diff options
| author |   Ian Delaney <idella4@gentoo.org> | 2013-06-26 06:36:22 +0000 |
|---|---|---|
| committer | Ian Delaney <idella4@gentoo.org> | 2013-06-26 06:36:22 +0000 |
| commit | 898e79786de93c540da84b0527ec8fbdb9072613 (patch) | |
| tree | 51e6d80917b8f5fd93ae69d21e040bbe2d0e0ec1 /app-emulation/xen | |
| parent | Stable on arm, wrt bug #472862 (diff) | |
| download | historical-898e79786de93c540da84b0527ec8fbdb9072613.tar.gz historical-898e79786de93c540da84b0527ec8fbdb9072613.tar.bz2 historical-898e79786de93c540da84b0527ec8fbdb9072613.zip | |
revbump; add security patches XSA-52to54, remove old
Package-Manager: portage-2.1.11.63/cvs/Linux x86_64
Manifest-Sign-Key: 0xB8072B0D
Diffstat (limited to 'app-emulation/xen')
| -rw-r--r-- | app-emulation/xen/ChangeLog | 11 | ||||
| -rw-r--r-- | app-emulation/xen/Manifest | 28 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch | 127 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.0-r1.ebuild | 129 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.0-r2.ebuild | 143 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.1-r4.ebuild (renamed from app-emulation/xen/xen-4.2.1-r2.ebuild) | 8 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.2-r1.ebuild (renamed from app-emulation/xen/xen-4.2.1-r1.ebuild) | 27 |
7 files changed, 171 insertions, 302 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog index 6c5cf5799e78..bcda3dc2ac70 100644 --- a/app-emulation/xen/ChangeLog +++ b/app-emulation/xen/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-emulation/xen # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.119 2013/05/23 17:47:21 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.120 2013/06/26 06:35:38 idella4 Exp $ + +*xen-4.2.1-r4 (26 Jun 2013) +*xen-4.2.2-r1 (26 Jun 2013) + + 26 Jun 2013; Ian Delaney <idella4@gentoo.org> + +files/xen-4.2-2013-2076-XSA-52to54.patch, +xen-4.2.1-r4.ebuild, + +xen-4.2.2-r1.ebuild, -xen-4.2.0-r1.ebuild, -xen-4.2.0-r2.ebuild, + -xen-4.2.1-r1.ebuild, -xen-4.2.1-r2.ebuild: + revbump; add security patches XSA-52to54, remove old 23 May 2013; Agostino Sarubbo <ago@gentoo.org> xen-4.2.1-r3.ebuild: Stable for x86, wrt bug #464724 diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest index d1e729296c8b..986f822908ac 100644 --- a/app-emulation/xen/Manifest +++ b/app-emulation/xen/Manifest @@ -1,5 +1,5 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 +Hash: SHA256 AUX xen-4-CVE-2012-4535-XSA-20.patch 2030 SHA256 29e7078646f54139fd1ab3aac0c06a62f1d195a00c879069f6b82832877147c1 SHA512 8a1a27bcf489a04e148ce383feb61e6c179ed31ed1c3891b794e62978dc1d12d2b12ed1002cd109b8e8bf9e96ef7a80281a610281528d7f08e2e7a487181c76e WHIRLPOOL 03f1dbdccdd7f83e2342fbba060b120e6ab0c6596462ff815e89a9c235b069f7d4f7ffce5ae244f7fc41bff7d772a1413bd8906895246f2b7878f7cd155294f5 AUX xen-4-CVE-2012-4537-XSA-22.patch 1752 SHA256 69a27d51cb18a6cedaeaf79114aa8022256cc315cc0af3d9461891faf84bf4a1 SHA512 0898376b5ef11599119e58ee1c8ad4942c695fb0e0c0a85f387aabbb057819d37c400c15aab762bb6a035fef816e8834dc7a277b8a7bc84c2aeeed154269f1c8 WHIRLPOOL 