CVS commit: [pkgsrc-2014Q2] pkgsrc/sysutils

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Sep 28 13:28:58 UTC 2014

Modified Files:
        pkgsrc/sysutils/xenkernel42 [pkgsrc-2014Q2]: Makefile distinfo
        pkgsrc/sysutils/xentools42 [pkgsrc-2014Q2]: Makefile distinfo
Added Files:
        pkgsrc/sysutils/xenkernel42/patches [pkgsrc-2014Q2]:
            patch-xen_arch_x86_mm_shadow_common.c
            patch-xen_arch_x86_x86_emulate_x86_emulate.c

Log Message:
Pullup ticket #4506 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.8
- sysutils/xenkernel42/distinfo                                 1.6
- sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1
- sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1
- sysutils/xentools42/Makefile                                  1.23
- sysutils/xentools42/distinfo                                  1.12

---
   Module Name: pkgsrc
   Committed By:        bouyer
   Date:                Fri Sep 26 10:39:32 UTC 2014

   Modified Files:
        pkgsrc/sysutils/xenkernel42: Makefile distinfo
        pkgsrc/sysutils/xentools42: distinfo
   Added Files:
        pkgsrc/sysutils/xenkernel42/patches:
            patch-xen_arch_x86_mm_shadow_common.c
            patch-xen_arch_x86_x86_emulate_x86_emulate.c

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

---
   Module Name: pkgsrc
   Committed By:        bouyer
   Date:                Fri Sep 26 10:40:45 UTC 2014

   Modified Files:
        pkgsrc/sysutils/xentools42: Makefile

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.2.1 pkgsrc/sysutils/xenkernel42/Makefile
cvs rdiff -u -r1.5 -r1.5.4.1 pkgsrc/sysutils/xenkernel42/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c \
    pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
cvs rdiff -u -r1.22 -r1.22.2.1 pkgsrc/sysutils/xentools42/Makefile
cvs rdiff -u -r1.10 -r1.10.4.1 pkgsrc/sysutils/xentools42/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.