d/patches: Move security fixes into security/

09016ddf · Guido Günther · 6bc6e60d · 09016ddf · 09016ddf · 09016ddf
Commit 09016ddf authored 5 years ago by Guido Günther
--- a/debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+++ b/debian/patches/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
--- a/debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
+++ b/debian/patches/cpu_map-Define-md-clear-CPUID-bit.patch
@@ -2,8 +2,9 @@ From: Jiri Denemark <jdenemar@redhat.com>
 Date: Fri, 5 Apr 2019 15:11:20 +0200
 Subject: cpu_map: Define md-clear CPUID bit
 MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
+Content-Type: text/plain; charset="utf-8"
 Content-Transfer-Encoding: 8bit
+
 Origin: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
 Bug-Debian: https://bugs.debian.org/929154
 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12126
@@ -20,20 +21,14 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 ---
- src/cpu_map/x86_features.xml                                | 3 +++
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  | 2 +-
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml     | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml     | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml  | 1 +
- 7 files changed, 9 insertions(+), 1 deletion(-)
+ src/cpu_map/x86_features.xml | 3 +++
+ 1 file changed, 3 insertions(+)

 diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
-index efcc10b1aebd..370807f88e5f 100644
+index 02431be..11479f0 100644
 --- a/src/cpu_map/x86_features.xml
 +++ b/src/cpu_map/x86_features.xml
-@@ -320,6 +320,9 @@
+@@ -317,6 +317,9 @@
   <feature name='avx512-4fmaps'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
   </feature>
@@ -43,6 +38,3 @@ index efcc10b1aebd..370807f88e5f 100644
   <feature name='pconfig'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
   </feature>
-- 
-2.20.1
-
--- a/debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+++ b/debian/patches/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,9 +19,9 @@ security-aa-helper-allow-virt-aa-helper-to-read-dev-dri.patch
 security-aa-helper-generate-more-rules-for-gl-devices.patch
 security-aa-helper-nvidia-rules-for-gl-devices.patch
 security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
-api-disallow-virDomainGetHostname-for-read-only-connectio.patch
-remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
-cpu_map-Define-md-clear-CPUID-bit.patch
+security/api-disallow-virDomainGetHostname-for-read-only-connectio.patch
+security/remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
+security/cpu_map-Define-md-clear-CPUID-bit.patch
 security/admin-reject-clients-unless-their-UID-matches-the-current.patch
 security/locking-restrict-sockets-to-mode-0600.patch
 security/logging-restrict-sockets-to-mode-0600.patch