head	1.2;
access;
symbols
	pkgsrc-2016Q2:1.1.0.4
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2016.09.21.17.03.38;	author bouyer;	state dead;
branches;
next	1.1;
commitid	DpaVr9YcAfk37bnz;

1.1
date	2016.05.12.15.42.58;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	sU0kkMApGRqxSc6z;

1.1.2.1
date	2016.05.12.15.42.58;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	QF0DMbVLQWMPFm7z;

1.1.2.2
date	2016.05.21.15.48.57;	author bsiegert;	state Exp;
branches;
next	;
commitid	QF0DMbVLQWMPFm7z;


desc
@@


1.2
log
@Update xenkernel45 and xentools45 to 4.5.5.
Changes since 4.5.3: mostly bugfixes, including fixes for
security issues XSA-172, XSA-173, XSA-175, XSA-176, XSA-178, XSA-179, XSA-180,
XSA-181, XSA-182, XSA-183, XSA-184, XSA-185, XSA-186 and XSA-187.
All but XSA-175 were already fixed in pkgsrc.
Complete list of changes and links to the XSA advisories:
https://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-455.html
@
text
@$NetBSD: patch-XSA-172,v 1.1 2016/05/12 15:42:58 bouyer Exp $

x86: fix information leak on AMD CPUs

The fix for XSA-52 was wrong, and so was the change synchronizing that
new behavior to the FXRSTOR logic: AMD's manuals explictly state that
writes to the ES bit are ignored, and it instead gets calculated from
the exception and mask bits (it gets set whenever there is an unmasked
exception, and cleared otherwise). Hence we need to follow that model
in our workaround.

This is XSA-172.

The first hunk (xen/arch/x86/i387.c:fpu_fxrstor) is CVE-2016-3159.
The second hunk (xen/arch/x86/xstate.c:xrstor) is CVE-2016-3158.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>

--- xen/arch/x86/i387.c.orig
+++ xen/arch/x86/i387.c
@@@@ -49,7 +49,7 @@@@ static inline void fpu_fxrstor(struct vc
      * sometimes new user value. Both should be ok. Use the FPU saved
      * data block as a safe address because it should be in L1.
      */
-    if ( !(fpu_ctxt->fsw & 0x0080) &&
+    if ( !(fpu_ctxt->fsw & ~fpu_ctxt->fcw & 0x003f) &&
          boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
     {
         asm volatile ( "fnclex\n\t"
--- xen/arch/x86/xstate.c.orig
+++ xen/arch/x86/xstate.c
@@@@ -344,7 +344,7 @@@@ void xrstor(struct vcpu *v, uint64_t mas
      * data block as a safe address because it should be in L1.
      */
     if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) &&
-         !(ptr->fpu_sse.fsw & 0x0080) &&
+         !(ptr->fpu_sse.fsw & ~ptr->fpu_sse.fcw & 0x003f) &&
          boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
         asm volatile ( "fnclex\n\t"        /* clear exceptions */
                        "ffree %%st(7)\n\t" /* clear stack tag */
@


1.1
log
@Update xenkernel45 and xentools45 to 4.5.3.
While there also add patches for security issues XSA-172, XSA-173 and XSA-179
(others between 170 and 179 are either not yet public, or linux-only).
Upstream changes since 4.5.2:
- security issues up to XSA-170 are fixed (these were already patched
  in pkgsrc).
- other minor performances and functionality fixes.
full changelog at:
http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-453.html
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-XSA-172 was added on branch pkgsrc-2016Q1 on 2016-05-21 15:48:57 +0000
@
text
@d1 41
@


1.1.2.2
log
@Pullup ticket #5017 - requested by sevan
sysutils/xenkernel45: security fix
sysutils/xentools45: security fix

