pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2015Q1]: pkgsrc/sysutils/xenkernel45 Pullup ticket #4699 - req...
details: https://anonhg.NetBSD.org/pkgsrc/rev/514a558d23fa
branches: pkgsrc-2015Q1
changeset: 649212:514a558d23fa
user: tron <tron%pkgsrc.org@localhost>
date: Wed Apr 29 21:16:43 2015 +0000
description:
Pullup ticket #4699 - requested by spz
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.7
- sysutils/xenkernel45/distinfo 1.6
- sysutils/xenkernel45/patches/patch-CVE-2015-2751 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 19 15:02:12 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2751
Log Message:
adding upstream's patch for
XSA-127 Certain domctl operations may be abused to lock up the host
diffstat:
sysutils/xenkernel45/Makefile | 4 +-
sysutils/xenkernel45/distinfo | 3 +-
sysutils/xenkernel45/patches/patch-CVE-2015-2751 | 42 ++++++++++++++++++++++++
3 files changed, 46 insertions(+), 3 deletions(-)
diffs (78 lines):
diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/Makefile
--- a/sysutils/xenkernel45/Makefile Wed Apr 29 21:11:12 2015 +0000
+++ b/sysutils/xenkernel45/Makefile Wed Apr 29 21:16:43 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.5.2.1 2015/04/29 21:11:12 tron Exp $
+# $NetBSD: Makefile,v 1.5.2.2 2015/04/29 21:16:43 tron Exp $
VERSION= 4.5.0
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel45-${VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/distinfo
--- a/sysutils/xenkernel45/distinfo Wed Apr 29 21:11:12 2015 +0000
+++ b/sysutils/xenkernel45/distinfo Wed Apr 29 21:16:43 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4.2.1 2015/04/29 21:11:12 tron Exp $
+$NetBSD: distinfo,v 1.4.2.2 2015/04/29 21:16:43 tron Exp $
SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637
RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45
@@ -6,6 +6,7 @@
SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d
SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52
SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a
+SHA1 (patch-CVE-2015-2751) = b0ab727ae01291a0e4ea2efe3931b6cd00df1a39
SHA1 (patch-CVE-2015-2752) = 390edab296a91c83197205dce7030cbdd60e0d78
SHA1 (patch-CVE-2015-2756) = e76490b858e213d09d326b413004d29a7e177b20
SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/patches/patch-CVE-2015-2751
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2751 Wed Apr 29 21:16:43 2015 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-CVE-2015-2751,v 1.1.2.2 2015/04/29 21:16:43 tron Exp $
+
+--- xen/arch/x86/domctl.c.orig 2015-01-12 16:53:24.000000000 +0000
++++ xen/arch/x86/domctl.c
+@@ -888,6 +888,10 @@ long arch_do_domctl(
+ {
+ xen_guest_tsc_info_t info;
+
++ ret = -EINVAL;
++ if ( d == current->domain ) /* no domain_pause() */
++ break;
++
+ domain_pause(d);
+ tsc_get_info(d, &info.tsc_mode,
+ &info.elapsed_nsec,
+@@ -903,6 +907,10 @@ long arch_do_domctl(
+
+ case XEN_DOMCTL_settscinfo:
+ {
++ ret = -EINVAL;
++ if ( d == current->domain ) /* no domain_pause() */
++ break;
++
+ domain_pause(d);
+ tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode,
+ domctl->u.tsc_info.info.elapsed_nsec,
+
+--- xen/common/domctl.c.orig 2015-04-19 14:40:24.000000000 +0000
++++ xen/common/domctl.c
+@@ -522,8 +522,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
+
+ case XEN_DOMCTL_resumedomain:
+ {
+- domain_resume(d);
+- ret = 0;
++ if ( d == current->domain ) /* no domain_pause() */
++ ret = -EINVAL;
++ else
++ domain_resume(d);
+ }
+ break;
+
Home |
Main Index |
Thread Index |
Old Index