[kernel] r22109 - in dists/squeeze-security/linux-2.6/debian: . patches/features/all/xen patches/series

Sat Dec 6 05:28:40 UTC 2014

Author: benh
Date: Sat Dec  6 05:28:40 2014
New Revision: 22109

Log:
Fix the mess around the CVE-2013-0228 fix

The fix for CVE-2013-0228 ('x86/xen: don't assume %ds is usable in
xen_iret for 32-bit PVOPS.') was previously applied only as part of
the Xen featureset.  Now we have it in all other Xen-aware kernels
via 2.6.32.61, but it is getting reverted for the xen featureset
(I think this was meant to avoid trying to apply it twice).

Amend the changelog entry for 2.6.32-46squeeze1 to note that only the
xen featureset was fixed then.

Drop the single patch and the revert line in
debian/patches/series/48squeeze9-extra

Deleted:
   dists/squeeze-security/linux-2.6/debian/patches/features/all/xen/xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze9-extra

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================

--- dists/squeeze-security/linux-2.6/debian/changelog	Sat Dec  6 05:12:49 2014	(r22108)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Sat Dec  6 05:28:40 2014	(r22109)
@@ -41,6 +41,7 @@
     - x86, ioapic: initialize nr_ioapic_registers early in mp_register_ioapic()
     - x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
     - x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
+      (CVE-2013-0228)
     - x86/mm: Check if PUD is large when validating a kernel address
     - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
     - xen/bootup: allow read_tscp call for Xen PV guests.
@@ -615,6 +616,7 @@
   * xen: netback: shutdown the ring if it contains garbage (CVE-2013-0216)
   * xen: netback: correct netbk_tx_err() to handle wrap around (CVE-2013-0217)
   * xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS (CVE-2013-0228)
+    [This applies only to kernel images with the xen featureset.]
 
  -- dann frazier <dannf at debian.org>  Thu, 14 Feb 2013 00:52:26 -0800
 

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze9-extra
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze9-extra	Sat Dec  6 05:12:49 2014	(r22108)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze9-extra	Sat Dec  6 05:28:40 2014	(r22109)
@@ -74,8 +74,6 @@
 + features/all/xen/xen-blkback-don-t-fail-empty-barrier-requests.patch featureset=xen
 + features/all/xen/xsa39-classic-0001-xen-netback-garbage-ring.patch featureset=xen
 + features/all/xen/xsa39-classic-0002-xen-netback-wrap-around.patch featureset=xen
-# the following has been included in 2.6.32.61 as 783defce
-- features/all/xen/xsa42-pvops-0001-x86-xen-don-t-assume-ds-is-usable-in-xen_iret-for-32.patch featureset=xen
 + features/all/xen/xsa43-classic.patch featureset=xen
 + features/all/xen/xen-netback-fix-netbk_count_requests.patch featureset=xen
 + features/all/xen/xen-netback-don-t-disconnect-frontend-when-seeing-ov.patch featureset=xen

