commit: 93e9250383be69152a6a7de4b0fe9ff4391dae93
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 13 17:42:44 2020 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Fri Nov 13 17:43:43 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93e92503
sys-kernel/zen-sources: Version bump, include CVE-2020-8694 fix
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-kernel/zen-sources/Manifest | 12 ++----
sys-kernel/zen-sources/files/CVE-2020-8694.patch | 45 ++++++++++++++++++++++
sys-kernel/zen-sources/zen-sources-5.8.10.ebuild | 42 --------------------
...rces-5.4.15.ebuild => zen-sources-5.9.7.ebuild} | 8 ++++
4 files changed, 57 insertions(+), 50 deletions(-)
diff --git a/sys-kernel/zen-sources/Manifest b/sys-kernel/zen-sources/Manifest
index 31a8b88c141..920c2a5c353 100644
--- a/sys-kernel/zen-sources/Manifest
+++ b/sys-kernel/zen-sources/Manifest
@@ -1,8 +1,4 @@
-DIST genpatches-5.4-1.base.tar.xz 4564 BLAKE2B
0282bad95cd003c90e92d33d2f114ca9e752f09fdbf1930c322bed578e8a71a16d48aeddd943f0a7e59df47c07ad95dd401251a1a5828eefe07c8e927cf021ef
SHA512
0726fa7768c4ddf7ba73ef5eb0ea73b71ba03dab1252b7114864ea60af84d50b8354f1c1d70a0abf0c8c7460361417b14183f11f49aa9654808025a9d979da6d
-DIST genpatches-5.4-1.extras.tar.xz 1736 BLAKE2B
57df5cf8b4d96378408460be4be64900771b876a23d1e5798c97449bfcd28bea8aaf31482c614e7844106f29c9ae376c6ebef26e6c18e00a3f64bcb4e360d944
SHA512
5b9b6276f6ad6ad7ac33e14c3b06dbe943c57019332b0ee545ebf7325b7d6313db3ed6d35c46434c3c38420fb372141e63528e980aca87b90c4a39339851e80f
-DIST genpatches-5.8-1.base.tar.xz 4268 BLAKE2B
c1c4959758d0bc28213e4fa5c73014bad00144a92d37ed4f576f45d4d578c470c61080d941358d16b426aa17893bd80c88734b65beaa0afd90baf5d78cd078f2
SHA512
534e92071e33fe03049b0f1f3ec7d3e670155a2fa6e93dd1bb8cd5ca0f817549fa9c0b6c5ca06020d7b3733d53204ad79d909d5fbcbc748f218a9f799cc3be6e
-DIST genpatches-5.8-1.extras.tar.xz 1764 BLAKE2B
35c7218e356715ab544b41a7a91e90ef8ab3ad6f318e0026e835eb007f07a48c82164928750d337d238c2717ebd609a075caa03acad92b538e70bacc131d772c
SHA512
823feb9f57eef7b72f899c9655ccc2da285d66fba5ecb8e904f991d9d846f5894ae24b254917a430ad7b2358c8bb6aba8b82fb5d63081c8b54eb5c96f4c3354c
-DIST linux-5.4.tar.xz 109441440 BLAKE2B
193bc4a3147e147d5529956164ec4912fad5d5c6fb07f909ff1056e57235834173194afc686993ccd785c1ff15804de0961b625f3008cca0e27493efc8f27b13
SHA512
9f60f77e8ab972b9438ac648bed17551c8491d6585a5e85f694b2eaa4c623fbc61eb18419b2656b6795eac5deec0edaa04547fc6723fbda52256bd7f3486898f
-DIST linux-5.8.tar.xz 114459324 BLAKE2B
7bd97f8fa4527840754434414c07283e89731dc8ebb1e95fa5bc1469a60af1122582c0d3b6e262e77882f023190068df3537bd8b65964b3caa820bb2c8e579c7
SHA512
45a53ecf351096ef6e98242cca4228b8da9b9139ecc6963695791ea6fb7a9484a4e1c19dcca7ce7cbfdfa49de0451b70973bb078f12bdae9cbaddbc3f8092556
