1 files changed, 128 insertions, 64 deletions

diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 60cfe8f749a..1810b054d63 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -1,11 +1,11 @@
 # Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=xen
-pkgver=4.16.1
-pkgrel=3
+pkgver=4.18.2
+pkgrel=1
 pkgdesc="Xen hypervisor"
 url="https://www.xenproject.org/"
-arch="x86_64 armv7 aarch64" # enable armv7 when builds with gcc8
+arch="x86_64 armv7 aarch64"
 license="GPL-2.0-only"
 depends="bash iproute2 logrotate"
 depends_dev="
@@ -16,8 +16,6 @@ depends_dev="
 	dev86
 	e2fsprogs-dev
 	flex
-	gettext
-	glib-dev
 	gnutls-dev
 	libaio-dev
 	libcap-ng-dev
@@ -25,10 +23,11 @@ depends_dev="
 	linux-headers
 	lzo-dev
 	ncurses-dev
-	openssl1.1-compat-dev
+	openssl-dev>3
 	pciutils-dev
 	perl
 	perl-dev
+	py3-setuptools
 	python3-dev
 	spice-dev
 	texinfo
@@ -47,6 +46,8 @@ options="!strip"
 #   0:
 #     - CVE-2020-29568 XSA-349
 #     - CVE-2020-29569 XSA-350
+#     - CVE-2022-21127
+#     - CVE-2023-46840 XSA-450
 #   4.7.0-r0:
 #     - CVE-2016-6258 XSA-182
 #     - CVE-2016-6259 XSA-183
@@ -262,6 +263,7 @@ options="!strip"
 #     - CVE-2021-28701 XSA-384
 #   4.15.1-r1:
 #     - CVE-2021-28702 XSA-386
+#     - CVE-2021-28703 XSA-387
 #     - CVE-2021-28710 XSA-390
 #   4.15.1-r2:
 #     - CVE-2021-28704 XSA-388
@@ -288,6 +290,88 @@ options="!strip"
 #     - CVE-2022-21123 XSA-404
 #     - CVE-2022-21125 XSA-404
 #     - CVE-2022-21166 XSA-404
+#   4.16.1-r4:
+#     - CVE-2022-26365 XSA-403
+#     - CVE-2022-33740 XSA-403
+#     - CVE-2022-33741 XSA-403
+#     - CVE-2022-33742 XSA-403
+#   4.16.1-r5:
+#     - CVE-2022-23816 XSA-407
+#     - CVE-2022-23825 XSA-407
+#     - CVE-2022-29900 XSA-407
+#   4.16.1-r6:
+#     - CVE-2022-33745 XSA-408
+#   4.16.2-r1:
+#     - CVE-2022-42327 XSA-412
+#     - CVE-2022-42309 XSA-414
+#   4.16.2-r2:
+#     - CVE-2022-23824 XSA-422
+#   4.17.0-r0:
+#     - CVE-2022-42311 XSA-326
+#     - CVE-2022-42312 XSA-326
+#     - CVE-2022-42313 XSA-326
+#     - CVE-2022-42314 XSA-326
+#     - CVE-2022-42315 XSA-326
+#     - CVE-2022-42316 XSA-326
+#     - CVE-2022-42317 XSA-326
+#     - CVE-2022-42318 XSA-326
+#     - CVE-2022-33747 XSA-409
+#     - CVE-2022-33746 XSA-410
+#     - CVE-2022-33748 XSA-411
+#     - CVE-2022-33749 XSA-413
+#     - CVE-2022-42310 XSA-415
+#     - CVE-2022-42319 XSA-416
+#     - CVE-2022-42320 XSA-417
+#     - CVE-2022-42321 XSA-418
+#     - CVE-2022-42322 XSA-419
+#     - CVE-2022-42323 XSA-419
+#     - CVE-2022-42324 XSA-420
+#     - CVE-2022-42325 XSA-421
+#     - CVE-2022-42326 XSA-421
+#   4.17.0-r2:
+#     - CVE-2022-42330 XSA-425
+#     - CVE-2022-27672 XSA-426
+#   4.17.0-r5:
+#     - CVE-2022-42332 XSA-427
+#     - CVE-2022-42333 CVE-2022-43334 XSA-428
+#     - CVE-2022-42331 XSA-429
+#     - CVE-2022-42335 XSA-430
+#   4.17.1-r1:
+#     - CVE-2022-42336 XSA-431
+#   4.17.1-r3:
+#     - CVE-2023-20593 XSA-433
+#   4.17.1-r5:
+#     - CVE-2023-34320 XSA-436
+#   4.17.2-r0:
+#     - CVE-2023-20569 XSA-434
+#     - CVE-2022-40982 XSA-435
+#   4.17.2-r1:
+#     - CVE-2023-34321 XSA-437
+#     - CVE-2023-34322 XSA-438
+#   4.17.2-r2:
+#     - CVE-2023-20588 XSA-439
+#   4.17.2-r3:
+#     - CVE-2023-34323 XSA-440
+#     - CVE-2023-34326 XSA-442
+#     - CVE-2023-34325 XSA-443
+#     - CVE-2023-34327 XSA-444
+#     - CVE-2023-34328 XSA-444
+#   4.17.2-r4:
+#     - CVE-2023-46835 XSA-445
+#     - CVE-2023-46836 XSA-446
+#   4.18.0-r2:
+#     - CVE-2023-46837 XSA-447
+#   4.18.0-r3:
+#     - CVE-2023-46839 XSA-449
+#   4.18.0-r4:
+#     - CVE-2023-46841 XSA-451
+#   4.18.0-r5:
+#     - CVE-2023-28746 XSA-452
+#     - CVE-2024-2193 XSA-453
+#   4.18.2-r0:
+#     - CVE-2023-46842 XSA-454
+#     - CVE-2024-31142 XSA-455
+#     - CVE-2024-2201 XSA-456
 