Revisions pulled up:
- sysutils/xenkernel45/Makefile                                 1.14
- sysutils/xenkernel45/distinfo                                 1.14
- sysutils/xenkernel45/patches/patch-CVE-2015-5307              deleted
- sysutils/xenkernel45/patches/patch-CVE-2015-8339              deleted
- sysutils/xenkernel45/patches/patch-CVE-2015-8555              deleted
- sysutils/xenkernel45/patches/patch-XSA-166                    deleted
- sysutils/xenkernel45/patches/patch-XSA-172                    1.1
- sysutils/xenkernel45/patches/patch-XSA-173                    1.1
- sysutils/xentools45/Makefile                                  1.32
- sysutils/xentools45/distinfo                                  1.22
- sysutils/xentools45/patches/patch-CVE-2015-8341               deleted
- sysutils/xentools45/patches/patch-CVE-2015-8550               deleted
- sysutils/xentools45/patches/patch-CVE-2015-8554               deleted
- sysutils/xentools45/patches/patch-XSA-179                     1.1

---
   Module Name:    pkgsrc
   Committed By:   bouyer
   Date:           Thu May 12 15:42:58 UTC 2016

   Modified Files:
           pkgsrc/sysutils/xenkernel45: Makefile distinfo
           pkgsrc/sysutils/xentools45: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/xenkernel45/patches: patch-XSA-172 patch-XSA-173
           pkgsrc/sysutils/xentools45/patches: patch-XSA-179
   Removed Files:
           pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-5307
               patch-CVE-2015-8339 patch-CVE-2015-8555 patch-XSA-166
           pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-8341
               patch-CVE-2015-8550 patch-CVE-2015-8554

   Log Message:
   Update xenkernel45 and xentools45 to 4.5.3.
   While there also add patches for security issues XSA-172, XSA-173 and XSA-179
   (others between 170 and 179 are either not yet public, or linux-only).
   Upstream changes since 4.5.2:
   - security issues up to XSA-170 are fixed (these were already patched
     in pkgsrc).
   - other minor performances and functionality fixes.
   full changelog at:
   http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-453.html
@
text
@a0 41
$NetBSD$

x86: fix information leak on AMD CPUs

The fix for XSA-52 was wrong, and so was the change synchronizing that
new behavior to the FXRSTOR logic: AMD's manuals explictly state that
writes to the ES bit are ignored, and it instead gets calculated from
the exception and mask bits (it gets set whenever there is an unmasked
exception, and cleared otherwise). Hence we need to follow that model
in our workaround.

This is XSA-172.

The first hunk (xen/arch/x86/i387.c:fpu_fxrstor) is CVE-2016-3159.
The second hunk (xen/arch/x86/xstate.c:xrstor) is CVE-2016-3158.

Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>

--- xen/arch/x86/i387.c.orig
+++ xen/arch/x86/i387.c
@@@@ -49,7 +49,7 @@@@ static inline void fpu_fxrstor(struct vc
      * sometimes new user value. Both should be ok. Use the FPU saved
      * data block as a safe address because it should be in L1.
      */
-    if ( !(fpu_ctxt->fsw & 0x0080) &&
+    if ( !(fpu_ctxt->fsw & ~fpu_ctxt->fcw & 0x003f) &&
          boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
     {
         asm volatile ( "fnclex\n\t"
--- xen/arch/x86/xstate.c.orig
+++ xen/arch/x86/xstate.c
@@@@ -344,7 +344,7 @@@@ void xrstor(struct vcpu *v, uint64_t mas
      * data block as a safe address because it should be in L1.
      */
     if ( (mask & ptr->xsave_hdr.xstate_bv & XSTATE_FP) &&
-         !(ptr->fpu_sse.fsw & 0x0080) &&
+         !(ptr->fpu_sse.fsw & ~ptr->fpu_sse.fcw & 0x003f) &&
          boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
         asm volatile ( "fnclex\n\t"        /* clear exceptions */
                        "ffree %%st(7)\n\t" /* clear stack tag */
@