diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2014-05-17 14:08:20 +0000 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2014-05-17 14:08:20 +0000 |
| commit | 67dbdbaf25e6b7709c92a11cf06f4371e08de656 (patch) | |
| tree | a2936a45a1ca0a693b08af281b4699b33d36c42d /app-emulation | |
| parent | Version bump (diff) | |
| download | gentoo-2-67dbdbaf25e6b7709c92a11cf06f4371e08de656.tar.gz gentoo-2-67dbdbaf25e6b7709c92a11cf06f4371e08de656.tar.bz2 gentoo-2-67dbdbaf25e6b7709c92a11cf06f4371e08de656.zip | |
tree clean old ebuilds
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-emulation')
| -rw-r--r-- | app-emulation/xen/ChangeLog | 12 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4-XSA-83.patch | 20 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.3-CVE-2013-4553-XSA-74.patch | 41 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch | 56 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.3-CVE-2014-263-XSA-84-85.patch | 188 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.3-XSA-87.patch | 23 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-4375-XSA-71.patch | 39 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-4494-XSA-73.patch | 105 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-4554-XSA-76.patch | 19 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch | 23 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-6400-XSA-80.patch | 72 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch | 46 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.3.ebuild | 154 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.4-r1.ebuild | 154 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.3.1-r5.ebuild | 144 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.3.2-r1.ebuild | 150 |
16 files changed, 11 insertions, 1235 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog index fcb23f303771..be2e00169a0e 100644 --- a/app-emulation/xen/ChangeLog +++ b/app-emulation/xen/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for app-emulation/xen # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.162 2014/05/17 13:34:02 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.163 2014/05/17 14:08:19 dlan Exp $ + + 17 May 2014; Yixun Lan <dlan@gentoo.org> -xen-4.2.3.ebuild, + -xen-4.2.4-r1.ebuild, -xen-4.3.1-r5.ebuild, -xen-4.3.2-r1.ebuild, + -files/xen-4-XSA-83.patch, -files/xen-4.3-CVE-2013-4553-XSA-74.patch, + -files/xen-4.3-CVE-2013-6375-XSA-75.patch, + -files/xen-4.3-CVE-2014-263-XSA-84-85.patch, -files/xen-4.3-XSA-87.patch, + -files/xen-CVE-2013-4375-XSA-71.patch, -files/xen-CVE-2013-4494-XSA-73.patch, + -files/xen-CVE-2013-4554-XSA-76.patch, -files/xen-CVE-2013-6375-XSA-78.patch, + -files/xen-CVE-2013-6400-XSA-80.patch, -files/xen-CVE-2013-6885-XSA-82.patch: + tree clean old ebuilds 17 May 2014; Agostino Sarubbo <ago@gentoo.org> xen-4.2.4-r2.ebuild: Stable for x86, wrt bug #509054 diff --git a/app-emulation/xen/files/xen-4-XSA-83.patch b/app-emulation/xen/files/xen-4-XSA-83.patch deleted file mode 100644 index 209c38b93d59..000000000000 --- a/app-emulation/xen/files/xen-4-XSA-83.patch +++ /dev/null @@ -1,20 +0,0 @@ -x86/irq: avoid use-after-free on error path in pirq_guest_bind() - -This is XSA-83. - -Coverity-ID: 1146952 -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru - printk(XENLOG_G_INFO - "Cannot bind IRQ%d to dom%d. Out of memory.\n", - pirq->pirq, v->domain->domain_id); -- rc = -ENOMEM; -- goto out; -+ return -ENOMEM; - } - - action = newaction; diff --git a/app-emulation/xen/files/xen-4.3-CVE-2013-4553-XSA-74.patch b/app-emulation/xen/files/xen-4.3-CVE-2013-4553-XSA-74.patch deleted file mode 100644 index 4c9c27c3b6a0..000000000000 --- a/app-emulation/xen/files/xen-4.3-CVE-2013-4553-XSA-74.patch +++ /dev/null @@ -1,41 +0,0 @@ -x86: restrict XEN_DOMCTL_getmemlist - -Coverity ID 1055652 - -(See the code comment.) - -This is CVE-2013-4553 / XSA-74. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/domctl.c -+++ b/xen/arch/x86/domctl.c -@@ -329,6 +329,26 @@ long arch_do_domctl( - break; - } - -+ /* -+ * XSA-74: This sub-hypercall is broken in several ways: -+ * - lock order inversion (p2m locks inside page_alloc_lock) -+ * - no preemption on huge max_pfns input -+ * - not (re-)checking d->is_dying with page_alloc_lock held -+ * - not honoring start_pfn input (which libxc also doesn't set) -+ * Additionally it is rather useless, as the result is stale by the -+ * time the caller gets to look at it. -+ * As it only has a single, non-production consumer (xen-mceinj), -+ * rather than trying to fix it we restrict it for the time being. -+ */ -+ if ( /* No nested locks inside copy_to_guest_offset(). */ -+ paging_mode_external(current->domain) || -+ /* Arbitrary limit capping processing time. */ -+ max_pfns > GB(4) / PAGE_SIZE ) -+ { -+ ret = -EOPNOTSUPP; -+ break; -+ } -+ - spin_lock(&d->page_alloc_lock); - - ret = i = 0; diff --git a/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch b/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch deleted file mode 100644 index 5db50cf53f3e..000000000000 --- a/app-emulation/xen/files/xen-4.3-CVE-2013-6375-XSA-75.patch +++ /dev/null @@ -1,56 +0,0 @@ -nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing - -Otherwise uninitialized data may be used, leading to crashes. - -This is XSA-75. - -Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1509,15 +1509,10 @@ static void clear_vvmcs_launched(struct - } - } - --int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) -+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs) - { - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); -- int rc; -- -- rc = vmx_inst_check_privilege(regs, 0); -- if ( rc != X86EMUL_OKAY ) -- return rc; - - /* check VMCS is valid and IO BITMAP is set */ - if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) && -@@ -1536,6 +1531,10 @@ int nvmx_handle_vmresume(struct cpu_user - struct vcpu *v = current; - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); -+ int rc = vmx_inst_check_privilege(regs, 0); -+ -+ if ( rc != X86EMUL_OKAY ) -+ return rc; - - if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) - { -@@ -1555,10 +1554,13 @@ int nvmx_handle_vmresume(struct cpu_user - int nvmx_handle_vmlaunch(struct cpu_user_regs *regs) - { - bool_t launched; -- int rc; - struct vcpu *v = current; - struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v); - struct nestedvmx *nvmx = &vcpu_2_nvmx(v); -+ int rc = vmx_inst_check_privilege(regs, 0); -+ -+ if ( rc != X86EMUL_OKAY ) -+ return rc; - - if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR ) - { - diff --git a/app-emulation/xen/files/xen-4.3-CVE-2014-263-XSA-84-85.patch b/app-emulation/xen/files/xen-4.3-CVE-2014-263-XSA-84-85.patch deleted file mode 100644 index 3c44c353c9fc..000000000000 --- a/app-emulation/xen/files/xen-4.3-CVE-2014-263-XSA-84-85.patch +++ /dev/null @@ -1,188 +0,0 @@ -From: Xen.org security team <security () xen org> -Date: Thu, 06 Feb 2014 14:18:48 +0000 - -flask: fix reading strings from guest memory - -Since the string size is being specified by the guest, we must range -check it properly before doing allocations based on it. While for the -two cases that are exposed only to trusted guests (via policy -restriction) this just uses an arbitrary upper limit (PAGE_SIZE), for -the FLASK_[GS]ETBOOL case (which any guest can use) the upper limit -gets enforced based on the longest name across all boolean settings. - -This is XSA-84. - -Reported-by: Matthew Daley <mattd@bugfuzz.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> -=================================================================== -From: Xen.org security team <security () xen org> -Date: Thu, 06 Feb 2014 12:38:51 +0000 - -From 593bc8c63d582ec0fc2b3a35336106cf9c3a8b34 Mon Sep 17 00:00:00 2001 -From: Matthew Daley <mattd@bugfuzz.com> -Date: Sun, 12 Jan 2014 14:29:32 +1300 -Subject: [PATCH] xsm/flask: correct off-by-one in - flask_security_avc_cachestats cpu id check - -This is XSA-85 - -Signed-off-by: Matthew Daley <mattd@bugfuzz.