All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alistair Francis <alistair.francis@xilinx.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes
Date: Tue, 19 Sep 2017 09:43:56 -0700	[thread overview]
Message-ID: <CAKmqyKOWDM_KamGwforin6s9b_+PFifTs6kR+-nzrc94tpghaw@mail.gmail.com> (raw)
In-Reply-To: <20170919150314.31745-1-peter@korsgaard.com>

On Tue, Sep 19, 2017 at 8:03 AM, Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> XSA-226: multiple problems with transitive grants (CVE-2017-12135)
> XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
> XSA-228: grant_table: Race conditions with maptrack free list handling
>          (CVE-2017-12136)
> XSA-230: grant_table: possibly premature clearing of GTF_writing /
>          GTF_reading (CVE-2017-12855)
> XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
> XSA-232: Missing check for grant table (CVE-2017-14318)
> XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
> XSA-234: insufficient grant unmapping checks for x86 PV guests
>          (CVE-2017-14319)
> XSA-235: add-to-physmap error paths fail to release lock on ARM
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>

Thanks,
Alistair

> ---
>  package/xen/xen.hash |  9 +++++++++
>  package/xen/xen.mk   | 10 ++++++++++
>  2 files changed, 19 insertions(+)
>
> diff --git a/package/xen/xen.hash b/package/xen/xen.hash
> index bcce39bd8b..3c5981a247 100644
> --- a/package/xen/xen.hash
> +++ b/package/xen/xen.hash
> @@ -1,2 +1,11 @@
>  # Locally computed
>  sha256 cade643fe3310d4d6f97d0c215c6fa323bc1130d7e64d7e2043ffaa73a96f33b xen-4.9.0.tar.gz
> +sha256 b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch
> +sha256 9923a47e5f86949800887596f098954a08ef73a01d74b1dbe16cab2e6b1fabb2 xsa227.patch
> +sha256 1979e111442517891b483e316a15a760a4c992ac4440f95e361ff12f4bebff62 xsa228.patch
> +sha256 77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc xsa230.patch
> +sha256 71a53a5133c8d4e381dd0e3e54205d31dea545ab62b261084dd3aea140f88cad xsa231-4.9.patch
> +sha256 5068a78293daa58557c30c95141b775becfb650de6a5eda0d82a4a321ced551c xsa232.patch
> +sha256 f721cc49ba692b2f36299b631451f51d7340b8b4732f74c98f01cb7a80d8662b xsa233.patch
> +sha256 213f9d81a4ab785db67b9f579c9e88c9c8586c46b93f466a309060750df2df32 xsa234-4.9.patch
> +sha256 d8f012734fbf6019c1ff864744e308c41dfb9c7804ca3be2771c2c972cdf4bd5 xsa235-4.9.patch
> diff --git a/package/xen/xen.mk b/package/xen/xen.mk
> index 90e73853de..5bb18e6e34 100644
> --- a/package/xen/xen.mk
> +++ b/package/xen/xen.mk
> @@ -6,6 +6,16 @@
>
>  XEN_VERSION = 4.9.0
>  XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
> +XEN_PATCH = \
> +       https://xenbits.xenproject.org/xsa/xsa226.patch \
> +       https://xenbits.xenproject.org/xsa/xsa227.patch \
> +       https://xenbits.xenproject.org/xsa/xsa228.patch \
> +       https://xenbits.xenproject.org/xsa/xsa230.patch \
> +       https://xenbits.xenproject.org/xsa/xsa231-4.9.patch \
> +       https://xenbits.xenproject.org/xsa/xsa232.patch \
> +       https://xenbits.xenproject.org/xsa/xsa233.patch \
> +       https://xenbits.xenproject.org/xsa/xsa234-4.9.patch \
> +       https://xenbits.xenproject.org/xsa/xsa235-4.9.patch
>  XEN_LICENSE = GPL-2.0
>  XEN_LICENSE_FILES = COPYING
>  XEN_DEPENDENCIES = host-acpica host-python
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

  reply	other threads:[~2017-09-19 16:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-19 15:03 [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes Peter Korsgaard
2017-09-19 16:43 ` Alistair Francis [this message]
2017-09-19 19:59 ` Peter Korsgaard
2017-10-16 21:57 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKmqyKOWDM_KamGwforin6s9b_+PFifTs6kR+-nzrc94tpghaw@mail.gmail.com \
    --to=alistair.francis@xilinx.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.