* [Buildroot] [PATCH] package/xen: add XSA-385, 386, 388, 389 security fixes
@ 2021-12-15 16:47 Peter Korsgaard
2021-12-16 19:08 ` Arnout Vandecappelle
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2021-12-15 16:47 UTC (permalink / raw)
To: buildroot; +Cc: Alistair Francis, Matt Weber
Fixes the following security issues:
- XSA-385: guests may exceed their designated memory limit
https://xenbits.xenproject.org/xsa/advisory-385.html
- XSA-386: PCI devices with RMRRs not deassigned correctly
https://xenbits.xenproject.org/xsa/advisory-386.html
- XSA-388: PoD operations on misaligned GFNs
https://xenbits.xenproject.org/xsa/advisory-388.html
- XSA-389: issues with partially successful P2M updates on x86
https://xenbits.xenproject.org/xsa/advisory-389.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/xen/xen.hash | 9 +++++++++
package/xen/xen.mk | 17 +++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/package/xen/xen.hash b/package/xen/xen.hash
index e30db09516..10a778053a 100644
--- a/package/xen/xen.hash
+++ b/package/xen/xen.hash
@@ -1,3 +1,12 @@
# Locally computed
sha256 a3dad76a772393a1875e8f44a6059a95fea4bde40f97b800966969ac6f3a498d xen-4.14.3.tar.gz
sha256 ecca9538e9d3f7e3c2bff827502f4495e2ef9e22c451298696ea08886b176c2c COPYING
+# https://xenbits.xenproject.org/xsa/advisory-385.html
+sha256 831e86c3adfec532b1a48a0b967b7c58c37db3733aee8d78216eb9d535b34f12 xsa385-4.15.patch
+# https://xenbits.xenproject.org/xsa/advisory-386.html
+sha256 f2f83c825e249bba9454437b48bbd8307fe7a224f56484388a67af124dfd279b xsa386.patch
+# https://xenbits.xenproject.org/xsa/advisory-388.html
+sha256 6917267482101a3f8f1d13905e14994344a0af81370c7a2b92275fb176b321a0 xsa388-4.14-1.patch
+sha256 d5886e046c69f34f98f7e1fc6ffcc36d92f8fc79242b9dc88412c39aa79b4ac3 xsa388-4.14-2.patch
+# https://xenbits.xenproject.org/xsa/advisory-389.html
+sha256 b243284679b32ab8c817a2e41562d8694d9781fa8096c268bb41b0cd91684baa xsa389-4.14.patch
diff --git a/package/xen/xen.mk b/package/xen/xen.mk
index b635996afb..cfc166dc4c 100644
--- a/package/xen/xen.mk
+++ b/package/xen/xen.mk
@@ -11,6 +11,23 @@ XEN_LICENSE_FILES = COPYING
XEN_CPE_ID_VENDOR = xen
XEN_CPE_ID_PREFIX = cpe:2.3:o
XEN_DEPENDENCIES = host-acpica host-python3
+XEN_PATCH = \
+ https://xenbits.xenproject.org/xsa/xsa385-4.15.patch \
+ https://xenbits.xenproject.org/xsa/xsa386.patch \
+ https://xenbits.xenproject.org/xsa/xsa388-4.14-1.patch \
+ https://xenbits.xenproject.org/xsa/xsa388-4.14-2.patch \
+ https://xenbits.xenproject.org/xsa/xsa389-4.14.patch
+
+# xsa385-4.15.patch
+XEN_IGNORE_CVES += CVE-2021-28706
+# xsa386.patch
+XEN_IGNORE_CVES += CVE-2021-28702
+# xsa388-4.14-1.patch
+XEN_IGNORE_CVES += CVE-2021-28704 CVE-2021-28707
+# xsa388-4.14-2.patch
+XEN_IGNORE_CVES += CVE-2021-28708
+# xsa389-4.14.patch
+XEN_IGNORE_CVES += CVE-2021-28705 CVE-2021-28709
# Calculate XEN_ARCH
ifeq ($(ARCH),aarch64)
--
2.20.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH] package/xen: add XSA-385, 386, 388, 389 security fixes
2021-12-15 16:47 [Buildroot] [PATCH] package/xen: add XSA-385, 386, 388, 389 security fixes Peter Korsgaard
@ 2021-12-16 19:08 ` Arnout Vandecappelle
0 siblings, 0 replies; 2+ messages in thread
