diff options
| author | spz <spz@pkgsrc.org> | 2015-03-05 13:44:57 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2015-03-05 13:44:57 +0000 |
| commit | 99dd821872c8ca181592a654ca74879b0c5f9794 (patch) | |
| tree | e94c51764ee674e99a2aa0ada9bf50083f629b4e | |
| parent | d2a820e809d8f5173cc9668f5fd2c251c9846b7e (diff) | |
| download | pkgsrc-99dd821872c8ca181592a654ca74879b0c5f9794.tar.gz | |
Add patches for XSA-121 and XSA-122 from upstream.
| -rw-r--r-- | sysutils/xenkernel42/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel42/distinfo | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel42/patches/patch-CVE-2015-2044 | 53 | ||||
| -rw-r--r-- | sysutils/xenkernel42/patches/patch-CVE-2015-2045 | 42 |
4 files changed, 100 insertions, 3 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile index ca76ab8e019..f830293d082 100644 --- a/sysutils/xenkernel42/Makefile +++ b/sysutils/xenkernel42/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.11 2014/12/30 08:14:15 spz Exp $ +# $NetBSD: Makefile,v 1.12 2015/03/05 13:44:57 spz Exp $ VERSION= 4.2.5 DISTNAME= xen-${VERSION} PKGNAME= xenkernel42-${VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo index 8d7cc3075c5..828e041a7a9 100644 --- a/sysutils/xenkernel42/distinfo +++ b/sysutils/xenkernel42/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2014/12/30 08:14:16 spz Exp $ +$NetBSD: distinfo,v 1.10 2015/03/05 13:44:57 spz Exp $ SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 @@ -8,6 +8,8 @@ SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 SHA1 (patch-CVE-2014-8866) = 9888e9585364681dfaa43af953eb104715cc4f99 SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6 +SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e +SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel42/patches/patch-CVE-2015-2044 b/sysutils/xenkernel42/patches/patch-CVE-2015-2044 new file mode 100644 index 00000000000..c29915c5d7f --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-CVE-2015-2044 @@ -0,0 +1,53 @@ +$NetBSD: patch-CVE-2015-2044,v 1.1 2015/03/05 13:44:57 spz Exp $ + +x86/HVM: return all ones on wrong-sized reads of system device I/O ports + +So far the value presented to the guest remained uninitialized. + +This is CVE-2015-2044 / XSA-121. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Ian Campbell <ian.campbell@citrix.com> + +--- xen/arch/x86/hvm/rtc.c.orig 2014-09-02 06:22:57.000000000 +0000 ++++ xen/arch/x86/hvm/rtc.c +@@ -619,7 +619,8 @@ static int handle_rtc_io( + + if ( bytes != 1 ) + { +- gdprintk(XENLOG_WARNING, "HVM_RTC bas access\n"); ++ gdprintk(XENLOG_WARNING, "HVM_RTC bad access\n"); ++ *val = ~0; + return X86EMUL_OKAY; + } + +--- xen/arch/x86/hvm/i8254.c.orig 2014-09-02 06:22:57.000000000 +0000 ++++ xen/arch/x86/hvm/i8254.c +@@ -478,6 +478,7 @@ static int handle_pit_io( + if ( bytes != 1 ) + { + gdprintk(XENLOG_WARNING, "PIT bad access\n"); ++ *val = ~0; + return X86EMUL_OKAY; + } + +--- xen/arch/x86/hvm/pmtimer.c.orig 2014-09-02 06:22:57.000000000 +0000 ++++ xen/arch/x86/hvm/pmtimer.c +@@ -213,6 +213,7 @@ static int handle_pmt_io( + if ( bytes != 4 ) + { + gdprintk(XENLOG_WARNING, "HVM_PMT bad access\n"); ++ *val = ~0; + return X86EMUL_OKAY; + } + +--- xen/arch/x86/hvm/vpic.c.orig 2014-09-02 06:22:57.000000000 +0000 ++++ xen/arch/x86/hvm/vpic.c +@@ -324,6 +324,7 @@ static int vpic_intercept_pic_io( + if ( bytes != 1 ) + { + gdprintk(XENLOG_WARNING, "PIC_IO bad access size %d\n", bytes); ++ *val = ~0; + return X86EMUL_OKAY; + } + diff --git a/sysutils/xenkernel42/patches/patch-CVE-2015-2045 b/sysutils/xenkernel42/patches/patch-CVE-2015-2045 new file mode 100644 index 00000000000..9c765338c2b --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-CVE-2015-2045 @@ -0,0 +1,42 @@ +$NetBSD: patch-CVE-2015-2045,v 1.1 2015/03/05 13:44:57 spz Exp $ + +pre-fill structures for certain HYPERVISOR_xen_version sub-ops + +... avoiding to pass hypervisor stack contents back to the caller +through space unused by the respective strings. + +This is CVE-2015-2045 / XSA-122. + +Signed-off-by: Aaron Adams <Aaron.Adams@nccgroup.com> +Acked-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Ian Campbell <ian.campbell@citrix.com> + +--- xen/common/kernel.c.orig 2014-09-02 06:22:57.000000000 +0000 ++++ xen/common/kernel.c +@@ -216,6 +216,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL + case XENVER_extraversion: + { + xen_extraversion_t extraversion; ++ ++ memset(extraversion, 0, sizeof(extraversion)); + safe_strcpy(extraversion, xen_extra_version()); + if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) ) + return -EFAULT; +@@ -225,6 +227,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL + case XENVER_compile_info: + { + struct xen_compile_info info; ++ ++ memset(&info, 0, sizeof(info)); + safe_strcpy(info.compiler, xen_compiler()); + safe_strcpy(info.compile_by, xen_compile_by()); + safe_strcpy(info.compile_domain, xen_compile_domain()); +@@ -260,6 +264,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL + case XENVER_changeset: + { + xen_changeset_info_t chgset; ++ ++ memset(chgset, 0, sizeof(chgset)); + safe_strcpy(chgset, xen_changeset()); + if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) ) + return -EFAULT; |