diff options
author | bouyer <bouyer@pkgsrc.org> | 2016-01-07 17:55:55 +0000 |
---|---|---|
committer | bouyer <bouyer@pkgsrc.org> | 2016-01-07 17:55:55 +0000 |
commit | e43e1e7db420ae8cc672c1525e9002477b502738 (patch) | |
tree | 544c89aa4607ed75acd5815e59b169c1d42b9c2b /sysutils/xenkernel41 | |
parent | 29e4ed0480a659884433886f0a678bd99b38c5c5 (diff) | |
download | pkgsrc-e43e1e7db420ae8cc672c1525e9002477b502738.tar.gz |
Apply patches from Xen repository, fixing:
CVE-2015-8339 and CVE-2015-8340 aka XSA-159
XSA-166
CVE-2015-8550 aka XSA-155
CVE-2015-8554 aka XSA-164
Bump pkgrevision
Diffstat (limited to 'sysutils/xenkernel41')
-rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel41/distinfo | 4 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2015-8339 | 20 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-XSA-166 | 42 |
4 files changed, 67 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index c18a90f5946..93e019c1df4 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.47 2015/12/05 21:26:00 adam Exp $ +# $NetBSD: Makefile,v 1.48 2016/01/07 17:55:55 bouyer Exp $ VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 17 +PKGREVISION= 18 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index 94c89ffe782..e559b3a0fc2 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.40 2015/12/29 04:04:31 dholland Exp $ +$NetBSD: distinfo,v 1.41 2016/01/07 17:55:55 bouyer Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 @@ -34,7 +34,9 @@ SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e +SHA1 (patch-CVE-2015-8339) = e5485ab9e73fa9a63c566505b8de805530ac678e SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 +SHA1 (patch-XSA-166) = 24fccf8e30ccf910a128e5e0365800191a90524c SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-8339 b/sysutils/xenkernel41/patches/patch-CVE-2015-8339 new file mode 100644 index 00000000000..d6b2dc9e78c --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2015-8339 @@ -0,0 +1,20 @@ +$NetBSD: patch-CVE-2015-8339,v 1.1 2016/01/07 17:55:55 bouyer Exp $ + +Patch for CVE-2015-8339 and CVE-2015-8340 aka XSA-159, based on +http://xenbits.xenproject.org/xsa/xsa159.patch + +--- xen/common/memory.c.orig 2013-09-10 08:42:18.000000000 +0200 ++++ xen/common/memory.c 2016-01-07 14:39:42.000000000 +0100 +@@ -487,7 +487,11 @@ + /* Reassign any input pages we managed to steal. */ + while ( (page = page_list_remove_head(&in_chunk_list)) ) + if ( assign_pages(d, page, 0, MEMF_no_refcount) ) +- BUG(); ++ { ++ BUG_ON(!d->is_dying); ++ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) ++ put_page(page); ++ } + dying: + rcu_unlock_domain(d); + /* Free any output pages we managed to allocate. */ diff --git a/sysutils/xenkernel41/patches/patch-XSA-166 b/sysutils/xenkernel41/patches/patch-XSA-166 new file mode 100644 index 00000000000..2e3e322007a --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-XSA-166 @@ -0,0 +1,42 @@ +$NetBSD: patch-XSA-166,v 1.1 2016/01/07 17:55:55 bouyer Exp $ + +Patch for XSA-166, based on +http://xenbits.xenproject.org/xsa/xsa166-4.3.patch + +--- xen/arch/x86/hvm/hvm.c.orig ++++ xen/arch/x86/hvm/hvm.c +@@ -342,6 +342,7 @@ void hvm_migrate_pirqs(struct vcpu *v) + void hvm_do_resume(struct vcpu *v) + { + ioreq_t *p; ++ unsigned int state; + + pt_restore_timer(v); + +@@ -349,9 +350,10 @@ void hvm_do_resume(struct vcpu *v) + + /* NB. Optimised for common case (p->state == STATE_IOREQ_NONE). */ + p = get_ioreq(v); +- while ( p->state != STATE_IOREQ_NONE ) ++ while ( (state = p->state) != STATE_IOREQ_NONE ) + { +- switch ( p->state ) ++ rmb(); ++ switch ( state ) + { + case STATE_IORESP_READY: /* IORESP_READY -> NONE */ + hvm_io_assist(); +@@ -359,11 +361,10 @@ void hvm_do_resume(struct vcpu *v) + case STATE_IOREQ_READY: /* IOREQ_{READY,INPROCESS} -> IORESP_READY */ + case STATE_IOREQ_INPROCESS: + wait_on_xen_event_channel(v->arch.hvm_vcpu.xen_port, +- (p->state != STATE_IOREQ_READY) && +- (p->state != STATE_IOREQ_INPROCESS)); ++ p->state != state); + break; + default: +- gdprintk(XENLOG_ERR, "Weird HVM iorequest state %d.\n", p->state); ++ gdprintk(XENLOG_ERR, "Weird HVM iorequest state %u\n", state); + domain_crash(v->domain); + return; /* bail */ + } |