[src/netbsd-8]: src/doc 258, 270

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/05281be76cfa
branches:  netbsd-8
changeset: 851013:05281be76cfa
user:      snj <snj%NetBSD.org@localhost>
date:      Sat Sep 09 17:38:24 2017 +0000

description:
258, 270

diffstat:

 doc/CHANGES-8.0 |  21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)

diffs (32 lines):

diff -r d22809a7d0b8 -r 05281be76cfa doc/CHANGES-8.0
--- a/doc/CHANGES-8.0   Sat Sep 09 17:29:40 2017 +0000
+++ b/doc/CHANGES-8.0   Sat Sep 09 17:38:24 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-8.0,v 1.1.2.56 2017/09/04 20:47:59 snj Exp $
+# $NetBSD: CHANGES-8.0,v 1.1.2.57 2017/09/09 17:38:24 snj Exp $
 
 A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04
 until the 8.0 release:
@@ -5787,3 +5787,22 @@
        reduce the diff with SMAP.
        [maxv, ticket #257]
 
+sys/compat/linux32/arch/amd64/linux32_machdep.c        1.39
+
+       Fix a ring0 escalation vulnerability in compat_linux32 where the
+       index of %cs is controlled by userland, making it easy to trigger
+       the page fault and get kernel privileges.
+       [maxv, ticket #270]
+
+sys/arch/amd64/conf/ALL                                1.68
+sys/arch/i386/conf/ALL                         1.428
+sys/arch/i386/i386/i386_trap.S                 1.12
+sys/arch/i386/i386/locore.S                    1.149-1.150
+sys/arch/x86/x86/sys_machdep.c                 1.38
+
+       i386:
+       - use a proper stack for multiboot
+       - use %ss instead of %ds in trap06
+       - reject call gates in the LDT, and remove LDT_DEBUG
+       [maxv, ticket #258]
+