diff options
| author |   Ian Delaney <idella4@gentoo.org> | 2013-01-30 09:09:01 +0000 |
|---|---|---|
| committer | Ian Delaney <idella4@gentoo.org> | 2013-01-30 09:09:01 +0000 |
| commit | f06b594d727ff33279d3bb077ca1af0243a5fe54 (patch) | |
| tree | d173d9a4d779966c3eb2a6469d6a54c1ebcfda67 /app-emulation/xen-tools/files | |
| parent | sci-chemistry/pymol-plugins-promol: Move to new python eclasses, #453574 (diff) | |
| download | gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.tar.gz gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.tar.bz2 gentoo-2-f06b594d727ff33279d3bb077ca1af0243a5fe54.zip | |
revbump;-4.2.0-r3; adjustments to DEPS, implementation of ocaml flag courtesy of user known as 'a.m' wrt Bug #447716, reconstitution of ipxe-nopie with subsequent add of -4-add-nopie.patch, new use ocaml added and implemented (possible to rename), sed statements reduced to patches, 2 sec. patches applied, build & install of docs corrected/upgrade. 4.2.1-r1; changes mirrored those to 4.2.0-r3, add of 1 valid sec. patch. Drop un-needed -3.4.2-as-needed.patch
(Portage version: 2.1.11.40/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'app-emulation/xen-tools/files')
7 files changed, 682 insertions, 21 deletions
diff --git a/app-emulation/xen-tools/files/ipxe-nopie.patch b/app-emulation/xen-tools/files/ipxe-nopie.patch index 3de06dc89f7e..86dc9a32ad2b 100644 --- a/app-emulation/xen-tools/files/ipxe-nopie.patch +++ b/app-emulation/xen-tools/files/ipxe-nopie.patch @@ -4,8 +4,8 @@ * /tools/firmware/etherboot/patches/ipxe-nopie.patche New patch * /tools/firmware/etherboot/patches/series Add ipxe-nopie.patch ---- a/tools/firmware/etherboot/patches/ipxe-nopie.patch 1970-01-01 01:00:00.000000000 +0100 -+++ b/tools/firmware/etherboot/patches/ipxe-nopie.patch 2011-03-27 17:45:13.929697782 +0200 +#--- tools/firmware/etherboot/patches/ipxe-nopie.patch 1970-01-01 01:00:00.000000000 +0100 +#+++ tools/firmware/etherboot/patches/ipxe-nopie.patch 2011-03-27 17:45:13.929697782 +0200 @@ -0,0 +1,11 @@ +--- ipxe/src/Makefile~ 2011-03-27 17:41:52.000000000 +0200 ++++ ipxe/src/Makefile 2011-03-27 17:43:20.869446433 +0200 @@ -18,9 +18,3 @@ + ASFLAGS := + LDFLAGS := + MAKEDEPS := Makefile ---- a/tools/firmware/etherboot/patches/series 2011-03-25 11:42:50.000000000 +0100 -+++ b/tools/firmware/etherboot/patches/series 2011-03-27 17:45:45.140446216 +0200 -build_fix_1.patch -build_fix_2.patch -build_fix_3.patch -+ipxe-nopie.patch diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch b/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch new file mode 100644 index 000000000000..35b9338341cf --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-CVE-2012-4544-XSA-25.patch @@ -0,0 +1,369 @@ + +# HG changeset patch +# User Ian Jackson <Ian.Jackson@eu.citrix.com> +# Date 1351264255 -3600 +# Node ID 537776f51f79c5789d06f97b363596a197c3e71c +# Parent 40ccbee890e1fc053de3046bbc3d13b8ff6f5d63 +libxc: builder: limit maximum size of kernel/ramdisk. + +Allowing user supplied kernels of arbitrary sizes, especially during +decompression, can swallow up dom0 memory leading to either virtual +address space exhaustion in the builder process or allocation +failures/OOM killing of both toolstack and unrelated processes. + +We disable these checks when building in a stub domain for pvgrub +since this uses the guest's own memory and is isolated. + +Decompression of gzip compressed kernels and ramdisks has been safe +since 14954:58205257517d (Xen 3.1.0 onwards). + +This is XSA-25 / CVE-2012-4544. + +Also make explicit checks for buffer overflows in various +decompression routines. These were already ruled out due to other +properties of the code but check them as a belt-and-braces measure. + +Signed-off-by: Ian Campbell <ian.campbell@citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> + +diff -r 40ccbee890e1 -r 537776f51f79 stubdom/grub/kexec.c +--- stubdom/grub/kexec.c Thu Oct 25 15:36:32 2012 +0200 ++++ stubdom/grub/kexec.c Fri Oct 26 16:10:55 2012 +0100 +@@ -137,6 +137,10 @@ void kexec(void *kernel, long kernel_siz + dom = xc_dom_allocate(xc_handle, cmdline, features); + dom->allocate = kexec_allocate; + ++ /* We are using guest owned memory, therefore no limits. */ ++ xc_dom_kernel_max_size(dom, 0); ++ xc_dom_ramdisk_max_size(dom, 0); ++ + dom->kernel_blob = kernel; + dom->kernel_size = kernel_size; + +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom.h +--- tools/libxc/xc_dom.h Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom.h Fri Oct 26 16:10:55 2012 +0100 +@@ -55,6 +55,9 @@ struct xc_dom_image { + void *ramdisk_blob; + size_t ramdisk_size; + ++ size_t max_kernel_size; ++ size_t max_ramdisk_size; ++ + /* arguments and parameters */ + char *cmdline; + uint32_t f_requested[XENFEAT_NR_SUBMAPS]; +@@ -180,6 +183,23 @@ void xc_dom_release_phys(struct xc_dom_i + void xc_dom_release(struct xc_dom_image *dom); + int xc_dom_mem_init(struct xc_dom_image *dom, unsigned int mem_mb); + ++/* Set this larger if you have enormous ramdisks/kernels. Note that ++ * you should trust all kernels not to be maliciously large (e.g. to ++ * exhaust all dom0 memory) if you do this (see CVE-2012-4544 / ++ * XSA-25). You can also set the default independently for ++ * ramdisks/kernels in xc_dom_allocate() or call ++ * xc_dom_{kernel,ramdisk}_max_size. ++ */ ++#ifndef XC_DOM_DECOMPRESS_MAX ++#define XC_DOM_DECOMPRESS_MAX (1024*1024*1024) /* 1GB */ ++#endif ++ ++int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz); ++int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz); ++ ++int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz); ++int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz); ++ + size_t xc_dom_check_gzip(xc_interface *xch, + void *blob, size_t ziplen); + int xc_dom_do_gunzip(xc_interface *xch, +@@ -240,7 +260,8 @@ void xc_dom_log_memory_footprint(struct + void *xc_dom_malloc(struct xc_dom_image *dom, size_t size); + void *xc_dom_malloc_page_aligned(struct xc_dom_image *dom, size_t size); + void *xc_dom_malloc_filemap(struct xc_dom_image *dom, +- const char *filename, size_t * size); ++ const char *filename, size_t * size, ++ const size_t max_size); + char *xc_dom_strdup(struct xc_dom_image *dom, const char *str); + + /* --- alloc memory pool ------------------------------------------- */ +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_bzimageloader.c +--- tools/libxc/xc_dom_bzimageloader.c Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom_bzimageloader.c Fri Oct 26 16:10:55 2012 +0100 +@@ -47,13 +47,19 @@ static int xc_try_bzip2_decode( + char *out_buf; + char *tmp_buf; + int retval = -1; +- int outsize; ++ unsigned int outsize; + uint64_t total; + + stream.bzalloc = NULL; + stream.bzfree = NULL; + stream.opaque = NULL; + ++ if ( dom->kernel_size == 0) ++ { ++ DOMPRINTF("BZIP2: Input is 0 size"); ++ return -1; ++ } ++ + ret = BZ2_bzDecompressInit(&stream, 0, 0); + if ( ret != BZ_OK ) + { +@@ -66,6 +72,17 @@ static