Update xen to 4.2.3 - Add warning if /kern/xen/privcmd is not readable Fixes the following critical vulnerabilities: * CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible * CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges * CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR * CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling * CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend * CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys * CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes * XSA-61: libxl partially sets up HVM passthrough even with disabled iommu The following minor vulnerability is also being addressed: * CVE-2013-2007 / XSA-51 qemu guest agent (qga) insecure file permissions Among many bug fixes and improvements: * addressing a regression from the fix for XSA-46 * bug fixes to low level system state handling, including certain hardware errata workaroundsdiff -r1.2 -r1.3 pkgsrc/sysutils/xenkernel42/Makefile
(prlw1)
@@ -1,20 +1,19 @@ | @@ -1,20 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.2 2013/06/19 14:03:41 gdt Exp $ | 1 | # $NetBSD: Makefile,v 1.3 2013/09/12 23:37:18 prlw1 Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | VERSION= 4.2.2 | 4 | VERSION= 4.2.3 | |
5 | DISTNAME= xen-${VERSION} | 5 | DISTNAME= xen-${VERSION} | |
6 | PKGNAME= xenkernel42-${VERSION} | 6 | PKGNAME= xenkernel42-${VERSION} | |
7 | PKREVISION= 1 | |||
8 | CATEGORIES= sysutils | 7 | CATEGORIES= sysutils | |
9 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | 8 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | |
10 | 9 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= http://xenproject.org/ | 11 | HOMEPAGE= http://xenproject.org/ | |
13 | COMMENT= Xen 4.2.x Kernel | 12 | COMMENT= Xen 4.2.x Kernel | |
14 | 13 | |||
15 | LICENSE= gnu-gpl-v2 | 14 | LICENSE= gnu-gpl-v2 | |
16 | 15 | |||
17 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | 16 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | |
18 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | 17 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | |
19 | 18 | |||
20 | NO_CONFIGURE= yes | 19 | NO_CONFIGURE= yes |
@@ -1,11 +1,9 @@ | @@ -1,11 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.3 2013/07/13 19:43:21 joerg Exp $ | 1 | $NetBSD: distinfo,v 1.4 2013/09/12 23:37:18 prlw1 Exp $ | |
2 | 2 | |||
3 | SHA1 (xen-4.2.2.tar.gz) = b48cc7f375e9a5d65ff2d680f1b512dbea5a3b7c | 3 | SHA1 (xen-4.2.3.tar.gz) = 7c72e1aa870cc938afdc50bd9f2d879118aa8b99 | |
4 | RMD160 (xen-4.2.2.tar.gz) = 925cb2abdd080254a5457d1b304f811036261ab6 | 4 | RMD160 (xen-4.2.3.tar.gz) = da0fbb7bbc0796bd83c223f7d21015ce0d4c8553 | |
5 | Size (xen-4.2.2.tar.gz) = 15602746 bytes | 5 | Size (xen-4.2.3.tar.gz) = 15613235 bytes | |
6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | 6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | |
7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | 7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | |
8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | 8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | |
9 | SHA1 (patch-xen_arch_x86_time.c) = e5ce7e83d1dcbcc1cdffd6921f25fce4d7389ac8 | |||
10 | SHA1 (patch-xen_common_libelf_libelf-private.h) = c364d8f247342c62d0d32fe9f4714f83f977719a | |||
11 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 | 9 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | # $NetBSD: Makefile,v 1.7 2013/06/17 13:55:38 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.8 2013/09/12 23:37:18 prlw1 Exp $ | |
2 | # | 2 | # | |
3 | # VERSION is set in version.mk as it is shared with other packages | 3 | ||
4 | .include "version.mk" | 4 | VERSION= 4.2.3 | |
5 | VERSION_IPXE= 1.0.0 | |||
5 | 6 | |||
6 | DISTNAME= xen-${VERSION} | 7 | DISTNAME= xen-${VERSION} | |
7 | PKGNAME= xentools42-${VERSION} | 8 | PKGNAME= xentools42-${VERSION} | |
8 | PKGREVISION= 3 | |||
9 | CATEGORIES= sysutils | 9 | CATEGORIES= sysutils | |
10 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | 10 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | |
11 | 11 | |||
12 | DISTFILES= ${DISTNAME}.tar.gz | 12 | DISTFILES= ${DISTNAME}.tar.gz | |
13 | DISTFILES+= ipxe-git-v${VERSION_IPXE}.tar.gz | 13 | DISTFILES+= ipxe-git-v${VERSION_IPXE}.tar.gz | |
14 | SITES.ipxe-git-v${VERSION_IPXE}.tar.gz += http://xenbits.xensource.com/xen-extfiles/ | 14 | SITES.ipxe-git-v${VERSION_IPXE}.tar.gz += http://xenbits.xensource.com/xen-extfiles/ | |
15 | 15 | |||
16 | MAINTAINER= pkgsrc-users@NetBSD.org | 16 | MAINTAINER= pkgsrc-users@NetBSD.org | |
17 | HOMEPAGE= http://xen.org/ | 17 | HOMEPAGE= http://xen.org/ | |
18 | COMMENT= Userland Tools for Xen 4.2.x | 18 | COMMENT= Userland Tools for Xen 4.2.x | |
19 | LICENSE= gnu-gpl-v2 | 19 | LICENSE= gnu-gpl-v2 | |
20 | 20 | |||
