From unknown Sat Aug 16 19:32:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes] Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Oct 2024 08:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 73698 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73698@debbugs.gnu.org Cc: Nicolas Graves X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.172837519925725 (code B ref -1); Tue, 08 Oct 2024 08:14:01 +0000 Received: (at submit) by debbugs.gnu.org; 8 Oct 2024 08:13:19 +0000 Received: from localhost ([127.0.0.1]:50746 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy5LL-0006gq-0L for submit@debbugs.gnu.org; Tue, 08 Oct 2024 04:13:19 -0400 Received: from lists.gnu.org ([209.51.188.17]:47728) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy5LI-0006gg-0c for submit@debbugs.gnu.org; Tue, 08 Oct 2024 04:13:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sy5L7-0004w2-Vr for guix-patches@gnu.org; Tue, 08 Oct 2024 04:13:07 -0400 Received: from 8.mo550.mail-out.ovh.net ([178.33.110.239]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sy5L4-0007iv-PW for guix-patches@gnu.org; Tue, 08 Oct 2024 04:13:05 -0400 Received: from director11.ghost.mail-out.ovh.net (unknown [10.109.148.146]) by mo550.mail-out.ovh.net (Postfix) with ESMTP id 4XN809740Sz1Vdh for ; Tue, 8 Oct 2024 08:12:57 +0000 (UTC) Received: from ghost-submission-55b549bf7b-zdcm5 (unknown [10.110.188.135]) by director11.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 44EFF1FE45; Tue, 8 Oct 2024 08:12:56 +0000 (UTC) Received: from ngraves.fr ([37.59.142.95]) by ghost-submission-55b549bf7b-zdcm5 with ESMTPSA id cL68BYjpBGfJtwsAdrgkHA (envelope-from ); Tue, 08 Oct 2024 08:12:56 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-95G001199fb346-39a1-4f62-9f74-cb2944619afa, 83E631236A2B63DF756DDFD3729F0B2EAC058DF1) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 86.246.19.221 From: Nicolas Graves Date: Tue, 8 Oct 2024 10:12:49 +0200 Message-ID: <20241008081253.1142-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 16827700009120424674 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdefuddgtdduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeefhfevteejgeffteevteekueeifeektdektdegtdfghfefieekffeljeejheetffenucffohhmrghinhepuggvsghirghnrdhorhhgpdigvghnrdhorhhgnecukfhppeduvdejrddtrddtrddupdekiedrvdegiedrudelrddvvddupdefjedrheelrddugedvrdelheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepghhuihigqdhprghttghhvghssehgnhhurdhorhhgpdfovfetjfhoshhtpehmohehhedtpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=dhPmP64iSuYNh68mPZOpmpCCJXEQ9xzB4hxV6avl++4=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1728375178; v=1; b=AZhnRjIYdNpATTNh6hUygtjl8ZYrS4OQFGYrKAYe/VRmUWR0FkfBmXhtG/mWCOiFt0ngqNAD Yj421dji0rjyEJOwVsagHg48XsO3piIXhbtjhHIOH+vom4dbPe7YJ3pfeN0G/TFQ9eLhkPJZ+Im cBOB1aG1R2fXaFBKJnGPQpk1PqnW58P0puz68LMXKUSj98LrMnRJo9R+STe+L+6zvVgZGZDdGN3 57K6Z3N2PrOmQX5AHrO1Ofr96yn1Zs/LsewdLIdJ7isrdhB3J+iyLgn3UZujin7G/PHvFKLz4nU oPl+qRNAhfgLrSjuIBkMHDjO3edry+0vUDSri/E9f8vnQ== Received-SPF: pass client-ip=178.33.110.239; envelope-from=ngraves@ngraves.fr; helo=8.mo550.mail-out.ovh.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This fixes at least 10 different CVEs. * gnu/packages/virtualization.scm (xen): Update to 4.19.0. [arguments]<#make-flags>: Add SHLIB flags. <#phases>: Update 'patch phase. [origin]: Remove xen-docs-use-predictable-ordering.patch and xen-remove-config.gz-timestamp.patch from here... * gnu/packages/patches: ...here and... * gnu/local.mk: ...here. --- gnu/local.mk | 2 - .../xen-docs-use-predictable-ordering.patch | 34 ----------------- .../xen-remove-config.gz-timestamp.patch | 37 ------------------- gnu/packages/virtualization.scm | 18 ++++----- 4 files changed, 9 insertions(+), 82 deletions(-) delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch diff --git a/gnu/local.mk b/gnu/local.mk index c48f4bfeca..74241a894e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2316,8 +2316,6 @@ dist_patch_DATA = \ %D%/packages/patches/x265-arm-flags.patch \ %D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\ %D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\ - %D%/packages/patches/xen-docs-use-predictable-ordering.patch \ - %D%/packages/patches/xen-remove-config.gz-timestamp.patch \ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ %D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch \ %D%/packages/patches/xf86-video-savage-xorg-compat.patch \ diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch deleted file mode 100644 index 557da5775a..0000000000 --- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Sun Sep 24 02:00:00 2023 +0200 -Subject: xen: docs: Use predictable ordering. - -What follows was taken verbatim from Debian. See: -https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/ - -From: Maximilian Engelhardt -Date: Fri, 18 Dec 2020 21:42:34 +0100 -Subject: docs: use predictable ordering in generated documentation - -When the seq number is equal, sort by the title to get predictable -output ordering. This is useful for reproducible builds. - -Signed-off-by: Maximilian Engelhardt -Acked-by: Andrew Cooper -(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21) ---- - docs/xen-headers | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/docs/xen-headers b/docs/xen-headers -index 5415563..8c434d7 100755 ---- a/docs/xen-headers -+++ b/docs/xen-headers -@@ -331,7 +331,7 @@ sub output_index () { -

Starting points

-
    - END -- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) { -+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) { - $o .= "
  • {Href}\">$ic->{Title}
    • \n"; - } - $o .= "
\n"; diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch deleted file mode 100644 index a7396c564d..0000000000 --- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Sun Sep 24 02:00:00 2023 +0200 -Subject: xen: docs: Use predictable ordering. - -What follows was taken verbatim from Debian. See: -https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/ - -From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?= - -Date: Wed, 4 Nov 2020 09:24:40 +0100 -Subject: xen: don't have timestamp inserted in config.gz -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -This is for improving reproducible builds. - -Signed-off-by: Frédéric Pierret (fepitre) -Acked-by: Jan Beulich -(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f) ---- - xen/common/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/common/Makefile b/xen/common/Makefile -index 06881d0..32cd650 100644 ---- a/xen/common/Makefile -+++ b/xen/common/Makefile -@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ - - CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG) - config.gz: $(CONF_FILE) -- gzip -c $< >$@ -+ gzip -n -c $< >$@ - - config_data.o: config.gz - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 59137eb2d4..2a9ae40534 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -2560,7 +2560,7 @@ (define-public bochs (define-public xen (package (name "xen") - (version "4.14.6") ; please update the mini-os input as well + (version "4.19.0") ; please update the mini-os input as well (source (origin (method git-fetch) (uri (git-reference @@ -2569,10 +2569,7 @@ (define-public xen (file-name (git-file-name name version)) (sha256 (base32 - "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn")) - (patches - (search-patches "xen-docs-use-predictable-ordering.patch" - "xen-remove-config.gz-timestamp.patch")))) + "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23")))) (build-system gnu-build-system) (arguments (list @@ -2607,6 +2604,9 @@ (define-public xen (string-append "BOOT_DIR=" #$output "/boot") (string-append "DEBUG_DIR=" #$output "/lib/debug") (string-append "EFI_DIR=" #$output "/lib/efi") + (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib") + (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib") + (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib") "MINIOS_UPSTREAM_URL=") #:test-target "test" #:phases @@ -2631,7 +2631,7 @@ (define-public xen (assoc-ref inputs "cross-libc") "/include"))) ;; /var is not in /gnu/store, so don't try to create it. (substitute* '("tools/Makefile" - "tools/xenstore/Makefile" + "tools/xenstored/Makefile" "tools/xenpaging/Makefile") (("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*") "\n") @@ -2735,14 +2735,14 @@ (define (filter-environment! filter-predicate ;; at time of packaging, but upstream has unfortunately modified ;; existing tags in the past. Also, not all Xen releases get a ;; new tag. See . - (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5"))) + (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a"))) (sha256 - (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1")) + (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq")) (file-name (string-append name "-" version "-mini-os-git-checkout"))) perl ;; TODO: markdown. pkg-config - python-2 + python wget (cross-gcc "i686-linux-gnu" #:xbinutils (cross-binutils "i686-linux-gnu") -- 2.46.0 From unknown Sat Aug 16 19:32:39 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Nicolas Graves Subject: bug#73698: closed (Re: [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes]) Message-ID: References: <87wmia28pi.fsf@gnu.org> <20241008081253.1142-1-ngraves@ngraves.fr> X-Gnu-PR-Message: they-closed 73698 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 73698@debbugs.gnu.org Date: Mon, 14 Oct 2024 12:04:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1728907442-21299-1" This is a multi-part message in MIME format... ------------=_1728907442-21299-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #73698: [PATCH] gnu: xen: Update to 4.19.0. [security fixes] which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 73698@debbugs.gnu.org. --=20 73698: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D73698 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1728907442-21299-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 73698-done) by debbugs.gnu.org; 14 Oct 2024 12:03:20 +0000 Received: from localhost ([127.0.0.1]:36214 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0JnD-0005Ui-OD for submit@debbugs.gnu.org; Mon, 14 Oct 2024 08:03:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44840) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t0JnC-0005UC-7n for 73698-done@debbugs.gnu.org; Mon, 14 Oct 2024 08:03:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t0Jmo-00075O-OD; Mon, 14 Oct 2024 08:02:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=DokhIZKkyCMTVraJELjbbF//SYj3RewXpvAknVeHCCc=; b=NqnIB8qBKZ30QGK/Qt+2 2OFpGvglWZhC0jxBWPgXgtfUfavOahjqioTldgwqX80ZF0MAvQxYmgPXihCwn+XxTqFW5t7CiBxxM uaoZ9/0fY7S4BCM4WtcLEsE39GAqAY+W9V7QmO2Xh2M/mEv7wmq+a2SipV4GDdpN3/l78vKmp5Qy7 jJ85SiSqmguxfNanNyr3QiZ2F2wrdvT56n7Xw7P+11jtMy4EIp5UbI0jPUTIiuOsO0uu6Ob62ez6M 50u+Fvz+crM9bQ/TNYcgDDEdDioLvecHahZaYYGagumbYWDPHuftHJKbsrM/ULHh4AHsKTGjSGTUa rF7y8xugjsa8hg==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Nicolas Graves Subject: Re: [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes] In-Reply-To: <20241008081253.1142-1-ngraves@ngraves.fr> (Nicolas Graves's message of "Tue, 8 Oct 2024 10:12:49 +0200") References: <20241008081253.1142-1-ngraves@ngraves.fr> Date: Mon, 14 Oct 2024 14:02:49 +0200 Message-ID: <87wmia28pi.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 73698-done Cc: 73698-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Nicolas Graves skribis: > This fixes at least 10 different CVEs. > > * gnu/packages/virtualization.scm (xen): Update to 4.19.0. > [arguments]<#make-flags>: Add SHLIB flags. > <#phases>: Update 'patch phase. > [origin]: Remove xen-docs-use-predictable-ordering.patch and > xen-remove-config.gz-timestamp.patch from here... > * gnu/packages/patches: ...here and... > * gnu/local.mk: ...here. Applied, thanks! ------------=_1728907442-21299-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 8 Oct 2024 08:13:19 +0000 Received: from localhost ([127.0.0.1]:50746 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy5LL-0006gq-0L for submit@debbugs.gnu.org; Tue, 08 Oct 2024 04:13:19 -0400 Received: from lists.gnu.org ([209.51.188.17]:47728) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy5LI-0006gg-0c for submit@debbugs.gnu.org; Tue, 08 Oct 2024 04:13:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sy5L7-0004w2-Vr for guix-patches@gnu.org; Tue, 08 Oct 2024 04:13:07 -0400 Received: from 8.mo550.mail-out.ovh.net ([178.33.110.239]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sy5L4-0007iv-PW for guix-patches@gnu.org; Tue, 08 Oct 2024 04:13:05 -0400 Received: from director11.ghost.mail-out.ovh.net (unknown [10.109.148.146]) by mo550.mail-out.ovh.net (Postfix) with ESMTP id 4XN809740Sz1Vdh for ; Tue, 8 Oct 2024 08:12:57 +0000 (UTC) Received: from ghost-submission-55b549bf7b-zdcm5 (unknown [10.110.188.135]) by director11.