summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorSam Mulvey2021-09-28 16:23:53 -0700
committerSam Mulvey2021-09-28 16:23:53 -0700
commitaa0a40eef82879651cdb49bef4b64c37fa891be7 (patch)
tree05d614249db7d5bc0981a32f45d2930f76085785
parent7f7262bc06b811929a27fba277bdfe57094ec84e (diff)
downloadaur-aa0a40eef82879651cdb49bef4b64c37fa891be7.tar.gz
4.15.1-1
Diffstat
-rw-r--r--.SRCINFO34
-rw-r--r--ChangeLog8
-rw-r--r--PKGBUILD27
-rw-r--r--aur-xsa379.patch57
-rw-r--r--gcc-11.patch69
-rw-r--r--no-ld-no-pie.patch43
6 files changed, 16 insertions, 222 deletions
diff --git a/.SRCINFO b/.SRCINFO
index d4d0cede07b2..25a20a109ef1 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = xen
pkgdesc = Open-source type-1 or baremetal hypervisor
- pkgver = 4.15.0
- pkgrel = 4
+ pkgver = 4.15.1
+ pkgrel = 1
url = https://xenproject.org/
arch = x86_64
license = GPL2
@@ -39,46 +39,24 @@ pkgbase = xen
makedepends = pixman
makedepends = ocaml
makedepends = fig2dev
- noextract = aur-xsa379.patch
- noextract = xsa380-1.patch
- noextract = xsa380-2.patch
- noextract = xsa382.patch
- noextract = xsa383.patch
- noextract = xsa384.patch
options = !buildflags
- source = https://downloads.xenproject.org/release/xen/4.15.0/xen-4.15.0.tar.gz
- source = https://downloads.xenproject.org/release/xen/4.15.0/xen-4.15.0.tar.gz.sig
+ source = https://downloads.xenproject.org/release/xen/4.15.1/xen-4.15.1.tar.gz
+ source = https://downloads.xenproject.org/release/xen/4.15.1/xen-4.15.1.tar.gz.sig
source = efi-xen.cfg
source = xen.conf
source = tmpfiles.conf
source = xen-ucode-extract.sh
source = xen-intel-ucode.hook
source = xen-amd-ucode.hook
- source = no-ld-no-pie.patch
- source = gcc-11.patch
- source = aur-xsa379.patch
- source = https://xenbits.xen.org/xsa/xsa380/xsa380-1.patch
- source = https://xenbits.xen.org/xsa/xsa380/xsa380-2.patch
- source = https://xenbits.xen.org/xsa/xsa382.patch
- source = https://xenbits.xen.org/xsa/xsa383.patch
- source = https://xenbits.xen.org/xsa/xsa384.patch
validpgpkeys = 23E3222C145F4475FA8060A783FE14C957E82BD9
- sha512sums = 93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7
- sha512sums = 7ca2894ece626a116e03f0e3e2ddf36c7cf26b1db0eef410bb93acae32897042b087f670a416b13c5df8f1c8bd9d848ad075f1ce8a651b3341ec20b56daf21ae
+ sha512sums = 8d3cbdf708f46477e32ee7cbd16a490c82efa855cecd84ee712b8680df4d69c987ba9ab00ff3851f627b98a8ebbc5dab71f92f142ed958ee2bc538bc792cd4b9
+ sha512sums = SKIP
sha512sums = 1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420
sha512sums = ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b
