1 |
commit: ac7c68ff853c87b3fc3395dacb34b095c73cdbc3 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jul 9 14:54:41 2016 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jul 9 15:10:13 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac7c68ff |
7 |
|
8 |
app-emulation/libvirt: drop vulnerable 1.2.21-r2, bug #587570 |
9 |
|
10 |
CVE-2016-5008 |
11 |
|
12 |
Package-Manager: portage-2.2.28 |
13 |
|
14 |
app-emulation/libvirt/Manifest | 1 - |
15 |
app-emulation/libvirt/libvirt-1.2.21-r2.ebuild | 386 ------------------------- |
16 |
2 files changed, 387 deletions(-) |
17 |
|
18 |
diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest |
19 |
index 5d86fb8..af8e9bb 100644 |
20 |
--- a/app-emulation/libvirt/Manifest |
21 |
+++ b/app-emulation/libvirt/Manifest |
22 |
@@ -1,4 +1,3 @@ |
23 |
-DIST libvirt-1.2.21-20151222.tar.xz 1684 SHA256 6c97f288470ec58bcbe98507563c6a191892c6f8813a7b9688c09b823934cbe5 SHA512 4fd43f0e12434b78ac3e671ad8eb0e402d384cff6278f6d0db322a068c2c8807c7c7f7e5774aa9d19e2a85e49f6d9888908b32fca5fc04980134edaccba0afe2 WHIRLPOOL 2bfbc3cbf1ca44a2bb06ddf2e8eabeb116165560b9c73d649d7b8cc9baba851f5e9246414bfc2c4740f27d0d0d42b6176eaec43b05e8c1e54de2804150c2cde1 |
24 |
DIST libvirt-1.2.21-20160709.tar.xz 3048 SHA256 c2bef1c300099c3ff6ce81488a2678e588d18ca46a27916df160c8304239ca80 SHA512 fdf0cd5e1cc3e0144fa99577c1a8c2d5e69ab610c923071b645465fb58076b2ce7a8e4e7747f3a6c59716917c6d41f369d77565c0f9fe10907a76d9b39edede6 WHIRLPOOL 2816d54588e4a49efd6773982b2b8a281572607c86c5a57c45b1736ce22836ea4cb91cee8d59b8fddcaafd2e552d0422ef5ed4b33d19a1705d4a38f270b9d39d |
25 |
DIST libvirt-1.2.21.tar.gz 29848954 SHA256 8d406582f5fe88d739d1d83e0ba7ac7f91f5a8da4be82162ab85631744d8925b SHA512 5c15d0ba5d75c13f735c6a60dfdbad007426f77e113f95894d520f7fc358fa4361d5cce7bb9a548a436f323b845f13b8940abbad568b8b146418430068bb970e WHIRLPOOL d53bbb07c85b3aa2d9b0f38ff2edd3cd0a2a5300627f3e2f0a82bc057303617cab9d6f1d8a9a771bd968b0496d38d3a39a0154f88bdca44dda359a65fdc2c650 |
26 |
DIST libvirt-1.3.5.tar.gz 35109092 SHA256 93a23c44eb431da46c9458f95a66e29c9b98e37515d44b6be09e75b35ec94ac8 SHA512 6c6a09623d3d4d426311bfa7039f5e39584d5f891b8e761bbdb3022601ea066b8e1c3f8d609326e8ba4081ae40b7b03086fbc8ba5759d218b8616ec98200a89d WHIRLPOOL 88ac308cc461efff842c27e40263a3b25ce0bc0ca310fb6e9def9126ab893fe43aed01bda9fc3615439ee797c36e2800f741b346e0b3d96aac64e7909c269879 |
27 |
|
28 |
diff --git a/app-emulation/libvirt/libvirt-1.2.21-r2.ebuild b/app-emulation/libvirt/libvirt-1.2.21-r2.ebuild |
29 |
deleted file mode 100644 |
30 |
index fd5a3d8..0000000 |
31 |
--- a/app-emulation/libvirt/libvirt-1.2.21-r2.ebuild |
32 |
+++ /dev/null |
33 |
