[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel41 xsa123-4.3-4.2.patch from upstream:

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e7414f40aaa1
branches:  trunk
changeset: 648076:e7414f40aaa1
user:      spz <spz%pkgsrc.org@localhost>
date:      Tue Mar 10 20:27:16 2015 +0000

description:
xsa123-4.3-4.2.patch from upstream:

x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.

diffstat:

 sysutils/xenkernel41/Makefile                    |   4 ++--
 sysutils/xenkernel41/distinfo                    |   3 ++-
 sysutils/xenkernel41/patches/patch-CVE-2015-2151 |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (58 lines):

diff -r 12fbd06a57cb -r e7414f40aaa1 sysutils/xenkernel41/Makefile
--- a/sysutils/xenkernel41/Makefile     Tue Mar 10 20:08:43 2015 +0000
+++ b/sysutils/xenkernel41/Makefile     Tue Mar 10 20:27:16 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.43 2015/03/05 16:37:16 spz Exp $
+# $NetBSD: Makefile,v 1.44 2015/03/10 20:27:16 spz Exp $
 
 VERSION=       4.1.6.1
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel41-${VERSION}
-PKGREVISION=   14
+PKGREVISION=   15
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r 12fbd06a57cb -r e7414f40aaa1 sysutils/xenkernel41/distinfo
--- a/sysutils/xenkernel41/distinfo     Tue Mar 10 20:08:43 2015 +0000
+++ b/sysutils/xenkernel41/distinfo     Tue Mar 10 20:27:16 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2015/03/05 16:37:16 spz Exp $
+$NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $
 
 SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0
 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19
@@ -27,6 +27,7 @@
 SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4
 SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60
 SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7
+SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
diff -r 12fbd06a57cb -r e7414f40aaa1 sysutils/xenkernel41/patches/patch-CVE-2015-2151
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel41/patches/patch-CVE-2015-2151  Tue Mar 10 20:27:16 2015 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:27:16 spz Exp $
+
+xsa123-4.3-4.2.patch from upstream:
+x86emul: fully ignore segment override for register-only operations
+
+For ModRM encoded instructions with register operands we must not
+overwrite ea.mem.seg (if a - bogus in that case - segment override was
+present) as it aliases with ea.reg.
+
+This is CVE-2015-2151 / XSA-123.
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig        2015-03-10 20:10:23.000000000 +0000
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1462,7 +1462,7 @@ x86_emulate(
+         }
+     }
+ 
+-    if ( override_seg != -1 )
++    if ( override_seg != -1 && ea.type == OP_MEM )
+         ea.mem.seg = override_seg;
+ 
+     /* Decode and fetch the source operand: register, memory or immediate. */