Summary: Xen - a virtual machine monitor
Summary(pl.UTF-8): Xen - monitor maszyny wirtualnej
Name: xen
-Version: 4.2.0
-Release: 1
+Version: 4.2.2
+Release: 3
License: GPL v2, interface parts on BSD-like
Group: Applications/System
Source0: http://bits.xensource.com/oss-xen/release/%{version}/%{name}-%{version}.tar.gz
-# Source0-md5: f4f217969afc38f09251039966d91a87
+# Source0-md5: f7362b19401a47826f2d8fd603a1782a
# used by stubdoms
Source10: %{xen_extfiles_url}/lwip-1.3.0.tar.gz
# Source10-md5: 36cc57650cffda9a0269493be2a169bb
Source40: xend.tmpfiles
Source41: xen-watchdog.service
Source42: xen-dom0-modules-load.conf
+Source43: xendomains.sh
+Source44: xendomains.service
# sysvinit scripts
Source50: xend.init
Source51: xenconsoled.init
Source53: xen-watchdog.init
Source54: xendomains.init
Source55: xen.logrotate
+Source56: xen.tmpfiles
+Source57: xen.cfg
+Source58: xen.efi-boot-update
+Source59: vif-openvswitch
+Source60: xen-init-list
+Source61: xen-toolstack
Patch0: %{name}-python_scripts.patch
Patch1: %{name}-symbols.patch
Patch2: %{name}-curses.patch
Patch3: pygrubfix.patch
Patch4: xend.catchbt.patch
Patch5: xend-pci-loop.patch
-Patch6: xen-dumpdir.patch
+Patch6: %{name}-dumpdir.patch
# Warning: this disables ingress filtering implemented in xen scripts!
-Patch7: xen-net-disable-iptables-on-bridge.patch
-Patch8: xen-configure-xend.patch
-Patch9: xen-initscript.patch
-Patch10: xen-quemu-softloat-c99.patch
-Patch11: xen-qemu.patch
-Patch12: xen-scripts-locking.patch
+Patch7: %{name}-net-disable-iptables-on-bridge.patch
+Patch8: %{name}-configure-xend.patch
+Patch9: %{name}-initscript.patch
+Patch10: %{name}-quemu-softloat-c99.patch
+Patch11: %{name}-qemu.patch
+Patch12: %{name}-scripts-locking.patch
+Patch13: %{name}-close_lockfd_after_lock_attempt.patch
+Patch14: %{name}-librt.patch
+Patch15: %{name}-ulong.patch
+Patch16: %{name}-doc.patch
+Patch100: CVE-2013-1918-1
+Patch101: CVE-2013-1918-2
+Patch102: CVE-2013-1918-3
+Patch103: CVE-2013-1918-4
+Patch104: CVE-2013-1918-5
+Patch105: CVE-2013-1918-6
+Patch106: CVE-2013-1918-7
+Patch107: CVE-2013-1952
+Patch108: CVE-2013-2072
+Patch109: CVE-2013-2076
+Patch110: CVE-2013-2077
+Patch111: CVE-2013-2078
+#CVE-2013-2194 XEN XSA-55 integer overflows
+#CVE-2013-2195 XEN XSA-55 pointer dereferences
+#CVE-2013-2196 XEN XSA-55 other problems
+Patch112: 0001-libelf-abolish-libelf-relocate.c.patch
+Patch113: 0002-libxc-introduce-xc_dom_seg_to_ptr_pages.patch
+Patch114: 0003-libxc-Fix-range-checking-in-xc_dom_pfn_to_ptr-etc.patch
+Patch115: 0004-libelf-add-struct-elf_binary-parameter-to-elf_load_i.patch
+Patch116: 0005-libelf-abolish-elf_sval-and-elf_access_signed.patch
+Patch117: 0006-libelf-move-include-of-asm-guest_access.h-to-top-of-.patch
+Patch118: 0007-libelf-xc_dom_load_elf_symtab-Do-not-use-syms-uninit.patch
+Patch119: 0008-libelf-introduce-macros-for-memory-access-and-pointe.patch
+Patch120: 0009-tools-xcutils-readnotes-adjust-print_l1_mfn_valid_no.patch
+Patch121: 0010-libelf-check-nul-terminated-strings-properly.patch
+Patch122: 0011-libelf-check-all-pointer-accesses.patch
+Patch123: 0012-libelf-Check-pointer-references-in-elf_is_elfbinary.patch
