Fri Jul 27 18:50:34 2012 UTC ()
add patch from upstream to fix bug in MMIO emulation which can cause
guest crashes by unprivileged users, only for HVM guests, and if
MMIO is granted to the user process (CVE-2012-3432)
bump PKGREV


(drochner)
diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3432
cvs diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/Attic/Makefile (switch to unified diff)

--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/06/19 20:17:06 1.7
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/07/27 18:50:34 1.8
@@ -1,55 +1,55 @@ @@ -1,55 +1,55 @@
1# $NetBSD: Makefile,v 1.7 2012/06/19 20:17:06 bouyer Exp $ 1# $NetBSD: Makefile,v 1.8 2012/07/27 18:50:34 drochner Exp $
2# 2#
3 3
4VERSION= 4.1.2 4VERSION= 4.1.2
5DISTNAME= xen-${VERSION} 5DISTNAME= xen-${VERSION}
6PKGNAME= xenkernel41-${VERSION} 6PKGNAME= xenkernel41-${VERSION}
7PKGREVISION= 2 7PKGREVISION= 3
8CATEGORIES= sysutils 8CATEGORIES= sysutils
9MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ 9MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
10EXTRACT_SUFX= .tar.gz 10EXTRACT_SUFX= .tar.gz
11 11
12MAINTAINER= cegger@NetBSD.org 12MAINTAINER= cegger@NetBSD.org
13HOMEPAGE= http://xen.org/ 13HOMEPAGE= http://xen.org/
14COMMENT= Xen 4.1.2 Kernel 14COMMENT= Xen 4.1.2 Kernel
15 15
16LICENSE= gnu-gpl-v2 16LICENSE= gnu-gpl-v2
17 17
18PKG_DESTDIR_SUPPORT= user-destdir 18PKG_DESTDIR_SUPPORT= user-destdir
19 19
20ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 20ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64
21ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 21ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386
22 22
23WRKSRC= ${WRKDIR}/xen-${VERSION} 23WRKSRC= ${WRKDIR}/xen-${VERSION}
24 24
25NO_CONFIGURE= yes 25NO_CONFIGURE= yes
26USE_TOOLS+= gmake 26USE_TOOLS+= gmake
27 27
28PYTHON_FOR_BUILD_ONLY= # empty 28PYTHON_FOR_BUILD_ONLY= # empty
29PY_PATCHPLIST= NO 29PY_PATCHPLIST= NO
30 30
31# XXX Why does this not work? 31# XXX Why does this not work?
32# See work/xen-4.1.2/Config.mk:41 why PYTHON must be set and what for 32# See work/xen-4.1.2/Config.mk:41 why PYTHON must be set and what for
33MAKE_ENV+= PYTHON=${PYTHONBIN:Q} 33MAKE_ENV+= PYTHON=${PYTHONBIN:Q}
34MAKE_ENV+= OCAML_TOOLS=no 34MAKE_ENV+= OCAML_TOOLS=no
35 35
36INSTALLATION_DIRS= xen41-kernel 36INSTALLATION_DIRS= xen41-kernel
37XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS} 37XENKERNELDIR= ${PREFIX}/${INSTALLATION_DIRS}
38 38
39MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR:Q} 39MESSAGE_SUBST+= XENKERNELDIR=${XENKERNELDIR:Q}
40 40
41do-build: 41do-build:
42 cd ${WRKSRC} && ${BUILD_MAKE_CMD} debug=n xen 42 cd ${WRKSRC} && ${BUILD_MAKE_CMD} debug=n xen
43 ${CP} ${WRKSRC}/dist/install/boot/xen.gz ${WRKDIR}/xen.gz 43 ${CP} ${WRKSRC}/dist/install/boot/xen.gz ${WRKDIR}/xen.gz
44 cd ${WRKSRC}/xen && ${MAKE_PROGRAM} clean 44 cd ${WRKSRC}/xen && ${MAKE_PROGRAM} clean
45 cd ${WRKSRC} && ${BUILD_MAKE_CMD} debug=y xen 45 cd ${WRKSRC} && ${BUILD_MAKE_CMD} debug=y xen
46 ${CP} ${WRKSRC}/dist/install/boot/xen.gz ${WRKDIR}/xen-debug.gz 46 ${CP} ${WRKSRC}/dist/install/boot/xen.gz ${WRKDIR}/xen-debug.gz
47 47
48do-install: 48do-install:
49 ${INSTALL_DATA} ${WRKDIR}/xen.gz \ 49 ${INSTALL_DATA} ${WRKDIR}/xen.gz \
50 ${DESTDIR}${XENKERNELDIR}/xen.gz 50 ${DESTDIR}${XENKERNELDIR}/xen.gz
51 ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \ 51 ${INSTALL_DATA} ${WRKDIR}/xen-debug.gz \
52 ${DESTDIR}${XENKERNELDIR}/xen-debug.gz 52 ${DESTDIR}${XENKERNELDIR}/xen-debug.gz
53 53
54.include "../../lang/python/application.mk" 54.include "../../lang/python/application.mk"
55.include "../../mk/bsd.pkg.mk" 55.include "../../mk/bsd.pkg.mk"
cvs diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/Attic/distinfo (switch to unified diff)

--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/06/12 15:59:04 1.7
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/07/27 18:50:34 1.8
@@ -1,9 +1,10 @@ @@ -1,9 +1,10 @@
1$NetBSD: distinfo,v 1.7 2012/06/12 15:59:04 bouyer Exp $ 1$NetBSD: distinfo,v 1.8 2012/07/27 18:50:34 drochner Exp $
2 2
3SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e 3SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e
4RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 4RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6
5Size (xen-4.1.2.tar.gz) = 10365786 bytes 5Size (xen-4.1.2.tar.gz) = 10365786 bytes
 6SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb
6SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 7SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0
7SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 8SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70
8SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 9SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515
9SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb 10SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb
File Added: pkgsrc/sysutils/xenkernel41/patches/Attic/patch-CVE-2012-3432
$NetBSD: patch-CVE-2012-3432,v 1.1 2012/07/27 18:50:34 drochner Exp $

see http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html

--- xen/arch/x86/hvm/io.c.orig	2012-07-27 18:34:15.000000000 +0000
+++ xen/arch/x86/hvm/io.c
@@ -176,6 +176,8 @@ int handle_mmio(void)
 
     rc = hvm_emulate_one(&ctxt);
 
+    if ( rc != X86EMUL_RETRY )
+        curr->arch.hvm_vcpu.io_state = HVMIO_none;
     if ( curr->arch.hvm_vcpu.io_state == HVMIO_awaiting_completion )
         curr->arch.hvm_vcpu.io_state = HVMIO_handle_mmio_awaiting_completion;
     else