int xc_try_bzip2_decode( + * the input buffer to start, and we'll realloc as needed. + */ + outsize = dom->kernel_size; ++ ++ /* ++ * stream.avail_in and outsize are unsigned int, while kernel_size ++ * is a size_t. Check we aren't overflowing. ++ */ ++ if ( outsize != dom->kernel_size ) ++ { ++ DOMPRINTF("BZIP2: Input too large"); ++ goto bzip2_cleanup; ++ } ++ + out_buf = malloc(outsize); + if ( out_buf == NULL ) + { +@@ -98,13 +115,20 @@ static int xc_try_bzip2_decode( + if ( stream.avail_out == 0 ) + { + /* Protect against output buffer overflow */ +- if ( outsize > INT_MAX / 2 ) ++ if ( outsize > UINT_MAX / 2 ) + { + DOMPRINTF("BZIP2: output buffer overflow"); + free(out_buf); + goto bzip2_cleanup; + } + ++ if ( xc_dom_kernel_check_size(dom, outsize * 2) ) ++ { ++ DOMPRINTF("BZIP2: output too large"); ++ free(out_buf); ++ goto bzip2_cleanup; ++ } ++ + tmp_buf = realloc(out_buf, outsize * 2); + if ( tmp_buf == NULL ) + { +@@ -172,9 +196,15 @@ static int _xc_try_lzma_decode( + unsigned char *out_buf; + unsigned char *tmp_buf; + int retval = -1; +- int outsize; ++ size_t outsize; + const char *msg; + ++ if ( dom->kernel_size == 0) ++ { ++ DOMPRINTF("%s: Input is 0 size", what); ++ return -1; ++ } ++ + /* sigh. We don't know up-front how much memory we are going to need + * for the output buffer. Allocate the output buffer to be equal + * the input buffer to start, and we'll realloc as needed. +@@ -244,13 +274,20 @@ static int _xc_try_lzma_decode( + if ( stream->avail_out == 0 ) + { + /* Protect against output buffer overflow */ +- if ( outsize > INT_MAX / 2 ) ++ if ( outsize > SIZE_MAX / 2 ) + { + DOMPRINTF("%s: output buffer overflow", what); + free(out_buf); + goto lzma_cleanup; + } + ++ if ( xc_dom_kernel_check_size(dom, outsize * 2) ) ++ { ++ DOMPRINTF("%s: output too large", what); ++ free(out_buf); ++ goto lzma_cleanup; ++ } ++ + tmp_buf = realloc(out_buf, outsize * 2); + if ( tmp_buf == NULL ) + { +@@ -359,6 +396,12 @@ static int xc_try_lzo1x_decode( + 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a + }; + ++ /* ++ * lzo_uint should match size_t. Check that this is the case to be ++ * sure we won't overflow various lzo_uint fields. ++ */ ++ XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t)); ++ + ret = lzo_init(); + if ( ret != LZO_E_OK ) + { +@@ -438,6 +481,14 @@ static int xc_try_lzo1x_decode( + if ( src_len <= 0 || src_len > dst_len || src_len > left ) + break; + ++ msg = "Output buffer overflow"; ++ if ( *size > SIZE_MAX - dst_len ) ++ break; ++ ++ msg = "Decompressed image too large"; ++ if ( xc_dom_kernel_check_size(dom, *size + dst_len) ) ++ break; ++ + msg = "Failed to (re)alloc memory"; + tmp_buf = realloc(out_buf, *size + dst_len); + if ( tmp_buf == NULL ) +diff -r 40ccbee890e1 -r 537776f51f79 tools/libxc/xc_dom_core.c +--- tools/libxc/xc_dom_core.c Thu Oct 25 15:36:32 2012 +0200 ++++ tools/libxc/xc_dom_core.c Fri Oct 26 16:10:55 2012 +0100 +@@ -159,7 +159,8 @@ void *xc_dom_malloc_page_aligned(struct + } + + void *xc_dom_malloc_filemap(struct xc_dom_image *dom, +- const char *filename, size_t * size) ++ const char *filename, size_t * size, ++ const size_t max_size) + { + struct xc_dom_mem *block = NULL; + int fd = -1; +@@ -171,6 +172,13 @@ void *xc_dom_malloc_filemap(struct xc_do + lseek(fd, 0, SEEK_SET); + *size = lseek(fd, 0, SEEK_END); + ++ if ( max_size && *size > max_size ) ++ { ++ xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY, ++ "tried to map file which is too