diff options
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/distinfo | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2013-6885_1 | 27 | ||||
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2013-6885_2 | 12 |
4 files changed, 44 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index ec1e0298372..b8475351e8f 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.29 2013/11/29 19:29:58 drochner Exp $ +# $NetBSD: Makefile,v 1.30 2013/12/04 10:35:01 drochner Exp $ # VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index b28c110bce6..1286133b2c1 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.23 2013/11/29 19:29:58 drochner Exp $ +$NetBSD: distinfo,v 1.24 2013/12/04 10:35:01 drochner Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 @@ -12,6 +12,8 @@ SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241 SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15 SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1 +SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e +SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2013-6885_1 b/sysutils/xenkernel41/patches/patch-CVE-2013-6885_1 new file mode 100644 index 00000000000..66c7f88fd68 --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2013-6885_1 @@ -0,0 +1,27 @@ +$NetBSD: patch-CVE-2013-6885_1,v 1.1 2013/12/04 10:35:01 drochner Exp $ + +http://lists.xenproject.org/archives/html/xen-devel/2013-12/msg00235.html + +--- xen/arch/x86/cpu/amd.c.orig 2013-09-10 06:42:18.000000000 +0000 ++++ xen/arch/x86/cpu/amd.c 2013-12-03 16:43:52.000000000 +0000 +@@ -649,6 +649,20 @@ static void __devinit init_amd(struct cp + "*** Pass \"allow_unsafe\" if you're trusting" + " all your (PV) guest kernels. ***\n"); + ++ if (c->x86 == 0x16 && c->x86_model <= 0xf) { ++ rdmsrl(MSR_AMD64_LS_CFG, value); ++ if (!(value & (1 << 15))) { ++ static bool_t warned; ++ ++ if (c == &boot_cpu_data || opt_cpu_info || ++ !test_and_set_bool(warned)) ++ printk(KERN_WARNING ++ "CPU%u: Applying workaround for erratum 793\n", ++ smp_processor_id()); ++ wrmsrl(MSR_AMD64_LS_CFG, value | (1 << 15)); ++ } ++ } ++ + /* AMD CPUs do not support SYSENTER outside of legacy mode. */ + clear_bit(X86_FEATURE_SEP, c->x86_capability); + diff --git a/sysutils/xenkernel41/patches/patch-CVE-2013-6885_2 b/sysutils/xenkernel41/patches/patch-CVE-2013-6885_2 new file mode 100644 index 00000000000..376c1bbef35 --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2013-6885_2 @@ -0,0 +1,12 @@ +$NetBSD: patch-CVE-2013-6885_2,v 1.1 2013/12/04 10:35:01 drochner Exp $ + +--- xen/include/asm-x86/msr-index.h.orig 2013-09-10 06:42:18.000000000 +0000 ++++ xen/include/asm-x86/msr-index.h 2013-12-03 16:55:24.000000000 +0000 +@@ -245,6 +245,7 @@ + + /* AMD64 MSRs */ + #define MSR_AMD64_NB_CFG 0xc001001f ++#define MSR_AMD64_LS_CFG 0xc0011020 + #define MSR_AMD64_IC_CFG 0xc0011021 + #define MSR_AMD64_DC_CFG 0xc0011022 + #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 |