Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:

CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
  created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

sysutils/xenkernel42/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2014/05/09 07:37:20 wiz Exp $
+# $NetBSD: Makefile,v 1.8 2014/09/26 10:39:31 bouyer Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel42-${VERSION}
 CATEGORIES=	sysutils

sysutils/xenkernel42/distinfo

@@ -1,9 +1,11 @@
-$NetBSD: distinfo,v 1.5 2014/02/22 01:22:49 prlw1 Exp $
+$NetBSD: distinfo,v 1.6 2014/09/26 10:39:31 bouyer Exp $
 
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266
 SHA1 (patch-xen_Makefile) = e0d1b74518b9675ddc64295d1523ded9a8757c0a
 SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2
+SHA1 (patch-xen_arch_x86_mm_shadow_common.c) = 89dce860cc6aef7d0ec31f3137616b592490e60a
+SHA1 (patch-xen_arch_x86_x86_emulate_x86_emulate.c) = 8b906e762c8f94a670398b4e033d50a2fb012f0a
 SHA1 (patch-xen_include_xen_lib.h) = 36dcaf3874a1b1214babc45d7e19fe3b556c1044

sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c

@@ -0,0 +1,24 @@
+$NetBSD: patch-xen_arch_x86_mm_shadow_common.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-104/CVE-2014-7154, from Xen Security Advisory
+
+--- xen/arch/x86/mm/shadow/common.c.orig	2014-09-02 08:22:57.000000000 +0200
++++ xen/arch/x86/mm/shadow/common.c	2014-09-26 11:18:02.000000000 +0200
+@@ -3601,7 +3601,7 @@
+     int flush_tlb = 0;
+     unsigned long i;
+     p2m_type_t t;
+-    struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
++    struct sh_dirty_vram *dirty_vram;
+     struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ 
+     if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
+@@ -3611,6 +3611,8 @@
+     p2m_lock(p2m_get_hostp2m(d));
+     paging_lock(d);
+ 
++    dirty_vram = d->arch.hvm_domain.dirty_vram;
++
+     if ( dirty_vram && (!nr ||
+              ( begin_pfn != dirty_vram->begin_pfn
+             || end_pfn   != dirty_vram->end_pfn )) )

sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c

@@ -0,0 +1,39 @@
+$NetBSD: patch-xen_arch_x86_x86_emulate_x86_emulate.c,v 1.1 2014/09/26 10:39:31 bouyer Exp $
+
+patch for XSA-105/CVE-2014-7155 and XSA-106/CVE-2014-7156,
+from Xen Security Advisory
+
+--- xen/arch/x86/x86_emulate/x86_emulate.c.orig	2014-09-26 11:53:50.000000000 +0200
++++ xen/arch/x86/x86_emulate/x86_emulate.c	2014-09-26 11:53:43.000000000 +0200
+@@ -2616,6 +2616,7 @@
+     case 0xcd: /* int imm8 */
+         src.val = insn_fetch_type(uint8_t);
+     swint:
++        fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */
+         fail_if(ops->inject_sw_interrupt == NULL);
+         rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip,
+                                       ctxt) ? : X86EMUL_EXCEPTION;
+@@ -3296,6 +3297,7 @@
+         goto swint;
+ 
+     case 0xf4: /* hlt */
++        generate_exception_if(!mode_ring0(), EXC_GP, 0);
+         ctxt->retire.flags.hlt = 1;
+         break;
+ 
+@@ -3721,6 +3723,7 @@
+             break;
+         case 2: /* lgdt */
+         case 3: /* lidt */
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
+             fail_if(ops->write_segment == NULL);
+             memset(&reg, 0, sizeof(reg));
+@@ -3749,6 +3752,7 @@
+         case 6: /* lmsw */
+             fail_if(ops->read_cr == NULL);
+             fail_if(ops->write_cr == NULL);
++            generate_exception_if(!mode_ring0(), EXC_GP, 0);
+             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
+                 goto done;
+             if ( ea.type == OP_REG )

sysutils/xentools42/Makefile

@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.22 2014/05/29 23:37:32 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2014/09/26 10:40:45 bouyer Exp $
 
-VERSION=	4.2.4
+VERSION=	4.2.5
 VERSION_IPXE=	1.0.0
 
 DISTNAME=		xen-${VERSION}
 PKGNAME=		xentools42-${VERSION}
-PKGREVISION=		2
+#PKGREVISION=		2
 CATEGORIES=		sysutils
 MASTER_SITES=		http://bits.xensource.com/oss-xen/release/${VERSION}/
 

sysutils/xentools42/distinfo

@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.11 2014/09/17 20:32:36 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2014/09/26 10:39:31 bouyer Exp $
 
 SHA1 (ipxe-git-v1.0.0.tar.gz) = da052c8de5f3485fe0253c19cf52ed6d72528485
 RMD160 (ipxe-git-v1.0.0.tar.gz) = dcd9b6eaafa1ce05c1ebf2a15f2f73ad7a8c5547
 Size (ipxe-git-v1.0.0.tar.gz) = 1996881 bytes
-SHA1 (xen-4.2.4.tar.gz) = ab661bf0f64a18155f971343a9c07b7e7d1410f1
-RMD160 (xen-4.2.4.tar.gz) = b2210d3ff6a9fdf9cae1a5a38b829667dfd6fd2f
-Size (xen-4.2.4.tar.gz) = 15663999 bytes
+SHA1 (xen-4.2.5.tar.gz) = f42741e4ec174495ace70c4b17a6b9b0e60e798a
+RMD160 (xen-4.2.5.tar.gz) = 7d4f7f1b32ee541d341a756b1f8da02816438d19
+Size (xen-4.2.5.tar.gz) = 15671925 bytes
 SHA1 (patch-.._.._ipxe_src_Makefile.housekeeping) = 5ec8020a9705b2f64096c2942473a8de4db578bb
 SHA1 (patch-.._.._ipxe_src_arch_i386_include_librm.h) = 4549ac641b112321b4731a918d85219c3fce6808
 SHA1 (patch-.._.._ipxe_src_arch_i386_scripts_i386.lds) = 4c0cbb7f535be43e1b6f53c284340a8bafc37c0b