diff options
| author | spz <spz@pkgsrc.org> | 2015-04-19 15:02:12 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2015-04-19 15:02:12 +0000 |
| commit | 3f12f1a3ee86c22c0ce5389f1d80df29765393a5 (patch) | |
| tree | 705ecb569cdb3d0f434809e9a77f70c9bc9eb061 /sysutils/xenkernel45 | |
| parent | 1fe7b1dfe15a82fa455c393f8a13abbbbd909969 (diff) | |
| download | pkgsrc-3f12f1a3ee86c22c0ce5389f1d80df29765393a5.tar.gz | |
adding upstream's patch for
XSA-127 Certain domctl operations may be abused to lock up the host
Diffstat (limited to 'sysutils/xenkernel45')
| -rw-r--r-- | sysutils/xenkernel45/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel45/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/xenkernel45/patches/patch-CVE-2015-2751 | 42 |
3 files changed, 46 insertions, 3 deletions
diff --git a/sysutils/xenkernel45/Makefile b/sysutils/xenkernel45/Makefile index 9897e9bf573..744d2422ca0 100644 --- a/sysutils/xenkernel45/Makefile +++ b/sysutils/xenkernel45/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.6 2015/04/19 13:13:21 spz Exp $ +# $NetBSD: Makefile,v 1.7 2015/04/19 15:02:12 spz Exp $ VERSION= 4.5.0 DISTNAME= xen-${VERSION} PKGNAME= xenkernel45-${VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel45/distinfo b/sysutils/xenkernel45/distinfo index a85ba1c287a..d8419dfe4c6 100644 --- a/sysutils/xenkernel45/distinfo +++ b/sysutils/xenkernel45/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2015/04/19 13:13:21 spz Exp $ +$NetBSD: distinfo,v 1.6 2015/04/19 15:02:12 spz Exp $ SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637 RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45 @@ -6,6 +6,7 @@ Size (xen-4.5.0.tar.gz) = 18404933 bytes SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52 SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a +SHA1 (patch-CVE-2015-2751) = b0ab727ae01291a0e4ea2efe3931b6cd00df1a39 SHA1 (patch-CVE-2015-2752) = 390edab296a91c83197205dce7030cbdd60e0d78 SHA1 (patch-CVE-2015-2756) = e76490b858e213d09d326b413004d29a7e177b20 SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf diff --git a/sysutils/xenkernel45/patches/patch-CVE-2015-2751 b/sysutils/xenkernel45/patches/patch-CVE-2015-2751 new file mode 100644 index 00000000000..1797df6745e --- /dev/null +++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2751 @@ -0,0 +1,42 @@ +$NetBSD: patch-CVE-2015-2751,v 1.1 2015/04/19 15:02:12 spz Exp $ + +--- xen/arch/x86/domctl.c.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen/arch/x86/domctl.c +@@ -888,6 +888,10 @@ long arch_do_domctl( + { + xen_guest_tsc_info_t info; + ++ ret = -EINVAL; ++ if ( d == current->domain ) /* no domain_pause() */ ++ break; ++ + domain_pause(d); + tsc_get_info(d, &info.tsc_mode, + &info.elapsed_nsec, +@@ -903,6 +907,10 @@ long arch_do_domctl( + + case XEN_DOMCTL_settscinfo: + { ++ ret = -EINVAL; ++ if ( d == current->domain ) /* no domain_pause() */ ++ break; ++ + domain_pause(d); + tsc_set_info(d, domctl->u.tsc_info.info.tsc_mode, + domctl->u.tsc_info.info.elapsed_nsec, + +--- xen/common/domctl.c.orig 2015-04-19 14:40:24.000000000 +0000 ++++ xen/common/domctl.c +@@ -522,8 +522,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe + + case XEN_DOMCTL_resumedomain: + { +- domain_resume(d); +- ret = 0; ++ if ( d == current->domain ) /* no domain_pause() */ ++ ret = -EINVAL; ++ else ++ domain_resume(d); + } + break; + |