Unverified Commit 13509e2f authored by Fernando Rodrigues's avatar Fernando Rodrigues
Browse files

xen: 4.20.0 -> 4.20.1 

https://xenbits.xen.org/xsa/advisory-471.html

Researchers from Microsoft and ETH Zurich have discovered several new
speculative sidechannel attacks which bypass current protections.  They
are detailed in a paper titled "Enter, Exit, Page Fault, Leak: Testing
Isolation Boundaries for Microarchitectural Leaks".

Two issues, which AMD have named Transitive Scheduler Attacks, utilise
timing information from instruction execution.  These are:

  * CVE-2024-36350: TSA-SQ (TSA in the Store Queues)
  * CVE-2024-36357: TSA-L1 (TSA in the L1 data cache)

For more information, see:
  https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
  https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
  https://aka.ms/enter-exit-leak



Signed-off-by: default avatarFernando Rodrigues <alpha@sigmasquadron.net>
parent d2cb712f

pkgs/by-name/xe/xen/package.nix

+3 −40
Original line number Diff line number Diff line
@@ -3,7 +3,6 @@ 
  stdenv,

  testers,

  fetchgit,

  fetchpatch,

  replaceVars,



  # Xen
@@ -172,7 +171,7 @@ in 


stdenv.mkDerivation (finalAttrs: {

  pname = "xen";

  version = "4.20.0";

  version = "4.20.1";



  # This attribute can be overriden to correct the file paths in

  # `passthru` when building an unstable Xen.
@@ -184,42 +183,6 @@ stdenv.mkDerivation (finalAttrs: { 
    ./0001-makefile-efi-output-directory.patch



    (replaceVars ./0002-scripts-external-executable-calls.patch scriptDeps)



    # XSA #469

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-01.patch";

      hash = "sha256-go743oBhYDuxsK0Xc6nK/WxutQQwc2ERtLKhCU9Dnng=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-02.patch";

      hash = "sha256-FTtEGAPFYxsun38hLhVMKJ1TFJOsTMK3WWPkO0R/OHg=sha256-FTtEGAPFYxsun38hLhVMKJ1TFJOsTMK3WWPkO0R/OHg=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-03.patch";

      hash = "sha256-UkYMSpUgFvr4GJPXLgQsCyppGkNbeiFMyCZORK5tfmA=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-04.patch";

      hash = "sha256-lpiDPSHi+v2VfaWE9kp4+hveZKTzojD1F+RHsOtKE3A=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-05.patch";

      hash = "sha256-N+WR8S5w9dLISlOhMI71TOH8jvCgVAR8xm310k3ZA/M=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-06.patch";

      hash = "sha256-ePuyB3VP9NfQbW36BP3jjMMHKJWFJGeTYUYZqy+IlHQ=";

    })

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa469/xsa469-4.20-07.patch";

      hash = "sha256-+BsCJa01R2lrbu7tEluGrYSAqu2jJcrpFNUoLMY466c=";

    })



    # XSA #470

    (fetchpatch {

      url = "https://xenbits.xenproject.org/xsa/xsa470.patch";

      hash = "sha256-zhMZ6pCZtt0ocgsMFVqthMaof46lMMTaYmlepMXVJqM=";

    })

  ];



  outputs = [
@@ -232,8 +195,8 @@ stdenv.mkDerivation (finalAttrs: { 


  src = fetchgit {

    url = "https://xenbits.xenproject.org/git-http/xen.git";

    rev = "3ad5d648cda5add395f49fc3704b2552aae734f7";

    hash = "sha256-v2DRJv+1bym8zAgU74lo1HQ/9rUcyK3qc4Eec4RpcEY=";

    rev = "08f043965a7b1047aabd6d81da6b031465f2d797";

    hash = "sha256-a4dIJBY5aeznXPoI8nSipMgimmww7ejoQ1GE28Gq13o=";

  };



  strictDeps = true;