Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Ian Delaney <della5@×××××××××.au>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/virtualization:master commit in: app-emulation/xen/, app-emulation/xen-tools/, app-emulation/, ...
Date: Mon, 28 Nov 2011 18:15:55
Message-Id: d6e73198410451ad57c0227af185c4049b75f4eb.ian_delaney@gentoo
1 commit: d6e73198410451ad57c0227af185c4049b75f4eb
2 Author: Ian Delaney <idell5 <AT> iinet <DOT> com <DOT> au>
3 AuthorDate: Mon Nov 28 18:08:55 2011 +0000
4 Commit: Ian Delaney <della5 <AT> iinet <DOT> com <DOT> au>
5 CommitDate: Mon Nov 28 18:08:55 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/virtualization.git;a=commit;h=d6e73198
7
8 Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/virtualization
9
10 Conflicts:
11 app-emulation/xen-tools/Manifest
12
13 ---
14 app-emulation/files/Manifest | 7 +
15 .../files/xen-3.3.0-unexported-target-fix.patch | 21 +
16 app-emulation/files/xen-3.4.2-CVE-2011-1583.patch | 87 ++++
17 .../xen-3.4.2-dump_registers-watchdog-fix.patch | 19 +
18 .../files/xen-3.4.2-fix-__addr_ok-limit.patch | 101 +++++
19 app-emulation/files/xen-3.4.2-no-DMA.patch | 71 ++++
20 app-emulation/files/xen-3.4.2-werror-idiocy.patch | 429 ++++++++++++++++++++
21 app-emulation/files/xen-4.1.1-iommu_sec_fix.patch | 74 ++++
22 app-emulation/metadata.xml | 15 +
23 app-emulation/xen-3.4.2-r4.ebuild | 114 ++++++
24 app-emulation/xen-4.1.1-r2.ebuild | 121 ++++++
25 app-emulation/xen-9999.ebuild | 117 ++++++
26 app-emulation/xen-tools/Manifest | 22 +-
27 app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild | 12 +-
28 app-emulation/xen-tools/xen-tools-9999.ebuild | 54 +--
29 app-emulation/xen/Manifest | 14 +
30 app-emulation/xen/files/Manifest | 7 +
31 .../files/xen-3.3.0-unexported-target-fix.patch | 21 +
32 .../xen/files/xen-3.4.2-CVE-2011-1583.patch | 87 ++++
33 .../xen-3.4.2-dump_registers-watchdog-fix.patch | 19 +
34 .../xen/files/xen-3.4.2-fix-__addr_ok-limit.patch | 101 +++++
35 app-emulation/xen/files/xen-3.4.2-no-DMA.patch | 71 ++++
36 .../xen/files/xen-3.4.2-werror-idiocy.patch | 429 ++++++++++++++++++++
37 .../xen/files/xen-4.1.1-iommu_sec_fix.patch | 74 ++++
38 app-emulation/xen/metadata.xml | 15 +
39 app-emulation/xen/xen-3.4.2-r4.ebuild | 114 ++++++
40 app-emulation/xen/xen-4.1.1-r2.ebuild | 121 ++++++
41 app-emulation/xen/xen-9999.ebuild | 117 ++++++
42 28 files changed, 2413 insertions(+), 41 deletions(-)
43
44 diff --git a/app-emulation/files/Manifest b/app-emulation/files/Manifest
45 new file mode 100644
46 index 0000000..236346a
47 --- /dev/null
48 +++ b/app-emulation/files/Manifest
49 @@ -0,0 +1,7 @@
50 +MISC xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
51 +MISC xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
52 +MISC xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
53 +MISC xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
54 +MISC xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
55 +MISC xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
56 +MISC xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
57
58 diff --git a/app-emulation/files/xen-3.3.0-unexported-target-fix.patch b/app-emulation/files/xen-3.3.0-unexported-target-fix.patch
59 new file mode 100644
60 index 0000000..89f91a4
61 --- /dev/null
62 +++ b/app-emulation/files/xen-3.3.0-unexported-target-fix.patch
63 @@ -0,0 +1,21 @@
64 +diff -Nru a/tools/ioemu-qemu-xen/xen-setup b/tools/ioemu-qemu-xen/xen-setup
65 +--- a/tools/ioemu-qemu-xen/xen-setup 2008-08-22 17:56:41.000000000 +0800
66 ++++ b/tools/ioemu-qemu-xen/xen-setup 2009-02-20 10:55:37.000000000 +0800
67 +@@ -3,6 +3,8 @@
68 +
69 + # git-clean -x -d && ./xen-setup && make prefix=/usr CMDLINE_CFLAGS='-O0 -g' -j4 && make install DESTDIR=`pwd`/dist/ prefix=/usr && rsync -a --stats --delete . thule:shadow/qemu-iwj.git/ && rsync -a --stats dist/. root@thule:/
70 +
71 ++target=i386-dm
72 ++
73 + rm -f $target/Makefile
74 + rm -f $target/config.mak
75 + rm -f config-host.mak
76 +@@ -11,8 +13,6 @@
77 +
78 + ./configure --disable-gfx-check --disable-gcc-check --disable-curses --disable-slirp "$@" --prefix=/usr
79 +
80 +-target=i386-dm
81 +-
82 + if [ "x$XEN_ROOT" != x ]; then
83 + echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak
84 + fi
85
86 diff --git a/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch b/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch
87 new file mode 100644
88 index 0000000..f5cec4d
89 --- /dev/null
90 +++ b/app-emulation/files/xen-3.4.2-CVE-2011-1583.patch
91 @@ -0,0 +1,87 @@
92 +--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800
93 ++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800
94 +@@ -308,19 +308,19 @@
95 +
96 + extern struct xc_dom_loader elf_loader;
97 +
98 +-static unsigned int payload_offset(struct setup_header *hdr)
99 ++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len)
100 + {
101 +- unsigned int off;
102 ++ if (len > dom->kernel_size)
103 ++ return 0;
104 ++
105 ++ return (memcmp(dom->kernel_blob, magic, len) == 0);
106 ++ }
107 +
108 +- off = (hdr->setup_sects + 1) * 512;
109 +- off += hdr->payload_offset;
110 +- return off;
111 +-}
112 +-
113 +-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom)
114 ++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose)
115 + {
116 + struct setup_header *hdr;
117 +- int ret;
118 ++ uint64_t payload_offset, payload_length;
119 ++ /* int ret; */
120 +
121 + if ( dom->kernel_blob == NULL )
122 + {
123 +@@ -352,20 +352,47 @@
124 + return -EINVAL;
125 + }
126 +
127 +- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr);
128 +- dom->kernel_size = hdr->payload_length;
129 ++ /* upcast to 64 bits to avoid overflow */
130 ++ /* setup_sects is u8 and so cannot overflow */
131 ++ payload_offset = (hdr->setup_sects + 1) * 512;
132 ++ payload_offset += hdr->payload_offset;
133 ++ payload_length = hdr->payload_length;
134 +
135 +- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
136 +- {
137 ++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
138 ++ {
139 + ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
140 +- if ( ret == -1 )
141 ++ if ( ret == -1 ) */
142 ++ if ( payload_offset >= dom->kernel_size )
143 ++ {
144 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow",
145 ++ __FUNCTION__);
146 ++ return -EINVAL;
147 ++ }
148 ++ if ( (payload_offset + payload_length) > dom->kernel_size )
149 ++ {
150 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow",
151 ++ __FUNCTION__);
152 ++ }
153 ++
154 ++ dom->kernel_blob = dom->kernel_blob + payload_offset;
155 ++ dom->kernel_size = payload_length;
156 ++
157 ++ if ( check_magic(dom, "\037\213", 2) )
158 ++ {
159 ++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 )
160 + {
161 +- xc_dom_panic(XC_INVALID_KERNEL,
162 +- "%s: unable to gzip decompress kernel\n",
163 +- __FUNCTION__);
164 ++ if ( verbose )
165 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n",
166 ++ __FUNCTION__);
167 + return -EINVAL;
168 + }
169 + }
170 ++ else
171 ++ {
172 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n",
173 ++ __FUNCTION__);
174 ++ return -EINVAL;
175 ++ }
176 + else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 )
177 + {
178 + ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size);
179
180 diff --git a/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch b/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch
181 new file mode 100644
182 index 0000000..7c8ff5b
183 --- /dev/null
184 +++ b/app-emulation/files/xen-3.4.2-dump_registers-watchdog-fix.patch
185 @@ -0,0 +1,19 @@
186 +diff -r 784caad93325 xen/common/keyhandler.c
187 +--- a/xen/common/keyhandler.c Tue Nov 10 15:03:52 2009 +0000
188 ++++ b/xen/common/keyhandler.c Tue Jan 05 10:47:49 2010 +0000
189 +@@ -106,6 +106,7 @@
190 + unsigned int cpu;
191 +
192 + /* We want to get everything out that we possibly can. */
193 ++ watchdog_disable();
194 + console_start_sync();
195 +
196 + printk("'%c' pressed -> dumping registers\n", key);
197 +@@ -125,6 +126,7 @@
198 + printk("\n");
199 +
200 + console_end_sync();
201 ++ watchdog_enable();
202 + }
203 +
204 + static void dump_dom0_registers(unsigned char key)
205
206 diff --git a/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch b/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch
207 new file mode 100644
208 index 0000000..8616008
209 --- /dev/null
210 +++ b/app-emulation/files/xen-3.4.2-fix-__addr_ok-limit.patch
211 @@ -0,0 +1,101 @@
212 +-----BEGIN PGP SIGNED MESSAGE-----
213 +Hash: SHA1
214 +
215 + Xen Security Advisory CVE-2011-2901 / XSA-4
216 + revision no.2
217 + Xen <= 3.3 DoS due to incorrect virtual address validation
218 +
219 +ISSUE DESCRIPTION
220 +=================
221 +
222 +The x86_64 __addr_ok() macro intends to ensure that the checked
223 +address is either in the positive half of the 48-bit virtual address
224 +space, or above the Xen-reserved area. However, the current shift
225 +count is off-by-one, allowing full access to the "negative half" too,
226 +via certain hypercalls which ignore virtual-address bits [63:48].
227 +Vulnerable hypercalls exist only in very old versions of the
228 +hypervisor.
229 +
230 +VULNERABLE SYSTEMS
231 +==================
232 +
233 +All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV
234 +guests with untrusted administrators are vulnerable.
235 +
236 +IMPACT
237 +======
238 +
239 +A malicious guest administrator on a vulnerable system is able to
240 +crash the host.
241 +
242 +There are no known further exploits but these have not been ruled out.
243 +
244 +RESOLUTION
245 +==========
246 +
247 +The attached patch resolves the issue.
248 +
249 +Alternatively, users may choose to upgrade to a more recent hypervisor
250 +
251 +PATCHES
252 +=======
253 +
254 +The following patch resolves this issue.
255 +
256 +Filename: fix-__addr_ok-limit.patch
257 +SHA1: f18bde8d276110451c608a16f577865aa1226b4f
258 +SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636
259 +
260 +This patch should apply cleanly, and fix the problem, for all affected
261 +versions of Xen.
262 +
263 +It is harmless when applied to later hypervisors and will be included
264 +in the Xen unstable branch in due course.
265 +
266 +VERSION HISTORY
267 +===============
268 +
269 +Analysis following version 1 of this advisory (sent out to the
270 +predisclosure list during the embargo period) indicates that the
271 +actual DoS vulnerability only exists in very old hypervisors, Xen 3.3
272 +and earlier, contrary to previous reports.
273 +
274 +This advisory is no longer embargoed.
275 +-----BEGIN PGP SIGNATURE-----
276 +Version: GnuPG v1.4.9 (GNU/Linux)
277 +
278 +iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP
279 +MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD
280 +7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4
281 +zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A
282 +JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT
283 +2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg=
284 +=09T8
285 +-----END PGP SIGNATURE-----
286 +
287 +Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok
288 +
289 +The x86_64 __addr_ok() macro intends to ensure that the checked
290 +address is either in the positive half of the 48-bit virtual address
291 +space, or above the Xen-reserved area. However, the current shift
292 +count is off-by-one, allowing full access to the "negative half"
293 +too. Guests may exploit this to gain access to off-limits ranges.
294 +
295 +This issue has been assigned CVE-2011-2901.
296 +
297 +Signed-off-by: Laszlo Ersek <lersek@××××××.com>
298 +Signed-off-by: Ian Campbell <ian.campbell@××××××.com>
299 +
300 +diff --git a/xen/include/asm-x86/x86_64/uaccess.h
301 +b/xen/include/asm-x86/x86_64/uaccess.h
302 +--- a/xen/include/asm-x86/x86_64/uaccess.h
303 ++++ b/xen/include/asm-x86/x86_64/uaccess.h
304 +@@ -34,7 +34,7 @@
305 + * non-canonical address (and thus fault) before ever reaching VIRT_START.
306 + */
307 + #define __addr_ok(addr) \
308 +- (((unsigned long)(addr) < (1UL<<48)) || \
309 ++ (((unsigned long)(addr) < (1UL<<47)) || \
310 + ((unsigned long)(addr) >= HYPERVISOR_VIRT_END))
311 +
312 + #define access_ok(addr, size) \
313
314 diff --git a/app-emulation/files/xen-3.4.2-no-DMA.patch b/app-emulation/files/xen-3.4.2-no-DMA.patch
315 new file mode 100644
316 index 0000000..f04d9e2
317 --- /dev/null
318 +++ b/app-emulation/files/xen-3.4.2-no-DMA.patch
319 @@ -0,0 +1,71 @@
320 +# HG changeset patch
321 +# User Tim Deegan <Tim.Deegan@××××××.com>
322 +# Date 1313145221 -3600
323 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462
324 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
325 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
326 +
327 +This stops the card from raising back-to-back faults and live-locking
328 +the CPU that handles them.
329 +
330 +Signed-off-by: Tim Deegan <tim@×××.org>
331 +Acked-by: Wei Wang2 <wei.wang2@×××.com>
332 +Acked-by: Allen M Kay <allen.m.kay@×××××.com>
333 +
334 +--- a/xen/drivers/passthrough/vtd/iommu.c.orig Mon Jul 25 16:48:39 2011 +0100
335 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
336 +@@ -733,7 +733,7 @@
337 + while (1)
338 + {
339 + u8 fault_reason;
340 +- u16 source_id;
341 ++ u16 source_id, cword;
342 + u32 data;
343 + u64 guest_addr;
344 + int type;
345 +@@ -766,6 +766,14 @@
346 + iommu_page_fault_do_one(iommu, type, fault_reason,
347 + source_id, guest_addr);
348 +
349 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
350 ++ * control it for us. */
351 ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
352 ++ PCI_FUNC(source_id), PCI_COMMAND);
353 ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
354 ++ PCI_FUNC(source_id), PCI_COMMAND,
355 ++ cword & ~PCI_COMMAND_MASTER);
356 ++
357 + fault_index++;
358 + if ( fault_index > cap_num_fault_regs(iommu->cap) )
359 + fault_index = 0;
360 +
361 +--- a/xen/drivers/passthrough/amd/iommu_init.c.orig Mon Jul 25 16:48:39 2011 +0100
362 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
363 +@@ -415,7 +415,7 @@
364 +
365 + static void parse_event_log_entry(u32 entry[])
366 + {
367 +- u16 domain_id, device_id;
368 ++ u16 domain_id, device_id, bdf, cword;
369 + u32 code;
370 + u64 *addr;
371 + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
372 +@@ -449,6 +449,18 @@
373 + printk(XENLOG_ERR "AMD-Vi: "
374 + "%s: domain = %d, device id = 0x%04x, fault address = 0x%"PRIx64"\n",
375 + event_str[code-1], domain_id, device_id, *addr);
376 ++
377 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
378 ++ * control it for us. */
379 ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
380 ++ if ( get_dma_requestor_id(bdf) == device_id )
381 ++ {
382 ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
383 ++ PCI_FUNC(bdf), PCI_COMMAND);
384 ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
385 ++ PCI_FUNC(bdf), PCI_COMMAND,
386 ++ cword & ~PCI_COMMAND_MASTER);
387 ++ }
388 + }
389 + }
390 +
391
392 diff --git a/app-emulation/files/xen-3.4.2-werror-idiocy.patch b/app-emulation/files/xen-3.4.2-werror-idiocy.patch
393 new file mode 100644
394 index 0000000..7f5b3cb
395 --- /dev/null
396 +++ b/app-emulation/files/xen-3.4.2-werror-idiocy.patch
397 @@ -0,0 +1,429 @@
398 +diff -ur xen-3.4.2.orig//Config.mk xen-3.4.2//Config.mk
399 +--- xen-3.4.2.orig//Config.mk 2009-11-10 23:16:03.000000000 +0800
400 ++++ xen-3.4.2//Config.mk 2011-09-25 02:34:11.605793042 +0800
401 +@@ -14,7 +14,7 @@
402 +
403 + # Tools to run on system hosting the build
404 + HOSTCC = gcc
405 +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
406 ++HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
407 + HOSTCFLAGS += -fno-strict-aliasing
408 +
409 + DISTDIR ?= $(XEN_ROOT)/dist
410 +diff -ur xen-3.4.2.orig//extras/mini-os/minios.mk xen-3.4.2//extras/mini-os/minios.mk
411 +--- xen-3.4.2.orig//extras/mini-os/minios.mk 2009-11-10 23:12:55.000000000 +0800
412 ++++ xen-3.4.2//extras/mini-os/minios.mk 2011-09-25 02:34:11.855793042 +0800
413 +@@ -6,7 +6,7 @@
414 +
415 + # Define some default flags.
