app-emulation/xen: security bump, fix XSA-145,146,147,148,149,150,151,152

Gentoo bug: #564472 Package-Manager: portage-2.2.23
author: Yixun Lan <dlan@gentoo.org> 2015-11-05 15:24:31 +0800
committer: Yixun Lan <dlan@gentoo.org> 2015-11-05 15:36:11 +0800
commit: 736aa0d84c189c09c147ba38c9d947f97b320344 (patch)
tree: 4f7d323684add0e3c6b19254740ef8135e9e0eab /app-emulation/xen
parent: dev-ruby/listen: add 3.0.4 (diff)
download: gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.tar.gz
gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.tar.bz2
gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.zip
4 files changed, 362 insertions, 6 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 62bc2ca78a10..dc873deae0c4 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -1,5 +1,9 @@
+DIST xen-4.2.5-upstream-patches-10.tar.xz 41428 SHA256 b29ce85b049420838c3386b67184f4ba56794846d056837fa780ae89a80b40d0 SHA512 9e8046e27506d864e2d69728897cbba3eea1dd5ca748a3febb722901c5a67cca2ab49bb420071292538bd0345023fa337eb2d176b9ca05ca6bce47562f6710ec WHIRLPOOL 29e534ef6b951cf220a3a9476d1f76ac344bfc5c74998f2b472ec83cbe4781746298272e3c1fe8661a838cbc7d734d2730de6a1e9985b8a60f40c98f54449e2a
 DIST xen-4.2.5-upstream-patches-9.tar.xz 23208 SHA256 2206e9a8aeeed207abbae995c5d2baa14d5f0da4120ae44f2de733ecf7ea5af1 SHA512 8a2edaba48002449a521edf2ae078ffe1b3db4f491a85b063886a147a0be3ec7fdb819ce84c90cdae80ed34c10ab2d637506700be10052a67be6ef128fa40fb1 WHIRLPOOL 037820e0fad60d1f7ed054efa797585c992d08f1ffd533705c515ad289f8cdddc72b97f2a3d75ebd683c6bb6988d7285452b4f3cebbe9a879f701156e387ff3b
 DIST xen-4.2.5.tar.gz 15671925 SHA256 3cf440866315e8085050eb0586f0447b6b47a08dbed6a72226bf5ed5d89ec567 SHA512 42c0fc241952fc55fc44480fb6752b004b54ae40e946159ec047adf229b65cbfbd810271d01b064ad8fdbddb73c640dcdcb6bc19f91e8968829889c129920dac WHIRLPOOL 762a91c0111892b33e6bd3e7f7714709b04697ad7c2b0919fef6cc9570a343a77fd5a2b82833e75dac9d12d4e41acdcf0743b0d593595910ddd326f5cd721368
 DIST xen-4.5.1.tar.gz 18410400 SHA256 668c11d4fca67ac44329e369f810356eacd37b28d28fb96e66aac77f3c5e1371 SHA512 9436243e26bc64bc836a179abdc3a6b1b6fa9d3f2170453092c18be71fa62e18cd4465a9154c0f28a7ac8d69d08361ba1defef240a51197f058c012c3855ba04 WHIRLPOOL 71d8559f86683dd9fb3eb09d3f602de227f281fbd3c8cc258bfdb67c425d9e7c4d21cb0284c123e4263262c1b821fea6d28109861ce60d627f6426d352808d99
+DIST xen-4.5.2.tar.gz 18416220 SHA256 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8 SHA512 e0ce01a5356c254bfde48fae0b0e005c42c1615a7ccf4c1ba7dcf90784777b53995e9a9ae4575e3f19ef341014b34cb8c06e39d68be359f7fd69830501a144dd WHIRLPOOL b50ce28e58d8419915f7f85de7ab23128719fa07c54f28165c4ba864ffe57230230fa7cb61dd2ed7608b8bc178a072124aedc30c61a45fb8b745fc616715219b
+DIST xen-4.6.0-upstream-patches-0.tar.xz 19280 SHA256 8ef2d139f86cb52d2208a17c974e5a85356183ee359ab4b91882067548806e0c SHA512 9fde8d9def1d75e50c10069af7f9fea4b5b6992b7089eb554e1e2a4c78dd080f2977128d0dd541eeb735b951e7d6614a07101f7703457e7743ac6b3be962cdfe WHIRLPOOL 861c7f150811912422f6f5eb77437744d1456740a43bef3dfd88a2e6d6836c0e8460b788ccd4f14a7144652d65a825c08aa984ec4240b2b1ac6d09237695d19d
 DIST xen-4.6.0.tar.gz 19694350 SHA256 6fa1c2431df55aa5950d248e6093b8c8c0f11c357a0adbd348a2186478e80909 SHA512 b4b02f306ffea360f539dd8c231b2f58c00c3638fdb665cb659c7291b475b40f1075bc59d49a6144767729e57b8bc40a1cfd9030d61de2b8fa4ac97d43655c2b WHIRLPOOL d3f01183440ca1875b6e850bd116db0c382383433e50c0902d3268e9e36b39d184fc65e925bdb5363ef4ca7a232fee15b4749c89baf789137b8a8248565c75a8
 DIST xen-security-patches-3.tar.xz 17028 SHA256 fb6301beb9a5c2d1e5d4de8783d8670e382b1bef48ec61e73d2d9be6901d289f SHA512 787fee8f7822577c6de91c4cf4d56d0e73ce46bac5524537ff66a718b6d7eae9d362265515743e8577b2c75f2841baed9837f71467b3b7b91a3111220da5f236 WHIRLPOOL 5c136289e654776bf918fe125fbecba7dac0929b236f7ae8158026a6bd6be12bc786a5ec96cb4022c18a5e7ffde82155deb57eb9639600e4c42c9c209f4a2ed6
