root
11 years ago
parent
66bf534a20
commit
f2ed388e4b
@ -1,3 +1,4 @@
|
||||
DIST accerciser-1.12.1.tar.bz2 1554921 SHA256 addbc940a05c0dacb6131c8e0b136c14eab73c57bfe50c110cef4d3723d07807 SHA512 f769af63a3cfe3e868769205fc270ff2948ceebd0e8965016f18ec0062dfdc398c6bd82dbe5ef40d555ea711bd6be529235803fe86dffd3828fd8183e095a06b WHIRLPOOL 0cf90b3d83a9a6e595af23aaacdcc28d57ab20b08bc97252a252e39ad9f20a6114da5f777996f6e36c23f8c3bcf097f8b63d7769d7b578dc50f556e68a95d834
|
||||
DIST accerciser-3.6.2.tar.xz 3076756 SHA256 4ed3a9a508b0109772a992666b87a5ca80dcb9cb83bf6878977129f25f499879 SHA512 734486426d681f965ddbf3fdb88017d9d5af5d2304add1fb1b17c2e61ad0624e63876f8581ef9992194361003e889c5da5a3609194418652284f159dc03fddb4 WHIRLPOOL 8b125010b66151c24a08d6af373627d04615ed764552a7ea7993cbde8b0d476e3375c2c1d7e2f5ce4f488741314b6b5436fddef953e857232d5a6733e585705a
|
||||
DIST accerciser-3.8.0.tar.xz 3204792 SHA256 68260998c558b4b78999dd0dfc27225a2c8bf43dddb9a4be6ae159e2a89b57e0 SHA512 2f27a52053dbdb32a11d63ee019b980b664875cae67d616eac9727c9e30d68a6c71400a5b370bdf833b736c2a57f756812edd5c0663f69d7bd2777953b8ef890 WHIRLPOOL 782e2695105cc534f824f8951cbc5732b25016edf63c1308eb9197019fdb364563e0bb558e5547a59f457bb8014861c05a5537d13a63328d9a07003f8677794a
|
||||
DIST accerciser-3.8.2.tar.xz 3207500 SHA256 f4fef2bfa23a9344b613c39dfa128e4d07d98f87cd5011d7d649b2a9c0a6aadd SHA512 a4441a5468bb27b8c88cdab60f96c86f4247dbd8cf04f0a5949cceceeab92f47a2b73bbf9264fd0043888b78f8a00a8578e0873f31fdf9cc6e15add4a444ab5c WHIRLPOOL e88cda221532dd983be6ead2c8c632fe2f1faf7f9c36eeebb0568c4acc71afcf1ed0f15e4dc31bb910abb6fd3423039fa05fc188ec16b9eccd9b3ff145adfa2f
|
||||
|
||||
@ -0,0 +1,67 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-accessibility/accerciser/accerciser-3.8.2.ebuild,v 1.1 2013/05/15 06:53:16 pacho Exp $
|
||||
|
||||
EAPI="5"
|
||||
GCONF_DEBUG="no"
|
||||
PYTHON_COMPAT=( python3_2 )
|
||||
PYTHON_REQ_USE="xml"
|
||||
|
||||
inherit gnome2 python-r1
|
||||
|
||||
DESCRIPTION="Interactive Python accessibility explorer"
|
||||
HOMEPAGE="http://live.gnome.org/Accerciser"
|
||||
|
||||
LICENSE="BSD CC-BY-SA-3.0"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE=""
|
||||
|
||||
RDEPEND="
|
||||
>=app-accessibility/at-spi2-core-2.5.2:2
|
||||
>=dev-python/pygobject-2.90.3:3[${PYTHON_USEDEP}]
|
||||
>=x11-libs/gtk+-3.1.13:3[introspection]
|
||||
|
||||
dev-libs/atk[introspection]
|
||||
>=dev-libs/glib-2.28:2
|
||||
dev-libs/gobject-introspection
|
||||
>=dev-python/ipython-0.11[${PYTHON_USEDEP}]
|
||||
>=dev-python/pyatspi-2.1.5[${PYTHON_USEDEP}]
|
||||
dev-python/pycairo[${PYTHON_USEDEP}]
|
||||
x11-libs/gdk-pixbuf[introspection]
|
||||
x11-libs/libwnck:3[introspection]
|
||||
x11-libs/pango[introspection]
|
||||
${PYTHON_DEPS}
|
||||
"
|
||||
DEPEND="${RDEPEND}
|
||||
app-text/yelp-tools
|
||||
>=dev-util/intltool-0.35
|
||||
sys-devel/gettext
|
||||
virtual/pkgconfig
|
||||
"
|
||||
|
||||
src_prepare() {
|
||||
gnome2_src_prepare
|
||||
|
||||
# Leave shebang alone
|
||||
sed 's:@PYTHON@:/usr/bin/python:' -i src/accerciser.in || die
|
||||
|
||||
python_copy_sources
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
python_foreach_impl run_in_build_dir gnome2_src_configure \
|
||||
ITSTOOL=$(type -P true)
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
python_foreach_impl run_in_build_dir gnome2_src_compile
|
||||
}
|
||||
|
||||
src_install() {
|
||||
installing() {
|
||||
gnome2_src_install
|
||||
python_doscript src/accerciser
|
||||
}
|
||||
python_foreach_impl run_in_build_dir installing
|
||||
}
|
||||
@ -1,2 +1,4 @@
|
||||
DIST webmin-1.620-minimal.tar.gz 2440850 SHA256 51d75ce76a9038357dec4fbf74069aca1b003bb1e64c7339626cb28ce42fd834 SHA512 099c5197eba2ad205c4aad785fe21c4bc4994be1e70c75157dc0f59fb3292b912b16a0a81ef6e147eb9dd7506a445ab5e677935e1c13449599744d90b8d0d52f WHIRLPOOL d88fa9ccdefdf9d7f9d981225da4f47ef50f0cc976c9691ebae362f974942f26ffca6a43c5b0da50a18937c44a4c23b60228e2155611274aca78f6724db61614
|
||||
DIST webmin-1.620.tar.gz 21646366 SHA256 3d36153406d8e5d3dcaeadba34dfb5cdbc4060b75c38339174ac97b2277f284b SHA512 18fcf5dcee161b71b927a7fb5acffe5c655376982989d4f92a08c296186b40b1c185bde83df2cc670eaf6efa8070d73fb39755f94309347e040e8e5edde12312 WHIRLPOOL 6cdcc8855998d1f1f2482d43765894584445bc1f75f2606e39ed7569522891af6ec2c260dcfb0a2a0350cff8a4b21964b3a91edceb49278963f2b71df1211633
|
||||
DIST webmin-1.630-minimal.tar.gz 2444267 SHA256 3ba026301ba1cf03351ae93667d32efb20704a42f749c5107510b6fca0bb8e88 SHA512 34e61a1a90d6a446bc7cadf93fc0cab05bcc50d4deb92557e7b3322f10ccefd96299f23fbf7dff81c346c6dd24cba4ef6278d1077d4c247ef2ce8a3ab67ac243 WHIRLPOOL 06fe981b26eb960649fb87edf24dcbaf98a3937226cc1543ec2ed607b6ab86854a17a07d45ab0facc0cd5e78a569326a786011e61b46fb7103a5b4eacbe75f41
|
||||
DIST webmin-1.630.tar.gz 21744645 SHA256 2ba5616a252d8108aab0573f615f7cc5c8c15b7df8c11bbcecf7acc23964432f SHA512 e4c373e545f4f9b5acd233576b094ceafff74dbc75702ee2d0d5a4b15fd4afa827f62b8d23500684e0c0ee97509e32ba9619f039f271d2bc8ddf47ca2e67c733 WHIRLPOOL f8cc2fde5cc7d24e16a573a864508779c8939149c97283402659cc7c48a6768f9c92ca36149490553952bfdc0e73d9e562d80f9a8f4986b13856b14c81061291
|
||||
|
||||
@ -0,0 +1,269 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-admin/webmin/webmin-1.630.ebuild,v 1.1 2013/05/16 19:33:31 hwoarang Exp $
|
||||
|
||||
EAPI="3"
|
||||
|
||||
inherit eutils pam ssl-cert
|
||||
|
||||
DESCRIPTION="A web-based Unix systems administration interface"
|
||||
HOMEPAGE="http://www.webmin.com/"
|
||||
SRC_URI="minimal? ( mirror://sourceforge/webadmin/${P}-minimal.tar.gz )
|
||||
!minimal? ( mirror://sourceforge/webadmin/${P}.tar.gz )"
|
||||
|
||||
LICENSE="BSD GPL-2"
|
||||
SLOT="0"
|
||||
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
|
||||
# NOTE: The ssl flag auto added by ssl-cert eclass is not used actually
|
||||
# because openssl is forced by dev-perl/Net-SSLeay
|
||||
IUSE="minimal +ssl mysql postgres ldap"
|
||||
|
||||
# All the required perl modules can be found easily using (in Webmin's root src dir):
|
||||
# find . -name cpan_modules.pl -exec grep "::" {} \;
|
||||
# NOTE: If Webmin doesn't find the required perl modules, it offers(runtime) the user
|
||||
# to install them using the in-built cpan module, and this will mess up perl on the system
|
||||
# That's why some modules are forced without a use flag
|
||||
# NOTE: pam, ssl and dnssec-tools deps are forced for security and Gentoo compliance installation reasons
|
||||
DEPEND="virtual/perl-Sys-Syslog
|
||||
virtual/perl-Time-HiRes
|
||||
virtual/perl-Time-Local
|
||||
dev-perl/Authen-Libwrap
|
||||
dev-perl/IO-Tty
|
||||
dev-perl/MD5
|
||||
dev-perl/Net-SSLeay
|
||||
dev-perl/Authen-PAM
|
||||
dev-perl/Sys-Hostname-Long
|
||||
>=net-dns/dnssec-tools-1.13
|
||||
!minimal? (
|
||||
mysql? ( dev-perl/DBD-mysql )
|
||||
postgres? ( dev-perl/DBD-Pg )
|
||||
ldap? ( dev-perl/perl-ldap )
|
||||
dev-perl/XML-Generator
|
||||
dev-perl/XML-Parser
|
||||
)"
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
src_prepare() {
|
||||
local perl="$( which perl )"
|
||||
|
||||
# Remove the unnecessary and incompatible files
|
||||
rm -rf acl/Authen-SolarisRBAC-0.1*
|
||||
if ! use minimal ; then
|
||||
rm -rf {format,{bsd,hpux,sgi}exports,zones,rbac}
|
||||
rm -f mount/{free,net,open}bsd-mounts*
|
||||
rm -f mount/macos-mounts*
|
||||
fi
|
||||
|
||||
# For security reasons remove the SSL certificate that comes with Webmin
|
||||
# We will create our own later
|
||||
rm -f miniserv.pem
|
||||
|
||||
# Remove the Webmin setup scripts to avoid Webmin in runtime to mess up config
|
||||
# We will use our own later
|
||||
rm -f setup.{sh,pl}
|
||||
|
||||
# Set the installation type/mode to Gentoo
|
||||
echo "gentoo" > install-type
|
||||
|
||||
# Fix the permissions of the install files
|
||||
chmod -R og-w "${S}"
|
||||
|
||||
# Since we should not modify any files after install
|
||||
# we set the perl path in all cgi and pl files here using Webmin's routines
|
||||
# The pl file is Prefix safe and works only on provided input, no other filesystem files
|
||||
ebegin "Fixing perl path in source files"
|
||||
(find "${S}" -name '*.cgi' -print ; find "${S}" -name '*.pl' -print) | $perl "${S}"/perlpath.pl $perl -
|
||||
eend $?
|
||||
}
|
||||
|
||||
src_install() {
|
||||
# Create config dir and keep
|
||||
diropts -m0755
|
||||
dodir /etc/webmin
|
||||
keepdir /etc/webmin
|
||||
|
||||
# Create install dir
|
||||
# Third party modules installed through Webmin go here too, so keep
|
||||
dodir /usr/libexec/webmin
|
||||
keepdir /usr/libexec/webmin
|
||||
|
||||
# Copy our own setup script to installation folder
|
||||
insinto /usr/libexec/webmin
|
||||
newins "${FILESDIR}"/gentoo-setup gentoo-setup.sh
|
||||
fperms 0744 /usr/libexec/webmin/gentoo-setup.sh
|
||||
|
||||
# This is here if we ever want in future ebuilds to add some specific
|
||||
# config values in the /etc/webmin/miniserv.conf
|
||||
# The format of this file should be the same as the one of miniserv.conf:
|
||||
# var=value
|
||||
#
|
||||
# Uncomment it if you use such file. Before that check if upstream
|
||||
# has this file in root dir too.
|
||||
#newins "${FILESDIR}/miniserv-conf" miniserv-conf
|
||||
|
||||
# Create the log dir and keep
|
||||
diropts -m0700
|
||||
dodir /var/log/webmin
|
||||
keepdir /var/log/webmin
|
||||
|
||||
# Create the init.d file and put the neccessary variables there
|
||||
newinitd "${FILESDIR}"/init.d.webmin webmin
|
||||
sed -i \
|
||||
-e "s:%exe%:${EROOT}usr/libexec/webmin/miniserv.pl:" \
|
||||
-e "s:%pid%:${EROOT}var/run/webmin.pid:" \
|
||||
-e "s:%conf%:${EROOT}etc/webmin/miniserv.conf:" \
|
||||
-e "s:%perllib%:${EROOT}usr/libexec/webmin:" \
|
||||
"${ED}etc/init.d/webmin" \
|
||||
|| die "Failed to patch the webmin init file"
|
||||
|
||||
# Setup pam
|
||||
pamd_mimic system-auth webmin auth account session
|
||||
|
||||
# Copy files to installation folder
|
||||
ebegin "Copying install files to destination"
|
||||
cp -pPR "${S}"/* "${ED}usr/libexec/webmin"
|
||||
eend $?
|
||||
}
|
||||
|
||||
pkg_preinst() {
|
||||
# First stop service if running so Webmin to not messup our config
|
||||
ebegin "Stopping any running Webmin instance prior merging"
|
||||
rc-service --ifexists -- webmin --ifstarted stop
|
||||
eend $?
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
# Run pkg_config phase first - non interactively
|
||||
export INTERACTIVE="no"
|
||||
pkg_config
|
||||
# Every next time pkg_config should be interactive
|
||||
INTERACTIVE="yes"
|
||||
|
||||
ewarn
|
||||
ewarn "Bare in mind that not all Webmin modules are Gentoo tweaked and may have some issues."
|
||||
ewarn "Always be careful when using modules that modify init entries, do update of webmin, install CPAN modules etc."
|
||||
ewarn "To avoid problems, please before using any module, look at its configuration options first."
|
||||
ewarn "(Usually there is a link at top in the right pane of Webmin for configuring the module.)"
|
||||
ewarn
|
||||
elog "- To make Webmin start at boot time, run: 'rc-update add webmin default'"
|
||||
elog "- The default URL to connect to Webmin is: https://localhost:10000"
|
||||
elog "- The default user that can login is: root"
|
||||
elog "- To reconfigure Webmin in case of problems run 'emerge --config app-admin/webmin'"
|
||||
}
|
||||
|
||||
pkg_prerm() {
|
||||
# First stop service if running - we do not want Webmin to mess up config
|
||||
ebegin "Stopping any running Webmin instance prior unmerging"
|
||||
rc-service --ifexists -- webmin --ifstarted stop
|
||||
eend $?
|
||||
}
|
||||
|
||||
pkg_postrm() {
|
||||
ewarn
|
||||
ewarn "You have uninstalled Webmin, so have in mind that all cron jobs scheduled"
|
||||
ewarn "by Webmin for its own modules, are left active and they will fail when Webmin is missing."
|
||||
ewarn "To fix this just disable them if you intend to use Webmin again,"
|
||||
ewarn "OR delete them if not."
|
||||
ewarn
|
||||
}
|
||||
|
||||
pkg_config(){
|
||||
# First stop service if running
|
||||
ebegin "Stopping any running Webmin instance"
|
||||
rc-service --ifexists -- webmin --ifstarted stop
|
||||
eend $?
|
||||
|
||||
# Next set the default reset variable to 'none'
|
||||
# reset/_reset can be:
|
||||
# 'none' - does not reset anything, just upgrades if a conf is present
|
||||
# OR installs new conf if a conf is missing
|
||||
# 'soft' - deletes only $config_dir/config file and thus resetting most
|
||||
# conf values to their defaults. Keeps the specific Webmin cron jobs
|
||||
# 'hard' - deletes all files in $config_dir (keeping the .keep_* Gentoo file)
|
||||
# and thus resetting all Webmin. Deletes the specific Webmin cron jobs too.
|
||||
local _reset="none"
|
||||
|
||||
# If in interactive mode ask user what should we do
|
||||
if [[ "${INTERACTIVE}" = "yes" ]]; then
|
||||
einfo
|
||||
einfo "Please enter the number of the action you would like to perform?"
|
||||
einfo
|
||||
einfo "1. Update configuration"
|
||||
einfo " (keeps old config options and adds the new ones)"
|
||||
einfo "2. Soft reset configuration"
|
||||
einfo " (keeps some old config options, the other options are set to default)"
|
||||
ewarn " All Webmin users will be reset"
|
||||
einfo "3. Hard reset configuration"
|
||||
einfo " (all options including module options are set to default)"
|
||||
ewarn " You will lose all Webmin configuration options you have done till now"
|
||||
einfo "4. Exit this configuration utility (default)"
|
||||
while [ "$correct" != "true" ] ; do
|
||||
read answer
|
||||
if [[ "$answer" = "1" ]] ; then
|
||||
_reset="none"
|
||||
correct="true"
|
||||
elif [[ "$answer" = "2" ]] ; then
|
||||
_reset="soft"
|
||||
correct="true"
|
||||
elif [[ "$answer" = "3" ]] ; then
|
||||
_reset="hard"
|
||||
correct="true"
|
||||
elif [ "$answer" = "4" -o "$answer" = "" ] ; then
|
||||
die "User aborted configuration."
|
||||
else
|
||||
echo "Answer not recognized. Enter a number from 1 to 4"
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "$_reset" = "hard" ]]; then
|
||||
while [ "$sure" != "true" ] ; do
|
||||
ewarn "You will lose all Webmin configuration options you have done till now."
|
||||
ewarn "Are you sure you want to do this? (y/n)"
|
||||
read answer
|
||||
if [[ $answer =~ ^[Yy]([Ee][Ss])?$ ]] ; then
|
||||
sure="true"
|
||||
elif [[ $answer =~ ^[Nn]([Oo])?$ ]] ; then
|
||||
die "User aborted configuration."
|
||||
else
|
||||
echo "Answer not recognized. Enter 'y' or 'n'"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
export reset=$_reset
|
||||
|
||||
# Create ssl certificate for Webmin if there is not one in the proper place
|
||||
if [[ ! -e "${EROOT}etc/ssl/webmin/server.pem" ]]; then
|
||||
SSL_ORGANIZATION="${SSL_ORGANIZATION:-Webmin Server}"
|
||||
SSL_COMMONNAME="${SSL_COMMONNAME:-*}"
|
||||
install_cert "${EROOT}/etc/ssl/webmin/server"
|
||||
fi
|
||||
|
||||
# Ensure all paths passed to the setup script use EROOT
|
||||
export wadir="${EROOT}usr/libexec/webmin"
|
||||
export config_dir="${EROOT}etc/webmin"
|
||||
export var_dir="${EROOT}var/log/webmin"
|
||||
export tempdir="${T}"
|
||||
export pidfile="${EROOT}var/run/webmin.pid"
|
||||
export perl="$( which perl )"
|
||||
export os_type='gentoo-linux'
|
||||
export os_version='*'
|
||||
export real_os_type='Gentoo Linux'
|
||||
export real_os_version='Any version'
|
||||
# Forcing 'ssl', 'ssl_redirect' and 'no_sslcompression' for tightening security
|
||||
export ssl=1
|
||||
export ssl_redirect=1
|
||||
export no_sslcompression=1
|
||||
export keyfile="${EROOT}etc/ssl/webmin/server.pem"
|
||||
export port=10000
|
||||
|
||||
export atboot=0
|
||||
|
||||
einfo "Executing Webmin's configure script"
|
||||
$wadir/gentoo-setup.sh
|
||||
|
||||
einfo "Configuration of Webmin done"
|
||||
}
|
||||
@ -1,2 +1,3 @@
|
||||
DIST gnupg-1.4.13.tar.bz2 3685873 SHA256 72a24dd318472f0c8f0d00ebe19fb4bcf43e30845bcc92a8ae43c810df295d5a SHA512 62c330e02c311206c653cbadf21783599362601f4375ecb32a5bc8ff3f5c64160d95d28555fe06d7fb612c3802c87e0be1d0a68d61b404fdfcecf3580f14b738 WHIRLPOOL 4ae940bda2cc713a387541101df3ff06753c4f701d5d53460af7118278ce5d9b8cd83dd15ea033de5ac15ec6f4a0e339621a359497f4c178c25bbdcc38763d12
|
||||
DIST gnupg-2.0.19.tar.bz2 4187460 SHA256 efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622 SHA512 9bfc83ebca29ca8e3dde803ba494adb3c4e2fdcacbf33b5592764fe187dbe2433e04ff53734a9c3197358d559c1046098707089ddbea9fa63c849d48ce73ca51 WHIRLPOOL 026f9a8740322b951b256ec87fabb8a1b3ad2114208f52c2082b73b2193d1be8e276f0f526762bbebb04e612351162eb78c9c50eeb058e35fad9c4df1d7db540
|
||||
DIST gnupg-2.0.20.tar.bz2 4286191 SHA256 6e949b7f062cab8a3cf0910f91ecf04cabaad458c0aeeec66298651b8b04b79a SHA512 f4eec0ed3503f2aeecfa63af53b844b19ee4be596ea487dce69ec14189c8163652c932d0e657be147b1ca3d7dc8adf9cc1bc8067086fe0c51a3487d56df388c4 WHIRLPOOL a088aab347be7d2c83078eadc79387e705d048868800c8335574f0b0f7c7cd21d8dd620783f83c908075841144b6f8577db8838c99459edd2309fec836761f0d
|
||||
|
||||
@ -0,0 +1,151 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.20.ebuild,v 1.1 2013/05/15 06:18:47 radhermit Exp $
|
||||
|
||||
EAPI="5"
|
||||
|
||||
inherit eutils flag-o-matic toolchain-funcs
|
||||
|
||||
DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
|
||||
HOMEPAGE="http://www.gnupg.org/"
|
||||
SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
|
||||
# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||
IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb"
|
||||
|
||||
COMMON_DEPEND_LIBS="
|
||||
>=dev-libs/libassuan-2
|
||||
>=dev-libs/libgcrypt-1.4
|
||||
>=dev-libs/libgpg-error-1.7
|
||||
>=dev-libs/libksba-1.0.7
|
||||
>=dev-libs/pth-1.3.7
|
||||
>=net-misc/curl-7.10
|
||||
sys-libs/zlib
|
||||
adns? ( >=net-libs/adns-1.4 )
|
||||
bzip2? ( app-arch/bzip2 )
|
||||
readline? ( sys-libs/readline )
|
||||
smartcard? ( usb? ( virtual/libusb:0 ) )
|
||||
ldap? ( net-nds/openldap )"
|
||||
COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )"
|
||||
|
||||
# Existence of executables is checked during configuration.
|
||||
DEPEND="${COMMON_DEPEND_LIBS}
|
||||
${COMMON_DEPEND_BINS}
|
||||
static? (
|
||||
>=dev-libs/libassuan-2[static-libs]
|
||||
>=dev-libs/libgcrypt-1.4[static-libs]
|
||||
>=dev-libs/libgpg-error-1.7[static-libs]
|
||||
>=dev-libs/libksba-1.0.7[static-libs]
|
||||
>=dev-libs/pth-1.3.7[static-libs]
|
||||
>=net-misc/curl-7.10[static-libs]
|
||||
sys-libs/zlib[static-libs]
|
||||
bzip2? ( app-arch/bzip2[static-libs] )
|
||||
)
|
||||
nls? ( sys-devel/gettext )
|
||||
doc? ( sys-apps/texinfo )"
|
||||
|
||||
RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
|
||||
${COMMON_DEPEND_BINS}
|
||||
mta? ( virtual/mta )
|
||||
!<=app-crypt/gnupg-2.0.1
|
||||
selinux? ( sec-policy/selinux-gpg )
|
||||
nls? ( virtual/libintl )"
|
||||
|
||||
REQUIRED_USE="smartcard? ( !static )"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local myconf
|
||||
|
||||
# 'USE=static' support was requested:
|
||||
# gnupg1: bug #29299
|
||||
# gnupg2: bug #159623
|
||||
use static && append-ldflags -static
|
||||
|
||||
if use smartcard; then
|
||||
myconf+=" --enable-scdaemon $(use_enable usb ccid-driver)"
|
||||
else
|
||||
myconf+=" --disable-scdaemon"
|
||||
fi
|
||||
|
||||
econf \
|
||||
--docdir="${EPREFIX}/usr/share/doc/${PF}" \
|
||||
--enable-gpg \
|
||||
--enable-gpgsm \
|
||||
--enable-agent \
|
||||
${myconf} \
|
||||
$(use_with adns) \
|
||||
$(use_enable bzip2) \
|
||||
$(use_enable !elibc_SunOS symcryptrun) \
|
||||
$(use_enable nls) \
|
||||
$(use_enable mta mailto) \
|
||||
$(use_enable ldap) \
|
||||
$(use_with readline) \
|
||||
CC_FOR_BUILD="$(tc-getBUILD_CC)"
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake
|
||||
|
||||
if use doc; then
|
||||
cd doc
|
||||
emake html
|
||||
fi
|
||||
}
|
||||
|
||||
src_install() {
|
||||
emake DESTDIR="${D}" install
|
||||
emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
|
||||
rm "${ED}"/usr/share/gnupg/help* || die
|
||||
|
||||
dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
|
||||
doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
|
||||
|
||||
dosym gpg2 /usr/bin/gpg
|
||||
dosym gpgv2 /usr/bin/gpgv
|
||||
dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
|
||||
dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
|
||||
dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
|
||||
if use ldap; then
|
||||
dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
|
||||
fi
|
||||
echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
|
||||
echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
|
||||
|
||||
dodir /etc/env.d
|
||||
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
|
||||
|
||||
if use doc; then
|
||||
dohtml doc/gnupg.html/* doc/*.png
|
||||
fi
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "If you wish to view images emerge:"
|
||||
elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
|
||||
elog "Remember to use photo-viewer option in configuration file to activate"
|
||||
elog "the right viewer."
|
||||
elog
|
||||
|
||||
if use smartcard; then
|
||||
elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
|
||||
use usb && elog " - a CCID-compatible reader, used directly through libusb;"
|
||||
elog " - sys-apps/pcsc-lite and a compatible reader device;"
|
||||
elog " - dev-libs/openct and a compatible reader device;"
|
||||
elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
|
||||
elog ""
|
||||
elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
|
||||
elog "app-crypt/ccid first."
|
||||
fi
|
||||
|
||||
ewarn "Please remember to restart gpg-agent if a different version"
|
||||
ewarn "of the agent is currently used. If you are unsure of the gpg"
|
||||
ewarn "agent you are using please run 'killall gpg-agent',"
|
||||
ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
|
||||
}
|
||||
@ -0,0 +1,33 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/p11-kit/p11-kit-0.18.2.ebuild,v 1.1 2013/05/15 06:10:04 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
|
||||
inherit eutils
|
||||
|
||||
DESCRIPTION="Provides a standard configuration setup for installing PKCS#11."