1056156ea955d1a612a5b61c59c214480eddee9522ea53e132a1fc5841589e194ea0c5f9ce952bd224ed8a74a81e684ab50cb5912344b43281f1cf129b4f05b7 @@ -26,32 +26,20 @@ AUX xen-4-CVE-2013-1918-XSA-45_7.patch 8129 SHA256 7fca1b6025d6ac1a444333b2fe138 AUX xen-4-CVE-2013-1920-XSA-47.patch 865 SHA256 c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7 SHA512 aac646828703eb1f4cf9a94a29eec4901c7fcc37e86e06f60530bee40259bd789d1749d844b341aeda307bc5860f72375618cc169819fef5778679789703d7cb WHIRLPOOL e28573979c54c3374fbb141aff1bc51fd159d5a9bab4548d0ab316fbf88116924d9c812592405399c44ba0d86e4fcb9bb021cddfa82e8ef1c09fe4dc380649fc AUX xen-4-fix_dotconfig-gcc.patch 1525 SHA256 943119cde08d16d05a927a85fb54ee4cee323cb4870dd0d90a552051fedc9907 SHA512 aa507594d96159c4e01ccfc4781f9afe7b6fe125c9df5925128c002f28fdf04999954b523cc53c6d7eaa49cb6e05120605f4e7d6f8bab6d5718d73a60b5accea WHIRLPOOL 6f4395203199b8037363ed56256e12f426f0c26f449c5e4a001c5454370a0e412f18cd03099866c30592ee0413556b85b3c374efb7172212db37ff3891c004af AUX xen-4.1.1-iommu_sec_fix.patch 2851 SHA256 3a0ab3cb5c18db91f4be457cbba36189a558da7b794e1a35795f4fed3d48a7c8 SHA512 832ecee2dedeb13c3cc61298fa9dacd131623c84c06fa9d4ecbcc6be97d660c3fa025ae61654e0f31396b50d917de3c2ca77262ed18e006ec281a707a6cf662d WHIRLPOOL f787685f52f4bd27fa11e80f8025c4ea90cf831610d9ae69d34bb0eaee7a34017d7aa7868935e1936bc868503892ae923d8fdfc8eafea5fab8f33765452ea371 +AUX xen-4.2-2013-2076-XSA-52to54.patch 5214 SHA256 47c6609b32e6cebb73070a8b5767dc3bf44f2a73c8a5a1bfe41bbc9ac86981c1 SHA512 9f1a7fec53bf2d07667f0cb9a209cf3013e75b2881c5cae78ec5c3584994bb674034c77b9acbf5947c9d798276d50f2a5c09683afcae27741227abfb819e5ca9 WHIRLPOOL 53a62257456f8cdf8363dfafec0321c02547d04d1e084dc9c57307afc152765f3ec20de3cdc74e62eda88932e6e1ae647c8d3820f9214d2630aba6d7c22d9416 AUX xen-4.2-efi.patch 2216 SHA256 0886961e2656fe7e140dd0ac0e6620d4c14ef0796b8f8889bda163e2a9f8db8b SHA512 ecaa4f1f1c3ca737931fe5343529708dfb7ec7040dbf2acf2b155e7c7f019ce3e2630ddb302213570a2647fe220dbf23eb6c28618d6b1be9161e25fcadd71cb4 WHIRLPOOL 63b56e22683b2755ae17e7871c1b535d750f655ff8c003979d039654f5ef3303457b5d4469f216c1744202d4d1f4561f7498c1d93171ab1110a93e3a2fa8db8d -DIST xen-4.2.0.tar.gz 15587687 SHA256 43f4a086e4e0330145a27b7ace8365c42b5afbc95cefadafe067be91bd3e5cfb SHA512 4fb56c79d722fb307bc657f16d02079c6636427e7650c4354193632d38d2d1db8e588f844ff0ca6e757c108ed639a528565ec9fc7c00bb4d5b6fbc9d122d8a70 WHIRLPOOL 369a109375864cb61920b56cf501522051d28513e738f0fd0e7b76244c3e08a8a0a6ff6cf245872d9bbd9c0f22c7da76c9cbc0f852bad6108ca25fd42dc677c0 DIST xen-4.2.1.tar.gz 15593695 SHA256 fb8df5827ce3e2d2d3b078d9e5afde502beb5e7ab9442e51a94087061bd450c6 SHA512 fe27a965e2b34035bd025482eda9fc4d4e82523c929323fd30813367d5ffbe2fa1ed3d7d4479f2632e8b5625972448b7bd6a7768e8dc1dcd1b6747d281cc1a9e WHIRLPOOL 226bbed059541e804f1a44e721023ffbc04bae43000653b1d7d6a9bfec0d9efbf7a48b1b0a7ad3fcb8e34f8b91e1c620c2a8eddf97baad487e9db37d49a58f37 DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea -EBUILD xen-4.2.0-r1.ebuild 3759 SHA256 653466405aa3b25fdcb8c6fed8c7022caacef8a837b2d58c379db8ddb76e58f6 SHA512 fec682dbc7e353cbf5c6063592b806815c2f86dbd30e36e09cfc650ed684687fd3cb67ecc54973d341aaf12c1776614ddf596571d5312278bad95a363a236e5e WHIRLPOOL 297608eed32ebd51c60667f78c571d3502344836e5814146ea644dce27b6fd9ccbf6b877b206d8828f531e2147aeb2a2355ba7bad03e7081b9f8c397c0ebaeb0 -EBUILD xen-4.2.0-r2.ebuild 4205 SHA256 596df6fa129783c5c9dcb9622c57c37915753a9e627db6b8d77e249d94b8697f SHA512 857573a4d7be031937446a0b6c81268439a2bf30c2f2f71cd353a3360a37cca8f7e629a0974f2509b7e6d61878729d40e17a4efe9ae88b7d310a9e80612a840b WHIRLPOOL ec55e9a0088f0e6f19b375f6d9cfc90dbe33c486454b245576167f671a6a4c0f46e20508610cea57fedc4b621626e694de18b7ef37fd201e8f90136d6872358f -EBUILD xen-4.2.1-r1.ebuild 3305 SHA256 9086561438e45f57aa191812aeaa1e6e2bc83ad2cbc2427be277f1bb619416d8 SHA512 ff50c7e57000706d5eb1d27c9dc982263f574fd70223f697cdaed73aac5e4ac69a0d686cf726d329a1ce666e873b50ccc9b1e54f9e236d9640a2d89f8708cff2 WHIRLPOOL edcf3161dee1dea5c512d57bdd628ee58417836b5c8263f854faee7022f35d5b1ad5482151576ba8e09f678b868713564c5fffc291c8b88fdada07edec07d83b -EBUILD xen-4.2.1-r2.ebuild 3748 SHA256 513f717f34a063724b93473b479c4ce3f5f5bef0445a81174e4fd72aa71c8c5f SHA512 8ecaeeaf72e9ebf8d4f797cf3de48ea23772e6c350179d8f52992fe723e5777bb6d50b94dca37487fcdfde451a9b99b4b818a9b2359f95ccbb7ce191030f92a8 WHIRLPOOL a93f9709f574c1d60819d7badb20b43d2d1b8047d6a32cddd4f64314d549f7532a9912072287fa58b0c0a572211739c6c512957a741ef7904129c2d5d7aed9d3 EBUILD xen-4.2.1-r3.ebuild 3907 SHA256 ace85557032eb28f26864e605a1a0352f5fed640f0fab2209f40226ac87fad7d SHA512 9a9365854a6e3a19b08c922d3ebc090837ec56143c8e3042e842a10eeb6eb0219b67c834b48125fb565be25a389775ee320d71d68bb34350e84157addf451002 WHIRLPOOL aee03c45b3823a3a569f5a018ebaa52106968c370bdf53adee54901dfc0bb3d58a7a3238de7182ab1e3774384467e0380ff2adb489b800c3a5bb26b16ff797a2 +EBUILD xen-4.2.1-r4.ebuild 3964 SHA256 fbf536ef9a9f4ca296748527bcb739612cbaa3b2fc2c2b8464a39dc45d00735c SHA512 46d6239a2f33f0daf8733a4bc975997113a5a99571279917b1f4a94ea3b1631a5d037ea5ff23c87046401e31758beaf194d3543c3936249c693b88c4c8c5733d WHIRLPOOL d167b2e3784ff93bb17734440a798fe60d0665cfe3d144857d1133e406314fb269aaad580e6960bcce18e380f0398101d4d09510785b437dee823ea4def59e9d +EBUILD xen-4.2.2-r1.ebuild 3685 SHA256 48a96ebbdd65a1174f41e738db085d1581c31c0797a4526791619937d21a460a SHA512 51c427a2aba5666d2ac3fcbb65cbcfb407249ca711fcaf4c1293bf4af74005de78869c8a5658f2eb4454486b1af1b50452f9da770ac40c81761821b760463871 WHIRLPOOL 0bc2f36296ac3c3a7b08c76f7da07c7aa077477e4e5cf84b244e9224d9627ae8ec384644c331842fbc364d22c2031645b66476a7635f1bda8333e4e8aa5dfc84 EBUILD xen-4.2.2.ebuild 3628 SHA256 2b067a70912c9175eb62985f7ad84ffda90e8d8ebbc0e9151505e0a0b955ee0e SHA512 fb24487c9097d38171394c31ecad1742beb25bced43968ffe476d6a2f48f845ef457d2f80857195f21633dffd0729720be45b60312994a06f900d8b7b41dfb82 WHIRLPOOL 4449646a949d23438c0ab2fd554e43dde6ac0cb469f84eee8782e40e6ab1b4c70a7eb213c9afab7eeec1dd36e7931338fd85457fed2972935eb86750ac54575d -MISC ChangeLog 21156 SHA256 6d0f1dc34ed1e801e6ccb1dde6dca95091af387a626f2caeeeeba6dd40cddd4e SHA512 396c2e09b70f4ca400ea26ae3a1f926c83bb05f42d3c7271563812769b09016d1af20c56eae961b6df6d27ca2a93581f87238cd04f6f2b2d9632160e65c1b3f5 