summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorSam Mulvey2020-11-10 16:39:09 -0800
committerSam Mulvey2020-11-10 16:39:09 -0800
commite3f3b160ce356ad81f336072fcd5aa85f128311a (patch)
treea48a25359462d4355500588807459996f068a189
parentc4863046c32988848dd230853ef5d1dc3d3d719b (diff)
downloadaur-e3f3b160ce356ad81f336072fcd5aa85f128311a.tar.gz
4.14.0-4 merge changes from SAUR, mostly XSA patches
Diffstat
-rw-r--r--.SRCINFO25
-rw-r--r--ChangeLog6
-rw-r--r--PKGBUILD45
-rw-r--r--xen_4.14.0_fixes.patch12
4 files changed, 81 insertions, 7 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 3a5dadbbcbe3..f636a5b86c62 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = xen
pkgdesc = Open-source type-1 or baremetal hypervisor
pkgver = 4.14.0
- pkgrel = 1
+ pkgrel = 4
url = https://xenproject.org/
arch = x86_64
license = GPL2
@@ -37,6 +37,7 @@ pkgbase = xen
makedepends = pixman
makedepends = ocaml
makedepends = fig2dev
+ makedepends = cmake
noextract = gmp-4.3.2.tar.bz2
noextract = grub-0.97.tar.gz
noextract = lwip-1.3.0.tar.gz
@@ -55,6 +56,16 @@ pkgbase = xen
source = xen-ucode-extract.sh
source = xen-intel-ucode.hook
source = xen-amd-ucode.hook
+ source = xsa286-4.13-1.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0001-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XP.patch
+ source = xsa286-4.14-2.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0002-x86-pv-Flush-TLB-in-response-to-paging-structure-cha.patch
+ source = xsa345-4.14-1.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0001-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-sing.patch
+ source = xsa345-4.14-2.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0002-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit.patch
+ source = xsa345-4.14-3.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0003-x86-mm-Prevent-some-races-in-hypervisor-mapping-upda.patch
+ source = https://xenbits.xen.org/xsa/xsa346/xsa346-1.patch
+ source = https://xenbits.xen.org/xsa/xsa346/xsa346-2.patch
+ source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-1.patch
+ source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-2.patch
+ source = https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-3.patch
source = http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2
source = http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz
source = http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz
@@ -66,13 +77,23 @@ pkgbase = xen
validpgpkeys = 23E3222C145F4475FA8060A783FE14C957E82BD9
sha512sums = ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0
sha512sums = SKIP
- sha512sums = 95b489d8ce2ba85ba48a50d8b5e087c9f3955a2750a16206502e3fdaa2bbbcb2a316586c78ae02937659cb862ddb10479bd0139a77b7dd4235bf07bb7982ee14
+ sha512sums = 4c3e8c66f76cf06f7983012e869b7d22d57caf81aacf6553442548d955a9682c0495a7f59c96d313ae58a9e61a71d21743b79bb2af49276c9a675d8d701b16c9
sha512sums = 1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420
sha512sums = ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b
sha512sums = 53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef
sha512sums = a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6
sha512sums = 7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd
sha512sums = 99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9
+ sha512sums = 6044a27a05918600c2c963a69356097a6f274fe0b1c328ba1f5d6673065a4b0d8194de19e54846f38e38734ac67f1463e6ada9a551d9f076cc1f6226a477f909
+ sha512sums = ef94bd3b291711c1312f420a58852be73b5fce42c3e285cc942cc14f96bf610d389a83a796e56fc6a80f072a17da6b0ffb3502697de0cc48587791653ecc1942
+ sha512sums = cca42a9ea18bdb8e690c4a2a27e362f3e2c83e2834dca7ca59f8e99b6bcf576a1122e6242d40c335367e0081aefd7b4b741e67b3473f1940048a3a1c01171dfe
+ sha512sums = f16d0f11f29d79f4de2dcb37dc7aeec52de98addfab350bb644c35efbda621588a75c0ff306d355ed0d6739b6f7bb3706acb9d5972c3956f43988c23ebe08fe2