 case "$CARCH" in
 x86*)
@@ -305,7 +389,9 @@ esac
 #	subpackages="$pkgname-dbg"
 #fi
 subpackages="$subpackages $pkgname-doc $pkgname-dev $pkgname-libs
-	$pkgname-hypervisor $pkgname-bridge $pkgname-qemu $pkgname-bash-completion"
+	$pkgname-hypervisor $pkgname-pyc $pkgname-bridge
+	$pkgname-bridge-openrc:bridge_openrc $pkgname-qemu
+	$pkgname-qemu-openrc:qemu_openrc $pkgname-bash-completion"
 
 # grep _VERSION= stubdom/configure
 _ZLIB_VERSION="1.2.3"
@@ -318,8 +404,7 @@ _POLARSSL_VERSION="1.1.4"
 _TPMEMU_VERSION="0.7.4"
 
 # grep ^IPXE_GIT_TAG tools/firmware/etherboot/Makefile
-_IPXE_GIT_TAG=3c040ad387099483102708bb1839110bc788cefb
-
+_IPXE_GIT_TAG=1d1cf74a5e58811822bee4b3da3cff7282fcdfca
 
 source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz
 	https://xenbits.xen.org/xen-extfiles/gmp-$_GMP_VERSION.tar.bz2
@@ -353,17 +438,6 @@ source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz
 	xendriverdomain.initd
 	xen-pci.initd
 	xen-pci.confd
-
-	xsa401-4.16-1.patch
-	xsa401-4.16-2.patch
-	xsa402-4.16-1.patch
-	xsa402-4.16-2.patch
-	xsa402-4.16-3.patch
-	xsa402-4.16-4.patch
-	xsa402-4.16-5.patch
-	xsa404-4.16-1.patch
-	xsa404-4.16-2.patch
-	xsa404-4.16-3.patch
 	"
 
