summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomáš Mózes <hydrapolic@gmail.com>2021-06-09 07:18:46 +0000
committerThomas Deutschmann <whissi@gentoo.org>2021-06-11 14:49:01 +0200
commitcf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5 (patch)
treeb7be969fe615bba61b7491bf2454736910dfacd4 /app-emulation
parentapp-emulation/xen: add upstream security patches (diff)
downloadgentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.tar.gz
gentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.tar.bz2
gentoo-cf5f56e2ffe5aa3e7fe2e9d8c55a57fc1f5864f5.zip
app-emulation/xen: drop vulnerable
Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/xen/Manifest1
-rw-r--r--app-emulation/xen/xen-4.14.2.ebuild169
-rw-r--r--app-emulation/xen/xen-4.15.0.ebuild169
3 files changed, 0 insertions, 339 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 9576a401e2b1..e8907dcf6630 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -1,6 +1,5 @@
DIST xen-4.13.3.tar.gz 39044539 BLAKE2B 5d0e57c76e12e1b86b78bbf561e947d70b9569a24412617a640346d2358b141a2741e7a3be454df52d198ad63e58b1519288de62330417c70e72445703f3fac2 SHA512 622127d824b9c49b57282a887fb404e0bad05ff60bccade82e4e0e9b5ad975ff9aa1fba83392e6d8379e9a15340e8ae9785c0913eb11027816e4600432eea6b6
DIST xen-4.14.2-upstream-patches-0.tar.xz 23304 BLAKE2B 954e0a49e5c3ec122aefe52afe328f440b8a4c8db966e0fa91e0b6d6cb3c0462b75fb99b3e7392811bd2e680cd7945e8a4d68317245fd42fdf0ad6cab33fbc68 SHA512 64d243f0c8acfec87812e4d78e3d8b24a86315824853f4f3b17122b7119425d180650695bc12e1a30f5b30c6ef684be7c08b2bc677ca2f0668d0335d92e2bf78
DIST xen-4.14.2.tar.gz 39973157 BLAKE2B db5d3570f79e0fd97872f5e5dd57a4eb39e005728387bfef3b51fabe1c693cfd8108d09b1026f5a5a7eb79de71be6f4af36d252f7e0b35a65a1567b7949e3e29 SHA512 83c9333b70dbee3e29c6bf08e5ad030676e6c4a32b976f3f5e6a8f8d0dd9e4898bac88dd8e1c9d2ad3509cebb5d212e1745f9392a469d7afeb841d79801ccf39
-DIST xen-4.15.0-upstream-patches-0.tar.xz 15744 BLAKE2B e2abb68524a7c190db8d91beb79731aea5290e82f54fb21218739dab666f6f5ea85c203575ec248b46830f1862408d50d3ceea1104fcd9325babfccf3574c515 SHA512 f1a2800d15a61f08eda4d6bafaead95a9d72cc9e4d90a19278d89c696b7e2d5d6353b28dba7ed0eb0c9aeb8604d3697db6a8f4ac38047e2510279d88181752f9
DIST xen-4.15.0-upstream-patches-1.tar.xz 35180 BLAKE2B eb3b2a44b717a04daa4a2f158040cce78b42cba5a72c437d7b2f8f1237b808f6f13c2140d82e95056818db6c0eb706ebd7dead822a6a4e689e5d5e7c83523fdb SHA512 a7cfe2dbc82b15c48fa781a77b3ca1622fc2feac3874bf17cf56e82be46e9817913f94992e0e1a1cd2be2e719d4abb9a15744c8a1017e30c0d5c01d7db64dbb5
DIST xen-4.15.0.tar.gz 40785399 BLAKE2B 8b0530f5516c39656506f4bb705952da0555a8ab7f47323473b171caeb7692f3107e9d94f13171d40576600064589eed35f4d210af02db4cc4706dd4fc202100 SHA512 93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7
diff --git a/app-emulation/xen/xen-4.14.2.ebuild b/app-emulation/xen/xen-4.14.2.ebuild
deleted file mode 100644
index 93ea93f278af..000000000000
--- a/app-emulation/xen/xen-4.14.2.ebuild
+++ /dev/null
@@ -1,169 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${MY_PV}
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
- SRC_URI=""
-else
- KEYWORDS="~amd64 ~arm -x86"
- UPSTREAM_VER=
- SECURITY_VER=
- GENTOO_VER=
-
- [[ -n ${UPSTREAM_VER} ]] && \
- UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
- https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
- [[ -n ${SECURITY_VER} ]] && \
- SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
- [[ -n ${GENTOO_VER} ]] && \
- GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
- SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz
- ${UPSTREAM_PATCHSET_URI}
- ${SECURITY_PATCHSET_URI}
- ${GENTOO_PATCHSET_URI}"
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="https://www.xenproject.org"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-# no tests are available for the hypervisor
-# prevent the silliness of /usr/lib/debug/usr/lib/debug files
-# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
-RESTRICT="test splitdebug strip"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- elif use arm; then
- export XEN_TARGET_ARCH="arm32"
- elif use arm64; then
- export XEN_TARGET_ARCH="arm64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Upstream's patchset
- [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream
-
- # Security patchset
- if [[ -n ${SECURITY_VER} ]]; then
- einfo "Try to apply Xen Security patch set"
- # apply main xen patches
- # Two parallel systems, both work side by side
- # Over time they may concdense into one. This will suffice for now
- source "${WORKDIR}"/patches-security/${PV}.conf
-
- local i
- for i in ${XEN_SECURITY_MAIN}; do
- eapply "${WORKDIR}"/patches-security/xen/$i
- done
- fi
-
- # Gentoo's patchset
- [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo
-
- # Symlinks do not work on fat32 volumes
- eapply "${FILESDIR}"/${PN}-4.14-efi.patch
-
- # Workaround new gcc-11 options
- sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die
-
- # Drop .config
- sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
-
- if use efi; then
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="/boot"
- fi
-
- default
-}
-
-src_configure() {
- use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
- use debug && myopt="${myopt} debug=y"
-
- # remove flags
- unset CFLAGS
- unset LDFLAGS
- unset ASFLAGS
-
- tc-ld-disable-gold # Bug 700374
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" DESTDIR="${D}" -C xen ${myopt} install
-
- # make install likes to throw in some extra EFI bits if it built
- use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
- elog "Official Xen Guide:"
- elog " https://wiki.gentoo.org/wiki/Xen"
-
- use efi && einfo "The efi executable is installed in /boot/efi/gentoo"
-
- elog "You can optionally block the installation of /boot/xen-syms by an entry"
- elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
- elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
-
- ewarn
- ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause"
- ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems"
- ewarn "to work fine."
