diff options
author | Sam Mulvey | 2021-09-28 16:23:53 -0700 |
---|---|---|
committer | Sam Mulvey | 2021-09-28 16:23:53 -0700 |
commit | aa0a40eef82879651cdb49bef4b64c37fa891be7 (patch) | |
tree | 05d614249db7d5bc0981a32f45d2930f76085785 | |
parent | 7f7262bc06b811929a27fba277bdfe57094ec84e (diff) | |
download | aur-aa0a40eef82879651cdb49bef4b64c37fa891be7.tar.gz |
4.15.1-1
-rw-r--r-- | .SRCINFO | 34 | ||||
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | PKGBUILD | 27 | ||||
-rw-r--r-- | aur-xsa379.patch | 57 | ||||
-rw-r--r-- | gcc-11.patch | 69 | ||||
-rw-r--r-- | no-ld-no-pie.patch | 43 |
6 files changed, 16 insertions, 222 deletions
@@ -1,7 +1,7 @@ pkgbase = xen pkgdesc = Open-source type-1 or baremetal hypervisor - pkgver = 4.15.0 - pkgrel = 4 + pkgver = 4.15.1 + pkgrel = 1 url = https://xenproject.org/ arch = x86_64 license = GPL2 @@ -39,46 +39,24 @@ pkgbase = xen makedepends = pixman makedepends = ocaml makedepends = fig2dev - noextract = aur-xsa379.patch - noextract = xsa380-1.patch - noextract = xsa380-2.patch - noextract = xsa382.patch - noextract = xsa383.patch - noextract = xsa384.patch options = !buildflags - source = https://downloads.xenproject.org/release/xen/4.15.0/xen-4.15.0.tar.gz - source = https://downloads.xenproject.org/release/xen/4.15.0/xen-4.15.0.tar.gz.sig + source = https://downloads.xenproject.org/release/xen/4.15.1/xen-4.15.1.tar.gz + source = https://downloads.xenproject.org/release/xen/4.15.1/xen-4.15.1.tar.gz.sig source = efi-xen.cfg source = xen.conf source = tmpfiles.conf source = xen-ucode-extract.sh source = xen-intel-ucode.hook source = xen-amd-ucode.hook - source = no-ld-no-pie.patch - source = gcc-11.patch - source = aur-xsa379.patch - source = https://xenbits.xen.org/xsa/xsa380/xsa380-1.patch - source = https://xenbits.xen.org/xsa/xsa380/xsa380-2.patch - source = https://xenbits.xen.org/xsa/xsa382.patch - source = https://xenbits.xen.org/xsa/xsa383.patch - source = https://xenbits.xen.org/xsa/xsa384.patch validpgpkeys = 23E3222C145F4475FA8060A783FE14C957E82BD9 - sha512sums = 93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7 - sha512sums = 7ca2894ece626a116e03f0e3e2ddf36c7cf26b1db0eef410bb93acae32897042b087f670a416b13c5df8f1c8bd9d848ad075f1ce8a651b3341ec20b56daf21ae + sha512sums = 8d3cbdf708f46477e32ee7cbd16a490c82efa855cecd84ee712b8680df4d69c987ba9ab00ff3851f627b98a8ebbc5dab71f92f142ed958ee2bc538bc792cd4b9 + sha512sums = SKIP sha512sums = 1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420 sha512sums = ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b sha512sums = 53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef sha512sums = a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6 sha512sums = 7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd sha512sums = 99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9 - sha512sums = 72edbacdb2b3b4449448e1bf7a6b31b58234eed1abe010db6dcf4033158edf095b081bc6eb89cde3156432dd35c449e1954aeefb2c4bc785a5d3f93de7b0fa76 - sha512sums = 68d468b0a811bd8882992a605d16ab1e0e95dd5e4644bdcf1287ffb0db046dddcbdf740df7d7f32665cbb50088e9e4a7c7d69fbfbf42e460ebdc097caccdd7b2 - sha512sums = 03d1250ae52098bc7ba46ec3cfb5d7bd699a3c5c66dbd231dcc6776fb2d71b3c0f801fb3f1e6cdc102cf06b2b73b86734f61b0fc8ab2d88a54c2371eba31828a - sha512sums = 9c65e5860aa4cea90224ebf9340d314ba1cf4f687fb5ccc8489dbc3465a03a467411639c00e31b6090f09813e0102a94a833a47da4427b673369b9e4b977b4bd - sha512sums = 61a87c2baff2b84af14d53556c918a1ff4ca1a6189b05cd2fcf8a1366c5af5dc1dbf7168d8f79c821c0e6ee629d72145514087844f0469a5f96668171157b393 - sha512sums = 6c5e3388fcfb0dcae30d5f315bf95d263c82519d2cbf2a8a88d280b5b0b1c1ed4cce7a1a85fabbf57c785ad9dc23e8e5e4773c631c00e036aada604ff8e7fa03 - sha512sums = d5106df26e6c4512d88ea6748c403117a2b61cb40f6d6c08a76f160352b79f94dd67cbb3419a33f2c6cfc7bbd644baed0498e366a6bf00d8031df728a47f36ea - sha512sums = fe14ee4e28001e28ab0c3c0eca56d00d4d6e95879eec1f81f780d783d3845a4dd1dcd38449b2b7085e9aad88f0b95c59eebb52d8b5cf868012ff410fe32b9870 pkgname = xen pkgdesc = Open-source type-1 or baremetal hypervisor diff --git a/ChangeLog b/ChangeLog index a3c8c1a247b2..25caa9e46d2d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ +2021-09-28 Sam Mulvey + * 4.15.1-1 + * no patches at all, compiles cleanly + 2021-09-09 Sam Mulvey - * 4.15.0-4 - * adds a PVH security patch + * 4.15.0-4 + * adds a PVH security patch 2021-08-28 Sam Mulvey * 4.15.0-3 @@ -21,8 +21,8 @@ _zlib=1.2.3 pkgbase=xen pkgname=("xen" "xen-docs") -pkgver=4.15.0 -pkgrel=4 +pkgver=4.15.1 +pkgrel=1 pkgdesc='Open-source type-1 or baremetal hypervisor' arch=('x86_64') url='https://xenproject.org/' @@ -46,8 +46,6 @@ _source=( "xen-ucode-extract.sh" "xen-intel-ucode.hook" "xen-amd-ucode.hook" - "no-ld-no-pie.patch" - "gcc-11.patch" ) validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree code signing (signatures on the xen hypervisor and tools) <pgp@xen.org> @@ -56,12 +54,6 @@ validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree cod # Follow the Xen securite mailing lists, and if a patch is applicable to our package # add the URL here. _patches=( - "aur-xsa379.patch" - "https://xenbits.xen.org/xsa/xsa380/xsa380-1.patch" - "https://xenbits.xen.org/xsa/xsa380/xsa380-2.patch" - "https://xenbits.xen.org/xsa/xsa382.patch" - "https://xenbits.xen.org/xsa/xsa383.patch" - "https://xenbits.xen.org/xsa/xsa384.patch" ) @@ -80,26 +72,18 @@ _stubdom_source=( # from cheap hack known as break_out_sums.sh _sha512sums=( - "93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7" # xen-4.15.0.tar.gz - "7ca2894ece626a116e03f0e3e2ddf36c7cf26b1db0eef410bb93acae32897042b087f670a416b13c5df8f1c8bd9d848ad075f1ce8a651b3341ec20b56daf21ae" # xen-4.15.0.tar.gz.sig + "8d3cbdf708f46477e32ee7cbd16a490c82efa855cecd84ee712b8680df4d69c987ba9ab00ff3851f627b98a8ebbc5dab71f92f142ed958ee2bc538bc792cd4b9" # xen-4.15.1.tar.gz + "SKIP" # xen-4.15.1.tar.gz.sig "1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420" # efi-xen.cfg "ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b" # xen.conf "53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef" # tmpfiles.conf "a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6" # xen-ucode-extract.sh "7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd" # xen-intel-ucode.hook "99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9" # xen-amd-ucode.hook - "72edbacdb2b3b4449448e1bf7a6b31b58234eed1abe010db6dcf4033158edf095b081bc6eb89cde3156432dd35c449e1954aeefb2c4bc785a5d3f93de7b0fa76" # no-ld-no-pie.patch - "68d468b0a811bd8882992a605d16ab1e0e95dd5e4644bdcf1287ffb0db046dddcbdf740df7d7f32665cbb50088e9e4a7c7d69fbfbf42e460ebdc097caccdd7b2" # gcc-11.patch ) _patch_sums=( - "03d1250ae52098bc7ba46ec3cfb5d7bd699a3c5c66dbd231dcc6776fb2d71b3c0f801fb3f1e6cdc102cf06b2b73b86734f61b0fc8ab2d88a54c2371eba31828a" # aur-xsa379.patch - "9c65e5860aa4cea90224ebf9340d314ba1cf4f687fb5ccc8489dbc3465a03a467411639c00e31b6090f09813e0102a94a833a47da4427b673369b9e4b977b4bd" # xsa380-1.patch - "61a87c2baff2b84af14d53556c918a1ff4ca1a6189b05cd2fcf8a1366c5af5dc1dbf7168d8f79c821c0e6ee629d72145514087844f0469a5f96668171157b393" # xsa380-2.patch - "6c5e3388fcfb0dcae30d5f315bf95d263c82519d2cbf2a8a88d280b5b0b1c1ed4cce7a1a85fabbf57c785ad9dc23e8e5e4773c631c00e036aada604ff8e7fa03" # xsa382.patch - "d5106df26e6c4512d88ea6748c403117a2b61cb40f6d6c08a76f160352b79f94dd67cbb3419a33f2c6cfc7bbd644baed0498e366a6bf00d8031df728a47f36ea" # xsa383.patch - "fe14ee4e28001e28ab0c3c0eca56d00d4d6e95879eec1f81f780d783d3845a4dd1dcd38449b2b7085e9aad88f0b95c59eebb52d8b5cf868012ff410fe32b9870" # xsa384.patch ) @@ -161,9 +145,6 @@ prepare() { cd "${pkgbase}-${pkgver}" - patch -p1 < ../no-ld-no-pie.patch - patch -p1 < ../gcc-11.patch - if [ "${_build_stubdom}" == "true" ]; then for file in "${_stubdom_source[@]}"; do diff --git a/aur-xsa379.patch b/aur-xsa379.patch deleted file mode 100644 index 8adb3dab1b44..000000000000 --- a/aur-xsa379.