Subject: CVS commit: [pkgsrc-2014Q2] pkgsrc/sysutils
From: Matthias Scheler
Date: 2014-09-28 15:28:58
Message id: 20140928132858.96DA89A@cvs.netbsd.org
Log Message:
Pullup ticket #4506 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.8
- sysutils/xenkernel42/distinfo                                 1.6
- sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1
- sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1
- sysutils/xentools42/Makefile                                  1.23
- sysutils/xentools42/distinfo                                  1.12

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:39:32 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   	pkgsrc/sysutils/xentools42: distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches:
   	    patch-xen_arch_x86_mm_shadow_common.c
   	    patch-xen_arch_x86_x86_emulate_x86_emulate.c

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:40:45 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xentools42: Makefile

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts
Files:
RevisionActionfile
1.7.2.1modifypkgsrc/sysutils/xenkernel42/Makefile
1.5.4.1modifypkgsrc/sysutils/xenkernel42/distinfo
1.22.2.1modifypkgsrc/sysutils/xentools42/Makefile
1.10.4.1modifypkgsrc/sysutils/xentools42/distinfo
1.1.2.2addpkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
1.1.2.2addpkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c