mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
xen: patch for many XSAs
- XSA-190 - XSA-191 - XSA-192 - XSA-193 - XSA-195 - XSA-196 - XSA-198 - XSA-200 - XSA_202 - XSA-204
This commit is contained in:
Graham Christensen
parent
c7a2073323
commit
4e6c7faf36
|
|
@ -2,8 +2,19 @@
|
|||
|
||||
let
|
||||
# Xen 4.5.5
|
||||
#
|
||||
# Patching XEN? Check the XSAs and try applying all the ones we
|
||||
# don't have yet.
|
||||
#
|
||||
# XSAs at: https://xenbits.xen.org/xsa/
|
||||
xenConfig = rec {
|
||||
version = "4.5.5";
|
||||
|
||||
xsaPatch = { name , sha256 }: (fetchpatch {
|
||||
url = "https://xenbits.xen.org/xsa/xsa${name}.patch";
|
||||
inherit sha256;
|
||||
});
|
||||
|
||||
name = "xen-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
|
|
@ -52,25 +63,60 @@ let
|
|||
}
|
||||
];
|
||||
|
||||
xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch
|
||||
./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch
|
||||
./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch
|
||||
(fetchpatch {
|
||||
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218547";
|
||||
name = "CVE-2016-9385.patch";
|
||||
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218536";
|
||||
name = "CVE-2016-9377-CVE-2016-9378-part1.patch";
|
||||
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218537";
|
||||
name = "CVE-2016-9377-CVE-2016-9378-part2.patch";
|
||||
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz";
|
||||
})
|
||||
];
|
||||
# Note this lacks patches for:
|
||||
# XSA-201
|
||||
# XSA-199
|
||||
# XSA-197
|
||||
# they didn't apply, and there are plenty of other patches here
|
||||
# to get this deployed as-is.
|
||||
xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch
|
||||
./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch
|
||||
./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch
|
||||
(xsaPatch {
|
||||
name = "190-4.5";
|
||||
sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "191-4.6";
|
||||
sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "192-4.5";
|
||||
sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "193-4.5";
|
||||
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "195";
|
||||
sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject";
|
||||
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "196-0002-x86-svm-Fix-injection-of-software-interrupts";
|
||||
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "198";
|
||||
sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "200-4.6";
|
||||
sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "202-4.6";
|
||||
sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f";
|
||||
})
|
||||
(xsaPatch {
|
||||
name = "204-4.5";
|
||||
sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp";
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
in callPackage ./generic.nix (args // { xenConfig=xenConfig; })
|
||||
|
|
|
|||
Loading…
Reference in a new issue