app-emulation/xen: rm vulnerable vns. 4.6.0-r{3,4}

Package-Manager: portage-2.2.26

3 files changed, 12 insertions, 194 deletions

diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest
index ad42f7239623..54643b784b98 100644
--- a/app-emulation/xen/Manifest
+++ b/app-emulation/xen/Manifest
@@ -4,5 +4,5 @@ DIST xen-4.6.0.tar.gz 19694350 SHA256 6fa1c2431df55aa5950d248e6093b8c8c0f11c357a
 DIST xen-security-patches-0.tar.xz 5944 SHA256 c0456793064185f0781668264a09a2412a25e2ff8c4ce0d332204e37b94d7e96 SHA512 de812e66563e608548b220aa00c8fd71973af748a00cea79959f46a5b6893a38248d2ea455026af43f47e3f5e566d08b5a6f3d18f22e940d75d2a2ca76cec3d3 WHIRLPOOL 3e18d32798bdfe584ee8d102963090b569ec3660fd5723d8c608091e5c7d935c1edced5e258d92bf51fe06975455a3ae33dfedd01702c6076aedf97ea61f2d1b
 DIST xen-security-patches-1.tar.gz 7040 SHA256 30733e9ca71bf4291ff212eb191afb22687ccd9b2579767fe0ee013152980c76 SHA512 89c72897f18a86c2060bb76a182e7cca72ad2f33a3aab964ecae66e057aeecafee2e9986204d6feb98f81ccb740460ee2cb37663b1ab79f47adc1dd73e0091bc WHIRLPOOL c27e612b87b4a30abbf59e6be019e2c21a78bfbdf1715da5498d95607d390d616251768d419ac5ce76087bbf7cdfc410dd0088ba48e425082cea971efcb64346
 DIST xen-security-patches-2.tar.gz 7370 SHA256 f24bf4b0cba29b51ee71f6ef82654cddf157c63d62fc1119f17255b2388e03ab SHA512 209dea670467ff1df18428c15b25229c05d676d1a2f646cddb221544ae888241ade48a22be037f97dce249ac322c1f30bb477675e5e2cc04a2fbd839e02f1f57 WHIRLPOOL ae66a2fbc0d0f0a555d407ebd3198fa58ee043515fb9821d7b9eda46d088bc87b3de16fe015fd1142294429dd2c1c7826e414a55980e27123185c1a86fb0a8a6
-DIST xen-security-patches-3.tar.gz 7349 SHA256 a1876b918c0a608618f349deed11b547a65c5909c31d72a89340d4908c572f46 SHA512 f5e8e7ab5d9be6aa036e52627931f1b2648de642664b2922f9cab64f44d19ac8682f5beb7fdbcb842ee19346202093fade3f10e39ba60fcb12a101deb4408818 WHIRLPOOL 14ee65babe4edd901914c8b8ddb5d7b54e6738d77642514fe611bf84541ae0a932bcb48f86179d5e7a6741135b9c7b129e8244cc22922c4e592604a696b6082f
 DIST xen-security-patches-4.tar.gz 7731 SHA256 b51c6616a303b4d5123fed1e58240163c8e0cf8e0de32db58c11a40a48124d52 SHA512 cef89bb68bdb4a5f947d6be8ae7a799276fd187e396c5ba85f8aa2b0b5349ba606d3742d5b8d8212df6da38f8af9711416d9a25176e713240a0a7f2194d84fc5 WHIRLPOOL 912dc869fa4eb355a86023133adcb818e87f4979d537a885b3f1c6e35ff141b7d7a33e81105dcddf34aafa4c306df79a210346f5037337173923e1dc8280ac47
+DIST xen-upstream-patches-0.tar.gz 2297 SHA256 bf21272ad029391d30bf31896efcadc75267538f6c7de5d239453f19659d58ee SHA512 3f5d60aaebd181bddab4dd02e0064de2f75672f44a687a7331fa40e81d56763fea84504081a449d11403b21ad0ba2dac075f0b1796809ef8d16e244f6be99e3d WHIRLPOOL 4ebe79c8f2ea1c45e88e59941e477ed5639dbca3fe95c9a67e07afb0f4b6fb8b7fea8e58422d7c8f906299e4f37c14b4db15200997e5a92b647df98fa93e10c7
diff --git a/app-emulation/xen/xen-4.6.0-r3.ebuild b/app-emulation/xen/xen-4.6.0-r3.ebuild
deleted file mode 100644
index 7ff1d1daea5f..000000000000
--- a/app-emulation/xen/xen-4.6.0-r3.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils multilib mount-boot flag-o-matic python-any-r1 toolchain-funcs
-
-MY_PV=${PV/_/-}
-MY_P=${PN}-${PV/_/-}
-
-if [[ $PV == *9999 ]]; then
-	inherit git-r3
-	KEYWORDS=""
-	EGIT_REPO_URI="git://xenbits.xen.org/xen.git"
-	SRC_URI=""
-else
-	KEYWORDS="~amd64 ~arm ~arm64 -x86"
-	UPSTREAM_VER=0
-	SECURITY_VER=0
-	SEC_VER=1
-	GENTOO_VER=
-
-	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
-	[[ -n ${SECURITY_VER} ]] && \
-		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-security-patches-${SECURITY_VER}.tar.xz"
-	[[ -n ${GENTOO_VER} ]] && \
-		GENTOO_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${PN}-gentoo-patches-${GENTOO_VER}.tar.xz"
-	SRC_URI="http://bits.xensource.com/oss-xen/release/${MY_PV}/${MY_P}.tar.gz
-		${UPSTREAM_PATCHSET_URI}
-		${SECURITY_PATCHSET_URI}
-		${GENTOO_PATCHSET_URI}
-		https://dev.gentoo.org/~idella4/distfiles/xen-security-patches-${SEC_VER}.tar.gz"
-fi
-
-DESCRIPTION="The Xen virtual machine monitor"
-HOMEPAGE="http://xen.org/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="custom-cflags debug efi flask"
-
-DEPEND="${PYTHON_DEPS}
-	efi? ( >=sys-devel/binutils-2.22[multitarget] )
-	!efi? ( >=sys-devel/binutils-2.22 )"
-RDEPEND=""
