diff options
-rw-r--r-- | sysutils/xenkernel33/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel33/distinfo | 3 | ||||
-rw-r--r-- | sysutils/xenkernel33/patches/patch-ab | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/sysutils/xenkernel33/Makefile b/sysutils/xenkernel33/Makefile index 67ed6c4d81f..2ba2c879c3b 100644 --- a/sysutils/xenkernel33/Makefile +++ b/sysutils/xenkernel33/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.11 2009/08/07 12:43:46 cegger Exp $ +# $NetBSD: Makefile,v 1.12 2010/12/07 18:44:25 bouyer Exp $ # VERSION= 3.3.2 DISTNAME= xen-${VERSION} PKGNAME= xenkernel33-${VERSION} -#PKGREVISION= 1 +PKGREVISION= 1 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ EXTRACT_SUFX= .tar.gz diff --git a/sysutils/xenkernel33/distinfo b/sysutils/xenkernel33/distinfo index 4d0b395d52e..fea08b3ad51 100644 --- a/sysutils/xenkernel33/distinfo +++ b/sysutils/xenkernel33/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.9 2009/08/07 12:43:46 cegger Exp $ +$NetBSD: distinfo,v 1.10 2010/12/07 18:44:25 bouyer Exp $ SHA1 (xen-3.3.2.tar.gz) = 7f438e73ac81b25cf5e1570709e87001066bafe4 RMD160 (xen-3.3.2.tar.gz) = 28faa56286f2a418e35dcba6079570ea871d6c7b Size (xen-3.3.2.tar.gz) = 11357576 bytes SHA1 (patch-aa) = 0d11c758ad0a0ca657bf2e0f89ca23ff67b76bb7 +SHA1 (patch-ab) = bba70c6a0f884a4bbfd2ce56e41ce0d649300edc diff --git a/sysutils/xenkernel33/patches/patch-ab b/sysutils/xenkernel33/patches/patch-ab new file mode 100644 index 00000000000..292bffded89 --- /dev/null +++ b/sysutils/xenkernel33/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.1 2010/12/07 18:44:25 bouyer Exp $ + +Fix for CVE-2010-4255, from the xen-devel list + +--- xen/arch/x86/traps.c.orig 2010-12-07 13:28:23.000000000 +0100 ++++ xen/arch/x86/traps.c 2010-12-07 13:28:43.000000000 +0100 +@@ -1157,7 +1157,7 @@ + trace_trap_two_addr(TRC_PV_PAGING_FIXUP, regs->eip, addr); + return ret; + } +- if ( !(regs->error_code & PFEC_reserved_bit) && ++ if ( !(regs->error_code & (PFEC_user_mode | PFEC_reserved_bit)) && + (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) ) + return handle_gdt_ldt_mapping_fault( + addr - GDT_LDT_VIRT_START, regs); |