From: Arnout Vandecappelle @ 2021-12-16 19:08 UTC (permalink / raw)
To: Peter Korsgaard, buildroot; +Cc: Alistair Francis, Matt Weber
On 15/12/2021 17:47, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> - XSA-385: guests may exceed their designated memory limit
> https://xenbits.xenproject.org/xsa/advisory-385.html
>
> - XSA-386: PCI devices with RMRRs not deassigned correctly
> https://xenbits.xenproject.org/xsa/advisory-386.html
>
> - XSA-388: PoD operations on misaligned GFNs
> https://xenbits.xenproject.org/xsa/advisory-388.html
>
> - XSA-389: issues with partially successful P2M updates on x86
> https://xenbits.xenproject.org/xsa/advisory-389.html
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/xen/xen.hash | 9 +++++++++
> package/xen/xen.mk | 17 +++++++++++++++++
> 2 files changed, 26 insertions(+)
>
> diff --git a/package/xen/xen.hash b/package/xen/xen.hash
> index e30db09516..10a778053a 100644
> --- a/package/xen/xen.hash
> +++ b/package/xen/xen.hash
> @@ -1,3 +1,12 @@
> # Locally computed
> sha256 a3dad76a772393a1875e8f44a6059a95fea4bde40f97b800966969ac6f3a498d xen-4.14.3.tar.gz
> sha256 ecca9538e9d3f7e3c2bff827502f4495e2ef9e22c451298696ea08886b176c2c COPYING
> +# https://xenbits.xenproject.org/xsa/advisory-385.html
> +sha256 831e86c3adfec532b1a48a0b967b7c58c37db3733aee8d78216eb9d535b34f12 xsa385-4.15.patch
> +# https://xenbits.xenproject.org/xsa/advisory-386.html
> +sha256 f2f83c825e249bba9454437b48bbd8307fe7a224f56484388a67af124dfd279b xsa386.patch
> +# https://xenbits.xenproject.org/xsa/advisory-388.html
> +sha256 6917267482101a3f8f1d13905e14994344a0af81370c7a2b92275fb176b321a0 xsa388-4.14-1.patch
> +sha256 d5886e046c69f34f98f7e1fc6ffcc36d92f8fc79242b9dc88412c39aa79b4ac3 xsa388-4.14-2.patch
> +# https://xenbits.xenproject.org/xsa/advisory-389.html
> +sha256 b243284679b32ab8c817a2e41562d8694d9781fa8096c268bb41b0cd91684baa xsa389-4.14.patch
> diff --git a/package/xen/xen.mk b/package/xen/xen.mk
> index b635996afb..cfc166dc4c 100644
> --- a/package/xen/xen.mk
> +++ b/package/xen/xen.mk
> @@ -11,6 +11,23 @@ XEN_LICENSE_FILES = COPYING
> XEN_CPE_ID_VENDOR = xen
> XEN_CPE_ID_PREFIX = cpe:2.3:o
> XEN_DEPENDENCIES = host-acpica host-python3
> +XEN_PATCH = \
> + https://xenbits.xenproject.org/xsa/xsa385-4.15.patch \
> + https://xenbits.xenproject.org/xsa/xsa386.patch \
> + https://xenbits.xenproject.org/xsa/xsa388-4.14-1.patch \
> + https://xenbits.xenproject.org/xsa/xsa388-4.14-2.patch \
> + https://xenbits.xenproject.org/xsa/xsa389-4.14.patch
> +
> +# xsa385-4.15.patch
> +XEN_IGNORE_CVES += CVE-2021-28706
> +# xsa386.patch
> +XEN_IGNORE_CVES += CVE-2021-28702
> +# xsa388-4.14-1.patch
> +XEN_IGNORE_CVES += CVE-2021-28704 CVE-2021-28707
> +# xsa388-4.14-2.patch
> +XEN_IGNORE_CVES += CVE-2021-28708
> +# xsa389-4.14.patch
> +XEN_IGNORE_CVES += CVE-2021-28705 CVE-2021-28709
>
> # Calculate XEN_ARCH
> ifeq ($(ARCH),aarch64)
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-16 19:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-15 16:47 [Buildroot] [PATCH] package/xen: add XSA-385, 386, 388, 389 security fixes Peter Korsgaard
2021-12-16 19:08 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.