Pullup ticket #4506 - requested by bouyer

sysutils/xenkernel42: security patch Revisions pulled up: - sysutils/xenkernel42/Makefile 1.8 - sysutils/xenkernel42/distinfo 1.6 - sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1 - sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1 - sysutils/xentools42/Makefile 1.23 - sysutils/xentools42/distinfo 1.12 --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:39:32 UTC 2014 Modified Files: pkgsrc/sysutils/xenkernel42: Makefile distinfo pkgsrc/sysutils/xentools42: distinfo Added Files: pkgsrc/sysutils/xenkernel42/patches: patch-xen_arch_x86_mm_shadow_common.c patch-xen_arch_x86_x86_emulate_x86_emulate.c Log Message: Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:40:45 UTC 2014 Modified Files: pkgsrc/sysutils/xentools42: Makefile Log Message: Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts
author: tron <tron> 2014-09-28 13:28:58 +0000
committer: tron <tron> 2014-09-28 13:28:58 +0000
commit: 4a32f2b97b6d8d4d0b201611222085da024cb05a (patch)
tree: 49cb2a0d0ccfbebd5945c5f58c7cc37d9d0554e5
parent: 512a20c5c1b98f36fbe5193d7b25b820cfcfedc8 (diff)
download: pkgsrc-4a32f2b97b6d8d4d0b201611222085da024cb05a.tar.gz
6 files changed, 78 insertions, 13 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile
index 214614f3f55..b1e2b2b8e50 100644
--- a/sysutils/xenkernel42/Makefile
+++ b/sysutils/xenkernel42/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.7.2.1 2014/09/28 13:28:58 tron Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel42-${VERSION}
 CATEGORIES=	sysutils
diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo
index 2fa941b41bd..5a892a6391c 100644
--- a/sysutils/xenkernel42/distinfo
+++ b/sysutils/xenkernel42/distinfo
@@ -1,9 +1,11 @@
-$NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $
+$NetBSD: distinfo,v 1.5.4.1 2014/09/28 13:28:58 tron Exp $
 
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
+SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
+SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
 SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044
diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
new file mode 100644
index 00000000000..ebdca638d6d
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1.2.2 2014/09/28 13:28:58 tron Exp $
+
+patch for XSA-104/CVE-2014-7154, from Xen Security Advisory
+
+--- xen/arch/x86/mm/shadow/common.c.orig	2014-09-02 08:22:57.000000000 +0200
++++ xen/arch/x86/mm/shadow/common.c	2014-09-26 11:18:02.000000000 +0200
+@@ -3601,7 +3601,7 @@
+     int flush_tlb = 0;
+     unsigned long i;
+     p2m_type_t t;
+-    struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
++    struct sh_dirty_vram *dirty_vram;
+     struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ 
+     if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
+@@ -3611,6 +3611,8 @@
+     p2m_lock(p2m_get_hostp2m(d));
+     paging_lock(d);
+ 
++    dirty_vram = d->arch.hvm_domain.dirty_vram;
++
+     if ( dirty_vram && (!nr ||
+              ( begin_pfn != dirty_vram->begin_pfn
+             || end_pfn   != dirty_vram->end_pfn )) )
diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
new file mode 100644
index 00000000000..bde51b3be8e
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
@@ -0,0 +1,39 @@
+$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1.2.2 2014/09/28 13:28:58 tron Exp $
+
+patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156,
+from Xen Security Advisory
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig	2014-09-26 11:53:50.000000000 +0200
++++ xen/arch/x86/x86_emulate/x86_emulate.c	2014-09-26 11:53:43.000000000 +0200
+@@ -2616,6 +2616,7 @@
+     case 0xcd: /* int imm8 */
+         src.val = insn_fetch_type(uint8_t);
+     swint:
++        fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
+         fail_if(ops->inject_sw_interrupt == NULL);
+         rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
+                                       ctxt) ? : X86EMUL_EXCEPTION;
+@@ -3296,6 +3297,7 @@
+         goto swint;
+ 
+     case 0xf4: /* hlt */
++        generate_exception_if(!mode_ring0(), EXC_GP, 0);
+         ctxt->retire.flags.hlt = 1;
+         break;
+ 
+@@ -3721,6 +3723,7 @@
+             break;
+         case 2: /* lgdt */
+         case 3: /* lidt */
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+             fail_if(ops->write_segment == NULL);
+             memset(&reg, 0, sizeof(reg));
+@@ -3749,6 +3752,7 @@
+         case 6: /* lmsw */
+             fail_if(ops->read_cr == NULL);
+             fail_if(ops->write_cr == NULL);
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
+                 goto done;
+             if ( ea.type == OP_REG )
diff --git a/sysutils/xentools42/Makefile b/sysutils/xentools42/Makefile
index b4413f8b446..f624689c472 100644
--- a/sysutils/xentools42/Makefile
+++ b/sysutils/xentools42/Makefile
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $
+# $NetBSD: Makefile,v 1.22.2.1 2014/09/28 13:28:58 tron Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 VERSION_IPXE=	1.0.0
 
 DISTNAME=		xen-${VERSION}
 PKGNAME=		xentools42-${VERSION}
-PKGREVISION=		2
+#PKGREVISION=		2
 CATEGORIES=		sysutils
 MASTER_SITES=		http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff --git a/sysutils/xentools42/distinfo b/sysutils/xentools42/distinfo
index 2d3d7dcc444..80378d5be77 100644
--- a/sysutils/xentools42/distinfo
+++ b/sysutils/xentools42/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.10 2014/02/22 01:28:23 prlw1 Exp $
+$NetBSD: distinfo,v 1.10.4.1 2014/09/28 13:28:58 tron Exp $
 
 SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
 RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
 Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb
 SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
 SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b
author	tron <tron>	2014-09-28 13:28:58 +0000
committer	tron <tron>	2014-09-28 13:28:58 +0000
commit	4a32f2b97b6d8d4d0b201611222085da024cb05a (patch)
tree	49cb2a0d0ccfbebd5945c5f58c7cc37d9d0554e5
parent	512a20c5c1b98f36fbe5193d7b25b820cfcfedc8 (diff)
download	pkgsrc-4a32f2b97b6d8d4d0b201611222085da024cb05a.tar.gz