From patchwork Sat Oct 21 18:04:07 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Korsgaard <peter@korsgaard.com>
X-Patchwork-Id: 828950
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.136; helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ODvfxV6h"; dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yK9Xd6w0nz9sPt
	for <incoming@patchwork.ozlabs.org>;
	Sun, 22 Oct 2017 05:04:17 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 266562E58A;
	Sat, 21 Oct 2017 18:04:15 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id gNvjE+1It7DK; Sat, 21 Oct 2017 18:04:14 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id DB744266C6;
	Sat, 21 Oct 2017 18:04:13 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id 635581C02F3
	for <buildroot@lists.busybox.net>;
	Sat, 21 Oct 2017 18:04:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 5DE17266B5
	for <buildroot@lists.busybox.net>;
	Sat, 21 Oct 2017 18:04:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id n+u4cn4A5f99 for <buildroot@lists.busybox.net>;
	Sat, 21 Oct 2017 18:04:12 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67])
	by silver.osuosl.org (Postfix) with ESMTPS id 638C626A04
	for <buildroot@buildroot.org>; Sat, 21 Oct 2017 18:04:12 +0000 (UTC)
Received: by mail-wm0-f67.google.com with SMTP id u138so2931791wmu.5
	for <buildroot@buildroot.org>; Sat, 21 Oct 2017 11:04:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id;
	bh=H3Tq+F+928RhoQ53x833lJbD4nPdoHnzWVFSZI+9prg=;
	b=ODvfxV6hyzPbtXi2VpwaC4j3zynLKbpohpCo97/M+ahJqEiY3N6Olyxy0P/RdWQ6xH
	AIzES7vIaEcpzXMrwVrRbJYcqNHgrq5nW/0SzyzFkwpTHkyWmAa0h+sgdFu1pgKBEHuu
	faf7NKzwXMkJ2MbUBQnEqGMN0IzOFr1UBkUwUsfMIJiKbKTQpsge4Tup9BAjdVuEB0CS
	i4YCm68+mZxHzJucrRXdHTlS/MzvGUJgWFeIbs/l4fXeicOPPKmurhC0iW3zUjahd/OG
	jrHADGtWpMqVVw77QSHvuuMcrAgYbUcIowWQww0jyKsKIU8p8q9qAT+ws9kpP6tasDly
	vfjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id;
	bh=H3Tq+F+928RhoQ53x833lJbD4nPdoHnzWVFSZI+9prg=;
	b=isWgAOQMFXPcsX9xF3xXK+ZDZPudcqXrEYvfQWm7/Tq83fwFTRN0/1yYw9lG6J9TMf
	vI8i0XqZzys4lfolXbvmH4PHI8xnrQKdo0+/stYkc4vyfshnMTWQwt28RyUZQVdNs/I2
	W823gnQip2wEqw7SqJ2wlwHmABDyiFNCERLp9jvM9h+D2Tp0xYH/ZtTGfT5jXJWrjMTU
	vjfsVF99VmTbcVPTn5QkYPA90FChBcPX2yivYDLXUDmb8SVbiesmehVjnTKbVf5tLSHl
	xrsdXenfOgCyBR4IdLp4vkpA6j9wwmi9LrfrEBETcJdS+mrg0dPa+8OU3miw2Q/xuevJ
	OGrQ==
X-Gm-Message-State: AMCzsaVuT2QgeNTg1pRZ3Qi/W/o7ivbh5AfShfAgJJ44dB19QIHxLqGt
	eklkiLM13NDiakAtq+53EsHmSDXo
X-Google-Smtp-Source: 
 ABhQp+RtD/4DwsFNkAfKVlIZ51UYpNcWhoTLTyvmb6qq4I+u0C/6II76IpdyHJiAf8b73loyu1+gpw==
X-Received: by 10.28.63.134 with SMTP id m128mr1960770wma.137.1508609050448;
	Sat, 21 Oct 2017 11:04:10 -0700 (PDT)
Received: from dell.be.48ers.dk (nat.sh.cvut.cz. [213.195.201.2])
	by smtp.gmail.com with ESMTPSA id
	u4sm3259945wre.1.2017.10.21.11.04.09
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Sat, 21 Oct 2017 11:04:09 -0700 (PDT)
Received: from peko by dell.be.48ers.dk with local (Exim 4.89)
	(envelope-from <peko@dell.be.48ers.dk>)
	id 1e5y80-0002hA-P9; Sat, 21 Oct 2017 20:04:09 +0200
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org,
	alistair.francis@xilinx.com
Date: Sat, 21 Oct 2017 20:04:07 +0200
Message-Id: <20171021180407.10320-1-peter@korsgaard.com>
X-Mailer: git-send-email 2.11.0
Subject: [Buildroot] [PATCH] xen: add upstream post-4.9.0 security fix for
	XSA-245
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes XA-245: ARM: Some memory not scrubbed at boot

https://xenbits.xenproject.org/xsa/advisory-245.html

Notice: Not applying XSA-237..244 as they are x86 only and have patch file
name conflicts between 2017.02.x and master.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/xen/xen.hash | 2 ++
 package/xen/xen.mk   | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/package/xen/xen.hash b/package/xen/xen.hash
index 3c5981a247..4a44d7a6d1 100644
--- a/package/xen/xen.hash
+++ b/package/xen/xen.hash
@@ -9,3 +9,5 @@ sha256 5068a78293daa58557c30c95141b775becfb650de6a5eda0d82a4a321ced551c xsa232.p
 sha256 f721cc49ba692b2f36299b631451f51d7340b8b4732f74c98f01cb7a80d8662b xsa233.patch
 sha256 213f9d81a4ab785db67b9f579c9e88c9c8586c46b93f466a309060750df2df32 xsa234-4.9.patch
 sha256 d8f012734fbf6019c1ff864744e308c41dfb9c7804ca3be2771c2c972cdf4bd5 xsa235-4.9.patch
+sha256 526f9e1b127fbb316762ce8e8f4563bc9de0c55a1db581456a3017d570d35bdd 0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch
+sha256 7164010112fcccd9cd88e72ace2eeabdb364dd6f4d05c434686267d18067f420 0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch
diff --git a/package/xen/xen.mk b/package/xen/xen.mk
index 5bb18e6e34..e07389e209 100644
--- a/package/xen/xen.mk
+++ b/package/xen/xen.mk
@@ -15,7 +15,10 @@ XEN_PATCH = \
 	https://xenbits.xenproject.org/xsa/xsa232.patch \
 	https://xenbits.xenproject.org/xsa/xsa233.patch \
 	https://xenbits.xenproject.org/xsa/xsa234-4.9.patch \
-	https://xenbits.xenproject.org/xsa/xsa235-4.9.patch
+	https://xenbits.xenproject.org/xsa/xsa235-4.9.patch \
+	https://xenbits.xenproject.org/xsa/xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch \
+	https://xenbits.xenproject.org/xsa/xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch
+
 XEN_LICENSE = GPL-2.0
 XEN_LICENSE_FILES = COPYING
 XEN_DEPENDENCIES = host-acpica host-python