large"); ++ goto err; ++ } ++ + block = malloc(sizeof(*block)); + if ( block == NULL ) + goto err; +@@ -222,6 +230,40 @@ char *xc_dom_strdup(struct xc_dom_image + } + + /* ------------------------------------------------------------------------ */ ++/* decompression buffer sizing */ ++int xc_dom_kernel_check_size(struct xc_dom_image *dom, size_t sz) ++{ ++ /* No limit */ ++ if ( !dom->max_kernel_size ) ++ return 0; ++ ++ if ( sz > dom->max_kernel_size ) ++ { ++ xc_dom_panic(dom->xch, XC_INVALID_KERNEL, ++ "kernel image too large"); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++int xc_dom_ramdisk_check_size(struct xc_dom_image *dom, size_t sz) ++{ ++ /* No limit */ ++ if ( !dom->max_ramdisk_size ) ++ return 0; ++ ++ if ( sz > dom->max_ramdisk_size ) ++ { ++ xc_dom_panic(dom->xch, XC_INVALID_KERNEL, ++ "ramdisk image too large"); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++/* ------------------------------------------------------------------------ */ + /* read files, copy memory blocks, with transparent gunzip */ + + size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen) +@@ -235,7 +277,7 @@ size_t xc_dom_check_gzip(xc_interface *x + + gzlen = blob + ziplen - 4; + unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0]; +- if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */ ++ if ( (unziplen < 0) || (unziplen > XC_DOM_DECOMPRESS_MAX) ) + { + xc_dom_printf + (xch, +@@ -288,6 +330,9 @@ int xc_dom_try_gunzip(struct xc_dom_imag + if ( unziplen == 0 ) + return 0; + ++ if ( xc_dom_kernel_check_size(dom, unziplen) ) ++ return 0; ++ + unzip = xc_dom_malloc(dom, unziplen); + if ( unzip == NULL ) + return -1; +@@ -588,6 +633,9 @@ struct xc_dom_image *xc_dom_allocate(xc_ + memset(dom, 0, sizeof(*dom)); + dom->xch = xch; + ++ dom->max_kernel_size = XC_DOM_DECOMPRESS_MAX; ++ dom->max_ramdisk_size = XC_DOM_DECOMPRESS_MAX; ++ + if ( cmdline ) + dom->cmdline = xc_dom_strdup(dom, cmdline); + if ( features ) +@@ -608,10 +656,25 @@ struct xc_dom_image *xc_dom_allocate(xc_ + return NULL; + } + ++int xc_dom_kernel_max_size(struct xc_dom_image *dom, size_t sz) ++{ ++ DOMPRINTF("%s: kernel_max_size=%zx", __FUNCTION__, sz); ++ dom->max_kernel_size = sz; ++ return 0; ++} ++ ++int xc_dom_ramdisk_max_size(struct xc_dom_image *dom, size_t sz) ++{ ++ DOMPRINTF("%s: ramdisk_max_size=%zx", __FUNCTION__, sz); ++ dom->max_ramdisk_size = sz; ++ return 0; ++} ++ + int xc_dom_kernel_file(struct xc_dom_image *dom, const char *filename) + { + DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename); +- dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size); ++ dom->kernel_blob = xc_dom_malloc_filemap(dom, filename, &dom->kernel_size, ++ dom->max_kernel_size); + if ( dom->kernel_blob == NULL ) + return -1; + return xc_dom_try_gunzip(dom, &dom->kernel_blob, &dom->kernel_size); +@@ -621,7 +684,9 @@ int xc_dom_ramdisk_file(struct xc_dom_im + { + DOMPRINTF("%s: filename=\"%s\"", __FUNCTION__, filename); + dom->ramdisk_blob = +- xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size); ++ xc_dom_malloc_filemap(dom, filename, &dom->ramdisk_size, ++ dom->max_ramdisk_size); ++ + if ( dom->ramdisk_blob == NULL ) + return -1; + // return xc_dom_try_gunzip(dom, &dom->ramdisk_blob, &dom->ramdisk_size); +@@ -781,7 +846,11 @@ int xc_dom_build_image(struct xc_dom_ima + void *ramdiskmap; + + unziplen = xc_dom_check_gzip(dom->xch, dom->ramdisk_blob, dom->ramdisk_size); ++ if ( xc_dom_ramdisk_check_size(dom, unziplen) != 0 ) ++ unziplen = 0; ++ + ramdisklen = unziplen ? unziplen : dom->ramdisk_size; ++ + if ( xc_dom_alloc_segment(dom, &dom->ramdisk_seg, "ramdisk", 0, + ramdisklen) != 0 ) + goto err; + + diff --git a/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch b/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch new file mode 100644 index 000000000000..7513ac3d5cba --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-CVE-2012-6075-XSA-41.patch @@ -0,0 +1,39 @@ +authorMichael Contreras <michael@inetric.com> + Mon, 3 Dec 2012 04:11:22 +0000 (20:11 -0800) +committerAnthony Liguori <aliguori@us.ibm.com> + Mon, 3 Dec 2012 14:14:10 +0000 (08:14 -0600) + +The e1000_receive function for the e1000 needs to discard packets longer than +1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes +this behavior and allocates memory based on this assumption. + +Signed-off-by: Michael Contreras <michael@inetric.com> +Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> +hw/e1000.c + +--- tools/qemu-xen/hw/e1000.c ++++ tools/qemu-xen/hw/e1000.c +@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); + #define PNPMMIO_SIZE 0x20000 + #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ + ++/* this is the size past which hardware will drop packets when setting LPE=0 */ ++#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 ++ + /* + * HW models: + * E1000_DEV_ID_82540EM works with Windows and Linux +@@ -805,6 +808,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) + size = sizeof(min_buf); + } + ++ /* Discard oversized packets if !LPE and !SBP. */ ++ if (size > MAXIMUM_ETHERNET_VLAN_SIZE ++ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE) ++ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { ++ return size; ++ } ++ + if (!receive_filter(s, buf, size)) + return size; + diff --git a/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch b/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch new file mode 100644 index 000000000000..4e08a30f323e --- /dev/null +++ b/app-emulation/xen-tools/files/xen-4-fix_dotconfig-gcc.patch @@ -0,0 +1,245 @@ +# Fix gcc-4.6 +diff -ur xen-4.2.0.orig/extras/mini-os/minios.mk xen-4.2.0/extras/mini-os/minios.mk +--- extras/mini-os/minios.mk 2012-09-17 18:21:17.000000000 +0800 ++++ extras/mini-os/minios.mk 2012-12-05 14:01:10.653260260 +0800 +@@ -6,7 +6,7 @@ + + # Define some default flags. + # NB. '-Wcast-qual' is nasty, so I omitted it. +-DEF_CFLAGS += -fno-builtin -Wall -Werror -Wredundant-decls -Wno-format -Wno-redundant-decls ++DEF_CFLAGS += -fno-builtin -Wall -Wredundant-decls -Wno-format -Wno-redundant-decls + DEF_CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,) + DEF_CFLAGS += $(call cc-option,$(CC),-fgnu89-inline) + DEF_CFLAGS += -Wstrict-prototypes -Wnested-externs -Wpointer-arith -Winline +diff -ur xen-4.2.0.orig/tools/libxc/Makefile xen-4.2.0/tools/libxc/Makefile +--- tools/libxc/Makefile 2012-09-17 18:21:18.000000000 +0800 ++++ tools/libxc/Makefile 2012-12-05 14:01:10.653260260 +0800 +@@ -73,7 +73,7 @@ + + -include $(XEN_TARGET_ARCH)/Makefile + +-CFLAGS += -Werror -Wmissing-prototypes ++CFLAGS += -Wmissing-prototypes + CFLAGS += -I. $(CFLAGS_xeninclude) + + # Needed for posix_fadvise64() in xc_linux.c +# Drop .config +diff -ur xen-4.2.0.orig/Config.mk xen-4.2.0/Config.mk +--- Config.mk 2012-09-17 18:23:12.000000000 +0800 ++++ Config.mk 2012-12-05 14:01:10.641260261 +0800 +@@ -7,7 +7,6 @@ Drop .config + # fallback for older make + realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))"))) + +--include $(XEN_ROOT)/.config + + # A debug build of Xen and tools? + debug ?