From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1247430-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id A7B631382C5
for <garchives@archives.gentoo.org>; Mon, 1 Feb 2021 19:24:07 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id DA8F7E092C;
Mon, 1 Feb 2021 19:24:06 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id AEE60E092C
for <gentoo-commits@lists.gentoo.org>; Mon, 1 Feb 2021 19:24:06 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 43B82341114
for <gentoo-commits@lists.gentoo.org>; Mon, 1 Feb 2021 19:24:05 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id A3FC04BB
for <gentoo-commits@lists.gentoo.org>; Mon, 1 Feb 2021 19:24:03 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1612207440.6c702504991cc4983082e78b83d6ec3eff1c9c1a.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/xen/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-emulation/xen/Manifest app-emulation/xen/xen-4.13.2-r4.ebuild
X-VCS-Directories: app-emulation/xen/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: 6c702504991cc4983082e78b83d6ec3eff1c9c1a
X-VCS-Branch: master
Date: Mon, 1 Feb 2021 19:24:03 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: da55abf8-3a5c-41f2-8e95-108fa5aadbe3
X-Archives-Hash: 8564618022f0e7195b6d9a7308e87f1f
commit: 6c702504991cc4983082e78b83d6ec3eff1c9c1a
Author: Tomáš Mózes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Wed Jan 27 11:10:57 2021 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Feb 1 19:24:00 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c702504
app-emulation/xen: add security patches
Fixes XSA-360
Signed-off-by: Tomáš Mózes <hydrapolic <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/19128
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
app-emulation/xen/Manifest | 1 +
app-emulation/xen/xen-4.13.2-r4.ebuild | 165 +++++++++++++++++++++++++++++++++
2 files changed, 166 insertions(+)
diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index 0706230d176..12ad42c89e0 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -1,5 +1,6 @@
DIST xen-4.13.2-upstream-patches-1.tar.xz 15832 BLAKE2B 4e20a1e2d575ed7e1d21f3b34ed0d8bf6e1405cb39cc5c6ffc099614ea833ac9794bfcfcdea0893fdf81b318f536017ac3a023ad096bc8a8c7390c01f1d513ed SHA512 48dda9dadec1e87fb7b6952636e73057f6e0a5501f9727d05ac636fd47747194501db709c8ffa7154e79b6b612a98b658a03bc083c5065ff851ac57f454b599e
DIST xen-4.13.2-upstream-patches-2.tar.xz 58992 BLAKE2B 535d67ae6a30e23feb975172a9e4abd6d7feb6c8c969aa243fdf672ed6580fe46bf57ea5530eab70457e22af9163f95061fdf97d10faa3be9f4c92033187c950 SHA512 6b6cdf72d13c0e595be65e3107c0f68299e932b74d4a1c4d59bfe3be8b76840c47f6adeaddd0efac71d5158cee8d778a0be863eea8f032cb9acf4191f629d8ae
+DIST xen-4.13.2-upstream-patches-3.tar.xz 63660 BLAKE2B 80abc9529ff49e782b64d4b5032f724e7d95fd255c2a06b7065c693d5765e1db1df44ebd5ce00c5a1e1ff24e1e5d344b0c2e459c68282e58fa20963e208272d2 SHA512 35288a1feac1316c33586dad55685e2c6a30100795e31852f78455003ce3dd6906074bea023655ee545a97fe4a0a8ad9a05ab91fd83186e61e5b57d10aa6b155
DIST xen-4.13.2.tar.gz 39037826 BLAKE2B ad2b7c3003ca29e5e60a85c581f706ef87d99eadf939ed36ebe8f6698582f7a29dbdaf502039b60a0afe7ad4ae6ce89713e69dc8b8a7d5abe65063da7f1baa5b SHA512 cd3092281c97e9421e303aa288aac04dcccd5536ba7c0ff4d51fbf3d07b5ffacfe3456ba06f5cf63577dafbf8cf3a5d9825ceb5e9ef8ca1427900cc3e57b50a3
DIST xen-4.14.0-upstream-patches-6.tar.xz 119116 BLAKE2B e3a0f807182d32754c6ae2000324237117cfa66c4a43c27b583b6aef69a3889949779751b71a87b2538f679fb481e8a723433950c689f28a8c2e96278c1b0ddb SHA512 03b1fdc08e74756001fbb0de4e21297456f63615e6f63b8f360f8270ef85b0d50c3872be41cc26529ed0d91d82ffda2af53882b7c5233113f223a4ec813a0d5b
DIST xen-4.14.0.tar.gz 39950576 BLAKE2B db4c3e79cfdfb10260d0d14d9d28e8c8bd9bf23f42aee743acf8f560bf4cdb96a425c0df887c70f9755f62680be24bfbe0149e52a4cb843ae83090cd9d6afc71 SHA512 ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0
diff --git a/app-emulation/xen/xen-4.13.2-r4.ebuild b/app-emulation/xen/xen-4.13.2-r4.ebuild
new file mode 100644
index 00000000000..448b93a8ce2
--- /dev/null