-DIST v5.4.15-zen1.patch.xz 908592 BLAKE2B
93a1b8e46e28b20d2f465df04c597b7da9c368532a89fc02a8059769b5f39b24b6d64acbcc88dabaa7f320c9c89705a01b3a96f8b3baa287ec60e3db4d9e1dcd
SHA512
5aa5a4435e125d09a463d692bba95f247498818db157d68d75899d9031deb2aaa053a352831a843afad1241e83c25dcc5caf0243ee132696328a0d5ddcaab428
-DIST v5.8.10-zen1.patch.xz 624720 BLAKE2B
37c8853799aecba279b1e68f9de732e7ed03fe2a064017cf47c9ca8e7ff5156e94fb8c4a9502007ce93c52d022a0de1f2ee96b4edd9a95520f06192dd88b8d4a
SHA512
4ad6d4db4233896c29a5785be76280f0ca07cfc5db8c8b6519b74238d6cddec3cb7cdd3cf2d0ba3d440df2411a917b5a2ed0933e72ea81beab163d1cae3bd11d
+DIST genpatches-5.9-1.base.tar.xz 4004 BLAKE2B
8a4577d42262fa901186acc60d28221d00e5c9140886705f018d9989f818d96ee4d9a6586b292e7b1d945bea9e2408e3161a73e0999defe1b7f99d0a339eb7be
SHA512
d6ba1051f9561aa30d7b196336c34930285d613e8119b152f1d6cc447cb22db5ac07c25f89d4ceddf58c9370c42699d0250a31449be2da3c591896b0c87d8718
+DIST genpatches-5.9-1.extras.tar.xz 1764 BLAKE2B
32d29f0448aef113ba9c9591c5d3b671d00d07abde9f35f365b48168887913bb2da95a8a52b852453307cabb111115a26178be4cbcc016e53a26a31f783a9df7
SHA512
df007dc98c1acdd31773f7dcf8aeb22812aa55e5593e8509b6a8762f2dcf06c95d69ad7cdce992e7a5fe730754bef26242acdc4e4da51ee29206fabb86c9cb0e
+DIST linux-5.9.tar.xz 115507140 BLAKE2B
e8d11472d63a9f8409ca12a2e8c97c6963a3d4516b5a398b627d6ece565584526f9b5a1377a2fa4bd184c09c7db94c987428bc5d52df0c788464a67e9e8d6dcb
SHA512
d3d92ce4246bad74c9a784212f160d98449b1e8793970c2c308276568d852b8effe0528686bdb87d55d691f09a826abf7938d69bdd4759ce65ddd5c05ffe4eca
+DIST v5.9.7-zen1.patch.xz 603716 BLAKE2B
578f29e72c1dd290e2889ff507e19de2284f323f7ef0d5f27ea3d6a9ddfe694619e85c4f8913f513167a4935fc62394d4f8c22254305eaf11c276fc55105ec45
SHA512
dd60b33dd6ae9896489c1dea74c79e794c23120fd143f6fe328303e20e59a146e471c9ca8eec1451893424a6be53afb3c9a0318c0dae388bea0bbda0ecdd429f
diff --git a/sys-kernel/zen-sources/files/CVE-2020-8694.patch
b/sys-kernel/zen-sources/files/CVE-2020-8694.patch
new file mode 100644
index 00000000000..f67ee3a3eaa
--- /dev/null
+++ b/sys-kernel/zen-sources/files/CVE-2020-8694.patch
@@ -0,0 +1,45 @@
+From 949dd0104c496fa7c14991a23c03c62e44637e71 Mon Sep 17 00:00:00 2001
+From: Len Brown <len.br...@intel.com>
+Date: Tue, 10 Nov 2020 13:00:00 -0800
+Subject: powercap: restrict energy meter to root access
+
+Remove non-privileged user access to power data contained in
+/sys/class/powercap/intel-rapl*/*/energy_uj
+
+Non-privileged users currently have read access to power data and can
+use this data to form a security attack. Some privileged
+drivers/applications need read access to this data, but don't expose it
+to non-privileged users.