- ewarn
- ewarn "Add sched=credit to xen command line options to use the legacy scheduler."
- ewarn
- ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B"
-}
diff --git a/app-emulation/xen/xen-4.15.0.ebuild b/app-emulation/xen/xen-4.15.0.ebuild
deleted file mode 100644
index eaf463b8786b..000000000000
--- a/app-emulation/xen/xen-4.15.0.ebuild
+++ /dev/null
@@ -1,169 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${MY_PV}
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
- SRC_URI=""
-else
- KEYWORDS="~amd64 ~arm -x86"
- UPSTREAM_VER=0
- SECURITY_VER=
- GENTOO_VER=
-
- [[ -n ${UPSTREAM_VER} ]] && \
- UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
- https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
- [[ -n ${SECURITY_VER} ]] && \
- SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
- [[ -n ${GENTOO_VER} ]] && \
- GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
- SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz
- ${UPSTREAM_PATCHSET_URI}
- ${SECURITY_PATCHSET_URI}
- ${GENTOO_PATCHSET_URI}"
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="https://www.xenproject.org"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
- efi? ( >=sys-devel/binutils-2.22[multitarget] )
- !efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-# no tests are available for the hypervisor
-# prevent the silliness of /usr/lib/debug/usr/lib/debug files
-# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
-RESTRICT="test splitdebug strip"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- python-any-r1_pkg_setup
- if [[ -z ${XEN_TARGET_ARCH} ]]; then
- if use amd64; then
- export XEN_TARGET_ARCH="x86_64"
- elif use arm; then
- export XEN_TARGET_ARCH="arm32"
- elif use arm64; then
- export XEN_TARGET_ARCH="arm64"
- else
- die "Unsupported architecture!"
- fi
- fi
-
- if use flask ; then
- export "XSM_ENABLE=y"
- export "FLASK_ENABLE=y"
- fi
-}
-
-src_prepare() {
- # Upstream's patchset
- [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream
-
- # Security patchset
- if [[ -n ${SECURITY_VER} ]]; then
- einfo "Try to apply Xen Security patch set"
- # apply main xen patches
- # Two parallel systems, both work side by side
- # Over time they may concdense into one. This will suffice for now
- source "${WORKDIR}"/patches-security/${PV}.conf
-
- local i
- for i in ${XEN_SECURITY_MAIN}; do
- eapply "${WORKDIR}"/patches-security/xen/$i
- done
- fi
-
- # Gentoo's patchset
- [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo
-
- # Symlinks do not work on fat32 volumes
- eapply "${FILESDIR}"/${PN}-4.15-efi.patch
-
- # Workaround new gcc-11 options
- sed -e '/^CFLAGS/s/-Werror//g' -i xen/Makefile || die
-
- # Drop .config
- sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
-
- if use efi; then
- export EFI_VENDOR="gentoo"
- export EFI_MOUNTPOINT="/boot"
- fi
-
- default
-}
-
-src_configure() {
- use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
- use debug && myopt="${myopt} debug=y"
-
- # remove flags
- unset CFLAGS
- unset LDFLAGS
- unset ASFLAGS
-
- tc-ld-disable-gold # Bug 700374
-}
-
-src_compile() {
- # Send raw LDFLAGS so that --as-needed works
- emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
- local myopt
- use debug && myopt="${myopt} debug=y"
-
- # The 'make install' doesn't 'mkdir -p' the subdirs
- if use efi; then
- mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
- fi
-
- emake LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" DESTDIR="${D}" -C xen ${myopt} install
-
- # make install likes to throw in some extra EFI bits if it built
- use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
- elog "Official Xen Guide:"
- elog " https://wiki.gentoo.org/wiki/Xen"
-
- use efi && einfo "The efi executable is installed in /boot/efi/gentoo"
-
- elog "You can optionally block the installation of /boot/xen-syms by an entry"
- elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
- elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
-
- ewarn
- ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause"
- ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems"
- ewarn "to work fine."
- ewarn
- ewarn "Add sched=credit to xen command line options to use the legacy scheduler."
- ewarn
- ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B"
-}