Wed Sep 12 11:04:18 2012 UTC ()
update to 4.1.3
also add security patches from upstream (for CVE-2012-3497, no patches
are available yet)
changes:
-fixes for vulnerabilities were integrated
-many bug fixes and improvements, Highlights are:
-Updates for the latest Intel/AMD CPU revisions
-Bug fixes for IOMMU handling (device passthrough to HVM guests)
approved by maintainer
(drochner)
diff -r1.11 -r1.12 pkgsrc/sysutils/xenkernel41/Makefile
diff -r1.9 -r1.10 pkgsrc/sysutils/xenkernel41/distinfo
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3432
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3433
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel41/patches/patch-xsa9-xen-4.1
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3494
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3496
diff -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-CVE-2012-3498
--- pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/08/10 09:59:47 1.11
+++ pkgsrc/sysutils/xenkernel41/Attic/Makefile 2012/09/12 11:04:17 1.12
| @@ -1,20 +1,19 @@ | | | @@ -1,20 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.11 2012/08/10 09:59:47 drochner Exp $ | | 1 | # $NetBSD: Makefile,v 1.12 2012/09/12 11:04:17 drochner Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | VERSION= 4.1.2 | | 4 | VERSION= 4.1.3 |
5 | DISTNAME= xen-${VERSION} | | 5 | DISTNAME= xen-${VERSION} |
6 | PKGNAME= xenkernel41-${VERSION} | | 6 | PKGNAME= xenkernel41-${VERSION} |
7 | PKGREVISION= 4 | | | |
8 | CATEGORIES= sysutils | | 7 | CATEGORIES= sysutils |
9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ |
10 | EXTRACT_SUFX= .tar.gz | | 9 | EXTRACT_SUFX= .tar.gz |
11 | | | 10 | |
12 | MAINTAINER= cegger@NetBSD.org | | 11 | MAINTAINER= cegger@NetBSD.org |
13 | HOMEPAGE= http://xen.org/ | | 12 | HOMEPAGE= http://xen.org/ |
14 | COMMENT= Xen 4.1.2 Kernel | | 13 | COMMENT= Xen 4.1.2 Kernel |
15 | | | 14 | |
16 | LICENSE= gnu-gpl-v2 | | 15 | LICENSE= gnu-gpl-v2 |
17 | | | 16 | |
18 | PKG_DESTDIR_SUPPORT= user-destdir | | 17 | PKG_DESTDIR_SUPPORT= user-destdir |
19 | | | 18 | |
20 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | | 19 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 |
--- pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/08/10 09:59:47 1.9
+++ pkgsrc/sysutils/xenkernel41/Attic/distinfo 2012/09/12 11:04:17 1.10
| @@ -1,11 +1,10 @@ | | | @@ -1,11 +1,10 @@ |
1 | $NetBSD: distinfo,v 1.9 2012/08/10 09:59:47 drochner Exp $ | | 1 | $NetBSD: distinfo,v 1.10 2012/09/12 11:04:17 drochner Exp $ |
2 | | | 2 | |
3 | SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e | | 3 | SHA1 (xen-4.1.3.tar.gz) = 0f688955262d08fba28361ca338f3ad0c0f53d74 |
4 | RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 | | 4 | RMD160 (xen-4.1.3.tar.gz) = a6296a16579fd628a1ff2aa64b6b800e4913eeae |
5 | Size (xen-4.1.2.tar.gz) = 10365786 bytes | | 5 | Size (xen-4.1.3.tar.gz) = 10382132 bytes |
6 | SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb | | 6 | SHA1 (patch-CVE-2012-3494) = 166121ce515aaa2f2e399431be3ca7d2496c79c6 |
7 | SHA1 (patch-CVE-2012-3433) = 51ca4a6427c19dc31ba2bd05e4c09027d52a4ebc | | 7 | SHA1 (patch-CVE-2012-3496) = c863d3e951d5aaa5659f9e1f38723f8326b8d8b8 |
| | | 8 | SHA1 (patch-CVE-2012-3498) = 2bb2b40675de498ae9fcc89ba5267b5be4a2c4c1 |
8 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 | | 9 | SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 |
9 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 | | 10 | SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 |
10 | SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 | | | |
11 | SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb | | | |
$NetBSD: patch-CVE-2012-3494,v 1.1 2012/09/12 11:04:17 drochner Exp $
see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00181.html
--- xen/include/asm-x86/debugreg.h.orig 2012-08-10 13:51:52.000000000 +0000
+++ xen/include/asm-x86/debugreg.h
@@ -58,7 +58,7 @@
We can slow the instruction pipeline for instructions coming via the
gdt or the ldt if we want to. I am not sure why this is an advantage */
-#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */
+#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */
#define DR_CONTROL_RESERVED_ONE (0x00000400ul) /* Reserved, read as one */
#define DR_LOCAL_EXACT_ENABLE (0x00000100ul) /* Local exact enable */
#define DR_GLOBAL_EXACT_ENABLE (0x00000200ul) /* Global exact enable */
$NetBSD: patch-CVE-2012-3496,v 1.1 2012/09/12 11:04:17 drochner Exp $
see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00194.html
--- xen/arch/x86/mm/p2m.c.orig 2012-08-10 13:51:45.000000000 +0000
+++ xen/arch/x86/mm/p2m.c
@@ -2414,7 +2414,8 @@ guest_physmap_mark_populate_on_demand(st
int pod_count = 0;
int rc = 0;
- BUG_ON(!paging_mode_translate(d));
+ if ( !paging_mode_translate(d) )
+ return -EINVAL;
rc = gfn_check_limit(d, gfn, order);
if ( rc != 0 )
$NetBSD: patch-CVE-2012-3498,v 1.1 2012/09/12 11:04:18 drochner Exp $
contains patch for CVE-2012-3495
see http://lists.xen.org/archives/html/xen-devel/2012-09/msg00187.html
and http://lists.xen.org/archives/html/xen-devel/2012-09/msg00197.html
--- xen/arch/x86/physdev.c.orig 2012-09-12 09:41:55.000000000 +0000
+++ xen/arch/x86/physdev.c
@@ -40,11 +40,18 @@ static int physdev_hvm_map_pirq(
struct hvm_girq_dpci_mapping *girq;
uint32_t machine_gsi = 0;
+ if ( map->index < 0 || map->index >= NR_HVM_IRQS )
+ {
+ ret = -EINVAL;
+ break;
+ }
+
/* find the machine gsi corresponding to the
* emulated gsi */
hvm_irq_dpci = domain_get_irq_dpci(d);
if ( hvm_irq_dpci )
{
+ BUILD_BUG_ON(ARRAY_SIZE(hvm_irq_dpci->girq) < NR_HVM_IRQS);
list_for_each_entry ( girq,
&hvm_irq_dpci->girq[map->index],
list )
@@ -587,11 +594,16 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H
break;
spin_lock(&d->event_lock);
- out.pirq = get_free_pirq(d, out.type, 0);
- d->arch.pirq_irq[out.pirq] = PIRQ_ALLOCATED;
+ ret = get_free_pirq(d, out.type, 0);
+ if ( ret >= 0 )
+ d->arch.pirq_irq[ret] = PIRQ_ALLOCATED;
spin_unlock(&d->event_lock);
- ret = copy_to_guest(arg, &out, 1) ? -EFAULT : 0;
+ if ( ret >= 0 )
+ {
+ out.pirq = ret;
+ ret = copy_to_guest(arg, &out, 1) ? -EFAULT : 0;
+ }
rcu_unlock_domain(d);
break;