Thu Sep 12 23:37:18 2013 UTC ()
Update xen to 4.2.3

- Add warning if /kern/xen/privcmd is not readable

Fixes the following critical vulnerabilities:
 * CVE-2013-1918 / XSA-45:
    Several long latency operations are not preemptible
 * CVE-2013-1952 / XSA-49:
    VT-d interrupt remapping source validation flaw for bridges
 * CVE-2013-2076 / XSA-52:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
 * CVE-2013-2077 / XSA-53:
    Hypervisor crash due to missing exception recovery on XRSTOR
 * CVE-2013-2078 / XSA-54:
    Hypervisor crash due to missing exception recovery on XSETBV
 * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55:
    Multiple vulnerabilities in libelf PV kernel handling
 * CVE-2013-2072 / XSA-56:
    Buffer overflow in xencontrol Python bindings affecting xend
 * CVE-2013-2211 / XSA-57:
    libxl allows guest write access to sensitive console related xenstore keys
 * CVE-2013-1432 / XSA-58:
    Page reference counting error due to XSA-45/CVE-2013-1918 fixes
 * XSA-61:
    libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:
 * CVE-2013-2007 / XSA-51
    qemu guest agent (qga) insecure file permissions

Among many bug fixes and improvements:
 * addressing a regression from the fix for XSA-46
 * bug fixes to low level system state handling, including certain
    hardware errata workarounds


