ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-26 04:43:09 +03:00
Code Issues Projects Releases Wiki Activity

xen: patch for many XSAs

Browse Source 
- XSA-190
 - XSA-191
 - XSA-192
 - XSA-193
 - XSA-195
 - XSA-196
 - XSA-198
 - XSA-200
 - XSA_202
 - XSA-204
This commit is contained in:
Graham Christensen 2016-12-21 08:56:03 -05:00
parent c7a2073323
commit 4e6c7faf36
No known key found for this signature in database
GPG Key ID: ACA1C1D120C83D5C
1 changed files with 65 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
pkgs/applications/virtualization/xen/4.5.nix
View File

@ -2,8 +2,19 @@
let let
# Xen 4.5.5 # Xen 4.5.5
#
# Patching XEN? Check the XSAs and try applying all the ones we
# don't have yet.
#
# XSAs at: https://xenbits.xen.org/xsa/
xenConfig = rec { xenConfig = rec {
version = "4.5.5"; version = "4.5.5";
xsaPatch = { name , sha256 }: (fetchpatch {
url = "https://xenbits.xen.org/xsa/xsa${name}.patch";
inherit sha256;
});
name = "xen-${version}"; name = "xen-${version}";
src = fetchurl { src = fetchurl {
@ -52,25 +63,60 @@ let
} }
]; ];
xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch # Note this lacks patches for:
./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch # XSA-201
./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch # XSA-199
(fetchpatch { # XSA-197
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218547"; # they didn't apply, and there are plenty of other patches here
name = "CVE-2016-9385.patch"; # to get this deployed as-is.
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr"; xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch
}) ./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch
(fetchpatch { ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218536"; (xsaPatch {
name = "CVE-2016-9377-CVE-2016-9378-part1.patch"; name = "190-4.5";
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6"; sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm";
}) })
(fetchpatch { (xsaPatch {
url = "https://bugzilla.redhat.com/attachment.cgi?id=1218537"; name = "191-4.6";
name = "CVE-2016-9377-CVE-2016-9378-part2.patch"; sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg";
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz"; })
}) (xsaPatch {
]; name = "192-4.5";
sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm";
})
(xsaPatch {
name = "193-4.5";
sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr";
})
(xsaPatch {
name = "195";
sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7";
})
(xsaPatch {
name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject";
sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6";
})
(xsaPatch {
name = "196-0002-x86-svm-Fix-injection-of-software-interrupts";
sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz";
})
(xsaPatch {
name = "198";
sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9";
})
(xsaPatch {
name = "200-4.6";
sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7";
})
(xsaPatch {
name = "202-4.6";
sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f";
})
(xsaPatch {
name = "204-4.5";
sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp";
})
];
}; };
in callPackage ./generic.nix (args // { xenConfig=xenConfig; }) in callPackage ./generic.nix (args // { xenConfig=xenConfig; })