= n +@@ -24,7 +24,7 @@ + + # Tools to run on system hosting the build + HOSTCC = gcc +-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer ++HOSTCFLAGS = -Wstrict-prototypes -O2 -fomit-frame-pointer + HOSTCFLAGS += -fno-strict-aliasing + + DISTDIR ?= $(XEN_ROOT)/dist +@@ -156,7 +156,7 @@ + + CFLAGS += -std=gnu99 + +-CFLAGS += -Wall -Wstrict-prototypes ++CFLAGS += -Wstrict-prototypes + + # Clang complains about macros that expand to 'if ( ( foo == bar ) ) ...' + # and is over-zealous with the printf format lint +diff -ur xen-4.2.1.orig/tools/blktap2/drivers/Makefile xen-4.2.1/tools/blktap2/drivers/Makefile +--- tools/blktap2/drivers/Makefile 2012-12-17 23:00:11.000000000 +0800 ++++ tools/blktap2/drivers/Makefile 2013-01-30 12:31:43.539941099 +0800 +@@ -9,7 +9,7 @@ + LOCK_UTIL = lock-util + INST_DIR = $(SBINDIR) + +-CFLAGS += -Werror -g ++CFLAGS += -g + CFLAGS += -Wno-unused + CFLAGS += -fno-strict-aliasing + CFLAGS += -I$(BLKTAP_ROOT)/include -I$(BLKTAP_ROOT)/drivers +diff -ur xen-4.2.1.orig/tools/debugger/gdbsx/Rules.mk xen-4.2.1/tools/debugger/gdbsx/Rules.mk +--- tools/debugger/gdbsx/Rules.mk 2012-12-17 23:00:22.000000000 +0800 ++++ tools/debugger/gdbsx/Rules.mk 2013-01-30 12:31:43.516941098 +0800 +@@ -1,4 +1,4 @@ + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror -Wmissing-prototypes ++CFLAGS += -Wmissing-prototypes + # (gcc 4.3x and later) -Wconversion -Wno-sign-conversion +diff -ur xen-4.2.1.orig/tools/debugger/xenitp/Makefile xen-4.2.1/tools/debugger/xenitp/Makefile +--- tools/debugger/xenitp/Makefile 2012-12-17 23:00:22.000000000 +0800 ++++ tools/debugger/xenitp/Makefile 2013-01-30 12:31:43.516941098 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-#CFLAGS += -Werror -g -O0 ++#CFLAGS += -g -O0 + + CFLAGS += $(CFLAGS_libxenctrl) + +diff -ur xen-4.2.1.orig/tools/libaio/harness/Makefile xen-4.2.1/tools/libaio/harness/Makefile +--- tools/libaio/harness/Makefile 2012-12-17 23:00:35.000000000 +0800 ++++ tools/libaio/harness/Makefile 2013-01-30 12:31:43.541941099 +0800 +@@ -4,7 +4,7 @@ + HARNESS_SRCS:=main.c + # io_queue.c + +-CFLAGS=-Wall -Werror -g -O -laio ++CFLAGS=-Wall -g -O -laio + #-lpthread -lrt + + all: $(PROGS) +diff -ur xen-4.2.1.orig/tools/libfsimage/Rules.mk xen-4.2.1/tools/libfsimage/Rules.mk +--- tools/libfsimage/Rules.mk 2012-12-17 23:00:36.000000000 +0800 ++++ tools/libfsimage/Rules.mk 2013-01-30 12:31:43.515941097 +0800 +@@ -1,7 +1,7 @@ + include $(XEN_ROOT)/tools/Rules.mk + + CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" +-CFLAGS += -Werror -D_GNU_SOURCE ++CFLAGS += -D_GNU_SOURCE + LDFLAGS += -L../common/ + + PIC_OBJS := $(patsubst %.c,%.opic,$(LIB_SRCS-y)) +diff -ur xen-4.2.1.orig/tools/libxl/Makefile xen-4.2.1/tools/libxl/Makefile +--- tools/libxl/Makefile 2012-12-17 23:01:08.000000000 +0800 ++++ tools/libxl/Makefile 2013-01-30 12:31:43.541941099 +0800 +@@ -11,7 +11,7 @@ + XLUMAJOR = 1.0 + XLUMINOR = 1 + +-CFLAGS += -Werror -Wno-format-zero-length -Wmissing-declarations \ ++CFLAGS += -Wno-format-zero-length -Wmissing-declarations \ + -Wno-declaration-after-statement -Wformat-nonliteral + CFLAGS += -I. -fPIC + +diff -ur xen-4.2.1.orig/tools/qemu-xen/pc-bios/optionrom/Makefile xen-4.2.1/tools/qemu-xen/pc-bios/optionrom/Makefile +--- tools/qemu-xen/pc-bios/optionrom/Makefile 2012-09-11 02:10:52.000000000 +0800 ++++ tools/qemu-xen/pc-bios/optionrom/Makefile 