sha512sums = 53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef
sha512sums = a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6
sha512sums = 7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd
sha512sums = 99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9
- sha512sums = 72edbacdb2b3b4449448e1bf7a6b31b58234eed1abe010db6dcf4033158edf095b081bc6eb89cde3156432dd35c449e1954aeefb2c4bc785a5d3f93de7b0fa76
- sha512sums = 68d468b0a811bd8882992a605d16ab1e0e95dd5e4644bdcf1287ffb0db046dddcbdf740df7d7f32665cbb50088e9e4a7c7d69fbfbf42e460ebdc097caccdd7b2
- sha512sums = 03d1250ae52098bc7ba46ec3cfb5d7bd699a3c5c66dbd231dcc6776fb2d71b3c0f801fb3f1e6cdc102cf06b2b73b86734f61b0fc8ab2d88a54c2371eba31828a
- sha512sums = 9c65e5860aa4cea90224ebf9340d314ba1cf4f687fb5ccc8489dbc3465a03a467411639c00e31b6090f09813e0102a94a833a47da4427b673369b9e4b977b4bd
- sha512sums = 61a87c2baff2b84af14d53556c918a1ff4ca1a6189b05cd2fcf8a1366c5af5dc1dbf7168d8f79c821c0e6ee629d72145514087844f0469a5f96668171157b393
- sha512sums = 6c5e3388fcfb0dcae30d5f315bf95d263c82519d2cbf2a8a88d280b5b0b1c1ed4cce7a1a85fabbf57c785ad9dc23e8e5e4773c631c00e036aada604ff8e7fa03
- sha512sums = d5106df26e6c4512d88ea6748c403117a2b61cb40f6d6c08a76f160352b79f94dd67cbb3419a33f2c6cfc7bbd644baed0498e366a6bf00d8031df728a47f36ea
- sha512sums = fe14ee4e28001e28ab0c3c0eca56d00d4d6e95879eec1f81f780d783d3845a4dd1dcd38449b2b7085e9aad88f0b95c59eebb52d8b5cf868012ff410fe32b9870
pkgname = xen
pkgdesc = Open-source type-1 or baremetal hypervisor
diff --git a/ChangeLog b/ChangeLog
index a3c8c1a247b2..25caa9e46d2d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
+2021-09-28 Sam Mulvey
+ * 4.15.1-1
+ * no patches at all, compiles cleanly
+
2021-09-09 Sam Mulvey
- * 4.15.0-4
- * adds a PVH security patch
+ * 4.15.0-4
+ * adds a PVH security patch
2021-08-28 Sam Mulvey
* 4.15.0-3
diff --git a/PKGBUILD b/PKGBUILD
index 025dbc9c2b2a..e2a6d9f61fd9 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -21,8 +21,8 @@ _zlib=1.2.3
pkgbase=xen
pkgname=("xen" "xen-docs")
-pkgver=4.15.0
-pkgrel=4
+pkgver=4.15.1
+pkgrel=1
pkgdesc='Open-source type-1 or baremetal hypervisor'
arch=('x86_64')
url='https://xenproject.org/'
@@ -46,8 +46,6 @@ _source=(
"xen-ucode-extract.sh"
"xen-intel-ucode.hook"
"xen-amd-ucode.hook"
- "no-ld-no-pie.patch"
- "gcc-11.patch"
)
validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree code signing (signatures on the xen hypervisor and tools) <pgp@xen.org>
@@ -56,12 +54,6 @@ validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree cod
