[src/netbsd-7-0]: src/doc 1071

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/32deebdd4aa6
branches:  netbsd-7-0
changeset: 801108:32deebdd4aa6
user:      snj <snj%NetBSD.org@localhost>
date:      Fri Jan 08 21:06:57 2016 +0000

description:
1071

diffstat:

 doc/CHANGES-7.0.1 |  18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diffs (29 lines):

diff -r 21b3c71ea33d -r 32deebdd4aa6 doc/CHANGES-7.0.1
--- a/doc/CHANGES-7.0.1 Fri Jan 08 21:06:07 2016 +0000
+++ b/doc/CHANGES-7.0.1 Fri Jan 08 21:06:57 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0.1,v 1.1.2.23 2016/01/05 22:27:26 snj Exp $
+# $NetBSD: CHANGES-7.0.1,v 1.1.2.24 2016/01/08 21:06:57 snj Exp $
 
 A complete list of changes from the NetBSD 7.0 release to the NetBSD 7.0.1
 release:
@@ -845,3 +845,19 @@
        * Make IPv6 address lower case.
        [taca, ticket #1055]
 
+sys/arch/xen/include/xen-public/io/ring.h      1.3 via patch
+sys/arch/xen/xen/pciback.c                     1.10 via patch
+sys/arch/xen/xen/xbdback_xenbus.c              1.62 via patch
+sys/arch/xen/xen/xennetback_xenbus.c           1.54 via patch
+
+       Apply patch from xsa155: make sure that the backend won't read
+       parts of the request again (possibly because of compiler
+       optimisations), by using copies and barrier.
+       From XSA155:
+       The compiler can emit optimizations in the PV backend drivers
+       which can lead to double fetch vulnerabilities. Specifically
+       the shared memory between the frontend and backend can be fetched
+       twice (during which time the frontend can alter the contents)
+       possibly leading to arbitrary code execution in backend.
+       [bouyer, ticket #1071]
+