NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c0932240fb
kumquat-buildroot/package/xen/xen.mk
Peter Korsgaard c0932240fb package/xen: add XSA-385, 386, 388, 389 security fixes 
Fixes the following security issues:

- XSA-385: guests may exceed their designated memory limit
  https://xenbits.xenproject.org/xsa/advisory-385.html

- XSA-386: PCI devices with RMRRs not deassigned correctly
  https://xenbits.xenproject.org/xsa/advisory-386.html

- XSA-388: PoD operations on misaligned GFNs
  https://xenbits.xenproject.org/xsa/advisory-388.html

- XSA-389: issues with partially successful P2M updates on x86
  https://xenbits.xenproject.org/xsa/advisory-389.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-16 20:07:37 +01:00

83 lines
2.3 KiB
Makefile
Raw Blame History

################################################################################
#
# Xen
#
################################################################################
XEN_VERSION = 4.14.3
XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
XEN_LICENSE = GPL-2.0
XEN_LICENSE_FILES = COPYING
XEN_CPE_ID_VENDOR = xen
XEN_CPE_ID_PREFIX = cpe:2.3:o
XEN_DEPENDENCIES = host-acpica host-python3
XEN_PATCH = \
https://xenbits.xenproject.org/xsa/xsa385-4.15.patch \
https://xenbits.xenproject.org/xsa/xsa386.patch \
https://xenbits.xenproject.org/xsa/xsa388-4.14-1.patch \
https://xenbits.xenproject.org/xsa/xsa388-4.14-2.patch \
https://xenbits.xenproject.org/xsa/xsa389-4.14.patch
# xsa385-4.15.patch
XEN_IGNORE_CVES += CVE-2021-28706
# xsa386.patch
XEN_IGNORE_CVES += CVE-2021-28702
# xsa388-4.14-1.patch
XEN_IGNORE_CVES += CVE-2021-28704 CVE-2021-28707
# xsa388-4.14-2.patch
XEN_IGNORE_CVES += CVE-2021-28708
# xsa389-4.14.patch
XEN_IGNORE_CVES += CVE-2021-28705 CVE-2021-28709
# Calculate XEN_ARCH
ifeq ($(ARCH),aarch64)
XEN_ARCH = arm64
else ifeq ($(ARCH),arm)
XEN_ARCH = arm32
endif
XEN_CONF_OPTS = \
--disable-golang \
--disable-ocamltools \
--with-initddir=/etc/init.d
XEN_CONF_ENV = PYTHON=$(HOST_DIR)/bin/python3
XEN_MAKE_ENV = \
XEN_TARGET_ARCH=$(XEN_ARCH) \
CROSS_COMPILE=$(TARGET_CROSS) \
HOST_EXTRACFLAGS="-Wno-error" \
XEN_HAS_CHECKPOLICY=n \
$(TARGET_CONFIGURE_OPTS)
ifeq ($(BR2_PACKAGE_XEN_HYPERVISOR),y)
XEN_MAKE_OPTS += dist-xen
XEN_INSTALL_IMAGES = YES
define XEN_INSTALL_IMAGES_CMDS
cp $(@D)/xen/xen $(BINARIES_DIR)
endef
else
XEN_CONF_OPTS += --disable-xen
endif
ifeq ($(BR2_PACKAGE_XEN_TOOLS),y)
XEN_DEPENDENCIES += \
dtc libaio libglib2 ncurses openssl pixman slirp util-linux yajl
ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
XEN_DEPENDENCIES += argp-standalone
endif
XEN_INSTALL_TARGET_OPTS += DESTDIR=$(TARGET_DIR) install-tools
XEN_MAKE_OPTS += dist-tools
XEN_CONF_OPTS += --with-extra-qemuu-configure-args="--disable-sdl --disable-opengl"
define XEN_INSTALL_INIT_SYSV
mv $(TARGET_DIR)/etc/init.d/xencommons $(TARGET_DIR)/etc/init.d/S50xencommons
mv $(TARGET_DIR)/etc/init.d/xen-watchdog $(TARGET_DIR)/etc/init.d/S50xen-watchdog
mv $(TARGET_DIR)/etc/init.d/xendomains $(TARGET_DIR)/etc/init.d/S60xendomains
endef
else
XEN_INSTALL_TARGET = NO
XEN_CONF_OPTS += --disable-tools
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink