pkgsrc/sysutils/xenkernel42/distinfo

$NetBSD: distinfo,v 1.14 2015/06/05 18:18:41 khorben Exp $

SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
Size (xen-4.2.5.tar.gz) = 15671925 bytes
SHA1 (patch-CVE-2014-8594) = 8599e5007e8f15eddc1385aa1d90accf1690952e
SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80
SHA1 (patch-CVE-2014-8866) = 9888e9585364681dfaa43af953eb104715cc4f99
SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76
SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6
SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e
SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98
SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396
SHA1 (patch-CVE-2015-2752) = 62547b55385aaf54af23270939fe086b996d5744
SHA1 (patch-CVE-2015-2756) = cb1be46c28e6f88c13fc0d26ff0606bdb877283c
SHA1 (patch-CVE-2015-3456) = 8d54d33b81ef77056aa6f58ab123912948454020
SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f
SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
SHA1 (patch-xen_common_spinlock.c) = 06f06b5e9b098262ebaa8af0be4837005fb5b8b4
SHA1 (patch-xen_include_asm-arm_spinlock.h) = fe2e35a5ebec4c551df5d1680c93e6ad19348d93
SHA1 (patch-xen_include_asm-x86_atomic.h) = d406c6071ea3823c25113a801dd77ff32146d162
SHA1 (patch-xen_include_asm-x86_spinlock.h) = fbaaf264e9aa4857635a81b63c4a77cba4bf560f
SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044
SHA1 (patch-xen_include_xen_spinlock.h) = 8e06de55c9b4bfc360e0b8ac5a605adedab8eb8f
Apply fixes from upstream for XSA-133 XXX pull-ups 2015-06-05 20:18:41 +02:00			$NetBSD: distinfo,v 1.14 2015/06/05 18:18:41 khorben Exp $
Initial import of Xen 4.2. This is kernel part. ---- 4.2.2 Xen 4.2.2 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2. This release fixes the following critical vulnerabilities: CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw CVE-2013-0151 / XSA-34: nested virtualization on 32-bit exposes host crash CVE-2013-0152 / XSA-35: Nested HVM exposes host to being driven out of memory by guest CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect ASSERT (debug build only) CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing format specification This release contains many bug fixes and improvements (around 100 since Xen 4.2.1). The highlights are: ACPI APEI/ERST finally working on production systems Bug fixes for other low level system state handling Bug fixes and improvements to the libxl tool stack Bug fixes to nested virtualization ----- 4.2.1 Xen 4.2.1 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1. The release fixes the following critical vulnerabilities: CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability CVE-2012-5511 / XSA-27: Several HVM operations do not validate the range of their inputs CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand() CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs Among many bug fixes and improvements (around 100 since Xen 4.2.0): A fix for a long standing time management issue Bug fixes for S3 (suspend to RAM) handling Bug fixes for other low level system state handling Bug fixes and improvements to the libxl tool stack Bug fixes to nested virtualization ----- 4.2.0 The Xen 4.2 release contains a number of important new features and updates including: The release incorporates many new features and improvements to existing features. There are improvements across the board including to Security, Scalability, Performance and Documentation. XL is now the default toolstack: Significant effort has gone in to the XL tool toolstack in this release and it is now feature complete and robust enough that we have made it the default. This toolstack can now replace xend in the majority of deployments, see XL vs Xend Feature Comparison. As well as improving XL the underlying libxl library has been significantly improved and supports the majority of the most common toolstack features. In addition the API has been declared stable which should make it even easier for external toolstack such as libvirt and XCP's xapi to make full use of this functionality in the future. Large Systems: Following on from the improvements made in 4.1 Xen now supports even larger systems, with up to 4095 host CPUs and up to 512 guest CPUs. In addition toolstack feature like the ability to automatically create a CPUPOOL per NUMA node and more intelligent placement of guest VCPUs on NUMA nodes have further improved the Xen experience on large systems. Other new features, such as multiple PCI segment support have also made a positive impact on such systems. Improved security: The XSM/Flask subsystem has seen several enhancements, including improved support for disaggregated systems and a rewritten example policy which is clearer and simpler to modify to suit local requirements. Documentation: The Xen documentation has been much improved, both the in-tree documentation and the wiki. This is in no small part down to the success of the Xen Document Days so thanks to all who have taken part. 2013-05-15 07:32:12 +02:00
