aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-10-02 14:37:50 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-10-02 14:40:34 +0000
commit60ab8e12aecd5f2691495bcc3a8bf5b956777c33 (patch)
tree75c9517d0ca76144c4750858454f30b377f59020
parent4c57113c71d286a57c2f4e487260597d04319902 (diff)
downloadaports-60ab8e12aecd5f2691495bcc3a8bf5b956777c33.tar.bz2
aports-60ab8e12aecd5f2691495bcc3a8bf5b956777c33.tar.xz
main/xen: upgrade to 4.3.3 and fix CVE-2014-7188
The following critical vulnerabilities have been fixed: - CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible - CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created - CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection - CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests Also add patch for xsa108: - CVE-2014-7188: Improper MSR range used for x2APIC emulation. ref #3412
-rw-r--r--main/xen/APKBUILD15
-rw-r--r--main/xen/xsa108.patch36
2 files changed, 45 insertions, 6 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 4cbc9882cd..c92474a55d 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
-pkgver=4.3.2
-pkgrel=4
+pkgver=4.3.3
+pkgrel=0
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
arch="x86_64"
@@ -24,9 +24,9 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xsa41.patch
xsa41b.patch
xsa41c.patch
- xsa97-hap-4_3.patch
xsa97-hap-4_3.patch
+ xsa108.patch
fix-pod2man-choking.patch
@@ -207,7 +207,7 @@ xend() {
-exec mv '{}' "$subpkgdir"/"$sitepackages"/xen \;
}
-md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz
+md5sums="1b4438a50d8875700ac2c7e1ffbcd91b xen-4.3.3.tar.gz
2dc5ddf47c53ea168729975046c3c1f9 librt.patch
1ccde6b36a6f9542a16d998204dc9a22 qemu-xen_paths.patch
6dcff640268d514fa9164b4c812cc52d docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -215,6 +215,7 @@ md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz
ed7d0399c6ca6aeee479da5d8f807fe0 xsa41b.patch
2f3dd7bdc59d104370066d6582725575 xsa41c.patch
8b0feffc89e3f34d835d60ad62688b30 xsa97-hap-4_3.patch
+1f66f6c52941309c825f60e1bf144987 xsa108.patch
4c5455d1adc09752a835e241097fbc39 fix-pod2man-choking.patch
a4097e06a7e000ed00f4607db014d277 qemu-xen-websocket.patch
35bdea1d4e3ae2565edc7e40906efdd5 qemu-xen-tls-websockets.patch
@@ -239,7 +240,7 @@ ec2252c72050d7d5870a3a629b873ba6 xenconsoled.confd
9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate
6a2f777c16678d84039acf670d86fff6 xenqemu.confd
f9afbf39e2b5a7d9dde60ebbd249ea7d xenqemu.initd"
-sha256sums="17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 xen-4.3.2.tar.gz
+sha256sums="59eb0e1c4a1f66965fe56dcf27cdb5872bf7e0585b7f2e60bd7967ec7f744ebf xen-4.3.3.tar.gz
12bf32f9937b09283f2df4955b50d6739768f66137a7d991f661f45cf77cb53b librt.patch
9440ca31a6911201f02694e93faafb5ca9b17de18b7f15b53ceac39a03411b4a qemu-xen_paths.patch
a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -247,6 +248,7 @@ a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-gener
896a07f57310c9bea9bc2a305166cf796282c381cb7839be49105b1726a860b5 xsa41b.patch
683dd96a0a8899f794070c8c09643dfeeb39f92da531955cba961b45f6075914 xsa41c.patch
cfab6521221a5058a0dfbb6d59c3c4cd0e7f4239bb6cbee2723de22c33caafda xsa97-hap-4_3.patch
+cf7ecf4b4680c09e8b1f03980d8350a0e1e7eb03060031788f972e0d4d47203e xsa108.patch
fcb5b9ff0bc4b4d39fed9b88891491b91628aa449914cfea321abe5da24c1da2 fix-pod2man-choking.patch