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Campbell <ian.campbell@citrix.com> ---- - xen/xsm/flask/flask_op.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c -index 4426ab9..22878f5 100644 ---- a/xen/xsm/flask/flask_op.c -+++ b/xen/xsm/flask/flask_op.c -@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(sel_sem); - /* global data for booleans */ - static int bool_num = 0; - static int *bool_pending_values = NULL; -+static size_t bool_maxstr; - static int flask_security_make_bools(void); - - extern int ss_initialized; -@@ -71,9 +72,15 @@ static int domain_has_security(struct do - perms, NULL); - } - --static int flask_copyin_string(XEN_GUEST_HANDLE_PARAM(char) u_buf, char **buf, uint32_t size) -+static int flask_copyin_string(XEN_GUEST_HANDLE_PARAM(char) u_buf, char **buf, -+ size_t size, size_t max_size) - { -- char *tmp = xmalloc_bytes(size + 1); -+ char *tmp; -+ -+ if ( size > max_size ) -+ return -ENOENT; -+ -+ tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - -@@ -99,7 +106,7 @@ static int flask_security_user(struct xe - if ( rv ) - return rv; - -- rv = flask_copyin_string(arg->u.user, &user, arg->size); -+ rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; - -@@ -210,7 +217,7 @@ static int flask_security_context(struct - if ( rv ) - return rv; - -- rv = flask_copyin_string(arg->context, &buf, arg->size); -+ rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; - -@@ -303,7 +310,7 @@ static int flask_security_resolve_bool(s - if ( arg->bool_id != -1 ) - return 0; - -- rv = flask_copyin_string(arg->name, &name, arg->size); -+ rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; - -@@ -334,7 +341,7 @@ static int flask_security_set_bool(struc - int num; - int *values; - -- rv = security_get_bools(&num, NULL, &values); -+ rv = security_get_bools(&num, NULL, &values, NULL); - if ( rv != 0 ) - goto out; - -@@ -440,7 +447,7 @@ static int flask_security_make_bools(voi - - xfree(bool_pending_values); - -- ret = security_get_bools(&num, NULL, &values); -+ ret = security_get_bools(&num, NULL, &values, &bool_maxstr); - if ( ret != 0 ) - goto out; - -@@ -457,7 +457,7 @@ static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg) - { - struct avc_cache_stats *st; - -- if ( arg->cpu > nr_cpu_ids ) -+ if ( arg->cpu >= nr_cpu_ids ) - return -ENOENT; - if ( !cpu_online(arg->cpu) ) - return -ENOENT; --- -1.8.5.2 ---- a/xen/xsm/flask/include/conditional.h -+++ b/xen/xsm/flask/include/conditional.h -@@ -13,7 +13,9 @@ - #ifndef _FLASK_CONDITIONAL_H_ - #define _FLASK_CONDITIONAL_H_ - --int security_get_bools(int *len, char ***names, int **values); -+#include <xen/types.h> -+ -+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr); - - int security_set_bools(int len, int *values); - ---- a/xen/xsm/flask/ss/services.c -+++ b/xen/xsm/flask/ss/services.c -@@ -1850,7 +1850,7 @@ int security_find_bool(const char *name) - return rv; - } - --int security_get_bools(int *len, char ***names, int **values) -+int security_get_bools(int *len, char ***names, int **values, size_t *maxstr) - { - int i, rc = -ENOMEM; - -@@ -1858,6 +1858,8 @@ int security_get_bools(int *len, char ** - if ( names ) - *names = NULL; - *values = NULL; -+ if ( maxstr ) -+ *maxstr = 0; - - *len = policydb.p_bools.nprim; - if ( !*len ) -@@ -1879,16 +1881,17 @@ int security_get_bools(int *len, char ** - - for ( i = 0; i < *len; i++ ) - { -- size_t name_len; -+ size_t name_len = strlen(policydb.p_bool_val_to_name[i]); -+ - (*values)[i] = policydb.bool_val_to_struct[i]->state; - if ( names ) { -- name_len = strlen(policydb.p_bool_val_to_name[i]) + 1; -- (*names)[i] = (char*)xmalloc_array(char, name_len); -+ (*names)[i] = xmalloc_array(char, name_len + 1); - if ( !