(prlw1)
diff -r1.2 -r1.3 pkgsrc/sysutils/xenkernel42/Makefile
diff -r1.3 -r1.4 pkgsrc/sysutils/xenkernel42/distinfo
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_time.c
diff -r1.1 -r0 pkgsrc/sysutils/xenkernel42/patches/patch-xen_common_libelf_libelf-private.h
diff -r1.7 -r1.8 pkgsrc/sysutils/xentools42/Makefile
diff -r1.6 -r1.7 pkgsrc/sysutils/xentools42/distinfo
diff -r1.1 -r0 pkgsrc/sysutils/xentools42/version.mk
diff -r1.2 -r1.3 pkgsrc/sysutils/xentools42/files/xencommons.sh
cvs diff -r1.2 -r1.3 pkgsrc/sysutils/xenkernel42/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/xenkernel42/Attic/Makefile 2013/06/19 14:03:41 1.2
+++ pkgsrc/sysutils/xenkernel42/Attic/Makefile 2013/09/12 23:37:18 1.3
@@ -1,20 +1,19 @@ @@ -1,20 +1,19 @@
1# $NetBSD: Makefile,v 1.2 2013/06/19 14:03:41 gdt Exp $ 1# $NetBSD: Makefile,v 1.3 2013/09/12 23:37:18 prlw1 Exp $
2# 2#
3 3
4VERSION= 4.2.2 4VERSION= 4.2.3
5DISTNAME= xen-${VERSION} 5DISTNAME= xen-${VERSION}
6PKGNAME= xenkernel42-${VERSION} 6PKGNAME= xenkernel42-${VERSION}
7PKREVISION= 1 
8CATEGORIES= sysutils 7CATEGORIES= sysutils
9MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ 8MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
10 9
11MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= http://xenproject.org/ 11HOMEPAGE= http://xenproject.org/
13COMMENT= Xen 4.2.x Kernel 12COMMENT= Xen 4.2.x Kernel
14 13
15LICENSE= gnu-gpl-v2 14LICENSE= gnu-gpl-v2
16 15
17ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 16ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64
18ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 17ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386
19 18
20NO_CONFIGURE= yes 19NO_CONFIGURE= yes
cvs diff -r1.3 -r1.4 pkgsrc/sysutils/xenkernel42/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/xenkernel42/Attic/distinfo 2013/07/13 19:43:21 1.3
+++ pkgsrc/sysutils/xenkernel42/Attic/distinfo 2013/09/12 23:37:18 1.4
@@ -1,11 +1,9 @@ @@ -1,11 +1,9 @@
1$NetBSD: distinfo,v 1.3 2013/07/13 19:43:21 joerg Exp $ 1$NetBSD: distinfo,v 1.4 2013/09/12 23:37:18 prlw1 Exp $
2 2
3SHA1 (xen-4.2.2.tar.gz) = b48cc7f375e9a5d65ff2d680f1b512dbea5a3b7c 3SHA1 (xen-4.2.3.tar.gz) = 7c72e1aa870cc938afdc50bd9f2d879118aa8b99
4RMD160 (xen-4.2.2.tar.gz) = 925cb2abdd080254a5457d1b304f811036261ab6 4RMD160 (xen-4.2.3.tar.gz) = da0fbb7bbc0796bd83c223f7d21015ce0d4c8553
5Size (xen-4.2.2.tar.gz) = 15602746 bytes 5Size (xen-4.2.3.tar.gz) = 15613235 bytes
6SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 6SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
7SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a 7SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
8SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 8SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
9SHA1 (patch-xen_arch_x86_time.c) = e5ce7e83d1dcbcc1cdffd6921f25fce4d7389ac8 
10SHA1 (patch-xen_common_libelf_libelf-private.h) = c364d8f247342c62d0d32fe9f4714f83f977719a 
11SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 9SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044
File Deleted: pkgsrc/sysutils/xenkernel42/patches/Attic/patch-xen_arch_x86_time.c
File Deleted: pkgsrc/sysutils/xenkernel42/patches/Attic/patch-xen_common_libelf_libelf-private.h
cvs diff -r1.7 -r1.8 pkgsrc/sysutils/xentools42/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/xentools42/Attic/Makefile 2013/06/17 13:55:38 1.7
+++ pkgsrc/sysutils/xentools42/Attic/Makefile 2013/09/12 23:37:18 1.8
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: Makefile,v 1.7 2013/06/17 13:55:38 wiz Exp $ 1# $NetBSD: Makefile,v 1.8 2013/09/12 23:37:18 prlw1 Exp $
2# 2#
3# VERSION is set in version.mk as it is shared with other packages 3
4.include "version.mk" 4VERSION= 4.2.3
 5VERSION_IPXE= 1.0.0
5 6
6DISTNAME= xen-${VERSION} 7DISTNAME= xen-${VERSION}
7PKGNAME= xentools42-${VERSION} 8PKGNAME= xentools42-${VERSION}
8PKGREVISION= 3 
9CATEGORIES= sysutils 9CATEGORIES= sysutils
10MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ 10MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/
11 11
12DISTFILES= ${DISTNAME}.tar.gz 12DISTFILES= ${DISTNAME}.tar.gz
13DISTFILES+= ipxe-git-v${VERSION_IPXE}.tar.gz 13DISTFILES+= ipxe-git-v${VERSION_IPXE}.tar.gz
14SITES.ipxe-git-v${VERSION_IPXE}.tar.gz += http://xenbits.xensource.com/xen-extfiles/ 14SITES.ipxe-git-v${VERSION_IPXE}.tar.gz += http://xenbits.xensource.com/xen-extfiles/
15 15
16MAINTAINER= pkgsrc-users@NetBSD.org 16MAINTAINER= pkgsrc-users@NetBSD.org
17HOMEPAGE= http://xen.org/ 17HOMEPAGE= http://xen.org/
18COMMENT= Userland Tools for Xen 4.2.x 18COMMENT= Userland Tools for Xen 4.2.x
19LICENSE= gnu-gpl-v2 19LICENSE= gnu-gpl-v2
20 20
21# XXX add version check: Xen requires dev86 >= 0.16.14 21# XXX add version check: Xen requires dev86 >= 0.16.14
22BUILD_DEPENDS+= dev86-[0-9]*:../../devel/dev86 # needed to build firmware 22BUILD_DEPENDS+= dev86-[0-9]*:../../devel/dev86 # needed to build firmware
23.if !exists(/usr/bin/iasl) 23.if !exists(/usr/bin/iasl)
cvs diff -r1.6 -r1.7 pkgsrc/sysutils/xentools42/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/xentools42/Attic/distinfo 2013/06/17 13:54:02 1.6
+++ pkgsrc/sysutils/xentools42/Attic/distinfo 2013/09/12 23:37:18 1.7
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1$NetBSD: distinfo,v 1.6 2013/06/17 13:54:02 wiz Exp $ 1$NetBSD: distinfo,v 1.7 2013/09/12 23:37:18 prlw1 Exp $
2 2
3SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 3SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
4RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 4RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
5Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes 5Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
6SHA1 (xen-4.2.2.tar.gz) = b48cc7f375e9a5d65ff2d680f1b512dbea5a3b7c 6SHA1 (xen-4.2.3.tar.gz) = 7c72e1aa870cc938afdc50bd9f2d879118aa8b99
7RMD160 (xen-4.2.2.tar.gz) = 925cb2abdd080254a5457d1b304f811036261ab6 7RMD160 (xen-4.2.3.tar.gz) = da0fbb7bbc0796bd83c223f7d21015ce0d4c8553
8Size (xen-4.2.2.tar.gz) = 15602746 bytes 8Size (xen-4.2.3.tar.gz) = 15613235 bytes
9SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb 9SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb
10SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 10SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
11SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b 11SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b
12SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba 12SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba
13SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43 13SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43
14SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704 14SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704
15SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299 15SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299
16SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3 16SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3
17SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80 17SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80
18SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 18SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8
19SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f 19SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f
20SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020 20SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020
21SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc 21SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc
File Deleted: pkgsrc/sysutils/xentools42/Attic/version.mk
cvs diff -r1.2 -r1.3 pkgsrc/sysutils/xentools42/files/Attic/xencommons.sh (expand / switch to unified diff)

