pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2015Q1]: pkgsrc/sysutils/xenkernel45 Pullup ticket #4699 - req...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/514a558d23fa
branches:  pkgsrc-2015Q1
changeset: 649212:514a558d23fa
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Apr 29 21:16:43 2015 +0000

description:
Pullup ticket #4699 - requested by spz
sysutils/xenkernel45: security patch

Revisions pulled up:
- sysutils/xenkernel45/Makefile                                 1.7
- sysutils/xenkernel45/distinfo                                 1.6
- sysutils/xenkernel45/patches/patch-CVE-2015-2751              1.1

---
   Module Name: pkgsrc
   Committed By:        spz
   Date:                Sun Apr 19 15:02:12 UTC 2015

   Modified Files:
        pkgsrc/sysutils/xenkernel45: Makefile distinfo
   Added Files:
        pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2751

   Log Message:
   adding upstream's patch for
   XSA-127 Certain domctl operations may be abused to lock up the host

diffstat:

 sysutils/xenkernel45/Makefile                    |   4 +-
 sysutils/xenkernel45/distinfo                    |   3 +-
 sysutils/xenkernel45/patches/patch-CVE-2015-2751 |  42 ++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 3 deletions(-)

diffs (78 lines):

diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/Makefile
--- a/sysutils/xenkernel45/Makefile     Wed Apr 29 21:11:12 2015 +0000
+++ b/sysutils/xenkernel45/Makefile     Wed Apr 29 21:16:43 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.5.2.1 2015/04/29 21:11:12 tron Exp $
+# $NetBSD: Makefile,v 1.5.2.2 2015/04/29 21:16:43 tron Exp $
 
 VERSION=       4.5.0
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel45-${VERSION}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/distinfo
--- a/sysutils/xenkernel45/distinfo     Wed Apr 29 21:11:12 2015 +0000
+++ b/sysutils/xenkernel45/distinfo     Wed Apr 29 21:16:43 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4.2.1 2015/04/29 21:11:12 tron Exp $
+$NetBSD: distinfo,v 1.4.2.2 2015/04/29 21:16:43 tron Exp $
 
 SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637
 RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45
@@ -6,6 +6,7 @@
 SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d
 SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52
 SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a
+SHA1 (patch-CVE-2015-2751) = b0ab727ae01291a0e4ea2efe3931b6cd00df1a39
 SHA1 (patch-CVE-2015-2752) = 390edab296a91c83197205dce7030cbdd60e0d78
 SHA1 (patch-CVE-2015-2756) = e76490b858e213d09d326b413004d29a7e177b20
 SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
diff -r e2921e6e9f1f -r 514a558d23fa sysutils/xenkernel45/patches/patch-CVE-2015-2751
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2751  Wed Apr 29 21:16:43 2015 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-CVE-2015-2751,v 1.1.2.2 2015/04/29 21:16:43 tron Exp $
+
+--- xen/arch/x86/domctl.c.orig 2015-01-12 16:53:24.000000000 +0000
++++ xen/arch/x86/domctl.c
+@@ -888,6 +888,10 @@ long arch_do_domctl(
+     {
+         xen_guest_tsc_info_t info;
+ 
++        ret = -EINVAL;
++        if ( d == current->domain ) /* no domain_pause() */
++            break;
++
+         domain_pause(d);
+         tsc_get_info(d, &info.tsc_mode,
+                         &info.elapsed_nsec,
+@@ -903,6 +907,10 @@ long arch_do_domctl(
+ 
+     case XEN_DOMCTL_settscinfo:
+     {
++        ret = -EINVAL;
++        if ( d == current->domain ) /* no domain_pause() */
++            break;
++
+         domain_pause(d);
+         tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode,
+                      domctl->u.tsc_info.info.elapsed_nsec,
+
+--- xen/common/domctl.c.orig   2015-04-19 14:40:24.000000000 +0000
++++ xen/common/domctl.c
+@@ -522,8 +522,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe
+ 
+     case XEN_DOMCTL_resumedomain:
+     {
+-        domain_resume(d);
+-        ret = 0;
++        if ( d == current->domain ) /* no domain_pause() */
++            ret = -EINVAL;
++        else
++            domain_resume(d);
+     }
+     break;
+ 



Home | Main Index | Thread Index | Old Index