diff options
| author |   Ian Delaney <idella4@gentoo.org> | 2013-06-26 06:35:38 +0000 |
|---|---|---|
| committer | Ian Delaney <idella4@gentoo.org> | 2013-06-26 06:35:38 +0000 |
| commit | 77e7e0cbd111c6c18f197f0a79a25897dff1f3d3 (patch) | |
| tree | a643d6ce3fb3345c095d62b450b242fda7bfc9e7 /app-emulation | |
| parent | Stable on arm, wrt bug #472862 (diff) | |
| download | gentoo-2-77e7e0cbd111c6c18f197f0a79a25897dff1f3d3.tar.gz gentoo-2-77e7e0cbd111c6c18f197f0a79a25897dff1f3d3.tar.bz2 gentoo-2-77e7e0cbd111c6c18f197f0a79a25897dff1f3d3.zip | |
revbump; add security patches XSA-52to54, remove old
(Portage version: 2.1.11.63/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'app-emulation')
| -rw-r--r-- | app-emulation/xen/ChangeLog | 11 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch | 127 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.0-r1.ebuild | 129 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.0-r2.ebuild | 143 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.1-r4.ebuild (renamed from app-emulation/xen/xen-4.2.1-r2.ebuild) | 8 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.2.2-r1.ebuild (renamed from app-emulation/xen/xen-4.2.1-r1.ebuild) | 27 |
6 files changed, 163 insertions, 282 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog index 6c5cf5799e78..bcda3dc2ac70 100644 --- a/app-emulation/xen/ChangeLog +++ b/app-emulation/xen/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-emulation/xen # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.119 2013/05/23 17:47:21 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.120 2013/06/26 06:35:38 idella4 Exp $ + +*xen-4.2.1-r4 (26 Jun 2013) +*xen-4.2.2-r1 (26 Jun 2013) + + 26 Jun 2013; Ian Delaney <idella4@gentoo.org> + +files/xen-4.2-2013-2076-XSA-52to54.patch, +xen-4.2.1-r4.ebuild, + +xen-4.2.2-r1.ebuild, -xen-4.2.0-r1.ebuild, -xen-4.2.0-r2.ebuild, + -xen-4.2.1-r1.ebuild, -xen-4.2.1-r2.ebuild: + revbump; add security patches XSA-52to54, remove old 23 May 2013; Agostino Sarubbo <ago@gentoo.org> xen-4.2.1-r3.ebuild: Stable for x86, wrt bug #464724 diff --git a/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch new file mode 100644 index 000000000000..3dd9cbe14092 --- /dev/null +++ b/app-emulation/xen/files/xen-4.2-2013-2076-XSA-52to54.patch @@ -0,0 +1,127 @@ +x86/xsave: fix information leak on AMD CPUs + +Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore the +last instruction and operand pointers as well as the last opcode if +there's no pending unmasked exception (see CVE-2006-1056 and commit +9747:4d667a139318). + +While the FXSR solution sits in the save path, I prefer to have this in +the restore path because there the handling is simpler (namely in the +context of the pending changes to properly save the selector values for +32-bit guest code). + +Also this is using FFREE instead of EMMS, as it doesn't seem unlikely +that in the future we may see CPUs with x87 and SSE/AVX but no MMX +support. The goal here anyway is just to avoid an FPU stack overflow. +I would have preferred to use FFREEP instead of FFREE (freeing two +stack slots at once), but AMD doesn't document that instruction. + +This is CVE-2013-2076 / XSA-52. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -78,6 +78,21 @@ void xrstor(struct vcpu *v, uint64_t mas + + struct xsave_struct *ptr = v->arch.xsave_area; + ++ /* ++ * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception ++ * is pending. Clear the x87 state here by setting it to fixed ++ * values. The hypervisor data segment can be sometimes 0 and ++ * sometimes new user value. Both should be ok. Use the FPU saved ++ * data block as a safe address because it should be in L1. ++ */ ++ if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) && ++ !(ptr->fpu_sse.fsw & 0x0080) && ++ boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) ++ asm volatile ( "fnclex\n\t" /* clear exceptions */ ++ "ffree %%st(7)\n\t" /* clear stack tag */ ++ "fildl %0" /* load to clear state */ ++ : : "m" (ptr->fpu_sse) ); ++ + asm volatile ( + ".byte " REX_PREFIX "0x0f,0xae,0x2f" + : +#x86/xsave: recover from faults on XRSTOR +# +#Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed +#to it in the memory block (i.e. aspects not under the control of the +#hypervisor, other than e.g. proper alignment of the block). +# +#Also correct the comment explaining why FXRSTOR needs exception +#recovery code to not wrongly state that this can only be a result of +#the control tools passing a bad image. +# +#This is CVE-2013-2077 / XSA-53. +# +#Signed-off-by: Jan Beulich <jbeulich@suse.com> +# +--- a/xen/arch/x86/i387.c ++++ b/xen/arch/x86/i387.c +@@ -53,7 +53,7 @@ static inline void fpu_fxrstor(struct vc + /* + * FXRSTOR can fault if passed a corrupted data block. We handle this + * possibility, which may occur if the block was passed to us by control +- * tools, by silently clearing the block. ++ * tools or through VCPUOP_initialise, by silently clearing the block. + */ + asm volatile ( + #ifdef __i386__ +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -93,10 +93,25 @@ void xrstor(struct vcpu *v, uint64_t mas + "fildl %0" /* load to clear state */ + : : "m" (ptr->fpu_sse) ); + +- asm volatile ( +- ".byte " REX_PREFIX "0x0f,0xae,0x2f" +- : +- : "m" (*ptr), "a" (lmask), "d" (hmask), "D"(ptr) ); ++ /* ++ * XRSTOR can fault if passed a corrupted data block. We handle this ++ * possibility, which may occur if the block was passed to us by control ++ * tools or through VCPUOP_initialise, by silently clearing the block. ++ */ ++ asm volatile ( "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" ++ ".section .fixup,\"ax\"\n" ++ "2: mov %5,%%ecx \n" ++ " xor %1,%1 \n" ++ " rep stosb \n" ++ " lea %2,%0 \n" ++ " mov %3,%1 \n" ++ " jmp 1b \n" ++ ".previous \n" ++ _ASM_EXTABLE(1b, 2b) ++ : "+&D" (ptr), "+&a" (lmask) ++ : "m" (*ptr), "g" (lmask), "d" (hmask), ++ "m" (xsave_cntxt_size) ++ : "ecx" ); + } + + bool_t xsave_enabled(const struct vcpu *v) +#x86/xsave: properly check guest input to XSETBV +# +#Other than the HVM emulation path, the PV case so far failed to check +#that YMM state requires SSE state to be enabled, allowing for a #GP to +#occur upon passing the inputs to XSETBV inside the hypervisor. +# +#This is CVE-2013-2078 / XSA-54. +# +#Signed-off-by: Jan Beulich <jbeulich@suse.com> +# +--- a/xen/arch/x86/traps.c ++++ b/xen/arch/x86/traps.c +@@ -2205,6 +2205,11 @@ static int emulate_privileged_op(struct + if ( !(new_xfeature & XSTATE_FP) || (new_xfeature & ~xfeature_mask) ) + goto fail; + ++ /* YMM state takes SSE state as prerequisite. */ ++ if ( (xfeature_mask & new_xfeature & XSTATE_YMM) && ++ !(new_xfeature & XSTATE_SSE) ) ++ goto fail; ++ + v->arch.xcr0 = new_xfeature; + v->arch.xcr0_accum |= new_xfeature; + set_xcr0(new_xfeature); diff --git a/app-emulation/xen/xen-4.2.0-r1.ebuild b/app-emulation/xen/xen-4.2.0-r1.ebuild deleted file mode 100644 index b6e3ff0a2602..000000000000 --- a/app-emulation/xen/xen-4.2.0-r1.ebuild +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.0-r1.ebuild,v 1.8 2013/02/24 08:23:59 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="amd64 x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug flask pae xsm" - -RDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}[${PYTHON_USEDEP}]" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm ) - " -pkg_setup() { - python-single-r1_pkg_setup - - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config, fix gcc-4.6 - epatch "${FILESDIR}"/${PN}-4-fix_dotconfig-gcc.patch - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-4535-XSA-20.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4537-XSA-22.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4538-XSA-23.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4539-XSA-24.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5510-XSA-26.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5513-XSA-29.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5514-XSA-30.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5515-XSA-31.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5525-XSA-32.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-27_34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" -} diff --git a/app-emulation/xen/xen-4.2.0-r2.ebuild b/app-emulation/xen/xen-4.2.0-r2.ebuild deleted file mode 100644 index e83b9431fb8b..000000000000 --- a/app-emulation/xen/xen-4.2.0-r2.ebuild +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.0-r2.ebuild,v 1.4 2013/03/08 10:33:14 idella4 Exp $ - -EAPI=5 - -PYTHON_COMPAT=( python{2_6,2_7} ) - -if [[ $PV == *9999 ]]; then - KEYWORDS="" - REPO="xen-unstable.hg" - EHG_REPO_URI="http://xenbits.xensource.com/${REPO}" - S="${WORKDIR}/${REPO}" - live_eclass="mercurial" -else - KEYWORDS="~amd64 ~x86" - SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz" -fi - -inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} - -DESCRIPTION="The Xen virtual machine monitor" -HOMEPAGE="http://xen.org/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="custom-cflags debug efi flask pae xsm" - -DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] ) - !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" -REDEPEND="" -PDEPEND="~app-emulation/xen-tools-${PV}[${PYTHON_USEDEP}]" - -RESTRICT="test" - -# Approved by QA team in bug #144032 -QA_WX_LOAD="boot/xen-syms-${PV}" - -REQUIRED_USE=" - flask? ( xsm )" - -pkg_setup() { - python-single-r1_pkg_setup - - if [[ -z ${XEN_TARGET_ARCH} ]]; then - if use x86 && use amd64; then - die "Confusion! Both x86 and amd64 are set in your use flags!" - elif use x86; then - export XEN_TARGET_ARCH="x86_32" - elif use amd64; then - export XEN_TARGET_ARCH="x86_64" - else - die "Unsupported architecture!" - fi - fi - - if use flask ; then - export "XSM_ENABLE=y" - export "FLASK_ENABLE=y" - elif use xsm ; then - export "XSM_ENABLE=y" - fi -} - -src_prepare() { - # Drop .config, fix gcc-4.6 - epatch "${FILESDIR}"/${PN}-4-fix_dotconfig-gcc.patch - - if use efi; then - epatch "${FILESDIR}"/${PN}-4.2-efi.patch - export EFI_VENDOR="gentoo" - export EFI_MOUNTPOINT="boot" - fi - - # if the user *really* wants to use their own custom-cflags, let them - if use custom-cflags; then - einfo "User wants their own CFLAGS - removing defaults" - # try and remove all the default custom-cflags - find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \ - -e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \ - -e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \ - -i {} \; || die "failed to re-set custom-cflags" - fi - - # not strictly necessary to fix this - sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" - - #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-4535-XSA-20.