This release fixes the following critical vulnerabilities:
CVE-2013-1918 / XSA-45: Several long latency operations are not
preemptible
CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw
for bridges
CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception
recovery on XRSTOR
CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception
recovery on XSETBV
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple
vulnerabilities in libelf PV kernel handling
CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings
affecting xend
CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive
console related xenstore keys
CVE-2013-1432 / XSA-58: Page reference counting error due to
XSA-45/CVE-2013-1918 fixes
XSA-61: libxl partially sets up HVM passthrough even with disabled iommu
This release contains many bug fixes and improvements. The highlights are:
addressing a regression from the fix for XSA-21
addressing a regression from the fix for XSA-46
bug fixes to low level system state handling, including certain
hardware errata workarounds
(CVE-2013-1918 and CVE-2013-1952 were patched in pkgsrc before)
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
This integrates fixes for all vulnerabilities which were patched
in pkgsrc before.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
* ACPI APEI/ERST finally working on production systems
* Bug fixes for other low level system state handling
* Support for xz compressed Dom0 and DomU kernels
Aaron J. Grier, with implementation changes by myself:
- rules to add the run-time path correctly when building shared versions
of libraries. Using -dllpath to ocamlmklib for this - ',' would need
to be clumsily escaped from gmake.
(This also needs a patched ocamlmklib - from ocaml 4.00.1nb2 -
that has -elfmode which prevents -L paths being added to the
run-time path).
- Path fixes, but not using fixed paths as originally proposed,
but the SUBST framework.
- Trim whitespace off a numeric string read out of the kernel.
Instead of open coding the function, use String.trim, as the
String library is used, anyway. (available in ocaml >= 4.00.1)
also add security patches from upstream
changes:
-fixes for vulnerabilities were integrated
-many bug fixes and improvements, Highlights are:
-Bug fixes and improvements to the libxl tool stack
approved by maintainer
Heap-based buffer overflow in the process_tx_desc function in the
e1000 emulation allows the guest to cause a denial of service (QEMU
crash) and possibly execute arbitrary code via crafted legacy mode
packets.
Bump PKGREVISION
from qemu upstream:
Fill in word 64 of IDENTIFY data to indicate support for PIO modes 3 and 4.
This allows NetBSD guests to use UltraDMA modes instead of just PIO mode 0.
With this patch I can no longer reproduce PR 42455.
Bump package revision.
* Security fixes including CVE-2011-1583 CVE-2011-1898
* Enhancements to guest introspection (VM single stepping support for very
fine-grained access control)
* Many stability improvements, such as: PV-on-HVM stability fixes (fixing
some IRQ issues), XSAVE cpu feature support for PV guests (allows safe use of
latest multimedia instructions), RAS fixes for high availability, fixes for
offlining bad pages and changes to libxc, mainly of benefit to libvirt
* Compatibility fixes for newer Linux guests, newer compilers, some old
guest savefiles, newer Python, grub2, some hardware/BIOS bugs.
- use the correct way to get the size of a disk device or partition (from
haad@NetBSD.org)
- if given a block device, use the character device instead (the block device
is already in use by the backend driver).
With this I could succeffully boot a HVMPV FreeBSD kernel using a phy:
virtual disk.
