From ebf369563a932337517a7123541376211d0ec714 Mon Sep 17 00:00:00 2001
From: Nicolas Graves <ngraves@ngraves.fr>
Date: Tue, 8 Oct 2024 10:12:49 +0200
Subject: gnu: xen: Update to 4.19.0. [security fixes]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes at least 10 different CVEs.

* gnu/packages/virtualization.scm (xen): Update to 4.19.0.
[arguments]<#make-flags>: Add SHLIB flags.
           <#phases>: Update 'patch phase.
[origin]<patches>: Remove xen-docs-use-predictable-ordering.patch and
                   xen-remove-config.gz-timestamp.patch from here...
* gnu/packages/patches: ...here and...
* gnu/local.mk: ...here.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 .../xen-docs-use-predictable-ordering.patch        | 34 --------------------
 .../patches/xen-remove-config.gz-timestamp.patch   | 37 ----------------------
 gnu/packages/virtualization.scm                    | 18 +++++------
 3 files changed, 9 insertions(+), 80 deletions(-)
 delete mode 100644 gnu/packages/patches/xen-docs-use-predictable-ordering.patch
 delete mode 100644 gnu/packages/patches/xen-remove-config.gz-timestamp.patch

(limited to 'gnu/packages')

diff --git a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch b/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
deleted file mode 100644
index 557da5775a..0000000000
--- a/gnu/packages/patches/xen-docs-use-predictable-ordering.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian.  See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: Maximilian Engelhardt <maxi@daemonizer.de>
-Date: Fri, 18 Dec 2020 21:42:34 +0100
-Subject: docs: use predictable ordering in generated documentation
-
-When the seq number is equal, sort by the title to get predictable
-output ordering. This is useful for reproducible builds.
-
-Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de>
-Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
-(cherry picked from commit e18dadc5b709290b8038a1cacb52bc3b3b69cf21)
----
- docs/xen-headers | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/xen-headers b/docs/xen-headers
-index 5415563..8c434d7 100755
---- a/docs/xen-headers
-+++ b/docs/xen-headers
-@@ -331,7 +331,7 @@ sub output_index () {
- <h2>Starting points</h2>
- <ul>
- END
--    foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} } @incontents) {
-+    foreach my $ic (sort { $a->{Seq} <=> $b->{Seq} or $a->{Title} cmp $b->{Title} } @incontents) {
-         $o .= "<li><a href=\"$ic->{Href}\">$ic->{Title}</a></li>\n";
-     }
-     $o .= "</ul>\n";
diff --git a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch b/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
deleted file mode 100644
index a7396c564d..0000000000
--- a/gnu/packages/patches/xen-remove-config.gz-timestamp.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: xen: docs: Use predictable ordering.
-
-What follows was taken verbatim from Debian.  See:
-https://sources.debian.org/patches/xen/4.14.5%2B94-ge49571868d-1/
-
-From: =?utf-8?b?IkZyw6lkw6lyaWMgUGllcnJldCAoZmVwaXRyZSki?=
- <frederic.pierret@qubes-os.org>
-Date: Wed, 4 Nov 2020 09:24:40 +0100
-Subject: xen: don't have timestamp inserted in config.gz
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-This is for improving reproducible builds.
-
-Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
-Acked-by: Jan Beulich <jbeulich@suse.com>
-(cherry picked from commit 5816d327e44ab37ae08730f4c54a80835998f31f)
----
- xen/common/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/common/Makefile b/xen/common/Makefile
-index 06881d0..32cd650 100644
---- a/xen/common/Makefile
-+++ b/xen/common/Makefile
-@@ -77,7 +77,7 @@ obj-$(CONFIG_HAS_DEVICE_TREE) += libfdt/
- 
- CONF_FILE := $(if $(patsubst /%,,$(KCONFIG_CONFIG)),$(XEN_ROOT)/xen/)$(KCONFIG_CONFIG)
- config.gz: $(CONF_FILE)
--	gzip -c $< >$@
-+	gzip -n -c $< >$@
- 
- config_data.o: config.gz
- 
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index bfca5885c6..776acdfe06 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -2571,7 +2571,7 @@ DOS or Microsoft Windows.")
 (define-public xen
   (package
     (name "xen")
-    (version "4.14.6")               ; please update the mini-os input as well
+    (version "4.19.0")               ; please update the mini-os input as well
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -2580,10 +2580,7 @@ DOS or Microsoft Windows.")
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "1cdzpxbihkdn4za8ly0lgkbxrafjzbxjflhfn83kyg4bam1vv7mn"))
-              (patches
-               (search-patches "xen-docs-use-predictable-ordering.patch"
-                               "xen-remove-config.gz-timestamp.patch"))))
+                "1r33ak7j6czcjxf5zxswfkppnv0w1n6hi262x9rk08bqyvcpxb23"))))
     (build-system gnu-build-system)
     (arguments
      (list
@@ -2618,6 +2615,9 @@ DOS or Microsoft Windows.")
               (string-append "BOOT_DIR=" #$output "/boot")
               (string-append "DEBUG_DIR=" #$output "/lib/debug")
               (string-append "EFI_DIR=" #$output "/lib/efi")
+              (string-append "SHLIB_libxenctrl=-Wl,-rpath=" #$output "/lib")
+              (string-append "SHLIB_libxenguest=-Wl,-rpath=" #$output "/lib")
+              (string-append "SHLIB_libxenstore=-Wl,-rpath=" #$output "/lib")
               "MINIOS_UPSTREAM_URL=")
       #:test-target "test"
       #:phases
@@ -2642,7 +2642,7 @@ DOS or Microsoft Windows.")
                                 (assoc-ref inputs "cross-libc") "/include")))
               ;; /var is not in /gnu/store, so don't try to create it.
               (substitute* '("tools/Makefile"
-                             "tools/xenstore/Makefile"
+                             "tools/xenstored/Makefile"
                              "tools/xenpaging/Makefile")
                 (("\\$\\(INSTALL_DIR\\) .*XEN_(DUMP|LOG|RUN|LIB|PAGING)_DIR.*")
                  "\n")
@@ -2746,14 +2746,14 @@ DOS or Microsoft Windows.")
                ;; at time of packaging, but upstream has unfortunately modified
                ;; existing tags in the past.  Also, not all Xen releases get a
                ;; new tag.  See <https://xenbits.xen.org/gitweb/?p=mini-os.git>.
-               (commit "f57858b7e8ef8dd48394dd08cec2bef3c9fb92f5")))
+               (commit "8b038c7411ae7e823eaf6d15d5efbe037a07197a")))
          (sha256
-          (base32 "04y7grxs47amvjcq1rq4jgk174rhid5m2z9w8wrv7rfd2xhazxy1"))
+          (base32 "1xgazvvhy5m9nabbmlwslynhk73k9a8wnzrjwjplj52f0cm10fjq"))
          (file-name (string-append name "-" version "-mini-os-git-checkout")))
        perl
        ;; TODO: markdown.
        pkg-config
-       python-2
+       python
        wget
        (cross-gcc "i686-linux-gnu"
                   #:xbinutils (cross-binutils "i686-linux-gnu")
-- 
cgit v1.2.3