diff options
| author | drochner <drochner> | 2014-03-28 16:07:08 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2014-03-28 16:07:08 +0000 |
| commit | 83f3a097b96300acb812afbf2c55e7364c48e65c (patch) | |
| tree | 1d3513b2c9b42b23ed0e16a5e2e54e9ba6d3adac /sysutils | |
| parent | f7152da40dc584290377034da1df45964c7c04c1 (diff) | |
| download | pkgsrc-83f3a097b96300acb812afbf2c55e7364c48e65c.tar.gz | |
add patch from upstream (XSA-89) to fix:
Processing of the HVMOP_set_mem_access HVM control operations does not
check the size of its input and can tie up a physical CPU for extended
periods of time.
bump PKGREV
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/distinfo | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 | 42 |
3 files changed, 40 insertions, 10 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index 07c299c7aaa..58d87f89555 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.34 2014/03/06 15:45:45 joerg Exp $ +# $NetBSD: Makefile,v 1.35 2014/03/28 16:07:08 drochner Exp $ VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index 06c49cd85d4..ff60ec1fb61 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.26 2014/02/20 17:37:25 drochner Exp $ +$NetBSD: distinfo,v 1.27 2014/03/28 16:07:08 drochner Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 Size (xen-4.1.6.1.tar.gz) = 10428485 bytes SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 -SHA1 (patch-CVE-2013-4355_1) = a28e4fc0cbe5409a759e689ff1af82792f560a39 +SHA1 (patch-CVE-2013-4355_1) = 91fb26907b2ac7d2435a6efce000569b71523247 SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 index 0de188f8dff..581eca4a1d5 100644 --- a/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 +++ b/sysutils/xenkernel41/patches/patch-CVE-2013-4355_1 @@ -1,13 +1,16 @@ -$NetBSD +$NetBSD: patch-CVE-2013-4355_1,v 1.3 2014/03/28 16:07:08 drochner Exp $ http://lists.xenproject.org/archives/html/xen-devel/2013-09/msg03160.html also fixes http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html (CVE-2013-4554) +also fixes +http://lists.xenproject.org/archives/html/xen-devel/2014-03/msg03177.html +(CVE-2014-2599) ---- xen/arch/x86/hvm/hvm.c.orig 2013-09-10 06:42:18.000000000 +0000 -+++ xen/arch/x86/hvm/hvm.c 2013-11-29 15:12:29.000000000 +0000 -@@ -1961,11 +1961,7 @@ void hvm_task_switch( +--- xen/arch/x86/hvm/hvm.c.orig 2014-03-28 15:27:28.000000000 +0000 ++++ xen/arch/x86/hvm/hvm.c 2014-03-28 15:27:36.000000000 +0000 +@@ -1961,11 +1961,7 @@ rc = hvm_copy_from_guest_virt( &tss, prev_tr.base, sizeof(tss), PFEC_page_present); @@ -20,7 +23,7 @@ http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html goto out; eflags = regs->eflags; -@@ -2010,13 +2006,11 @@ void hvm_task_switch( +@@ -2010,13 +2006,11 @@ rc = hvm_copy_from_guest_virt( &tss, tr.base, sizeof(tss), PFEC_page_present); @@ -39,7 +42,7 @@ http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html goto out; -@@ -2834,7 +2828,7 @@ int hvm_do_hypercall(struct cpu_user_reg +@@ -2834,7 +2828,7 @@ case 4: case 2: hvm_get_segment_register(curr, x86_seg_ss, &sreg); @@ -48,3 +51,30 @@ http://lists.xenproject.org/archives/html/xen-devel/2013-11/msg03827.html { default: regs->eax = -EPERM; +@@ -3746,7 +3740,7 @@ + ((a.first_pfn + a.nr - 1) > domain_get_maximum_gpfn(d)) ) + goto param_fail5; + +- for ( pfn = a.first_pfn; pfn < a.first_pfn + a.nr; pfn++ ) ++ for ( pfn = a.first_pfn; a.nr; ++pfn ) + { + p2m_type_t t; + mfn_t mfn; +@@ -3759,6 +3753,17 @@ + p2m_unlock(p2m); + if ( !success ) + goto param_fail5; ++ ++ /* Check for continuation if it's not the last interation. */ ++ if ( --a.nr && hypercall_preempt_check() ) ++ { ++ a.first_pfn = pfn + 1; ++ if ( copy_to_guest(arg, &a, 1) ) ++ rc = -EFAULT; ++ else ++ rc = -EAGAIN; ++ goto param_fail5; ++ } + } + + rc = 0; |