2013-01-30 12:31:43.528941098 +0800 +@@ -9,7 +9,7 @@ + + .PHONY : all clean build-all + +-CFLAGS := -Wall -Wstrict-prototypes -Werror -fomit-frame-pointer -fno-builtin ++CFLAGS := -Wall -Wstrict-prototypes -fomit-frame-pointer -fno-builtin + CFLAGS += -I$(SRC_PATH) + CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector) + QEMU_CFLAGS = $(CFLAGS) +diff -ur xen-4.2.1.orig/tools/vtpm/Rules.mk xen-4.2.1/tools/vtpm/Rules.mk +--- tools/vtpm/Rules.mk 2012-12-17 23:01:35.000000000 +0800 ++++ tools/vtpm/Rules.mk 2013-01-30 12:31:43.515941097 +0800 +@@ -6,7 +6,7 @@ + # + + # General compiler flags +-CFLAGS = -Werror -g3 ++CFLAGS = -g3 + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-4.2.1.orig/tools/vtpm_manager/Rules.mk xen-4.2.1/tools/vtpm_manager/Rules.mk +--- tools/vtpm_manager/Rules.mk 2012-12-17 23:01:35.000000000 +0800 ++++ tools/vtpm_manager/Rules.mk 2013-01-30 12:31:43.511941097 +0800 +@@ -6,7 +6,7 @@ + # + + # General compiler flags +-CFLAGS = -Werror -g3 ++CFLAGS = -g3 + + # Generic project files + HDRS = $(wildcard *.h) +diff -ur xen-4.2.1.orig/tools/xenstat/xentop/Makefile xen-4.2.1/tools/xenstat/xentop/Makefile +--- tools/xenstat/xentop/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/xenstat/xentop/Makefile 2013-01-30 12:31:43.535941098 +0800 +@@ -18,7 +18,7 @@ + all install xentop: + else + +-CFLAGS += -DGCC_PRINTF -Wall -Werror $(CFLAGS_libxenstat) ++CFLAGS += -DGCC_PRINTF -Wall $(CFLAGS_libxenstat) + LDLIBS += $(LDLIBS_libxenstat) $(CURSES_LIBS) $(SOCKET_LIBS) + CFLAGS += -DHOST_$(XEN_OS) + +diff -ur xen-4.2.1.orig/xen/arch/arm/Rules.mk xen-4.2.1/xen/arch/arm/Rules.mk +--- xen/arch/arm/Rules.mk 2012-12-17 23:01:37.000000000 +0800 ++++ xen/arch/arm/Rules.mk 2013-01-30 12:31:43.498941097 +0800 +@@ -9,7 +9,7 @@ + HAS_DEVICE_TREE := y + + CFLAGS += -fno-builtin -fno-common -Wredundant-decls +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe + CFLAGS += -I$(BASEDIR)/include + + # Prevent floating-point variables from creeping into Xen. +diff -ur xen-4.2.1.orig/xen/arch/x86/Rules.mk xen-4.2.1/xen/arch/x86/Rules.mk +--- xen/arch/x86/Rules.mk 2012-12-17 23:01:37.000000000 +0800 ++++ xen/arch/x86/Rules.mk 2013-01-30 12:31:43.490941096 +0800 +@@ -24,7 +24,7 @@ + endif + + CFLAGS += -fno-builtin -fno-common -Wredundant-decls +-CFLAGS += -iwithprefix include -Werror -Wno-pointer-arith -pipe ++CFLAGS += -iwithprefix include -Wno-pointer-arith -pipe + CFLAGS += -I$(BASEDIR)/include + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-generic + CFLAGS += -I$(BASEDIR)/include/asm-x86/mach-default +diff -ur xen-4.2.1.orig/xen/include/Makefile xen-4.2.1/xen/include/Makefile +--- xen/include/Makefile 2012-12-17 23:01:55.000000000 +0800 ++++ xen/include/Makefile 2013-01-30 12:31:43.502941097 +0800 +@@ -78,7 +78,7 @@ + all: headers.chk + + headers.chk: $(filter-out public/arch-% public/%ctl.h public/xsm/% public/%hvm/save.h, $(wildcard public/*.h public/*/*.h) $(public-y)) Makefile +- for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -Werror -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new ++ for i in $(filter %.h,$^); do $(CC) -ansi -include stdint.h -Wall -W -S -o /dev/null -xc $$i || exit 1; echo $$i; done >$@.new + mv $@.new $@ + + endif +diff -ur xen-4.2.1.orig/tools/tests/mce-test/tools/Makefile xen-4.2.1/tools/tests/mce-test/tools/Makefile +--- tools/tests/mce-test/tools/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/mce-test/tools/Makefile 2013-01-30 