Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:

CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts
author: bouyer <bouyer@pkgsrc.org> 2014-09-26 10:39:31 +0000
committer: bouyer <bouyer@pkgsrc.org> 2014-09-26 10:39:31 +0000
commit: ff25c9a3539d6fe484e7d5dd733fcf7ac648923a (patch)
tree: 48e16094c85c28df7fbce76fd38c715f64660e04 /sysutils
parent: 4f2ae70a214a6cac18b91898ae0f90eda9cb3843 (diff)
download: pkgsrc-ff25c9a3539d6fe484e7d5dd733fcf7ac648923a.tar.gz
6 files changed, 78 insertions, 13 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile
index 214614f3f55..597cbec1561 100644
--- a/sysutils/xenkernel42/Makefile
+++ b/sysutils/xenkernel42/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.8 2014/09/26 10:39:31 bouyer Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel42-${VERSION}
 CATEGORIES=	sysutils
diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo
index 2fa941b41bd..13ee7a1823c 100644
--- a/sysutils/xenkernel42/distinfo
+++ b/sysutils/xenkernel42/distinfo
@@ -1,9 +1,11 @@
-$NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $
+$NetBSD: distinfo,v 1.6 2014/09/26 10:39:31 bouyer Exp $
 
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
+SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
+SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
 SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044
diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
new file mode 100644
index 00000000000..1c59e28157b
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-104/CVE-2014-7154, from Xen Security Advisory
+
+--- xen/arch/x86/mm/shadow/common.c.orig	2014-09-02 08:22:57.000000000 +0200
++++ xen/arch/x86/mm/shadow/common.c	2014-09-26 11:18:02.000000000 +0200
+@@ -3601,7 +3601,7 @@
+     int flush_tlb = 0;
+     unsigned long i;
+     p2m_type_t t;
+-    struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
++    struct sh_dirty_vram *dirty_vram;
+     struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ 
+     if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
+@@ -3611,6 +3611,8 @@
+     p2m_lock(p2m_get_hostp2m(d));
+     paging_lock(d);
+ 
++    dirty_vram = d->arch.hvm_domain.dirty_vram;
++
+     if ( dirty_vram && (!nr ||
+              ( begin_pfn != dirty_vram->begin_pfn
+             || end_pfn   != dirty_vram->end_pfn )) )
diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
new file mode 100644
index 00000000000..ac25c0e8e50
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
@@ -0,0 +1,39 @@
+$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156,
+from Xen Security Advisory
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig	2014-09-26 11:53:50.000000000 +0200
++++ xen/arch/x86/x86_emulate/x86_emulate.c	2014-09-26 11:53:43.000000000 +0200
+@@ -2616,6 +2616,7 @@
+     case 0xcd: /* int imm8 */
+         src.val = insn_fetch_type(uint8_t);
+     swint:
++        fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
+         fail_if(ops->inject_sw_interrupt == NULL);
+         rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
+                                       ctxt) ? : X86EMUL_EXCEPTION;
+@@ -3296,6 +3297,7 @@
+         goto swint;
+ 
+     case 0xf4: /* hlt */
++        generate_exception_if(!mode_ring0(), EXC_GP, 0);
+         ctxt->retire.flags.hlt = 1;
+         break;
+ 
+@@ -3721,6 +3723,7 @@
+             break;
+         case 2: /* lgdt */
+         case 3: /* lidt */
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+             fail_if(ops->write_segment == NULL);
+             memset(&reg, 0, sizeof(reg));
+@@ -3749,6 +3752,7 @@
+         case 6: /* lmsw */
+             fail_if(ops->read_cr == NULL);
+             fail_if(ops->write_cr == NULL);
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
+                 goto done;
+             if ( ea.type == OP_REG )
diff --git a/sysutils/xentools42/Makefile b/sysutils/xentools42/Makefile
index b4413f8b446..c0de4827c3c 100644
--- a/sysutils/xentools42/Makefile
+++ b/sysutils/xentools42/Makefile
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2014/09/26 10:40:45 bouyer Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 VERSION_IPXE=	1.0.0
 
 DISTNAME=		xen-${VERSION}
 PKGNAME=		xentools42-${VERSION}
-PKGREVISION=		2
+#PKGREVISION=		2
 CATEGORIES=		sysutils
 MASTER_SITES=		http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff --git a/sysutils/xentools42/distinfo b/sysutils/xentools42/distinfo
index b183ddb59cc..b7749e72c6b 100644
--- a/sysutils/xentools42/distinfo
+++ b/sysutils/xentools42/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.11 2014/09/17 20:32:36 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2014/09/26 10:39:31 bouyer Exp $
 
 SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
 RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
 Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb
 SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
 SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b
author	bouyer <bouyer@pkgsrc.org>	2014-09-26 10:39:31 +0000
committer	bouyer <bouyer@pkgsrc.org>	2014-09-26 10:39:31 +0000
commit	ff25c9a3539d6fe484e7d5dd733fcf7ac648923a (patch)
tree	48e16094c85c28df7fbce76fd38c715f64660e04 /sysutils
parent	4f2ae70a214a6cac18b91898ae0f90eda9cb3843 (diff)
download	pkgsrc-ff25c9a3539d6fe484e7d5dd733fcf7ac648923a.tar.gz