diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2014-02-13 07:59:09 +0000 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2014-02-13 07:59:09 +0000 |
| commit | 31e05770b84b34e9f1b8e5d2491d0ebe97b339df (patch) | |
| tree | 97c5901a5191e3ad578e466444a3d5e0a7209011 /app-emulation | |
| parent | Initial import. New dependency for dev-ruby/mocha. Initial ebuild by Michel B... (diff) | |
| download | gentoo-2-31e05770b84b34e9f1b8e5d2491d0ebe97b339df.tar.gz gentoo-2-31e05770b84b34e9f1b8e5d2491d0ebe97b339df.tar.bz2 gentoo-2-31e05770b84b34e9f1b8e5d2491d0ebe97b339df.zip | |
fix sec bug #500530, #501080, missing -lrt bug #463840, glib deps bug #500604
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xAABEFD55)
Diffstat (limited to 'app-emulation')
| -rw-r--r-- | app-emulation/xen-tools/ChangeLog | 11 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/xen-tools-4-CVE-2014-1950-XSA-88.patch | 27 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/xen-tools-4.2.2-rt-link.patch | 48 | ||||
| -rw-r--r-- | app-emulation/xen-tools/files/xenconsoled.initd | 6 | ||||
| -rw-r--r-- | app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild (renamed from app-emulation/xen-tools/xen-tools-4.2.2-r6.ebuild) | 61 | ||||
| -rw-r--r-- | app-emulation/xen-tools/xen-tools-4.3.1-r5.ebuild (renamed from app-emulation/xen-tools/xen-tools-4.3.1-r4.ebuild) | 14 |
6 files changed, 133 insertions, 34 deletions
diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog index c9d2d4e4e21c..88e9233f2f9a 100644 --- a/app-emulation/xen-tools/ChangeLog +++ b/app-emulation/xen-tools/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-emulation/xen-tools # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.217 2014/02/08 08:13:43 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.218 2014/02/13 07:59:09 dlan Exp $ + +*xen-tools-4.3.1-r5 (13 Feb 2014) +*xen-tools-4.2.2-r7 (13 Feb 2014) + + 13 Feb 2014; Yixun Lan <dlan@gentoo.org> -xen-tools-4.2.2-r6.ebuild, + +xen-tools-4.2.2-r7.ebuild, -xen-tools-4.3.1-r4.ebuild, + +xen-tools-4.3.1-r5.ebuild, +files/xen-tools-4-CVE-2014-1950-XSA-88.patch, + +files/xen-tools-4.2.2-rt-link.patch, files/xenconsoled.initd: + fix sec bug #500530, #501080, missing -lrt bug #463840, glib deps bug #500604 *xen-tools-4.3.1-r4 (08 Feb 2014) diff --git a/app-emulation/xen-tools/files/xen-tools-4-CVE-2014-1950-XSA-88.patch b/app-emulation/xen-tools/files/xen-tools-4-CVE-2014-1950-XSA-88.patch new file mode 100644 index 000000000000..a9fc806e360a --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4-CVE-2014-1950-XSA-88.patch @@ -0,0 +1,27 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Wed, 22 Jan 2014 17:47:21 +0000 +Subject: libxc: Fix out-of-memory error handling in xc_cpupool_getinfo() + +Avoid freeing info then returning it to the caller. + +This is XSA-88. + +Coverity-ID: 1056192 +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +--- + tools/libxc/xc_cpupool.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/libxc/xc_cpupool.c b/tools/libxc/xc_cpupool.c +index c8c2a33..6393cfb 100644 +--- a/tools/libxc/xc_cpupool.c ++++ b/tools/libxc/xc_cpupool.c +@@ -104,6 +104,7 @@ xc_cpupoolinfo_t *xc_cpupool_getinfo(xc_interface *xch, + info->cpumap = xc_cpumap_alloc(xch); + if (!info->cpumap) { + free(info); ++ info = NULL; + goto out; + } + info->cpupool_id = sysctl.u.cpupool_op.cpupool_id; diff --git a/app-emulation/xen-tools/files/xen-tools-4.2.2-rt-link.patch b/app-emulation/xen-tools/files/xen-tools-4.2.2-rt-link.patch new file mode 100644 index 000000000000..93641ef094d6 