[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2014Q2 2014-09-28T13:28:58Z 2014-09-28T13:28:58Z tron tron@pkgsrc.org 2014-09-28T13:28:58Z urn:sha1:26738a815b5767cad60e5699bb764a6cedaba9f0 sysutils/xenkernel42: security patch Revisions pulled up: - sysutils/xenkernel42/Makefile 1.8 - sysutils/xenkernel42/distinfo 1.6 - sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1 - sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1 - sysutils/xentools42/Makefile 1.23 - sysutils/xentools42/distinfo 1.12 --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:39:32 UTC 2014 Modified Files: pkgsrc/sysutils/xenkernel42: Makefile distinfo pkgsrc/sysutils/xentools42: distinfo Added Files: pkgsrc/sysutils/xenkernel42/patches: patch-xen_arch_x86_mm_shadow_common.c patch-xen_arch_x86_x86_emulate_x86_emulate.c Log Message: Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:40:45 UTC 2014 Modified Files: pkgsrc/sysutils/xentools42: Makefile Log Message: Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts 2014-09-28T12:07:10Z tron tron@pkgsrc.org 2014-09-28T12:07:10Z urn:sha1:4be01e6bb362760df542a225d1e2ed2e93564809 sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.39 - sysutils/xenkernel41/distinfo 1.30 - sysutils/xenkernel41/patches/patch-CVE-2014-7154 1.1 - sysutils/xenkernel41/patches/patch-CVE-2014-7155 1.1 - sysutils/xenkernel41/patches/patch-CVE-2014-7156 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:45:00 UTC 2014 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2014-7154 patch-CVE-2014-7155 patch-CVE-2014-7156 Log Message: Add patch for: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts bump PKGREVISION 2014-07-18T13:39:34Z tron tron@pkgsrc.org 2014-07-18T13:39:34Z urn:sha1:837140cec149154bc99f40fc19be87c936440470 sysutils/libpciaccess: build fix for dependent packages under NetBSD 5.* Revisions pulled up: - sysutils/libpciaccess/builtin.mk 1.2 --- Module Name: pkgsrc Committed By: obache Date: Sun Jul 13 13:00:33 UTC 2014 Modified Files: pkgsrc/sysutils/libpciaccess: builtin.mk Log Message: libpciacess on NetBSD-5 is missing linkage with libz whereas using it. 2014-07-07T09:23:34Z tron tron@pkgsrc.org 2014-07-07T09:23:34Z urn:sha1:6e98a7d43bd3f07e7a1f8bb97a15ad5abe704ba7 sysutils/dbus: security update Revisions pulled up: - sysutils/dbus/Makefile 1.72 - sysutils/dbus/distinfo 1.57 --- Module Name: pkgsrc Committed By: wiz Date: Sun Jul 6 14:54:32 UTC 2014 Modified Files: pkgsrc/sysutils/dbus: Makefile distinfo Log Message: Update to 1.8.6: D-Bus 1.8.6 (2014-06-02) == Security fixes: • On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fd.o #80163, CVE-2014-3532; Alban Crequy) • Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie, Alban Crequy) Other fixes: • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended (fd.o #74698, Роман Донченко) 2014-06-29T18:01:06Z dholland dholland@pkgsrc.org 2014-06-29T18:01:06Z urn:sha1:48bca4982ee0aff46cc9e3b1e6c7b4634dad6c84 2014-06-29T06:53:23Z obache obache@pkgsrc.org 2014-06-29T06:53:23Z urn:sha1:dd1bc5ea35ed9ea11f7e849405dd0fb13572924d Fixes build failure on NetBSD-6. 2014-06-29T05:59:01Z dholland dholland@pkgsrc.org 2014-06-29T05:59:01Z urn:sha1:16adde6382e0bf6b9449261544d0ecfb0649b82e 2014-06-28T23:05:12Z dholland dholland@pkgsrc.org 2014-06-28T23:05:12Z urn:sha1:3af72366c5273b7111a47874d2d4d7832e412cc4 accordingly. (Is there any reason there isn't there a RUBY_VERSIONS_INCOMPATIBLE variable like we have for python and lua and in other similar situations?) 2014-06-26T20:36:53Z asau asau@pkgsrc.org 2014-06-26T20:36:53Z urn:sha1:bae4c90ac6ae5d091c5543a3ddf030ae41223c0b 2014-06-18T13:47:08Z drochner drochner@pkgsrc.org 2014-06-18T13:47:08Z urn:sha1:a074e753bb976501c384991f1cb8fb97d66f7723 bump PKGREV