app-emulation/xen: clean vulnerable vns. wrt #566842 #566844

Package-Manager: portage-2.2.24
author: Ian Delaney <idella4@gentoo.org> 2015-12-09 12:40:52 +0800
committer: Ian Delaney <idella4@gentoo.org> 2015-12-09 13:31:16 +0800
commit: ee95ed95448051233465b7e7005cf423de73a6e8 (patch)
tree: 1afe41db43c4cd00fe3a5537e4f5628ce982b0ae /app-emulation/xen
parent: app-emulation/xen: revbumps -> vns. 4.5.2-r2, 4.6.0-r3 wrt sec. bugs (diff)
download: gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.tar.gz
gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.tar.bz2
gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.zip
5 files changed, 7 insertions, 368 deletions
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index f95769eb261a..42b5e1655ca9 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -8,4 +8,3 @@ DIST xen-security-patches-0.tar.xz 5944 SHA256 c0456793064185f0781668264a09a2412
 DIST xen-security-patches-1.tar.gz 7040 SHA256 30733e9ca71bf4291ff212eb191afb22687ccd9b2579767fe0ee013152980c76 SHA512 89c72897f18a86c2060bb76a182e7cca72ad2f33a3aab964ecae66e057aeecafee2e9986204d6feb98f81ccb740460ee2cb37663b1ab79f47adc1dd73e0091bc WHIRLPOOL c27e612b87b4a30abbf59e6be019e2c21a78bfbdf1715da5498d95607d390d616251768d419ac5ce76087bbf7cdfc410dd0088ba48e425082cea971efcb64346
 DIST xen-security-patches-3.tar.xz 17028 SHA256 fb6301beb9a5c2d1e5d4de8783d8670e382b1bef48ec61e73d2d9be6901d289f SHA512 787fee8f7822577c6de91c4cf4d56d0e73ce46bac5524537ff66a718b6d7eae9d362265515743e8577b2c75f2841baed9837f71467b3b7b91a3111220da5f236 WHIRLPOOL 5c136289e654776bf918fe125fbecba7dac0929b236f7ae8158026a6bd6be12bc786a5ec96cb4022c18a5e7ffde82155deb57eb9639600e4c42c9c209f4a2ed6
 DIST xen-security-patches-7.tar.xz 22604 SHA256 e831c71f830316f452eb8645a5e7ca497264587aa8b353945fd9535f485166e3 SHA512 051769f4118f5c6d5d961759f547526d3fb0e86a4c1dee265a7f0224f10a88e2217b5b5fcf8dbfc706a1ec3c8d1632ab688d3f70dfd89d830261dc7391dd41c2 WHIRLPOOL 8e6dfb4e1700a07e3e3207b67afaddc5d6aa6fd84db9b3e76bd9ff54f682740fed01070e5860bb5378d50903d5777b55dff88eb3444d45bdd63dba657889393d
-DIST xen-security-patches.tar.gz 2105 SHA256 19409f15fdbfbfe41b86627dd929a362563610999fc4b73ab2a9165df0ba8182 SHA512 2733e77b6a9ba25e704e0a15a32a20efe7c74873cabc5e6490f41e8d1b96d9efa83c0d16bbda6169d4bab3f5e9e9a8d7f3400f63e6b2d11cf0c63711a858cc34 WHIRLPOOL 21dda4417d938c45bf46c41f2e9aba524f484b6526fcf59a840ca30aa270148990ffc66536431b2a4b8db6f1a761b02f2266b5935e68e85935ec8dd5511dc892
diff --git a/app-emulation/xen/xen-4.5.2-r1.ebuild b/app-emulation/xen/xen-4.5.2-r1.ebuild
deleted file mode 100644
index 4c013352c44f..000000000000
--- a/app-emulation/xen/xen-4.5.2-r1.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${PV/_/-}
-
-if [[ $PV == *9999 ]]; then
-	KEYWORDS=""
-	EGIT_REPO_URI="git://xenbits.xen.org/${PN}.git"
-	live_eclass="git-2"
-else
-	KEYWORDS="amd64 ~arm ~arm64 -x86"
-	UPSTREAM_VER=
-	SECURITY_VER=0
-	GENTOO_VER=
-
-	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
-	[[ -n ${SECURITY_VER} ]] && \
-		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
-	[[ -n ${GENTOO_VER} ]] && \
-		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
-		${UPSTREAM_PATCHSET_URI}
-		${SECURITY_PATCHSET_URI}
-		${GENTOO_PATCHSET_URI}
-		https://dev.gentoo.org/~idella4/distfiles/${PN}-security-patches.tar.gz"
-
-fi
-
-inherit mount-boot flag-o-matic python-any-r1 toolchain-funcs eutils ${live_eclass}
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask xsm"
-
-DEPEND="${PYTHON_DEPS}
-	efi? ( >=sys-devel/binutils-2.22[multitarget] )
-	!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="flask? ( xsm )
-	arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
-	python-any-r1_pkg_setup
-	if [[ -z ${XEN_TARGET_ARCH} ]]; then
-		if use x86 && use amd64; then
-			die "Confusion! Both x86 and amd64 are set in your use flags!"