416 + # NB. '-Wcast-qual' is nasty, so I omitted it.
417 +-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls
418 ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
419 + DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
420 + DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline)
421 + DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline
422 +diff -ur xen-3.4.2.orig//tools/blktap/drivers/Makefile xen-3.4.2//tools/blktap/drivers/Makefile
423 +--- xen-3.4.2.orig//tools/blktap/drivers/Makefile 2009-11-10 23:12:55.000000000 +0800
424 ++++ xen-3.4.2//tools/blktap/drivers/Makefile 2011-09-25 02:34:11.750793042 +0800
425 +@@ -5,7 +5,7 @@
426 + QCOW_UTIL = img2qcow qcow2raw qcow-create
427 + LIBAIO_DIR = ../../libaio/src
428 +
429 +-CFLAGS += -Werror
430 ++CFLAGS +=
431 + CFLAGS += -Wno-unused
432 + CFLAGS += -I../lib
433 + CFLAGS += $(CFLAGS_libxenctrl)
434 +diff -ur xen-3.4.2.orig//tools/blktap/lib/Makefile xen-3.4.2//tools/blktap/lib/Makefile
435 +--- xen-3.4.2.orig//tools/blktap/lib/Makefile 2009-11-10 23:12:55.000000000 +0800
436 ++++ xen-3.4.2//tools/blktap/lib/Makefile 2011-09-25 02:34:11.748793042 +0800
437 +@@ -13,7 +13,7 @@
438 + SRCS :=
439 + SRCS += xenbus.c blkif.c xs_api.c
440 +
441 +-CFLAGS += -Werror
442 ++CFLAGS +=
443 + CFLAGS += -Wno-unused
444 + CFLAGS += -fPIC
445 + # get asprintf():
446 +diff -ur xen-3.4.2.orig//tools/console/Makefile xen-3.4.2//tools/console/Makefile
447 +--- xen-3.4.2.orig//tools/console/Makefile 2009-11-10 23:12:55.000000000 +0800
448 ++++ xen-3.4.2//tools/console/Makefile 2011-09-25 02:34:11.704793042 +0800
449 +@@ -2,7 +2,7 @@
450 + XEN_ROOT=../..
451 + include $(XEN_ROOT)/tools/Rules.mk
452 +
453 +-CFLAGS += -Werror
454 ++CFLAGS +=
455 +
456 + CFLAGS += $(CFLAGS_libxenctrl)
457 + CFLAGS += $(CFLAGS_libxenstore)
458 +diff -ur xen-3.4.2.orig//tools/debugger/xenitp/Makefile xen-3.4.2//tools/debugger/xenitp/Makefile
459 +--- xen-3.4.2.orig//tools/debugger/xenitp/Makefile 2009-11-10 23:12:55.000000000 +0800
460 ++++ xen-3.4.2//tools/debugger/xenitp/Makefile 2011-09-25 02:34:11.744793042 +0800
461 +@@ -1,7 +1,7 @@
462 + XEN_ROOT=../../..
463 + include $(XEN_ROOT)/tools/Rules.mk
464 +
465 +-#CFLAGS += -Werror -g -O0
466 ++#CFLAGS += -g -O0
467 +
468 + CFLAGS += $(CFLAGS_libxenctrl)
469 +
470 +diff -ur xen-3.4.2.orig//tools/firmware/Rules.mk xen-3.4.2//tools/firmware/Rules.mk
471 +--- xen-3.4.2.orig//tools/firmware/Rules.mk 2009-11-10 23:12:55.000000000 +0800
472 ++++ xen-3.4.2//tools/firmware/Rules.mk 2011-09-25 02:34:11.565793045 +0800
473 +@@ -10,7 +10,7 @@
474 + CFLAGS += -DNDEBUG
475 + endif
476 +
477 +-CFLAGS += -Werror
478 ++CFLAGS +=
479 +
480 + # Disable PIE/SSP if GCC supports them. They can break us.
481 + $(call cc-option-add,CFLAGS,CC,-nopie)
482 +diff -ur xen-3.4.2.orig//tools/flask/libflask/Makefile xen-3.4.2//tools/flask/libflask/Makefile
483 +--- xen-3.4.2.orig//tools/flask/libflask/Makefile 2009-11-10 23:12:56.000000000 +0800
484 ++++ xen-3.4.2//tools/flask/libflask/Makefile 2011-09-25 02:34:11.657793042 +0800
485 +@@ -9,7 +9,7 @@
486 + SRCS :=
487 + SRCS += flask_op.c
488 +
489 +-CFLAGS += -Werror
490 ++CFLAGS +=
491 + CFLAGS += -fno-strict-aliasing
492 + CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) -I$(XEN_INCLUDE)
493 +
494 +diff -ur xen-3.4.2.orig//tools/flask/loadpolicy/Makefile xen-3.4.2//tools/flask/loadpolicy/Makefile
495 +--- xen-3.4.2.orig//tools/flask/loadpolicy/Makefile 2009-11-10 23:12:56.000000000 +0800
496 ++++ xen-3.4.2//tools/flask/loadpolicy/Makefile 2011-09-25 02:34:11.660793042 +0800
497 +@@ -6,7 +6,7 @@
498 + LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask
499 +
500 + PROFILE=#-pg
501 +-BASECFLAGS=-Wall -g -Werror
502 ++BASECFLAGS=-Wall -g
503 + BASECFLAGS+= $(PROFILE)
504 + #BASECFLAGS+= -I$(XEN_ROOT)/tools
505 + BASECFLAGS+= $(CFLAGS_libxenctrl)
506 +diff -ur xen-3.4.2.orig//tools/fs-back/Makefile xen-3.4.2//tools/fs-back/Makefile
507 +--- xen-3.4.2.orig//tools/fs-back/Makefile 2009-11-10 23:12:56.000000000 +0800
508 ++++ xen-3.4.2//tools/fs-back/Makefile 2011-09-25 02:34:11.637793042 +0800
509 +@@ -5,7 +5,7 @@
510 +
511 + IBIN = fs-backend
512 +
513 +-CFLAGS += -Werror
514 ++CFLAGS +=
515 + CFLAGS += -Wno-unused
516 + CFLAGS += -fno-strict-aliasing
517 + CFLAGS += $(CFLAGS_libxenctrl)
518 +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/configure xen-3.4.2//tools/ioemu-qemu-xen/configure
519 +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/configure 2009-11-05 19:44:56.000000000 +0800
520 ++++ xen-3.4.2//tools/ioemu-qemu-xen/configure 2011-09-25 02:34:11.888793042 +0800
521 +@@ -468,7 +468,7 @@
522 + CFLAGS="$CFLAGS -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls"
523 + LDFLAGS="$LDFLAGS -g"
524 + if test "$werror" = "yes" ; then
525 +-CFLAGS="$CFLAGS -Werror"
526 ++CFLAGS="$CFLAGS"
527 + fi
528 +
529 + if test "$solaris" = "no" ; then
530 +@@ -1150,7 +1150,7 @@
531 + echo "sparse enabled $sparse"
532 + echo "profiler $profiler"
533 + echo "static build $static"
534 +-echo "-Werror enabled $werror"
535 ++
536 + if test "$darwin" = "yes" ; then
537 + echo "Cocoa support $cocoa"
538 + fi
539 +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target
540 +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:33:23.946793064 +0800
541 ++++ xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:34:11.584793042 +0800
542 +@@ -26,7 +26,7 @@
543 + TARGET_PATH=$(SRC_PATH)/target-$(TARGET_BASE_ARCH)
544 + VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw
545 + CPPFLAGS=-I. -I.. -I$(TARGET_PATH) -I$(SRC_PATH) -MMD -MT $@ -MP -DNEED_CPU_H
546 +-#CFLAGS+=-Werror
547 ++#CFLAGS+=
548 + LIBS=
549 + # user emulator name
550 + ifndef TARGET_ARCH2
551 +diff -ur xen-3.4.2.orig//tools/libaio/harness/Makefile xen-3.4.2//tools/libaio/harness/Makefile
552 +--- xen-3.4.2.orig//tools/libaio/harness/Makefile 2009-11-10 23:12:56.000000000 +0800
553 ++++ xen-3.4.2//tools/libaio/harness/Makefile 2011-09-25 02:34:11.674793042 +0800
554 +@@ -4,7 +4,7 @@
555 + HARNESS_SRCS:=main.c
556 + # io_queue.c
557 +
558 +-CFLAGS=-Wall -Werror -g -O -laio
559 ++CFLAGS=-Wall -g -O -laio
560 + #-lpthread -lrt
561 +
562 + all: $(PROGS)
563 +diff -ur xen-3.4.2.orig//tools/libfsimage/Rules.mk xen-3.4.2//tools/libfsimage/Rules.mk
564 +--- xen-3.4.2.orig//tools/libfsimage/Rules.mk 2009-11-10 23:12:56.000000000 +0800
565 ++++ xen-3.4.2//tools/libfsimage/Rules.mk 2011-09-25 02:34:11.566793044 +0800
566 +@@ -1,6 +1,6 @@
567 + include $(XEN_ROOT)/tools/Rules.mk
568 +
569 +-CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ -Werror
570 ++CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/
571 + LDFLAGS += -L../common/
572 +
573 + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
574 +diff -ur xen-3.4.2.orig//tools/libxc/Makefile xen-3.4.2//tools/libxc/Makefile
575 +--- xen-3.4.2.orig//tools/libxc/Makefile 2011-09-25 02:33:23.987793064 +0800
576 ++++ xen-3.4.2//tools/libxc/Makefile 2011-09-25 02:34:11.687793042 +0800
577 +@@ -52,7 +52,7 @@
578 +
579 + -include $(XEN_TARGET_ARCH)/Makefile
580 +
581 +-CFLAGS += -Werror -Wmissing-prototypes
582 ++CFLAGS += -Wmissing-prototypes
583 + CFLAGS += $(INCLUDES) -I. -I../xenstore -I../include
584 +
585 + # Needed for posix_fadvise64() in xc_linux.c
586 +diff -ur xen-3.4.2.orig//tools/libxen/Makefile.dist xen-3.4.2//tools/libxen/Makefile.dist
587 +--- xen-3.4.2.orig//tools/libxen/Makefile.dist 2009-11-10 23:12:56.000000000 +0800
588 ++++ xen-3.4.2//tools/libxen/Makefile.dist 2011-09-25 02:34:11.593793042 +0800
589 +@@ -22,7 +22,7 @@
590 + CFLAGS = -Iinclude \
591 + $(shell xml2-config --cflags) \
592 + $(shell curl-config --cflags) \
593 +- -W -Wall -Wmissing-prototypes -Werror -std=c99 -O2 -fPIC
594 ++ -W -Wall -Wmissing-prototypes -std=c99 -O2 -fPIC
595 +
596 + LDFLAGS = $(shell xml2-config --libs) \
597 + $(shell curl-config --libs)
598 +diff -ur xen-3.4.2.orig//tools/misc/lomount/Makefile xen-3.4.2//tools/misc/lomount/Makefile
599 +--- xen-3.4.2.orig//tools/misc/lomount/Makefile 2009-11-10 23:12:56.000000000 +0800
600 ++++ xen-3.4.2//tools/misc/lomount/Makefile 2011-09-25 02:34:11.666793042 +0800
601 +@@ -1,7 +1,7 @@
602 + XEN_ROOT=../../..
603 + include $(XEN_ROOT)/tools/Rules.mk
604 +
605 +-CFLAGS += -Werror
606 ++CFLAGS +=
607 +
608 + HDRS = $(wildcard *.h)
609 + OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
610 +diff -ur xen-3.4.2.orig//tools/misc/Makefile xen-3.4.2//tools/misc/Makefile
611 +--- xen-3.4.2.orig//tools/misc/Makefile 2009-11-10 23:12:56.000000000 +0800
612 ++++ xen-3.4.2//tools/misc/Makefile 2011-09-25 02:34:11.669793042 +0800
613 +@@ -1,7 +1,7 @@
614 + XEN_ROOT=../..
615 + include $(XEN_ROOT)/tools/Rules.mk
616 +
617 +-CFLAGS += -Werror
618 ++CFLAGS +=
619 +
620 + INCLUDES += -I $(XEN_XC)
621 + INCLUDES += -I $(XEN_LIBXC)
622 +diff -ur xen-3.4.2.orig//tools/pygrub/setup.py xen-3.4.2//tools/pygrub/setup.py
623 +--- xen-3.4.2.orig//tools/pygrub/setup.py 2009-11-10 23:12:56.000000000 +0800
624 ++++ xen-3.4.2//tools/pygrub/setup.py 2011-09-25 02:34:11.901793042 +0800
625 +@@ -3,7 +3,7 @@
626 + import os
627 + import sys
628 +
629 +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
630 ++extra_compile_args = [ "-fno-strict-aliasing" ]
631 +
632 + XEN_ROOT = "../.."
633 +
634 +diff -ur xen-3.4.2.orig//tools/python/setup.py xen-3.4.2//tools/python/setup.py
635 +--- xen-3.4.2.orig//tools/python/setup.py 2009-11-10 23:12:56.000000000 +0800
636 ++++ xen-3.4.2//tools/python/setup.py 2011-09-25 02:34:11.897793042 +0800
637 +@@ -4,7 +4,7 @@
638 +
639 + XEN_ROOT = "../.."
640 +
641 +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
642 ++extra_compile_args = [ "-fno-strict-aliasing" ]
643 +
644 + include_dirs = [ XEN_ROOT + "/tools/libxc",
645 + XEN_ROOT + "/tools/xenstore",
646 +diff -ur xen-3.4.2.orig//tools/security/Makefile xen-3.4.2//tools/security/Makefile
647 +--- xen-3.4.2.orig//tools/security/Makefile 2009-11-10 23:12:56.000000000 +0800
648 ++++ xen-3.4.2//tools/security/Makefile 2011-09-25 02:34:11.701793042 +0800
649 +@@ -1,7 +1,7 @@
650 + XEN_ROOT = ../..
651 + include $(XEN_ROOT)/tools/Rules.mk
652 +
653 +-CFLAGS += -Werror
654 ++CFLAGS +=
655 + CFLAGS += -fno-strict-aliasing
656 + CFLAGS += -I. $(CFLAGS_libxenctrl)
657 +
658 +diff -ur xen-3.4.2.orig//tools/vnet/libxutil/Makefile xen-3.4.2//tools/vnet/libxutil/Makefile
659 +--- xen-3.4.2.orig//tools/vnet/libxutil/Makefile 2009-11-10 23:12:57.000000000 +0800
660 ++++ xen-3.4.2//tools/vnet/libxutil/Makefile 2011-09-25 02:34:11.694793042 +0800
661 +@@ -25,7 +25,7 @@
662 + PIC_OBJS := $(LIB_SRCS:.c=.opic)
663 +
664 + $(call cc-option-add,CFLAGS,CC,-fgnu89-inline)
665 +-CFLAGS += -Werror -fno-strict-aliasing
666 ++CFLAGS += -fno-strict-aliasing
667 + CFLAGS += -O3
668 + #CFLAGS += -g
669 +
670 +diff -ur xen-3.4.2.orig//tools/vtpm/Rules.mk xen-3.4.2//tools/vtpm/Rules.mk
671 +--- xen-3.4.2.orig//tools/vtpm/Rules.mk 2009-11-10 23:12:57.000000000 +0800
672 ++++ xen-3.4.2//tools/vtpm/Rules.mk 2011-09-25 02:34:11.563793044 +0800
673 +@@ -9,7 +9,7 @@
674 + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
675 +
676 + # General compiler flags
677 +-CFLAGS = -Werror -g3 -I.
678 ++CFLAGS = -g3 -I.
679 +
680 + # Generic project files
681 + HDRS = $(wildcard *.h)
682 +diff -ur xen-3.4.2.orig//tools/vtpm_manager/Rules.mk xen-3.4.2//tools/vtpm_manager/Rules.mk
683 +--- xen-3.4.2.orig//tools/vtpm_manager/Rules.mk 2009-11-10 23:12:57.000000000 +0800
684 ++++ xen-3.4.2//tools/vtpm_manager/Rules.mk 2011-09-25 02:34:11.562793042 +0800
685 +@@ -9,7 +9,7 @@
686 + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
687 +
688 + # General compiler flags
689 +-CFLAGS = -Werror -g3 -I.
690 ++CFLAGS = -g3 -I.
691 +
692 + # Generic project files
693 + HDRS = $(wildcard *.h)
694 +diff -ur xen-3.4.2.orig//tools/xcutils/Makefile xen-3.4.2//tools/xcutils/Makefile
695 +--- xen-3.4.2.orig//tools/xcutils/Makefile 2009-11-10 23:12:57.000000000 +0800
696 ++++ xen-3.4.2//tools/xcutils/Makefile 2011-09-25 02:34:11.636793042 +0800
697 +@@ -11,7 +11,7 @@
698 + XEN_ROOT = ../..
699 + include $(XEN_ROOT)/tools/Rules.mk
700 +
701 +-CFLAGS += -Werror
702 ++CFLAGS +=
703 + CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxenstore)
704 +
705 + PROGRAMS = xc_restore xc_save readnotes lsevtchn
706 +diff -ur xen-3.4.2.orig//tools/xenmon/Makefile xen-3.4.2//tools/xenmon/Makefile
707 +--- xen-3.4.2.orig//tools/xenmon/Makefile 2009-11-10 23:12:57.000000000 +0800
708 ++++ xen-3.4.2//tools/xenmon/Makefile 2011-09-25 02:34:11.641793042 +0800
709 +@@ -13,7 +13,7 @@
710 + XEN_ROOT=../..
