Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interruptsdiff -r1.7 -r1.8 pkgsrc/sysutils/xenkernel42/Makefile
(bouyer)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.8 2014/09/26 10:39:31 bouyer Exp $ | |
2 | 2 | |||
3 | VERSION= 4.2.4 | 3 | VERSION= 4.2.5 | |
4 | DISTNAME= xen-${VERSION} | 4 | DISTNAME= xen-${VERSION} | |
5 | PKGNAME= xenkernel42-${VERSION} | 5 | PKGNAME= xenkernel42-${VERSION} | |
6 | CATEGORIES= sysutils | 6 | CATEGORIES= sysutils | |
7 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | 7 | MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://xenproject.org/ | 10 | HOMEPAGE= http://xenproject.org/ | |
11 | COMMENT= Xen 4.2.x Kernel | 11 | COMMENT= Xen 4.2.x Kernel | |
12 | 12 | |||
13 | LICENSE= gnu-gpl-v2 | 13 | LICENSE= gnu-gpl-v2 | |
14 | 14 | |||
15 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | 15 | ONLY_FOR_PLATFORM= Linux-2.6*-i386 Linux-2.6*-x86_64 | |
16 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 | 16 | ONLY_FOR_PLATFORM+= NetBSD-[5-9].*-x86_64 NetBSD-[5-9].*-i386 |
@@ -1,9 +1,11 @@ | @@ -1,9 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $ | 1 | $NetBSD: distinfo,v 1.6 2014/09/26 10:39:31 bouyer Exp $ | |
2 | 2 | |||
3 | SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1 | 3 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a | |
4 | RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f | 4 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 | |
5 | Size (xen-4.2.4.tar.gz) = 15663999 bytes | 5 | Size (xen-4.2.5.tar.gz) = 15671925 bytes | |
6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | 6 | SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 | |
7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | 7 | SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a | |
8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | 8 | SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 | |
9 | SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a | |||
10 | SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a | |||
9 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 | 11 | SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044 |
$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
patch for XSA-104/CVE-2014-7154, from Xen Security Advisory
--- xen/arch/x86/mm/shadow/common.c.orig 2014-09-02 08:22:57.000000000 +0200
+++ xen/arch/x86/mm/shadow/common.c 2014-09-26 11:18:02.000000000 +0200
@@ -3601,7 +3601,7 @@
int flush_tlb = 0;
unsigned long i;
p2m_type_t t;
- struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
+ struct sh_dirty_vram *dirty_vram;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
@@ -3611,6 +3611,8 @@
p2m_lock(p2m_get_hostp2m(d));
paging_lock(d);
+ dirty_vram = d->arch.hvm_domain.dirty_vram;
+
if ( dirty_vram && (!nr ||
( begin_pfn != dirty_vram->begin_pfn
|| end_pfn != dirty_vram->end_pfn )) )
$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156,
from Xen Security Advisory
--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2014-09-26 11:53:50.000000000 +0200
+++ xen/arch/x86/x86_emulate/x86_emulate.c 2014-09-26 11:53:43.000000000 +0200
@@ -2616,6 +2616,7 @@
case 0xcd: /* int imm8 */
src.val = insn_fetch_type(uint8_t);
swint:
+ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
fail_if(ops->inject_sw_interrupt == NULL);
rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
ctxt) ? : X86EMUL_EXCEPTION;
@@ -3296,6 +3297,7 @@
goto swint;
case 0xf4: /* hlt */
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
ctxt->retire.flags.hlt = 1;
break;
@@ -3721,6 +3723,7 @@
break;
case 2: /* lgdt */
case 3: /* lidt */
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
fail_if(ops->write_segment == NULL);
memset(®, 0, sizeof(reg));
@@ -3749,6 +3752,7 @@
case 6: /* lmsw */
fail_if(ops->read_cr == NULL);
fail_if(ops->write_cr == NULL);
+ generate_exception_if(!mode_ring0(), EXC_GP, 0);
if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
goto done;
if ( ea.type == OP_REG )
@@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
1 | $NetBSD: distinfo,v 1.11 2014/09/17 20:32:36 bouyer Exp $ | 1 | $NetBSD: distinfo,v 1.12 2014/09/26 10:39:31 bouyer Exp $ | |
2 | 2 | |||
3 | SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 | 3 | SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485 | |
4 | RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 | 4 | RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547 | |
5 | Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes | 5 | Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes | |
6 | SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1 | 6 | SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a | |
7 | RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f | 7 | RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19 | |
8 | Size (xen-4.2.4.tar.gz) = 15663999 bytes | 8 | Size (xen-4.2.5.tar.gz) = 15671925 bytes | |
9 | SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb | 9 | SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb | |
10 | SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 | 10 | SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808 | |
11 | SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b | 11 | SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b | |
12 | SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba | 12 | SHA1 (patch-.._.._ipxe_src_core_settings.c) = 240ff973757403b983f12b2cbed826584c4a8aba | |
13 | SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43 | 13 | SHA1 (patch-.._.._ipxe_src_drivers_net_ath5k_ath5k_qcu.c) = eb86106d05d5cc3300b7b57b0e0c2fdd338bbf43 | |
14 | SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704 | 14 | SHA1 (patch-.._.._ipxe_src_drivers_net_ns83820.c) = fbdfc47949f4946174b705d41d2b6c4405a68704 | |
15 | SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299 | 15 | SHA1 (patch-.._.._ipxe_src_drivers_net_tulip.c) = 0d9370c64e5e6bf15a5b87944e03333a10e4a299 | |
16 | SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3 | 16 | SHA1 (patch-.._.._ipxe_src_net_tls.c) = 893c70515bc4cb0d4d9319fd94eddc4945f6a0b3 | |
17 | SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80 | 17 | SHA1 (patch-.._Config.mk) = ec5ba76be10e43cb1b2d37686e35d5fb81d8de80 | |
18 | SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 | 18 | SHA1 (patch-.._config_NetBSD.mk) = 90893326dcce4e3e2ef273f22ec5ddf5af0f7cd8 | |
19 | SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f | 19 | SHA1 (patch-.._config_StdGNU.mk) = 3f93999038bd9d25277803cd1d969dc5733b593f | |
20 | SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020 | 20 | SHA1 (patch-.._docs_man_xend-config.sxp.pod.5) = 36afc7b063f83adfe5b927ed0be586b102684020 | |
21 | SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc | 21 | SHA1 (patch-.._docs_man_xl.cfg.pod.5) = 8f580bc91f346167999d91a279855c6e2710a8cc |