-		elif use x86; then
-			export XEN_TARGET_ARCH="x86_32"
-		elif use amd64; then
-			export XEN_TARGET_ARCH="x86_64"
-		elif use arm; then
-			export XEN_TARGET_ARCH="arm32"
-		elif use arm64; then
-			export XEN_TARGET_ARCH="arm64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	if use flask ; then
-		export "XSM_ENABLE=y"
-		export "FLASK_ENABLE=y"
-	elif use xsm ; then
-		export "XSM_ENABLE=y"
-	fi
-}
-
-src_prepare() {
-	# Upstream's patchset
-	if [[ -n ${UPSTREAM_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-		EPATCH_OPTS="-p1" \
-			epatch "${WORKDIR}"/patches-upstream
-	fi
-
-	if [[ -n ${SECURITY_VER} ]]; then
-		einfo "Try to apply Xen Security patcheset"
-		source "${WORKDIR}"/patches-security/${PV}.conf
-		# apply main xen patches
-		for i in ${XEN_SECURITY_MAIN}; do
-			EPATCH_SUFFIX="patch" \
-			EPATCH_FORCE="yes" \
-				epatch "${WORKDIR}"/patches-security/xen/$i
-		done
-	fi
-	epatch "${WORKDIR}"/xsa156-4.5.patch
-
-	# Gentoo's patchset
-	if [[ -n ${GENTOO_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-			epatch "${WORKDIR}"/patches-gentoo
-	fi
-
-	# Drop .config
-	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
-
-	if use efi; then
-		epatch "${FILESDIR}"/${PN}-4.5-efi.patch
-		export EFI_VENDOR="gentoo"
-		export EFI_MOUNTPOINT="boot"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-		# try and remove all the default custom-cflags
-		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-			-i {} \; || die "failed to re-set custom-cflags"
-	fi
-
-	# remove -Werror for gcc-4.6's sake
-	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
-		xargs sed -i 's/ *-Werror */ /'
-	# not strictly necessary to fix this
-	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
-	epatch_user
-}
-
-src_configure() {
-	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
-	use debug && myopt="${myopt} debug=y"
-
-	if use custom-cflags; then
-		filter-flags -fPIE -fstack-protector
-		replace-flags -O3 -O2
-	else
-		unset CFLAGS
-	fi
-}
-
-src_compile() {
-	# Send raw LDFLAGS so that --as-needed works
-	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	# The 'make install' doesn't 'mkdir -p' the subdirs
-	if use efi; then
-		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
-	fi
-
-	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the unoffical wiki page:"
-	elog " https://wiki.gentoo.org/wiki/Xen"
-	elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
-	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}
diff --git a/app-emulation/xen/xen-4.5.2-r2.ebuild b/app-emulation/xen/xen-4.5.2-r2.ebuild
index 5846cdca7c7c..5f14bc59c421 100644
--- a/app-emulation/xen/xen-4.5.2-r2.ebuild
+++ b/app-emulation/xen/xen-4.5.2-r2.ebuild
@@ -96,7 +96,7 @@ src_prepare() {
 	if [[ -n ${SECURITY_VER} ]]; then
 		einfo "Try to apply Xen Security patcheset"
 		# apply main xen patches
-		# Add patches from tarball in devspace ~idella4 to those form ~dlan9
+		# Add patches from tarball in devspace ~idella4 to those from ~dlan
 		mkdir "${WORKDIR}"/patches-security/xen || die
 		mv "${WORKDIR}"/{xsa156-4.5.patch,xsa15[8-9].patch,xsa160-4.6.patch} \
 			"${WORKDIR}"/patches-security/xen || die
diff --git a/app-emulation/xen/xen-4.6.0-r2.ebuild b/app-emulation/xen/xen-4.6.0-r2.ebuild
deleted file mode 100644
index 29d57effbac6..000000000000
--- a/app-emulation/xen/xen-4.6.0-r2.ebuild
+++ /dev/null
@@ -1,180 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${PV/_/-}
-
-if [[ $PV == *9999 ]]; then
-	inherit git-r3
-	KEYWORDS=""
-	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
-	SRC_URI=""
-else
-	KEYWORDS="~amd64 ~arm ~arm64 -x86"
-	UPSTREAM_VER=0
-	SECURITY_VER=
-	GENTOO_VER=
-
-	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
-	[[ -n ${SECURITY_VER} ]] && \
-		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
-	[[ -n ${GENTOO_VER} ]] && \
-		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
-		${UPSTREAM_PATCHSET_URI}
-		${SECURITY_PATCHSET_URI}
-		${GENTOO_PATCHSET_URI}
-		https://dev.gentoo.org/~idella4/distfiles/${PN}-security-patches.tar.gz"
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
-	efi? ( >=sys-devel/binutils-2.22[multitarget] )
-	!efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
-	python-any-r1_pkg_setup
-	if [[ -z ${XEN_TARGET_ARCH} ]]; then
