diff options
author | bouyer <bouyer@pkgsrc.org> | 2015-10-29 20:29:56 +0000 |
---|---|---|
committer | bouyer <bouyer@pkgsrc.org> | 2015-10-29 20:29:56 +0000 |
commit | f71052f3a1214de07a8ee49e07422ceb2c22c0f3 (patch) | |
tree | 7672c7df99ddc23af5a642680409a781a0f6219c /sysutils | |
parent | 8d5f9574b06089fbe9c01de842c44d5120c8c813 (diff) | |
download | pkgsrc-f71052f3a1214de07a8ee49e07422ceb2c22c0f3.tar.gz |
Add patches, derived from Xen security advisory, fixing:
CVE-2015-7835 aka XSA-148
CVE-2015-7869 aka XSA-149 + XSA-151
CVE-2015-7971 aka XSA-152
Bump PKGREVISION
Diffstat (limited to 'sysutils')
-rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel41/distinfo | 5 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2015-7835 | 45 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2015-7969 | 35 | ||||
-rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2015-7971 | 35 |
5 files changed, 121 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index 540398090cf..94313d788d1 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.45 2015/04/19 13:13:20 spz Exp $ +# $NetBSD: Makefile,v 1.46 2015/10/29 20:29:56 bouyer Exp $ VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 16 +PKGREVISION= 17 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index a39bcd86d69..eb23cf2b1a2 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.37 2015/09/14 13:36:29 joerg Exp $ +$NetBSD: distinfo,v 1.38 2015/10/29 20:29:56 bouyer Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 @@ -30,6 +30,9 @@ SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087 SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 +SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e +SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b +SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-7835 b/sysutils/xenkernel41/patches/patch-CVE-2015-7835 new file mode 100644 index 00000000000..9b38ab4435e --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2015-7835 @@ -0,0 +1,45 @@ +$NetBSD: patch-CVE-2015-7835,v 1.1 2015/10/29 20:29:56 bouyer Exp $ + +Patch for CVE-2015-7835 aka XSA-148 based on +http://xenbits.xenproject.org/xsa/xsa148-4.4.patch + +--- xen/include/asm-x86/x86_32/page.h.orig 2015-10-29 20:35:24.000000000 +0100 ++++ xen/include/asm-x86/x86_32/page.h 2015-10-29 20:38:02.000000000 +0100 +@@ -130,7 +130,9 @@ + #define BASE_DISALLOW_MASK (0xFFFFF198U & ~_PAGE_NX) + + #define L1_DISALLOW_MASK (BASE_DISALLOW_MASK | _PAGE_GNTTAB) +-#define L2_DISALLOW_MASK (BASE_DISALLOW_MASK & ~_PAGE_PSE) ++#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \ ++ ? BASE_DISALLOW_MASK & ~_PAGE_PSE \ ++ : BASE_DISALLOW_MASK ) + #define L3_DISALLOW_MASK 0xFFFFF1FEU /* must-be-zero */ + + #endif /* __X86_32_PAGE_H__ */ +--- xen/include/asm-x86/x86_64/page.h.orig 2015-10-29 20:35:36.000000000 +0100 ++++ xen/include/asm-x86/x86_64/page.h 2015-10-29 20:37:33.000000000 +0100 +@@ -167,7 +167,9 @@ + #define BASE_DISALLOW_MASK (0xFF800198U & ~_PAGE_NX) + + #define L1_DISALLOW_MASK (BASE_DISALLOW_MASK | _PAGE_GNTTAB) +-#define L2_DISALLOW_MASK (BASE_DISALLOW_MASK & ~_PAGE_PSE) ++#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \ ++ ? BASE_DISALLOW_MASK & ~_PAGE_PSE \ ++ : BASE_DISALLOW_MASK ) + #define L3_DISALLOW_MASK (BASE_DISALLOW_MASK) + #define L4_DISALLOW_MASK (BASE_DISALLOW_MASK) + +--- xen/arch/x86/mm.c.orig 2015-10-29 20:30:55.000000000 +0100 ++++ xen/arch/x86/mm.c 2015-10-29 20:32:56.000000000 +0100 +@@ -1898,7 +1898,10 @@ + } + + /* Fast path for identical mapping and presence. */ +- if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) ) ++ if ( !l2e_has_changed(ol2e, nl2e, ++ unlikely(opt_allow_superpage) ++ ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT ++ : _PAGE_PRESENT) ) + { + adjust_guest_l2e(nl2e, d); + rc = UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad); diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-7969 b/sysutils/xenkernel41/patches/patch-CVE-2015-7969 new file mode 100644 index 00000000000..200c1dd57c3 --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2015-7969 @@ -0,0 +1,35 @@ +$NetBSD: patch-CVE-2015-7969,v 1.1 2015/10/29 20:29:56 bouyer Exp $ + +Patch for CVE-2015-7869 aka XSA-149 + XSA-151 based on +http://xenbits.xenproject.org/xsa/xsa149.patch +http://xenbits.xenproject.org/xsa/xsa151.patch + +--- xen/common/domain.c.orig 2013-09-10 08:42:18.000000000 +0200 ++++ xen/common/domain.c 2015-10-29 20:44:06.000000000 +0100 +@@ -671,6 +671,7 @@ + xfree(d->pirq_to_evtchn); + + xsm_free_security_domain(d); ++ xfree(d->vcpu); + free_domain_struct(d); + + send_guest_global_virq(dom0, VIRQ_DOM_EXC); + +--- xen/common/xenoprof.c.orig ++++ xen/common/xenoprof.c +@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct( + d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0); + if ( d->xenoprof->rawbuf == NULL ) + { ++ xfree(d->xenoprof->vcpu); + xfree(d->xenoprof); + d->xenoprof = NULL; + return -ENOMEM; +@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain * + free_xenheap_pages(x->rawbuf, order); + } + ++ xfree(x->vcpu); + xfree(x); + d->xenoprof = NULL; + } diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-7971 b/sysutils/xenkernel41/patches/patch-CVE-2015-7971 new file mode 100644 index 00000000000..d104a07fd6c --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2015-7971 @@ -0,0 +1,35 @@ +$NetBSD: patch-CVE-2015-7971,v 1.1 2015/10/29 20:29:56 bouyer Exp $ + +Patch for CVE-2015-7971 aka XSA-152, based on +http://xenbits.xenproject.org/xsa/xsa152.patch + +--- xen/common/xenoprof.c.orig ++++ xen/common/xenoprof.c +@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H + + if ( (op < 0) || (op > XENOPROF_last_op) ) + { +- printk("xenoprof: invalid operation %d for domain %d\n", +- op, current->domain->domain_id); ++ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op); + return -EINVAL; + } + + if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) ) + { +- printk("xenoprof: dom %d denied privileged operation %d\n", +- current->domain->domain_id, op); ++ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op); + return -EPERM; + } + +@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H + spin_unlock(&xenoprof_lock); + + if ( ret < 0 ) +- printk("xenoprof: operation %d failed for dom %d (status : %d)\n", +- op, current->domain->domain_id, ret); ++ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret); + + return ret; + } |