@@ -1,386 +0,0 @@ |
34 |
-# Copyright 1999-2015 Gentoo Foundation |
35 |
-# Distributed under the terms of the GNU General Public License v2 |
36 |
-# $Id$ |
37 |
- |
38 |
-EAPI=5 |
39 |
- |
40 |
-inherit eutils user autotools-utils linux-info systemd readme.gentoo |
41 |
- |
42 |
-BACKPORTS="20151222" # CVE-2015-5313 |
43 |
- |
44 |
-if [[ ${PV} = *9999* ]]; then |
45 |
- inherit git-r3 |
46 |
- EGIT_REPO_URI="git://libvirt.org/libvirt.git" |
47 |
- SRC_URI="" |
48 |
- KEYWORDS="" |
49 |
- SLOT="0" |
50 |
-else |
51 |
- # Versions with 4 numbers are stable updates: |
52 |
- if [[ ${PV} =~ ^[0-9]+(\.[0-9]+){3} ]]; then |
53 |
- SRC_URI="http://libvirt.org/sources/stable_updates/${P}.tar.gz" |
54 |
- else |
55 |
- SRC_URI="http://libvirt.org/sources/${P}.tar.gz" |
56 |
- fi |
57 |
- SRC_URI+=" ${BACKPORTS:+ |
58 |
- https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz |
59 |
- https://dev.gentoo.org/~tamiko/distfiles/${P}-${BACKPORTS}.tar.xz}" |
60 |
- KEYWORDS="amd64 x86" |
61 |
- SLOT="0/${PV}" |
62 |
-fi |
63 |
- |
64 |
-DESCRIPTION="C toolkit to manipulate virtual machines" |
65 |
-HOMEPAGE="http://www.libvirt.org/" |
66 |
-LICENSE="LGPL-2.1" |
67 |
-IUSE="apparmor audit avahi +caps firewalld fuse glusterfs iscsi +libvirtd lvm \ |
68 |
- lxc +macvtap nfs nls numa openvz parted pcap phyp policykit +qemu rbd sasl \ |
69 |
- selinux systemd +udev uml +vepa virtualbox virt-network wireshark-plugins \ |
70 |
- xen" |
71 |
- |
72 |
-REQUIRED_USE=" |
73 |
- firewalld? ( virt-network ) |
74 |
- libvirtd? ( || ( lxc openvz qemu uml virtualbox xen ) ) |
75 |
- lxc? ( caps libvirtd ) |
76 |
- openvz? ( libvirtd ) |
77 |
- qemu? ( libvirtd ) |
78 |
- uml? ( libvirtd ) |
79 |
- vepa? ( macvtap ) |
80 |
- virt-network? ( libvirtd ) |
81 |
- virtualbox? ( libvirtd ) |
82 |
- xen? ( libvirtd )" |
83 |
- |
84 |
-# gettext.sh command is used by the libvirt command wrappers, and it's |
85 |
-# non-optional, so put it into RDEPEND. |
86 |
-# We can use both libnl:1.1 and libnl:3, but if you have both installed, the |
87 |
-# package will use 3 by default. Since we don't have slot pinning in an API, |
88 |
-# we must go with the most recent |
89 |
-RDEPEND=" |
90 |
- app-misc/scrub |
91 |
- dev-libs/libgcrypt:0 |
92 |
- dev-libs/libnl:3 |
93 |
- >=dev-libs/libxml2-2.7.6 |
94 |
- >=net-analyzer/netcat6-1.0-r2 |
95 |
- >=net-libs/gnutls-1.0.25:0= |
96 |
- net-libs/libssh2 |
97 |
- >=net-misc/curl-7.18.0 |
98 |
- sys-apps/dmidecode |
99 |
- >=sys-apps/util-linux-2.17 |
100 |
- sys-devel/gettext |
101 |
- sys-libs/ncurses:0= |
102 |
- sys-libs/readline:= |
103 |
- apparmor? ( sys-libs/libapparmor ) |
104 |
- audit? ( sys-process/audit ) |