# Follow the Xen securite mailing lists, and if a patch is applicable to our package
# add the URL here.
_patches=(
- "aur-xsa379.patch"
- "https://xenbits.xen.org/xsa/xsa380/xsa380-1.patch"
- "https://xenbits.xen.org/xsa/xsa380/xsa380-2.patch"
- "https://xenbits.xen.org/xsa/xsa382.patch"
- "https://xenbits.xen.org/xsa/xsa383.patch"
- "https://xenbits.xen.org/xsa/xsa384.patch"
)
@@ -80,26 +72,18 @@ _stubdom_source=(
# from cheap hack known as break_out_sums.sh
_sha512sums=(
- "93683b8a97387ca5f003c635a11d163e61c87dbdc9a03081f9155fe87b49f1dfa74ce243fcd5e04dc009353a36e2375b786f1ebde828b5951a094cd64197b4c7" # xen-4.15.0.tar.gz
- "7ca2894ece626a116e03f0e3e2ddf36c7cf26b1db0eef410bb93acae32897042b087f670a416b13c5df8f1c8bd9d848ad075f1ce8a651b3341ec20b56daf21ae" # xen-4.15.0.tar.gz.sig
+ "8d3cbdf708f46477e32ee7cbd16a490c82efa855cecd84ee712b8680df4d69c987ba9ab00ff3851f627b98a8ebbc5dab71f92f142ed958ee2bc538bc792cd4b9" # xen-4.15.1.tar.gz
+ "SKIP" # xen-4.15.1.tar.gz.sig
"1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420" # efi-xen.cfg
"ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b" # xen.conf
"53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef" # tmpfiles.conf
"a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6" # xen-ucode-extract.sh
"7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd" # xen-intel-ucode.hook
"99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9" # xen-amd-ucode.hook
- "72edbacdb2b3b4449448e1bf7a6b31b58234eed1abe010db6dcf4033158edf095b081bc6eb89cde3156432dd35c449e1954aeefb2c4bc785a5d3f93de7b0fa76" # no-ld-no-pie.patch
- "68d468b0a811bd8882992a605d16ab1e0e95dd5e4644bdcf1287ffb0db046dddcbdf740df7d7f32665cbb50088e9e4a7c7d69fbfbf42e460ebdc097caccdd7b2" # gcc-11.patch
)
_patch_sums=(
- "03d1250ae52098bc7ba46ec3cfb5d7bd699a3c5c66dbd231dcc6776fb2d71b3c0f801fb3f1e6cdc102cf06b2b73b86734f61b0fc8ab2d88a54c2371eba31828a" # aur-xsa379.patch
- "9c65e5860aa4cea90224ebf9340d314ba1cf4f687fb5ccc8489dbc3465a03a467411639c00e31b6090f09813e0102a94a833a47da4427b673369b9e4b977b4bd" # xsa380-1.patch
- "61a87c2baff2b84af14d53556c918a1ff4ca1a6189b05cd2fcf8a1366c5af5dc1dbf7168d8f79c821c0e6ee629d72145514087844f0469a5f96668171157b393" # xsa380-2.patch
- "6c5e3388fcfb0dcae30d5f315bf95d263c82519d2cbf2a8a88d280b5b0b1c1ed4cce7a1a85fabbf57c785ad9dc23e8e5e4773c631c00e036aada604ff8e7fa03" # xsa382.patch
- "d5106df26e6c4512d88ea6748c403117a2b61cb40f6d6c08a76f160352b79f94dd67cbb3419a33f2c6cfc7bbd644baed0498e366a6bf00d8031df728a47f36ea" # xsa383.patch
- "fe14ee4e28001e28ab0c3c0eca56d00d4d6e95879eec1f81f780d783d3845a4dd1dcd38449b2b7085e9aad88f0b95c59eebb52d8b5cf868012ff410fe32b9870" # xsa384.patch
)
@@ -161,9 +145,6 @@ prepare() {
cd "${pkgbase}-${pkgver}"
- patch -p1 < ../no-ld-no-pie.patch
- patch -p1 < ../gcc-11.patch
-
if [ "${_build_stubdom}" == "true" ]; then
for file in "${_stubdom_source[@]}"; do
diff --git a/aur-xsa379.patch b/aur-xsa379.patch
deleted file mode 100644
index 8adb3dab1b44..000000000000
--- a/aur-xsa379.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-diff -Naur orig.xen-4.15.0/xen/arch/x86/mm/p2m.c xen-4.15.0/xen/arch/x86/mm/p2m.c
---- orig.xen-4.15.0/xen/arch/x86/mm/p2m.c 2021-08-27 22:00:52.614860472 -0700
-+++ xen-4.15.0/xen/arch/x86/mm/p2m.c 2021-08-27 23:07:32.232928213 -0700
-@@ -2730,8 +2730,19 @@
- goto put_both;
- }
-
-- /* Remove previously mapped page if it was present. */
-+ /*
-+ * Note that we're (ab)using GFN locking (to really be locking of the
-+ * entire P2M) here in (at least) two ways: Finer grained locking would
-+ * expose lock order violations in the XENMAPSPACE_gmfn case (due to the
-+ * earlier get_gfn_unshare() above). Plus at the very least for the grant
-+ * table v2 status page case we need to guarantee that the same page can
-+ * only appear at a single GFN. While this is a property we want in
-+ * general, for pages which can subsequently be freed this imperative:
-+ * Upon freeing we wouldn't be able to find other mappings in the P2M
-+ * (unless we did a brute force search).
