[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/sid] 3 commits: cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Guido Günther gitlab at salsa.debian.org
Mon May 20 08:20:55 BST 2019 


Guido Günther pushed to branch debian/sid at Libvirt Packaging Team / libvirt


Commits:
b811e38a by Salvatore Bonaccorso at 2019-05-19T11:48:03Z
cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Closes: #929154

- - - - -
2c506fbe by Salvatore Bonaccorso at 2019-05-19T11:51:05Z
Prepare changelog for release

Gbp-Dch: Ignore

- - - - -
206300a0 by Guido Günther at 2019-05-20T07:20:50Z
Merge branch 'sid/define-md-clear-cpuid-bit' into 'debian/sid'

Define md-clear CPUID bit

See merge request libvirt-team/libvirt!27
- - - - -


3 changed files:

- debian/changelog
- + debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,19 @@
+libvirt (5.0.0-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Guido Günther ]
+  * [3a9c65c] d/control: Fix typo
+  * [b9935e5] d/control: Drop Debian revision on iptables build-dep.
+    Any version greater than 1.8.1 will do.
+
+  [ Salvatore Bonaccorso ]
+  * [b811e38] cpu_map: Define md-clear CPUID bit (CVE-2018-12126,
+    CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
+    (Closes: #929154)
+
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 19 May 2019 13:50:25 +0200
+
 libvirt (5.0.0-2) unstable; urgency=medium
 
   [ Laurent Bigonville ]


=====================================
debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
=====================================
@@ -0,0 +1,48 @@
+From: Jiri Denemark <jdenemar at redhat.com>
+Date: Fri, 5 Apr 2019 15:11:20 +0200
+Subject: cpu_map: Define md-clear CPUID bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
+Bug-Debian: https://bugs.debian.org/929154
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12126
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12127
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12130
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11091
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+
+The bit is set when microcode provides the mechanism to invoke a flush
+of various exploitable CPU buffers by invoking the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
+---
+ src/cpu_map/x86_features.xml                                | 3 +++
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  | 2 +-
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml     | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml     | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml  | 1 +
+ 7 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
+index efcc10b1aebd..370807f88e5f 100644
+--- a/src/cpu_map/x86_features.xml
++++ b/src/cpu_map/x86_features.xml
+@@ -320,6 +320,9 @@
+   <feature name='avx512-4fmaps'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
+   </feature>
++  <feature name='md-clear'> <!-- md_clear -->
++    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
++  </feature>
+   <feature name='pconfig'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
+   </feature>
+-- 
+2.20.1
+


=====================================
debian/patches/series
=====================================
@@ -21,3 +21,4 @@ security-aa-helper-nvidia-rules-for-gl-devices.patch
 security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
 api-disallow-virDomainGetHostname-for-read-only-connectio.patch
 remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+cpu_map-Define-md-clear-CPUID-bit.patch



View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/b9935e514f6d8747e651ca4b3860156a24fc0fa0...206300a07fcf6b1badfa7a1b42e9ebf09be1a4c0

-- 
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/compare/b9935e514f6d8747e651ca4b3860156a24fc0fa0...206300a07fcf6b1badfa7a1b42e9ebf09be1a4c0
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20190520/1e46639b/attachment-0001.html>

More information about the Pkg-libvirt-commits mailing list