[pkgsrc/trunk]: pkgsrc/sysutils/xenkernel45 xsa123.patch from upstream:

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/sysutils/xenkernel45 xsa123.patch from upstream:
From: spz <spz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 17:30:28 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/12fbd06a57cb
branches:  trunk
changeset: 648075:12fbd06a57cb
user:      spz <spz%pkgsrc.org@localhost>
date:      Tue Mar 10 20:08:43 2015 +0000

description:
xsa123.patch from upstream:
x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.

diffstat:

 sysutils/xenkernel45/Makefile                    |   4 ++--
 sysutils/xenkernel45/distinfo                    |   3 ++-
 sysutils/xenkernel45/patches/patch-CVE-2015-2151 |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r 78e61b0559a7 -r 12fbd06a57cb sysutils/xenkernel45/Makefile
--- a/sysutils/xenkernel45/Makefile     Tue Mar 10 19:57:18 2015 +0000
+++ b/sysutils/xenkernel45/Makefile     Tue Mar 10 20:08:43 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.4 2015/03/05 14:21:31 spz Exp $
+# $NetBSD: Makefile,v 1.5 2015/03/10 20:08:43 spz Exp $
 
 VERSION=       4.5.0
 DISTNAME=      xen-${VERSION}
 PKGNAME=       xenkernel45-${VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    sysutils
 MASTER_SITES=  http://bits.xensource.com/oss-xen/release/${VERSION}/
 
diff -r 78e61b0559a7 -r 12fbd06a57cb sysutils/xenkernel45/distinfo
--- a/sysutils/xenkernel45/distinfo     Tue Mar 10 19:57:18 2015 +0000
+++ b/sysutils/xenkernel45/distinfo     Tue Mar 10 20:08:43 2015 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.3 2015/03/05 14:21:31 spz Exp $
+$NetBSD: distinfo,v 1.4 2015/03/10 20:08:43 spz Exp $
 
 SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637
 RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45
 Size (xen-4.5.0.tar.gz) = 18404933 bytes
 SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d
 SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52
+SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a
 SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf
 SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe
 SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154
diff -r 78e61b0559a7 -r 12fbd06a57cb sysutils/xenkernel45/patches/patch-CVE-2015-2151
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2151  Tue Mar 10 20:08:43 2015 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:08:44 spz Exp $
+
+xsa123.patch from upstream:
+For ModRM encoded instructions with register operands we must not
+overwrite ea.mem.seg (if a - bogus in that case - segment override was
+present) as it aliases with ea.reg.
+
+This is CVE-2015-2151 / XSA-123.
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig        2015-01-12 16:53:24.000000000 +0000
++++ xen/arch/x86/x86_emulate/x86_emulate.c
+@@ -1756,7 +1756,7 @@ x86_emulate(
+         }
+     }
+ 
+-    if ( override_seg != -1 )
++    if ( override_seg != -1 && ea.type == OP_MEM )
+         ea.mem.seg = override_seg;
+ 
+     /* Early operand adjustments. */

Prev by Date: [pkgsrc/trunk]: pkgsrc/games/wesnoth (pkgsrc)
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated www/moodle to 2.8.5
Previous by Thread: [pkgsrc/trunk]: pkgsrc/games/wesnoth (pkgsrc)
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated www/moodle to 2.8.5
Indexes:

Home | Main Index | Thread Index | Old Index