+ sha512sums = 5be23b19420691bc3f020ff05c2bc97a770999beb8d27a89db05940bc98b105ccdd0d37b8ae778ab6655ce68d2797bc41f08d4753a082f4749d43b493b9eb64a
+ sha512sums = 043366f1c745e9ab068a8ff60f703cce9831ea02c4980067fcc3243575543f069aee419c06ca8179667805ea04a8563b40086ae4efe979145439b954d956829d
+ sha512sums = 2209b558482c976d2ae97552d0de91026b8d957257e13f98e6ac2bcb2ca72e22f11fef50b5a0533087e693af8a97e1568848fcf5eeb3c03db259ad25901a6dab
+ sha512sums = 65857a8b30b5d61283b4a4a29708260b5742f5ec8bbeaaa22dde15c730dac5864901a89dc8495c4eb7618bba8543a80839ad01d23f4c298978799d73a0083c16
+ sha512sums = e02ecd756ceb02781b9dec14647132f4fbf575bea59948bcfd5fce85130282671b11f771c263d05d613700748a4221b4fd29a14e3f8108701b618aa1741e9292
+ sha512sums = 662993bb8312b77866327f5b4e448374a4a6076a9154b5150192f9dab477a98c25bce1bea246db137cea461e16a25c8e624a11ca26d988dde0db4edbf9af3b6f
sha512sums = 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf
sha512sums = c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb
sha512sums = 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d
diff --git a/ChangeLog b/ChangeLog
index 90c3ab395b21..5ddb1176ab1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
+2020-11-10 Sam Mulvey
+ * 4.14.0-4
+ re-added XSA patch file handling
+
2020-08-10 Sam Mulvey
* 4.14.0-1
- * option to build own QEMU is added, and default
+ option to build own QEMU is added, and default
2020-08-20 Sam Mulvey
* 4.13.1-4
diff --git a/PKGBUILD b/PKGBUILD
index 6933ba23a009..4bbf136eb96e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,5 +1,6 @@
# Maintainer: Sam Mulvey (Refutationalist) <archlinux@sammulvey.com>
# Contributor: Filipe LaĆ­ns (FFY00) <lains@archlinux.org>
+# Contributor: Chris Chapman (cman) <chris.chapman@aggiemail.usu.edu>
# Build Options
_build_stubdom=${build_stubdom:-true}
@@ -18,7 +19,7 @@ _zlib=1.2.3
pkgbase=xen
pkgname=("xen" "xen-docs")
pkgver=4.14.0
-pkgrel=1
+pkgrel=4
pkgdesc='Open-source type-1 or baremetal hypervisor'
arch=('x86_64')
url='https://xenproject.org/'
@@ -39,7 +40,18 @@ source=("https://downloads.xenproject.org/release/xen/$pkgver/$pkgname-$pkgver.t
"tmpfiles.conf"
"xen-ucode-extract.sh"
"xen-intel-ucode.hook"
- "xen-amd-ucode.hook")
+ "xen-amd-ucode.hook"
+ "xsa286-4.13-1.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0001-x86-pv-Drop-FLUSH_TLB_GLOBAL-in-do_mmu_update-for-XP.patch"
+ "xsa286-4.14-2.patch::https://xenbits.xen.org/xsa/xsa286-4.14/0002-x86-pv-Flush-TLB-in-response-to-paging-structure-cha.patch"
+ "xsa345-4.14-1.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0001-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-sing.patch"
+ "xsa345-4.14-2.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0002-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit.patch"
+ "xsa345-4.14-3.patch::https://xenbits.xen.org/xsa/xsa345-4.14/0003-x86-mm-Prevent-some-races-in-hypervisor-mapping-upda.patch"
+ "https://xenbits.xen.org/xsa/xsa346/xsa346-1.patch"
+ "https://xenbits.xen.org/xsa/xsa346/xsa346-2.patch"
+ "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-1.patch"
+ "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-2.patch"
+ "https://xenbits.xen.org/xsa/xsa347/xsa347-4.14-3.patch"
+)
_stubdom_source=("http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2"
"http://xenbits.xen.org/xen-extfiles/grub-$_grub.tar.gz"
@@ -52,13 +64,25 @@ _stubdom_source=("http://xenbits.xen.org/xen-extfiles/gmp-$_gmp.tar.bz2"
sha512sums=('ebce47a2f754955d8517123d69f62006634d97620fbbe3784869a0667466e586a249f57ffaf7846d5bcb45d69377cde43354c82c233fbb5407e55653b9a33ac0'
'SKIP'
- '95b489d8ce2ba85ba48a50d8b5e087c9f3955a2750a16206502e3fdaa2bbbcb2a316586c78ae02937659cb862ddb10479bd0139a77b7dd4235bf07bb7982ee14'
+ '4c3e8c66f76cf06f7983012e869b7d22d57caf81aacf6553442548d955a9682c0495a7f59c96d313ae58a9e61a71d21743b79bb2af49276c9a675d8d701b16c9'
