From 834bdd25a35e141c860fffe810743a50fb32b746 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Mon, 4 Dec 2017 20:05:52 +0100
Subject: xen: apply patches for XSA-246 & XSA-247 (CVE-2017-{17044,17045})

---
 pkgs/applications/virtualization/xen/4.5.nix       |  2 ++
 pkgs/applications/virtualization/xen/4.8.nix       |  2 ++
 .../virtualization/xen/xsa-patches.nix             | 40 ++++++++++++++++++++++
 3 files changed, 44 insertions(+)

(limited to 'pkgs')

diff --git a/pkgs/applications/virtualization/xen/4.5.nix b/pkgs/applications/virtualization/xen/4.5.nix
index 308913adf89c..58a2b193ada6 100644
--- a/pkgs/applications/virtualization/xen/4.5.nix
+++ b/pkgs/applications/virtualization/xen/4.5.nix
@@ -230,6 +230,8 @@ callPackage (import ./generic.nix (rec {
     XSA_243_45
     XSA_244_45
     XSA_245
+    XSA_246_45
+    XSA_247_45
   ];
 
   # Fix build on Glibc 2.24.
diff --git a/pkgs/applications/virtualization/xen/4.8.nix b/pkgs/applications/virtualization/xen/4.8.nix
index 259dd72a960c..06450c18dcec 100644
--- a/pkgs/applications/virtualization/xen/4.8.nix
+++ b/pkgs/applications/virtualization/xen/4.8.nix
@@ -158,6 +158,8 @@ callPackage (import ./generic.nix (rec {
     XSA_243_48
     XSA_244
     XSA_245
+    XSA_246
+    XSA_247_48
   ];
 
   # Fix build on Glibc 2.24.
diff --git a/pkgs/applications/virtualization/xen/xsa-patches.nix b/pkgs/applications/virtualization/xen/xsa-patches.nix
index fd85c85f22bb..7c26f97c44f9 100644
--- a/pkgs/applications/virtualization/xen/xsa-patches.nix
+++ b/pkgs/applications/virtualization/xen/xsa-patches.nix
@@ -771,4 +771,44 @@ in rec {
       sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8";
     })
   ];
+
+  # 4.5 - 4.7
+  XSA_246_45 = [
+    (xsaPatch {
+      name = "246-4.7";
+      sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn";
+    })
+  ];
+
+  # 4.8 - 4.9
+  XSA_246 = [
+    (xsaPatch {
+      name = "246-4.9";
+      sha256 = "0z68vm0z5zvv9gm06pxs9kxq2q9fdbl0l0cm71ggzdplg1vw0snz";
+    })
+  ];
+
+  # 4.8
+  XSA_247_48 = [
+    (xsaPatch {
+      name = "247-4.8/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu";
+      sha256 = "0kvjrk90n69s721c2qj2df5raml3pjk6bg80aig353p620w6s3xh";
+    })
+    (xsaPatch {
+      name = "247-4.8/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas";
+      sha256 = "1s9kv6h6dd8psi5qf5l5gpk9qhq8blckwhl76cjbldcgi6imb3nr";
+    })
+  ];
+
+  # 4.5
+  XSA_247_45 = [
+    (xsaPatch {
+      name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu";
+      sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m";
+    })
+    (xsaPatch {
+      name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas";
+      sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb";
+    })
+  ];
 }
-- 
cgit 1.4.1