|
||||
HOMEPAGE="http://p11-glue.freedesktop.org/p11-kit.html"
|
||||
SRC_URI="http://p11-glue.freedesktop.org/releases/${P}.tar.gz"
|
||||
|
||||
LICENSE="MIT"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
||||
IUSE="+asn1 debug +trust"
|
||||
REQUIRED_USE="trust? ( asn1 )"
|
||||
|
||||
RDEPEND="asn1? ( >=dev-libs/libtasn1-2.14 )"
|
||||
DEPEND="${RDEPEND}
|
||||
virtual/pkgconfig"
|
||||
|
||||
src_configure() {
|
||||
econf \
|
||||
$(use_enable trust trust-module) \
|
||||
$(use_enable debug) \
|
||||
$(use_with asn1 libtasn1)
|
||||
}
|
||||
|
||||
src_install() {
|
||||
default
|
||||
prune_libtool_files --modules
|
||||
}
|
||||
@ -1,34 +0,0 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-doc/elisp-manual/elisp-manual-24.2.ebuild,v 1.5 2013/03/15 08:41:27 ulm Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
inherit eutils
|
||||
|
||||
DESCRIPTION="The GNU Emacs Lisp Reference Manual"
|
||||
HOMEPAGE="http://www.gnu.org/software/emacs/manual/"
|
||||
# taken from doc/lispref/ of emacs-${PV}
|
||||
SRC_URI="mirror://gentoo/${P}.tar.xz"
|
||||
|
||||
LICENSE="FDL-1.3+"
|
||||
SLOT="24"
|
||||
KEYWORDS="amd64 ppc x86 ~x86-fbsd"
|
||||
|
||||
DEPEND="app-arch/xz-utils"
|
||||
|
||||
S="${WORKDIR}/lispref"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}/${P}-direntry.patch"
|
||||
echo "@set EMACSVER ${PV}" >"${S}/emacsver.texi" || die
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
makeinfo elisp.texi || die "makeinfo failed"
|
||||
}
|
||||
|
||||
src_install() {
|
||||
doinfo elisp${SLOT}.info*
|
||||
dodoc ChangeLog README
|
||||
}
|
||||
@ -1,22 +0,0 @@
|
||||
--- lispref-orig/elisp.texi
|
||||
+++ lispref/elisp.texi
|
||||
@@ -1,6 +1,6 @@
|
||||
\input texinfo @c -*-texinfo-*-
|
||||
@c %**start of header
|
||||
-@setfilename elisp
|
||||
+@setfilename elisp24.info
|
||||
@settitle GNU Emacs Lisp Reference Manual
|
||||
@c %**end of header
|
||||
|
||||
@@ -66,9 +66,9 @@
|
||||
|
||||
@documentencoding ISO-8859-1
|
||||
|
||||
-@dircategory GNU Emacs Lisp
|
||||
+@dircategory Emacs
|
||||
@direntry
|
||||
-* Elisp: (elisp). The Emacs Lisp Reference Manual.
|
||||
+* Elisp 24: (elisp24). The Emacs Lisp Reference Manual for Emacs 24.
|
||||
@end direntry
|
||||
|
||||
@titlepage
|
||||
@ -0,0 +1,13 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-editors/gvim/gvim-9999.ebuild,v 1.1 2013/05/17 00:44:17 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
VIM_VERSION="7.3"
|
||||
PYTHON_COMPAT=( python{2_5,2_6,2_7,3_1,3_2,3_3} )
|
||||
inherit vim
|
||||
|
||||
GVIMRC_FILE_SUFFIX="-r1"
|
||||
GVIM_DESKTOP_SUFFIX="-r2"
|
||||
|
||||
DESCRIPTION="GUI version of the Vim text editor"
|
||||
|
After Width: | Height: | Size: 1.9 KiB |
@ -0,0 +1,75 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-editors/nedit/nedit-5.5_p20110116-r1.ebuild,v 1.1 2013/05/15 13:10:33 xmw Exp $
|
||||
|
||||
EAPI=2
|
||||
|
||||
inherit toolchain-funcs eutils
|
||||
|
||||
DESCRIPTION="Multi-purpose text editor for the X Window System"
|
||||
HOMEPAGE="http://nedit.org/"
|
||||
SRC_URI="mirror://gentoo/${P}.tar.bz2"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~mips ~ppc ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos"
|
||||
IUSE=""
|
||||
|
||||
RDEPEND=">=x11-libs/motif-2.3:0
|
||||
x11-libs/libXp
|
||||
x11-libs/libXpm"
|
||||
DEPEND="${RDEPEND}
|
||||
|| ( dev-util/yacc sys-devel/bison )
|
||||
dev-lang/perl"
|
||||
|
||||
S="${WORKDIR}/${PN}"
|
||||
|
||||
src_prepare() {
|
||||
#respecting LDFLAGS, bug #208189
|
||||
epatch \
|
||||
"${FILESDIR}"/nedit-5.5_p20090914-ldflags.patch \
|
||||
"${FILESDIR}"/${P}-40_Pointer_to_Integer.patch
|
||||
sed \
|
||||
-e "s:bin/:${EPREFIX}/bin/:g" \
|
||||
-i Makefile source/preferences.c source/help_data.h source/nedit.c Xlt/Makefile || die
|
||||
sed \
|
||||
-e "s:nc:neditc:g" -i doc/nc.pod || die
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
sed -i -e "s:CFLAGS=-O:CFLAGS=${CFLAGS}:" -e "s:check_tif_rule::" \
|
||||
makefiles/Makefile.linux || die
|
||||
sed -i -e "s:CFLAGS=-O:CFLAGS=${CFLAGS}:" \
|
||||
-e "s:MOTIFDIR=/usr/local:MOTIFDIR=${EPREFIX}/usr:" \
|
||||
-e "s:-lX11:-lX11 -lXmu -liconv:" \
|
||||
-e "s:check_tif_rule::" \
|
||||
makefiles/Makefile.macosx || die
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
case ${CHOST} in
|
||||
*-darwin*)
|
||||
emake CC="$(tc-getCC)" AR="$(tc-getAR)"macosx || die
|
||||
;;
|
||||
*-linux*)
|
||||
emake CC="$(tc-getCC)" AR="$(tc-getAR)" linux || die
|
||||
;;
|
||||
esac
|
||||
emake VERSION="NEdit ${PV}" -j1 -C doc all || die
|
||||
}
|
||||
|
||||
src_install() {
|
||||
dobin source/nedit || die
|
||||
newbin source/nc neditc || die
|
||||
|
||||
make_desktop_entry ${PN}
|
||||
doicon "${FILESDIR}"/${PN}.svg
|
||||
|
||||
newman doc/nedit.man nedit.1 || die
|
||||
newman doc/nc.man neditc.1 || die
|
||||
|
||||
dodoc README ReleaseNotes ChangeLog || die
|
||||
cd doc
|
||||
dodoc nedit.doc NEdit.ad faq.txt || die
|
||||
dohtml nedit.html || die
|
||||
}
|
||||
@ -0,0 +1,11 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-editors/vim-core/vim-core-9999.ebuild,v 1.1 2013/05/17 00:37:29 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
VIM_VERSION="7.3"
|
||||
inherit vim
|
||||
|
||||
VIMRC_FILE_SUFFIX="-r4"
|
||||
|
||||
DESCRIPTION="vim and gvim shared files"
|
||||
@ -0,0 +1,10 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-editors/vim/vim-9999.ebuild,v 1.1 2013/05/17 00:40:48 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
VIM_VERSION="7.3"
|
||||
PYTHON_COMPAT=( python{2_5,2_6,2_7,3_1,3_2,3_3} )
|
||||
inherit vim
|
||||
|
||||
DESCRIPTION="Vim, an improved vi-style text editor"
|
||||
@ -1,4 +1,2 @@
|
||||
DIST haskell-mode-2.6.4.tar.gz 106749 SHA256 8f4890193cab791d81097e67a6d8852383ddc4c7e57464d8955f608783120b55 SHA512 19d3bb895527e3c2d79fced245d28931005942e199ed8b5c68420a7c8c4fc1a271b0bc0145466dfc5cbfcaa19e0b1bd4bee3b6911e97d4ed6c6dd003d272a4bc WHIRLPOOL 2fc181a642ab7d66386a004f233e0d32bd994f4c4e07b8398f7a0bed1eaec3adcc4663eb9e1a37ad7262638cb29bfc53814f86e9ed8cf0b1fb077a5e581ad87c
|
||||
DIST haskell-mode-2.7.0.tar.gz 109796 SHA256 8b45c55ed5f2b498529a6d7e01b77fea899c1de93e24653cab188cb3a4f495bc SHA512 c71083f46552c337206bfc523e6b0ff0236fc83da52a6d27cbbbee94eb78846e616ce0962c1d5e8af4b4d83debd96061d3a0db6d00e49cef189647f1a294c289 WHIRLPOOL ed404977cf469b8df059500abd51756a53ccbf8681cb6f1fae11667fb6682be2f467d2f31efe88433103d51ce01f03d6ce51afc79d2707c4854277525f457e2f
|
||||
DIST haskell-mode-2.8.0.tar.gz 107284 SHA256 614dc82977fe5f1b3ecc85a34897409ad6218bee0e1a88611747b1e13b79c580 SHA512 7f4b52c85530ecd56b7eb018d73a8ae2b850d4ae127c0dd8457be9e5d7b7540f32703ab046ca9e2ac8feb737ecc690598794c8150ab4c205a8295456944fcfef WHIRLPOOL 23c5aba84ce3df73a93b76f4584a649e64b6ae21f2e43afe8f906020b96c6c0f1d69ce3d817aaf3caae98f894bba9058bf96ad94e7190c35ceb09d3484a76f91
|
||||
DIST haskell-mode-2.9.1.tar.gz 123579 SHA256 cac350804a89d0f76fcbe8c2ad10e4b9f83d81242dbd4927b546248db9477348 SHA512 7c4cbdfd0f9e43ab3efd39c8ca7fcd941538865fe41522703175b7ca8a67276945ef7feef4207fa66aee156a028cb52bb96593867db0c777baba9f59415ee979 WHIRLPOOL bb31e6cb4e7f12c79ae4eeaf55cbed54bdb814e56c691d87da4612f884de7de018796d85442ae44f9aec323815982154b95d4555cebb7198820a639edbd03e7a
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
# Copyright 1999-2010 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emacs/haskell-mode/haskell-mode-2.6.4.ebuild,v 1.3 2010/01/07 19:23:02 ranger Exp $
|
||||
|
||||
inherit elisp
|
||||
|
||||
DESCRIPTION="Mode for editing (and running) Haskell programs in Emacs"
|
||||
HOMEPAGE="http://projects.haskell.org/haskellmode-emacs/
|
||||
http://www.haskell.org/haskellwiki/Haskell_mode_for_Emacs"
|
||||
SRC_URI="http://projects.haskell.org/haskellmode-emacs/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 ppc ~sparc x86"
|
||||
IUSE=""
|
||||
|
||||
DOCS="ChangeLog NEWS README *.hs"
|
||||
SITEFILE="50${PN}-gentoo.el"
|
||||
|
||||
src_compile() {
|
||||
elisp-make-autoload-file haskell-site-file.el || die
|
||||
elisp-compile *.el || die
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elisp-site-regen
|
||||
|
||||
elog "If you update from before version 2.5 you must reconfigure,"
|
||||
elog "or indentation will not work."
|
||||
elog "Read the README file in /usr/share/doc/${PF}."
|
||||
}
|
||||
@ -1,31 +0,0 @@
|
||||
# Copyright 1999-2009 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emacs/haskell-mode/haskell-mode-2.7.0.ebuild,v 1.1 2009/12/02 20:45:14 ulm Exp $
|
||||
|
||||
inherit elisp
|
||||
|
||||
DESCRIPTION="Mode for editing (and running) Haskell programs in Emacs"
|
||||
HOMEPAGE="http://projects.haskell.org/haskellmode-emacs/
|
||||
http://www.haskell.org/haskellwiki/Haskell_mode_for_Emacs"
|
||||
SRC_URI="http://projects.haskell.org/haskellmode-emacs/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~ppc ~sparc ~x86"
|
||||
IUSE=""
|
||||
|
||||
DOCS="ChangeLog NEWS README *.hs"
|
||||
SITEFILE="50${PN}-gentoo.el"
|
||||
|
||||
src_compile() {
|
||||
elisp-make-autoload-file haskell-site-file.el || die
|
||||
elisp-compile *.el || die
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elisp-site-regen
|
||||
|
||||
elog "If you update from before version 2.5 you must reconfigure,"
|
||||
elog "or indentation will not work."
|
||||
elog "Read the README file in /usr/share/doc/${PF}."
|
||||
}
|
||||
@ -1,2 +1 @@
|
||||
DIST mew-6.4.tar.gz 1025983 SHA256 9d0de3eb0cebfac51fa136d134e2f887d5f76d18bf09a607b1b30b481b419e34 SHA512 ddbef224c69fc28efedebb4c3ba4bcbdb2545b3c9090f3640419caa001b730cb8bc34947d949b99e0a2e246a2e69af69bd17cf75d76b4cd745c7764162c5bccd WHIRLPOOL 8459837f0e360516338552083f306ee53d36fddd57b73ad9a7141d6d7cb140e58be0ada863b418d0357758efc399918cdda4d95bf7dc12fb2507f515feca7aaa
|
||||
DIST mew-6.5.tar.gz 1026322 SHA256 f198b35c2a4cc1c082aaad8f6ccede80ed93d559aed0f66ee2c00c05f8394128 SHA512 481c55915e57889e7b8c6d27c3d21802b624a886eb8f6541c2997db4d5328e16c3b5a8c9a9ce09637b1779b8c52af86a8662ee30dfbab0a411a586d4679ac69e WHIRLPOOL 218fc42969fa4581c9fb43a9a1c65c67d83faf3ebced8ccd1e95c9b43a542753623cfebd14e042e2a21c29b8eca7bee930b306b9919fca6d249901def54bd5b5
|
||||
|
||||
@ -1,48 +0,0 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emacs/mew/mew-6.4-r1.ebuild,v 1.6 2012/03/18 17:46:12 armin76 Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
inherit elisp
|
||||
|
||||
DESCRIPTION="Great MIME mail reader for Emacs/XEmacs"
|
||||
HOMEPAGE="http://www.mew.org/"
|
||||
SRC_URI="http://www.mew.org/Release/${P}.tar.gz"
|
||||
|
||||
LICENSE="BSD"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 ppc x86"
|
||||
IUSE="ssl linguas_ja"
|
||||
RESTRICT="test"
|
||||
|
||||
DEPEND="sys-libs/zlib"
|
||||
RDEPEND="${DEPEND}
|
||||
ssl? ( net-misc/stunnel )"
|
||||
|
||||
SITEFILE="50${PN}-gentoo.el"
|
||||
|
||||
src_configure() {
|
||||
econf \
|
||||
--with-elispdir="${SITELISP}/${PN}" \
|
||||
--with-etcdir="${SITEETC}/${PN}"
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
emake
|
||||
use linguas_ja && emake jinfo
|
||||
rm -f info/*~ # remove spurious backup files
|
||||
}
|
||||
|
||||
src_install() {
|
||||
emake DESTDIR="${D}" install
|
||||
use linguas_ja && emake DESTDIR="${D}" install-jinfo
|
||||
|
||||
elisp-site-file-install "${FILESDIR}/${SITEFILE}" || die
|
||||
dodoc 00api 00changes* 00diff 00readme dot.*
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elisp-site-regen
|
||||
elog "Please refer to /usr/share/doc/${PF} for sample configuration files."
|
||||
}
|
||||
@ -0,0 +1,73 @@
|
||||
diff --git a/tools/ocaml/libs/xb/partial.ml b/tools/ocaml/libs/xb/partial.ml
|
||||
index 3558889..d4d1c7b 100644
|
||||
--- a/tools/ocaml/libs/xb/partial.ml
|
||||
+++ b/tools/ocaml/libs/xb/partial.ml
|
||||
@@ -27,8 +27,15 @@ external header_size: unit -> int = "stub_header_size"
|
||||
external header_of_string_internal: string -> int * int * int * int
|
||||
= "stub_header_of_string"
|
||||
|
||||
+let xenstore_payload_max = 4096 (* xen/include/public/io/xs_wire.h *)
|
||||
+
|
||||
let of_string s =
|
||||
let tid, rid, opint, dlen = header_of_string_internal s in
|
||||
+ (* A packet which is bigger than xenstore_payload_max is illegal.
|
||||
+ This will leave the guest connection is a bad state and will
|
||||
+ be hard to recover from without restarting the connection
|
||||
+ (ie rebooting the guest) *)
|
||||
+ let dlen = min xenstore_payload_max dlen in
|
||||
{
|
||||
tid = tid;
|
||||
rid = rid;
|
||||
@@ -38,6 +45,7 @@ let of_string s =
|
||||
}
|
||||
|
||||
let append pkt s sz =
|
||||
+ if pkt.len > 4096 then failwith "Buffer.add: cannot grow buffer";
|
||||
Buffer.add_string pkt.buf (String.sub s 0 sz)
|
||||
|
||||
let to_complete pkt =
|
||||
diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c
|
||||
index 00414c5..4888ac5 100644
|
||||
--- a/tools/ocaml/libs/xb/xs_ring_stubs.c
|
||||
+++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
|
||||
@@ -39,21 +39,23 @@ static int xs_ring_read(struct mmap_interface *interface,
|
||||
char *buffer, int len)
|
||||
{
|
||||
struct xenstore_domain_interface *intf = interface->addr;
|
||||
- XENSTORE_RING_IDX cons, prod;
|
||||
+ XENSTORE_RING_IDX cons, prod; /* offsets only */
|
||||
int to_read;
|
||||
|
||||
- cons = intf->req_cons;
|
||||
- prod = intf->req_prod;
|
||||
+ cons = *(volatile uint32*)&intf->req_cons;
|
||||
+ prod = *(volatile uint32*)&intf->req_prod;
|
||||
xen_mb();
|
||||
+ cons = MASK_XENSTORE_IDX(cons);
|
||||
+ prod = MASK_XENSTORE_IDX(prod);
|
||||
if (prod == cons)
|
||||
return 0;
|
||||
- if (MASK_XENSTORE_IDX(prod) > MASK_XENSTORE_IDX(cons))
|
||||
+ if (prod > cons)
|
||||
to_read = prod - cons;
|
||||
else
|
||||
- to_read = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(cons);
|
||||
+ to_read = XENSTORE_RING_SIZE - cons;
|
||||
if (to_read < len)
|
||||
len = to_read;
|
||||
- memcpy(buffer, intf->req + MASK_XENSTORE_IDX(cons), len);
|
||||
+ memcpy(buffer, intf->req + cons, len);
|
||||
xen_mb();
|
||||
intf->req_cons += len;
|
||||
return len;
|
||||
@@ -66,8 +68,8 @@ static int xs_ring_write(struct mmap_interface *interface,
|
||||
XENSTORE_RING_IDX cons, prod;
|
||||
int can_write;
|
||||
|
||||
- cons = intf->rsp_cons;
|
||||
- prod = intf->rsp_prod;
|
||||
+ cons = *(volatile uint32*)&intf->rsp_cons;
|
||||
+ prod = *(volatile uint32*)&intf->rsp_prod;
|
||||
xen_mb();
|
||||
if ( (prod - cons) >= XENSTORE_RING_SIZE )
|
||||
return 0;
|
||||
@ -0,0 +1,293 @@
|
||||
x86: fix various issues with handling guest IRQs
|
||||
|
||||
- properly revoke IRQ access in map_domain_pirq() error path
|
||||
- don't permit replacing an in use IRQ
|
||||
- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
|
||||
- track IRQ access permission in host IRQ terms, not guest IRQ ones
|
||||
(and with that, also disallow Dom0 access to IRQ0)
|
||||
|
||||
This is CVE-2013-1919 / XSA-46.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
||||
|
||||
--- a/tools/libxl/libxl_create.c
|
||||
+++ b/tools/libxl/libxl_create.c
|
||||
@@ -968,14 +968,16 @@ static void domcreate_launch_dm(libxl__e
|
||||
}
|
||||
|
||||
for (i = 0; i < d_config->b_info.num_irqs; i++) {
|
||||
- uint32_t irq = d_config->b_info.irqs[i];
|
||||
+ int irq = d_config->b_info.irqs[i];
|
||||
|
||||
- LOG(DEBUG, "dom%d irq %"PRIx32, domid, irq);
|
||||
+ LOG(DEBUG, "dom%d irq %d", domid, irq);
|
||||
|
||||
- ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
|
||||
+ ret = irq >= 0 ? xc_physdev_map_pirq(CTX->xch, domid, irq, &irq)
|
||||
+ : -EOVERFLOW;
|
||||
+ if (!ret)
|
||||
+ ret = xc_domain_irq_permission(CTX->xch, domid, irq, 1);
|
||||
if ( ret<0 ){
|
||||
- LOGE(ERROR,
|
||||
- "failed give dom%d access to irq %"PRId32, domid, irq);
|
||||
+ LOGE(ERROR, "failed give dom%d access to irq %d", domid, irq);
|
||||
ret = ERROR_FAIL;
|
||||
}
|
||||
}
|
||||
--- a/tools/python/xen/xend/server/irqif.py
|
||||
+++ b/tools/python/xen/xend/server/irqif.py
|
||||
@@ -73,6 +73,12 @@ class IRQController(DevController):
|
||||
|
||||
pirq = get_param('irq')
|
||||
|
||||
+ rc = xc.physdev_map_pirq(domid = self.getDomid(),
|
||||
+ index = pirq,
|
||||
+ pirq = pirq)
|
||||
+ if rc < 0:
|
||||
+ raise VmError('irq: Failed to map irq %x' % (pirq))
|
||||
+
|
||||
rc = xc.domain_irq_permission(domid = self.getDomid(),
|
||||
pirq = pirq,
|
||||
allow_access = True)
|
||||
@@ -81,12 +87,6 @@ class IRQController(DevController):
|
||||
#todo non-fatal
|
||||
raise VmError(
|
||||
'irq: Failed to configure irq: %d' % (pirq))
|
||||
- rc = xc.physdev_map_pirq(domid = self.getDomid(),
|
||||
- index = pirq,
|
||||
- pirq = pirq)
|
||||
- if rc < 0:
|
||||
- raise VmError(
|
||||
- 'irq: Failed to map irq %x' % (pirq))
|
||||
back = dict([(k, config[k]) for k in self.valid_cfg if k in config])
|
||||
return (self.allocateDeviceID(), back, {})
|
||||
|
||||
--- a/xen/arch/x86/domain_build.c
|
||||
+++ b/xen/arch/x86/domain_build.c
|
||||
@@ -1219,7 +1219,7 @@ int __init construct_dom0(
|
||||
/* DOM0 is permitted full I/O capabilities. */
|
||||
rc |= ioports_permit_access(dom0, 0, 0xFFFF);
|
||||
rc |= iomem_permit_access(dom0, 0UL, ~0UL);
|
||||
- rc |= irqs_permit_access(dom0, 0, d->nr_pirqs - 1);
|
||||
+ rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1);
|
||||
|
||||
/*
|
||||
* Modify I/O port access permissions.