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -Naur orig.xen-4.15.0/xen/arch/x86/mm/p2m.c xen-4.15.0/xen/arch/x86/mm/p2m.c ---- orig.xen-4.15.0/xen/arch/x86/mm/p2m.c 2021-08-27 22:00:52.614860472 -0700 -+++ xen-4.15.0/xen/arch/x86/mm/p2m.c 2021-08-27 23:07:32.232928213 -0700 -@@ -2730,8 +2730,19 @@ - goto put_both; - } - -- /* Remove previously mapped page if it was present. */ -+ /* -+ * Note that we're (ab)using GFN locking (to really be locking of the -+ * entire P2M) here in (at least) two ways: Finer grained locking would -+ * expose lock order violations in the XENMAPSPACE_gmfn case (due to the -+ * earlier get_gfn_unshare() above). Plus at the very least for the grant -+ * table v2 status page case we need to guarantee that the same page can -+ * only appear at a single GFN. While this is a property we want in -+ * general, for pages which can subsequently be freed this imperative: -+ * Upon freeing we wouldn't be able to find other mappings in the P2M -+ * (unless we did a brute force search). -+ */ - prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt); -+ /* Remove previously mapped page if it was present. */ - if ( mfn_valid(prev_mfn) ) - { - if ( is_special_page(mfn_to_page(prev_mfn)) ) -@@ -2741,26 +2752,23 @@ - /* Normal domain memory is freed, to avoid leaking memory. */ - rc = guest_remove_page(d, gfn_x(gpfn)); - } -- /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */ -- put_gfn(d, gfn_x(gpfn)); -- -- if ( rc ) -- goto put_both; - - /* Unmap from old location, if any. */ - old_gpfn = get_gpfn_from_mfn(mfn_x(mfn)); - ASSERT(!SHARED_M2P(old_gpfn)); - if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn ) -- { - rc = -EXDEV; -- goto put_both; -- } -- if ( old_gpfn != INVALID_M2P_ENTRY ) -+ else if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) - rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); - - /* Map at new location. */ - if ( !rc ) -+ { - rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K); -+ } -+ -+ put_gfn(d, gfn_x(gpfn)); -+ - - put_both: - /* diff --git a/gcc-11.patch b/gcc-11.patch deleted file mode 100644 index 7aa60600c192..000000000000 --- a/gcc-11.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c -index c1f35e2db7..71ba3beb57 100644 ---- a/tools/libs/foreignmemory/linux.c -+++ b/tools/libs/foreignmemory/linux.c -@@ -161,7 +161,7 @@ out: - void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem, - uint32_t dom, void *addr, - int prot, int flags, size_t num, -- const xen_pfn_t arr[/*num*/], int err[/*num*/]) -+ const xen_pfn_t arr[num], int err[num]) - { - int fd = fmem->fd; - privcmd_mmapbatch_v2_t ioctlx; -diff --git a/tools/libs/foreignmemory/minios.c b/tools/libs/foreignmemory/minios.c -index 43341ca301..c3ddbc8872 100644 ---- a/tools/libs/foreignmemory/minios.c -+++ b/tools/libs/foreignmemory/minios.c -@@ -42,7 +42,7 @@ int osdep_xenforeignmemory_close(xenforeignmemory_handle *fmem) - void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem, - uint32_t dom, void *addr, - int prot, int flags, size_t num, -- const xen_pfn_t arr[/*num*/], int err[/*num*/]) -+ const xen_pfn_t arr[num], int err[num]) - { - unsigned long pt_prot = 0; - if (prot & PROT_READ) -diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c -index