105 |
- avahi? ( >=net-dns/avahi-0.6[dbus] ) |
106 |
- caps? ( sys-libs/libcap-ng ) |
107 |
- firewalld? ( net-firewall/firewalld ) |
108 |
- fuse? ( >=sys-fs/fuse-2.8.6 ) |
109 |
- glusterfs? ( >=sys-cluster/glusterfs-3.4.1 ) |
110 |
- iscsi? ( sys-block/open-iscsi ) |
111 |
- lvm? ( >=sys-fs/lvm2-2.02.48-r2 ) |
112 |
- lxc? ( !systemd? ( sys-power/pm-utils ) ) |
113 |
- nfs? ( net-fs/nfs-utils ) |
114 |
- numa? ( |
115 |
- >sys-process/numactl-2.0.2 |
116 |
- sys-process/numad |
117 |
- ) |
118 |
- openvz? ( sys-kernel/openvz-sources:* ) |
119 |
- parted? ( |
120 |
- >=sys-block/parted-1.8[device-mapper] |
121 |
- sys-fs/lvm2 |
122 |
- ) |
123 |
- pcap? ( >=net-libs/libpcap-1.0.0 ) |
124 |
- policykit? ( >=sys-auth/polkit-0.9 ) |
125 |
- qemu? ( |
126 |
- >=app-emulation/qemu-0.13.0 |
127 |
- dev-libs/yajl |
128 |
- !systemd? ( sys-power/pm-utils ) |
129 |
- ) |
130 |
- rbd? ( sys-cluster/ceph ) |
131 |
- sasl? ( dev-libs/cyrus-sasl ) |
132 |
- selinux? ( >=sys-libs/libselinux-2.0.85 ) |
133 |
- systemd? ( sys-apps/systemd ) |
134 |
- virt-network? ( |
135 |
- net-dns/dnsmasq[script] |
136 |
- net-firewall/ebtables |
137 |
- >=net-firewall/iptables-1.4.10[ipv6] |
138 |
- net-misc/radvd |
139 |
- sys-apps/iproute2[-minimal] |
140 |
- ) |
141 |
- virtualbox? ( || ( app-emulation/virtualbox >=app-emulation/virtualbox-bin-2.2.0 ) ) |
142 |
- wireshark-plugins? ( net-analyzer/wireshark:= ) |
143 |
- xen? ( |
144 |
- app-emulation/xen |
145 |
- app-emulation/xen-tools:= |
146 |
- ) |
147 |
- udev? ( |
148 |
- virtual/udev |
149 |
- >=x11-libs/libpciaccess-0.10.9 |
150 |
- )" |
151 |
- |
152 |
-DEPEND="${RDEPEND} |
153 |
- app-text/xhtml1 |
154 |
- dev-lang/perl |
155 |
- dev-libs/libxslt |
156 |
- dev-perl/XML-XPath |
157 |
- virtual/pkgconfig" |
158 |
- |
159 |
-pkg_setup() { |
160 |
- enewgroup qemu 77 |
161 |
- enewuser qemu 77 -1 -1 qemu kvm |
162 |
- |
163 |
- # Some people used the masked ebuild which was not adding the qemu |
164 |
- # user to the kvm group originally. This results in VMs failing to |
165 |
- # start for some users. bug #430808 |
166 |
- egetent group kvm | grep -q qemu |
167 |
- if [[ $? -ne 0 ]]; then |
168 |
- gpasswd -a qemu kvm |
169 |
- fi |
170 |
- |
171 |
- # Check kernel configuration: |
172 |
- CONFIG_CHECK="" |
173 |
- use fuse && CONFIG_CHECK+=" |
174 |
- ~FUSE_FS" |
175 |
- |
176 |
- use lvm && CONFIG_CHECK+=" |
177 |
- ~BLK_DEV_DM |
178 |
- ~DM_MULTIPATH |
179 |
- ~DM_SNAPSHOT" |
180 |
- |
181 |
- use lxc && CONFIG_CHECK+=" |
182 |
- ~BLK_CGROUP |
183 |
- ~CGROUP_CPUACCT |
184 |
- ~CGROUP_DEVICE |
185 |
- ~CGROUP_FREEZER |
186 |
- ~CGROUP_NET_PRIO |
187 |
