}
183	+
184	+src_configure() {
185	+ use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
186	+
187	+ use debug && myopt="${myopt} debug=y"
188	+
189	+ if use custom-cflags; then
190	+ filter-flags -fPIE -fstack-protector
191	+ replace-flags -O3 -O2
192	+ else
193	+ unset CFLAGS
194	+ unset LDFLAGS
195	+ unset ASFLAGS
196	+ fi
197	+}
198	+
199	+src_compile() {
200	+ # Send raw LDFLAGS so that --as-needed works
201	+ emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
202	+}
203	+
204	+src_install() {
205	+ local myopt
206	+ use debug && myopt="${myopt} debug=y"
207	+
208	+ # The 'make install' doesn't 'mkdir -p' the subdirs
209	+ if use efi; then
210	+ mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} \|\| die
211	+ fi
212	+
213	+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
214	+
215	+ # make install likes to throw in some extra EFI bits if it built
216	+ use efi \|\| rm -rf "${D}/usr/$(get_libdir)/efi"
217	+}
218	+
219	+pkg_postinst() {
220	+ elog "Official Xen Guide and the unoffical wiki page:"
221	+ elog " https://wiki.gentoo.org/wiki/Xen"
222	+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
223	+
224	+ use efi && einfo "The efi executable is installed in boot/efi/gentoo"
225	+
226	+ elog "You can optionally block the installation of /boot/xen-syms by an entry"
227	+ elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
228	+ elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
229	+}
230
231	diff --git a/app-emulation/xen/xen-4.7.0-r1.ebuild b/app-emulation/xen/xen-4.7.0-r1.ebuild
232	new file mode 100644
233	index 0000000..6577d28
234	--- /dev/null
235	+++ b/app-emulation/xen/xen-4.7.0-r1.ebuild
236	@@ -0,0 +1,193 @@
237	+# Copyright 1999-2016 Gentoo Foundation
238	+# Distributed under the terms of the GNU General Public License v2
239	+# $Id$
240	+
241	+EAPI=5
242	+
243	+PYTHON_COMPAT=( python2_7 )
244	+
245	+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
246	+
247	+MY_PV=${PV/_/-}
248	+MY_P=${PN}-${PV/_/-}
249	+
250	+if [[ $PV == *9999 ]]; then
251	+ inherit git-r3
252	+ KEYWORDS=""
253	+ EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
254	+ SRC_URI=""
255	+else
256	+ KEYWORDS="~amd64 ~arm -x86"
257	+ UPSTREAM_VER=
258	+ SECURITY_VER=13
259	+ GENTOO_VER=
260	+
261	+ [[ -n ${UPSTREAM_VER} ]] && \
262	+ UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
263	+ [[ -n ${SECURITY_VER} ]] && \
264	+ SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
265	+ [[ -n ${GENTOO_VER} ]] && \
266	+ GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
267	+ SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
268	+ ${UPSTREAM_PATCHSET_URI}
269	+ ${SECURITY_PATCHSET_URI}
270	+ ${GENTOO_PATCHSET_URI}"
271	+fi
272	+
273	+DESCRIPTION="The Xen virtual machine monitor"
274	+HOMEPAGE="http://xen.org/"
275	+LICENSE="GPL-2"
276	+SLOT="0"
277	+IUSE="custom-cflags debug efi flask"
278	+
279	+DEPEND="${PYTHON_DEPS}
280	+ efi? ( >=sys-devel/binutils-2.22[multitarget] )
281	+ !efi? ( >=sys-devel/binutils-2.22 )"
282	+RDEPEND=""
283	+PDEPEND="~app-emulation/xen-tools-${PV}"
284	+
285	+# no tests are available for the hypervisor
286	+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
287	+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
288	+RESTRICT="test splitdebug strip"
289	+
290	+# Approved by QA team in bug #144032
291	+QA_WX_LOAD="boot/xen-syms-${PV}"
292	+
293	+REQUIRED_USE="arm? ( debug )"
294	+
295	+S="${WORKDIR}/${MY_P}"
296	+
297	+pkg_setup() {
298	+ python-any-r1_pkg_setup
299	+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
300	+ if use amd64; then
301	+ export XEN_TARGET_ARCH="x86_64"
302	+ elif use arm; then
303	+ export XEN_TARGET_ARCH="arm32"
304	+ elif use arm64; then
305	+ export XEN_TARGET_ARCH="arm64"
306	+ else
307	+ die "Unsupported architecture!"