711 + include $(XEN_ROOT)/tools/Rules.mk
712 +
713 +-CFLAGS += -Werror
714 ++CFLAGS +=
715 + CFLAGS += -I $(XEN_XC)
716 + CFLAGS += $(CFLAGS_libxenctrl)
717 + LDFLAGS += $(LDFLAGS_libxenctrl)
718 +diff -ur xen-3.4.2.orig//tools/xenpmd/Makefile xen-3.4.2//tools/xenpmd/Makefile
719 +--- xen-3.4.2.orig//tools/xenpmd/Makefile 2009-11-10 23:12:57.000000000 +0800
720 ++++ xen-3.4.2//tools/xenpmd/Makefile 2011-09-25 02:34:11.656793042 +0800
721 +@@ -1,7 +1,7 @@
722 + XEN_ROOT=../..
723 + include $(XEN_ROOT)/tools/Rules.mk
724 +
725 +-CFLAGS += -Werror
726 ++CFLAGS +=
727 + CFLAGS += $(CFLAGS_libxenstore)
728 + LDFLAGS += $(LDFLAGS_libxenstore)
729 +
730 +diff -ur xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile xen-3.4.2//tools/xenstat/libxenstat/Makefile
731 +--- xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile 2009-11-10 23:12:57.000000000 +0800
732 ++++ xen-3.4.2//tools/xenstat/libxenstat/Makefile 2011-09-25 02:34:11.681793042 +0800
733 +@@ -34,7 +34,7 @@
734 + OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
735 + SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
736 +
737 +-WARN_FLAGS=-Wall -Werror
738 ++WARN_FLAGS=-Wall
739 +
740 + CFLAGS+=-Isrc -I$(XEN_LIBXC) -I$(XEN_XENSTORE) -I$(XEN_INCLUDE)
741 + LDFLAGS+=-Lsrc -L$(XEN_XENSTORE)/ -L$(XEN_LIBXC)/
742 +diff -ur xen-3.4.2.orig//tools/xenstat/xentop/Makefile xen-3.4.2//tools/xenstat/xentop/Makefile
743 +--- xen-3.4.2.orig//tools/xenstat/xentop/Makefile 2009-11-10 23:12:57.000000000 +0800
744 ++++ xen-3.4.2//tools/xenstat/xentop/Makefile 2011-09-25 02:34:11.684793042 +0800
745 +@@ -18,7 +18,7 @@
746 + all install xentop:
747 + else
748 +
749 +-CFLAGS += -DGCC_PRINTF -Wall -Werror -I$(XEN_LIBXENSTAT)
750 ++CFLAGS += -DGCC_PRINTF -Wall -I$(XEN_LIBXENSTAT)
751 + LDFLAGS += -L$(XEN_LIBXENSTAT)
752 + LDLIBS += -lxenstat $(CURSES_LIBS) $(SOCKET_LIBS)
753 + CFLAGS += -DHOST_$(XEN_OS)
754 +diff -ur xen-3.4.2.orig//tools/xenstore/Makefile xen-3.4.2//tools/xenstore/Makefile
755 +--- xen-3.4.2.orig//tools/xenstore/Makefile 2009-11-10 23:12:57.000000000 +0800
756 ++++ xen-3.4.2//tools/xenstore/Makefile 2011-09-25 02:34:11.640793042 +0800
757 +@@ -4,7 +4,7 @@
758 + MAJOR = 3.0
759 + MINOR = 0
760 +
761 +-CFLAGS += -Werror
762 ++CFLAGS +=
763 + CFLAGS += -I.
764 + CFLAGS += $(CFLAGS_libxenctrl)
765 +
766 +diff -ur xen-3.4.2.orig//tools/xenstore/xenstored_core.c xen-3.4.2//tools/xenstore/xenstored_core.c
767 +--- xen-3.4.2.orig//tools/xenstore/xenstored_core.c 2009-11-10 23:12:57.000000000 +0800
768 ++++ xen-3.4.2//tools/xenstore/xenstored_core.c 2011-09-25 02:34:11.845793042 +0800
769 +@@ -865,7 +865,7 @@
770 + {
771 + unsigned int offset, datalen;
772 + struct node *node;
773 +- char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */
774 ++ char *vec[1] = { NULL }; /* gcc4 + -W + fucks code. */
775 + char *name;
776 +
777 + /* Extra "strings" can be created by binary data. */
778 +diff -ur xen-3.4.2.orig//tools/xentrace/Makefile xen-3.4.2//tools/xentrace/Makefile
779 +--- xen-3.4.2.orig//tools/xentrace/Makefile 2009-11-10 23:12:57.000000000 +0800
780 ++++ xen-3.4.2//tools/xentrace/Makefile 2011-09-25 02:34:11.745793042 +0800
781 +@@ -1,7 +1,7 @@
782 + XEN_ROOT=../..
783 + include $(XEN_ROOT)/tools/Rules.mk
784 +
785 +-CFLAGS += -Werror
786 ++CFLAGS +=
787 +
788 + CFLAGS += $(CFLAGS_libxenctrl)
789 + LDFLAGS += $(LDFLAGS_libxenctrl)
790 +Only in xen-3.4.2/: Werror.sh
791 +diff -ur xen-3.4.2.orig//xen/arch/ia64/Rules.mk xen-3.4.2//xen/arch/ia64/Rules.mk
792 +--- xen-3.4.2.orig//xen/arch/ia64/Rules.mk 2009-11-10 23:12:57.000000000 +0800
793 ++++ xen-3.4.2//xen/arch/ia64/Rules.mk 2011-09-25 02:34:11.570793042 +0800
794 +@@ -68,7 +68,7 @@
795 + CFLAGS += -DCONFIG_XEN_IA64_TLBFLUSH_CLOCK
796 + endif
797 + ifeq ($(no_warns),y)
798 +-CFLAGS += -Wa,--fatal-warnings -Werror -Wno-uninitialized
799 ++CFLAGS += -Wa,--fatal-warnings -Wno-uninitialized
800 + endif
801 + ifneq ($(vhpt_disable),y)
802 + CFLAGS += -DVHPT_ENABLED=1
803 +diff -ur xen-3.4.2.orig//xen/arch/x86/boot/build32.mk xen-3.4.2//xen/arch/x86/boot/build32.mk
804 +--- xen-3.4.2.orig//xen/arch/x86/boot/build32.mk 2009-11-10 23:12:57.000000000 +0800
805 ++++ xen-3.4.2//xen/arch/x86/boot/build32.mk 2011-09-25 02:34:11.914793042 +0800
806 +@@ -8,7 +8,7 @@
807 + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector)
808 + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector-all)
809 +
810 +-CFLAGS += -Werror -fno-builtin -msoft-float
811 ++CFLAGS += -fno-builtin -msoft-float
812 +
813 + # NB. awk invocation is a portable alternative to 'head -n -1'
814 + %.S: %.bin
815 +diff -ur xen-3.4.2.orig//xen/arch/x86/Rules.mk xen-3.4.2//xen/arch/x86/Rules.mk
816 +--- xen-3.4.2.orig//xen/arch/x86/Rules.mk 2009-11-10 23:12:57.000000000 +0800
817 ++++ xen-3.4.2//xen/arch/x86/Rules.mk 2011-09-25 02:34:11.572793042 +0800
818 +@@ -17,7 +17,7 @@
819 + endif
820 +
821 + CFLAGS += -fno-builtin -fno-common
822 +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
823 ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
824 + CFLAGS += -I$(BASEDIR)/include
825 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic
826 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
827 \ No newline at end of file
828
829 diff --git a/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch b/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch
830 new file mode 100644
831 index 0000000..737c2bd
832 --- /dev/null
833 +++ b/app-emulation/files/xen-4.1.1-iommu_sec_fix.patch
834 @@ -0,0 +1,74 @@
835 +
836 +# HG changeset patch
837 +# User Tim Deegan <Tim.Deegan@××××××.com>
838 +# Date 1313145221 -3600
839 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462
840 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
841 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
842 +
843 +This stops the card from raising back-to-back faults and live-locking
844 +the CPU that handles them.
845 +
846 +Signed-off-by: Tim Deegan <tim@×××.org>
847 +Acked-by: Wei Wang2 <wei.wang2@×××.com>
848 +Acked-by: Allen M Kay <allen.m.kay@×××××.com>
849 +
850 +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/amd/iommu_init.c
851 +--- a/xen/drivers/passthrough/amd/iommu_init.c Mon Jul 25 16:48:39 2011 +0100
852 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
853 +@@ -462,7 +462,7 @@
854 +
855 + static void parse_event_log_entry(u32 entry[])
856 + {
857 +- u16 domain_id, device_id;
858 ++ u16 domain_id, device_id, bdf, cword;
859 + u32 code;
860 + u64 *addr;
861 + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
862 +@@ -497,6 +497,18 @@
863 + "%s: domain = %d, device id = 0x%04x, "
864 + "fault address = 0x%"PRIx64"\n",
865 + event_str[code-1], domain_id, device_id, *addr);
866 ++
867 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
868 ++ * control it for us. */
869 ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
870 ++ if ( get_dma_requestor_id(bdf) == device_id )
871 ++ {
872 ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
873 ++ PCI_FUNC(bdf), PCI_COMMAND);
874 ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
875 ++ PCI_FUNC(bdf), PCI_COMMAND,
876 ++ cword & ~PCI_COMMAND_MASTER);
877 ++ }
878 + }
879 + else
880 + {
881 +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/vtd/iommu.c
882 +--- a/xen/drivers/passthrough/vtd/iommu.c Mon Jul 25 16:48:39 2011 +0100
883 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
884 +@@ -893,7 +893,7 @@
885 + while (1)
886 + {
887 + u8 fault_reason;
888 +- u16 source_id;
889 ++ u16 source_id, cword;
890 + u32 data;
891 + u64 guest_addr;
892 + int type;
893 +@@ -926,6 +926,14 @@
894 + iommu_page_fault_do_one(iommu, type, fault_reason,
895 + source_id, guest_addr);
896 +
897 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
898 ++ * control it for us. */
899 ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
900 ++ PCI_FUNC(source_id), PCI_COMMAND);
901 ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
902 ++ PCI_FUNC(source_id), PCI_COMMAND,
903 ++ cword & ~PCI_COMMAND_MASTER);
904 ++
905 + fault_index++;
906 + if ( fault_index > cap_num_fault_regs(iommu->cap) )
907 + fault_index = 0;
908 +
909
910 diff --git a/app-emulation/metadata.xml b/app-emulation/metadata.xml
911 new file mode 100644
912 index 0000000..6550459
913 --- /dev/null
914 +++ b/app-emulation/metadata.xml
915 @@ -0,0 +1,15 @@
916 +<?xml version="1.0" encoding="UTF-8"?>
917 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
918 +<pkgmetadata>
919 + <herd>xen</herd>
920 + <maintainer>
921 + <email>johneed@×××××××.com</email>
922 + <name>Ian Delaney aka idella4 proxy maintainer</name>
923 + </maintainer>
924 + <use>
925 + <flag name='acm'>Enable the ACM/sHype XSM module from IBM</flag>
926 + <flag name='flask'>Enable the Flask XSM module from NSA</flag>
927 + <flag name='pae'>Enable support for PAE kernels (usually x86-32 with >4GB memory)</flag>
928 + <flag name='xsm'>Enable the Xen Security Modules (XSM)</flag>
929 + </use>
930 +</pkgmetadata>
931
932 diff --git a/app-emulation/xen-3.4.2-r4.ebuild b/app-emulation/xen-3.4.2-r4.ebuild
933 new file mode 100644
934 index 0000000..643ade2
935 --- /dev/null
936 +++ b/app-emulation/xen-3.4.2-r4.ebuild
937 @@ -0,0 +1,114 @@
938 +# Copyright 1999-2011 Gentoo Foundation
939 +# Distributed under the terms of the GNU General Public License v2
940 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.3 2011/10/15 19:38:16 hwoarang Exp $
941 +
942 +EAPI=2
943 +
944 +inherit mount-boot flag-o-matic toolchain-funcs base
945 +
946 +DESCRIPTION="The Xen virtual machine monitor"
947 +HOMEPAGE="http://xen.org/"
948 +SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
949 +
950 +LICENSE="GPL-2"
951 +SLOT="0"
952 +KEYWORDS="amd64 x86"
953 +IUSE="debug custom-cflags pae acm flask xsm"
954 +
955 +RDEPEND="|| ( sys-boot/grub
956 + sys-boot/grub-static )
957 + >=sys-kernel/xen-sources-2.6.18"
958 +PDEPEND="~app-emulation/xen-tools-${PV}"
959 +PATCHES=(
960 + "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch
961 + "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch
962 + "${FILESDIR}/"${P}-no-DMA.patch
963 + "${FILESDIR}/"${P}-werror-idiocy.patch
964 + "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch
965 + "${FILESDIR}/"${P}-CVE-2011-1583.patch
966 +)
967 +
968 +RESTRICT="test"
969 +
970 +# Approved by QA team in bug #144032
971 +QA_WX_LOAD="boot/xen-syms-${PV}"
972 +
973 +pkg_setup() {
974 + if [ -x "${S}/.config/" ]; then
975 + die "You will need to remove ${S}/.config by hand"
976 + fi
977 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
978 + if use x86 && use amd64; then
979 + die "Confusion! Both x86 and amd64 are set in your use flags!"
980 + elif use x86; then
981 + export XEN_TARGET_ARCH="x86_32"
982 + elif use amd64; then
983 + export XEN_TARGET_ARCH="x86_64"
984 + else
985 + die "Unsupported architecture!"
986 + fi
987 + fi
988 +
989 + if use xsm ; then
990 + export "XSM_ENABLE=y"
991 + use acm && export "ACM_SECURITY=y"
992 + if use flask ; then
993 + ! use acm && export "FLASK_ENABLE=y"
994 + use acm && ewarn "Both acm and flask XSM specified, defaulting to acm."
995 + fi
996 + elif use acm || use flask ; then
997 + ewarn "acm and flask require USE=xsm to be set, dropping use flags"
998 + fi
999 +}
1000 +
1001 +src_prepare() {
1002 + base_src_prepare
1003 +
1004 + # if the user *really* wants to use their own custom-cflags, let them
1005 + if use custom-cflags; then
1006 + einfo "User wants their own CFLAGS - removing defaults"
1007 + # try and remove all the default custom-cflags
1008 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
1009 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
1010 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
1011 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
1012 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
1013 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
1014 + -i {} \;
1015 + fi
1016 +}
1017 +
1018 +src_compile() {
1019 + local myopt
1020 + use debug && myopt="${myopt} debug=y"
1021 + use pae && myopt="${myopt} pae=y"
1022 +
1023 + if use custom-cflags; then
1024 + filter-flags -fPIE -fstack-protector
1025 + replace-flags -O3 -O2
1026 + else
1027 + unset CFLAGS
1028 + fi
1029 +
1030 + # Send raw LDFLAGS so that --as-needed works
1031 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed"
1032 +}
1033 +
1034 +src_install() {
1035 + local myopt
1036 + use debug && myopt="${myopt} debug=y"
1037 + use pae && myopt="${myopt} pae=y"
1038 +
1039 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed"
1040 +}
1041 +
1042 +pkg_postinst() {
1043 + elog "Official Xen Guide and the unoffical wiki page:"
1044 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
1045 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
1046 +
1047 + if use pae; then
1048 + echo
1049 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
1050 + fi
1051 +}
1052
1053 diff --git a/app-emulation/xen-4.1.1-r2.ebuild b/app-emulation/xen-4.1.1-r2.ebuild
1054 new file mode 100644
1055 index 0000000..4b3a74b
1056 --- /dev/null
1057 +++ b/app-emulation/xen-4.1.1-r2.ebuild
1058 @@ -0,0 +1,121 @@
1059 +# Copyright 1999-2011 Gentoo Foundation
1060 +# Distributed under the terms of the GNU General Public License v2
1061 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.1.1-r2.ebuild,v 1.7 2011/11/08 23:46:38 mr_bones_ Exp $
1062 +
1063 +EAPI="4"
1064 +
1065 +if [[ $PV == *9999 ]]; then
1066 + KEYWORDS=""
1067 + REPO="xen-unstable.hg"
1068 + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
1069 + S="${WORKDIR}/${REPO}"
1070 + live_eclass="mercurial"
1071 +else
1072 + KEYWORDS="amd64 x86"
1073 + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
1074 +fi
1075 +
1076 +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
1077 +
1078 +DESCRIPTION="The Xen virtual machine monitor"
1079 +HOMEPAGE="http://xen.org/"
1080 +
1081 +LICENSE="GPL-2"
1082 +SLOT="0"
1083 +IUSE="custom-cflags debug flask pae xsm"
1084 +
1085 +RDEPEND="|| ( sys-boot/grub
1086 + sys-boot/grub-static )"
1087 +PDEPEND="~app-emulation/xen-tools-${PV}"
1088 +
1089 +RESTRICT="test"
1090 +
1091 +# Approved by QA team in bug #144032
1092 +QA_WX_LOAD="boot/xen-syms-${PV}"
1093 +
1094 +REQUIRED_USE="
1095 + flask? ( xsm )
1096 + "
1097 +
1098 +pkg_setup() {
1099 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
1100 + if use x86 && use amd64; then
1101 + die "Confusion! Both x86 and amd64 are set in your use flags!"
1102 + elif use x86; then
1103 + export XEN_TARGET_ARCH="x86_32"
1104 + elif use amd64; then
1105 + export XEN_TARGET_ARCH="x86_64"
1106 + else
1107 + die "Unsupported architecture!"
