diff options
author | tron <tron@pkgsrc.org> | 2015-04-29 21:16:43 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2015-04-29 21:16:43 +0000 |
commit | 76071be47f2a3e319ef16315995eeef64a72e612 (patch) | |
tree | 444d77b9f41ea2787961b4d595b4f68339acb9cd | |
parent | 2a5521aecb86230de8d1e70f4721027d95dec8bb (diff) | |
download | pkgsrc-76071be47f2a3e319ef16315995eeef64a72e612.tar.gz |
Pullup ticket #4699 - requested by spz
sysutils/xenkernel45: security patch
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.7
- sysutils/xenkernel45/distinfo 1.6
- sysutils/xenkernel45/patches/patch-CVE-2015-2751 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 19 15:02:12 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2751
Log Message:
adding upstream's patch for
XSA-127 Certain domctl operations may be abused to lock up the host
-rw-r--r-- | sysutils/xenkernel45/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel45/distinfo | 3 | ||||
-rw-r--r-- | sysutils/xenkernel45/patches/patch-CVE-2015-2751 | 42 |
3 files changed, 46 insertions, 3 deletions
diff --git a/sysutils/xenkernel45/Makefile b/sysutils/xenkernel45/Makefile index 634a2352a1e..134ac29dd51 100644 --- a/sysutils/xenkernel45/Makefile +++ b/sysutils/xenkernel45/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.5.2.1 2015/04/29 21:11:12 tron Exp $ +# $NetBSD: Makefile,v 1.5.2.2 2015/04/29 21:16:43 tron Exp $ VERSION= 4.5.0 DISTNAME= xen-${VERSION} PKGNAME= xenkernel45-${VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel45/distinfo b/sysutils/xenkernel45/distinfo index 342bdd9f3c1..0b62a92619e 100644 --- a/sysutils/xenkernel45/distinfo +++ b/sysutils/xenkernel45/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4.2.1 2015/04/29 21:11:12 tron Exp $ +$NetBSD: distinfo,v 1.4.2.2 2015/04/29 21:16:43 tron Exp $ SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637 RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45 @@ -6,6 +6,7 @@ Size (xen-4.5.0.tar.gz) = 18404933 bytes SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52 SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a +SHA1 (patch-CVE-2015-2751) = b0ab727ae01291a0e4ea2efe3931b6cd00df1a39 SHA1 (patch-CVE-2015-2752) = 390edab296a91c83197205dce7030cbdd60e0d78 SHA1 (patch-CVE-2015-2756) = e76490b858e213d09d326b413004d29a7e177b20 SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf diff --git a/sysutils/xenkernel45/patches/patch-CVE-2015-2751 b/sysutils/xenkernel45/patches/patch-CVE-2015-2751 new file mode 100644 index 00000000000..5bcebc6f856 --- /dev/null +++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2751 @@ -0,0 +1,42 @@ +$NetBSD: patch-CVE-2015-2751,v 1.1.2.2 2015/04/29 21:16:43 tron Exp $ + +--- xen/arch/x86/domctl.c.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen/arch/x86/domctl.c +@@ -888,6 +888,10 @@ long arch_do_domctl( + { + xen_guest_tsc_info_t info; + ++ ret = -EINVAL; ++ if ( d == current->domain ) /* no domain_pause() */ ++ break; ++ + domain_pause(d); + tsc_get_info(d, &info.tsc_mode, + &info.elapsed_nsec, +@@ -903,6 +907,10 @@ long arch_do_domctl( + + case XEN_DOMCTL_settscinfo: + { ++ ret = -EINVAL; ++ if ( d == current->domain ) /* no domain_pause() */ ++ break; ++ + domain_pause(d); + tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode, + domctl->u.tsc_info.info.elapsed_nsec, + +--- xen/common/domctl.c.orig 2015-04-19 14:40:24.000000000 +0000 ++++ xen/common/domctl.c +@@ -522,8 +522,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe + + case XEN_DOMCTL_resumedomain: + { +- domain_resume(d); +- ret = 0; ++ if ( d == current->domain ) /* no domain_pause() */ ++ ret = -EINVAL; ++ else ++ domain_resume(d); + } + break; + |