diff options
| -rw-r--r-- | app-emulation/xen/ChangeLog | 10 | ||||
| -rw-r--r-- | app-emulation/xen/Manifest | 13 | ||||
| -rw-r--r-- | app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch | 46 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.3.0-r4.ebuild (renamed from app-emulation/xen/xen-4.3.0-r3.ebuild) | 5 | ||||
| -rw-r--r-- | app-emulation/xen/xen-4.3.1-r1.ebuild (renamed from app-emulation/xen/xen-4.3.1.ebuild) | 5 |
5 files changed, 68 insertions, 11 deletions
diff --git a/app-emulation/xen/ChangeLog b/app-emulation/xen/ChangeLog index 01d15ec45318..5865e42dbf4c 100644 --- a/app-emulation/xen/ChangeLog +++ b/app-emulation/xen/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-emulation/xen # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.133 2013/11/24 06:55:49 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/ChangeLog,v 1.134 2013/12/06 14:13:04 idella4 Exp $ + +*xen-4.3.0-r4 (06 Dec 2013) +*xen-4.3.1-r1 (06 Dec 2013) + + 06 Dec 2013; Ian Delaney <idella4@gentoo.org> + +files/xen-CVE-2013-6885-XSA-82.patch, +xen-4.3.0-r4.ebuild, + +xen-4.3.1-r1.ebuild, -xen-4.3.0-r3.ebuild, -xen-4.3.1.ebuild: + revbumps; add sec XSA-82.patch, remove old *xen-4.3.1 (24 Nov 2013) diff --git a/app-emulation/xen/Manifest b/app-emulation/xen/Manifest index c1a3b0e898cb..b518fed108a5 100644 --- a/app-emulation/xen/Manifest +++ b/app-emulation/xen/Manifest @@ -27,18 +27,19 @@ AUX xen-CVE-2013-4368-XSA-67.patch 1307 SHA256 7de3ac9baa6cd9fead46e68912dfa0189 AUX xen-CVE-2013-4375-XSA-71.patch 1628 SHA256 f1ef802098be2220ec1c0e0d20ff5385d34036b8cd312001dcc0e17fbe25f8d1 SHA512 9d057827933decc046506c46e1a482424169cc8d525ac49a39b296181615a4525383851e990fd3d46995db2f8261d92dc7955354cdf6ca15db8cbb89def17c6d WHIRLPOOL d1749db3dcceb5221dad395e2caede633456a304d922070096889b4b7d8e79bcda5fe4f7c8cb3e5f1e6c9dae349ef744d98290f286cbfc3737b0ff62f198e2a8 AUX xen-CVE-2013-4494-XSA-73.patch 3723 SHA256 1c070e66d1bea3c109f22ea4db2e8828f0f4b016d51d6d88667b775eec340514 SHA512 d14be9077685aec682f2cfa23886bc430fe55d985650e5392da0988f69f242ac0fa242c84448e8203ab6dd1b44904a2f38ad9e8976a829100193a1c06efb8417 WHIRLPOOL 96a15f94eed123a5ff53193c8dcf708aa17d21b3ebe23b5fc50b7ecbdf64ed4f827252389cc15249d05041d036853053f3846b3fea3538fc8724fe828ca57bde AUX xen-CVE-2013-6375-XSA-78.patch 926 SHA256 63aeab44272c17d079c9b8e22732c8c31e767236bb0ceb73d9f6226c5ae31d35 SHA512 d6aa117c570881015bdb93efaaf386fc4f141ef012017ab0a51bd63a024f5e9eef3856243235533d46ac7b67bffd10e0913a06f65e194581a6a70cbd6a6bf5ca WHIRLPOOL 16b04f8191b2243c05541742a98dface491ebe8db47e050eb14e74352182bfd02a86867c1ad644b3cef209008cfbb5d0499073447fbef49c5de129e1bdf519d6 +AUX xen-CVE-2013-6885-XSA-82.patch 1447 SHA256 db47b9dcb2124995754e7b43d7eedb5aae5c6d2dda6d43d313751b419ffd12e7 SHA512 f62b9bf0aae1eb22a551fc98d74f5baec391589be5252d472aa9b30012f426a7302063b02ceb3bc9b3fe88c67033eb771a4112727052ed3f9b5dc9d39f47f39d WHIRLPOOL 38678c9c32bc172a675bd0351a81743b92bbf72cbd14a29cc1a7ef15b8149bd4841816425142defdebc233a2dc58281e893533053e6310173ad3a5573233d1f5 DIST xen-4.2.2.tar.gz 15602746 SHA256 c9bfe91a5e72f8545acebad9889d64368020359bfe18044c0e683133e55ae005 SHA512 4943b18016ed8c2b194a3b55e6655b3b734b39ffb8cb7ee0a0580f2f4460a1d0e92e1de8ac23f5186272914fad1650586af51fd7c3644d0310eb16f2e11c5e80 WHIRLPOOL 519eb87cb2da694696cbc3e72070a0a3bdb07c46fa266d855d8379eec3a92adfa4d434af3ac01c37834ce4a9174081a6c40030b185a70902329b185cb8d0bbea DIST xen-4.3.0.tar.gz 16425975 SHA256 e1e9faabe4886e2227aacdbde74410653b233d66642ca1972a860cbec6439961 SHA512 