app-emulation/xen: revbumps to vns. 4.5.2-r3, 4.6.0-r4

security patches added of xsa 164,165,166 re security Bug 567962 Gentoo bug: #567962 Package-Manager: portage-2.2.24
johu · Dec 17, 2015 · 73ce06f · 73ce06f
1 parent 4698dd8
commit 73ce06f
Show file tree

Hide file tree

Showing 3 changed files with 376 additions and 0 deletions.
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
@@ -6,6 +6,8 @@ DIST xen-4.6.0-upstream-patches-0.tar.xz 19280 SHA256 8ef2d139f86cb52d2208a17c97
 DIST xen-4.6.0.tar.gz 19694350 SHA256 6fa1c2431df55aa5950d248e6093b8c8c0f11c357a0adbd348a2186478e80909 SHA512 b4b02f306ffea360f539dd8c231b2f58c00c3638fdb665cb659c7291b475b40f1075bc59d49a6144767729e57b8bc40a1cfd9030d61de2b8fa4ac97d43655c2b WHIRLPOOL d3f01183440ca1875b6e850bd116db0c382383433e50c0902d3268e9e36b39d184fc65e925bdb5363ef4ca7a232fee15b4749c89baf789137b8a8248565c75a8
 DIST xen-security-patches-0.tar.xz 5944 SHA256 c0456793064185f0781668264a09a2412a25e2ff8c4ce0d332204e37b94d7e96 SHA512 de812e66563e608548b220aa00c8fd71973af748a00cea79959f46a5b6893a38248d2ea455026af43f47e3f5e566d08b5a6f3d18f22e940d75d2a2ca76cec3d3 WHIRLPOOL 3e18d32798bdfe584ee8d102963090b569ec3660fd5723d8c608091e5c7d935c1edced5e258d92bf51fe06975455a3ae33dfedd01702c6076aedf97ea61f2d1b
 DIST xen-security-patches-1.tar.gz 7040 SHA256 30733e9ca71bf4291ff212eb191afb22687ccd9b2579767fe0ee013152980c76 SHA512 89c72897f18a86c2060bb76a182e7cca72ad2f33a3aab964ecae66e057aeecafee2e9986204d6feb98f81ccb740460ee2cb37663b1ab79f47adc1dd73e0091bc WHIRLPOOL c27e612b87b4a30abbf59e6be019e2c21a78bfbdf1715da5498d95607d390d616251768d419ac5ce76087bbf7cdfc410dd0088ba48e425082cea971efcb64346
+DIST xen-security-patches-2.tar.gz 7370 SHA256 f24bf4b0cba29b51ee71f6ef82654cddf157c63d62fc1119f17255b2388e03ab SHA512 209dea670467ff1df18428c15b25229c05d676d1a2f646cddb221544ae888241ade48a22be037f97dce249ac322c1f30bb477675e5e2cc04a2fbd839e02f1f57 WHIRLPOOL ae66a2fbc0d0f0a555d407ebd3198fa58ee043515fb9821d7b9eda46d088bc87b3de16fe015fd1142294429dd2c1c7826e414a55980e27123185c1a86fb0a8a6
+DIST xen-security-patches-3.tar.gz 7349 SHA256 a1876b918c0a608618f349deed11b547a65c5909c31d72a89340d4908c572f46 SHA512 f5e8e7ab5d9be6aa036e52627931f1b2648de642664b2922f9cab64f44d19ac8682f5beb7fdbcb842ee19346202093fade3f10e39ba60fcb12a101deb4408818 WHIRLPOOL 14ee65babe4edd901914c8b8ddb5d7b54e6738d77642514fe611bf84541ae0a932bcb48f86179d5e7a6741135b9c7b129e8244cc22922c4e592604a696b6082f
 DIST xen-security-patches-3.tar.xz 17028 SHA256 fb6301beb9a5c2d1e5d4de8783d8670e382b1bef48ec61e73d2d9be6901d289f SHA512 787fee8f7822577c6de91c4cf4d56d0e73ce46bac5524537ff66a718b6d7eae9d362265515743e8577b2c75f2841baed9837f71467b3b7b91a3111220da5f236 WHIRLPOOL 5c136289e654776bf918fe125fbecba7dac0929b236f7ae8158026a6bd6be12bc786a5ec96cb4022c18a5e7ffde82155deb57eb9639600e4c42c9c209f4a2ed6
 DIST xen-security-patches-7.tar.xz 22604 SHA256 e831c71f830316f452eb8645a5e7ca497264587aa8b353945fd9535f485166e3 SHA512 051769f4118f5c6d5d961759f547526d3fb0e86a4c1dee265a7f0224f10a88e2217b5b5fcf8dbfc706a1ec3c8d1632ab688d3f70dfd89d830261dc7391dd41c2 WHIRLPOOL 8e6dfb4e1700a07e3e3207b67afaddc5d6aa6fd84db9b3e76bd9ff54f682740fed01070e5860bb5378d50903d5777b55dff88eb3444d45bdd63dba657889393d
 DIST xen-security-patches.tar.gz 2105 SHA256 19409f15fdbfbfe41b86627dd929a362563610999fc4b73ab2a9165df0ba8182 SHA512 2733e77b6a9ba25e704e0a15a32a20efe7c74873cabc5e6490f41e8d1b96d9efa83c0d16bbda6169d4bab3f5e9e9a8d7f3400f63e6b2d11cf0c63711a858cc34 WHIRLPOOL 21dda4417d938c45bf46c41f2e9aba524f484b6526fcf59a840ca30aa270148990ffc66536431b2a4b8db6f1a761b02f2266b5935e68e85935ec8dd5511dc892
diff --git a/app-emulation/xen/xen-4.5.2-r3.ebuild b/app-emulation/xen/xen-4.5.2-r3.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${PV/_/-}
+
+if [[ $PV == *9999 ]]; then
+	inherit git-r3
+	KEYWORDS=""
