diff options
author | Sam Mulvey | 2020-11-10 16:39:09 -0800 |
---|---|---|
committer | Sam Mulvey | 2020-11-10 16:39:09 -0800 |
commit | e3f3b160ce356ad81f336072fcd5aa85f128311a (patch) | |
tree | a48a25359462d4355500588807459996f068a189 | |
parent | c4863046c32988848dd230853ef5d1dc3d3d719b (diff) | |
download | aur-e3f3b160ce356ad81f336072fcd5aa85f128311a.tar.gz |
4.14.0-4 merge changes from SAUR, mostly XSA patches
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | PKGBUILD | 45 | ||||
-rw-r--r-- | xen_4.14.0_fixes.patch | 12 |
4 files changed, 81 insertions, 7 deletions
@@ -1,7 +1,7 @@ pkgbase = xen pkgdesc = Open-source type-1 or baremetal hypervisor pkgver = 4.14.0 - pkgrel = 1 + pkgrel = 4 url = https://xenproject.org/ arch = x86_64 license = GPL2 @@ -37,6 +37,7 @@ pkgbase = xen makedepends = pixman makedepends = ocaml makedepends = fig2dev + makedepends = cmake noextract = gmp-4.3.2.tar.bz2 noextract = grub-0.97.tar.gz noextract = lwip-1.3.0.tar.gz @@ -55,6 +56,16 @@ pkgbase = xen source = xen-ucode-extract.sh source = xen-intel-ucode.hook source = xen-amd-ucode.hook + source = xsa286-4.13-1.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0001-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XP.patch + source = xsa286-4.14-2.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0002-x86-pv-Flush-TLB-in-response-to-paging-structure-cha.patch + source = xsa345-4.14-1.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0001-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-sing.patch + source = xsa345-4.14-2.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0002-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit.patch + source = xsa345-4.14-3.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0003-x86-mm-Prevent-some-races-in-hypervisor-mapping-upda.patch + source = https://xenbits.xen.org/xsa/xsa346/xsa346-1.patch + source = https://xenbits.xen.org/xsa/xsa346/xsa346-2.patch + source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-1.patch + source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-2.patch + source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-3.patch source = http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 source = http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz source = http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz @@ -66,13 +77,23 @@ pkgbase = xen validpgpkeys = 23E3222C145F4475FA8060A783FE14C957E82BD9 sha512sums = ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0 sha512sums = SKIP - sha512sums = 95b489d8ce2ba85ba48a50d8b5e087c9f3955a2750a16206502e3fdaa2bbbcb2a316586c78ae02937659cb862ddb10479bd0139a77b7dd4235bf07bb7982ee14 + sha512sums = 4c3e8c66f76cf06f7983012e869b7d22d57caf81aacf6553442548d955a9682c0495a7f59c96d313ae58a9e61a71d21743b79bb2af49276c9a675d8d701b16c9 sha512sums = 1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420 sha512sums = ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b sha512sums = 53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef sha512sums = a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6 sha512sums = 7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd sha512sums = 99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9 + sha512sums = 6044a27a05918600c2c963a69356097a6f274fe0b1c328ba1f5d6673065a4b0d8194de19e54846f38e38734ac67f1463e6ada9a551d9f076cc1f6226a477f909 + sha512sums = ef94bd3b291711c1312f420a58852be73b5fce42c3e285cc942cc14f96bf610d389a83a796e56fc6a80f072a17da6b0ffb3502697de0cc48587791653ecc1942 + sha512sums = cca42a9ea18bdb8e690c4a2a27e362f3e2c83e2834dca7ca59f8e99b6bcf576a1122e6242d40c335367e0081aefd7b4b741e67b3473f1940048a3a1c01171dfe + sha512sums = f16d0f11f29d79f4de2dcb37dc7aeec52de98addfab350bb644c35efbda621588a75c0ff306d355ed0d6739b6f7bb3706acb9d5972c3956f43988c23ebe08fe2 + sha512sums = 5be23b19420691bc3f020ff05c2bc97a770999beb8d27a89db05940bc98b105ccdd0d37b8ae778ab6655ce68d2797bc41f08d4753a082f4749d43b493b9eb64a + sha512sums = 043366f1c745e9ab068a8ff60f703cce9831ea02c4980067fcc3243575543f069aee419c06ca8179667805ea04a8563b40086ae4efe979145439b954d956829d + sha512sums = 2209b558482c976d2ae97552d0de91026b8d957257e13f98e6ac2bcb2ca72e22f11fef50b5a0533087e693af8a97e1568848fcf5eeb3c03db259ad25901a6dab + sha512sums = 65857a8b30b5d61283b4a4a29708260b5742f5ec8bbeaaa22dde15c730dac5864901a89dc8495c4eb7618bba8543a80839ad01d23f4c298978799d73a0083c16 + sha512sums = e02ecd756ceb02781b9dec14647132f4fbf575bea59948bcfd5fce85130282671b11f771c263d05d613700748a4221b4fd29a14e3f8108701b618aa1741e9292 + sha512sums = 662993bb8312b77866327f5b4e448374a4a6076a9154b5150192f9dab477a98c25bce1bea246db137cea461e16a25c8e624a11ca26d988dde0db4edbf9af3b6f sha512sums = 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf sha512sums = c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb sha512sums = 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d diff --git a/ChangeLog b/ChangeLog index 90c3ab395b21..5ddb1176ab1c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ +2020-11-10 Sam Mulvey + * 4.14.0-4 + re-added XSA patch file handling + 2020-08-10 Sam Mulvey * 4.14.0-1 - * option to build own QEMU is added, and default + option to build own QEMU is added, and default 2020-08-20 Sam Mulvey * 4.13.1-4 @@ -1,5 +1,6 @@ # Maintainer: Sam Mulvey (Refutationalist) <archlinux@sammulvey.com> # Contributor: Filipe LaĆns (FFY00) <lains@archlinux.org> +# Contributor: Chris Chapman (cman) <chris.chapman@aggiemail.usu.edu> # Build Options _build_stubdom=${build_stubdom:-true} @@ -18,7 +19,7 @@ _zlib=1.2.3 pkgbase=xen pkgname=("xen" "xen-docs") pkgver=4.14.0 -pkgrel=1 +pkgrel=4 pkgdesc='Open-source type-1 or baremetal hypervisor' arch=('x86_64') url='https://xenproject.org/' @@ -39,7 +40,18 @@ source=("https://downloads.xenproject.org/release/xen/$pkgver/$pkgname-$pkgver.t "tmpfiles.conf" "xen-ucode-extract.sh" "xen-intel-ucode.hook" - "xen-amd-ucode.hook") + "xen-amd-ucode.hook" + "xsa286-4.13-1.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0001-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XP.patch" + "xsa286-4.14-2.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0002-x86-pv-Flush-TLB-in-response-to-paging-structure-cha.patch" + "xsa345-4.14-1.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0001-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-sing.patch" + "xsa345-4.14-2.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0002-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit.patch" + "xsa345-4.14-3.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0003-x86-mm-Prevent-some-races-in-hypervisor-mapping-upda.patch" + "https://xenbits.xen.org/xsa/xsa346/xsa346-1.patch" + "https://xenbits.xen.org/xsa/xsa346/xsa346-2.patch" + "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-1.patch" + "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-2.patch" + "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-3.patch" +) _stubdom_source=("http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2" "http://xenbits.xen.org/xen-extfiles/grub-$_grub.tar.gz" @@ -52,13 +64,25 @@ _stubdom_source=("http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2" sha512sums=('ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0' 'SKIP' - '95b489d8ce2ba85ba48a50d8b5e087c9f3955a2750a16206502e3fdaa2bbbcb2a316586c78ae02937659cb862ddb10479bd0139a77b7dd4235bf07bb7982ee14' + '4c3e8c66f76cf06f7983012e869b7d22d57caf81aacf6553442548d955a9682c0495a7f59c96d313ae58a9e61a71d21743b79bb2af49276c9a675d8d701b16c9' '1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420' 'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b' '53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef' 'a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6' '7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd' - '99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9') + '99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9' + '6044a27a05918600c2c963a69356097a6f274fe0b1c328ba1f5d6673065a4b0d8194de19e54846f38e38734ac67f1463e6ada9a551d9f076cc1f6226a477f909' + 'ef94bd3b291711c1312f420a58852be73b5fce42c3e285cc942cc14f96bf610d389a83a796e56fc6a80f072a17da6b0ffb3502697de0cc48587791653ecc1942' + 'cca42a9ea18bdb8e690c4a2a27e362f3e2c83e2834dca7ca59f8e99b6bcf576a1122e6242d40c335367e0081aefd7b4b741e67b3473f1940048a3a1c01171dfe' + 'f16d0f11f29d79f4de2dcb37dc7aeec52de98addfab350bb644c35efbda621588a75c0ff306d355ed0d6739b6f7bb3706acb9d5972c3956f43988c23ebe08fe2' + '5be23b19420691bc3f020ff05c2bc97a770999beb8d27a89db05940bc98b105ccdd0d37b8ae778ab6655ce68d2797bc41f08d4753a082f4749d43b493b9eb64a' + '043366f1c745e9ab068a8ff60f703cce9831ea02c4980067fcc3243575543f069aee419c06ca8179667805ea04a8563b40086ae4efe979145439b954d956829d' + '2209b558482c976d2ae97552d0de91026b8d957257e13f98e6ac2bcb2ca72e22f11fef50b5a0533087e693af8a97e1568848fcf5eeb3c03db259ad25901a6dab' + '65857a8b30b5d61283b4a4a29708260b5742f5ec8bbeaaa22dde15c730dac5864901a89dc8495c4eb7618bba8543a80839ad01d23f4c298978799d73a0083c16' + 'e02ecd756ceb02781b9dec14647132f4fbf575bea59948bcfd5fce85130282671b11f771c263d05d613700748a4221b4fd29a14e3f8108701b618aa1741e9292' + '662993bb8312b77866327f5b4e448374a4a6076a9154b5150192f9dab477a98c25bce1bea246db137cea461e16a25c8e624a11ca26d988dde0db4edbf9af3b6f') + + _stub_sums=('2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf' 'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb' @@ -73,6 +97,9 @@ if [ "${_build_stubdom}" == "true" ]; then source=("${source[@]}" "${_stubdom_source[@]}") sha512sums=("${sha512sums[@]}" "${_stub_sums[@]}") + # Add in automagic dependency in order to build vtpm and vtpmmgr stubdoms + makedepends+=('cmake') + for file in "${_stubdom_source[@]}"; do noextract+=( $(basename ${file}) ) done @@ -95,6 +122,8 @@ validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree cod # TODO: Setup users, dirs, etc. prepare() { + patches=($(ls -d xsa*patch)) + cd "${pkgbase}-${pkgver}" # mostly from: https://github.com/olafhering/xen/commit/1a1d86fef44444e8e265fd8bc687f8238a0d1615 @@ -108,6 +137,14 @@ prepare() { fi + + for patch in "${patches[@]}"; do + if [[ $patch =~ ^xsa ]]; then + echo "==> Applying security patch '${patch}'..." + patch -p1 < "../${patch}" + fi + done + # Fix Install Paths. sed 's,/var/run,/run,g' -i tools/hotplug/Linux/locking.sh sed 's,/var/run,/run,g' -i tools/misc/xenpvnetboot diff --git a/xen_4.14.0_fixes.patch b/xen_4.14.0_fixes.patch index db0916f42298..68836a9b74c5 100644 --- a/xen_4.14.0_fixes.patch +++ b/xen_4.14.0_fixes.patch @@ -31,4 +31,16 @@ diff -Naur orig/tools/libxl/libxl_utils.c patched/tools/libxl/libxl_utils.c + memcpy(un->sun_path, path, len); return 0; } + +diff -Naur orig/stubdom/vtpmmgr/vtpmmgr.h changed/stubdom/vtpmmgr/vtpmmgr.h +--- orig/stubdom/vtpmmgr/vtpmmgr.h 2020-05-14 05:19:32.000000000 -0700 ++++ changed/stubdom/vtpmmgr/vtpmmgr.h 2020-05-20 12:04:28.506666463 -0700 +@@ -50,7 +50,7 @@ + #define RSA_KEY_SIZE 0x0800 + #define RSA_CIPHER_SIZE (RSA_KEY_SIZE / 8) +-enum { ++extern enum { + TPM1_HARDWARE = 1, + TPM2_HARDWARE, + } tpm_version; |