head	1.2;
access;
symbols
	pkgsrc-2016Q4:1.1.0.16
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.14
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.12
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.10
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.8
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.6
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.4
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.2
	pkgsrc-2015Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.12.29.19.13.02;	author wiz;	state dead;
branches;
next	1.1;
commitid	kFYPk8EnajcmFUzz;

1.1
date	2015.03.10.20.27.16;	author spz;	state Exp;
branches;
next	;
commitid	Mv7xrpIwfpz1i6dy;


desc
@@


1.2
log
@Remove xenkernel and tools versions 3, 33, and 41.

As discussed on pkgsrc-users.
@
text
@$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:27:16 spz Exp $

xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.

--- xen/arch/x86/x86_emulate/x86_emulate.c.orig	2015-03-10 20:10:23.000000000 +0000
+++ xen/arch/x86/x86_emulate/x86_emulate.c
@@@@ -1462,7 +1462,7 @@@@ x86_emulate(
         }
     }
 
-    if ( override_seg != -1 )
+    if ( override_seg != -1 && ea.type == OP_MEM )
         ea.mem.seg = override_seg;
 
     /* Decode and fetch the source operand: register, memory or immediate. */
@


1.1
log
@xsa123-4.3-4.2.patch from upstream:

x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.
@
text
@d1 1
a1 1
$NetBSD$
@