[bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes]

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes]
@ 2024-10-08  8:12 Nicolas Graves via Guix-patches via
  2024-10-14 12:02 ` bug#73698: " Ludovic Courtès
  0 siblings, 1 reply; 2+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-08  8:12 UTC (permalink / raw)
  To: 73698; +Cc: Nicolas Graves

This fixes at least 10 different CVEs.

* gnu/packages/virtualization.scm (xen): Update to 4.19.0.
[arguments]<#make-flags>: Add SHLIB flags.
           <#phases>: Update 'patch phase.
[origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
                   xen-remove-config.gz-timestamp.patch from here...
* gnu/packages/patches: ...here and...
* gnu/local.mk: ...here.
---
 gnu/local.mk                                  |  2 -
 .../xen-docs-use-predictable-ordering.patch   | 34 -----------------
 .../xen-remove-config.gz-timestamp.patch      | 37 -------------------
 gnu/packages/virtualization.scm               | 18 ++++-----
 4 files changed, 9 insertions(+), 82 deletions(-)
 delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch
 delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index c48f4bfeca..74241a894e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2316,8 +2316,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/x265-arm-flags.patch			\
   %D%/packages/patches/xdg-desktop-portal-disable-portal-tests.patch\
   %D%/packages/patches/xdg-desktop-portal-wlr-harcoded-length.patch\
-  %D%/packages/patches/xen-docs-use-predictable-ordering.patch	\
-  %D%/packages/patches/xen-remove-config.gz-timestamp.patch	\
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-nouveau-fixup-ABI.patch	\
   %D%/packages/patches/xf86-video-savage-xorg-compat.patch 	\
diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
deleted file mode 100644
index 557da5775a..0000000000
--- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian.  See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: Maximilian Engelhardt <maxi@daemonizer.de>
-Date: Fri, 18 Dec 2020 21:42:34 +0100
-Subject: docs: use predictable ordering in generated documentation
-
-When the seq number is equal, sort by the title to get predictable
-output ordering. This is useful for reproducible builds.
-
-Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de>
-Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
-(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21)
----
- docs/xen-headers | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/xen-headers b/docs/xen-headers
-index 5415563..8c434d7 100755
---- a/docs/xen-headers
-+++ b/docs/xen-headers
-@@ -331,7 +331,7 @@ sub output_index () {
- <h2>Starting points</h2>
- <ul>
- END
--    foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) {
-+    foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) {
-         $o .= "<li><a href=\"$ic->{Href}\">$ic->{Title}</a></li>\n";
-     }
-     $o .= "</ul>\n";
diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
deleted file mode 100644
index a7396c564d..0000000000
--- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian.  See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?=
- <frederic.pierret@qubes-os.org>
-Date: Wed, 4 Nov 2020 09:24:40 +0100
-Subject: xen: don't have timestamp inserted in config.gz
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-This is for improving reproducible builds.
-
-Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
-Acked-by: Jan Beulich <jbeulich@suse.com>
-(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f)
----
- xen/common/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/common/Makefile b/xen/common/Makefile
-index 06881d0..32cd650 100644
---- a/xen/common/Makefile
-+++ b/xen/common/Makefile
-@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/
- 
- CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG)
- config.gz: $(CONF_FILE)
--	gzip -c $< >$@
-+	gzip -n -c $< >$@
- 
- config_data.o: config.gz
- 
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 59137eb2d4..2a9ae40534 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -2560,7 +2560,7 @@ (define-public bochs
 (define-public xen
   (package
     (name "xen")
-    (version "4.14.6")               ; please update the mini-os input as well
+    (version "4.19.0")               ; please update the mini-os input as well
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -2569,10 +2569,7 @@ (define-public xen
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn"))
-              (patches
-               (search-patches "xen-docs-use-predictable-ordering.patch"
-                               "xen-remove-config.gz-timestamp.patch"))))
+                "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23"))))
     (build-system gnu-build-system)
     (arguments
      (list
@@ -2607,6 +2604,9 @@ (define-public xen
               (string-append "BOOT_DIR=" #$output "/boot")
               (string-append "DEBUG_DIR=" #$output "/lib/debug")
               (string-append "EFI_DIR=" #$output "/lib/efi")
+              (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib")
+              (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib")
+              (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib")
               "MINIOS_UPSTREAM_URL=")
       #:test-target "test"
       #:phases
@@ -2631,7 +2631,7 @@ (define-public xen
                                 (assoc-ref inputs "cross-libc") "/include")))
               ;; /var is not in /gnu/store, so don't try to create it.
               (substitute* '("tools/Makefile"
-                             "tools/xenstore/Makefile"
+                             "tools/xenstored/Makefile"
                              "tools/xenpaging/Makefile")
                 (("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*")
                  "\n")
@@ -2735,14 +2735,14 @@ (define (filter-environment! filter-predicate
                ;; at time of packaging, but upstream has unfortunately modified
                ;; existing tags in the past.  Also, not all Xen releases get a
                ;; new tag.  See <https://xenbits.xen.org/gitweb/?p=mini-os.git>.
-               (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5")))
+               (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a")))
          (sha256
-          (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1"))
+          (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq"))
          (file-name (string-append name "-" version "-mini-os-git-checkout")))
        perl
        ;; TODO: markdown.
        pkg-config
-       python-2
+       python
        wget
        (cross-gcc "i686-linux-gnu"
                   #:xbinutils (cross-binutils "i686-linux-gnu")
-- 
2.46.0





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* bug#73698: [PATCH] gnu: xen: Update to 4.19.0. [security fixes]
  2024-10-08  8:12 [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes] Nicolas Graves via Guix-patches via
@ 2024-10-14 12:02 ` Ludovic Courtès
  0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2024-10-14 12:02 UTC (permalink / raw)
  To: Nicolas Graves; +Cc: 73698-done

Nicolas Graves <ngraves@ngraves.fr> skribis:

> This fixes at least 10 different CVEs.
>
> * gnu/packages/virtualization.scm (xen): Update to 4.19.0.
> [arguments]<#make-flags>: Add SHLIB flags.
>            <#phases>: Update 'patch phase.
> [origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
>                    xen-remove-config.gz-timestamp.patch from here...
> * gnu/packages/patches: ...here and...
> * gnu/local.mk: ...here.

Applied, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-10-14 12:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-08  8:12 [bug#73698] [PATCH] gnu: xen: Update to 4.19.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-14 12:02 ` bug#73698: " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).