|
||||
--- a/xen/arch/x86/domctl.c
|
||||
+++ b/xen/arch/x86/domctl.c
|
||||
@@ -772,9 +772,13 @@ long arch_do_domctl(
|
||||
goto bind_out;
|
||||
|
||||
ret = -EPERM;
|
||||
- if ( !IS_PRIV(current->domain) &&
|
||||
- !irq_access_permitted(current->domain, bind->machine_irq) )
|
||||
- goto bind_out;
|
||||
+ if ( !IS_PRIV(current->domain) )
|
||||
+ {
|
||||
+ int irq = domain_pirq_to_irq(d, bind->machine_irq);
|
||||
+
|
||||
+ if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
|
||||
+ goto bind_out;
|
||||
+ }
|
||||
|
||||
ret = -ESRCH;
|
||||
if ( iommu_enabled )
|
||||
@@ -803,9 +807,13 @@ long arch_do_domctl(
|
||||
bind = &(domctl->u.bind_pt_irq);
|
||||
|
||||
ret = -EPERM;
|
||||
- if ( !IS_PRIV(current->domain) &&
|
||||
- !irq_access_permitted(current->domain, bind->machine_irq) )
|
||||
- goto unbind_out;
|
||||
+ if ( !IS_PRIV(current->domain) )
|
||||
+ {
|
||||
+ int irq = domain_pirq_to_irq(d, bind->machine_irq);
|
||||
+
|
||||
+ if ( irq <= 0 || !irq_access_permitted(current->domain, irq) )
|
||||
+ goto unbind_out;
|
||||
+ }
|
||||
|
||||
if ( iommu_enabled )
|
||||
{
|
||||
--- a/xen/arch/x86/irq.c
|
||||
+++ b/xen/arch/x86/irq.c
|
||||
@@ -184,6 +184,14 @@ int create_irq(int node)
|
||||
desc->arch.used = IRQ_UNUSED;
|
||||
irq = ret;
|
||||
}
|
||||
+ else if ( dom0 )
|
||||
+ {
|
||||
+ ret = irq_permit_access(dom0, irq);
|
||||
+ if ( ret )
|
||||
+ printk(XENLOG_G_ERR
|
||||
+ "Could not grant Dom0 access to IRQ%d (error %d)\n",
|
||||
+ irq, ret);
|
||||
+ }
|
||||
|
||||
return irq;
|
||||
}
|
||||
@@ -280,6 +288,17 @@ void clear_irq_vector(int irq)
|
||||
void destroy_irq(unsigned int irq)
|
||||
{
|
||||
BUG_ON(!MSI_IRQ(irq));
|
||||
+
|
||||
+ if ( dom0 )
|
||||
+ {
|
||||
+ int err = irq_deny_access(dom0, irq);
|
||||
+
|
||||
+ if ( err )
|
||||
+ printk(XENLOG_G_ERR
|
||||
+ "Could not revoke Dom0 access to IRQ%u (error %d)\n",
|
||||
+ irq, err);
|
||||
+ }
|
||||
+
|
||||
dynamic_irq_cleanup(irq);
|
||||
clear_irq_vector(irq);
|
||||
}
|
||||
@@ -1858,7 +1877,7 @@ int map_domain_pirq(
|
||||
|
||||
if ( !IS_PRIV(current->domain) &&
|
||||
!(IS_PRIV_FOR(current->domain, d) &&
|
||||
- irq_access_permitted(current->domain, pirq)))
|
||||
+ irq_access_permitted(current->domain, irq)))
|
||||
return -EPERM;
|
||||
|
||||
if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs )
|
||||
@@ -1887,17 +1906,18 @@ int map_domain_pirq(
|
||||
return ret;
|
||||
}
|
||||
|
||||
- ret = irq_permit_access(d, pirq);
|
||||
+ ret = irq_permit_access(d, irq);
|
||||
if ( ret )
|
||||
{
|
||||
- dprintk(XENLOG_G_ERR, "dom%d: could not permit access to irq %d\n",
|
||||
- d->domain_id, pirq);
|
||||
+ printk(XENLOG_G_ERR
|
||||
+ "dom%d: could not permit access to IRQ%d (pirq %d)\n",
|
||||
+ d->domain_id, irq, pirq);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = prepare_domain_irq_pirq(d, irq, pirq, &info);
|
||||
if ( ret )
|
||||
- return ret;
|
||||
+ goto revoke;
|
||||
|
||||
desc = irq_to_desc(irq);
|
||||
|
||||
@@ -1921,8 +1941,14 @@ int map_domain_pirq(
|
||||
spin_lock_irqsave(&desc->lock, flags);
|
||||
|
||||
if ( desc->handler != &no_irq_type )
|
||||
+ {
|
||||
+ spin_unlock_irqrestore(&desc->lock, flags);
|
||||
dprintk(XENLOG_G_ERR, "dom%d: irq %d in use\n",
|
||||
d->domain_id, irq);
|
||||
+ pci_disable_msi(msi_desc);
|
||||
+ ret = -EBUSY;
|
||||
+ goto done;
|
||||
+ }
|
||||
setup_msi_handler(desc, msi_desc);
|
||||
|
||||
if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV
|
||||
@@ -1951,7 +1977,14 @@ int map_domain_pirq(
|
||||
|
||||
done:
|
||||
if ( ret )
|
||||
+ {
|
||||
cleanup_domain_irq_pirq(d, irq, info);
|
||||
+ revoke:
|
||||
+ if ( irq_deny_access(d, irq) )
|
||||
+ printk(XENLOG_G_ERR
|
||||
+ "dom%d: could not revoke access to IRQ%d (pirq %d)\n",
|
||||
+ d->domain_id, irq, pirq);
|
||||
+ }
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -2017,10 +2050,11 @@ int unmap_domain_pirq(struct domain *d,
|
||||
if ( !forced_unbind )
|
||||
cleanup_domain_irq_pirq(d, irq, info);
|
||||
|
||||
- ret = irq_deny_access(d, pirq);
|
||||
+ ret = irq_deny_access(d, irq);
|
||||
if ( ret )
|
||||
- dprintk(XENLOG_G_ERR, "dom%d: could not deny access to irq %d\n",
|
||||
- d->domain_id, pirq);
|
||||
+ printk(XENLOG_G_ERR
|
||||
+ "dom%d: could not deny access to IRQ%d (pirq %d)\n",
|
||||
+ d->domain_id, irq, pirq);
|
||||
|
||||
done:
|
||||
return ret;
|
||||
--- a/xen/arch/x86/physdev.c
|
||||
+++ b/xen/arch/x86/physdev.c
|
||||
@@ -147,7 +147,7 @@ int physdev_map_pirq(domid_t domid, int
|
||||
if ( irq == -1 )
|
||||
irq = create_irq(NUMA_NO_NODE);
|
||||
|
||||
- if ( irq < 0 || irq >= nr_irqs )
|
||||
+ if ( irq < nr_irqs_gsi || irq >= nr_irqs )
|
||||
{
|
||||
dprintk(XENLOG_G_ERR, "dom%d: can't create irq for msi!\n",
|
||||
d->domain_id);
|
||||
--- a/xen/common/domctl.c
|
||||
+++ b/xen/common/domctl.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <xen/paging.h>
|
||||
#include <xen/hypercall.h>
|
||||
#include <asm/current.h>
|
||||
+#include <asm/irq.h>
|
||||
#include <asm/page.h>
|
||||
#include <public/domctl.h>
|
||||
#include <xsm/xsm.h>
|
||||
@@ -897,9 +898,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
|
||||
else if ( xsm_irq_permission(d, pirq, allow) )
|
||||
ret = -EPERM;
|
||||
else if ( allow )
|
||||
- ret = irq_permit_access(d, pirq);
|
||||
+ ret = pirq_permit_access(d, pirq);
|
||||
else
|
||||
- ret = irq_deny_access(d, pirq);
|
||||
+ ret = pirq_deny_access(d, pirq);
|
||||
|
||||
rcu_unlock_domain(d);
|
||||
}
|
||||
--- a/xen/common/event_channel.c
|
||||
+++ b/xen/common/event_channel.c
|
||||
@@ -369,7 +369,7 @@ static long evtchn_bind_pirq(evtchn_bind
|
||||
if ( (pirq < 0) || (pirq >= d->nr_pirqs) )
|
||||
return -EINVAL;
|
||||
|
||||
- if ( !is_hvm_domain(d) && !irq_access_permitted(d, pirq) )
|
||||
+ if ( !is_hvm_domain(d) && !pirq_access_permitted(d, pirq) )
|
||||
return -EPERM;
|
||||
|
||||
spin_lock(&d->event_lock);
|
||||
--- a/xen/include/xen/iocap.h
|
||||
+++ b/xen/include/xen/iocap.h
|
||||
@@ -28,4 +28,22 @@
|
||||
#define irq_access_permitted(d, i) \
|
||||
rangeset_contains_singleton((d)->irq_caps, i)
|
||||
|
||||
+#define pirq_permit_access(d, i) ({ \
|
||||
+ struct domain *d__ = (d); \
|
||||
+ int i__ = domain_pirq_to_irq(d__, i); \
|
||||
+ i__ > 0 ? rangeset_add_singleton(d__->irq_caps, i__)\
|
||||
+ : -EINVAL; \
|
||||
+})
|
||||
+#define pirq_deny_access(d, i) ({ \
|
||||
+ struct domain *d__ = (d); \
|
||||
+ int i__ = domain_pirq_to_irq(d__, i); \
|
||||
+ i__ > 0 ? rangeset_remove_singleton(d__->irq_caps, i__)\
|
||||
+ : -EINVAL; \
|
||||
+})
|
||||
+#define pirq_access_permitted(d, i) ({ \
|
||||
+ struct domain *d__ = (d); \
|
||||
+ rangeset_contains_singleton(d__->irq_caps, \
|
||||
+ domain_pirq_to_irq(d__, i));\
|
||||
+})
|
||||
+
|
||||
#endif /* __XEN_IOCAP_H__ */
|
||||
@ -0,0 +1,114 @@
|
||||
Add -f FMT / --format FMT arg to qemu-nbd
|
||||
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
|
||||
Currently the qemu-nbd program will auto-detect the format of
|
||||
any disk it is given. This behaviour is known to be insecure.
|
||||
For example, if qemu-nbd initially exposes a 'raw' file to an
|
||||
unprivileged app, and that app runs
|
||||
|
||||
'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'
|
||||
|
||||
then the next time the app is started, the qemu-nbd will now
|
||||
detect it as a 'qcow2' file and expose /etc/shadow to the
|
||||
unprivileged app.
|
||||
|
||||
The only way to avoid this is to explicitly tell qemu-nbd what
|
||||
disk format to use on the command line, completely disabling
|
||||
auto-detection. This patch adds a '-f' / '--format' arg for
|
||||
this purpose, mirroring what is already available via qemu-img
|
||||
and qemu commands.
|
||||
|
||||
qemu-nbd --format raw -p 9000 evil.img
|
||||
|
||||
will now always use raw, regardless of what format 'evil.img'
|
||||
looks like it contains
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
[Use errx, not err. - Paolo]
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
||||
|
||||
[ This is a security issue, CVE-2013-1922 / XSA-48. ]
|
||||
|
||||
diff --git a/qemu-nbd.c b/qemu-nbd.c
|
||||
index 291cba2..8fbe2cf 100644
|
||||
--- a/tools/qemu-xen/qemu-nbd.c
|
||||
+++ b/tools/qemu-xen/qemu-nbd.c
|
||||
@@ -247,6 +247,7 @@ out:
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
BlockDriverState *bs;
|
||||
+ BlockDriver *drv;
|
||||
off_t dev_offset = 0;
|
||||
off_t offset = 0;
|
||||
uint32_t nbdflags = 0;
|
||||
@@ -256,7 +257,7 @@ int main(int argc, char **argv)
|
||||
struct sockaddr_in addr;
|
||||
socklen_t addr_len = sizeof(addr);
|
||||
off_t fd_size;
|
||||
- const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t";
|
||||
+ const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t";
|
||||
struct option lopt[] = {
|
||||
{ "help", 0, NULL, 'h' },
|
||||
{ "version", 0, NULL, 'V' },
|
||||
@@ -271,6 +272,7 @@ int main(int argc, char **argv)
|
||||
{ "snapshot", 0, NULL, 's' },
|
||||
{ "nocache", 0, NULL, 'n' },
|
||||
{ "shared", 1, NULL, 'e' },
|
||||
+ { "format", 1, NULL, 'f' },
|
||||
{ "persistent", 0, NULL, 't' },
|
||||
{ "verbose", 0, NULL, 'v' },
|
||||
{ NULL, 0, NULL, 0 }
|
||||
@@ -292,6 +294,7 @@ int main(int argc, char **argv)
|
||||
int max_fd;
|
||||
int persistent = 0;
|
||||
pthread_t client_thread;
|
||||
+ const char *fmt = NULL;
|
||||
|
||||
/* The client thread uses SIGTERM to interrupt the server. A signal
|
||||
* handler ensures that "qemu-nbd -v -c" exits with a nice status code.
|
||||
@@ -368,6 +371,9 @@ int main(int argc, char **argv)
|
||||
errx(EXIT_FAILURE, "Shared device number must be greater than 0\n");
|
||||
}
|
||||
break;
|
||||
+ case 'f':
|
||||
+ fmt = optarg;
|
||||
+ break;
|
||||
case 't':
|
||||
persistent = 1;
|
||||
break;
|
||||
@@ -478,9 +484,19 @@ int main(int argc, char **argv)
|
||||
bdrv_init();
|
||||
atexit(bdrv_close_all);
|
||||
|
||||
+ if (fmt) {
|
||||
+ drv = bdrv_find_format(fmt);
|
||||
+ if (!drv) {
|
||||
+ errx(EXIT_FAILURE, "Unknown file format '%s'", fmt);
|
||||
+ }
|
||||
+ } else {
|
||||
+ drv = NULL;
|
||||
+ }
|
||||
+
|
||||
bs = bdrv_new("hda");
|
||||
srcpath = argv[optind];
|
||||
- if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) {
|
||||
+ ret = bdrv_open(bs, srcpath, flags, drv);
|
||||
+ if (ret < 0) {
|
||||
errno = -ret;
|
||||
err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]);
|
||||
}
|
||||
diff --git a/qemu-nbd.texi b/qemu-nbd.texi
|
||||
index 44996cc..f56c68e 100644
|
||||
--- a/tools/qemu-xen/qemu-nbd.texi
|
||||
+++ b/tools/qemu-xen/qemu-nbd.texi
|
||||
@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protocol.
|
||||
disconnect the specified device
|
||||
@item -e, --shared=@var{num}
|
||||
device can be shared by @var{num} clients (default @samp{1})
|
||||
+@item -f, --format=@var{fmt}
|
||||
+ force block driver for format @var{fmt} instead of auto-detecting
|
||||
@item -t, --persistent
|
||||
don't exit on the last connection
|
||||
@item -v, --verbose
|
||||
@ -0,0 +1,50 @@
|
||||
VT-d: don't permit SVT_NO_VERIFY entries for known device types
|
||||
|
||||
Only in cases where we don't know what to do we should leave the IRTE
|
||||
blank (suppressing all validation), but we should always log a warning
|
||||
in those cases (as being insecure).
|
||||
|
||||
This is CVE-2013-1952 / XSA-49.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: "Zhang, Xiantao" <xiantao.zhang@intel.com>
|
||||
|
||||
--- a/xen/drivers/passthrough/vtd/intremap.c
|
||||
+++ b/xen/drivers/passthrough/vtd/intremap.c
|
||||
@@ -440,16 +440,15 @@ static void set_msi_source_id(struct pci
|
||||
type = pdev_type(seg, bus, devfn);
|
||||
switch ( type )
|
||||
{
|
||||
+ case DEV_TYPE_PCIe_ENDPOINT:
|
||||
case DEV_TYPE_PCIe_BRIDGE:
|
||||
case DEV_TYPE_PCIe2PCI_BRIDGE:
|
||||
- case DEV_TYPE_LEGACY_PCI_BRIDGE:
|
||||
- break;
|
||||
-
|
||||
- case DEV_TYPE_PCIe_ENDPOINT:
|
||||
set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
|
||||
break;
|
||||
|
||||
case DEV_TYPE_PCI:
|
||||
+ case DEV_TYPE_LEGACY_PCI_BRIDGE:
|
||||
+ /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
|
||||
ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
|
||||
if ( ret == 0 ) /* integrated PCI device */
|
||||
{
|
||||
@@ -461,10 +460,15 @@ static void set_msi_source_id(struct pci
|
||||
if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
|
||||
set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
|
||||
(bus << 8) | pdev->bus);
|
||||
- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
|
||||
+ else
|
||||
set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
|
||||
PCI_BDF2(bus, devfn));
|
||||
}
|
||||
+ else
|
||||
+ dprintk(XENLOG_WARNING VTDPREFIX,
|
||||
+ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
|
||||
+ pdev->domain->domain_id,
|
||||
+ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -0,0 +1,41 @@
|
||||
diff -ur xen-4.2.1.orig/xen/drivers/passthrough/vtd/intremap.c xen-4.2.1/xen/drivers/passthrough/vtd/intremap.c
|
||||
--- xen/drivers/passthrough/vtd/intremap.c 2012-12-17 23:01:55.000000000 +0800
|
||||
+++ xen/drivers/passthrough/vtd/intremap.c 2013-05-15 23:09:06.704546506 +0800
|
||||
@@ -440,16 +440,17 @@
|
||||
type = pdev_type(seg, bus, devfn);
|
||||
switch ( type )
|
||||
{
|
||||
+ case DEV_TYPE_PCIe_ENDPOINT:
|
||||
case DEV_TYPE_PCIe_BRIDGE:
|
||||
case DEV_TYPE_PCIe2PCI_BRIDGE:
|
||||
- case DEV_TYPE_LEGACY_PCI_BRIDGE:
|
||||
- break;
|
||||
|
||||
- case DEV_TYPE_PCIe_ENDPOINT:
|
||||
set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, PCI_BDF2(bus, devfn));
|
||||
break;
|
||||
|
||||
case DEV_TYPE_PCI:
|
||||
+ case DEV_TYPE_LEGACY_PCI_BRIDGE:
|
||||
+ /* case DEV_TYPE_PCI2PCIe_BRIDGE: */
|
||||
+
|
||||
ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
|
||||
if ( ret == 0 ) /* integrated PCI device */
|
||||
{
|
||||
@@ -461,10 +462,15 @@
|
||||
if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
|
||||
set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
|
||||
(bus << 8) | pdev->bus);
|
||||
- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
|
||||
+ else
|
||||
set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
|
||||
PCI_BDF2(bus, devfn));
|
||||
}
|
||||
+ else
|
||||
+ dprintk(XENLOG_WARNING VTDPREFIX,
|
||||
+ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
|
||||
+ pdev->domain->domain_id,
|
||||
+ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -0,0 +1,11 @@
|
||||
diff -ur xen-4.2.2.orig/tools/debugger/gdbsx/xg/xg_main.c xen-4.2.2/tools/debugger/gdbsx/xg/xg_main.c
|
||||
--- tools/debugger/gdbsx/xg/xg_main.c 2013-04-24 00:42:55.000000000 +0800
|
||||
+++ tools/debugger/gdbsx/xg/xg_main.c 2013-05-16 00:22:39.263704336 +0800
|
||||
@@ -50,6 +50,7 @@
|
||||
#include "xg_public.h"
|
||||
#include <xen/version.h>
|
||||
#include <xen/domctl.h>
|
||||
+#include <sys/types.h>
|
||||
#include <xen/sys/privcmd.h>
|
||||
#include <xen/foreign/x86_32.h>
|
||||
#include <xen/foreign/x86_64.h>
|
||||
@ -0,0 +1,74 @@
|
||||
From: Roger Pau Monne
|
||||
Subject: [Qemu-devel] [PATCH RFC 2/3] xen_disk: fix memory leak
|
||||
Date: Mon, 31 Dec 2012 13:16:13 +0100
|
||||
|
||||
On ioreq_release the full ioreq
|
||||
was memset to 0, loosing all the data
|
||||
and memory allocations inside the QEMUIOVector, which leads to a
|
||||
memory leak. Create a new function to specifically reset ioreq.
|
||||
|
||||
Reported-by: Maik Wessler <address@hidden>
|
||||
Signed-off-by: Roger Pau Monné <address@hidden>
|
||||
Cc: address@hidden
|
||||
Cc: Stefano Stabellini <address@hidden>
|
||||
Cc: Anthony PERARD <address@hidden>
|
||||
---
|
||||
hw/xen_disk.c | 28 ++++++++++++++++++++++++++--
|
||||
1 files changed, 26 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/xen_disk.c b/hw/xen_disk.c
|
||||
index a159ee5..1eb485a 100644
|
||||
--- a/tools/qemu-xen/hw/xen_disk.c
|
||||
+++ b/tools/qemu-xen/hw/xen_disk.c
|
||||
@@ -113,6 +113,31 @@ struct XenBlkDev {
|
||||
|
||||
/* ------------------------------------------------------------- */
|
||||
|
||||
+static void ioreq_reset(struct ioreq *ioreq)
|
||||
+{
|
||||
+ memset(&ioreq->req, 0, sizeof(ioreq->req));
|
||||
+ ioreq->status = 0;
|
||||
+ ioreq->start = 0;
|
||||
+ ioreq->presync = 0;
|
||||
+ ioreq->postsync = 0;
|
||||
+ ioreq->mapped = 0;
|
||||
+
|
||||
+ memset(ioreq->domids, 0, sizeof(ioreq->domids));
|
||||
+ memset(ioreq->refs, 0, sizeof(ioreq->refs));
|
||||
+ ioreq->prot = 0;
|
||||
+ memset(ioreq->page, 0, sizeof(ioreq->page));
|
||||
+ ioreq->pages = NULL;
|
||||
+
|
||||
+ ioreq->aio_inflight = 0;
|
||||
+ ioreq->aio_errors = 0;
|
||||
+
|
||||
+ ioreq->blkdev = NULL;
|
||||
+ memset(&ioreq->list, 0, sizeof(ioreq->list));
|
||||
+ memset(&ioreq->acct, 0, sizeof(ioreq->acct));
|
||||
+
|
||||
+ qemu_iovec_reset(&ioreq->v);
|
||||
+}
|
||||
+
|
||||
static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
|
||||
{
|
||||
struct ioreq *ioreq = NULL;
|
||||
@@ -130,7 +155,6 @@ static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
|
||||
/* get one from freelist */
|
||||
ioreq = QLIST_FIRST(&blkdev->freelist);
|
||||
QLIST_REMOVE(ioreq, list);
|
||||
- qemu_iovec_reset(&ioreq->v);
|
||||
}
|
||||
QLIST_INSERT_HEAD(&blkdev->inflight, ioreq, list);
|
||||
blkdev->requests_inflight++;
|
||||
@@ -154,7 +178,7 @@ static void ioreq_release(struct ioreq *ioreq, bool finish)
|
||||
struct XenBlkDev *blkdev = ioreq->blkdev;
|
||||
|
||||
QLIST_REMOVE(ioreq, list);
|
||||
- memset(ioreq, 0, sizeof(*ioreq));
|
||||
+ ioreq_reset(ioreq);
|
||||
ioreq->blkdev = blkdev;
|
||||
QLIST_INSERT_HEAD(&blkdev->freelist, ioreq, list);
|
||||
if (finish) {
|
||||
--
|
||||
1.7.7.5 (Apple Git-26)
|
||||
|
||||
@ -0,0 +1,348 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild,v 1.2 2013/05/16 05:26:22 idella4 Exp $
|
||||
|
||||
EAPI=5
|
||||
|
||||
PYTHON_COMPAT=( python{2_6,2_7} )
|
||||
PYTHON_REQ_USE='xml,threads'
|
||||
|
||||
IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
|
||||
XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
|
||||
|
||||
if [[ $PV == *9999 ]]; then
|
||||
KEYWORDS=""
|
||||
REPO="xen-unstable.hg"
|
||||
EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
|
||||
S="${WORKDIR}/${REPO}"
|
||||
live_eclass="mercurial"
|
||||
else
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
|
||||
$IPXE_TARBALL_URL
|
||||
$XEN_SEABIOS_URL"
|
||||
S="${WORKDIR}/xen-${PV}"
|
||||
fi
|
||||
|
||||
inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass}
|
||||
|
||||
DESCRIPTION="Xend daemon and tools"
|
||||
HOMEPAGE="http://xen.org/"
|
||||
DOCS=( README docs/README.xen-bugtool )
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
IUSE="api custom-cflags debug doc flask hvm qemu ocaml pygrub screen static-libs xend"
|
||||
|
||||
REQUIRED_USE="hvm? ( qemu )"
|
||||
|
||||
CDEPEND="dev-libs/yajl
|
||||
dev-python/lxml[${PYTHON_USEDEP}]
|
||||
dev-python/pypam[${PYTHON_USEDEP}]
|
||||
dev-python/pyxml[${PYTHON_USEDEP}]
|
||||
sys-libs/zlib
|
||||
sys-power/iasl
|
||||
ocaml? ( dev-ml/findlib )
|
||||
hvm? ( media-libs/libsdl )
|
||||
${PYTHON_DEPS}
|
||||
api? ( dev-libs/libxml2
|
||||
net-misc/curl )
|
||||
${PYTHON_DEPS}
|
||||
pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )"
|
||||
DEPEND="${CDEPEND}
|
||||
sys-devel/bin86
|
||||
sys-devel/dev86
|
||||
dev-lang/perl
|
||||
app-misc/pax-utils
|
||||
doc? (
|
||||
app-doc/doxygen
|
||||
dev-tex/latex2html[png,gif]
|
||||
media-gfx/transfig
|
||||
media-gfx/graphviz
|
||||
dev-tex/xcolor
|
||||
dev-texlive/texlive-latexextra
|
||||
virtual/latex-base
|
||||
dev-tex/latexmk
|
||||
dev-texlive/texlive-latex
|
||||
dev-texlive/texlive-pictures
|
||||
dev-texlive/texlive-latexrecommended
|
||||
)
|
||||
hvm? ( x11-proto/xproto
|
||||
)"
|
||||
RDEPEND="${CDEPEND}
|
||||
sys-apps/iproute2
|
||||
net-misc/bridge-utils
|
||||
ocaml? ( >=dev-lang/ocaml-3.12.0 )
|
||||
screen? (
|
||||
app-misc/screen
|
||||
app-admin/logrotate
|
||||
)
|
||||
virtual/udev"
|
||||
|
||||
# hvmloader is used to bootstrap a fully virtualized kernel
|
||||
# Approved by QA team in bug #144032
|
||||
QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
|
||||
|
||||
RESTRICT="test"
|
||||
|
||||
pkg_setup() {
|
||||
python-single-r1_pkg_setup
|
||||
export "CONFIG_LOMOUNT=y"
|
||||
|
||||
if has_version dev-libs/libgcrypt; then
|
||||
export "CONFIG_GCRYPT=y"
|
||||
fi
|
||||
|
||||
if use qemu; then
|
||||
export "CONFIG_IOEMU=y"
|
||||
else
|
||||
export "CONFIG_IOEMU=n"
|
||||
fi
|
||||
|
||||
if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
|
||||
eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
|
||||
eerror "an amd64 multilib profile is required. Remove the hvm use flag"
|
||||
eerror "to build xen-tools on your current profile."
|
||||
die "USE=hvm is unsupported on this system."
|
||||
fi
|
||||
|
||||
if [[ -z ${XEN_TARGET_ARCH} ]] ; then
|
||||
if use x86 && use amd64; then
|
||||
die "Confusion! Both x86 and amd64 are set in your use flags!"
|
||||
elif use x86; then
|
||||
export XEN_TARGET_ARCH="x86_32"
|
||||
elif use amd64 ; then
|
||||
export XEN_TARGET_ARCH="x86_64"
|
||||
else
|
||||
die "Unsupported architecture!"
|
||||
fi
|
||||
fi
|
||||
|
||||
use api && export "LIBXENAPI_BINDINGS=y"
|
||||
use flask && export "FLASK_ENABLE=y"
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Drop .config, fixes to gcc-4.6
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
|
||||
|
||||
# Xend
|
||||
if ! use xend; then
|
||||
sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
|
||||
-i tools/misc/Makefile || die "Disabling xend failed"
|
||||
sed -e 's:^XEND_INITD:#XEND_INITD:' \
|
||||
-i tools/examples/Makefile || die "Disabling xend failed"
|
||||
fi
|
||||
|
||||
# if the user *really* wants to use their own custom-cflags, let them
|
||||
if use custom-cflags; then
|
||||
einfo "User wants their own CFLAGS - removing defaults"
|
||||
|
||||
# try and remove all the default cflags
|
||||
find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
|
||||
-exec sed \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-i {} + || die "failed to re-set custom-cflags"
|
||||
fi
|
||||
|
||||
if ! use pygrub; then
|
||||
sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
|
||||
fi
|
||||
|
||||
# Disable hvm support on systems that don't support x86_32 binaries.
|
||||
if ! use hvm; then
|
||||
sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
|
||||
sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
|
||||
fi
|
||||
|
||||
# Don't bother with qemu, only needed for fully virtualised guests
|
||||
if ! use qemu; then
|
||||
sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
|
||||
sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
|
||||
fi
|
||||
|
||||
# Fix texi2html build error with new texi2html
|
||||
epatch "${FILESDIR}"/${PN}-4-docfix.patch
|
||||
|
||||
# Fix network broadcast on bridged networks
|
||||
epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
|
||||
|
||||
# Prevent the downloading of ipxe, seabios
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
|
||||
cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
|
||||
mv ../seabios-dir-remote tools/firmware/ || die
|
||||
pushd tools/firmware/ > /dev/null
|
||||
ln -s seabios-dir-remote seabios-dir || die
|
||||
popd > /dev/null
|
||||
|
||||
# Fix bridge by idella4, bug #362575
|
||||
epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
|
||||
|
||||
# Don't build ipxe with pie on hardened, Bug #360805
|
||||
if gcc-specs-pie; then
|
||||
epatch "${FILESDIR}"/ipxe-nopie.patch
|
||||
fi
|
||||
|
||||
# Prevent double stripping of files at install
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
|
||||
|
||||
# fix jobserver in Makefile
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
|
||||
|
||||
# add missing typedef
|
||||
epatch "${FILESDIR}"/xen-4-ulong.patch \
|
||||
"${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch
|
||||
|
||||
#Sec patches currently valid
|
||||
epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-1952-XSA_49.patch
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
export VARTEXFONTS="${T}/fonts"
|
||||
local myopt
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
|
||||
use custom-cflags || unset CFLAGS
|
||||
if test-flag-CC -fno-strict-overflow; then
|
||||
append-flags -fno-strict-overflow
|
||||
fi
|
||||
|
||||
unset LDFLAGS
|
||||
unset CFLAGS
|
||||
emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt}
|
||||
|
||||
use doc && emake -C docs txt html
|
||||
emake -C docs man-pages
|
||||
}
|
||||
|
||||
src_install() {
|
||||
# Override auto-detection in the build system, bug #382573
|
||||
export INITD_DIR=/tmp/init.d
|
||||
export CONFIG_LEAF_DIR=../tmp/default
|
||||
|
||||
# Let the build system compile installed Python modules.
|
||||
local PYTHONDONTWRITEBYTECODE
|
||||
export PYTHONDONTWRITEBYTECODE
|
||||
|
||||
emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \
|
||||
XEN_PYTHON_NATIVE_INSTALL=y install-tools
|
||||
|
||||
# Fix the remaining Python shebangs.
|
||||
python_fix_shebang "${ED}"
|
||||
|
||||
# Remove RedHat-specific stuff
|
||||
rm -rf "${ED}"tmp || die
|
||||
|
||||
# uncomment lines in xl.conf
|
||||
sed -e 's:^#autoballoon=1:autoballoon=1:' \
|
||||
-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
|
||||
-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
|
||||
-i tools/examples/xl.conf || die
|
||||
|
||||
if use doc; then
|
||||
emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
|
||||
|
||||
dohtml -r docs/
|
||||
docinto pdf
|
||||
dodoc ${DOCS[@]}
|
||||
[ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
|
||||
fi
|
||||
|
||||
rm -rf "${ED}"/usr/share/doc/xen/
|
||||
doman docs/man?/*
|
||||
|
||||
if use xend; then
|
||||
newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
|
||||
fi
|
||||
newconfd "${FILESDIR}"/xendomains.confd xendomains
|
||||
newconfd "${FILESDIR}"/xenstored.confd xenstored
|
||||
newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
|
||||
newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
|
||||
newinitd "${FILESDIR}"/xenstored.initd xenstored
|
||||
newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
|
||||
|
||||
if use screen; then
|
||||
cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
|
||||
cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
|
||||
keepdir /var/log/xen-consoles
|
||||
fi
|
||||
|
||||
if use qemu; then
|
||||
mkdir -p "${D}"usr/lib64/xen/bin || die
|
||||
mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/lib64/xen/bin/ || die
|
||||
fi
|
||||
|
||||
# For -static-libs wrt Bug 384355
|
||||
if ! use static-libs; then
|
||||
rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a
|
||||
fi
|
||||
|
||||
# xend expects these to exist
|
||||
keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
|
||||
|
||||
# for xendomains
|
||||
keepdir /etc/xen/auto
|
||||
|
||||
# Temp QA workaround
|
||||
dodir "$(udev_get_udevdir)"
|
||||
mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)"
|
||||
rm -rf "${ED}"/etc/udev
|
||||
|
||||
# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
|
||||
find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
|
||||
-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "Official Xen Guide and the unoffical wiki page:"
|
||||
elog " http://www.gentoo.org/doc/en/xen-guide.xml"
|
||||
elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
|
||||
|
||||
if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
|
||||
echo
|
||||
ewarn "xend may not work when python is built with stack smashing protection (ssp)."