 _seabios=/usr/share/seabios/bios-256k.bin
@@ -375,7 +449,8 @@ aarch64) export XEN_TARGET_ARCH="arm64";;
 esac
 
 prepare() {
-	local i _failed=''
+	default_prepare
+	local i
 
 	for i in $source; do
 		case $i in
@@ -386,9 +461,6 @@ prepare() {
 			cp "$srcdir"/$p tools/firmware/etherboot/patches/
 			echo "$p" >> tools/firmware/etherboot/patches/series
 			;;
-		*.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \
-				|| _failed="$_failed $i"
-			;;
 		*/ipxe-git-*)
 			ln -s "$srcdir"/${i##*/} \
 				tools/firmware/etherboot/ipxe.tar.gz
@@ -398,13 +470,6 @@ prepare() {
 			;;
 		esac
 	done
-	if [ -n "$_failed" ]; then
-		error "Patches failed:"
-		for i in $_failed; do
-			echo $i
-		done
-		return 1
-	fi
 
 	# remove all -Werror
 	msg "Eradicating -Werror..."
@@ -432,11 +497,6 @@ munge_cflags() {
 	unset LDFLAGS
 	unset LANG
 	unset LC_ALL
-
-	case "$CARCH" in
-	arm*) export CFLAGS="-mcpu=cortex-a15";;
-	aarch64) export CFLAGS="-mcpu=cortex-a53";;
-	esac
 }
 
 # These tasks are added as separate tasks to enable a packager
@@ -478,7 +538,7 @@ build_tools() {
 	munge_cflags
 
 	msg "Building tools..."
-	make tools
+	NO_WERROR=1 make tools
 }
 
 build_docs() {
@@ -570,9 +630,23 @@ hypervisor() {
 bridge() {
 	depends="dnsmasq"
 	pkgdesc="Bridge interface for XEN with dhcp"
+
+	mkdir -p "$subpkgdir"/etc/xen
+
+	cat ->>"$subpkgdir"/etc/xen/dnsmasq.conf <<EOF
+		#dhcp-host=somehost,10.0.4.3
+		#dhcp-host=otherhost,10.0.4.4
+EOF
+
+}
+
+bridge_openrc() {
+	depends=
+	pkgdesc="Bridge interface for XEN with dhcp (OpenRC init scripts)"
+	install_if="openrc ${subpkgname%-openrc}=$pkgver-r$pkgrel"
+
 	mkdir -p "$subpkgdir"/etc/conf.d \
-		"$subpkgdir"/etc/init.d \
-		"$subpkgdir"/etc/xen
+		"$subpkgdir"/etc/init.d
 
 	ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.xenbr0
 	cat ->>"$subpkgdir"/etc/conf.d/dnsmasq.xenbr0 <<EOF
@@ -584,11 +658,6 @@ bridge() {
 		BRIDGE_MAC="00:16:3f:00:00:00"
 		DNSMASQ_CONFFILE="/etc/xen/dnsmasq.conf"
 EOF
-	cat ->>"$subpkgdir"/etc/xen/dnsmasq.conf <<EOF
-		#dhcp-host=somehost,10.0.4.3
-		#dhcp-host=otherhost,10.0.4.4
-EOF
-
 }
 
 qemu() {
@@ -598,13 +667,9 @@ qemu() {
 		depends="$depends seabios-bin"
 		;;
 	esac
-	mkdir -p "$subpkgdir"/etc/conf.d \
-		"$subpkgdir"/etc/init.d \
-		"$subpkgdir"/usr/lib/xen/bin \
+	mkdir -p "$subpkgdir"/usr/lib/xen/bin \
 		"$subpkgdir"/usr/share/applications
 
-	amove etc/conf.d/xenqemu
-	amove etc/init.d/xenqemu
 	amove usr/lib/xen/bin/qemu*
 	mv "$pkgdir"/usr/share/qemu-xen/applications/qemu.desktop \
 		"$subpkgdir"/usr/share/applications/qemu-xen.desktop
@@ -628,8 +693,17 @@ qemu() {
 	esac
 }
 