1108 + fi
1109 + fi
1110 +
1111 + if use flask ; then
1112 + export "XSM_ENABLE=y"
1113 + export "FLASK_ENABLE=y"
1114 + elif use xsm ; then
1115 + export "XSM_ENABLE=y"
1116 + fi
1117 +}
1118 +
1119 +src_prepare() {
1120 + # Drop .config
1121 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
1122 + # if the user *really* wants to use their own custom-cflags, let them
1123 + if use custom-cflags; then
1124 + einfo "User wants their own CFLAGS - removing defaults"
1125 + # try and remove all the default custom-cflags
1126 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
1127 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
1128 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
1129 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
1130 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
1131 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
1132 + -i {} \; || die "failed to set custom-cflags"
1133 + fi
1134 +
1135 + # remove -Werror for gcc-4.6's sake
1136 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
1137 + xargs sed -i 's/ *-Werror */ /' || die "failed to remove -Werror"
1138 + # not strictly necessary to fix this
1139 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to remove -Werror on setup.py"
1140 +
1141 + # Add sccurity fix bug #379241
1142 + epatch "${FILESDIR}/${P}-iommu_sec_fix.patch"
1143 +}
1144 +
1145 +src_configure() {
1146 + use debug && myopt="${myopt} debug=y"
1147 + use pae && myopt="${myopt} pae=y"
1148 +
1149 + if use custom-cflags; then
1150 + filter-flags -fPIE -fstack-protector
1151 + replace-flags -O3 -O2
1152 + else
1153 + unset CFLAGS
1154 + fi
1155 +}
1156 +
1157 +src_compile() {
1158 + # Send raw LDFLAGS so that --as-needed works
1159 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
1160 +}
1161 +
1162 +src_install() {
1163 + local myopt
1164 + use debug && myopt="${myopt} debug=y"
1165 + use pae && myopt="${myopt} pae=y"
1166 +
1167 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
1168 +}
1169 +
1170 +pkg_postinst() {
1171 + elog "Official Xen Guide and the unoffical wiki page:"
1172 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
1173 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
1174 +
1175 + if use pae; then
1176 + echo
1177 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
1178 + fi
1179 +}
1180
1181 diff --git a/app-emulation/xen-9999.ebuild b/app-emulation/xen-9999.ebuild
1182 new file mode 100644
1183 index 0000000..c3e1126
1184 --- /dev/null
1185 +++ b/app-emulation/xen-9999.ebuild
1186 @@ -0,0 +1,117 @@
1187 +# Copyright 1999-2011 Gentoo Foundation
1188 +# Distributed under the terms of the GNU General Public License v2
1189 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-9999.ebuild,v 1.4 2011/09/11 14:48:15 alexxy Exp $
1190 +
1191 +EAPI="4"
1192 +
1193 +if [[ $PV == *9999 ]]; then
1194 + KEYWORDS=""
1195 + REPO="xen-unstable.hg"
1196 + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
1197 + S="${WORKDIR}/${REPO}"
1198 + live_eclass="mercurial"
1199 +else
1200 + KEYWORDS="~amd64 ~x86"
1201 + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
1202 +fi
1203 +
1204 +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
1205 +
1206 +DESCRIPTION="The Xen virtual machine monitor"
1207 +HOMEPAGE="http://xen.org/"
1208 +
1209 +LICENSE="GPL-2"
1210 +SLOT="0"
1211 +IUSE="custom-cflags debug flask pae xsm"
1212 +
1213 +RDEPEND="|| ( sys-boot/grub
1214 + sys-boot/grub-static )"
1215 +PDEPEND="~app-emulation/xen-tools-${PV}"
1216 +
1217 +RESTRICT="test"
1218 +
1219 +# Approved by QA team in bug #144032
1220 +QA_WX_LOAD="boot/xen-syms-${PV}"
1221 +
1222 +REQUIRED_USE="flask? ( xsm )"
1223 +
1224 +pkg_setup() {
1225 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
1226 + if use x86 && use amd64; then
1227 + die "Confusion! Both x86 and amd64 are set in your use flags!"
1228 + elif use x86; then
1229 + export XEN_TARGET_ARCH="x86_32"
1230 + elif use amd64; then
1231 + export XEN_TARGET_ARCH="x86_64"
1232 + else
1233 + die "Unsupported architecture!"
1234 + fi
1235 + fi
1236 +
1237 + if use flask ; then
1238 + export "XSM_ENABLE=y"
1239 + export "FLASK_ENABLE=y"
1240 + elif use xsm ; then
1241 + export "XSM_ENABLE=y"
1242 + fi
1243 +}
1244 +
1245 +src_prepare() {
1246 + # Drop .config
1247 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
1248 +
1249 + # if the user *really* wants to use their own custom-cflags, let them
1250 + if use custom-cflags; then
1251 + einfo "User wants their own CFLAGS - removing defaults"
1252 + # try and remove all the default custom-cflags
1253 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
1254 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
1255 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
1256 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
1257 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
1258 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
1259 + -i {} \;
1260 + fi
1261 +
1262 + # remove -Werror for gcc-4.6's sake
1263 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
1264 + xargs sed -i 's/ *-Werror */ /'
1265 + # not strictly necessary to fix this
1266 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
1267 +}
1268 +
1269 +src_configure() {
1270 + use debug && myopt="${myopt} debug=y"
1271 + use pae && myopt="${myopt} pae=y"
1272 +
1273 + if use custom-cflags; then
1274 + filter-flags -fPIE -fstack-protector
1275 + replace-flags -O3 -O2
1276 + else
1277 + unset CFLAGS
1278 + fi
1279 +}
1280 +
1281 +src_compile() {
1282 + # Send raw LDFLAGS so that --as-needed works
1283 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
1284 +}
1285 +
1286 +src_install() {
1287 + local myopt
1288 + use debug && myopt="${myopt} debug=y"
1289 + use pae && myopt="${myopt} pae=y"
1290 +
1291 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
1292 +}
1293 +
1294 +pkg_postinst() {
1295 + elog "Official Xen Guide and the unoffical wiki page:"
1296 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
1297 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
1298 +
1299 + if use pae; then
1300 + echo
1301 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
1302 + fi
1303 +}
1304
1305 diff --git a/app-emulation/xen-tools/Manifest b/app-emulation/xen-tools/Manifest
1306 index a4ed5c6..37a1e0c 100644
1307 --- a/app-emulation/xen-tools/Manifest
1308 +++ b/app-emulation/xen-tools/Manifest
1309 @@ -1,2 +1,20 @@
1310 -DIST ipxe-git-v1.0.0.tar.gz 1996881 SHA256 d3128bfda9a1542049c278755f85bbcbb8441da7bfd702d511ce237fcf86a723 SHA512 6921fb857ca615899a5912d5590ca36b6f46daf828b85edc75461c08a189d9fed71ee74a82e42724da7a1355e45070d28a0a61694b3a4872c3554390e4bb4147 WHIRLPOOL 160e24eea479c9d67a8a5c7c5182864904ee594167f061adc40a3e74974197b6befe2ecdb76af1c101ff1a5697b060dae71dd3f9f969c8e18054526584d57031
1311 -DIST xen-4.1.2.tar.gz 10365786 SHA256 7d9c93057cf480d3f1efa792b19285a84fa3c06060ea5c5c453be00887389b0d SHA512 8f50f238b0b474ec5556279cbd51d704b4365033f2541a5d0376f287b26b7e8f0193172041109d97bb76d35ace3adf71e12f89f5766ff79a8ea861e7282f00d7 WHIRLPOOL 93a4bdd05125ef722464ef682798191c8b3db7228cbc0a27bcbe7932a7776491f90e727e1fcc4a9e7ec3eada7f56c567c07ad61cdda2f514109f702800fe5566
1312 +AUX ipxe-nopie.patch 952 RMD160 243c65b1e9e27fde14b10c5f605cce635de88032 SHA1 06870bb3bb063aabe16e721f487f0756a5889e8f SHA256 22d1e84568e4bdf204404c45cd4d323a78a1b5a5a29cc4a0707894e22f40bd48
1313 +AUX xen-consoles.logrotate 63 RMD160 035bd8baf1ba68a5525bab4379c0c4e350001a74 SHA1 6f88a4da3349aade6070dfc5c4465e2c00f3e68c SHA256 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19
1314 +AUX xen-tools-3.3.0-nostrip.patch 1021 RMD160 f702b588596dfdebf71fafbf866d270ac5bb549e SHA1 bb4db097af6e206ed68bcc1a1c3ef48b02e9a4c5 SHA256 2debac718c01a7eac4daf3182a7ae04aa562137d791cd510ecf1848d7eaccebd
1315 +AUX xen-tools-3.4.0-network-bridge-broadcast.patch 496 RMD160 3a8c57fe70837861f6f69d1d260c6fa6adad43e3 SHA1 cc02643eee7a39e97b53674066516c80ec0c3b38 SHA256 d00a1954447fc29500ab2f1a8c7900310e0dee81942be5c922ad66b6b42dfb74
1316 +AUX xen-tools-4.1.1-bridge.patch 449 RMD160 165524a3a92014f79e886b0a20dba8b1c1920cc2 SHA1 32db884422a48819d71003860f99779b7b82540a SHA256 71eea5408e3600c3c6f7ce4e8363ea2c19db36c1882e20cf0ef8143af527782b
1317 +AUX xen-tools-4.1.1-curl.patch 550 RMD160 87e09f92f292d89c86416036d4207b0460a3dc6e SHA1 dec0e47d62d85cb21d9fb6d097ab183f02b80310 SHA256 4bdb2875b36e7dbb0bd8d61b697da78007bb22922f56e020795c91ebb9ddd50b
1318 +AUX xen-tools-4.1.2-pyxml.patch 408 RMD160 131ff6e6a1b3bd71ff584d3cbfca4b078abd77b1 SHA1 5fa6ce64ef125e97df65ed357e1c40964a7a3619 SHA256 6a8d8ca5478bc68850fd930749ca22207807c87f8624c0c3596a8cd70bc06c65
1319 +AUX xenconsoled.confd 44 RMD160 0134f85258cf524807c4e2eae94739a70808c20d SHA1 6435bba449e9cffd3f99c5afdeb3cc37ecbd744d SHA256 2a74be03eb74f6013242a4a5d721df6cb9b959b43c405de1e32813f52d749060
1320 +AUX xenconsoled.initd 652 RMD160 5aa785e9c73c5eb8460863af2c1bc50d2a07faf4 SHA1 dceffade1f3f5f2503fc6c3ccb4b9f9788365d00 SHA256 1a5594e4e924b94490c5c942b1b63e5fe857b8ad8061060e5d8a3bdfc9f0f1b7
1321 +AUX xend.initd-r2 1064 RMD160 07b94d60a9c93577864086945389ef9821913522 SHA1 60f246da00f829776f1bb9a16ec07a6f91cbd24e SHA256 b9dcd925856eb5213b9052169492492d686b5d1ccae65b1c94a8ac944708d155
1322 +AUX xendomains-screen.confd 594 RMD160 79c7a3546cf1d3f8558c2120d6e8c93c753e66b9 SHA1 7f9ed2986495d5fa4a6f8b050cd632fde6a19994 SHA256 c4d7ffcdbeccc5e93460e2abbf70d642a78a363d79ccbbce0407f50cace54e0a
1323 +AUX xendomains.confd 291 RMD160 75d55db5360da12fc3d721c37001ccbfbb844e52 SHA1 e7be8973a4bcbfc7680258e369b07e2ed097ef49 SHA256 2fac318bb96b357dd185f7729d83c0a0b941799cdb89c24ed83051bb085735dc
1324 +AUX xendomains.initd-r2 2933 RMD160 31d35c58d0286a34bebd636e85a9368054b8f6c0 SHA1 5e9cbdb5f2b1770bf30ba99ca7c67dbf38b78e84 SHA256 da69c146e5213df5376bd9b2758d9d5957c802e5513c6ea510e604d00f1d9e40
1325 +AUX xenstored.confd 42 RMD160 3407e1ff0958d5797e257da284798a21fe31a5db SHA1 c18f64d2a41de25695b7dfb924478e3fa64ed0c3 SHA256 afcc14f014fe4ec478f85d230efefba9ffad024bf8c83b30074e8a3712cc7831
1326 +AUX xenstored.initd 812 RMD160 57a880e0024f3733bb3ebe945389eed6474b96f5 SHA1 9837c052afac31ee623ef02280a43114866869c8 SHA256 8f9df8ad835e45f9c995244e9e80d1a9ee630787bf2da88b7c4a73354d056fd8
1327 +DIST ipxe-git-v1.0.0.tar.gz 1996881 RMD160 dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 SHA1 da052c8de5f3485fe0253c19cf52ed6d72528485 SHA256 d3128bfda9a1542049c278755f85bbcbb8441da7bfd702d511ce237fcf86a723
1328 +DIST xen-4.1.2.tar.gz 10365786 RMD160 457797ec4be286afbbcad940a9ce04e44f3f40d6 SHA1 db584cb0a0cc614888d7df3b196d514fdb2edd6e SHA256 7d9c93057cf480d3f1efa792b19285a84fa3c06060ea5c5c453be00887389b0d
1329 +EBUILD xen-tools-4.1.2-r2.ebuild 9745 RMD160 3eee671f1e60d1eab97bc4fdc922eb3fe5407913 SHA1 59db466f30d1f46130dcbc28edf83dc8649ab668 SHA256 dabaa91efc5c13c2c0d85c99b653a2c58935188db0074a043aaef81a0f8a6f6c
1330 +EBUILD xen-tools-9999.ebuild 9220 RMD160 c4bccde67520da1d5f66123fe604876b9a6e96a7 SHA1 2465ef2e555b74dcae600af204d5c3c651fa6f9c SHA256 5a393d34346484b642c6ec3d73c6a0b4b5cfdf3d5604bbb23a3f6087ef4fd1e0
1331 +MISC metadata.xml 821 RMD160 a05d03fc9accefb4261be9a66ce63d25db2134ae SHA1 8abd3ea5f2c54c1682af838c9d13df43ef13897e SHA256 5e77961ab06a700cc9292df0bce39dca6803a019720ca915baf43b50c2916f02
1332
1333 diff --git a/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild b/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
1334 index 2a305e5..b32b668 100644
1335 --- a/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
1336 +++ b/app-emulation/xen-tools/xen-tools-4.1.2-r2.ebuild
1337 @@ -3,7 +3,6 @@
1338 # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.1.2-r1.ebuild,v 1.1 2011/11/11 17:50:59 neurogeek Exp $
1339
1340 EAPI="4"
1341 -
1342 PYTHON_DEPEND="2"
1343 PYTHON_USE_WITH="xml threads"
1344
1345 @@ -68,8 +67,7 @@ DEPEND="${CDEPEND}
1346 hvm? (
1347 x11-proto/xproto
1348 sys-devel/dev86
1349 - )
1350 - pygrub? ( dev-lang/python[ncurses] )
1351 + ) pygrub? ( dev-lang/python[ncurses] )
1352 "
1353
1354 RDEPEND="${CDEPEND}
1355 @@ -139,6 +137,7 @@ src_prepare() {
1356 # if the user *really* wants to use their own custom-cflags, let them
1357 if use custom-cflags; then
1358 einfo "User wants their own CFLAGS - removing defaults"
1359 +
1360 # try and remove all the default custom-cflags
1361 find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
1362 -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
1363 @@ -237,11 +236,11 @@ src_install() {
1364 -e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
1365 -i tools/examples/xl.conf || die
1366
1367 - dodoc README docs/README.xen-bugtool docs/ChangeLog
1368 +# dodoc README docs/README.xen-bugtool docs/ChangeLog
1369 if use doc; then
1370 emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
1371
1372 - dohtml -r docs/api/
1373 + dohtml -r docs/api/
1374 docinto pdf
1375 dodoc ${DOCS[@]}
1376 #docs/api/tools/python/latex/refman.pdf
1377 @@ -266,6 +265,7 @@ src_install() {
1378 keepdir /var/log/xen-consoles
1379 fi
1380
1381 + python_convert_shebangs -r 2 "${ED}"
1382 # xend expects these to exist
1383 keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
1384
1385 @@ -321,4 +321,4 @@ pkg_postinst() {
1386
1387 pkg_postrm() {
1388 python_mod_cleanup $(use pygrub && echo grub) xen
1389 -}
1390 +}
1391 \ No newline at end of file
1392
1393 diff --git a/app-emulation/xen-tools/xen-tools-9999.ebuild b/app-emulation/xen-tools/xen-tools-9999.ebuild
1394 index d9b8b0a..7a66079 100644
1395 --- a/app-emulation/xen-tools/xen-tools-9999.ebuild
1396 +++ b/app-emulation/xen-tools/xen-tools-9999.ebuild
1397 @@ -3,9 +3,8 @@
1398 # $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-9999.ebuild,v 1.7 2011/10/23 10:49:29 patrick Exp $
1399
1400 EAPI="4"
1401 -
1402 PYTHON_DEPEND="2"
1403 -PYTHON_USE_WITH="xml"
1404 +PYTHON_USE_WITH="xml threads"
1405
1406 if [[ $PV == *9999 ]]; then
1407 KEYWORDS=""
1408 @@ -31,6 +30,13 @@ LICENSE="GPL-2"
1409 SLOT="0"
1410 IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen xend"
1411
1412 +REQUIRED_USE="hvm? ( qemu )"
1413 +
1414 +QA_PRESTRIPPED="/usr/share/xen/qemu/openbios-ppc \
1415 + /usr/share/xen/qemu/openbios-sparc64 \
1416 + /usr/share/xen/qemu/openbios-sparc32"
1417 +QA_WX_LOAD=${QA_PRESTRIPPED}
1418 +
1419 CDEPEND="<dev-libs/yajl-2