|
||||
ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
|
||||
ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
|
||||
fi
|
||||
|
||||
# TODO: we need to have the current Python slot here.
|
||||
if ! has_version "dev-lang/python[ncurses]"; then
|
||||
echo
|
||||
ewarn "NB: Your dev-lang/python is built without USE=ncurses."
|
||||
ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
|
||||
fi
|
||||
|
||||
if has_version "sys-apps/iproute2[minimal]"; then
|
||||
echo
|
||||
ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
|
||||
ewarn "will not work until you rebuild iproute2 without USE=minimal."
|
||||
fi
|
||||
|
||||
if ! use hvm; then
|
||||
echo
|
||||
elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
|
||||
elog "support enable the hvm use flag."
|
||||
elog "An x86 or amd64 multilib system is required to build HVM support."
|
||||
echo
|
||||
elog "The qemu use flag has been removed and replaced with hvm."
|
||||
fi
|
||||
|
||||
if use xend; then
|
||||
echo
|
||||
elog "xend capability has been enabled and installed"
|
||||
fi
|
||||
|
||||
if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
|
||||
echo
|
||||
elog "xensv is broken upstream (Gentoo bug #142011)."
|
||||
elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
|
||||
fi
|
||||
}
|
||||
@ -0,0 +1,348 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild,v 1.2 2013/05/16 05:26:22 idella4 Exp $
|
||||
|
||||
EAPI=5
|
||||
|
||||
PYTHON_COMPAT=( python{2_6,2_7} )
|
||||
PYTHON_REQ_USE='xml,threads'
|
||||
|
||||
IPXE_TARBALL_URL="http://dev.gentoo.org/~idella4/tarballs/ipxe.tar.gz"
|
||||
XEN_SEABIOS_URL="http://dev.gentoo.org/~idella4/tarballs/seabios-0-20121121.tar.bz2"
|
||||
|
||||
if [[ $PV == *9999 ]]; then
|
||||
KEYWORDS=""
|
||||
REPO="xen-unstable.hg"
|
||||
EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
|
||||
S="${WORKDIR}/${REPO}"
|
||||
live_eclass="mercurial"
|
||||
else
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz
|
||||
$IPXE_TARBALL_URL
|
||||
$XEN_SEABIOS_URL"
|
||||
S="${WORKDIR}/xen-${PV}"
|
||||
fi
|
||||
|
||||
inherit flag-o-matic eutils multilib python-single-r1 toolchain-funcs udev ${live_eclass}
|
||||
|
||||
DESCRIPTION="Xend daemon and tools"
|
||||
HOMEPAGE="http://xen.org/"
|
||||
DOCS=( README docs/README.xen-bugtool )
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
IUSE="api custom-cflags debug doc flask hvm qemu pygrub screen static-libs xend"
|
||||
|
||||
REQUIRED_USE="hvm? ( qemu )"
|
||||
|
||||
CDEPEND="dev-libs/lzo:2
|
||||
dev-libs/yajl
|
||||
dev-python/lxml[${PYTHON_USEDEP}]
|
||||
dev-python/pypam[${PYTHON_USEDEP}]
|
||||
dev-python/pyxml[${PYTHON_USEDEP}]
|
||||
sys-libs/zlib
|
||||
sys-power/iasl
|
||||
dev-ml/findlib
|
||||
hvm? ( media-libs/libsdl )
|
||||
${PYTHON_DEPS}
|
||||
api? ( dev-libs/libxml2
|
||||
net-misc/curl )
|
||||
${PYTHON_DEPS}
|
||||
pygrub? ( ${PYTHON_DEPS//${PYTHON_REQ_USE}/ncurses} )"
|
||||
DEPEND="${CDEPEND}
|
||||
sys-devel/bin86
|
||||
sys-devel/dev86
|
||||
dev-lang/perl
|
||||
app-misc/pax-utils
|
||||
doc? (
|
||||
app-doc/doxygen
|
||||
dev-tex/latex2html[png,gif]
|
||||
media-gfx/transfig
|
||||
media-gfx/graphviz
|
||||
dev-tex/xcolor
|
||||
dev-texlive/texlive-latexextra
|
||||
virtual/latex-base
|
||||
dev-tex/latexmk
|
||||
dev-texlive/texlive-latex
|
||||
dev-texlive/texlive-pictures
|
||||
dev-texlive/texlive-latexrecommended
|
||||
)
|
||||
hvm? ( x11-proto/xproto
|
||||
)"
|
||||
RDEPEND="${CDEPEND}
|
||||
sys-apps/iproute2
|
||||
net-misc/bridge-utils
|
||||
screen? (
|
||||
app-misc/screen
|
||||
app-admin/logrotate
|
||||
)
|
||||
virtual/udev"
|
||||
|
||||
# hvmloader is used to bootstrap a fully virtualized kernel
|
||||
# Approved by QA team in bug #144032
|
||||
QA_WX_LOAD="usr/lib/xen/boot/hvmloader"
|
||||
|
||||
RESTRICT="test"
|
||||
|
||||
pkg_setup() {
|
||||
python-single-r1_pkg_setup
|
||||
export "CONFIG_LOMOUNT=y"
|
||||
|
||||
if has_version dev-libs/libgcrypt; then
|
||||
export "CONFIG_GCRYPT=y"
|
||||
fi
|
||||
|
||||
if use qemu; then
|
||||
export "CONFIG_IOEMU=y"
|
||||
else
|
||||
export "CONFIG_IOEMU=n"
|
||||
fi
|
||||
|
||||
if ! use x86 && ! has x86 $(get_all_abis) && use hvm; then
|
||||
eerror "HVM (VT-x and AMD-v) cannot be built on this system. An x86 or"
|
||||
eerror "an amd64 multilib profile is required. Remove the hvm use flag"
|
||||
eerror "to build xen-tools on your current profile."
|
||||
die "USE=hvm is unsupported on this system."
|
||||
fi
|
||||
|
||||
if [[ -z ${XEN_TARGET_ARCH} ]] ; then
|
||||
if use x86 && use amd64; then
|
||||
die "Confusion! Both x86 and amd64 are set in your use flags!"
|
||||
elif use x86; then
|
||||
export XEN_TARGET_ARCH="x86_32"
|
||||
elif use amd64 ; then
|
||||
export XEN_TARGET_ARCH="x86_64"
|
||||
else
|
||||
die "Unsupported architecture!"
|
||||
fi
|
||||
fi
|
||||
|
||||
use api && export "LIBXENAPI_BINDINGS=y"
|
||||
use flask && export "FLASK_ENABLE=y"
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Drop .config, fixes to gcc-4.6
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4-fix_dotconfig-gcc.patch
|
||||
|
||||
# Xend
|
||||
if ! use xend; then
|
||||
sed -e 's:xm xen-bugtool xen-python-path xend:xen-bugtool xen-python-path:' \
|
||||
-i tools/misc/Makefile || die "Disabling xend failed"
|
||||
sed -e 's:^XEND_INITD:#XEND_INITD:' \
|
||||
-i tools/examples/Makefile || die "Disabling xend failed"
|
||||
fi
|
||||
|
||||
# if the user *really* wants to use their own custom-cflags, let them
|
||||
if use custom-cflags; then
|
||||
einfo "User wants their own CFLAGS - removing defaults"
|
||||
|
||||
# try and remove all the default cflags
|
||||
find "${S}" \( -name Makefile -o -name Rules.mk -o -name Config.mk \) \
|
||||
-exec sed \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-i {} + || die "failed to re-set custom-cflags"
|
||||
fi
|
||||
|
||||
if ! use pygrub; then
|
||||
sed -e '/^SUBDIRS-$(PYTHON_TOOLS) += pygrub$/d' -i tools/Makefile || die
|
||||
fi
|
||||
|
||||
# Disable hvm support on systems that don't support x86_32 binaries.
|
||||
if ! use hvm; then
|
||||
sed -e '/^CONFIG_IOEMU := y$/d' -i config/*.mk || die
|
||||
sed -e '/SUBDIRS-$(CONFIG_X86) += firmware/d' -i tools/Makefile || die
|
||||
fi
|
||||
|
||||
# Don't bother with qemu, only needed for fully virtualised guests
|
||||
if ! use qemu; then
|
||||
sed -e "/^CONFIG_IOEMU := y$/d" -i config/*.mk || die
|
||||
sed -e "s:install-tools\: tools/ioemu-dir:install-tools\: :g" -i Makefile || die
|
||||
fi
|
||||
|
||||
# Fix texi2html build error with new texi2html
|
||||
epatch "${FILESDIR}"/${PN}-4-docfix.patch
|
||||
|
||||
# Fix network broadcast on bridged networks
|
||||
epatch "${FILESDIR}/${PN}-3.4.0-network-bridge-broadcast.patch"
|
||||
|
||||
# Prevent the downloading of ipxe, seabios
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-anti-download.patch
|
||||
cp "${DISTDIR}"/ipxe.tar.gz tools/firmware/etherboot/ || die
|
||||
mv ../seabios-dir-remote tools/firmware/ || die
|
||||
pushd tools/firmware/ > /dev/null
|
||||
ln -s seabios-dir-remote seabios-dir || die
|
||||
popd > /dev/null
|
||||
|
||||
# Fix bridge by idella4, bug #362575
|
||||
epatch "${FILESDIR}/${PN}-4.1.1-bridge.patch"
|
||||
|
||||
# Don't build ipxe with pie on hardened, Bug #360805
|
||||
if gcc-specs-pie; then
|
||||
epatch "${FILESDIR}"/ipxe-nopie.patch
|
||||
fi
|
||||
|
||||
# Prevent double stripping of files at install
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-nostrip.patch
|
||||
|
||||
# fix jobserver in Makefile
|
||||
epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch
|
||||
|
||||
# add missing header
|
||||
epatch "${FILESDIR}"/xen-4-ulong.patch \
|
||||
"${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch
|
||||
|
||||
#Sec patch, currently valid
|
||||
epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-1922-XSA-48.patch \
|
||||
"${FILESDIR}"/xen-4-CVE-2013-1952-XSA-49.patch
|
||||
|
||||
epatch_user
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
export VARTEXFONTS="${T}/fonts"
|
||||
local myopt
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
|
||||
use custom-cflags || unset CFLAGS
|
||||
if test-flag-CC -fno-strict-overflow; then
|
||||
append-flags -fno-strict-overflow
|
||||
fi
|
||||
|
||||
unset LDFLAGS
|
||||
unset CFLAGS
|
||||
emake CC="$(tc-getCC)" LD="$(tc-getLD)" -C tools ${myopt}
|
||||
|
||||
use doc && emake -C docs txt html
|
||||
emake -C docs man-pages
|
||||
}
|
||||
|
||||
src_install() {
|
||||
# Override auto-detection in the build system, bug #382573
|
||||
export INITD_DIR=/tmp/init.d
|
||||
export CONFIG_LEAF_DIR=../tmp/default
|
||||
|
||||
# Let the build system compile installed Python modules.
|
||||
local PYTHONDONTWRITEBYTECODE
|
||||
export PYTHONDONTWRITEBYTECODE
|
||||
|
||||
emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" \
|
||||
XEN_PYTHON_NATIVE_INSTALL=y install-tools
|
||||
|
||||
# Fix the remaining Python shebangs.
|
||||
python_fix_shebang "${ED}"
|
||||
|
||||
# Remove RedHat-specific stuff
|
||||
rm -rf "${ED}"tmp || die
|
||||
|
||||
# uncomment lines in xl.conf
|
||||
sed -e 's:^#autoballoon=1:autoballoon=1:' \
|
||||
-e 's:^#lockfile="/var/lock/xl":lockfile="/var/lock/xl":' \
|
||||
-e 's:^#vifscript="vif-bridge":vifscript="vif-bridge":' \
|
||||
-i tools/examples/xl.conf || die
|
||||
|
||||
if use doc; then
|
||||
emake DESTDIR="${ED}" DOCDIR="/usr/share/doc/${PF}" install-docs
|
||||
|
||||
dohtml -r docs/
|
||||
docinto pdf
|
||||
dodoc ${DOCS[@]}
|
||||
[ -d "${ED}"/usr/share/doc/xen ] && mv "${ED}"/usr/share/doc/xen/* "${ED}"/usr/share/doc/${PF}/html
|
||||
fi
|
||||
|
||||
rm -rf "${ED}"/usr/share/doc/xen/
|
||||
doman docs/man?/*
|
||||
|
||||
if use xend; then
|
||||
newinitd "${FILESDIR}"/xend.initd-r2 xend || die "Couldn't install xen.initd"
|
||||
fi
|
||||
newconfd "${FILESDIR}"/xendomains.confd xendomains
|
||||
newconfd "${FILESDIR}"/xenstored.confd xenstored
|
||||
newconfd "${FILESDIR}"/xenconsoled.confd xenconsoled
|
||||
newinitd "${FILESDIR}"/xendomains.initd-r2 xendomains
|
||||
newinitd "${FILESDIR}"/xenstored.initd xenstored
|
||||
newinitd "${FILESDIR}"/xenconsoled.initd xenconsoled
|
||||
|
||||
if use screen; then
|
||||
cat "${FILESDIR}"/xendomains-screen.confd >> "${ED}"/etc/conf.d/xendomains || die
|
||||
cp "${FILESDIR}"/xen-consoles.logrotate "${ED}"/etc/xen/ || die
|
||||
keepdir /var/log/xen-consoles
|
||||
fi
|
||||
|
||||
if use qemu; then
|
||||
mkdir -p "${D}"usr/lib64/xen/bin || die
|
||||
mv "${D}"usr/lib/xen/bin/qemu* "${D}"usr/lib64/xen/bin/ || die
|
||||
fi
|
||||
|
||||
# For -static-libs wrt Bug 384355
|
||||
if ! use static-libs; then
|
||||
rm -f "${ED}"usr/$(get_libdir)/*.a "${ED}"usr/$(get_libdir)/ocaml/*/*.a
|
||||
fi
|
||||
|
||||
# xend expects these to exist
|
||||
keepdir /var/run/xenstored /var/lib/xenstored /var/xen/dump /var/lib/xen /var/log/xen
|
||||
|
||||
# for xendomains
|
||||
keepdir /etc/xen/auto
|
||||
|
||||
# Temp QA workaround
|
||||
dodir "$(udev_get_udevdir)"
|
||||
mv "${ED}"/etc/udev/* "${ED}/$(udev_get_udevdir)"
|
||||
rm -rf "${ED}"/etc/udev
|
||||
|
||||
# Remove files failing QA AFTER emake installs them, avoiding seeking absent files
|
||||
find "${ED}" \( -name openbios-sparc32 -o -name openbios-sparc64 \
|
||||
-o -name openbios-ppc -o -name palcode-clipper \) -delete || die
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "Official Xen Guide and the unoffical wiki page:"
|
||||
elog " http://www.gentoo.org/doc/en/xen-guide.xml"
|
||||
elog " http://gentoo-wiki.com/HOWTO_Xen_and_Gentoo"
|
||||
|
||||
if [[ "$(scanelf -s __guard -q "${PYTHON}")" ]] ; then
|
||||
echo
|
||||
ewarn "xend may not work when python is built with stack smashing protection (ssp)."
|
||||
ewarn "If 'xm create' fails with '<ProtocolError for /RPC2: -1 >', see bug #141866"
|
||||
ewarn "This problem may be resolved as of Xen 3.0.4, if not post in the bug."
|
||||
fi
|
||||
|
||||
# TODO: we need to have the current Python slot here.
|
||||
if ! has_version "dev-lang/python[ncurses]"; then
|
||||
echo
|
||||
ewarn "NB: Your dev-lang/python is built without USE=ncurses."
|
||||
ewarn "Please rebuild python with USE=ncurses to make use of xenmon.py."
|
||||
fi
|
||||
|
||||
if has_version "sys-apps/iproute2[minimal]"; then
|
||||
echo
|
||||
ewarn "Your sys-apps/iproute2 is built with USE=minimal. Networking"
|
||||
ewarn "will not work until you rebuild iproute2 without USE=minimal."
|
||||
fi
|
||||
|
||||
if ! use hvm; then
|
||||
echo
|
||||
elog "HVM (VT-x and AMD-V) support has been disabled. If you need hvm"
|
||||
elog "support enable the hvm use flag."
|
||||
elog "An x86 or amd64 multilib system is required to build HVM support."
|
||||
echo
|
||||
elog "The qemu use flag has been removed and replaced with hvm."
|
||||
fi
|
||||
|
||||
if use xend; then
|
||||
echo
|
||||
elog "xend capability has been enabled and installed"
|
||||
fi
|
||||
|
||||
if grep -qsF XENSV= "${ROOT}/etc/conf.d/xend"; then
|
||||
echo
|
||||
elog "xensv is broken upstream (Gentoo bug #142011)."
|
||||
elog "Please remove '${ROOT%/}/etc/conf.d/xend', as it is no longer needed."
|
||||
fi
|
||||
}
|
||||
@ -1,2 +1,3 @@
|
||||
DIST xen-4.2.0.tar.gz 15587687 SHA256 43f4a086e4e0330145a27b7ace8365c42b5afbc95cefadafe067be91bd3e5cfb SHA512 4fb56c79d722fb307bc657f16d02079c6636427e7650c4354193632d38d2d1db8e588f844ff0ca6e757c108ed639a528565ec9fc7c00bb4d5b6fbc9d122d8a70 WHIRLPOOL 369a109375864cb61920b56cf501522051d28513e738f0fd0e7b76244c3e08a8a0a6ff6cf245872d9bbd9c0f22c7da76c9cbc0f852bad6108ca25fd42dc677c0
|
||||
DIST xen-4.2.1.tar.gz 15593695 SHA256 fb8df5827ce3e2d2d3b078d9e5afde502beb5e7ab9442e51a94087061bd450c6 SHA512 fe27a965e2b34035bd025482eda9fc4d4e82523c929323fd30813367d5ffbe2fa1ed3d7d4479f2632e8b5625972448b7bd6a7768e8dc1dcd1b6747d281cc1a9e WHIRLPOOL 226bbed059541e804f1a44e721023ffbc04bae43000653b1d7d6a9bfec0d9efbf7a48b1b0a7ad3fcb8e34f8b91e1c620c2a8eddf97baad487e9db37d49a58f37
|
||||
DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea
|
||||
|
||||
@ -0,0 +1,323 @@
|
||||
ACPI: acpi_table_parse() should return handler's error code
|
||||
|
||||
Currently, the error code returned by acpi_table_parse()'s handler
|
||||
is ignored. This patch will propagate handler's return value to
|
||||
acpi_table_parse()'s caller.
|
||||
|
||||
AMD,IOMMU: Clean up old entries in remapping tables when creating new
|
||||
interrupt mapping.
|
||||
|
||||
When changing the affinity of an IRQ associated with a passed
|
||||
through PCI device, clear previous mapping.
|
||||
|
||||
In addition, because some BIOSes may incorrectly program IVRS
|
||||
entries for IOAPIC try to check for entry's consistency. Specifically,
|
||||
if conflicting entries are found disable IOMMU if per-device
|
||||
remapping table is used. If entries refer to bogus IOAPIC IDs
|
||||
disable IOMMU unconditionally
|
||||
|
||||
AMD,IOMMU: Disable IOMMU if SATA Combined mode is on
|
||||
|
||||
AMD's SP5100 chipset can be placed into SATA Combined mode
|
||||
that may cause prevent dom0 from booting when IOMMU is
|
||||
enabled and per-device interrupt remapping table is used.
|
||||
While SP5100 erratum 28 requires BIOSes to disable this mode,
|
||||
some may still use it.
|
||||
|
||||
This patch checks whether this mode is on and, if per-device
|
||||
table is in use, disables IOMMU.
|
||||
|
||||
AMD,IOMMU: Make per-device interrupt remapping table default
|
||||
|
||||
Using global interrupt remapping table may be insecure, as
|
||||
described by XSA-36. This patch makes per-device mode default.
|
||||
|
||||
This is XSA-36 / CVE-2013-0153.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
|
||||
|
||||
--- a/xen/arch/x86/irq.c
|
||||
+++ b/xen/arch/x86/irq.c
|
||||
@@ -1942,9 +1942,6 @@ int map_domain_pirq(
|
||||
spin_lock_irqsave(&desc->lock, flags);
|
||||
set_domain_irq_pirq(d, irq, info);
|
||||
spin_unlock_irqrestore(&desc->lock, flags);
|
||||
-
|
||||
- if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV )
|
||||
- printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n");
|
||||
}
|
||||
|
||||
done:
|
||||
--- a/xen/drivers/acpi/tables.c
|
||||
+++ b/xen/drivers/acpi/tables.c
|
||||
@@ -267,7 +267,7 @@ acpi_table_parse_madt(enum acpi_madt_typ
|
||||
* @handler: handler to run
|
||||
*
|
||||
* Scan the ACPI System Descriptor Table (STD) for a table matching @id,
|
||||
- * run @handler on it. Return 0 if table found, return on if not.
|
||||
+ * run @handler on it.
|
||||
*/
|
||||
int __init acpi_table_parse(char *id, acpi_table_handler handler)
|
||||
{
|
||||
@@ -282,8 +282,7 @@ int __init acpi_table_parse(char *id, ac
|
||||
acpi_get_table(id, 0, &table);
|
||||
|
||||
if (table) {
|
||||
- handler(table);
|
||||
- return 0;
|
||||
+ return handler(table);
|
||||
} else
|
||||
return 1;
|
||||
}
|
||||
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
|
||||
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <xen/errno.h>
|
||||
#include <xen/acpi.h>
|
||||
#include <asm/apicdef.h>
|
||||
+#include <asm/io_apic.h>
|
||||
#include <asm/amd-iommu.h>
|
||||
#include <asm/hvm/svm/amd-iommu-proto.h>
|
||||
|
||||
@@ -635,6 +636,7 @@ static u16 __init parse_ivhd_device_spec
|
||||
u16 header_length, u16 block_length, struct amd_iommu *iommu)
|
||||
{
|
||||
u16 dev_length, bdf;
|
||||
+ int apic;
|
||||
|
||||
dev_length = sizeof(*special);
|
||||
if ( header_length < (block_length + dev_length) )
|
||||
@@ -651,10 +653,59 @@ static u16 __init parse_ivhd_device_spec
|
||||
}
|
||||
|
||||
add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu);
|
||||
- /* set device id of ioapic */
|
||||
- ioapic_sbdf[special->handle].bdf = bdf;
|
||||
- ioapic_sbdf[special->handle].seg = seg;
|
||||
- return dev_length;
|
||||
+
|
||||
+ if ( special->variety != ACPI_IVHD_IOAPIC )
|
||||
+ {
|
||||
+ if ( special->variety != ACPI_IVHD_HPET )
|
||||
+ printk(XENLOG_ERR "Unrecognized IVHD special variety %#x\n",
|
||||
+ special->variety);
|
||||
+ return dev_length;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Some BIOSes have IOAPIC broken entries so we check for IVRS
|
||||
+ * consistency here --- whether entry's IOAPIC ID is valid and
|
||||
+ * whether there are conflicting/duplicated entries.