'1bbcbcd9fb8344a207409ec9f0064a45b726416f043f902ca587f5e4fa58497a759be4ffd584fa32318e960aa478864cc05ec026c444e8d27ca8e3248bd67420'
'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b'
'53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef'
'a9230ec6ef9636ac3f3e4b72b1747ee8c4648a8bf4bd8dc3650365e34f1f67474429dbdd24996907d277b0ff5f235574643e781cb3ff37da954e899ddadbe0d6'
'7a832de9b35f4b77ee80d33310b23886f4d48d1d42c3d6ef6f8e2b428bec7332a285336864b61cfa01d9a14c2023674015beb7527bd5849b069f2be88e6500cd'
- '99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9')
+ '99921b94a29fa7988c7fb5c17da8e598e777c972d6cae8c8643c991e5ff911a25525345ea8913945313d5c49fecf9da8cc3b83d47ab03928341e917b304370a9'
+ '6044a27a05918600c2c963a69356097a6f274fe0b1c328ba1f5d6673065a4b0d8194de19e54846f38e38734ac67f1463e6ada9a551d9f076cc1f6226a477f909'
+ 'ef94bd3b291711c1312f420a58852be73b5fce42c3e285cc942cc14f96bf610d389a83a796e56fc6a80f072a17da6b0ffb3502697de0cc48587791653ecc1942'
+ 'cca42a9ea18bdb8e690c4a2a27e362f3e2c83e2834dca7ca59f8e99b6bcf576a1122e6242d40c335367e0081aefd7b4b741e67b3473f1940048a3a1c01171dfe'
+ 'f16d0f11f29d79f4de2dcb37dc7aeec52de98addfab350bb644c35efbda621588a75c0ff306d355ed0d6739b6f7bb3706acb9d5972c3956f43988c23ebe08fe2'
+ '5be23b19420691bc3f020ff05c2bc97a770999beb8d27a89db05940bc98b105ccdd0d37b8ae778ab6655ce68d2797bc41f08d4753a082f4749d43b493b9eb64a'
+ '043366f1c745e9ab068a8ff60f703cce9831ea02c4980067fcc3243575543f069aee419c06ca8179667805ea04a8563b40086ae4efe979145439b954d956829d'
+ '2209b558482c976d2ae97552d0de91026b8d957257e13f98e6ac2bcb2ca72e22f11fef50b5a0533087e693af8a97e1568848fcf5eeb3c03db259ad25901a6dab'
+ '65857a8b30b5d61283b4a4a29708260b5742f5ec8bbeaaa22dde15c730dac5864901a89dc8495c4eb7618bba8543a80839ad01d23f4c298978799d73a0083c16'
+ 'e02ecd756ceb02781b9dec14647132f4fbf575bea59948bcfd5fce85130282671b11f771c263d05d613700748a4221b4fd29a14e3f8108701b618aa1741e9292'
+ '662993bb8312b77866327f5b4e448374a4a6076a9154b5150192f9dab477a98c25bce1bea246db137cea461e16a25c8e624a11ca26d988dde0db4edbf9af3b6f')
+
+
_stub_sums=('2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf'
'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb'
@@ -73,6 +97,9 @@ if [ "${_build_stubdom}" == "true" ]; then
source=("${source[@]}" "${_stubdom_source[@]}")
sha512sums=("${sha512sums[@]}" "${_stub_sums[@]}")
+ # Add in automagic dependency in order to build vtpm and vtpmmgr stubdoms
+ makedepends+=('cmake')
+
for file in "${_stubdom_source[@]}"; do
noextract+=( $(basename ${file}) )
done
@@ -95,6 +122,8 @@ validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') # Xen.org Xen tree cod
# TODO: Setup users, dirs, etc.
prepare() {
+ patches=($(ls -d xsa*patch))
+
cd "${pkgbase}-${pkgver}"
# mostly from: https://github.com/olafhering/xen/commit/1a1d86fef44444e8e265fd8bc687f8238a0d1615
@@ -108,6 +137,14 @@ prepare() {
fi
+
+ for patch in "${patches[@]}"; do
+ if [[ $patch =~ ^xsa ]]; then
+ echo "==> Applying security patch '${patch}'..."
+ patch -p1 < "../${patch}"
+ fi
+ done
+
# Fix Install Paths.
sed 's,/var/run,/run,g' -i tools/hotplug/Linux/locking.sh
sed 's,/var/run,/run,g' -i tools/misc/xenpvnetboot
diff --git a/xen_4.14.0_fixes.patch b/xen_4.14.0_fixes.patch
index db0916f42298..68836a9b74c5 100644
--- a/xen_4.14.0_fixes.patch
+++ b/xen_4.14.0_fixes.patch
@@ -31,4 +31,16 @@ diff -Naur orig/tools/libxl/libxl_utils.c patched/tools/libxl/libxl_utils.c
+ memcpy(un->sun_path, path, len);
return 0;
}
+
+diff -Naur orig/stubdom/vtpmmgr/vtpmmgr.h changed/stubdom/vtpmmgr/vtpmmgr.h
+--- orig/stubdom/vtpmmgr/vtpmmgr.h 2020-05-14 05:19:32.000000000 -0700
++++ changed/stubdom/vtpmmgr/vtpmmgr.h 2020-05-20 12:04:28.506666463 -0700
+@@ -50,7 +50,7 @@
+ #define RSA_KEY_SIZE 0x0800
+ #define RSA_CIPHER_SIZE (RSA_KEY_SIZE / 8)
+-enum {
++extern enum {
+ TPM1_HARDWARE = 1,
+ TPM2_HARDWARE,
+ } tpm_version;