Pullup ticket #3298 - requested by bouyer

sysutils/xenkernel3: security patch sysutils/xenkernel33: security patch Revisions pulled up: - sysutils/xenkernel3/Makefile 1.19 - sysutils/xenkernel3/distinfo 1.12 - sysutils/xenkernel3/patches/patch-dc 1.1 - sysutils/xenkernel33/Makefile 1.12 - sysutils/xenkernel33/distinfo 1.10 - sysutils/xenkernel33/patches/patch-ab 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Tue Dec 7 18:43:49 UTC 2010 Modified Files: pkgsrc/sysutils/xenkernel3: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel3/patches: patch-dc Log Message: Add a fix for CVE-2010-4255, from the xen-devel list and adapted for Xen 3.1 --- Module Name: pkgsrc Committed By: bouyer Date: Tue Dec 7 18:44:26 UTC 2010 Modified Files: pkgsrc/sysutils/xenkernel33: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel33/patches: patch-ab Log Message: Add a fix for CVE-2010-4255, from the xen-devel list. Bump PKGREVISION.
author: tron <tron> 2010-12-10 10:48:45 +0000
committer: tron <tron> 2010-12-10 10:48:45 +0000
commit: f864961daed8e427c4910252701463edb1b52c4a (patch)
tree: e79777c2bfc47586ccd255cc96774175fe97b7e1
parent: 39495ef05af59faaa99094271c8129899c600ada (diff)
download: pkgsrc-f864961daed8e427c4910252701463edb1b52c4a.tar.gz
6 files changed, 39 insertions, 6 deletions
diff --git a/sysutils/xenkernel3/Makefile b/sysutils/xenkernel3/Makefile
index 8bc1ac2558e..e8607f4a94c 100644
--- a/sysutils/xenkernel3/Makefile
+++ b/sysutils/xenkernel3/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.18 2009/05/03 23:10:50 abs Exp $
+# $NetBSD: Makefile,v 1.18.12.1 2010/12/10 10:48:45 tron Exp $
 #
 
 VERSION=	3.1.4
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel3-${VERSION}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff --git a/sysutils/xenkernel3/distinfo b/sysutils/xenkernel3/distinfo
index 1893c138152..2ae2412ffa7 100644
--- a/sysutils/xenkernel3/distinfo
+++ b/sysutils/xenkernel3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2009/01/24 18:57:59 bouyer Exp $
+$NetBSD: distinfo,v 1.11.14.1 2010/12/10 10:48:45 tron Exp $
 
 SHA1 (xen-3.1.4.tar.gz) = 0d784662776239195df10b3f29d40350f9d0644d
 RMD160 (xen-3.1.4.tar.gz) = c02ad2bd64e6306b127a4f37a8aa370dadc11859
@@ -11,3 +11,4 @@ SHA1 (patch-bd) = 2a07955b1285d288458066813f8ebc801b8038c1
 SHA1 (patch-cw) = 83a0f34dac9ba9a465c7362d4de6706afb84d688
 SHA1 (patch-da) = 6db74e00d15615e71936fa8637a05159f378b454
 SHA1 (patch-db) = 8e7b563fd816669fd39e1e8bf5137b5937060968
+SHA1 (patch-dc) = 606ad2af582b88ddfd250b952831af9d3b2b1f5d
diff --git a/sysutils/xenkernel3/patches/patch-dc b/sysutils/xenkernel3/patches/patch-dc
new file mode 100644
index 00000000000..4d12970a068
--- /dev/null
+++ b/sysutils/xenkernel3/patches/patch-dc
@@ -0,0 +1,16 @@
+$NetBSD: patch-dc,v 1.1.2.2 2010/12/10 10:48:46 tron Exp $
+
+Fix for CVE-2010-4255, from the xen-devel list and adapted for Xen 3.1
+
+--- xen/arch/x86/traps.c.orig	2010-12-07 12:53:20.000000000 +0100
++++ xen/arch/x86/traps.c	2010-12-07 13:11:36.000000000 +0100
+@@ -950,7 +950,8 @@
+     {
+         if ( paging_mode_external(d) && guest_mode(regs) )
+             return paging_fault(addr, regs);
+-        if ( (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) )
++        if ( !(regs->error_code & PFEC_user_mode) &&
++	     (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) )
+             return handle_gdt_ldt_mapping_fault(
+                 addr - GDT_LDT_VIRT_START, regs);
+         return 0;
diff --git a/sysutils/xenkernel33/Makefile b/sysutils/xenkernel33/Makefile
index 67ed6c4d81f..f0d44d9660f 100644
--- a/sysutils/xenkernel33/Makefile
+++ b/sysutils/xenkernel33/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.11 2009/08/07 12:43:46 cegger Exp $
+# $NetBSD: Makefile,v 1.11.10.1 2010/12/10 10:48:46 tron Exp $
 #
 
 VERSION=	3.3.2
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel33-${VERSION}
-#PKGREVISION=	1
+PKGREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${VERSION}/
 EXTRACT_SUFX=	.tar.gz
diff --git a/sysutils/xenkernel33/distinfo b/sysutils/xenkernel33/distinfo
index 4d0b395d52e..5a26f29df79 100644
--- a/sysutils/xenkernel33/distinfo
+++ b/sysutils/xenkernel33/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.9 2009/08/07 12:43:46 cegger Exp $
+$NetBSD: distinfo,v 1.9.10.1 2010/12/10 10:48:46 tron Exp $
 
 SHA1 (xen-3.3.2.tar.gz) = 7f438e73ac81b25cf5e1570709e87001066bafe4
 RMD160 (xen-3.3.2.tar.gz) = 28faa56286f2a418e35dcba6079570ea871d6c7b
 Size (xen-3.3.2.tar.gz) = 11357576 bytes
 SHA1 (patch-aa) = 0d11c758ad0a0ca657bf2e0f89ca23ff67b76bb7
+SHA1 (patch-ab) = bba70c6a0f884a4bbfd2ce56e41ce0d649300edc
diff --git a/sysutils/xenkernel33/patches/patch-ab b/sysutils/xenkernel33/patches/patch-ab
new file mode 100644
index 00000000000..f907b01ff1b
--- /dev/null
+++ b/sysutils/xenkernel33/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1.2.2 2010/12/10 10:48:46 tron Exp $
+
+Fix for CVE-2010-4255, from the xen-devel list
+
+--- xen/arch/x86/traps.c.orig	2010-12-07 13:28:23.000000000 +0100
++++ xen/arch/x86/traps.c	2010-12-07 13:28:43.000000000 +0100
+@@ -1157,7 +1157,7 @@
+                 trace_trap_two_addr(TRC_PV_PAGING_FIXUP, regs->eip, addr);
+             return ret;
+         }
+-        if ( !(regs->error_code & PFEC_reserved_bit) &&
++        if ( !(regs->error_code & (PFEC_user_mode | PFEC_reserved_bit)) &&
+              (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) )
+             return handle_gdt_ldt_mapping_fault(
+                 addr - GDT_LDT_VIRT_START, regs);
author	tron <tron>	2010-12-10 10:48:45 +0000
committer	tron <tron>	2010-12-10 10:48:45 +0000
commit	f864961daed8e427c4910252701463edb1b52c4a (patch)
tree	e79777c2bfc47586ccd255cc96774175fe97b7e1
parent	39495ef05af59faaa99094271c8129899c600ada (diff)
download	pkgsrc-f864961daed8e427c4910252701463edb1b52c4a.tar.gz