From 86da9839b17127c0ca474dc56a58717160bbcc6c Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Wed, 7 Dec 2016 20:16:05 -0500 Subject: [PATCH] xen: Patch for CVE-2016-9385, CVE-2016-9377, and CVE-2016-9378 --- pkgs/applications/virtualization/xen/4.5.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/xen/4.5.nix b/pkgs/applications/virtualization/xen/4.5.nix index 271ab7e7fe9..e7a46a24965 100644 --- a/pkgs/applications/virtualization/xen/4.5.nix +++ b/pkgs/applications/virtualization/xen/4.5.nix @@ -1,4 +1,4 @@ -{ callPackage, fetchurl, fetchgit, ... } @ args: +{ callPackage, fetchurl, fetchpatch, fetchgit, ... } @ args: let # Xen 4.5.5 @@ -54,7 +54,23 @@ let xenPatches = [ ./0001-libxl-Spice-image-compression-setting-support-for-up.patch ./0002-libxl-Spice-streaming-video-setting-support-for-upst.patch - ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch ]; + ./0003-Add-qxl-vga-interface-support-for-upstream-qem.patch + (fetchpatch { + url = "https://bugzilla.redhat.com/attachment.cgi?id=1218547"; + name = "CVE-2016-9385.patch"; + sha256 = "0l5drg862708ngy49jl65vmv6iwxlm7h8b4vabnffc2496f2gbwk"; + }) + (fetchpatch { + url = "https://bugzilla.redhat.com/attachment.cgi?id=1218536"; + name = "CVE-2016-9377-CVE-2016-9378-part1.patch"; + sha256 = "1dy8xvnkdvc44ywzzlswmkljjva44c0ndw7538iicr3qyf0244n4"; + }) + (fetchpatch { + url = "https://bugzilla.redhat.com/attachment.cgi?id=1218537"; + name = "CVE-2016-9377-CVE-2016-9378-part2.patch"; + sha256 = "0iz36s2w6bh5h9i1a9gj1c748fq1dj90kcg2yzld1m26qx21qrr5"; + }) + ]; }; in callPackage ./generic.nix (args // { xenConfig=xenConfig; })