diff options
author | Jory Pratt <anarchy@gentoo.org> | 2020-11-13 11:42:44 -0600 |
---|---|---|
committer | Jory Pratt <anarchy@gentoo.org> | 2020-11-13 11:43:43 -0600 |
commit | 93e9250383be69152a6a7de4b0fe9ff4391dae93 (patch) | |
tree | 7a9cf08b61fbb3c543d97f98c9cd4a5ab8599c6b /sys-kernel/zen-sources | |
parent | sys-auth/pam_passwdqc: remove last-rited pkg (diff) | |
download | gentoo-93e9250383be69152a6a7de4b0fe9ff4391dae93.tar.gz gentoo-93e9250383be69152a6a7de4b0fe9ff4391dae93.tar.bz2 gentoo-93e9250383be69152a6a7de4b0fe9ff4391dae93.zip |
sys-kernel/zen-sources: Version bump, include CVE-2020-8694 fix
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Jory Pratt <anarchy@gentoo.org>
Diffstat (limited to 'sys-kernel/zen-sources')
-rw-r--r-- | sys-kernel/zen-sources/Manifest | 12 | ||||
-rw-r--r-- | sys-kernel/zen-sources/files/CVE-2020-8694.patch | 45 | ||||
-rw-r--r-- | sys-kernel/zen-sources/zen-sources-5.8.10.ebuild | 42 | ||||
-rw-r--r-- | sys-kernel/zen-sources/zen-sources-5.9.7.ebuild (renamed from sys-kernel/zen-sources/zen-sources-5.4.15.ebuild) | 8 |
4 files changed, 57 insertions, 50 deletions
diff --git a/sys-kernel/zen-sources/Manifest b/sys-kernel/zen-sources/Manifest index 31a8b88c141b..920c2a5c353c 100644 --- a/sys-kernel/zen-sources/Manifest +++ b/sys-kernel/zen-sources/Manifest @@ -1,8 +1,4 @@ -DIST genpatches-5.4-1.base.tar.xz 4564 BLAKE2B 0282bad95cd003c90e92d33d2f114ca9e752f09fdbf1930c322bed578e8a71a16d48aeddd943f0a7e59df47c07ad95dd401251a1a5828eefe07c8e927cf021ef SHA512 0726fa7768c4ddf7ba73ef5eb0ea73b71ba03dab1252b7114864ea60af84d50b8354f1c1d70a0abf0c8c7460361417b14183f11f49aa9654808025a9d979da6d -DIST genpatches-5.4-1.extras.tar.xz 1736 BLAKE2B 57df5cf8b4d96378408460be4be64900771b876a23d1e5798c97449bfcd28bea8aaf31482c614e7844106f29c9ae376c6ebef26e6c18e00a3f64bcb4e360d944 SHA512 5b9b6276f6ad6ad7ac33e14c3b06dbe943c57019332b0ee545ebf7325b7d6313db3ed6d35c46434c3c38420fb372141e63528e980aca87b90c4a39339851e80f -DIST genpatches-5.8-1.base.tar.xz 4268 BLAKE2B c1c4959758d0bc28213e4fa5c73014bad00144a92d37ed4f576f45d4d578c470c61080d941358d16b426aa17893bd80c88734b65beaa0afd90baf5d78cd078f2 SHA512 534e92071e33fe03049b0f1f3ec7d3e670155a2fa6e93dd1bb8cd5ca0f817549fa9c0b6c5ca06020d7b3733d53204ad79d909d5fbcbc748f218a9f799cc3be6e -DIST genpatches-5.8-1.extras.tar.xz 1764 BLAKE2B 35c7218e356715ab544b41a7a91e90ef8ab3ad6f318e0026e835eb007f07a48c82164928750d337d238c2717ebd609a075caa03acad92b538e70bacc131d772c SHA512 823feb9f57eef7b72f899c9655ccc2da285d66fba5ecb8e904f991d9d846f5894ae24b254917a430ad7b2358c8bb6aba8b82fb5d63081c8b54eb5c96f4c3354c -DIST linux-5.4.tar.xz 109441440 BLAKE2B 193bc4a3147e147d5529956164ec4912fad5d5c6fb07f909ff1056e57235834173194afc686993ccd785c1ff15804de0961b625f3008cca0e27493efc8f27b13 SHA512 9f60f77e8ab972b9438ac648bed17551c8491d6585a5e85f694b2eaa4c623fbc61eb18419b2656b6795eac5deec0edaa04547fc6723fbda52256bd7f3486898f -DIST linux-5.8.tar.xz 