diff options
-rw-r--r-- | sysutils/xenkernel42/Makefile | 4 | ||||
-rw-r--r-- | sysutils/xenkernel42/distinfo | 10 | ||||
-rw-r--r-- | sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c | 24 | ||||
-rw-r--r-- | sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c | 39 | ||||
-rw-r--r-- | sysutils/xentools42/Makefile | 6 | ||||
-rw-r--r-- | sysutils/xentools42/distinfo | 8 |
6 files changed, 78 insertions, 13 deletions
diff --git a/sysutils/xenkernel42/Makefile b/sysutils/xenkernel42/Makefile index 214614f3f55..b1e2b2b8e50 100644 --- a/sysutils/xenkernel42/Makefile +++ b/sysutils/xenkernel42/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $ +# $NetBSD: Makefile,v 1.7.2.1 2014/09/28 13:28:58 tron Exp $ -VERSION= 4.2.4 +VERSION= 4.2.5 DISTNAME= xen-${VERSION} PKGNAME= xenkernel42-${VERSION} CATEGORIES= sysutils diff --git a/sysutils/xenkernel42/distinfo b/sysutils/xenkernel42/distinfo index 2fa941b41bd..5a892a6391c 100644 --- a/sysutils/xenkernel42/distinfo +++ b/sysutils/xenkernel42/distinfo @@ -1,9 +1,11 @@ -$NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $ +$NetBSD: distinfo,v 1.5.4.1 2014/09/28 13:28:58 tron Exp $ -SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1 -RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f -Size (xen-4.2.4.tar.gz) = 15663999 bytes +SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a +RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 +Size (xen-4.2.5.tar.gz) = 15671925 bytes SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 +SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a +SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c new file mode 100644 index 00000000000..ebdca638d6d --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c @@ -0,0 +1,24 @@ +$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1.2.2 2014/09/28 13:28:58 tron Exp $ + +patch for XSA-104/CVE-2014-7154, from Xen Security Advisory + +--- xen/arch/x86/mm/shadow/common.c.orig 2014-09-02 08:22:57.000000000 +0200 ++++ xen/arch/x86/mm/shadow/common.c 2014-09-26 11:18:02.000000000 +0200 +@@ -3601,7 +3601,7 @@ + int flush_tlb = 0; + unsigned long i; + p2m_type_t t; +- struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram; ++ struct sh_dirty_vram *dirty_vram; + struct p2m_domain *p2m = p2m_get_hostp2m(d); + + if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 ) +@@ -3611,6 +3611,8 @@ + p2m_lock(p2m_get_hostp2m(d)); + paging_lock(d); + ++ dirty_vram = d->arch.hvm_domain.dirty_vram; ++ + if ( dirty_vram && (!nr || + ( begin_pfn != dirty_vram->begin_pfn + || end_pfn != dirty_vram->end_pfn )) ) diff --git a/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c new file mode 100644 index 00000000000..bde51b3be8e --- /dev/null +++ b/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c @@ -0,0 +1,39 @@ +$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1.2.2 2014/09/28 13:28:58 tron Exp $ + +patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156, +from Xen Security Advisory + +--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2014-09-26 11:53:50.000000000 +0200 ++++ xen/arch/x86/x86_emulate/x86_emulate.c 2014-09-26 11:53:43.000000000 +0200 +@@ -2616,6 +2616,7 @@ + case 0xcd: /* int imm8 */ + src.val = insn_fetch_type(uint8_t); + swint: ++ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */ + fail_if(ops->inject_sw_interrupt == NULL); + rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip, + ctxt) ? : X86EMUL_EXCEPTION; +@@ -3296,6 +3297,7 @@ + goto swint; + + case 0xf4: /* hlt */ ++ generate_exception_if(!mode_ring0(), EXC_GP, 0); + ctxt->retire.flags.hlt = 1; + break; + +@@ -3721,6 +3723,7 @@ + break; + case 2: /* lgdt */ + case 3: /* lidt */ ++ generate_exception_if(!mode_ring0(), EXC_GP, 0); + generate_exception_if(ea.type != OP_MEM, EXC_UD, -1); + fail_if(ops->write_segment == NULL); + memset(®, 0, sizeof(reg)); +@@ -3749,6 +3752,7 @@ + case 6: /* lmsw */ + fail_if(ops->read_cr == NULL); + fail_if(ops->write_cr == NULL); ++ generate_exception_if(!mode_ring0(), EXC_GP, 0); + if ( (rc = ops->read_cr(0, &cr0, ctxt)) ) + goto done; + if ( ea.type == OP_REG ) diff --git a/sysutils/xentools42/Makefile b/sysutils/xentools42/Makefile index b4413f8b446..f624689c472 100644 --- a/sysutils/xentools42/Makefile +++ b/sysutils/xentools42/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $ +# $NetBSD: Makefile,v 1.22.2.1 2014/09/28 13:28:58 tron Exp $ -VERSION= 4.2.4 +VERSION= 4.2.5 VERSION_IPXE= 1.0.0 DISTNAME= xen-${VERSION} PKGNAME= xentools42-${VERSION} -PKGREVISION= 2 +#PKGREVISION= 2 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xentools42/distinfo b/sysutils/xentools42/distinfo index 2d3d7dcc444..80378d5be77 100644 --- a/sysutils/xentools42/distinfo +++ b/sysutils/xentools42/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.10 2014/02/22 01:28:23 prlw1 Exp $ +$NetBSD: distinfo,v 1.10.4.1 2014/09/28 13:28:58 tron Exp $ SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes -SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1 -RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f -Size (xen-4.2.4.tar.gz) = 15663999 bytes +SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a +RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 +Size (xen-4.2.5.tar.gz) = 15671925 bytes SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b |