|
||||
+ */
|
||||
+ for ( apic = 0; apic < nr_ioapics; apic++ )
|
||||
+ {
|
||||
+ if ( IO_APIC_ID(apic) != special->handle )
|
||||
+ continue;
|
||||
+
|
||||
+ if ( ioapic_sbdf[special->handle].pin_setup )
|
||||
+ {
|
||||
+ if ( ioapic_sbdf[special->handle].bdf == bdf &&
|
||||
+ ioapic_sbdf[special->handle].seg == seg )
|
||||
+ AMD_IOMMU_DEBUG("IVHD Warning: Duplicate IO-APIC %#x entries\n",
|
||||
+ special->handle);
|
||||
+ else
|
||||
+ {
|
||||
+ printk(XENLOG_ERR "IVHD Error: Conflicting IO-APIC %#x entries\n",
|
||||
+ special->handle);
|
||||
+ if ( amd_iommu_perdev_intremap )
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /* set device id of ioapic */
|
||||
+ ioapic_sbdf[special->handle].bdf = bdf;
|
||||
+ ioapic_sbdf[special->handle].seg = seg;
|
||||
+
|
||||
+ ioapic_sbdf[special->handle].pin_setup = xzalloc_array(
|
||||
+ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic]));
|
||||
+ if ( nr_ioapic_entries[apic] &&
|
||||
+ !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup )
|
||||
+ {
|
||||
+ printk(XENLOG_ERR "IVHD Error: Out of memory\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+ return dev_length;
|
||||
+ }
|
||||
+
|
||||
+ printk(XENLOG_ERR "IVHD Error: Invalid IO-APIC %#x\n", special->handle);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static int __init parse_ivhd_block(const struct acpi_ivrs_hardware *ivhd_block)
|
||||
--- a/xen/drivers/passthrough/amd/iommu_init.c
|
||||
+++ b/xen/drivers/passthrough/amd/iommu_init.c
|
||||
@@ -1126,12 +1126,45 @@ static int __init amd_iommu_setup_device
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* Check whether SP5100 SATA Combined mode is on */
|
||||
+static bool_t __init amd_sp5100_erratum28(void)
|
||||
+{
|
||||
+ u32 bus, id;
|
||||
+ u16 vendor_id, dev_id;
|
||||
+ u8 byte;
|
||||
+
|
||||
+ for (bus = 0; bus < 256; bus++)
|
||||
+ {
|
||||
+ id = pci_conf_read32(0, bus, 0x14, 0, PCI_VENDOR_ID);
|
||||
+
|
||||
+ vendor_id = id & 0xffff;
|
||||
+ dev_id = (id >> 16) & 0xffff;
|
||||
+
|
||||
+ /* SP5100 SMBus module sets Combined mode on */
|
||||
+ if (vendor_id != 0x1002 || dev_id != 0x4385)
|
||||
+ continue;
|
||||
+
|
||||
+ byte = pci_conf_read8(0, bus, 0x14, 0, 0xad);
|
||||
+ if ( (byte >> 3) & 1 )
|
||||
+ {
|
||||
+ printk(XENLOG_WARNING "AMD-Vi: SP5100 erratum 28 detected, disabling IOMMU.\n"
|
||||
+ "If possible, disable SATA Combined mode in BIOS or contact your vendor for BIOS update.\n");
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
int __init amd_iommu_init(void)
|
||||
{
|
||||
struct amd_iommu *iommu;
|
||||
|
||||
BUG_ON( !iommu_found() );
|
||||
|
||||
+ if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() )
|
||||
+ goto error_out;
|
||||
+
|
||||
ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries();
|
||||
|
||||
if ( !ivrs_bdf_entries )
|
||||
--- a/xen/drivers/passthrough/amd/iommu_intr.c
|
||||
+++ b/xen/drivers/passthrough/amd/iommu_intr.c
|
||||
@@ -99,12 +99,12 @@ static void update_intremap_entry(u32* e
|
||||
static void update_intremap_entry_from_ioapic(
|
||||
int bdf,
|
||||
struct amd_iommu *iommu,
|
||||
- struct IO_APIC_route_entry *ioapic_rte)
|
||||
+ const struct IO_APIC_route_entry *rte,
|
||||
+ const struct IO_APIC_route_entry *old_rte)
|
||||
{
|
||||
unsigned long flags;
|
||||
u32* entry;
|
||||
u8 delivery_mode, dest, vector, dest_mode;
|
||||
- struct IO_APIC_route_entry *rte = ioapic_rte;
|
||||
int req_id;
|
||||
spinlock_t *lock;
|
||||
int offset;
|
||||
@@ -120,6 +120,14 @@ static void update_intremap_entry_from_i
|
||||
spin_lock_irqsave(lock, flags);
|
||||
|
||||
offset = get_intremap_offset(vector, delivery_mode);
|
||||
+ if ( old_rte )
|
||||
+ {
|
||||
+ int old_offset = get_intremap_offset(old_rte->vector,
|
||||
+ old_rte->delivery_mode);
|
||||
+
|
||||
+ if ( offset != old_offset )
|
||||
+ free_intremap_entry(iommu->seg, bdf, old_offset);
|
||||
+ }
|
||||
entry = (u32*)get_intremap_entry(iommu->seg, req_id, offset);
|
||||
update_intremap_entry(entry, vector, delivery_mode, dest_mode, dest);
|
||||
|
||||
@@ -188,6 +196,7 @@ int __init amd_iommu_setup_ioapic_remapp
|
||||
amd_iommu_flush_intremap(iommu, req_id);
|
||||
spin_unlock_irqrestore(&iommu->lock, flags);
|
||||
}
|
||||
+ set_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
@@ -199,6 +208,7 @@ void amd_iommu_ioapic_update_ire(
|
||||
struct IO_APIC_route_entry old_rte = { 0 };
|
||||
struct IO_APIC_route_entry new_rte = { 0 };
|
||||
unsigned int rte_lo = (reg & 1) ? reg - 1 : reg;
|
||||
+ unsigned int pin = (reg - 0x10) / 2;
|
||||
int saved_mask, seg, bdf;
|
||||
struct amd_iommu *iommu;
|
||||
|
||||
@@ -236,6 +246,14 @@ void amd_iommu_ioapic_update_ire(
|
||||
*(((u32 *)&new_rte) + 1) = value;
|
||||
}
|
||||
|
||||
+ if ( new_rte.mask &&
|
||||
+ !test_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) )
|
||||
+ {
|
||||
+ ASSERT(saved_mask);
|
||||
+ __io_apic_write(apic, reg, value);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* mask the interrupt while we change the intremap table */
|
||||
if ( !saved_mask )
|
||||
{
|
||||
@@ -244,7 +262,11 @@ void amd_iommu_ioapic_update_ire(
|
||||
}
|
||||
|
||||
/* Update interrupt remapping entry */
|
||||
- update_intremap_entry_from_ioapic(bdf, iommu, &new_rte);
|
||||
+ update_intremap_entry_from_ioapic(
|
||||
+ bdf, iommu, &new_rte,
|
||||
+ test_and_set_bit(pin,
|
||||
+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ? &old_rte
|
||||
+ : NULL);
|
||||
|
||||
/* Forward write access to IO-APIC RTE */
|
||||
__io_apic_write(apic, reg, value);
|
||||
@@ -354,6 +376,12 @@ void amd_iommu_msi_msg_update_ire(
|
||||
return;
|
||||
}
|
||||
|
||||
+ if ( msi_desc->remap_index >= 0 )
|
||||
+ update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, NULL);
|
||||
+
|
||||
+ if ( !msg )
|
||||
+ return;
|
||||
+
|
||||
update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, msg);
|
||||
}
|
||||
|
||||
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
|
||||
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
|
||||
@@ -205,6 +205,8 @@ int __init amd_iov_detect(void)
|
||||
{
|
||||
printk("AMD-Vi: Not overriding irq_vector_map setting\n");
|
||||
}
|
||||
+ if ( !amd_iommu_perdev_intremap )
|
||||
+ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n");
|
||||
return scan_pci_devices();
|
||||
}
|
||||
|
||||
--- a/xen/drivers/passthrough/iommu.c
|
||||
+++ b/xen/drivers/passthrough/iommu.c
|
||||
@@ -52,7 +52,7 @@ bool_t __read_mostly iommu_qinval = 1;
|
||||
bool_t __read_mostly iommu_intremap = 1;
|
||||
bool_t __read_mostly iommu_hap_pt_share = 1;
|
||||
bool_t __read_mostly iommu_debug;
|
||||
-bool_t __read_mostly amd_iommu_perdev_intremap;
|
||||
+bool_t __read_mostly amd_iommu_perdev_intremap = 1;
|
||||
|
||||
DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb);
|
||||
|
||||
--- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h
|
||||
+++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h
|
||||
@@ -100,6 +100,7 @@ void amd_iommu_read_msi_from_ire(
|
||||
|
||||
extern struct ioapic_sbdf {
|
||||
u16 bdf, seg;
|
||||
+ unsigned long *pin_setup;
|
||||
} ioapic_sbdf[MAX_IO_APICS];
|
||||
extern void *shared_intremap_table;
|
||||
|
||||
@ -0,0 +1,77 @@
|
||||
x86: clear EFLAGS.NT in SYSENTER entry path
|
||||
|
||||
... as it causes problems if we happen to exit back via IRET: In the
|
||||
course of trying to handle the fault, the hypervisor creates a stack
|
||||
frame by hand, and uses PUSHFQ to set the respective EFLAGS field, but
|
||||
expects to be able to IRET through that stack frame to the second
|
||||
portion of the fixup code (which causes a #GP due to the stored EFLAGS
|
||||
having NT set).
|
||||
|
||||
And even if this worked (e.g if we cleared NT in that path), it would
|
||||
then (through the fail safe callback) cause a #GP in the guest with the
|
||||
SYSENTER handler's first instruction as the source, which in turn would
|
||||
allow guest user mode code to crash the guest kernel.
|
||||
|
||||
Inject a #GP on the fake (NULL) address of the SYSENTER instruction
|
||||
instead, just like in the case where the guest kernel didn't register
|
||||
a corresponding entry point.
|
||||
|
||||
On 32-bit we also need to make sure we clear SYSENTER_CS for all CPUs
|
||||
(neither #RESET nor #INIT guarantee this).
|
||||
|
||||
This is CVE-2013-1917 / XSA-44.
|
||||
|
||||
Reported-by: Andrew Cooper <andrew.cooper3@citirx.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/acpi/suspend.c
|
||||
+++ b/xen/arch/x86/acpi/suspend.c
|
||||
@@ -81,8 +81,12 @@ void restore_rest_processor_state(void)
|
||||
}
|
||||
|
||||
#else /* !defined(CONFIG_X86_64) */
|
||||
- if ( supervisor_mode_kernel && cpu_has_sep )
|
||||
- wrmsr(MSR_IA32_SYSENTER_ESP, &this_cpu(init_tss).esp1, 0);
|
||||
+ if ( cpu_has_sep )
|
||||
+ {
|
||||
+ wrmsr(MSR_IA32_SYSENTER_CS, 0, 0);
|
||||
+ if ( supervisor_mode_kernel )
|
||||
+ wrmsr(MSR_IA32_SYSENTER_ESP, &this_cpu(init_tss).esp1, 0);
|
||||
+ }
|
||||
#endif
|
||||
|
||||
/* Maybe load the debug registers. */
|
||||
--- a/xen/arch/x86/cpu/common.c
|
||||
+++ b/xen/arch/x86/cpu/common.c
|
||||
@@ -655,8 +655,11 @@ void __cpuinit cpu_init(void)
|
||||
#if defined(CONFIG_X86_32)
|
||||
t->ss0 = __HYPERVISOR_DS;
|
||||
t->esp0 = get_stack_bottom();
|
||||
- if ( supervisor_mode_kernel && cpu_has_sep )
|
||||
+ if ( cpu_has_sep ) {
|
||||
+ wrmsr(MSR_IA32_SYSENTER_CS, 0, 0);
|
||||
+ if ( supervisor_mode_kernel )
|
||||
wrmsr(MSR_IA32_SYSENTER_ESP, &t->esp1, 0);
|
||||
+ }
|
||||
#elif defined(CONFIG_X86_64)
|
||||
/* Bottom-of-stack must be 16-byte aligned! */
|
||||
BUG_ON((get_stack_bottom() & 15) != 0);
|
||||
--- a/xen/arch/x86/x86_64/entry.S
|
||||
+++ b/xen/arch/x86/x86_64/entry.S
|
||||
@@ -284,7 +284,14 @@ sysenter_eflags_saved:
|
||||
cmpb $0,VCPU_sysenter_disables_events(%rbx)
|
||||
movq VCPU_sysenter_addr(%rbx),%rax
|
||||
setne %cl
|
||||
+ testl $X86_EFLAGS_NT,UREGS_eflags(%rsp)
|
||||
leaq VCPU_trap_bounce(%rbx),%rdx
|
||||
+UNLIKELY_START(nz, sysenter_nt_set)
|
||||
+ pushfq
|
||||
+ andl $~X86_EFLAGS_NT,(%rsp)
|
||||
+ popfq
|
||||
+ xorl %eax,%eax
|
||||
+UNLIKELY_END(sysenter_nt_set)
|
||||
testq %rax,%rax
|
||||
leal (,%rcx,TBF_INTERRUPT),%ecx
|
||||
UNLIKELY_START(z, sysenter_gpf)
|
||||
@ -0,0 +1,252 @@
|
||||
x86: make vcpu_destroy_pagetables() preemptible
|
||||
|
||||
... as it may take significant amounts of time.
|
||||
|
||||
The function, being moved to mm.c as the better home for it anyway, and
|
||||
to avoid having to make a new helper function there non-static, is
|
||||
given a "preemptible" parameter temporarily (until, in a subsequent
|
||||
patch, its other caller is also being made capable of dealing with
|
||||
preemption).
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/domain.c
|
||||
+++ b/xen/arch/x86/domain.c
|
||||
@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly =
|
||||
static void paravirt_ctxt_switch_from(struct vcpu *v);
|
||||
static void paravirt_ctxt_switch_to(struct vcpu *v);
|
||||
|
||||
-static void vcpu_destroy_pagetables(struct vcpu *v);
|
||||
-
|
||||
static void default_idle(void)
|
||||
{
|
||||
local_irq_disable();
|
||||
@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v)
|
||||
if ( !is_hvm_vcpu(v) )
|
||||
{
|
||||
destroy_gdt(v);
|
||||
- vcpu_destroy_pagetables(v);
|
||||
+ vcpu_destroy_pagetables(v, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -2069,63 +2067,6 @@ static int relinquish_memory(
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static void vcpu_destroy_pagetables(struct vcpu *v)
|
||||
-{
|
||||
- struct domain *d = v->domain;
|
||||
- unsigned long pfn;
|
||||
-
|
||||
-#ifdef __x86_64__
|
||||
- if ( is_pv_32on64_vcpu(v) )
|
||||
- {
|
||||
- pfn = l4e_get_pfn(*(l4_pgentry_t *)
|
||||
- __va(pagetable_get_paddr(v->arch.guest_table)));
|
||||
-
|
||||
- if ( pfn != 0 )
|
||||
- {
|
||||
- if ( paging_mode_refcounts(d) )
|
||||
- put_page(mfn_to_page(pfn));
|
||||
- else
|
||||
- put_page_and_type(mfn_to_page(pfn));
|
||||
- }
|
||||
-
|
||||
- l4e_write(
|
||||
- (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
|
||||
- l4e_empty());
|
||||
-
|
||||
- v->arch.cr3 = 0;
|
||||
- return;
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
- pfn = pagetable_get_pfn(v->arch.guest_table);
|
||||
- if ( pfn != 0 )
|
||||
- {
|
||||
- if ( paging_mode_refcounts(d) )
|
||||
- put_page(mfn_to_page(pfn));
|
||||
- else
|
||||
- put_page_and_type(mfn_to_page(pfn));
|
||||
- v->arch.guest_table = pagetable_null();
|
||||
- }
|
||||
-
|
||||
-#ifdef __x86_64__
|
||||
- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
|
||||
- pfn = pagetable_get_pfn(v->arch.guest_table_user);
|
||||
- if ( pfn != 0 )
|
||||
- {
|
||||
- if ( !is_pv_32bit_vcpu(v) )
|
||||
- {
|
||||
- if ( paging_mode_refcounts(d) )
|
||||
- put_page(mfn_to_page(pfn));
|
||||
- else
|
||||
- put_page_and_type(mfn_to_page(pfn));
|
||||
- }
|
||||
- v->arch.guest_table_user = pagetable_null();
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
- v->arch.cr3 = 0;
|
||||
-}
|
||||
-
|
||||
int domain_relinquish_resources(struct domain *d)
|
||||
{
|
||||
int ret;
|
||||
@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d
|
||||
|
||||
/* Drop the in-use references to page-table bases. */
|
||||
for_each_vcpu ( d, v )
|
||||
- vcpu_destroy_pagetables(v);
|
||||
+ {
|
||||
+ ret = vcpu_destroy_pagetables(v, 1);
|
||||
+ if ( ret )
|
||||
+ return ret;
|
||||
+ }
|
||||
|
||||
if ( !is_hvm_domain(d) )
|
||||
{
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -2808,6 +2808,82 @@ static void put_superpage(unsigned long
|
||||
|
||||
#endif
|
||||
|
||||
+static int put_old_guest_table(struct vcpu *v)
|
||||
+{
|
||||
+ int rc;
|
||||
+
|
||||
+ if ( !v->arch.old_guest_table )
|
||||
+ return 0;
|
||||
+
|
||||
+ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) )
|
||||
+ {
|
||||
+ case -EINTR:
|
||||
+ case -EAGAIN:
|
||||
+ return -EAGAIN;
|
||||
+ }
|
||||
+
|
||||
+ v->arch.old_guest_table = NULL;
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
|
||||
+{
|
||||
+ unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
|
||||
+ struct page_info *page;
|
||||
+ int rc = put_old_guest_table(v);
|
||||
+
|
||||
+ if ( rc )
|
||||
+ return rc;
|
||||
+
|
||||
+#ifdef __x86_64__
|
||||
+ if ( is_pv_32on64_vcpu(v) )
|
||||
+ mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn));
|
||||
+#endif
|
||||
+
|
||||
+ if ( mfn )
|
||||
+ {
|
||||
+ page = mfn_to_page(mfn);
|
||||
+ if ( paging_mode_refcounts(v->domain) )
|
||||
+ put_page(page);
|
||||
+ else
|
||||
+ rc = put_page_and_type_preemptible(page, preemptible);
|
||||
+ }
|
||||
+
|
||||
+#ifdef __x86_64__
|
||||
+ if ( is_pv_32on64_vcpu(v) )
|
||||
+ {
|
||||
+ if ( !rc )
|
||||
+ l4e_write(
|
||||
+ (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)),
|
||||
+ l4e_empty());
|
||||
+ }
|
||||
+ else
|
||||
+#endif
|
||||
+ if ( !rc )
|
||||
+ {
|
||||
+ v->arch.guest_table = pagetable_null();
|
||||
+
|
||||
+#ifdef __x86_64__
|
||||
+ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
|
||||
+ mfn = pagetable_get_pfn(v->arch.guest_table_user);
|
||||
+ if ( mfn )
|
||||
+ {
|
||||
+ page = mfn_to_page(mfn);
|
||||
+ if ( paging_mode_refcounts(v->domain) )
|
||||
+ put_page(page);
|
||||
+ else
|
||||
+ rc = put_page_and_type_preemptible(page, preemptible);
|
||||
+ }
|
||||
+ if ( !rc )
|
||||
+ v->arch.guest_table_user = pagetable_null();
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
+ v->arch.cr3 = 0;
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
|
||||
int new_guest_cr3(unsigned long mfn)
|
||||
{
|
||||
@@ -2994,12 +3070,21 @@ long do_mmuext_op(
|
||||
unsigned int foreigndom)
|
||||
{
|
||||
struct mmuext_op op;
|
||||
- int rc = 0, i = 0, okay;
|
||||
unsigned long type;
|
||||
- unsigned int done = 0;
|
||||
+ unsigned int i = 0, done = 0;
|
||||
struct vcpu *curr = current;
|
||||
struct domain *d = curr->domain;
|
||||
struct domain *pg_owner;
|
||||
+ int okay, rc = put_old_guest_table(curr);
|
||||
+
|
||||
+ if ( unlikely(rc) )
|
||||
+ {
|
||||
+ if ( likely(rc == -EAGAIN) )
|
||||
+ rc = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone,
|
||||
+ foreigndom);
|
||||
+ return rc;
|
||||
+ }
|
||||
|
||||
if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
|
||||
{
|
||||
--- a/xen/arch/x86/x86_64/compat/mm.c
|
||||
+++ b/xen/arch/x86/x86_64/compat/mm.c
|
||||
@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
|
||||
: mcs->call.args[1];
|
||||
unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED;
|
||||
|
||||
- BUG_ON(left == arg1);
|
||||
+ BUG_ON(left == arg1 && left != i);
|
||||
BUG_ON(left > count);
|
||||
guest_handle_add_offset(nat_ops, i - left);
|
||||
guest_handle_subtract_offset(cmp_uops, left);
|
||||
--- a/xen/include/asm-x86/domain.h
|
||||
+++ b/xen/include/asm-x86/domain.h
|
||||
@@ -464,6 +464,7 @@ struct arch_vcpu
|
||||
pagetable_t guest_table_user; /* (MFN) x86/64 user-space pagetable */
|
||||
#endif
|
||||
pagetable_t guest_table; /* (MFN) guest notion of cr3 */
|
||||
+ struct page_info *old_guest_table; /* partially destructed pagetable */
|
||||
/* guest_table holds a ref to the page, and also a type-count unless
|
||||
* shadow refcounts are in use */
|
||||
pagetable_t shadow_table[4]; /* (MFN) shadow(s) of guest */
|
||||
--- a/xen/include/asm-x86/mm.h
|
||||
+++ b/xen/include/asm-x86/mm.h
|
||||
@@ -605,6 +605,7 @@ void audit_domains(void);
|
||||
int new_guest_cr3(unsigned long pfn);
|
||||
void make_cr3(struct vcpu *v, unsigned long mfn);
|
||||
void update_cr3(struct vcpu *v);
|
||||
+int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
|
||||
void propagate_page_fault(unsigned long addr, u16 error_code);
|
||||
void *do_page_walk(struct vcpu *v, unsigned long addr);
|
||||
|
||||
@ -0,0 +1,169 @@
|
||||
x86: make new_guest_cr3() preemptible
|
||||
|
||||
... as it may take significant amounts of time.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -2889,44 +2889,69 @@ int new_guest_cr3(unsigned long mfn)
|
||||
{
|
||||
struct vcpu *curr = current;
|
||||
struct domain *d = curr->domain;
|
||||
- int okay;
|
||||
+ int rc;
|
||||
unsigned long old_base_mfn;
|
||||
|
||||
#ifdef __x86_64__
|
||||
if ( is_pv_32on64_domain(d) )
|
||||
{
|
||||
- okay = paging_mode_refcounts(d)
|
||||
- ? 0 /* Old code was broken, but what should it be? */
|
||||
- : mod_l4_entry(
|
||||
+ rc = paging_mode_refcounts(d)
|
||||
+ ? -EINVAL /* Old code was broken, but what should it be? */
|
||||
+ : mod_l4_entry(
|
||||
__va(pagetable_get_paddr(curr->arch.guest_table)),
|
||||
l4e_from_pfn(
|
||||
mfn,
|
||||
(_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)),
|
||||
- pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0;
|
||||
- if ( unlikely(!okay) )
|
||||
+ pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr);
|
||||
+ switch ( rc )
|
||||
{
|
||||
+ case 0:
|
||||
+ break;
|
||||
+ case -EINTR:
|
||||
+ case -EAGAIN:
|
||||
+ return -EAGAIN;
|
||||
+ default:
|
||||
MEM_LOG("Error while installing new compat baseptr %lx", mfn);
|
||||
- return 0;
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
invalidate_shadow_ldt(curr, 0);
|
||||
write_ptbase(curr);
|
||||
|
||||
- return 1;
|
||||
+ return 0;
|
||||
}
|
||||
#endif
|
||||
- okay = paging_mode_refcounts(d)
|
||||
- ? get_page_from_pagenr(mfn, d)
|
||||
- : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0);
|
||||
- if ( unlikely(!okay) )
|
||||
+ rc = put_old_guest_table(curr);
|
||||
+ if ( unlikely(rc) )
|
||||
+ return rc;
|
||||
+
|
||||
+ old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
|
||||
+ /*
|
||||
+ * This is particularly important when getting restarted after the
|
||||
+ * previous attempt got preempted in the put-old-MFN phase.
|
||||
+ */
|
||||
+ if ( old_base_mfn == mfn )
|
||||
{
|
||||
- MEM_LOG("Error while installing new baseptr %lx", mfn);
|
||||
+ write_ptbase(curr);
|
||||
return 0;
|
||||
}
|
||||
|
||||
- invalidate_shadow_ldt(curr, 0);
|
||||
+ rc = paging_mode_refcounts(d)
|
||||
+ ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL)
|
||||
+ : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1);
|
||||
+ switch ( rc )
|
||||
+ {
|
||||
+ case 0:
|
||||
+ break;
|
||||
+ case -EINTR:
|
||||
+ case -EAGAIN:
|
||||
+ return -EAGAIN;
|
||||
+ default:
|
||||
+ MEM_LOG("Error while installing new baseptr %lx", mfn);
|
||||
+ return rc;
|
||||
+ }
|
||||
|
||||
- old_base_mfn = pagetable_get_pfn(curr->arch.guest_table);
|
||||
+ invalidate_shadow_ldt(curr, 0);
|
||||
|
||||
curr->arch.guest_table = pagetable_from_pfn(mfn);
|
||||
update_cr3(curr);
|
||||
@@ -2935,13 +2960,25 @@ int new_guest_cr3(unsigned long mfn)
|
||||
|
||||
if ( likely(old_base_mfn != 0) )
|
||||
{
|
||||
+ struct page_info *page = mfn_to_page(old_base_mfn);
|
||||
+
|
||||
if ( paging_mode_refcounts(d) )
|
||||
- put_page(mfn_to_page(old_base_mfn));
|
||||
+ put_page(page);
|
||||
else
|
||||
- put_page_and_type(mfn_to_page(old_base_mfn));
|
||||
+ switch ( rc = put_page_and_type_preemptible(page, 1) )
|
||||
+ {
|
||||
+ case -EINTR:
|
||||
+ rc = -EAGAIN;
|
||||
+ case -EAGAIN:
|
||||
+ curr->arch.old_guest_table = page;
|
||||
+ break;
|
||||
+ default:
|
||||
+ BUG_ON(rc);
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
- return 1;
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
static struct domain *get_pg_owner(domid_t domid)
|
||||
@@ -3239,8 +3276,13 @@ long do_mmuext_op(
|
||||
}
|
||||
|
||||
case MMUEXT_NEW_BASEPTR:
|
||||
- okay = (!paging_mode_translate(d)
|
||||
- && new_guest_cr3(op.arg1.mfn));
|
||||
+ if ( paging_mode_translate(d) )
|
||||
+ okay = 0;
|
||||
+ else
|
||||
+ {
|
||||
+ rc = new_guest_cr3(op.arg1.mfn);
|
||||
+ okay = !rc;
|
||||
+ }
|
||||
break;
|
||||
|
||||
|
||||
--- a/xen/arch/x86/traps.c
|
||||
+++ b/xen/arch/x86/traps.c
|
||||
@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct
|
||||
#endif
|
||||
}
|
||||
page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC);
|
||||
- rc = page ? new_guest_cr3(page_to_mfn(page)) : 0;
|
||||
if ( page )
|
||||
+ {
|
||||
+ rc = new_guest_cr3(page_to_mfn(page));
|
||||
put_page(page);
|
||||
+ }
|
||||
+ else
|
||||
+ rc = -EINVAL;
|
||||
domain_unlock(v->domain);
|
||||
- if ( rc == 0 ) /* not okay */
|
||||
+ switch ( rc )
|
||||
+ {
|
||||
+ case 0:
|
||||
+ break;
|
||||
+ case -EAGAIN: /* retry after preemption */
|
||||
+ goto skip;
|
||||
+ default: /* not okay */
|
||||
goto fail;
|
||||
+ }
|
||||
break;
|
||||
}
|
||||
|
||||
@ -0,0 +1,74 @@
|
||||
x86: make MMUEXT_NEW_USER_BASEPTR preemptible
|
||||
|
||||
... as it may take significant amounts of time.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -3296,29 +3296,56 @@ long do_mmuext_op(
|
||||
break;
|
||||
}
|
||||
|
||||
+ old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
|
||||
+ /*
|
||||
+ * This is particularly important when getting restarted after the
|
||||
+ * previous attempt got preempted in the put-old-MFN phase.