(*names)[i] ) - goto err; -- strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len); -- (*names)[i][name_len - 1] = 0; -+ strlcpy((*names)[i], policydb.p_bool_val_to_name[i], name_len + 1); - } -+ if ( maxstr && name_len > *maxstr ) -+ *maxstr = name_len; - } - rc = 0; - out: -@@ -2006,7 +2009,7 @@ static int security_preserve_bools(struc - struct cond_bool_datum *booldatum; - struct cond_node *cur; - -- rc = security_get_bools(&nbools, &bnames, &bvalues); -+ rc = security_get_bools(&nbools, &bnames, &bvalues, NULL); - if ( rc ) - goto out; - for ( i = 0; i < nbools; i++ ) - diff --git a/app-emulation/xen/files/xen-4.3-XSA-87.patch b/app-emulation/xen/files/xen-4.3-XSA-87.patch deleted file mode 100644 index 3c31ed5d9f66..000000000000 --- a/app-emulation/xen/files/xen-4.3-XSA-87.patch +++ /dev/null @@ -1,23 +0,0 @@ -x86: PHYSDEVOP_{prepare,release}_msix are privileged - -Yet this wasn't being enforced. - -This is XSA-87. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- 2014-01-14.orig/xen/arch/x86/physdev.c 2013-11-18 11:03:37.000000000 +0100 -+++ 2014-01-14/xen/arch/x86/physdev.c 2014-01-22 12:47:47.000000000 +0100 -@@ -640,7 +640,10 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H - if ( copy_from_guest(&dev, arg, 1) ) - ret = -EFAULT; - else -- ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, -+ ret = xsm_resource_setup_pci(XSM_PRIV, -+ (dev.seg << 16) | (dev.bus << 8) | -+ dev.devfn) ?: -+ pci_prepare_msix(dev.seg, dev.bus, dev.devfn, - cmd != PHYSDEVOP_prepare_msix); - break; - } diff --git a/app-emulation/xen/files/xen-CVE-2013-4375-XSA-71.patch b/app-emulation/xen/files/xen-CVE-2013-4375-XSA-71.patch deleted file mode 100644 index 3fb2338ab76b..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4375-XSA-71.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 23260e589e52ec83349f22198eab2331b5a1684e Mon Sep 17 00:00:00 2001 -From: Matthew Daley <mattjd@gmail.com> -Date: Wed, 25 Sep 2013 12:28:47 +1200 -Subject: [PATCH] xen_disk: mark ioreq as mapped before unmapping in error - case - -Commit c6961b7d ("xen_disk: use bdrv_aio_flush instead of bdrv_flush") -modified the semantics of ioreq_{un,}map so that they are idempotent if -called when they're not needed (ie., twice in a row). However, it neglected -to handle the case where batch mapping is not being used (the default), and -one of the grants fails to map. In this case, ioreq_unmap will be called to -unwind and unmap any mappings already performed, but ioreq_unmap simply -returns due to the aforementioned change (the ioreq has not already been -marked as mapped). - -The frontend user can therefore force xen_disk to leak grant mappings, a -per-backend-domain limited resource. - -Fix by marking the ioreq as mapped before calling ioreq_unmap in this -situation. - -This is XSA-71 / CVE-2013-4375 - -Signed-off-by: Matthew Daley <mattjd@gmail.com> ---- - hw/xen_disk.c | 1 + - 1 file changed, 1 insertion(+) - -diff -ur xen-4.3.0.orig/tools/qemu-xen-traditional/hw/xen_disk.c xen-4.3.0/tools/qemu-xen-traditional/hw/xen_disk.c ---- tools/qemu-xen-traditional/hw/xen_disk.c 2013-06-18 00:39:51.000000000 +0800 -+++ tools/qemu-xen-traditional/hw/xen_disk.c 2013-11-06 11:05:44.977888267 +0800 -@@ -298,6 +298,7 @@ - xen_be_printf(&ioreq->blkdev->xendev, 0, - "can't map grant ref %d (%s, %d maps)\n", - ioreq->refs[i], strerror(errno), ioreq->blkdev->cnt_map); -+ ioreq->mapped = 1; - ioreq_unmap(ioreq); - return -1; - } diff --git a/app-emulation/xen/files/xen-CVE-2013-4494-XSA-73.patch b/app-emulation/xen/files/xen-CVE-2013-4494-XSA-73.patch deleted file mode 100644 index e644afe3b0da..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4494-XSA-73.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 068bfa76bbd52430e65853375e1d5db99d193e2f Mon Sep 17 00:00:00 2001 -From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Thu, 31 Oct 2013 20:49:00 +0000 -Subject: [PATCH] gnttab: correct locking order reversal - -Coverity ID 1087189 - -Correct a lock order reversal between a domains page allocation and grant -table locks. - -This is CVE-2013-4494 / XSA-73. - -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> - -Consolidate error handling. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Keir Fraser <keir@xen.org> -Tested-by: Matthew Daley <mattjd@gmail.com> ---- - xen/common/grant_table.c | 52 +++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 44 insertions(+), 8 deletions(-) - -diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c -index f42bc7a..48df928 100644 ---- a/xen/common/grant_table.c -+++ b/xen/common/grant_table.c -@@ -1517,6 +1517,8 @@ gnttab_transfer( - - for ( i = 0; i < count; i++ ) - { -+ bool_t okay; -+ - if (i && hypercall_preempt_check()) - return i; - -@@ -1625,16 +1627,18 @@ gnttab_transfer( - * pages when it is dying. - */ - if ( unlikely(e->is_dying) || -- unlikely(e->tot_pages >= e->max_pages) || -- unlikely(!gnttab_prepare_for_transfer(e, d, gop.ref)) ) -+ unlikely(e->tot_pages >= e->max_pages) ) - { -- if ( !e->is_dying ) -- gdprintk(XENLOG_INFO, "gnttab_transfer: " -- "Transferee has no reservation " -- "headroom (%d,%d) or provided a bad grant ref (%08x) " -- "or is dying (%d)\n", -- e->tot_pages, e->max_pages, gop.ref, e->is_dying); - spin_unlock(&e->page_alloc_lock); -+ -+ if ( e->is_dying ) -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) is dying\n", e->domain_id); -+ else -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) has no headroom (tot %u, max %u)\n", -+ e->domain_id, e->tot_pages, e->max_pages); -+ - rcu_unlock_domain(e); - put_gfn(d, gop.mfn); - page->count_info &= ~(PGC_count_mask|PGC_allocated); -@@ -1646,6 +1650,38 @@ gnttab_transfer( - /* Okay, add the page to 'e'. */ - if ( unlikely(domain_adjust_tot_pages(e, 1) == 1) ) - get_knownalive_domain(e); -+ -+ /* -+ * We must drop the lock to avoid a possible deadlock in -+ * gnttab_prepare_for_transfer. We have reserved a page in e so can -+ * safely drop the lock and re-aquire it later to add page to the -+ * pagelist. -+ */ -+ spin_unlock(&e->page_alloc_lock); -+ okay = gnttab_prepare_for_transfer(e, d, gop.ref); -+ spin_lock(&e->page_alloc_lock); -+ -+ if ( unlikely(!okay) || unlikely(e->is_dying) ) -+ { -+ bool_t drop_dom_ref = (domain_adjust_tot_pages(e, -1) == 0); -+ -+ spin_unlock(&e->page_alloc_lock); -+ -+ if ( okay /* i.e. e->is_dying due to the surrounding if() */ ) -+ gdprintk(XENLOG_INFO, "gnttab_transfer: " -+ "Transferee (d%d) is now dying\n", e->domain_id); -+ -+ if ( drop_dom_ref ) -+ put_domain(e); -+ rcu_unlock_domain(e); -+ -+ put_gfn(d, gop.mfn); -+ page->count_info &= ~(PGC_count_mask|PGC_allocated); -+ free_domheap_page(page); -+ gop.status = GNTST_general_error; -+ goto copyback; -+ } -+ - page_list_add_tail(page, &e->page_list); - page_set_owner(page, e); - --- -1.7.10.4 - diff --git a/app-emulation/xen/files/xen-CVE-2013-4554-XSA-76.patch b/app-emulation/xen/files/xen-CVE-2013-4554-XSA-76.patch deleted file mode 100644 index 54e4325a0de8..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-4554-XSA-76.patch +++ /dev/null @@ -1,19 +0,0 @@ -x86/HVM: only allow ring 0 guest code to make hypercalls - -Anything else would allow for privilege escalation. - -This is CVE-2013-4554 / XSA-76. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3359,7 +3359,7 @@ int hvm_do_hypercall(struct cpu_user_reg - case 4: - case 2: - hvm_get_segment_register(curr, x86_seg_ss, &sreg); -- if ( unlikely(sreg.attr.fields.dpl == 3) ) -+ if ( unlikely(sreg.attr.fields.dpl) ) - { - default: - regs->eax = -EPERM; diff --git a/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch b/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch deleted file mode 100644 index 5a8c1330ac3d..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-6375-XSA-78.patch +++ /dev/null @@ -1,23 +0,0 @@ -http://seclists.org/oss-sec/2013/q4/att-322/xsa78.patch -VT-d: fix TLB flushing in dma_pte_clear_one() - -The third parameter of __intel_iommu_iotlb_flush() is to indicate -whether the to be flushed entry was a present one. A few lines before, -we bailed if !dma_pte_present(*pte), so there's no need to check the -flag here again - we can simply always pass TRUE here. - -This is XSA-78. - -Suggested-by: Cheng Yueqiang <yqcheng.2008@phdis.smu.edu.sg> -Signed-off-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom - iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); - - if ( !this_cpu(iommu_dont_flush_iotlb) ) -- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1); -+ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1); - - unmap_vtd_domain_page(page); diff --git a/app-emulation/xen/files/xen-CVE-2013-6400-XSA-80.patch b/app-emulation/xen/files/xen-CVE-2013-6400-XSA-80.patch deleted file mode 100644 index c9045959a018..