xen: update port and apply security fixes

 * Apply the following Xen security fixes (XSAs): 167, 168, 170.
 * Update SeaBIOS version to 1.8.2, and apply build fix so it builds with
   ELF toolchain objcopy [0].
 * Perform the backport of two functional changes to the Xen kernel in order
   to improve PVH Dom0 hardware support [1].

Security:		CVE-2016-1570
Security:		CVE-2016-1571
Security:		CVE-2016-2271
Sponsored by:		Citrix Systems R&D
Requested by:		Gustau Pérez <gperez@entel.upc.edu> [1]
PR:			207170 [0]
Approved by:		bapt
Differential revision:	https://reviews.freebsd.org/D5420

4 files changed, 86 insertions, 14 deletions

diff --git a/sysutils/xen-tools/Makefile b/sysutils/xen-tools/Makefile
index c13390465ca5..6bf1ed7cb5a8 100644
--- a/sysutils/xen-tools/Makefile
+++ b/sysutils/xen-tools/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	xen
 PORTVERSION=	4.5.2
-PORTREVISION=   1
+PORTREVISION=   2
 CATEGORIES=	sysutils emulators
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ \
 		http://code.coreboot.org/p/seabios/downloads/get/:seabios
@@ -24,7 +24,7 @@ OPTIONS_DEFINE=	DOCS
 ONLY_FOR_ARCHS=	amd64
 ONLY_FOR_ARCHS_REASON=	"not yet ported to anything other than amd64"
 
-SEABIOSVERSION=	1.8.1
+SEABIOSVERSION=	1.8.2
 DISTFILES+=	${DISTNAME}.tar.gz \
 		seabios-${SEABIOSVERSION}.tar.gz:seabios
 
@@ -49,6 +49,7 @@ QEMU_ARGS=	--disable-gtk \
 		--cxx=c++
 
 EXTRA_PATCHES=	${FILESDIR}/0002-libxc-fix-xc_dom_load_elf_symtab.patch:-p1 \
+		${FILESDIR}/0001-build-fix-.text-section-address-alignment.patch:-p1 \
 		${FILESDIR}/xsa160-4.6.patch:-p1
 
 CONFIGURE_ARGS+=	--with-extra-qemuu-configure-args="${QEMU_ARGS}"
@@ -77,9 +78,9 @@ post-patch:
 		${WRKSRC}/tools/qemu-xen-traditional/i386-dm/helper2.c \
 		${WRKSRC}/docs/man/*
 	@for p in ${FILESDIR}/*qemuu*.patch; do \
-                 ${ECHO_CMD} "====> Applying $${p##*/}" ; \
-                 ${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
-         done
+		${ECHO_CMD} "====> Applying $${p##*/}" ; \
+		${PATCH} -s -p1 -i $${p} -d ${WRKSRC}/tools/qemu-xen ; \
+	done
 
 post-install:
 	${MKDIR} ${STAGEDIR}/var/run/xen
diff --git a/sysutils/xen-tools/distinfo b/sysutils/xen-tools/distinfo
index 9d13e407bc3f..42babf2c8556 100644
--- a/sysutils/xen-tools/distinfo
+++ b/sysutils/xen-tools/distinfo
@@ -1,4 +1,4 @@
 SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8
 SIZE (xen-4.5.2.tar.gz) = 18416220
-SHA256 (seabios-1.8.1.tar.gz) = 283bd848f5ce9d4bc52add973a856347e02c9ce89a9e6bc92c99359b87c9871d
-SIZE (seabios-1.8.1.tar.gz) = 537712
+SHA256 (seabios-1.8.2.tar.gz) = f59479307fdae840de398b75aacb2333c8eba24a5964d68c77e32ca6c987ee61
+SIZE (seabios-1.8.2.tar.gz) = 538497
diff --git a/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch b/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch
new file mode 100644
index 000000000000..7bd4bf4ad5eb
--- /dev/null
+++ b/sysutils/xen-tools/files/0001-build-fix-.text-section-address-alignment.patch
@@ -0,0 +1,71 @@
+From 70a912f04dec2b556f37a60d1f596fcedb13f8a8 Mon Sep 17 00:00:00 2001
+From: Kevin O'Connor <kevin@koconnor.net>
+Date: Wed, 24 Feb 2016 11:45:55 +0100
+Subject: [PATCH] build: fix .text section address alignment
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some linkers verify that sections have a start address that is aligned
+with the minimum alignment of that section.  Add extra padding to the
+".text" section to ensure it is always aligned with the maximum
+alignment of any section placed in ".text".
+
+Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reported by: Ed Maste <emaste@FreeBSD.org>
+---
+ scripts/layoutrom.py | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/tools/firmware/seabios-dir/scripts/layoutrom.py b/tools/firmware/seabios-dir/scripts/layoutrom.py
+index dd770fe..c7e406c 100755
+--- a/tools/firmware/seabios-dir/scripts/layoutrom.py
++++ b/tools/firmware/seabios-dir/scripts/layoutrom.py
+@@ -34,18 +34,22 @@ COMMONTRAILER = """
+ # Determine section locations
+ ######################################################################
+ 
+-# Align 'pos' to 'alignbytes' offset
++# Align 'pos' up to 'alignbytes' offset
+ def alignpos(pos, alignbytes):
+     mask = alignbytes - 1
+     return (pos + mask) & ~mask
+ 
++# Align 'pos' down to 'alignbytes' offset
++def aligndown(pos, alignbytes):
++    mask = alignbytes - 1
++    return pos & ~mask
++
+ # Determine the final addresses for a list of sections that end at an
+ # address.
+ def setSectionsStart(sections, endaddr, minalign=1, segoffset=0):
+     totspace = 0
+     for section in sections:
+-        if section.align > minalign:
+-            minalign = section.align
++        minalign = max(minalign, section.align)
+         totspace = alignpos(totspace, section.align) + section.size
+     startaddr = int((endaddr - totspace) / minalign) * minalign
+     curaddr = startaddr
+@@ -267,7 +271,7 @@ def doLayout(sections, config, genreloc):
+         final_sec32low_end = BUILD_LOWRAM_END
+         zonelow_base = final_sec32low_end - 64*1024
+     relocdelta = final_sec32low_end - sec32low_end
+-    li.sec32low_start, li.sec32low_align = setSectionsStart(
++    li.sec32low_start, sec32low_align = setSectionsStart(
+         sections32low, sec32low_end, 16
+         , segoffset=zonelow_base - relocdelta)
+     li.sec32low_end = sec32low_end
+@@ -399,6 +403,8 @@ def writeLinkerScripts(li, out16, out32seg, out32flat):
+     filesections32flat = getSectionsFileid(li.sections, '32flat')
+     out = outXRefs([], exportsyms=li.varlowsyms
+                    , forcedelta=li.final_sec32low_start-li.sec32low_start)
++    sec32all_align = max([section.align for section in li.sections])
++    sec32all_start = aligndown(sec32all_start, sec32all_align)
+     out += outXRefs(filesections32flat, exportsyms=[li.entrysym]) + """
+     _reloc_min_align = 0x%x ;
+     zonefseg_start = 0x%x ;
+-- 
+2.5.4 (Apple Git-61)
+
diff --git a/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh b/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
index 82790ed0ce91..ff55a744832c 100644
--- a/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
+++ b/sysutils/xen-tools/files/patch-tools_firmware_seabios-dir_scripts_buildversion.sh
@@ -1,11 +1,11 @@
 --- tools/firmware/seabios-dir/scripts/buildversion.sh.orig	2015-03-13 09:02:17 UTC
 +++ tools/firmware/seabios-dir/scripts/buildversion.sh
-@@ -11,7 +11,7 @@ elif [ -f .version ]; then
+@@ -12,7 +12,7 @@ if [ -z "$BUILD_VERSION" ]; then
+     else
+         VERSION="?"
+     fi
+-    VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
++    VERSION="${VERSION}"
  else
-     VERSION="?"
+     VERSION="$BUILD_VERSION"
  fi
--VERSION="${VERSION}-`date +"%Y%m%d_%H%M%S"`-`hostname`"
-+VERSION="${VERSION}"
- echo "Version: ${VERSION}"
- 
- # Build header file