-PDEPEND="~app-emulation/xen-tools-${PV}"
-
-RESTRICT="test"
-
-# Approved by QA team in bug #144032
-QA_WX_LOAD="boot/xen-syms-${PV}"
-
-REQUIRED_USE="arm? ( debug )"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
-	python-any-r1_pkg_setup
-	if [[ -z ${XEN_TARGET_ARCH} ]]; then
-		if use amd64; then
-			export XEN_TARGET_ARCH="x86_64"
-		elif use arm; then
-			export XEN_TARGET_ARCH="arm32"
-		elif use arm64; then
-			export XEN_TARGET_ARCH="arm64"
-		else
-			die "Unsupported architecture!"
-		fi
-	fi
-
-	if use flask ; then
-		export "XSM_ENABLE=y"
-		export "FLASK_ENABLE=y"
-	fi
-}
-
-src_prepare() {
-	# Upstream's patchset
-	if [[ -n ${UPSTREAM_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-		EPATCH_OPTS="-p1" \
-			epatch "${WORKDIR}"/patches-upstream
-	fi
-
-	if [[ -n ${SECURITY_VER} ]]; then
-		einfo "Try to apply Xen Security patcheset"
-		# apply main xen patches
-		# Add patches from tarball in devspace ~idella4 to those from ~dlan
-		# Leave this commented for now as a record of an approach; wip
-		#mkdir "${WORKDIR}"/patches-security/xen || die
-		#mv "${WORKDIR}"/{xsa15[6-9].patch,xsa160-4.6.patch} \
-		#	"${WORKDIR}"/patches-security/xen || die
-		XEN_SECURITY_MAIN="xsa156.patch xsa15[8-9].patch xsa160-4.6.patch"
-		for i in ${XEN_SECURITY_MAIN}; do
-			EPATCH_SUFFIX="patch" \
-			EPATCH_FORCE="yes" \
-				epatch "${WORKDIR}"/$i
-		done
-	fi
-
-	# Gentoo's patchset
-	if [[ -n ${GENTOO_VER} ]]; then
-		EPATCH_SUFFIX="patch" \
-		EPATCH_FORCE="yes" \
-			epatch "${WORKDIR}"/patches-gentoo
-	fi
-
-	epatch "${FILESDIR}"/${PN}-4.6-efi.patch
-
-	# Drop .config
-	sed -e '/-include $(XEN_ROOT)\/.config/d' -i Config.mk || die "Couldn't	drop"
-
-	if use efi; then
-		export EFI_VENDOR="gentoo"
-		export EFI_MOUNTPOINT="boot"
-	fi
-
-	# if the user *really* wants to use their own custom-cflags, let them
-	if use custom-cflags; then
-		einfo "User wants their own CFLAGS - removing defaults"
-		# try and remove all the default custom-cflags
-		find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
-			-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
-			-i {} \; || die "failed to re-set custom-cflags"
-	fi
-
-	# remove -Werror for gcc-4.6's sake
-	find "${S}" -name 'Makefile*' -o -name '*.mk' -o -name 'common.make' | \
-		xargs sed -i 's/ *-Werror */ /'
-	# not strictly necessary to fix this
-	sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
-
-	epatch_user
-}
-
-src_configure() {
-	use arm && myopt="${myopt} CONFIG_EARLY_PRINTK=sun7i"
-
-	use debug && myopt="${myopt} debug=y"
-
-	if use custom-cflags; then
-		filter-flags -fPIE -fstack-protector
-		replace-flags -O3 -O2
-	else
-		unset CFLAGS
-		unset LDFLAGS
-		unset ASFLAGS
-	fi
-}
-
-src_compile() {
-	# Send raw LDFLAGS so that --as-needed works
-	emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
-}
-
-src_install() {
-	local myopt
-	use debug && myopt="${myopt} debug=y"
-
-	# The 'make install' doesn't 'mkdir -p' the subdirs
-	if use efi; then
-		mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
-	fi
-
-	emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
-
-	# make install likes to throw in some extra EFI bits if it built
-	use efi || rm -rf "${D}/usr/$(get_libdir)/efi"
-}
-
-pkg_postinst() {
-	elog "Official Xen Guide and the unoffical wiki page:"
-	elog " https://wiki.gentoo.org/wiki/Xen"
-	elog " http://en.gentoo-wiki.com/wiki/Xen/"
-
-	use efi && einfo "The efi executable is installed in boot/efi/gentoo"
-
-	elog "You can optionally block the installation of /boot/xen-syms by an entry"
-	elog "in folder /etc/portage/env using the portage's feature INSTALL_MASK"
-	elog "e.g. echo ${msg} > /etc/portage/env/xen.conf"
-}
diff --git a/app-emulation/xen/xen-4.6.0-r4.ebuild b/app-emulation/xen/xen-4.6.0-r7.ebuild
index 277e71a12752..81de4e5f60cf 100644
--- a/app-emulation/xen/xen-4.6.0-r4.ebuild
+++ b/app-emulation/xen/xen-4.6.0-r7.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -21,11 +21,14 @@ else
 	UPSTREAM_VER=0
 	SECURITY_VER=0
 	# var set to reflect https://dev.gentoo.org/~idella4/
-	SEC_VER=3
+	# first instance of UPS_VER (usptream ver)
+	UPS_VER=0
+	SEC_VER=4
 	GENTOO_VER=
 