1420 dev-python/lxml
1421 dev-python/pypam
1422 @@ -47,7 +53,7 @@ DEPEND="${CDEPEND}
1423 dev-ml/findlib
1424 doc? (
1425 app-doc/doxygen
1426 - dev-tex/latex2html
1427 + dev-tex/latex2html[png,gif]
1428 media-gfx/transfig
1429 media-gfx/graphviz
1430 dev-tex/xcolor
1431 @@ -61,7 +67,8 @@ DEPEND="${CDEPEND}
1432 hvm? (
1433 x11-proto/xproto
1434 sys-devel/dev86
1435 - )"
1436 + ) pygrub? ( dev-lang/python[ncurses] )
1437 + "
1438
1439 RDEPEND="${CDEPEND}
1440 sys-apps/iproute2
1441 @@ -117,26 +124,8 @@ pkg_setup() {
1442 die "latex2html missing both png and gif flags"
1443 fi
1444
1445 - if use pygrub && ! has_version "dev-lang/python[ncurses]"; then
1446 - eerror "USE=pygrub requires python to be built with ncurses support. Please add"
1447 - eerror "'ncurses' to your use flags and re-emerge python"
1448 - die "python is missing ncurses flags"
1449 - fi
1450 -
1451 - if ! has_version "dev-lang/python[threads]"; then
1452 - eerror "Python is required to be built with threading support. Please add"
1453 - eerror "'threads' to your use flags and re-emerge python"
1454 - die "python is missing threads flags"
1455 - fi
1456 -
1457 use api && export "LIBXENAPI_BINDINGS=y"
1458 use flask && export "FLASK_ENABLE=y"
1459 -
1460 - if use hvm && ! use qemu; then
1461 - elog "With qemu disabled, it is not possible to use HVM machines " \
1462 - "or PVM machines with a framebuffer attached in the kernel config" \
1463 - "The addition of use flag qemu is required when use flag hvm ise selected"
1464 - fi
1465 }
1466
1467 src_prepare() {
1468 @@ -155,6 +144,7 @@ src_prepare() {
1469 # if the user *really* wants to use their own custom-cflags, let them
1470 if use custom-cflags; then
1471 einfo "User wants their own CFLAGS - removing defaults"
1472 +
1473 # try and remove all the default custom-cflags
1474 find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
1475 -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
1476 @@ -179,7 +169,7 @@ src_prepare() {
1477 # Don't bother with qemu, only needed for fully virtualised guests
1478 if ! use qemu; then
1479 sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
1480 - sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
1481 + sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
1482 fi
1483
1484 # Fix build for gcc-4.6
1485 @@ -219,7 +209,7 @@ src_install() {
1486 export INITD_DIR=/etc/init.d
1487 export CONFIG_LEAF_DIR=default
1488
1489 - emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools
1490 + emake DESTDIR="${D}" DOCDIR="/usr/share/doc/${PF}" XEN_PYTHON_NATIVE_INSTALL=y install-tools
1491 python_convert_shebangs -r 2 "${ED}"
1492
1493 # Remove RedHat-specific stuff
1494 @@ -231,29 +221,26 @@ src_install() {
1495 -e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
1496 -i tools/examples/xl.conf || die
1497
1498 - dodoc README docs/README.xen-bugtool docs/ChangeLog
1499 if use doc; then
1500 - emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs \
1501 - || die "install docs failed"
1502 + emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
1503
1504 dohtml -r docs/api/
1505 docinto pdf
1506 dodoc ${DOCS[@]}
1507 -#docs/api/tools/python/latex/refman.pdf
1508 [ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
1509 fi
1510 rm -rf "${ED}"/usr/share/doc/xen/
1511 doman docs/man?/*
1512
1513 if use xend; then
1514 - newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
1515 + newinitd "${FILESDIR}"/xend.initd-r2 xend
1516 fi
1517 -
1518 newconfd "${FILESDIR}"/xendomains.confd xendomains
1519 - newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
1520 newconfd "${FILESDIR}"/xenstored.confd xenstored
1521 - newinitd "${FILESDIR}"/xenstored.initd xenstored
1522 - newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
1523 + newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
1524 + newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
1525 + newinitd "${FILESDIR}"/xenstored.initd xenstored \
1526 + "${FILESDIR}"/xenconsoled.initd xenconsoled
1527
1528 if use screen; then
1529 cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
1530 @@ -261,6 +248,7 @@ src_install() {
1531 keepdir /var/log/xen-consoles
1532 fi
1533
1534 + python_convert_shebangs -r 2 "${ED}"
1535 # xend expects these to exist
1536 keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
1537
1538
1539 diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
1540 new file mode 100644
1541 index 0000000..61a4034
1542 --- /dev/null
1543 +++ b/app-emulation/xen/Manifest
1544 @@ -0,0 +1,14 @@
1545 +AUX Manifest 1462 RMD160 c2090ecd3fcacafcc988563676c028d8b9bd8d0c SHA1 1f1e6db2c197e9a197e876c74131fadca34944cd SHA256 fdbed299dcfeafae7b3fb738912d67f10eef61b337a0315d0b15dc6d984e69b8
1546 +AUX xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
1547 +AUX xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
1548 +AUX xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
1549 +AUX xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
1550 +AUX xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
1551 +AUX xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
1552 +AUX xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
1553 +DIST xen-3.4.2.tar.gz 11187726 RMD160 2ef81df1f44356d60e04e21df2173ce5357d8509 SHA1 3cd2cafacd52bbac2e2da1cfd846ee6260b43455 SHA256 d17c33136041cc8da69214ccf527fc48637bee7a9ab4d68a88ec50e6a9d20b0b
1554 +DIST xen-4.1.1.tar.gz 10355625 RMD160 4b3c0641b0f098889f627662aa6b8fea00c5b636 SHA1 f1b5ef4b663c339faf9c77fc895327cfbcc9776c SHA256 246289227507466b5da8b2d0da84a5b0e68a392527b16cde38898d0348890f5b
1555 +EBUILD xen-3.4.2-r4.ebuild 3247 RMD160 73c91e87a06e83faee786268db656531a2dbe71f SHA1 94f6be18689fd09099ad062f829358bfa159d6ef SHA256 385ddd40121b1d415214e9adc619cb39825febcaec21b7cb70c2d2f2e4b60a04
1556 +EBUILD xen-4.1.1-r2.ebuild 3339 RMD160 d70e58cadf5b9c45d67e2c5d05a8061c67d62319 SHA1 06f5c7c6e493f47d476d08663cfdc536ac0ee760 SHA256 6f7089d85d6ab12d22d5acec4efca8a7646a9dfc3c7a6b1b030336cb77867376
1557 +EBUILD xen-9999.ebuild 3170 RMD160 5bbc3bb7dec7d099f639334843c3c6607ff1c5c5 SHA1 799030d125b2acb9976df9e39896937a3c591973 SHA256 b75349eb41edeb16f4571355b963de576cf58e9c7d86a4c4f74d4892d43b094f
1558 +MISC metadata.xml 581 RMD160 d22ffb491d9dad33425b97add683dd6b8b9139e1 SHA1 649f65e9fd2ab25e32394c555a24fc0f6b59c37f SHA256 1cf2cc4bb5b5278ac75e74910607518ddd2bd6454f18325319ce1ac102fab535
1559
1560 diff --git a/app-emulation/xen/files/Manifest b/app-emulation/xen/files/Manifest
1561 new file mode 100644
1562 index 0000000..236346a
1563 --- /dev/null
1564 +++ b/app-emulation/xen/files/Manifest
1565 @@ -0,0 +1,7 @@
1566 +MISC xen-3.3.0-unexported-target-fix.patch 788 RMD160 4b30444c021479cbd3969493639533fc1e43e781 SHA1 9119f06b4a005c385ac27e085e2d96ccf9cd4dc9 SHA256 e46f5fbe4c579b84f895f0ac6e05589553a11305ca30e69405082d58abd9ee07
1567 +MISC xen-3.4.2-CVE-2011-1583.patch 2893 RMD160 c6ae9661202dafc2abdcf3aaf939464d14ded9fd SHA1 b2140fe7d615b542a96dadaaf8ace382e528d2cb SHA256 809c1744aee7569db31e9959c1e2c433ef6f4067134b26f70a689e056a024df9
1568 +MISC xen-3.4.2-dump_registers-watchdog-fix.patch 533 RMD160 766249003d91cbec3b0014a8446e1a4d01cd847a SHA1 6306250671976c638f814a4958211af4bacb53b4 SHA256 17d18f268efd302085bdfa0673e2d9478e84206b6d060d0a63854441233a81c6
1569 +MISC xen-3.4.2-fix-__addr_ok-limit.patch 3380 RMD160 8b8104a370847c1c148255855901b9dd32e6c888 SHA1 e3dd5cfda2410917b0844dff999ccbee2463ccb4 SHA256 dab6954da3cbf7592a36a6234561174d0d117711b87c0868d17f9d21af75a835
1570 +MISC xen-3.4.2-no-DMA.patch 2708 RMD160 9aa83e21e8b07feca1f799f9efb4f9cd5728c6c6 SHA1 e55fa5a04203470af68452762f919b402854fce9 SHA256 87a3fe134b8d3c762d4d229986ccb77898a603a18974f453cfdf6ba9d68fe982
1571 +MISC xen-3.4.2-werror-idiocy.patch 16826 RMD160 14f4678c723fd9241c88786b5b07a8c25252ce6f SHA1 f15d3c4d37b9c11fed49c025de2eaeb6911845a1 SHA256 261ef6541736f1df757476590bb8581cac376c9408e5041e8356336e13025c67
1572 +MISC xen-4.1.1-iommu_sec_fix.patch 2851 RMD160 4367178c10cdc1e752f3e9ffb70f42e6e7179242 SHA1 8487f85dbf81bf245deaccca5ff5b8f46e60d112 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8
1573
1574 diff --git a/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch
1575 new file mode 100644
1576 index 0000000..89f91a4
1577 --- /dev/null
1578 +++ b/app-emulation/xen/files/xen-3.3.0-unexported-target-fix.patch
1579 @@ -0,0 +1,21 @@
1580 +diff -Nru a/tools/ioemu-qemu-xen/xen-setup b/tools/ioemu-qemu-xen/xen-setup
1581 +--- a/tools/ioemu-qemu-xen/xen-setup 2008-08-22 17:56:41.000000000 +0800
1582 ++++ b/tools/ioemu-qemu-xen/xen-setup 2009-02-20 10:55:37.000000000 +0800
1583 +@@ -3,6 +3,8 @@
1584 +
1585 + # git-clean -x -d && ./xen-setup && make prefix=/usr CMDLINE_CFLAGS='-O0 -g' -j4 && make install DESTDIR=`pwd`/dist/ prefix=/usr && rsync -a --stats --delete . thule:shadow/qemu-iwj.git/ && rsync -a --stats dist/. root@thule:/
1586 +
1587 ++target=i386-dm
1588 ++
1589 + rm -f $target/Makefile
1590 + rm -f $target/config.mak
1591 + rm -f config-host.mak
1592 +@@ -11,8 +13,6 @@
1593 +
1594 + ./configure --disable-gfx-check --disable-gcc-check --disable-curses --disable-slirp "$@" --prefix=/usr
1595 +
1596 +-target=i386-dm
1597 +-
1598 + if [ "x$XEN_ROOT" != x ]; then
1599 + echo "XEN_ROOT=$XEN_ROOT" >>config-host.mak
1600 + fi
1601
1602 diff --git a/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch
1603 new file mode 100644
1604 index 0000000..f5cec4d
1605 --- /dev/null
1606 +++ b/app-emulation/xen/files/xen-3.4.2-CVE-2011-1583.patch
1607 @@ -0,0 +1,87 @@
1608 +--- tools/libxc/xc_dom_bzimageloader.c 2009-11-10 23:12:56.000000000 +0800
1609 ++++ tools/libxc/xc_dom_bzimageloader.c 2011-10-09 20:10:08.972815311 +0800
1610 +@@ -308,19 +308,19 @@
1611 +
1612 + extern struct xc_dom_loader elf_loader;
1613 +
1614 +-static unsigned int payload_offset(struct setup_header *hdr)
1615 ++static int check_magic(struct xc_dom_image *dom, const void *magic, size_t len)
1616 + {
1617 +- unsigned int off;
1618 ++ if (len > dom->kernel_size)
1619 ++ return 0;
1620 ++
1621 ++ return (memcmp(dom->kernel_blob, magic, len) == 0);
1622 ++ }
1623 +
1624 +- off = (hdr->setup_sects + 1) * 512;
1625 +- off += hdr->payload_offset;
1626 +- return off;
1627 +-}
1628 +-
1629 +-static int xc_dom_probe_bzimage_kernel(struct xc_dom_image *dom)
1630 ++static int check_bzimage_kernel(struct xc_dom_image *dom, int verbose)
1631 + {
1632 + struct setup_header *hdr;
1633 +- int ret;
1634 ++ uint64_t payload_offset, payload_length;
1635 ++ /* int ret; */
1636 +
1637 + if ( dom->kernel_blob == NULL )
1638 + {
1639 +@@ -352,20 +352,47 @@
1640 + return -EINVAL;
1641 + }
1642 +
1643 +- dom->kernel_blob = dom->kernel_blob + payload_offset(hdr);
1644 +- dom->kernel_size = hdr->payload_length;
1645 ++ /* upcast to 64 bits to avoid overflow */
1646 ++ /* setup_sects is u8 and so cannot overflow */
1647 ++ payload_offset = (hdr->setup_sects + 1) * 512;
1648 ++ payload_offset += hdr->payload_offset;
1649 ++ payload_length = hdr->payload_length;
1650 +
1651 +- if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
1652 +- {
1653 ++/* if ( memcmp(dom->kernel_blob, "\037\213", 2) == 0 )
1654 ++ {
1655 + ret = xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size);
1656 +- if ( ret == -1 )
1657 ++ if ( ret == -1 ) */
1658 ++ if ( payload_offset >= dom->kernel_size )
1659 ++ {
1660 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload offset overflow",
1661 ++ __FUNCTION__);
1662 ++ return -EINVAL;
1663 ++ }
1664 ++ if ( (payload_offset + payload_length) > dom->kernel_size )
1665 ++ {
1666 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: payload length overflow",
1667 ++ __FUNCTION__);
1668 ++ }
1669 ++
1670 ++ dom->kernel_blob = dom->kernel_blob + payload_offset;
1671 ++ dom->kernel_size = payload_length;
1672 ++
1673 ++ if ( check_magic(dom, "\037\213", 2) )
1674 ++ {
1675 ++ if ( xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size) == -1 )
1676 + {
1677 +- xc_dom_panic(XC_INVALID_KERNEL,
1678 +- "%s: unable to gzip decompress kernel\n",
1679 +- __FUNCTION__);
1680 ++ if ( verbose )
1681 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unable to decompress kernel\$n",
1682 ++ __FUNCTION__);
1683 + return -EINVAL;
1684 + }
1685 + }
1686 ++ else
1687 ++ {
1688 ++ xc_dom_panic(XC_INVALID_KERNEL, "%s: unknown compression format\n",
1689 ++ __FUNCTION__);
1690 ++ return -EINVAL;
1691 ++ }
1692 + else if ( memcmp(dom->kernel_blob, "\102\132\150", 3) == 0 )
1693 + {
1694 + ret = xc_try_bzip2_decode(dom, &dom->kernel_blob, &dom->kernel_size);
1695
1696 diff --git a/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch
1697 new file mode 100644
1698 index 0000000..7c8ff5b
1699 --- /dev/null
1700 +++ b/app-emulation/xen/files/xen-3.4.2-dump_registers-watchdog-fix.patch
1701 @@ -0,0 +1,19 @@
1702 +diff -r 784caad93325 xen/common/keyhandler.c
1703 +--- a/xen/common/keyhandler.c Tue Nov 10 15:03:52 2009 +0000
1704 ++++ b/xen/common/keyhandler.c Tue Jan 05 10:47:49 2010 +0000
1705 +@@ -106,6 +106,7 @@
1706 + unsigned int cpu;
1707 +
1708 + /* We want to get everything out that we possibly can. */
1709 ++ watchdog_disable();
1710 + console_start_sync();
1711 +
1712 + printk("'%c' pressed -> dumping registers\n", key);
1713 +@@ -125,6 +126,7 @@
1714 + printk("\n");
1715 +
1716 + console_end_sync();
1717 ++ watchdog_enable();
1718 + }
1719 +
1720 + static void dump_dom0_registers(unsigned char key)
1721
1722 diff --git a/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch
1723 new file mode 100644
1724 index 0000000..8616008
1725 --- /dev/null
1726 +++ b/app-emulation/xen/files/xen-3.4.2-fix-__addr_ok-limit.patch
1727 @@ -0,0 +1,101 @@
1728 +-----BEGIN PGP SIGNED MESSAGE-----
1729 +Hash: SHA1
1730 +
1731 + Xen Security Advisory CVE-2011-2901 / XSA-4
1732 + revision no.2
1733 + Xen <= 3.3 DoS due to incorrect virtual address validation
1734 +
1735 +ISSUE DESCRIPTION
1736 +=================
1737 +
1738 +The x86_64 __addr_ok() macro intends to ensure that the checked
1739 +address is either in the positive half of the 48-bit virtual address
1740 +space, or above the Xen-reserved area. However, the current shift
1741 +count is off-by-one, allowing full access to the "negative half" too,
1742 +via certain hypercalls which ignore virtual-address bits [63:48].
