* [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes
@ 2017-09-19 15:03 Peter Korsgaard
2017-09-19 16:43 ` Alistair Francis
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-09-19 15:03 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
XSA-226: multiple problems with transitive grants (CVE-2017-12135)
XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
XSA-228: grant_table: Race conditions with maptrack free list handling
(CVE-2017-12136)
XSA-230: grant_table: possibly premature clearing of GTF_writing /
GTF_reading (CVE-2017-12855)
XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
XSA-232: Missing check for grant table (CVE-2017-14318)
XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
XSA-234: insufficient grant unmapping checks for x86 PV guests
(CVE-2017-14319)
XSA-235: add-to-physmap error paths fail to release lock on ARM
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/xen/xen.hash | 9 +++++++++
package/xen/xen.mk | 10 ++++++++++
2 files changed, 19 insertions(+)
diff --git a/package/xen/xen.hash b/package/xen/xen.hash
index bcce39bd8b..3c5981a247 100644
--- a/package/xen/xen.hash
+++ b/package/xen/xen.hash
@@ -1,2 +1,11 @@
# Locally computed
sha256 cade643fe3310d4d6f97d0c215c6fa323bc1130d7e64d7e2043ffaa73a96f33b xen-4.9.0.tar.gz
+sha256 b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch
+sha256 9923a47e5f86949800887596f098954a08ef73a01d74b1dbe16cab2e6b1fabb2 xsa227.patch
+sha256 1979e111442517891b483e316a15a760a4c992ac4440f95e361ff12f4bebff62 xsa228.patch
+sha256 77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc xsa230.patch
+sha256 71a53a5133c8d4e381dd0e3e54205d31dea545ab62b261084dd3aea140f88cad xsa231-4.9.patch
+sha256 5068a78293daa58557c30c95141b775becfb650de6a5eda0d82a4a321ced551c xsa232.patch
+sha256 f721cc49ba692b2f36299b631451f51d7340b8b4732f74c98f01cb7a80d8662b xsa233.patch
+sha256 213f9d81a4ab785db67b9f579c9e88c9c8586c46b93f466a309060750df2df32 xsa234-4.9.patch
+sha256 d8f012734fbf6019c1ff864744e308c41dfb9c7804ca3be2771c2c972cdf4bd5 xsa235-4.9.patch
diff --git a/package/xen/xen.mk b/package/xen/xen.mk
index 90e73853de..5bb18e6e34 100644
--- a/package/xen/xen.mk
+++ b/package/xen/xen.mk
@@ -6,6 +6,16 @@
XEN_VERSION = 4.9.0
XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
+XEN_PATCH = \
+ https://xenbits.xenproject.org/xsa/xsa226.patch \
+ https://xenbits.xenproject.org/xsa/xsa227.patch \
+ https://xenbits.xenproject.org/xsa/xsa228.patch \
+ https://xenbits.xenproject.org/xsa/xsa230.patch \
+ https://xenbits.xenproject.org/xsa/xsa231-4.9.patch \
+ https://xenbits.xenproject.org/xsa/xsa232.patch \
+ https://xenbits.xenproject.org/xsa/xsa233.patch \
+ https://xenbits.xenproject.org/xsa/xsa234-4.9.patch \
+ https://xenbits.xenproject.org/xsa/xsa235-4.9.patch
XEN_LICENSE = GPL-2.0
XEN_LICENSE_FILES = COPYING
XEN_DEPENDENCIES = host-acpica host-python
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes
2017-09-19 15:03 [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes Peter Korsgaard
@ 2017-09-19 16:43 ` Alistair Francis
2017-09-19 19:59 ` Peter Korsgaard
2017-10-16 21:57 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Alistair Francis @ 2017-09-19 16:43 UTC (permalink / raw)
To: buildroot
On Tue, Sep 19, 2017 at 8:03 AM, Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> XSA-226: multiple problems with transitive grants (CVE-2017-12135)
> XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
> XSA-228: grant_table: Race conditions with maptrack free list handling
> (CVE-2017-12136)
> XSA-230: grant_table: possibly premature clearing of GTF_writing /
> GTF_reading (CVE-2017-12855)
> XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
> XSA-232: Missing check for grant table (CVE-2017-14318)
> XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
> XSA-234: insufficient grant unmapping checks for x86 PV guests
> (CVE-2017-14319)
> XSA-235: add-to-physmap error paths fail to release lock on ARM
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Thanks,
Alistair
> ---
> package/xen/xen.hash | 9 +++++++++
> package/xen/xen.mk | 10 ++++++++++
> 2 files changed, 19 insertions(+)
>
> diff --git a/package/xen/xen.hash b/package/xen/xen.hash