- ~CGROUP_PERF |
188 |
- ~CGROUPS |
189 |
- ~CGROUP_SCHED |
190 |
- ~CPUSETS |
191 |
- ~DEVPTS_MULTIPLE_INSTANCES |
192 |
- ~IPC_NS |
193 |
- ~MACVLAN |
194 |
- ~NAMESPACES |
195 |
- ~NET_CLS_CGROUP |
196 |
- ~NET_NS |
197 |
- ~PID_NS |
198 |
- ~POSIX_MQUEUE |
199 |
- ~SECURITYFS |
200 |
- ~USER_NS |
201 |
- ~UTS_NS |
202 |
- ~VETH |
203 |
- ~!GRKERNSEC_CHROOT_MOUNT |
204 |
- ~!GRKERNSEC_CHROOT_DOUBLE |
205 |
- ~!GRKERNSEC_CHROOT_PIVOT |
206 |
- ~!GRKERNSEC_CHROOT_CHMOD |
207 |
- ~!GRKERNSEC_CHROOT_CAPS" |
208 |
- # Handle specific kernel versions for different features |
209 |
- kernel_is lt 3 6 && CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR" |
210 |
- kernel_is lt 3 6 && CONFIG_CHECK+=" ~CGROUP_MEM_RES_CTLR" |
211 |
- if $(kernel_is ge 3 6); then |
212 |
- CONFIG_CHECK+=" ~MEMCG ~MEMCG_SWAP " |
213 |
- if $(kernel_is lt 4 5); then |
214 |
- CONFIG_CHECK+=" ~MEMCG_KMEM " |
215 |
- fi |
216 |
- fi |
217 |
- |
218 |
- use macvtap && CONFIG_CHECK+=" |
219 |
- ~MACVTAP" |
220 |
- |
221 |
- use virt-network && CONFIG_CHECK+=" |
222 |
- ~BRIDGE_EBT_MARK_T |
223 |
- ~BRIDGE_NF_EBTABLES |
224 |
- ~NETFILTER_ADVANCED |
225 |
- ~NETFILTER_XT_CONNMARK |
226 |
- ~NETFILTER_XT_MARK |
227 |
- ~NETFILTER_XT_TARGET_CHECKSUM" |
228 |
- # Bandwidth Limiting Support |
229 |
- use virt-network && CONFIG_CHECK+=" |
230 |
- ~BRIDGE_EBT_T_NAT |
231 |
- ~NET_ACT_POLICE |
232 |
- ~NET_CLS_FW |
233 |
- ~NET_CLS_U32 |
234 |
- ~NET_SCH_HTB |
235 |
- ~NET_SCH_INGRESS |
236 |
- ~NET_SCH_SFQ" |
237 |
- |
238 |
- ERROR_USER_NS="Optional depending on LXC configuration." |
239 |
- |
240 |
- if [[ -n ${CONFIG_CHECK} ]]; then |
241 |
- linux-info_pkg_setup |
242 |
- fi |
243 |
-} |
244 |
- |
245 |
-src_prepare() { |
246 |
- touch "${S}/.mailmap" |
247 |
- |
248 |
- if [[ ${PV} = *9999* ]]; then |
249 |
- # git checkouts require bootstrapping to create the configure script. |
250 |
- # Additionally the submodules must be cloned to the right locations |
251 |
- # bug #377279 |
252 |
- ./bootstrap || die "bootstrap failed" |
253 |
- ( |
254 |
- git submodule status | sed 's/^[ +-]//;s/ .*//' |
255 |
- git hash-object bootstrap.conf |
256 |
- ) >.git-module-status |
257 |
- fi |
258 |
- |
259 |
- epatch \ |
260 |
- "${FILESDIR}"/${PN}-1.2.9-do_not_use_sysconf.patch \ |
261 |
- "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ |
262 |
- "${FILESDIR}"/${PN}-1.2.17-fix_paths_for_apparmor.patch \ |
263 |
- "${FILESDIR}"/${P}-avoid_deprecated_pc_file.patch |
264 |
- |
265 |
- [[ -n ${BACKPORTS} ]] && |
266 |
- EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ |
267 |
- EPATCH_SOURCE="${WORKDIR}/patches" epatch |
268 |
- |
269 |