+DIST xen-security-patches-7.tar.xz 22604 SHA256 e831c71f830316f452eb8645a5e7ca497264587aa8b353945fd9535f485166e3 SHA512 051769f4118f5c6d5d961759f547526d3fb0e86a4c1dee265a7f0224f10a88e2217b5b5fcf8dbfc706a1ec3c8d1632ab688d3f70dfd89d830261dc7391dd41c2 WHIRLPOOL 8e6dfb4e1700a07e3e3207b67afaddc5d6aa6fd84db9b3e76bd9ff54f682740fed01070e5860bb5378d50903d5777b55dff88eb3444d45bdd63dba657889393d
diff --git a/app-emulation/xen/xen-4.2.5-r12.ebuild b/app-emulation/xen/xen-4.2.5-r12.ebuild
new file mode 100644
index 000000000000..838d501901a0
--- /dev/null
+++ b/app-emulation/xen/xen-4.2.5-r12.ebuild
@@ -0,0 +1,170 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+if [[ $PV == *9999 ]]; then
+	KEYWORDS=""
+	REPO="xen-unstable.hg"
+	EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
+	S="${WORKDIR}/${REPO}"
+	live_eclass="mercurial"
+else
+	KEYWORDS="~amd64 ~x86"
+	UPSTREAM_VER=10
+	SECURITY_VER=7
+	GENTOO_VER=
+
+	[[ -n ${UPSTREAM_VER} ]] && \
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+	[[ -n ${SECURITY_VER} ]] && \
+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
+	[[ -n ${GENTOO_VER} ]] && \
+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
+		${UPSTREAM_PATCHSET_URI}
+		${SECURITY_PATCHSET_URI}
+		${GENTOO_PATCHSET_URI}"
+fi
+
+inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask pae xsm"
+
+DEPEND="${PYTHON_DEPS}
+	efi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="
+	flask? ( xsm )
+	"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use flask ; then
+		export "XSM_ENABLE=y"
+		export "FLASK_ENABLE=y"
+	elif use xsm ; then
+		export "XSM_ENABLE=y"
+	fi
+}
+
+src_prepare() {
+	# Upstream's patchset
+	if [[ -n ${UPSTREAM_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+		EPATCH_OPTS="-p1" \
+			epatch "${WORKDIR}"/patches-upstream
+	fi
+
+	if [[ -n ${SECURITY_VER} ]]; then
+		einfo "Try to apply Xen Security patcheset"
+		source "${WORKDIR}"/patches-security/${PV}.conf
+		# apply main xen patches
+		for i in ${XEN_SECURITY_MAIN}; do
+			EPATCH_SUFFIX="patch" \
+			EPATCH_FORCE="yes" \
+				epatch "${WORKDIR}"/patches-security/xen/$i
+		done
+	fi
+
+	# Gentoo's patchset
+	if [[ -n ${GENTOO_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+			epatch "${WORKDIR}"/patches-gentoo
+	fi
+
+	# Drop .config and fix gcc-4.6
+	epatch  "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch
+
+	if use efi; then
+		epatch "${FILESDIR}"/${PN}-4.2-efi.patch
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="boot"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+		# try and remove all the default custom-cflags
+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+			-i {} \; || die "failed to re-set custom-cflags"
+	fi
+
+	# not strictly necessary to fix this
+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+
+	epatch_user
+}
+
+src_configure() {
+	use debug && myopt="${myopt} debug=y"
+	use pae && myopt="${myopt} pae=y"
+
+	if use custom-cflags; then
+		filter-flags -fPIE -fstack-protector
+		replace-flags -O3 -O2
+	else
+		unset CFLAGS
+	fi
+}
+
+src_compile() {
+	# Send raw LDFLAGS so that --as-needed works
+	emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+	use pae && myopt="${myopt} pae=y"
+
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use efi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " https://wiki.gentoo.org/wiki/Xen"
+	elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+	use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+}
diff --git a/app-emulation/xen/xen-4.5.2.ebuild b/app-emulation/xen/xen-4.5.2.ebuild
new file mode 100644
index 000000000000..36287e621cf3
--- /dev/null
+++ b/app-emulation/xen/xen-4.5.2.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${PV/_/-}
+
+if [[ $PV == *9999 ]]; then
+	KEYWORDS=""
+	EGIT_REPO_URI="git://xenbits.xen.org/${PN}.git"
+	live_eclass="git-2"
+else
+	KEYWORDS="~amd64 ~arm ~arm64 -x86"
+	UPSTREAM_VER=
+	SECURITY_VER=
+	GENTOO_VER=
+
+	[[ -n ${UPSTREAM_VER} ]] && \
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+	[[ -n ${SECURITY_VER} ]] && \