|
||||
+ */
|
||||
+ if ( old_mfn == op.arg1.mfn )
|
||||
+ break;
|
||||
+
|
||||
if ( op.arg1.mfn != 0 )
|
||||
{
|
||||
if ( paging_mode_refcounts(d) )
|
||||
okay = get_page_from_pagenr(op.arg1.mfn, d);
|
||||
else
|
||||
- okay = !get_page_and_type_from_pagenr(
|
||||
- op.arg1.mfn, PGT_root_page_table, d, 0, 0);
|
||||
+ {
|
||||
+ rc = get_page_and_type_from_pagenr(
|
||||
+ op.arg1.mfn, PGT_root_page_table, d, 0, 1);
|
||||
+ okay = !rc;
|
||||
+ }
|
||||
if ( unlikely(!okay) )
|
||||
{
|
||||
- MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn);
|
||||
+ if ( rc == -EINTR )
|
||||
+ rc = -EAGAIN;
|
||||
+ else if ( rc != -EAGAIN )
|
||||
+ MEM_LOG("Error while installing new mfn %lx",
|
||||
+ op.arg1.mfn);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
- old_mfn = pagetable_get_pfn(curr->arch.guest_table_user);
|
||||
curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn);
|
||||
|
||||
if ( old_mfn != 0 )
|
||||
{
|
||||
+ struct page_info *page = mfn_to_page(old_mfn);
|
||||
+
|
||||
if ( paging_mode_refcounts(d) )
|
||||
- put_page(mfn_to_page(old_mfn));
|
||||
+ put_page(page);
|
||||
else
|
||||
- put_page_and_type(mfn_to_page(old_mfn));
|
||||
+ switch ( rc = put_page_and_type_preemptible(page, 1) )
|
||||
+ {
|
||||
+ case -EINTR:
|
||||
+ rc = -EAGAIN;
|
||||
+ case -EAGAIN:
|
||||
+ curr->arch.old_guest_table = page;
|
||||
+ okay = 0;
|
||||
+ break;
|
||||
+ default:
|
||||
+ BUG_ON(rc);
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
break;
|
||||
@ -0,0 +1,200 @@
|
||||
x86: make vcpu_reset() preemptible
|
||||
|
||||
... as dropping the old page tables may take significant amounts of
|
||||
time.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/domain.c
|
||||
+++ b/xen/arch/x86/domain.c
|
||||
@@ -1051,17 +1051,16 @@ int arch_set_info_guest(
|
||||
#undef c
|
||||
}
|
||||
|
||||
-void arch_vcpu_reset(struct vcpu *v)
|
||||
+int arch_vcpu_reset(struct vcpu *v)
|
||||
{
|
||||
if ( !is_hvm_vcpu(v) )
|
||||
{
|
||||
destroy_gdt(v);
|
||||
- vcpu_destroy_pagetables(v, 0);
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
- vcpu_end_shutdown_deferral(v);
|
||||
+ return vcpu_destroy_pagetables(v);
|
||||
}
|
||||
+
|
||||
+ vcpu_end_shutdown_deferral(v);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d
|
||||
/* Drop the in-use references to page-table bases. */
|
||||
for_each_vcpu ( d, v )
|
||||
{
|
||||
- ret = vcpu_destroy_pagetables(v, 1);
|
||||
+ ret = vcpu_destroy_pagetables(v);
|
||||
if ( ret )
|
||||
return ret;
|
||||
}
|
||||
--- a/xen/arch/x86/hvm/hvm.c
|
||||
+++ b/xen/arch/x86/hvm/hvm.c
|
||||
@@ -3509,8 +3509,11 @@ static void hvm_s3_suspend(struct domain
|
||||
|
||||
for_each_vcpu ( d, v )
|
||||
{
|
||||
+ int rc;
|
||||
+
|
||||
vlapic_reset(vcpu_vlapic(v));
|
||||
- vcpu_reset(v);
|
||||
+ rc = vcpu_reset(v);
|
||||
+ ASSERT(!rc);
|
||||
}
|
||||
|
||||
vpic_reset(d);
|
||||
--- a/xen/arch/x86/hvm/vlapic.c
|
||||
+++ b/xen/arch/x86/hvm/vlapic.c
|
||||
@@ -252,10 +252,13 @@ static void vlapic_init_sipi_action(unsi
|
||||
{
|
||||
case APIC_DM_INIT: {
|
||||
bool_t fpu_initialised;
|
||||
+ int rc;
|
||||
+
|
||||
domain_lock(target->domain);
|
||||
/* Reset necessary VCPU state. This does not include FPU state. */
|
||||
fpu_initialised = target->fpu_initialised;
|
||||
- vcpu_reset(target);
|
||||
+ rc = vcpu_reset(target);
|
||||
+ ASSERT(!rc);
|
||||
target->fpu_initialised = fpu_initialised;
|
||||
vlapic_reset(vcpu_vlapic(target));
|
||||
domain_unlock(target->domain);
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -2827,7 +2827,7 @@ static int put_old_guest_table(struct vc
|
||||
return rc;
|
||||
}
|
||||
|
||||
-int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
|
||||
+int vcpu_destroy_pagetables(struct vcpu *v)
|
||||
{
|
||||
unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
|
||||
struct page_info *page;
|
||||
@@ -2847,7 +2847,7 @@ int vcpu_destroy_pagetables(struct vcpu
|
||||
if ( paging_mode_refcounts(v->domain) )
|
||||
put_page(page);
|
||||
else
|
||||
- rc = put_page_and_type_preemptible(page, preemptible);
|
||||
+ rc = put_page_and_type_preemptible(page, 1);
|
||||
}
|
||||
|
||||
#ifdef __x86_64__
|
||||
@@ -2873,7 +2873,7 @@ int vcpu_destroy_pagetables(struct vcpu
|
||||
if ( paging_mode_refcounts(v->domain) )
|
||||
put_page(page);
|
||||
else
|
||||
- rc = put_page_and_type_preemptible(page, preemptible);
|
||||
+ rc = put_page_and_type_preemptible(page, 1);
|
||||
}
|
||||
if ( !rc )
|
||||
v->arch.guest_table_user = pagetable_null();
|
||||
--- a/xen/common/domain.c
|
||||
+++ b/xen/common/domain.c
|
||||
@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller(
|
||||
domain_unpause(d);
|
||||
}
|
||||
|
||||
-void vcpu_reset(struct vcpu *v)
|
||||
+int vcpu_reset(struct vcpu *v)
|
||||
{
|
||||
struct domain *d = v->domain;
|
||||
+ int rc;
|
||||
|
||||
vcpu_pause(v);
|
||||
domain_lock(d);
|
||||
|
||||
- arch_vcpu_reset(v);
|
||||
+ set_bit(_VPF_in_reset, &v->pause_flags);
|
||||
+ rc = arch_vcpu_reset(v);
|
||||
+ if ( rc )
|
||||
+ goto out_unlock;
|
||||
|
||||
set_bit(_VPF_down, &v->pause_flags);
|
||||
|
||||
@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v)
|
||||
#endif
|
||||
cpumask_clear(v->cpu_affinity_tmp);
|
||||
clear_bit(_VPF_blocked, &v->pause_flags);
|
||||
+ clear_bit(_VPF_in_reset, &v->pause_flags);
|
||||
|
||||
+ out_unlock:
|
||||
domain_unlock(v->domain);
|
||||
vcpu_unpause(v);
|
||||
+
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
|
||||
--- a/xen/common/domctl.c
|
||||
+++ b/xen/common/domctl.c
|
||||
@@ -306,8 +306,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
|
||||
|
||||
if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
|
||||
{
|
||||
- vcpu_reset(v);
|
||||
- ret = 0;
|
||||
+ ret = vcpu_reset(v);
|
||||
+ if ( ret == -EAGAIN )
|
||||
+ ret = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_domctl, "h", u_domctl);
|
||||
goto svc_out;
|
||||
}
|
||||
|
||||
--- a/xen/include/asm-x86/mm.h
|
||||
+++ b/xen/include/asm-x86/mm.h
|
||||
@@ -605,7 +605,7 @@ void audit_domains(void);
|
||||
int new_guest_cr3(unsigned long pfn);
|
||||
void make_cr3(struct vcpu *v, unsigned long mfn);
|
||||
void update_cr3(struct vcpu *v);
|
||||
-int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
|
||||
+int vcpu_destroy_pagetables(struct vcpu *);
|
||||
void propagate_page_fault(unsigned long addr, u16 error_code);
|
||||
void *do_page_walk(struct vcpu *v, unsigned long addr);
|
||||
|
||||
--- a/xen/include/xen/domain.h
|
||||
+++ b/xen/include/xen/domain.h
|
||||
@@ -13,7 +13,7 @@ typedef union {
|
||||
struct vcpu *alloc_vcpu(
|
||||
struct domain *d, unsigned int vcpu_id, unsigned int cpu_id);
|
||||
struct vcpu *alloc_dom0_vcpu0(void);
|
||||
-void vcpu_reset(struct vcpu *v);
|
||||
+int vcpu_reset(struct vcpu *);
|
||||
|
||||
struct xen_domctl_getdomaininfo;
|
||||
void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info);
|
||||
@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v)
|
||||
|
||||
void arch_dump_domain_info(struct domain *d);
|
||||
|
||||
-void arch_vcpu_reset(struct vcpu *v);
|
||||
+int arch_vcpu_reset(struct vcpu *);
|
||||
|
||||
extern spinlock_t vcpu_alloc_lock;
|
||||
bool_t domctl_lock_acquire(void);
|
||||
--- a/xen/include/xen/sched.h
|
||||
+++ b/xen/include/xen/sched.h
|
||||
@@ -644,6 +644,9 @@ static inline struct domain *next_domain
|
||||
/* VCPU is blocked due to missing mem_sharing ring. */
|
||||
#define _VPF_mem_sharing 6
|
||||
#define VPF_mem_sharing (1UL<<_VPF_mem_sharing)
|
||||
+ /* VCPU is being reset. */
|
||||
+#define _VPF_in_reset 7
|
||||
+#define VPF_in_reset (1UL<<_VPF_in_reset)
|
||||
|
||||
static inline int vcpu_runnable(struct vcpu *v)
|
||||
{
|
||||
@ -0,0 +1,204 @@
|
||||
x86: make arch_set_info_guest() preemptible
|
||||
|
||||
.. as the root page table validation (and the dropping of an eventual
|
||||
old one) can require meaningful amounts of time.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/domain.c
|
||||
+++ b/xen/arch/x86/domain.c
|
||||
@@ -858,6 +858,9 @@ int arch_set_info_guest(
|
||||
|
||||
if ( !v->is_initialised )
|
||||
{
|
||||
+ if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] )
|
||||
+ return -EINVAL;
|
||||
+
|
||||
v->arch.pv_vcpu.ldt_base = c(ldt_base);
|
||||
v->arch.pv_vcpu.ldt_ents = c(ldt_ents);
|
||||
}
|
||||
@@ -955,24 +958,44 @@ int arch_set_info_guest(
|
||||
if ( rc != 0 )
|
||||
return rc;
|
||||
|
||||
+ set_bit(_VPF_in_reset, &v->pause_flags);
|
||||
+
|
||||
if ( !compat )
|
||||
- {
|
||||
cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]);
|
||||
- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
|
||||
-
|
||||
- if ( !cr3_page )
|
||||
- {
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
- }
|
||||
- if ( !paging_mode_refcounts(d)
|
||||
- && !get_page_type(cr3_page, PGT_base_page_table) )
|
||||
- {
|
||||
- put_page(cr3_page);
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
- }
|
||||
+#ifdef CONFIG_COMPAT
|
||||
+ else
|
||||
+ cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
|
||||
+#endif
|
||||
+ cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
|
||||
|
||||
+ if ( !cr3_page )
|
||||
+ rc = -EINVAL;
|
||||
+ else if ( paging_mode_refcounts(d) )
|
||||
+ /* nothing */;
|
||||
+ else if ( cr3_page == v->arch.old_guest_table )
|
||||
+ {
|
||||
+ v->arch.old_guest_table = NULL;
|
||||
+ put_page(cr3_page);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /*
|
||||
+ * Since v->arch.guest_table{,_user} are both NULL, this effectively
|
||||
+ * is just a call to put_old_guest_table().
|
||||
+ */
|
||||
+ if ( !compat )
|
||||
+ rc = vcpu_destroy_pagetables(v);
|
||||
+ if ( !rc )
|
||||
+ rc = get_page_type_preemptible(cr3_page,
|
||||
+ !compat ? PGT_root_page_table
|
||||
+ : PGT_l3_page_table);
|
||||
+ if ( rc == -EINTR )
|
||||
+ rc = -EAGAIN;
|
||||
+ }
|
||||
+ if ( rc )
|
||||
+ /* handled below */;
|
||||
+ else if ( !compat )
|
||||
+ {
|
||||
v->arch.guest_table = pagetable_from_page(cr3_page);
|
||||
#ifdef __x86_64__
|
||||
if ( c.nat->ctrlreg[1] )
|
||||
@@ -980,56 +1003,44 @@ int arch_set_info_guest(
|
||||
cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]);
|
||||
cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
|
||||
|
||||
- if ( !cr3_page ||
|
||||
- (!paging_mode_refcounts(d)
|
||||
- && !get_page_type(cr3_page, PGT_base_page_table)) )
|
||||
+ if ( !cr3_page )
|
||||
+ rc = -EINVAL;
|
||||
+ else if ( !paging_mode_refcounts(d) )
|
||||
{
|
||||
- if (cr3_page)
|
||||
- put_page(cr3_page);
|
||||
- cr3_page = pagetable_get_page(v->arch.guest_table);
|
||||
- v->arch.guest_table = pagetable_null();
|
||||
- if ( paging_mode_refcounts(d) )
|
||||
- put_page(cr3_page);
|
||||
- else
|
||||
- put_page_and_type(cr3_page);
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
+ rc = get_page_type_preemptible(cr3_page, PGT_root_page_table);
|
||||
+ switch ( rc )
|
||||
+ {
|
||||
+ case -EINTR:
|
||||
+ rc = -EAGAIN;
|
||||
+ case -EAGAIN:
|
||||
+ v->arch.old_guest_table =
|
||||
+ pagetable_get_page(v->arch.guest_table);
|
||||
+ v->arch.guest_table = pagetable_null();
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
-
|
||||
- v->arch.guest_table_user = pagetable_from_page(cr3_page);
|
||||
- }
|
||||
- else if ( !(flags & VGCF_in_kernel) )
|
||||
- {
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
+ if ( !rc )
|
||||
+ v->arch.guest_table_user = pagetable_from_page(cr3_page);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
l4_pgentry_t *l4tab;
|
||||
|
||||
- cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]);
|
||||
- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC);
|
||||
-
|
||||
- if ( !cr3_page)
|
||||
- {
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
- }
|
||||
-
|
||||
- if (!paging_mode_refcounts(d)
|
||||
- && !get_page_type(cr3_page, PGT_l3_page_table) )
|
||||
- {
|
||||
- put_page(cr3_page);
|
||||
- destroy_gdt(v);
|
||||
- return -EINVAL;
|
||||
- }
|
||||
-
|
||||
l4tab = __va(pagetable_get_paddr(v->arch.guest_table));
|
||||
*l4tab = l4e_from_pfn(page_to_mfn(cr3_page),
|
||||
_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED);
|
||||
#endif
|
||||
}
|
||||
+ if ( rc )
|
||||
+ {
|
||||
+ if ( cr3_page )
|
||||
+ put_page(cr3_page);
|
||||
+ destroy_gdt(v);
|
||||
+ return rc;
|
||||
+ }
|
||||
+
|
||||
+ clear_bit(_VPF_in_reset, &v->pause_flags);
|
||||
|
||||
if ( v->vcpu_id == 0 )
|
||||
update_domain_wallclock_time(d);
|
||||
--- a/xen/common/compat/domain.c
|
||||
+++ b/xen/common/compat/domain.c
|
||||
@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid,
|
||||
rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt);
|
||||
domain_unlock(d);
|
||||
|
||||
+ if ( rc == -EAGAIN )
|
||||
+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
|
||||
+ cmd, vcpuid, arg);
|
||||
+
|
||||
xfree(cmp_ctxt);
|
||||
break;
|
||||
}
|
||||
--- a/xen/common/domain.c
|
||||
+++ b/xen/common/domain.c
|
||||
@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN
|
||||
domain_unlock(d);
|
||||
|
||||
free_vcpu_guest_context(ctxt);
|
||||
+
|
||||
+ if ( rc == -EAGAIN )
|
||||
+ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih",
|
||||
+ cmd, vcpuid, arg);
|
||||
+
|
||||
break;
|
||||
|
||||
case VCPUOP_up: {
|
||||
--- a/xen/common/domctl.c
|
||||
+++ b/xen/common/domctl.c
|
||||
@@ -338,6 +338,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
|
||||
domain_pause(d);
|
||||
ret = arch_set_info_guest(v, c);
|
||||
domain_unpause(d);
|
||||
+
|
||||
+ if ( ret == -EAGAIN )
|
||||
+ ret = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_domctl, "h", u_domctl);
|
||||
}
|
||||
|
||||
svc_out:
|
||||
@ -0,0 +1,127 @@
|
||||
x86: make page table unpinning preemptible
|
||||
|
||||
... as it may take significant amounts of time.
|
||||
|
||||
Since we can't re-invoke the operation in a second attempt, the
|
||||
continuation logic must be slightly tweaked so that we make sure
|
||||
do_mmuext_op() gets run one more time even when the preempted unpin
|
||||
operation was the last one in a batch.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -3123,6 +3123,14 @@ long do_mmuext_op(
|
||||
return rc;
|
||||
}
|
||||
|
||||
+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
|
||||
+ likely(guest_handle_is_null(uops)) )
|
||||
+ {
|
||||
+ /* See the curr->arch.old_guest_table related
|
||||
+ * hypercall_create_continuation() below. */
|
||||
+ return (int)foreigndom;
|
||||
+ }
|
||||
+
|
||||
if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
|
||||
{
|
||||
count &= ~MMU_UPDATE_PREEMPTED;
|
||||
@@ -3146,7 +3154,7 @@ long do_mmuext_op(
|
||||
|
||||
for ( i = 0; i < count; i++ )
|
||||
{
|
||||
- if ( hypercall_preempt_check() )
|
||||
+ if ( curr->arch.old_guest_table || hypercall_preempt_check() )
|
||||
{
|
||||
rc = -EAGAIN;
|
||||
break;
|
||||
@@ -3266,7 +3274,17 @@ long do_mmuext_op(
|
||||
break;
|
||||
}
|
||||
|
||||
- put_page_and_type(page);
|
||||
+ switch ( rc = put_page_and_type_preemptible(page, 1) )
|
||||
+ {
|
||||
+ case -EINTR:
|
||||
+ case -EAGAIN:
|
||||
+ curr->arch.old_guest_table = page;
|
||||
+ rc = 0;
|
||||
+ break;
|
||||
+ default:
|
||||
+ BUG_ON(rc);
|
||||
+ break;
|
||||
+ }
|
||||
put_page(page);
|
||||
|
||||
/* A page is dirtied when its pin status is cleared. */
|
||||
@@ -3587,9 +3605,27 @@ long do_mmuext_op(
|
||||
}
|
||||
|
||||
if ( rc == -EAGAIN )
|
||||
+ {
|
||||
+ ASSERT(i < count);
|
||||
rc = hypercall_create_continuation(
|
||||
__HYPERVISOR_mmuext_op, "hihi",
|
||||
uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
|
||||
+ }
|
||||
+ else if ( curr->arch.old_guest_table )
|
||||
+ {
|
||||
+ XEN_GUEST_HANDLE(void) null;
|
||||
+
|
||||
+ ASSERT(rc || i == count);
|
||||
+ set_xen_guest_handle(null, NULL);
|
||||
+ /*
|
||||
+ * In order to have a way to communicate the final return value to
|
||||
+ * our continuation, we pass this in place of "foreigndom", building
|
||||
+ * on the fact that this argument isn't needed anymore.
|
||||
+ */
|
||||
+ rc = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_mmuext_op, "hihi", null,
|
||||
+ MMU_UPDATE_PREEMPTED, null, rc);
|
||||
+ }
|
||||
|
||||
put_pg_owner(pg_owner);
|
||||
|
||||
--- a/xen/arch/x86/x86_64/compat/mm.c
|
||||
+++ b/xen/arch/x86/x86_64/compat/mm.c
|
||||
@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
|
||||
int rc = 0;
|
||||
XEN_GUEST_HANDLE(mmuext_op_t) nat_ops;
|
||||
|
||||
+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
|
||||
+ likely(guest_handle_is_null(cmp_uops)) )
|
||||
+ {
|
||||
+ set_xen_guest_handle(nat_ops, NULL);
|
||||
+ return do_mmuext_op(nat_ops, count, pdone, foreigndom);
|
||||
+ }
|
||||
+
|
||||
preempt_mask = count & MMU_UPDATE_PREEMPTED;
|
||||
count ^= preempt_mask;
|
||||
|
||||
@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm
|
||||
guest_handle_add_offset(nat_ops, i - left);
|
||||
guest_handle_subtract_offset(cmp_uops, left);
|
||||
left = 1;
|
||||
- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops));
|
||||
- BUG_ON(left != arg1);
|
||||
- if (!test_bit(_MCSF_in_multicall, &mcs->flags))
|
||||
- regs->_ecx += count - i;
|
||||
+ if ( arg1 != MMU_UPDATE_PREEMPTED )
|
||||
+ {
|
||||
+ BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops,
|
||||
+ cmp_uops));
|
||||
+ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) )
|
||||
+ regs->_ecx += count - i;
|
||||
+ else
|
||||
+ mcs->compat_call.args[1] += count - i;
|
||||
+ }
|
||||
else
|
||||
- mcs->compat_call.args[1] += count - i;
|
||||
+ BUG_ON(hypercall_xlat_continuation(&left, 0));
|
||||
+ BUG_ON(left != arg1);
|
||||
}
|
||||
else
|
||||
BUG_ON(err > 0);
|
||||
@ -0,0 +1,255 @@
|
||||
x86: make page table handling error paths preemptible
|
||||
|
||||
... as they may take significant amounts of time.
|
||||
|
||||
This requires cloning the tweaked continuation logic from
|
||||
do_mmuext_op() to do_mmu_update().
|
||||
|
||||
Note that in mod_l[34]_entry() a negative "preemptible" value gets
|
||||
passed to put_page_from_l[34]e() now, telling the callee to store the
|
||||
respective page in current->arch.old_guest_table (for a hypercall
|
||||
continuation to pick up), rather than carrying out the put right away.
|
||||
This is going to be made a little more explicit by a subsequent cleanup
|
||||
patch.
|
||||
|
||||
This is part of CVE-2013-1918 / XSA-45.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -1241,7 +1241,16 @@ static int put_page_from_l3e(l3_pgentry_
|
||||
#endif
|
||||
|
||||
if ( unlikely(partial > 0) )
|
||||
+ {
|
||||
+ ASSERT(preemptible >= 0);
|
||||
return __put_page_type(l3e_get_page(l3e), preemptible);
|
||||
+ }
|
||||
+
|
||||
+ if ( preemptible < 0 )
|
||||
+ {
|
||||
+ current->arch.old_guest_table = l3e_get_page(l3e);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible);
|
||||
}
|
||||
@@ -1254,7 +1263,17 @@ static int put_page_from_l4e(l4_pgentry_
|
||||
(l4e_get_pfn(l4e) != pfn) )
|
||||
{
|
||||
if ( unlikely(partial > 0) )
|
||||
+ {
|
||||
+ ASSERT(preemptible >= 0);
|
||||
return __put_page_type(l4e_get_page(l4e), preemptible);
|
||||
+ }
|
||||
+
|
||||
+ if ( preemptible < 0 )
|
||||
+ {
|
||||
+ current->arch.old_guest_table = l4e_get_page(l4e);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible);
|
||||
}
|
||||
return 1;
|
||||
@@ -1549,12 +1568,17 @@ static int alloc_l3_table(struct page_in
|
||||
if ( rc < 0 && rc != -EAGAIN && rc != -EINTR )
|
||||
{
|
||||
MEM_LOG("Failure in alloc_l3_table: entry %d", i);
|
||||
+ if ( i )
|
||||
+ {
|
||||
+ page->nr_validated_ptes = i;
|
||||
+ page->partial_pte = 0;
|
||||
+ current->arch.old_guest_table = page;
|
||||
+ }
|
||||
while ( i-- > 0 )
|
||||
{
|
||||
if ( !is_guest_l3_slot(i) )
|
||||
continue;
|
||||
unadjust_guest_l3e(pl3e[i], d);
|
||||
- put_page_from_l3e(pl3e[i], pfn, 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1584,22 +1608,24 @@ static int alloc_l4_table(struct page_in
|
||||
page->nr_validated_ptes = i;
|
||||
page->partial_pte = partial ?: 1;
|
||||
}
|
||||
- else if ( rc == -EINTR )
|
||||
+ else if ( rc < 0 )
|
||||
{
|
||||
+ if ( rc != -EINTR )
|
||||
+ MEM_LOG("Failure in alloc_l4_table: entry %d", i);
|
||||
if ( i )
|
||||
{
|
||||
page->nr_validated_ptes = i;
|
||||
page->partial_pte = 0;
|
||||
- rc = -EAGAIN;
|
||||
+ if ( rc == -EINTR )
|
||||
+ rc = -EAGAIN;
|
||||
+ else
|
||||
+ {
|
||||
+ if ( current->arch.old_guest_table )
|
||||
+ page->nr_validated_ptes++;
|
||||
+ current->arch.old_guest_table = page;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
- else if ( rc < 0 )
|
||||
- {
|
||||
- MEM_LOG("Failure in alloc_l4_table: entry %d", i);
|
||||
- while ( i-- > 0 )
|
||||
- if ( is_guest_l4_slot(d, i) )
|
||||
- put_page_from_l4e(pl4e[i], pfn, 0, 0);
|
||||
- }
|
||||
if ( rc < 0 )
|
||||
return rc;
|
||||
|
||||
@@ -2047,7 +2073,7 @@ static int mod_l3_entry(l3_pgentry_t *pl
|
||||
pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e);
|
||||
}
|
||||
|
||||
- put_page_from_l3e(ol3e, pfn, 0, 0);
|
||||
+ put_page_from_l3e(ol3e, pfn, 0, -preemptible);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -2110,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
- put_page_from_l4e(ol4e, pfn, 0, 0);
|
||||
+ put_page_from_l4e(ol4e, pfn, 0, -preemptible);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -2268,7 +2294,15 @@ static int alloc_page_type(struct page_i
|
||||
PRtype_info ": caf=%08lx taf=%" PRtype_info,
|
||||
page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)),
|
||||
type, page->count_info, page->u.inuse.type_info);
|
||||
- page->u.inuse.type_info = 0;
|
||||
+ if ( page != current->arch.old_guest_table )
|
||||
+ page->u.inuse.type_info = 0;
|
||||
+ else
|
||||
+ {
|
||||
+ ASSERT((page->u.inuse.type_info &
|
||||
+ (PGT_count_mask | PGT_validated)) == 1);
|
||||
+ get_page_light(page);
|
||||
+ page->u.inuse.type_info |= PGT_partial;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -3218,21 +3252,17 @@ long do_mmuext_op(
|
||||
}
|
||||
|
||||
if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 )
|
||||
- {
|
||||
- put_page_and_type(page);
|
||||
okay = 0;
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- if ( unlikely(test_and_set_bit(_PGT_pinned,
|
||||
- &page->u.inuse.type_info)) )
|
||||
+ else if ( unlikely(test_and_set_bit(_PGT_pinned,
|
||||
+ &page->u.inuse.type_info)) )
|
||||
{
|
||||
MEM_LOG("Mfn %lx already pinned", page_to_mfn(page));
|
||||
- put_page_and_type(page);
|
||||
okay = 0;
|
||||
- break;
|
||||
}
|
||||
|
||||
+ if ( unlikely(!okay) )
|
||||
+ goto pin_drop;
|
||||
+
|
||||
/* A page is dirtied when its pin status is set. */
|
||||
paging_mark_dirty(pg_owner, page_to_mfn(page));
|
||||
|
||||
@@ -3246,7 +3276,13 @@ long do_mmuext_op(
|
||||
&page->u.inuse.type_info));
|
||||
spin_unlock(&pg_owner->page_alloc_lock);
|
||||
if ( drop_ref )
|
||||
- put_page_and_type(page);
|
||||
+ {
|
||||
+ pin_drop:
|
||||
+ if ( type == PGT_l1_page_table )
|
||||
+ put_page_and_type(page);
|
||||
+ else
|
||||
+ curr->arch.old_guest_table = page;
|
||||
+ }
|
||||
}
|
||||
|
||||
break;
|
||||
@@ -3652,11 +3688,28 @@ long do_mmu_update(
|
||||
void *va;
|
||||
unsigned long gpfn, gmfn, mfn;
|
||||
struct page_info *page;
|
||||
- int rc = 0, i = 0;
|
||||
- unsigned int cmd, done = 0, pt_dom;
|
||||
- struct vcpu *v = current;
|
||||
+ unsigned int cmd, i = 0, done = 0, pt_dom;
|
||||
+ struct vcpu *curr = current, *v = curr;
|
||||
struct domain *d = v->domain, *pt_owner = d, *pg_owner;
|
||||
struct domain_mmap_cache mapcache;
|
||||
+ int rc = put_old_guest_table(curr);
|
||||
+
|
||||
+ if ( unlikely(rc) )
|
||||
+ {
|
||||
+ if ( likely(rc == -EAGAIN) )
|
||||
+ rc = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone,
|
||||
+ foreigndom);
|
||||
+ return rc;
|
||||
+ }
|
||||
+
|
||||
+ if ( unlikely(count == MMU_UPDATE_PREEMPTED) &&
|
||||
+ likely(guest_handle_is_null(ureqs)) )
|
||||
+ {
|
||||
+ /* See the curr->arch.old_guest_table related
|
||||
+ * hypercall_create_continuation() below. */
|
||||
+ return (int)foreigndom;
|
||||
+ }
|
||||
|
||||
if ( unlikely(count & MMU_UPDATE_PREEMPTED) )
|
||||
{
|
||||
@@ -3705,7 +3758,7 @@ long do_mmu_update(
|
||||
|
||||
for ( i = 0; i < count; i++ )
|
||||
{
|
||||
- if ( hypercall_preempt_check() )
|
||||
+ if ( curr->arch.old_guest_table || hypercall_preempt_check() )
|
||||
{
|
||||
rc = -EAGAIN;
|
||||
break;
|
||||
@@ -3886,9 +3939,27 @@ long do_mmu_update(
|
||||
}
|
||||
|
||||
if ( rc == -EAGAIN )
|
||||
+ {
|
||||
+ ASSERT(i < count);
|
||||
rc = hypercall_create_continuation(
|
||||
__HYPERVISOR_mmu_update, "hihi",
|
||||
ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom);
|
||||
+ }
|
||||
+ else if ( curr->arch.old_guest_table )
|
||||
+ {
|
||||
+ XEN_GUEST_HANDLE(void) null;
|
||||
+
|
||||
+ ASSERT(rc || i == count);
|
||||
+ set_xen_guest_handle(null, NULL);
|
||||
+ /*
|
||||
+ * In order to have a way to communicate the final return value to
|
||||
+ * our continuation, we pass this in place of "foreigndom", building
|
||||
+ * on the fact that this argument isn't needed anymore.