 	[[ -n ${UPSTREAM_VER} ]] && \
-		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz"
+		UPSTREAM_PATCHSET_URI="https://dev.gentoo.org/~dlan/distfiles/${P}-upstream-patches-${UPSTREAM_VER}.tar.xz
+		https://dev.gentoo.org/~idella4/distfiles/${PN}-upstream-patches-${UPS_VER}.tar.gz"
 	[[ -n ${SECURITY_VER} ]] && \
 		SECURITY_PATCHSET_URI="https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SECURITY_VER}.tar.xz
 		https://dev.gentoo.org/~idella4/distfiles/${PN/-tools}-security-patches-${SEC_VER}.tar.gz"
@@ -49,7 +52,10 @@ DEPEND="${PYTHON_DEPS}
 RDEPEND=""
 PDEPEND="~app-emulation/xen-tools-${PV}"
 
-RESTRICT="test"
+# no tests are available for the hypervisor
+# prevent the silliness of /usr/lib/debug/usr/lib/debug files
+# prevent stripping of the debug info from the /usr/lib/debug/xen-syms
+RESTRICT="test splitdebug strip"
 
 # Approved by QA team in bug #144032
 QA_WX_LOAD="boot/xen-syms-${PV}"
@@ -85,6 +91,7 @@ src_prepare() {
 		EPATCH_FORCE="yes" \
 		EPATCH_OPTS="-p1" \
 			epatch "${WORKDIR}"/patches-upstream
+			epatch "${WORKDIR}"/libexec.patch
 	fi
 
 	if [[ -n ${SECURITY_VER} ]]; then