- epatch_user |
270 |
- |
271 |
- # Tweak the init script: |
272 |
- cp "${FILESDIR}/libvirtd.init-r15" "${S}/libvirtd.init" || die |
273 |
- sed -e "s/USE_FLAG_FIREWALLD/$(usex firewalld 'need firewalld' '')/" \ |
274 |
- -e "s/USE_FLAG_AVAHI/$(usex avahi avahi-daemon '')/" \ |
275 |
- -e "s/USE_FLAG_ISCSI/$(usex iscsi iscsid '')/" \ |
276 |
- -e "s/USE_FLAG_RBD/$(usex rbd ceph '')/" \ |
277 |
- -i "${S}/libvirtd.init" || die "sed failed" |
278 |
- |
279 |
- AUTOTOOLS_AUTORECONF=true |
280 |
- autotools-utils_src_prepare |
281 |
-} |
282 |
- |
283 |
-src_configure() { |
284 |
- local myeconfargs=( |
285 |
- $(use_with apparmor) |
286 |
- $(use_with apparmor apparmor-profiles) |
287 |
- $(use_with audit) |
288 |
- $(use_with avahi) |
289 |
- $(use_with caps capng) |
290 |
- $(use_with firewalld) |
291 |
- $(use_with fuse) |
292 |
- $(use_with glusterfs) |
293 |
- $(use_with glusterfs storage-gluster) |
294 |
- $(use_with iscsi storage-iscsi) |
295 |
- $(use_with libvirtd) |
296 |
- $(use_with lvm storage-lvm) |
297 |
- $(use_with lvm storage-mpath) |
298 |
- $(use_with lxc) |
299 |
- $(use_with macvtap) |
300 |
- $(use_enable nls) |
301 |
- $(use_with numa numactl) |
302 |
- $(use_with numa numad) |
303 |
- $(use_with openvz) |
304 |
- $(use_with parted storage-disk) |
305 |
- $(use_with pcap libpcap) |
306 |
- $(use_with phyp) |
307 |
- $(use_with policykit polkit) |
308 |
- $(use_with qemu) |
309 |
- $(use_with qemu yajl) |
310 |
- $(use_with rbd storage-rbd) |
311 |
- $(use_with sasl) |
312 |
- $(use_with selinux) |
313 |
- $(use_with systemd systemd-daemon) |
314 |
- $(usex systemd --with-init-script=systemd '') |
315 |
- $(use_with udev) |
316 |
- $(use_with uml) |
317 |
- $(use_with vepa virtualport) |
318 |
- $(use_with virt-network network) |
319 |
- $(use_with wireshark-plugins wireshark-dissector) |
320 |
- $(use_with xen) |
321 |
- $(use_with xen xen-inotify) |
322 |
- $(usex xen --with-libxl '') |
323 |
- |
324 |
- --without-hal |
325 |
- --without-netcf |
326 |
- --without-sanlock |
327 |
- --without-xenapi |
328 |
- --with-esx |
329 |
- --with-qemu-group=$(usex caps qemu root) |
330 |
- --with-qemu-user=$(usex caps qemu root) |
331 |
- --with-remote |
332 |
- --with-storage-fs |
333 |
- --with-vmware |
334 |
- |
335 |
- --disable-static |
336 |
- --disable-werror |
337 |
- |
338 |
- --with-html-subdir=${PF}/html |
339 |
- --localstatedir=/var |
340 |
- ) |
341 |
- |
342 |
- if use virtualbox && has_version app-emulation/virtualbox-ose; then |
343 |
- myeconfargs+=( --with-vbox=/usr/lib/virtualbox-ose/ ) |
344 |
- else |
345 |
- myeconfargs+=( $(use_with virtualbox vbox) ) |
346 |
- fi |
347 |
- |