WHIRLPOOL 3682462c5026be3dc619fd131d4c31cd9f6a49357d29bc39f885d983d211eb0f3a7794d0bf7f9b6ae614a6393ea47d59abdf71a8e1ac51070a2cf0218c9999ce +MISC ChangeLog 21502 SHA256 33dab4d279ace60eeadd10b93b2079093ec0bc7bfefe7176ddf7fd450fff238d SHA512 f7bbda9722dd5d4298bc6b3dd7945f2b900dc593e30915ef1d393fb6075e23b7acd669b3912cbe5cbfc502263ffb4692cc8eaeff6158192e4a58601086c29597 WHIRLPOOL ed40205bd56061aaccb6901648f78c2dd03070ebbcd73b04e56e05bb0f0b0ba0ccf8d35d137faa33ebc6885d2ae3b96045980951d24ab7fe5fe8770537c11fef MISC metadata.xml 572 SHA256 0f510aa5a7261b30e5eff6961fa9dd95b19db63e0eea93cfad1d47460318ba07 SHA512 8bbca8d353aa3b556783bddd4822b97c0372b169edb89ff2907a00895e014ff9dba9e8efccf04f45de8a69ce63849505455e9735c224700d1ebf93aa3f097ac5 WHIRLPOOL 1f5517720776198868cf5a0165b9daf2ee48187bde4ad4d86533c65898da608bde779289df7ef83eaf076e0ce284607fc21f61fc3ca0baaf86873ca400491d0e -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iQIcBAEBCgAGBQJRnlYlAAoJELp701BxlEWfcIcQAMcxuv7z3C8K1PVjxFFKzw+U -eZ2EoMo6CG7DIVvBd+7dbSV4cMvZa4kzjje21xEIGd1SAl6W+uo6ChTpUPRXfLKS -0hV+JSsyqIHgnVz9Z2DmwtgXd4QpWL/rSsyIBhwAyUVNl3GZnHJLAAS5E5iUX4ZE -XWC6L04kQtKlPY2ectweIJS2cGJA1iO6etudHT2PLPivJ9Krc/8Wy77um3m8gBmJ -tp0XPmdQy9KEf3jqfoOv3l/6NT0XNnjKf/w16cXeXd8bnh5Vrw29hL8dqQhqdIES -C+9MCTDkDP0JHtd94GRATj0JajvP69eOT8RZHLRmsM7jo1o0lfCJjpM23o36gpEJ -bwl4EIwqICoz1pXrZttMnKkf8lXDeViazYfbHTMd9SGilPl+TpE9eQ4mojF7e44d -cbhMR4QRLuN3tuaTXhm7jV+mm5B51JU3vikoUCYWkO3Mlmorm+DQbuG8RIqhSDON -JeJ2ESsYJYP6vYxdUkTqEDhfSdh3UBrtcbsyyWawtdjoLEiRQUC2ssQmMsssyCaf -NZdjIPMM0uRJOeKmtceJB+2r8MICxhiwv3QQT4l8YsWc3b2htfoxakNNk2S+YNw7 -vTDwusSRMV3MGFAFIjDfw/vMxX7dhMLDF0kYKdR2iZAdkaMRYQn09DNf0bjwM4XY -1HfFeur5UmTrnC1RQCD1 -=qMC8 +iEYEAREIAAYFAlHKi9MACgkQso7CE7gHKw36jQCeIdIHNPCUVOZ7OXOi/3nPruy7 +988An25VXSbRSOQ+8NqswYKsxdHDKuyw +=z67i -----END PGP SIGNATURE----- diff --git a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch new file mode 100644 index 000000000000..3dd9cbe14092 --- /dev/null +++ b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch @@ -0,0 +1,127 @@ +x86/xsave: fix information leak on AMD CPUs + +Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the +last instruction and operand pointers as well as the last opcode if +there's no pending unmasked exception (see CVE-2006-1056 and commit +9747:4d667a139318). + +While the FXSR solution sits in the save path, I prefer to have this in +the restore path because there the handling is simpler (namely in the +context of the pending changes to properly save the selector values for +32-bit guest code). + +Also this is using FFREE instead of EMMS, as it doesn't seem unlikely +that in the future we may see CPUs with x87 and SSE/AVX but no MMX +support. The goal here anyway is just to avoid an FPU stack overflow. +I would have preferred to use FFREEP instead of FFREE (freeing two +stack slots at once), but AMD doesn't document that instruction. + +This is CVE-2013-2076 / XSA-52. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -78,6 +78,21 @@ void xrstor(struct vcpu *v, uint64_t mas + + struct xsave_struct *ptr = v->arch.xsave_area; + ++ /* ++ * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception ++ * is pending. Clear the x87 state here by setting it to fixed ++ * values. The hypervisor data segment can be sometimes 0 and ++ * sometimes new user value. Both should be ok. Use the FPU saved ++ * data block as a safe address because it should be in L1. ++ */ ++ if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) && ++ !(ptr->fpu_sse.fsw & 0x0080) && ++ boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) ++ asm volatile ( "fnclex\n\t" /* clear exceptions */ ++ "ffree %%st(7)\n\t" /* clear stack tag */ ++ "fildl %0" /* load to clear state */ ++ : : "m" (ptr->fpu_sse) ); ++ + asm volatile ( + ".byte " REX_PREFIX "0x0f,0xae,0x2f" + : +#x86/xsave: recover from faults on XRSTOR +# +#Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed +#to it in the memory block (i.e. aspects not under the control of the +#hypervisor, other than e.g. proper alignment of the block). +# +#Also correct the comment explaining why FXRSTOR needs exception +#recovery code to not wrongly state that this can only be a result of +#the control tools passing a bad image. +# +#This is CVE-2013-2077 / XSA-53. +# +#Signed-off-by: Jan Beulich <jbeulich@suse.com> +# +--- a/xen/arch/x86/i387.c ++++ b/xen/arch/x86/i387.c +@@ -53,7 +53,7 @@ static inline void fpu_fxrstor(struct vc + /* + * FXRSTOR can fault if passed a corrupted data block. We handle this + * possibility, which may occur if the block was passed to us by control +- * tools, by silently clearing the block. ++ * tools or through VCPUOP_initialise, by silently clearing the block. + */ + asm volatile ( + #ifdef __i386__ +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -93,10 +93,25 @@ void xrstor(struct vcpu *v, uint64_t mas + "fildl %0" /* load to clear state */ + : : "m" (ptr->fpu_sse) ); + +- asm volatile ( +- ".byte " REX_PREFIX "0x0f,0xae,0x2f" +- : +- : "m" (*ptr), "a" (lmask), "d" (hmask), "D"(ptr) ); ++ /* ++ * XRSTOR can fault if passed a corrupted data block. We handle this ++ * possibility, which may occur if the block was passed to us by control ++ * tools or through VCPUOP_initialise, by silently clearing the block. ++ */ ++ asm volatile ( "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" ++ ".section .fixup,\"ax\"\n" ++ "2: mov %5,%%ecx \n" ++ " xor %1,%1 \n" ++ " rep stosb \n" ++ " lea %2,%0 \n" ++ " mov %3,%1 \n" ++ " jmp 1b \n" ++ ".previous \n" ++ _ASM_EXTABLE(1b, 2b) ++ : "+&D" (ptr), "+&a" (lmask) ++ : "m" (*ptr), "g" (lmask), "d" (hmask), ++ "m" (xsave_cntxt_size) ++ : "ecx" ); + } + + bool_t xsave_enabled(const struct vcpu *v) +#x86/xsave: properly check guest input to XSETBV +# +#Other than the HVM emulation path, the PV case so far failed to check +#that YMM state requires SSE state to be enabled, allowing for a #GP to +#occur upon passing the inputs to XSETBV inside the hypervisor. +# +#This is CVE-2013-2078 / XSA-54. +# +#Signed-off-by: Jan Beulich <jbeulich@suse.com> +# +--- a/xen/arch/x86/traps.c ++++ b/xen/arch/x86/traps.c +@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct + if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) ) + goto fail; + ++ /* YMM state takes SSE state as prerequisite. */ ++ if ( (xfeature_mask & new_xfeature & XSTATE_YMM) && ++ !