+	EGIT_REPO_URI="git://xenbits.xen.org/${PN}.git"
+	SRC_URI=""
+else
+	KEYWORDS="~amd64 ~arm ~arm64 -x86"
+	UPSTREAM_VER=
+	SECURITY_VER=0
+	# var set to reflect https://dev.gentoo.org/~idella4/
+	SEC_VER=2
+	GENTOO_VER=
+
+	[[ -n ${UPSTREAM_VER} ]] && \
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+	[[ -n ${SECURITY_VER} ]] && \
+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SECURITY_VER}.tar.xz
+		https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SEC_VER}.tar.gz"
+	[[ -n ${GENTOO_VER} ]] && \
+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
+		${UPSTREAM_PATCHSET_URI}
+		${SECURITY_PATCHSET_URI}
+		${GENTOO_PATCHSET_URI}"
+
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask xsm"
+
+DEPEND="${PYTHON_DEPS}
+	efi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="flask? ( xsm )
+	arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use x86 && use amd64; then
+			die "Confusion! Both x86 and amd64 are set in your use flags!"
+		elif use x86; then
+			export XEN_TARGET_ARCH="x86_32"
+		elif use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		elif use arm; then
+			export XEN_TARGET_ARCH="arm32"
+		elif use arm64; then
+			export XEN_TARGET_ARCH="arm64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use flask ; then
+		export "XSM_ENABLE=y"
+		export "FLASK_ENABLE=y"
+	elif use xsm ; then
+		export "XSM_ENABLE=y"
+	fi
+}
+
+src_prepare() {
+	# Upstream's patchset
+	if [[ -n ${UPSTREAM_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+		EPATCH_OPTS="-p1" \
+			epatch "${WORKDIR}"/patches-upstream
+	fi
+
+	if [[ -n ${SECURITY_VER} ]]; then
+		einfo "Try to apply Xen Security patcheset"
+		# apply main xen patches
+		# Two parallel systems, both work side by side
+		# Over time they may concdense into one. This will suffice for now
+		EPATCH_SUFFIX="patch"
+		EPATCH_FORCE="yes"
+		for i in ${XEN_SECURITY_MAIN}; do
+			epatch "${WORKDIR}"/patches-security/xen/$i
+		done
+
+		for i in "${WORKDIR}"/xen-sec/xsa*.patch; do
+			epatch $i
+		done
+	fi
+
+	# Gentoo's patchset
+	if [[ -n ${GENTOO_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+			epatch "${WORKDIR}"/patches-gentoo
+	fi
+
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
+
+	if use efi; then
+		epatch "${FILESDIR}"/${PN}-4.5-efi.patch
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="boot"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+		# try and remove all the default custom-cflags
+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+			-i {} \; || die "failed to re-set custom-cflags"
+	fi
+
+	# remove -Werror for gcc-4.6's sake
+	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+		xargs sed -i 's/ *-Werror */ /'
+	# not strictly necessary to fix this
+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+
+	epatch_user
+}
+
+src_configure() {
+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+	use debug && myopt="${myopt} debug=y"
+
+	if use custom-cflags; then
+		filter-flags -fPIE -fstack-protector
+		replace-flags -O3 -O2
+	else
+		unset CFLAGS
+	fi
+}
+
+src_compile() {
+	# Send raw LDFLAGS so that --as-needed works
+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use efi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " https://wiki.gentoo.org/wiki/Xen"
+	elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+}
diff --git a/app-emulation/xen/xen-4.6.0-r4.ebuild b/app-emulation/xen/xen-4.6.0-r4.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${PV/_/-}
+
+if [[ $PV == *9999 ]]; then
+	inherit git-r3
+	KEYWORDS=""
+	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
+	SRC_URI=""
+else
+	KEYWORDS="~amd64 ~arm ~arm64 -x86"
+	UPSTREAM_VER=0
+	SECURITY_VER=0
+	# var set to reflect https://dev.gentoo.org/~idella4/
+	SEC_VER=3
+	GENTOO_VER=
+
+	[[ -n ${UPSTREAM_VER} ]] && \