21 | # XXX add version check: Xen requires dev86 >= 0.16.14 | 21 | # XXX add version check: Xen requires dev86 >= 0.16.14 | |
22 | BUILD_DEPENDS+= dev86-[0-9]*:../../devel/dev86 # needed to build firmware | 22 | BUILD_DEPENDS+= dev86-[0-9]*:../../devel/dev86 # needed to build firmware | |
23 | .if !exists(/usr/bin/iasl) | 23 | .if !exists(/usr/bin/iasl) |
@@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
1 | $NetBSD: distinfo,v 1.6 2013/06/17 13:54:02 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.7 2013/09/12 23:37:18 prlw1 Exp $ | |
2 | 2 | |||
3 | SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 | 3 | SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 | |
4 | RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 | 4 | RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 | |
5 | Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes | 5 | Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes | |
6 | SHA1 (xen-4.2.2.tar.gz) = b48cc7f375e9a5d65ff2d680f1b512dbea5a3b7c | 6 | SHA1 (xen-4.2.3.tar.gz) = 7c72e1aa870cc938afdc50bd9f2d879118aa8b99 | |
7 | RMD160 (xen-4.2.2.tar.gz) = 925cb2abdd080254a5457d1b304f811036261ab6 | 7 | RMD160 (xen-4.2.3.tar.gz) = da0fbb7bbc0796bd83c223f7d21015ce0d4c8553 | |
8 | Size (xen-4.2.2.tar.gz) = 15602746 bytes | 8 | Size (xen-4.2.3.tar.gz) = 15613235 bytes | |
9 | SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb | 9 | SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb | |
10 | SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 | 10 | SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 | |
11 | SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b | 11 | SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b | |
12 | SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba | 12 | SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba | |
13 | SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43 | 13 | SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43 | |
14 | SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704 | 14 | SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704 | |
15 | SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299 | 15 | SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299 | |
16 | SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3 | 16 | SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3 | |
17 | SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80 | 17 | SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80 | |
18 | SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 | 18 | SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 | |
19 | SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f | 19 | SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f | |
20 | SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020 | 20 | SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020 | |
21 | SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc | 21 | SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc |
@@ -19,26 +19,29 @@ XENCONSOLED_PIDFILE="/var/run/xenconsole | @@ -19,26 +19,29 @@ XENCONSOLED_PIDFILE="/var/run/xenconsole | |||
19 | 19 | |||
20 | BINDIR=@PREFIX@/bin | 20 | BINDIR=@PREFIX@/bin | |
21 | SBINDIR=@PREFIX@/sbin | 21 | SBINDIR=@PREFIX@/sbin | |
22 | 22 | |||
23 | xen_precmd() | 23 | xen_precmd() | |
24 | { | 24 | { | |
25 | mkdir -p /var/run/xen || exit 1 | 25 | mkdir -p /var/run/xen || exit 1 | |
26 | mkdir -p /var/run/xenstored || exit 1 | 26 | mkdir -p /var/run/xenstored || exit 1 | |
27 | } | 27 | } | |
28 | 28 | |||
29 | xen_startcmd() | 29 | xen_startcmd() | |
30 | { | 30 | { | |
31 | printf "Starting xenservices: xenstored, xenconsoled.\n" | 31 | printf "Starting xenservices: xenstored, xenconsoled.\n" | |
32 | if test ! -r ${required_files}; then | |||
33 | warn "${required_files} is not readable." | |||
34 | fi | |||
32 | XENSTORED_ARGS=" --pid-file ${XENSTORED_PIDFILE}" | 35 | XENSTORED_ARGS=" --pid-file ${XENSTORED_PIDFILE}" | |
33 | if [ -n "${XENSTORED_TRACE}" ]; then | 36 | if [ -n "${XENSTORED_TRACE}" ]; then | |
34 | XENSTORED_ARGS="${XENSTORED_ARGS} -T /var/log/xen/xenstored-trace.log" | 37 | XENSTORED_ARGS="${XENSTORED_ARGS} -T /var/log/xen/xenstored-trace.log" | |
35 | fi | 38 | fi | |
36 | 39 | |||
37 | ${SBINDIR}/xenstored ${XENSTORED_ARGS} | 40 | ${SBINDIR}/xenstored ${XENSTORED_ARGS} | |
38 | sleep 5 | 41 | sleep 5 | |
39 | 42 | |||
40 | printf "Setting domain 0 name...\n" | 43 | printf "Setting domain 0 name...\n" | |
41 | ${BINDIR}/xenstore-write "/local/domain/0/name" "Domain-0" | 44 | ${BINDIR}/xenstore-write "/local/domain/0/name" "Domain-0" | |
42 | 45 | |||
43 | XENCONSOLED_ARGS="" | 46 | XENCONSOLED_ARGS="" | |
44 | if [ -n "${XENCONSOLED_TRACE}" ]; then | 47 | if [ -n "${XENCONSOLED_TRACE}" ]; then |