pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils Update xentools42 and xenkernel42 to Xen 4.2....
details: https://anonhg.NetBSD.org/pkgsrc/rev/619741501b3c
branches: trunk
changeset: 639822:619741501b3c
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Fri Sep 26 10:39:31 2014 +0000
description:
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
diffstat:
sysutils/xenkernel42/Makefile | 4 +-
sysutils/xenkernel42/distinfo | 10 +-
sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c | 24 ++++++
sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c | 39 ++++++++++
sysutils/xentools42/Makefile | 6 +-
sysutils/xentools42/distinfo | 8 +-
6 files changed, 78 insertions(+), 13 deletions(-)
diffs (139 lines):
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xenkernel42/Makefile
--- a/sysutils/xenkernel42/Makefile Fri Sep 26 07:00:50 2014 +0000
+++ b/sysutils/xenkernel42/Makefile Fri Sep 26 10:39:31 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.8 2014/09/26 10:39:31 bouyer Exp $
-VERSION= 4.2.4
+VERSION= 4.2.5
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel42-${VERSION}
CATEGORIES= sysutils
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xenkernel42/distinfo
--- a/sysutils/xenkernel42/distinfo Fri Sep 26 07:00:50 2014 +0000
+++ b/sysutils/xenkernel42/distinfo Fri Sep 26 10:39:31 2014 +0000
@@ -1,9 +1,11 @@
-$NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $
+$NetBSD: distinfo,v 1.6 2014/09/26 10:39:31 bouyer Exp $
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
+SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
+SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c Fri Sep 26 10:39:31 2014 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-104/CVE-2014-7154, from Xen Security Advisory
+
+--- xen/arch/x86/mm/shadow/common.c.orig 2014-09-02 08:22:57.000000000 +0200
++++ xen/arch/x86/mm/shadow/common.c 2014-09-26 11:18:02.000000000 +0200
+@@ -3601,7 +3601,7 @@
+ int flush_tlb = 0;
+ unsigned long i;
+ p2m_type_t t;
+- struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
++ struct sh_dirty_vram *dirty_vram;
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+
+ if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
+@@ -3611,6 +3611,8 @@
+ p2m_lock(p2m_get_hostp2m(d));
+ paging_lock(d);
+
++ dirty_vram = d->arch.hvm_domain.dirty_vram;
++
+ if ( dirty_vram && (!nr ||
+ ( begin_pfn != dirty_vram->begin_pfn
+ || end_pfn != dirty_vram->end_pfn )) )
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c Fri Sep 26 10:39:31 2014 +0000
@@ -0,0 +1,39 @@
+$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156,
+from Xen Security Advisory
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2014-09-26 11:53:50.000000000 +0200
++++ xen/arch/x86/x86_emulate/x86_emulate.c 2014-09-26 11:53:43.000000000 +0200
+@@ -2616,6 +2616,7 @@
+ case 0xcd: /* int imm8 */
+ src.val = insn_fetch_type(uint8_t);
+ swint:
++ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
+ fail_if(ops->inject_sw_interrupt == NULL);
+ rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
+ ctxt) ? : X86EMUL_EXCEPTION;
+@@ -3296,6 +3297,7 @@
+ goto swint;
+
+ case 0xf4: /* hlt */
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ ctxt->retire.flags.hlt = 1;
+ break;
+
+@@ -3721,6 +3723,7 @@
+ break;
+ case 2: /* lgdt */
+ case 3: /* lidt */
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+ fail_if(ops->write_segment == NULL);
+ memset(®, 0, sizeof(reg));
+@@ -3749,6 +3752,7 @@
+ case 6: /* lmsw */
+ fail_if(ops->read_cr == NULL);
+ fail_if(ops->write_cr == NULL);
++ generate_exception_if(!mode_ring0(), EXC_GP, 0);
+ if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
+ goto done;
+ if ( ea.type == OP_REG )
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xentools42/Makefile
--- a/sysutils/xentools42/Makefile Fri Sep 26 07:00:50 2014 +0000
+++ b/sysutils/xentools42/Makefile Fri Sep 26 10:39:31 2014 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2014/09/26 10:40:45 bouyer Exp $
-VERSION= 4.2.4
+VERSION= 4.2.5
VERSION_IPXE= 1.0.0
DISTNAME= xen-${VERSION}
PKGNAME= xentools42-${VERSION}
-PKGREVISION= 2
+#PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r b16ba5b3d02a -r 619741501b3c sysutils/xentools42/distinfo
--- a/sysutils/xentools42/distinfo Fri Sep 26 07:00:50 2014 +0000
+++ b/sysutils/xentools42/distinfo Fri Sep 26 10:39:31 2014 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.11 2014/09/17 20:32:36 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2014/09/26 10:39:31 bouyer Exp $
SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb
SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b
Home |
Main Index |
Thread Index |
Old Index