(new_xfeature & XSTATE_SSE) ) ++ goto fail; ++ + v->arch.xcr0 = new_xfeature; + v->arch.xcr0_accum |= new_xfeature; + set_xcr0(new_xfeature); diff --git a/app-emulation/xen/xen-4.2.0-r1.ebuild b/app-emulation/xen/xen-4.2.0-r1.ebuild deleted file mode 100644 index b6e3ff0a2602..000000000000 --- a/app-emulation/xen/xen-4.2.0-r1.ebuild +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.0-r1.ebuild,v 1.8 2013/02/24 08:23:59 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="amd64 x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug flask pae xsm" - -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}[${PYTHON_USEDEP}]" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " -pkg_setup() { - python-single-r1_pkg_setup - - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config, fix gcc-4.6 - epatch "${FILESDIR}"/${PN}-4-fix_dotconfig-gcc.patch - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-4535-XSA-20.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4537-XSA-22.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4538-XSA-23.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4539-XSA-24.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5510-XSA-26.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5513-XSA-29.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5514-XSA-30.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5515-XSA-31.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5525-XSA-32.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-27_34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" -} diff --git a/app-emulation/xen/xen-4.2.0-r2.ebuild b/app-emulation/xen/xen-4.2.0-r2.ebuild deleted file mode 100644 index e83b9431fb8b..000000000000 --- a/app-emulation/xen/xen-4.2.0-r2.ebuild +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.0-r2.ebuild,v 1.4 2013/03/08 10:33:14 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="~amd64 ~x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -REDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}[${PYTHON_USEDEP}]" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm )" - -pkg_setup() { - python-single-r1_pkg_setup - - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config, fix gcc-4.6 - epatch "${FILESDIR}"/${PN}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-4535-XSA-20.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4537-XSA-22.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4538-XSA-23.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4539-XSA-24.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5510-XSA-26.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5513-XSA-29.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5514-XSA-30.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5515-XSA-31.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5525-XSA-32.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-27_34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - #The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.2.1-r2.ebuild b/app-emulation/xen/xen-4.2.1-r4.ebuild index b7951e923e0f..db3194ea0ecd 100644 --- a/app-emulation/xen/xen-4.2.1-r2.ebuild +++ b/app-emulation/xen/xen-4.2.1-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r2.ebuild,v 1.4 2013/03/08 10:33:14 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r4.ebuild,v 1.1 2013/06/26 06:35:38 idella4 Exp $ EAPI=5 @@ -90,7 +90,11 @@ src_prepare() { #Security patches epatch "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch + "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-0153-XSA-36.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-1917-XSA-44.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ + "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52.patch } src_configure() { diff --git a/app-emulation/xen/xen-4.2.1-r1.ebuild b/app-emulation/xen/xen-4.2.2-r1.ebuild index e492bc681466..27a3eb9d060d 100644 --- a/app-emulation/xen/xen-4.2.1-r1.ebuild +++ b/app-emulation/xen/xen-4.2.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r1.ebuild,v 1.4 2013/02/24 08:23:59 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r1.ebuild,v 1.1 2013/06/26 06:35:38 idella4 Exp $ EAPI=5 @@ -21,11 +21,12 @@ inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} DESCRIPTION="The Xen virtual machine monitor" HOMEPAGE="http://xen.org/" - LICENSE="GPL-2" SLOT="0" -IUSE="custom-cflags debug flask pae xsm" +IUSE="custom-cflags debug efi flask pae xsm" +DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] ) + !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" RDEPEND="" PDEPEND="~app-emulation/xen-tools-${PV}" @@ -64,6 +65,12 @@ src_prepare() { # Drop .config and fix gcc-4.6 epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch + if use efi; then + epatch "${FILESDIR}"/${PN}-4.2-efi.patch + export EFI_VENDOR="gentoo" + export EFI_MOUNTPOINT="boot" + fi + # if the user *really* wants to use their own custom-cflags, let them if use custom-cflags; then einfo "User wants their own CFLAGS - removing defaults" @@ -81,9 +88,9 @@ src_prepare() { sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch + epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ + "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch + epatch_user } src_configure() { @@ -100,7 +107,7 @@ src_configure() { src_compile() { # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} } src_install() { @@ -108,6 +115,11 @@ src_install() { use debug && myopt="${myopt} debug=y" use pae && myopt="${myopt} pae=y" + # The 'make install' doesn't 'mkdir -p' the subdirs + if use efi; then + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die + fi + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install } @@ -117,4 +129,5 @@ pkg_postinst() { elog " http://en.gentoo-wiki.com/wiki/Xen/" use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" + use efi && einfo "The efi executable is installed in boot/efi/gentoo" } |