|
||||
+ */
|
||||
+ rc = hypercall_create_continuation(
|
||||
+ __HYPERVISOR_mmu_update, "hihi", null,
|
||||
+ MMU_UPDATE_PREEMPTED, null, rc);
|
||||
+ }
|
||||
|
||||
put_pg_owner(pg_owner);
|
||||
|
||||
@ -0,0 +1,31 @@
|
||||
defer event channel bucket pointer store until after XSM checks
|
||||
|
||||
Otherwise a dangling pointer can be left, which would cause subsequent
|
||||
memory corruption as soon as the space got re-allocated for some other
|
||||
purpose.
|
||||
|
||||
This is CVE-2013-1920 / XSA-47.
|
||||
|
||||
Reported-by: Wei Liu <wei.liu2@citrix.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/common/event_channel.c
|
||||
+++ b/xen/common/event_channel.c
|
||||
@@ -140,7 +140,6 @@ static int get_free_port(struct domain *
|
||||
chn = xzalloc_array(struct evtchn, EVTCHNS_PER_BUCKET);
|
||||
if ( unlikely(chn == NULL) )
|
||||
return -ENOMEM;
|
||||
- bucket_from_port(d, port) = chn;
|
||||
|
||||
for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ )
|
||||
{
|
||||
@@ -153,6 +152,8 @@ static int get_free_port(struct domain *
|
||||
}
|
||||
}
|
||||
|
||||
+ bucket_from_port(d, port) = chn;
|
||||
+
|
||||
return port;
|
||||
}
|
||||
|
||||
@ -0,0 +1,136 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.1-r3.ebuild,v 1.1 2013/05/15 18:03:57 idella4 Exp $
|
||||
|
||||
EAPI=5
|
||||
|
||||
PYTHON_COMPAT=( python{2_6,2_7} )
|
||||
|
||||
if [[ $PV == *9999 ]]; then
|
||||
KEYWORDS=""
|
||||
REPO="xen-unstable.hg"
|
||||
EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
|
||||
S="${WORKDIR}/${REPO}"
|
||||
live_eclass="mercurial"
|
||||
else
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
|
||||
fi
|
||||
|
||||
inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass}
|
||||
|
||||
DESCRIPTION="The Xen virtual machine monitor"
|
||||
HOMEPAGE="http://xen.org/"
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
IUSE="custom-cflags debug efi flask pae xsm"
|
||||
|
||||
DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] )
|
||||
!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
|
||||
RDEPEND=""
|
||||
PDEPEND="~app-emulation/xen-tools-${PV}"
|
||||
|
||||
RESTRICT="test"
|
||||
|
||||
# Approved by QA team in bug #144032
|
||||
QA_WX_LOAD="boot/xen-syms-${PV}"
|
||||
|
||||
REQUIRED_USE="
|
||||
flask? ( xsm )
|
||||
"
|
||||
|
||||
pkg_setup() {
|
||||
python-single-r1_pkg_setup
|
||||
if [[ -z ${XEN_TARGET_ARCH} ]]; then
|
||||
if use x86 && use amd64; then
|
||||
die "Confusion! Both x86 and amd64 are set in your use flags!"
|
||||
elif use x86; then
|
||||
export XEN_TARGET_ARCH="x86_32"
|
||||
elif use amd64; then
|
||||
export XEN_TARGET_ARCH="x86_64"
|
||||
else
|
||||
die "Unsupported architecture!"
|
||||
fi
|
||||
fi
|
||||
|
||||
if use flask ; then
|
||||
export "XSM_ENABLE=y"
|
||||
export "FLASK_ENABLE=y"
|
||||
elif use xsm ; then
|
||||
export "XSM_ENABLE=y"
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Drop .config and fix gcc-4.6
|
||||
epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch
|
||||
|
||||
if use efi; then
|
||||
epatch "${FILESDIR}"/${PN}-4.2-efi.patch
|
||||
export EFI_VENDOR="gentoo"
|
||||
export EFI_MOUNTPOINT="boot"
|
||||
fi
|
||||
|
||||
# if the user *really* wants to use their own custom-cflags, let them
|
||||
if use custom-cflags; then
|
||||
einfo "User wants their own CFLAGS - removing defaults"
|
||||
# try and remove all the default custom-cflags
|
||||
find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-i {} \; || die "failed to re-set custom-cflags"
|
||||
fi
|
||||
|
||||
# not strictly necessary to fix this
|
||||
sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
|
||||
|
||||
#Security patches
|
||||
epatch "${FILESDIR}"/${PN}-4-CVE-2012-5634-XSA-33.patch \
|
||||
"${FILESDIR}"/${PN}-4-CVE-2013-0151-XSA-34_35.patch \
|
||||
"${FILESDIR}"/${PN}-4-CVE-2013-0154-XSA-37.patch \
|
||||
"${FILESDIR}"/${PN}-4-CVE-2013-0153-XSA-36.patch \
|
||||
"${FILESDIR}"/${PN}-4-CVE-2013-1917-XSA-44.patch \
|
||||
"${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
use pae && myopt="${myopt} pae=y"
|
||||
|
||||
if use custom-cflags; then
|
||||
filter-flags -fPIE -fstack-protector
|
||||
replace-flags -O3 -O2
|
||||
else
|
||||
unset CFLAGS
|
||||
fi
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
# Send raw LDFLAGS so that --as-needed works
|
||||
emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
|
||||
}
|
||||
|
||||
src_install() {
|
||||
local myopt
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
use pae && myopt="${myopt} pae=y"
|
||||
|
||||
# The 'make install' doesn't 'mkdir -p' the subdirs
|
||||
if use efi; then
|
||||
mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
|
||||
fi
|
||||
|
||||
emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "Official Xen Guide and the unoffical wiki page:"
|
||||
elog " http://www.gentoo.org/doc/en/xen-guide.xml"
|
||||
elog " http://en.gentoo-wiki.com/wiki/Xen/"
|
||||
|
||||
use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
|
||||
use efi && einfo "The efi executable is installed in boot/efi/gentoo"
|
||||
}
|
||||
@ -0,0 +1,133 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.2.2.ebuild,v 1.2 2013/05/15 18:36:06 idella4 Exp $
|
||||
|
||||
EAPI=5
|
||||
|
||||
PYTHON_COMPAT=( python{2_6,2_7} )
|
||||
|
||||
if [[ $PV == *9999 ]]; then
|
||||
KEYWORDS=""
|
||||
REPO="xen-unstable.hg"
|
||||
EHG_REPO_URI="http://xenbits.xensource.com/${REPO}"
|
||||
S="${WORKDIR}/${REPO}"
|
||||
live_eclass="mercurial"
|
||||
else
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
SRC_URI="http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
|
||||
fi
|
||||
|
||||
inherit mount-boot flag-o-matic python-single-r1 toolchain-funcs ${live_eclass}
|
||||
|
||||
DESCRIPTION="The Xen virtual machine monitor"
|
||||
HOMEPAGE="http://xen.org/"
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
IUSE="custom-cflags debug efi flask pae xsm"
|
||||
|
||||
DEPEND="efi? ( >=sys-devel/binutils-2.22[multitarget] )
|
||||
!efi? ( >=sys-devel/binutils-2.22[-multitarget] )"
|
||||
RDEPEND=""
|
||||
PDEPEND="~app-emulation/xen-tools-${PV}"
|
||||
|
||||
RESTRICT="test"
|
||||
|
||||
# Approved by QA team in bug #144032
|
||||
QA_WX_LOAD="boot/xen-syms-${PV}"
|
||||
|
||||
REQUIRED_USE="
|
||||
flask? ( xsm )
|
||||
"
|
||||
|
||||
pkg_setup() {
|
||||
python-single-r1_pkg_setup
|
||||
if [[ -z ${XEN_TARGET_ARCH} ]]; then
|
||||
if use x86 && use amd64; then
|
||||
die "Confusion! Both x86 and amd64 are set in your use flags!"
|
||||
elif use x86; then
|
||||
export XEN_TARGET_ARCH="x86_32"
|
||||
elif use amd64; then
|
||||
export XEN_TARGET_ARCH="x86_64"
|
||||
else
|
||||
die "Unsupported architecture!"
|
||||
fi
|
||||
fi
|
||||
|
||||
if use flask ; then
|
||||
export "XSM_ENABLE=y"
|
||||
export "FLASK_ENABLE=y"
|
||||
elif use xsm ; then
|
||||
export "XSM_ENABLE=y"
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
# Drop .config and fix gcc-4.6
|
||||
epatch "${FILESDIR}"/${PN/-pvgrub/}-4-fix_dotconfig-gcc.patch
|
||||
|
||||
if use efi; then
|
||||
epatch "${FILESDIR}"/${PN}-4.2-efi.patch
|
||||
export EFI_VENDOR="gentoo"
|
||||
export EFI_MOUNTPOINT="boot"
|
||||
fi
|
||||
|
||||
# if the user *really* wants to use their own custom-cflags, let them
|
||||
if use custom-cflags; then
|
||||
einfo "User wants their own CFLAGS - removing defaults"
|
||||
# try and remove all the default custom-cflags
|
||||
find "${S}" -name Makefile -o -name Rules.mk -o -name Config.mk -exec sed \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O3\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-march=i686\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-fomit-frame-pointer\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-g3*\s\(.*\)/CFLAGS\1=\2 \3/' \
|
||||
-e 's/CFLAGS\(.*\)=\(.*\)-O2\(.*\)/CFLAGS\1=\2\3/' \
|
||||
-i {} \; || die "failed to re-set custom-cflags"
|
||||
fi
|
||||
|
||||
# not strictly necessary to fix this
|
||||
sed -i 's/, "-Werror"//' "${S}/tools/python/setup.py" || die "failed to re-set setup.py"
|
||||
|
||||
#Security patches
|
||||
epatch "${FILESDIR}"/${PN}-4-CVE-2013-1918-XSA-45_[1-7].patch
|
||||
|
||||
epatch_user
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
use pae && myopt="${myopt} pae=y"
|
||||
|
||||
if use custom-cflags; then
|
||||
filter-flags -fPIE -fstack-protector
|
||||
replace-flags -O3 -O2
|
||||
else
|
||||
unset CFLAGS
|
||||
fi
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
# Send raw LDFLAGS so that --as-needed works
|
||||
emake CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
|
||||
}
|
||||
|
||||
src_install() {
|
||||
local myopt
|
||||
use debug && myopt="${myopt} debug=y"
|
||||
use pae && myopt="${myopt} pae=y"
|
||||
|
||||
# The 'make install' doesn't 'mkdir -p' the subdirs
|
||||
if use efi; then
|
||||
mkdir -p "${D}"${EFI_MOUNTPOINT}/efi/${EFI_VENDOR} || die
|
||||
fi
|
||||
|
||||
emake LDFLAGS="$(raw-ldflags)" DESTDIR="${D}" -C xen ${myopt} install
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "Official Xen Guide and the unoffical wiki page:"
|
||||
elog " http://www.gentoo.org/doc/en/xen-guide.xml"
|
||||
elog " http://en.gentoo-wiki.com/wiki/Xen/"
|
||||
|
||||
use pae && ewarn "This is a PAE build of Xen. It will *only* boot PAE kernels!"
|
||||
use efi && einfo "The efi executable is installed in boot/efi/gentoo"
|
||||
}
|
||||
@ -0,0 +1,41 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/golly/golly-2.4-r1.ebuild,v 1.1 2013/05/15 07:09:23 xmw Exp $
|
||||
|
||||
EAPI=5
|
||||
WX_GTK_VER=2.8
|
||||
|
||||
PYTHON_COMPAT=( python{2_5,2_6,2_7} )
|
||||
|
||||
inherit eutils python-single-r1 wxwidgets
|
||||
|
||||
DESCRIPTION="simulator for Conway's Game of Life and other cellular automata"
|
||||
HOMEPAGE="http://golly.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE=""
|
||||
|
||||
DEPEND="dev-lang/perl
|
||||
sys-libs/zlib
|
||||
x11-libs/wxGTK:${WX_GTK_VER}[X]"
|
||||
RDEPEND="${DEPEND}"
|
||||
|
||||
S=${WORKDIR}/${P}-src
|
||||
|
||||
src_prepare() {
|
||||
sed -e 's:-O2::' -i configure Makefile.{am,in} || die
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
econf \
|
||||
--with-perl-shlib="libperl.so"
|
||||
}
|
||||
|
||||
src_install() {
|
||||
emake docdir= DESTDIR="${D}" install
|
||||
newicon appicon.xpm ${PN}.xpm
|
||||
dodoc README TODO
|
||||
}
|
||||
@ -1,4 +1,2 @@
|
||||
DIST gramps-3.4.0.tar.gz 9470815 SHA256 4d029c4f3d3ffd369cbf3859f86f3602ce97a038ed6238b9811d0bf3cd15acf0 SHA512 469fbbcb1e864f0c5a771f83e4592ff27f86b017fd9fe9d6d56fff04aa888bfd08d1a6d2bfcccb244328b3a78c7b22e031452d9eb409b674cf0369e0af8aed0f WHIRLPOOL f068bb558cd5a6c5b4bf03dfb0d7a389aa8ea3175d2240d3a9d612a684a1cfbdf781b98d8ba859bfeaf5843ea744b721673b8115495777401bbc165922bebf08
|
||||
DIST gramps-3.4.1.tar.gz 10024633 SHA256 dc0cabfbe5586d5f38af6364a7adfdb52a543614583f60a5ecbdb317d0bac8c7 SHA512 550b104458eacdeb765bf856808474d73b18903cdc56b91c7a5cb0ee28a3fef6ae48979daa6ec36a693b396697a415838dda7aa5314800c4118865205883fca5 WHIRLPOOL 3f7d40962a8b339d2af59767e692ae2d7c831e489675dac3d46c2ee53a3c0a4a340a346a9e317718bf85eb43fff0a3d6461656c00218ea978176d6813ba0f0bb
|
||||
DIST gramps-3.4.2.tar.gz 9799202 SHA256 8cfc19b53ddf2bb864356c6749ac7703560bd818a3d47bb514f05d7b07a5b222 SHA512 73406fd5f5a29af5c8b03972a40ca73cc2198e93bacbf05bec521828c6fd50229b099380eafb7515e4e49c19f8395d992cf03a7ce256d85884294466eb3daa6b WHIRLPOOL dc0e996f71f0bc1e44a367509ea1862ade333c2870354a1e0a4017f0ca460a8235bf7c38f4818782d6c3f5c370db97258f1787db828a7b8b79cafdbcaca40cb2
|
||||
DIST gramps-3.4.3.tar.gz 10358169 SHA256 f7a87def57d1d3fbdc9f4528da50742bbbd6dfc7e8c5e43710f5a8618f9c46c1 SHA512 f30a5f7ce89f3570f73a7576906342edab25d3c3d12686acc0d5ec6fff142e443f42d3345a55e30ca47a304fe63225b310e7d11ad3d22ce69098a539f9adae02 WHIRLPOOL 59d237da058831bc6a5c9fd0fa305c34f6d5a90491c80916624d83a61c30800007b2da2c112b2dae0f53295e25631d7dd7ea47c3cfb30fb449f878be8d3f23a8
|
||||
DIST gramps-3.4.4.tar.gz 10613997 SHA256 b4a44cc23357b59bcf945fd76d4d4de5a75bbdb32da3332ee23422196240be50 SHA512 ab68fd56fc47fea4fef8f9e35e4ff2c4d6017fa6018d4a0cf581b066b89008e56bd7b46a67588ffab7894fb2a3a07a38584d4cdfb36d0d10450fd40fade67b73 WHIRLPOOL ece67aa6fa1f1c8091f8e01a906a31150fdf10fb076d02e28fd0bba1ceffd0ea8f3f29dfad34359cfc07891374a52f9906dd6ae3afdd29adfe73a5b045d91c2b
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/gramps/gramps-3.4.0.ebuild,v 1.5 2012/10/17 03:38:19 phajdan.jr Exp $
|
||||
|
||||
EAPI=3
|
||||
|
||||
PYTHON_DEPEND="2:2.6"
|
||||
GCONF_DEBUG="no"
|
||||
|
||||
inherit eutils gnome2 python
|
||||
|
||||
DESCRIPTION="Genealogical Research and Analysis Management Programming System"
|
||||
HOMEPAGE="http://www.gramps-project.org/"
|
||||
SRC_URI="mirror://sourceforge/gramps/Stable/${PV}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 ppc x86"
|
||||
IUSE="gnome reports spell webkit"
|
||||
|
||||
RDEPEND="dev-python/bsddb3
|
||||
>=dev-python/pygtk-2.16.0
|
||||
dev-python/pygoocanvas
|
||||
x11-misc/xdg-utils
|
||||
gnome-base/librsvg:2
|
||||
gnome? ( dev-python/libgnome-python
|
||||
dev-python/gconf-python )
|
||||
spell? ( dev-python/gtkspell-python )
|
||||
reports? ( media-gfx/graphviz )
|
||||
webkit? ( dev-python/pywebkitgtk )"
|
||||
DEPEND="${RDEPEND}
|
||||
dev-util/intltool
|
||||
sys-devel/gettext
|
||||
virtual/libiconv
|
||||
virtual/pkgconfig"
|
||||
|
||||
DOCS="NEWS README TODO"
|
||||
|
||||
pkg_setup() {
|
||||
G2CONF="${G2CONF} --disable-mime-install PYTHON="${EROOT}"/usr/bin/python2"
|
||||
python_set_active_version 2
|
||||
python_pkg_setup
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
gnome2_src_prepare
|
||||
|
||||
epatch "${FILESDIR}/${P}-use_bsddb3.patch"
|
||||
|
||||
# This is for bug 215944, so .pyo/.pyc files don't get into the
|
||||
# file system
|
||||
mv "${S}"/py-compile "${S}"/py-compile.orig
|
||||
ln -s $(type -P true) "${S}"/py-compile
|
||||
|
||||
# Fix install path, bug 423315 for example
|
||||
einfo "Fix installation path"
|
||||
find . -iname 'Makefile.in' | xargs \
|
||||
sed "s;\(pkgdatadir = \)\(\$(datadir)\);\1$(python_get_sitedir);" -i \
|
||||
|| die
|
||||
find . -iname 'Makefile.in' | xargs \
|
||||
sed "s;\(pkgpythondir = \)\(\$(datadir)\);\1$(python_get_sitedir);" -i \
|
||||
|| die
|
||||
|
||||
sed "s;\$(prefix)/share/gramps;/$(python_get_sitedir)/@PACKAGE@;" \
|
||||
-i src/Makefile.in || die
|
||||
|
||||
sed "s;\$(prefix)/share/gramps;/$(python_get_sitedir)/@PACKAGE@;" \
|
||||
-i src/docgen/Makefile.in || die
|
||||
|
||||
einfo "Fix wrapper script"
|
||||
sed "s;@datadir@;$(python_get_sitedir);" \
|
||||
-i gramps.sh.in || die
|
||||
|
||||
einfo "Fix icon location"
|
||||
sed "s;gramps/;pixmap/;g" -i data/gramps.keys.in || die
|
||||
}
|
||||
|
||||
src_install() {
|
||||
python_need_rebuild
|
||||
gnome2_src_install
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
gnome2_pkg_postinst
|
||||
python_mod_optimize ${PN}
|
||||
}
|
||||
|
||||
pkg_postrm() {
|
||||
gnome2_pkg_postrm
|
||||
python_mod_cleanup ${PN}
|
||||
}
|
||||
@ -1,90 +0,0 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/gramps/gramps-3.4.2.ebuild,v 1.1 2012/11/04 16:41:19 fauli Exp $
|
||||
|
||||
EAPI=3
|
||||
|
||||
PYTHON_DEPEND="2:2.6"
|
||||
GCONF_DEBUG="no"
|
||||
|
||||
inherit eutils gnome2 python
|
||||
|
||||
DESCRIPTION="Genealogical Research and Analysis Management Programming System"
|
||||
HOMEPAGE="http://www.gramps-project.org/"
|
||||
SRC_URI="mirror://sourceforge/gramps/Stable/${PV}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~ppc ~x86"
|
||||
IUSE="gnome reports spell webkit"
|
||||
|
||||
RDEPEND="dev-python/bsddb3
|
||||
>=dev-python/pygtk-2.16.0
|
||||
dev-python/pygoocanvas
|
||||
x11-misc/xdg-utils
|
||||
gnome-base/librsvg:2
|
||||
gnome? ( dev-python/libgnome-python
|
||||
dev-python/gconf-python )
|
||||
spell? ( dev-python/gtkspell-python )
|
||||
reports? ( media-gfx/graphviz )
|
||||
webkit? ( dev-python/pywebkitgtk )"
|
||||
DEPEND="${RDEPEND}
|
||||
dev-util/intltool
|
||||
sys-devel/gettext
|
||||
virtual/libiconv
|
||||
virtual/pkgconfig"
|
||||
|
||||
DOCS="NEWS README TODO"
|
||||
|
||||
pkg_setup() {
|
||||
G2CONF="${G2CONF} --disable-mime-install PYTHON="${EROOT}"/usr/bin/python2"
|
||||
python_set_active_version 2
|
||||
python_pkg_setup
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
gnome2_src_prepare
|
||||
|
||||
epatch "${FILESDIR}/${PN}-3.4.0-use_bsddb3.patch"
|
||||
|
||||
# This is for bug 215944, so .pyo/.pyc files don't get into the
|
||||
# file system
|
||||
python_clean_py-compile_files
|
||||
|
||||
# Fix install path, bug 423315 for example
|
||||
einfo "Fix installation path"
|
||||
find . -iname 'Makefile.in' | xargs \
|
||||
sed "s;\(pkgdatadir = \)\(\$(datadir)\);\1$(python_get_sitedir);" -i \
|
||||
|| die
|
||||
find . -iname 'Makefile.in' | xargs \
|
||||
sed "s;\(pkgpythondir = \)\(\$(datadir)\);\1$(python_get_sitedir);" -i \
|
||||
|| die
|
||||
|
||||
sed "s;\$(prefix)/share/gramps;/$(python_get_sitedir)/@PACKAGE@;" \
|
||||
-i src/Makefile.in || die
|
||||
|
||||
sed "s;\$(prefix)/share/gramps;/$(python_get_sitedir)/@PACKAGE@;" \
|
||||
-i src/docgen/Makefile.in || die
|
||||
|
||||
einfo "Fix wrapper script"
|
||||
sed "s;@datadir@;$(python_get_sitedir);" \
|
||||
-i gramps.sh.in || die
|
||||
|
||||
einfo "Fix icon location"
|
||||
sed "s;gramps/;pixmap/;g" -i data/gramps.keys.in || die
|
||||
}
|
||||
|
||||
src_install() {
|
||||
python_need_rebuild
|
||||
gnome2_src_install
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
gnome2_pkg_postinst
|
||||
python_mod_optimize ${PN}
|
||||
}
|
||||
|
||||
pkg_postrm() {
|
||||
gnome2_pkg_postrm
|
||||
python_mod_cleanup ${PN}
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/gramps/gramps-3.4.1.ebuild,v 1.1 2012/10/03 10:55:29 fauli Exp $
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/gramps/gramps-3.4.4.ebuild,v 1.1 2013/05/16 03:50:48 fauli Exp $
|
||||
|
||||
EAPI=3
|
||||
|
||||
@ -1,36 +0,0 @@
|
||||
--- muttprint.old 2005-08-04 10:46:25.000000000 +0200
|
||||
+++ muttprint 2005-08-04 10:47:25.000000000 +0200
|
||||
@@ -362,32 +362,7 @@
|
||||
|
||||
#
|
||||
# signature
|
||||
- if (((/$Config{SIG_REGEXP}/o && !($Config{REM_SIG} eq "on")) ||
|
||||
- $signature_mode) && $Config{VERBATIMSIG} ne "raw") {
|
||||
-
|
||||
- if (/$Config{SIG_REGEXP}/o) {
|
||||
- $signature_mode = TRUE;
|
||||
-
|
||||
- # Leerzeile bei 2. Signatur
|
||||
- if (defined $signature) {
|
||||
- $signature .= "\n";
|
||||
- }
|
||||
- }
|
||||
- else {
|
||||
- $signature .= $_;
|
||||
- }
|
||||
-
|
||||
- # 2 Leerzeilen => Ende der Signatur
|
||||
- if (/^$/ and $sig_mod_counter == 0) {
|
||||
- $sig_mod_counter++;
|
||||
- } elsif (/^$/ and $sig_mod_counter == 1) {
|
||||
- $signature_mode = FALSE;
|
||||
- } else {
|
||||
- $sig_mod_counter = 0;
|
||||
- }
|
||||
-
|
||||
- next;
|
||||
- }
|
||||
+ last if (/$Config{SIG_REGEXP}/o && ($Config{REM_SIG} eq "on"));
