- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line

config handling stack overflow CVE-2015-3259-xsa137.patch - Upstream patches from Jan 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bdde5-pull-in-latest-linux-earlycpio.patch - Upstream patches from Jan pending review 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=369
2015-07-10 15:21:29 +00:00
parent d9b8b1278d
commit 763b78040d
43 changed files with 5205 additions and 1056 deletions
--- a/xen.spec
+++ b/xen.spec
@@ -90,6 +90,7 @@ BuildRequires:  dev86
 #!BuildIgnore:  gcc-PIE
 BuildRequires:  bison
 BuildRequires:  fdupes
+BuildRequires:  figlet
 BuildRequires:  flex
 BuildRequires:  glib2-devel
 BuildRequires:  libaio-devel
@@ -201,13 +202,20 @@ Source99:       baselibs.conf
 # http://xenbits.xensource.com/ext/xenalyze
 Source20000:    xenalyze.hg.tar.bz2
 # Upstream patches
-Patch1:         551ac326-xentop-add-support-for-qdisk.patch
-Patch2:         5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
-Patch3:         554cc211-libxl-add-qxl.patch
-Patch4:         556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
-Patch5:         5576f178-kexec-add-more-pages-to-v1-environment.patch
-Patch6:         55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
+Patch1:         55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
+Patch2:         551ac326-xentop-add-support-for-qdisk.patch
+Patch3:         5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
+Patch4:         5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
+Patch5:         554cc211-libxl-add-qxl.patch
+Patch6:         556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
+Patch7:         5576f178-kexec-add-more-pages-to-v1-environment.patch
+Patch8:         55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
+Patch9:         558bfaa0-x86-traps-avoid-using-current-too-early.patch
+Patch10:        5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
+Patch11:        559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
+Patch12:        559bdde5-pull-in-latest-linux-earlycpio.patch
 Patch131:       CVE-2015-4106-xsa131-9.patch
+Patch137:       CVE-2015-3259-xsa137.patch
 # Upstream qemu
 Patch250:       VNC-Support-for-ExtendedKeyEvent-client-message.patch
 Patch251:       0001-net-move-the-tap-buffer-into-TAPState.patch
@@ -218,15 +226,6 @@ Patch255:       0005-e1000-multi-buffer-packet-support.patch
 Patch256:       0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
 Patch257:       0007-e1000-verify-we-have-buffers-upfront.patch
 Patch258:       0008-e1000-check-buffer-availability.patch
-# Extra patches pending review
-Patch150:       55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
-Patch151:       5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
-Patch156:       x86-MSI-X-teardown.patch
-Patch157:       x86-MSI-X-enable.patch
-Patch158:       x86-MSI-X-guest-mask.patch
-Patch159:       x86-MSI-X-maskall.patch
-Patch160:       qemu-MSI-X-latch-writes.patch
-Patch161:       qemu-MSI-X-enable-maskall.patch
 # Our platform specific patches
 Patch301:       xen-destdir.patch
 Patch302:       vif-bridge-no-iptables.patch
@@ -309,6 +308,40 @@ Patch605:       xen.build-compare.vgabios.patch
 Patch606:       xen.build-compare.seabios.patch
 Patch607:       xen.build-compare.man.patch
 Patch608:       ipxe-no-error-logical-not-parentheses.patch
+# Extra patches pending review
+Patch801:       552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
+Patch802:       552d0fe8-x86-mtrr-include-asm-atomic.h.patch
+Patch803:       552d293b-x86-vMSI-X-honor-all-mask-requests.patch
+Patch804:       552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
+Patch805:       554c7aee-x86-provide-arch_fetch_and_add.patch
+Patch806:       554c7b00-arm-provide-arch_fetch_and_add.patch
+Patch807:       55534b0a-x86-provide-add_sized.patch
+Patch808:       55534b25-arm-provide-add_sized.patch
+Patch809:       5555a4f8-use-ticket-locks-for-spin-locks.patch
+Patch810:       5555a5b9-x86-arm-remove-asm-spinlock-h.patch
+Patch811:       5555a8ec-introduce-non-contiguous-allocation.patch
+Patch812:       55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
+Patch813:       557eb55f-gnttab-per-active-entry-locking.patch
+Patch814:       557eb5b6-gnttab-introduce-maptrack-lock.patch
+Patch815:       557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
+Patch816:       557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
+Patch817:       5582bf43-evtchn-simplify-port_is_valid.patch
+Patch818:       5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
+Patch819:       5583d9c5-x86-MSI-X-cleanup.patch
+Patch820:       5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
+Patch821:       5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
+Patch822:       5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
+Patch823:       5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
+Patch824:       5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
+Patch825:       5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
+Patch826:       5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
+Patch850:       x86-MSI-pv-unmask.patch
+Patch851:       x86-pci_cfg_okay.patch
+Patch852:       x86-PCI-CFG-write-intercept.patch
+Patch853:       x86-MSI-X-maskall.patch
+Patch854:       x86-MSI-X-teardown.patch
+Patch855:       x86-MSI-X-enable.patch
+Patch856:       x86-MSI-mask.patch
 # Build patches
 Patch99996:     xen.stubdom.newlib.patch
 Patch99998:     tmp_build.patch
@@ -521,7 +554,14 @@ Authors:
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
 %patch131 -p1
+%patch137 -p1
 # Upstream qemu patches
 %patch250 -p1
 %patch251 -p1
@@ -532,15 +572,6 @@ Authors:
 %patch256 -p1
 %patch257 -p1
 %patch258 -p1
-# Extra patches pending review
-%patch150 -p1
-%patch151 -p1
-%patch156 -p1
-%patch157 -p1
-%patch158 -p1
-%patch159 -p1
-%patch160 -p1
-%patch161 -p1
 # Our platform specific patches
 %patch301 -p1
 %patch302 -p1
@@ -622,6 +653,40 @@ Authors:
 %patch606 -p1
 %patch607 -p1
 %patch608 -p1
+# Extra patches pending review
+%patch801 -p1
+%patch802 -p1
+%patch803 -p1
+%patch804 -p1
+%patch805 -p1
+%patch806 -p1
+%patch807 -p1
+%patch808 -p1
+%patch809 -p1
+%patch810 -p1
+%patch811 -p1
+%patch812 -p1
+%patch813 -p1
+%patch814 -p1
+%patch815 -p1
+%patch816 -p1
+%patch817 -p1
+%patch818 -p1
+%patch819 -p1
+%patch820 -p1
+%patch821 -p1
+%patch822 -p1
+%patch823 -p1
+%patch824 -p1
+%patch825 -p1
+%patch826 -p1
+%patch850 -p1
+%patch851 -p1
+%patch852 -p1
+%patch853 -p1
+%patch854 -p1
+%patch855 -p1
+%patch856 -p1
 # Build patches
 %patch99996 -p1
 %patch99998 -p1