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+	[[ -n ${SECURITY_VER} ]] && \
+		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SECURITY_VER}.tar.xz
+		https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SEC_VER}.tar.gz"
+	[[ -n ${GENTOO_VER} ]] && \
+		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
+		${UPSTREAM_PATCHSET_URI}
+		${SECURITY_PATCHSET_URI}
+		${GENTOO_PATCHSET_URI}"
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="http://xen.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="custom-cflags debug efi flask"
+
+DEPEND="${PYTHON_DEPS}
+	efi? ( >=sys-devel/binutils-2.22[multitarget] )
+	!efi? ( >=sys-devel/binutils-2.22 )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+RESTRICT="test"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	if [[ -z ${XEN_TARGET_ARCH} ]]; then
+		if use amd64; then
+			export XEN_TARGET_ARCH="x86_64"
+		elif use arm; then
+			export XEN_TARGET_ARCH="arm32"
+		elif use arm64; then
+			export XEN_TARGET_ARCH="arm64"
+		else
+			die "Unsupported architecture!"
+		fi
+	fi
+
+	if use flask ; then
+		export "XSM_ENABLE=y"
+		export "FLASK_ENABLE=y"
+	fi
+}
+
+src_prepare() {
+	# Upstream's patchset
+	if [[ -n ${UPSTREAM_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+		EPATCH_OPTS="-p1" \
+			epatch "${WORKDIR}"/patches-upstream
+	fi
+
+	if [[ -n ${SECURITY_VER} ]]; then
+		einfo "Try to apply Xen Security patcheset"
+		# apply main xen patches
+		# Two parallel systems, both work side by side
+		# Over time they may concdense into one. This will suffice for now
+		EPATCH_SUFFIX="patch"
+		EPATCH_FORCE="yes"
+		for i in ${XEN_SECURITY_MAIN}; do
+			epatch "${WORKDIR}"/patches-security/xen/$i
+		done
+
+		for i in "${WORKDIR}"/xen-sec/xsa*.patch; do
+			epatch $i
+		done
+	fi
+
+	# Gentoo's patchset
+	if [[ -n ${GENTOO_VER} ]]; then
+		EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" \
+			epatch "${WORKDIR}"/patches-gentoo
+	fi
+
+	epatch "${FILESDIR}"/${PN}-4.6-efi.patch
+
+	# Drop .config
+	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
+
+	if use efi; then
+		export EFI_VENDOR="gentoo"
+		export EFI_MOUNTPOINT="boot"
+	fi
+
+	# if the user *really* wants to use their own custom-cflags, let them
+	if use custom-cflags; then
+		einfo "User wants their own CFLAGS - removing defaults"
+		# try and remove all the default custom-cflags
+		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
+			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
+			-i {} \; || die "failed to re-set custom-cflags"
+	fi
+
+	# remove -Werror for gcc-4.6's sake
+	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
+		xargs sed -i 's/ *-Werror */ /'
+	# not strictly necessary to fix this
+	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
+
+	epatch_user
+}
+
+src_configure() {
+	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+	use debug && myopt="${myopt} debug=y"
+
+	if use custom-cflags; then
+		filter-flags -fPIE -fstack-protector
+		replace-flags -O3 -O2
+	else
+		unset CFLAGS
+		unset LDFLAGS
+		unset ASFLAGS
+	fi
+}
+
+src_compile() {
+	# Send raw LDFLAGS so that --as-needed works
+	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+	local myopt
+	use debug && myopt="${myopt} debug=y"
+
+	# The 'make install' doesn't 'mkdir -p' the subdirs
+	if use efi; then
+		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+	fi
+
+	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+
+	# make install likes to throw in some extra EFI bits if it built
+	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
+}
+
+pkg_postinst() {
+	elog "Official Xen Guide and the unoffical wiki page:"
+	elog " https://wiki.gentoo.org/wiki/Xen"
+	elog " http://en.gentoo-wiki.com/wiki/Xen/"
+
+	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
+}