114459324 BLAKE2B 7bd97f8fa4527840754434414c07283e89731dc8ebb1e95fa5bc1469a60af1122582c0d3b6e262e77882f023190068df3537bd8b65964b3caa820bb2c8e579c7 SHA512 45a53ecf351096ef6e98242cca4228b8da9b9139ecc6963695791ea6fb7a9484a4e1c19dcca7ce7cbfdfa49de0451b70973bb078f12bdae9cbaddbc3f8092556 -DIST v5.4.15-zen1.patch.xz 908592 BLAKE2B 93a1b8e46e28b20d2f465df04c597b7da9c368532a89fc02a8059769b5f39b24b6d64acbcc88dabaa7f320c9c89705a01b3a96f8b3baa287ec60e3db4d9e1dcd SHA512 5aa5a4435e125d09a463d692bba95f247498818db157d68d75899d9031deb2aaa053a352831a843afad1241e83c25dcc5caf0243ee132696328a0d5ddcaab428 -DIST v5.8.10-zen1.patch.xz 624720 BLAKE2B 37c8853799aecba279b1e68f9de732e7ed03fe2a064017cf47c9ca8e7ff5156e94fb8c4a9502007ce93c52d022a0de1f2ee96b4edd9a95520f06192dd88b8d4a SHA512 4ad6d4db4233896c29a5785be76280f0ca07cfc5db8c8b6519b74238d6cddec3cb7cdd3cf2d0ba3d440df2411a917b5a2ed0933e72ea81beab163d1cae3bd11d +DIST genpatches-5.9-1.base.tar.xz 4004 BLAKE2B 8a4577d42262fa901186acc60d28221d00e5c9140886705f018d9989f818d96ee4d9a6586b292e7b1d945bea9e2408e3161a73e0999defe1b7f99d0a339eb7be SHA512 d6ba1051f9561aa30d7b196336c34930285d613e8119b152f1d6cc447cb22db5ac07c25f89d4ceddf58c9370c42699d0250a31449be2da3c591896b0c87d8718 +DIST genpatches-5.9-1.extras.tar.xz 1764 BLAKE2B 32d29f0448aef113ba9c9591c5d3b671d00d07abde9f35f365b48168887913bb2da95a8a52b852453307cabb111115a26178be4cbcc016e53a26a31f783a9df7 SHA512 df007dc98c1acdd31773f7dcf8aeb22812aa55e5593e8509b6a8762f2dcf06c95d69ad7cdce992e7a5fe730754bef26242acdc4e4da51ee29206fabb86c9cb0e +DIST linux-5.9.tar.xz 115507140 BLAKE2B e8d11472d63a9f8409ca12a2e8c97c6963a3d4516b5a398b627d6ece565584526f9b5a1377a2fa4bd184c09c7db94c987428bc5d52df0c788464a67e9e8d6dcb SHA512 d3d92ce4246bad74c9a784212f160d98449b1e8793970c2c308276568d852b8effe0528686bdb87d55d691f09a826abf7938d69bdd4759ce65ddd5c05ffe4eca +DIST v5.9.7-zen1.patch.xz 603716 BLAKE2B 578f29e72c1dd290e2889ff507e19de2284f323f7ef0d5f27ea3d6a9ddfe694619e85c4f8913f513167a4935fc62394d4f8c22254305eaf11c276fc55105ec45 SHA512 dd60b33dd6ae9896489c1dea74c79e794c23120fd143f6fe328303e20e59a146e471c9ca8eec1451893424a6be53afb3c9a0318c0dae388bea0bbda0ecdd429f diff --git a/sys-kernel/zen-sources/files/CVE-2020-8694.patch b/sys-kernel/zen-sources/files/CVE-2020-8694.patch new file mode 100644 index 000000000000..f67ee3a3eaa1 --- /dev/null +++ b/sys-kernel/zen-sources/files/CVE-2020-8694.patch @@ -0,0 +1,45 @@ +From 949dd0104c496fa7c14991a23c03c62e44637e71 Mon Sep 17 00:00:00 2001 +From: Len Brown <len.brown@intel.com> +Date: Tue, 10 Nov 2020 13:00:00 -0800 +Subject: powercap: restrict energy meter to root access + +Remove non-privileged user access to power data contained in +/sys/class/powercap/intel-rapl*/*/energy_uj + +Non-privileged users currently have read access to power data and can +use this data to form a security attack. Some privileged +drivers/applications need read access to this data, but don't expose it +to non-privileged users. + +For example, thermald uses this data to ensure that power management +works correctly. Thus removing non-privileged access is preferred over +completely disabling this power reporting capability with +CONFIG_INTEL_RAPL=n. + +Fixes: 95677a9a3847 ("PowerCap: Fix mode for energy counter") + +Signed-off-by: Len Brown <len.brown@intel.com> +Cc: stable@vger.kernel.org +--- + drivers/powercap/powercap_sys.