-+ */
- prev_mfn = get_gfn(d, gfn_x(gpfn), &p2mt);
-+ /* Remove previously mapped page if it was present. */
- if ( mfn_valid(prev_mfn) )
- {
- if ( is_special_page(mfn_to_page(prev_mfn)) )
-@@ -2741,26 +2752,23 @@
- /* Normal domain memory is freed, to avoid leaking memory. */
- rc = guest_remove_page(d, gfn_x(gpfn));
- }
-- /* In the XENMAPSPACE_gmfn case we still hold a ref on the old page. */
-- put_gfn(d, gfn_x(gpfn));
--
-- if ( rc )
-- goto put_both;
-
- /* Unmap from old location, if any. */
- old_gpfn = get_gpfn_from_mfn(mfn_x(mfn));
- ASSERT(!SHARED_M2P(old_gpfn));
- if ( space == XENMAPSPACE_gmfn && old_gpfn != gfn )
-- {
- rc = -EXDEV;
-- goto put_both;
-- }
-- if ( old_gpfn != INVALID_M2P_ENTRY )
-+ else if ( !rc && old_gpfn != INVALID_M2P_ENTRY )
- rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K);
-
- /* Map at new location. */
- if ( !rc )
-+ {
- rc = guest_physmap_add_page(d, gpfn, mfn, PAGE_ORDER_4K);
-+ }
-+
-+ put_gfn(d, gfn_x(gpfn));
-+
-
- put_both:
- /*
diff --git a/gcc-11.patch b/gcc-11.patch
deleted file mode 100644
index 7aa60600c192..000000000000
--- a/gcc-11.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff --git a/tools/libs/foreignmemory/linux.c b/tools/libs/foreignmemory/linux.c
-index c1f35e2db7..71ba3beb57 100644
---- a/tools/libs/foreignmemory/linux.c
-+++ b/tools/libs/foreignmemory/linux.c
-@@ -161,7 +161,7 @@ out:
- void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem,
- uint32_t dom, void *addr,
- int prot, int flags, size_t num,
-- const xen_pfn_t arr[/*num*/], int err[/*num*/])
-+ const xen_pfn_t arr[num], int err[num])
- {
- int fd = fmem->fd;
- privcmd_mmapbatch_v2_t ioctlx;
-diff --git a/tools/libs/foreignmemory/minios.c b/tools/libs/foreignmemory/minios.c
-index 43341ca301..c3ddbc8872 100644
---- a/tools/libs/foreignmemory/minios.c
-+++ b/tools/libs/foreignmemory/minios.c
-@@ -42,7 +42,7 @@ int osdep_xenforeignmemory_close(xenforeignmemory_handle *fmem)
- void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem,
- uint32_t dom, void *addr,
- int prot, int flags, size_t num,
-- const xen_pfn_t arr[/*num*/], int err[/*num*/])
-+ const xen_pfn_t arr[num], int err[num])
- {
- unsigned long pt_prot = 0;
- if (prot & PROT_READ)
-diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
-index aadcce591f..774c123883 100644
---- a/xen/arch/x86/tboot.c
-+++ b/xen/arch/x86/tboot.c
-@@ -92,7 +92,7 @@ static void __init tboot_copy_memory(unsigned char *va, uint32_t size,
-
- void __init tboot_probe(void)
- {
-- tboot_shared_t *tboot_shared;
-+ tboot_shared_t * volatile tboot_shared;
-
- /* Look for valid page-aligned address for shared page. */
- if ( !opt_tboot_pa || (opt_tboot_pa & ~PAGE_MASK) )
-diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
-index c25d88d0d8..ba104602be 100644
---- a/xen/arch/x86/x86_emulate/x86_emulate.c
-+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
-@@ -726,9 +726,9 @@ union vex {
- #define copy_VEX(ptr, vex) ({ \
- if ( !mode_64bit() ) \
- (vex).reg |= 8; \