+qemu_openrc() {
+	depends=
+	pkgdesc="QEMU for XEN (OpenRC init scripts)"
+	install_if="openrc ${subpkgname%-openrc}=$pkgver-r$pkgrel"
+
+	amove etc/conf.d/xenqemu
+	amove etc/init.d/xenqemu
+}
+
 sha512sums="
-eeabba9c263cd2425bca083e32b5ebfc6c716c00553759c144fd4b6f64a89836b260787fa25ba22c1f5c4ea65aaad7c95b8c2c1070d3377b1c43c9517aa7032a  xen-4.16.1.tar.gz
+c5feb450155883b5d2e7f43b05a64e7215b661b7d2f438d8f5a0896bd57283379ee11ca8e2e7a1d8787813cc6f1a260253fcb8688ed7d61a2bfb636db1626941  xen-4.18.2.tar.gz
 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf  gmp-4.3.2.tar.bz2
 c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb  grub-0.97.tar.gz
 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d  lwip-1.3.0.tar.gz
@@ -638,13 +712,13 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36
 88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad  polarssl-1.1.4-gpl.tgz
 4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35  tpm_emulator-0.7.4.tar.gz
 021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e  zlib-1.2.3.tar.gz
-4ac1d07ce879a3a8c6c260380258c37f5e4ecddc880b27fb59afc38fbf3718e81b04a4dda2b58fe7a438a23175e00b6179fc067acbc4a75e33d93c4b85ff5d68  ipxe-git-3c040ad387099483102708bb1839110bc788cefb.tar.gz
+e27644cbb030c43e2841058003bedea6deb979ba71591f967e01312527ed869bb863f9a03fc7b5a266752433d30164929ea1b935953a245600ad713c9fb25cb5  ipxe-git-1d1cf74a5e58811822bee4b3da3cff7282fcdfca.tar.gz
 b9c754220187955d01ffbb6e030dace9d9aaae755db1765d07e407858c71a2cb0de04e0ab2099cd121d9e1bc1978af06c7dbd2fd805e06eca12ac5d527f15a52  mini-os-__divmoddi4.patch
-fe3c253d03e1962ca4dd6bccd2e51817075450f51aa66e8ab9673bdd5a530dc08f1ed7817a1271ada028b0c34162f37cd6b24d84334403767caacd8206284cbb  qemu-xen_paths.patch
+15de6a62394ef9f338fbe25a434fe5c3725abef5fd98966b863e14a58dc447014c49ed890c4d469f60d63a0db763f3e84f0407201d71eb9bfe42a00054eee1d8  qemu-xen_paths.patch
 1c9cb24bf67a2e84466572198315d5501627addf1ccd55d8d83df8d77d269a6696cd45e4a55601495168284e3bff58fb39853f56c46aaddd14f6191821678cf6  hotplug-vif-vtrill.patch
 8c9cfc6afca325df1d8026e21ed03fa8cd2c7e1a21a56cc1968301c5ab634bfe849951899e75d328951d7a41273d1e49a2448edbadec0029ed410c43c0549812  hotplug-Linux-iscsi-block-handle-lun-1.patch
-6c28470dab368ce94d94db9e66954e4d915394ea730f6d4abb198ae122dbd7412453d6d8054f0a348d43d7f807fb13294363162f8b19f47311e802ffa9a40a90  stubdom-hack.patch
-a8dda349cab62febf2ef506eb26d2ba494a649b1c37206519ae23f02a36f600b19996bb8a148e5f21a240ec53ecfcf971a07686b9ddcdad417563fdf39b2215f  xenstored.initd
+ed0ab25cd1966df7df503d285c17ede434033665d1569f8fb28172f37a10222b30d662e2ea867519eb40843de58dc3a56883d6f66a4fafa0a6ee1056ba72c25d  stubdom-hack.patch
