head 1.48; access; symbols pkgsrc-2016Q4:1.47.0.2 pkgsrc-2016Q4-base:1.47 pkgsrc-2016Q3:1.44.0.2 pkgsrc-2016Q3-base:1.44 pkgsrc-2016Q2:1.42.0.4 pkgsrc-2016Q2-base:1.42 pkgsrc-2016Q1:1.42.0.2 pkgsrc-2016Q1-base:1.42 pkgsrc-2015Q4:1.39.0.2 pkgsrc-2015Q4-base:1.39 pkgsrc-2015Q3:1.37.0.2 pkgsrc-2015Q3-base:1.37 pkgsrc-2015Q2:1.36.0.2 pkgsrc-2015Q2-base:1.36 pkgsrc-2015Q1:1.35.0.2 pkgsrc-2015Q1-base:1.35 pkgsrc-2014Q4:1.33.0.2 pkgsrc-2014Q4-base:1.33 pkgsrc-2014Q3:1.30.0.2 pkgsrc-2014Q3-base:1.30 pkgsrc-2014Q2:1.29.0.2 pkgsrc-2014Q2-base:1.29 pkgsrc-2014Q1:1.27.0.2 pkgsrc-2014Q1-base:1.27 pkgsrc-2013Q4:1.24.0.2 pkgsrc-2013Q4-base:1.24 pkgsrc-2013Q3:1.19.0.2 pkgsrc-2013Q3-base:1.19 pkgsrc-2013Q2:1.17.0.2 pkgsrc-2013Q2-base:1.17 pkgsrc-2013Q1:1.14.0.2 pkgsrc-2013Q1-base:1.14 pkgsrc-2012Q4:1.12.0.2 pkgsrc-2012Q4-base:1.12 pkgsrc-2012Q3:1.10.0.2 pkgsrc-2012Q3-base:1.10 pkgsrc-2012Q2:1.7.0.2 pkgsrc-2012Q2-base:1.7 pkgsrc-2012Q1:1.6.0.4 pkgsrc-2012Q1-base:1.6 pkgsrc-2011Q4:1.6.0.2 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q3:1.5.0.2 pkgsrc-2011Q3-base:1.5 pkgsrc-2011Q2:1.4.0.2 pkgsrc-2011Q2-base:1.4 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.48 date 2016.12.29.19.13.01; author wiz; state dead; branches; next 1.47; commitid kFYPk8EnajcmFUzz; 1.47 date 2016.12.21.15.35.44; author bouyer; state Exp; branches; next 1.46; commitid 5zvw6vgCfmRBIRyz; 1.46 date 2016.12.20.10.22.28; author bouyer; state Exp; branches; next 1.45; commitid TxndvKOzkEv91Iyz; 1.45 date 2016.11.22.20.53.40; author bouyer; state Exp; branches; next 1.44; commitid o5sczsI7INv1pavz; 1.44 date 2016.09.08.15.41.01; author bouyer; state Exp; branches; next 1.43; commitid c9X7FynnoqZn5vlz; 1.43 date 2016.07.26.15.59.20; author bouyer; state Exp; branches; next 1.42; commitid 3F8y2c70AJcMBQfz; 1.42 date 2016.03.01.20.09.04; author joerg; state Exp; branches 1.42.4.1; next 1.41; commitid IyPYFN2HCv5nIYWy; 1.41 date 2016.01.07.17.55.55; author bouyer; state Exp; branches; next 1.40; commitid nI5CmqYKUfq6I1Qy; 1.40 date 2015.12.29.04.04.31; author dholland; state Exp; branches; next 1.39; commitid MGywJcTuFA0OoNOy; 1.39 date 2015.11.04.01.32.39; author agc; state Exp; branches 1.39.2.1; next 1.38; commitid 3edk4yRlu0C2kIHy; 1.38 date 2015.10.29.20.29.56; author bouyer; state Exp; branches; next 1.37; commitid PiMumYjtNfJgO2Hy; 1.37 date 2015.09.14.13.36.29; author joerg; state Exp; branches 1.37.2.1; next 1.36; commitid TCYzv9ggIuiwYdBy; 1.36 date 2015.04.19.13.13.20; author spz; state Exp; branches; next 1.35; commitid C4uc4kMktu1eBciy; 1.35 date 2015.03.10.20.27.16; author spz; state Exp; branches 1.35.2.1; next 1.34; commitid Mv7xrpIwfpz1i6dy; 1.34 date 2015.03.05.16.37.16; author spz; state Exp; branches; next 1.33; commitid GO71n8NLA3Lebrcy; 1.33 date 2014.12.21.17.34.24; author bouyer; state Exp; branches; next 1.32; commitid bbYIKoucqTLbSV2y; 1.32 date 2014.11.27.15.36.01; author bouyer; state Exp; branches; next 1.31; commitid LdhG8IFZZBWRYPZx; 1.31 date 2014.10.01.17.18.22; author drochner; state Exp; branches; next 1.30; commitid uQZFio3RHGgJnwSx; 1.30 date 2014.09.26.10.45.00; author bouyer; state Exp; branches; next 1.29; commitid R4afNEPClCK9nQRx; 1.29 date 2014.06.18.13.47.08; author drochner; state Exp; branches 1.29.2.1; next 1.28; commitid 2XlxW31RykxRA0Fx; 1.28 date 2014.05.05.13.39.10; author drochner; state Exp; branches; next 1.27; commitid fCmPMDBllSEAXlzx; 1.27 date 2014.03.28.16.07.08; author drochner; state Exp; branches; next 1.26; commitid fQVuxvisEXah0uux; 1.26 date 2014.02.20.17.37.25; author drochner; state Exp; branches; next 1.25; commitid k7qZ4sAC3yUKERpx; 1.25 date 2014.01.24.17.07.35; author drochner; state Exp; branches; next 1.24; commitid 1NnkckJgyxZrmomx; 1.24 date 2013.12.04.10.35.01; author drochner; state Exp; branches; next 1.23; commitid hw1WPb2QuNAxPNfx; 1.23 date 2013.11.29.19.29.58; author drochner; state Exp; branches; next 1.22; commitid wDkfBReSSkKIWcfx; 1.22 date 2013.11.23.14.04.59; author drochner; state Exp; branches; next 1.21; commitid 7Ss1qFqhvVsrlpex; 1.21 date 2013.10.22.19.41.58; author drochner; state Exp; branches; next 1.20; commitid 0FFM7GPUK22Rekax; 1.20 date 2013.10.01.14.54.44; author drochner; state Exp; branches; next 1.19; commitid 5JKxvOI8cbQPjB7x; 1.19 date 2013.09.11.18.00.33; author drochner; state Exp; branches; next 1.18; commitid 76aqq1Rgu8ITY25x; 1.18 date 2013.07.13.19.43.21; author joerg; state Exp; branches; next 1.17; commitid XwDvCirERMONulXw; 1.17 date 2013.05.03.16.48.37; author drochner; state Exp; branches; next 1.16; 1.16 date 2013.04.19.14.02.45; author bouyer; state Exp; branches; next 1.15; 1.15 date 2013.04.11.19.57.51; author joerg; state Exp; branches; next 1.14; 1.14 date 2013.01.20.15.21.54; author drochner; state Exp; branches 1.14.2.1; next 1.13; 1.13 date 2013.01.17.19.37.54; author drochner; state Exp; branches; next 1.12; 1.12 date 2012.12.05.19.16.26; author drochner; state Exp; branches; next 1.11; 1.11 date 2012.11.14.13.42.41; author drochner; state Exp; branches; next 1.10; 1.10 date 2012.09.12.11.04.17; author drochner; state Exp; branches; next 1.9; 1.9 date 2012.08.10.09.59.47; author drochner; state Exp; branches; next 1.8; 1.8 date 2012.07.27.18.50.34; author drochner; state Exp; branches; next 1.7; 1.7 date 2012.06.12.15.59.04; author bouyer; state Exp; branches 1.7.2.1; next 1.6; 1.6 date 2011.10.21.18.26.58; author cegger; state Exp; branches 1.6.4.1; next 1.5; 1.5 date 2011.08.14.20.42.40; author abs; state Exp; branches; next 1.4; 1.4 date 2011.06.16.13.02.50; author cegger; state Exp; branches; next 1.3; 1.3 date 2011.06.16.10.28.48; author cegger; state Exp; branches; next 1.2; 1.2 date 2011.05.07.07.11.22; author tnn; state Exp; branches; next 1.1; 1.1 date 2011.04.06.09.05.53; author cegger; state Exp; branches 1.1.1.1; next ; 1.42.4.1 date 2016.07.28.14.09.14; author spz; state Exp; branches; next ; commitid Wxv8FsHFtVj7W5gz; 1.39.2.1 date 2016.01.11.20.26.11; author bsiegert; state Exp; branches; next ; commitid wxtXbEOcW341qyQy; 1.37.2.1 date 2015.11.04.19.55.44; author bsiegert; state Exp; branches; next ; commitid 665AHWvA1hO4rOHy; 1.35.2.1 date 2015.04.29.21.11.12; author tron; state Exp; branches; next ; commitid XOJeB58WDS2DVwjy; 1.29.2.1 date 2014.09.28.12.07.10; author tron; state Exp; branches; next ; commitid 8pZmS45jOtauL6Sx; 1.14.2.1 date 2013.04.24.22.25.48; author tron; state Exp; branches; next ; 1.7.2.1 date 2012.07.31.18.29.37; author tron; state Exp; branches; next ; 1.6.4.1 date 2012.06.13.11.06.17; author tron; state Exp; branches; next ; 1.1.1.1 date 2011.04.06.09.05.53; author cegger; state Exp; branches; next ; desc @@ 1.48 log @Remove xenkernel and tools versions 3, 33, and 41. As discussed on pkgsrc-users. @ text @$NetBSD: distinfo,v 1.47 2016/12/21 15:35:44 bouyer Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 SHA512 (xen-4.1.6.1.tar.gz) = 5f6106514ffb57708009e3d6763824b13d9038699048d1a91fa09ad223e0391b92b6ea0f25714a0bbf8ac8373c58fc7871ca0bce9c3ff7873d41fb2eeae13ed8 Size (xen-4.1.6.1.tar.gz) = 10428485 bytes SHA1 (patch-CVE-2013-1442) = 7aa43513ea7cddc50b4e6802412cfc2903cce8e1 SHA1 (patch-CVE-2013-4355_1) = 56dde995d7df4f18576040007fd5532de61d9069 SHA1 (patch-CVE-2013-4355_2) = 70fd2f2e45a05a53d8ce7d0bd72b18165dd13509 SHA1 (patch-CVE-2013-4355_3) = 93f7bf877945e585fb906dbfc8159e688813c12f SHA1 (patch-CVE-2013-4355_4) = 88f478997d2631ec41adfd42a9d79f2d87bb44d8 SHA1 (patch-CVE-2013-4361) = b9074af976ba98c02aeb84288a10527bf7693241 SHA1 (patch-CVE-2013-4368) = 77caf392b472e5586eb2fa6a37d173cd856f6f15 SHA1 (patch-CVE-2013-4494) = d74dfc898d1128f3c205bd178c8cf663935711e3 SHA1 (patch-CVE-2013-4553) = 6708dcef1737b119a3fcf2e3414c22c115cbacc1 SHA1 (patch-CVE-2013-6885_1) = 18d155b2c76119988be32cfd43e3c4aa6a507b9d SHA1 (patch-CVE-2013-6885_2) = be3c99ba3e349492d45cd4f2fce0acc26ac1a96d SHA1 (patch-CVE-2014-1666) = acf27080799d4aae6a03b556caadb01081d5314e SHA1 (patch-CVE-2014-3124) = 0643b9b2b4bb3a976f59ec081e25f2b466e4fdba SHA1 (patch-CVE-2014-4021) = ee8ee800b35f7eaa242b06536c1ffa6568305b36 SHA1 (patch-CVE-2014-7154) = 5f0541559d911778aa5267bb5c0e1e8a9a3904e2 SHA1 (patch-CVE-2014-7155) = 0f1aa6a5d4fdb8403fc1e01b884491a63de501f8 SHA1 (patch-CVE-2014-7156) = 85043bdcf2644227d135f725cb442aade565c9d6 SHA1 (patch-CVE-2014-8594) = 39d9d220d89c2356fa745dad5bf8c7ef5e8f2516 SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80 SHA1 (patch-CVE-2014-8866) = ee0bc3afb767b50e973d6065b84adc7e51949def SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4 SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60 SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087 SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e SHA1 (patch-CVE-2015-8339) = e5485ab9e73fa9a63c566505b8de805530ac678e SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-XSA-166) = 24fccf8e30ccf910a128e5e0365800191a90524c SHA1 (patch-XSA-182) = 70a7a6175a4b87ffaf72cbc5a3932f076efa3f9c SHA1 (patch-XSA-185) = a2313922aa4dad734b96c80f64fe54eca3c14019 SHA1 (patch-XSA-187-1) = 55ea0c2d9c7d8d9476a5ab97342ff552be4faf56 SHA1 (patch-XSA-187-2) = e21b24771fa9417f593b8f6d1550660bbad36b98 SHA1 (patch-XSA-191) = 5da559e104543b8d22ea60378d9160d2ad83b8d0 SHA1 (patch-XSA-192) = b0f2801fe6db91c2a98b82897cdee057062c6c2b SHA1 (patch-XSA-195) = a04295b397126e1cc1f129bb3cb9fb872fcbb373 SHA1 (patch-XSA-200) = 2e5f6e3596fa754030af29a1dc8fafb738ad1da4 SHA1 (patch-XSA-202) = ceb6f02eb7f1a41243c6e47c4f1bbbc9626a8da5 SHA1 (patch-XSA-204) = 99e2b88b551d80724fcc27f925fbf65d3fc468de SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b SHA1 (patch-xen_arch_x86_time.c) = 2c69ac1cb5e0ca06c4f70acb91d2723a32ce98a9 SHA1 (patch-xen_drivers_char_console_c) = 0fe186369602ccffaeec6f4bfbee8bb4298d3ff0 SHA1 (patch-xen_drivers_passthrough_vtd_x86_ats.c) = 012ccbb27069c4f2e0361bd127397fdd22027f29 SHA1 (patch-xen_include_xen_stdarg.h) = e9df974a9b783ed442ab17497198432cb9844b70 @ 1.47 log @Apply patch backported from upstream, fixing XSA-202 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.46 2016/12/20 10:22:28 bouyer Exp $ @ 1.46 log @Apply upstream patch for XSA-199, XSA-200 and XSA-204. Bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.45 2016/11/22 20:53:40 bouyer Exp $ d48 1 a53 1 SHA1 (patch-xen_arch_x86_x86__64_entry.S) = 92bea7885c418e643bd9697abb9655bee9d1750b @ 1.45 log @Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198. Bump PKGREVISIONs @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.44 2016/09/08 15:41:01 bouyer Exp $ d47 2 @ 1.44 log @Backport upstream patches for security issues: XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests XSA-187: x86 HVM: Overflow of sh_ctxt->seg_reg[] bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.43 2016/07/26 15:59:20 bouyer Exp $ d44 3 @ 1.43 log @Apply security patch from XSA-182. Bump PKGREVISION xen 4.2 is not vulnerable to XSA-183. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.42 2016/03/01 20:09:04 joerg Exp $ d41 3 @ 1.42 log @Newer binutils requires cmpw access to %r11 to explicitly qualify the 16bit part as %r11w. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.41 2016/01/07 17:55:55 bouyer Exp $ d40 1 @ 1.42.4.1 log @Pullup ticket #5072 - requested by bouyer sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.50 - sysutils/xenkernel41/distinfo 1.43 - sysutils/xenkernel41/patches/patch-XSA-182 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bouyer Date: Tue Jul 26 15:59:20 UTC 2016 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-XSA-182 Log Message: Apply security patch from XSA-182. Bump PKGREVISION xen 4.2 is not vulnerable to XSA-183. To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/sysutils/xenkernel41/Makefile cvs rdiff -u -r1.42 -r1.43 pkgsrc/sysutils/xenkernel41/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel41/patches/patch-XSA-182 @ text @d1 1 a1 1 $NetBSD$ a39 1 SHA1 (patch-XSA-182) = 70a7a6175a4b87ffaf72cbc5a3932f076efa3f9c @ 1.41 log @Apply patches from Xen repository, fixing: CVE-2015-8339 and CVE-2015-8340 aka XSA-159 XSA-166 CVE-2015-8550 aka XSA-155 CVE-2015-8554 aka XSA-164 Bump pkgrevision @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.40 2015/12/29 04:04:31 dholland Exp $ d44 1 @ 1.40 log @Fix missing/broken rcsids. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.39 2015/11/04 01:32:39 agc Exp $ d37 1 d39 1 @ 1.39 log @Add SHA512 digests for distfiles for sysutils category Problems found with existing digests: Package memconf distfile memconf-2.16/memconf.gz b6f4b736cac388dddc5070670351cf7262aba048 [recorded] 95748686a5ad8144232f4d4abc9bf052721a196f [calculated] Problems found locating distfiles: Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9 Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.38 2015/10/29 20:29:56 bouyer Exp $ d19 1 a19 1 SHA1 (patch-CVE-2014-3124) = 59a48eed88abcda5de2fc7e398451a492e5d2145 d41 1 a41 1 SHA1 (patch-xen_arch_x86_time.c) = 1611959c08ad79e3f042ac70c8d9d57b60225289 @ 1.39.2.1 log @Pullup ticket #4887 - requested by bouyer sysutils/xenkernel41: security fix sysutils/xentools41: security fix Revisions pulled up: - sysutils/xenkernel41/Makefile 1.48 - sysutils/xenkernel41/distinfo 1.41 - sysutils/xenkernel41/patches/patch-CVE-2015-8339 1.1 - sysutils/xenkernel41/patches/patch-XSA-166 1.1 - sysutils/xentools41/Makefile 1.59 - sysutils/xentools41/distinfo 1.41 - sysutils/xentools41/patches/patch-CVE-2015-8550 1.1 - sysutils/xentools41/patches/patch-CVE-2015-8554 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Jan 7 17:55:55 UTC 2016 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo pkgsrc/sysutils/xentools41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-8339 patch-XSA-166 pkgsrc/sysutils/xentools41/patches: patch-CVE-2015-8550 patch-CVE-2015-8554 Log Message: Apply patches from Xen repository, fixing: CVE-2015-8339 and CVE-2015-8340 aka XSA-159 XSA-166 CVE-2015-8550 aka XSA-155 CVE-2015-8554 aka XSA-164 Bump pkgrevision @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.39 2015/11/04 01:32:39 agc Exp $ a36 1 SHA1 (patch-CVE-2015-8339) = e5485ab9e73fa9a63c566505b8de805530ac678e a37 1 SHA1 (patch-XSA-166) = 24fccf8e30ccf910a128e5e0365800191a90524c @ 1.38 log @Add patches, derived from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7971 aka XSA-152 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.37 2015/09/14 13:36:29 joerg Exp $ d5 1 @ 1.37 log @Avoid undefined behavior when left-shifting negative values. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.36 2015/04/19 13:13:20 spz Exp $ d33 3 @ 1.37.2.1 log @Pullup ticket #4848 - requested by bouyer sysutils/xenkernel41: security fix Revisions pulled up: - sysutils/xenkernel41/Makefile 1.46 - sysutils/xenkernel41/distinfo 1.38 - sysutils/xenkernel41/patches/patch-CVE-2015-7835 1.1 - sysutils/xenkernel41/patches/patch-CVE-2015-7969 1.1 - sysutils/xenkernel41/patches/patch-CVE-2015-7971 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Oct 29 20:29:56 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7971 Log Message: Add patches, derived from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7971 aka XSA-152 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ a32 3 SHA1 (patch-CVE-2015-7835) = d66fe84abfb921bf435c1ed9b077012937d0c71e SHA1 (patch-CVE-2015-7969) = 4eb96025afae4be547f74b9e71a7d8a3a37fc60b SHA1 (patch-CVE-2015-7971) = 0d0d36ad99f313afb96111a832eb65ddeaf8010e @ 1.36 log @apply fixes from upstream for XSA-125 Long latency MMIO mapping operations are not preemptible XSA-126 Unmediated PCI command register access in qemu @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $ d39 1 @ 1.35 log @xsa123-4.3-4.2.patch from upstream: x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2015/03/05 16:37:16 spz Exp $ d31 2 @ 1.35.2.1 log @Pullup ticket #4698 - requested by spz Pullup ticket #4698 - requested by spz sysutils/xenkernel41: security patch sysutils/xenkernel42: security patch sysutils/xenkernel45: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.45 - sysutils/xenkernel41/distinfo 1.36 - sysutils/xenkernel41/patches/patch-CVE-2015-2752 1.1 - sysutils/xenkernel41/patches/patch-CVE-2015-2756 1.1 - sysutils/xenkernel42/Makefile 1.15 - sysutils/xenkernel42/distinfo 1.13 - sysutils/xenkernel42/patches/patch-CVE-2015-2752 1.1 - sysutils/xenkernel42/patches/patch-CVE-2015-2756 1.1 - sysutils/xenkernel45/Makefile 1.6 - sysutils/xenkernel45/distinfo 1.5 - sysutils/xenkernel45/patches/patch-CVE-2015-2752 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-2756 1.1 - sysutils/xentools41/Makefile 1.50 - sysutils/xentools41/distinfo 1.38 - sysutils/xentools41/patches/patch-CVE-2015-2752 1.1 - sysutils/xentools41/patches/patch-CVE-2015-2756 1.1 - sysutils/xentools42/Makefile 1.27 - sysutils/xentools42/distinfo 1.16 - sysutils/xentools42/patches/patch-CVE-2015-2752 1.1 - sysutils/xentools42/patches/patch-CVE-2015-2756 1.1 - sysutils/xentools45/Makefile 1.6 - sysutils/xentools45/distinfo 1.6 - sysutils/xentools45/patches/patch-CVE-2015-2752 1.1 - sysutils/xentools45/patches/patch-CVE-2015-2756 1.1 --- Module Name: pkgsrc Committed By: spz Date: Sun Apr 19 13:13:21 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo pkgsrc/sysutils/xenkernel42: Makefile distinfo pkgsrc/sysutils/xenkernel45: Makefile distinfo pkgsrc/sysutils/xentools41: Makefile distinfo pkgsrc/sysutils/xentools42: Makefile distinfo pkgsrc/sysutils/xentools45: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 pkgsrc/sysutils/xentools41/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-2752 patch-CVE-2015-2756 Log Message: apply fixes from upstream for XSA-125 Long latency MMIO mapping operations are not preemptible XSA-126 Unmediated PCI command register access in qemu @ text @d1 1 a1 1 $NetBSD$ a30 2 SHA1 (patch-CVE-2015-2752) = 37f44989a3b3c69dea8e9de9fc34ffd5c2e8b087 SHA1 (patch-CVE-2015-2756) = b3b133d42229ecc8c308644b17e5317cd77f9a98 @ 1.34 log @Add patches for XSA-121 and XSA-122 from upstream. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2014/12/21 17:34:24 bouyer Exp $ d30 1 @ 1.33 log @Remove patch-CVE-2014-7188, it's already in patch-CVE-2013-4355_1 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2014/11/27 15:36:01 bouyer Exp $ d28 2 @ 1.32 log @backport patches from Xen advisory: CVE-2014-7188/XSA-108: x86/HVM: properly bound x2APIC MSR range, fixing: A buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. CVE-2014-8594/XSA-109: x86: don't allow page table updates on non-PV page tables in do_mmu_update(), fixing: Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. CVE-2014-8595/XSA-110: x86emul: enforce privilege level restrictions when loading CS, fixing: Malicious HVM guest user mode code may be able to elevate its privileges to guest supervisor mode, or to crash the guest. CVE-2014-8866/XSA-111: x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing: A buggy or malicious HVM guest can crash the host. CVE-2014-8867/XSA-112: x86/HVM: confine internally handled MMIO to solitary regions, fixing: A buggy or malicious HVM guest can crash the host. CVE-2014-9030/XSA-113: x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing: Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2014/10/01 17:18:22 drochner Exp $ a22 1 SHA1 (patch-CVE-2014-7188) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f @ 1.31 log @fix out-of-bounds memory read access in x2APIC emulation (HVM only) (CVE-2014-7188) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2014/09/26 10:45:00 bouyer Exp $ d23 6 @ 1.30 log @Add patch for: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2014/06/18 13:47:08 drochner Exp $ d7 1 a7 1 SHA1 (patch-CVE-2013-4355_1) = 99068aa658fc231fe6c6c77bf61d68405318aaa8 @ 1.29 log @add patch from upstream to fix possible data leak (CVE-2014-4021) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2014/05/05 13:39:10 drochner Exp $ d20 3 @ 1.29.2.1 log @Pullup ticket #4505 - requested by bouyer sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.39 - sysutils/xenkernel41/distinfo 1.30 - sysutils/xenkernel41/patches/patch-CVE-2014-7154 1.1 - sysutils/xenkernel41/patches/patch-CVE-2014-7155 1.1 - sysutils/xenkernel41/patches/patch-CVE-2014-7156 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Fri Sep 26 10:45:00 UTC 2014 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2014-7154 patch-CVE-2014-7155 patch-CVE-2014-7156 Log Message: Add patch for: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ a19 3 SHA1 (patch-CVE-2014-7154) = 5f0541559d911778aa5267bb5c0e1e8a9a3904e2 SHA1 (patch-CVE-2014-7155) = 0f1aa6a5d4fdb8403fc1e01b884491a63de501f8 SHA1 (patch-CVE-2014-7156) = 85043bdcf2644227d135f725cb442aade565c9d6 @ 1.28 log @fix possible creation of invalid P2M entries, leading to xen crash The vulnerability is only exposed to service domains for HVM guests which have privilege over the guest. In a usual configuration that means only device model emulators (qemu-dm). bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2014/03/28 16:07:08 drochner Exp $ d19 1 @ 1.27 log @add patch from upstream (XSA-89) to fix: Processing of the HVMOP_set_mem_access HVM control operations does not check the size of its input and can tie up a physical CPU for extended periods of time. bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2014/02/20 17:37:25 drochner Exp $ d7 1 a7 1 SHA1 (patch-CVE-2013-4355_1) = 91fb26907b2ac7d2435a6efce000569b71523247 d18 1 @ 1.26 log @from upstream: fix the fix for CVE-2013-6885 makes the workaround for AMD CPU erratum 793 work not only on 64-bit hypervisors but also for 32bit bump PKGREV (compile tested only) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2014/01/24 17:07:35 drochner Exp $ d7 1 a7 1 SHA1 (patch-CVE-2013-4355_1) = a28e4fc0cbe5409a759e689ff1af82792f560a39 @ 1.25 log @add patch from upstream to add missing privilege check from the advisory: Malicious or misbehaving unprivileged guests can cause the host or other guests to malfunction. This can result in host-wide denial of service. Privilege escalation, while seeming to be unlikely, cannot be excluded. Only PV guests can take advantage of this vulnerability. (CVE-2014-1666) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2013/12/04 10:35:01 drochner Exp $ d15 1 a15 1 SHA1 (patch-CVE-2013-6885_1) = 6fc88c8c98393e90dd895c160108ff2ee17cee2e @ 1.24 log @add patch from upstream to fix "Guest triggerable AMD CPU erratum may cause host hang" bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2013/11/29 19:29:58 drochner Exp $ d17 1 @ 1.23 log @add patches from upstream to fix two security problems: -another lock inversion -privilege escalation (not exploitable in standard setups) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2013/11/23 14:04:59 drochner Exp $ d15 2 @ 1.22 log @add patch from upstream to fix lock order inversion possibly leading to deadlock (CVE-2013-4494) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2013/10/22 19:41:58 drochner Exp $ d7 1 a7 1 SHA1 (patch-CVE-2013-4355_1) = 88cc2e7bf0993b2878a864e8b28ed989f8eeef3a d14 1 @ 1.21 log @add patch from upstream to fix information leak through outs instruction emulation (CVE-2013-4368) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2013/10/01 14:54:44 drochner Exp $ d13 1 @ 1.20 log @add patches from upstream to fix security problems: -Information leak on AVX and/or LWP capable CPUs (CVE-2013-1442 / XSA-62) -Information leaks through I/O instruction emulation (CVE-2013-4355 / XSA-63) -Information leak through fbld instruction emulation (CVE-2013-4361 / XSA-66) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2013/09/11 18:00:33 drochner Exp $ d12 1 @ 1.19 log @update to 4.1.6.1 This release fixes the following critical vulnerabilities: CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes XSA-61: libxl partially sets up HVM passthrough even with disabled iommu This release contains many bug fixes and improvements. The highlights are: addressing a regression from the fix for XSA-21 addressing a regression from the fix for XSA-46 bug fixes to low level system state handling, including certain hardware errata workarounds (CVE-2013-1918 and CVE-2013-1952 were patched in pkgsrc before) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2013/07/13 19:43:21 joerg Exp $ d6 6 @ 1.18 log @Fix header guard. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2013/05/03 16:48:37 drochner Exp $ d3 3 a5 17 SHA1 (xen-4.1.5.tar.gz) = 38f098cdbcf4612a6e059e6ad332e68bbfc8bf4d RMD160 (xen-4.1.5.tar.gz) = 265d6a9faee6cf9314f4ed647604f7b43c327f52 Size (xen-4.1.5.tar.gz) = 10421420 bytes SHA1 (patch-CVE-2013-1918_1) = 7403c3cc0b6481edf581591885843ee24154da06 SHA1 (patch-CVE-2013-1918_10) = 3aa6a519013fa3275ad389533e9ebcf0f29e24b7 SHA1 (patch-CVE-2013-1918_11) = 57ddcc8afcab390a1ac027a6a063677c89310662 SHA1 (patch-CVE-2013-1918_12) = 3d768316139ea189219de4dff13fc1190fbe27a2 SHA1 (patch-CVE-2013-1918_13) = bccb34626942b17ed0097977d5a16adcf7acd746 SHA1 (patch-CVE-2013-1918_2) = b5a5ddf9549ba4064f587fa6769730158a165bd6 SHA1 (patch-CVE-2013-1918_3) = bd6b95c3c359638f1cb95bb9b4119836cb421fea SHA1 (patch-CVE-2013-1918_4) = e6e6648cdf81e543f5c410b1083b97bdd9a08ea6 SHA1 (patch-CVE-2013-1918_5) = 0bc2755b024d14d53e83b47621f6a550538b5347 SHA1 (patch-CVE-2013-1918_6) = 027711424053ebae1093ff7d4be2353113612b5c SHA1 (patch-CVE-2013-1918_7) = 77414ec5283278433a15a96e91ed5842326370b9 SHA1 (patch-CVE-2013-1918_8) = 1abd13678a24365ab651483fb3e3feeb2c0248ce SHA1 (patch-CVE-2013-1918_9) = 28a34dda25693501c78043f550009dba53fa9e62 SHA1 (patch-CVE-2013-1952) = b8976b41cc0520993f3c424030f7c9aa8a9be1f3 d10 1 a10 2 SHA1 (patch-xen_arch_x86_time.c) = 2dedd8ea1d372ecffea70aad448756dd3688cfba SHA1 (patch-xen_common_libelf_libelf-private.h) = c364d8f247342c62d0d32fe9f4714f83f977719a @ 1.17 log @update to 4.1.5 This integrates fixes for all vulnerabilities which were patched in pkgsrc before. Among many bug fixes and improvements (around 50 since Xen 4.1.4): * ACPI APEI/ERST finally working on production systems * Bug fixes for other low level system state handling * Support for xz compressed Dom0 and DomU kernels @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2013/04/19 14:02:45 bouyer Exp $ d25 1 @ 1.16 log @Add patches from Xen security advisory: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2013/04/11 19:57:51 joerg Exp $ d3 17 a19 11 SHA1 (xen-4.1.4.tar.gz) = d5f1e9c9eeb96202dd827c196750530ffc64baab RMD160 (xen-4.1.4.tar.gz) = e3cb379954c985354dfd7dfbed15eae43e73254d Size (xen-4.1.4.tar.gz) = 10387283 bytes SHA1 (patch-CVE-2012-5511_2) = a345d28d4a6dcc4bf203243f49d66b5479fdbf14 SHA1 (patch-CVE-2012-5634) = 2992ee4972ec733a80fa3841d12a70a9076625c0 SHA1 (patch-CVE-2013-1917-1) = 3ebd5e8c30e962e1dcb0e8cae642a583a6d160e9 SHA1 (patch-CVE-2013-1917-2) = 3b33b3430ac984cefb86617bbcf0b22e5b21427c SHA1 (patch-CVE-2013-1917-3) = cf188803c62eb3b2fb722edc11980bd0731ab242 SHA1 (patch-CVE-2013-1920) = 116d04d095f1bd5296576bbb4c23b18c5ac628bf SHA1 (patch-CVE-2013-1964-1) = f3f17d292677b1f9a6520543cf65c61910ed65f0 SHA1 (patch-CVE-2013-1964-2) = e8d05eb615c13608cb57c70d74cd8cdba80ba14a @ 1.15 log @Allow building Xen infrastructure with Clang. Fix various bugs in xenkernel3, xenkernel41, xentools3 and xentools41 exposed by Clang default warnings. Bump revisions for those. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2013/01/20 15:21:54 drochner Exp $ d8 6 @ 1.14 log @oops, a patch was in the wrong sub-pkg bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2013/01/17 19:37:54 drochner Exp $ d8 5 @ 1.14.2.1 log @Pullup ticket #4125 - requested by bouyer sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.19-1.20 - sysutils/xenkernel41/distinfo 1.15-1.16 - sysutils/xenkernel41/patches/patch-CVE-2013-1917-1 1.1 - sysutils/xenkernel41/patches/patch-CVE-2013-1917-2 1.1 - sysutils/xenkernel41/patches/patch-CVE-2013-1917-3 1.1 - sysutils/xenkernel41/patches/patch-CVE-2013-1920 1.1 - sysutils/xenkernel41/patches/patch-CVE-2013-1964-1 1.1 - sysutils/xenkernel41/patches/patch-CVE-2013-1964-2 1.1 - sysutils/xenkernel41/patches/patch-Config.mk 1.1 - sysutils/xenkernel41/patches/patch-xen_Makefile 1.1 - sysutils/xenkernel41/patches/patch-xen_arch_x86_Rules.mk 1.1 - sysutils/xenkernel41/patches/patch-xen_arch_x86_cpu_mcheck_vmce.c 1.1 - sysutils/xenkernel41/patches/patch-xen_arch_x86_time.c 1.1 --- Module Name: pkgsrc Committed By: joerg Date: Thu Apr 11 19:57:53 UTC 2013 Modified Files: pkgsrc/sysutils/xenkernel3: Makefile distinfo pkgsrc/sysutils/xenkernel3/patches: patch-cw pkgsrc/sysutils/xenkernel33: Makefile distinfo pkgsrc/sysutils/xenkernel41: Makefile distinfo pkgsrc/sysutils/xentools3: Makefile distinfo pkgsrc/sysutils/xentools3-hvm: Makefile distinfo pkgsrc/sysutils/xentools3/patches: patch-.._patch-Config.mk patch-cg pkgsrc/sysutils/xentools33: Makefile distinfo pkgsrc/sysutils/xentools33/patches: patch-ab pkgsrc/sysutils/xentools41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel3/patches: patch-xen_arch_x86_hvm_io.c patch-xen_arch_x86_string.c pkgsrc/sysutils/xenkernel33/patches: patch-Config.mk patch-xen_Makefile patch-xen_arch_x86_Rules.mk pkgsrc/sysutils/xenkernel41/patches: patch-Config.mk patch-xen_Makefile patch-xen_arch_x86_Rules.mk patch-xen_arch_x86_cpu_mcheck_vmce.c patch-xen_arch_x86_time.c pkgsrc/sysutils/xentools3-hvm/patches: patch-.._patch-Config.mk pkgsrc/sysutils/xentools3/patches: patch-libxc_xc__dom__x86.c pkgsrc/sysutils/xentools33/patches: patch-blktap_drivers_block-qcow.c patch-ioemu_block-vvfat.c pkgsrc/sysutils/xentools41/patches: patch-.._.._ipxe_src_arch_i386_include_librm.h patch-.._.._ipxe_src_core_settings.c patch-.._.._ipxe_src_net_tls.c patch-.._Config.mk patch-firmware_hvmloader_Makefile patch-libcx_xc__dom__boot.c patch-xenstat_libxenstat_Makefile Log Message: Allow building Xen infrastructure with Clang. Fix various bugs in xenkernel3, xenkernel41, xentools3 and xentools41 exposed by Clang default warnings. Bump revisions for those. --- Module Name: pkgsrc Committed By: bouyer Date: Fri Apr 19 14:02:46 UTC 2013 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2013-1917-1 patch-CVE-2013-1917-2 patch-CVE-2013-1917-3 patch-CVE-2013-1920 patch-CVE-2013-1964-1 patch-CVE-2013-1964-2 Log Message: Add patches from Xen security advisory: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ a7 11 SHA1 (patch-CVE-2013-1917-1) = 3ebd5e8c30e962e1dcb0e8cae642a583a6d160e9 SHA1 (patch-CVE-2013-1917-2) = 3b33b3430ac984cefb86617bbcf0b22e5b21427c SHA1 (patch-CVE-2013-1917-3) = cf188803c62eb3b2fb722edc11980bd0731ab242 SHA1 (patch-CVE-2013-1920) = 116d04d095f1bd5296576bbb4c23b18c5ac628bf SHA1 (patch-CVE-2013-1964-1) = f3f17d292677b1f9a6520543cf65c61910ed65f0 SHA1 (patch-CVE-2013-1964-2) = e8d05eb615c13608cb57c70d74cd8cdba80ba14a SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 SHA1 (patch-xen_arch_x86_cpu_mcheck_vmce.c) = 5afd01780a13654f1d21bf1562f6431c8370be0b SHA1 (patch-xen_arch_x86_time.c) = 2dedd8ea1d372ecffea70aad448756dd3688cfba @ 1.13 log @update to 4.1.4 changes: -fixes for many vulnerabilities (were mostly patched in pkgsrc) -bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are: -A fix for a long standing time management issue -Bug fixes for S3 (suspend to RAM) handling -Bug fixes for other low level system state handling pkgsrc note: fixes for CVE-2012-5634 (interrupt issue on IOMMU systems) and CVE-2012-6075 (oversized packets from e1000 driver) are already included @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2012/12/05 19:16:26 drochner Exp $ a7 1 SHA1 (patch-CVE-2012-6075) = e368374468526a6ceee03fe15a5ee35aca28cc6e @ 1.12 log @add another batch of security patches from upstream bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2012/11/14 13:42:41 drochner Exp $ d3 6 a8 16 SHA1 (xen-4.1.3.tar.gz) = 0f688955262d08fba28361ca338f3ad0c0f53d74 RMD160 (xen-4.1.3.tar.gz) = a6296a16579fd628a1ff2aa64b6b800e4913eeae Size (xen-4.1.3.tar.gz) = 10382132 bytes SHA1 (patch-CVE-2012-3494) = 166121ce515aaa2f2e399431be3ca7d2496c79c6 SHA1 (patch-CVE-2012-3496) = 89843ade32b3b1478f69d0c23c2dd69daf506b37 SHA1 (patch-CVE-2012-3498) = d3d3eddcb39559381e268ea804d8b1190f0ed582 SHA1 (patch-CVE-2012-4535_1) = 862155304af023cb10ef62957c2a3dbc569bd40c SHA1 (patch-CVE-2012-4535_2) = f38d5b5286278b900e4b1892fd8a4e6da3434e47 SHA1 (patch-CVE-2012-4538) = 31d3a26556de5e0afc2a9d3c5e75d9d461b795ff SHA1 (patch-CVE-2012-4539) = 4fd6a9229aafbe3f451c3d757562bc1068628081 SHA1 (patch-CVE-2012-5510) = 47617f3e29173a381a97c7b44c7b1cfc970c1477 SHA1 (patch-CVE-2012-5511_1) = bdb885335d9357fc4e8df3352893d9f7c24f5c21 SHA1 (patch-CVE-2012-5511_2) = f4ae6fd4942fea658b14d33f4bbd60ea2383dffe SHA1 (patch-CVE-2012-5511_3) = 2e223c3ae105330f8147c79bbff5cbba37ff8372 SHA1 (patch-CVE-2012-5513_1) = b190539b089c2623657028b7780345112c1a8f0f SHA1 (patch-CVE-2012-5513_2) = f6beb84708b62c7317cccccf682af9bee10a43e5 @ 1.11 log @add patches from Xen SA 20..24 to fix various security problems (CVE-2012-4535..4539) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2012/09/12 11:04:17 drochner Exp $ d7 1 a7 1 SHA1 (patch-CVE-2012-3496) = 926c171c265836bb79de31546b5814bf1e8b2af3 d13 6 @ 1.10 log @update to 4.1.3 also add security patches from upstream (for CVE-2012-3497, no patches are available yet) changes: -fixes for vulnerabilities were integrated -many bug fixes and improvements, Highlights are: -Updates for the latest Intel/AMD CPU revisions -Bug fixes for IOMMU handling (device passthrough to HVM guests) approved by maintainer @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2012/08/10 09:59:47 drochner Exp $ d7 6 a12 2 SHA1 (patch-CVE-2012-3496) = c863d3e951d5aaa5659f9e1f38723f8326b8d8b8 SHA1 (patch-CVE-2012-3498) = 2bb2b40675de498ae9fcc89ba5267b5be4a2c4c1 @ 1.9 log @add patch from upstream to fix a possible DOS by HVM guests on teardown (CVE-2012-3433) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2012/07/27 18:50:34 drochner Exp $ d3 6 a8 5 SHA1 (xen-4.1.2.tar.gz) = db584cb0a0cc614888d7df3b196d514fdb2edd6e RMD160 (xen-4.1.2.tar.gz) = 457797ec4be286afbbcad940a9ce04e44f3f40d6 Size (xen-4.1.2.tar.gz) = 10365786 bytes SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb SHA1 (patch-CVE-2012-3433) = 51ca4a6427c19dc31ba2bd05e4c09027d52a4ebc a10 2 SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb @ 1.8 log @add patch from upstream to fix bug in MMIO emulation which can cause guest crashes by unprivileged users, only for HVM guests, and if MMIO is granted to the user process (CVE-2012-3432) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2012/06/12 15:59:04 bouyer Exp $ d7 1 @ 1.7 log @pull up patches from upstream, fixing XSA7, XSA8 and XSA9. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2011/10/21 18:26:58 cegger Exp $ d6 1 @ 1.7.2.1 log @Pullup ticket #3885 - requested by drochner sysutils/xenkernel33: security patch sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel33/Makefile 1.18 - sysutils/xenkernel33/distinfo 1.16 - sysutils/xenkernel33/patches/patch-CVE-2012-3432 1.1 - sysutils/xenkernel41/Makefile 1.8 - sysutils/xenkernel41/distinfo 1.8 - sysutils/xenkernel41/patches/patch-CVE-2012-3432 1.1 --- Module Name: pkgsrc Committed By: drochner Date: Fri Jul 27 18:50:34 UTC 2012 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2012-3432 Log Message: add patch from upstream to fix bug in MMIO emulation which can cause guest crashes by unprivileged users, only for HVM guests, and if MMIO is granted to the user process (CVE-2012-3432) bump PKGREV --- Module Name: pkgsrc Committed By: drochner Date: Sat Jul 28 12:02:16 UTC 2012 Modified Files: pkgsrc/sysutils/xenkernel33: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel33/patches: patch-CVE-2012-3432 Log Message: copy security patch from xenkernel41 - it also applies to 3.3 (noticed by Daniel Horecki) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ a5 1 SHA1 (patch-CVE-2012-3432) = e85b1adf1c683a1d086410f0c4265ed72a86d7fb @ 1.6 log @Update to Xen 4.1.2 Fixes/features include: * New XL toolstack * kexec/kdump * Remus * Device passthrough to HVM guests * Interrupt handling * Support for Supervisor Mode Execution Protection (SMEP) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2011/08/14 20:42:40 abs Exp $ d8 2 @ 1.6.4.1 log @Pullup ticket #3834 - requested by bouyer sysutils/xenkernel41: security patch Revisions pulled up: - sysutils/xenkernel41/Makefile 1.6 - sysutils/xenkernel41/distinfo 1.7 - sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1 1.1 - sysutils/xenkernel41/patch-xsa9-xen-4.1 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Tue Jun 12 15:59:04 UTC 2012 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1 Log Message: pull up patches from upstream, fixing XSA7, XSA8 and XSA9. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ a7 2 SHA1 (patch-xsa7-xsa8-xen-4.1) = e48cfd4ae9e7a4d48e059738b3f36074d3982515 SHA1 (patch-xsa9-xen-4.1) = 4bbefd6426e2a7b36ccecb81cc94dc33af34e4fb @ 1.5 log @Fix build with gcc 4.5.3 under NetBSD @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2011/06/16 13:02:50 cegger Exp $ d3 3 a5 3 SHA1 (xen-4.1.1.tar.gz) = f1b5ef4b663c339faf9c77fc895327cfbcc9776c RMD160 (xen-4.1.1.tar.gz) = 4b3c0641b0f098889f627662aa6b8fea00c5b636 Size (xen-4.1.1.tar.gz) = 10355625 bytes @ 1.4 log @Apply build fix about redefining va_list. Failure has been reported to get fixed upstream. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2011/06/16 10:28:48 cegger Exp $ d7 1 @ 1.3 log @Xen 4.1.1 (maintenance release) * Security fixes including CVE-2011-1583 CVE-2011-1898 * Enhancements to guest introspection (VM single stepping support for very fine-grained access control) * Many stability improvements, such as: PV-on-HVM stability fixes (fixing some IRQ issues), XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions), RAS fixes for high availability, fixes for offlining bad pages and changes to libxc, mainly of benefit to libvirt * Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2011/05/07 07:11:22 tnn Exp $ d6 1 @ 1.2 log @xenkernel41 didn't build on current/amd64. It uses -nostdinc and tries to use #include through a local copy of stdarg.h, which can't work. Fixed this by putting the relevant builtin stdarg definitions for NetBSD in the local copy. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2011/04/06 09:05:53 cegger Exp $ d3 3 a5 6 SHA1 (xen-4.1.0.tar.gz) = 4295e67524746ce155ff991db5fd2a611be27f67 RMD160 (xen-4.1.0.tar.gz) = e9ef987b24503d6c993bccfd203be5af9f104f48 Size (xen-4.1.0.tar.gz) = 10348539 bytes SHA1 (patch-aa) = a93592a78fd7050aee9d522e22cec182d75bbbfa SHA1 (patch-xen_common_libelf_libelf-loader.c) = a38b484080115077cfb12bcfff8bad642e9413ee SHA1 (patch-xen_include_xen_stdarg.h) = 26975533b5b63a2b9d559b9ab2018a4609767e26 @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2009/08/07 12:43:46 cegger Exp $ d7 2 @ 1.1.1.1 log @Xen is a virtual machine monitor which supports running multiple guests operating systems on a single machine. Guest OSes (also called "domains" ) require a modified kernel which supports Xen hypercalls in replacement to access to the physical hardware. At boot, the xen kernel is loaded along with the guest kernel for the first domain (called domain0). domain0 has privileges to access the physical hardware (PCI and ISA devices), administrate other domains and provide virtual devices (disks and network) to other domains. This package contains the Xen4 kernel itself. Release notes: The Xen team is pleased to announce the release of Xen 4.1. The result of nearly 12 months of development, new features include: * A re-architected and improved XL toolstack replacing XM/XEND * Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems. * CPU Pools for advanced partitioning. * Support for large systems (>255 processors) * Support for x86 Advanced Vector eXtension (AVX). * New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments. * Many IOMMU fixes (both Intel VT-d IOMMU and AMD IOMMU). * Many toolstack and buildsystem fixes for Linux and NetBSD hosts. * Thirdparty libs: libvirt driver for libxl has been merged to upstream libvirt. * HVM guest PXE boot enhancements, replacing gPXE with iPXE. * Even better stability through our new automated regression tests. Detailed release notes, including a more extensive feature list: http://wiki.xen.org/xenwiki/Xen4.1 To download tarballs: http://xen.org/products/xen_source.html Or the Mercurial source repository (tag 'RELEASE-4.1.0'): http://xenbits.xen.org/xen-unstable.hg And the announcement on the Xen blog: http://blog.xen.org/index.php/2011/03/25/xen-4-1-releases/ Thanks to the many people who have contributed to this release! Regards, The Xen Team @ text @@