348 |
- autotools-utils_src_configure |
349 |
- |
350 |
- if [[ ${PV} = *9999* ]]; then |
351 |
- # Restore gnulib's config.sub and config.guess |
352 |
- # bug #377279 |
353 |
- (cd .gnulib && git reset --hard > /dev/null) |
354 |
- fi |
355 |
-} |
356 |
- |
357 |
-src_test() { |
358 |
- # Explicitly allow parallel build of tests |
359 |
- export VIR_TEST_DEBUG=1 |
360 |
- HOME="${T}" emake check || die "tests failed" |
361 |
-} |
362 |
- |
363 |
-src_install() { |
364 |
- autotools-utils_src_compile install \ |
365 |
- DESTDIR="${D}" \ |
366 |
- SYSTEMD_UNIT_DIR="$(systemd_get_unitdir)" |
367 |
- |
368 |
- find "${D}" -name '*.la' -delete || die |
369 |
- |
370 |
- # Remove bogus, empty directories. They are either not used, or |
371 |
- # libvirtd is able to create them on demand |
372 |
- rm -rf "${D}"/etc/sysconfig |
373 |
- rm -rf "${D}"/var/cache |
374 |
- rm -rf "${D}"/var/run |
375 |
- rm -rf "${D}"/var/log |
376 |
- |
377 |
- use libvirtd || return 0 |
378 |
- # From here, only libvirtd-related instructions, be warned! |
379 |
- |
380 |
- use systemd && systemd_install_serviced \ |
381 |
- "${FILESDIR}"/libvirtd.service.conf libvirtd.service |
382 |
- |
383 |
- systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf |
384 |
- |
385 |
- newinitd "${S}/libvirtd.init" libvirtd || die |
386 |
- newinitd "${FILESDIR}/libvirt-guests.init-r1" libvirt-guests || die |
387 |
- newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die |
388 |
- |
389 |
- newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd || die |
390 |
- newconfd "${FILESDIR}/libvirt-guests.confd" libvirt-guests || die |
391 |
- |
392 |
- DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r1") |
393 |
- DISABLE_AUTOFORMATTING=true |
394 |
- readme.gentoo_create_doc |
395 |
-} |
396 |
- |
397 |
-pkg_preinst() { |
398 |
- # we only ever want to generate this once |
399 |
- if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
400 |
- rm -rf "${D}"/etc/libvirt/qemu/networks/default.xml |
401 |
- fi |
402 |
-} |
403 |
- |
404 |
-pkg_postinst() { |
405 |
- if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then |
406 |
- touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml |
407 |
- fi |
408 |
- |
409 |
- use libvirtd || return 0 |
410 |
- # From here, only libvirtd-related instructions, be warned! |
411 |
- |
412 |
- if [[ -n ${REPLACING_VERSIONS} ]] && ! version_is_at_least 1.2.18-r2 ${REPLACING_VERSIONS} ]]; then |
413 |
- FORCE_PRINT_ELOG=true |
414 |
- fi |
415 |
- |
416 |
- DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r1") |
417 |
- DISABLE_AUTOFORMATTING=true |
418 |
- readme.gentoo_print_elog |
419 |
-} |