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts 2014-09-26 12:39:31 +02:00			`SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a`
			`RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19`
			`Size (xen-4.2.5.tar.gz) = 15671925 bytes`
Apply patch from Xen advisory: CVE-2014-8594/XSA-109: x86: don't allow page table updates on non-PV page tables in do_mmu_update(), fixing: Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. CVE-2014-8595/XSA-110: x86emul: enforce privilege level restrictions when loading CS, fixing: Malicious HVM guest user mode code may be able to elevate its privileges to guest supervisor mode, or to crash the guest. CVE-2014-8866/XSA-111: x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing: A buggy or malicious HVM guest can crash the host. CVE-2014-8867/XSA-112: x86/HVM: confine internally handled MMIO to solitary regions, fixing: A buggy or malicious HVM guest can crash the host. CVE-2014-9030/XSA-113: x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing: Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. 2014-11-27 16:20:31 +01:00			`SHA1 (patch-CVE-2014-8594) = 8599e5007e8f15eddc1385aa1d90accf1690952e`
			`SHA1 (patch-CVE-2014-8595) = 46bd285b7eb8f2e23984f7917b12af2191bfef80`
			`SHA1 (patch-CVE-2014-8866) = 9888e9585364681dfaa43af953eb104715cc4f99`
			`SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76`
			`SHA1 (patch-CVE-2014-9030) = f4646ab2b0d01ad2a3bf47839fe0ffd35479b4a6`
Add patches for XSA-121 and XSA-122 from upstream. 2015-03-05 14:44:57 +01:00			`SHA1 (patch-CVE-2015-2044) = bcb7152da8d37902540cbfbdfd7309536cffa61e`
			`SHA1 (patch-CVE-2015-2045) = f70839fabd4ef9086c8fb808e4f3448a8e844c98`
xsa123-4.3-4.2.patch from upstream: x86emul: fully ignore segment override for register-only operations For ModRM encoded instructions with register operands we must not overwrite ea.mem.seg (if a - bogus in that case - segment override was present) as it aliases with ea.reg. This is CVE-2015-2151 / XSA-123. 2015-03-10 20:50:15 +01:00			`SHA1 (patch-CVE-2015-2151) = df05750b86331b88102b41f065c314c38c6bc396`
apply fixes from upstream for XSA-125 Long latency MMIO mapping operations are not preemptible XSA-126 Unmediated PCI command register access in qemu 2015-04-19 15:13:20 +02:00			`SHA1 (patch-CVE-2015-2752) = 62547b55385aaf54af23270939fe086b996d5744`
			`SHA1 (patch-CVE-2015-2756) = cb1be46c28e6f88c13fc0d26ff0606bdb877283c`
Apply fixes from upstream for XSA-133 XXX pull-ups 2015-06-05 20:18:41 +02:00			`SHA1 (patch-CVE-2015-3456) = 8d54d33b81ef77056aa6f58ab123912948454020`
Merge Clang fixes from xenkernel41. 2013-06-13 23:49:59 +02:00			`SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266`
			`SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a`
			`SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2`
Add patch from upstream, fixing CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation Bump PKGREVISION 2014-10-01 19:34:54 +02:00			`SHA1 (patch-xen_arch_x86_hvm_hvm.c) = b6bac1d466ba5bc276bc3aea9d4c9df37f2b9b0f`
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing: CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests pkgsrc also includes patches from the Xen Security Advisory: XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts 2014-09-26 12:39:31 +02:00			`SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a`
			`SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a`
fixing XSA-114 from upstream patch 2014-12-30 09:14:15 +01:00			`SHA1 (patch-xen_common_spinlock.c) = 06f06b5e9b098262ebaa8af0be4837005fb5b8b4`
			`SHA1 (patch-xen_include_asm-arm_spinlock.h) = fe2e35a5ebec4c551df5d1680c93e6ad19348d93`
Fix build with Clang. 2015-03-18 16:05:51 +01:00			`SHA1 (patch-xen_include_asm-x86_atomic.h) = d406c6071ea3823c25113a801dd77ff32146d162`
fixing XSA-114 from upstream patch 2014-12-30 09:14:15 +01:00			`SHA1 (patch-xen_include_asm-x86_spinlock.h) = fbaaf264e9aa4857635a81b63c4a77cba4bf560f`
Merge Clang fixes from xenkernel41. 2013-06-13 23:49:59 +02:00			`SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044`
fixing XSA-114 from upstream patch 2014-12-30 09:14:15 +01:00			`SHA1 (patch-xen_include_xen_spinlock.h) = 8e06de55c9b4bfc360e0b8ac5a605adedab8eb8f`