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 44EFF1FE45; Tue, 8 Oct 2024 08:12:56 +0000 (UTC) Received: from ngraves.fr ([37.59.142.95]) by ghost-submission-55b549bf7b-zdcm5 with ESMTPSA id cL68BYjpBGfJtwsAdrgkHA (envelope-from ); Tue, 08 Oct 2024 08:12:56 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-95G001199fb346-39a1-4f62-9f74-cb2944619afa, 83E631236A2B63DF756DDFD3729F0B2EAC058DF1) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 86.246.19.221 From: Nicolas Graves To: guix-patches@gnu.org Subject: [PATCH] gnu: xen: Update to 4.19.0. [security fixes] Date: Tue, 8 Oct 2024 10:12:49 +0200 Message-ID: <20241008081253.1142-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 16827700009120424674 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdefuddgtdduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeefhfevteejgeffteevteekueeifeektdektdegtdfghfefieekffeljeejheetffenucffohhmrghinhepuggvsghirghnrdhorhhgpdigvghnrdhorhhgnecukfhppeduvdejrddtrddtrddupdekiedrvdegiedrudelrddvvddupdefjedrheelrddugedvrdelheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepghhuihigqdhprghttghhvghssehgnhhurdhorhhgpdfovfetjfhoshhtpehmohehhedtpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=dhPmP64iSuYNh68mPZOpmpCCJXEQ9xzB4hxV6avl++4=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1728375178; v=1; b=AZhnRjIYdNpATTNh6hUygtjl8ZYrS4OQFGYrKAYe/VRmUWR0FkfBmXhtG/mWCOiFt0ngqNAD Yj421dji0rjyEJOwVsagHg48XsO3piIXhbtjhHIOH+vom4dbPe7YJ3pfeN0G/TFQ9eLhkPJZ+Im cBOB1aG1R2fXaFBKJnGPQpk1PqnW58P0puz68LMXKUSj98LrMnRJo9R+STe+L+6zvVgZGZDdGN3 57K6Z3N2PrOmQX5AHrO1Ofr96yn1Zs/LsewdLIdJ7isrdhB3J+iyLgn3UZujin7G/PHvFKLz4nU oPl+qRNAhfgLrSjuIBkMHDjO3edry+0vUDSri/E9f8vnQ== Received-SPF: pass client-ip=178.33.110.239; envelope-from=ngraves@ngraves.fr; helo=8.mo550.mail-out.ovh.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: Nicolas Graves X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This fixes at least 10 different CVEs. * gnu/packages/virtualization.scm (xen): Update to 4.19.0. [arguments]<#make-flags>: Add SHLIB flags. <#phases>: Update 'patch phase. [origin]: Remove xen-docs-use-predictable-ordering.patch and xen-remove-config.gz-timestamp.patch from here... * gnu/packages/patches: ...here and... * gnu/local.mk: ...here. --- gnu/local.mk | 2 - .../xen-docs-use-predictable-ordering.patch | 34 ----------------- .../xen-remove-config.gz-timestamp.patch | 37 ------------------- gnu/packages/virtualization.scm | 18 ++++----- 4 files changed, 9 insertions(+), 82 deletions(-) delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch diff --git a/gnu/local.mk b/gnu/local.mk index c48f4bfeca..74241a894e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2316,8 +2316,6 @@ dist_patch_DATA = \ %D%/packages/patches/x265-arm-flags.patch \ %D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\ %D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\ - %D%/packages/patches/xen-docs-use-predictable-ordering.patch \ - %D%/packages/patches/xen-remove-config.gz-timestamp.patch \ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ %D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch \ %D%/packages/patches/xf86-video-savage-xorg-compat.patch \ diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch deleted file mode 100644 index 557da5775a..0000000000 --- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Sun Sep 24 02:00:00 2023 +0200 -Subject: xen: docs: Use predictable ordering. - -What follows was taken verbatim from Debian. See: -https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/ - -From: Maximilian Engelhardt -Date: Fri, 18 Dec 2020 21:42:34 +0100 -Subject: docs: use predictable ordering in generated documentation - -When the seq number is equal, sort by the title to get predictable -output ordering. This is useful for reproducible builds. - -Signed-off-by: Maximilian Engelhardt -Acked-by: Andrew Cooper -(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21) ---- - docs/xen-headers | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/docs/xen-headers b/docs/xen-headers -index 5415563..8c434d7 100755 ---- a/docs/xen-headers -+++ b/docs/xen-headers -@@ -331,7 +331,7 @@ sub output_index () { -