-		if use amd64; then
-			export XEN_TARGET_ARCH="x86_64"
-		elif use arm; then
-			export XEN_TARGET_ARCH="arm32"
-		elif use arm64; then
-			export XEN_TARGET_ARCH="arm64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	if use flask ; then
-		export "XSM_ENABLE=y"
-		export "FLASK_ENABLE=y"
-	fi
-}
-
-src_prepare() {
-	# Upstream's patchset
-	if [[ -n ${UPSTREAM_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-		EPATCH_OPTS="-p1" \
-			epatch "${WORKDIR}"/patches-upstream
-	fi
-
-	if [[ -n ${SECURITY_VER} ]]; then
-		einfo "Try to apply Xen Security patcheset"
-		source "${WORKDIR}"/patches-security/${PV}.conf
-		# apply main xen patches
-		for i in ${XEN_SECURITY_MAIN}; do
-			EPATCH_SUFFIX="patch" \
-			EPATCH_FORCE="yes" \
-				epatch "${WORKDIR}"/patches-security/xen/$i
-		done
-	fi
-	epatch "${WORKDIR}"/xsa156.patch
-
-	# Gentoo's patchset
-	if [[ -n ${GENTOO_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-			epatch "${WORKDIR}"/patches-gentoo
-	fi
-
-	epatch "${FILESDIR}"/${PN}-4.6-efi.patch
-
-	# Drop .config
-	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
-
-	if use efi; then
-		export EFI_VENDOR="gentoo"
-		export EFI_MOUNTPOINT="boot"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-		# try and remove all the default custom-cflags
-		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-			-i {} \; || die "failed to re-set custom-cflags"
-	fi
-
-	# remove -Werror for gcc-4.6's sake
-	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
-		xargs sed -i 's/ *-Werror */ /'
-	# not strictly necessary to fix this
-	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
-	epatch_user
-}
-
-src_configure() {
-	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
-	use debug && myopt="${myopt} debug=y"
-
-	if use custom-cflags; then
-		filter-flags -fPIE -fstack-protector
-		replace-flags -O3 -O2
-	else
-		unset CFLAGS
-		unset LDFLAGS
-		unset ASFLAGS
-	fi
-}
-
-src_compile() {
-	# Send raw LDFLAGS so that --as-needed works
-	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	# The 'make install' doesn't 'mkdir -p' the subdirs
-	if use efi; then
-		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
-	fi
-
-	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-
-	# make install likes to throw in some extra EFI bits if it built
-	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the unoffical wiki page:"
-	elog " https://wiki.gentoo.org/wiki/Xen"
-	elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
-	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-}
diff --git a/app-emulation/xen/xen-4.6.0-r3.ebuild b/app-emulation/xen/xen-4.6.0-r3.ebuild
index 7e0e1d2d0bbf..a2b533c28a84 100644
--- a/app-emulation/xen/xen-4.6.0-r3.ebuild
+++ b/app-emulation/xen/xen-4.6.0-r3.ebuild
@@ -19,7 +19,7 @@ if [[ $PV == *9999 ]]; then
 else
 	KEYWORDS="~amd64 ~arm ~arm64 -x86"
 	UPSTREAM_VER=0
-	SECURITY_VER=
+	SECURITY_VER=0
 	SEC_VER=1
 	GENTOO_VER=
 
@@ -90,14 +90,15 @@ src_prepare() {
 		einfo "Try to apply Xen Security patcheset"
 		# apply main xen patches
 		# Add patches from tarball in devspace ~idella4 to those from ~dlan
-		mkdir "${WORKDIR}"/patches-security/xen || die
-		mv "${WORKDIR}"/{xsa15[6-9].patch,xsa160-4.6.patch} \
-			"${WORKDIR}"/patches-security/xen || die
+		# Leav this commented for now as a record of an approach; wip
+		#mkdir "${WORKDIR}"/patches-security/xen || die
+		#mv "${WORKDIR}"/{xsa15[6-9].patch,xsa160-4.6.patch} \
+		#	"${WORKDIR}"/patches-security/xen || die
 		XEN_SECURITY_MAIN="xsa156.patch xsa15[8-9].patch xsa160-4.6.patch"
 		for i in ${XEN_SECURITY_MAIN}; do
 			EPATCH_SUFFIX="patch" \
 			EPATCH_FORCE="yes" \
-				epatch "${WORKDIR}"/patches-security/xen/$i
+				epatch "${WORKDIR}"/$i
 		done
 	fi
author	Ian Delaney <idella4@gentoo.org>	2015-12-09 12:40:52 +0800
committer	Ian Delaney <idella4@gentoo.org>	2015-12-09 13:31:16 +0800
commit	ee95ed95448051233465b7e7005cf423de73a6e8 (patch)
tree	1afe41db43c4cd00fe3a5537e4f5628ce982b0ae /app-emulation/xen
parent	app-emulation/xen: revbumps -> vns. 4.5.2-r2, 4.6.0-r3 wrt sec. bugs (diff)
download	gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.tar.gz gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.tar.bz2 gentoo-ee95ed95448051233465b7e7005cf423de73a6e8.zip