Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2020-01-01 14:56:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Wed Jan 1 14:56:30 2020 rev:295 rq:758262 version:5.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-12-17 13:29:35.151421419 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new.6675/libvirt.changes 2020-01-01 14:56:50.417885401 +0100 @@ -1,0 +2,8 @@ +Thu Dec 19 15:11:02 UTC 2019 - James Fehlig <[email protected]> + +- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for + IA32_ARCH_CAPABILITIES MSR + 07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch + bsc#1152505 + +------------------------------------------------------------------- New: ---- 07aaced4-Add-TAA-No.patch f411b7ef6-Add-TSX-CTRL.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.shjqeo/_old 2020-01-01 14:56:51.617886028 +0100 +++ /var/tmp/diff_new_pack.shjqeo/_new 2020-01-01 14:56:51.621886030 +0100 @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -344,6 +344,8 @@ Source100: %{name}-rpmlintrc # Upstream patches Patch0: 0a65cba4-news-fix.patch +Patch1: 07aaced4-Add-TAA-No.patch +Patch2: f411b7ef6-Add-TSX-CTRL.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -878,6 +880,8 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 ++++++ 07aaced4-Add-TAA-No.patch ++++++ commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8 Author: Jiri Denemark <[email protected]> Date: Thu Dec 12 15:12:05 2019 +0100 cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR CVE-2019-11135 CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not vulnerable to TSX Asynchronous Abort and passing this bit to a guest may avoid unnecessary mitigations. Signed-off-by: Jiri Denemark <[email protected]> Reviewed-by: Ján Tomko <[email protected]> Index: libvirt-5.10.0/src/cpu_map/x86_features.xml =================================================================== --- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml +++ libvirt-5.10.0/src/cpu_map/x86_features.xml @@ -502,4 +502,7 @@ <feature name='mds-no'> <msr index='0x10a' edx='0x00000000' eax='0x00000020'/> </feature> + <feature name='taa-no'> + <msr index='0x10a' edx='0x00000000' eax='0x00000100'/> + </feature> </cpus> ++++++ f411b7ef6-Add-TSX-CTRL.patch ++++++ commit f411b7ef68221e82dec0129aaf2f2a26a8987504 Author: Jiri Denemark <[email protected]> Date: Thu Dec 12 15:12:05 2019 +0100 cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR CVE-2019-11135 When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX. Signed-off-by: Jiri Denemark <[email protected]> Reviewed-by: Ján Tomko <[email protected]> Index: libvirt-5.10.0/src/cpu_map/x86_features.xml =================================================================== --- libvirt-5.10.0.orig/src/cpu_map/x86_features.xml +++ libvirt-5.10.0/src/cpu_map/x86_features.xml @@ -502,6 +502,9 @@ <feature name='mds-no'> <msr index='0x10a' edx='0x00000000' eax='0x00000020'/> </feature> + <feature name='tsx-ctrl'> + <msr index='0x10a' edx='0x00000000' eax='0x00000080'/> + </feature> <feature name='taa-no'> <msr index='0x10a' edx='0x00000000' eax='0x00000100'/> </feature>
