[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes]
|
From: |
Nicolas Graves |
|
Subject: |
[bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes] |
|
Date: |
Tue, 8 Oct 2024 10:12:49 +0200 |
This fixes at least 10 different CVEs.
* gnu/packages/virtualization.scm (xen): Update to 4.19.0.
[arguments]<#make-flags>: Add SHLIB flags.
<#phases>: Update 'patch phase.
[origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
xen-remove-config.gz-timestamp.patch from here...
* gnu/packages/patches: ...here and...
* gnu/local.mk: ...here.
---
gnu/local.mk | 2 -
.../xen-docs-use-predictable-ordering.patch | 34 -----------------
.../xen-remove-config.gz-timestamp.patch | 37 -------------------
gnu/packages/virtualization.scm | 18 ++++-----
4 files changed, 9 insertions(+), 82 deletions(-)
delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch
delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index c48f4bfeca..74241a894e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2316,8 +2316,6 @@ dist_patch_DATA =
\
%D%/packages/patches/x265-arm-flags.patch \
%D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
- %D%/packages/patches/xen-docs-use-predictable-ordering.patch \
- %D%/packages/patches/xen-remove-config.gz-timestamp.patch \
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
%D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch \
%D%/packages/patches/xf86-video-savage-xorg-compat.patch \
diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
deleted file mode 100644
index 557da5775a..0000000000
--- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian. See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: Maximilian Engelhardt <maxi@daemonizer.de>
-Date: Fri, 18 Dec 2020 21:42:34 +0100
-Subject: docs: use predictable ordering in generated documentation
-
-When the seq number is equal, sort by the title to get predictable
-output ordering. This is useful for reproducible builds.
-
-Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de>
-Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
-(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21)
----
- docs/xen-headers | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/xen-headers b/docs/xen-headers
-index 5415563..8c434d7 100755
---- a/docs/xen-headers
-+++ b/docs/xen-headers
-@@ -331,7 +331,7 @@ sub output_index () {
- <h2>Starting points</h2>
- <ul>
- END
-- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) {
-+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp
$b->{Title} } @incontents) {
- $o .= "<li><a href=\"$ic->{Href}\">$ic->{Title}</a></li>\n";
- }
- $o .= "</ul>\n";
diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
deleted file mode 100644
index a7396c564d..0000000000
--- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian. See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?=
- <frederic.pierret@qubes-os.org>
-Date: Wed, 4 Nov 2020 09:24:40 +0100
-Subject: xen: don't have timestamp inserted in config.gz
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-This is for improving reproducible builds.
-
-Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
-Acked-by: Jan Beulich <jbeulich@suse.com>
-(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f)
----
- xen/common/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/common/Makefile b/xen/common/Makefile
-index 06881d0..32cd650 100644
---- a/xen/common/Makefile
-+++ b/xen/common/Makefile
-@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/
-
- CONF_FILE := $(if $(patsubst
/%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG)
- config.gz: $(CONF_FILE)
-- gzip -c $< >$@
-+ gzip -n -c $< >$@
-
- config_data.o: config.gz
-
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 59137eb2d4..2a9ae40534 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -2560,7 +2560,7 @@ (define-public bochs
(define-public xen
(package
(name "xen")
- (version "4.14.6") ; please update the mini-os input as well
+ (version "4.19.0") ; please update the mini-os input as well
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2569,10 +2569,7 @@ (define-public xen
(file-name (git-file-name name version))
(sha256
(base32
- "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn"))
- (patches
- (search-patches "xen-docs-use-predictable-ordering.patch"
- "xen-remove-config.gz-timestamp.patch"))))
+ "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23"))))
(build-system gnu-build-system)
(arguments
(list
@@ -2607,6 +2604,9 @@ (define-public xen
(string-append "BOOT_DIR=" #$output "/boot")
(string-append "DEBUG_DIR=" #$output "/lib/debug")
(string-append "EFI_DIR=" #$output "/lib/efi")
+ (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib")
+ (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib")
+ (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib")
"MINIOS_UPSTREAM_URL=")
#:test-target "test"
#:phases
@@ -2631,7 +2631,7 @@ (define-public xen
(assoc-ref inputs "cross-libc") "/include")))
;; /var is not in /gnu/store, so don't try to create it.
(substitute* '("tools/Makefile"
- "tools/xenstore/Makefile"
+ "tools/xenstored/Makefile"
"tools/xenpaging/Makefile")
(("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*")
"\n")
@@ -2735,14 +2735,14 @@ (define (filter-environment! filter-predicate
;; at time of packaging, but upstream has unfortunately modified
;; existing tags in the past. Also, not all Xen releases get a
;; new tag. See
<https://xenbits.xen.org/gitweb/?p=mini-os.git>.
- (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5")))
+ (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a")))
(sha256
- (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1"))
+ (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq"))
(file-name (string-append name "-" version "-mini-os-git-checkout")))
perl
;; TODO: markdown.
pkg-config
- python-2
+ python
wget
(cross-gcc "i686-linux-gnu"
#:xbinutils (cross-binutils "i686-linux-gnu")
--
2.46.0
- [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes],
Nicolas Graves <=