e9f6c482fc449e0b540657a8988ad31f2e680b8933e50e6486687a52f6a9ed04 qemu-xen-websocket.patch
435dd428d83acdfde58888532a1cece1e9075b2a2460fe3f6cd33c7d400f2715 qemu-xen-tls-websockets.patch
@@ -271,7 +273,7 @@ c304a6353ba1daebd0547bb57e9ffffc2c90465d6abe7469cfdacf61c5108eab xendomains.ini
0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate
4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd
bf17808a79c57a9efc38b9f14cc87f556b2bb7ecfdec5763d9cf686255a47fce xenqemu.initd"
-sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 xen-4.3.2.tar.gz
+sha512sums="cd9b7199d2859a856c719b75ee50a059c480f7493bbc493bcc3701d20321bd6d83c6fe1dd58e7b37695639bccf15e6420fb52f7e699586e7750ea665e99f82fc xen-4.3.3.tar.gz
74e3cfc51e367fc445cb3d8149f0c8830e94719a266daf04d2cd0889864591860c4c8842de2bc78070e4c5be7d14dfbb8b236c511d5faeddc2ad97177c1d3764 librt.patch
425149aea57a6deae9f488cea867f125983998dc6e8c63893fb3b9caf0ea34214251dd98ad74db823f5168631c44c49b988b6fe9c11b76bd493ddf51bc0baaa2 qemu-xen_paths.patch
477d3d08bd4fcdfbc54abea1a18acb6a41d298c366cd01c954f474515cb862d0dd59217c0dfca5460a725a8bc036de42132f522c3eefdffcc4fd511f016b783f docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -279,6 +281,7 @@ sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f6649
bda9105793f2327e1317991762120d0668af0e964076b18c9fdbfd509984b2e88d85df95702c46b2e00d5350e8113f6aa7b34b19064d19abbeb4d43f0c431d38 xsa41b.patch
36b60478660ff7748328f5ab9adff13286eee1a1bad06e42fdf7e6aafe105103988525725aacd660cf5b2a184a9e2d6b3818655203c1fa07e07dcebdf23f35d9 xsa41c.patch
acfd1058632d42bef061a9586565d184c0010d74870a25bc9b0a0bf40dda8abfd882056b8340dec45355efd9326d05f92a933f5d5c1c58e97597a8e88c61c639 xsa97-hap-4_3.patch
+f511a13ee4223ea2fa9d109fea1802b462f178d3be7de630aeba6eb40ef5d17c7db9d3b99ea414c5794d92d181a60c0bd2061f51987c6deb3a9071f5626fd049 xsa108.patch
2e95ad43bb66f928fe1e8caf474a3211571f75f79ea32aaa3eddb3aed9963444bd131006b67e682395af0d79118b2634bf808404693b813a94662d2a9d665ac2 fix-pod2man-choking.patch
45f1da45f3ff937d0a626e37c130d76f5b97f49a57ddeb11ef2a8e850c04c32c819a3dfcef501eb3784db5fe7b39c88230063e56aa6e5197fd9c7b7d424fff77 qemu-xen-websocket.patch
11eaccc346440ff285552f204d491e3b31bda1665c3219ecae3061b5d55db9dec885af0c031fa19c67e87bbe238002b1911bbd5bfea2f2ba0d61e6b3d0c952c9 qemu-xen-tls-websockets.patch
diff --git a/main/xen/xsa108.patch b/main/xen/xsa108.patch
new file mode 100644
index 0000000000..e162185789
--- /dev/null
+++ b/main/xen/xsa108.patch
@@ -0,0 +1,36 @@
+x86/HVM: properly bound x2APIC MSR range
+
+While the write path change appears to be purely cosmetic (but still
+gets done here for consistency), the read side mistake permitted
+accesses beyond the virtual APIC page.
+
+Note that while this isn't fully in line with the specification
+(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
+possible fix addressing the security issue and getting x2APIC related
+code into a consistent shape (elsewhere a 256 rather than 1024 wide
+window is being used too). This will be dealt with subsequently.
+
+This is XSA-108.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int
+ *msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_read(v, msr, msr_content) )
+ goto gp_fault;
+ break;
+@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int
+ vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_write(v, msr, msr_content) )
+ goto gp_fault;
+ break;