package/xen: add upstream security fix for XSA-327

Fixes the following security issue:

CVE-2020-15564: Missing alignment check in VCPUOP_register_vcpu_info

For further details, see the advisory:

https://xenbits.xenproject.org/xsa/advisory-327.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/xen/xen.hash b/package/xen/xen.hash
index ab5f9d90831e1964c81acbb1fb761403b568926a..0dd2f571a9bfd4861421c184ad8ccfe46b3d4967 100644 (file)
--- a/package/xen/xen.hash
+++ b/package/xen/xen.hash
@@ -1,3 +1,4 @@
 # Locally computed
 sha256  b97ce363e55b12c992063f4466c43cba0a6386ceb7a747b4dc670311f337ef01  xen-4.13.1.tar.gz
+sha256  1d057695d5b74ce2857204103e943caeaf773bc4fb9d91ea78016e01a9147ed7  xsa327.patch
 sha256  36b91794c6d4a678137c70c41e384c03b552c7efba82c0d73e6be842e41ab3d3  COPYING

diff --git a/package/xen/xen.mk b/package/xen/xen.mk
index 15742b5127fc3d09601a4821224eea47eedd9b63..ee5e9847fe70777037580b46afa534febde93ee4 100644 (file)
--- a/package/xen/xen.mk
+++ b/package/xen/xen.mk
@@ -6,6 +6,8 @@
 
 XEN_VERSION = 4.13.1
 XEN_SITE = https://downloads.xenproject.org/release/xen/$(XEN_VERSION)
+XEN_PATCH = \
+       https://xenbits.xenproject.org/xsa/xsa327.patch
 XEN_LICENSE = GPL-2.0
 XEN_LICENSE_FILES = COPYING
 XEN_DEPENDENCIES = host-acpica host-python3