+Patch124: 0013-libelf-Make-all-callers-call-elf_check_broken.patch
+Patch125: 0014-libelf-use-C99-bool-for-booleans.patch
+Patch126: 0015-libelf-use-only-unsigned-integers.patch
+Patch127: 0016-libelf-check-loops-for-running-away.patch
+Patch128: 0017-libelf-abolish-obsolete-macros.patch
+Patch129: 0018-libxc-Add-range-checking-to-xc_dom_binloader.patch
+Patch130: 0019-libxc-check-failure-of-xc_dom_-_to_ptr-xc_map_foreig.patch
+Patch131: 0020-libxc-check-return-values-from-malloc.patch
+Patch132: 0021-libxc-range-checks-in-xc_dom_p2m_host-and-_guest.patch
+Patch133: 0022-libxc-check-blob-size-before-proceeding-in-xc_dom_ch.patch
+Patch134: 0023-libxc-Better-range-check-in-xc_dom_alloc_segment.patch
+Patch135: CVE-2013-2211
+Patch136: CVE-2013-1432
URL: http://www.xen.org/products/xenhyp.html
%{?with_opengl:BuildRequires: OpenGL-devel}
%{?with_sdl:BuildRequires: SDL-devel >= 1.2.1}
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+# CVE
+%patch100 -p1
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
+%patch104 -p1
+%patch105 -p1
+%patch106 -p1
+%patch107 -p1
+%patch108 -p1
+%patch109 -p1
+%patch110 -p1
+%patch111 -p1
+%patch112 -p1
+%patch113 -p1
+%patch114 -p1
+%patch115 -p1
+%patch116 -p1
+%patch117 -p1
+%patch118 -p1
+%patch119 -p1
+%patch120 -p1
+%patch121 -p1
+%patch122 -p1
+%patch123 -p1
+%patch124 -p1
+%patch125 -p1
+%patch126 -p1
+%patch127 -p1
+%patch128 -p1
+%patch129 -p1
+%patch130 -p1
+%patch131 -p1
+%patch132 -p1
+%patch133 -p1
+%patch134 -p1
+%patch135 -p1
+%patch136 -p1
# stubdom sources
ln -s %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} stubdom
echo GIT=/bin/false >> Config.mk
%build
+# if gold is used then bioses and grub doesn't build
+install -d our-ld
+ln -s /usr/bin/ld.bfd our-ld/ld
+export PATH=$(pwd)/our-ld:$PATH
+
export CFLAGS="%{rpmcflags} -I/usr/include/ncurses"
export CXXFLAGS="%{rpmcflags} -I/usr/include/ncurses"
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/{xen/examples,modules-load.d,logrotate.d} \
- $RPM_BUILD_ROOT{/usr/lib/tmpfiles.d,%{systemdunitdir},/var/log/xen/console}
+ $RPM_BUILD_ROOT{%{systemdtmpfilesdir},%{systemdunitdir},/var/log/xen/console} \
+ $RPM_BUILD_ROOT/etc/efi-boot/update.d
%{__make} -j1 install-xen install-tools install-stubdom install-docs \
%{!?with_ocaml:OCAML_TOOLS=n} \
install %{SOURCE35} $RPM_BUILD_ROOT/etc/sysconfig/xenconsoled
install %{SOURCE36} $RPM_BUILD_ROOT%{systemdunitdir}/xenstored.service
install %{SOURCE37} $RPM_BUILD_ROOT/etc/sysconfig/xenstored
-install %{SOURCE38} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/xenstored.conf
+install %{SOURCE38} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/xenstored.conf
install %{SOURCE39} $RPM_BUILD_ROOT%{systemdunitdir}/xend.service
-install %{SOURCE40} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/xend.conf
+install %{SOURCE40} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/xend.conf
install %{SOURCE41} $RPM_BUILD_ROOT%{systemdunitdir}/xen-watchdog.service
install %{SOURCE42} $RPM_BUILD_ROOT/etc/modules-load.d/xen-dom0.conf
+install %{SOURCE43} $RPM_BUILD_ROOT%{_prefix}/lib/%{name}/bin/xendomains.sh
