head 1.2; access; symbols pkgsrc-2020Q2:1.1.0.42 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.22 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.44 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.40 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.38 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.36 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.34 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.32 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.30 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.28 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.26 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.24 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.20 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.18 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.16 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.14 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.12 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.10 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.8 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.6 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.4 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.2 pkgsrc-2015Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2020.08.19.10.39.23; author bouyer; state dead; branches; next 1.1; commitid DGAMglRf0Jde6FkC; 1.1 date 2015.03.10.19.50.16; author spz; state Exp; branches; next ; commitid ayq5pBspp2di56dy; desc @@ 1.2 log @Remove xenkernel and xentools packages older than 4.11. They're not maintained anymore upstream, and don't build on supported NetBSD releases. @ text @$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 19:50:16 spz Exp $ xsa123-4.3-4.2.patch from upstream: x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123. --- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-03-10 19:18:09.000000000 +0000 +++ xen/arch/x86/x86_emulate/x86_emulate.c @@@@ -1640,7 +1640,7 @@@@ x86_emulate( } } - if ( override_seg != -1 ) + if ( override_seg != -1 && ea.type == OP_MEM ) ea.mem.seg = override_seg; /* Decode and fetch the source operand: register, memory or immediate. */ @ 1.1 log @xsa123-4.3-4.2.patch from upstream: x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123. @ text @d1 1 a1 1 $NetBSD$ @