tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-05-15 13:45:54 +02:00
Code Activity

gnu: xen: Update to 4.19.0. [security fixes]

Browse Source 
This fixes at least 10 different CVEs.

* gnu/packages/virtualization.scm (xen): Update to 4.19.0.
[arguments]<#make-flags>: Add SHLIB flags.
           <#phases>: Update 'patch phase.
[origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
                   xen-remove-config.gz-timestamp.patch from here...
* gnu/packages/patches: ...here and...
* gnu/local.mk: ...here.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Nicolas Graves
2024-10-08 10:12:49 +02:00
committed by Ludovic Courtès
parent 4e61129923
commit ebf369563a
4 changed files with 9 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gnu/local.mk
-2
View File
@@ -2318,8 +2318,6 @@ dist_patch_DATA = \
%D%/packages/patches/x265-arm-flags.patch \
%D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
%D%/packages/patches/xen-docs-use-predictable-ordering.patch \
%D%/packages/patches/xen-remove-config.gz-timestamp.patch \
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
%D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch \
%D%/packages/patches/xf86-video-savage-xorg-compat.patch \
gnu/packages/patches/xen-docs-use-predictable-ordering.patch
-34
View File
@@ -1,34 +0,0 @@
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sun Sep 24 02:00:00 2023 +0200
Subject: xen: docs: Use predictable ordering.
What follows was taken verbatim from Debian. See:
https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
From: Maximilian Engelhardt <maxi@daemonizer.de>
Date: Fri, 18 Dec 2020 21:42:34 +0100
Subject: docs: use predictable ordering in generated documentation
When the seq number is equal, sort by the title to get predictable
output ordering. This is useful for reproducible builds.
Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21)
---
docs/xen-headers | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/xen-headers b/docs/xen-headers
index 5415563..8c434d7 100755
--- a/docs/xen-headers
+++ b/docs/xen-headers
@@ -331,7 +331,7 @@ sub output_index () {
<h2>Starting points</h2>
<ul>
END
- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) {
+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) {
$o .= "<li><a href=\"$ic->{Href}\">$ic->{Title}</a></li>\n";
}
$o .= "</ul>\n";
gnu/packages/patches/xen-remove-config.gz-timestamp.patch
-37
View File
@@ -1,37 +0,0 @@
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sun Sep 24 02:00:00 2023 +0200
Subject: xen: docs: Use predictable ordering.
What follows was taken verbatim from Debian. See:
https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?=
<frederic.pierret@qubes-os.org>
Date: Wed, 4 Nov 2020 09:24:40 +0100
Subject: xen: don't have timestamp inserted in config.gz
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
This is for improving reproducible builds.
Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f)
---
xen/common/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/Makefile b/xen/common/Makefile
index 06881d0..32cd650 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/
CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG)
config.gz: $(CONF_FILE)
- gzip -c $< >$@
+ gzip -n -c $< >$@
config_data.o: config.gz
gnu/packages/virtualization.scm
+9 -9
View File
@@ -2571,7 +2571,7 @@ DOS or Microsoft Windows.")
(define-public xen
(package
(name "xen")
(version "4.14.6") ; please update the mini-os input as well
(version "4.19.0") ; please update the mini-os input as well
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2580,10 +2580,7 @@ DOS or Microsoft Windows.")
(file-name (git-file-name name version))
(sha256
(base32
"1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn"))
(patches
(search-patches "xen-docs-use-predictable-ordering.patch"
"xen-remove-config.gz-timestamp.patch"))))
"1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23"))))
(build-system gnu-build-system)
(arguments
(list
@@ -2618,6 +2615,9 @@ DOS or Microsoft Windows.")
(string-append "BOOT_DIR=" #$output "/boot")
(string-append "DEBUG_DIR=" #$output "/lib/debug")
(string-append "EFI_DIR=" #$output "/lib/efi")
(string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib")
(string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib")
(string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib")
"MINIOS_UPSTREAM_URL=")
#:test-target "test"
#:phases
@@ -2642,7 +2642,7 @@ DOS or Microsoft Windows.")
(assoc-ref inputs "cross-libc") "/include")))
;; /var is not in /gnu/store, so don't try to create it.
(substitute* '("tools/Makefile"
"tools/xenstore/Makefile"
"tools/xenstored/Makefile"
"tools/xenpaging/Makefile")
(("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*")
"\n")
@@ -2746,14 +2746,14 @@ DOS or Microsoft Windows.")
;; at time of packaging, but upstream has unfortunately modified
;; existing tags in the past. Also, not all Xen releases get a
;; new tag. See <https://xenbits.xen.org/gitweb/?p=mini-os.git>.
(commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5")))
(commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a")))
(sha256
(base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1"))
(base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq"))
(file-name (string-append name "-" version "-mini-os-git-checkout")))
perl
;; TODO: markdown.
pkg-config
python-2
python
wget
(cross-gcc "i686-linux-gnu"
#:xbinutils (cross-binutils "i686-linux-gnu")