e6b8f64e15e48704ea5cee5585cd6151fe6a5a62bc4670caf0b762c1aa71c9598db236c637ac34c42c92c6e8a5001acdd3d9d4b9305401a26273279358f481d6 WHIRLPOOL a91f14bc6535127ab17d3867b92fb3e008089453d5ba7996fd1d0b5c6d32a881c07df320f018c928e919f28de7b4ab4757c6bdb020e0cdb7d67960d4cab9dda0 DIST xen-4.3.1.tar.gz 16429423 SHA256 3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd SHA512 f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275 WHIRLPOOL 087390786cea9aee273a5d81988436303991aa5ea92faf111d3b619517368f8c8feef84f4f8c602cac723980a344eb90414887db4ca88a2ee14bc6b0253e36ca EBUILD xen-4.2.2-r1.ebuild 3756 SHA256 2ad7f2faed080ea2e4d991d7dd902826059e4a22b444e2f1b74b5bc1e54d50a2 SHA512 c6041bf852ffa425d93134e9c08334c71e96dc9cb795c8bc7a5eb485fa46d55f5de61ff9db55d484cbe0b641d9e850e4eb7c0eefd1b021ed21a050e1e78c4177 WHIRLPOOL 86e7873cc84b01064c1e7cd46003a43104257a3f7330a1433d85ce841b658a0a35e18f9284b8520a497b408d4b5ab6ce76cb1af67fb42019b86517f4b51f2d61 -EBUILD xen-4.3.0-r3.ebuild 4044 SHA256 23b21ea42e9fe6d14e0968bb17141be17bd87ffee0d0caf6320cb762f82653b4 SHA512 bd44bdf4c9c2b1c4472efb69f301148f16017b7eba92fff21989282eda2685af9fbe4545457ffdfdb1561463c0e9516abf0a987d2b3e1f7e21da4ba6e0aa47cb WHIRLPOOL 4c9afb2a3d1b3ea0f4588449b270d440bbd5064d85c1ea00efde666c074f39a0c4dee062c75b8412b985bec2c8507a84395fd9e07493c4ea8790e7a77d15188a -EBUILD xen-4.3.1.ebuild 3787 SHA256 2389fb7a95b00fa50505851b27896b3784e02cb3a76227398eee2e934bce5c98 SHA512 d7b335bd24c91acfe6c9e62e3ea818e2d2e59da5f40b4f5fa47708199b479244f6ac0d95398a5d1fd293325df0f3e038b8f7e9a3bb460843ccbae169ec9d1802 WHIRLPOOL 49115a6dd5ac153b27c445ce8063cb36300c77c26afad18faef40d2172e87c138f3317b9497a7750d29b5e249f1a71e59620822f74d65fdd9d6f6688abce2f87 -MISC ChangeLog 24462 SHA256 e1398dfa60fc14e8bb7361c28e1513e4bbcdd3067a3992f6e81e337d6c59fdda SHA512 d159e79d208a4e4a2421e6051475a07bf5ef594e9a113b1326ee35385a89db7993349ba35ad441be07393abbe8dfac59b70ec3b11a101f2919f88c7b45bcdb01 WHIRLPOOL b95bc3a9d8f330a19d2f58cbdbae0447dec288bd25420baadf4b01df505f4c99cfddb534f42aae43423b3cb53543d903068218fb5effde056a5f7696e70d2e13 +EBUILD xen-4.3.0-r4.ebuild 4095 SHA256 a196ea6987bc12adf97c5b644380db55ae2e10ea3d4ccd2d52a29fde0d48b89a SHA512 b8d264791609533fd5a93690ce13ce31634efd133e86ba0dd791cbb008c026cd3b3c536498e07163abf44beaa2a55b7d0908bc971aca0825f556dfea053a9f13 WHIRLPOOL e8f84bc808a5d8ffbd77766d3f3b6f681957c5eb4f261ffa1661232ada463e0aea5f677c1b1f7cb31287ef31fe90edc66bea90ad0817ea336bc1b228c14663c6 +EBUILD xen-4.3.1-r1.ebuild 3841 SHA256 c37e789ea8059a41be79affeadc93de7996f64da1c5266306d2533291f87a30d SHA512 d3621eee951ecfa5893a8c149fbd473c702f6af2d2117432e6379fd653de5919c3c05da354a4b5e98239b5fc5769a2e15e1741e3cf1b5d28eb7310831643538b WHIRLPOOL e601d7ea2da01b0b6db24d2efa753dc5a44d8148133e53a39b3d86bfbf3a4e8653c0c9b85d506b8a352ce7f049dddddb63c9b7c26380ce9a3a1297066b3aa4b9 +MISC ChangeLog 24741 SHA256 5ac9f6a09244c06dd0ea8077f4d807274888dfc7de08046bb2b74784ef335eab SHA512 ea4c639deded1785e4cc17cdfdc48edcf732b8ab8060c4821884ba9811270a2394cacf53b77fb665f1c660bc5bc82bd36bb4034d349c76c328a0947f88bc7fb5 WHIRLPOOL f1b271af12a9584ed54dcd73f9c6d60e94f2fdab60432f5e4270f2813196ee74ebe9d0170ddf5eafb550da6c520d1d673d7cdcf6ca136d648d05b26204e06455 MISC metadata.xml 572 SHA256 0f510aa5a7261b30e5eff6961fa9dd95b19db63e0eea93cfad1d47460318ba07 SHA512 8bbca8d353aa3b556783bddd4822b97c0372b169edb89ff2907a00895e014ff9dba9e8efccf04f45de8a69ce63849505455e9735c224700d1ebf93aa3f097ac5 WHIRLPOOL 1f5517720776198868cf5a0165b9daf2ee48187bde4ad4d86533c65898da608bde779289df7ef83eaf076e0ce284607fc21f61fc3ca0baaf86873ca400491d0e -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iEYEAREIAAYFAlKRowMACgkQso7CE7gHKw3KpQCgwwQtEWPP5UjKuniYarwDToCG -u1cAnj0gsXmnvCqb8NSHV/lRq4gu8Odo -=xVcB +iEYEAREIAAYFAlKh234ACgkQso7CE7gHKw2rrwCgt0KSAn8EebjZreXtJ5IeWxuZ +IHwAoLRQz+/bwgwVfmi/Saq9PzamOqem +=ywmi -----END PGP SIGNATURE----- diff --git a/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch b/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch new file mode 100644 index 000000000000..22648562283e --- /dev/null +++ b/app-emulation/xen/files/xen-CVE-2013-6885-XSA-82.patch @@ -0,0 +1,46 @@ +http://seclists.org/oss-sec/2013/q4/att-385/xsa82.patch +x86/AMD: work around erratum 793 + +The recommendation is to set a bit in an MSR - do this if the firmware +didn't, considering that otherwise we expose ourselves to a guest +induced DoS. + +This is CVE-2013-6885 / XSA-82. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> + +--- a/xen/arch/x86/cpu/amd.c ++++ b/xen/arch/x86/cpu/amd.c +@@ -476,6 +476,20 @@ static void __devinit init_amd(struct cp + "*** Pass \"allow_unsafe\" if you're trusting" + " all your (PV) guest kernels. ***\n"); + ++ if (c->x86 == 0x16 && c->x86_model <= 0xf) { ++ rdmsrl(MSR_AMD64_LS_CFG, value); ++ if (!(value & (1 << 15))) { ++ static bool_t warned; ++ ++ if (c == &boot_cpu_data || opt_cpu_info || ++ !test_and_set_bool(warned)) ++ printk(KERN_WARNING ++ "CPU%u: Applying workaround for erratum 793\n", ++ smp_processor_id()); ++ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15)); ++ } ++ } ++ + /* AMD CPUs do not support SYSENTER outside of legacy mode. */ + clear_bit(X86_FEATURE_SEP, c->x86_capability); + +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -213,6 +213,7 @@ + + /* AMD64 MSRs */ + #define MSR_AMD64_NB_CFG 0xc001001f ++#define MSR_AMD64_LS_CFG 0xc0011020 + #define MSR_AMD64_IC_CFG 0xc0011021 + #define MSR_AMD64_DC_CFG 0xc0011022 + #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 + diff --git a/app-emulation/xen/xen-4.3.0-r3.ebuild b/app-emulation/xen/xen-4.3.0-r4.ebuild index 5667e184f874..dd672c809be0 100644 --- a/app-emulation/xen/xen-4.3.0-r3.ebuild +++ b/app-emulation/xen/xen-4.3.0-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.0-r3.ebuild,v 1.1 2013/11/22 12:32:12 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.0-r4.ebuild,v 1.1 2013/12/06 14:13:04 idella4 Exp $ EAPI=5 @@ -95,7 +95,8 @@ src_prepare() { "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch \ "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch \ "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch \ - "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch + "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch \ + "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch epatch_user } diff --git a/app-emulation/xen/xen-4.3.1.ebuild b/app-emulation/xen/xen-4.3.1-r1.ebuild index a295b6497696..7ec58dd83332 100644 --- a/app-emulation/xen/xen-4.3.1.ebuild +++ b/app-emulation/xen/xen-4.3.1-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1.ebuild,v 1.1 2013/11/24 06:55:49 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen/xen-4.3.1-r1.ebuild,v 1.1 2013/12/06 14:13:04 idella4 Exp $ EAPI=5 @@ -90,7 +90,8 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-CVE-2013-4375-XSA-71.patch \ "${FILESDIR}"/${PN}-CVE-2013-4494-XSA-73.patch \ "${FILESDIR}"/${PN}-4.3-CVE-2013-6375-XSA-75.patch \ - "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch + "${FILESDIR}"/${PN}-CVE-2013-6375-XSA-78.patch \ + "${FILESDIR}"/${PN}-CVE-2013-6885-XSA-82.patch epatch_user } |