+9430940692d6bfb58b1438e0f5f84cb703fbca9ce9cc157a1313ab1ceff63222a1ae31c991543b20c8fc84300df2b22f4614b27bbff32f82e17f27fcd953143c  xenstored.initd
 093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0  xenstored.confd
 1dd04f4bf1890771aa7eef0b6e46f7139487da0907d28dcdbef9fbe335dcf731ca391cfcb175dd82924f637a308de00a69ae981f67348c34f04489ec5e5dc3b7  xenconsoled.initd
 30df69cc38d0bed26bc4d6e08a2b62cbdc654d5f663009a05cb3b83b3e3dc5e206362d3fd59abbb753ceb8d6d79eaa6e15d079bb8f4f35dc74667103faf4e85d  xenconsoled.confd
@@ -656,14 +730,4 @@ b833ed7334d912b519f317caefcf278274964838ca5588a0d58d9e91817e6c5519eab42521b78f7f
 bc40f7c0548162ce2181b34ea39064c0e1c529af95e0a282c78879916036cf7ac3c2cb7c433f8702a9fffe6e9257707d25fdccb6f8d045aef78b5e251a476309  xendriverdomain.initd
 a46337bebce24337f00adbe08095b9f5128c1f440e2033329e5ace9fd817a31fb772d75c0ecc7cc06f34b1522ebf8b21874ee4d0881a0f29851b1c1235f29cf3  xen-pci.initd
 2db5fa6edeeb028236460029b976a849f22b3a15d3929acc3911dc41f365b471c2b815eb111639bc230a69528b1571f3c2e9e8e1e81a6679e55387e39355aa99  xen-pci.confd
-070fcb4a4041bd9ed53fdca6ef743581be7b5ecee25bc51a4a1e4753aacabb3081834d8aa70db1f6220e5a689225ec2d90ea3df408bfdc72d84fd93cb8f45d72  xsa401-4.16-1.patch
-c7d88603b7377cfffd3f52117f546a9d9df09eb7f1937c7a91b7631f4b7ac2a0ce348b40955cbcdf46040f45657a06bb56282e62c9f57a2a15c3751da5013c8f  xsa401-4.16-2.patch
-b9566e4353562aa138208155bccef14d010cb269b3189fb12f525a91a7f52646e5a5f76536f1b26c7c2aab19521b14eb507bf255e265207e2b9994b42722803b  xsa402-4.16-1.patch
-f3374dd67733e0f7efdaa090e6b13ecec80a5848815f5abdb140433ad47e631a29a9f4645721d2ca8e88206a9bbcfc1dd1e90bb816081bb55afe6d908529b25a  xsa402-4.16-2.patch
-b39b0d0acc5856c12adae7d02c8a1429d028feffa6a57fe8d7848cd54f29e97822cad32c5a97661a76eba1015d79e5b45c7c8fd0ecc196a813e53ac73a557fb3  xsa402-4.16-3.patch
-32fca661482d6faa6a2a3c9eb57d74631fcab55722e2a989bfb5a1c79019a73668e28ca901274c7233c5ff7e8be5b6beeb126b1dedeb16eb0c7a8d29068636c3  xsa402-4.16-4.patch
-e0adabcf5b226cb23f74f10adcf7e898eacb12b2e2e2b53721a548a9a7260161ced10cd5fde0c297786a9e03c51ca7553f0701d857831e79fd047897fbaceaf0  xsa402-4.16-5.patch
-dbf0cc76b4463eade25868ffbe56e44fb8a4e298ad3386d0b007dcda0b820de8c223ede98b7f161bd0a2339373f49e30f0055892173622f690567d3615de2d46  xsa404-4.16-1.patch
-dbc33bc90c67b120654c8a3900ddf24ec0610b96e654ba3fe59144de524ef52b102e4f12c4b0858a93bf7995a1d21f0ea0cb8af224136cc81f9fb76f75c8c47c  xsa404-4.16-2.patch
-b28567937b867296f34fd6d4db7c9eab216856cad7ae81d38e40c75063459b86d04973e7f121956a0cafe4d1f457dd5d58c970d16a3cfa06784f80d4eecf0af9  xsa404-4.16-3.patch
 "