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4537-XSA-22.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4538-XSA-23.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-4539-XSA-24.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5510-XSA-26.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5513-XSA-29.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5514-XSA-30.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5515-XSA-31.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5525-XSA-32.patch \ - "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-27_34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch -} - -src_configure() { - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - if use custom-cflags; then - filter-flags -fPIE -fstack-protector - replace-flags -O3 -O2 - else - unset CFLAGS - fi -} - -src_compile() { - # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} -} - -src_install() { - local myopt - use debug && myopt="${myopt} debug=y" - use pae && myopt="${myopt} pae=y" - - #The 'make install' doesn't 'mkdir -p' the subdirs - if use efi; then - mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die - fi - - emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install -} - -pkg_postinst() { - elog "Official Xen Guide and the unoffical wiki page:" - elog " http://www.gentoo.org/doc/en/xen-guide.xml" - elog " http://en.gentoo-wiki.com/wiki/Xen/" - - use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" - use efi && einfo "The efi executable is installed in boot/efi/gentoo" -} diff --git a/app-emulation/xen/xen-4.2.1-r2.ebuild b/app-emulation/xen/xen-4.2.1-r4.ebuild index b7951e923e0f..db3194ea0ecd 100644 --- a/app-emulation/xen/xen-4.2.1-r2.ebuild +++ b/app-emulation/xen/xen-4.2.1-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r2.ebuild,v 1.4 2013/03/08 10:33:14 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r4.ebuild,v 1.1 2013/06/26 06:35:38 idella4 Exp $ EAPI=5 @@ -90,7 +90,11 @@ src_prepare() { #Security patches epatch "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch + "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-0153-XSA-36.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-1917-XSA-44.patch \ + "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ + "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52.patch } src_configure() { diff --git a/app-emulation/xen/xen-4.2.1-r1.ebuild b/app-emulation/xen/xen-4.2.2-r1.ebuild index e492bc681466..27a3eb9d060d 100644 --- a/app-emulation/xen/xen-4.2.1-r1.ebuild +++ b/app-emulation/xen/xen-4.2.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r1.ebuild,v 1.4 2013/02/24 08:23:59 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2-r1.ebuild,v 1.1 2013/06/26 06:35:38 idella4 Exp $ EAPI=5 @@ -21,11 +21,12 @@ inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass} DESCRIPTION="The Xen virtual machine monitor" HOMEPAGE="http://xen.org/" - LICENSE="GPL-2" SLOT="0" -IUSE="custom-cflags debug flask pae xsm" +IUSE="custom-cflags debug efi flask pae xsm" +DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] ) + !efi? ( >=sys-devel/binutils-2.22[-multitarget] )" RDEPEND="" PDEPEND="~app-emulation/xen-tools-${PV}" @@ -64,6 +65,12 @@ src_prepare() { # Drop .config and fix gcc-4.6 epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch + if use efi; then + epatch "${FILESDIR}"/${PN}-4.2-efi.patch + export EFI_VENDOR="gentoo" + export EFI_MOUNTPOINT="boot" + fi + # if the user *really* wants to use their own custom-cflags, let them if use custom-cflags; then einfo "User wants their own CFLAGS - removing defaults" @@ -81,9 +88,9 @@ src_prepare() { sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py" #Security patches - epatch "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-34_35.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch + epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch \ + "${FILESDIR}"/${PN}-4.2-2013-2076-XSA-52to54.patch + epatch_user } src_configure() { @@ -100,7 +107,7 @@ src_configure() { src_compile() { # Send raw LDFLAGS so that --as-needed works - emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} + emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} } src_install() { @@ -108,6 +115,11 @@ src_install() { use debug && myopt="${myopt} debug=y" use pae && myopt="${myopt} pae=y" + # The 'make install' doesn't 'mkdir -p' the subdirs + if use efi; then + mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die + fi + emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install } @@ -117,4 +129,5 @@ pkg_postinst() { elog " http://en.gentoo-wiki.com/wiki/Xen/" use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!" + use efi && einfo "The efi executable is installed in boot/efi/gentoo" } |