1743 +Vulnerable hypercalls exist only in very old versions of the
1744 +hypervisor.
1745 +
1746 +VULNERABLE SYSTEMS
1747 +==================
1748 +
1749 +All systems running a Xen 3.3 or earlier hypervisor with 64-bit PV
1750 +guests with untrusted administrators are vulnerable.
1751 +
1752 +IMPACT
1753 +======
1754 +
1755 +A malicious guest administrator on a vulnerable system is able to
1756 +crash the host.
1757 +
1758 +There are no known further exploits but these have not been ruled out.
1759 +
1760 +RESOLUTION
1761 +==========
1762 +
1763 +The attached patch resolves the issue.
1764 +
1765 +Alternatively, users may choose to upgrade to a more recent hypervisor
1766 +
1767 +PATCHES
1768 +=======
1769 +
1770 +The following patch resolves this issue.
1771 +
1772 +Filename: fix-__addr_ok-limit.patch
1773 +SHA1: f18bde8d276110451c608a16f577865aa1226b4f
1774 +SHA256: 2da5aac72e1ac4849c34d38374ae456795905fd9512eef94b48fc31383c21636
1775 +
1776 +This patch should apply cleanly, and fix the problem, for all affected
1777 +versions of Xen.
1778 +
1779 +It is harmless when applied to later hypervisors and will be included
1780 +in the Xen unstable branch in due course.
1781 +
1782 +VERSION HISTORY
1783 +===============
1784 +
1785 +Analysis following version 1 of this advisory (sent out to the
1786 +predisclosure list during the embargo period) indicates that the
1787 +actual DoS vulnerability only exists in very old hypervisors, Xen 3.3
1788 +and earlier, contrary to previous reports.
1789 +
1790 +This advisory is no longer embargoed.
1791 +-----BEGIN PGP SIGNATURE-----
1792 +Version: GnuPG v1.4.9 (GNU/Linux)
1793 +
1794 +iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP
1795 +MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD
1796 +7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4
1797 +zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A
1798 +JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT
1799 +2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg=
1800 +=09T8
1801 +-----END PGP SIGNATURE-----
1802 +
1803 +Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok
1804 +
1805 +The x86_64 __addr_ok() macro intends to ensure that the checked
1806 +address is either in the positive half of the 48-bit virtual address
1807 +space, or above the Xen-reserved area. However, the current shift
1808 +count is off-by-one, allowing full access to the "negative half"
1809 +too. Guests may exploit this to gain access to off-limits ranges.
1810 +
1811 +This issue has been assigned CVE-2011-2901.
1812 +
1813 +Signed-off-by: Laszlo Ersek <lersek@××××××.com>
1814 +Signed-off-by: Ian Campbell <ian.campbell@××××××.com>
1815 +
1816 +diff --git a/xen/include/asm-x86/x86_64/uaccess.h
1817 +b/xen/include/asm-x86/x86_64/uaccess.h
1818 +--- a/xen/include/asm-x86/x86_64/uaccess.h
1819 ++++ b/xen/include/asm-x86/x86_64/uaccess.h
1820 +@@ -34,7 +34,7 @@
1821 + * non-canonical address (and thus fault) before ever reaching VIRT_START.
1822 + */
1823 + #define __addr_ok(addr) \
1824 +- (((unsigned long)(addr) < (1UL<<48)) || \
1825 ++ (((unsigned long)(addr) < (1UL<<47)) || \
1826 + ((unsigned long)(addr) >= HYPERVISOR_VIRT_END))
1827 +
1828 + #define access_ok(addr, size) \
1829
1830 diff --git a/app-emulation/xen/files/xen-3.4.2-no-DMA.patch b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch
1831 new file mode 100644
1832 index 0000000..f04d9e2
1833 --- /dev/null
1834 +++ b/app-emulation/xen/files/xen-3.4.2-no-DMA.patch
1835 @@ -0,0 +1,71 @@
1836 +# HG changeset patch
1837 +# User Tim Deegan <Tim.Deegan@××××××.com>
1838 +# Date 1313145221 -3600
1839 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462
1840 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
1841 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
1842 +
1843 +This stops the card from raising back-to-back faults and live-locking
1844 +the CPU that handles them.
1845 +
1846 +Signed-off-by: Tim Deegan <tim@×××.org>
1847 +Acked-by: Wei Wang2 <wei.wang2@×××.com>
1848 +Acked-by: Allen M Kay <allen.m.kay@×××××.com>
1849 +
1850 +--- a/xen/drivers/passthrough/vtd/iommu.c.orig Mon Jul 25 16:48:39 2011 +0100
1851 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
1852 +@@ -733,7 +733,7 @@
1853 + while (1)
1854 + {
1855 + u8 fault_reason;
1856 +- u16 source_id;
1857 ++ u16 source_id, cword;
1858 + u32 data;
1859 + u64 guest_addr;
1860 + int type;
1861 +@@ -766,6 +766,14 @@
1862 + iommu_page_fault_do_one(iommu, type, fault_reason,
1863 + source_id, guest_addr);
1864 +
1865 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
1866 ++ * control it for us. */
1867 ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
1868 ++ PCI_FUNC(source_id), PCI_COMMAND);
1869 ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
1870 ++ PCI_FUNC(source_id), PCI_COMMAND,
1871 ++ cword & ~PCI_COMMAND_MASTER);
1872 ++
1873 + fault_index++;
1874 + if ( fault_index > cap_num_fault_regs(iommu->cap) )
1875 + fault_index = 0;
1876 +
1877 +--- a/xen/drivers/passthrough/amd/iommu_init.c.orig Mon Jul 25 16:48:39 2011 +0100
1878 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
1879 +@@ -415,7 +415,7 @@
1880 +
1881 + static void parse_event_log_entry(u32 entry[])
1882 + {
1883 +- u16 domain_id, device_id;
1884 ++ u16 domain_id, device_id, bdf, cword;
1885 + u32 code;
1886 + u64 *addr;
1887 + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
1888 +@@ -449,6 +449,18 @@
1889 + printk(XENLOG_ERR "AMD-Vi: "
1890 + "%s: domain = %d, device id = 0x%04x, fault address = 0x%"PRIx64"\n",
1891 + event_str[code-1], domain_id, device_id, *addr);
1892 ++
1893 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
1894 ++ * control it for us. */
1895 ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
1896 ++ if ( get_dma_requestor_id(bdf) == device_id )
1897 ++ {
1898 ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
1899 ++ PCI_FUNC(bdf), PCI_COMMAND);
1900 ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
1901 ++ PCI_FUNC(bdf), PCI_COMMAND,
1902 ++ cword & ~PCI_COMMAND_MASTER);
1903 ++ }
1904 + }
1905 + }
1906 +
1907
1908 diff --git a/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch
1909 new file mode 100644
1910 index 0000000..7f5b3cb
1911 --- /dev/null
1912 +++ b/app-emulation/xen/files/xen-3.4.2-werror-idiocy.patch
1913 @@ -0,0 +1,429 @@
1914 +diff -ur xen-3.4.2.orig//Config.mk xen-3.4.2//Config.mk
1915 +--- xen-3.4.2.orig//Config.mk 2009-11-10 23:16:03.000000000 +0800
1916 ++++ xen-3.4.2//Config.mk 2011-09-25 02:34:11.605793042 +0800
1917 +@@ -14,7 +14,7 @@
1918 +
1919 + # Tools to run on system hosting the build
1920 + HOSTCC = gcc
1921 +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
1922 ++HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
1923 + HOSTCFLAGS += -fno-strict-aliasing
1924 +
1925 + DISTDIR ?= $(XEN_ROOT)/dist
1926 +diff -ur xen-3.4.2.orig//extras/mini-os/minios.mk xen-3.4.2//extras/mini-os/minios.mk
1927 +--- xen-3.4.2.orig//extras/mini-os/minios.mk 2009-11-10 23:12:55.000000000 +0800
1928 ++++ xen-3.4.2//extras/mini-os/minios.mk 2011-09-25 02:34:11.855793042 +0800
1929 +@@ -6,7 +6,7 @@
1930 +
1931 + # Define some default flags.
1932 + # NB. '-Wcast-qual' is nasty, so I omitted it.
1933 +-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls
1934 ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls
1935 + DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
1936 + DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline)
1937 + DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline
1938 +diff -ur xen-3.4.2.orig//tools/blktap/drivers/Makefile xen-3.4.2//tools/blktap/drivers/Makefile
1939 +--- xen-3.4.2.orig//tools/blktap/drivers/Makefile 2009-11-10 23:12:55.000000000 +0800
1940 ++++ xen-3.4.2//tools/blktap/drivers/Makefile 2011-09-25 02:34:11.750793042 +0800
1941 +@@ -5,7 +5,7 @@
1942 + QCOW_UTIL = img2qcow qcow2raw qcow-create
1943 + LIBAIO_DIR = ../../libaio/src
1944 +
1945 +-CFLAGS += -Werror
1946 ++CFLAGS +=
1947 + CFLAGS += -Wno-unused
1948 + CFLAGS += -I../lib
1949 + CFLAGS += $(CFLAGS_libxenctrl)
1950 +diff -ur xen-3.4.2.orig//tools/blktap/lib/Makefile xen-3.4.2//tools/blktap/lib/Makefile
1951 +--- xen-3.4.2.orig//tools/blktap/lib/Makefile 2009-11-10 23:12:55.000000000 +0800
1952 ++++ xen-3.4.2//tools/blktap/lib/Makefile 2011-09-25 02:34:11.748793042 +0800
1953 +@@ -13,7 +13,7 @@
1954 + SRCS :=
1955 + SRCS += xenbus.c blkif.c xs_api.c
1956 +
1957 +-CFLAGS += -Werror
1958 ++CFLAGS +=
1959 + CFLAGS += -Wno-unused
1960 + CFLAGS += -fPIC
1961 + # get asprintf():
1962 +diff -ur xen-3.4.2.orig//tools/console/Makefile xen-3.4.2//tools/console/Makefile
1963 +--- xen-3.4.2.orig//tools/console/Makefile 2009-11-10 23:12:55.000000000 +0800
1964 ++++ xen-3.4.2//tools/console/Makefile 2011-09-25 02:34:11.704793042 +0800
1965 +@@ -2,7 +2,7 @@
1966 + XEN_ROOT=../..
1967 + include $(XEN_ROOT)/tools/Rules.mk
1968 +
1969 +-CFLAGS += -Werror
1970 ++CFLAGS +=
1971 +
1972 + CFLAGS += $(CFLAGS_libxenctrl)
1973 + CFLAGS += $(CFLAGS_libxenstore)
1974 +diff -ur xen-3.4.2.orig//tools/debugger/xenitp/Makefile xen-3.4.2//tools/debugger/xenitp/Makefile
1975 +--- xen-3.4.2.orig//tools/debugger/xenitp/Makefile 2009-11-10 23:12:55.000000000 +0800
1976 ++++ xen-3.4.2//tools/debugger/xenitp/Makefile 2011-09-25 02:34:11.744793042 +0800
1977 +@@ -1,7 +1,7 @@
1978 + XEN_ROOT=../../..
1979 + include $(XEN_ROOT)/tools/Rules.mk
1980 +
1981 +-#CFLAGS += -Werror -g -O0
1982 ++#CFLAGS += -g -O0
1983 +
1984 + CFLAGS += $(CFLAGS_libxenctrl)
1985 +
1986 +diff -ur xen-3.4.2.orig//tools/firmware/Rules.mk xen-3.4.2//tools/firmware/Rules.mk
1987 +--- xen-3.4.2.orig//tools/firmware/Rules.mk 2009-11-10 23:12:55.000000000 +0800
1988 ++++ xen-3.4.2//tools/firmware/Rules.mk 2011-09-25 02:34:11.565793045 +0800
1989 +@@ -10,7 +10,7 @@
1990 + CFLAGS += -DNDEBUG
1991 + endif
1992 +
1993 +-CFLAGS += -Werror
1994 ++CFLAGS +=
1995 +
1996 + # Disable PIE/SSP if GCC supports them. They can break us.
1997 + $(call cc-option-add,CFLAGS,CC,-nopie)
1998 +diff -ur xen-3.4.2.orig//tools/flask/libflask/Makefile xen-3.4.2//tools/flask/libflask/Makefile
1999 +--- xen-3.4.2.orig//tools/flask/libflask/Makefile 2009-11-10 23:12:56.000000000 +0800
2000 ++++ xen-3.4.2//tools/flask/libflask/Makefile 2011-09-25 02:34:11.657793042 +0800
2001 +@@ -9,7 +9,7 @@
2002 + SRCS :=
2003 + SRCS += flask_op.c
2004 +
2005 +-CFLAGS += -Werror
2006 ++CFLAGS +=
2007 + CFLAGS += -fno-strict-aliasing
2008 + CFLAGS += $(INCLUDES) -I./include -I$(XEN_LIBXC) -I$(XEN_INCLUDE)
2009 +
2010 +diff -ur xen-3.4.2.orig//tools/flask/loadpolicy/Makefile xen-3.4.2//tools/flask/loadpolicy/Makefile
2011 +--- xen-3.4.2.orig//tools/flask/loadpolicy/Makefile 2009-11-10 23:12:56.000000000 +0800
2012 ++++ xen-3.4.2//tools/flask/loadpolicy/Makefile 2011-09-25 02:34:11.660793042 +0800
2013 +@@ -6,7 +6,7 @@
2014 + LIBFLASK_ROOT = $(XEN_ROOT)/tools/flask/libflask
2015 +
2016 + PROFILE=#-pg
2017 +-BASECFLAGS=-Wall -g -Werror
2018 ++BASECFLAGS=-Wall -g
2019 + BASECFLAGS+= $(PROFILE)
2020 + #BASECFLAGS+= -I$(XEN_ROOT)/tools
2021 + BASECFLAGS+= $(CFLAGS_libxenctrl)
2022 +diff -ur xen-3.4.2.orig//tools/fs-back/Makefile xen-3.4.2//tools/fs-back/Makefile
2023 +--- xen-3.4.2.orig//tools/fs-back/Makefile 2009-11-10 23:12:56.000000000 +0800
2024 ++++ xen-3.4.2//tools/fs-back/Makefile 2011-09-25 02:34:11.637793042 +0800
2025 +@@ -5,7 +5,7 @@
2026 +
2027 + IBIN = fs-backend
2028 +
2029 +-CFLAGS += -Werror
2030 ++CFLAGS +=
2031 + CFLAGS += -Wno-unused
2032 + CFLAGS += -fno-strict-aliasing
2033 + CFLAGS += $(CFLAGS_libxenctrl)
2034 +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/configure xen-3.4.2//tools/ioemu-qemu-xen/configure
2035 +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/configure 2009-11-05 19:44:56.000000000 +0800
2036 ++++ xen-3.4.2//tools/ioemu-qemu-xen/configure 2011-09-25 02:34:11.888793042 +0800
2037 +@@ -468,7 +468,7 @@
2038 + CFLAGS="$CFLAGS -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls"
2039 + LDFLAGS="$LDFLAGS -g"
2040 + if test "$werror" = "yes" ; then
2041 +-CFLAGS="$CFLAGS -Werror"
2042 ++CFLAGS="$CFLAGS"
2043 + fi
2044 +
2045 + if test "$solaris" = "no" ; then
2046 +@@ -1150,7 +1150,7 @@
2047 + echo "sparse enabled $sparse"
2048 + echo "profiler $profiler"
2049 + echo "static build $static"
2050 +-echo "-Werror enabled $werror"
2051 ++
2052 + if test "$darwin" = "yes" ; then
2053 + echo "Cocoa support $cocoa"
2054 + fi
2055 +diff -ur xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target
2056 +--- xen-3.4.2.orig//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:33:23.946793064 +0800
2057 ++++ xen-3.4.2//tools/ioemu-qemu-xen/Makefile.target 2011-09-25 02:34:11.584793042 +0800
2058 +@@ -26,7 +26,7 @@
2059 + TARGET_PATH=$(SRC_PATH)/target-$(TARGET_BASE_ARCH)
2060 + VPATH=$(SRC_PATH):$(TARGET_PATH):$(SRC_PATH)/hw
2061 + CPPFLAGS=-I. -I.. -I$(TARGET_PATH) -I$(SRC_PATH) -MMD -MT $@ -MP -DNEED_CPU_H
2062 +-#CFLAGS+=-Werror
2063 ++#CFLAGS+=
2064 + LIBS=
2065 + # user emulator name
2066 + ifndef TARGET_ARCH2
2067 +diff -ur xen-3.4.2.orig//tools/libaio/harness/Makefile xen-3.4.2//tools/libaio/harness/Makefile
2068 +--- xen-3.4.2.orig//tools/libaio/harness/Makefile 2009-11-10 23:12:56.000000000 +0800
2069 ++++ xen-3.4.2//tools/libaio/harness/Makefile 2011-09-25 02:34:11.674793042 +0800
2070 +@@ -4,7 +4,7 @@
2071 + HARNESS_SRCS:=main.c
2072 + # io_queue.c
2073 +
2074 +-CFLAGS=-Wall -Werror -g -O -laio
2075 ++CFLAGS=-Wall -g -O -laio
2076 + #-lpthread -lrt
2077 +
2078 + all: $(PROGS)
2079 +diff -ur xen-3.4.2.orig//tools/libfsimage/Rules.mk xen-3.4.2//tools/libfsimage/Rules.mk
2080 +--- xen-3.4.2.orig//tools/libfsimage/Rules.mk 2009-11-10 23:12:56.000000000 +0800
2081 ++++ xen-3.4.2//tools/libfsimage/Rules.mk 2011-09-25 02:34:11.566793044 +0800
2082 +@@ -1,6 +1,6 @@
2083 + include $(XEN_ROOT)/tools/Rules.mk
2084 +
2085 +-CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/ -Werror
2086 ++CFLAGS += -I$(XEN_ROOT)/tools/libfsimage/common/
2087 + LDFLAGS += -L../common/
2088 +
2089 + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y))
2090 +diff -ur xen-3.4.2.orig//tools/libxc/Makefile xen-3.4.2//tools/libxc/Makefile
2091 +--- xen-3.4.2.orig//tools/libxc/Makefile 2011-09-25 02:33:23.987793064 +0800
2092 ++++ xen-3.4.2//tools/libxc/Makefile 2011-09-25 02:34:11.687793042 +0800
2093 +@@ -52,7 +52,7 @@
2094 +
2095 + -include $(XEN_TARGET_ARCH)/Makefile
2096 +
2097 +-CFLAGS += -Werror -Wmissing-prototypes
2098 ++CFLAGS += -Wmissing-prototypes
2099 + CFLAGS += $(INCLUDES) -I. -I../xenstore -I../include
2100 +
2101 + # Needed for posix_fadvise64() in xc_linux.c
2102 +diff -ur xen-3.4.2.orig//tools/libxen/Makefile.dist xen-3.4.2//tools/libxen/Makefile.dist
2103 +--- xen-3.4.2.orig//tools/libxen/Makefile.dist 2009-11-10 23:12:56.000000000 +0800
2104 ++++ xen-3.4.2//tools/libxen/Makefile.dist 2011-09-25 02:34:11.593793042 +0800
2105 +@@ -22,7 +22,7 @@
2106 + CFLAGS = -Iinclude \
2107 + $(shell xml2-config --cflags) \
2108 + $(shell curl-config --cflags) \
2109 +- -W -Wall -Wmissing-prototypes -Werror -std=c99 -O2 -fPIC
2110 ++ -W -Wall -Wmissing-prototypes -std=c99 -O2 -fPIC
2111 +
2112 + LDFLAGS = $(shell xml2-config --libs) \
2113 + $(shell curl-config --libs)
2114 +diff -ur xen-3.4.2.orig//tools/misc/lomount/Makefile xen-3.4.2//tools/misc/lomount/Makefile
2115 +--- xen-3.4.2.orig//tools/misc/lomount/Makefile 2009-11-10 23:12:56.000000000 +0800
2116 ++++ xen-3.4.2//tools/misc/lomount/Makefile 2011-09-25 02:34:11.666793042 +0800
2117 +@@ -1,7 +1,7 @@
2118 + XEN_ROOT=../../..
