Fri Jul 27 18:50:34 2012 UTC ()
add patch from upstream to fix bug in MMIO emulation which can cause
guest crashes by unprivileged users, only for HVM guests, and if
MMIO is granted to the user process (CVE-2012-3432)
bump PKGREV
(drochner)
diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel41/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3432
--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/06/19 20:17:06 1.7
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/07/27 18:50:34 1.8
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.7 2012/06/19 20:17:06 bouyer Exp $
+# $NetBSD: Makefile,v 1.8 2012/07/27 18:50:34 drochner Exp $
#
VERSION= 4.1.2
DISTNAME= xen-${VERSION}
PKGNAME= xenkernel41-${VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= sysutils
MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
EXTRACT_SUFX= .tar.gz
--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/06/12 15:59:04 1.7
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/07/27 18:50:34 1.8
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.7 2012/06/12 15:59:04 bouyer Exp $
+$NetBSD: distinfo,v 1.8 2012/07/27 18:50:34 drochner Exp $
SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e
RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6
Size (xen-4.1.2.tar.gz) = 10365786 bytes
+SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb
SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0
SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70
SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515
$NetBSD: patch-CVE-2012-3432,v 1.1 2012/07/27 18:50:34 drochner Exp $
see http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
--- xen/arch/x86/hvm/io.c.orig 2012-07-27 18:34:15.000000000 +0000
+++ xen/arch/x86/hvm/io.c
@@ -176,6 +176,8 @@ int handle_mmio(void)
rc = hvm_emulate_one(&ctxt);
+ if ( rc != X86EMUL_RETRY )
+ curr->arch.hvm_vcpu.io_state = HVMIO_none;
if ( curr->arch.hvm_vcpu.io_state == HVMIO_awaiting_completion )
curr->arch.hvm_vcpu.io_state = HVMIO_handle_mmio_awaiting_completion;
else