Fri Sep 26 10:40:45 2014 UTC ()
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
  created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts


(bouyer)
diff -r1.22 -r1.23 pkgsrc/sysutils/xentools42/Makefile
cvs diff -r1.22 -r1.23 pkgsrc/sysutils/xentools42/Attic/Makefile (expand / switch to context diff)
--- pkgsrc/sysutils/xentools42/Attic/Makefile 2014/05/29 23:37:32 1.22
+++ pkgsrc/sysutils/xentools42/Attic/Makefile 2014/09/26 10:40:45 1.23
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2014/09/26 10:40:45 bouyer Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 VERSION_IPXE=	1.0.0
 
 DISTNAME=		xen-${VERSION}
 PKGNAME=		xentools42-${VERSION}
-PKGREVISION=		2
+#PKGREVISION=		2
 CATEGORIES=		sysutils
 MASTER_SITES=		http://bits.xensource.com/oss-xen/release/${VERSION}/