+++ b/app-emulation/xen/xen-4.13.2-r4.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit flag-o-matic mount-boot multilib python-any-r1 toolchain-funcs
+
+MY_PV=${PV/_/-}
+MY_P=${PN}-${MY_PV}
+
+if [[ $PV == *9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
+ SRC_URI=""
+else
+ KEYWORDS="~amd64 ~arm -x86"
+ UPSTREAM_VER=3
+ SECURITY_VER=
+ GENTOO_VER=
+
+ [[ -n ${UPSTREAM_VER} ]] && \
+ UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
+ https://github.com/hydrapolic/gentoo-dist/raw/master/xen/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+ [[ -n ${SECURITY_VER} ]] && \
+ SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
+ [[ -n ${GENTOO_VER} ]] && \
+ GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
+ SRC_URI="https://downloads.xenproject.org/release/xen/${MY_PV}/${MY_P}.tar.gz
+ ${UPSTREAM_PATCHSET_URI}
+ ${SECURITY_PATCHSET_URI}
+ ${GENTOO_PATCHSET_URI}"
+fi
+
+DESCRIPTION="The Xen virtual machine monitor"
+HOMEPAGE="https://www.xenproject.org"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug efi flask"
+
+DEPEND="${PYTHON_DEPS}
+ efi? ( >=sys-devel/binutils-2.22[multitarget] )
+ !efi? ( >=sys-devel/binutils-2.22 )"
+RDEPEND=""
+PDEPEND="~app-emulation/xen-tools-${PV}"
+
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
+
+# Approved by QA team in bug #144032
+QA_WX_LOAD="boot/xen-syms-${PV}"
+
+REQUIRED_USE="arm? ( debug )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ python-any-r1_pkg_setup
+ if [[ -z ${XEN_TARGET_ARCH} ]]; then
+ if use amd64; then
+ export XEN_TARGET_ARCH="x86_64"
+ elif use arm; then
+ export XEN_TARGET_ARCH="arm32"
+ elif use arm64; then
+ export XEN_TARGET_ARCH="arm64"
+ else
+ die "Unsupported architecture!"
+ fi
+ fi
+
+ if use flask ; then
+ export "XSM_ENABLE=y"
+ export "FLASK_ENABLE=y"
+ fi
+}
+
+src_prepare() {
+ # Upstream's patchset
+ [[ -n ${UPSTREAM_VER} ]] && eapply "${WORKDIR}"/patches-upstream
+
+ # Security patchset
+ if [[ -n ${SECURITY_VER} ]]; then
+ einfo "Try to apply Xen Security patch set"
+ # apply main xen patches
+ # Two parallel systems, both work side by side
+ # Over time they may concdense into one. This will suffice for now
+ source "${WORKDIR}"/patches-security/${PV}.conf
+
+ local i
+ for i in ${XEN_SECURITY_MAIN}; do
+ eapply "${WORKDIR}"/patches-security/xen/$i
+ done
+ fi
+
+ # Gentoo's patchset
+ [[ -n ${GENTOO_VER} ]] && eapply "${WORKDIR}"/patches-gentoo
+
+ eapply "${FILESDIR}"/${PN}-4.11-efi.patch
+
+ # Drop .config
+ sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't drop"
+
+ if use efi; then
+ export EFI_VENDOR="gentoo"
+ export EFI_MOUNTPOINT="/boot"
+ fi
+
+ default
+}
+
+src_configure() {
+ use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
+
+ use debug && myopt="${myopt} debug=y"
+
+ # remove flags
+ unset CFLAGS
+ unset LDFLAGS
+ unset ASFLAGS
+
+ tc-ld-disable-gold # Bug 700374
+}
+
+src_compile() {
+ # Send raw LDFLAGS so that --as-needed works
+ emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
+}
+
+src_install() {
+ local myopt
+ use debug && myopt="${myopt} debug=y"
+
+ # The 'make install' doesn't 'mkdir -p' the subdirs
+ if use efi; then
+ mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
+ fi
+
+ emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
+
+ # make install likes to throw in some extra EFI bits if it built
+ use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
+}
+
+pkg_postinst() {
+ elog "Official Xen Guide:"
+ elog " https://wiki.gentoo.org/wiki/Xen"
+
+ use efi && einfo "The efi executable is installed in /boot/efi/gentoo"
+
+ elog "You can optionally block the installation of /boot/xen-syms by an entry"
+ elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
+ elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
+
+ ewarn
+ ewarn "Xen 4.12+ changed the default scheduler to credit2 which can cause"
+ ewarn "domU lockups on multi-cpu systems. The legacy credit scheduler seems"
+ ewarn "to work fine."
+ ewarn
+ ewarn "Add sched=credit to xen command line options to use the legacy scheduler."
+ ewarn
+ ewarn "https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_Xen_4.12.2B"
+}