GNU bug report logs -
#73698
[PATCH] gnu: xen: Update to 4.19.0. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Tue, 8 Oct 2024 08:14:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73698 in the body.
You can then email your comments to 73698 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#73698; Package
guix-patches.
(Tue, 08 Oct 2024 08:14:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 08 Oct 2024 08:14:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes at least 10 different CVEs.
* gnu/packages/virtualization.scm (xen): Update to 4.19.0.
[arguments]<#make-flags>: Add SHLIB flags.
<#phases>: Update 'patch phase.
[origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
xen-remove-config.gz-timestamp.patch from here...
* gnu/packages/patches: ...here and...
* gnu/local.mk: ...here.
---
gnu/local.mk | 2 -
.../xen-docs-use-predictable-ordering.patch | 34 -----------------
.../xen-remove-config.gz-timestamp.patch | 37 -------------------
gnu/packages/virtualization.scm | 18 ++++-----
4 files changed, 9 insertions(+), 82 deletions(-)
delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch
delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index c48f4bfeca..74241a894e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2316,8 +2316,6 @@ dist_patch_DATA = \
%D%/packages/patches/x265-arm-flags.patch \
%D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\
%D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
- %D%/packages/patches/xen-docs-use-predictable-ordering.patch \
- %D%/packages/patches/xen-remove-config.gz-timestamp.patch \
%D%/packages/patches/xf86-video-ark-remove-mibstore.patch \
%D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch \
%D%/packages/patches/xf86-video-savage-xorg-compat.patch \
diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
deleted file mode 100644
index 557da5775a..0000000000
--- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Tobias Geerinckx-Rice <me <at> tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian. See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: Maximilian Engelhardt <maxi <at> daemonizer.de>
-Date: Fri, 18 Dec 2020 21:42:34 +0100
-Subject: docs: use predictable ordering in generated documentation
-
-When the seq number is equal, sort by the title to get predictable
-output ordering. This is useful for reproducible builds.
-
-Signed-off-by: Maximilian Engelhardt <maxi <at> daemonizer.de>
-Acked-by: Andrew Cooper <andrew.cooper3 <at> citrix.com>
-(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21)
----
- docs/xen-headers | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/xen-headers b/docs/xen-headers
-index 5415563..8c434d7 100755
---- a/docs/xen-headers
-+++ b/docs/xen-headers
-@@ -331,7 +331,7 @@ sub output_index () {
- <h2>Starting points</h2>
- <ul>
- END
-- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) {
-+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) {
- $o .= "<li><a href=\"$ic->{Href}\">$ic->{Title}</a></li>\n";
- }
- $o .= "</ul>\n";
diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
deleted file mode 100644
index a7396c564d..0000000000
--- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Tobias Geerinckx-Rice <me <at> tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian. See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?=
- <frederic.pierret <at> qubes-os.org>
-Date: Wed, 4 Nov 2020 09:24:40 +0100
-Subject: xen: don't have timestamp inserted in config.gz
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-This is for improving reproducible builds.
-
-Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret <at> qubes-os.org>
-Acked-by: Jan Beulich <jbeulich <at> suse.com>
-(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f)
----
- xen/common/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/common/Makefile b/xen/common/Makefile
-index 06881d0..32cd650 100644
---- a/xen/common/Makefile
-+++ b/xen/common/Makefile
-@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/
-
- CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG)
- config.gz: $(CONF_FILE)
-- gzip -c $< >$@
-+ gzip -n -c $< >$@
-
- config_data.o: config.gz
-
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 59137eb2d4..2a9ae40534 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -2560,7 +2560,7 @@ (define-public bochs
(define-public xen
(package
(name "xen")
- (version "4.14.6") ; please update the mini-os input as well
+ (version "4.19.0") ; please update the mini-os input as well
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2569,10 +2569,7 @@ (define-public xen
(file-name (git-file-name name version))
(sha256
(base32
- "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn"))
- (patches
- (search-patches "xen-docs-use-predictable-ordering.patch"
- "xen-remove-config.gz-timestamp.patch"))))
+ "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23"))))
(build-system gnu-build-system)
(arguments
(list
@@ -2607,6 +2604,9 @@ (define-public xen
(string-append "BOOT_DIR=" #$output "/boot")
(string-append "DEBUG_DIR=" #$output "/lib/debug")
(string-append "EFI_DIR=" #$output "/lib/efi")
+ (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib")
+ (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib")
+ (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib")
"MINIOS_UPSTREAM_URL=")
#:test-target "test"
#:phases
@@ -2631,7 +2631,7 @@ (define-public xen
(assoc-ref inputs "cross-libc") "/include")))
;; /var is not in /gnu/store, so don't try to create it.
(substitute* '("tools/Makefile"
- "tools/xenstore/Makefile"
+ "tools/xenstored/Makefile"
"tools/xenpaging/Makefile")
(("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*")
"\n")
@@ -2735,14 +2735,14 @@ (define (filter-environment! filter-predicate
;; at time of packaging, but upstream has unfortunately modified
;; existing tags in the past. Also, not all Xen releases get a
;; new tag. See <https://xenbits.xen.org/gitweb/?p=mini-os.git>.
- (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5")))
+ (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a")))
(sha256
- (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1"))
+ (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq"))
(file-name (string-append name "-" version "-mini-os-git-checkout")))
perl
;; TODO: markdown.
pkg-config
- python-2
+ python
wget
(cross-gcc "i686-linux-gnu"
#:xbinutils (cross-binutils "i686-linux-gnu")
--
2.46.0
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Mon, 14 Oct 2024 12:04:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer.
(Mon, 14 Oct 2024 12:04:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 73698-done <at> debbugs.gnu.org (full text, mbox):
Nicolas Graves <ngraves <at> ngraves.fr> skribis:
> This fixes at least 10 different CVEs.
>
> * gnu/packages/virtualization.scm (xen): Update to 4.19.0.
> [arguments]<#make-flags>: Add SHLIB flags.
> <#phases>: Update 'patch phase.
> [origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
> xen-remove-config.gz-timestamp.patch from here...
> * gnu/packages/patches: ...here and...
> * gnu/local.mk: ...here.
Applied, thanks!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 11 Nov 2024 12:24:14 GMT)
Full text and
rfc822 format available.
This bug report was last modified 278 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.