dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

xen: remove XSA_458 patch

Browse Source 
None of our Xen branches need it anymore.

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
This commit is contained in:
Fernando Rodrigues 2024-09-19 00:14:59 +00:00
parent 29c672a683
commit caf9413905
No known key found for this signature in database
GPG Key ID: CC3AE2EA00000000
2 changed files with 1 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkgs/applications/virtualization/xen/generic/patches.nix
View File

@ -99,21 +99,6 @@ in
})
];
# Xen Security Advisory #458: (4.16.6 - 4.19-rc3)
"XSA_458" = xsaPatch {
id = "458";
title = "Double unlock in x86 guest IRQ handling";
description = ''
An optional feature of PCI MSI called "Multiple Message" allows a device
to use multiple consecutive interrupt vectors. Unlike for MSI-X, the
setting up of these consecutive vectors needs to happen all in one go.
In this handling an error path could be taken in different situations,
with or without a particular lock held. This error path wrongly releases
the lock even when it is not currently held.
'';
cve = [ "CVE-2024-31143" ];
hash = "sha256-yHI9Sp/7Ed40iIYQ/HOOIULlfzAzL0c0MGqdF+GR+AQ=";
};
# Xen Security Advisory #460: (4.16.6 - 4.19.0)
"XSA_460" = xsaPatch {
id = "460";

2
pkgs/applications/virtualization/xen/update.sh
View File

@ -120,7 +120,7 @@ for version in "${supportedVersions[@]}"; do
echo -e "Found the following patches:\n \e[1;32mXen\e[0m: \e[1;33m$discoveredXenPatchesEcho\e[0m\n \e[1;36mQEMU\e[0m: \e[1;33m$discoveredQEMUPatchesEcho\e[0m\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$discoveredSeaBIOSPatchesEcho\e[0m\n \e[1;36mOVMF\e[0m: \e[1;33m$discoveredOVMFPatchesEcho\e[0m\n \e[1;36miPXE\e[0m: \e[1;33m$discoveredIPXEPatchesEcho\e[0m"
# Prepare patches that are called in ./patches.nix.
defaultPatchListInit=("QUBES_REPRODUCIBLE_BUILDS" "XSA_458" "XSA_460" "XSA_461" )
defaultPatchListInit=("QUBES_REPRODUCIBLE_BUILDS" "XSA_460" "XSA_461" )
read -r -a defaultPatchList -p $'\nWould you like to override the \e[1;34mupstreamPatches\e[0m list for \e[1;32mXen '"$version"$'\e[0m? If no, press \e[1;34menter\e[0m to use the default patch list: [ \e[1;34m'"${defaultPatchListInit[*]}"$' \e[0m]: '
defaultPatchList=(${defaultPatchList[@]:-${defaultPatchListInit[@]}})
upstreamPatches=${defaultPatchList[*]}