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c +index f808c5fa9838c..3f0b8e2ef3d46 100644 +--- a/drivers/powercap/powercap_sys.c ++++ b/drivers/powercap/powercap_sys.c +@@ -367,9 +367,9 @@ static void create_power_zone_common_attributes( + &dev_attr_max_energy_range_uj.attr; + if (power_zone->ops->get_energy_uj) { + if (power_zone->ops->reset_energy_uj) +- dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO; ++ dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUSR; + else +- dev_attr_energy_uj.attr.mode = S_IRUGO; ++ dev_attr_energy_uj.attr.mode = S_IRUSR; + power_zone->zone_dev_attrs[count++] = + &dev_attr_energy_uj.attr; + } +-- +cgit 1.2.3-1.el7 + diff --git a/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild b/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild deleted file mode 100644 index c3dce435487e..000000000000 --- a/sys-kernel/zen-sources/zen-sources-5.8.10.ebuild +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" -ETYPE="sources" -K_WANT_GENPATCHES="base extras" -K_GENPATCHES_VER="1" -K_SECURITY_UNSUPPORTED="1" -K_NOSETEXTRAVERSION="1" - -inherit kernel-2 -detect_version -detect_arch - -KEYWORDS="~amd64 ~x86" -HOMEPAGE="https://github.com/zen-kernel" -IUSE="" - -DESCRIPTION="The Zen Kernel Live Sources" - -ZEN_URI="https://github.com/zen-kernel/zen-kernel/releases/download/v${PV}-zen1/v${PV}-zen1.patch.xz" -SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${ARCH_URI} ${ZEN_URI}" - -UNIPATCH_LIST="${DISTDIR}/v${PV}-zen1.patch.xz" -UNIPATCH_STRICTORDER="yes" - -K_EXTRAEINFO="For more info on zen-sources, and for how to report problems, see: \ -${HOMEPAGE}, also go to #zen-sources on freenode" - -pkg_setup() { - ewarn - ewarn "${PN} is *not* supported by the Gentoo Kernel Project in any way." - ewarn "If you need support, please contact the zen developers directly." - ewarn "Do *not* open bugs in Gentoo's bugzilla unless you have issues with" - ewarn "the ebuilds. Thank you." - ewarn - kernel-2_pkg_setup -} - -pkg_postrm() { - kernel-2_pkg_postrm -} diff --git a/sys-kernel/zen-sources/zen-sources-5.4.15.ebuild b/sys-kernel/zen-sources/zen-sources-5.9.7.ebuild index c3dce435487e..5c4ff2236446 100644 --- a/sys-kernel/zen-sources/zen-sources-5.4.15.ebuild +++ b/sys-kernel/zen-sources/zen-sources-5.9.7.ebuild @@ -37,6 +37,14 @@ pkg_setup() { kernel-2_pkg_setup } +src_prepare() { + default + + kernel-2_src_prepare + eapply $"${FILESDIR}/CVE-2020-8694.patch" +} + + pkg_postrm() { kernel-2_pkg_postrm } |