summaryrefslogtreecommitdiff
path: root/sysutils
diff options
context:
space:
mode:
authorspz <spz>2015-03-10 19:50:15 +0000
committerspz <spz>2015-03-10 19:50:15 +0000
commit4b554ab0775c3da7b2802b14b3014857e4863926 (patch)
treed1b9329d8a8d7a8d0d0d994d0581ec8881d681e1 /sysutils
parent70d2cd9c2a873317933def4b4e54e4b6d5555270 (diff)
downloadpkgsrc-4b554ab0775c3da7b2802b14b3014857e4863926.tar.gz
xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123.
Diffstat (limited to 'sysutils')
-rw-r--r--sysutils/xenkernel42/Makefile4
-rw-r--r--sysutils/xenkernel42/distinfo3
-rw-r--r--sysutils/xenkernel42/patches/patch-CVE-2015-215123
3 files changed, 27 insertions, 3 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile
index f830293d082..e3bfeb2e872 100644
--- a/sysutils/xenkernel42/Makefile
+++ b/sysutils/xenkernel42/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.12 2015/03/05 13:44:57 spz Exp $
+# $NetBSD: Makefile,v 1.13 2015/03/10 19:50:15 spz Exp $
VERSION= 4.2.5
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel42-${VERSION}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo
index 828e041a7a9..93c857caa3f 100644
--- a/sysutils/xenkernel42/distinfo
+++ b/sysutils/xenkernel42/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2015/03/05 13:44:57 spz Exp $
+$NetBSD: distinfo,v 1.11 2015/03/10 19:50:15 spz Exp $
SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
@@ -10,6 +10,7 @@ SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76
SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6
SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e
SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98
+SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff --git a/sysutils/xenkernel42/patches/patch-CVE-2015-2151 b/sysutils/xenkernel42/patches/patch-CVE-2015-2151
new file mode 100644
index 00000000000..dd172064e3e
--- /dev/null
+++ b/sysutils/xenkernel42/patches/patch-CVE-2015-2151
@@ -0,0 +1,23 @@
+$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 19:50:16 spz Exp $
+
+xsa123-4.3-4.2.patch from upstream:
+
+x86emul: fully ignore segment override for register-only operations
+
+For ModRM encoded instructions with register operands we must not
+overwrite ea.mem.seg (if a - bogus in that case - segment override was
+present) as it aliases with ea.reg.
+
+This is CVE-2015-2151 / XSA-123.
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-03-10 19:18:09.000000000 +0000
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1640,7 +1640,7 @@ x86_emulate(
+ }
+ }
+
+- if ( override_seg != -1 )
++ if ( override_seg != -1 && ea.type == OP_MEM )
+ ea.mem.seg = override_seg;
+
+ /* Decode and fetch the source operand: register, memory or immediate. */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 00:31:15 +0000