2119 + include $(XEN_ROOT)/tools/Rules.mk
2120 +
2121 +-CFLAGS += -Werror
2122 ++CFLAGS +=
2123 +
2124 + HDRS = $(wildcard *.h)
2125 + OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
2126 +diff -ur xen-3.4.2.orig//tools/misc/Makefile xen-3.4.2//tools/misc/Makefile
2127 +--- xen-3.4.2.orig//tools/misc/Makefile 2009-11-10 23:12:56.000000000 +0800
2128 ++++ xen-3.4.2//tools/misc/Makefile 2011-09-25 02:34:11.669793042 +0800
2129 +@@ -1,7 +1,7 @@
2130 + XEN_ROOT=../..
2131 + include $(XEN_ROOT)/tools/Rules.mk
2132 +
2133 +-CFLAGS += -Werror
2134 ++CFLAGS +=
2135 +
2136 + INCLUDES += -I $(XEN_XC)
2137 + INCLUDES += -I $(XEN_LIBXC)
2138 +diff -ur xen-3.4.2.orig//tools/pygrub/setup.py xen-3.4.2//tools/pygrub/setup.py
2139 +--- xen-3.4.2.orig//tools/pygrub/setup.py 2009-11-10 23:12:56.000000000 +0800
2140 ++++ xen-3.4.2//tools/pygrub/setup.py 2011-09-25 02:34:11.901793042 +0800
2141 +@@ -3,7 +3,7 @@
2142 + import os
2143 + import sys
2144 +
2145 +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
2146 ++extra_compile_args = [ "-fno-strict-aliasing" ]
2147 +
2148 + XEN_ROOT = "../.."
2149 +
2150 +diff -ur xen-3.4.2.orig//tools/python/setup.py xen-3.4.2//tools/python/setup.py
2151 +--- xen-3.4.2.orig//tools/python/setup.py 2009-11-10 23:12:56.000000000 +0800
2152 ++++ xen-3.4.2//tools/python/setup.py 2011-09-25 02:34:11.897793042 +0800
2153 +@@ -4,7 +4,7 @@
2154 +
2155 + XEN_ROOT = "../.."
2156 +
2157 +-extra_compile_args = [ "-fno-strict-aliasing", "-Werror" ]
2158 ++extra_compile_args = [ "-fno-strict-aliasing" ]
2159 +
2160 + include_dirs = [ XEN_ROOT + "/tools/libxc",
2161 + XEN_ROOT + "/tools/xenstore",
2162 +diff -ur xen-3.4.2.orig//tools/security/Makefile xen-3.4.2//tools/security/Makefile
2163 +--- xen-3.4.2.orig//tools/security/Makefile 2009-11-10 23:12:56.000000000 +0800
2164 ++++ xen-3.4.2//tools/security/Makefile 2011-09-25 02:34:11.701793042 +0800
2165 +@@ -1,7 +1,7 @@
2166 + XEN_ROOT = ../..
2167 + include $(XEN_ROOT)/tools/Rules.mk
2168 +
2169 +-CFLAGS += -Werror
2170 ++CFLAGS +=
2171 + CFLAGS += -fno-strict-aliasing
2172 + CFLAGS += -I. $(CFLAGS_libxenctrl)
2173 +
2174 +diff -ur xen-3.4.2.orig//tools/vnet/libxutil/Makefile xen-3.4.2//tools/vnet/libxutil/Makefile
2175 +--- xen-3.4.2.orig//tools/vnet/libxutil/Makefile 2009-11-10 23:12:57.000000000 +0800
2176 ++++ xen-3.4.2//tools/vnet/libxutil/Makefile 2011-09-25 02:34:11.694793042 +0800
2177 +@@ -25,7 +25,7 @@
2178 + PIC_OBJS := $(LIB_SRCS:.c=.opic)
2179 +
2180 + $(call cc-option-add,CFLAGS,CC,-fgnu89-inline)
2181 +-CFLAGS += -Werror -fno-strict-aliasing
2182 ++CFLAGS += -fno-strict-aliasing
2183 + CFLAGS += -O3
2184 + #CFLAGS += -g
2185 +
2186 +diff -ur xen-3.4.2.orig//tools/vtpm/Rules.mk xen-3.4.2//tools/vtpm/Rules.mk
2187 +--- xen-3.4.2.orig//tools/vtpm/Rules.mk 2009-11-10 23:12:57.000000000 +0800
2188 ++++ xen-3.4.2//tools/vtpm/Rules.mk 2011-09-25 02:34:11.563793044 +0800
2189 +@@ -9,7 +9,7 @@
2190 + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
2191 +
2192 + # General compiler flags
2193 +-CFLAGS = -Werror -g3 -I.
2194 ++CFLAGS = -g3 -I.
2195 +
2196 + # Generic project files
2197 + HDRS = $(wildcard *.h)
2198 +diff -ur xen-3.4.2.orig//tools/vtpm_manager/Rules.mk xen-3.4.2//tools/vtpm_manager/Rules.mk
2199 +--- xen-3.4.2.orig//tools/vtpm_manager/Rules.mk 2009-11-10 23:12:57.000000000 +0800
2200 ++++ xen-3.4.2//tools/vtpm_manager/Rules.mk 2011-09-25 02:34:11.562793042 +0800
2201 +@@ -9,7 +9,7 @@
2202 + TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
2203 +
2204 + # General compiler flags
2205 +-CFLAGS = -Werror -g3 -I.
2206 ++CFLAGS = -g3 -I.
2207 +
2208 + # Generic project files
2209 + HDRS = $(wildcard *.h)
2210 +diff -ur xen-3.4.2.orig//tools/xcutils/Makefile xen-3.4.2//tools/xcutils/Makefile
2211 +--- xen-3.4.2.orig//tools/xcutils/Makefile 2009-11-10 23:12:57.000000000 +0800
2212 ++++ xen-3.4.2//tools/xcutils/Makefile 2011-09-25 02:34:11.636793042 +0800
2213 +@@ -11,7 +11,7 @@
2214 + XEN_ROOT = ../..
2215 + include $(XEN_ROOT)/tools/Rules.mk
2216 +
2217 +-CFLAGS += -Werror
2218 ++CFLAGS +=
2219 + CFLAGS += $(CFLAGS_libxenctrl) $(CFLAGS_libxenguest) $(CFLAGS_libxenstore)
2220 +
2221 + PROGRAMS = xc_restore xc_save readnotes lsevtchn
2222 +diff -ur xen-3.4.2.orig//tools/xenmon/Makefile xen-3.4.2//tools/xenmon/Makefile
2223 +--- xen-3.4.2.orig//tools/xenmon/Makefile 2009-11-10 23:12:57.000000000 +0800
2224 ++++ xen-3.4.2//tools/xenmon/Makefile 2011-09-25 02:34:11.641793042 +0800
2225 +@@ -13,7 +13,7 @@
2226 + XEN_ROOT=../..
2227 + include $(XEN_ROOT)/tools/Rules.mk
2228 +
2229 +-CFLAGS += -Werror
2230 ++CFLAGS +=
2231 + CFLAGS += -I $(XEN_XC)
2232 + CFLAGS += $(CFLAGS_libxenctrl)
2233 + LDFLAGS += $(LDFLAGS_libxenctrl)
2234 +diff -ur xen-3.4.2.orig//tools/xenpmd/Makefile xen-3.4.2//tools/xenpmd/Makefile
2235 +--- xen-3.4.2.orig//tools/xenpmd/Makefile 2009-11-10 23:12:57.000000000 +0800
2236 ++++ xen-3.4.2//tools/xenpmd/Makefile 2011-09-25 02:34:11.656793042 +0800
2237 +@@ -1,7 +1,7 @@
2238 + XEN_ROOT=../..
2239 + include $(XEN_ROOT)/tools/Rules.mk
2240 +
2241 +-CFLAGS += -Werror
2242 ++CFLAGS +=
2243 + CFLAGS += $(CFLAGS_libxenstore)
2244 + LDFLAGS += $(LDFLAGS_libxenstore)
2245 +
2246 +diff -ur xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile xen-3.4.2//tools/xenstat/libxenstat/Makefile
2247 +--- xen-3.4.2.orig//tools/xenstat/libxenstat/Makefile 2009-11-10 23:12:57.000000000 +0800
2248 ++++ xen-3.4.2//tools/xenstat/libxenstat/Makefile 2011-09-25 02:34:11.681793042 +0800
2249 +@@ -34,7 +34,7 @@
2250 + OBJECTS-$(CONFIG_NetBSD) += src/xenstat_netbsd.o
2251 + SONAME_FLAGS=-Wl,$(SONAME_LDFLAG) -Wl,libxenstat.so.$(MAJOR)
2252 +
2253 +-WARN_FLAGS=-Wall -Werror
2254 ++WARN_FLAGS=-Wall
2255 +
2256 + CFLAGS+=-Isrc -I$(XEN_LIBXC) -I$(XEN_XENSTORE) -I$(XEN_INCLUDE)
2257 + LDFLAGS+=-Lsrc -L$(XEN_XENSTORE)/ -L$(XEN_LIBXC)/
2258 +diff -ur xen-3.4.2.orig//tools/xenstat/xentop/Makefile xen-3.4.2//tools/xenstat/xentop/Makefile
2259 +--- xen-3.4.2.orig//tools/xenstat/xentop/Makefile 2009-11-10 23:12:57.000000000 +0800
2260 ++++ xen-3.4.2//tools/xenstat/xentop/Makefile 2011-09-25 02:34:11.684793042 +0800
2261 +@@ -18,7 +18,7 @@
2262 + all install xentop:
2263 + else
2264 +
2265 +-CFLAGS += -DGCC_PRINTF -Wall -Werror -I$(XEN_LIBXENSTAT)
2266 ++CFLAGS += -DGCC_PRINTF -Wall -I$(XEN_LIBXENSTAT)
2267 + LDFLAGS += -L$(XEN_LIBXENSTAT)
2268 + LDLIBS += -lxenstat $(CURSES_LIBS) $(SOCKET_LIBS)
2269 + CFLAGS += -DHOST_$(XEN_OS)
2270 +diff -ur xen-3.4.2.orig//tools/xenstore/Makefile xen-3.4.2//tools/xenstore/Makefile
2271 +--- xen-3.4.2.orig//tools/xenstore/Makefile 2009-11-10 23:12:57.000000000 +0800
2272 ++++ xen-3.4.2//tools/xenstore/Makefile 2011-09-25 02:34:11.640793042 +0800
2273 +@@ -4,7 +4,7 @@
2274 + MAJOR = 3.0
2275 + MINOR = 0
2276 +
2277 +-CFLAGS += -Werror
2278 ++CFLAGS +=
2279 + CFLAGS += -I.
2280 + CFLAGS += $(CFLAGS_libxenctrl)
2281 +
2282 +diff -ur xen-3.4.2.orig//tools/xenstore/xenstored_core.c xen-3.4.2//tools/xenstore/xenstored_core.c
2283 +--- xen-3.4.2.orig//tools/xenstore/xenstored_core.c 2009-11-10 23:12:57.000000000 +0800
2284 ++++ xen-3.4.2//tools/xenstore/xenstored_core.c 2011-09-25 02:34:11.845793042 +0800
2285 +@@ -865,7 +865,7 @@
2286 + {
2287 + unsigned int offset, datalen;
2288 + struct node *node;
2289 +- char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */
2290 ++ char *vec[1] = { NULL }; /* gcc4 + -W + fucks code. */
2291 + char *name;
2292 +
2293 + /* Extra "strings" can be created by binary data. */
2294 +diff -ur xen-3.4.2.orig//tools/xentrace/Makefile xen-3.4.2//tools/xentrace/Makefile
2295 +--- xen-3.4.2.orig//tools/xentrace/Makefile 2009-11-10 23:12:57.000000000 +0800
2296 ++++ xen-3.4.2//tools/xentrace/Makefile 2011-09-25 02:34:11.745793042 +0800
2297 +@@ -1,7 +1,7 @@
2298 + XEN_ROOT=../..
2299 + include $(XEN_ROOT)/tools/Rules.mk
2300 +
2301 +-CFLAGS += -Werror
2302 ++CFLAGS +=
2303 +
2304 + CFLAGS += $(CFLAGS_libxenctrl)
2305 + LDFLAGS += $(LDFLAGS_libxenctrl)
2306 +Only in xen-3.4.2/: Werror.sh
2307 +diff -ur xen-3.4.2.orig//xen/arch/ia64/Rules.mk xen-3.4.2//xen/arch/ia64/Rules.mk
2308 +--- xen-3.4.2.orig//xen/arch/ia64/Rules.mk 2009-11-10 23:12:57.000000000 +0800
2309 ++++ xen-3.4.2//xen/arch/ia64/Rules.mk 2011-09-25 02:34:11.570793042 +0800
2310 +@@ -68,7 +68,7 @@
2311 + CFLAGS += -DCONFIG_XEN_IA64_TLBFLUSH_CLOCK
2312 + endif
2313 + ifeq ($(no_warns),y)
2314 +-CFLAGS += -Wa,--fatal-warnings -Werror -Wno-uninitialized
2315 ++CFLAGS += -Wa,--fatal-warnings -Wno-uninitialized
2316 + endif
2317 + ifneq ($(vhpt_disable),y)
2318 + CFLAGS += -DVHPT_ENABLED=1
2319 +diff -ur xen-3.4.2.orig//xen/arch/x86/boot/build32.mk xen-3.4.2//xen/arch/x86/boot/build32.mk
2320 +--- xen-3.4.2.orig//xen/arch/x86/boot/build32.mk 2009-11-10 23:12:57.000000000 +0800
2321 ++++ xen-3.4.2//xen/arch/x86/boot/build32.mk 2011-09-25 02:34:11.914793042 +0800
2322 +@@ -8,7 +8,7 @@
2323 + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector)
2324 + $(call cc-option-add,CFLAGS,CC,-fno-stack-protector-all)
2325 +
2326 +-CFLAGS += -Werror -fno-builtin -msoft-float
2327 ++CFLAGS += -fno-builtin -msoft-float
2328 +
2329 + # NB. awk invocation is a portable alternative to 'head -n -1'
2330 + %.S: %.bin
2331 +diff -ur xen-3.4.2.orig//xen/arch/x86/Rules.mk xen-3.4.2//xen/arch/x86/Rules.mk
2332 +--- xen-3.4.2.orig//xen/arch/x86/Rules.mk 2009-11-10 23:12:57.000000000 +0800
2333 ++++ xen-3.4.2//xen/arch/x86/Rules.mk 2011-09-25 02:34:11.572793042 +0800
2334 +@@ -17,7 +17,7 @@
2335 + endif
2336 +
2337 + CFLAGS += -fno-builtin -fno-common
2338 +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe
2339 ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe
2340 + CFLAGS += -I$(BASEDIR)/include
2341 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic
2342 + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default
2343 \ No newline at end of file
2344
2345 diff --git a/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch
2346 new file mode 100644
2347 index 0000000..737c2bd
2348 --- /dev/null
2349 +++ b/app-emulation/xen/files/xen-4.1.1-iommu_sec_fix.patch
2350 @@ -0,0 +1,74 @@
2351 +
2352 +# HG changeset patch
2353 +# User Tim Deegan <Tim.Deegan@××××××.com>
2354 +# Date 1313145221 -3600
2355 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462
2356 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990
2357 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault.