308	+ fi
309	+ fi
310	+
311	+ if use flask ; then
312	+ export "XSM_ENABLE=y"
313	+ export "FLASK_ENABLE=y"
314	+ fi
315	+}
316	+
317	+src_prepare() {
318	+ # Upstream's patchset
319	+ if [[ -n ${UPSTREAM_VER} ]]; then
320	+ EPATCH_SUFFIX="patch" \
321	+ EPATCH_FORCE="yes" \
322	+ EPATCH_OPTS="-p1" \
323	+ epatch "${WORKDIR}"/patches-upstream
324	+ fi
325	+
326	+ # Security patchset
327	+ if [[ -n ${SECURITY_VER} ]]; then
328	+ einfo "Try to apply Xen Security patch set"
329	+ # apply main xen patches
330	+ # Two parallel systems, both work side by side
331	+ # Over time they may concdense into one. This will suffice for now
332	+ EPATCH_SUFFIX="patch"
333	+ EPATCH_FORCE="yes"
334	+
335	+ source "${WORKDIR}"/patches-security/${PV}.conf
336	+
337	+ for i in ${XEN_SECURITY_MAIN}; do
338	+ epatch "${WORKDIR}"/patches-security/xen/$i
339	+ done
340	+ fi
341	+
342	+ # Gentoo's patchset
343	+ if [[ -n ${GENTOO_VER} ]]; then
344	+ EPATCH_SUFFIX="patch" \
345	+ EPATCH_FORCE="yes" \
346	+ epatch "${WORKDIR}"/patches-gentoo
347	+ fi
348	+
349	+ epatch "${FILESDIR}"/${PN}-4.6-efi.patch
350	+
351	+ # Drop .config
352	+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk \|\| die "Couldn't drop"
353	+
354	+ if use efi; then
355	+ export EFI_VENDOR="gentoo"
356	+ export EFI_MOUNTPOINT="boot"
357	+ fi
358	+
359	+ # if the user really wants to use their own custom-cflags, let them
360	+ if use custom-cflags; then
361	+ einfo "User wants their own CFLAGS - removing defaults"
362	+ # try and remove all the default custom-cflags
363	+ find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
364	+ -e 's/CFLAGS\(.\)=\(.\)-O3\(.*\)/CFLAGS\1=\2\3/' \
365	+ -e 's/CFLAGS\(.\)=\(.\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
366	+ -e 's/CFLAGS\(.\)=\(.\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
367	+ -e 's/CFLAGS\(.\)=\(.\)-g3\s\(.\)/CFLAGS\1=\2 \3/' \
368	+ -e 's/CFLAGS\(.\)=\(.\)-O2\(.*\)/CFLAGS\1=\2\3/' \
369	+ -i {} \; \|\| die "failed to re-set custom-cflags"
370	+ fi
371	+
372	+ # remove -Werror for gcc-4.6's sake
373	+ find "${S}" -name 'Makefile' -o -name '.mk' -o -name 'common.make' \| \
374	+ xargs sed -i 's/ -Werror / /'
375	+ # not strictly necessary to fix this
376	+ sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" \|\| die "failed to re-set setup.py"
377	+
378	+ # Bug #575868 converted to a sed statement, typo of one char
379	+ sed -e "s:granter’s:granter's:" -i xen/include/public/grant_table.h \|\| die
380	+
381	+ epatch_user
382	+}
383	+
384	+src_configure() {
385	+ use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
386	+
387	+ use debug && myopt="${myopt} debug=y"
388	+
389	+ if use custom-cflags; then
390	+ filter-flags -fPIE -fstack-protector
391	+ replace-flags -O3 -O2
392	+ else
393	+ unset CFLAGS
394	+ unset LDFLAGS
395	+ unset ASFLAGS
396	+ fi
397	+}
398	+
399	+src_compile() {
400	+ # Send raw LDFLAGS so that --as-needed works
401	+ emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
402	+}
403	+
404	+src_install() {
405	+ local myopt
406	+ use debug && myopt="${myopt} debug=y"
407	+
408	+ # The 'make install' doesn't 'mkdir -p' the subdirs
409	+ if use efi; then
410	+ mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} \|\| die
411	+ fi
412	+
413	+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
414	+
415	+ # make install likes to throw in some extra EFI bits if it built
416	+ use efi \|\| rm -rf "${D}/usr/$(get_libdir)/efi"
417	+}
418	+
419	+pkg_postinst() {
420	+ elog "Official Xen Guide and the unoffical wiki page:"
421	+ elog " https://wiki.gentoo.org/wiki/Xen"
422	+ elog " http://en.gentoo-wiki.com/wiki/Xen/"
423	+
424	+ use efi && einfo "The efi executable is installed in boot/efi/gentoo"
425	+
426	+ elog "You can optionally block the installation of /boot/xen-syms by an entry"
427	+ elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
428	+ elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
429	+}

Gentoo Archives: gentoo-commits