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4.2.2-rt-link.patch @@ -0,0 +1,48 @@ +diff --git a/tools/qemu-xen/configure b/tools/qemu-xen/configure +index ea2f8f8..9726440 100755 +--- a/tools/qemu-xen/configure ++++ b/tools/qemu-xen/configure +@@ -2459,17 +2459,41 @@ fi + + + ########################################## ++# Do we need libm ++cat > $TMPC << EOF ++#include <math.h> ++int main(void) { return isnan(sin(0.0)); } ++EOF ++if compile_prog "" "" ; then ++ : ++elif compile_prog "" "-lm" ; then ++ LIBS="-lm $LIBS" ++ libs_qga="-lm $libs_qga" ++else ++ error_exit "libm check failed" ++fi ++ ++########################################## + # Do we need librt ++# uClibc provides 2 versions of clock_gettime(), one with realtime ++# support and one without. This means that the clock_gettime() don't ++# need -lrt. We still need it for timer_create() so we check for this ++# function in addition. + cat > $TMPC <<EOF + #include <signal.h> + #include <time.h> +-int main(void) { clockid_t id; return clock_gettime(id, NULL); } ++int main(void) { ++ timer_create(CLOCK_REALTIME, NULL, NULL); ++ return clock_gettime(CLOCK_REALTIME, NULL); ++} + EOF + + if compile_prog "" "" ; then + : +-elif compile_prog "" "-lrt" ; then ++# we need pthread for static linking. use previous pthread test result ++elif compile_prog "" "-lrt $pthread_lib" ; then + LIBS="-lrt $LIBS" ++ libs_qga="-lrt $libs_qga" + fi + + if test "$darwin" != "yes" -a "$mingw32" != "yes" -a "$solaris" != yes -a \ diff --git a/app-emulation/xen-tools/files/xenconsoled.initd b/app-emulation/xen-tools/files/xenconsoled.initd index 23984841df4f..e2d245ff0f21 100644 --- a/app-emulation/xen-tools/files/xenconsoled.initd +++ b/app-emulation/xen-tools/files/xenconsoled.initd @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xenconsoled.initd,v 1.5 2014/01/23 03:38:35 dlan Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/files/xenconsoled.initd,v 1.6 2014/02/13 07:59:09 dlan Exp $ depend() { need xenstored @@ -11,7 +11,9 @@ depend() { # bug #498720 shutdown_all_domU() { # Note: shutdown all domU, including manually started ones - xl shutdown -a -w >/dev/null + local V=$(xl info| awk "/xen_minor/ { print \$3 }") + # 4.2.2 do not support "-a" option + [ $V -gt 2 ] && xl shutdown -a -w >/dev/null } start() { diff --git a/app-emulation/xen-tools/xen-tools-4.2.2-r6.ebuild b/app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild index 83f7e7f92a9c..4b61f327ddc4 100644 --- a/app-emulation/xen-tools/xen-tools-4.2.2-r6.ebuild +++ b/app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r6.ebuild,v 1.1 2014/02/07 02:14:50 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r7.ebuild,v 1.1 2014/02/13 07:59:09 dlan Exp $ EAPI=5 @@ -39,6 +39,7 @@ REQUIRED_USE="hvm? ( qemu ) ${PYTHON_REQUIRED_USE}" DEPEND="dev-libs/lzo:2 + dev-libs/glib:2 dev-libs/yajl dev-libs/libgcrypt dev-python/lxml[${PYTHON_USEDEP}] @@ -86,6 +87,35 @@ QA_WX_LOAD="usr/lib/xen/boot/hvmloader" RESTRICT="test" +XSA_PATCHES=( + "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch + "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch + "${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch + "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch + "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch + "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch + "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch + "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch + "${FILESDIR}"/xen-4-CVE-2013-2072-XSA-56.patch + "${FILESDIR}"/xen-4.2-CVE-XSA-57.patch + "${FILESDIR}"/${PN}-4-CVE-2013-4369-XSA-68.patch + "${FILESDIR}"/${PN}-4-CVE-2013-4370-XSA-69.patch + "${FILESDIR}"/${PN}-4-CVE-2013-4371-XSA-70.patch + "${FILESDIR}"/${PN}-4-CVE-2013-4416-XSA-72.patch + "${FILESDIR}"/${PN/-tools/}-4-CVE-XSA-86.patch #bug #500530 + "${FILESDIR}"/${PN}-4-CVE-2014-1950-XSA-88.patch #bug #501080 +) + pkg_setup() { python-single-r1_pkg_setup export "CONFIG_LOMOUNT=y" @@ -202,34 +232,11 @@ src_prepare() { # Set dom0-min-mem to kb; Bug #472982 epatch "${FILESDIR}"/${PN/-tools/}-4.2-configsxp.patch - # Bug # + # Bug 463840 epatch "${FILESDIR}"/${P}-install.patch + epatch "${FILESDIR}"/${P}-rt-link.patch - #Security patches, currently valid - epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \ - "${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-1-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-2-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-3-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-4-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-5to7-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-8-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-9to10-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-11-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-12to13-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-14-XSA-55.patch \ - "${WORKDIR}"/files/xen-4.2-CVE-2013-15-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-16-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-17-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-18to19-XSA-55.patch \ - "${FILESDIR}"/xen-4.2-CVE-2013-20to23-XSA-55.patch \ - "${FILESDIR}"/xen-4-CVE-2013-2072-XSA-56.patch \ - "${FILESDIR}"/xen-4.2-CVE-XSA-57.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-4369-XSA-68.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-4370-XSA-69.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-4371-XSA-70.patch \ - "${FILESDIR}"/${PN}-4-CVE-2013-4416-XSA-72.patch + [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}" # Bug 472438 sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \ diff --git a/app-emulation/xen-tools/xen-tools-4.3.1-r4.ebuild b/app-emulation/xen-tools/xen-tools-4.3.1-r5.ebuild index 91fc710ad657..75879a0d440f 100644 --- a/app-emulation/xen-tools/xen-tools-4.3.1-r4.ebuild +++ b/app-emulation/xen-tools/xen-tools-4.3.1-r5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.1-r4.ebuild,v 1.1 2014/02/08 08:13:43 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.3.1-r5.ebuild,v 1.1 2014/02/13 07:59:09 dlan Exp $ EAPI=5 @@ -42,6 +42,7 @@ REQUIRED_USE="hvm? ( qemu ) pygrub? ( python )" DEPEND="dev-libs/lzo:2 + dev-libs/glib:2 dev-libs/yajl dev-libs/libgcrypt dev-python/lxml[${PYTHON_USEDEP}] @@ -90,6 +91,13 @@ QA_WX_LOAD="usr/lib/xen/boot/hvmloader" RESTRICT="test" +# Security patches +XSA_PATCHES=( + "${FILESDIR}"/${PN/-tools/}-4-CVE-2012-6075-XSA-41.patch + "${FILESDIR}"/${PN/-tools/}-4-CVE-XSA-86.patch #bug #500530 + "${FILESDIR}"/${PN}-4-CVE-2014-1950-XSA-88.patch #bug #501080 +) + pkg_setup() { python-single-r1_pkg_setup export "CONFIG_LOMOUNT=y" @@ -206,9 +214,7 @@ src_prepare() { # Set dom0-min-mem to kb; Bug #472982 epatch "${FILESDIR}"/${PN/-tools/}-4.2-configsxp.patch - #Security patches, currently valid, bug #500530 - epatch "${FILESDIR}"/${PN/-tools/}-4-CVE-2012-6075-XSA-41.patch \ - "${FILESDIR}"/${PN/-tools/}-4-CVE-XSA-86.patch + [[ ${XSA_PATCHES[@]} ]] && epatch "${XSA_PATCHES[@]}" # Bug 472438 sed -e 's:^BASH_COMPLETION_DIR ?= $(CONFIG_DIR)/bash_completion.d:BASH_COMPLETION_DIR ?= $(SHARE_DIR)/bash-completion:' \ |