> index bcce39bd8b..3c5981a247 100644
> --- a/package/xen/xen.hash
> +++ b/package/xen/xen.hash
> @@ -1,2 +1,11 @@
> # Locally computed
> sha256 cade643fe3310d4d6f97d0c215c6fa323bc1130d7e64d7e2043ffaa73a96f33b xen-4.9.0.tar.gz
> +sha256 b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch
> +sha256 9923a47e5f86949800887596f098954a08ef73a01d74b1dbe16cab2e6b1fabb2 xsa227.patch
> +sha256 1979e111442517891b483e316a15a760a4c992ac4440f95e361ff12f4bebff62 xsa228.patch
> +sha256 77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc xsa230.patch
> +sha256 71a53a5133c8d4e381dd0e3e54205d31dea545ab62b261084dd3aea140f88cad xsa231-4.9.patch
> +sha256 5068a78293daa58557c30c95141b775becfb650de6a5eda0d82a4a321ced551c xsa232.patch
> +sha256 f721cc49ba692b2f36299b631451f51d7340b8b4732f74c98f01cb7a80d8662b xsa233.patch
> +sha256 213f9d81a4ab785db67b9f579c9e88c9c8586c46b93f466a309060750df2df32 xsa234-4.9.patch
> +sha256 d8f012734fbf6019c1ff864744e308c41dfb9c7804ca3be2771c2c972cdf4bd5 xsa235-4.9.patch
> diff --git a/package/xen/xen.mk b/package/xen/xen.mk
> index 90e73853de..5bb18e6e34 100644
> --- a/package/xen/xen.mk
> +++ b/package/xen/xen.mk
> @@ -6,6 +6,16 @@
>
> XEN_VERSION = 4.9.0
> XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
> +XEN_PATCH = \
> + https://xenbits.xenproject.org/xsa/xsa226.patch \
> + https://xenbits.xenproject.org/xsa/xsa227.patch \
> + https://xenbits.xenproject.org/xsa/xsa228.patch \
> + https://xenbits.xenproject.org/xsa/xsa230.patch \
> + https://xenbits.xenproject.org/xsa/xsa231-4.9.patch \
> + https://xenbits.xenproject.org/xsa/xsa232.patch \
> + https://xenbits.xenproject.org/xsa/xsa233.patch \
> + https://xenbits.xenproject.org/xsa/xsa234-4.9.patch \
> + https://xenbits.xenproject.org/xsa/xsa235-4.9.patch
> XEN_LICENSE = GPL-2.0
> XEN_LICENSE_FILES = COPYING
> XEN_DEPENDENCIES = host-acpica host-python
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes
2017-09-19 15:03 [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes Peter Korsgaard
2017-09-19 16:43 ` Alistair Francis
@ 2017-09-19 19:59 ` Peter Korsgaard
2017-10-16 21:57 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-09-19 19:59 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> XSA-226: multiple problems with transitive grants (CVE-2017-12135)
> XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
> XSA-228: grant_table: Race conditions with maptrack free list handling
> (CVE-2017-12136)
> XSA-230: grant_table: possibly premature clearing of GTF_writing /
> GTF_reading (CVE-2017-12855)
> XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
> XSA-232: Missing check for grant table (CVE-2017-14318)
> XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
> XSA-234: insufficient grant unmapping checks for x86 PV guests
> (CVE-2017-14319)
> XSA-235: add-to-physmap error paths fail to release lock on ARM
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes
2017-09-19 15:03 [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes Peter Korsgaard
2017-09-19 16:43 ` Alistair Francis
2017-09-19 19:59 ` Peter Korsgaard
@ 2017-10-16 21:57 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-10-16 21:57 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> XSA-226: multiple problems with transitive grants (CVE-2017-12135)
> XSA-227: x86: PV privilege escalation via map_grant_ref (CVE-2017-12137)
> XSA-228: grant_table: Race conditions with maptrack free list handling
> (CVE-2017-12136)
> XSA-230: grant_table: possibly premature clearing of GTF_writing /
> GTF_reading (CVE-2017-12855)
> XSA-231: Missing NUMA node parameter verification (CVE-2017-14316)
> XSA-232: Missing check for grant table (CVE-2017-14318)
> XSA-233: cxenstored: Race in domain cleanup (CVE-2017-14317)
> XSA-234: insufficient grant unmapping checks for x86 PV guests
> (CVE-2017-14319)
> XSA-235: add-to-physmap error paths fail to release lock on ARM
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-16 21:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-19 15:03 [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fixes Peter Korsgaard
2017-09-19 16:43 ` Alistair Francis
2017-09-19 19:59 ` Peter Korsgaard
2017-10-16 21:57 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.