13:01:44.890020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_libxenguest) + CFLAGS += $(CFLAGS_libxenstore) +diff -ur xen-4.2.1.orig/tools/tests/mem-sharing/Makefile xen-4.2.1/tools/tests/mem-sharing/Makefile +--- tools/tests/mem-sharing/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/mem-sharing/Makefile 2013-01-30 13:01:44.890020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_xeninclude) +diff -ur xen-4.2.1.orig/tools/tests/xen-access/Makefile xen-4.2.1/tools/tests/xen-access/Makefile +--- tools/tests/xen-access/Makefile 2012-12-17 23:01:35.000000000 +0800 ++++ tools/tests/xen-access/Makefile 2013-01-30 13:01:44.891020152 +0800 +@@ -1,7 +1,7 @@ + XEN_ROOT=$(CURDIR)/../../.. + include $(XEN_ROOT)/tools/Rules.mk + +-CFLAGS += -Werror ++CFLAGS += + + CFLAGS += $(CFLAGS_libxenctrl) + CFLAGS += $(CFLAGS_libxenguest) + diff --git a/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch b/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch deleted file mode 100644 index 5d973732fb31..000000000000 --- a/app-emulation/xen-tools/files/xen-tools-3.4.2-as-needed.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- xen-3.4.2.orig/tools/libxc/Makefile 2009-11-10 16:12:56.000000000 +0100 -+++ xen-3.4.2/tools/libxc/Makefile 2009-12-12 18:46:27.547714651 +0100 -@@ -167,9 +167,8 @@ - xc_dom_bzimageloader.o: CFLAGS += $(call zlib-options,D) - xc_dom_bzimageloader.opic: CFLAGS += $(call zlib-options,D) - --libxenguest.so.$(MAJOR).$(MINOR): LDFLAGS += $(call zlib-options,l) - libxenguest.so.$(MAJOR).$(MINOR): $(GUEST_PIC_OBJS) libxenctrl.so -- $(CC) $(CFLAGS) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_CFLAGS) -o $@ $(GUEST_PIC_OBJS) -lz -lxenctrl $(PTHREAD_LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,$(SONAME_LDFLAG) -Wl,libxenguest.so.$(MAJOR) $(SHLIB_CFLAGS) -o $@ $(GUEST_PIC_OBJS) -lz -lxenctrl $(PTHREAD_LIBS) $(call zlib-options,l) - - -include $(DEPS) - diff --git a/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch b/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch new file mode 100644 index 000000000000..0d8f8237a7f1 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4-add-nopie.patch @@ -0,0 +1,15 @@ +2011-10-22 Ralf Glauberman <ralfglauberman@gmx.de> + + #360805 Don't compile ipxe with pie on hardened. + * /tools/firmware/etherboot/patches/ipxe-nopie.patche New patch +Reconstituted patch; Tue Jan 29 14:35:13 WST 2013 + +diff -ur xen-4.2.0.orig/tools/firmware/etherboot/patches/series xen-4.2.0/tools/firmware/etherboot/patches/series +--- tools/firmware/etherboot/patches/series 2013-01-29 14:34:10.773520921 +0800 ++++ tools/firmware/etherboot/patches/series 2013-01-29 14:33:31.781519209 +0800 +@@ -2,3 +2,4 @@ + build_fix_1.patch + build_fix_2.patch + build_fix_3.patch ++ipxe-nopie.patch + diff --git a/app-emulation/xen-tools/files/xen-tools-4-docfix.patch b/app-emulation/xen-tools/files/xen-tools-4-docfix.patch new file mode 100644 index 000000000000..c9205a4cab99 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4-docfix.patch @@ -0,0 +1,12 @@ +diff -ur xen-4.2.0.orig/tools/qemu-xen-traditional/Makefile xen-4.2.0/tools/qemu-xen-traditional/Makefile +--- xen-4.2.0.orig/tools/qemu-xen-traditional/Makefile 2012-09-07 00:05:30.000000000 +0800 ++++ xen-4.2.0/tools/qemu-xen-traditional/Makefile 2013-01-29 11:12:20.502989453 +0800 +@@ -275,7 +275,7 @@ + + # documentation + %.html: %.texi +- texi2html -monolithic -number $< ++ texi2html -monolithic $< + + %.info: %.texi + makeinfo $< -o $@ |