+
+For example, thermald uses this data to ensure that power management
+works correctly. Thus removing non-privileged access is preferred over
+completely disabling this power reporting capability with
+CONFIG_INTEL_RAPL=n.
+
+Fixes: 95677a9a3847 ("PowerCap: Fix mode for energy counter")
+
+Signed-off-by: Len Brown <len.br...@intel.com>
+Cc: sta...@vger.kernel.org
+---
+ drivers/powercap/powercap_sys.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
+index f808c5fa9838c..3f0b8e2ef3d46 100644
+--- a/drivers/powercap/powercap_sys.c
++++ b/drivers/powercap/powercap_sys.c
+@@ -367,9 +367,9 @@ static void create_power_zone_common_attributes(
+ &dev_attr_max_energy_range_uj.attr;
+ if (power_zone->ops->get_energy_uj) {
+ if (power_zone->ops->reset_energy_uj)
+- dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
++ dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUSR;
+ else
+- dev_attr_energy_uj.attr.mode = S_IRUGO;
++ dev_attr_energy_uj.attr.mode = S_IRUSR;
+ power_zone->zone_dev_attrs[count++] =
+ &dev_attr_energy_uj.attr;
+ }
+--
+cgit 1.2.3-1.el7
+
diff --git a/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild
b/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild
deleted file mode 100644
index c3dce435487..00000000000
--- a/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-ETYPE="sources"
-K_WANT_GENPATCHES="base extras"
-K_GENPATCHES_VER="1"
-K_SECURITY_UNSUPPORTED="1"
-K_NOSETEXTRAVERSION="1"
-
-inherit kernel-2
-detect_version
-detect_arch
-
-KEYWORDS="~amd64 ~x86"
-HOMEPAGE="https://github.com/zen-kernel";
-IUSE=""
-
-DESCRIPTION="The Zen Kernel Live Sources"
-
-ZEN_URI="https://github.com/zen-kernel/zen-kernel/releases/download/v${PV}-zen1/v${PV}-zen1.patch.xz";
-SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${ARCH_URI} ${ZEN_URI}"
-
-UNIPATCH_LIST="${DISTDIR}/v${PV}-zen1.patch.xz"
-UNIPATCH_STRICTORDER="yes"
-
-K_EXTRAEINFO="For more info on zen-sources, and for how to report problems,
see: \
-${HOMEPAGE}, also go to #zen-sources on freenode"
-
-pkg_setup() {
- ewarn
- ewarn "${PN} is *not* supported by the Gentoo Kernel Project in any
way."
- ewarn "If you need support, please contact the zen developers directly."
- ewarn "Do *not* open bugs in Gentoo's bugzilla unless you have issues
with"
- ewarn "the ebuilds. Thank you."
- ewarn
- kernel-2_pkg_setup
-}
-
-pkg_postrm() {
- kernel-2_pkg_postrm
-}
diff --git a/sys-kernel/zen-sources/zen-sources-5.4.15.ebuild
b/sys-kernel/zen-sources/zen-sources-5.9.7.ebuild
similarity index 92%
rename from sys-kernel/zen-sources/zen-sources-5.4.15.ebuild
rename to sys-kernel/zen-sources/zen-sources-5.9.7.ebuild
index c3dce435487..5c4ff223644 100644
--- a/sys-kernel/zen-sources/zen-sources-5.4.15.ebuild
+++ b/sys-kernel/zen-sources/zen-sources-5.9.7.ebuild
@@ -37,6 +37,14 @@ pkg_setup() {
kernel-2_pkg_setup
}
+src_prepare() {
+ default
+
+ kernel-2_src_prepare
+ eapply $"${FILESDIR}/CVE-2020-8694.patch"
+}
+
+
pkg_postrm() {
kernel-2_pkg_postrm
}
