head	1.2;
access;
symbols
	pkgsrc-2016Q4:1.1.0.22
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.20
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.18
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.16
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.14
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.12
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.10
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.8
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.6
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.4
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2016.12.29.19.13.02;	author wiz;	state dead;
branches;
next	1.1;
commitid	kFYPk8EnajcmFUzz;

1.1
date	2014.09.26.10.45.00;	author bouyer;	state Exp;
branches
	1.1.2.1;
next	;
commitid	R4afNEPClCK9nQRx;

1.1.2.1
date	2014.09.26.10.45.00;	author tron;	state dead;
branches;
next	1.1.2.2;
commitid	8pZmS45jOtauL6Sx;

1.1.2.2
date	2014.09.28.12.07.10;	author tron;	state Exp;
branches;
next	;
commitid	8pZmS45jOtauL6Sx;


desc
@@


1.2
log
@Remove xenkernel and tools versions 3, 33, and 41.

As discussed on pkgsrc-users.
@
text
@$NetBSD: patch-CVE-2014-7155,v 1.1 2014/09/26 10:45:00 bouyer Exp $

x86/emulate: check cpl for all privileged instructions

Without this, it is possible for userspace to load its own IDT or GDT.

This is XSA-105.

Reported-by: Andrei LUTAS <vlutas@@bitdefender.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@@suse.com>
Tested-by: Andrei LUTAS <vlutas@@bitdefender.com>

--- xen/arch/x86/x86_emulate/x86_emulate.c.orig
+++ xen/arch/x86/x86_emulate/x86_emulate.c
@@@@ -3314,6 +3314,7 @@@@ x86_emulate(
         goto swint;
 
     case 0xf4: /* hlt */
+        generate_exception_if(!mode_ring0(), EXC_GP, 0);
         ctxt->retire.flags.hlt = 1;
         break;
 
@@@@ -3710,6 +3711,7 @@@@ x86_emulate(
             break;
         case 2: /* lgdt */
         case 3: /* lidt */
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
             fail_if(ops->write_segment == NULL);
             memset(&reg, 0, sizeof(reg));
@@@@ -3738,6 +3740,7 @@@@ x86_emulate(
         case 6: /* lmsw */
             fail_if(ops->read_cr == NULL);
             fail_if(ops->write_cr == NULL);
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
                 goto done;
             if ( ea.type == OP_REG )
@


1.1
log
@Add patch for:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@


1.1.2.1
log
@file patch-CVE-2014-7155 was added on branch pkgsrc-2014Q2 on 2014-09-28 12:07:10 +0000
@
text
@d1 39
@


1.1.2.2
log
@Pullup ticket #4505 - requested by bouyer
sysutils/xenkernel41: security patch

Revisions pulled up:
- sysutils/xenkernel41/Makefile                                 1.39
- sysutils/xenkernel41/distinfo                                 1.30
- sysutils/xenkernel41/patches/patch-CVE-2014-7154              1.1
- sysutils/xenkernel41/patches/patch-CVE-2014-7155              1.1
- sysutils/xenkernel41/patches/patch-CVE-2014-7156              1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:45:00 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xenkernel41: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2014-7154
   	    patch-CVE-2014-7155 patch-CVE-2014-7156

   Log Message:
   Add patch for:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

   bump PKGREVISION
@
text
@a0 39
$NetBSD$

x86/emulate: check cpl for all privileged instructions

Without this, it is possible for userspace to load its own IDT or GDT.

This is XSA-105.

Reported-by: Andrei LUTAS <vlutas@@bitdefender.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@@suse.com>
Tested-by: Andrei LUTAS <vlutas@@bitdefender.com>

--- xen/arch/x86/x86_emulate/x86_emulate.c.orig
+++ xen/arch/x86/x86_emulate/x86_emulate.c
@@@@ -3314,6 +3314,7 @@@@ x86_emulate(
         goto swint;
 
     case 0xf4: /* hlt */
+        generate_exception_if(!mode_ring0(), EXC_GP, 0);
         ctxt->retire.flags.hlt = 1;
         break;
 
@@@@ -3710,6 +3711,7 @@@@ x86_emulate(
             break;
         case 2: /* lgdt */
         case 3: /* lidt */
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
             fail_if(ops->write_segment == NULL);
             memset(&reg, 0, sizeof(reg));
@@@@ -3738,6 +3740,7 @@@@ x86_emulate(
         case 6: /* lmsw */
             fail_if(ops->read_cr == NULL);
             fail_if(ops->write_cr == NULL);
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
                 goto done;
             if ( ea.type == OP_REG )
@