Starting points

-
    - END -- foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) { -+ foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) { - $o .= "
  • {Href}\">$ic->{Title}
    • \n"; - } - $o .= "
\n"; diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch deleted file mode 100644 index a7396c564d..0000000000 --- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Sun Sep 24 02:00:00 2023 +0200 -Subject: xen: docs: Use predictable ordering. - -What follows was taken verbatim from Debian. See: -https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/ - -From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?= - -Date: Wed, 4 Nov 2020 09:24:40 +0100 -Subject: xen: don't have timestamp inserted in config.gz -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -This is for improving reproducible builds. - -Signed-off-by: Frédéric Pierret (fepitre) -Acked-by: Jan Beulich -(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f) ---- - xen/common/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/common/Makefile b/xen/common/Makefile -index 06881d0..32cd650 100644 ---- a/xen/common/Makefile -+++ b/xen/common/Makefile -@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/ - - CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG) - config.gz: $(CONF_FILE) -- gzip -c $< >$@ -+ gzip -n -c $< >$@ - - config_data.o: config.gz - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 59137eb2d4..2a9ae40534 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -2560,7 +2560,7 @@ (define-public bochs (define-public xen (package (name "xen") - (version "4.14.6") ; please update the mini-os input as well + (version "4.19.0") ; please update the mini-os input as well (source (origin (method git-fetch) (uri (git-reference @@ -2569,10 +2569,7 @@ (define-public xen (file-name (git-file-name name version)) (sha256 (base32 - "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn")) - (patches - (search-patches "xen-docs-use-predictable-ordering.patch" - "xen-remove-config.gz-timestamp.patch")))) + "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23")))) (build-system gnu-build-system) (arguments (list @@ -2607,6 +2604,9 @@ (define-public xen (string-append "BOOT_DIR=" #$output "/boot") (string-append "DEBUG_DIR=" #$output "/lib/debug") (string-append "EFI_DIR=" #$output "/lib/efi") + (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib") + (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib") + (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib") "MINIOS_UPSTREAM_URL=") #:test-target "test" #:phases @@ -2631,7 +2631,7 @@ (define-public xen (assoc-ref inputs "cross-libc") "/include"))) ;; /var is not in /gnu/store, so don't try to create it. (substitute* '("tools/Makefile" - "tools/xenstore/Makefile" + "tools/xenstored/Makefile" "tools/xenpaging/Makefile") (("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*") "\n") @@ -2735,14 +2735,14 @@ (define (filter-environment! filter-predicate ;; at time of packaging, but upstream has unfortunately modified ;; existing tags in the past. Also, not all Xen releases get a ;; new tag. See . - (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5"))) + (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a"))) (sha256 - (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1")) + (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq")) (file-name (string-append name "-" version "-mini-os-git-checkout"))) perl ;; TODO: markdown. pkg-config - python-2 + python wget (cross-gcc "i686-linux-gnu" #:xbinutils (cross-binutils "i686-linux-gnu") -- 2.46.0 ------------=_1728907442-21299-1--