|
||||
|
||||
#
|
||||
# and what's about Quoting?
|
||||
@ -1,40 +0,0 @@
|
||||
# Copyright 1999-2011 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/muttprint/muttprint-0.72d-r1.ebuild,v 1.9 2011/12/17 19:20:36 armin76 Exp $
|
||||
|
||||
EAPI=2
|
||||
|
||||
inherit eutils toolchain-funcs
|
||||
|
||||
DESCRIPTION="Script for pretty printing of your mails"
|
||||
HOMEPAGE="http://muttprint.sf.net/"
|
||||
SRC_URI="mirror://sourceforge/muttprint/${P}.tar.gz"
|
||||
|
||||
SLOT="0"
|
||||
LICENSE="GPL-2"
|
||||
KEYWORDS="amd64 ppc ppc64 x86"
|
||||
IUSE=""
|
||||
|
||||
RDEPEND="virtual/latex-base
|
||||
dev-texlive/texlive-latexextra
|
||||
dev-lang/perl
|
||||
dev-perl/TimeDate
|
||||
dev-perl/Text-Iconv
|
||||
dev-perl/File-Which
|
||||
app-text/psutils"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}/${PN}-rem_sig.patch"
|
||||
epatch "${FILESDIR}/${PN}-ldflags.patch"
|
||||
epatch "${FILESDIR}/${PN}-no_html_docs.patch"
|
||||
epatch "${FILESDIR}/${PN}-CVE-2008-5368.patch"
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
tc-export CC
|
||||
default
|
||||
}
|
||||
|
||||
src_install() {
|
||||
make prefix="${D}"/usr docdir="${D}"/usr/share/doc docdirname=${PF} install || die
|
||||
}
|
||||
@ -1,41 +0,0 @@
|
||||
# Copyright 1999-2011 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/muttprint/muttprint-0.72d-r2.ebuild,v 1.2 2011/12/17 19:20:36 armin76 Exp $
|
||||
|
||||
EAPI=2
|
||||
|
||||
inherit eutils toolchain-funcs
|
||||
|
||||
DESCRIPTION="Script for pretty printing of your mails"
|
||||
HOMEPAGE="http://muttprint.sf.net/"
|
||||
SRC_URI="mirror://sourceforge/muttprint/${P}.tar.gz"
|
||||
|
||||
SLOT="0"
|
||||
LICENSE="GPL-2"
|
||||
KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
|
||||
IUSE=""
|
||||
|
||||
RDEPEND="virtual/latex-base
|
||||
dev-texlive/texlive-latexextra
|
||||
dev-lang/perl
|
||||
dev-perl/TimeDate
|
||||
dev-perl/Text-Iconv
|
||||
dev-perl/File-Which
|
||||
app-text/psutils"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}/${PN}-rem_sig.patch"
|
||||
epatch "${FILESDIR}/${PN}-ldflags.patch"
|
||||
epatch "${FILESDIR}/${PN}-no_html_docs.patch"
|
||||
epatch "${FILESDIR}/${PN}-CVE-2008-5368.patch"
|
||||
epatch "${FILESDIR}/${P}-warning.patch"
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
tc-export CC
|
||||
default
|
||||
}
|
||||
|
||||
src_install() {
|
||||
make prefix="${D}"/usr docdir="${D}"/usr/share/doc docdirname=${PF} install || die
|
||||
}
|
||||
@ -1,3 +1,4 @@
|
||||
DIST nut-18.5.tar.gz 1331213 SHA256 45c959fe2839a41726fde647b78175c45d4f0d9fb59dc8da1e828103b7fd5507 SHA512 d598532247611556cc4d8fb5d70bcbfc6978f8b1176a9c5a1ccf05df71fa50bac81045ff39c6ddb0344023fa128def12635c21da9b87876278159912a7eeab45 WHIRLPOOL 0c196a3afa40ae1cb31e987f4627d818ccc94166ea816930567ff7d728d862d8a372701747d8b197424aa61b653c866cc5878f7ac8a34b8a9bdcda8d28023cd9
|
||||
DIST nut-18.7.tar.gz 1337114 SHA256 0bd35bbb5daab52d0a0270ac1955651cfbfd2f053e171f98cf5fb5bac1a9cdfb SHA512 cdcbe69eb5e6bb53e32a2e00773d88a3dba2b38b966b337e9b95da29e4682cd6b71b401e58070e6f9e4b9573a01c0663a01af86737fe1b0dbd87a8a1ca7c1b49 WHIRLPOOL ff53d764c3d096c701b1f78d438c7c6de217f2082b53601e5ce2ce3a258b0ac2f36d3ede501f2a73f1aa3b3e758b3584583ccce04f9d46ebc1f179369ceb8437
|
||||
DIST nut-18.8.tar.gz 1337141 SHA256 1bd8d8ecd49318552399b467c550805784cca0c78eeee73b8c285c66ed79f182 SHA512 a6bcfb5c4550d6c9b3129e96fd21f46137130d79861b81d766eaaf6b2bc29cb7819bc9af5557476c2ec301dbcd16dbd102c5d14ac13300b79dc649991839765a WHIRLPOOL f21a793bec8d26ff4865e8297a8b7f53027f87aee60bec2a03d2c1e8b64f3e2ec38fdd1dc4a75ca558f9cc887168bf5f7d6771e8f455ddcad629b6d4ab54ba27
|
||||
DIST nut-18.9.tar.gz 1338133 SHA256 e0b5f5552ae2c0b9075163f33069d165de2d5cb686357055eef81955054ebc6f SHA512 396c5a09008313a3314b2c52eeca29b96f84593d2695dacd3b6ae7ac1f3d0a860a93f09fdbc519a24e86f7c886e4aacdaf22f657c19dbb70699aac59519df5a6 WHIRLPOOL 765303be1fea49a06069ace93292cddd4f9c2107d00e82f8071c6eeb31119388a1fc953f00554af5edabc0d7e0f5a6deba0f6d07e592d3a9d44797cc2344cdc7
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/nut/nut-18.9.ebuild,v 1.1 2013/05/16 05:14:45 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
inherit toolchain-funcs
|
||||
|
||||
DESCRIPTION="Record what you eat and analyze your nutrient levels"
|
||||
HOMEPAGE="http://nut.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~ppc ~x86"
|
||||
|
||||
src_compile() {
|
||||
emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" OPT="${CFLAGS}" FOODDIR=\\\"/usr/share/nut\\\"
|
||||
}
|
||||
|
||||
src_install() {
|
||||
insinto /usr/share/nut
|
||||
doins raw.data/*
|
||||
dobin nut
|
||||
doman nut.1
|
||||
}
|
||||
@ -0,0 +1 @@
|
||||
DIST solaar-0.8.7.tar.gz 781084 SHA256 e0e167134c6a689574f0f248cba99bc212f930916b2dfffcdeda0c9294e0d167 SHA512 312abfa6e5d5d12c8f4c470ed555f06622d9238e53a587a2da04f6abfe08ef0aca1293dc3770ebd31dec26c27253b1f2366390abe3717396003f8cdbbcb1bef0 WHIRLPOOL dc981c2b9af44afb58ff19acb657ef231c7456033dda333a3f2c40136a70e8ff9485d77b39c1668162b93a9ac6076576cbfb55463fc0c12231b153d52adc504d
|
||||
@ -0,0 +1,8 @@
|
||||
<?xml version = '1.0' encoding = 'UTF-8'?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<maintainer>
|
||||
<email>radhermit@gentoo.org</email>
|
||||
<name>Tim Harder</name>
|
||||
</maintainer>
|
||||
</pkgmetadata>
|
||||
@ -0,0 +1,47 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-misc/solaar/solaar-0.8.7.ebuild,v 1.1 2013/05/16 10:18:35 radhermit Exp $
|
||||
|
||||
EAPI=5
|
||||
PYTHON_COMPAT=( python{2_7,3_2} )
|
||||
|
||||
inherit distutils-r1 udev user linux-info gnome2-utils
|
||||
|
||||
DESCRIPTION="A Linux device manager for Logitech's Unifying Receiver peripherals"
|
||||
HOMEPAGE="http://pwr.github.com/Solaar/"
|
||||
SRC_URI="https://github.com/pwr/Solaar/archive/${PV}.tar.gz -> ${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE="doc"
|
||||
|
||||
RDEPEND=">=dev-python/pyudev-0.13
|
||||
dev-python/pygobject[${PYTHON_USEDEP}]"
|
||||
|
||||
S=${WORKDIR}/Solaar-${PV}
|
||||
|
||||
CONFIG_CHECK="~HID_LOGITECH_DJ"
|
||||
|
||||
python_install_all() {
|
||||
distutils-r1_python_install_all
|
||||
|
||||
udev_dorules rules.d/*.rules
|
||||
|
||||
if use doc; then
|
||||
dodoc -r docs/*
|
||||
fi
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
enewgroup plugdev
|
||||
|
||||
if ! has_version ${CATEGORY}/${PN} ; then
|
||||
elog "Users must be in the plugdev group to use this application."
|
||||
fi
|
||||
|
||||
gnome2_icon_cache_update
|
||||
}
|
||||
|
||||
pkg_preinst() { gnome2_icon_savelist; }
|
||||
pkg_postrm() { gnome2_icon_cache_update; }
|
||||
@ -1,27 +0,0 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-officeext/languagetool/languagetool-2.0.ebuild,v 1.2 2013/01/11 12:31:06 scarabeus Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
MY_P="LanguageTool-${PV}"
|
||||
|
||||
OO_EXTENSIONS=(
|
||||
"${MY_P}.oxt"
|
||||
)
|
||||
|
||||
inherit office-ext
|
||||
|
||||
DESCRIPTION="Style and Grammar Checker for libreoffice"
|
||||
HOMEPAGE="http://www.languagetool.org/"
|
||||
SRC_URI="http://www.languagetool.org/download/${MY_P}.oxt"
|
||||
|
||||
LICENSE="LGPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 x86"
|
||||
IUSE=""
|
||||
|
||||
DEPEND=""
|
||||
RDEPEND="${DEPEND}
|
||||
virtual/ooo[java]
|
||||
"
|
||||
@ -1,7 +1,4 @@
|
||||
DIST dvisvgm-1.0.11.tar.gz 576830 SHA256 9aebcc17141cce830f502aa28d87a564de18b68e5bdb413ca0b73b7d9c773244 SHA512 2c2049f47ce6f720c4075c94bda05001188436bb9c38aa96355bef4704faa123262831c99f6327b33fc2aa0fc1a8332295d482e9c529b4ec0ef78f443608b856 WHIRLPOOL 815bcdfe84e278ed593643c0b813c71b8c05667d126b38735a740df2ded952c8a9859c1e0ae96cd485450f849ede3ec6e9f6027e65126d5c2a97f6a294ca9d19
|
||||
DIST dvisvgm-1.0.12.tar.gz 581010 SHA256 5b7b2862d9f7db1c5b407a8c71fc6a60120dab90797602af1356e4f43b976dd7 SHA512 fb58e8c28b4e0fc0698543213c9f12101a28b7c3dffc2f944860d29e19ae42a4e1b3c7a0ea7bb6eb101f03ce4fc637b5347b2e6ea335faf9f7c658bfbe90ced3 WHIRLPOOL 8a401fb71f213bc861d9def029429a0817dec5e6d9d98a3ee2084947de0e96845b4732d0cb4d03edc81ec7a622396ddf943ba19c09ab8c77a0189b10bab45fc0
|
||||
DIST dvisvgm-1.0.8.tar.gz 569140 SHA256 0ebf70d53d10dddca1efa402e7b52c63e1e4250e0a1e74aa5d04224da40f5700 SHA512 65200d2f414262dadb6702657beda9e1ae2f239488a7a5061ad107a58ee9455ddfe26330c51435dae2b7f87f6ceed3fc6ee703d0ce908b748d35a7b99a850a54 WHIRLPOOL caf5e48c0b9a1e5ac11d1560eac0a64de73b523230b7093bc25e924df62bb607a11beb9bbe8360932c18667221e2b7401c6b9052478b73e3b7f213616da4af16
|
||||
DIST dvisvgm-1.0.9.tar.gz 568673 SHA256 c236fa8a0f2a6c6e351ad8beebd6309ad01bd19302c6bf59a86680a5dec75b7e SHA512 a7bc63bccca5f6ed46625218c1f8232fcd57bd14c0b1fb976029232abc73daefd7538942eaee44b7cde13bafe18591b0ddc076f490f67faa0297c58995bced19 WHIRLPOOL 6402a53f967f74c5813ebf20de4d7d575a29f6b6ca5722e96a5ee79e621cee38b0228c495a368d3618de07b41de8b7713550be985e7bf5eccc2fefef6648dc93
|
||||
DIST dvisvgm-1.1.tar.gz 601331 SHA256 c4f720ad85fd9ce59b333faaa59955750635f11ea87c60057ad4226cbfa06fd6 SHA512 3e59dba64af2fa73f3700cc47c1cea82a40ffa8c39ccc56ce31474c7bddfa3631eb80f054b584188de706292e86de7c51eea8cdd3c10e095a713a68cb527ae49 WHIRLPOOL ddfe06c186ca8c4d5a719deb0ad9b511d69ff75bf4ee9c088eda4e0781a6e8f3b61a986318322514a2ff6f8ce6a0a0ab3223130baedcda1728351215880d270d
|
||||
DIST dvisvgm-1.2.1.tar.gz 611862 SHA256 497233213e86286df9c3db9b23d084d74704d5bf956c17770b4e0d945c2f642c SHA512 8a15515134c5c8a7c6731500535f7a10e0e8d27b44f79111e967cdb66505c4256644809372e28425f77bdf63bba8697e91dd6f13452bd1aa7e2d9d8869643766 WHIRLPOOL 03b3cbbb1e3bbb665f41e5c82c9870db730bcaa318550b0e5b069ff1fc3b0420d1975ea6ee4e02db030fa500b720bb80386886f06bf99b2cf8cddb7a8f4497c6
|
||||
DIST dvisvgm-1.2.tar.gz 610017 SHA256 5001657a5c48f335e025d7761023d614dd87e5a80e87e335b51b9f323b5da78a SHA512 565704777c428fe86e07e739ee7c93369bb51f958bfbdd1ffa2b76777080fe5d8cfc33eedead5d7fde1d23a162b51266462556bde6805fa5b626883461a24243 WHIRLPOOL 647aa01f695f2b4f421990b95f922d282d40f2b713430100b0af2e924677219f6c5fe9e5de9103921468d3d60c86981ccb0ceff50e9d1561a4f3614ada2f61e4
|
||||
DIST dvisvgm-1.3.tar.gz 589834 SHA256 16111448e49b49f1cac70f9d354d07b6136c5bd94f7c68a171e595bc6a857a01 SHA512 35166123fa8a39a4b32e3dbc57383fd1e011268931ce1d00dd04d77c947f5565b98d380dd888b34296dbfbf14b9cf00d2ee2bb27045103f37e7165c08aaf94d6 WHIRLPOOL b06e7fd1adf34a29817f6db5b3fbbf11f094b59b077e6d13351be732ac607d6314e94806f6412a94e827c5d127391884ef3e6cbb8ba18901b024b69209de7f2b
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/dvisvgm/dvisvgm-1.0.11.ebuild,v 1.5 2012/10/08 18:07:47 radhermit Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
DESCRIPTION="Converts DVI files to SVG"
|
||||
HOMEPAGE="http://dvisvgm.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~ppc-macos ~x64-macos ~x86-macos"
|
||||
IUSE="test"
|
||||
# Tests don't work from $WORKDIR: kpathsea tries to search in relative
|
||||
# directories from where the binary is executed.
|
||||
# We cannot really use absolute paths in the kpathsea configuration since that
|
||||
# would make it harder for prefix installs.
|
||||
RESTRICT="test"
|
||||
|
||||
RDEPEND="virtual/tex-base
|
||||
app-text/ghostscript-gpl
|
||||
>=media-gfx/potrace-1.10-r1
|
||||
media-libs/freetype:2
|
||||
sys-libs/zlib"
|
||||
DEPEND="${RDEPEND}
|
||||
virtual/pkgconfig
|
||||
test? ( dev-cpp/gtest )"
|
||||
@ -1,28 +0,0 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/dvisvgm/dvisvgm-1.0.12.ebuild,v 1.2 2012/12/11 18:03:10 ago Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
DESCRIPTION="Converts DVI files to SVG"
|
||||
HOMEPAGE="http://dvisvgm.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~ppc-macos ~x64-macos ~x86-macos"
|
||||
IUSE="test"
|
||||
# Tests don't work from $WORKDIR: kpathsea tries to search in relative
|
||||
# directories from where the binary is executed.
|
||||
# We cannot really use absolute paths in the kpathsea configuration since that
|
||||
# would make it harder for prefix installs.
|
||||
RESTRICT="test"
|
||||
|
||||
RDEPEND="virtual/tex-base
|
||||
app-text/ghostscript-gpl
|
||||
>=media-gfx/potrace-1.10-r1
|
||||
media-libs/freetype:2
|
||||
sys-libs/zlib"
|
||||
DEPEND="${RDEPEND}
|
||||
virtual/pkgconfig
|
||||
test? ( dev-cpp/gtest )"
|
||||
@ -1,35 +0,0 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/dvisvgm/dvisvgm-1.2.ebuild,v 1.1 2013/03/10 10:13:24 aballier Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
inherit eutils autotools
|
||||
|
||||
DESCRIPTION="Converts DVI files to SVG"
|
||||
HOMEPAGE="http://dvisvgm.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~ppc-macos ~x64-macos ~x86-macos"
|
||||
IUSE="test"
|
||||
# Tests don't work from $WORKDIR: kpathsea tries to search in relative
|
||||
# directories from where the binary is executed.
|
||||
# We cannot really use absolute paths in the kpathsea configuration since that
|
||||
# would make it harder for prefix installs.
|
||||
RESTRICT="test"
|
||||
|
||||
RDEPEND="virtual/tex-base
|
||||
app-text/ghostscript-gpl
|
||||
>=media-gfx/potrace-1.10-r1
|
||||
media-libs/freetype:2
|
||||
sys-libs/zlib"
|
||||
DEPEND="${RDEPEND}
|
||||
virtual/pkgconfig
|
||||
test? ( dev-cpp/gtest )"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}/${P}-external_potrace.patch"
|
||||
eautoreconf
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/dvisvgm/dvisvgm-1.1.ebuild,v 1.1 2013/02/08 12:49:12 aballier Exp $
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/dvisvgm/dvisvgm-1.3.ebuild,v 1.1 2013/05/17 11:25:55 aballier Exp $
|
||||
|
||||
EAPI=4
|
||||
|
||||
@ -1,33 +0,0 @@
|
||||
Do not build potracelib if system potrace is being used.
|
||||
https://bugs.launchpad.net/dvisvgm/+bug/1153182
|
||||
https://bugs.gentoo.org/show_bug.cgi?id=446902
|
||||
|
||||
Index: dvisvgm-1.2/Makefile.am
|
||||
===================================================================
|
||||
--- dvisvgm-1.2.orig/Makefile.am
|
||||
+++ dvisvgm-1.2/Makefile.am
|
||||
@@ -5,5 +5,11 @@
|
||||
|
||||
AUTOMAKE_OPTIONS = foreign
|
||||
EXTRA_DIST = COPYING LGPL-2.1.txt
|
||||
-SUBDIRS = potracelib src tests doc
|
||||
+if HAVE_LIBPOTRACE
|
||||
+SUBDIRS =
|
||||
+else
|
||||
+SUBDIRS = potracelib
|
||||
+endif
|
||||
+
|
||||
+SUBDIRS += src tests doc
|
||||
|
||||
Index: dvisvgm-1.2/configure.ac
|
||||
===================================================================
|
||||
--- dvisvgm-1.2.orig/configure.ac
|
||||
+++ dvisvgm-1.2/configure.ac
|
||||
@@ -61,6 +61,7 @@ if test "$HAVE_LIBPOTRACE" -eq 0; then
|
||||
EXTRA_LIBS="$EXTRA_LIBS ../potracelib/libpotrace.a "
|
||||
AC_MSG_NOTICE([Using bundled potrace library])
|
||||
fi
|
||||
+AM_CONDITIONAL(HAVE_LIBPOTRACE, test "x$HAVE_LIBPOTRACE" = "x1")
|
||||
|
||||
|
||||
# Check how to link Ghostscript
|
||||
@ -1,3 +1,4 @@
|
||||
DIST evince-2.32.0.tar.bz2 2295272 SHA256 2a4c91ae38f8b5028cebb91b9da9ddc50ea8ae3f3d429df89ba351da2d787ff7 SHA512 b478f3199d017ba77b75e9d0ee9a82469b58087fea18eb30ff17ee8f03189e842299b8f4df412d4bb6d0ee985ed76bcbd8dfb3accc13b824232980f5a10e0a3c WHIRLPOOL de4892107c83601fb59aaf848acb0ab3d977759f0532221023ea5370706471ef8704d3f28df135d20214f7677f1d3328f9e6b0d4f49277983059626b185cf1c2
|
||||
DIST evince-3.6.1.tar.xz 6449724 SHA256 1b87b2579d438a126391f9044611b472e9f7b5b712e40b5645b0810164bc41b5 SHA512 5664dce6d9c7fca3e4f4acdc0756afda04794cb937c024723ed75a59a0893cb706cec58bf7f141ee4305223cc55e92a04a191f3f32261c4c5e9026c79e5c5cbf WHIRLPOOL d9b5e9ead61439388b0894d608f51c7a8479bd4d2008892f892756e52558908dbcd02a7b12194e3c295fffb2dd2f4358ba37f565a688ca16c109edc243522ee7
|
||||
DIST evince-3.8.0.tar.xz 6473896 SHA256 cf136d2a025ef486c4e248e0dc134e7a9420557d9edc0df1ceb6a6330fbd4e9a SHA512 9ed66943f86ce46787597db78d999d2857921bfadd8f0e19ddcfdfe78ae6a440da74a2405c21ec286e0f8ba84481b592943830c0260e50defe1f05e6ccaa11b7 WHIRLPOOL 8b85937687b0840c8a9d8d09c9b5526291b374035cbf7bba7bc2bf08bfac36f3b2d142dceef8310ba15df509caeaafb2c0dbe997c990536774345f05e7aa8c4e
|
||||
DIST evince-3.8.2.tar.xz 6477880 SHA256 dd35b54b82190ba01f0c481e2d073ccddaa325ce80964b655dc167752b6bc2f5 SHA512 236d7f40d47897e2431c3115069671258430efd2f7574f9bebab49393527c783d74b772c661bb1384f26cdb6cb649ea90e675235209197140221906fe89bbe96 WHIRLPOOL 064684403ef11e68b576fa34088ccca925647871f5f4eee11d3549237b56f21755a86692635e6b473b74058cf3d0242905d49a48aa70a2fc04187f39149e3bad
|
||||
|
||||
@ -0,0 +1,95 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-text/evince/evince-3.8.2.ebuild,v 1.1 2013/05/15 08:02:39 pacho Exp $
|
||||
|
||||
EAPI="5"
|
||||
GCONF_DEBUG="yes"
|
||||
GNOME2_LA_PUNT="yes"
|
||||
|
||||
inherit eutils gnome2
|
||||
|
||||
DESCRIPTION="Simple document viewer for GNOME"
|
||||
HOMEPAGE="http://www.gnome.org/projects/evince/"
|
||||
|
||||
LICENSE="GPL-2+ CC-BY-SA-3.0"
|
||||
# subslot = evd3.(suffix of libevdocument3)-evv3.(suffix of libevview3)
|
||||
SLOT="0/evd3.4-evv3.3"
|
||||
IUSE="debug djvu dvi gnome-keyring +introspection nautilus +postscript t1lib tiff xps"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~x64-solaris"
|
||||
|
||||
# Since 2.26.2, can handle poppler without cairo support. Make it optional ?
|
||||
# not mature enough
|
||||
# atk used in libview
|
||||
# gdk-pixbuf used all over the place
|
||||
# libX11 used for totem-screensaver
|
||||
RDEPEND="
|
||||
dev-libs/atk
|
||||
>=dev-libs/glib-2.33:2
|
||||
>=dev-libs/libxml2-2.5:2
|
||||
sys-libs/zlib:=
|
||||
x11-libs/gdk-pixbuf:2
|
||||
>=x11-libs/gtk+-3.7.5:3[introspection?]
|
||||
x11-libs/libX11:=
|
||||
>=x11-libs/libSM-1:=
|
||||
x11-libs/libICE:=
|
||||
gnome-base/gsettings-desktop-schemas
|
||||
|| (
|
||||
>=x11-themes/gnome-icon-theme-2.17.1
|
||||
>=x11-themes/hicolor-icon-theme-0.10 )
|
||||
>=x11-libs/cairo-1.10:=
|
||||
>=app-text/poppler-0.20:=[cairo]
|
||||
djvu? ( >=app-text/djvu-3.5.17:= )
|
||||
dvi? (
|
||||
virtual/tex-base
|
||||
dev-libs/kpathsea:=
|
||||
t1lib? ( >=media-libs/t1lib-5:= ) )
|
||||
gnome-keyring? ( >=app-crypt/libsecret-0.5 )
|
||||
introspection? ( >=dev-libs/gobject-introspection-1 )
|
||||
nautilus? ( >=gnome-base/nautilus-2.91.4[introspection?] )
|
||||
postscript? ( >=app-text/libspectre-0.2.0:= )
|
||||
tiff? ( >=media-libs/tiff-3.6:0= )
|
||||
xps? ( >=app-text/libgxps-0.2.1:= )
|
||||
"
|
||||
DEPEND="${RDEPEND}
|
||||
app-text/docbook-xml-dtd:4.3
|
||||
dev-util/gdbus-codegen
|
||||
sys-devel/gettext
|
||||
>=dev-util/gtk-doc-am-1.13
|
||||
>=dev-util/intltool-0.35
|
||||
virtual/pkgconfig"
|
||||
|
||||
# Needs dogtail and pyspi from http://fedorahosted.org/dogtail/
|
||||
# Releases: http://people.redhat.com/zcerza/dogtail/releases/
|
||||
RESTRICT="test"
|
||||
|
||||
src_prepare() {
|
||||
ELTCONF="--portage"
|
||||
|
||||
gnome2_src_prepare
|
||||
|
||||
# Do not depend on gnome-icon-theme, bug #326855, #391859
|
||||
sed -e 's/gnome-icon-theme >= $GNOME_ICON_THEME_REQUIRED//g' \
|
||||
-i configure || die "sed failed"
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
gnome2_src_configure \
|
||||
--disable-static \
|
||||
--disable-tests \
|
||||
--enable-pdf \
|
||||
--enable-comics \
|
||||
--enable-thumbnailer \
|
||||
--with-smclient=xsmp \
|
||||
--with-platform=gnome \
|
||||
--enable-dbus \
|
||||
$(use_enable djvu) \
|
||||
$(use_enable dvi) \
|
||||
$(use_with gnome-keyring keyring) \
|
||||
$(use_enable introspection) \
|
||||
$(use_enable nautilus) \
|
||||
$(use_enable postscript ps) \
|
||||
$(use_enable t1lib) \
|
||||
$(use_enable tiff) \
|
||||
$(use_enable xps) \
|
||||
ITSTOOL=$(type -P true)
|
||||
}
|
||||
@ -1,2 +1,2 @@
|
||||
DIST libwpd-0.9.6.tar.bz2 675826 SHA256 87081d5a81fb08e3aae88dc959aec769c4c62df44b59d5f9c0561f039cc9db6b SHA512 31fd04e65e69de17c8b872a3e457d8729e842451c77b1e6b2e67f360ff53054e3e4107616f2a62023152bec28c53faddf9a578845e35540e82c9f398545a271e WHIRLPOOL 9281609974146641a6f6f0ec36cd3ded604b7abae650823694967d3a17067cf249f7852c29c0b7a426c77143e9a2201ab63d4f717c993c372224c463f8991ecf
|
||||
DIST libwpd-0.9.7.tar.xz 542608 SHA256 30bb9c982399cb11d5d7181388409a2e7a73e8ae5221cb9d3ef5d62ec7dc373e SHA512 c268adf6ff5712b448500e64dedf15dc135b15a10a90b64fe6b213e8c3d938bc474ef8aed0901a6ddb5841c951667509d24837021580f5822eff2cdb822e7388 WHIRLPOOL 254ad7af08716eb6af170dab0c333580f68758b33b4172d7c29fcad6e9d78a0b4ac5a03ff94832bb51b98f1eeabfd6ecfc67099c3148e77ca958b89d1d5a09b3
|
||||
DIST libwpd-0.9.8.tar.xz 543916 SHA256 f5d189f9a004a20d85727da2b9adc060ddb447fd53dc2482527b44ab1751df2f SHA512 1c74c386cb783932568ed421d114ff61c235fae4b285b62acb4efffe7cc982969bf3d9ccceaba8cbff8aaaa6784ad9dc5955a9fbff3531ee9bf817dd8f32d794 WHIRLPOOL e2ad5cbb3a20bd7bc8207ed85ff4a435650a2c8ffe3577d67bec7de5105af7b3bec4fe8b1d7588ef189e2797573fb9b05b479ff8b68f4c3a1d85d2d9aed83b4d
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue