aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-10-02 14:37:50 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-10-14 07:58:25 +0000
commit1c0379e85192c0cbfe5d8b88f449726f4f327496 (patch)
tree7a65bc8b7a047560ffa4d92e361d4fbb8d56c5c7 /main
parent392088ed6d49bea38f85f3a7d5b7eae0fa269582 (diff)
downloadaports-1c0379e85192c0cbfe5d8b88f449726f4f327496.tar.bz2
aports-1c0379e85192c0cbfe5d8b88f449726f4f327496.tar.xz
main/xen: upgrade to 4.3.3 and fix CVE-2014-7188
The following critical vulnerabilities have been fixed: - CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible - CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created - CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection - CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests Also add patch for xsa108: - CVE-2014-7188: Improper MSR range used for x2APIC emulation. fixes #3415
Diffstat (limited to 'main')
-rw-r--r--main/xen/APKBUILD12
-rw-r--r--main/xen/xsa108.patch36
2 files changed, 44 insertions, 4 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 73cab5b960..4012d7d0bd 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
-pkgver=4.3.2
+pkgver=4.3.3
pkgrel=0
pkgdesc="Xen hypervisor"
url="http://www.xen.org/"
@@ -25,6 +25,7 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
xsa41c.patch
xsa97-hap-4_3.patch
+ xsa108.patch
fix-pod2man-choking.patch
@@ -185,7 +186,7 @@ xend() {
-exec mv '{}' "$subpkgdir"/"$sitepackages"/xen \;
}
-md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz
+md5sums="1b4438a50d8875700ac2c7e1ffbcd91b xen-4.3.3.tar.gz
2dc5ddf47c53ea168729975046c3c1f9 librt.patch
1ccde6b36a6f9542a16d998204dc9a22 qemu-xen_paths.patch
6dcff640268d514fa9164b4c812cc52d docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -193,6 +194,7 @@ md5sums="83e0e13678383e4fbcaa69ce6064b187 xen-4.3.2.tar.gz
ed7d0399c6ca6aeee479da5d8f807fe0 xsa41b.patch
2f3dd7bdc59d104370066d6582725575 xsa41c.patch
8b0feffc89e3f34d835d60ad62688b30 xsa97-hap-4_3.patch
+1f66f6c52941309c825f60e1bf144987 xsa108.patch
4c5455d1adc09752a835e241097fbc39 fix-pod2man-choking.patch
a4097e06a7e000ed00f4607db014d277 qemu-xen-websocket.patch
35bdea1d4e3ae2565edc7e40906efdd5 qemu-xen-tls-websockets.patch
@@ -212,7 +214,7 @@ fa8c72b42e0479d521a353386d8543ef xendomains.initd
9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate
6a2f777c16678d84039acf670d86fff6 xenqemu.confd
f9afbf39e2b5a7d9dde60ebbd249ea7d xenqemu.initd"
-sha256sums="17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69 xen-4.3.2.tar.gz
+sha256sums="59eb0e1c4a1f66965fe56dcf27cdb5872bf7e0585b7f2e60bd7967ec7f744ebf xen-4.3.3.tar.gz
12bf32f9937b09283f2df4955b50d6739768f66137a7d991f661f45cf77cb53b librt.patch
9440ca31a6911201f02694e93faafb5ca9b17de18b7f15b53ceac39a03411b4a qemu-xen_paths.patch
a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -220,6 +222,7 @@ a0c225d716d343fe041b63e3940900c5b3573ed3bcfc5b7c2d52ea2861c3fc28 docs-Fix-gener
896a07f57310c9bea9bc2a305166cf796282c381cb7839be49105b1726a860b5 xsa41b.patch
683dd96a0a8899f794070c8c09643dfeeb39f92da531955cba961b45f6075914 xsa41c.patch
cfab6521221a5058a0dfbb6d59c3c4cd0e7f4239bb6cbee2723de22c33caafda xsa97-hap-4_3.patch
+cf7ecf4b4680c09e8b1f03980d8350a0e1e7eb03060031788f972e0d4d47203e xsa108.patch
fcb5b9ff0bc4b4d39fed9b88891491b91628aa449914cfea321abe5da24c1da2 fix-pod2man-choking.patch
e9f6c482fc449e0b540657a8988ad31f2e680b8933e50e6486687a52f6a9ed04 qemu-xen-websocket.patch
435dd428d83acdfde58888532a1cece1e9075b2a2460fe3f6cd33c7d400f2715 qemu-xen-tls-websockets.patch
@@ -239,7 +242,7 @@ a50a4485e84bcc098ad021556cd2aa7947c228f0a546ab942e880787ced57be3 xend.initd
0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate
4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd
bf17808a79c57a9efc38b9f14cc87f556b2bb7ecfdec5763d9cf686255a47fce xenqemu.initd"
-sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302 xen-4.3.2.tar.gz
+sha512sums="cd9b7199d2859a856c719b75ee50a059c480f7493bbc493bcc3701d20321bd6d83c6fe1dd58e7b37695639bccf15e6420fb52f7e699586e7750ea665e99f82fc xen-4.3.3.tar.gz
74e3cfc51e367fc445cb3d8149f0c8830e94719a266daf04d2cd0889864591860c4c8842de2bc78070e4c5be7d14dfbb8b236c511d5faeddc2ad97177c1d3764 librt.patch
425149aea57a6deae9f488cea867f125983998dc6e8c63893fb3b9caf0ea34214251dd98ad74db823f5168631c44c49b988b6fe9c11b76bd493ddf51bc0baaa2 qemu-xen_paths.patch
477d3d08bd4fcdfbc54abea1a18acb6a41d298c366cd01c954f474515cb862d0dd59217c0dfca5460a725a8bc036de42132f522c3eefdffcc4fd511f016b783f docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@@ -247,6 +250,7 @@ sha512sums="ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f6649
bda9105793f2327e1317991762120d0668af0e964076b18c9fdbfd509984b2e88d85df95702c46b2e00d5350e8113f6aa7b34b19064d19abbeb4d43f0c431d38 xsa41b.patch
36b60478660ff7748328f5ab9adff13286eee1a1bad06e42fdf7e6aafe105103988525725aacd660cf5b2a184a9e2d6b3818655203c1fa07e07dcebdf23f35d9 xsa41c.patch
acfd1058632d42bef061a9586565d184c0010d74870a25bc9b0a0bf40dda8abfd882056b8340dec45355efd9326d05f92a933f5d5c1c58e97597a8e88c61c639 xsa97-hap-4_3.patch
+f511a13ee4223ea2fa9d109fea1802b462f178d3be7de630aeba6eb40ef5d17c7db9d3b99ea414c5794d92d181a60c0bd2061f51987c6deb3a9071f5626fd049 xsa108.patch
2e95ad43bb66f928fe1e8caf474a3211571f75f79ea32aaa3eddb3aed9963444bd131006b67e682395af0d79118b2634bf808404693b813a94662d2a9d665ac2 fix-pod2man-choking.patch
45f1da45f3ff937d0a626e37c130d76f5b97f49a57ddeb11ef2a8e850c04c32c819a3dfcef501eb3784db5fe7b39c88230063e56aa6e5197fd9c7b7d424fff77 qemu-xen-websocket.patch
11eaccc346440ff285552f204d491e3b31bda1665c3219ecae3061b5d55db9dec885af0c031fa19c67e87bbe238002b1911bbd5bfea2f2ba0d61e6b3d0c952c9 qemu-xen-tls-websockets.patch
diff --git a/main/xen/xsa108.patch b/main/xen/xsa108.patch
new file mode 100644
index 0000000000..e162185789
--- /dev/null
+++ b/main/xen/xsa108.patch
@@ -0,0 +1,36 @@
+x86/HVM: properly bound x2APIC MSR range
+
+While the write path change appears to be purely cosmetic (but still
+gets done here for consistency), the read side mistake permitted
+accesses beyond the virtual APIC page.
+
+Note that while this isn't fully in line with the specification
+(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal
+possible fix addressing the security issue and getting x2APIC related
+code into a consistent shape (elsewhere a 256 rather than 1024 wide
+window is being used too). This will be dealt with subsequently.
+
+This is XSA-108.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/hvm/hvm.c
++++ b/xen/arch/x86/hvm/hvm.c
+@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int
+ *msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_read(v, msr, msr_content) )
+ goto gp_fault;
+ break;
+@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int
+ vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content);
+ break;
+
+- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff:
++ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff:
+ if ( hvm_x2apic_msr_write(v, msr, msr_content) )
+ goto gp_fault;
+ break;