-- (ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \
-- (ptr)[1 - PFX_BYTES] = (vex).raw[0]; \
-- (ptr)[2 - PFX_BYTES] = (vex).raw[1]; \
-+ ((volatile uint8_t *)ptr)[0 - PFX_BYTES] = ext < ext_8f08 ? 0xc4 : 0x8f; \
-+ ((volatile uint8_t *)ptr)[1 - PFX_BYTES] = (vex).raw[0]; \
-+ ((volatile uint8_t *)ptr)[2 - PFX_BYTES] = (vex).raw[1]; \
- container_of((ptr) + 1 - PFX_BYTES, typeof(vex), raw[0]); \
- })
-
-diff --git a/xen/include/crypto/vmac.h b/xen/include/crypto/vmac.h
-index 457f3f5dd6..ce61e7fb35 100644
---- a/xen/include/crypto/vmac.h
-+++ b/xen/include/crypto/vmac.h
-@@ -142,7 +142,7 @@ extern "C" {
-
- #define vmac_update vhash_update
-
--void vhash_update(unsigned char m[],
-+void vhash_update(uint8_t *m,
- unsigned int mbytes,
- vmac_ctx_t *ctx);
-
diff --git a/no-ld-no-pie.patch b/no-ld-no-pie.patch
deleted file mode 100644
index c858154d6199..000000000000
--- a/no-ld-no-pie.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-diff -Naur orig.xen-4.15.0/tools/qemu-xen/configure xen-4.15.0/tools/qemu-xen/configure
---- orig.xen-4.15.0/tools/qemu-xen/configure 2021-04-14 21:21:12.452569711 -0700
-+++ xen-4.15.0/tools/qemu-xen/configure 2021-04-15 00:28:33.297563599 -0700
-@@ -2184,7 +2184,6 @@
- # Check we support --no-pie first; we will need this for building ROMs.
- if compile_prog "-Werror -fno-pie" "-no-pie"; then
- CFLAGS_NOPIE="-fno-pie"
-- LDFLAGS_NOPIE="-no-pie"
- fi
-
- if test "$static" = "yes"; then
-@@ -2200,7 +2199,6 @@
- fi
- elif test "$pie" = "no"; then
- QEMU_CFLAGS="$CFLAGS_NOPIE $QEMU_CFLAGS"
-- QEMU_LDFLAGS="$LDFLAGS_NOPIE $QEMU_LDFLAGS"
- elif compile_prog "-Werror -fPIE -DPIE" "-pie"; then
- QEMU_CFLAGS="-fPIE -DPIE $QEMU_CFLAGS"
- QEMU_LDFLAGS="-pie $QEMU_LDFLAGS"
-@@ -7996,7 +7994,6 @@
- echo "QEMU_CFLAGS += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_host_mak
- fi
- echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak
--echo "LDFLAGS_NOPIE=$LDFLAGS_NOPIE" >> $config_host_mak
- echo "LD_REL_FLAGS=$LD_REL_FLAGS" >> $config_host_mak
- echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_host_mak
- echo "LIBS+=$LIBS" >> $config_host_mak
-diff -Naur orig.xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile
---- orig.xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile 2021-04-14 21:22:40.942571012 -0700
-+++ xen-4.15.0/tools/qemu-xen/pc-bios/optionrom/Makefile 2021-04-15 00:29:15.334688505 -0700
-@@ -47,10 +47,10 @@
- $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$(TARGET_DIR)$@")
-
- pvh.img: pvh.o pvh_main.o
-- $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@")
-+ $(call quiet-command,$(LD) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@")
-
- %.img: %.o
-- $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $<,"BUILD","$(TARGET_DIR)$@")
-+ $(call quiet-command,$(LD) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $<,"BUILD","$(TARGET_DIR)$@")
-
- %.raw: %.img
- $(call quiet-command,$(OBJCOPY) -O binary -j .text $< $@,"BUILD","$(TARGET_DIR)$@")