2358 +
2359 +This stops the card from raising back-to-back faults and live-locking
2360 +the CPU that handles them.
2361 +
2362 +Signed-off-by: Tim Deegan <tim@×××.org>
2363 +Acked-by: Wei Wang2 <wei.wang2@×××.com>
2364 +Acked-by: Allen M Kay <allen.m.kay@×××××.com>
2365 +
2366 +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/amd/iommu_init.c
2367 +--- a/xen/drivers/passthrough/amd/iommu_init.c Mon Jul 25 16:48:39 2011 +0100
2368 ++++ b/xen/drivers/passthrough/amd/iommu_init.c Fri Aug 12 11:33:41 2011 +0100
2369 +@@ -462,7 +462,7 @@
2370 +
2371 + static void parse_event_log_entry(u32 entry[])
2372 + {
2373 +- u16 domain_id, device_id;
2374 ++ u16 domain_id, device_id, bdf, cword;
2375 + u32 code;
2376 + u64 *addr;
2377 + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY",
2378 +@@ -497,6 +497,18 @@
2379 + "%s: domain = %d, device id = 0x%04x, "
2380 + "fault address = 0x%"PRIx64"\n",
2381 + event_str[code-1], domain_id, device_id, *addr);
2382 ++
2383 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
2384 ++ * control it for us. */
2385 ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ )
2386 ++ if ( get_dma_requestor_id(bdf) == device_id )
2387 ++ {
2388 ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf),
2389 ++ PCI_FUNC(bdf), PCI_COMMAND);
2390 ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf),
2391 ++ PCI_FUNC(bdf), PCI_COMMAND,
2392 ++ cword & ~PCI_COMMAND_MASTER);
2393 ++ }
2394 + }
2395 + else
2396 + {
2397 +diff -r cb22fa57ff25 -r 84e3706df07a xen/drivers/passthrough/vtd/iommu.c
2398 +--- a/xen/drivers/passthrough/vtd/iommu.c Mon Jul 25 16:48:39 2011 +0100
2399 ++++ b/xen/drivers/passthrough/vtd/iommu.c Fri Aug 12 11:33:41 2011 +0100
2400 +@@ -893,7 +893,7 @@
2401 + while (1)
2402 + {
2403 + u8 fault_reason;
2404 +- u16 source_id;
2405 ++ u16 source_id, cword;
2406 + u32 data;
2407 + u64 guest_addr;
2408 + int type;
2409 +@@ -926,6 +926,14 @@
2410 + iommu_page_fault_do_one(iommu, type, fault_reason,
2411 + source_id, guest_addr);
2412 +
2413 ++ /* Tell the device to stop DMAing; we can't rely on the guest to
2414 ++ * control it for us. */
2415 ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id),
2416 ++ PCI_FUNC(source_id), PCI_COMMAND);
2417 ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id),
2418 ++ PCI_FUNC(source_id), PCI_COMMAND,
2419 ++ cword & ~PCI_COMMAND_MASTER);
2420 ++
2421 + fault_index++;
2422 + if ( fault_index > cap_num_fault_regs(iommu->cap) )
2423 + fault_index = 0;
2424 +
2425
2426 diff --git a/app-emulation/xen/metadata.xml b/app-emulation/xen/metadata.xml
2427 new file mode 100644
2428 index 0000000..6550459
2429 --- /dev/null
2430 +++ b/app-emulation/xen/metadata.xml
2431 @@ -0,0 +1,15 @@
2432 +<?xml version="1.0" encoding="UTF-8"?>
2433 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
2434 +<pkgmetadata>
2435 + <herd>xen</herd>
2436 + <maintainer>
2437 + <email>johneed@×××××××.com</email>
2438 + <name>Ian Delaney aka idella4 proxy maintainer</name>
2439 + </maintainer>
2440 + <use>
2441 + <flag name='acm'>Enable the ACM/sHype XSM module from IBM</flag>
2442 + <flag name='flask'>Enable the Flask XSM module from NSA</flag>
2443 + <flag name='pae'>Enable support for PAE kernels (usually x86-32 with >4GB memory)</flag>
2444 + <flag name='xsm'>Enable the Xen Security Modules (XSM)</flag>
2445 + </use>
2446 +</pkgmetadata>
2447
2448 diff --git a/app-emulation/xen/xen-3.4.2-r4.ebuild b/app-emulation/xen/xen-3.4.2-r4.ebuild
2449 new file mode 100644
2450 index 0000000..643ade2
2451 --- /dev/null
2452 +++ b/app-emulation/xen/xen-3.4.2-r4.ebuild
2453 @@ -0,0 +1,114 @@
2454 +# Copyright 1999-2011 Gentoo Foundation
2455 +# Distributed under the terms of the GNU General Public License v2
2456 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-3.4.2-r4.ebuild,v 1.3 2011/10/15 19:38:16 hwoarang Exp $
2457 +
2458 +EAPI=2
2459 +
2460 +inherit mount-boot flag-o-matic toolchain-funcs base
2461 +
2462 +DESCRIPTION="The Xen virtual machine monitor"
2463 +HOMEPAGE="http://xen.org/"
2464 +SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
2465 +
2466 +LICENSE="GPL-2"
2467 +SLOT="0"
2468 +KEYWORDS="amd64 x86"
2469 +IUSE="debug custom-cflags pae acm flask xsm"
2470 +
2471 +RDEPEND="|| ( sys-boot/grub
2472 + sys-boot/grub-static )
2473 + >=sys-kernel/xen-sources-2.6.18"
2474 +PDEPEND="~app-emulation/xen-tools-${PV}"
2475 +PATCHES=(
2476 + "${FILESDIR}/"${PN}-3.3.0-unexported-target-fix.patch
2477 + "${FILESDIR}/"${P}-dump_registers-watchdog-fix.patch
2478 + "${FILESDIR}/"${P}-no-DMA.patch
2479 + "${FILESDIR}/"${P}-werror-idiocy.patch
2480 + "${FILESDIR}/"${P}-fix-__addr_ok-limit.patch
2481 + "${FILESDIR}/"${P}-CVE-2011-1583.patch
2482 +)
2483 +
2484 +RESTRICT="test"
2485 +
2486 +# Approved by QA team in bug #144032
2487 +QA_WX_LOAD="boot/xen-syms-${PV}"
2488 +
2489 +pkg_setup() {
2490 + if [ -x "${S}/.config/" ]; then
2491 + die "You will need to remove ${S}/.config by hand"
2492 + fi
2493 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
2494 + if use x86 && use amd64; then
2495 + die "Confusion! Both x86 and amd64 are set in your use flags!"
2496 + elif use x86; then
2497 + export XEN_TARGET_ARCH="x86_32"
2498 + elif use amd64; then
2499 + export XEN_TARGET_ARCH="x86_64"
2500 + else
2501 + die "Unsupported architecture!"
2502 + fi
2503 + fi
2504 +
2505 + if use xsm ; then
2506 + export "XSM_ENABLE=y"
2507 + use acm && export "ACM_SECURITY=y"
2508 + if use flask ; then
2509 + ! use acm && export "FLASK_ENABLE=y"
2510 + use acm && ewarn "Both acm and flask XSM specified, defaulting to acm."
2511 + fi
2512 + elif use acm || use flask ; then
2513 + ewarn "acm and flask require USE=xsm to be set, dropping use flags"
2514 + fi
2515 +}
2516 +
2517 +src_prepare() {
2518 + base_src_prepare
2519 +
2520 + # if the user *really* wants to use their own custom-cflags, let them
2521 + if use custom-cflags; then
2522 + einfo "User wants their own CFLAGS - removing defaults"
2523 + # try and remove all the default custom-cflags
2524 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
2525 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
2526 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
2527 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
2528 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
2529 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
2530 + -i {} \;
2531 + fi
2532 +}
2533 +
2534 +src_compile() {
2535 + local myopt
2536 + use debug && myopt="${myopt} debug=y"
2537 + use pae && myopt="${myopt} pae=y"
2538 +
2539 + if use custom-cflags; then
2540 + filter-flags -fPIE -fstack-protector
2541 + replace-flags -O3 -O2
2542 + else
2543 + unset CFLAGS
2544 + fi
2545 +
2546 + # Send raw LDFLAGS so that --as-needed works
2547 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" -C xen ${myopt} || die "compile failed"
2548 +}
2549 +
2550 +src_install() {
2551 + local myopt
2552 + use debug && myopt="${myopt} debug=y"
2553 + use pae && myopt="${myopt} pae=y"
2554 +
2555 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install || die "install failed"
2556 +}
2557 +
2558 +pkg_postinst() {
2559 + elog "Official Xen Guide and the unoffical wiki page:"
2560 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
2561 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
2562 +
2563 + if use pae; then
2564 + echo
2565 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
2566 + fi
2567 +}
2568
2569 diff --git a/app-emulation/xen/xen-4.1.1-r2.ebuild b/app-emulation/xen/xen-4.1.1-r2.ebuild
2570 new file mode 100644
2571 index 0000000..4b3a74b
2572 --- /dev/null
2573 +++ b/app-emulation/xen/xen-4.1.1-r2.ebuild
2574 @@ -0,0 +1,121 @@
2575 +# Copyright 1999-2011 Gentoo Foundation
2576 +# Distributed under the terms of the GNU General Public License v2
2577 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.1.1-r2.ebuild,v 1.7 2011/11/08 23:46:38 mr_bones_ Exp $
2578 +
2579 +EAPI="4"
2580 +
2581 +if [[ $PV == *9999 ]]; then
2582 + KEYWORDS=""
2583 + REPO="xen-unstable.hg"
2584 + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
2585 + S="${WORKDIR}/${REPO}"
2586 + live_eclass="mercurial"
2587 +else
2588 + KEYWORDS="amd64 x86"
2589 + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
2590 +fi
2591 +
2592 +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
2593 +
2594 +DESCRIPTION="The Xen virtual machine monitor"
2595 +HOMEPAGE="http://xen.org/"
2596 +
2597 +LICENSE="GPL-2"
2598 +SLOT="0"
2599 +IUSE="custom-cflags debug flask pae xsm"
2600 +
2601 +RDEPEND="|| ( sys-boot/grub
2602 + sys-boot/grub-static )"
2603 +PDEPEND="~app-emulation/xen-tools-${PV}"
2604 +
2605 +RESTRICT="test"
2606 +
2607 +# Approved by QA team in bug #144032
2608 +QA_WX_LOAD="boot/xen-syms-${PV}"
2609 +
2610 +REQUIRED_USE="
2611 + flask? ( xsm )
2612 + "
2613 +
2614 +pkg_setup() {
2615 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
2616 + if use x86 && use amd64; then
2617 + die "Confusion! Both x86 and amd64 are set in your use flags!"
2618 + elif use x86; then
2619 + export XEN_TARGET_ARCH="x86_32"
2620 + elif use amd64; then
2621 + export XEN_TARGET_ARCH="x86_64"
2622 + else
2623 + die "Unsupported architecture!"
2624 + fi
2625 + fi
2626 +
2627 + if use flask ; then
2628 + export "XSM_ENABLE=y"
2629 + export "FLASK_ENABLE=y"
2630 + elif use xsm ; then
2631 + export "XSM_ENABLE=y"
2632 + fi
2633 +}
2634 +
2635 +src_prepare() {
2636 + # Drop .config
2637 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
2638 + # if the user *really* wants to use their own custom-cflags, let them
2639 + if use custom-cflags; then
2640 + einfo "User wants their own CFLAGS - removing defaults"
2641 + # try and remove all the default custom-cflags
2642 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
2643 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
2644 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
2645 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
2646 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
2647 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
2648 + -i {} \; || die "failed to set custom-cflags"
2649 + fi
2650 +
2651 + # remove -Werror for gcc-4.6's sake
2652 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
2653 + xargs sed -i 's/ *-Werror */ /' || die "failed to remove -Werror"
2654 + # not strictly necessary to fix this
2655 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to remove -Werror on setup.py"
2656 +
2657 + # Add sccurity fix bug #379241
2658 + epatch "${FILESDIR}/${P}-iommu_sec_fix.patch"
2659 +}
2660 +
2661 +src_configure() {
2662 + use debug && myopt="${myopt} debug=y"
2663 + use pae && myopt="${myopt} pae=y"
2664 +
2665 + if use custom-cflags; then
2666 + filter-flags -fPIE -fstack-protector
2667 + replace-flags -O3 -O2
2668 + else
2669 + unset CFLAGS
2670 + fi
2671 +}
2672 +
2673 +src_compile() {
2674 + # Send raw LDFLAGS so that --as-needed works
2675 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
2676 +}
2677 +
2678 +src_install() {
2679 + local myopt
2680 + use debug && myopt="${myopt} debug=y"
2681 + use pae && myopt="${myopt} pae=y"
2682 +
2683 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
2684 +}
2685 +
2686 +pkg_postinst() {
2687 + elog "Official Xen Guide and the unoffical wiki page:"
2688 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
2689 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
2690 +
2691 + if use pae; then
2692 + echo
2693 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
2694 + fi
2695 +}
2696
2697 diff --git a/app-emulation/xen/xen-9999.ebuild b/app-emulation/xen/xen-9999.ebuild
2698 new file mode 100644
2699 index 0000000..c3e1126
2700 --- /dev/null
2701 +++ b/app-emulation/xen/xen-9999.ebuild
2702 @@ -0,0 +1,117 @@
2703 +# Copyright 1999-2011 Gentoo Foundation
2704 +# Distributed under the terms of the GNU General Public License v2
2705 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-9999.ebuild,v 1.4 2011/09/11 14:48:15 alexxy Exp $
2706 +
2707 +EAPI="4"
2708 +
2709 +if [[ $PV == *9999 ]]; then
2710 + KEYWORDS=""
2711 + REPO="xen-unstable.hg"
2712 + EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
2713 + S="${WORKDIR}/${REPO}"
2714 + live_eclass="mercurial"
2715 +else
2716 + KEYWORDS="~amd64 ~x86"
2717 + SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
2718 +fi
2719 +
2720 +inherit mount-boot flag-o-matic toolchain-funcs ${live_eclass}
2721 +
2722 +DESCRIPTION="The Xen virtual machine monitor"
2723 +HOMEPAGE="http://xen.org/"
2724 +
2725 +LICENSE="GPL-2"
2726 +SLOT="0"
2727 +IUSE="custom-cflags debug flask pae xsm"
2728 +
2729 +RDEPEND="|| ( sys-boot/grub
2730 + sys-boot/grub-static )"
2731 +PDEPEND="~app-emulation/xen-tools-${PV}"
2732 +
2733 +RESTRICT="test"
2734 +
2735 +# Approved by QA team in bug #144032
2736 +QA_WX_LOAD="boot/xen-syms-${PV}"
2737 +
2738 +REQUIRED_USE="flask? ( xsm )"
2739 +
2740 +pkg_setup() {
2741 + if [[ -z ${XEN_TARGET_ARCH} ]]; then
2742 + if use x86 && use amd64; then
2743 + die "Confusion! Both x86 and amd64 are set in your use flags!"
2744 + elif use x86; then
2745 + export XEN_TARGET_ARCH="x86_32"
2746 + elif use amd64; then
2747 + export XEN_TARGET_ARCH="x86_64"
2748 + else
2749 + die "Unsupported architecture!"
2750 + fi
2751 + fi
2752 +
2753 + if use flask ; then
2754 + export "XSM_ENABLE=y"
2755 + export "FLASK_ENABLE=y"
2756 + elif use xsm ; then
2757 + export "XSM_ENABLE=y"
2758 + fi
2759 +}
2760 +
2761 +src_prepare() {
2762 + # Drop .config
2763 + sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
2764 +
2765 + # if the user *really* wants to use their own custom-cflags, let them
2766 + if use custom-cflags; then
2767 + einfo "User wants their own CFLAGS - removing defaults"
2768 + # try and remove all the default custom-cflags
2769 + find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
2770 + -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
2771 + -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
2772 + -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
2773 + -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
2774 + -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
2775 + -i {} \;
2776 + fi
2777 +
2778 + # remove -Werror for gcc-4.6's sake
2779 + find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
2780 + xargs sed -i 's/ *-Werror */ /'
2781 + # not strictly necessary to fix this
2782 + sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
2783 +}
2784 +
2785 +src_configure() {
2786 + use debug && myopt="${myopt} debug=y"
2787 + use pae && myopt="${myopt} pae=y"
2788 +
2789 + if use custom-cflags; then
2790 + filter-flags -fPIE -fstack-protector
2791 + replace-flags -O3 -O2
2792 + else
2793 + unset CFLAGS
2794 + fi
2795 +}
2796 +
2797 +src_compile() {
2798 + # Send raw LDFLAGS so that --as-needed works
2799 + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
2800 +}
2801 +
2802 +src_install() {
2803 + local myopt
2804 + use debug && myopt="${myopt} debug=y"
2805 + use pae && myopt="${myopt} pae=y"
2806 +
2807 + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
2808 +}
2809 +
2810 +pkg_postinst() {
2811 + elog "Official Xen Guide and the unoffical wiki page:"
2812 + elog " http://www.gentoo.org/doc/en/xen-guide.xml"
2813 + elog " http://en.gentoo-wiki.com/wiki/Xen/"
2814 +
2815 + if use pae; then
2816 + echo
2817 + ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
2818 + fi
2819 +}
Report Message
Find on MARC Find on Google Groups