package/xen: add upstream security fix for XSA-312

Fixes the following security issue:

XSA-312: arm: a CPU may speculate past the ERET instruction

For further details, see the advisory:

https://xenbits.xenproject.org/xsa/advisory-312.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/xen/xen.hash b/package/xen/xen.hash
index ad6220d94b3ced5ee22f60054a0910b5283ed090..672ba5cb8d4f778547025f8da71ace6d64cce776 100644 (file)
--- a/package/xen/xen.hash
+++ b/package/xen/xen.hash
@@ -1,3 +1,4 @@
 # Locally computed
 sha256 1c75cbe728dfabf02b7f9a17ce96ee7d202d2fd4b4689490018d3a28b63f9fa3 xen-4.12.2.tar.gz
+sha256 9b2078d448e4815c9ddc6554bf869d64412dc787b1b94830a24e47df6a9f30e7 xsa312.patch
 sha256 dba0d79260259c013c52e5d4daeaea564a2fbb9ff7fc6778c377a401ec3898de COPYING

diff --git a/package/xen/xen.mk b/package/xen/xen.mk
index 7eb26433437859da7adb67a5221e500256f95835..d0c6bebe9d777b68716ca9009cf88e97b7c1dc5d 100644 (file)
--- a/package/xen/xen.mk
+++ b/package/xen/xen.mk
@@ -6,6 +6,8 @@
 
 XEN_VERSION = 4.12.2
 XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
+XEN_PATCH = \
+       https://xenbits.xenproject.org/xsa/xsa312.patch
 XEN_LICENSE = GPL-2.0
 XEN_LICENSE_FILES = COPYING
 XEN_DEPENDENCIES = host-acpica host-python