[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel42 xsa123-4.3-4.2.patch from upstream:

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ba18f5dd46c3
branches:  trunk
changeset: 648073:ba18f5dd46c3
user:      spz <spz%pkgsrc.org@localhost>
date:      Tue Mar 10 19:50:15 2015 +0000

description:
xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.

diffstat:

 sysutils/xenkernel42/Makefile                    |   4 ++--
 sysutils/xenkernel42/distinfo                    |   3 ++-
 sysutils/xenkernel42/patches/patch-CVE-2015-2151 |  23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)

diffs (59 lines):

diff -r c3975ea2fbf6 -r ba18f5dd46c3 sysutils/xenkernel42/Makefile
--- a/sysutils/xenkernel42/Makefile     Tue Mar 10 16:56:08 2015 +0000
+++ b/sysutils/xenkernel42/Makefile     Tue Mar 10 19:50:15 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.12 2015/03/05 13:44:57 spz Exp $
+# $NetBSD: Makefile,v 1.13 2015/03/10 19:50:15 spz Exp $
 
 VERSION=       4.2.5
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel42-${VERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r c3975ea2fbf6 -r ba18f5dd46c3 sysutils/xenkernel42/distinfo
--- a/sysutils/xenkernel42/distinfo     Tue Mar 10 16:56:08 2015 +0000
+++ b/sysutils/xenkernel42/distinfo     Tue Mar 10 19:50:15 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2015/03/05 13:44:57 spz Exp $
+$NetBSD: distinfo,v 1.11 2015/03/10 19:50:15 spz Exp $
 
 SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
 RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
@@ -10,6 +10,7 @@
 SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6
 SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e
 SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98
+SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff -r c3975ea2fbf6 -r ba18f5dd46c3 sysutils/xenkernel42/patches/patch-CVE-2015-2151
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel42/patches/patch-CVE-2015-2151  Tue Mar 10 19:50:15 2015 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 19:50:16 spz Exp $
+
+xsa123-4.3-4.2.patch from upstream:
+
+x86emul: fully ignore segment override for register-only operations
+
+For ModRM encoded instructions with register operands we must not
+overwrite ea.mem.seg (if a - bogus in that case - segment override was
+present) as it aliases with ea.reg.
+
+This is CVE-2015-2151 / XSA-123.
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig        2015-03-10 19:18:09.000000000 +0000
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1640,7 +1640,7 @@ x86_emulate(
+         }
+     }
+ 
+-    if ( override_seg != -1 )
++    if ( override_seg != -1 && ea.type == OP_MEM )
+         ea.mem.seg = override_seg;
+ 
+     /* Decode and fetch the source operand: register, memory or immediate. */