commit libvirt for openSUSE:Factory

root Fri, 25 May 2018 12:34:55 -0700

Hello community,

here is the log from the commit of package libvirt for openSUSE:Factory checked 
in at 2018-05-25 21:34:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvirt (Old)
 and      /work/SRC/openSUSE:Factory/.libvirt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libvirt"

Fri May 25 21:34:07 2018 rev:259 rq:611364 version:4.3.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes  2018-05-11 
11:27:36.993820739 +0200
+++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes     2018-05-25 
21:34:09.482823046 +0200
@@ -1,0 +2,8 @@
+Tue May 22 14:44:51 UTC 2018 - jfeh...@suse.com
+
+- cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits
+  CVE-2018-3639
+  1dbca2ec-CVE-2018-3639.patch, 92673422-CVE-2018-3639.patch
+  bsc#1092885
+
+-------------------------------------------------------------------

New:
----
  1dbca2ec-CVE-2018-3639.patch
  92673422-CVE-2018-3639.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.dEzY70/_old  2018-05-25 21:34:11.058766018 +0200
+++ /var/tmp/diff_new_pack.dEzY70/_new  2018-05-25 21:34:11.062765872 +0200
@@ -323,6 +323,8 @@
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
+Patch0:         1dbca2ec-CVE-2018-3639.patch
+Patch1:         92673422-CVE-2018-3639.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -907,6 +909,8 @@
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1

++++++ 1dbca2ec-CVE-2018-3639.patch ++++++
commit 1dbca2eccad58d91a5fd33962854f1a653638182
Author: Daniel P. Berrangé <berra...@redhat.com>
Date:   Mon May 21 23:05:07 2018 +0100

    cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
    
    New microcode introduces the "Speculative Store Bypass Disable"
    CPUID feature bit. This needs to be exposed to guest OS to allow
    them to protect against CVE-2018-3639.
    
    Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
    Reviewed-by: Jiri Denemark <jdene...@redhat.com>

Index: libvirt-4.3.0/src/cpu/cpu_map.xml
===================================================================
--- libvirt-4.3.0.orig/src/cpu/cpu_map.xml
+++ libvirt-4.3.0/src/cpu/cpu_map.xml
@@ -298,6 +298,9 @@
     <feature name='spec-ctrl'>
       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
     </feature>
+    <feature name='ssbd'>
+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
+    </feature>
 
     <!-- Processor Extended State Enumeration sub leaf 1 -->
     <feature name='xsaveopt'>
++++++ 92673422-CVE-2018-3639.patch ++++++
commit 9267342206ce17f6933d57a3128cdc504d5945c9
Author: Daniel P. Berrangé <berra...@redhat.com>
Date:   Mon May 21 23:05:08 2018 +0100

    cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
    
    Some AMD processors only support a non-architectural means of
    enabling Speculative Store Bypass Disable. To allow simplified
    handling in virtual environments, hypervisors will expose an
    architectural definition through CPUID bit 0x80000008_EBX[25].
    This needs to be exposed to guest OS running on AMD x86 hosts to
    allow them to protect against CVE-2018-3639.
    
    Note that since this CPUID bit won't be present in the host CPUID
    results on physical hosts, it will not be enabled automatically
    in guests configured with "host-model" CPU unless using QEMU
    version >= 2.9.0. Thus for older versions of QEMU, this feature
    must be manually enabled using policy=force. Guests using the
    "host-passthrough" CPU mode do not need special handling.
    
    Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
    Reviewed-by: Jiri Denemark <jdene...@redhat.com>

Index: libvirt-4.3.0/src/cpu/cpu_map.xml
===================================================================
--- libvirt-4.3.0.orig/src/cpu/cpu_map.xml
+++ libvirt-4.3.0/src/cpu/cpu_map.xml
@@ -433,6 +433,9 @@
     <feature name='ibpb'>
       <cpuid eax_in='0x80000008' ebx='0x00001000'/>
     </feature>
+    <feature name='virt-ssbd'>
+      <cpuid eax_in='0x80000008' ebx='0x02000000'/>
+    </feature>
 
     <!-- models -->
     <model name='486'>

++++++ libvirt-power8-models.patch ++++++
--- /var/tmp/diff_new_pack.dEzY70/_old  2018-05-25 21:34:11.174761820 +0200
+++ /var/tmp/diff_new_pack.dEzY70/_new  2018-05-25 21:34:11.178761675 +0200
@@ -6,7 +6,7 @@
 ===================================================================
 --- libvirt-4.3.0.orig/src/cpu/cpu_map.xml
 +++ libvirt-4.3.0/src/cpu/cpu_map.xml
-@@ -2349,6 +2349,8 @@
+@@ -2355,6 +2355,8 @@
        <pvr value='0x004b0000' mask='0xffff0000'/>
        <pvr value='0x004c0000' mask='0xffff0000'/>
        <pvr value='0x004d0000' mask='0xffff0000'/>

commit libvirt for openSUSE:Factory

Reply via email to