summaryrefslogtreecommitdiff
path: root/sysutils/xenkernel41
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2015-03-10 20:27:16 +0000
committerspz <spz@pkgsrc.org>2015-03-10 20:27:16 +0000
commitb5d4e601ec8863704537614e51445883e7d307c6 (patch)
tree1003a3808cd6c682050c3e3c0914459296441e55 /sysutils/xenkernel41
parent986e533660516cf2ab5a6710ceba57d737356910 (diff)
downloadpkgsrc-b5d4e601ec8863704537614e51445883e7d307c6.tar.gz
xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123.
Diffstat (limited to 'sysutils/xenkernel41')
-rw-r--r--sysutils/xenkernel41/Makefile4
-rw-r--r--sysutils/xenkernel41/distinfo3
-rw-r--r--sysutils/xenkernel41/patches/patch-CVE-2015-215122
3 files changed, 26 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile
index 13b4b2fcaf2..6fdbef578bb 100644
--- a/sysutils/xenkernel41/Makefile
+++ b/sysutils/xenkernel41/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.43 2015/03/05 16:37:16 spz Exp $
+# $NetBSD: Makefile,v 1.44 2015/03/10 20:27:16 spz Exp $
VERSION= 4.1.6.1
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel41-${VERSION}
-PKGREVISION= 14
+PKGREVISION= 15
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo
index 67208d9c4ae..84ecb8b595c 100644
--- a/sysutils/xenkernel41/distinfo
+++ b/sysutils/xenkernel41/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2015/03/05 16:37:16 spz Exp $
+$NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $
SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
@@ -27,6 +27,7 @@ SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76
SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4
SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60
SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7
+SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-2151 b/sysutils/xenkernel41/patches/patch-CVE-2015-2151
new file mode 100644
index 00000000000..9334467e331
--- /dev/null
+++ b/sysutils/xenkernel41/patches/patch-CVE-2015-2151
@@ -0,0 +1,22 @@
+$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:27:16 spz Exp $
+
+xsa123-4.3-4.2.patch from upstream:
+x86emul: fully ignore segment override for register-only operations
+
+For ModRM encoded instructions with register operands we must not
+overwrite ea.mem.seg (if a - bogus in that case - segment override was
+present) as it aliases with ea.reg.
+
+This is CVE-2015-2151 / XSA-123.
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-03-10 20:10:23.000000000 +0000
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1462,7 +1462,7 @@ x86_emulate(
+ }
+ }
+
+- if ( override_seg != -1 )
++ if ( override_seg != -1 && ea.type == OP_MEM )
+ ea.mem.seg = override_seg;
+
+ /* Decode and fetch the source operand: register, memory or immediate. */