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-6400-XSA-80.patch +++ /dev/null @@ -1,72 +0,0 @@ -IOMMU: clear "don't flush" override on error paths - -Both xenmem_add_to_physmap() and iommu_populate_page_table() each have -an error path that fails to clear that flag, thus suppressing further -flushes on the respective pCPU. - -In iommu_populate_page_table() also slightly re-arrange code to avoid -the false impression of the flag in question being guarded by a -domain's page_alloc_lock. - -This is CVE-2013-6400 / XSA-80. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -4648,7 +4648,7 @@ static int xenmem_add_to_physmap(struct - { - rc = xenmem_add_to_physmap_once(d, xatp); - if ( rc < 0 ) -- return rc; -+ break; - - xatp->idx++; - xatp->gpfn++; ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -306,11 +306,11 @@ static int iommu_populate_page_table(str - { - struct hvm_iommu *hd = domain_hvm_iommu(d); - struct page_info *page; -- int rc; -+ int rc = 0; - -+ this_cpu(iommu_dont_flush_iotlb) = 1; - spin_lock(&d->page_alloc_lock); - -- this_cpu(iommu_dont_flush_iotlb) = 1; - page_list_for_each ( page, &d->page_list ) - { - if ( is_hvm_domain(d) || -@@ -320,18 +320,20 @@ static int iommu_populate_page_table(str - rc = hd->platform_ops->map_page( - d, mfn_to_gmfn(d, page_to_mfn(page)), page_to_mfn(page), - IOMMUF_readable|IOMMUF_writable); -- if (rc) -- { -- spin_unlock(&d->page_alloc_lock); -- hd->platform_ops->teardown(d); -- return rc; -- } -+ if ( rc ) -+ break; - } - } -- this_cpu(iommu_dont_flush_iotlb) = 0; -- iommu_iotlb_flush_all(d); -+ - spin_unlock(&d->page_alloc_lock); -- return 0; -+ this_cpu(iommu_dont_flush_iotlb) = 0; -+ -+ if ( !rc ) -+ iommu_iotlb_flush_all(d); -+ else -+ hd->platform_ops->teardown(d); -+ -+ return rc; - } - - diff --git a/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch b/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch deleted file mode 100644 index 22648562283e..000000000000 --- a/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch +++ /dev/null @@ -1,46 +0,0 @@ -http://seclists.org/oss-sec/2013/q4/att-385/xsa82.patch -x86/AMD: work around erratum 793 - -The recommendation is to set a bit in an MSR - do this if the firmware -didn't, considering that otherwise we expose ourselves to a guest -induced DoS. - -This is CVE-2013-6885 / XSA-82. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> - ---- a/xen/arch/x86/cpu/amd.c -+++ b/xen/arch/x86/cpu/amd.c -@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp - "*** Pass \"allow_unsafe\" if you're trusting" - " all your (PV) guest kernels. ***\n"); - -+ if (c->x86 == 0x16 && c->x86_model <= 0xf) { -+ rdmsrl(MSR_AMD64_LS_CFG, value); -+ if (!(value & (1 << 15))) { -+ static bool_t warned; -+ -+ if (c == &boot_cpu_data || opt_cpu_info || -+ !test_and_set_bool(warned)) -+ printk(KERN_WARNING -+ "CPU%u: Applying workaround for erratum 793\n", -+ smp_processor_id()); -+ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15)); -+ } -+ } -+ - /* AMD CPUs do not support SYSENTER outside of legacy mode. */ - clear_bit(X86_FEATURE_SEP, c->x86_capability); - ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -213,6 +213,7 @@ - - /* AMD64 MSRs */ - #define MSR_AMD64_NB_CFG 0xc001001f -+#define MSR_AMD64_LS_CFG 0xc0011020 - #define MSR_AMD64_IC_CFG 0xc0011021 - #define MSR_AMD64_DC_CFG 0xc0011022 - #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 - diff --git a/app-emulation/xen/xen-4.2.3.ebuild b/app-emulation/xen/xen-4.2.3.ebuild deleted file mode 100644 index 04131dea8af4..000000000000 --- a/app-emulation/xen/xen-4.2.3.ebuild +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.3.ebuild,v 1.4 2014/02/21 04:53:41 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="amd64 x86" - UPSTREAM_VER=0 - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - if [[ -n ${UPSTREAM_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-upstream - fi - - # Gentoo's patchset - if [[ -n ${GENTOO_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-gentoo - fi - - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.2.4-r1.ebuild b/app-emulation/xen/xen-4.2.4-r1.ebuild deleted file mode 100644 index 21405b77e54f..000000000000 --- a/app-emulation/xen/xen-4.2.4-r1.ebuild +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.4-r1.ebuild,v 1.1 2014/04/09 21:35:41 dlan Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="~amd64 ~x86" - UPSTREAM_VER=0 - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - if [[ -n ${UPSTREAM_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-upstream - fi - - # Gentoo's patchset - if [[ -n ${GENTOO_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-gentoo - fi - - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.3.1-r5.ebuild b/app-emulation/xen/xen-4.3.1-r5.ebuild deleted file mode 100644 index 44fdd94c1dca..000000000000 --- a/app-emulation/xen/xen-4.3.1-r5.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r5.ebuild,v 1.2 2014/02/16 06:40:24 ago Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - # Set to match entry in stable 4.3.1-r1, Bug 493944 - KEYWORDS="amd64 -x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="flask? ( xsm )" - -# Security patches -XSA_PATCHES=( - "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch - "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch - "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch - "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch - "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch - "${FILESDIR}"/${PN}-4.3-CVE-2013-4553-XSA-74.patch - "${FILESDIR}"/${PN}-CVE-2013-4554-XSA-76.patch - "${FILESDIR}"/${PN}-CVE-2013-6400-XSA-80.patch - "${FILESDIR}"/${PN}-4-XSA-83.patch # bug #499054 - "${FILESDIR}"/${PN}-4.3-CVE-2014-263-XSA-84-85.patch # bug #500528 500536 - "${FILESDIR}"/${PN}-4.3-XSA-87.patch # bug #499124 -) - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}" - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.3.2-r1.ebuild b/app-emulation/xen/xen-4.3.2-r1.ebuild deleted file mode 100644 index 376e03b06acd..000000000000 --- a/app-emulation/xen/xen-4.3.2-r1.ebuild +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.2-r1.ebuild,v 1.1 2014/04/09 21:35:41 dlan Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python2_7 ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - # Set to match entry in stable 4.3.1-r1, Bug 493944 - KEYWORDS="~amd64 -x86" - UPSTREAM_VER=0 - GENTOO_VER= - - [[ -n ${UPSTREAM_VER} ]] && \ - UPSTREAM_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz" - [[ -n ${GENTOO_VER} ]] && \ - GENTOO_PATCHSET_URI="http://dev.gentoo.org/~dlan/distfiles/${P}-gentoo-patches-${GENTOO_VER}.tar.xz" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz - ${UPSTREAM_PATCHSET_URI} - ${GENTOO_PATCHSET_URI}" -fi - -inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask xsm" - -DEPEND="${PYTHON_DEPS} - efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE="flask? ( xsm )" - -pkg_setup() { - python-any-r1_pkg_setup - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Upstream's patchset - if [[ -n ${UPSTREAM_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-upstream - fi - - # Gentoo's patchset - if [[ -n ${GENTOO_VER} ]]; then - EPATCH_SUFFIX="patch" \ - EPATCH_FORCE="yes" \ - epatch "${WORKDIR}"/patches-gentoo - fi - - # Drop .config and fix gcc-4.6 - epatch "${FILESDIR}"/${PN/-pvgrub/}-4.3-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - epatch_user -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - - # The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} |