x86emul: fully ignore segment override for register-only operations
For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.
This is CVE-2015-2151 / XSA-123.
CVE-2014-7188/XSA-108:
x86/HVM: properly bound x2APIC MSR range, fixing:
A buggy or malicious HVM guest can crash the host or read data
relating to other guests or the hypervisor itself.
CVE-2014-8594/XSA-109:
x86: don't allow page table updates on non-PV page tables in do_mmu_update(),
fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.
CVE-2014-8595/XSA-110:
x86emul: enforce privilege level restrictions when loading CS, fixing:
Malicious HVM guest user mode code may be able to elevate its
privileges to guest supervisor mode, or to crash the guest.
CVE-2014-8866/XSA-111:
x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing:
A buggy or malicious HVM guest can crash the host.
CVE-2014-8867/XSA-112:
x86/HVM: confine internally handled MMIO to solitary regions, fixing:
A buggy or malicious HVM guest can crash the host.
CVE-2014-9030/XSA-113:
x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.
The vulnerability is only exposed to service domains for HVM guests
which have privilege over the guest. In a usual configuration that
means only device model emulators (qemu-dm).
bump PKGREV
Processing of the HVMOP_set_mem_access HVM control operations does not
check the size of its input and can tie up a physical CPU for extended
periods of time.
bump PKGREV
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
from the advisory:
Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.
Only PV guests can take advantage of this vulnerability.
(CVE-2014-1666)
bump PKGREV
This release fixes the following critical vulnerabilities:
CVE-2013-1918 / XSA-45: Several long latency operations are not
preemptible
CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw
for bridges
CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception
recovery on XRSTOR
CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception
recovery on XSETBV
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple
vulnerabilities in libelf PV kernel handling
CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings
affecting xend
CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive
console related xenstore keys
CVE-2013-1432 / XSA-58: Page reference counting error due to
XSA-45/CVE-2013-1918 fixes
XSA-61: libxl partially sets up HVM passthrough even with disabled iommu
This release contains many bug fixes and improvements. The highlights are:
addressing a regression from the fix for XSA-21
addressing a regression from the fix for XSA-46
bug fixes to low level system state handling, including certain
hardware errata workarounds
(CVE-2013-1918 and CVE-2013-1952 were patched in pkgsrc before)
There are 5 versions of xen in pkgsrc, which is confusing. Explain in
DESCR which version is in which package (xenkernel3 contains 3.1), and
which versions support PCI passthrough (only 3.1). Explain which
versions support non-PAE (3.1) and PAE (3.3, 4.1, 4.2), because the
HOWTO is out of date and it's easy to end up with a non-working system
on a 3.1 to 3.3 update. Cuation that 2.0 is beyond crufty.
This is a DESCR-only change (with PKGREVISION++ of course).
(ok during freeze agc@)
This broke packages that needed a target Python at build-time.
Instead, change it from defined/undefined to yes/no/tool. Most cases
of defined used `yes' anyway; fix the few stragglers do that instead.
New case `tool' is for TOOL_DEPENDS rather than buildlink3.
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
* ACPI APEI/ERST finally working on production systems
* Bug fixes for other low level system state handling
* Support for xz compressed Dom0 and DomU kernels
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
changes:
-fixes for many vulnerabilities (were mostly patched in pkgsrc)
-bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:
-A fix for a long standing time management issue
-Bug fixes for S3 (suspend to RAM) handling
-Bug fixes for other low level system state handling
pkgsrc note:
fixes for CVE-2012-5634 (interrupt issue on IOMMU systems)
and CVE-2012-6075 (oversized packets from e1000 driver)
are already included
also add security patches from upstream (for CVE-2012-3497, no patches
are available yet)
changes:
-fixes for vulnerabilities were integrated
-many bug fixes and improvements, Highlights are:
-Updates for the latest Intel/AMD CPU revisions
-Bug fixes for IOMMU handling (device passthrough to HVM guests)
approved by maintainer
* Security fixes including CVE-2011-1583 CVE-2011-1898
* Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
* Many stability improvements, such as: PV-on-HVM stability fixes (fixing some IRQ issues), XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions), RAS fixes for high availability, fixes for offlining bad pages and changes to libxc, mainly of benefit to libvirt
* Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.