aadcce591f..774c123883 100644 ---- a/xen/arch/x86/tboot.c -+++ b/xen/arch/x86/tboot.c -@@ -92,7 +92,7 @@ static void __init tboot_copy_memory(unsigned char *va, uint32_t size, - - void __init tboot_probe(void) - { -- tboot_shared_t *tboot_shared; -+ tboot_shared_t * volatile tboot_shared; - - /* Look for valid page-aligned address for shared page. */ - if ( !opt_tboot_pa || (opt_tboot_pa & ~PAGE_MASK) ) -diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c -index c25d88d0d8..ba104602be 100644 ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -726,9 +726,9 @@ union vex { - #define copy_VEX(ptr, vex) ({ \ - if ( !mode_64bit() ) \ - (vex).reg |= 8; \ -- (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ -- (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ -- (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ -+ ((volatile uint8_t *)ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \ -+ ((volatile uint8_t *)ptr)[1 - PFX_BYTES] = (vex).raw[0]; \ -+ ((volatile uint8_t *)ptr)[2 - PFX_BYTES] = (vex).raw[1]; \ - container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \ - }) - -diff --git a/xen/include/crypto/vmac.h b/xen/include/crypto/vmac.h -index 457f3f5dd6..ce61e7fb35 100644 ---- a/xen/include/crypto/vmac.h -+++ b/xen/include/crypto/vmac.h -@@ -142,7 +142,7 @@ extern "C" { - - #define vmac_update vhash_update - --void vhash_update(unsigned char m[], -+void vhash_update(uint8_t *m, - unsigned int mbytes, - vmac_ctx_t *ctx); - diff --git a/no-ld-no-pie.patch b/no-ld-no-pie.patch deleted file mode 100644 index c858154d6199..000000000000 --- a/no-ld-no-pie.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -Naur orig.xen-4.15.0/tools/qemu-xen/configure xen-4.15.0/tools/qemu-xen/configure ---- orig.xen-4.15.0/tools/qemu-xen/configure 2021-04-14 21:21:12.452569711 -0700 -+++ xen-4.15.0/tools/qemu-xen/configure 2021-04-15 00:28:33.297563599 -0700 -@@ -2184,7 +2184,6 @@ - # Check we support --no-pie first; we will need this for building ROMs. - if compile_prog "-Werror -fno-pie" "-no-pie"; then - CFLAGS_NOPIE="-fno-pie" -- LDFLAGS_NOPIE="-no-pie" - fi - - if test "$static" = "yes"; then -@@ -2200,7 +2199,6 @@ - fi - elif test "$pie" = "no"; then - QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS" -- QEMU_LDFLAGS="$LDFLAGS_NOPIE $QEMU_LDFLAGS" - elif compile_prog "-Werror -fPIE -DPIE" "-pie"; then - QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS" - QEMU_LDFLAGS="-pie $QEMU_LDFLAGS" -@@ -7996,7 +7994,6 @@ - echo "QEMU_CFLAGS += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_host_mak - fi - echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak --echo "LDFLAGS_NOPIE=$LDFLAGS_NOPIE" >> $config_host_mak - echo "LD_REL_FLAGS=$LD_REL_FLAGS" >> $config_host_mak - echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_host_mak - echo "LIBS+=$LIBS" >> $config_host_mak -diff -Naur orig.xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile ---- orig.xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile 2021-04-14 21:22:40.942571012 -0700 -+++ xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile 2021-04-15 00:29:15.334688505 -0700 -@@ -47,10 +47,10 @@ - $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$(TARGET_DIR)$@") - - pvh.img: pvh.o pvh_main.o -- $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@") -+ $(call quiet-command,$(LD) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@") - - %.img: %.o -- $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $<,"BUILD","$(TARGET_DIR)$@") -+ $(call quiet-command,$(LD) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $<,"BUILD","$(TARGET_DIR)$@") - - %.raw: %.img - $(call quiet-command,$(OBJCOPY) -O binary -j .text $< $@,"BUILD","$(TARGET_DIR)$@") |