pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel41 add patch from upstream (XSA-89) ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e2fa8b90fcda
branches: trunk
changeset: 632426:e2fa8b90fcda
user: drochner <drochner%pkgsrc.org@localhost>
date: Fri Mar 28 16:07:08 2014 +0000
description:
add patch from upstream (XSA-89) to fix:
Processing of the HVMOP_set_mem_access HVM control operations does not
check the size of its input and can tie up a physical CPU for extended
periods of time.
bump PKGREV
diffstat:
sysutils/xenkernel41/Makefile | 4 +-
sysutils/xenkernel41/distinfo | 4 +-
sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 | 42 ++++++++++++++++++---
3 files changed, 40 insertions(+), 10 deletions(-)
diffs (104 lines):
diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/Makefile
--- a/sysutils/xenkernel41/Makefile Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/Makefile Fri Mar 28 16:07:08 2014 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.34 2014/03/06 15:45:45 joerg Exp $
+# $NetBSD: Makefile,v 1.35 2014/03/28 16:07:08 drochner Exp $
VERSION= 4.1.6.1
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel41-${VERSION}
-PKGREVISION= 7
+PKGREVISION= 8
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/distinfo
--- a/sysutils/xenkernel41/distinfo Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/distinfo Fri Mar 28 16:07:08 2014 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.26 2014/02/20 17:37:25 drochner Exp $
+$NetBSD: distinfo,v 1.27 2014/03/28 16:07:08 drochner Exp $
SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
Size (xen-4.1.6.1.tar.gz) = 10428485 bytes
SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1
-SHA1 (patch-CVE-2013-4355_1) = a28e4fc0cbe5409a759e689ff1af82792f560a39
+SHA1 (patch-CVE-2013-4355_1) = 91fb26907b2ac7d2435a6efce000569b71523247
SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509
SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f
SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8
diff -r 127b0f8f4ef4 -r e2fa8b90fcda sysutils/xenkernel41/patches/patch-CVE-2013-4355_1
--- a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 Fri Mar 28 16:02:01 2014 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 Fri Mar 28 16:07:08 2014 +0000
@@ -1,13 +1,16 @@
-$NetBSD
+$NetBSD: patch-CVE-2013-4355_1,v 1.3 2014/03/28 16:07:08 drochner Exp $
http://lists.xenproject.org/archives/html/xen-devel/2013-09/msg03160.html
also fixes
http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html
(CVE-2013-4554)
+also fixes
+http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg03177.html
+(CVE-2014-2599)
---- xen/arch/x86/hvm/hvm.c.orig 2013-09-10 06:42:18.000000000 +0000
-+++ xen/arch/x86/hvm/hvm.c 2013-11-29 15:12:29.000000000 +0000
-@@ -1961,11 +1961,7 @@ void hvm_task_switch(
+--- xen/arch/x86/hvm/hvm.c.orig 2014-03-28 15:27:28.000000000 +0000
++++ xen/arch/x86/hvm/hvm.c 2014-03-28 15:27:36.000000000 +0000
+@@ -1961,11 +1961,7 @@
rc = hvm_copy_from_guest_virt(
&tss, prev_tr.base, sizeof(tss), PFEC_page_present);
@@ -20,7 +23,7 @@
goto out;
eflags = regs->eflags;
-@@ -2010,13 +2006,11 @@ void hvm_task_switch(
+@@ -2010,13 +2006,11 @@
rc = hvm_copy_from_guest_virt(
&tss, tr.base, sizeof(tss), PFEC_page_present);
@@ -39,7 +42,7 @@
goto out;
-@@ -2834,7 +2828,7 @@ int hvm_do_hypercall(struct cpu_user_reg
+@@ -2834,7 +2828,7 @@
case 4:
case 2:
hvm_get_segment_register(curr, x86_seg_ss, &sreg);
@@ -48,3 +51,30 @@
{
default:
regs->eax = -EPERM;
+@@ -3746,7 +3740,7 @@
+ ((a.first_pfn + a.nr - 1) > domain_get_maximum_gpfn(d)) )
+ goto param_fail5;
+
+- for ( pfn = a.first_pfn; pfn < a.first_pfn + a.nr; pfn++ )
++ for ( pfn = a.first_pfn; a.nr; ++pfn )
+ {
+ p2m_type_t t;
+ mfn_t mfn;
+@@ -3759,6 +3753,17 @@
+ p2m_unlock(p2m);
+ if ( !success )
+ goto param_fail5;
++
++ /* Check for continuation if it's not the last interation. */
++ if ( --a.nr && hypercall_preempt_check() )
++ {
++ a.first_pfn = pfn + 1;
++ if ( copy_to_guest(arg, &a, 1) )
++ rc = -EFAULT;
++ else
++ rc = -EAGAIN;
++ goto param_fail5;
++ }
+ }
+
+ rc = 0;
Home |
Main Index |
Thread Index |
Old Index