pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel41 add patch from upstream (XSA-89) ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e2fa8b90fcda
branches:  trunk
changeset: 632426:e2fa8b90fcda
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Mar 28 16:07:08 2014 +0000

description:
add patch from upstream (XSA-89) to fix:
Processing of the HVMOP_set_mem_access HVM control operations does not
check the size of its input and can tie up a physical CPU for extended
periods of time.
bump PKGREV

diffstat:

 sysutils/xenkernel41/Makefile                      |   4 +-
 sysutils/xenkernel41/distinfo                      |   4 +-
 sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 |  42 ++++++++++++++++++---
 3 files changed, 40 insertions(+), 10 deletions(-)

diffs (104 lines):

diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/Makefile
--- a/sysutils/xenkernel41/Makefile     Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/Makefile     Fri Mar 28 16:07:08 2014 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.34 2014/03/06 15:45:45 joerg Exp $
+# $NetBSD: Makefile,v 1.35 2014/03/28 16:07:08 drochner Exp $
 
 VERSION=       4.1.6.1
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel41-${VERSION}
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/distinfo
--- a/sysutils/xenkernel41/distinfo     Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/distinfo     Fri Mar 28 16:07:08 2014 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.26 2014/02/20 17:37:25 drochner Exp $
+$NetBSD: distinfo,v 1.27 2014/03/28 16:07:08 drochner Exp $
 
 SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
 Size (xen-4.1.6.1.tar.gz) = 10428485 bytes
 SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1
-SHA1 (patch-CVE-2013-4355_1) = a28e4fc0cbe5409a759e689ff1af82792f560a39
+SHA1 (patch-CVE-2013-4355_1) = 91fb26907b2ac7d2435a6efce000569b71523247
 SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509
 SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f
 SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8
diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/patches/patch-CVE-2013-4355_1
--- a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1        Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1        Fri Mar 28 16:07:08 2014 +0000
@@ -1,13 +1,16 @@
-$NetBSD
+$NetBSD: patch-CVE-2013-4355_1,v 1.3 2014/03/28 16:07:08 drochner Exp $
 
 http://lists.xenproject.org/archives/html/xen-devel/2013-09/msg03160.html
 also fixes
 http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html
 (CVE-2013-4554)
+also fixes
+http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg03177.html
+(CVE-2014-2599)
 
---- xen/arch/x86/hvm/hvm.c.orig        2013-09-10 06:42:18.000000000 +0000
-+++ xen/arch/x86/hvm/hvm.c     2013-11-29 15:12:29.000000000 +0000
-@@ -1961,11 +1961,7 @@ void hvm_task_switch(
+--- xen/arch/x86/hvm/hvm.c.orig        2014-03-28 15:27:28.000000000 +0000
++++ xen/arch/x86/hvm/hvm.c     2014-03-28 15:27:36.000000000 +0000
+@@ -1961,11 +1961,7 @@
  
      rc = hvm_copy_from_guest_virt(
          &tss, prev_tr.base, sizeof(tss), PFEC_page_present);
@@ -20,7 +23,7 @@
          goto out;
  
      eflags = regs->eflags;
-@@ -2010,13 +2006,11 @@ void hvm_task_switch(
+@@ -2010,13 +2006,11 @@
  
      rc = hvm_copy_from_guest_virt(
          &tss, tr.base, sizeof(tss), PFEC_page_present);
@@ -39,7 +42,7 @@
          goto out;
  
  
-@@ -2834,7 +2828,7 @@ int hvm_do_hypercall(struct cpu_user_reg
+@@ -2834,7 +2828,7 @@
      case 4:
      case 2:
          hvm_get_segment_register(curr, x86_seg_ss, &sreg);
@@ -48,3 +51,30 @@
          {
      default:
              regs->eax = -EPERM;
+@@ -3746,7 +3740,7 @@
+              ((a.first_pfn + a.nr - 1) > domain_get_maximum_gpfn(d)) )
+             goto param_fail5;
+             
+-        for ( pfn = a.first_pfn; pfn < a.first_pfn + a.nr; pfn++ )
++        for ( pfn = a.first_pfn; a.nr; ++pfn )
+         {
+             p2m_type_t t;
+             mfn_t mfn;
+@@ -3759,6 +3753,17 @@
+             p2m_unlock(p2m);
+             if ( !success )
+                 goto param_fail5;
++
++            /* Check for continuation if it's not the last interation. */
++            if ( --a.nr && hypercall_preempt_check() )
++            {
++                a.first_pfn = pfn + 1;
++                if ( copy_to_guest(arg, &a, 1) )
++                    rc = -EFAULT;
++                else
++                    rc = -EAGAIN;
++                goto param_fail5;
++            }
+         }
+ 
+         rc = 0;



Home | Main Index | Thread Index | Old Index