--- pkgsrc/sysutils/xentools42/files/Attic/xencommons.sh 2013/05/26 06:52:13 1.2
+++ pkgsrc/sysutils/xentools42/files/Attic/xencommons.sh 2013/09/12 23:37:18 1.3
@@ -19,26 +19,29 @@ XENCONSOLED_PIDFILE="/var/run/xenconsole @@ -19,26 +19,29 @@ XENCONSOLED_PIDFILE="/var/run/xenconsole
19 19
20BINDIR=@PREFIX@/bin 20BINDIR=@PREFIX@/bin
21SBINDIR=@PREFIX@/sbin 21SBINDIR=@PREFIX@/sbin
22 22
23xen_precmd() 23xen_precmd()
24{ 24{
25 mkdir -p /var/run/xen || exit 1 25 mkdir -p /var/run/xen || exit 1
26 mkdir -p /var/run/xenstored || exit 1 26 mkdir -p /var/run/xenstored || exit 1
27} 27}
28 28
29xen_startcmd() 29xen_startcmd()
30{ 30{
31 printf "Starting xenservices: xenstored, xenconsoled.\n" 31 printf "Starting xenservices: xenstored, xenconsoled.\n"
 32 if test ! -r ${required_files}; then
 33 warn "${required_files} is not readable."
 34 fi
32 XENSTORED_ARGS=" --pid-file ${XENSTORED_PIDFILE}" 35 XENSTORED_ARGS=" --pid-file ${XENSTORED_PIDFILE}"
33 if [ -n "${XENSTORED_TRACE}" ]; then 36 if [ -n "${XENSTORED_TRACE}" ]; then
34 XENSTORED_ARGS="${XENSTORED_ARGS} -T /var/log/xen/xenstored-trace.log" 37 XENSTORED_ARGS="${XENSTORED_ARGS} -T /var/log/xen/xenstored-trace.log"
35 fi 38 fi
36 39
37 ${SBINDIR}/xenstored ${XENSTORED_ARGS} 40 ${SBINDIR}/xenstored ${XENSTORED_ARGS}
38 sleep 5 41 sleep 5
39 42
40 printf "Setting domain 0 name...\n" 43 printf "Setting domain 0 name...\n"
41 ${BINDIR}/xenstore-write "/local/domain/0/name" "Domain-0" 44 ${BINDIR}/xenstore-write "/local/domain/0/name" "Domain-0"
42 45
43 XENCONSOLED_ARGS="" 46 XENCONSOLED_ARGS=""
44 if [ -n "${XENCONSOLED_TRACE}" ]; then 47 if [ -n "${XENCONSOLED_TRACE}" ]; then