+install %{SOURCE44} $RPM_BUILD_ROOT%{systemdunitdir}/xendomains.service
# sysvinit scripts
%{__rm} $RPM_BUILD_ROOT/etc/rc.d/init.d/*
install %{SOURCE50} $RPM_BUILD_ROOT/etc/rc.d/init.d/xend
install %{SOURCE53} $RPM_BUILD_ROOT/etc/rc.d/init.d/xen-watchdog
install %{SOURCE54} $RPM_BUILD_ROOT/etc/rc.d/init.d/xendomains
install %{SOURCE55} $RPM_BUILD_ROOT/etc/logrotate.d/xen
+install %{SOURCE56} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/xen.conf
+
+install %{SOURCE60} $RPM_BUILD_ROOT%{_prefix}/lib/%{name}/bin/xen-init-list
+install %{SOURCE61} $RPM_BUILD_ROOT%{_prefix}/lib/%{name}/bin/xen-toolstack
+
+%if %{with efi}
+install %{SOURCE57} $RPM_BUILD_ROOT/etc/efi-boot/xen.cfg
+sed -e's;@libdir@;%{_libdir};g' -e's;@target_cpu@;%{_target_cpu};g' \
+ %{SOURCE58} > $RPM_BUILD_ROOT/etc/efi-boot/update.d/xen.conf
+%endif
mv $RPM_BUILD_ROOT/etc/xen/{x{m,l}example*,examples}
+install %{SOURCE59} $RPM_BUILD_ROOT%{_sysconfdir}/xen/scripts/vif-openvswitch
+
# for %%doc
install -d _doc
for tool in blktap blktap2 pygrub xenmon ; do
/sbin/chkconfig --add xenconsoled
/sbin/chkconfig --add xenstored
/sbin/chkconfig --add xendomains
-%systemd_post xen-watchdog.service xenconsoled.service
-
-export NORESTART=1
-%systemd_post xenstored.service
-if [ $1 -ne 1 ] ; then
- /bin/systemd_booted && echo "xenstored.service must not be restarted, ever!" || :
-fi
+NORESTART=1
+%systemd_post xen-watchdog.service xenconsoled.service xenstored.service xendomains.service
%preun
if [ "$1" = "0" ]; then
%service xen-watchdog stop
/sbin/chkconfig --del xen-watchdog
fi
-%systemd_preun xen-watchdog.service xenconsoled.service xenstored.service
+%systemd_preun xen-watchdog.service xenconsoled.service xenstored.service xendomains.service
%postun
%systemd_reload
%post libs-guest -p /sbin/ldconfig
%postun libs-guest -p /sbin/ldconfig
+%post efi
+[ -x /sbin/efi-boot-update ] && /sbin/efi-boot-update --auto || :
+
%files
%defattr(644,root,root,755)
-%doc COPYING README* docs/misc/*
+%doc COPYING README* docs/misc/*
%doc docs/html/*
%doc tools/qemu-xen-dir/*.html
%doc _doc/*
%{systemdunitdir}/xen-watchdog.service
%{systemdunitdir}/xenconsoled.service
%{systemdunitdir}/xenstored.service
+%{systemdunitdir}/xendomains.service
%dir %{_sysconfdir}/xen
%dir %{_sysconfdir}/xen/auto
%dir %{_sysconfdir}/xen/examples
%if "%{_lib}" != "lib"
%dir %{_prefix}/lib/%{name}
%dir %{_prefix}/lib/%{name}/bin
-%attr(755,root,root) %{_prefix}/lib/%{name}/bin/qemu-dm
-%attr(755,root,root) %{_prefix}/lib/%{name}/bin/stubdom-dm
-%attr(755,root,root) %{_prefix}/lib/%{name}/bin/stubdompath.sh
+%attr(755,root,root) %{_prefix}/lib/%{name}/bin/*
%endif
%dir %{_prefix}/lib/%{name}/boot
%{_prefix}/lib/%{name}/boot/ioemu-stubdom.gz
%{_sharedstatedir}/xenstored
%dir /var/run/xenstored
%{systemdtmpfilesdir}/xenstored.conf
+%{systemdtmpfilesdir}/xen.conf
%dir %attr(0700,root,root) /var/log/xen
%dir %attr(0700,root,root) /var/log/xen/console
%{_datadir}/qemu-xen
%defattr(644,root,root,755)
%dir %{_libdir}/efi
%{_libdir}/efi/*.efi
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/efi-boot/xen.cfg
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/efi-boot/update.d/xen.conf
%endif