+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
+	[[ -n ${GENTOO_VER} ]] && \
+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
+		${UPSTREAM_PATCHSET_URI}
+		${SECURITY_PATCHSET_URI}
+		${GENTOO_PATCHSET_URI}"
+
+fi
+
+inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask xsm"
+
+DEPEND="${PYTHON_DEPS}
+	efi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="flask? ( xsm )
+	arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		elif use arm; then
+			export XEN_TARGET_ARCH="arm32"
+		elif use arm64; then
+			export XEN_TARGET_ARCH="arm64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use flask ; then
+		export "XSM_ENABLE=y"
+		export "FLASK_ENABLE=y"
+	elif use xsm ; then
+		export "XSM_ENABLE=y"
+	fi
+}
+
+src_prepare() {
+	# Upstream's patchset
+	if [[ -n ${UPSTREAM_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+		EPATCH_OPTS="-p1" \
+			epatch "${WORKDIR}"/patches-upstream
+	fi
+
+	if [[ -n ${SECURITY_VER} ]]; then
+		einfo "Try to apply Xen Security patcheset"
+		source "${WORKDIR}"/patches-security/${PV}.conf
+		# apply main xen patches
+		for i in ${XEN_SECURITY_MAIN}; do
+			EPATCH_SUFFIX="patch" \
+			EPATCH_FORCE="yes" \
+				epatch "${WORKDIR}"/patches-security/xen/$i
+		done
+	fi
+
+	# Gentoo's patchset
+	if [[ -n ${GENTOO_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+			epatch "${WORKDIR}"/patches-gentoo
+	fi
+
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
+
+	if use efi; then
+		epatch "${FILESDIR}"/${PN}-4.5-efi.patch
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="boot"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+		# try and remove all the default custom-cflags
+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+			-i {} \; || die "failed to re-set custom-cflags"
+	fi
+
+	# remove -Werror for gcc-4.6's sake
+	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+		xargs sed -i 's/ *-Werror */ /'
+	# not strictly necessary to fix this
+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+
+	epatch_user
+}
+
+src_configure() {
+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+	use debug && myopt="${myopt} debug=y"
+
+	if use custom-cflags; then
+		filter-flags -fPIE -fstack-protector
+		replace-flags -O3 -O2
+	else
+		unset CFLAGS
+	fi
+}
+
+src_compile() {
+	# Send raw LDFLAGS so that --as-needed works
+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use efi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " https://wiki.gentoo.org/wiki/Xen"
+	elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+}
diff --git a/app-emulation/xen/xen-4.6.0.ebuild b/app-emulation/xen/xen-4.6.0-r1.ebuild
index 4deb661ada54..960df2a83983 100644
--- a/app-emulation/xen/xen-4.6.0.ebuild
+++ b/app-emulation/xen/xen-4.6.0-r1.ebuild
@@ -15,7 +15,7 @@ if [[ $PV == *9999 ]]; then
 	live_eclass="git-2"
 else
 	KEYWORDS="~amd64 ~arm ~arm64 -x86"
-	UPSTREAM_VER=
+	UPSTREAM_VER=0
 	SECURITY_VER=
 	GENTOO_VER=
 
@@ -91,12 +91,15 @@ src_prepare() {
 			epatch "${WORKDIR}"/patches-upstream
 	fi
 
-	# Security patchset
 	if [[ -n ${SECURITY_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-		EPATCH_OPTS="-p1" \
-			epatch "${WORKDIR}/patches-security/${PV}"
+		einfo "Try to apply Xen Security patcheset"
+		source "${WORKDIR}"/patches-security/${PV}.conf
+		# apply main xen patches
+		for i in ${XEN_SECURITY_MAIN}; do
+			EPATCH_SUFFIX="patch" \
+			EPATCH_FORCE="yes" \
+				epatch "${WORKDIR}"/patches-security/xen/$i
+		done
 	fi
 
 	# Gentoo's patchset
author	Yixun Lan <dlan@gentoo.org>	2015-11-05 15:24:31 +0800
committer	Yixun Lan <dlan@gentoo.org>	2015-11-05 15:36:11 +0800
commit	736aa0d84c189c09c147ba38c9d947f97b320344 (patch)
tree	4f7d323684add0e3c6b19254740ef8135e9e0eab /app-emulation/xen
parent	dev-ruby/listen: add 3.0.4 (diff)
download	gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.tar.gz gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.tar.bz2 gentoo-736aa0d84c189c09c147ba38c9d947f97b320344.zip